What determines what makes a release frontpage?
on
Bonobo 1.0 released
·
· Score: 2
I'm trying to understand it here, for some projects, it's a big deal. But projects such as Bonobo have a following where anyone who cared about the release probably [heard | will hear about it] in a very short amount of time.
How about plugging, say, only the initial releases of truly innovative software? That would give the rest of us the chance to get slashdot attention.
"I love tux" repeated 9 times would be a fine
passphrase, unless people associate you with the phrase "I love tux" and would actually think about guessing that by hand. Heck, repeating it _3_ times would be a strong password!
For a dictionary attack, it wouldn't get it. For a brute force attack, using the 93 or so characters.. "IlovetuxIlovetuxIlovetux" - that's
24 characters. There are 93 permute 24 options for that, or 6.75e45. Now, to be fair, starting with one digit characters, thare are a total of
93 P 24 + 93 P 23 + 93 P 22... + 93 P 1 - or 6.856e45. A brute force attacker will give up before then, because even if you can do 1,000,000 tries a second with a really fast computer, it will still take 2.174e32 years. Now, even if you limit your passphrase to say, the set a-z, there are still 2.89e26 combinations. A million per second (which, AFAIK, is much higher than you can expect to get in scenarios such as this) and you'll still need 9.16e13 years.
The real weakness comes when your passphrase is say, 6 characters long and no punctuation (and the latter is known to the attacker) - then you have only 1.49e10 combinations, which will be solved by our fictional computer in just under 2 days.
As soon as little kids can build crystal wireless internet sets, and us bigger kids can build wireless regenerative internet sets and wirless superheterodyne internet sets, then I'll agree.
Radio is a wonderful hobby. Don't screw up a good thing- anyone with a wire, a coil, and a capacitor can get a signal. Through in an amplifier? You can get signals from around the world. DX'ing TV requires more expensive equipment to find the results as rewarding, but it too is done.
Sorry, but Tanenbaum was right on the number with this one. Ask anyone who's managed an open source project, or is managing one now (such as myself) and they will tell you that it's not that easy. It's not that people can jump in and submit a patch, and fix it all. That's a load of crap; most of the work in any project will be done by a handful of people, and that's that.
We can also tell by the number of bugs found in things developed with a development model like Linux that the "many eyes make all bugs shallow" philosophy is crap as well; most bugs aren't obvious programming errors, and if they are in your project, find new developers.
What are the implications of this technology for satelite dishes? Can they be made smaller, cheaper, or am I trying to find a use for this technology way too early?
Excuse my language, but that's a bunch of shit. When was the last time anyone here audited something before they ran? What it comes down to, unless you have hundreds of hours in your day, you'll have to trust someone: either on the integrity of the binary, or of the source.
The problem is with the routing tables being filled. Therefore, if you want to use the oh-so-lame "OSI Model", the problem is layer 3, while what you're talking about, HTTP, is layer 7.
When were people turned towards libranet? Libranet doesn't have a huge following- the big question is will this alienate their audience? I don't know; does anyone here actually use libranet? Does this piss you off?
OpenBSD is done by a group of volunteers (for the most part) and the quality of the auditing isn't anywhere near high enough to where you should put lives on the line.
Anyone who reads The OpenBSD Errata could tell you while they do a good job for an open source project, I certainly would not want any lives riding on the security of it.
Re:the thing about the console wars...
on
XBox Tidbits
·
· Score: 2
I stopped taking sega seriously around Sega 32X and Sega CD- and I'm probably not alone in that.
Just goes to prove one of my theories of console development: if upgrades are mandatory or even highly recommended for some games to be playable or enjoyable, then the console will fail.
When I first heard reports of the 64DD for the N64, I said "Wow, guess Nintendo didn't learn from Sega's mistakes- they should cut their losses and start working on their next console" ; of course, all of my friends were looking at me crazy, as the 64 was seen, in their eyes, as the best console around.. but I knew that it would be a relative failure.
Last time I checked, viruses were small self-contained programs that did nasty things to the computer they run on.
Nope, that's a trojan. Here's a quick explaination of the different terms for malicious code:
Trojan Horse ("Trojan") A Trojan is a standalone program that the user is tricked into running, which will in turn do bad things.
Virus. A virus is a program that attaches itself (infects) executables- usually anything that's ran while the virus is in memory. When an infected program is executed on a system that does not already have the virus in memory, it will usually load itself into memory for the purpose of infecting yet another system. They really haven't been seen much in recent years, as it's too much hassle and requires much more intelligence than other malicious programs. I'm sure a good portion of the slashdot audience will remember viruses such as Michaelangelo, Dark Avenger, PC-Stoned!, etc. (I was hit by Michaelangelo on it's second run-around)
Worms. A worm is any malicious program that propogates itself directly to other machines (usually via a network) whereas a virus relies on the execution of an infected program, and a trojan relies on execution of itself.
I hope that clears it up:)
Re:How is this a Linux problem?
on
New Linux Worm
·
· Score: 2
Yes, as well as the fact that the exploit can't be taken verbatim and used, as the machine code that is overflowed will only be valid on x86, and only on systems that use the same syscall numbers and kernel call conventions as Linux.
So unless you're a Linux user, or an X86 BSD user who's so whacked out he's running a linux binary of bind, you aren't affected by this worm.
It's a considerable leap from "break even" to "show a profit" - so I'm still not quite sure what publically traded "open-source" company is pulling of a profit.
Your signature is a terrible representation of Schrodenger's Cat.
Here's a better explaination for those who would like it, from http://www.madsciencelaboratories.com/laboratory/c at/what.html
In response to how ridiculous Bohr's belief that
atoms should obey quantum mechanics:
One can even set up quite ridiculous cases. A cat is penned up in a steel chamber, along with the following diabolical
device (which must be secured against direct interference by the cat): in a Geiger counter there is a tiny bit of
radioactive substance, so small that perhaps in the course of one hour one of the atoms decays, but also, with equal
probability, perhaps none; if it happens, the counter tube discharges and through a relay releases a hammer which
shatters a small flask of hydrocyanic acid. If one has left this entire system to itself for an hour, one would say that the
cat still lives if meanwhile no atom has decayed. The first atomic decay would have poisoned it. The Psi function for the
entire system would express this by having in it the living and the dead cat (pardon the expression) mixed or smeared
out in equal parts.
It is typical of these cases that an indeterminacy originally restricted to the atomic domain becomes transformed into
macroscopic indeterminacy, which can then be resolved by direct observation. That prevents us from so naively
accepting as valid a "blurred model" for representing reality. In itself it would not embody anything unclear or
contradictory. There is a difference between a shaky or out-of-focus photograph and a snapshot of clouds and fog
banks.
-- Erwin Schrödinger
No score +1 due to being terribly off-topic..
Try browsing your own user- the filter was 77.77% effective for me, but of course, YMMV.
Kinda odd what they are filtering- for example, most of my Pink Floyd and Bob Dylan was filtered while most of my CSNY, Neil Young, and 4 out of 6 of my Cake MP3's weren't.
If you're generating strictly random 500-byte long data, you've got 2**8(500) == 2^4000 combinations. That's a huge number- echo 2^4000 | bc if you don't believe me.
Now, granted, these aren't all valid C- in fact, the vast majority won't even contain the string "main(" - but you should get the point, the whole concept of generating any intelligence from random data of substantial length; it's crazy. You'll literally be generating and testing random 500-byte long snippets for quite awhile! Unless, of course, you cheat- and your data isn't very random at all:)
Yeah, that whole idea that the larger the userbase the more active the development is largely untrue at programs of any complexity.
It's not like bugs can be fixed in five minutes of work by someone who isn't comfortable with the source- if they were that simple, they probably would have been corrected before leaving.
And being the manager of a small open source project, I can tell you first hand- a very small percentage of the users do 99% of the work. Tough rap, eh?
Slashdot Mirror
Hahah that was great. I normally don't respond with such a boring comment, but that really should be modded up! :)
And how many of that minority read slashdot?
How about plugging, say, only the initial releases of truly innovative software? That would give the rest of us the chance to get slashdot attention.
For a dictionary attack, it wouldn't get it. For a brute force attack, using the 93 or so characters.. "IlovetuxIlovetuxIlovetux" - that's 24 characters. There are 93 permute 24 options for that, or 6.75e45. Now, to be fair, starting with one digit characters, thare are a total of 93 P 24 + 93 P 23 + 93 P 22 ... + 93 P 1 - or 6.856e45. A brute force attacker will give up before then, because even if you can do 1,000,000 tries a second with a really fast computer, it will still take 2.174e32 years. Now, even if you limit your passphrase to say, the set a-z, there are still 2.89e26 combinations. A million per second (which, AFAIK, is much higher than you can expect to get in scenarios such as this) and you'll still need 9.16e13 years.
The real weakness comes when your passphrase is say, 6 characters long and no punctuation (and the latter is known to the attacker) - then you have only 1.49e10 combinations, which will be solved by our fictional computer in just under 2 days.
Radio is a wonderful hobby. Don't screw up a good thing- anyone with a wire, a coil, and a capacitor can get a signal. Through in an amplifier? You can get signals from around the world. DX'ing TV requires more expensive equipment to find the results as rewarding, but it too is done.
We can also tell by the number of bugs found in things developed with a development model like Linux that the "many eyes make all bugs shallow" philosophy is crap as well; most bugs aren't obvious programming errors, and if they are in your project, find new developers.
What are the implications of this technology for satelite dishes? Can they be made smaller, cheaper, or am I trying to find a use for this technology way too early?
How do you pronounce it? Presumably just like "uniX systems" but without the un.
Excuse my language, but that's a bunch of shit. When was the last time anyone here audited something before they ran? What it comes down to, unless you have hundreds of hours in your day, you'll have to trust someone: either on the integrity of the binary, or of the source.
The problem is with the routing tables being filled. Therefore, if you want to use the oh-so-lame "OSI Model", the problem is layer 3, while what you're talking about, HTTP, is layer 7.
Why don't you just require that the user downloads aim.exe and puts it where the program can find it?
Apple has an interesting hobby.
When were people turned towards libranet? Libranet doesn't have a huge following- the big question is will this alienate their audience? I don't know; does anyone here actually use libranet? Does this piss you off?
Anyone who reads The OpenBSD Errata could tell you while they do a good job for an open source project, I certainly would not want any lives riding on the security of it.
Just goes to prove one of my theories of console development: if upgrades are mandatory or even highly recommended for some games to be playable or enjoyable, then the console will fail.
When I first heard reports of the 64DD for the N64, I said "Wow, guess Nintendo didn't learn from Sega's mistakes- they should cut their losses and start working on their next console" ; of course, all of my friends were looking at me crazy, as the 64 was seen, in their eyes, as the best console around.. but I knew that it would be a relative failure.
Hence the usefulness of quoting.
Bah, positive comments mean more to me (as they should to anyone) than moderation. Thanks.
Nope, that's a trojan. Here's a quick explaination of the different terms for malicious code:
Trojan Horse ("Trojan") A Trojan is a standalone program that the user is tricked into running, which will in turn do bad things.
Virus. A virus is a program that attaches itself (infects) executables- usually anything that's ran while the virus is in memory. When an infected program is executed on a system that does not already have the virus in memory, it will usually load itself into memory for the purpose of infecting yet another system. They really haven't been seen much in recent years, as it's too much hassle and requires much more intelligence than other malicious programs. I'm sure a good portion of the slashdot audience will remember viruses such as Michaelangelo, Dark Avenger, PC-Stoned!, etc. (I was hit by Michaelangelo on it's second run-around)
Worms. A worm is any malicious program that propogates itself directly to other machines (usually via a network) whereas a virus relies on the execution of an infected program, and a trojan relies on execution of itself.
I hope that clears it up :)
So unless you're a Linux user, or an X86 BSD user who's so whacked out he's running a linux binary of bind, you aren't affected by this worm.
It's a considerable leap from "break even" to "show a profit" - so I'm still not quite sure what publically traded "open-source" company is pulling of a profit.
You'd think you'd double-check on such a historic form, but..
Here's a better explaination for those who would like it, from http://www.madsciencelaboratories.com/laboratory/c at/what.html
In response to how ridiculous Bohr's belief that atoms should obey quantum mechanics:
One can even set up quite ridiculous cases. A cat is penned up in a steel chamber, along with the following diabolical device (which must be secured against direct interference by the cat): in a Geiger counter there is a tiny bit of radioactive substance, so small that perhaps in the course of one hour one of the atoms decays, but also, with equal probability, perhaps none; if it happens, the counter tube discharges and through a relay releases a hammer which shatters a small flask of hydrocyanic acid. If one has left this entire system to itself for an hour, one would say that the cat still lives if meanwhile no atom has decayed. The first atomic decay would have poisoned it. The Psi function for the entire system would express this by having in it the living and the dead cat (pardon the expression) mixed or smeared out in equal parts. It is typical of these cases that an indeterminacy originally restricted to the atomic domain becomes transformed into macroscopic indeterminacy, which can then be resolved by direct observation. That prevents us from so naively accepting as valid a "blurred model" for representing reality. In itself it would not embody anything unclear or contradictory. There is a difference between a shaky or out-of-focus photograph and a snapshot of clouds and fog banks. -- Erwin Schrödinger
No score +1 due to being terribly off-topic..
Kinda odd what they are filtering- for example, most of my Pink Floyd and Bob Dylan was filtered while most of my CSNY, Neil Young, and 4 out of 6 of my Cake MP3's weren't.
Now, granted, these aren't all valid C- in fact, the vast majority won't even contain the string "main(" - but you should get the point, the whole concept of generating any intelligence from random data of substantial length; it's crazy. You'll literally be generating and testing random 500-byte long snippets for quite awhile! Unless, of course, you cheat- and your data isn't very random at all :)
It's not like bugs can be fixed in five minutes of work by someone who isn't comfortable with the source- if they were that simple, they probably would have been corrected before leaving.
JWZ summarized it pretty well when he quit. http://www.jwz.org/gruntle/nomo.html
And being the manager of a small open source project, I can tell you first hand- a very small percentage of the users do 99% of the work. Tough rap, eh?