just what you want for the kernel of a server OS, isn't it?
Why in hell does every Linux fanboy assume that all Windows processes run in kernel mode? Even Windows Explorer on NT4/Win2k/XP/2003 runs in user space, buddy.
All of this UI stuff wil run in user space, with the exception of the actual video device driver code (which is done for performance). Windows video device drivers that are WHQL certified are typically rock solid and stable for general non-gaming use.
Anyway, you can run GUI-less windows servers on 2003 today. And even if you do choose to use the GUI shell for administering a Windows server, when you log out, the processes for explorer.exe and pretty much everything else GUI are completely stopped (only GINA, the graphical login prompt, remains). You can verify this with any number of Windows remote administration tools.
Finally, you can bet that the "eye candy" will be turned off by default on the server versions of longhorn, just as it is on Windows Server 2003 (which uses the same Luna GUI as XP, with almost all the animation/transparency/etc. options turned off).
An even greater point beyond all that is the fact that there are too many god damn people and if we reduced population, none of this would be a problem.
Finally, a world problem you Europeans can't blame us Americans for!
Oh wait, you want us to pay for rubbers and abortions for India and Africa now, right?
It is often said that talking about "population control" is the politically correct way a white liberal expresses his racism.
Microsoft uptimes and security are lower than anyone else's and the average user experience will be poor. The exceptions simply prove the rule by surprising us.
Well Microsoft.com is agruably the largest website in the world, and other than that DNS issue (which was a failure in Akamai's product, not Windows), I cannot recall it being offline in the last few years. And they run it all on (usually beta!) Windows software.
Not to be an M$ apologist, but how a system is designed, implemented, and most importantly managed is the most important factor in determining reliability.
We see our public Windows webservers achieve three 9s without really trying for high uptime, even under a very spiky load. Why? Because we test everything reasonably well before deployment. Many Windows administrators are idiots, who have no formal background in CS or Engineering or anything else technical. They just went to a few weeks of training classes, and the basics of Windows administration are easier to learn than most other OSs. The result is a lot of unreliable Windows-based servers.
There are lies, damn lies, and statistics. It's like the cancer-cluster-and-powerlines thing. You can Statistics them to prove that Windows is unreliable, I can use the same statistics to prove that quite a few Windows administrators are dipshits. Correlation does not enecessarily not equal a cause-effect relationship.
It's crude, but effective, and I wrote one of these in 1985, using the PRNG on the BBC Microcomputer, convoluting the key and then re-seeding the PRNG every so often, so that weaknesses in the PRNG could only be used to break one segment at a time.
Any break in the PRNG would result in a complete compromise of the whole stream in such a hommade cipher. Presumably, "convoluting the key and re-seeding" would be a deterministic process, so you could decrypt on the other end. This makes the whole thing just as weak as the PRNG. If you used something a linear, quadratic, or LFSR asn the PRNG, your construction would be child's play to break for any beginning cryptanalyst. You can't rely on the "secrecy" of your "convolution and reseeding" process here. Security through obscurity is almost no security at all.
You have to exchange the real random numbers, along with the seed(s) for the PRNG, but it's closer to an actual one-time pad and therefore stronger than a stream cipher on its own.
There is so much wrong with this I don't know where to begin. Exchange the random numbers... how? You can't do it securely over the network, since that's what we're trying to secure in the first place. Do you presume to make a copy on CD and move it around? Diffe-Hellman and the like are an option, but if so your scheme is functionally the same as distributing block-encryption keys with DH/RSA/ECC/whatever. Where is the advantage to your scheme? Added complexity != added security.
Timestamps should never be used in cryptography, because once you know the time at point X, you know the time at point X+N, and therefore know what value is being plugged in at that time. Also, timestamps are OS and language dependent, which makes the algorithm less portable.
In Kerberos, an encrypted nonce+timestamp is used as an authentication ticket. This is pretty secure, if you trust the client machine hasn't been rooted, since the only way the encrypted timestamp+nonce can be fashioned is if the shared secret is known by the authenticating client. Are you suggesting that all those PhDs from MIT that built Kerberos were "ignorant" for using timestamps? (As for the rest of your argument... obviously the protocols would establish a standard for the size and format of the timestamp. I don't understand what your point is.)
Basically, what I'm saying is this: writing encryption algorithms and security protocols is not something programmers should do. The complexities are far too subtle. Programmers should rely on Mathematics Ph.D.s and similar folks to do the algorithm/protocol work. They have the theoretical grounding to do so well. When programmers and engineers design security protocols and algorithms, you typically get overly complex, seemingly-secure, but actually redundant-and-weak garbage like WEP, MS-LANMAN authentication, etc.
Programmers should concentrate on writing secure implementations of well-researched and vetted encryption algorithms and security protocols. Again, I refer you to Applied Cryptography for the huge list of reasons why. Note also that I am a CompSci & Software Engineering type by education and trade, and I know enough about encryption to know that I do not have the theoretical background to do security algorithm and protocol design. Do you have a PhD in number theory or some other applicable branch of methematics? Or 25 years behind a desk at the NSA? If not, you shouldn't be messing with this stuff either. There are already known-secure algorithms and protocols out there, so concentrate on implementing those well.
After having a bunch of boxes from "tier 1" server vendors die, getting visits from idiot service techs, and still having trouble getting parts, we started rolling our own servers. We save several thousand per server, even assuming $100/hr for a tech to order and assemble it all. Warranties on individual components are typically as good or better than the tier-1 vendors, and the components are best-of-breed. (Even tier-1 vendors use the cheapest disks they can get in any given week).
I've had very good expieriences with server building blocks from Supermicro. We then add on CPUs, good Kingston memory, Seagate disks, and Adaptec or LSI RAID cards. For storage enclosures, we typically go with Storcase.
All of the above vendors have been in business a long time, and offer backwards-compatibility in most of their producs (this is especially important with the RAID cards). The final products are bulletproof beasts that last longer, on average, than any of the x86 HP, Dell, or IBM servers we've owned.
Seriously, though, Big Oil will try to squash this like a bug, and the U.S. government will follow suit.
Do you really think "Big Oil" wants to be in the oil business anymore? They're businessmen. Businessmen are very averse to risk. Oil and the Middle East are not a safe combination. The current world oil market is full of risky exploration, shady cartels, unpredictable pricing, capricious tyrants, and a helluva lots of explosives and guns. That's not good for business.
Businessmen also like to diversify, so that temporary setbacks in one market do not affect the whole enterprise. Alternative energy sources would seem to be a good way to diversify, if they ever prove cost-effective.
I think big oil companies will jump on the very first viable non-oil energy source they can. It's just that there's no current energy thechnology that meets all the same needs as oil-derived fuels (easy portability, high energy density, wide array of uses, etc.) Biodiesel is a start in the right direction, and sure enough they're lots of big companies and government agencies involved in the effort. Big Oil companies (which are really just oil transport companies) will almost certainly come aboard as soon as it's clear the technology can provide a stable, high-volume, cost-comparable source for diesel fuel.
Becuase MSFT has never made a large profit on a project that wasn't OS or Office.
You can bet your ass Microsoft makes a helluva lot of money from SQL Server and Exchange Server. Probably more than most other software companies make, period. Even with fully allocated development, support, and marketing costs.
Can't the same be said of IE or any program that stores information in %SYSTEMROOM%\Documents and Settings\%USERNAME% ? I mean, it's possible for me to see anyone's "habits" that way, right?
Wrong. IE and almost all other well-behaved Windows applications store their temporary data in %USERPROFILE%. Which for IE generally means "C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files". All directories under Documents and Settings have user-specific permissions by default. Even the machine or domain admin does not have read access to those directories (although an admin can take ownership and change the perms).
One should also note that this sort of user-specific behavior (i.e. you don't write to HKEY_LOCAL_MACHINE in the registry, or %SYSTREMROOT%, or %PROGRAMFILES%) is required for getting the official Windows 2000 or Windows XP compatibility logo. Unfortunately, a great deal of popular non-MS software does not qualify for this logo, even though the programs are still marketed as "Windows 2000/XP compatible." This is why so many lazy corporate Windows administrators punt and give their users administrative rights to their machines, when that is not the default.
Of course the spyware will be able to make it through backdoors in things like caluclator and notepad, because God knows they're wired to the central part of the Windows kernel!
Of course the worms will still be able to make it in through things like php and BBS scripts, because God knows they're wired to the central part of the Linux kernel!
Ultimately, they'll probably do what DirecTV has done: issue groups of keys in tamper-proof hardware, and they revoke keys from circulation as they are discovered to be compromised.
This gets rid of the large majority of casual infringers, because they don't want mess with buying a new hacked card every month. Hard-core pirates will still go through the hassle, but they'll be a small minority. The media companies only have to re-issue legitimate smartcards (or whatever) to a low percentage of players per year, and the time/hassle economics dictate that most people will pay and participate in the DRM scheme.
My fear is that the push will be to make players will be incapable of playing unencrypted content, so that cracked downloadable copies aren't of much use. I'm not sure how media companies could do that, unless they completely remove support for PC-based players.
95% employment is considered "full employment" laregely because on average in this country several precent of the workforce chooses to be unemployed at any given time. They quit for something better, move towns, go to school, have kids, etc. It's called "frictional unemployment". There are jobs available, but people are busy doing other things. When employement gets higher than 95%, wages take of and inflation spirals out of control, as it did in the 80s. Look up "unemployment" on Wilkipedia for more information.
Also, the prison populations have at most a 1.5% effect on unemployment numbers (less than 0.7% of total population), so you're full of shit there too.
Basically, you need to stop using Spin Magazine as your primary news source. Buy a subscription to The Economist or something.
Your use of the term "one time pad" is unfortunate. It automatically marks you as one who knows little to nothing about encryption.
The "psaudo one-time pad" you describe is called a "stream cipher". And your proposed system using it offers no security above that of Kerberos, which uses a machine-specfic shared secret (just like your "pad generator") and timestamps to similar effect.
Pick up a copy of Applied Cryptography by Bruce Schneier, read it, and come back when you understand a bit more about these things.
Even with domain and workstation admin rights and no group policies applied, this "Internet time" tab does not show for XP machines joined to our Windows 2000 domain. NT4 domain controllers do not have the time service (they don't use Kerberos authentication, so mismatched clocks aren't a disaster), so maybe that's why it shows up for you. I am going to remove one of my machines from my domain to see if it shows up.
By the way, you do know that support for Windows NT 4 has ended, right? No more security fixes, no more support other than what's online in the knowledge base. Might be time to upgrade if you're sticking with Windows servers, or switch to Linux servers running Samba...
Actually, XP (and I assume 2003) can. Double click the clock in the taskbar, look for the "internet time" tab. You can update with time.nist.gov (recommended) or time.windows.com.
Weird. I've never seen that tab before, and it's not on any of our XP workstations. Perhaps it only appears on Windows machines that are not a member of a Windows 2000 domain? (Windows machines that are a member of a domain automatically sync thier clock a domain controller.)
Presumably one would use an escrow agency to hold the funds until the purchaser verifies that the diamond is okay. This is done for many high-value purchases on eBay.
atomic time sychronizer - for PCs/users that cant do NTP
I've noticed a lot of sites actually selling NTP clients for windows as shareware. Rediculuous scams.
All versions of windows 2000, XP and 2003 support Simple NTP natively via the Windows Time Service. You just can't configure it using a GUI. However, entering this simple command line:
NET TIME/SETSNTP:time.nist.gov
The server time.nist.gov is a decent choice for users in the US. You can enter multiple NTP servers separated by commas, and the Windows Time service will try them in order.
Defining "stealing" has proven very, very difficult throughout history. Feudal societies, debtors prisons, and communist revolutions were all casued by different interpretations of what is or can be property, and who "owns" what.
Witness the recent RIAA/MPAA flap, and all of the financial services regulations enforced by agencies like the SEC. Both involve laws designed to prevent "stealing".
First off, my diamond is from Canada. A very very small portion of diamonds on the market are "conflict diamonds."
Secondly, I can almost certainly sell my diamond for a large portion of what it is worth. Perhaps not to a diamond dealer, who has access to wholesale diamonds. But it can be sold in the secondary market for something close to what I paid for it. That referenced stone on eBay is similar to the one I bought, but smaller.
Finally, the oil you pump into your car has cost more lives than any amount of diamonds. Do you feel guilty every time you drive? Or every time you use a petroleum-derived product like plastic? Get off your high horse.
Manufactured emeralds are basically worthless, while natural emeralds are still reasonably valuable. Even though the synthetic emeralds are far more pure ion composition. For a variety of reasons, the market values natural emeralds far higher than manufactured ones. The same goes for cultured pearls.
I bought a $6500 natural diamond last year, just a month before the Wired article came out. But I am not kicking myself. Gem-quality manufactured or "cultured" diamonds larger than 1 carat are still rare in the marketplace, and none of those available are clear, as far as I can tell.
Also, I'm a firm believer that something is "worth" whatever you can sell it for. And you can't sell a manufactured diamond for anything close to the price of a natural diamond, given similar color, cut, clarity, and carat weight.
Slashdot Mirror
Why in hell does every Linux fanboy assume that all Windows processes run in kernel mode? Even Windows Explorer on NT4/Win2k/XP/2003 runs in user space, buddy.
All of this UI stuff wil run in user space, with the exception of the actual video device driver code (which is done for performance). Windows video device drivers that are WHQL certified are typically rock solid and stable for general non-gaming use.
Anyway, you can run GUI-less windows servers on 2003 today. And even if you do choose to use the GUI shell for administering a Windows server, when you log out, the processes for explorer.exe and pretty much everything else GUI are completely stopped (only GINA, the graphical login prompt, remains). You can verify this with any number of Windows remote administration tools.
Finally, you can bet that the "eye candy" will be turned off by default on the server versions of longhorn, just as it is on Windows Server 2003 (which uses the same Luna GUI as XP, with almost all the animation/transparency/etc. options turned off).
So is BZIP2:
Well Microsoft.com is agruably the largest website in the world, and other than that DNS issue (which was a failure in Akamai's product, not Windows), I cannot recall it being offline in the last few years. And they run it all on (usually beta!) Windows software.
Not to be an M$ apologist, but how a system is designed, implemented, and most importantly managed is the most important factor in determining reliability.
We see our public Windows webservers achieve three 9s without really trying for high uptime, even under a very spiky load. Why? Because we test everything reasonably well before deployment. Many Windows administrators are idiots, who have no formal background in CS or Engineering or anything else technical. They just went to a few weeks of training classes, and the basics of Windows administration are easier to learn than most other OSs. The result is a lot of unreliable Windows-based servers.
There are lies, damn lies, and statistics. It's like the cancer-cluster-and-powerlines thing. You can Statistics them to prove that Windows is unreliable, I can use the same statistics to prove that quite a few Windows administrators are dipshits. Correlation does not enecessarily not equal a cause-effect relationship.
Trying to get any Linux distro other than Mepis to work on a virtual machine is pretty painful.
Any break in the PRNG would result in a complete compromise of the whole stream in such a hommade cipher. Presumably, "convoluting the key and re-seeding" would be a deterministic process, so you could decrypt on the other end. This makes the whole thing just as weak as the PRNG. If you used something a linear, quadratic, or LFSR asn the PRNG, your construction would be child's play to break for any beginning cryptanalyst. You can't rely on the "secrecy" of your "convolution and reseeding" process here. Security through obscurity is almost no security at all.
There is so much wrong with this I don't know where to begin. Exchange the random numbers... how? You can't do it securely over the network, since that's what we're trying to secure in the first place. Do you presume to make a copy on CD and move it around? Diffe-Hellman and the like are an option, but if so your scheme is functionally the same as distributing block-encryption keys with DH/RSA/ECC/whatever. Where is the advantage to your scheme? Added complexity != added security.
In Kerberos, an encrypted nonce+timestamp is used as an authentication ticket. This is pretty secure, if you trust the client machine hasn't been rooted, since the only way the encrypted timestamp+nonce can be fashioned is if the shared secret is known by the authenticating client. Are you suggesting that all those PhDs from MIT that built Kerberos were "ignorant" for using timestamps? (As for the rest of your argument... obviously the protocols would establish a standard for the size and format of the timestamp. I don't understand what your point is.)
Basically, what I'm saying is this: writing encryption algorithms and security protocols is not something programmers should do. The complexities are far too subtle. Programmers should rely on Mathematics Ph.D.s and similar folks to do the algorithm/protocol work. They have the theoretical grounding to do so well. When programmers and engineers design security protocols and algorithms, you typically get overly complex, seemingly-secure, but actually redundant-and-weak garbage like WEP, MS-LANMAN authentication, etc.
Programmers should concentrate on writing secure implementations of well-researched and vetted encryption algorithms and security protocols. Again, I refer you to Applied Cryptography for the huge list of reasons why. Note also that I am a CompSci & Software Engineering type by education and trade, and I know enough about encryption to know that I do not have the theoretical background to do security algorithm and protocol design. Do you have a PhD in number theory or some other applicable branch of methematics? Or 25 years behind a desk at the NSA? If not, you shouldn't be messing with this stuff either. There are already known-secure algorithms and protocols out there, so concentrate on implementing those well.
After having a bunch of boxes from "tier 1" server vendors die, getting visits from idiot service techs, and still having trouble getting parts, we started rolling our own servers. We save several thousand per server, even assuming $100/hr for a tech to order and assemble it all. Warranties on individual components are typically as good or better than the tier-1 vendors, and the components are best-of-breed. (Even tier-1 vendors use the cheapest disks they can get in any given week).
I've had very good expieriences with server building blocks from Supermicro. We then add on CPUs, good Kingston memory, Seagate disks, and Adaptec or LSI RAID cards. For storage enclosures, we typically go with Storcase.
All of the above vendors have been in business a long time, and offer backwards-compatibility in most of their producs (this is especially important with the RAID cards). The final products are bulletproof beasts that last longer, on average, than any of the x86 HP, Dell, or IBM servers we've owned.
How? The same way those vaunted open-source developers managed to work widespread security flaws into TIFF images, PNG images, and even file names.
Look at the fine print at the bottom of the iPod Shuffle page:
Nice...
Do you really think "Big Oil" wants to be in the oil business anymore? They're businessmen. Businessmen are very averse to risk. Oil and the Middle East are not a safe combination. The current world oil market is full of risky exploration, shady cartels, unpredictable pricing, capricious tyrants, and a helluva lots of explosives and guns. That's not good for business.
Businessmen also like to diversify, so that temporary setbacks in one market do not affect the whole enterprise. Alternative energy sources would seem to be a good way to diversify, if they ever prove cost-effective.
I think big oil companies will jump on the very first viable non-oil energy source they can. It's just that there's no current energy thechnology that meets all the same needs as oil-derived fuels (easy portability, high energy density, wide array of uses, etc.) Biodiesel is a start in the right direction, and sure enough they're lots of big companies and government agencies involved in the effort. Big Oil companies (which are really just oil transport companies) will almost certainly come aboard as soon as it's clear the technology can provide a stable, high-volume, cost-comparable source for diesel fuel.
You can bet your ass Microsoft makes a helluva lot of money from SQL Server and Exchange Server. Probably more than most other software companies make, period. Even with fully allocated development, support, and marketing costs.
Think about how much 31% of worldwide corporate messaging seats (see page 12) really is. Now multiply that number by at least 30 bucks per seat. We're talking hundreds of millions of dollars.
Wrong. IE and almost all other well-behaved Windows applications store their temporary data in %USERPROFILE%. Which for IE generally means "C:\Documents and Settings\%USERNAME%\Local Settings\Temporary Internet Files". All directories under Documents and Settings have user-specific permissions by default. Even the machine or domain admin does not have read access to those directories (although an admin can take ownership and change the perms).
One should also note that this sort of user-specific behavior (i.e. you don't write to HKEY_LOCAL_MACHINE in the registry, or %SYSTREMROOT%, or %PROGRAMFILES%) is required for getting the official Windows 2000 or Windows XP compatibility logo. Unfortunately, a great deal of popular non-MS software does not qualify for this logo, even though the programs are still marketed as "Windows 2000/XP compatible." This is why so many lazy corporate Windows administrators punt and give their users administrative rights to their machines, when that is not the default.
Of course the worms will still be able to make it in through things like php and BBS scripts, because God knows they're wired to the central part of the Linux kernel!
Ultimately, they'll probably do what DirecTV has done: issue groups of keys in tamper-proof hardware, and they revoke keys from circulation as they are discovered to be compromised.
This gets rid of the large majority of casual infringers, because they don't want mess with buying a new hacked card every month. Hard-core pirates will still go through the hassle, but they'll be a small minority. The media companies only have to re-issue legitimate smartcards (or whatever) to a low percentage of players per year, and the time/hassle economics dictate that most people will pay and participate in the DRM scheme.
A good paper on this subject: Long Lived Broadcast Encryption.
My fear is that the push will be to make players will be incapable of playing unencrypted content, so that cracked downloadable copies aren't of much use. I'm not sure how media companies could do that, unless they completely remove support for PC-based players.
Works fine on my Sonicwall devices...
You're spreading a lot of misinformation.
95% employment is considered "full employment" laregely because on average in this country several precent of the workforce chooses to be unemployed at any given time. They quit for something better, move towns, go to school, have kids, etc. It's called "frictional unemployment". There are jobs available, but people are busy doing other things. When employement gets higher than 95%, wages take of and inflation spirals out of control, as it did in the 80s. Look up "unemployment" on Wilkipedia for more information.
Also, the prison populations have at most a 1.5% effect on unemployment numbers (less than 0.7% of total population), so you're full of shit there too.
Basically, you need to stop using Spin Magazine as your primary news source. Buy a subscription to The Economist or something.
Your use of the term "one time pad" is unfortunate. It automatically marks you as one who knows little to nothing about encryption. The "psaudo one-time pad" you describe is called a "stream cipher". And your proposed system using it offers no security above that of Kerberos, which uses a machine-specfic shared secret (just like your "pad generator") and timestamps to similar effect. Pick up a copy of Applied Cryptography by Bruce Schneier, read it, and come back when you understand a bit more about these things.
Even with domain and workstation admin rights and no group policies applied, this "Internet time" tab does not show for XP machines joined to our Windows 2000 domain. NT4 domain controllers do not have the time service (they don't use Kerberos authentication, so mismatched clocks aren't a disaster), so maybe that's why it shows up for you. I am going to remove one of my machines from my domain to see if it shows up.
By the way, you do know that support for Windows NT 4 has ended, right? No more security fixes, no more support other than what's online in the knowledge base. Might be time to upgrade if you're sticking with Windows servers, or switch to Linux servers running Samba...
Weird. I've never seen that tab before, and it's not on any of our XP workstations. Perhaps it only appears on Windows machines that are not a member of a Windows 2000 domain? (Windows machines that are a member of a domain automatically sync thier clock a domain controller.)
Presumably one would use an escrow agency to hold the funds until the purchaser verifies that the diamond is okay. This is done for many high-value purchases on eBay.
I've noticed a lot of sites actually selling NTP clients for windows as shareware. Rediculuous scams.
All versions of windows 2000, XP and 2003 support Simple NTP natively via the Windows Time Service. You just can't configure it using a GUI. However, entering this simple command line:
The server time.nist.gov is a decent choice for users in the US. You can enter multiple NTP servers separated by commas, and the Windows Time service will try them in order.
They have the consumer-oriented "PhotoShop Elements" at the CDW store, as well as CompUSA last I checked.
The "real Phtooshop", photoshop CS, costs over $500, and is therefore unattractive to most retail shoppers.
Defining "stealing" has proven very, very difficult throughout history. Feudal societies, debtors prisons, and communist revolutions were all casued by different interpretations of what is or can be property, and who "owns" what.
Witness the recent RIAA/MPAA flap, and all of the financial services regulations enforced by agencies like the SEC. Both involve laws designed to prevent "stealing".
First off, my diamond is from Canada. A very very small portion of diamonds on the market are "conflict diamonds."
Secondly, I can almost certainly sell my diamond for a large portion of what it is worth. Perhaps not to a diamond dealer, who has access to wholesale diamonds. But it can be sold in the secondary market for something close to what I paid for it. That referenced stone on eBay is similar to the one I bought, but smaller.
Finally, the oil you pump into your car has cost more lives than any amount of diamonds. Do you feel guilty every time you drive? Or every time you use a petroleum-derived product like plastic? Get off your high horse.
Manufactured emeralds are basically worthless, while natural emeralds are still reasonably valuable. Even though the synthetic emeralds are far more pure ion composition. For a variety of reasons, the market values natural emeralds far higher than manufactured ones. The same goes for cultured pearls.
I bought a $6500 natural diamond last year, just a month before the Wired article came out. But I am not kicking myself. Gem-quality manufactured or "cultured" diamonds larger than 1 carat are still rare in the marketplace, and none of those available are clear, as far as I can tell.
Also, I'm a firm believer that something is "worth" whatever you can sell it for. And you can't sell a manufactured diamond for anything close to the price of a natural diamond, given similar color, cut, clarity, and carat weight.