This is the second time a bug in the firmware of Motorola Oncore GPS receivers have manifested itself.
There is a bug relating to a 32 bit wide bitmap, and DoD just took the GPS satellite numbered 32 out of the constellation and that seems to be the cause.
I have data for two such receivers showing the anomaly and for one different receiver seeing no trouble at all.
The smell of slashdot in the morning...
on
Knuth Got It Wrong
·
· Score: 4, Informative
What a misleading title, it is not even in the same continent as the article.
A large number of people obviously didn't read the actual article.
And I guess Knuth has quite a fanboi community on slashdot. I wonder if he really appreciates that ?
Some of those who did read the article, does not seem to know the difference between a binary heap and a binary tree, and even the pretty strong clue to the difference in the text, did not make them go check wikipedia. 10 out of 10 for selfesteem, but 0 out of 10 for clue.
Those who think CS should be unsullied by actual computers should make sure to note this belief on their resume. (Trust me, everybody you send your resume to will appreciate that.)
Those who advocate getting rid of Virtual Memory must have much more money for RAM than is sensible. I wish I could afford that.
About five comments tries, in vain it seems, to explain the point of my article to the unwashed masses (kudos!, but really, what are you doing here ?)
Not one comment rises to a level where I feel a need to answer it specifically. On Reddit over the weekend there were about a handful.
Is that really par for the course on slashdot these days ?
Sic transit gloria mundi...
Poul-Henning
Don't worry, they will get over it.
on
Tilting At Windmills
·
· Score: 3, Interesting
Back in the 1980ies here in Denmark, a left-lunatic-fringe school built the first windmill and published a report titled "Let a thousand windmills bloom"
They were ridiculed and everybody were adamant that windmills would spoil the landscape and do things to the cows milk etc.
Then the government introduced a subsidy on electricity from windmills and suddenly all the farmers could see a good business case and today we have most of the country plastered with windmills.
As a result Denmark gets around 20% of its electricity from wind nowadays.
Once energy prices get high enough, windmills will stop ruining USA and become "a sensible economic investment".
BTW: The trend here is to put new windmills off the coast because water disturbs the wind less than land.
For some reason it did not occur to me until now that D-Link would be stupid enough to harvest the stratum-1 server list for their devices, but it seems that is exactly what they did:-(
I never use anonomity to hide behind, I have no opinions of which I am ashamed.
You seem to be missing a very fundamental point in this: I live in Denmark.
Danish lawyers are not allowed to work on contingency. You get your bill first, then the verdict.
Therefore, $2500 in lawyers fees is actually not very much over here. If I tried to get this case in front of a judge, I would have to pay something like ten times that.
Furthermore, you seem to question a lot of things you could have determined for yourself by reading the actual letter I wrote.
Finally, I have probably done more for the internet and open source than you will ever be able to imagine so if you want to paint me as a simple extortionist, you may have a bit of trouble making people belive you.
In all likelyhood, I wrote the function which protects your password.
We are not talking HTTP here. Robots.txt does not apply.
The place where the service restriction is clearly written out, the "stratum 1 list" is the only place where DLink can have found the name of the NTP server in the first place.
As several posters have pointed out: consumer devices like these have no need to query stratum 1 servers.
As I said clearly in my letter: filtering will not prevent me from getting hit with bandwidth charges of $8800/year.
I have not tried sending any bogus return packets because that would hit innocent consumers who bought D-Links defficient products.
And for the people who could have identified the source of these packets so much faster and easier: Drop me an email, I'll be sure to ask for your help next time.
Finally, I can see that more than 40 people at D-Link Irwine (192.152.81.0/24) have read the open letter now, please guys: get somebody to call me or email me so we can get this matter settled. (both email and phone# is in the open letter)
1. My server has not replied to the packets sinde the CodeRed virus/worm abused NTP servers to coordinate attacks. That was a couple of years ago. I doubt D-Link ever even tried to test this.
2. NTP is a timing protocol. You do not want to do expensive and timeconsuming filtering on the packets because that disturbs your timing performance.
3. If I have to sue D-Link, it will be either in USA or Taiwan. Both their Danish marketing office and the UK european office will be able to deflect a lawsuit to their mothership.
4. If you download a firmware file from D-Link, it is often a ARJ archive. unpack that and run strings. If you see GPS.dix.dk in there, please use another version. If the firmware you run is older than about a month, please update it.
5. The list of products in my open letter is unlikely to be complete, those are the only ones I have been able to positively identify (using the method above). If you find out other products are affected, please email me.
6. We do have a number of very interesting sections of our penal code here in Denmark that are very likely to apply. Only problem is, they havn't been tried in a court yet. So I have to persuade an overworked criminal inspector to raise a criminal case against a foreigner over a, lets face it, quite small monetary amount. Then I have to spend a lot of time making sure that we convince a judge who have never heard of NTP that they are guilty and then if I win, I can see some D-link manager make a checkmark in their pocket book: "Remember to not visit Denmark under true name". I have better things to use my life for.
I can see a couple of hits from a C-class belonging to "D-Link Irwine": please escalate this guys, your bosses don't read slashdot.
Whenever there is an astronomy story, there is some staggering beautiful "artists concept" color painting right next to it, and that picture has no scientific backing for 99% of its features.
So try to pull a modern kid out in the back yard and put their eye to a telescope and they will barely belive you when you tell them that they look at, because it looks nothing like in the papers.
Astronomy is doing itself a major disservice by overselling their stuff with these fantasy pictures.
Has it never struck you as a very obvious explanation that Microsoft could have people paid to spin their case on Slashdot ?
With a marketing budget of their size, I'd be surprised if they didn't drip some greenbacks into hands that would spend time defending their reputation online.
And no, I don't think Slashdot is the only place they have paid staff doing astroturf.
Justin Gibbs, The foundations founder and financial officer said yesterday that this was just a case of bad communication and that it was already resolved.
Poul-Henning
This site http://www.windpower.org/ which the danish wind generator producers have put up contains a lot of useful information about windpower and counters most of the FUD you'll hear.
Wind power is not perfect, but it is here now (as opposed to fusion energy) has no waste problem (as opposed to current atomics) has local and well understood failure modes (things break, fall down) Produce a lot of power when we need it most (wind is driven by energy from sunlight) and it is economically competitive.
The key to a sensible energy future is to not be fanatical for/against any one source, but to exploit them all where and how it makes sense.
The problem here is that Microsoft is acting on a legitimate and actual problem which gives people headaches in the real world.
If they they attempt to implement a longhorn only solution, they will likely get so many people up in arms that it will never happen, and as a result another legitimate problem becomes taboo and remains unsolved.
We've seen this already more than once. Just think about harddisks with built in encryption.
I would LOVE for my bios to ask me for the password to my disk so that if somebody steals my laptop they don't get my data.
(Shameless plug: In particular I would love it if a sensible encryption was used, see http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pd f.)
Unfortunately, Microsoft tried to own the multimedia market by having harddisks with encryption where only _they_ had the keys.
Now nobody even dares discuss the idea and concept of encryption in the harddisk.
All the GPS satellites and a few other to boot are equipped with what is called "Bhang meters" which can detect the very special two-peak light-signature of an atomic explosion.
No natural phenomena have ever set off the Bhangmeters mistakenly.
If this was a nuclear test-shot, the US government know about it by now.
The question is if they choose to ignore the raw data, just like they did on 22 September 1979 when the joint South African/Israel test shot were fired.
No credible results in 20 years...
on
The Flickering Mind
·
· Score: 4, Insightful
In the 20 years I have followed computers as educational tools, I have yet to see a single credible (ie: not vendor paid) study which showed a benefit from using computers to teach normal kids normal subjects.
Once we get into special areas, things change.
For instance there have been many studies which show huge benefits to below average kids, where the computer can be used to implement repetitive teaching techniques.
Similar positive results have been documented for fringe topics and above average students.
Most of these fringe areas can be reduced to the simple phenomena of the computer being used to make up for a teacher shortage. None of the studies I have seen argues that the results are different from what would have happened if sufficient teachers where available to implement the same amount of teaching.
But still not one single study have shown a consistent, tangible benefit for normal kids in the normal basic subjects {$native_language, math, science}
Many studies and reports have pointed out tangible damage.
Considering how much money has been spent, that is a pretty disturbing scientific basis.
Anectodal evidence is distributed slightly different: All the good news is about things which are going to happen. Once the computer have been rolled in, we practically never hear good news.
Combine this situation with the recent study out of Chicago which documented that for each hour of television toddlers watched per day, they had 10% higher risk of ADD at age 7, and we have a really disturbing situation at our hands.
Poul-Henning
PS: And as somebody who is old enough to have written a lot of text on a type-writer, I can personally attest that it makes you think a lot more about the text before you write.
In an ideal world, I'd say you are spot on here, but unfortunately, this is not an ideal world.
Any amount of administration needs somebody to do that, if you administer money, some tax-entity will want to know about it and will want you to do it according to a set of rules, and quite likely, want you to pay tax on it too.
As I wrote in my solicitation, I wish the foundation could have handled this, but they did not have the resources to deal with it, mostly, and that is the interesting bit: lack of time.
It will take some time before OSS projects like FreeBSD has the necessary infrastructure to deal with a systematic user-payment model. Until then we'll just have to do what we can, while we remember:
T.T.T Put up in a place where it's easy to see the cryptic admonishment
T.T.T. When you feel how depressingly slowly you climb, it's well to remember that
Things Take Time.
-- Piet Hein
You know, the funny thing is, once you're done paying for all the little not-at-all-tax-items like health-care, pensions, education for your kids etc, then I probably have more financial freedom than you have.
For my 2/3 tax, I get healthcare and there are no "pre-existing conditions" or HMOs to deal with.
It's a bit hard to explain to americans, but healthcare is simply not a thing I have to consider in relation to my employment.
I also get education, including college, for my kids.
I don't have to fear the pan-handlers, insane and other strays because we actually have a social care system that works.
And don't even get me started about guns, bureaucrazy, corruption and the oppresive regime controlled by big business.
I've lived in San Francisco. My son is born there.
I don't miss any of those things.
What I get by paying the same amount you do, is peace of mind.
I have to pay my income tax, which here in Denmark is roughly 2/3, and that means the number you are looking at is a $22K/year net salary.
Depending on the jobdescription, my normal salary would be at least $75K, so I tend to think that the FreeBSD users are getting a pretty good deal here.
(And before anybody falls into the other ditch: For that tax we get full healthcare, free schools (incl university) and a practically non-corrupt political system.
There is a difference between "participated" and "worked flat out on the problem".
In this case they had some serious bottleneck issues and at least the machines I had involved spent most of the time idle, throughout the game I probably got only about five moves per CPU, total.
I think the point being missed here is that very few mappings have been done of Earth using *the same single instrument*.
A very good illustration of how important this became available when the Hiparcos and Tycho star-catalogs were produced by the Hiparcos satellite (also ESA).
When the resulting catalog were compared to ground based astrometric catalogs, every single one of them showed systematic errors of varying magnitude.
Even with the best instruments and the most careful technicians and scientists, systematic errors between instruments, methods and setups exist. When it comes to consistency, a single instrument in a single setup beats anything else.
I don't doubt that military "assets" exist which can image the birds in my garden playing soccer with breadcrumbs but they have never made a global map (even ignoring the two thirds which is water) with the same single instrument.
SAREX came close, but no cigar: the polar caps were missing.
I think ESAs claim stands: They're doing it better than we ever bothered to do it here.
While there has been raised some doubt about how hard it is to produce collisions in MD5-like algorithms, I still don't think anybody has publized a single collision in the actual MD5 algorithm and certainly not a same-length collision.
MD5-crypt() is iterative in various fancy ways (see the source), so your chances of exploiting a single known MD5-collision to trespass that way are still zero.
You would need a very significant weakness in MD5 before it would help you against MD5-crypt().
There is a difference between being prudent and paranoid, if Phil really said that, it sounds like he's on the wrong side of the line.
Back in 1994 I wrote the MD5 based crypt() which it seems almost everybody has adopted from FreeBSD by now: *BSD, Linux/GLIBC, Cisco and appearantly even Solaris.
The important properties of a good crypt() algorithm are still:
1. Input password is not length or charset restricted.
2. The algorithm is complex enough to not lend itself easily to hardware implementations (FPGAs etc).
3. The Salt is big enough that precomputing dictionaries is not feasible.
You will notice that apart from #1, these are not quantified, DES-based crypt() fulfilled #2 and #3 back in its days, but no longer does so. In a similar way, some day we will declare my MD5 based password scrambler as failing one or both of those criteria because password scrambling is not a case of finding "the" algorithm and putting a checkmark in the box, it needs to on periodically evaluated and improved every decade or so.
That is why I put the $1$ prefix on my MD5-based crypt(), so that you can update to a better algorithm when you need to. OpenBSD has already added a couple of stronger SHA based algorithms ($2...) and more can be added in the future.
In the absense of any other "IANA" for this, I would appreciate if you would register your "magic strings" with me so we don't have collisions.
If you're still using DES-based crypt(), switch to MD5 based crypt() now. Don't wait any longer, you are already 9 years late (IMO).
Slashdot Mirror
This is the second time a bug in the firmware of Motorola Oncore GPS receivers have manifested itself. There is a bug relating to a 32 bit wide bitmap, and DoD just took the GPS satellite numbered 32 out of the constellation and that seems to be the cause. I have data for two such receivers showing the anomaly and for one different receiver seeing no trouble at all.
What a misleading title, it is not even in the same continent as the article.
A large number of people obviously didn't read the actual article.
And I guess Knuth has quite a fanboi community on slashdot. I wonder if he really appreciates that ?
Some of those who did read the article, does not seem to know the difference between a binary heap and a binary tree, and even the pretty strong clue to the difference in the text, did not make them go check wikipedia. 10 out of 10 for selfesteem, but 0 out of 10 for clue.
Those who think CS should be unsullied by actual computers should make sure to note this belief on their resume. (Trust me, everybody you send your resume to will appreciate that.)
Those who advocate getting rid of Virtual Memory must have much more money for RAM than is sensible. I wish I could afford that.
About five comments tries, in vain it seems, to explain the point of my article to the unwashed masses (kudos!, but really, what are you doing here ?)
Not one comment rises to a level where I feel a need to answer it specifically. On Reddit over the weekend there were about a handful.
Is that really par for the course on slashdot these days ?
Sic transit gloria mundi...
Poul-Henning
Back in the 1980ies here in Denmark, a left-lunatic-fringe school built the first windmill and published a report titled "Let a thousand windmills bloom"
They were ridiculed and everybody were adamant that windmills would spoil the landscape and do things to the cows milk etc.
Then the government introduced a subsidy on electricity from windmills and suddenly all the farmers could see a good business case and today we have most of the country plastered with windmills.
As a result Denmark gets around 20% of its electricity from wind nowadays.
Once energy prices get high enough, windmills will stop ruining USA and become "a sensible economic investment".
BTW: The trend here is to put new windmills off the coast because water disturbs the wind less than land.
Poul-Henning
For some reason it did not occur to me until now that D-Link would :-(
be stupid enough to harvest the stratum-1 server list for their
devices, but it seems that is exactly what they did
http://people.freebsd.org/~phk/dlink/letter2.html
Poul-Henning
You seem to be a bit confused here.
The usage policy for gps.dix.dk is part and parcel of the service announcement, which is quoted in my open letter.
Every place where the service of GPS.dix.dk has been announced, the access restrictions have been stated.
D-Link produced their list of NTP servers by scraping the public stratum 1 list, where the restrictions are clearly spelled out.
In other words, the "no trespassing" sign was nailed up there, right below the house number, and they didn't read it.
Finally, you still quite seem to have grasped the difference between HTTP and NTP. You should study that a bit.
Poul-Henning
Dear Zardo,
I never use anonomity to hide behind, I have no opinions of which I am ashamed.
You seem to be missing a very fundamental point in this: I live in Denmark.
Danish lawyers are not allowed to work on contingency. You get your bill first, then the verdict.
Therefore, $2500 in lawyers fees is actually not very much over here. If I tried to get this case in front of a judge, I would have to pay something like ten times that.
Furthermore, you seem to question a lot of things you could have determined for yourself by reading the actual letter I wrote.
Finally, I have probably done more for the internet and open source than you will ever be able to imagine so if you want to paint me as a simple extortionist, you may have a bit of trouble making people belive you.
In all likelyhood, I wrote the function which protects your password.
Poul-Henning
We are not talking HTTP here. Robots.txt does not apply.
The place where the service restriction is clearly written out, the "stratum 1 list" is the only place where DLink can have found the name of the NTP server in the first place.
As several posters have pointed out: consumer devices like these have no need to query stratum 1 servers.
As I said clearly in my letter: filtering will not prevent me from getting hit with bandwidth charges of $8800/year.
I have not tried sending any bogus return packets because that would hit innocent consumers who bought D-Links defficient products.
And for the people who could have identified the source of these packets so much faster and easier: Drop me an email, I'll be sure to ask for your help next time.
Finally, I can see that more than 40 people at D-Link Irwine (192.152.81.0/24) have read the open letter now, please guys: get somebody to call me or email me so we can get this matter settled. (both email and phone# is in the open letter)
Poul-Henning
Let me clarify a number of details here.
1. My server has not replied to the packets sinde the CodeRed virus/worm abused NTP servers to coordinate attacks. That was a couple of years ago. I doubt D-Link ever even tried to test this.
2. NTP is a timing protocol. You do not want to do expensive and timeconsuming filtering on the packets because that disturbs your timing performance.
3. If I have to sue D-Link, it will be either in USA or Taiwan. Both their Danish marketing office and the UK european office will be able to deflect a lawsuit to their mothership.
4. If you download a firmware file from D-Link, it is often a ARJ archive. unpack that and run strings. If you see GPS.dix.dk in there, please use another version. If the firmware you run is older than about a month, please update it.
5. The list of products in my open letter is unlikely to be complete, those are the only ones I have been able to positively identify (using the method above). If you find out other products are affected, please email me.
6. We do have a number of very interesting sections of our penal code here in Denmark that are very likely to apply. Only problem is, they havn't been tried in a court yet. So I have to persuade an overworked criminal inspector to raise a criminal case against a foreigner over a, lets face it, quite small monetary amount. Then I have to spend a lot of time making sure that we convince a judge who have never heard of NTP that they are guilty and then if I win, I can see some D-link manager make a checkmark in their pocket book: "Remember to not visit Denmark under true name". I have better things to use my life for.
I can see a couple of hits from a C-class belonging to "D-Link Irwine": please escalate this guys, your bosses don't read slashdot.
Thanks for all the supportive email.
Poul-Henning
No, I don't like it one bit...
But if that is the worst democracy ever does to FreeBSD, I can probably learn to live with it.
Poul-Henning
Astronomy is AWFUL at reporting their news.
Whenever there is an astronomy story, there is some staggering beautiful "artists concept" color painting right next to it, and that picture has no scientific backing for 99% of its features.
So try to pull a modern kid out in the back yard and put their eye to a telescope and they will barely belive you when you tell them that they look at, because it looks nothing like in the papers.
Astronomy is doing itself a major disservice by overselling their stuff with these fantasy pictures.
Poul-Henning
With a marketing budget of their size, I'd be surprised if they didn't drip some greenbacks into hands that would spend time defending their reputation online.
And no, I don't think Slashdot is the only place they have paid staff doing astroturf.
Have you guys looked at the formula ?
They take sin(sqrt(mumble_percent)).
Now, I'm all for emperical data, but that is just bistromatics and totally insane.
They don't even say if the argument to the sine function is in degrees or radians and one is left to wonder if they even know themselves...
I have no doubt that if you take a piece of code and does a before&after check after some major rewriting it may tell you something.
But comparing two different pieces of code with this formula is just plain bogus.
Poul-Henning
Justin Gibbs, The foundations founder and financial officer said yesterday that this was just a case of bad communication and that it was already resolved. Poul-Henning
This site http://www.windpower.org/ which the danish wind generator producers have put up contains a lot of useful information about windpower and counters most of the FUD you'll hear.
Wind power is not perfect, but it is here now (as opposed to fusion energy) has no waste problem (as opposed to current atomics) has local and well understood failure modes (things break, fall down) Produce a lot of power when we need it most (wind is driven by energy from sunlight) and it is economically competitive.
The key to a sensible energy future is to not be fanatical for/against any one source, but to exploit them all where and how it makes sense.
The problem here is that Microsoft is acting on a legitimate and actual problem which gives people headaches in the real world.
d f.)
If they they attempt to implement a longhorn only solution, they will likely get so many people up in arms that it will never happen, and as a result another legitimate problem becomes taboo and remains unsolved.
We've seen this already more than once. Just think about harddisks with built in encryption.
I would LOVE for my bios to ask me for the password to my disk so that if somebody steals my laptop they don't get my data.
(Shameless plug: In particular I would love it if a sensible encryption was used, see http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.p
Unfortunately, Microsoft tried to own the multimedia market by having harddisks with encryption where only _they_ had the keys.
Now nobody even dares discuss the idea and concept of encryption in the harddisk.
One taboo after the other...
All the GPS satellites and a few other to boot are equipped with what is called "Bhang meters" which can detect the very special two-peak light-signature of an atomic explosion.
No natural phenomena have ever set off the Bhangmeters mistakenly.
If this was a nuclear test-shot, the US government know about it by now.
The question is if they choose to ignore the raw data, just like they did on 22 September 1979 when the joint South African/Israel test shot were fired.
In the 20 years I have followed computers as educational tools, I have yet to see a single credible (ie: not vendor paid) study which showed a benefit from using computers to teach normal kids normal subjects.
Once we get into special areas, things change.
For instance there have been many studies which show huge benefits to below average kids, where the computer can be used to implement repetitive teaching techniques.
Similar positive results have been documented for fringe topics and above average students.
Most of these fringe areas can be reduced to the simple phenomena of the computer being used to make up for a teacher shortage. None of the studies I have seen argues that the results are different from what would have happened if sufficient teachers where available to implement the same amount of teaching.
But still not one single study have shown a consistent, tangible benefit for normal kids in the normal basic subjects {$native_language, math, science}
Many studies and reports have pointed out tangible damage.
Considering how much money has been spent, that is a pretty disturbing scientific basis.
Anectodal evidence is distributed slightly different: All the good news is about things which are going to happen. Once the computer have been rolled in, we practically never hear good news.
Combine this situation with the recent study out of Chicago which documented that for each hour of television toddlers watched per day, they had 10% higher risk of ADD at age 7, and we have a really disturbing situation at our hands.
Poul-Henning
PS: And as somebody who is old enough to have written a lot of text on a type-writer, I can personally attest that it makes you think a lot more about the text before you write.
In an ideal world, I'd say you are spot on here, but unfortunately, this is not an ideal world.
Any amount of administration needs somebody to do that, if you administer money, some tax-entity will want to know about it and will want you to do it according to a set of rules, and quite likely, want you to pay tax on it too.
As I wrote in my solicitation, I wish the foundation could have handled this, but they did not have the resources to deal with it, mostly, and that is the interesting bit: lack of time.
It will take some time before OSS projects like FreeBSD has the necessary infrastructure to deal with a systematic user-payment model. Until then we'll just have to do what we can, while we remember:
T.T.T
Put up in a place
where it's easy to see
the cryptic admonishment
T.T.T.
When you feel how depressingly
slowly you climb,
it's well to remember that
Things Take Time.
-- Piet Hein
You know, the funny thing is, once you're done paying for all the little not-at-all-tax-items like health-care, pensions, education for your kids etc, then I probably have more financial freedom than you have.
For my 2/3 tax, I get healthcare and there are no "pre-existing conditions" or HMOs to deal with.
It's a bit hard to explain to americans, but healthcare is simply not a thing I have to consider in relation to my employment.
I also get education, including college, for my kids.
I don't have to fear the pan-handlers, insane and other strays because we actually have a social care system that works.
And don't even get me started about guns, bureaucrazy, corruption and the oppresive regime controlled by big business.
I've lived in San Francisco. My son is born there.
I don't miss any of those things.
What I get by paying the same amount you do, is peace of mind.
Priceless!
I have to pay my income tax, which here in Denmark is roughly 2/3, and that means the number you are looking at is a $22K/year net salary.
Depending on the jobdescription, my normal salary would be at least $75K, so I tend to think that the FreeBSD users are getting a pretty good deal here.
(And before anybody falls into the other ditch: For that tax we get full healthcare, free schools (incl university) and a practically non-corrupt political system.
It has long since been recorded as a fact that any system relying on human reliability is unreliable.
Both Chernobyl and TMI happened because the humans didn't fulfill their role in the reliability chain.
In both cases, humans misreading or misinterpreting information worked against the automatic protection systems correct safing actions.
To technocrats like us, the obvious solution is fully automatic, unmanned atomic powerplants.
Considering that we cannot even drive a car 20km by computer, I don't think we are anywhere close to ready for that sort of challenge yet.
So while nuclear energy may be ready, we're not.
(And there's also that pesky detail about the spent fuel.)
There is a difference between "participated" and "worked flat out on the problem".
In this case they had some serious bottleneck issues and at least the machines I had involved spent most of the time idle, throughout the game I probably got only about five moves per CPU, total.
Poul-Henning
I think the point being missed here is that very few mappings have been done of Earth using *the same single instrument*.
A very good illustration of how important this became available when the Hiparcos and Tycho star-catalogs were produced by the Hiparcos satellite (also ESA).
When the resulting catalog were compared to ground based astrometric catalogs, every single one of them showed systematic errors of varying magnitude.
Even with the best instruments and the most careful technicians and scientists, systematic errors between instruments, methods and setups exist. When it comes to consistency, a single instrument in a single setup beats anything else.
I don't doubt that military "assets" exist which can image the birds in my garden playing soccer with breadcrumbs but they have never made a global map (even ignoring the two thirds which is water) with the same single instrument.
SAREX came close, but no cigar: the polar caps were missing.
I think ESAs claim stands: They're doing it better than we ever bothered to do it here.
Poul-Henning
While there has been raised some doubt about how hard it is to produce collisions in MD5-like algorithms, I still don't think anybody has publized a single collision in the actual MD5 algorithm and certainly not a same-length collision.
MD5-crypt() is iterative in various fancy ways (see the source), so your chances of exploiting a single known MD5-collision to trespass that way are still zero.
You would need a very significant weakness in MD5 before it would help you against MD5-crypt().
There is a difference between being prudent and paranoid, if Phil really said that, it sounds like he's on the wrong side of the line.
Poul-Henning
Back in 1994 I wrote the MD5 based crypt() which it seems almost everybody has adopted from FreeBSD by now: *BSD, Linux/GLIBC, Cisco and appearantly even Solaris.
:-)
The important properties of a good crypt() algorithm are still:
1. Input password is not length or charset restricted.
2. The algorithm is complex enough to not lend itself easily to hardware implementations (FPGAs etc).
3. The Salt is big enough that precomputing dictionaries is not feasible.
You will notice that apart from #1, these are not quantified, DES-based crypt() fulfilled #2 and #3 back in its days, but no longer does so. In a similar way, some day we will declare my MD5 based password scrambler as failing one or both of those criteria because password scrambling is not a case of finding "the" algorithm and putting a checkmark in the box, it needs to on periodically evaluated and improved every decade or so.
That is why I put the $1$ prefix on my MD5-based crypt(), so that you can update to a better algorithm when you need to. OpenBSD has already added a couple of stronger SHA based algorithms ($2...) and more can be added in the future.
In the absense of any other "IANA" for this, I would appreciate if you would register your "magic strings" with me so we don't have collisions.
If you're still using DES-based crypt(), switch to MD5 based crypt() now. Don't wait any longer, you are already 9 years late (IMO).
It's even "free as in free beer"