I wonder what percentage of Slashdot is college educated in Comp. Si./devel vs. those who have completely unrelateed degrees vs. those who have no degrees and learned it all on their own (I.T. that is)
Well, I have a degree in Psych. and am a security engineer (I know, I know... but it's the title on my business cards) for a large global company. I am also one of the few subject matter experts in crypto at our company. Except for some very specialized training (mostly crypto), most of my IT knowledge was either self-taught or gained in a sort of informal "Master/Apprentice" situation. All of this would never have been possible if my father hadn't purchased a Commodore Vic-20 for my 11th birthday. Thanks, dad.
Strangely enough, my psychology degree has been coming in handy as I climb higher in the organization and deal with global business units. Especially when communcating with C-level executives. Heh. My main focus was in Developmenatl Psych:)
Mach has no dimension. It is the ratio of two speed measurements. The units cancel each other out and only the scalar is left. There is no dimension to "Mach".
If you wish to get a speed value from a Mach Number, you must convert it first by multiplying the scalar by the speed of sound. This result will have the units of whatever scale was used for measuring the speed of sound waves (m/s, MPH, etc...) When people refer to Mach as a speed, they are really doing the conversion automatically.
Yes, that is a perfect example of a dimensionless number. Well done.
Oh, wait... you were trying to show that the idea of dimensionless numbers were absurd. So to do that... you come up with a good example of what a dimensionless number is?
Well I don't think oblique references really count* - My Godwin-O-Meter barely twitched, so let's keep this thread going. C'mon! Someone step up to the plate and bring on the Nazi/SS/Hitler name calling!
I would have thought some sputtering geek would have his (or her) panties in a bunch by now. Damn it! Where's the outrage? The poorly constructed sentences written by pounding rage-clenched fists on the keyboard?
I am so disappointed...
* - However, I don't think the GP was referring to what you think he was.
Because I know my mom is up-and-up on software licensing. I mean, she's so leet that she can almost manage to check her e-mail without asking for help.
Non sequitur. What does this have to do with anything?
Competence and/or understanding is not a prerequisite to own the licensing to something. It is not a prerequisite for owning anything.
Well, technically that is an unasnwerable question. Kinda like dividing by zero. Since part of the Big Bang is the creation of space-time, there is no such thing as "before" or "after" or even "now".
Well, a couple of years ago I would have agreed with you:)
Since then, I have been working crypto in a very large international bank (and they are very serious about this stuff). I quickly found out that theoretical != reality. Crypto alogorithms are usually very strong secure. It's the authentication and key protocols that are the weakest link.
I thought the major impetus for switching to Intel was the supply and timely delivery of the PowerPC (or lack thereof). IBM was not willing to meet Apple's requirements. There is no guarantee they would meet them with this chip, either.
Doesn't the Diffie-Hellman key exchange fix this problem?
And how do you set it up in this case? This is the most complicated part of PKI. Authentication and key distribution. If they are just swapping PKs without authentication at the beginning session, then this is *very* vulnerable. Seriously, setting a PK distribution system to ensure authentication and non-reputability is not a trivial task. Yes, you can be reasonably safe, but you are still vulnerable to a MITM attack.
Most key exchange these days happens with the browser for session keys over SSL. This is still vulnerable to anyone that has control of the first hop or last hop of the network. Like, oh I don't know, an ISP? Using re-direction and valid SSL certs (for the site being re-directed to) make a MITM very doable as long no one is paying close attention to the connection details. Which most don't - especially if the connection is to an IP address as opposed to a FQDN.
The only way an ISP is going to MITM this one is if they play both sides, and act as the MITM for the whole conversation.
Yes.
And they're going to have the processing power to decrypt and re-encrypt every packet, for every protocol, for every user crossing their network?
Um, exactly how hard do you think this is. They're not using processors from 1989. The only computationally intensive part is the assymetric key encryption. This is only used at the beginning to exhange the symmetric key. Symmetric key encryption has a low computational cost. So yes, I would expect them to employ this if they were trying MITM. Don't rely Applied Cryptography for your computing cost numbers:) It's a great book, but processors are orders of magnitude faster than when it was written.
I only brought all this up, originally, because someone claimed that a MITM attack is impossible with PK. This is not true at all. The specific protocol implementation and authentication methodology for the PK can make it wickedly difficult, but never impossible. Especially if the key distribution method occurs over the network that is suspect to begin with. As long as the communication channel is the same as the key distibution channel, there are serious vulnerability concerns.
However, I feel this will not happen due to legal concerns of the ISPs - DMCA, Privacy Act, etc..
Well, yeah. Sort of. MITM won't happen only if there's some sort of authentication happening. In other words, I know without a doubt that this is a valid public key for the torrent site. If they are just presenting the public keys at the time of tunnel creation so the symmetric key can be distributed, and are not using any kind of validation, then a MITM would be fairly trivial.
The only way I could see this working would be to publish the PK on the torrent site for each torrent. You would download it and load it into your client. Then initiate the connection.
I'm pretty sure you're talking from phone->tower->phone (unless using walkie-talkie mode), so the geometry is a little more complicated than TFA states.
Considering that radio signals generated by a cell phone aren't directional, I would say the geometry is a *lot* less complicated. Simple proximity should be fine (if in fact this works, which I doubt...). Pointing the tips of the two phones at the egg would be the best since the signal will radiate out from the antennae.
Also, depending on your signal strength you may not be using full transmitter power. If you could cook an egg in 3 mins your battery wouldn't last for 6 talk hours.
True, but alot of that "6 hour talk time" comes from ramping the transmission signal waaay down when there is silence on your end (just enough to maintain the connection). This is where playing music comes into play in this case. There is no silence, the mike is always active, so the transmit signal is always fairly strong.
They're not making any money from already-sold devices.
???
They sure as hell are. All those companies that have the Enterprise Server to link into the email system are paying them scads of money each year in licensing fees. Those license fees are a "per device" basis (generally speaking) so each blackberry sold to a company is generating annual revenue for them.
you cannot be selective about who you go after with patent issues - its an all or none type of thing.
Yes you can. Other companies do this all the time. You go after the weaker "infringers" first. Build a war chest and tackle the tough nuts. They saw RIM as being in a weak position since RIM's entire business relies on the technology being claimed by NTP.
This is not like Trademark. There if you don't go after *all* infringers, you can (and most likely will) lose any right to that trademark. The word "trampoline" comes to mind. And to a slightly lesser extent "kleenex".
I have eight guys in my specific dept (a section of security). As it stands right now, we are averaging about 10,000 USD per person for training this year. It will probably double before the end.
Every company I've worked for (small, large, huge) have either paid for or reimbursed employees for relevant training.
I usually agree whole-heartedly with what you write, dada, but you seem to have some wild hair up your butt that's making you spout nonsense today. What gives?
At least I'm not the only one thinking that. I may not always agree with what dada says, but I can generally appreciate where he's coming from. Usually, he stays pretty on topic, but today it seems every other comment is solely to troll about unrelated topics (be it Iran or the Imperialism of the US)
The implication, to a normal person, when you tell someone "iTunes is sending your listening habits to Apple" is that Apple is keeping and aggregating this information. They are not.
And you know this because Apple... said so?
Is your picture next to gullible in the dictionary?
This is the reason I stopped using Real and this will be the reason I stop using iTunes. I haven't purchased anything from the store in over 6 months, so no real loss. There are 3rd party apps in both Windows and Linux that can do everything iTunes does except purchase music (again, who cares) I can manage my collection, podcasts, playlists, listen to music (both AAC/MP3 and streaming audio), and manage my ipod all without iTunes.
Slashdot Mirror
I wonder what percentage of Slashdot is college educated in Comp. Si./devel vs. those who have completely unrelateed degrees vs. those who have no degrees and learned it all on their own (I.T. that is)
:)
Well, I have a degree in Psych. and am a security engineer (I know, I know... but it's the title on my business cards) for a large global company. I am also one of the few subject matter experts in crypto at our company. Except for some very specialized training (mostly crypto), most of my IT knowledge was either self-taught or gained in a sort of informal "Master/Apprentice" situation. All of this would never have been possible if my father hadn't purchased a Commodore Vic-20 for my 11th birthday. Thanks, dad.
Strangely enough, my psychology degree has been coming in handy as I climb higher in the organization and deal with global business units. Especially when communcating with C-level executives. Heh. My main focus was in Developmenatl Psych
Mach has no dimension. It is the ratio of two speed measurements. The units cancel each other out and only the scalar is left. There is no dimension to "Mach".
If you wish to get a speed value from a Mach Number, you must convert it first by multiplying the scalar by the speed of sound. This result will have the units of whatever scale was used for measuring the speed of sound waves (m/s, MPH, etc...) When people refer to Mach as a speed, they are really doing the conversion automatically.
This seems to be a good place to start.
Yes, that is a perfect example of a dimensionless number. Well done.
Oh, wait... you were trying to show that the idea of dimensionless numbers were absurd. So to do that... you come up with a good example of what a dimensionless number is?
Boy, that must suck.
Well I don't think oblique references really count* - My Godwin-O-Meter barely twitched, so let's keep this thread going. C'mon! Someone step up to the plate and bring on the Nazi/SS/Hitler name calling!
I would have thought some sputtering geek would have his (or her) panties in a bunch by now. Damn it! Where's the outrage? The poorly constructed sentences written by pounding rage-clenched fists on the keyboard?
I am so disappointed...
* - However, I don't think the GP was referring to what you think he was.
Because I know my mom is up-and-up on software licensing. I mean, she's so leet that she can almost manage to check her e-mail without asking for help.
Non sequitur. What does this have to do with anything?
Competence and/or understanding is not a prerequisite to own the licensing to something. It is not a prerequisite for owning anything.
"what occured before the Big Bang"
Well, technically that is an unasnwerable question. Kinda like dividing by zero. Since part of the Big Bang is the creation of space-time, there is no such thing as "before" or "after" or even "now".
Well, a couple of years ago I would have agreed with you :)
Since then, I have been working crypto in a very large international bank (and they are very serious about this stuff). I quickly found out that theoretical != reality. Crypto alogorithms are usually very strong secure. It's the authentication and key protocols that are the weakest link.
I thought the major impetus for switching to Intel was the supply and timely delivery of the PowerPC (or lack thereof). IBM was not willing to meet Apple's requirements. There is no guarantee they would meet them with this chip, either.
So no, Apple did not move too soon.
Doesn't the Diffie-Hellman key exchange fix this problem?
:) It's a great book, but processors are orders of magnitude faster than when it was written.
And how do you set it up in this case? This is the most complicated part of PKI. Authentication and key distribution. If they are just swapping PKs without authentication at the beginning session, then this is *very* vulnerable. Seriously, setting a PK distribution system to ensure authentication and non-reputability is not a trivial task. Yes, you can be reasonably safe, but you are still vulnerable to a MITM attack.
Most key exchange these days happens with the browser for session keys over SSL. This is still vulnerable to anyone that has control of the first hop or last hop of the network. Like, oh I don't know, an ISP? Using re-direction and valid SSL certs (for the site being re-directed to) make a MITM very doable as long no one is paying close attention to the connection details. Which most don't - especially if the connection is to an IP address as opposed to a FQDN.
The only way an ISP is going to MITM this one is if they play both sides, and act as the MITM for the whole conversation.
Yes.
And they're going to have the processing power to decrypt and re-encrypt every packet, for every protocol, for every user crossing their network?
Um, exactly how hard do you think this is. They're not using processors from 1989. The only computationally intensive part is the assymetric key encryption. This is only used at the beginning to exhange the symmetric key. Symmetric key encryption has a low computational cost. So yes, I would expect them to employ this if they were trying MITM. Don't rely Applied Cryptography for your computing cost numbers
I only brought all this up, originally, because someone claimed that a MITM attack is impossible with PK. This is not true at all. The specific protocol implementation and authentication methodology for the PK can make it wickedly difficult, but never impossible. Especially if the key distribution method occurs over the network that is suspect to begin with. As long as the communication channel is the same as the key distibution channel, there are serious vulnerability concerns.
However, I feel this will not happen due to legal concerns of the ISPs - DMCA, Privacy Act, etc..
Well, yeah. Sort of. MITM won't happen only if there's some sort of authentication happening. In other words, I know without a doubt that this is a valid public key for the torrent site. If they are just presenting the public keys at the time of tunnel creation so the symmetric key can be distributed, and are not using any kind of validation, then a MITM would be fairly trivial.
The only way I could see this working would be to publish the PK on the torrent site for each torrent. You would download it and load it into your client. Then initiate the connection.
I'm pretty sure you're talking from phone->tower->phone (unless using walkie-talkie mode), so the geometry is a little more complicated than TFA states.
Considering that radio signals generated by a cell phone aren't directional, I would say the geometry is a *lot* less complicated. Simple proximity should be fine (if in fact this works, which I doubt...). Pointing the tips of the two phones at the egg would be the best since the signal will radiate out from the antennae.
Also, depending on your signal strength you may not be using full transmitter power. If you could cook an egg in 3 mins your battery wouldn't last for 6 talk hours.
True, but alot of that "6 hour talk time" comes from ramping the transmission signal waaay down when there is silence on your end (just enough to maintain the connection). This is where playing music comes into play in this case. There is no silence, the mike is always active, so the transmit signal is always fairly strong.
They're not making any money from already-sold devices.
???
They sure as hell are. All those companies that have the Enterprise Server to link into the email system are paying them scads of money each year in licensing fees. Those license fees are a "per device" basis (generally speaking) so each blackberry sold to a company is generating annual revenue for them.
The only way left to expand is to make sure more people survive.
/.
That is, without a doubt, the most down-right cynical comment I have ever seen on
I don't know wheter to be impressed or apalled...
you cannot be selective about who you go after with patent issues - its an all or none type of thing.
Yes you can. Other companies do this all the time. You go after the weaker "infringers" first. Build a war chest and tackle the tough nuts. They saw RIM as being in a weak position since RIM's entire business relies on the technology being claimed by NTP.
This is not like Trademark. There if you don't go after *all* infringers, you can (and most likely will) lose any right to that trademark. The word "trampoline" comes to mind. And to a slightly lesser extent "kleenex".
Now where's my Nobel Prize for mdicine?
It's in Swden...
If it's anything like *my* grandmother's - who exhibits very similar behavior (except for the beer thing) - it's most likely Senile Dementia.
(dev) "We've supported EFI for a while now. should be non-trivial"
Uh... doesn't that mean it's really hard to do? Or is there a different definition of "non-trivial" he's using?
I have eight guys in my specific dept (a section of security). As it stands right now, we are averaging about 10,000 USD per person for training this year. It will probably double before the end.
Every company I've worked for (small, large, huge) have either paid for or reimbursed employees for relevant training.
chomping at the bit
Champing! Champing at the bit! God, that drives me insane when people say "chomping". Not only is "chomping" wrong, it's also sounds stupid.
Champing
It's almost as bad as that non-sensical word: irregardless.
I think you need to take inertia into account here.
I usually agree whole-heartedly with what you write, dada, but you seem to have some wild hair up your butt that's making you spout nonsense today. What gives?
At least I'm not the only one thinking that. I may not always agree with what dada says, but I can generally appreciate where he's coming from. Usually, he stays pretty on topic, but today it seems every other comment is solely to troll about unrelated topics (be it Iran or the Imperialism of the US)
Would it be informative, or Insightful to say "ABOUT F-ING TIME!" ?
Obviously not...
No data is collected or viewed by human beings
And you know this... how?
Apple is just moving into the space Real Networks created.
The implication, to a normal person, when you tell someone "iTunes is sending your listening habits to Apple" is that Apple is keeping and aggregating this information. They are not.
And you know this because Apple... said so?
Is your picture next to gullible in the dictionary?
This is the reason I stopped using Real and this will be the reason I stop using iTunes. I haven't purchased anything from the store in over 6 months, so no real loss. There are 3rd party apps in both Windows and Linux that can do everything iTunes does except purchase music (again, who cares) I can manage my collection, podcasts, playlists, listen to music (both AAC/MP3 and streaming audio), and manage my ipod all without iTunes.
You've read 1984, haven't you? Those weren't TVs, they were computers.
Yes, because as everyone knows the Mac has so saturated the market to be near ubiquitous.