I think this would definately tempt me to put any websites I run onto https and leave http with a simple redirector. Be nice if other people would do the same. I wonder how much they'd enjoy trawling through a few terrabytes of session encrypted traffic...
Seriously though, the sheer data management problem this would pose would be extraordinary. For every 1mbps, you're talking ~4TB of traffic per year! Consider how much traffic there actually is going across the wires:
Just for the hell of it, 9,776.16TB is 48,881 200GB drives. Now, you can buy one of those from Western Digital for ~$400US (retail). You'd be buying a lot of drives, so lets say you get a discount, and can get one for $300 (I don't know how big a discount you'd really get). That's almost $15 million dollars in hard drives per year for an OC48. That's about three times as much as the actual cost of an OC48 (even worse for peering arrangements).
Of course, scale that kind of hard drive usage up across Europe, and I don't think there is the manafacturing capacity to supply that kind of demand. Oh well, I guess we've found holographic storage's killer app, eh?
Also, who records what? Does every router have to record everythign that passes through it? Or only the ISPs that serve end users? What about businesses? What about co-located servers? If you don't want to miss anything, you'll have to cover all of those, and end up grabbing 2-3x as much data as you really have to. Otherwise it'd be trivial to setup a colocated server at a company or a hosting provider, and tunnel an encrypted connection through to that.
On top of that, there's the problem of how you sift through ~10,000TB of data for something useful. We're talking raw data on a totally unmanageable scale.
Why not just record all voice communications too? I'm sure that'd be invaluable in any police investigations. Ah well, nothing to worry about since neither's going to happen. Both are totally infeasable.
No, you couldn't, since your code is part of the kernel, which is GPLed, and requires that your code also be GPLed. Hence why you have to get all agreement, or nothing.
Does Torvalds own the copyright to the entire kernel? I wasn't aware that he had had all the contributers in the past send him copyright assignments (which is what the FSF does). I'm fairly sure different parts of the kernel are copyrighted by lots of different people.
And due to some of the wonderful properties of the GPL, you'd need to get every person who has contributed code into the kernel to agree to the exemption. Good luck.
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
This is pretty biased. Shouldn't it be more like 'Many complaints criticized the agency for providing the fruits of research to only free software developers, not to all software developers and companies, thus hurting American business.'
How would developing the security extensions in the public domain, or under a BSDish license keep them from being used by 'everyone'? Putting then in Linux (and consequently having them been covered by the GPL) does a much better job of keeping 'everyone' from using them than a more free license like BSD.
If the NSA were going to do something like this, they should have based it on one of the BSDs instead. By developing the extensions in Linux, they effectively made them useful only to Linux - putting them beyond reach of countless software companies. Of course, this has been the software industry's complaint to government funded research producing GPLed software from the start.
Assuming this story is true, it's a fairly interesting situation. It's unfortunate the upper management of VisionTek didn't have the business smarts to turn this around (when life gives you lemons, you make lemonade): if you're a reasonably sized company, then when the bank comes for its money, they're remarkably easy to manipulate). Still, the banks know this, so the fact they ended up in this kind of situation indicates a general lack of business wits.
Still, it's a golden opportunity for anybody wanting to get into the graphics card fab business. With VisionTek being liquidated, you can buy everything necessary at firesale prices. Buy the equipment, hire the employees off, and you've got a working graphics card manafacturer dirt cheap. Which means, if you play it well, you can undercut all your competitors on price and when the economy returns to force, you're in a stronger position than the original company was to start with (since you've managed to get the bank to take most of the setup costs). I only wish I had that kind of cash on hand.:)
Of course, there are lots of other amusing possibilities. The key thing to remember here is that if the bank is foreclosing, it means they'll probably be writing off most of the debt. From there it just takes a little bit of imagination...
I'm probably going to get moderated down for this, but I couldn't help but notice the similarities between Crush/BRiX and Microsoft's.NET framework.
Crush doesn't use protected memory to protect applications from each other, but instead relies on the language, Crush, to ensure programmatically that it is impossible for programs to interfere with each other. This is almost exactly the same as a.NET application domain (ASPX or IE would be a single application domain); there isn't any enforced seperation of processes or security features running in an application domain - the CLR instead formally proves that the applications running don't violate the security boundaries it's supposed to conform to.
I'm wondering if this is an idea whose time has come, particularly in the field of low-cost embedded development. Instead of including costly hardware and OS support to provide these features, you use software development tools to create software which renders them unnecessary. Or am I just smoking crack?
Re:Summary of functionality
on
LinuXbox Boots
·
· Score: 2
No, the PlayStation 1 was the first console to loose money per sale. The Dreamcast, the PS2, the XBox and the GameCube all also lost money per sale at their initial releases.
Research and development continues through the lifespan of the product and the engineers work on lowering the fabrication costs. And eventually they start to make money on the hardware. Of course, Sony, Nintendo and Microsoft were all forced to lower prices due to poor market conditions, so they're simply running to stay still.
I have a simple question... since when did open standards become synonymous with open source? It seems to be an attitude really common around Slashdot these days.
I suppose PDF isn't an open standard, since Adobe Acrobat isn't open source. Right? RIGHT? And how about RTF? There's no way that's an open standard!
This is offtopic, but you are confusing two things. One is the principle that security should reside purely in the keys (knowing the algorithm should not let you decrypt stuff), and releasing the details your algorithm helps you find problems quicker. The first point is valid for everybody, military or public, but the second point isn't.
The advantage to publically releasing your algorithm is that in theory you get a lot more people testing its security so you're more likely to find any problems quicker. However, if you're say, the NSA, who employs more mathematicians than any other organization, you don't need that peer review, since your own in-house analysis is going to be superior in pretty much every way.
Further, not releasing an algorithm does improve its security- as long as you're confident it doen't have any horrible flaws (which the military can be). While it is possible to cryptanalyse communications without knowing the algorithm, frankly it's almost impossible in practice. The only thing you can hope for is that the other side made some huge honkin' mistake, which they probably didn't. Also, if you release your fancy new algorithm that nobody can crack, your enemies can use it against you. Remember the military establishment is in the business of protecting their own secrets and finding out everybody else's.
So yes, the security should reside purely in the keys, not the algorithms. But that doesn't mean that blindly telling everybody what algorithm you're using will increase your security (it'll weaken it- you're giving them more information to use)!
Nice column. Unfortunately, it proves nothing more than that Cringley and his hax0r friends shouldn't be talking about crypto, since they apparently don't understand some pretty fundamental points and cryptographic techniques.
If I understand correctly what my friend has written above, the Palladium architecture presents a wily hacker with what is essentially a Rosetta Stone -- two versions of the same data (one encrypted, one not) from which one can quickly divine the key needed to transform one to the other.
Gee, if you have both the crypttext and the plaintext of something that's encrypted, it's easy to extract the key! Um, well, maybe if you're using XOR or something, apparently Cringely has never bothered to actually look at strong cryptography (why doesn't this surprise me). For those who don't know (but at least have the sense to not rant about what they don't understand), part of the definition of strong crypto is that it is computationally infeasable to determine the encryption key given both plain-text and crypt-text. Extracting a key given a crypttext-plaintext pair is certainly not simple or 'quick'.
Honestly, I wonder why people listen to Cringley at all - he has a chronic inability to get his facts straight. If you're going to bash something you should at least bother to understand what you're talking about.
Don't forget that when birds hatch they still have a fair amount of physical development (muscle strength, bone strength, flight feathers) before they are physically capable of flying.
And at the risk of sounding like an MSFT shill, according to this, Microsoft paid about ~$1.3 billion dollars in taxes last quarter. I trust these published financial statements more.
You seem to dislike the International Space Station, and would be in favour of a manned mission to mars instead. All I can ask is why? Going to the moon was a horrible mistake - that money should have been spent on a space station in the first place - and you would like to see this compounded by not having a permanent space presence to instead send a few people to Mars for a few months? This attitude seems to be quite prevalent on Slashdot these days.
Honestly, I don't understand it. What, honestly, did going to the moon gain us? A huge amount of money was spent and the biggest direct return from it was a few neat photos and moon rocks. And now, what does sending someone to Mars gain us?
We aren't ready to go to Mars yet. We don't have the technology to make the trip worthwhile. On the other hand, the ISS (if it hadn't been financially castrated by the current administration) does have a huge amount of potential for important microgravity research. If nothing else, it's an important piece of research on how to keep people alive in space for an extended period of time - the kind of thing that would be useful to know before sending a crew through space for a few months to go to Mars.
When we can go to Mars, then go back every month thereafter should we want to, we're ready to go to Mars. Think about where we'd be with Lunar exploration had the Apolo program been replaced with a program to build a large space station like many of the NASA engineers wanted? By the time we actually got around to going, we'd have the capability to go back regularly without it costing an arm and a leg, and actually get some sort of direct long-term benefit out of it.
Exploring is all well and good, but trying to get ahead of yourself will ultimately result in failure, exactly like what happened to the moon program.
Well, there's only one problem with your assertion... the Itanium already is out, and the Itanium 2 is close to release. OEMs are already building Itanium 2 boxes.
And for that matter, those Itanium 2 boxes are fast. On the SPEC CPU2000 benchmarks, the two fastest boxes are 1ghz I2s, and the next six spots are held by boxes running POWER4s (all running at >1ghz), Alphas, and a coulpe of SGIs. And there are a large number of vendors who have already committed to creating IA64 versions of their software from Microsoft to Oracle. Pretty much all of the big names have signed on.
Is anybody even planning on selling a server with Hammers yet? Has AMD even given anybody any silicon to play with? Intel was giving out development samples of the Itanium over two years ago. Intel might not have the reputation or experience of Sun or IBM with high-end servers, but they've certainly got more than AMD who have never had a successfull server line before. It's obvious you're a fan of AMD, but don't let your biases get in the way of reality.
Well, my last job involved me playing with a few old SCO boxes (SCO UNIX is what Xenix evolved into, even still has the Microsoft copyrights on it). We were replacing one old server with a fancy new one (about a billion times faster), and I believe this was the first time the box had been down since it had been installed four years previously.
Not bad, if you ask me.
If you want reliable UNIX on x86, SCO's your bitch, not Solaris x86. If only it didn't have such a slooowwwwww TCP/IP stack.
Well, according to this, Microsoft paid $1,288,000,000 in income tax on $4,026,000,000 of total earnings in 02q1. That's closer to 32% than 0%, by my calculations.
In fact, France almost completely relies on correlating the times between toll stations to catch speeders. It's why when you're driving in France you see a lot of people with flashy cars at the side of the road eating lunch or talking for a bit just outside of the toll stations. =)
This guy was worried about getting in trouble for figuring out a flaw in a game console. It's not as if he was publishing a way to launch nuclear missiles.
So, Microsoft does something half-decent - they don't try to exert any legal force to prevent the disclosure of information they don't want to see public, and pretty much every/. post is digging to find some sort of evil ulterior motive.
Why should this surprise me? This is the only place where the population can try to portray someone as being evil for donating a few billion dollars to charity....
Come on, people. Give credit where credit is due. If you can't do it to be fair, then do it because it ruins your credibility for when something bad does happen.
The DMCA outlaws the circumenvtion of copyright protection mechanisms, which is what the MIT hacker did. So the DMCA outlaws exactly that.
Re:Can there ever be a fair match?
on
Men vs. Machines
·
· Score: 2
When Kasparov asked for records of Deep Blue's games to study, he was told no
Not exactly true. The agreement between Kasparov and IBM was that IBM would have the records of all the public games Kasparov had played (which he provided), and Kasparove would have the records of all the public games Deep Blue had played. Unfortunately, Kasparov forgot the fact that Deep Blue hadn't played any public games, so there were no records! He wasn't turned down, he just wasn't thinking when he agreed to the terms of the game.
When Kramnik offered to play Fritz, he said "Fine, give me a copy of the program and let me play with it before hand." The creators of Fritz freaked out and everybody said "But then you'll be able to find the weaknesses and just exploit those!"
I highly doubt this. Not the least since Fritz is a retail product which you can buy. Want a copy? You can buy it here. And a steal at only $47.50.
The only way to guarantee integrity is a formal proof of the program.
It's funny you mention that.... that's exactly what the.NET runtime does - it effectively proves the program doesn't violate any security or integrity restrictions before it allows it to run. To be able to do this programmatically requires heavily restricting the use of pointers.
And yes, you can write a program that uses pointers in.NET - but such code is marked as 'unsafe' and requires special privileges to run.
Slashdot Mirror
Depends if you're talking grad or undergrad. UofT is #1 for grad (I think), Waterloo is #1 for undergrad.
I think this would definately tempt me to put any websites I run onto https and leave http with a simple redirector. Be nice if other people would do the same. I wonder how much they'd enjoy trawling through a few terrabytes of session encrypted traffic...
Seriously though, the sheer data management problem this would pose would be extraordinary. For every 1mbps, you're talking ~4TB of traffic per year! Consider how much traffic there actually is going across the wires:
Just for the hell of it, 9,776.16TB is 48,881 200GB drives. Now, you can buy one of those from Western Digital for ~$400US (retail). You'd be buying a lot of drives, so lets say you get a discount, and can get one for $300 (I don't know how big a discount you'd really get). That's almost $15 million dollars in hard drives per year for an OC48. That's about three times as much as the actual cost of an OC48 (even worse for peering arrangements).
Of course, scale that kind of hard drive usage up across Europe, and I don't think there is the manafacturing capacity to supply that kind of demand. Oh well, I guess we've found holographic storage's killer app, eh?
Also, who records what? Does every router have to record everythign that passes through it? Or only the ISPs that serve end users? What about businesses? What about co-located servers? If you don't want to miss anything, you'll have to cover all of those, and end up grabbing 2-3x as much data as you really have to. Otherwise it'd be trivial to setup a colocated server at a company or a hosting provider, and tunnel an encrypted connection through to that.
On top of that, there's the problem of how you sift through ~10,000TB of data for something useful. We're talking raw data on a totally unmanageable scale.
Why not just record all voice communications too? I'm sure that'd be invaluable in any police investigations. Ah well, nothing to worry about since neither's going to happen. Both are totally infeasable.
No, you couldn't, since your code is part of the kernel, which is GPLed, and requires that your code also be GPLed. Hence why you have to get all agreement, or nothing.
Does Torvalds own the copyright to the entire kernel? I wasn't aware that he had had all the contributers in the past send him copyright assignments (which is what the FSF does). I'm fairly sure different parts of the kernel are copyrighted by lots of different people.
And due to some of the wonderful properties of the GPL, you'd need to get every person who has contributed code into the kernel to agree to the exemption. Good luck.
I have a problem with this statement:
Many complaints criticized the agency for providing the fruits of research to everyone, not just U.S. companies, and thus hurting American business.
This is pretty biased. Shouldn't it be more like 'Many complaints criticized the agency for providing the fruits of research to only free software developers, not to all software developers and companies, thus hurting American business.'
How would developing the security extensions in the public domain, or under a BSDish license keep them from being used by 'everyone'? Putting then in Linux (and consequently having them been covered by the GPL) does a much better job of keeping 'everyone' from using them than a more free license like BSD.
If the NSA were going to do something like this, they should have based it on one of the BSDs instead. By developing the extensions in Linux, they effectively made them useful only to Linux - putting them beyond reach of countless software companies. Of course, this has been the software industry's complaint to government funded research producing GPLed software from the start.
Assuming this story is true, it's a fairly interesting situation. It's unfortunate the upper management of VisionTek didn't have the business smarts to turn this around (when life gives you lemons, you make lemonade): if you're a reasonably sized company, then when the bank comes for its money, they're remarkably easy to manipulate). Still, the banks know this, so the fact they ended up in this kind of situation indicates a general lack of business wits.
Still, it's a golden opportunity for anybody wanting to get into the graphics card fab business. With VisionTek being liquidated, you can buy everything necessary at firesale prices. Buy the equipment, hire the employees off, and you've got a working graphics card manafacturer dirt cheap. Which means, if you play it well, you can undercut all your competitors on price and when the economy returns to force, you're in a stronger position than the original company was to start with (since you've managed to get the bank to take most of the setup costs). I only wish I had that kind of cash on hand. :)
Of course, there are lots of other amusing possibilities. The key thing to remember here is that if the bank is foreclosing, it means they'll probably be writing off most of the debt. From there it just takes a little bit of imagination...
Well, in this kind of situation the development tool is the OS, so the virus writer doesn't have much of a choice.
I'm probably going to get moderated down for this, but I couldn't help but notice the similarities between Crush/BRiX and Microsoft's .NET framework.
Crush doesn't use protected memory to protect applications from each other, but instead relies on the language, Crush, to ensure programmatically that it is impossible for programs to interfere with each other. This is almost exactly the same as a .NET application domain (ASPX or IE would be a single application domain); there isn't any enforced seperation of processes or security features running in an application domain - the CLR instead formally proves that the applications running don't violate the security boundaries it's supposed to conform to.
I'm wondering if this is an idea whose time has come, particularly in the field of low-cost embedded development. Instead of including costly hardware and OS support to provide these features, you use software development tools to create software which renders them unnecessary. Or am I just smoking crack?
No, the PlayStation 1 was the first console to loose money per sale. The Dreamcast, the PS2, the XBox and the GameCube all also lost money per sale at their initial releases.
Research and development continues through the lifespan of the product and the engineers work on lowering the fabrication costs. And eventually they start to make money on the hardware. Of course, Sony, Nintendo and Microsoft were all forced to lower prices due to poor market conditions, so they're simply running to stay still.
I have a simple question... since when did open standards become synonymous with open source? It seems to be an attitude really common around Slashdot these days.
I suppose PDF isn't an open standard, since Adobe Acrobat isn't open source. Right? RIGHT? And how about RTF? There's no way that's an open standard!
*cough* *cough*
This is offtopic, but you are confusing two things. One is the principle that security should reside purely in the keys (knowing the algorithm should not let you decrypt stuff), and releasing the details your algorithm helps you find problems quicker. The first point is valid for everybody, military or public, but the second point isn't.
The advantage to publically releasing your algorithm is that in theory you get a lot more people testing its security so you're more likely to find any problems quicker. However, if you're say, the NSA, who employs more mathematicians than any other organization, you don't need that peer review, since your own in-house analysis is going to be superior in pretty much every way.
Further, not releasing an algorithm does improve its security- as long as you're confident it doen't have any horrible flaws (which the military can be). While it is possible to cryptanalyse communications without knowing the algorithm, frankly it's almost impossible in practice. The only thing you can hope for is that the other side made some huge honkin' mistake, which they probably didn't. Also, if you release your fancy new algorithm that nobody can crack, your enemies can use it against you. Remember the military establishment is in the business of protecting their own secrets and finding out everybody else's.
So yes, the security should reside purely in the keys, not the algorithms. But that doesn't mean that blindly telling everybody what algorithm you're using will increase your security (it'll weaken it- you're giving them more information to use)!
Nice column. Unfortunately, it proves nothing more than that Cringley and his hax0r friends shouldn't be talking about crypto, since they apparently don't understand some pretty fundamental points and cryptographic techniques.
If I understand correctly what my friend has written above, the Palladium architecture presents a wily hacker with what is essentially a Rosetta Stone -- two versions of the same data (one encrypted, one not) from which one can quickly divine the key needed to transform one to the other.
Gee, if you have both the crypttext and the plaintext of something that's encrypted, it's easy to extract the key! Um, well, maybe if you're using XOR or something, apparently Cringely has never bothered to actually look at strong cryptography (why doesn't this surprise me). For those who don't know (but at least have the sense to not rant about what they don't understand), part of the definition of strong crypto is that it is computationally infeasable to determine the encryption key given both plain-text and crypt-text. Extracting a key given a crypttext-plaintext pair is certainly not simple or 'quick'.
Honestly, I wonder why people listen to Cringley at all - he has a chronic inability to get his facts straight. If you're going to bash something you should at least bother to understand what you're talking about.
Don't forget that when birds hatch they still have a fair amount of physical development (muscle strength, bone strength, flight feathers) before they are physically capable of flying.
And at the risk of sounding like an MSFT shill, according to this, Microsoft paid about ~$1.3 billion dollars in taxes last quarter. I trust these published financial statements more.
You seem to dislike the International Space Station, and would be in favour of a manned mission to mars instead. All I can ask is why? Going to the moon was a horrible mistake - that money should have been spent on a space station in the first place - and you would like to see this compounded by not having a permanent space presence to instead send a few people to Mars for a few months? This attitude seems to be quite prevalent on Slashdot these days.
Honestly, I don't understand it. What, honestly, did going to the moon gain us? A huge amount of money was spent and the biggest direct return from it was a few neat photos and moon rocks. And now, what does sending someone to Mars gain us?
We aren't ready to go to Mars yet. We don't have the technology to make the trip worthwhile. On the other hand, the ISS (if it hadn't been financially castrated by the current administration) does have a huge amount of potential for important microgravity research. If nothing else, it's an important piece of research on how to keep people alive in space for an extended period of time - the kind of thing that would be useful to know before sending a crew through space for a few months to go to Mars.
When we can go to Mars, then go back every month thereafter should we want to, we're ready to go to Mars. Think about where we'd be with Lunar exploration had the Apolo program been replaced with a program to build a large space station like many of the NASA engineers wanted? By the time we actually got around to going, we'd have the capability to go back regularly without it costing an arm and a leg, and actually get some sort of direct long-term benefit out of it.
Exploring is all well and good, but trying to get ahead of yourself will ultimately result in failure, exactly like what happened to the moon program.
Well, there's only one problem with your assertion... the Itanium already is out, and the Itanium 2 is close to release. OEMs are already building Itanium 2 boxes.
And for that matter, those Itanium 2 boxes are fast. On the SPEC CPU2000 benchmarks, the two fastest boxes are 1ghz I2s, and the next six spots are held by boxes running POWER4s (all running at >1ghz), Alphas, and a coulpe of SGIs. And there are a large number of vendors who have already committed to creating IA64 versions of their software from Microsoft to Oracle. Pretty much all of the big names have signed on.
Is anybody even planning on selling a server with Hammers yet? Has AMD even given anybody any silicon to play with? Intel was giving out development samples of the Itanium over two years ago. Intel might not have the reputation or experience of Sun or IBM with high-end servers, but they've certainly got more than AMD who have never had a successfull server line before. It's obvious you're a fan of AMD, but don't let your biases get in the way of reality.
Well, my last job involved me playing with a few old SCO boxes (SCO UNIX is what Xenix evolved into, even still has the Microsoft copyrights on it). We were replacing one old server with a fancy new one (about a billion times faster), and I believe this was the first time the box had been down since it had been installed four years previously.
Not bad, if you ask me.
If you want reliable UNIX on x86, SCO's your bitch, not Solaris x86. If only it didn't have such a slooowwwwww TCP/IP stack.
So I guess he decided not to wait after all? ;)
Well, according to this, Microsoft paid $1,288,000,000 in income tax on $4,026,000,000 of total earnings in 02q1. That's closer to 32% than 0%, by my calculations.
In fact, France almost completely relies on correlating the times between toll stations to catch speeders. It's why when you're driving in France you see a lot of people with flashy cars at the side of the road eating lunch or talking for a bit just outside of the toll stations. =)
This guy was worried about getting in trouble for figuring out a flaw in a game console. It's not as if he was publishing a way to launch nuclear missiles.
Would you like to play a game?
Let's play Global Thermonuclear War.
=PSo, Microsoft does something half-decent - they don't try to exert any legal force to prevent the disclosure of information they don't want to see public, and pretty much every /. post is digging to find some sort of evil ulterior motive.
Why should this surprise me? This is the only place where the population can try to portray someone as being evil for donating a few billion dollars to charity....
Come on, people. Give credit where credit is due. If you can't do it to be fair, then do it because it ruins your credibility for when something bad does happen.
The DMCA outlaws the circumenvtion of copyright protection mechanisms, which is what the MIT hacker did. So the DMCA outlaws exactly that.
When Kasparov asked for records of Deep Blue's games to study, he was told no
Not exactly true. The agreement between Kasparov and IBM was that IBM would have the records of all the public games Kasparov had played (which he provided), and Kasparove would have the records of all the public games Deep Blue had played. Unfortunately, Kasparov forgot the fact that Deep Blue hadn't played any public games, so there were no records! He wasn't turned down, he just wasn't thinking when he agreed to the terms of the game.
When Kramnik offered to play Fritz, he said "Fine, give me a copy of the program and let me play with it before hand." The creators of Fritz freaked out and everybody said "But then you'll be able to find the weaknesses and just exploit those!"
I highly doubt this. Not the least since Fritz is a retail product which you can buy. Want a copy? You can buy it here. And a steal at only $47.50.
The only way to guarantee integrity is a formal proof of the program.
It's funny you mention that.... that's exactly what the .NET runtime does - it effectively proves the program doesn't violate any security or integrity restrictions before it allows it to run. To be able to do this programmatically requires heavily restricting the use of pointers.
And yes, you can write a program that uses pointers in .NET - but such code is marked as 'unsafe' and requires special privileges to run.