A CD-R chock full of books in ANSI text or XML
or even PDF format could easily provide the basis
for a lifetime's worth of OTP
Nope. You do not base OTP on blocks of known words. That can be deciphered rather easily. The OTP needs to be random characters. You'd be better off using binary files (but still not as good as a truly random pad). I think you may have confused concepts from a book cipher and OTP.
Which re-raises the question of why it is easier to see things that actually are moving.
Years and years of evolution. With humans, movement attracts the immediate attention of the brain and an immediate risk assessment is done. It is a survival tool.
It is also allows a predator (which humans are, also) to isolate moving prey from the static landscape.
I have never heard of the "eye is constantly moving so we can see" theory/idea. Sounds like BS to me. In fact when the eye moves (either in the socket or when the head moves), we are temporarily blind for about 200ms. This is why what we see does not blur when we shift our focus on something else (try it!)
I recommend the O'Reiley book called "Mind Hacks". The authors go into this in much more detail.
I think the one that involved the asteroid was David Brin's "Earth." Been a while since I read it, however, so I could be wrong. I seem to remember there were 2 holes in the earth -- one was evaporating and one was growing. Alpha was a micro originally used for an energy plant that failed and it sank to the center of the earth where they thought it would just evaporate. After some weird localized gravity events all over the world, it was determined it was growing. They started to plot the oscillations of Alpha, and discovered Beta because all the equations weren't working unless they assumed a second black hole that was growing. They were able to create a sort of equilibrium use the mass of the earth, the Beta black hole, and the asteroid in a very specific.
The Beta hole would occasionally emit a sort of wave of coherent gravity (or something like that). By positioning the asteroid, they could more or less aim the "gaser". It was going to be developed as a defensive weapons against whatever put the Beta hole in the earth. All in all a strange, cool book.
...let's assume that you need more than 1GB of space for the OS...
I really cannot conceive of any situation where I would need more than 1GB for recovery OS+tools. Hell, Knoppix only takes 1 CD and that's a full blown OS.
I currently have two LiveCD for this. One is the Fedora3 rescue CD and the other is F.I.R.E for forensic and file recovery. Either one would fit easily on a 512 GB thumb drive, let alone a 1 GB one. On a 1 GB I could have the OS image and still have space left over for any special drivers. Please note I'm talking about an OS for recovery/forensics only - not a full blown distro.
Syncopation? Syncopation? In my native language, we'd use alliteration. Oh, and I speak English. You do have to appreciate the poster's attempt at being a Grammar Nazi, though.
Well, it is to those of us who live here - or depended on Meigs Field. Ok, maybe it wasn't funny. This is exactly how he shut down Meigs. Sent bulldozers in the middle of night to carve huge Xs in the runway rendering it useless. He caught EVERYONE flatfooted with that move.
...than spend 75 cents on songs that are DRM'd and can only be played on my computer or iPod
You forgot to add "and I can burn to a CD I can play anywhere."
Even adding the cost of a good quality CD-R, it is still much cheaper than buying a CD at the store (using the $0.05 per track hypothetical price). If you intend to use the music on the CD in an iPOD or iRiver or whatever, the time to rip the CD vs. the time to burn the CD would come out about the same. Sound quality would be not as good, but (for me at least) it's imperceptable and for the music where quality is absolutely necessary... well, then I buy the CD.
Of course, with the current pricing model, the cost of either scenario works out about the same. I only use iTMS for indivdual tracks or hard to find/out of print music. If I want a whole album, I usually purchase the CD trough Amazon over buying an entire one on iTMS.
Except this is a civil matter, not a criminal one, and therefore a jury does not come into it
Wrong.
There are juries in civil suits, also. The number of jurors is different, however. I beleive instead of 12, as in criminal court, there are only 6. What your referring to is a bench trial, and that has to be specifically requested (and I've also only heard of those in regard to criminal proceedings). When the news talks about juries awarding astounding damage claims to plaintiffs, they are talking about juries in civil cases.
Right now, the case is still in discovery, so the jury hasn't even been selected yet.
Firewalls should be dedicated hardware devices that monitor traffic connection in and out of the local network.
I beleive that's known as the "cruchy outer shell - chewy middle" type of security. This looks nice and effective, but in some industries (i.e. banking) internal threats are much more prevelant. Yes firewalling subnets internally will help, but it does nothing for someone attacking a workstation (or server - but those should have their own subnet) on the same subnet.
For true defense in depth, I would recommend Host-based IDS in conjunction with network IDS and firewalling all workstations. If firewalling may be beyond your resources, at least lock down any extraneous services, enforce strong password/passphrase, start using 2-factor auth if you can. I work at a huge international bank, and in the past year at least one internal employee has been caught trying to harvest information (not client information - but information that would place him one step closer to getting client info). He was caught because of defenw-in-depth. If we had only firewalled the subnetworks, we would not have known an internal attack was happening (and who's to say we would have caught him as moved to more and more sensitive info).
Even though bank employees have backround checks run (just for prior criminal convictions), sometimes these are just first-time "opportunity" crimes. Similar to someone seeing a car with the keys in it and who just can't resist taking it even though he may have never done an illegal thing in his life. Hell, I remember (years ago) when I was a help-desk drone just wandering the network to see what was there, and sometimes came across potentially damaging information. I didn't do anything, but someone else could have. By having high granularity in your security system you can vastly reduce these internal instances (or at least make detection and mitigation much, much easier).
..The point, however, is that value is a matter of persepective..
I agree. I have found a lot of music that I used to have on cassette or LP and purchased from iTMS because it was a hassle/more expensive to find a CD from some specialty shop. I also purchase songs of artists I already know I will listen to over and over or on a recommendation from friends whose music taste is compatable (that's how I "disovered" the Old 97s). iTMS has a much greater value to me personally.
If I were a top-40 drone, Napster would be of much greater value. For some iTMS is way to go, for others it's Napster. It all depends on whether you buy music for lengevity or just want to ride the wave of the "hip new sound". I tend to think that overall the online music market may become a better place because of the different choice of models.
So ultimately I agree that value in this case is entirely based on ones perspective. At first I was going to rebut the first paragraph only (in true/. tradition), and then I read the rest of your post and found myself in total agreement:)
Re:been thinking about mythtv for a while...
on
MythTV 0.17 Released
·
· Score: 1
Your component cables probably are coaxial.
Well I don't know about you, but mine aren't coaxial. They are standard wire cable(heavy gauge) terminating in RCA-type male connectors. With the component cables I have (PS2, HD Cable, DVD) the insulation actually bundles all three wires into one flat (and thick) ribbon with 3 male RCA terminations at each end (except the PS2 - one end is the standard PS2 video input plug thingee). Coax is a completely different type of cable.
Now the raw feed into my HD cable box and my cable modem is coax, but from my cable box to the TV is 3-cable component.
No, the Internet was supposed to survive the outages of nuclear warfare, not guarantee complete anonymity. Complete anonymity will be used for theft, guaranteed.
Bzzzt! Wrong! This is one of the biggest Urban Myths out there right now. It seems I see this every copld months or so.
The internet began as a RFP in ARPA(long before ARPA became DARPA). It was started as way to:
1 - eliminate the need for 4 different terminal types on one desk.(that was how the idea germinated)
2 - Facilitate the sharing of information beteween gov't contractors and researchers who had ARPA grants.
3 - A way to timeshare systems for researchers who would not oridinarily have access to such systems.
It was US centric at the beginning and ARPA and ARPA's subcontractors/researchers only.
ARPA net was not designed for fault tolerence of command/control during a nuclear war. That was the impetus behind Paul Baran's development of the idea of packet-switching networks (that wasn't his name - the term "packet" came from Davies who sorta developed the same idea concurrently). He could never drum up support for the idea with ATT (really the only entity that could impliment it at the time). They said it was stupid idea. ARPA later grabbed the idea of packet switched networks and used it because it lent a robustness to otherwise unreliable lines of communications and the IMPs that terminated each line. The fact of the fault tolerence in terms of catastrophic destruction due to war is simply a coincidental side effect when you take into account the reasons the ARPA project was using packet switched networks.
Sorry. Got on my high-horse there. I just can't stand when people say that ARPAnet was designed in a distributed manner to survive a nuclear war. Not true. It was the basis of Paul Baran's conceptual model of a packet switching distributed network.
I can't speak for Dell, but Miscrosoft DOES allow that. It's enterprise volume licensing. We report every quarter how many Server, Wkstn, VStudio, Office, etc. are deployed. Of course we have well over 100,000 deployments, so Vendor Management was able to negotiate the fees. I do believe this available to just about any company.
The only thing is, I beleive MS can come in and audit any time they want (have not so far). But since SMS is used to generate the licensing reports, I don't think it's an issue.
That being said, my group is deploying a service that was developed on Linux. For workstations - no problem - fire it up and install. For servers - AAHHHH!! - We have standard packages - so instead of a low-end $1900 server which more than meets our needs, we have to buy the $4000 server to meet company standards. And we don't touch the hardware - there's a group for that. And we can't do patch rollout - there's a group for that. And it takes 6-10 weeks from approval to installation into the DEVELOPMENT environment. Don't get me started on the escalation procedure up to production (4 environments, multiple group sign-off... grrr). To be fair, it's just as difficult with WinTel servers.
I think maye you're thinking about something like this?
The way you're describing how you want it to work would be utilizing X.509 certs. It'll authenticate users to Windows Active Directory, LDAP... anything that can use X.509 for authentication. I'm sure (for a hefty fee) RSA can adapt it to other authentication platforms. The only caveat is it seems a little physically fragile.
Had he not done that 40,000 computers would still have been infected...
Bad argument. Say I have a flimsy lock and live in a bad neigborhood. Someone breaks in and trashes my place (what this kid did is analogous, though on a larger scale). I have this person arrested. Now should he be let off because "I had inadequate security and it would have happened sonner or later." As it has been noted before, criminal law doesn't care about "might" or "could" or "would". It cares about what did happen.
I don't know about you, but I sent an email for more information... Well, actually I just asked them how big their balls were to have such an obvious scam product. Here ya go, knock yourself out.
But the I beleive the prisoners do make wages for that work. Perhaps its only tender that you can exchange for goods (such as radios or what not) in the prison store(I'm not sure if they are paid in US currency), but it is a remuneration for services rendered.
AFAIK, the forced-labor camps in China are basically slave shops.
Doesn't it also need some type of nueral-electrical stimulus to get it to contract? Muscle just doesn't contract/relax on its own. It needs some sort of external stimulus.
As an aside, doesn't the main nerve (can't remember name and too lazy to Google) that carries the impulse to the heart generate a 60Hz pulse. I remember reading that was why so many (low voltage) electrocution deaths in the US were due more to heart failure rather than tissue and burn damage.
Slashdot Mirror
A CD-R chock full of books in ANSI text or XML or even PDF format could easily provide the basis for a lifetime's worth of OTP
Nope. You do not base OTP on blocks of known words. That can be deciphered rather easily. The OTP needs to be random characters. You'd be better off using binary files (but still not as good as a truly random pad). I think you may have confused concepts from a book cipher and OTP.
All right I take back my "BS" statement. I have heard of ocular tremor. I had forgotten completely about it.
:/
Been spending the last week creating Sarbanes-Oxley "Evidence of Control" statements, so my brain is a little sluggish
Which re-raises the question of why it is easier to see things that actually are moving.
Years and years of evolution. With humans, movement attracts the immediate attention of the brain and an immediate risk assessment is done. It is a survival tool.
It is also allows a predator (which humans are, also) to isolate moving prey from the static landscape.
I have never heard of the "eye is constantly moving so we can see" theory/idea. Sounds like BS to me. In fact when the eye moves (either in the socket or when the head moves), we are temporarily blind for about 200ms. This is why what we see does not blur when we shift our focus on something else (try it!)
I recommend the O'Reiley book called "Mind Hacks". The authors go into this in much more detail.
I hope all your replicated servers aren't in the same location. That'd be... well, not smart.
I think the one that involved the asteroid was David Brin's "Earth." Been a while since I read it, however, so I could be wrong. I seem to remember there were 2 holes in the earth -- one was evaporating and one was growing. Alpha was a micro originally used for an energy plant that failed and it sank to the center of the earth where they thought it would just evaporate. After some weird localized gravity events all over the world, it was determined it was growing. They started to plot the oscillations of Alpha, and discovered Beta because all the equations weren't working unless they assumed a second black hole that was growing. They were able to create a sort of equilibrium use the mass of the earth, the Beta black hole, and the asteroid in a very specific.
The Beta hole would occasionally emit a sort of wave of coherent gravity (or something like that). By positioning the asteroid, they could more or less aim the "gaser". It was going to be developed as a defensive weapons against whatever put the Beta hole in the earth. All in all a strange, cool book.
Granted, you're not going to get an up to the minute traffic report, breaking news, or a stock market report just as the market closes.
I think that would be called "olds" then, not news.
Ah, I see. I thought we were talking about just the OS. Now I understand. Sorry about that.
/.?? Guess I'll have to turn in my card...
holy crap, did I just see another person's point of view and apologize?? On
...let's assume that you need more than 1GB of space for the OS...
I really cannot conceive of any situation where I would need more than 1GB for recovery OS+tools. Hell, Knoppix only takes 1 CD and that's a full blown OS.
I currently have two LiveCD for this. One is the Fedora3 rescue CD and the other is F.I.R.E for forensic and file recovery. Either one would fit easily on a 512 GB thumb drive, let alone a 1 GB one. On a 1 GB I could have the OS image and still have space left over for any special drivers. Please note I'm talking about an OS for recovery/forensics only - not a full blown distro.
Syncopation? Syncopation? In my native language, we'd use alliteration. Oh, and I speak English. You do have to appreciate the poster's attempt at being a Grammar Nazi, though.
:)
Sorry, I just couldn't resist
Mod parent funny!!
Well, it is to those of us who live here - or depended on Meigs Field. Ok, maybe it wasn't funny. This is exactly how he shut down Meigs. Sent bulldozers in the middle of night to carve huge Xs in the runway rendering it useless. He caught EVERYONE flatfooted with that move.
...than spend 75 cents on songs that are DRM'd and can only be played on my computer or iPod
You forgot to add "and I can burn to a CD I can play anywhere."
Even adding the cost of a good quality CD-R, it is still much cheaper than buying a CD at the store (using the $0.05 per track hypothetical price). If you intend to use the music on the CD in an iPOD or iRiver or whatever, the time to rip the CD vs. the time to burn the CD would come out about the same. Sound quality would be not as good, but (for me at least) it's imperceptable and for the music where quality is absolutely necessary... well, then I buy the CD.
Of course, with the current pricing model, the cost of either scenario works out about the same. I only use iTMS for indivdual tracks or hard to find/out of print music. If I want a whole album, I usually purchase the CD trough Amazon over buying an entire one on iTMS.
Except this is a civil matter, not a criminal one, and therefore a jury does not come into it
Wrong.
There are juries in civil suits, also. The number of jurors is different, however. I beleive instead of 12, as in criminal court, there are only 6. What your referring to is a bench trial, and that has to be specifically requested (and I've also only heard of those in regard to criminal proceedings). When the news talks about juries awarding astounding damage claims to plaintiffs, they are talking about juries in civil cases.
Right now, the case is still in discovery, so the jury hasn't even been selected yet.
Firewalls should be dedicated hardware devices that monitor traffic connection in and out of the local network.
I beleive that's known as the "cruchy outer shell - chewy middle" type of security. This looks nice and effective, but in some industries (i.e. banking) internal threats are much more prevelant. Yes firewalling subnets internally will help, but it does nothing for someone attacking a workstation (or server - but those should have their own subnet) on the same subnet.
For true defense in depth, I would recommend Host-based IDS in conjunction with network IDS and firewalling all workstations. If firewalling may be beyond your resources, at least lock down any extraneous services, enforce strong password/passphrase, start using 2-factor auth if you can. I work at a huge international bank, and in the past year at least one internal employee has been caught trying to harvest information (not client information - but information that would place him one step closer to getting client info). He was caught because of defenw-in-depth. If we had only firewalled the subnetworks, we would not have known an internal attack was happening (and who's to say we would have caught him as moved to more and more sensitive info).
Even though bank employees have backround checks run (just for prior criminal convictions), sometimes these are just first-time "opportunity" crimes. Similar to someone seeing a car with the keys in it and who just can't resist taking it even though he may have never done an illegal thing in his life. Hell, I remember (years ago) when I was a help-desk drone just wandering the network to see what was there, and sometimes came across potentially damaging information. I didn't do anything, but someone else could have. By having high granularity in your security system you can vastly reduce these internal instances (or at least make detection and mitigation much, much easier).
OK, I have been reading most of these comments and chuckling. But this one little phrase:
...see the individual sparkles (i.e. the future).
Set me off into the giggles. Subtle and brilliant. Thanks for the laugh.
..The point, however, is that value is a matter of persepective..
/. tradition), and then I read the rest of your post and found myself in total agreement :)
I agree. I have found a lot of music that I used to have on cassette or LP and purchased from iTMS because it was a hassle/more expensive to find a CD from some specialty shop. I also purchase songs of artists I already know I will listen to over and over or on a recommendation from friends whose music taste is compatable (that's how I "disovered" the Old 97s). iTMS has a much greater value to me personally.
If I were a top-40 drone, Napster would be of much greater value. For some iTMS is way to go, for others it's Napster. It all depends on whether you buy music for lengevity or just want to ride the wave of the "hip new sound". I tend to think that overall the online music market may become a better place because of the different choice of models.
So ultimately I agree that value in this case is entirely based on ones perspective. At first I was going to rebut the first paragraph only (in true
Your component cables probably are coaxial.
Well I don't know about you, but mine aren't coaxial. They are standard wire cable(heavy gauge) terminating in RCA-type male connectors. With the component cables I have (PS2, HD Cable, DVD) the insulation actually bundles all three wires into one flat (and thick) ribbon with 3 male RCA terminations at each end (except the PS2 - one end is the standard PS2 video input plug thingee). Coax is a completely different type of cable.
Now the raw feed into my HD cable box and my cable modem is coax, but from my cable box to the TV is 3-cable component.
No, the Internet was supposed to survive the outages of nuclear warfare, not guarantee complete anonymity. Complete anonymity will be used for theft, guaranteed.
Bzzzt! Wrong! This is one of the biggest Urban Myths out there right now. It seems I see this every copld months or so.
The internet began as a RFP in ARPA(long before ARPA became DARPA). It was started as way to:
1 - eliminate the need for 4 different terminal types on one desk.(that was how the idea germinated)
2 - Facilitate the sharing of information beteween gov't contractors and researchers who had ARPA grants.
3 - A way to timeshare systems for researchers who would not oridinarily have access to such systems.
It was US centric at the beginning and ARPA and ARPA's subcontractors/researchers only.
ARPA net was not designed for fault tolerence of command/control during a nuclear war. That was the impetus behind Paul Baran's development of the idea of packet-switching networks (that wasn't his name - the term "packet" came from Davies who sorta developed the same idea concurrently). He could never drum up support for the idea with ATT (really the only entity that could impliment it at the time). They said it was stupid idea. ARPA later grabbed the idea of packet switched networks and used it because it lent a robustness to otherwise unreliable lines of communications and the IMPs that terminated each line. The fact of the fault tolerence in terms of catastrophic destruction due to war is simply a coincidental side effect when you take into account the reasons the ARPA project was using packet switched networks.
Sorry. Got on my high-horse there. I just can't stand when people say that ARPAnet was designed in a distributed manner to survive a nuclear war. Not true. It was the basis of Paul Baran's conceptual model of a packet switching distributed network.
...NEITHER would allow that
I can't speak for Dell, but Miscrosoft DOES allow that. It's enterprise volume licensing. We report every quarter how many Server, Wkstn, VStudio, Office, etc. are deployed. Of course we have well over 100,000 deployments, so Vendor Management was able to negotiate the fees. I do believe this available to just about any company.
The only thing is, I beleive MS can come in and audit any time they want (have not so far). But since SMS is used to generate the licensing reports, I don't think it's an issue.
That being said, my group is deploying a service that was developed on Linux. For workstations - no problem - fire it up and install. For servers - AAHHHH!! - We have standard packages - so instead of a low-end $1900 server which more than meets our needs, we have to buy the $4000 server to meet company standards. And we don't touch the hardware - there's a group for that. And we can't do patch rollout - there's a group for that. And it takes 6-10 weeks from approval to installation into the DEVELOPMENT environment. Don't get me started on the escalation procedure up to production (4 environments, multiple group sign-off... grrr). To be fair, it's just as difficult with WinTel servers.
I think maye you're thinking about something like this?
The way you're describing how you want it to work would be utilizing X.509 certs. It'll authenticate users to Windows Active Directory, LDAP... anything that can use X.509 for authentication. I'm sure (for a hefty fee) RSA can adapt it to other authentication platforms. The only caveat is it seems a little physically fragile.
I am the formidable BWJones!
*GASP* You're Blackbelt Jones?!?! I love your movies. Especially the second one: The Tattoo Connection
Had he not done that 40,000 computers would still have been infected...
Bad argument. Say I have a flimsy lock and live in a bad neigborhood. Someone breaks in and trashes my place (what this kid did is analogous, though on a larger scale). I have this person arrested. Now should he be let off because "I had inadequate security and it would have happened sonner or later." As it has been noted before, criminal law doesn't care about "might" or "could" or "would". It cares about what did happen.
I don't know about you, but I sent an email for more information... Well, actually I just asked them how big their balls were to have such an obvious scam product. Here ya go, knock yourself out.
info@batmax.com
distributors@batmax.com
sales@batmax.com
media@batmax.com
evaluation@batmax.com
support@batmax.com
OOO, and check out the "research"
BWAHAHAHAHAHA!!!
But the I beleive the prisoners do make wages for that work. Perhaps its only tender that you can exchange for goods (such as radios or what not) in the prison store(I'm not sure if they are paid in US currency), but it is a remuneration for services rendered.
AFAIK, the forced-labor camps in China are basically slave shops.
Doesn't it also need some type of nueral-electrical stimulus to get it to contract? Muscle just doesn't contract/relax on its own. It needs some sort of external stimulus.
As an aside, doesn't the main nerve (can't remember name and too lazy to Google) that carries the impulse to the heart generate a 60Hz pulse. I remember reading that was why so many (low voltage) electrocution deaths in the US were due more to heart failure rather than tissue and burn damage.
Two words:
encrypted filesystem