I've seen a lot of different opinions than yours on this. Most are about ships etc. But my objection is that your whole argument is bogus. I mean, sure, the ship might flex a bit when pulled. But then it comes to a point that it won't flex no more (otherwise you would loose the kite). So where does the upward pointed energy go then? Simple, it will pull the bow out of the water. I presume that the upward and lateral forces are more or less equal here, I would not want to be in one of those ships if the forces in either direction can not be averaged out a bit.
Don't know how far it would lift the ship though, those things are pretty heavy. Then again, the kite is pretty big.
There is quite a difference between flash and flash. That's one reason why flash SSD's are more expensive. If you are using a cheap USB memory stick with limited wear leveling (only dynamic wear leveling, if I'm correct) it's pretty easy to damage the drives. Current SSD's - the flash drives that are designed for this purpose - seem to have very high reliability rates.
I've been running the default Ubuntu from a laptop harddisk. With this system, it will not be any problem running the default Ubuntu, provided that you get the display drivers to run. Currently I'm stuck on VESA mode again, after trying almost anything to get the video to display anything other. The upgrade to 7.10 was the reason for this, upgrade to X means reinstalling video drivers again. Since I've also tried various compile/install methods, I may never get my system back on, which is the main reason for abandoning linux on the desktop so far...
Hmm, I've looked into the crime rate and indeed, it seems we are not that different from other countries. Which, imho, is still an accomplishment because other countries are always lamenting our not so harsh justice system. Anyway, I do still think that introducing the taser won't help much. The criminal network around Amsterdam has always been there of course, Holleeder (without the additional r) just caries on the tradition, in a rather violent way.
Just today, I saw someone attack a few police officers on TV. He was pretty strong, but he was hold to the ground by three police officers and was already starting to be out of breath. The fourth officer did not hold him back but got a taser. After tasering the guy everybody stood back, while the mad man was clearly reacting to the taser in a rather awfull way. Okay, so maybe at that time the police would have gotten away with it.
Then before getting him in the vehicle, while he was still on the ground, the police tasered him *again*. Now that's just right of the scale. Completely unnecessary, just a knee-jerk rejection from somebody who is supposed to be a professional. Guys (and girls), don't get suckered into believing things like these do not constitute torture. Leaving somebody in the sun of 35C or more for longer periods of time is torture. Sleep derivation is torture. Loud music for long periods of time is torture.
In the Netherlands, the guy who killed Pim Fortuin was kept into a cell with very bright lights and continuous camera surveillance. It was pretty clear what he had done, and he was in custody already. Of course he needed to get punished. But, as there was no intent by himself to commit suicide, and since he was not convicted yet, this simply amounts to torture. Unfortunately the current government likes to copy the US, so we are already waiting for the introduction of the taser. This in a country that has a rather low crime ratio compared to other western countries.
Oh, they were already in a mess anyway, since they are observing us from their treadmills, so they are shortening the life of earth and humanity themselves. That we take the universe with us might come as a surprise though. I'm innocent, it is impossible to see the night sky from my apartment due to light pollution.
Just for your information, distribution is just one part of the test suites for randomness. A counter going from 0..99 has a perfect distribution over 100 elements. It is also extremely non-random. There are quite a number of mathematically complex tests to perform before something is considered random enough. And even then you cannot distinguish between true randomness and a rather complex mathematical method that just uses the previous output as only input parameter. So the tests you are pointing to are not tests for full randomness. Of course, really bad randomness like most OS use for their TCP implementation lights up like an Xmas tree, so it is a good starting point.
I can see no reason NOT to tell the public if the data is encrypted or not, so the public knows what kind of precautions or steps may be needed to protect their identity. Warning: highly opinionated rant.
Duh. Because it wasn't or was easy to crypto-analyze of course. Not telling still seems to be less damaging then telling things. If you look at the number of idiotic things that are said to be "secret" in the current western world, it's just sickening. The only way you can run a democracy is by having an open government. The current administrations in about *any* western country do exactly the opposite.
Many non-western parties (good and bad) take advantage of this; they point out that trying to establish democracy in other countries while messing it up at home is not really helping. And truth be said, I agree.
I just don't see how its possible just from looking at the numbers themselves unless you're selecting from a pre-known selection of algorithms and comparing expected results with actual output from the generator given a specific seed. If you don't know the algo then you could be making educated guesses for literally years and still not work out the algorithm. Eh? You reverse engineer the machine code, which is exactly what they did. Doesn't matter if it runs in kernel space either, just take any x86 VM and there you go. Hell, they used a pretty weird scheme with hashes and symmetric encryption, but once you figure out when those - rather standardized - algorithms are called, it's a piece of cake. At least for someone that knows a fair bit about debugging and reverse engineering. Many CS mayors *should* be able to do this.
First lesson about cryptography: don't assume that the algorithm itself cannot be cracked, rely on keys or, in this case, in the non-availability of the state of the PRNG. And of course, don't think because C/C++ is compiled into machine code, that it cannot be reverse engineered. True enough, C# managed code/Java byte code is easier to reverse engineer, but only because it is a *higher level* machine code. The basics are more or less the same.
If I look at the algorithm used by M$, it seems that they made the same very basic mistake you are now making, and they should be *very* ashamed. Even 8 years ago keeping algorithms safe was just not done. That weird scheme of theirs seems to be very much geared towards obscurity, not security. That said, I have not looked deeply into the scheme, maybe it does something incredibly smart, but I would definitely not bet on that, not even if the odds were 10:1.
"It might be easy to code the fix, but it's (at least) an order of magnitude more work to actually test it."
Well, that depends. They already have the code and it is not that the API needs to much testing I suppose. I mean, getRandomXxx() with some 4 different strings for Xxx should be enough. Feed the output into a FIPS random number testing tool (for testing weirdness, I mean the code has already been tested in other configurations) and go.
Sure it is a bit of work, but the test code should be available already as well. It's not like there have been too many system changes between 2003 and XP afaik.
Just to give some feedback to the argument that Wii does not need to have a DVD player: I would have bought one if it had a pretty decent DVD player from start. I don't need all those power and resource sucking devices in my home. Now I've bought just a DVD player. And it is not just because of cost either: browsing through DVD menus and such might be pretty nice with the remote of the Wii. Hell, you could adjust volume by pressing the trigger button and rotating the remote. Storing the last point of play within movies should not be a problem either - it is with many DVD players. And afaik it does not make too much noise, so, why the hell not?
Will you guys stop complaining and post the freaking URL's and configurations already? Jeez, I am not saying that the user should start to program or anything, but this is the 7th or 8th post saying that it still has problems, but don't let anybody find out for themselves. For all we know, you've enabled the option to pre-load pages once in FF, and forgot to put that back.
There is *no* browser that has any memory quota for web pages afaik. So if a page has problems, it might very well be that 800 MB is used in an instant, especially if dynamic HTML is running much faster in the browser (as seems to be the case for FF 3).
Oh, and try it with other browsers as well. If they inhibit the same problem, it is definitely the page that's causing the problems.
Which pages? Have you looked at the DOM (document object tree)? You can do so with the developer extension. It was mentioned that there was some faster dynamic HTML as well. That's all nice and dandy, but if the page keeps adding to the DOM in a Java Script loop, this means that the DOM of that page will grow to immense proportions. Maybe we'll need some kind of monitoring device for misbehaving pages, but as it stands, pages can use any amount of memory and CPU cycles, in any browser. And of course, due to browser differences it may be that some pages react differently to pages.
Fortunately I saw that there is an option to safe your pages (without firefox doing so automatically because it thinks it has "crashed" when closed by shutdown), so it is easier to close the thing when I want my CPU to be fully available (playing games, in other words). The memory usage and CPU usage of browsers during games can really irritate the hell out of me, just like the video jitters when an email arrives during a game.
But if I ever need to run a hash against a password database, I'll remember this lesson and first perform a Google search. Saves a lot of time and CPU cycles.
I am already doing this for telephone calls I cannot place. If it's an institution or a person that is calling because of profession, the chances that the telephone is listed somewhere on a (search engine) accessible web page is *very* large.
Sometimes I buy this. But I'm living in Europe, and each time I look at building systems, AMD is always cheaper *overall* compared to Intel systems with the same system configuration. CPU be buggered, motherboards and memory are the things that are needed and create the end price. Since AMD seems to run fine with slightly slower but much cheaper memory, AMD is the king for cheap self build systems. At our company we run Core 2 Duo's in our development machines, and I don't think they are much more expensive than AMD systems, so that's fine as well.
Of course it is unavailable. It will be available when it hits the $999 price tag. Or is Intels highest desktop price susceptible to inflation as well? In that case, lets hope that they don't do a 20% increase every 2-3 years. It seems technically we are now at the P4 GHz range again, but now with well performing and full featured CPU's. Maybe we should call this a green paper launch.
In C#, the problem manifests itself as a memory leak. In C/C++ however, you would have freed the memory even while the listeners were still active. Now you have a reference to previously freed memory. I know what I would prefer. The only advantage is that - maybe - the C/C++ error would show up earlier, but the form of the manifestation might vary.
Q: Do you really expect to be able to detect and filter anything that's conceivably stupid?
A: No, of course not. You'd need real AI for that, and beyond a certain point it's simply subjective; after all, a sufficiently advanced AI would probably filter out the whole of human discourse, which isn't the idea.
Not the same problem. You can be pretty sure that the outcome of the random number generator is pretty much evenly spread out evenly after going all those SHA-1 hash functions and RC-4 encryption functions. So the numbers will look pretty much random which ever way you look at it. Until your process uses the RNG, gets the state and starts calculating the next random numbers by itself. Then the random numbers will look conspicuously non random (as in: equal).
Of course, to get a high performance tcp/ip stack, they might have cut a few corners and stopped at using the PRNG for each bit of the initial sequence numbers (or more likely: they stopped using it at all or never started using it). Don't forget that 99% of developers would not know a PRNG if it hit them on the head. Then again, some people were using rnd(-time) on MSX BASIC 1.0 when they were 12:).
Aren't there huge bus problems with USB/security? Just thinking out loud. Anyway, you don't want user applications feeding the random RNG, as you could have read in the article. Furthermore, you don't want something that uses up lots of bus traffic and/or CPU power to get random bits, because ill behaving applications or user errors may slow down the PC to a crawl (like writing a HDD with random numbers from/dev/random instead of/dev/urandom).
Basically, in linux, you get enough random bits from the HDD & network interfaces. This problem can be fixed without additional hardware. Of course, I do like the on processor solutions, you won't get faster and more secure than that, and you are independent on the hardware used on the system.
Well, you can make the die smaller, as others have pointed out, or you can add cache, which *can* also make things faster. Look at the 12 MB caches of the Xeons mentioned in the article. That's quite a number of MB's, that won't take too much space (to keep the costs down). Actually, many of my - smaller - applications could fit easily within the cache alone. Of course, with multiple cores, virtualization and the bottleneck of the main memory, having a big cache *can* really help.
Note: *can* because it rather depends on the applications used
"4) I hesitate to suggest this since they seem incapable of getting even simple things right, but replace SIM cards with SD cards (they're effectively a commodity now, $20 for 2GB). Poof, instant long-play pocket audio recorder!"
I do completely agree, but only if you substitute SIM cards by Micro-SD or something like that. SIM cards are common practice within the industry; you cannot just replace that by flash (imagine your phone breaking, you have enough experience with that it seems). Furthermore, they also act as a secure key store. Copying of SIM cards to gain access to your account is not something you want to see happening.
Most of the time, if I have to wait for something to be delivered, it is not the warehouses that I am waiting for: 1) the package delivery service does not have a pick-up point to where you can send your item - yes, currently living alone; 2) the item has to be ordered by the online shop. This might speed up some things, but they don't remove the real problems. It might be interesting for other reasons than delivery time, or when near real time delivery is in order (e.g. Ikea like concept, without the hassle of having to pick up stuff from the shelves).
Come to think of it, a hardware store with robot delivery might be nice.
Slashdot Mirror
I've seen a lot of different opinions than yours on this. Most are about ships etc. But my objection is that your whole argument is bogus. I mean, sure, the ship might flex a bit when pulled. But then it comes to a point that it won't flex no more (otherwise you would loose the kite). So where does the upward pointed energy go then? Simple, it will pull the bow out of the water. I presume that the upward and lateral forces are more or less equal here, I would not want to be in one of those ships if the forces in either direction can not be averaged out a bit.
Don't know how far it would lift the ship though, those things are pretty heavy. Then again, the kite is pretty big.
There is quite a difference between flash and flash. That's one reason why flash SSD's are more expensive. If you are using a cheap USB memory stick with limited wear leveling (only dynamic wear leveling, if I'm correct) it's pretty easy to damage the drives. Current SSD's - the flash drives that are designed for this purpose - seem to have very high reliability rates.
I've been running the default Ubuntu from a laptop harddisk. With this system, it will not be any problem running the default Ubuntu, provided that you get the display drivers to run. Currently I'm stuck on VESA mode again, after trying almost anything to get the video to display anything other. The upgrade to 7.10 was the reason for this, upgrade to X means reinstalling video drivers again. Since I've also tried various compile/install methods, I may never get my system back on, which is the main reason for abandoning linux on the desktop so far...
Hmm, I've looked into the crime rate and indeed, it seems we are not that different from other countries. Which, imho, is still an accomplishment because other countries are always lamenting our not so harsh justice system. Anyway, I do still think that introducing the taser won't help much. The criminal network around Amsterdam has always been there of course, Holleeder (without the additional r) just caries on the tradition, in a rather violent way.
Just today, I saw someone attack a few police officers on TV. He was pretty strong, but he was hold to the ground by three police officers and was already starting to be out of breath. The fourth officer did not hold him back but got a taser. After tasering the guy everybody stood back, while the mad man was clearly reacting to the taser in a rather awfull way. Okay, so maybe at that time the police would have gotten away with it.
Then before getting him in the vehicle, while he was still on the ground, the police tasered him *again*. Now that's just right of the scale. Completely unnecessary, just a knee-jerk rejection from somebody who is supposed to be a professional. Guys (and girls), don't get suckered into believing things like these do not constitute torture. Leaving somebody in the sun of 35C or more for longer periods of time is torture. Sleep derivation is torture. Loud music for long periods of time is torture.
In the Netherlands, the guy who killed Pim Fortuin was kept into a cell with very bright lights and continuous camera surveillance. It was pretty clear what he had done, and he was in custody already. Of course he needed to get punished. But, as there was no intent by himself to commit suicide, and since he was not convicted yet, this simply amounts to torture. Unfortunately the current government likes to copy the US, so we are already waiting for the introduction of the taser. This in a country that has a rather low crime ratio compared to other western countries.
Oh, they were already in a mess anyway, since they are observing us from their treadmills, so they are shortening the life of earth and humanity themselves. That we take the universe with us might come as a surprise though. I'm innocent, it is impossible to see the night sky from my apartment due to light pollution.
Just for your information, distribution is just one part of the test suites for randomness. A counter going from 0..99 has a perfect distribution over 100 elements. It is also extremely non-random. There are quite a number of mathematically complex tests to perform before something is considered random enough. And even then you cannot distinguish between true randomness and a rather complex mathematical method that just uses the previous output as only input parameter. So the tests you are pointing to are not tests for full randomness. Of course, really bad randomness like most OS use for their TCP implementation lights up like an Xmas tree, so it is a good starting point.
"Please use the correct name for their proprietary data format!"
:)
Fixed that, unless you count ECMA - which you shouldn't
Duh. Because it wasn't or was easy to crypto-analyze of course. Not telling still seems to be less damaging then telling things. If you look at the number of idiotic things that are said to be "secret" in the current western world, it's just sickening. The only way you can run a democracy is by having an open government. The current administrations in about *any* western country do exactly the opposite.
Many non-western parties (good and bad) take advantage of this; they point out that trying to establish democracy in other countries while messing it up at home is not really helping. And truth be said, I agree.
First lesson about cryptography: don't assume that the algorithm itself cannot be cracked, rely on keys or, in this case, in the non-availability of the state of the PRNG. And of course, don't think because C/C++ is compiled into machine code, that it cannot be reverse engineered. True enough, C# managed code/Java byte code is easier to reverse engineer, but only because it is a *higher level* machine code. The basics are more or less the same.
If I look at the algorithm used by M$, it seems that they made the same very basic mistake you are now making, and they should be *very* ashamed. Even 8 years ago keeping algorithms safe was just not done. That weird scheme of theirs seems to be very much geared towards obscurity, not security. That said, I have not looked deeply into the scheme, maybe it does something incredibly smart, but I would definitely not bet on that, not even if the odds were 10:1.
"It might be easy to code the fix, but it's (at least) an order of magnitude more work to actually test it."
Well, that depends. They already have the code and it is not that the API needs to much testing I suppose. I mean, getRandomXxx() with some 4 different strings for Xxx should be enough. Feed the output into a FIPS random number testing tool (for testing weirdness, I mean the code has already been tested in other configurations) and go.
Sure it is a bit of work, but the test code should be available already as well. It's not like there have been too many system changes between 2003 and XP afaik.
Just to give some feedback to the argument that Wii does not need to have a DVD player: I would have bought one if it had a pretty decent DVD player from start. I don't need all those power and resource sucking devices in my home. Now I've bought just a DVD player. And it is not just because of cost either: browsing through DVD menus and such might be pretty nice with the remote of the Wii. Hell, you could adjust volume by pressing the trigger button and rotating the remote. Storing the last point of play within movies should not be a problem either - it is with many DVD players. And afaik it does not make too much noise, so, why the hell not?
Will you guys stop complaining and post the freaking URL's and configurations already? Jeez, I am not saying that the user should start to program or anything, but this is the 7th or 8th post saying that it still has problems, but don't let anybody find out for themselves. For all we know, you've enabled the option to pre-load pages once in FF, and forgot to put that back.
There is *no* browser that has any memory quota for web pages afaik. So if a page has problems, it might very well be that 800 MB is used in an instant, especially if dynamic HTML is running much faster in the browser (as seems to be the case for FF 3).
Oh, and try it with other browsers as well. If they inhibit the same problem, it is definitely the page that's causing the problems.
Which pages? Have you looked at the DOM (document object tree)? You can do so with the developer extension. It was mentioned that there was some faster dynamic HTML as well. That's all nice and dandy, but if the page keeps adding to the DOM in a Java Script loop, this means that the DOM of that page will grow to immense proportions. Maybe we'll need some kind of monitoring device for misbehaving pages, but as it stands, pages can use any amount of memory and CPU cycles, in any browser. And of course, due to browser differences it may be that some pages react differently to pages.
Fortunately I saw that there is an option to safe your pages (without firefox doing so automatically because it thinks it has "crashed" when closed by shutdown), so it is easier to close the thing when I want my CPU to be fully available (playing games, in other words). The memory usage and CPU usage of browsers during games can really irritate the hell out of me, just like the video jitters when an email arrives during a game.
But if I ever need to run a hash against a password database, I'll remember this lesson and first perform a Google search. Saves a lot of time and CPU cycles.
I am already doing this for telephone calls I cannot place. If it's an institution or a person that is calling because of profession, the chances that the telephone is listed somewhere on a (search engine) accessible web page is *very* large.
Sometimes I buy this. But I'm living in Europe, and each time I look at building systems, AMD is always cheaper *overall* compared to Intel systems with the same system configuration. CPU be buggered, motherboards and memory are the things that are needed and create the end price. Since AMD seems to run fine with slightly slower but much cheaper memory, AMD is the king for cheap self build systems. At our company we run Core 2 Duo's in our development machines, and I don't think they are much more expensive than AMD systems, so that's fine as well.
Of course it is unavailable. It will be available when it hits the $999 price tag. Or is Intels highest desktop price susceptible to inflation as well? In that case, lets hope that they don't do a 20% increase every 2-3 years. It seems technically we are now at the P4 GHz range again, but now with well performing and full featured CPU's. Maybe we should call this a green paper launch.
In C#, the problem manifests itself as a memory leak. In C/C++ however, you would have freed the memory even while the listeners were still active. Now you have a reference to previously freed memory. I know what I would prefer. The only advantage is that - maybe - the C/C++ error would show up earlier, but the form of the manifestation might vary.
I liked the next one better:
Q: Do you really expect to be able to detect and filter anything that's conceivably stupid?
A: No, of course not. You'd need real AI for that, and beyond a certain point it's simply subjective; after all, a sufficiently advanced AI would probably filter out the whole of human discourse, which isn't the idea.
Not the same problem. You can be pretty sure that the outcome of the random number generator is pretty much evenly spread out evenly after going all those SHA-1 hash functions and RC-4 encryption functions. So the numbers will look pretty much random which ever way you look at it. Until your process uses the RNG, gets the state and starts calculating the next random numbers by itself. Then the random numbers will look conspicuously non random (as in: equal).
:).
Of course, to get a high performance tcp/ip stack, they might have cut a few corners and stopped at using the PRNG for each bit of the initial sequence numbers (or more likely: they stopped using it at all or never started using it). Don't forget that 99% of developers would not know a PRNG if it hit them on the head. Then again, some people were using rnd(-time) on MSX BASIC 1.0 when they were 12
Aren't there huge bus problems with USB/security? Just thinking out loud. Anyway, you don't want user applications feeding the random RNG, as you could have read in the article. Furthermore, you don't want something that uses up lots of bus traffic and/or CPU power to get random bits, because ill behaving applications or user errors may slow down the PC to a crawl (like writing a HDD with random numbers from /dev/random instead of /dev/urandom).
Basically, in linux, you get enough random bits from the HDD & network interfaces. This problem can be fixed without additional hardware. Of course, I do like the on processor solutions, you won't get faster and more secure than that, and you are independent on the hardware used on the system.
Well, you can make the die smaller, as others have pointed out, or you can add cache, which *can* also make things faster. Look at the 12 MB caches of the Xeons mentioned in the article. That's quite a number of MB's, that won't take too much space (to keep the costs down). Actually, many of my - smaller - applications could fit easily within the cache alone. Of course, with multiple cores, virtualization and the bottleneck of the main memory, having a big cache *can* really help.
Note: *can* because it rather depends on the applications used
"4) I hesitate to suggest this since they seem incapable of getting even simple things right, but replace SIM cards with SD cards (they're effectively a commodity now, $20 for 2GB). Poof, instant long-play pocket audio recorder!"
I do completely agree, but only if you substitute SIM cards by Micro-SD or something like that. SIM cards are common practice within the industry; you cannot just replace that by flash (imagine your phone breaking, you have enough experience with that it seems). Furthermore, they also act as a secure key store. Copying of SIM cards to gain access to your account is not something you want to see happening.
Bikes? Cars as well:
http://new.greenwheels.nl/
Quite popular in Amsterdam, as I've been told. I've seen quite a few around.
Most of the time, if I have to wait for something to be delivered, it is not the warehouses that I am waiting for:
1) the package delivery service does not have a pick-up point to where you can send your item - yes, currently living alone;
2) the item has to be ordered by the online shop.
This might speed up some things, but they don't remove the real problems. It might be interesting for other reasons than delivery time, or when near real time delivery is in order (e.g. Ikea like concept, without the hassle of having to pick up stuff from the shelves).
Come to think of it, a hardware store with robot delivery might be nice.