Anyways, this has nothing to do with standards, this is all badly implemented software.
SIP uses Digest authentication by default and can be encrypted, RTP can be encrypted, the protocols are secure. Just because Cisco (and apparently Grandstream) don't seem to be able to implement them right (though amusingly enough I just tested both of the Cisco 79x0 exploits against a few 7940s in my office running the 7.4 firmware and they weren't affected, so it's a newly introduced bug).
I don't know if pot would be a "competitor" to alcohol. Most of the potheads that I know still drink. Hell, when I was smoking I didn't give up or even reduce my alcohol consumption. That's probably not a very scientific study but take it for what it's worth.
I'd be one to support the "competitor" argument. My alcohol consumption dropped dramatically when I smoked and then went right back up when I quit (job started random tests). Before I started and after I quit, it's not unusual to see me drinking 2-5 drinks (be it beer/malt beverages or shots) 3-5 nights a week. When I was smoking, I might have a beer or two if a sporting event I cared to watch was on, maybe a few shots of the good stuff once a week when hanging out with friends. I got the "looseness" I desired without the negative effects of alcohol, so I had no reason to bother.
This is faulty logic. Compared to DUI, possession of personal quantities of most drugs is a minor offense. If someone's the type to drive while stoned, the fact that the drugs are illegal isn't going to stop them.
The question as I see it is why would one want to remove the watermark?
I doubt the large scale pirates will be buying from whatever DRM-free store Universal is selling at, they'll keep ripping from CDs that will likely be leaked early like always.
Until the record companies start putting unique identifiers in watermarks on the media that the pirates actually want to use, I can't see a point in removing them.
instead of just the people too stupid to stay under the speed limit. Have you ever been on a divided highway? The stupid people are the ones doing the speed limit (typically 60-65 MPH here in Ohio), everyone else is going somewhere between 75 and 90.
I've got no problem with speed enforcement in general, the problem is that our highway speed limits are stupidly low and we also have small towns that make 90% of their revenue from speeding tickets just because a 4 lane road happens to pass through their jurisdiction. There's no reason a 4 lane road should ever drop from 55 to 25 just because one crossed an arbitrary border, and of course we all know that conveniently the speed limit signs are a bit obscured and there are always great places to park Crown Vics within about 50 feet of those hidden signs.
Windows is the only platform that allows for easy software installation Easy software installation? ha!
DLL hell, the registry, etc.
Installing an app on Windows in a best case is the absolute worst case on a Mac. Run installer, click next a few times, done. On a Mac, that's only done if system files need to be modified, in most cases you drag the program to your Applications folder (or anywhere else, but for the average user example they'll probably leave it where stuff is by default) and you're done.
On any decent Linux distro (Debian and Ubuntu for example) you run Synaptic (assuming most users that would be challenged by installation of software won't be touching aptitude or apt-get), check the programs you want, and click install. Walk away, come back a few minutes or hours later depending on how much you wanted to install and the speed of your pipe, and you're done. Possibly reboot if there was a kernel update and/or driver hidden in there.
Compared to any other modern OS, Windows is terrible with regards to installing software.
Being able to put that logo on consumer-grade broadband and networking products would/will continue to be a huge boon for marketing. They already do. Have you looked at a WRT-series router, PAP2 analog adapter, or SPA-series IP phone?
I work with Linksys VoIP gear day in and day out, Cisco branding is on every bit.
You know, I clicked the link in your sig genuinely considering a host switch (after some research of course) but when it started playing some audio intro in my background tab that got immediately closed.
I'm not sure if you're actually with the company or just put up a referral link, but if you have any say in getting that silly thing removed I say do it. No one wants their browser to just start talking, particularly from a background window. It happens enough with ads already (I think, thanks to Adblock I haven't seen a banner ad in years).
15 inches for a desktop is small now. I've still got a 12" VGA CRT from my old IBM PS/1, but there's no way I'd ever choose to use it over my 20" LCD (which is beginning to feel small, so I'm looking at 24" models).
I think LCDs are a big reason for the growth in screen sizes now. 15/17 was pretty much the status quo for a decade of CRTs, but now that we can have larger displays without needing to have a 3 cubic foot 100 pound beast on the desk, it's a lot easier to justify.
There's also the fixed resolution thing too. With a CRT, if you wanted to cram more stuff on the screen you could just turn the resolution up (to a point). Obviously LCDs don't allow this, so once you need more screen real estate you have to upgrade.
Laptops are a different can of worms entirely because small size is preferable. I think for most uses a 17 incher is too big and the 19/20 inch models are just absurd. Right now I'm typing this from a 13" Macbook, though I would prefer a 15" MBP if budget had allowed.
I'm just trying to correct the misperception that Apple uses/used TPM on their shipping Macs - they don't
Wanna bet?
Last login: Sat Jul 7 10:43:34 on ttyp2 Welcome to Darwin! Wrath:~ wolrah$ uname -a Darwin Wrath.local 8.10.1 Darwin Kernel Version 8.10.1: Wed May 23 16:33:00 PDT 2007; root:xnu-792.22.5~1/RELEASE_I386 i386 i386 Wrath:~ wolrah$ system_profiler SPHardwareDataType Hardware:
Hardware Overview:
Model Name: MacBook
Model Identifier: MacBook1,1
Processor Name: Intel Core Duo
Processor Speed: 1.83 GHz
Number Of Processors: 1
Total Number Of Cores: 2
L2 Cache (per processor): 2 MB
Memory: 2 GB
Bus Speed: 667 MHz
Boot ROM Version: MB11.0061.B03
SMC Version: 1.4f12
Serial Number: <removed>
Sudden Motion Sensor:
State: Enabled
This is on a September 2006 Gen1 Macbook. My roommates each have Gen2 models with the Core 2 Duo processors and neither show a TPM in ioreg. That makes me agree with abes on the idea that Apple cut out the TPM when it was proven ineffective.
Have you worked on a Macbook yet? The hard drive and RAM are trivial to get to. Pop the battery, unscrew one panel (three screws), and either flip a lever or pull on a strap.
Anyone who wants to opt out of the Telco could use VOIP, through satellites if necessary. I hope you aren't serious with this suggestion. Simple physics prevent a VoIP service running over satellites from being even close to comparable to the same over normal copper/fiber lines. It's the same issue as satellite phones, just with IP now in the mix.
Cingular gives me an address from WDSPCO's range (166.128.0.0/9). I haven't bothered to check inbound ports yet to see if it actually matters that I have a real IP, but I have one.
How do you know about the cliff after 6 years? The oldest hybrids around are just getting there, and I haven't seen their values plummet... FYI, the Prius is 10 years old in Japan (6 elsewhere) and the Insight is 8 everywhere. I know nothing about the values, but hybrids have existed for longer than you think.
It's not necessarily "abuse", just doesn't really provide a real-world number unless you spend a lot of time sitting in traffic and/or get passed regularly by bluehairs in their Grand Marquis.
Real people accelerate quick enough to actually cause things on the dashboard to slide off, tend to go 5-10 MPH over the speed limit (that's a whole different area of government automotive silliness), and for the most part choose routes that avoid 6 lane parking lots.
I support two T1 circuits from different ISPs located hundreds of miles apart with IPs that fall within the same/24. It's improbable, but not even close to impossible. Two unrelated servers getting neighboring IPs wouldn't even be odd if they happened to be in the same datacenter.
I'm not saying there isn't a connection, just saying that similar IPs mean all but nothing.
Re:Social hack - use "bullfight" for "speed trap".
on
Is Your GPS Naive?
·
· Score: 1
Well that's why I said marked roads. Most residential roads are just one big sheet of asphalt with no markings at all and thus wouldn't fall under that rule. If the road's good enough to actually be divided in to lanes, it's good enough for me to accelerate beyond idle.
Re:Social hack - use "bullfight" for "speed trap".
on
Is Your GPS Naive?
·
· Score: 2, Insightful
US 20 here in Ohio has a few areas where it's a 4 lane divided highway, all but identical to Interstate 80 a few miles north, but the speed limit is 45 for no good reason. Corn fields on the right, corn fields on the left, nothing but fucking corn and the ever-present Highway Patrol cars in the median. Along the same route there are also some useless speed trap towns where the speed limit is 25 because one house happens to be close. Again, this is on a 4 or sometimes 5 lane highway and of course there are almost more cops than residents in these towns.
I don't care where the road runs, speed limits should be set by taking a normalized average of the speed people drive on it and then rounding to the nearest 5. On I-80, this would put the limit at either 80 or 85 and the majority of US 20 at 65 or 70, dropping down to 45 or 50 in the towns. There's no reason any marked road should have a limit lower than 35, nor should a 4+ lane road ever go below 45.
I disagree about that being hypocritical, as long as you make it clear that it's a "learn from my mistakes" thing. I never put much effort in to school and graduated barely holding on to a 3.0 GPA, but of course the end result of that is I have some fairly chunky college loans to pay back. My brother on the other hand maintained nearly straight As and is getting ready to go off to the same school but with a full ride.
When/if I have kids, I'll be able to point out this situation and show them why they should work harder and not do what I did. Same thing with drinking and drugs. I'm not going to say "go nuts", but I'm also not going to give my kids the DARE version because I've been there, done that, and know better.
Regarding the nForce4 on Windows, were you using the "ActiveArmor" firewall? That's a piece of shit. I have yet to see it work properly and it often causes major problems. Without it installed, just using the base network driver, neither I nor two of my roommates nor my next door neighbor have had even a tiny bit of trouble with our nF4 networking under any OS. We're all using Asus A8N-SLI Deluxe motherboards with either the current stable or latest beta chipset drivers.
They're bitches about uncapping (google it), but in terms of being able to use a metric fuckload of bandwidth they're great. My roommates and I download an average of 200GB/week on our 10mbit connection, and aside from the typical intermittent short downtimes (totaling 2 hours in the last 8 months) we haven't had a single problem. We often pull enough traffic through the Buckeye connection and our 10mbit Ethernet link to the University of Toledo that we had to build a pfSense router because even modded Linksys WRTs couldn't hold up.
I chose 3 digits because that seems to be the standard on ordinary combination locks that you'd find attached to a toolbox or locker. Of course those aren't unbreakable, but brute forcing one would take much longer than other methods of getting to whatever the lock is protecting, so they're considered sufficient.
Obviously in the case of WPA or WPA2 in PSK mode, if the user chooses some stupid password that's either uselessly short or a dictionary word it can be broken rather quickly, but that doesn't mean the algorithm is flawed. All it means is that the user is an idiot (granted, it should be assumed that users are idiots, but I don't see any real solutions to this problem). WPA2 supports 256 bit keys, so the number of possibilities are a really really big number that I don't feel like typing out. Last time I checked, the WPA brute force tools can test 30-60 keys per second. Even if you could test at one million times that speed, it would take 6.11551377 × 10^58 millenia to check through the entire key space. If every single atom in the planet had that computing power and was actively trying to break your one key, it would still take 20,431,661.7 millenia to cover the entire key space.
For all practical purposes, 256 bit encryption like what WPA2 uses is unbreakable. Flaws in the algorithm and badly chosen keys are the only weaknesses. At this point, there are no known flaws in the algorithm, so a decently secure key (same rules as a good password, make it long and vary the character types) is all you need. For home users just wanting to keep out neighbors and/or wardrivers, it's more than enough. For businesses, making sure the key doesn't get out from loose-lipped users is more important and using WPA2 Enterprise mode where each user has their own login information solves that problem for all intents and purposes.
Hell, in theory, 104 bit WEP should have been more than enough for home users. It was just badly designed and implemented so that a fast reliable crack became possible to develop.
WPA "cracks" are all just brute force, which you could also do with WEP and any other encryption algorithm. It just takes fucking forever (assuming the user chose a key that was more than just a dictionary word). These WEP attacks are actually flaws in the design of the system which allow you to crack a key many times faster than brute force.
Rainbow tables, dictionaries, and the like are all just variations on brute force. They accelerate the process, but either way you're not actually breaking the encryption but instead using a crapload of processor power to try one key after another until you hit the right one.
Saying WPA is insecure because there is a brute force tool for it is like saying the a lock is insecure because I could go and start trying combinations. 1-1-1....1-1-2....1-1-3.........
Slashdot Mirror
I just resynced my laptop against the NIST NTP server and compared it to the two just-booted phones I have here (LG CU500 and iPhone, both on AT&T).
The laptop hit the minute about 4 seconds before the CU500, which itself was about 1 second ahead of the iPhone.
Far more than accurate enough to use for almost any normal purpose, but useless for anything needing truly accurate time.
There is.
Anyways, this has nothing to do with standards, this is all badly implemented software.
SIP uses Digest authentication by default and can be encrypted, RTP can be encrypted, the protocols are secure. Just because Cisco (and apparently Grandstream) don't seem to be able to implement them right (though amusingly enough I just tested both of the Cisco 79x0 exploits against a few 7940s in my office running the 7.4 firmware and they weren't affected, so it's a newly introduced bug).
I don't know if pot would be a "competitor" to alcohol. Most of the potheads that I know still drink. Hell, when I was smoking I didn't give up or even reduce my alcohol consumption. That's probably not a very scientific study but take it for what it's worth.
I'd be one to support the "competitor" argument. My alcohol consumption dropped dramatically when I smoked and then went right back up when I quit (job started random tests). Before I started and after I quit, it's not unusual to see me drinking 2-5 drinks (be it beer/malt beverages or shots) 3-5 nights a week. When I was smoking, I might have a beer or two if a sporting event I cared to watch was on, maybe a few shots of the good stuff once a week when hanging out with friends. I got the "looseness" I desired without the negative effects of alcohol, so I had no reason to bother.This is faulty logic. Compared to DUI, possession of personal quantities of most drugs is a minor offense. If someone's the type to drive while stoned, the fact that the drugs are illegal isn't going to stop them.
The question as I see it is why would one want to remove the watermark?
I doubt the large scale pirates will be buying from whatever DRM-free store Universal is selling at, they'll keep ripping from CDs that will likely be leaked early like always.
Until the record companies start putting unique identifiers in watermarks on the media that the pirates actually want to use, I can't see a point in removing them.
I've got no problem with speed enforcement in general, the problem is that our highway speed limits are stupidly low and we also have small towns that make 90% of their revenue from speeding tickets just because a 4 lane road happens to pass through their jurisdiction. There's no reason a 4 lane road should ever drop from 55 to 25 just because one crossed an arbitrary border, and of course we all know that conveniently the speed limit signs are a bit obscured and there are always great places to park Crown Vics within about 50 feet of those hidden signs.
DLL hell, the registry, etc.
Installing an app on Windows in a best case is the absolute worst case on a Mac. Run installer, click next a few times, done. On a Mac, that's only done if system files need to be modified, in most cases you drag the program to your Applications folder (or anywhere else, but for the average user example they'll probably leave it where stuff is by default) and you're done.
On any decent Linux distro (Debian and Ubuntu for example) you run Synaptic (assuming most users that would be challenged by installation of software won't be touching aptitude or apt-get), check the programs you want, and click install. Walk away, come back a few minutes or hours later depending on how much you wanted to install and the speed of your pipe, and you're done. Possibly reboot if there was a kernel update and/or driver hidden in there.
Compared to any other modern OS, Windows is terrible with regards to installing software.
I work with Linksys VoIP gear day in and day out, Cisco branding is on every bit.
You know, I clicked the link in your sig genuinely considering a host switch (after some research of course) but when it started playing some audio intro in my background tab that got immediately closed.
I'm not sure if you're actually with the company or just put up a referral link, but if you have any say in getting that silly thing removed I say do it. No one wants their browser to just start talking, particularly from a background window. It happens enough with ads already (I think, thanks to Adblock I haven't seen a banner ad in years).
15 inches for a desktop is small now. I've still got a 12" VGA CRT from my old IBM PS/1, but there's no way I'd ever choose to use it over my 20" LCD (which is beginning to feel small, so I'm looking at 24" models).
I think LCDs are a big reason for the growth in screen sizes now. 15/17 was pretty much the status quo for a decade of CRTs, but now that we can have larger displays without needing to have a 3 cubic foot 100 pound beast on the desk, it's a lot easier to justify.
There's also the fixed resolution thing too. With a CRT, if you wanted to cram more stuff on the screen you could just turn the resolution up (to a point). Obviously LCDs don't allow this, so once you need more screen real estate you have to upgrade.
Laptops are a different can of worms entirely because small size is preferable. I think for most uses a 17 incher is too big and the 19/20 inch models are just absurd. Right now I'm typing this from a 13" Macbook, though I would prefer a 15" MBP if budget had allowed.
I'm just trying to correct the misperception that Apple uses/used TPM on their shipping Macs - they don't
Wanna bet? This is on a September 2006 Gen1 Macbook. My roommates each have Gen2 models with the Core 2 Duo processors and neither show a TPM in ioreg. That makes me agree with abes on the idea that Apple cut out the TPM when it was proven ineffective.Have you worked on a Macbook yet? The hard drive and RAM are trivial to get to. Pop the battery, unscrew one panel (three screws), and either flip a lever or pull on a strap.
Cingular gives me an address from WDSPCO's range (166.128.0.0/9). I haven't bothered to check inbound ports yet to see if it actually matters that I have a real IP, but I have one.
It's not necessarily "abuse", just doesn't really provide a real-world number unless you spend a lot of time sitting in traffic and/or get passed regularly by bluehairs in their Grand Marquis.
Real people accelerate quick enough to actually cause things on the dashboard to slide off, tend to go 5-10 MPH over the speed limit (that's a whole different area of government automotive silliness), and for the most part choose routes that avoid 6 lane parking lots.
I support two T1 circuits from different ISPs located hundreds of miles apart with IPs that fall within the same /24. It's improbable, but not even close to impossible. Two unrelated servers getting neighboring IPs wouldn't even be odd if they happened to be in the same datacenter.
I'm not saying there isn't a connection, just saying that similar IPs mean all but nothing.
Well that's why I said marked roads. Most residential roads are just one big sheet of asphalt with no markings at all and thus wouldn't fall under that rule. If the road's good enough to actually be divided in to lanes, it's good enough for me to accelerate beyond idle.
US 20 here in Ohio has a few areas where it's a 4 lane divided highway, all but identical to Interstate 80 a few miles north, but the speed limit is 45 for no good reason. Corn fields on the right, corn fields on the left, nothing but fucking corn and the ever-present Highway Patrol cars in the median. Along the same route there are also some useless speed trap towns where the speed limit is 25 because one house happens to be close. Again, this is on a 4 or sometimes 5 lane highway and of course there are almost more cops than residents in these towns.
I don't care where the road runs, speed limits should be set by taking a normalized average of the speed people drive on it and then rounding to the nearest 5. On I-80, this would put the limit at either 80 or 85 and the majority of US 20 at 65 or 70, dropping down to 45 or 50 in the towns. There's no reason any marked road should have a limit lower than 35, nor should a 4+ lane road ever go below 45.
The IEEE 802.11 working group would like to have a word with you.
I disagree about that being hypocritical, as long as you make it clear that it's a "learn from my mistakes" thing. I never put much effort in to school and graduated barely holding on to a 3.0 GPA, but of course the end result of that is I have some fairly chunky college loans to pay back. My brother on the other hand maintained nearly straight As and is getting ready to go off to the same school but with a full ride.
When/if I have kids, I'll be able to point out this situation and show them why they should work harder and not do what I did. Same thing with drinking and drugs. I'm not going to say "go nuts", but I'm also not going to give my kids the DARE version because I've been there, done that, and know better.
Regarding the nForce4 on Windows, were you using the "ActiveArmor" firewall? That's a piece of shit. I have yet to see it work properly and it often causes major problems. Without it installed, just using the base network driver, neither I nor two of my roommates nor my next door neighbor have had even a tiny bit of trouble with our nF4 networking under any OS. We're all using Asus A8N-SLI Deluxe motherboards with either the current stable or latest beta chipset drivers.
They're bitches about uncapping (google it), but in terms of being able to use a metric fuckload of bandwidth they're great. My roommates and I download an average of 200GB/week on our 10mbit connection, and aside from the typical intermittent short downtimes (totaling 2 hours in the last 8 months) we haven't had a single problem. We often pull enough traffic through the Buckeye connection and our 10mbit Ethernet link to the University of Toledo that we had to build a pfSense router because even modded Linksys WRTs couldn't hold up.
I chose 3 digits because that seems to be the standard on ordinary combination locks that you'd find attached to a toolbox or locker. Of course those aren't unbreakable, but brute forcing one would take much longer than other methods of getting to whatever the lock is protecting, so they're considered sufficient.
Obviously in the case of WPA or WPA2 in PSK mode, if the user chooses some stupid password that's either uselessly short or a dictionary word it can be broken rather quickly, but that doesn't mean the algorithm is flawed. All it means is that the user is an idiot (granted, it should be assumed that users are idiots, but I don't see any real solutions to this problem). WPA2 supports 256 bit keys, so the number of possibilities are a really really big number that I don't feel like typing out. Last time I checked, the WPA brute force tools can test 30-60 keys per second. Even if you could test at one million times that speed, it would take 6.11551377 × 10^58 millenia to check through the entire key space. If every single atom in the planet had that computing power and was actively trying to break your one key, it would still take 20,431,661.7 millenia to cover the entire key space.
For all practical purposes, 256 bit encryption like what WPA2 uses is unbreakable. Flaws in the algorithm and badly chosen keys are the only weaknesses. At this point, there are no known flaws in the algorithm, so a decently secure key (same rules as a good password, make it long and vary the character types) is all you need. For home users just wanting to keep out neighbors and/or wardrivers, it's more than enough. For businesses, making sure the key doesn't get out from loose-lipped users is more important and using WPA2 Enterprise mode where each user has their own login information solves that problem for all intents and purposes.
Hell, in theory, 104 bit WEP should have been more than enough for home users. It was just badly designed and implemented so that a fast reliable crack became possible to develop.
WPA "cracks" are all just brute force, which you could also do with WEP and any other encryption algorithm. It just takes fucking forever (assuming the user chose a key that was more than just a dictionary word). These WEP attacks are actually flaws in the design of the system which allow you to crack a key many times faster than brute force.
Rainbow tables, dictionaries, and the like are all just variations on brute force. They accelerate the process, but either way you're not actually breaking the encryption but instead using a crapload of processor power to try one key after another until you hit the right one.
Saying WPA is insecure because there is a brute force tool for it is like saying the a lock is insecure because I could go and start trying combinations. 1-1-1....1-1-2....1-1-3.........