Serves them (rsa's customers) right for not understanding what it is they were buying into...
A system where someone else generates and retains a copy of all the keys, requiring you to have blind faith in that party to keep them secure... Did noone else see the serious flaws in such a system?
In order to build a secure system, look at encryption... How encryption works is well known, the major algorithms are public knowledge, and are tried and tested. And yet the keys, when used properly are known only to the party who owns them... You don't run a closed proprietary encryption algorithm, and you don't trust a third party to supply you with crypto keys... That is, unless you're a fool.
If you use such a system, you are placing blind faith in the third party who supplies that system... That party might sell you out to government agencies or for commercial reasons (ie highest bidder), might get hacked, might be infiltrated by a rogue employee, might leave a disk full of data on a train etc... Because they are an external entity you have no control over them, you probably even gave away your right to sue them when you agreed to the license terms on their software... You are utterly beholden to a company you have no control over, basically they own you, and anyone who owns them also owns you.
All this is talking about NTLM password hashes, the algorithms used by modern unix systems are a lot tougher and even with modern GPUs, still very slow to crack...
More importantly, NTLM password hashes are plaintext equivalent, so you can use them without having to crack them at all (google for pass the hash), so cracking them is only for amusement value anyway.
So the problem is not so much GPUs, its more to do with windows systems having extremely weak methods of storing passwords.
Detachable with a decent length of cable, or a dock you can put your battery in to charge it... I could leave a solar panel on the dashboard of my car all day, but i wouldn't leave a laptop there or its likely to be stolen. Anywhere you could leave a solar panel to charge is by definition out in the open, and would be an attractive target for thieves.
What we really need are decentralised systems, as we already have for email and to a lesser extent IM with jabber...
While it's almost certainly against the rules to talk about gmail because thats promoting google's business, to talk about the general concept of email is just fine because its an open standard that covers thousands of different providers.
So, have a decentralised equivalent of facebook and twitter, then everyone else would be far better off... No single point of failure, no single company having too much power etc.
Cloud computing makes a lot of sense when you have your own dc, there is no reason you would need to outsource it to a third party provider...
An organisation like HMRC doesn't require the same resources all year round, immediately before the deadline for filing tax returns they have a significant increase in load, plus they process all the tax data in bulk.
It actually makes sense for the government to build their own cloud infrastructure, and share it out across multiple departments, but government has never really been big on efficiency.
The government are already doing outsourcing on a HUGE scale...
Cloud computing is for more efficient usage of resources, and this works best when you have a large number of users with disparate requirements and usage patterns. But there's no reason you can't build a cloud type system in your own private server room with a small number of systems and still realise some benefits from doing so.
Thats how things start out.. Then you get corruption, which results in the performance targets being lowered to accommodate powerful vendors, and additional arbitrary requirements being added to ensure smaller vendors cannot bid for the contracts. Private corporations by their very nature are ruthless beasts, give them any slack and they will abuse it.
Government services may well develop inefficiencies because the people running them don't particularly care about efficiency as it doesn't affect their pay packet. But that's not to say that private companies do any better... Sure there is more of a drive to improve efficiency, but only in so far as it increases profit. Another far more common way to increase profit is to cut corners. Also there is not always a level of competition, if a private company can eliminate the competition then they will rapidly increase prices and reduce service quality, whereas a government service is likely to remain consistent.
Governments very rarely think about things long term... The UK gov has gotten themselves horrendously locked in to IE6 for instance, someone thinking long term could have easily seen that coming.
Most government IT in the UK is already outsourced, mostly to foreign companies. Their data is hosted on severs owned, produced and managed by foreign companies, sitting in data centers owned by foreign companies, running software controlled by foreign companies.
The "cloud" idea is a very good one, the idea of powering up more servers dynamically to handle load spikes, and powering hardware off during idle periods, as well as having distributed storage of data ala google so a single location failure is not a huge problem. There is no reason why the government couldn't embrace such a model, and scale it out across a large number of government departments.
Obviously being government data, you would need to ensure that any other users sharing the infrastructure were at the same clearance level.
The smart thing, would be for the government to build their own cloud architecture for hosting their own data, no third parties holding the keys.
Actually the idea is that you have the option to run your own server... Make it work like email, some people will spend the effort to have their own server while others will simply use the server provided by someone else.
One thing to check is the userid that your application code (php, jsp or whatever it is) runs under... Many shared hosting providers run all this stuff under a single shared user, which means that user needs to be able to read things like your database config including password... So if someone compromises another customer, they now have the ability to read all your files...
If thats their reason, then its all FUD.... Everything is already outsourced to various providers, all they can currently do is yell at a vendor when things break. They are dependent on all manner of single source hosting providers, consultants and software developers.
I run a 400mhz Sparc, with 256Mb ram and 7gb of disk space... It quite happily handles 50+ users even today, running a mix of irc sessions, esniper, text based mail clients (mutt/pine) and some development.
That said if people are actually interested in a shell service like io.com then i'm sure we could operate something similar.... Most shell accounts commercially available these days seem to almost exclusively cater to script kiddies on IRC just wanting to run large numbers of eggdrop bots...
1, 99% of users would have no use for shell accounts... Especially today, when broadband is prevalent so people can leave things running on their own machine... Shells were most useful when it was too expensive to keep a dialup connected 24/7.
2, 99% of users have no use for usenet, and a lot of the 1% only use it for warez, which isnt exactly what it was intended for (or is really suitable for)...
3, Quite a few ISPs still run mirror sites, and they are actually more useful today than they were way back when... In those days, your dialup could download at 2-3KB/sec and you could achieve these speeds from almost any site, these days i have 50mbit/sec from my isp, but due to over subscription of their peering links i rarely get more than 20mbit downloading, yet i can achieve the full 50mbit/sec rate from their internal mirror site.
4, lowest common denominator service... back in the days, 99% of isp customers were clued up people so you could have a useful conversation with them and resolve problems quickly... These days, 99% of isp customers are technically illiterate and won't understand technical explanations, nor be able to follow complicated instructions... Also most ISPs are now run by businessmen rather than geeks, who will happily lie to customers about the true nature of a problem. Back in the days if i couldn't connect, i would call the isp and they would give me a simple response like "router X has failed which links the dialup pool to the backbone, we expect it to be back online in 2 hours"... Being capable of understanding this information, i realise theres nothing i can do and just get on with something else for 2 hours... Recently someone i knew called their ISP to complain about being unable to connect, they had her reboot multiple times, install redundant software, mess with settings, reinstall redundant software for about 4 hours before she gave up... I went to check on it 2 hours later and it worked immediately, turns out the ISP was suffering an outage at the time but company policy was not to admit to any problems and so they wasted my friends time and made her feel it was her fault.
6, economies of scale... i run a small isp, and would love to provide all these services... however doing so would cost more than the big mass market players, and most people would not pay extra even for a better service.
Time to breach is even less relevant because the order of people attempting is randomised...
On the other hand, if someone finds a bug in OSX there is really only one target for the exploit, whereas with windows there are many different versions which may require modified exploit code (wildly different hardware/drivers, home/pro/ultimate/etc, different language versions)... And Linux actually takes this even further.
You've had unlucky experiences, or your trolling...
On all of the machines i've tried in the last couple of years (atheros, broadcom, realtek and ralink chipsets), wireless has worked out of the box under Ubuntu (and in some cases i have used gentoo successfully with wifi), whereas Windows hasn't always supported the wireless card out of the box (which makes downloading the drivers a pain), and other weird problems like the drivers supporting wep but not wpa (i thought it was up to the os rather than the drivers to dictate encryption support).
The performance has generally been better on the linux drivers too, not to mention that most linux drivers support rfmon mode while i'm not aware of any windows drivers that do.
Get an STB which supports streaming over IP such as a dreambox or a custom built linux box... Then you have a choice, ethernet, powerline adapters, wifi (still using 2.4ghz but in a cleaner way) etc. You can change the channel remotely on them too.
Your microwave should not leak any signals/radiation... The inside of a microwave is basically a faraday cage (look at the metal mesh which runs through the glass on a typical microwave door). If it does leak radiation, then its faulty and you really should get it repaired or replaced ASAP as it can be quite dangerous (wifi cards are typically under 1 watt of power, a microwave could be up to 1300 watts and the full force of one will cook you quite quickly).
Exactly, i have no problem charging a device daily while i sleep... But i want to be sure that even under heavy use, that device will last the whole day should i choose to make such heavy use of it.
Serves them (rsa's customers) right for not understanding what it is they were buying into...
A system where someone else generates and retains a copy of all the keys, requiring you to have blind faith in that party to keep them secure... Did noone else see the serious flaws in such a system?
In order to build a secure system, look at encryption...
How encryption works is well known, the major algorithms are public knowledge, and are tried and tested. And yet the keys, when used properly are known only to the party who owns them...
You don't run a closed proprietary encryption algorithm, and you don't trust a third party to supply you with crypto keys... That is, unless you're a fool.
If you use such a system, you are placing blind faith in the third party who supplies that system... That party might sell you out to government agencies or for commercial reasons (ie highest bidder), might get hacked, might be infiltrated by a rogue employee, might leave a disk full of data on a train etc...
Because they are an external entity you have no control over them, you probably even gave away your right to sue them when you agreed to the license terms on their software... You are utterly beholden to a company you have no control over, basically they own you, and anyone who owns them also owns you.
All this is talking about NTLM password hashes, the algorithms used by modern unix systems are a lot tougher and even with modern GPUs, still very slow to crack...
More importantly, NTLM password hashes are plaintext equivalent, so you can use them without having to crack them at all (google for pass the hash), so cracking them is only for amusement value anyway.
So the problem is not so much GPUs, its more to do with windows systems having extremely weak methods of storing passwords.
Only nuclear isn't very popular right now, so countries are actually shutting down nuclear plants rather than building more...
Detachable with a decent length of cable, or a dock you can put your battery in to charge it...
I could leave a solar panel on the dashboard of my car all day, but i wouldn't leave a laptop there or its likely to be stolen. Anywhere you could leave a solar panel to charge is by definition out in the open, and would be an attractive target for thieves.
What we really need are decentralised systems, as we already have for email and to a lesser extent IM with jabber...
While it's almost certainly against the rules to talk about gmail because thats promoting google's business, to talk about the general concept of email is just fine because its an open standard that covers thousands of different providers.
So, have a decentralised equivalent of facebook and twitter, then everyone else would be far better off... No single point of failure, no single company having too much power etc.
Cloud computing makes a lot of sense when you have your own dc, there is no reason you would need to outsource it to a third party provider...
An organisation like HMRC doesn't require the same resources all year round, immediately before the deadline for filing tax returns they have a significant increase in load, plus they process all the tax data in bulk.
It actually makes sense for the government to build their own cloud infrastructure, and share it out across multiple departments, but government has never really been big on efficiency.
The government are already doing outsourcing on a HUGE scale...
Cloud computing is for more efficient usage of resources, and this works best when you have a large number of users with disparate requirements and usage patterns. But there's no reason you can't build a cloud type system in your own private server room with a small number of systems and still realise some benefits from doing so.
Thats how things start out..
Then you get corruption, which results in the performance targets being lowered to accommodate powerful vendors, and additional arbitrary requirements being added to ensure smaller vendors cannot bid for the contracts.
Private corporations by their very nature are ruthless beasts, give them any slack and they will abuse it.
Government services may well develop inefficiencies because the people running them don't particularly care about efficiency as it doesn't affect their pay packet. But that's not to say that private companies do any better...
Sure there is more of a drive to improve efficiency, but only in so far as it increases profit. Another far more common way to increase profit is to cut corners.
Also there is not always a level of competition, if a private company can eliminate the competition then they will rapidly increase prices and reduce service quality, whereas a government service is likely to remain consistent.
Governments very rarely think about things long term... The UK gov has gotten themselves horrendously locked in to IE6 for instance, someone thinking long term could have easily seen that coming.
Most government IT in the UK is already outsourced, mostly to foreign companies. Their data is hosted on severs owned, produced and managed by foreign companies, sitting in data centers owned by foreign companies, running software controlled by foreign companies.
The "cloud" idea is a very good one, the idea of powering up more servers dynamically to handle load spikes, and powering hardware off during idle periods, as well as having distributed storage of data ala google so a single location failure is not a huge problem. There is no reason why the government couldn't embrace such a model, and scale it out across a large number of government departments.
Obviously being government data, you would need to ensure that any other users sharing the infrastructure were at the same clearance level.
The smart thing, would be for the government to build their own cloud architecture for hosting their own data, no third parties holding the keys.
Actually the idea is that you have the option to run your own server... Make it work like email, some people will spend the effort to have their own server while others will simply use the server provided by someone else.
One thing to check is the userid that your application code (php, jsp or whatever it is) runs under... Many shared hosting providers run all this stuff under a single shared user, which means that user needs to be able to read things like your database config including password... So if someone compromises another customer, they now have the ability to read all your files...
Cisco routers should support it, i have a 1701 and an 1801 both running ipv6 over adsl...
Ofcourse you do need the correct IOS image.
If thats their reason, then its all FUD....
Everything is already outsourced to various providers, all they can currently do is yell at a vendor when things break. They are dependent on all manner of single source hosting providers, consultants and software developers.
As i understand it, FaceTime is primarily based on SIP...
I run a 400mhz Sparc, with 256Mb ram and 7gb of disk space... It quite happily handles 50+ users even today, running a mix of irc sessions, esniper, text based mail clients (mutt/pine) and some development.
That said if people are actually interested in a shell service like io.com then i'm sure we could operate something similar.... Most shell accounts commercially available these days seem to almost exclusively cater to script kiddies on IRC just wanting to run large numbers of eggdrop bots...
1, 99% of users would have no use for shell accounts... Especially today, when broadband is prevalent so people can leave things running on their own machine... Shells were most useful when it was too expensive to keep a dialup connected 24/7.
2, 99% of users have no use for usenet, and a lot of the 1% only use it for warez, which isnt exactly what it was intended for (or is really suitable for)...
3, Quite a few ISPs still run mirror sites, and they are actually more useful today than they were way back when... In those days, your dialup could download at 2-3KB/sec and you could achieve these speeds from almost any site, these days i have 50mbit/sec from my isp, but due to over subscription of their peering links i rarely get more than 20mbit downloading, yet i can achieve the full 50mbit/sec rate from their internal mirror site.
4, lowest common denominator service... back in the days, 99% of isp customers were clued up people so you could have a useful conversation with them and resolve problems quickly... These days, 99% of isp customers are technically illiterate and won't understand technical explanations, nor be able to follow complicated instructions... Also most ISPs are now run by businessmen rather than geeks, who will happily lie to customers about the true nature of a problem. Back in the days if i couldn't connect, i would call the isp and they would give me a simple response like "router X has failed which links the dialup pool to the backbone, we expect it to be back online in 2 hours"... Being capable of understanding this information, i realise theres nothing i can do and just get on with something else for 2 hours... Recently someone i knew called their ISP to complain about being unable to connect, they had her reboot multiple times, install redundant software, mess with settings, reinstall redundant software for about 4 hours before she gave up... I went to check on it 2 hours later and it worked immediately, turns out the ISP was suffering an outage at the time but company policy was not to admit to any problems and so they wasted my friends time and made her feel it was her fault.
6, economies of scale... i run a small isp, and would love to provide all these services... however doing so would cost more than the big mass market players, and most people would not pay extra even for a better service.
Have you filed a bug report? That's probably a rare enough setup that few people have tried to do it.
Time to breach is even less relevant because the order of people attempting is randomised...
On the other hand, if someone finds a bug in OSX there is really only one target for the exploit, whereas with windows there are many different versions which may require modified exploit code (wildly different hardware/drivers, home/pro/ultimate/etc, different language versions)... And Linux actually takes this even further.
Malware almost always comes out the day after the update, that way you have a one month window before anything is likely to be done about it.
You've had unlucky experiences, or your trolling...
On all of the machines i've tried in the last couple of years (atheros, broadcom, realtek and ralink chipsets), wireless has worked out of the box under Ubuntu (and in some cases i have used gentoo successfully with wifi), whereas Windows hasn't always supported the wireless card out of the box (which makes downloading the drivers a pain), and other weird problems like the drivers supporting wep but not wpa (i thought it was up to the os rather than the drivers to dictate encryption support).
The performance has generally been better on the linux drivers too, not to mention that most linux drivers support rfmon mode while i'm not aware of any windows drivers that do.
Get an STB which supports streaming over IP such as a dreambox or a custom built linux box...
Then you have a choice, ethernet, powerline adapters, wifi (still using 2.4ghz but in a cleaner way) etc. You can change the channel remotely on them too.
Your microwave should not leak any signals/radiation... The inside of a microwave is basically a faraday cage (look at the metal mesh which runs through the glass on a typical microwave door).
If it does leak radiation, then its faulty and you really should get it repaired or replaced ASAP as it can be quite dangerous (wifi cards are typically under 1 watt of power, a microwave could be up to 1300 watts and the full force of one will cook you quite quickly).
Well, the British dambuster raids aren't likely to happen again any time soon...
Exactly, i have no problem charging a device daily while i sleep... But i want to be sure that even under heavy use, that device will last the whole day should i choose to make such heavy use of it.