Is Puppy Linux a fully versioned file system? With each new track that it writes, it saves my files. Does it also remember my deletes? Does it have user-initiated write-back capability, forcing a new track even before shutdown?
If so, wow - we have a fully-versioned archiving live filesystem. If I totally destroy something in the system during one particular session (and write it out not realizing the problem), (and assuming I don't hose the ability to write out my session) I should theoretically be able to boot back to a previous version and continue on.
This should be immensely popular among distro creators, full-tilt hobbyists, configuration management specialists, and quality assurance people.
Additionally, because it keeps track of everything, the computer intrusion forensics people should benefit from the permanent archival of the "every step you take" kinds of information. You just have to reboot or write back between every major change.
Not to mention, you no longer need to remind yourself to make backups.
...that additional bit of job security if layoffs might be in the near future.
LOL! I wrote some patents, and during layoffs, I was among the first to go - in many government contracting shops, writing patents is expressly an overhead (non-billable) activity, and when the bean counters review the quarterly billability, anyone writing patents comes out on the bottom!
Don't think for an instant that just because you have a good idea, the company thinks its worth (its) money to stake a claim.
I agree with your first two points to some extent.
3.) One big problem with bringing energy from outside the Earth to Earth in any form: the earth is too darned hot to begin with, and only getting warmer. We really ought to address the whole global-warming issue before we start importing more energy.
Providing a fossil-less method of energy production will reduce global warming by doing away with a large share of greenhouse gases.
Also, the amount of concentrated energy added to earth by the mirror can only be as great as the collection surface area of the mirror. Unless you are talking Dyson-esque proportions, the ratio of the mirror area to the Earth's cross section is infinitessimal. We wouldn't be adding a noticeable amount of energy - just concentrating a small part of it on a receptor location.
Imagine if terrorists managed to hack into the mirror's aiming mechanism.
Less fearful than if terrorists hacked into a nuclear reactor control center, or power grid control, or even water filtration systems. At least with a mirror, you'd "see it coming." (grin)
Mr. Benefits-of-Space, meet Mrs. Practicalities of Terra. Let's combine both ideas: imagine a parabolic orbiting space mirror to reflect and concentrate sunlight, aimed at an equatorial solar collection farm.
Problem of collecting sunlight in space, solved. Problem of transmitting energy to surface, solved. Problem of distributing cheap power to equatorial regions, solved. Continuous day/night operation, (mostly) solved. Problem of periodic upgrades/repairs to solar collection system, simple. Can someone tell me what is wrong with this idea?
[Scientists, is it possible to increase the incident watts/m^2 by concentrating sunlight? Would the solar panels benefit by receiving concentrated sunlight, and if so, what is the saturation point? Concentrate sunlight, then refactor your cost per watt...]
Interesting points, all. The risk is allowing the cable companies to dictate to us what the definition of "PVR" (or DVR) is.
Some questions for the Cable DVR advocates: 1. How is Cable DVR going to overcome the latency problems? Read prior posts about Comcast's OnDemand issues, vis., pressing stop and waiting 3 seconds for a response.
2. How is Cable DVR going to improve availability over a user-owned TiVo? More than HALF the time, when I flip to OnDemand, I see the message "Initializing the File Loader" (WTF does that mean, anyway?) for a full 30-45 seconds. 1/8 of the time, I get "Error Initializing the File Loader." Is this going to go away any time soon? Would I expect that this type of thing WON'T happen with the DVR service?
3. How many hours of storage is Comcast going to offer me, and for how long? As is, I can store content on my ReplayTV indefinitely. I have some shows going back 2-3 years on mine. If I canceled my subscription to ReplayTV, my content would still be there. True of Comcast DVR? Hardly.
The difference here, folks, is the same as with telephone answering machines versus telco-run voice mail, but with all of the problems and few of the benefits. You might get more viewability options and "survivability" (e.g., local house power failure won't take down Comcast's DVR) but there will be limits on box size and length of message storage.
I bought a ReplayTV in late 2000 (Panasonic Showstopper 1000), paid for the lifetime subscription, upgraded the HD to 120 Gb (largest it will go), cleaned the remote 4+ times, lost the IR blaster years ago (anyone care to sell me one?) and I'm still going strong.
512 = 2^9, which is very much smaller than the 2^160 bits...
Good catch, I meant to say the 2^9 possible combinations are far fewer than the 2^160 possible hashes.
By changing just the last 512-bit block of the text I can generate 2^512 different inputs for SHA-1...
True, and by doing that, you are bound to find two hashes that are identical with high probability; however,
there is no assurance that the algorithm will generate a repeat of the specific hash value that you want (that would assume uniformity of the function, which may be true) and
even at a billion rehashes/second, this will take on order of 1x10^143 years to accomplish.
Now, with birthday paradoxes, you would not likely need to generate all these combinations... and with the claim of the alleged paper going around, you would not really need to generate many combinations at all!
I believe the attack you describe would only work if the legitimate data you wished to change occurred in the same block as the dummy pad.
SHA-1 breaks data into 512 bit blocks and processes each block independently - then it adds the result to 5 registers and processes the next block. If you wished to silently change some important piece of data using the state-saving technique, you'd have to find a pad within the same 512 bit block and modify it in such a way to get the same output state as the original unmodified block.
512 = 2^9, which is very much smaller than the 2^160 bits that must exactly match, so the probability of success using this technique is infinitessimal. Put another way, the cryptographer reviewers probably thought about this initially and quickly ruled it out.
As a side-bar, is the FTSH acronym pronounced... fetish?
All kidding aside, this sounds like a great idea.
As for the comments about encouraging sloppy code, it is clear those posters have never worked in demanding moving-target environments. The kinds of errors encountered cannot be solved easily in code - this extension would help.
As for the comments on "you can do this in Perl, Python, and ", this is true, but if I know Bash and want tolerance, why should I have to learn a new language to get it? Likely all I'm doing is copying files, forking off subprocesses, and the like.
For the comments on "why another shell," I would tend to agree that it would be best integrated into Bash - but then, you change the implementation of Bash, create incompatible situations, and have to retest volumes of existing scripts. It's best to have this as a separate shell with close look/feel semantics to Bash (or Csh).
I wonder how the typical American IT company accounts for risk in their cost model when trying to decide whether to outsource. Risks can come from several factors:
Import/export laws governing types of code/technology transfer to a certain country, noting that laws change with the wind depending on who's in power
Economic equity, e.g., how well the rupee is doing against the dollar
Labor policy disparity - American unions vs. Indian unions in non-IT related firms
Another way to look at it - offshore outsourcing seems to have some of the same risks as telecommuting, for both the companies and the employees... and look how well telecommuting has been accepted in the U.S.!
Whatever you do, avoid external dependencies - e.g., downloading patches from the Microsoft web site. Their link then becomes the bottleneck.
Some other points on demos:
Determine your specific audience beforehand, and tailor to them specifically. Is the CEO a numbers-guy? If not, don't waste time showing bar graphs and such.
Demo failure probabilities are equal to the criticality of the project multiplied by the importance of the audience. Have a backup somehow.
Demo attendance rates are notoriously low; you might spend 2 weeks preparing the ultimate demo, only to have the CEO not come because "they had to be in Dallas" or something (and then they never show up, ever).
A business-relevant demo is better than downloading DVDs of Britney Spears or whatever. Any non-business relevant demo (including the War and Peace suggestion, sorry) might side-track the thought process, or you might end up looking like a reckloose.
Have a demo script, and dry run the demo beforehand. One time, we were showing a satellite control center system, and feeling proud of the capabilities of the NTP server, the communications systems lead manually set the NTP master clock back by 6 hours. This of course crashed all the database and realtime software since many of the calculations are based on delta times. Needless to say, that act of wanton stupidity was unrehearsed..
My 2 cents, and I've done quite a few of these over the years.
"Our service can reach into areas that others don't, because the power network is the most pervasive on the planet. It's where the phones aren't and the cable isn't."
Not to mention, we'll save a FORTUNE avoiding tech support calls from the people without phones...:-)
The article mentions various hardships involved with sending a probe to Mars, and after reading it, I'm left to assume that the CNN screen-bottom taglines Christmas morning will read, "ESA probe lost on Mars reentry..." [If the craft didn't originate from Mars, shouldn't it be called "entry"? But I digress.]
I wonder if the article is fairly judging the likelihood of failure of Beagle under these circumstances. Isn't it generally hard to send a probe to Mars? If it's so hard, and so gloom-and-doom, why do we bother at all? I counter that it is hard, but that the engineers and the launch controllers (often forgot!) will pull it off.
Has any American news agency given a good treatise on the hazards encountered by American probes being sent, and if so, were we so awe-struck that any of our probes ever made it?
I think that the usual doom and gloom applies to most anything space-oriented, and we should not be especially ruffled at the hazards outlined in the article. This sounds like another case of artificial drama pumping to sell a few hits of a webpage.
This was a ridiculous and non-helpful article. Basically, Stellmack took a simple weekend job and exploded it into a major home renovation project, complete with project managers, subcontractors, rackmounts, and more. It is unbelievable. I'll cover a few points because nobody is reading this and I need to move on to saner pastures.
First, 100Mb does not mean 100Mb to the Internet. He places emphasis on future proofing, but is seemingly unaware that no matter how fast the inside wire is, it's only 10Mb MAX coming in from cable modem (and only 128Kb going out, 256kb if you buy the business version).
Security and interference are generally the #1 concerns of wireless, not speed. If you do wireless (which he did anyway!), it should only be because you are not willing/unable based on your lease from doing this. Security was not emphasized enough in the article.
If building a new house, have the plumber (that's right, the plumber, the only one qualified to do this by code) run a 2nd floor conduit from the basement to the attic. It's basically a 1+3/4" PVC pipe initially capped on both ends for fire safety reasons. When they installed my alarm system (w/2nd floor smoke detector), the guys danced with joy that I had this, and it saved them about an hour.
For contractors, he mentioned having a hard time finding them. Consider security alarm vendors; they deal with CAT 3 all over the place, and would be glad to have the business.
If you're doing this for real, you don't have to contract: Home Depot sells Ideal products that do the job and give you combo jacks, RJ-45, and the phone installation.
Note that Cat 6 is NOT future proof. My guess is he will have to string fiber anyway eventually. Go with 5e for now. Also, the phone only needs CAT3. Anything higher is overkill. Cat3 is about half the cost of Cat5.
On a different subject, the picture of Stellmack's nearly-finished basement - I'm concerned that bottom piece of drywall only has a single row of screws in it. Should have a duoble row like the top one. Also, why are your jacks more than 2' off the floor? Be aware of codes.
Further ridiculousness includes "torpedo leveling the wall plates to make them even" [termination heading for home stretch] Nobody, and I mean NOBODY torpedo levels a wall plate. What a farce.
Note on bolting the rack to the floor: the contractor is using a hammer drill with a tungsten carbide bit, and this isn't pointed out in the article. Also, older concrete is very hard to drill into, hammer or no. This step is not to be taken lightly. Also, hammer drills can make about 100dB of noise in confined spaces, so better wear ear protection. I used one to do this and the noise hurt like hell. Also, if you have old concrete, plan on getting only 4 HOLES PER DRILLBIT before the bit breaks or grinds down. At $4/bit, this is a costly proposition. (I once tried to anchor wall plates via concrete bolts, and a contractor chuckled and said, "use liquid nails.")
My verdict: Stellmack is a fool with too much money on his hands. He could have done the job more simply, with better results, more personal satisfaction, had the job completed more quickly, and saved a ton of money. Though he doesn't mention it, with the amount and involvement of the contractors, the time taken to do "interviews" (no kidding, he INTERVIEWED the contractor!) I'm guessing his project cost about $7,500 including equipment. Might be more like $10k.
I guess that, based on the inclusion of the interview and the sycophantic praise of the contractor, Stellmack received some credit for the contractor's services in exchange for the publicity by means of this article. The article's message is that you need a contractor to do this kind of thing, that there's no way you can get it right unless you treat this like a huge project, and you'd better call this particular contractor.
I heard bad things about Tom's, now I'm beginning to witness them firsthand.
If he/she is trying to "keep my marketable skills sharp," yet writing simple code with printfs results in "debugging really bizare behavior," then perhaps they're in the wrong market.
Now, nothing personal, this is pure professional criticism, but the thought of folks like this sickens me across many levels:
They pick a languange purely for the marketable skills potential, not for fitness of purpose;
Resumes never reflect true competency in a skill, and HR departments can't tell the difference because they lack expertise (quasi-understandable);
As a result, I end up having to work with these bozos who stay in a job just long enough to create incomprehensible code that I have to then go back over and fix mere hours before a deadline.
Learn to program, learn to debug, and learn to tell when you should be giving advice to others and when you should keep your mouth shut.
C is perfectly acceptable for many uses, and Delphi I'm guessing is also good - but choose it for the right reasons, please, for all our sakes.
It used to be that Fortran held the market on formatted I/O parameters; you had Hollerith output, spaces, tabs, etc. which made it good for reading pregenerated ASCII reports.
When I switched out of engineering and into computer science, I found that C's (and C++'s) printf/scanf supported the same rich lexical scanning constructs but did it in a different manner.
Some reasons to use FORTRAN: legacy maintenance, well, that's all I can think of; if you want to link to numeric libraries written in FORTRAN but compiled, you can do that from C.
Some reasons to use C: faster, available on all platforms, and very readable. The line numbers in FORTRAN and indiscriminate GOTO's makes it hard to trace program flow. C encourages gotoless coding practices and, IMHO, is easier to read.
If debugging is a problem for you, I'd wager you have a lot of memory problems - undefined references, bus errors, and such. Use Java if you can, it combines readability with automatic memory management. Not sure how rich the libraries are for numeric, but you can use JNI to link to some FORTRAN ones if you absolutely have to.
I am intrigued by your endeavor on how to teach programming to [I assume] first year CS students. I believe the concept model is the best way to go, as you suggest, and the list you provide is a good coverage.
My own personal experience working in various companies and settings, from large scale software house to small R&D group, has taught me that the best programmers are people who can think like the machine. Bar none, that is the best metric of success as a programmer.
So how does one learn to think like a machine? Experience is the only way.
I would suggest that you take your list of what you want to teach, and extend each by coming up with a real-world example that can best be represented by the technique you wish to illustrate. For instance, designing a boolean algebra reducer is a good illustration of functional programming - I forget the exact terms, but it has to do with more mathematical programming. A telephone address book is a good introduction to data structures and procedural and object-oriented programming.
I cannot add to your list, but I can suggest that carefully-chosen examples are the best way to get the point across and your students will identify with them better and remember them long after the semester ends. Remember the first time you implemented a stack? I could quote you code from mine:-)
Actually, he becomes the *first* outworlder that the Ewoks on Endor hook up to a spit and roast for food... except that unlike Han, Chewie, Luke, and Leia, he doesn't have a golden "god" or a force-boy available to frighten ewoks and get him out of trouble.
In fact, his wit and charm hasten the Ewoks in their lunchtime endeavor... miscellaneous grunting translates to:
"quick! cook him up!"
"But why, shouldn't we be kind to strangers?"
"What? Let him live? And forgo all the product endorsements, scads of sappy animated TV shows, and other drivel because of Mr. Big Flapears?"
I thought this was a joke, but this apparently is reality. Use of Passport to authenticate U.S. citizens at websites and act as a single sign-on to receive private data is a flawed idea. Passport authentication is not based on cryptography, and therefore is vulnerable to capture and replay attacks; Passport issuance is indiscriminate, at best; and a private corporation would become the sole owner of private data.
A paper by Kormann and Rubin at Bell Labs discusses most of these attack scenarios. K&R are not anti-Microsoft - they are researchers that raise valid technical concerns. There is also a (weak) rebuttal by Microsoft, which misses many of the points of the Kormann Rubin paper.
Also, what happened to the ACES project, where they were going to issue digital certificates to citizens for precisely this purpose?
Despite your feelings about Microsoft, their Passport product is a bad implementation. It is cookie-based, and is trying to use cookies for a purpose they were never intended to fulfill.
Please examine these references, and include mention of them in your letters to congressfolk:
Kormann and Rubin paper: http://avirubin.com/passport.html
Microsoft Rebuttal: http://www.passport.com/Press/RubinKormann.asp?lc= 1033
ACES: http://www.digsigtrust.com/federal/aces.html
Please be informed. This is really bad on a lot of levels.
The practicality of monitoring a large stream of packets sure outweighs the possibility of invasion of a specific person's privacy. In other words, are they interested in Little Ole Me so much that they'll log all my packets, and trace my behavior, or are they just trending the entire population for likes/dislikes?
I could almost agree with packet interception if it is for the purpose of improving quality of service.
I think we're all just terribly shell-shocked of possible rights violations due to the behavior of well-known corporations, e.g., MS, comcast, the phone company, etc.
I searched this discussion for "Auth", and found no sufficient discussion of authentication in Microsoft.NET Passport. So I feel compelled to write, since I hold that the claims of the letter are false.
As part of an evaluation study, I decided to create a few Passports to understand what level of authentication Microsoft was performing to bind the Passport to the user, also called 'principal.' In the security community, there are three kinds of principal authenticators, specifically, (1) something you have, (2) something you know, or (3) something you are. An "authentication factor" refers to how many of these authenticators you possess. A driver's license is a two-factor authentication system as it authenticates based on something you have (the license) and something you are (your photo). Digital signature certificates used with signing software authenticate on something you have (the private key) and something you know (the password to use the key), and are also two-factor authentication. Biometric systems can effect 3-factor authentication. There are many other examples.
Obviously, the more factors you have, the more strong the binding is between your claimed identity and your actual self.
Microsoft Passport, by experimental determination, is a single factor authentication system (knowledge of username and associated password). This, in general, is not good when it comes to things like online purchases, but it is excellent if the idea is to maintain anonymity of the principal.
Try it out. You can go to www.passport.com, and sign up for a password using a ficticious e-mail account. The e-mail address does not have to match any actual address, it just has to be in the "foo@bar.com" format. So, even though Microsoft claims to authenticate to an e-mail account, which in turn would defer authentication to the maintainer of the account (bar.com supposedly knows who user 'foo' is), it really does not. I could register a Passport in the name BGates@msn.com if I wanted to. MS would never send any note to BGates@msn.com and ask, "is this your Passport?"
Why didn't this point come up in the open letter? Well, for one, it could be that the authors did not actually experiment with Passport prior to writing; all of the Microsoft literature leads one to believe that the e-mail address is authenticated. [There are numerous e-mail authentication examples in use; join any mailing list, and you will often get an e-mail, "reply to this and you'll be added". That is at least some authentication that you can access the e-mail account that you claim is yours.] Paperware analysis could lead the authors to wrongly conclude that the e-mail is actually authenticated.
A different, more sinister and self-serving reason is that it would refute the claims of the open letter! If Microsoft does not authenticate e-mails, then one can pick any identity when registering for a Passport. If the identity on the Passport is meaningless, then the identity of the holder is meaningless, and it therefore follows that there aren't any privacy or protection issues at all. MS would essentially be tracking the surfing habits of some unknown user.
In conclusion, the issue of my post is not that Passport is evil or Microsoft is vying for a monopoly. The issue is that there is an unfounded fear and paranoia about security, privacy, tracing surfing habits, selling information and e-mail spam related to.NET Passport that really does not exist... because Microsoft does not authenticate the e-mail address used to register the Passport. Never. Nada.
Are the cable companies gonna stipulate that you can't do anything for a business from
home, even browsing the web?
The choice to restrict VPN usage on a "home" account is a mere legal implementation of their true desire, which is to limit the nature of your access to their service or at least charge for the difference. This is a issue of value, driven by supply and demand.
The question before us is when is this policy going to extend in other directions, say to TV, and is it enforceable?
It would seem natural that if I'm a financial analyst, and I work at home and watch cable television to see the stock tickers/financial info, then I should logically be paying more for this than someone who watches Survivor reruns.
Does this mean there will be a policy stating that I am not allowed to use cable for television in such a manner unless I upgrade to the business class product?
I think what the cable companies see here is that bits, to some extent, are auditable - and that they seek to make use of auditing to control how their resources are utilized.
Cryptography, however, by its very nature impedes analysis of these bits. How are they going to prove an 'https' stream is used for business or pleasure?
The answer is, they can't. Will they realize this and stop crafting more silly policies? They won't.
What we're observing is technical "stair-stepping."
At the time Hubble was conceived, ground telescope technology had run into a brick wall, specifically, atmospheric distortion. The solution? Well, fly above the atmosphere, and that's how Hubble was born.
25+ years since the era in which Hubble was designed, we now see that computers, optics, and control mechanisms have advanced to near-Asimov proportions - this has produced the ability to make a mirror that can compensate for the earth's atmosphere and optically eliminate its effects. So now, the Paranal facility (Keck, and others) can claim optical superiority over Hubble.
The next step, of course, is to apply similar anti-distortion and image linking techniques to a spaceborne observatory. Call this "Hubble 2" (or "Son of Hubble," "Hubble TNG," "Hubble AOTC," whatever fits).
The issue of image perfection and space orbservatories is a matter of economics - it's always tougher to build things to go into space rather than similar ground-based systems, and so Hubble 2 might be a long time coming. When it arrives, though, Paranal will just seem like chaffe.
Slashdot Mirror
Is Puppy Linux a fully versioned file system? With each new track that it writes, it saves my files. Does it also remember my deletes? Does it have user-initiated write-back capability, forcing a new track even before shutdown?
If so, wow - we have a fully-versioned archiving live filesystem. If I totally destroy something in the system during one particular session (and write it out not realizing the problem), (and assuming I don't hose the ability to write out my session) I should theoretically be able to boot back to a previous version and continue on.
This should be immensely popular among distro creators, full-tilt hobbyists, configuration management specialists, and quality assurance people.
Additionally, because it keeps track of everything, the computer intrusion forensics people should benefit from the permanent archival of the "every step you take" kinds of information. You just have to reboot or write back between every major change.
Not to mention, you no longer need to remind yourself to make backups.
LOL! I wrote some patents, and during layoffs, I was among the first to go - in many government contracting shops, writing patents is expressly an overhead (non-billable) activity, and when the bean counters review the quarterly billability, anyone writing patents comes out on the bottom!
Don't think for an instant that just because you have a good idea, the company thinks its worth (its) money to stake a claim.
3.) One big problem with bringing energy from outside the Earth to Earth in any form: the earth is too darned hot to begin with, and only getting warmer. We really ought to address the whole global-warming issue before we start importing more energy.
Providing a fossil-less method of energy production will reduce global warming by doing away with a large share of greenhouse gases.
Also, the amount of concentrated energy added to earth by the mirror can only be as great as the collection surface area of the mirror. Unless you are talking Dyson-esque proportions, the ratio of the mirror area to the Earth's cross section is infinitessimal. We wouldn't be adding a noticeable amount of energy - just concentrating a small part of it on a receptor location.
Imagine if terrorists managed to hack into the mirror's aiming mechanism.
Less fearful than if terrorists hacked into a nuclear reactor control center, or power grid control, or even water filtration systems. At least with a mirror, you'd "see it coming." (grin)
Mr. Benefits-of-Space, meet Mrs. Practicalities of Terra. Let's combine both ideas: imagine a parabolic orbiting space mirror to reflect and concentrate sunlight, aimed at an equatorial solar collection farm.
Problem of collecting sunlight in space, solved. Problem of transmitting energy to surface, solved. Problem of distributing cheap power to equatorial regions, solved. Continuous day/night operation, (mostly) solved. Problem of periodic upgrades/repairs to solar collection system, simple. Can someone tell me what is wrong with this idea?
[Scientists, is it possible to increase the incident watts/m^2 by concentrating sunlight? Would the solar panels benefit by receiving concentrated sunlight, and if so, what is the saturation point? Concentrate sunlight, then refactor your cost per watt...]
Interesting points, all. The risk is allowing the cable companies to dictate to us what the definition of "PVR" (or DVR) is.
Some questions for the Cable DVR advocates:
1. How is Cable DVR going to overcome the latency problems? Read prior posts about Comcast's OnDemand issues, vis., pressing stop and waiting 3 seconds for a response.
2. How is Cable DVR going to improve availability over a user-owned TiVo? More than HALF the time, when I flip to OnDemand, I see the message "Initializing the File Loader" (WTF does that mean, anyway?) for a full 30-45 seconds. 1/8 of the time, I get "Error Initializing the File Loader." Is this going to go away any time soon? Would I expect that this type of thing WON'T happen with the DVR service?
3. How many hours of storage is Comcast going to offer me, and for how long? As is, I can store content on my ReplayTV indefinitely. I have some shows going back 2-3 years on mine. If I canceled my subscription to ReplayTV, my content would still be there. True of Comcast DVR? Hardly.
The difference here, folks, is the same as with telephone answering machines versus telco-run voice mail, but with all of the problems and few of the benefits. You might get more viewability options and "survivability" (e.g., local house power failure won't take down Comcast's DVR) but there will be limits on box size and length of message storage.
I bought a ReplayTV in late 2000 (Panasonic Showstopper 1000), paid for the lifetime subscription, upgraded the HD to 120 Gb (largest it will go), cleaned the remote 4+ times, lost the IR blaster years ago (anyone care to sell me one?) and I'm still going strong.
Good catch, I meant to say the 2^9 possible combinations are far fewer than the 2^160 possible hashes.
By changing just the last 512-bit block of the text I can generate 2^512 different inputs for SHA-1...
True, and by doing that, you are bound to find two hashes that are identical with high probability; however,
Now, with birthday paradoxes, you would not likely need to generate all these combinations... and with the claim of the alleged paper going around, you would not really need to generate many combinations at all!
SHA-1 breaks data into 512 bit blocks and processes each block independently - then it adds the result to 5 registers and processes the next block. If you wished to silently change some important piece of data using the state-saving technique, you'd have to find a pad within the same 512 bit block and modify it in such a way to get the same output state as the original unmodified block.
512 = 2^9, which is very much smaller than the 2^160 bits that must exactly match, so the probability of success using this technique is infinitessimal. Put another way, the cryptographer reviewers probably thought about this initially and quickly ruled it out.
It sounds like Frederik Pohl's The World at the End of Time.
As a side-bar, is the FTSH acronym pronounced... fetish?
All kidding aside, this sounds like a great idea.
As for the comments about encouraging sloppy code, it is clear those posters have never worked in demanding moving-target environments. The kinds of errors encountered cannot be solved easily in code - this extension would help.
As for the comments on "you can do this in Perl, Python, and ", this is true, but if I know Bash and want tolerance, why should I have to learn a new language to get it? Likely all I'm doing is copying files, forking off subprocesses, and the like.
For the comments on "why another shell," I would tend to agree that it would be best integrated into Bash - but then, you change the implementation of Bash, create incompatible situations, and have to retest volumes of existing scripts. It's best to have this as a separate shell with close look/feel semantics to Bash (or Csh).
... then pick one up cheap at a Hamfest.
- Import/export laws governing types of code/technology transfer to a certain country, noting that laws change with the wind depending on who's in power
- Economic equity, e.g., how well the rupee is doing against the dollar
- Labor policy disparity - American unions vs. Indian unions in non-IT related firms
Another way to look at it - offshore outsourcing seems to have some of the same risks as telecommuting, for both the companies and the employees... and look how well telecommuting has been accepted in the U.S.!Some other points on demos:
My 2 cents, and I've done quite a few of these over the years.
The article mentions various hardships involved with sending a probe to Mars, and after reading it, I'm left to assume that the CNN screen-bottom taglines Christmas morning will read, "ESA probe lost on Mars reentry..." [If the craft didn't originate from Mars, shouldn't it be called "entry"? But I digress.]
I wonder if the article is fairly judging the likelihood of failure of Beagle under these circumstances. Isn't it generally hard to send a probe to Mars? If it's so hard, and so gloom-and-doom, why do we bother at all? I counter that it is hard, but that the engineers and the launch controllers (often forgot!) will pull it off.
Has any American news agency given a good treatise on the hazards encountered by American probes being sent, and if so, were we so awe-struck that any of our probes ever made it?
I think that the usual doom and gloom applies to most anything space-oriented, and we should not be especially ruffled at the hazards outlined in the article. This sounds like another case of artificial drama pumping to sell a few hits of a webpage.
This was a ridiculous and non-helpful article. Basically, Stellmack took a simple weekend job and exploded it into a major home renovation project, complete with project managers, subcontractors, rackmounts, and more. It is unbelievable. I'll cover a few points because nobody is reading this and I need to move on to saner pastures.
First, 100Mb does not mean 100Mb to the Internet. He places emphasis on future proofing, but is seemingly unaware that no matter how fast the inside wire is, it's only 10Mb MAX coming in from cable modem (and only 128Kb going out, 256kb if you buy the business version).
Security and interference are generally the #1 concerns of wireless, not speed. If you do wireless (which he did anyway!), it should only be because you are not willing/unable based on your lease from doing this. Security was not emphasized enough in the article.
If building a new house, have the plumber (that's right, the plumber, the only one qualified to do this by code) run a 2nd floor conduit from the basement to the attic. It's basically a 1+3/4" PVC pipe initially capped on both ends for fire safety reasons. When they installed my alarm system (w/2nd floor smoke detector), the guys danced with joy that I had this, and it saved them about an hour.
For contractors, he mentioned having a hard time finding them. Consider security alarm vendors; they deal with CAT 3 all over the place, and would be glad to have the business.
If you're doing this for real, you don't have to contract: Home Depot sells Ideal products that do the job and give you combo jacks, RJ-45, and the phone installation.
Note that Cat 6 is NOT future proof. My guess is he will have to string fiber anyway eventually. Go with 5e for now. Also, the phone only needs CAT3. Anything higher is overkill. Cat3 is about half the cost of Cat5.
On a different subject, the picture of Stellmack's nearly-finished basement - I'm concerned that bottom piece of drywall only has a single row of screws in it. Should have a duoble row like the top one. Also, why are your jacks more than 2' off the floor? Be aware of codes.
Further ridiculousness includes "torpedo leveling the wall plates to make them even" [termination heading for home stretch] Nobody, and I mean NOBODY torpedo levels a wall plate. What a farce.
Note on bolting the rack to the floor: the contractor is using a hammer drill with a tungsten carbide bit, and this isn't pointed out in the article. Also, older concrete is very hard to drill into, hammer or no. This step is not to be taken lightly. Also, hammer drills can make about 100dB of noise in confined spaces, so better wear ear protection. I used one to do this and the noise hurt like hell. Also, if you have old concrete, plan on getting only 4 HOLES PER DRILLBIT before the bit breaks or grinds down. At $4/bit, this is a costly proposition. (I once tried to anchor wall plates via concrete bolts, and a contractor chuckled and said, "use liquid nails.")
My verdict: Stellmack is a fool with too much money on his hands. He could have done the job more simply, with better results, more personal satisfaction, had the job completed more quickly, and saved a ton of money. Though he doesn't mention it, with the amount and involvement of the contractors, the time taken to do "interviews" (no kidding, he INTERVIEWED the contractor!) I'm guessing his project cost about $7,500 including equipment. Might be more like $10k.
I guess that, based on the inclusion of the interview and the sycophantic praise of the contractor, Stellmack received some credit for the contractor's services in exchange for the publicity by means of this article. The article's message is that you need a contractor to do this kind of thing, that there's no way you can get it right unless you treat this like a huge project, and you'd better call this particular contractor.
I heard bad things about Tom's, now I'm beginning to witness them firsthand.
Now, nothing personal, this is pure professional criticism, but the thought of folks like this sickens me across many levels:
Learn to program, learn to debug, and learn to tell when you should be giving advice to others and when you should keep your mouth shut.
C is perfectly acceptable for many uses, and Delphi I'm guessing is also good - but choose it for the right reasons, please, for all our sakes.
When I switched out of engineering and into computer science, I found that C's (and C++'s) printf/scanf supported the same rich lexical scanning constructs but did it in a different manner.
Some reasons to use FORTRAN: legacy maintenance, well, that's all I can think of; if you want to link to numeric libraries written in FORTRAN but compiled, you can do that from C.
Some reasons to use C: faster, available on all platforms, and very readable. The line numbers in FORTRAN and indiscriminate GOTO's makes it hard to trace program flow. C encourages gotoless coding practices and, IMHO, is easier to read.
If debugging is a problem for you, I'd wager you have a lot of memory problems - undefined references, bus errors, and such. Use Java if you can, it combines readability with automatic memory management. Not sure how rich the libraries are for numeric, but you can use JNI to link to some FORTRAN ones if you absolutely have to.
Wearable screens means one thing,
We Could All Look Like Teletubbies!!
gack...
My own personal experience working in various companies and settings, from large scale software house to small R&D group, has taught me that the best programmers are people who can think like the machine. Bar none, that is the best metric of success as a programmer.
So how does one learn to think like a machine? Experience is the only way.
I would suggest that you take your list of what you want to teach, and extend each by coming up with a real-world example that can best be represented by the technique you wish to illustrate. For instance, designing a boolean algebra reducer is a good illustration of functional programming - I forget the exact terms, but it has to do with more mathematical programming. A telephone address book is a good introduction to data structures and procedural and object-oriented programming.
I cannot add to your list, but I can suggest that carefully-chosen examples are the best way to get the point across and your students will identify with them better and remember them long after the semester ends. Remember the first time you implemented a stack? I could quote you code from mine :-)
Best wishes.
Actually, he becomes the *first* outworlder that the Ewoks on Endor hook up to a spit and roast for food... except that unlike Han, Chewie, Luke, and Leia, he doesn't have a golden "god" or a force-boy available to frighten ewoks and get him out of trouble.
In fact, his wit and charm hasten the Ewoks in their lunchtime endeavor... miscellaneous grunting translates to:
"quick! cook him up!"
"But why, shouldn't we be kind to strangers?"
"What? Let him live? And forgo all the product endorsements, scads of sappy animated TV shows, and other drivel because of Mr. Big Flapears?"
"Yes, my elders. I see now."
"See all you want. Pass the barbeque sauce..."
A paper by Kormann and Rubin at Bell Labs discusses most of these attack scenarios. K&R are not anti-Microsoft - they are researchers that raise valid technical concerns. There is also a (weak) rebuttal by Microsoft, which misses many of the points of the Kormann Rubin paper.
Also, what happened to the ACES project, where they were going to issue digital certificates to citizens for precisely this purpose?
Despite your feelings about Microsoft, their Passport product is a bad implementation. It is cookie-based, and is trying to use cookies for a purpose they were never intended to fulfill.
Please examine these references, and include mention of them in your letters to congressfolk:
Kormann and Rubin paper: http://avirubin.com/passport.html= 1033
Microsoft Rebuttal: http://www.passport.com/Press/RubinKormann.asp?lc
ACES: http://www.digsigtrust.com/federal/aces.html
Please be informed. This is really bad on a lot of levels.
The practicality of monitoring a large stream of packets sure outweighs the possibility of invasion of a specific person's privacy. In other words, are they interested in Little Ole Me so much that they'll log all my packets, and trace my behavior, or are they just trending the entire population for likes/dislikes? I could almost agree with packet interception if it is for the purpose of improving quality of service. I think we're all just terribly shell-shocked of possible rights violations due to the behavior of well-known corporations, e.g., MS, comcast, the phone company, etc.
As part of an evaluation study, I decided to create a few Passports to understand what level of authentication Microsoft was performing to bind the Passport to the user, also called 'principal.' In the security community, there are three kinds of principal authenticators, specifically, (1) something you have, (2) something you know, or (3) something you are. An "authentication factor" refers to how many of these authenticators you possess. A driver's license is a two-factor authentication system as it authenticates based on something you have (the license) and something you are (your photo). Digital signature certificates used with signing software authenticate on something you have (the private key) and something you know (the password to use the key), and are also two-factor authentication. Biometric systems can effect 3-factor authentication. There are many other examples.
Obviously, the more factors you have, the more strong the binding is between your claimed identity and your actual self.
Microsoft Passport, by experimental determination, is a single factor authentication system (knowledge of username and associated password). This, in general, is not good when it comes to things like online purchases, but it is excellent if the idea is to maintain anonymity of the principal.
Try it out. You can go to www.passport.com, and sign up for a password using a ficticious e-mail account. The e-mail address does not have to match any actual address, it just has to be in the "foo@bar.com" format. So, even though Microsoft claims to authenticate to an e-mail account, which in turn would defer authentication to the maintainer of the account (bar.com supposedly knows who user 'foo' is), it really does not. I could register a Passport in the name BGates@msn.com if I wanted to. MS would never send any note to BGates@msn.com and ask, "is this your Passport?"
Why didn't this point come up in the open letter? Well, for one, it could be that the authors did not actually experiment with Passport prior to writing; all of the Microsoft literature leads one to believe that the e-mail address is authenticated. [There are numerous e-mail authentication examples in use; join any mailing list, and you will often get an e-mail, "reply to this and you'll be added". That is at least some authentication that you can access the e-mail account that you claim is yours.] Paperware analysis could lead the authors to wrongly conclude that the e-mail is actually authenticated.
A different, more sinister and self-serving reason is that it would refute the claims of the open letter! If Microsoft does not authenticate e-mails, then one can pick any identity when registering for a Passport. If the identity on the Passport is meaningless, then the identity of the holder is meaningless, and it therefore follows that there aren't any privacy or protection issues at all. MS would essentially be tracking the surfing habits of some unknown user.
In conclusion, the issue of my post is not that Passport is evil or Microsoft is vying for a monopoly. The issue is that there is an unfounded fear and paranoia about security, privacy, tracing surfing habits, selling information and e-mail spam related to .NET Passport that really does not exist... because Microsoft does not authenticate the e-mail address used to register the Passport. Never. Nada.
The choice to restrict VPN usage on a "home" account is a mere legal implementation of their true desire, which is to limit the nature of your access to their service or at least charge for the difference. This is a issue of value, driven by supply and demand.
The question before us is when is this policy going to extend in other directions, say to TV, and is it enforceable?
It would seem natural that if I'm a financial analyst, and I work at home and watch cable television to see the stock tickers/financial info, then I should logically be paying more for this than someone who watches Survivor reruns.
Does this mean there will be a policy stating that I am not allowed to use cable for television in such a manner unless I upgrade to the business class product?
I think what the cable companies see here is that bits, to some extent, are auditable - and that they seek to make use of auditing to control how their resources are utilized.
Cryptography, however, by its very nature impedes analysis of these bits. How are they going to prove an 'https' stream is used for business or pleasure?
The answer is, they can't. Will they realize this and stop crafting more silly policies? They won't.
What we're observing is technical "stair-stepping."
At the time Hubble was conceived, ground telescope technology had run into a brick wall, specifically, atmospheric distortion. The solution? Well, fly above the atmosphere, and that's how Hubble was born.
25+ years since the era in which Hubble was designed, we now see that computers, optics, and control mechanisms have advanced to near-Asimov proportions - this has produced the ability to make a mirror that can compensate for the earth's atmosphere and optically eliminate its effects. So now, the Paranal facility (Keck, and others) can claim optical superiority over Hubble.
The next step, of course, is to apply similar anti-distortion and image linking techniques to a spaceborne observatory. Call this "Hubble 2" (or "Son of Hubble," "Hubble TNG," "Hubble AOTC," whatever fits).
The issue of image perfection and space orbservatories is a matter of economics - it's always tougher to build things to go into space rather than similar ground-based systems, and so Hubble 2 might be a long time coming. When it arrives, though, Paranal will just seem like chaffe.