Introduction to the Theory of Computation by Sipser. This is my favorite computer science textbook together with SICP. It deals with theoretical computer science, mainly automata, computability and complexity theory. It's just 400 pages or so, but covers lots of ground.
Types and Programming Languages by Pierce. This is a very accessible introduction to the theory of programming languages and types.
The way I see this, you should simply not store keys in memory (that is have your encrypted file system mounted) when you not need access to the files. A correct program will overwrite the keys when the file system is dismounted.
The purpose of full disk encryption (or system encryption in TrueCrypt is), in my opinion, not meant as a "one password to protect everything". It's just an extra measure to secure temporary files, the swap file and other tracks the OS and applications may spread around. You should still encrypt your really secret files separately, and use basic precautions such as secure file erasure when you've used them.
That said, I still don't think this attack is so important. If you have the file system mounted, and an attacker gains access to your computer, the files are already there!
> spinning disk costs about $0.38 per gig.
That's remarkably expensive. In Sweden the price is _almost_ below 1 SEK per GB, and that is including our 25% VAT. The Seagate Barracuda 1 TB for example is 0.13 USD per GB excluding VAT.
On one hand I think this is good. Insider trading should not be illegal. To quote Milton Friedman:
"You want more insider trading, not less. You want to give the people most likely to have knowledge about deficiencies of the company an incentive to make the public aware of that."
The benefit of insider trading is information enters the markets quicker. That is good for me.
There are also tax lawyers who can help me create complex holding / offshore structures to make me pay less taxes, so from that point of view I fail to see the problem with help how to avoid insider trading regulations. No one would be surprised if these banks helped their clients to avoid paying specific corporate tax, for example. So what's so sacred about the insider trading regulations?
Anyhow, my problem I have with this is bad laws should be rewoked, not left in place to be circumvented with the right know-how.
The United States is, as far as I know, the only country in the world where your work is not automatically copyrighted when published. I know for a fact that any code, text, images etc are posted from a European country it is automatically copyrighted, "(c)"-symbols or not. In Sweden for example it is actually discouraged to write "Copyright xyz" in your documents/works because it has no legal meaning and it confuses intellectual property law for the layman.
So while you are probably correct if the copied code originates from somewhere in USA, the original poster's company is most certainly in violation of some intellectual property law if the code is from abroad.
The headline states this as it's something bad. Seriously, wtf? Microsoft has done lots of stupid/"evil" things, but this is not one of them. This is real free market competition without government intervention. I fail to see the problem. Should Microsoft be _forced_ to sell a product that doesn't benefit them? I think not. They are free to do as they please, and in this case they are, as there's no force whatsoever involved.
If, however, Microsoft tried to abuse some laws for their own gain, that would be evil.
What's the point? The bottle neck on MP3 players is not the audio files but the decoding/playback hardware and even more important the headphones. You simply can't hear the difference after a certain MP3 bitrate like you can on real audio systems with proper equipment.
Whenever I buy a new MP3 player I spend a few minutes to find the sweet spot where I simply can't hear any difference with a higher bit rate let alone lossless audio. This is almost always 128 kbps, even with quite good head phones.
For some reason many geeks like to attack what other geeks find popular to stand out and appear "different" or "superior". For example, in discussions of Linux one geek will stand out and write something anti-Linux (maybe pro-BSD) and get modded +5 Insightful. Same with anti-Apple, pro-Microsoft etc. However once in a while this gets completely un-productive. For example, when a girl starts posting naked pictures of herself on a message board. Reasonable persons write nice comments. Then comes the geek and writes "damn you're ugly". Thank you fucking much for spoiling it for everybody. Now no girl will post naked pictures of themselves. It's the same thing with attacking RMS. He is working for us, and you better damn appreciate it.
Attacking RMS is like telling a girl she's ugly when she posts naked pictures of herself on a message board. Completely unproductive.
...
Oh damn, I put "naked" and "RMS" in the same sentence.
The book The Pragmatic Programmer by Andrew Hunt and David Thomas has a chapter about Design by Contract. As it's a very good book (almost a classic) about lots of different things, I suggest you read it. Check out the reviews at Amazon, they are true.
The Pirate Party are currently at 0.64% with around 60% of the votes counted. Given the party is less than a year old and the issues involved (how many non-geeks care about file sharing and privacy?) I would consider this a remarkable success. Especially considered this election was the first in 12 years where the previously ruling Social Democrats were challanged by a strong center-right coalition (note, btw, Swedish center-right is more leftist than the US left). When both the center-right bloc and the center-left bloc had around 47% of the votes, the closest in swedish modern history, this was not a good time to introduce a new party. Most voters probably realized the pirate partys issues weren't so important when other larger issues were at stake.
Even while the Pirate Party didn't make it, they HAVE something to cheer about. As the center-right coalition won, the current minister of justice Thomas Bodström is gone from power. This is a major success since Bodström is sort of a symbol of the big brother state in Sweden, like Bush and Blair in US and UK. The Pirate Party also managed to make file sharing an issue both blocs have taken stances on. Which is good.
In case you don't know, the guy behind this website is Andy Tanenbaum, the Minix guy, the Linus Torvalds flameware guy, the Modern Operating System guy.
"In 2004 Tanenbaum created electoral-vote.com, a popular web site analyzing opinion polls for the 2004 U.S. Presidential Election, using them to project the outcome in the Electoral College."
This is non-news. What happened was a member of the Social Democrats youth section _gave_ a username and password to a former member in the Liberal Party (which are not liberal at all BTW) youth section, around 2005! Of course, as the Social Democrats are about to lose the election (september 17th) they use this "news" to spread some primitive form of political FUD about the opposition.
"We have a serious problem. Whenever I try to pitch Linux to anyone under 30, the question I get is: 'Will it work with my iPod?," he said. "We are not yet as a community making the painful compromises need to achieve widespread desktop market share. Until we do, we will get locked out of more hardware."
For all you three reading this wondering what this is all about: An instance in WoW is a dungeon cut off from the rest of the WoW-world, sort of like a mums basement for the ubergeek. You and your friends enter an instance, and you can be completely alone in there, killing NPC-monsters (and get nice equipment) and not having to deal with those outside the instance.
The most difficult instances require up to 40 players to complete. Molten Core is a Dungeons & Dragons-like dungeon full of fire-monsters. Blackwing Lair (more difficult than Molten Core) is a place full of dragons. Naxxrammas is full of undead, spiders etc, and is probably the hardest instance atm. Chances are that previous friend of yours you haven't seen for the past 16 months run around in Naxxrammas, killing bosses such "The Four Horsement".
Of course, requireing 40 mans to complete, these instances are usually reserved for the "hardcore". Since WoW's success is because it was casual friendly, it doesn't surprise me Blizzard concentrate on 25 man stuff, that is probably easier for the casual to join in at.
I remember an article a couple of months ago where Microsoft employees had done something similiar, that is using virtualization to create a low level rootkit.
Because, y'know, the only way to protect yourself against attacks like these are with Trusted Platform Modules.
20 bucks Microsoft sponsored this research in some way.
"BitTorrent Inc. is boosting its network capacity as it prepares to become a centralized hub for legal video content. In May, BitTorrent announced a deal with Warner Brothers to distribute its TV and movie content via the BT platform. It has now lined up IP transit for streaming videos at one gigabit per second."
The whole freaking point of BitTorrent is to transfer files so you don't need a fat pipe. Why exactly do they need 1 gigabit per second to run a tracker? Not even The Pirate Bay run on 1 gbps pipes.
I don't buy this. I think the MPAA just want to launch a regular distributor->consumer (as in, not-P2P) service under the BitTorrent-name so they can fool the regular joes this whole BitTorrent-thing has nothing at all to do with P2P. After all, real P2P is the complete opposite of their bussiness modell, so they probably don't want it generally accepted.
I would like to take the oppertunity here to debunk a very common myth regarding hard drive erasure.
You DO NOT have to overwrite a file 35 times to be "safe". This number originates from a misunderstanding of a paper about secure file erasure, written by Gutmann.
The 35 patterns/passes in the table in the paper are for all different hard disk encodings used in the 90:s. A single drive only use one type of encoding, so the extra passes for another encoding has no effect at all. The 35 passes are maybe useful for drives where the encoding is unknown though.
For new 2000-era drives, simply overwriting with random bytes is sufficient.
Here's an epilogue by Gutmann for the original paper:
Epilogue In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.
Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps one or two levels via basic error-cancelling techniques. In particular the the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.
Fry: Wait you're the only friend I have... Bender: You really want a robot for a friend? Fry: Yeah ever since I was six. Bender: Well, ok but I don't want people thinking we're robosexuals, so if anyone asks, you're my debugger.
Slashdot Mirror
Introduction to the Theory of Computation by Sipser. This is my favorite computer science textbook together with SICP. It deals with theoretical computer science, mainly automata, computability and complexity theory. It's just 400 pages or so, but covers lots of ground.
Types and Programming Languages by Pierce. This is a very accessible introduction to the theory of programming languages and types.
The way I see this, you should simply not store keys in memory (that is have your encrypted file system mounted) when you not need access to the files. A correct program will overwrite the keys when the file system is dismounted.
The purpose of full disk encryption (or system encryption in TrueCrypt is), in my opinion, not meant as a "one password to protect everything". It's just an extra measure to secure temporary files, the swap file and other tracks the OS and applications may spread around. You should still encrypt your really secret files separately, and use basic precautions such as secure file erasure when you've used them.
That said, I still don't think this attack is so important. If you have the file system mounted, and an attacker gains access to your computer, the files are already there!
> spinning disk costs about $0.38 per gig. That's remarkably expensive. In Sweden the price is _almost_ below 1 SEK per GB, and that is including our 25% VAT. The Seagate Barracuda 1 TB for example is 0.13 USD per GB excluding VAT.
On one hand I think this is good. Insider trading should not be illegal. To quote Milton Friedman:
"You want more insider trading, not less. You want to give the people most likely to have knowledge about deficiencies of the company an incentive to make the public aware of that."
The benefit of insider trading is information enters the markets quicker. That is good for me.
There are also tax lawyers who can help me create complex holding / offshore structures to make me pay less taxes, so from that point of view I fail to see the problem with help how to avoid insider trading regulations. No one would be surprised if these banks helped their clients to avoid paying specific corporate tax, for example. So what's so sacred about the insider trading regulations?
Anyhow, my problem I have with this is bad laws should be rewoked, not left in place to be circumvented with the right know-how.
The United States is, as far as I know, the only country in the world where your work is not automatically copyrighted when published. I know for a fact that any code, text, images etc are posted from a European country it is automatically copyrighted, "(c)"-symbols or not. In Sweden for example it is actually discouraged to write "Copyright xyz" in your documents/works because it has no legal meaning and it confuses intellectual property law for the layman. So while you are probably correct if the copied code originates from somewhere in USA, the original poster's company is most certainly in violation of some intellectual property law if the code is from abroad.
Microsoft Wanted To Drop Mac Office To Hurt Apple
The headline states this as it's something bad. Seriously, wtf? Microsoft has done lots of stupid/"evil" things, but this is not one of them. This is real free market competition without government intervention. I fail to see the problem. Should Microsoft be _forced_ to sell a product that doesn't benefit them? I think not. They are free to do as they please, and in this case they are, as there's no force whatsoever involved.
If, however, Microsoft tried to abuse some laws for their own gain, that would be evil.
Are they trying to restrict internet radio in general, or are they really talking about podcasts only as per Slashdots title?
DNS and IP space allication != "The Internet".
The Pirate Bay apperantly is: http://thepiratebay.org/tor/3589817/ZyprexaKills.t ar.gz
Please remind me again how this man is so dangerous to society he must be locked up in jail.
What's the point? The bottle neck on MP3 players is not the audio files but the decoding/playback hardware and even more important the headphones. You simply can't hear the difference after a certain MP3 bitrate like you can on real audio systems with proper equipment.
Whenever I buy a new MP3 player I spend a few minutes to find the sweet spot where I simply can't hear any difference with a higher bit rate let alone lossless audio. This is almost always 128 kbps, even with quite good head phones.
For some reason many geeks like to attack what other geeks find popular to stand out and appear "different" or "superior". For example, in discussions of Linux one geek will stand out and write something anti-Linux (maybe pro-BSD) and get modded +5 Insightful. Same with anti-Apple, pro-Microsoft etc. However once in a while this gets completely un-productive. For example, when a girl starts posting naked pictures of herself on a message board. Reasonable persons write nice comments. Then comes the geek and writes "damn you're ugly". Thank you fucking much for spoiling it for everybody. Now no girl will post naked pictures of themselves. It's the same thing with attacking RMS. He is working for us, and you better damn appreciate it. Attacking RMS is like telling a girl she's ugly when she posts naked pictures of herself on a message board. Completely unproductive.
...
Oh damn, I put "naked" and "RMS" in the same sentence.
I have this urge to share my favorite (or, at least top 3) Slashdot post of all times:
3 21834
http://slashdot.org/comments.pl?sid=159051&cid=13
As an ex-sysop, I wonder occasionally how a modern chatter would do on an old style BBS....
... an embedded device that deserves to run Microsoft Windows!
The book The Pragmatic Programmer by Andrew Hunt and David Thomas has a chapter about Design by Contract. As it's a very good book (almost a classic) about lots of different things, I suggest you read it. Check out the reviews at Amazon, they are true.
The Pirate Party are currently at 0.64% with around 60% of the votes counted. Given the party is less than a year old and the issues involved (how many non-geeks care about file sharing and privacy?) I would consider this a remarkable success. Especially considered this election was the first in 12 years where the previously ruling Social Democrats were challanged by a strong center-right coalition (note, btw, Swedish center-right is more leftist than the US left). When both the center-right bloc and the center-left bloc had around 47% of the votes, the closest in swedish modern history, this was not a good time to introduce a new party. Most voters probably realized the pirate partys issues weren't so important when other larger issues were at stake.
Even while the Pirate Party didn't make it, they HAVE something to cheer about. As the center-right coalition won, the current minister of justice Thomas Bodström is gone from power. This is a major success since Bodström is sort of a symbol of the big brother state in Sweden, like Bush and Blair in US and UK. The Pirate Party also managed to make file sharing an issue both blocs have taken stances on. Which is good.
In case you don't know, the guy behind this website is Andy Tanenbaum, the Minix guy, the Linus Torvalds flameware guy, the Modern Operating System guy.
http://en.wikipedia.org/wiki/Andrew_Tanenbaum
"In 2004 Tanenbaum created electoral-vote.com, a popular web site analyzing opinion polls for the 2004 U.S. Presidential Election, using them to project the outcome in the Electoral College."
This is non-news. What happened was a member of the Social Democrats youth section _gave_ a username and password to a former member in the Liberal Party (which are not liberal at all BTW) youth section, around 2005! Of course, as the Social Democrats are about to lose the election (september 17th) they use this "news" to spread some primitive form of political FUD about the opposition.
* GNUpod and gtkpod
* iPod Shuffle Database Builder
And then there's another one with a funky name I cannot remember.
For all you three reading this wondering what this is all about: An instance in WoW is a dungeon cut off from the rest of the WoW-world, sort of like a mums basement for the ubergeek. You and your friends enter an instance, and you can be completely alone in there, killing NPC-monsters (and get nice equipment) and not having to deal with those outside the instance.
The most difficult instances require up to 40 players to complete. Molten Core is a Dungeons & Dragons-like dungeon full of fire-monsters. Blackwing Lair (more difficult than Molten Core) is a place full of dragons. Naxxrammas is full of undead, spiders etc, and is probably the hardest instance atm. Chances are that previous friend of yours you haven't seen for the past 16 months run around in Naxxrammas, killing bosses such "The Four Horsement".
Of course, requireing 40 mans to complete, these instances are usually reserved for the "hardcore". Since WoW's success is because it was casual friendly, it doesn't surprise me Blizzard concentrate on 25 man stuff, that is probably easier for the casual to join in at.
I remember an article a couple of months ago where Microsoft employees had done something similiar, that is using virtualization to create a low level rootkit.
Because, y'know, the only way to protect yourself against attacks like these are with Trusted Platform Modules.
20 bucks Microsoft sponsored this research in some way.
I don't buy this. I think the MPAA just want to launch a regular distributor->consumer (as in, not-P2P) service under the BitTorrent-name so they can fool the regular joes this whole BitTorrent-thing has nothing at all to do with P2P. After all, real P2P is the complete opposite of their bussiness modell, so they probably don't want it generally accepted.
You DO NOT have to overwrite a file 35 times to be "safe". This number originates from a misunderstanding of a paper about secure file erasure, written by Gutmann.
The 35 patterns/passes in the table in the paper are for all different hard disk encodings used in the 90:s. A single drive only use one type of encoding, so the extra passes for another encoding has no effect at all. The 35 passes are maybe useful for drives where the encoding is unknown though.
For new 2000-era drives, simply overwriting with random bytes is sufficient.
Here's an epilogue by Gutmann for the original paper:
Let's for the sake of amusement Google "Yankee Group" funded microsoft
Or, let's try site:slashdot.org "Yankee Group"
Unbiased? No freaking way.
Fry: Wait you're the only friend I have...
Bender: You really want a robot for a friend?
Fry: Yeah ever since I was six.
Bender: Well, ok but I don't want people thinking we're robosexuals, so if anyone asks, you're my debugger.