If it is a series 1, the problem is you don't have enough memory. We had the same problem with our dtivo. We added a cachecard and 1gb memory from: http://www.9thtee.com/tivocachecard.htm and everything is now spiffy.
The consideration here is the time to deploy, not the cost of deployment.
Whether or not you or others want to say the subsequent cost for taking the time to cobble together something under linux/bsd/whatever is orthogonal to the validity of the statement regarding time to get the service up and running.
um, "68% of implementation time" has nothing to do with subsequent uptime.
I would agree that implementing a new service on windows is considerably easier if for no other reason than there probably is a single product you can just install. On linux a single service may require cobbling together many different components. Go try and install something as simple as a calendar system in linux....you have to install ldap for authentication, a webserver for web access, the calendar software itself, the postgres database for data, etc. On windows you often just find a single app which does it all.
For small to medium sized businesses, cobbling together doesn't make sense.
I did my undergrad at the university of northern colorado, my master's at stanford, and am doing my phd at CMU. Each university has had computers with academic information/records breached.
There is a rumor that bill gates donated the money to stanford just so a professor who flunked him at Harvard would have to work in the "Bill Gates" building every day. I asked the professor in question, and he confirmed that he flunked him. Bill hasn't scheduled a one-on-one for me to confirm his side.
If true, that would be a true geek's revenge!
I just hope the building doesn't start shaking until everyone runs around and closes all open windows.
The probe was proposed 35 years ago, but has never had the funding until now.
This is incorrect. NASA and Stanford have been working on the project for 35 years. Project delays and budget mangling have delayed the probe. I know this for a fact, since my brother's been working on this project for 10 years. (And finally got his PhD this last month. Go Rob)
The scary thing is after all that money, there is still like a 5% chance that the launch vehicle will explode on the pad. (fingers crossed)
why didn't apple make itunes work with any browser to why didn't apple make itunes work with any browser to begin with?
Because they can tightly control the itunes viewing experience. Trying to make everything web-browser accessible may be a proper goal in some areas, but in others it just doesn't make sense.
With the way it is structured now, they can add tags at whim to redefine how items are presented on the screen, etc and be completely certain how it will look to the user without trying it out on upteen hundred browsers, or adding the silly "best viewed on {insert web browser here}" icon.
A similar line of reasoning is why you must use apple hardware to use apple software...they don't have to cater to the masses, only their customers.
You can analyse robustness against differential
and linear attacks. See for example notes on the
S-box generation of Tiger.
Robustness against diff/lin attacks is not the same as understanding the mathematics of an sbox. this only shows security against a few known attacks, but does not reduce the security of the sbox to intractiblity or information-theoretic limits.
It's not clear to me that the "mathematics" of DES *is* understood. It's clear what it's doing, but designing the s-boxes still is a black-art, AFAIK.
Also, from the post, the goal of crypto is to make the *only* secret the secret key. The goal is not to make the *algorithm* secret. There is work on code obfuscation where the goal is to make the code secret. It's okay to compare reverse engineering ATM's to crypto, but realize that the goals are different. One is an academic disciple, abstract in many ways, one is an engineering effort.
(And another reason crypto is often published is it's so hard to get right, people need to check each other's work. So publishing to some extent is a sanity check that you didn't do something stupid.)
Google isn't valid HTML either. And they still use an embedded style element rather than a highly-cachable external stylesheet, and still use crap like
By the same token, though, if people search for the song "Foo", they get n different hashes for each potential provider. How do you know which one is the real song "Foo"? Suppose x of the results contain the same hash, so you think that is the real "Foo". Then the copyright people could just say install a filter for that hash. After filtering, you're left with n-x unique hashes, each of which you tell is the real (but with a bit flipped) "Foo".
In other words, the proposed solution would make the P2P systems much harder to use for copyrighted content. The RIAA could filter based upon common search that returned common hashes. They could then flood the network with bogus files with the wrong hash, making it difficult to find the correct file. Not that I agree with the idea, but it's not completely baseless (just mildly baseless).
You can't legally decode/reencode the stream because that means cracking the DTV smart card. You could dump it from the coax/rca out, but then you loose quality. As an added problem, you also increase the space each program takes because of the decode/reencode.
TiVo does one thing well IMHO, which is the cornerstone of a good product. See unix for other examples.
Also, for those with quality issues, check your connectors. There isn't anything in DTV that degrades quality...it's a digital stream from the satellite!
You miss out on some key functionality building your own vs TiVo with DirectTV. DirectTV broadcasts in digital, so TiVo just has to dump the bits to disk. If you build your own, you have to decode, then dump. As a result, you loose quality.
FWIW, I've had a Hughes TiVo for 4 years, upgraded to 2 100GB drives, and never had a problem.
If you have problem with your hardware, try a different reseller.
One of the central tenets of open source is that many eyes make bugs shallow. One of the tenets of closed source is that by making money, they can pay programmers to create better products and have better customer support.
So why submit a bug report to microsoft for free? Why be one of the many eyes, in a closed source model? Reporting a bug makes their software better, and better software is why you should pay them $$$, remember? You don't retain any intellectual rights to the bug or fix, so again it's closed source. If you believe that you're making the world better for others who use it, then you're thinking in open-source terms.
Why are we using an open-source bug reporting model to a closed source company? I say make them give you $$$ for things that will make them $$$.
Of course MS wants you to submit bug reports for free (or even make money by submitting through there tech support system), since it leads to better products with no effort on their part. But why would we, the bug finders, let MS pick and choose the components of open source that best suite their business plans, when they go to such an extent to berate it? Why compromise with MS by letting them pick the terms for dealing with bugs that result from their methods of creating and managing software?
IMHO, the world would be much nicer if instead of devoting effort to finding bugs in MS products, we simply stop using their product when a bug is found, and use a corresponding open source product.
Indeed, this is probably true right now. However, one of the points was repeatedly violating the law generally ups your chances of being targetted by law enforcement. Thus, you should change crimes often so you're not high on any one list:)
The parallels of repeated hacking to moderation are astounding. In a way, you get moderated higher the more you contribute to the criminal underground. Get moderated high enough, and all the agencies will know your name, and you'll become targetted. If you *still* continue to commit crime, you'll be moderated up to the point of "moderator"...i.e. helping law enforcement (after completing your sentence, of course) recognize whose who in the underground.
I worked as a security officer for many years, working with law enforcement on issues such as this. In reality, what you've run up against is a fundamental problem with computer law. Almost any offense they could charge the perpetrator with is a felony, thus the FBI should handle the case.
So what does it take to get the FBI to investigate? There are about 4 different things the bad guys could do:
Cause $5000 worth of damages. What "damage" means is not standardized. Some district attorneys read the law as meaning $5000 worth of physical damage! In any case, most interprate this to mean $5000 in damages from the hack, but recovery time is not necessarily included. Thus, the question of whether your credit card was used.
Breaking into a financial instituation.
Cause a public health threat, such as by breaking into a hospital.
Attacking the interests of the US, i.e. the gov't.
The problem is you don't fit into any of these categories for the FBI. Suppose you did come up with the required damages. Then the FBI have to choose whether to pursue your case or another. If someone else is causing more problems, they'll investigate them instead of your case. If you don't have any idea whose doing the hacking, then again they'll probably go after someone who they think is easier to catch. Last, they'll try to decide whether or not they think the case will lead to an easy conviction. If not, again your screwed.
Basically it's a matter of priorities, and this doesn't sound like a large enough hack to be more than the blip of a Cessena at an international airport full of 747's.
It sucks, but that's how it is. What would be good is if hacking resulted in a fine, or some other misdemener. Then convictions would be easy, and the bad guys would quickly learn crime doesn't pay in the small case, and the big cases result in the FBI actually going after them.
It takes 2 hours in the real world. If you log connections, you'll see it there. But do you watch your logs that closely?
One funny defense to try is to run OpenSSL w/ logging to a full disk. The full disk breaks the timing attack as the OS valiantly and unsuccessfully tries to find free blocks to record the SSL error message.
Slashdot Mirror
If it is a series 1, the problem is you don't have enough memory. We had the same problem with our dtivo. We added a cachecard and 1gb memory from: http://www.9thtee.com/tivocachecard.htm and everything is now spiffy.
Whether or not you or others want to say the subsequent cost for taking the time to cobble together something under linux/bsd/whatever is orthogonal to the validity of the statement regarding time to get the service up and running.
um, "68% of implementation time" has nothing to do with subsequent uptime. I would agree that implementing a new service on windows is considerably easier if for no other reason than there probably is a single product you can just install. On linux a single service may require cobbling together many different components. Go try and install something as simple as a calendar system in linux....you have to install ldap for authentication, a webserver for web access, the calendar software itself, the postgres database for data, etc. On windows you often just find a single app which does it all. For small to medium sized businesses, cobbling together doesn't make sense.
This completes my trifecta! What did I win again?
I did my undergrad at the university of northern colorado, my master's at stanford, and am doing my phd at CMU. Each university has had computers with academic information/records breached.
There is a rumor that bill gates donated the money to stanford just so a professor who flunked him at Harvard would have to work in the "Bill Gates" building every day. I asked the professor in question, and he confirmed that he flunked him. Bill hasn't scheduled a one-on-one for me to confirm his side.
If true, that would be a true geek's revenge!
I just hope the building doesn't start shaking until everyone runs around and closes all open windows.
Only allow 1 account :)
when will they learn to put the control key in the right place?
This is incorrect. NASA and Stanford have been working on the project for 35 years. Project delays and budget mangling have delayed the probe. I know this for a fact, since my brother's been working on this project for 10 years. (And finally got his PhD this last month. Go Rob)
The scary thing is after all that money, there is still like a 5% chance that the launch vehicle will explode on the pad. (fingers crossed)
Because they can tightly control the itunes viewing experience. Trying to make everything web-browser accessible may be a proper goal in some areas, but in others it just doesn't make sense. With the way it is structured now, they can add tags at whim to redefine how items are presented on the screen, etc and be completely certain how it will look to the user without trying it out on upteen hundred browsers, or adding the silly "best viewed on {insert web browser here}" icon.
A similar line of reasoning is why you must use apple hardware to use apple software...they don't have to cater to the masses, only their customers.
Robustness against diff/lin attacks is not the same as understanding the mathematics of an sbox. this only shows security against a few known attacks, but does not reduce the security of the sbox to intractiblity or information-theoretic limits.
Good link, though.
It's not clear to me that the "mathematics" of DES *is* understood. It's clear what it's doing, but designing the s-boxes still is a black-art, AFAIK.
Also, from the post, the goal of crypto is to make the *only* secret the secret key. The goal is not to make the *algorithm* secret. There is work on code obfuscation where the goal is to make the code secret. It's okay to compare reverse engineering ATM's to crypto, but realize that the goals are different. One is an academic disciple, abstract in many ways, one is an engineering effort.
(And another reason crypto is often published is it's so hard to get right, people need to check each other's work. So publishing to some extent is a sanity check that you didn't do something stupid.)
HTML is broken, not google.
LaTeX - it's not just for bootie calls
In other words, the proposed solution would make the P2P systems much harder to use for copyrighted content. The RIAA could filter based upon common search that returned common hashes. They could then flood the network with bogus files with the wrong hash, making it difficult to find the correct file. Not that I agree with the idea, but it's not completely baseless (just mildly baseless).
You can't legally decode/reencode the stream because that means cracking the DTV smart card. You could dump it from the coax/rca out, but then you loose quality. As an added problem, you also increase the space each program takes because of the decode/reencode.
TiVo does one thing well IMHO, which is the cornerstone of a good product. See unix for other examples.
Also, for those with quality issues, check your connectors. There isn't anything in DTV that degrades quality...it's a digital stream from the satellite!
You miss out on some key functionality building your own vs TiVo with DirectTV. DirectTV broadcasts in digital, so TiVo just has to dump the bits to disk. If you build your own, you have to decode, then dump. As a result, you loose quality.
FWIW, I've had a Hughes TiVo for 4 years, upgraded to 2 100GB drives, and never had a problem.
If you have problem with your hardware, try a different reseller.
And the answer is:
:)
No, we shouldn't.
Any other questions I can help you out with
So why submit a bug report to microsoft for free? Why be one of the many eyes, in a closed source model? Reporting a bug makes their software better, and better software is why you should pay them $$$, remember? You don't retain any intellectual rights to the bug or fix, so again it's closed source. If you believe that you're making the world better for others who use it, then you're thinking in open-source terms.
Why are we using an open-source bug reporting model to a closed source company? I say make them give you $$$ for things that will make them $$$.
Of course MS wants you to submit bug reports for free (or even make money by submitting through there tech support system), since it leads to better products with no effort on their part. But why would we, the bug finders, let MS pick and choose the components of open source that best suite their business plans, when they go to such an extent to berate it? Why compromise with MS by letting them pick the terms for dealing with bugs that result from their methods of creating and managing software?
IMHO, the world would be much nicer if instead of devoting effort to finding bugs in MS products, we simply stop using their product when a bug is found, and use a corresponding open source product.
The parallels of repeated hacking to moderation are astounding. In a way, you get moderated higher the more you contribute to the criminal underground. Get moderated high enough, and all the agencies will know your name, and you'll become targetted. If you *still* continue to commit crime, you'll be moderated up to the point of "moderator"...i.e. helping law enforcement (after completing your sentence, of course) recognize whose who in the underground.
So what does it take to get the FBI to investigate? There are about 4 different things the bad guys could do:
The problem is you don't fit into any of these categories for the FBI. Suppose you did come up with the required damages. Then the FBI have to choose whether to pursue your case or another. If someone else is causing more problems, they'll investigate them instead of your case. If you don't have any idea whose doing the hacking, then again they'll probably go after someone who they think is easier to catch. Last, they'll try to decide whether or not they think the case will lead to an easy conviction. If not, again your screwed.
Basically it's a matter of priorities, and this doesn't sound like a large enough hack to be more than the blip of a Cessena at an international airport full of 747's.
It sucks, but that's how it is. What would be good is if hacking resulted in a fine, or some other misdemener. Then convictions would be easy, and the bad guys would quickly learn crime doesn't pay in the small case, and the big cases result in the FBI actually going after them.
It takes 2 hours in the real world. If you log connections, you'll see it there. But do you watch your logs that closely? One funny defense to try is to run OpenSSL w/ logging to a full disk. The full disk breaks the timing attack as the OS valiantly and unsuccessfully tries to find free blocks to record the SSL error message.
In case you missed it, it's laughlin, not lauglin. One thing to consider when reading his opinion is he did win the nobel prize.