They threw in that shooting bit at the end since they are hoping a few more people google for something tangentially related and read their page. Just like they tried to tie in to Fukushima.
It's more like '03 it became recognized more widely, since I changed jobs Dec '02, and shortly after that I heard about this idea. I remember thinking, "Oops," cause of where I had worked before and how clever we had thought we had been avoiding timing attacks which had been the previous clever trick. The best idea then was to use strong random data to pad with, and we did. Of course that was really hard to check if it was simply random padding if you wanted to verify it, to make sure nothing was being leaked there for example.
In any case the IPSEC specs were then later changed to recommend defined padding, and yes the padding I am referring to you would not need the keys before hand to look at. Of course there are lots of other ways to leak things, like timing which you mentioned, or the way you break-up packets, or where/when you use options, etc. All those would be harder to hide in the code though.
FWIW, I'm thinking these claims made by Perry are a load of crap, but that's just my opinion.
padding, back then it was random in OpenBSD, hard to verify, never looked at by software. Now it's speced in a verifiable manner. Either nobody knew or nobody was forth coming with the information that it was a useful side channel back then.
ssh is from the second half of the '90s. Back then best practice was to pad with random data. Later because of people noticing how hard it would be to see if there was a side channel data in that padding, the norm started to be accepted to use predefined padding. Publicly people started writing about this right around the time of the note you highlighted. Of course it's something that would be noticed by others looking over the code at that time, practices relating to the padding had changed for the very reason the note discusses, but back when ssh was developed, it was conventional wisdom to do as ssh did.
You could get unlucky and have some significant percentage of players with keys that are not all linearly independent. To simplify, say you have the equations x+y=0 and 2x+2y=0 that second one does not help at all. I last looked at HDCP a long time ago, but there was some other aspect like there needed to be the same number of 1 and 0 bits, so even if you got unlucky, had gotten 100 unique keys from hardware and only had 20 basis, that extra fact may have been enough to work it out.
They were an early casualty that had to redo their first issue magazine app because of Apple. In the end it was an underwhelming 500MB kludge, and I doubt they recouped the costs that they must have put into that.
Wow thanks for that great reply. It's funny that you mentioned your mom being a DKJr junkie because my mom got addicted to Lady Bug. She played so much that she started hallucinating the bugs on the wall! So then she stopped.
Another funny one was that my parents, uncle, and aunt would gamble with the video games. Again Lady Bug was a popular one for that. Pretty much all the games were up to 4 player for that system, but the way they ended-up playing Lady Bug is that husband and wife would be a team taking turns. My aunt was so bad in comparison that they would structure the bets so that my parents had to win by a certain margin of points in order to win the money.
I never did get that 2600 adapter, but I always wanted it solely for the Hoth battle Atari game. Anyway thanks again for sharing the neat memories.
I had one too and since this is about great games that I would like to see resurrected, I nominate Lady Bug and War Room. But I'd say the ColecoVision was not an awful system, I thought it was the best at the time in fact!
Seriously it's time to forgive your parents. As a kid I did all sorts of odd jobs like recycling metals, mowing lawns, and working in scout camps to earn enough for my first box of dev tools. I paid $450 for an education box of Borland's C/C++ compiler, macro assembler assembler, and editor. It took me years to earn that. To put it in perspective I paid $250 a few years later for my first car, also money I had earned myself. As a parent now myself, I really hope you were making a (as it turns-out bad) joke.
The 24 hour window to watch rented movies in will not work for me. The 48hr windows for TV shows may be just barely enough. Once you have kids and a life it tends to take a few evenings to finish a film. I don't understand why they cannot expand that to something like a 5-7 days to be in the same ballpark as DVD rental places.
Does this really address the problem, won't using something like "int foo, bar[0x10000], baz;" in a function be able grow your stack around the SIGBUS check?
Hmm... It's really the pixmaps that are way faster over MIT-SHM. If you are local than the unix domain socket is not all that much slower, there is an extra copy involved. With the pixmap you can just modify the image directly. Though there was a long time where this was not universal, and when you expected it to work sometimes it did not since the 2D acceleration in the driver broke it since the pixmap was really in framebuffer memory.
But for a long time people have been doing XShmQueryVersion() and only using the extension if present. The reason for that is to have it work right when server and client are remote. The only software I have seen that relies on XShm also uses OpenGL anyway.
The fact of the matter is that you bought a car for $35K and cannot afford to be chauffeured around in it. In Europe big Audis like these are in fact commonly used to chauffeur around politicians. The people in the back are not the ones paying for the cars and in many European countries you might want to tack on 40-80% to the US price for a car "The 2011 Audi A8 L prices tarts at 79,000 Euro" 79,000 Euro is about $102K. You are not getting the same options and engine though for those prices. The price discrepancy is the biggest though on Japanese cars in the countries with high tariffs.
This is Frash, in fact the link that should have been included in the story should have been to the Frash github (this IS slashdot after all not gizmodo) http://github.com/comex/frash
Also until recently Frash only ran on iPad, like you state, but now it is getting better on iPod Touches and iPhones of a couple generations as well, so that's new and worthwhile info.
What are you even saying? Here is are some sentences in a proportional font where I put 0-5 spaces after the sentence:
Lameness filter is lame.m 0 spaces after sentence. Lameness filter is lame. m 1 spaces after sentence. Lameness filter is lame. m 2 spaces after sentence. Lameness filter is lame. m 3 spaces after sentence. Lameness filter is lame. m 4 spaces after sentence.
1-5 spaces all begin the m at the second vertical line of the m with 0 space before it. Do you see that it makes no visible difference in this case where you use 1 or 2 spaces at the end of a sentence, not even 5 spaces makes a difference. Using two spaces doesn't make it look any less crowded.
Somebody mod this up, it clearly states wikipedia is not allowed to have this, whether or not that makes sense is another question all together and one the wikipedia seems to be willing to take very far.
I don't know if I buy it that there is no such law. One a federal judge told me there was in fact a law that prevented me from taking a photo of the seal above her bench. There are a lot of peculiar laws on the books.
Slashdot Mirror
They threw in that shooting bit at the end since they are hoping a few more people google for something tangentially related and read their page. Just like they tried to tie in to Fukushima.
Because of SEO, be thankful it could not be somehow associated with mesothelioma lawyers, diet pills, or worse.
It's more like '03 it became recognized more widely, since I changed jobs Dec '02, and shortly after that I heard about this idea. I remember thinking, "Oops," cause of where I had worked before and how clever we had thought we had been avoiding timing attacks which had been the previous clever trick. The best idea then was to use strong random data to pad with, and we did. Of course that was really hard to check if it was simply random padding if you wanted to verify it, to make sure nothing was being leaked there for example.
In any case the IPSEC specs were then later changed to recommend defined padding, and yes the padding I am referring to you would not need the keys before hand to look at. Of course there are lots of other ways to leak things, like timing which you mentioned, or the way you break-up packets, or where/when you use options, etc. All those would be harder to hide in the code though.
FWIW, I'm thinking these claims made by Perry are a load of crap, but that's just my opinion.
padding, back then it was random in OpenBSD, hard to verify, never looked at by software. Now it's speced in a verifiable manner. Either nobody knew or nobody was forth coming with the information that it was a useful side channel back then.
Exactly, the article author should contact Jason Wright and his associates for comment.
ssh is from the second half of the '90s. Back then best practice was to pad with random data. Later because of people noticing how hard it would be to see if there was a side channel data in that padding, the norm started to be accepted to use predefined padding. Publicly people started writing about this right around the time of the note you highlighted. Of course it's something that would be noticed by others looking over the code at that time, practices relating to the padding had changed for the very reason the note discusses, but back when ssh was developed, it was conventional wisdom to do as ssh did.
If you make $200K in a year you are not being punished, you pay a grand total of 0 cents extra in tax you did not pay last year.
You could get unlucky and have some significant percentage of players with keys that are not all linearly independent. To simplify, say you have the equations x+y=0 and 2x+2y=0 that second one does not help at all. I last looked at HDCP a long time ago, but there was some other aspect like there needed to be the same number of 1 and 0 bits, so even if you got unlucky, had gotten 100 unique keys from hardware and only had 20 basis, that extra fact may have been enough to work it out.
They were an early casualty that had to redo their first issue magazine app because of Apple. In the end it was an underwhelming 500MB kludge, and I doubt they recouped the costs that they must have put into that.
http://www.downloadsquad.com/2010/05/27/adobe-rewrites-wired-magazine-ipad-app-without-flash-gets-it-ap/
Wow thanks for that great reply. It's funny that you mentioned your mom being a DKJr junkie because my mom got addicted to Lady Bug. She played so much that she started hallucinating the bugs on the wall! So then she stopped.
Another funny one was that my parents, uncle, and aunt would gamble with the video games. Again Lady Bug was a popular one for that. Pretty much all the games were up to 4 player for that system, but the way they ended-up playing Lady Bug is that husband and wife would be a team taking turns. My aunt was so bad in comparison that they would structure the bets so that my parents had to win by a certain margin of points in order to win the money.
I never did get that 2600 adapter, but I always wanted it solely for the Hoth battle Atari game. Anyway thanks again for sharing the neat memories.
I had one too and since this is about great games that I would like to see resurrected, I nominate Lady Bug and War Room. But I'd say the ColecoVision was not an awful system, I thought it was the best at the time in fact!
Seriously it's time to forgive your parents. As a kid I did all sorts of odd jobs like recycling metals, mowing lawns, and working in scout camps to earn enough for my first box of dev tools. I paid $450 for an education box of Borland's C/C++ compiler, macro assembler assembler, and editor. It took me years to earn that. To put it in perspective I paid $250 a few years later for my first car, also money I had earned myself. As a parent now myself, I really hope you were making a (as it turns-out bad) joke.
My dreams as a little kids were in B&W. My first color TV was in '83. By '91 almost all of my dreams were in color.
This is exactly the truth. I am upset with every place linking to the patch to allow 'backups' when I just want OtherOS and homebrew back.
The 24 hour window to watch rented movies in will not work for me. The 48hr windows for TV shows may be just barely enough. Once you have kids and a life it tends to take a few evenings to finish a film. I don't understand why they cannot expand that to something like a 5-7 days to be in the same ballpark as DVD rental places.
Does this really address the problem, won't using something like "int foo, bar[0x10000], baz;" in a function be able grow your stack around the SIGBUS check?
Hmm... It's really the pixmaps that are way faster over MIT-SHM. If you are local than the unix domain socket is not all that much slower, there is an extra copy involved. With the pixmap you can just modify the image directly. Though there was a long time where this was not universal, and when you expected it to work sometimes it did not since the 2D acceleration in the driver broke it since the pixmap was really in framebuffer memory.
But for a long time people have been doing XShmQueryVersion() and only using the extension if present. The reason for that is to have it work right when server and client are remote. The only software I have seen that relies on XShm also uses OpenGL anyway.
Thanks for the simple and short explanation.
please mod parent up
The fact of the matter is that you bought a car for $35K and cannot afford to be chauffeured around in it. In Europe big Audis like these are in fact commonly used to chauffeur around politicians. The people in the back are not the ones paying for the cars and in many European countries you might want to tack on 40-80% to the US price for a car "The 2011 Audi A8 L prices tarts at 79,000 Euro" 79,000 Euro is about $102K. You are not getting the same options and engine though for those prices. The price discrepancy is the biggest though on Japanese cars in the countries with high tariffs.
This is Frash, in fact the link that should have been included in the story should have been to the Frash github (this IS slashdot after all not gizmodo) http://github.com/comex/frash
Also until recently Frash only ran on iPad, like you state, but now it is getting better on iPod Touches and iPhones of a couple generations as well, so that's new and worthwhile info.
Sure, I used bugmenot:
http://s3.amazonaws.com/ppt-download/slaviero2010memcache-100803232447-phpapp02.pdf?Signature=CatPvvPgJL3nxkECUrqgQ%2ByH4OE%3D&Expires=1281288118&AWSAccessKeyId=AKIAJLJT267DEGKZDHEQ
PS: I also have no Flash installed and felt your pain as well.
What are you even saying? Here is are some sentences in a proportional font where I put 0-5 spaces after the sentence:
Lameness filter is lame.m 0 spaces after sentence.
Lameness filter is lame. m 1 spaces after sentence.
Lameness filter is lame. m 2 spaces after sentence.
Lameness filter is lame. m 3 spaces after sentence.
Lameness filter is lame. m 4 spaces after sentence.
1-5 spaces all begin the m at the second vertical line of the m with 0 space before it. Do you see that it makes no visible difference in this case where you use 1 or 2 spaces at the end of a sentence, not even 5 spaces makes a difference. Using two spaces doesn't make it look any less crowded.
Somebody mod this up, it clearly states wikipedia is not allowed to have this, whether or not that makes sense is another question all together and one the wikipedia seems to be willing to take very far.
I don't know if I buy it that there is no such law. One a federal judge told me there was in fact a law that prevented me from taking a photo of the seal above her bench. There are a lot of peculiar laws on the books.