Cybersqatting might or might not be "wrong", but "wrong" doesn't have anything to do with either private rules or government laws.
I'm not even clear where the government gets involved in this at all, for good or for ill.
Domain registrars accept money to list someone as the owner of a domain name. ICANN coordinates this action, approving registrars and setting some ground rules for how registration works. Most ISPs and site operators configure their networks to resolve non-local names only via ICANN approved channels. These entities are often all private sector corporations acting in voluntary cooperation with no particular government powers.
One of the rules ICANN set up is that you can't register a famous person's name and use the site to run a website about them without the person's permission. They require registrars to follow that rule or they won't approve them. If a registrar allows the registration anyway, there's a dispute process where the person can demand that the rule breaking registration be de-listed and then re-registerd as owned by the person.
Human rights and government and property interests don't come into it, it's a bunch of administrative policy used to coordinate voluntary action. It might work well or it might not. If you don't like the rules you don't have to use ICANN-rule-following DNS servers.
The proper name for these "Slow functions" is Key Derivation Function. They've been around a long time and are what OSes use to protect login credentials and what encrypted archive formats like RAR use.
Some examples are crypt (obsolete, vulnerable) PBKDF-2 (repeated application of salt-and-hash), bcrypt (repeated rounds of a special extra-slow variant of blowfish), and scrypt (an attempt to defeat GPU and custom hardware attacks by requiring lots of low-latency RAM).
Single-round salted hash is only a "better than plaintext" hack solution, it's never been the correct way to store passwords.
OK, I get it now. I was assuming we were talking about using/dev/shm to store bulk data in system ram, not constructing an SSD out of SDRAM instead of flash.
What do you use for an interface on something like that? Seems like SATA/SAS like most of the PCIe flash devices I can find would be a bottleneck.
Windows is pretty aggressive about tracking the reads executables always perform during process launch and prefetching them. It works pretty well. It also tries to preload data into ram with a bunch of weird user-prediction heuristics that sometimes work well and sometimes just make your system flush it's read cache for no reason to read strange things off your disk.
Agreed about the database libraries though, synchronous-only is no way to perform anything dominated by latency like that.
I'm mostly going by what dell tells me I need to provision in a power supply (roughly 500 more watts needed by adding 1TB of LV RDIMM to an R910) and Google searches for wall-power consumption, which seem to be in the ballpark of 5-10W (average, not peak) added per DIMM. We're talking a few hundred more watts to power and cool.
I'm not sure how to square that with the tech doc you posted, is that actually the sort of chip you could build into LRDIMMs and attach 1,000 of to a system?
If the system can sleep most but not all of the RAM without sleeping the computer this would draw a lot less power but it does not look like this is a configuration that current computers actually do.
And the actual question still stands- is the memory/storage paradigm just traditional at this point, or is it still useful?
It's still useful. The random access latency on an SSD is still about 1000x slower than RAM, but SSDs can store data without consuming power.
Keeping a terabyte or two of current RAM technology active requires substantial power supply and cooling, whereas these amounts of SSD or more can be kept and used in mobile or residential situations.
Goldman Sachs and Friends would do just fine there, assuming they're not already. Russian-style crony capitalism is what they're trying to institute in the US. Putin isn't acting in opposition to western corporatism, he's just ahead of the game, plus a childish veneer of macho strong-man PR.
There's nothing 2.0 about it. The west in general and the US in specific have used their military power to force access to markets for hundreds of years and never stopped. It is the central pillar of US foreign policy and the primary function of the US military. The routine nature of it is what makes it such a credible threat.
I'm sure the rest of the world doesn't like it, but they don't seem willing to actually do anything about it. Why would this be any different? Are you going to get in a shooting war with the US to protect your people from YouTube and bad reality TV?
At least exporting information at gunpoint instead of drugs has positive side-effects for free speech on the Internet.
The short answer is, if Russia, China and the EU agree on a system, all they have to do is prevent our packets from passing through AS's on their sovereign territory. The UN is just the place where they come to the agreement, it's not the UN's idea and it's not up to the UN to enforce it.
The US can always withdraw from the ITU, but if these policies genuinely reflect the interests and will of other nation-states, and they remain united, I don't see how the US gets out from under them.
In addition to wanting to regulate the internet, the ITU already regulates comminication satellite orbits. If the US wanted to play hardball on this matter, it would indicate that withdrawing from the ITU means that the US will declare a "right to international communication" and allow any company to launch US-flagged satellites into any empty orbit to serve any region with international communication without regard to local laws.
Satellites are a very practical way to circumvent local censorship and are already heavily used for that purpose.
The number of terrorism attempts since the TSA has started isn't zero, the underwear and shoe bombers off the top of my head. The TSA has missed all of them.
Before the TSA screening was privately run by the airports and airlines. It was still pointless security theater, but it was just as effective and much less expensive and inconvienent.
Not really. Any government can get their state CA included in the windows root CA list just for the asking. OSX and Firefox are slightly more restrictive, but not in a useful way, they allow lots of state CAs as well.
This is a broad problem with the HTTPS system, too many unrestricted root CAs with no concern for realistic security scenarios.
This is not a good system, but it has nothing to do with Tunisia. The wikileaks cable you posted doesn't even talk about SSL, just about how using supported Microsoft software in the government will make the government more effective at everything, including domestic espionage.
NH is mostly a mixture of exurbs and retirement/vacation homes for Boston, so it's economic model is "leech of the city" and it's social safety net is "move to Massachusetts". California has nowhere to beggar-thy-neighbor to.
New Hampshire has the lowest birth rate in the nation, California's is above-average. Children are expensive but necessary.
Small states tend to do a better job getting their money's worth from the federal government. California is a massive wealth exporter to the rest of the country. The California federal tax/spending shortfall is about the same size as the California budget shortfall.
The problem with overtesting is that a positive test on someone with no symptoms or high risk factors gives you very little information, due to the risk of false positives.
There are lots of cures for cancer, most of them made by drug companies. They don't all work on every (or even most) types of cancer, but they generally either work or don't after some finite number of doses, then you stop taking them.
The reason there's no pill to fix heart disease isn't because the drug companies are hiding the secret cure in a warehouse next to the ark of the covenant, it's because heart disease is a result of decades of physical damage to an organ, all drugs are going to be able to do to a condition like that is slow the damage or reduce the consequences.
The salt isn't a second secret, it's there to prevent the use of a pre-constructed rainbow table for the standard hash functions. Without a rainbow table, you can still do dictionary attacks of weak passwords--and there is no way to prevent this short of not using passwords for authentication. This only harms people who use guessable passwords and re-use passwords between sites.
At least in the US, take-home pay doesn't dominate the entire cost of an employee to a business. Most of those costs don't scale down with less work. Think recruitment, most benefits, management, much office equipment/floor space, IT overhead, training...
Also, most employees not don't do fungible factory work anymore. Putting 25% more workers on a project doesn't get 25% more done. For any job with a high burden of communication or analysis (i.e. most knowledge worker jobs that aren't easily automated), every hour is more productive than the last up to the point the worker gets tired and quality drops.
If employees are actually working productively 40 hours a week (and not just seat-warming and fiddling with facebook because it's expected), then dropping to 32 hours would be a drastic reduction in productivity and would eliminate a whole lot of marginal workers and companies. (If they are just seat-warming, you could just let them go home but that wouldn't reduce unemployment)
If you want to do work-sharing without messing everything up, either figure out how to reduce per-employee fixed overhead (more cash pay, less benefits, more telecommuting, less ability to sue your employer, more off-job training... basically make everyone a contractor) or do it more long-term, like making working 4 out of 5 years the norm
Slashdot Mirror
Cybersqatting might or might not be "wrong", but "wrong" doesn't have anything to do with either private rules or government laws.
I'm not even clear where the government gets involved in this at all, for good or for ill.
Domain registrars accept money to list someone as the owner of a domain name. ICANN coordinates this action, approving registrars and setting some ground rules for how registration works. Most ISPs and site operators configure their networks to resolve non-local names only via ICANN approved channels. These entities are often all private sector corporations acting in voluntary cooperation with no particular government powers.
One of the rules ICANN set up is that you can't register a famous person's name and use the site to run a website about them without the person's permission. They require registrars to follow that rule or they won't approve them. If a registrar allows the registration anyway, there's a dispute process where the person can demand that the rule breaking registration be de-listed and then re-registerd as owned by the person.
Human rights and government and property interests don't come into it, it's a bunch of administrative policy used to coordinate voluntary action. It might work well or it might not. If you don't like the rules you don't have to use ICANN-rule-following DNS servers.
The proper name for these "Slow functions" is Key Derivation Function. They've been around a long time and are what OSes use to protect login credentials and what encrypted archive formats like RAR use.
Some examples are crypt (obsolete, vulnerable) PBKDF-2 (repeated application of salt-and-hash), bcrypt (repeated rounds of a special extra-slow variant of blowfish), and scrypt (an attempt to defeat GPU and custom hardware attacks by requiring lots of low-latency RAM).
Single-round salted hash is only a "better than plaintext" hack solution, it's never been the correct way to store passwords.
OK, I get it now. I was assuming we were talking about using /dev/shm to store bulk data in system ram, not constructing an SSD out of SDRAM instead of flash.
What do you use for an interface on something like that? Seems like SATA/SAS like most of the PCIe flash devices I can find would be a bottleneck.
Windows is pretty aggressive about tracking the reads executables always perform during process launch and prefetching them. It works pretty well. It also tries to preload data into ram with a bunch of weird user-prediction heuristics that sometimes work well and sometimes just make your system flush it's read cache for no reason to read strange things off your disk.
Agreed about the database libraries though, synchronous-only is no way to perform anything dominated by latency like that.
I'm mostly going by what dell tells me I need to provision in a power supply (roughly 500 more watts needed by adding 1TB of LV RDIMM to an R910) and Google searches for wall-power consumption, which seem to be in the ballpark of 5-10W (average, not peak) added per DIMM. We're talking a few hundred more watts to power and cool.
I'm not sure how to square that with the tech doc you posted, is that actually the sort of chip you could build into LRDIMMs and attach 1,000 of to a system?
If the system can sleep most but not all of the RAM without sleeping the computer this would draw a lot less power but it does not look like this is a configuration that current computers actually do.
It's still useful. The random access latency on an SSD is still about 1000x slower than RAM, but SSDs can store data without consuming power.
Keeping a terabyte or two of current RAM technology active requires substantial power supply and cooling, whereas these amounts of SSD or more can be kept and used in mobile or residential situations.
Affordable SSDs are a year away but you have your time axis backwards.
Price-point sized SSDs are more like $0.90/GB right now. The expensive intel 520s are $1.25/GB at 240 and 480 GB sizes.
500GB for $200 isn't here yet but prices have been steadily crashing towards it for years.
Goldman Sachs and Friends would do just fine there, assuming they're not already. Russian-style crony capitalism is what they're trying to institute in the US. Putin isn't acting in opposition to western corporatism, he's just ahead of the game, plus a childish veneer of macho strong-man PR.
There's nothing 2.0 about it. The west in general and the US in specific have used their military power to force access to markets for hundreds of years and never stopped. It is the central pillar of US foreign policy and the primary function of the US military. The routine nature of it is what makes it such a credible threat.
I'm sure the rest of the world doesn't like it, but they don't seem willing to actually do anything about it. Why would this be any different? Are you going to get in a shooting war with the US to protect your people from YouTube and bad reality TV?
At least exporting information at gunpoint instead of drugs has positive side-effects for free speech on the Internet.
In addition to wanting to regulate the internet, the ITU already regulates comminication satellite orbits. If the US wanted to play hardball on this matter, it would indicate that withdrawing from the ITU means that the US will declare a "right to international communication" and allow any company to launch US-flagged satellites into any empty orbit to serve any region with international communication without regard to local laws.
Satellites are a very practical way to circumvent local censorship and are already heavily used for that purpose.
So solution is to have healthcare run by the government that is owned by private healthcare companies?
I miss the bus more often when I run after it than when I don't.
The number of terrorism attempts since the TSA has started isn't zero, the underwear and shoe bombers off the top of my head. The TSA has missed all of them.
Before the TSA screening was privately run by the airports and airlines. It was still pointless security theater, but it was just as effective and much less expensive and inconvienent.
Is there any evidence that any attacker has used certificate update to do that, or do people just not know how it works?
On Windows, removing a CA from the CA cache does nothing, you have to add it to the untrusted list
Not really. Any government can get their state CA included in the windows root CA list just for the asking. OSX and Firefox are slightly more restrictive, but not in a useful way, they allow lots of state CAs as well.
This is a broad problem with the HTTPS system, too many unrestricted root CAs with no concern for realistic security scenarios.
This is not a good system, but it has nothing to do with Tunisia. The wikileaks cable you posted doesn't even talk about SSL, just about how using supported Microsoft software in the government will make the government more effective at everything, including domestic espionage.
The entire point of SSL is that you don't trust the network.
[citation needed]
NH is mostly a mixture of exurbs and retirement/vacation homes for Boston, so it's economic model is "leech of the city" and it's social safety net is "move to Massachusetts". California has nowhere to beggar-thy-neighbor to.
New Hampshire has the lowest birth rate in the nation, California's is above-average. Children are expensive but necessary.
Small states tend to do a better job getting their money's worth from the federal government. California is a massive wealth exporter to the rest of the country. The California federal tax/spending shortfall is about the same size as the California budget shortfall.
The problem with overtesting is that a positive test on someone with no symptoms or high risk factors gives you very little information, due to the risk of false positives.
There are lots of cures for cancer, most of them made by drug companies. They don't all work on every (or even most) types of cancer, but they generally either work or don't after some finite number of doses, then you stop taking them.
The reason there's no pill to fix heart disease isn't because the drug companies are hiding the secret cure in a warehouse next to the ark of the covenant, it's because heart disease is a result of decades of physical damage to an organ, all drugs are going to be able to do to a condition like that is slow the damage or reduce the consequences.
findstr isn't a powershell command, it's just a console .exe program that comes with windows.
The salt isn't a second secret, it's there to prevent the use of a pre-constructed rainbow table for the standard hash functions. Without a rainbow table, you can still do dictionary attacks of weak passwords--and there is no way to prevent this short of not using passwords for authentication. This only harms people who use guessable passwords and re-use passwords between sites.
I love how the article is equally fact-free, but makes sure to include several opinion polls.
At least in the US, take-home pay doesn't dominate the entire cost of an employee to a business. Most of those costs don't scale down with less work. Think recruitment, most benefits, management, much office equipment/floor space, IT overhead, training...
Also, most employees not don't do fungible factory work anymore. Putting 25% more workers on a project doesn't get 25% more done. For any job with a high burden of communication or analysis (i.e. most knowledge worker jobs that aren't easily automated), every hour is more productive than the last up to the point the worker gets tired and quality drops.
If employees are actually working productively 40 hours a week (and not just seat-warming and fiddling with facebook because it's expected), then dropping to 32 hours would be a drastic reduction in productivity and would eliminate a whole lot of marginal workers and companies. (If they are just seat-warming, you could just let them go home but that wouldn't reduce unemployment)
If you want to do work-sharing without messing everything up, either figure out how to reduce per-employee fixed overhead (more cash pay, less benefits, more telecommuting, less ability to sue your employer, more off-job training... basically make everyone a contractor) or do it more long-term, like making working 4 out of 5 years the norm
Wikipedia made it official policy that all biographies are uncritical fan-sites years ago.