That's a 6.66 increase per "major" version number. Sounds like sombody sold something to get this speedup. Probably the deal included the version number scheme.
Huh? Once theyve fully rooted your box can do anything, unless there is some authentication through other channels (e.g. my bank provides token readers that you don't (have to) connect. This goes for any network, I mean, there are enough authenticated services as it is, where the same principle applies.
Why not create your own "LAN" on top of the internet using VPN connections? Why would this need a separate network? Are we that worried about DoS attacks on VPN connections? And why go with a single network, whilst you may have different roles to different institutions?
The idea of a non-anonymous sub-network is certainly an interesting one, and you could argue that it does have many benefits over providing credentials to each and every site (for each and every protocol). Proof of citizenship (e.g. with a digital ID) would be the most likely candidate for access. You could think of schemes where one could just prove citizenship and be anonymous to most instititions, but where you could be identified (and banned) by your own government if you have been proven to abuse/attack the system.
I'm not saying that I would be in favour of this - but it is certainly an idea worth mulling over. It would be pretty tricky to implement on top of most operating systems and applications since they haven't been build with VPN's like that in mind (e.g. because on most systems it would require system priviledges to set up a LAN).
Gosh, that's going to be the most insightful comment. The only thing I can do is ammend it a bit.
Currently, as least in Europe, every high priced contract needs to be tendered in the open. This however means that you need to know beforehand what you want. So basically they bring in the consultants at an early stage to create the business case. Then they tender the thing (after a Q&A of the possible participants). And of course price will be a big decider for who wins the tender, so each and every participant will have little flexibility in their business plan. And then they will over charge when change requests are made.
The problem with this kind of business practice is that while the practice of tendering to the lowest bidder is - in itself - a good thing, it completely breaks down if you want to do any kind of modern software development techniques. The use cases are already cast in stone when the contract is done (and even much of the design will have to be present for the participants to create any kind of realistic price). IMHO, they would be better off doing it inhouse, with a company that supplies the software people and software development practices, and an external consultancy firm that specializes in project management (and gets payed for getting that part right).
"Orbiting this at a distance of roughly ninety-eight million miles is an utterly insignificant little blue-green planet whose ape-descended life forms are so amazingly primitive that they still think digital watches are a pretty neat idea. "
I'm currently using an all plastic casio, a remake of one of the digital watches that popularized them. It's pretty useful, watertight. I think they've upgraded the wristband too, it does not dry out as fast, and I'm pretty sure they've replaced the light as well. Otherwise, it's the same thing.
It's a bit of a statement with all the huge analog watches by now. It tells people that I don't need to buy an expensive watch. It's very functional, cheap, watertight and pretty nerdy too. I bought it for 7 euro 50 cents, but I've seen it advertized for a while for a measly 2 euro and 50 cents. But the best thing compared to these analogue watches is that it *can actually tell you what day it is* - don't you hate things that don't do their main function well?
LOL, Airplane II a documentary. Come to think of it, it explained what the sun was, how to live on the moon and how to survive a vacuum, so I guess you must be right.
If you can make a real chocolate 3D image with *that* I would be very amazed. Temperature control is everything if you are talking chocolate. I don't see very advanced 3D chocolate letters coming anytime soon.
Personally I would love it if apps are not only distributed as "free", but also as "free, open source". That could make a bit of a difference regarding the uptake of certain apps. And an URL to the website (preferably sourcesafe or similar) would give extra trust, especially if somebody (Google itself) would check the correctness somehow. Maybe that would give Android some O/S love.
Free is one thing, but on my Linux desktop, I try and run open source only.
Yup, I'm seriously considering a house with a garage for just this reason. I cannot see electric vehecles being parked next to a power plug on the street in the future.
Nowadays, if the block size is 8 bytes, you can be pretty sure it is DES or triple DES. Keeping the algorithm secret has never worked well in cryptography.
Decrypting single DES is now so easy* that the attacker would probably try it as one of the first things. DES is considered only good enough for real time crypto where offline analysis is not feasible or useful.
AES is a pretty good algorithm, but I don't think it is good enough precisely because of the side channel weaknesses. I would imagine that another round of competition within the crypto community is necessary right after the SHA-3 competition. Currently, 3DES is probably a better choice for many functions than AES because of the possible side channel attacks.
Regarding the hashing, you are probably better off choosing Skein. It comes with it's own cipher (Threefish), which would also allow some more interesting modes than CBC (which is e.g. vulnerable to padding attacks). Choosing 3DES because it is better in some circumstances than AES still seems to be a step in the wrong direction, there are better candidates.
When I started off in the practical use of crypto, I was thinking that the larger cryptographic community was in front of crypto-analysis. 10 years on, I'm not so sure. It's not like the algorithms are that bad, it seems to me that there are so many ways to make a protocol vulnerable that the actual security has very very little to do with key size (or block size) for that matter.
My company is still using 3DES quite a lot, that's for certain.
Yeah, but especially with flash it could become multiple days of googling fast. I'm sorry, but things like that just need to work. On my system, with Opera, if I want to safe a picture the "save as..." dialog box is modal but does not get focus. That kind of stuff irritates the hell out of me. I googled that, but no dice.
But then, we are still living in a world (soon to be deprecated) where a browser - any browser - cannot always find the right application, and asks the user to suppy the binary file, starting in his home folder. So you have to be a bit lenient towards these complex products.
Animals don't need to be humane, but *we* need to be - that's why it is called humane. The animals know how to be stressful and how to suffer unfortunately, and there lies the problem. That people keep pythons is beyond me anyway - they can be beautiful, but it seems to me the only other thing they do is kill (more intelligent) animals, and hide.
And why *shouldn't* you unionize? It's not like a programmer is a top of the line job nowadays. It doesn't pay that badly, but I would not advise anybody to take on the job if they have the skills to be a lawyer, banker etc. I've been treated pretty badly by my current company (try working with a 30 year old airco if you are allergic), and I'm now joining the union because of it.
I'm a developer, but I'm trying to move on while staying somewhat on the technical side of things.
I'm not a huge proponent on current (level III) power plants, but I do see options of building a nuclear reactor near a dam, not directly under it. Just put a lot of rock in between and make sure the water is not running towards it. On the other hand, a nuclear disaster right up in the mountains at winter time might be a rather daunting task.
You call that resting easy? Because of Silverlight, I cannot see any live stream from many sites (e.g. Eurosport). Yes, I'm on Linux. No Linux is not supported, Moonlight for some reason never seems to be able to do streaming video, even though that is so far the only reason I've seen Silverlight being used *ever*. The faster it dies, the better.
Of course the security of the symmetric ciphers (normally AES with frequent key changes) used for high-speed data encryption is another question
Especially since AES can be quite vulnerable to side channel attacks, maybe even more so if implemented in hardware. AES should be used for less blocks than triple DES. Then again, it might be hard to come by another hardware accellerated cipher that has been researched as extensively - I suppose triple DES is out of the question. Maybe one of the other AES candidates or even Threefish could be used instead (or on top of AES, we're talking highly secure systems here).
Slashdot Mirror
That's a 6.66 increase per "major" version number. Sounds like sombody sold something to get this speedup. Probably the deal included the version number scheme.
Huh? Once theyve fully rooted your box can do anything, unless there is some authentication through other channels (e.g. my bank provides token readers that you don't (have to) connect. This goes for any network, I mean, there are enough authenticated services as it is, where the same principle applies.
Why not create your own "LAN" on top of the internet using VPN connections? Why would this need a separate network? Are we that worried about DoS attacks on VPN connections? And why go with a single network, whilst you may have different roles to different institutions?
The idea of a non-anonymous sub-network is certainly an interesting one, and you could argue that it does have many benefits over providing credentials to each and every site (for each and every protocol). Proof of citizenship (e.g. with a digital ID) would be the most likely candidate for access. You could think of schemes where one could just prove citizenship and be anonymous to most instititions, but where you could be identified (and banned) by your own government if you have been proven to abuse/attack the system.
I'm not saying that I would be in favour of this - but it is certainly an idea worth mulling over. It would be pretty tricky to implement on top of most operating systems and applications since they haven't been build with VPN's like that in mind (e.g. because on most systems it would require system priviledges to set up a LAN).
Gosh, that's going to be the most insightful comment. The only thing I can do is ammend it a bit.
Currently, as least in Europe, every high priced contract needs to be tendered in the open. This however means that you need to know beforehand what you want. So basically they bring in the consultants at an early stage to create the business case. Then they tender the thing (after a Q&A of the possible participants). And of course price will be a big decider for who wins the tender, so each and every participant will have little flexibility in their business plan. And then they will over charge when change requests are made.
The problem with this kind of business practice is that while the practice of tendering to the lowest bidder is - in itself - a good thing, it completely breaks down if you want to do any kind of modern software development techniques. The use cases are already cast in stone when the contract is done (and even much of the design will have to be present for the participants to create any kind of realistic price). IMHO, they would be better off doing it inhouse, with a company that supplies the software people and software development practices, and an external consultancy firm that specializes in project management (and gets payed for getting that part right).
"Orbiting this at a distance of roughly ninety-eight million miles is an utterly insignificant little blue-green planet whose ape-descended life forms are so amazingly primitive that they still think digital watches are a pretty neat idea. "
Nope, never saw one. For some reason *you* have to tell the watch the time every other month or so.
I'm currently using an all plastic casio, a remake of one of the digital watches that popularized them. It's pretty useful, watertight. I think they've upgraded the wristband too, it does not dry out as fast, and I'm pretty sure they've replaced the light as well. Otherwise, it's the same thing.
It's a bit of a statement with all the huge analog watches by now. It tells people that I don't need to buy an expensive watch. It's very functional, cheap, watertight and pretty nerdy too. I bought it for 7 euro 50 cents, but I've seen it advertized for a while for a measly 2 euro and 50 cents. But the best thing compared to these analogue watches is that it *can actually tell you what day it is* - don't you hate things that don't do their main function well?
LOL, Airplane II a documentary. Come to think of it, it explained what the sun was, how to live on the moon and how to survive a vacuum, so I guess you must be right.
Whoops, that would be "advanced 3D chocolate PASTE" letters.
They'll taste better in memory.
If you can make a real chocolate 3D image with *that* I would be very amazed. Temperature control is everything if you are talking chocolate. I don't see very advanced 3D chocolate letters coming anytime soon.
Personally I would love it if apps are not only distributed as "free", but also as "free, open source". That could make a bit of a difference regarding the uptake of certain apps. And an URL to the website (preferably sourcesafe or similar) would give extra trust, especially if somebody (Google itself) would check the correctness somehow. Maybe that would give Android some O/S love.
Free is one thing, but on my Linux desktop, I try and run open source only.
Yup, I'm seriously considering a house with a garage for just this reason. I cannot see electric vehecles being parked next to a power plug on the street in the future.
Nowadays, if the block size is 8 bytes, you can be pretty sure it is DES or triple DES. Keeping the algorithm secret has never worked well in cryptography.
Decrypting single DES is now so easy* that the attacker would probably try it as one of the first things. DES is considered only good enough for real time crypto where offline analysis is not feasible or useful.
So the short answer is yes.
*as long as you've got enough to work on
AES is a pretty good algorithm, but I don't think it is good enough precisely because of the side channel weaknesses. I would imagine that another round of competition within the crypto community is necessary right after the SHA-3 competition. Currently, 3DES is probably a better choice for many functions than AES because of the possible side channel attacks.
Regarding the hashing, you are probably better off choosing Skein. It comes with it's own cipher (Threefish), which would also allow some more interesting modes than CBC (which is e.g. vulnerable to padding attacks). Choosing 3DES because it is better in some circumstances than AES still seems to be a step in the wrong direction, there are better candidates.
When I started off in the practical use of crypto, I was thinking that the larger cryptographic community was in front of crypto-analysis. 10 years on, I'm not so sure. It's not like the algorithms are that bad, it seems to me that there are so many ways to make a protocol vulnerable that the actual security has very very little to do with key size (or block size) for that matter.
My company is still using 3DES quite a lot, that's for certain.
Yeah, but especially with flash it could become multiple days of googling fast. I'm sorry, but things like that just need to work. On my system, with Opera, if I want to safe a picture the "save as..." dialog box is modal but does not get focus. That kind of stuff irritates the hell out of me. I googled that, but no dice.
But then, we are still living in a world (soon to be deprecated) where a browser - any browser - cannot always find the right application, and asks the user to suppy the binary file, starting in his home folder. So you have to be a bit lenient towards these complex products.
Animals don't need to be humane, but *we* need to be - that's why it is called humane. The animals know how to be stressful and how to suffer unfortunately, and there lies the problem. That people keep pythons is beyond me anyway - they can be beautiful, but it seems to me the only other thing they do is kill (more intelligent) animals, and hide.
Yeah, but we use it to warm our lakes so we can go swimming.
And why *shouldn't* you unionize? It's not like a programmer is a top of the line job nowadays. It doesn't pay that badly, but I would not advise anybody to take on the job if they have the skills to be a lawyer, banker etc. I've been treated pretty badly by my current company (try working with a 30 year old airco if you are allergic), and I'm now joining the union because of it.
I'm a developer, but I'm trying to move on while staying somewhat on the technical side of things.
I'm not a huge proponent on current (level III) power plants, but I do see options of building a nuclear reactor near a dam, not directly under it. Just put a lot of rock in between and make sure the water is not running towards it. On the other hand, a nuclear disaster right up in the mountains at winter time might be a rather daunting task.
Sheesh, I wouldn't put any Slashdot team in a spelling contest. Or are you suggesting that broken phones will be replaced by 12" pads?
Pascal or Modula 2 is probably better since it does not learn you things you must unlearn later.
...and don't call me Shirley!
You call that resting easy? Because of Silverlight, I cannot see any live stream from many sites (e.g. Eurosport). Yes, I'm on Linux. No Linux is not supported, Moonlight for some reason never seems to be able to do streaming video, even though that is so far the only reason I've seen Silverlight being used *ever*. The faster it dies, the better.
Of course the security of the symmetric ciphers (normally AES with frequent key changes) used for high-speed data encryption is another question
Especially since AES can be quite vulnerable to side channel attacks, maybe even more so if implemented in hardware. AES should be used for less blocks than triple DES. Then again, it might be hard to come by another hardware accellerated cipher that has been researched as extensively - I suppose triple DES is out of the question. Maybe one of the other AES candidates or even Threefish could be used instead (or on top of AES, we're talking highly secure systems here).