The most common coffee machines in the Netherlands beep just/slightly/ before stopping to dispense boiling water. And I've been training my reflexes since the MSX2 days (4 MHz home computer from the 80s). Thank you very much DE (Douwe Egberts, a well known coffee distributor over here) for warning me that I'm going to burn my fingers *again*. The other model does not have this problem (but is slower) and you cannot get the cups out without the chance to pour boiling hot coffee over your suit. If you cannot do things right, leave the features out altogether, thank you.
Oh, some USB keyboards take a long time to startup as well. But if a keyboard is not present, it's pretty easy to connect one and hit the damn F1 key, so I don't know how stupid this actually is. Most BIOS still have an option to stop if no keyboard is present, and you will still get this error message. It could have read "(re)connect keyboard and press F1", but I think most people can work this out, even lusers.
Bah, my ISP blocks port 25 this way. Of course, I can just go to the service pages and turn the protection off. Average Joe don't direct connections to mail servers, and I don't think that there are any trojans attacking the (frequently changing) service pages of my ISP - if you never log into them they don't know the password anyway. They used to charge for email scanning as well, but I (and others) pointed out that infected machines were their problem as well. Now it is included in the charge, and you can turn it off if you really want to. Again, average Joe doesn't read the manuals and will never know about - let alone turn of - the mail scanning. We also got a user configurable spam assasin, which is turned on in default. Average Joe does not want the spam send to my ISP (about 95% of the mail volume is spam!).
This is how you deal with security *and* keep your customers happy.
Uh, my fraudsters just ordered software online. I'm pretty sure that the software makers were into it, but that's hard to prove, and it is unlikely that the credit companies are going to try that. Nothing is delivered (online delivery of bits, well, that's easy to remove) and the software company itself is not actually caught doing an illegal transaction.
This goes for any transactions for services instead of goods I suppose, but internet software or "content" purchases are not actually costing a company anything, and people can still pay hundreds of dollars for them. And services are not delivered, they are performed.
Computers will never be as simple as cars. Cars are single purpose machines, getting people and some luggage from one place to another. They generally don't need upgrades, qualified engineers will take care of most maintainance. Don't forget you get many hours of lessons (in most countries from qualified personel) to drive safely. Oh, and they will nowadays easily get to the age of 10 years, even when they are well used.
Computers, now that is a different story. Many people know how to travel the web pretty well by now, but that's just a single application. Maybe we should compare driving a car with using an internet browser or something. Of course I agree that computers can be made much easier. But as simple as cars? No.
You are looking for a realistic keylength? Well, let's guess (first google hit): Keylength.com. Only it seems to be down at this time. Too many slashdot hits I suppose. Anyway, you can look through the NIST or ECRYPT documents, but they are not written for mere uninformed human creatures. The best bit of information is table 4 in the NIST document (warning, in PDF format).
With RSA - and other asymmetric cryptographic techniques - the number of calculations grows exponentially when you increase the bit-size of the keys. You need a darn lot of cryptographic messages for them to break using 1024 bit RSA keys if you want the same level security of a message encrypted with a 1280 bit RSA key. 500 messages a day is comparable with a key strenght increase of roughly 90 bits for RSA. Just using bigger key lengths would be much more efficient.
Just for fun, to get the strength of a 2048 bit RSA key using many messages encrypted with 1024 bit RSA keys you would need to send about 2,016,338,777 messages - if my calculations are correct. That does not seem too efficient to me:)
Yeah, and I've seen motherboards from both Asus and VIA that supported this RoHS. VIA in particular seems to be right on the edge with environmental friendly (or, at least friendlier) PC components, see e.g. here.
160 Mbit/sec? That's about 33% of the speed of current hard drives, maximum. Remember, transfer speeds are normally measured in MB/sec (or, more accurately, MiB/sec) not Mbit/sec. And for hard drives there are RAID solutions readily available. The things that might be interesting for customers are reliability, power consumption and (kind of) storage space needed. It might be that these things beat hard drives in these sections. Storage capacity, speed and price of hard drives are definately not yet within reach, it seems.
As long as the advertisements don't include weight (and adapter weight if possible) and battery life in their commercials, it might not be worth it to go for the ultra-compatible arena. Here in the Netherlands at least they even put in commercials for ultra-thins without noting the weight and the battery life, even if these figures are more than decent. The difference seems to be made by a 80 or 100 GB HDD, which I don't care about for a bit.
"when mounted, we want to to say 1 terrabyte, not meh, nearly one terrabyte. The OS is the measureing stick, use it."
I'll bite. First of all, we want it to say terabyte or TB. Notice the lack of dubbel r's. Furthermore, I don't care a bit what the OS (which OS is that?) measures it. Please use measurements ones that humans, not computers or nerds understand, TB for 1,000,000,000,000 bytes is fine with me. And then there is the issue of filesystems. If you would format this with some arcane filesystem, you might loose a lot of data storage right away.
In other words, they've more or less nailed it, even if they use it for commercial reasons only.
Nah, it's just fear of the uncommon. No need for studies there. I don't believe for a bit that you will see this behaviour with persons that have had computers since they were a child. I've also seen behaviour like this when it comes to work-shed tools. There are probably a few things in this world that are simple to do, but which I will find daunting.
And don't forget that computers are not that simple. They just appear simple to you because you *are* already used to them. Things like pressing the start button to shut down the computer instead of just pressing the off button. Copying happens when dragging to another drive, moving otherwise etc. etc.
Exactly, in the Netherlands at least only the lowliest computers are sold with basic by default. All the others run Premium. Hell, even a 800 euro laptop comes with Premium nowadays. so the high percentage of Premium sales says nothing at all. Actually, it might be that the Basic version disappears from desktops altogether, because nobody might buy these computers without Premium. It's more that Basic is for loosers, and all the other guys get Premium, than that Premium is the odd one out.
"Improvements in diesel engines might well outpace hybrid technology."
Unless they make the engines efficient at any RPM, I cannot see this happen. If it is for a specific RPM, then the hybrids can use this same advantage. Anyway, diesel engines are as old as Jerusalem. If there are any optimizations to be made (see article) then I think that the hybrids currently are most likely to benefit.
"Personally I think its genius, I'd like to follow the progress of such a protocol if it exists. I just got done watching the talk so I'll be googling around for a little I suppose."
It's not a protocol. It's a bunch of ideas meant for researchers (or grad students in his talk). It's meant to get people to think about what they are doing - or, to be more precise - what their goal should be. He mentioned some protocols as examples of partial implementations of his ideas, maybe you could start there.
"See, better power management really is supposed to be a new feature of Vista, and it's a legitimate feature (unlike the increased DRM 'feature')."
They have said that for all the previous OS as well, and I must say that - on average - power management on Windows systems is really bad. This could be because MS is not in the computer business (Apple can change the drivers pretty easily, which MS can't). But to call better power management a new feature *again* is really taking it a bit too far. Of course, the quotes should have to be around "new" as well, as in "new features". I do not even dare to try it on my old laptop though, is was designed for Windows 2K, and it patently refuses to have anything to do with power saving modes in XP (hanging itself when it is restarted).
"The whole TCP/IP stack was NOT designed taking security under consideration."
And it doesn't need to be. The TCP/IP stack implementations need to be protected against buffer overflows and such like. Appart from that, security must be implemented on the application layer (which is not part of the TCP/IP stack).
"Therefore, we either need an external security mechenism (such as firewalls, IDSs, IT department, etc.),"
If the OS would not let any application just make any connection towards the internet, and if it would not let any application just open any server port, I would indeed not need a firewall. Anyway, you cannot design a network protocol to be secure in the sense that you are talking about. How would such a secure protocol replace a (higher level) IDS?
"OR we need to design new secure network protocols and change every single node in The Internet. Now, obviously we can't change every single node in The Internet, can we?"
IP uses IP addresses to identify computers. Unless you want to have an identification scheme for *each* address, you cannot have such security on the TCP/IP layer. This is called IPSec (or the security part of IPv6 I suppose). It does work, but only within closed environments (e.g. corporate LAN's or within universities) and it only protects against eavesdropping and malicious laptops joining the network.
"I know this is a utopian vision that I probably won't see in my lifetime, but the IT services market is pushing us in this direction. As IT becomes more of a utility, users are going to buy a whole lot more services than products. And by nature, services are more about results than technologies. Service customers -- whether home users or multinational corporations -- care less and less about the specifics of security technologies, and increasingly expect their IT to be integrally secure."
This is the 6th paragraph, out of 11. If you look at this paragraph, you see that the first five are more or less teasers. Schneier then goes on how security becomes more and more integrated into the package (we see this with linux and windows incorporating firewalls as well). Also, as a Java developer and linux user, I know that it _can_ be pretty easy to make products more secure. Buffer overruns and SQL injection can be easily avoided, and I still don't need no virusscanner on my linux machine. Yet about 70% keeps japping about the first few paragraphs, even though Bruce clearly does not see the industry disappear overnight.
I presume this is progress. At least, it's now RTFSHOTA (read the f***ing second half of the article).
Up to a point, yes. But if security can be had without teaching the user, all the better. No email should be able to infect a computer just because it is being recieved by am mail application. No user should have to know the inner workings of a firewall, let alone know how to install one. Because, as you said, never underestimate the power of human stupidity. The trick is to take the user out of the equation. And that seems to be the gist of (at least the second part of) the article.
"Although I am not the most 31337 person in the world, I am pretty much surrounded by the world of computers, but I have never, in my life, put down money for a computer magazine. And no one I know, including many programmers, hardware people, or network administrators, seems to be a follower either."
Uh, I travel by train, and I love to read the C'T magazine while traveling. It's available in Dutch and German only, unfortunately (for you). It's pretty geeky and pretty good, and has very interesting articles. I used to buy Dr Dobbs as well, but now I only buy the Java specific ones (too many articles that are not in my field). I used to buy the Byte as well, if only for the well written (but very common) articles by Jerry Pournelle. Alas, that time has gone.
It's definately still possible for a magazine to be better written, better informed than most grub on the internet. Of course, 50-70% of the magazines aren't worth a dime, and I won't buy them. I think most computer magazines from the UK are *horrible*, but that might be because we only get the really popular ones. I like the linux magazines very much as well, but they are too expensive over here.
Slashdot Mirror
The most common coffee machines in the Netherlands beep just /slightly/ before stopping to dispense boiling water. And I've been training my reflexes since the MSX2 days (4 MHz home computer from the 80s). Thank you very much DE (Douwe Egberts, a well known coffee distributor over here) for warning me that I'm going to burn my fingers *again*. The other model does not have this problem (but is slower) and you cannot get the cups out without the chance to pour boiling hot coffee over your suit. If you cannot do things right, leave the features out altogether, thank you.
Oh, some USB keyboards take a long time to startup as well. But if a keyboard is not present, it's pretty easy to connect one and hit the damn F1 key, so I don't know how stupid this actually is. Most BIOS still have an option to stop if no keyboard is present, and you will still get this error message. It could have read "(re)connect keyboard and press F1", but I think most people can work this out, even lusers.
Bah, my ISP blocks port 25 this way. Of course, I can just go to the service pages and turn the protection off. Average Joe don't direct connections to mail servers, and I don't think that there are any trojans attacking the (frequently changing) service pages of my ISP - if you never log into them they don't know the password anyway. They used to charge for email scanning as well, but I (and others) pointed out that infected machines were their problem as well. Now it is included in the charge, and you can turn it off if you really want to. Again, average Joe doesn't read the manuals and will never know about - let alone turn of - the mail scanning. We also got a user configurable spam assasin, which is turned on in default. Average Joe does not want the spam send to my ISP (about 95% of the mail volume is spam!).
This is how you deal with security *and* keep your customers happy.
Uh, my fraudsters just ordered software online. I'm pretty sure that the software makers were into it, but that's hard to prove, and it is unlikely that the credit companies are going to try that. Nothing is delivered (online delivery of bits, well, that's easy to remove) and the software company itself is not actually caught doing an illegal transaction.
This goes for any transactions for services instead of goods I suppose, but internet software or "content" purchases are not actually costing a company anything, and people can still pay hundreds of dollars for them. And services are not delivered, they are performed.
'Because RW looks more like "Read/Write" than "Rewritable".'
No, it did look like that *before* rewritable CD's were labeled RW. Not anymore.
Computers will never be as simple as cars. Cars are single purpose machines, getting people and some luggage from one place to another. They generally don't need upgrades, qualified engineers will take care of most maintainance. Don't forget you get many hours of lessons (in most countries from qualified personel) to drive safely. Oh, and they will nowadays easily get to the age of 10 years, even when they are well used.
Computers, now that is a different story. Many people know how to travel the web pretty well by now, but that's just a single application. Maybe we should compare driving a car with using an internet browser or something. Of course I agree that computers can be made much easier. But as simple as cars? No.
You are looking for a realistic keylength? Well, let's guess (first google hit): Keylength.com. Only it seems to be down at this time. Too many slashdot hits I suppose. Anyway, you can look through the NIST or ECRYPT documents, but they are not written for mere uninformed human creatures. The best bit of information is table 4 in the NIST document (warning, in PDF format).
With RSA - and other asymmetric cryptographic techniques - the number of calculations grows exponentially when you increase the bit-size of the keys. You need a darn lot of cryptographic messages for them to break using 1024 bit RSA keys if you want the same level security of a message encrypted with a 1280 bit RSA key. 500 messages a day is comparable with a key strenght increase of roughly 90 bits for RSA. Just using bigger key lengths would be much more efficient.
:)
Just for fun, to get the strength of a 2048 bit RSA key using many messages encrypted with 1024 bit RSA keys you would need to send about 2,016,338,777 messages - if my calculations are correct. That does not seem too efficient to me
Yeah, and I've seen motherboards from both Asus and VIA that supported this RoHS. VIA in particular seems to be right on the edge with environmental friendly (or, at least friendlier) PC components, see e.g. here.
160 Mbit/sec? That's about 33% of the speed of current hard drives, maximum. Remember, transfer speeds are normally measured in MB/sec (or, more accurately, MiB/sec) not Mbit/sec. And for hard drives there are RAID solutions readily available. The things that might be interesting for customers are reliability, power consumption and (kind of) storage space needed. It might be that these things beat hard drives in these sections. Storage capacity, speed and price of hard drives are definately not yet within reach, it seems.
Dunno, a library of congress could store millions of these disks!
As long as the advertisements don't include weight (and adapter weight if possible) and battery life in their commercials, it might not be worth it to go for the ultra-compatible arena. Here in the Netherlands at least they even put in commercials for ultra-thins without noting the weight and the battery life, even if these figures are more than decent. The difference seems to be made by a 80 or 100 GB HDD, which I don't care about for a bit.
"when mounted, we want to to say 1 terrabyte, not meh, nearly one terrabyte. The OS is the measureing stick, use it."
I'll bite. First of all, we want it to say terabyte or TB. Notice the lack of dubbel r's. Furthermore, I don't care a bit what the OS (which OS is that?) measures it. Please use measurements ones that humans, not computers or nerds understand, TB for 1,000,000,000,000 bytes is fine with me. And then there is the issue of filesystems. If you would format this with some arcane filesystem, you might loose a lot of data storage right away.
In other words, they've more or less nailed it, even if they use it for commercial reasons only.
Nah, it's just fear of the uncommon. No need for studies there. I don't believe for a bit that you will see this behaviour with persons that have had computers since they were a child. I've also seen behaviour like this when it comes to work-shed tools. There are probably a few things in this world that are simple to do, but which I will find daunting.
And don't forget that computers are not that simple. They just appear simple to you because you *are* already used to them. Things like pressing the start button to shut down the computer instead of just pressing the off button. Copying happens when dragging to another drive, moving otherwise etc. etc.
Exactly, in the Netherlands at least only the lowliest computers are sold with basic by default. All the others run Premium. Hell, even a 800 euro laptop comes with Premium nowadays. so the high percentage of Premium sales says nothing at all. Actually, it might be that the Basic version disappears from desktops altogether, because nobody might buy these computers without Premium. It's more that Basic is for loosers, and all the other guys get Premium, than that Premium is the odd one out.
"Improvements in diesel engines might well outpace hybrid technology."
Unless they make the engines efficient at any RPM, I cannot see this happen. If it is for a specific RPM, then the hybrids can use this same advantage. Anyway, diesel engines are as old as Jerusalem. If there are any optimizations to be made (see article) then I think that the hybrids currently are most likely to benefit.
"Personally I think its genius, I'd like to follow the progress of such a protocol if it exists. I just got done watching the talk so I'll be googling around for a little I suppose."
It's not a protocol. It's a bunch of ideas meant for researchers (or grad students in his talk). It's meant to get people to think about what they are doing - or, to be more precise - what their goal should be. He mentioned some protocols as examples of partial implementations of his ideas, maybe you could start there.
Perfect chair for dual screen. Seems pretty heavy as well, so it should be proof against vandalism by Microsoft CEO's.
"See, better power management really is supposed to be a new feature of Vista, and it's a legitimate feature (unlike the increased DRM 'feature')."
They have said that for all the previous OS as well, and I must say that - on average - power management on Windows systems is really bad. This could be because MS is not in the computer business (Apple can change the drivers pretty easily, which MS can't). But to call better power management a new feature *again* is really taking it a bit too far. Of course, the quotes should have to be around "new" as well, as in "new features". I do not even dare to try it on my old laptop though, is was designed for Windows 2K, and it patently refuses to have anything to do with power saving modes in XP (hanging itself when it is restarted).
"The whole TCP/IP stack was NOT designed taking security under consideration."
And it doesn't need to be. The TCP/IP stack implementations need to be protected against buffer overflows and such like. Appart from that, security must be implemented on the application layer (which is not part of the TCP/IP stack).
"Therefore, we either need an external security mechenism (such as firewalls, IDSs, IT department, etc.),"
If the OS would not let any application just make any connection towards the internet, and if it would not let any application just open any server port, I would indeed not need a firewall. Anyway, you cannot design a network protocol to be secure in the sense that you are talking about. How would such a secure protocol replace a (higher level) IDS?
"OR we need to design new secure network protocols and change every single node in The Internet. Now, obviously we can't change every single node in The Internet, can we?"
IP uses IP addresses to identify computers. Unless you want to have an identification scheme for *each* address, you cannot have such security on the TCP/IP layer. This is called IPSec (or the security part of IPv6 I suppose). It does work, but only within closed environments (e.g. corporate LAN's or within universities) and it only protects against eavesdropping and malicious laptops joining the network.
"I know this is a utopian vision that I probably won't see in my lifetime, but the IT services market is pushing us in this direction. As IT becomes more of a utility, users are going to buy a whole lot more services than products. And by nature, services are more about results than technologies. Service customers -- whether home users or multinational corporations -- care less and less about the specifics of security technologies, and increasingly expect their IT to be integrally secure."
This is the 6th paragraph, out of 11. If you look at this paragraph, you see that the first five are more or less teasers. Schneier then goes on how security becomes more and more integrated into the package (we see this with linux and windows incorporating firewalls as well). Also, as a Java developer and linux user, I know that it _can_ be pretty easy to make products more secure. Buffer overruns and SQL injection can be easily avoided, and I still don't need no virusscanner on my linux machine. Yet about 70% keeps japping about the first few paragraphs, even though Bruce clearly does not see the industry disappear overnight.
I presume this is progress. At least, it's now RTFSHOTA (read the f***ing second half of the article).
Up to a point, yes. But if security can be had without teaching the user, all the better. No email should be able to infect a computer just because it is being recieved by am mail application. No user should have to know the inner workings of a firewall, let alone know how to install one. Because, as you said, never underestimate the power of human stupidity. The trick is to take the user out of the equation. And that seems to be the gist of (at least the second part of) the article.
"It seems clear that we must *eradicate* the homeless."
No problem, just put them in houses. Ash trays would be a good idea too.
Hey, how was your interview at Google?
"Silent"
Silent, what do you mean silent, they did not say anything to you?
"Silent"
Darn, stop saying silent, would you?!
"Silent!"
"Although I am not the most 31337 person in the world, I am pretty much surrounded by the world of computers, but I have never, in my life, put down money for a computer magazine. And no one I know, including many programmers, hardware people, or network administrators, seems to be a follower either."
Uh, I travel by train, and I love to read the C'T magazine while traveling. It's available in Dutch and German only, unfortunately (for you). It's pretty geeky and pretty good, and has very interesting articles. I used to buy Dr Dobbs as well, but now I only buy the Java specific ones (too many articles that are not in my field). I used to buy the Byte as well, if only for the well written (but very common) articles by Jerry Pournelle. Alas, that time has gone.
It's definately still possible for a magazine to be better written, better informed than most grub on the internet. Of course, 50-70% of the magazines aren't worth a dime, and I won't buy them. I think most computer magazines from the UK are *horrible*, but that might be because we only get the really popular ones. I like the linux magazines very much as well, but they are too expensive over here.