For many trees, a Git repository with full history, and a checked out working tree, can be smaller than the equivalent SVN checkout.
(SVN may have changed this recently, I've stopped using it) ; SVN keeps a second pristine working copy of the files in hidden folders for comparison purposes, Git keeps everything packed in compressed files.
These cards are MIFARE Ultralights ; they are a simple, 64-byte memory container. You don't need ANY crypto ability ; you read the data off, you write the data on.
Log processing occurs overnight in these systems. Even if the card has a read-only identifier, they're designed to be cheap, so you just discard it after one days use.
The technical aspects of these are not really what makes it notable enough for an information security conference. What makes it notable is that the transport authorities concerned are behind the times.
It may have been a sensible design decision when the system was created - when the equipment required was not ubiquitous, the marginal cost of N x a-better-chip may have been greater than the amount of fraud perpetrated by a few niche technical types. Security is not about perfection, it's about making it uneconomical to break the security for the rewards of doing so.
But now they're handing out NFC units in phones - ironically, as a means to help you spend your money more easily - the cost of breaking this is reduced to the download of an app.
Smart card chips like those used in these fare cards are designed to provide a fairly high degree of security.
I think that's an optimistic statement..
"The security of MIFARE Classic is terrible. This is not an exaggeration; it's kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design."
That's a quote in response to the use of Mifare Classic in the Transport for London Oyster card ; they've since upgraded to the MIFARE DESFire mode. When I was last involved in the smartcard industry you could break one in a few hours with a Pentium 4, even if you implemented it properly. These days the Classic has been broken comprehensively. Apparently the DESFire is broken too.
The paper states these cards are MIFARE Ultralight. Unless they are the "C" model (and it doesn't sound like they are), they have zero cryptographic protection, unlike the Classic which at least has a tiny 48-bit key. It's main advantage is that it's cheap. And that may have been a valid design choice at the time ; the cost of more expensive chips was probably not worth it when reprogramming these cards required specialized equipment, but the march of progress now means that all the cool kids are getting the equipment they need to do this hack free with their smartphone, ironically because the powers that be wanted to make it easier for them to spend their money.
Not true ; banks charge merchants for handling cash. So much so that supermarkets here will offer to add some cash to your bill ("cashback"), obviating the need for you to visit an ATM. You benefit from increased convenience and they benefit from reduced cash handling charges.
the fulfillment of at least part of the DHS mission statement.
.. which is to keep the fear level up so you can justify multi-billion dollar purchases in the name of security... it's just one big snake eating it's tail.
He's arguing for some of the things that separates us from amoebae - will, and joy. If he doesn't want to be kept suffering against his will after his enjoyment from life has departed, that's his business.
It's true. People cling to the suffering shell of their relatives long after they were overdue. They spend tens of thousands of dollars to prolong their suffering, probably against their will.
Making possession a crime makes it impossible to report it though, which makes it much harder to clean up or investigate.
Hypothetical ; you accidentally download some CP from a newsgroup devoted to adult images. Under the current regime, you dare not report it, because you're confessing to a criminal offence that will lose you your job and have the locals oust you from your home with torches and pitchforks.
Being placed on the sex offenders register in some jurisdictions condemns you to exile ; in Miami you'll have to live in a tent under a bridge. But you can get on the register for consensual acts with your 17 year old girlfriend. Or accidentally downloading a few hundred kilobytes. Which hardly seems just.
Presumably the police who investigate these things need special dispensation to even collect evidence. Which is itself a terrible thing, because the police should not be exempt from the laws they are trying to enforce - it sets a bad example.
If you had no fear of possessing the stuff accidentally, you'd have no compunction about reporting it, and it would be far less common to encounter it accidentally.
I always thought you could do backlit e-ink by making the white component flourescent and providing a UV LED backlight ; I wonder if that's how it works.
Yes, but most large ISPs in the UK operate transparent web caches to reduce their interconnect fees, so instead of being served up from your ISP, your page will have to come from Wikipedia.
Actually, if you believe you're going to have nasty side effects, you do. This is the flipside - the "nocebo" effect. It's been proven in much the same way - controlled trials where all recipients were given inert sugar pills but some people were told to expect side effects.
So what's to say that the attitude that traditional pharmaceuticals have side effects, put about by homeopathists (and the leaflets that come in the box) isn't responsible for some proportion of the side effects perceived? (Would love to see some numbers there.)
I agree that there's an overprescription of drugs but why spend money on expensive homeopathic remedies when sugar pills in a variety of shapes and colours, with fancy names, will do just as well.
I'm prescribing you a dimer of glucose and fructose. A definite improvement is possible!
I'm going to take it to the 4th power and suggest that society is rotten at the core.
Charging for an education is the instrument of a society that wants a debt-shackled workforce.
When started my medical degree 20 years ago, my biggest expense was rent. By working summer jobs, living modestly, taking the government student loan, and with a small parental stipend, I was able to finish my course with a debt of less than £10,000 - and this was a 5 year course. I took advantage of the interest rate on the student loan being lower than the level of inflation and took my time paying it off - but I could have cleared it in my first year of work since a junior doctors job came with a rent-free apartment for a year, at the time (which is no longer the case, which amounts to a 20% pay cut) Even though I was only earning £21,000 [1]
The tuition fees per year are now £9,000 ; I pity the younger generation.
For programming jobs I wouldn't even bother with a university education now. Previous education was NOT a factor in my decision on any of my recent hires, just ability and experience.
[1] The junior doctors salary of £21,000 (about $33,000) was a 1998 salary ; while working conditions have improved, largely through a reduction in the absurd number of hours you were expected to work (I used to clock > 80 hour weeks on a regular basis), the salary is now a mere £22,412, when inflation would suggest it should be around £32,000 ; while my hours were much higher than the current crop of doctors, for overtime I was paid a measly 1/3rd of my contracted hourly rate, which means a mere £5,250 of my wage was earned from overtime, despite it being more than half my working hours. Adjusted for this, the base salary should be £24,000, without overtime. If you try to convince me that junior doctors in the NHS are doing no overtime, I'll laugh at you. Cruelly.
That would reduce the need to use your nuclear generator
It's a nice idea, but an RTG can't be shut down, as it works from radioactive decay heat.
I see a larger problem being the lack of the plutonium-238 required to make them. Some of the last of it went up with the Curiosity rover, and they had to scrounge that from the Russians.
The reason they taste like crap is not just because they were transported, but because they are varieties that have been selected for their longevity so that they can be transported.
Given that the tomatoes will probably be left on the vine until they are consumed, there's no reason to use the crappy modern supermarket tomato varieties - they can use heirloom breeds. There's always been a high emphasis on morale considerations in the American space programme, and food has always been one of the things that they pay attention to for morale purposes.
It's more that there are a bunch of functions concealed in otherwise normal looking modules, that strung together make a piece of malware, rather than the malware being a single unit.
In other words, it's a bit like modern Java programs - importing a whole bunch of enormous libraries just to use one function from each....
Because a pint, or a half, would be a whole glass, and the aim is to study the ability of the drinker to estimate volume based on the glass shape. It's too easy to estimate the volume when you ask them for a volume that's a standard glass size.
Given that WinXP is rather old (don't laugh, our organization is still on XP until next year), it can't cope with a lot of modern storage hardware - and yes, you either have to have a 3.5" floppy disk drive (USB will work, thankfully), or you have to go through the process of rolling your own OEM install disk.
Vista and up do support loading drivers from a USB flash drive, which is a step up.
On Linux, I've never had to have any driver disk ready. Of course, when you DO have driver issues, it's a total PITA. But I research my hardware before I buy it.
I hate to disabuse you of this notion, but exactly the same thing happens on Windows ; only you have to download all the libraries your application depends on every time, even if you already have them, because they all get rolled into a single installer package.
In addition, people roll their own install modules of libraries because they are hell to get hold of and there is no central repository of standard modules, so they screw up other peoples installers with conflicts.
MS had to devote a lot of attention to this in Vista and above, which is why the system folder has become so bloaty with so many versions of the same components all installed in parallel.
The lack of package management on Windows is painful.. couple it with the Registry and it's a world of hurt. On a Linux system, I can do a fresh install, restore my home folder, do a single apt-get with my previously installed package list, make a cup of tea, and get right back on with my work.
On Windows, I have to find driver install disks, reboot for each one, find the application downloads, together with their license keys, reboot for each one (and hope that they don't have some maximum-install-count online DRM that's going to lock me out), reconfigure everything. No, re-imaging from a backup is not always an option, because you don't always reinstall on the same hardware, and Windows blows chunks when you change it's hardware (unlike Linux, which I have never seen have any serious issues bar having to reconfigure X11, mostly because of closed-source binary GPU drivers). You can't just install the drivers and then restore the applications from an archive because of all the data they dump into the registry.
A Windows reinstall leaves the operating system unproductive for a couple of days while you work at making it useful again. A Linux reinstall is something you do in your lunch hour - because of package management. Yes, that includes the commercial packages I use on Linux, which have the sense to store their license keys in your home folder, not in a binary database that also contains a vast amount of crud that is not compatible with your new hardware, etc. Anything else I install in/opt - which usually means restoring an archive and making one soft link.
Not to mention application updates. A single, standard method of publishing and providing updates, rather than a bunch of silly little applets cluttering up my toolbar and holding onto resources (ironically, update notifier applets are probably responsible for a lot of reboots when you update other applications because they hold onto libraries that Windows can't update in place because of it's choice of file-locking policy).
I have a four seater with a three cylinder engine. A Daewoo Matiz. 796cc of raw throbbing power.
Fold down the seats, and you can get a fridge in the back. It does better than the bosses great big BMW for carrying presentation boards to corporate meetings. And it drinks about half of the fuel. And you can buy four of them for one of his.
We had a fuel shortage (due to striking tanker drivers) a few years ago. Boss man announces to us that he knows a station with some fuel today. I say "Oh, that's OK, I have enough for a month in the tank" (to be fair, it was a short drive home).
It's not going to win any performance prizes. But it's entirely adequate for doing even the heaviest grocery shopping. If I need a truck, I'll hire one for a day out of all the money I'm saving on not buying a truck and not burning fuel hauling around what is mostly just a few tons of truck.
It demotivates you. I've lived with stoners and they were some of the most lackadaisical folks I've met. If you're not going to get up off your ass and get a job, and prove that you want to keep it, you're not going to be employed, simple as that.
My POV on the IQ loss is that there's probably a heavy component of just not exercising the mind, because you can't be bothered.
Slashdot Mirror
For many trees, a Git repository with full history, and a checked out working tree, can be smaller than the equivalent SVN checkout.
(SVN may have changed this recently, I've stopped using it) ; SVN keeps a second pristine working copy of the files in hidden folders for comparison purposes, Git keeps everything packed in compressed files.
TSVN just comes preconfigured with some scripts for merging documents ; you can find them in the "Diff-Scripts" subfolder.
You should just be able to steal these and configure Git to use them as well.
These cards are MIFARE Ultralights ; they are a simple, 64-byte memory container. You don't need ANY crypto ability ; you read the data off, you write the data on.
Log processing occurs overnight in these systems. Even if the card has a read-only identifier, they're designed to be cheap, so you just discard it after one days use.
The technical aspects of these are not really what makes it notable enough for an information security conference. What makes it notable is that the transport authorities concerned are behind the times.
It may have been a sensible design decision when the system was created - when the equipment required was not ubiquitous, the marginal cost of N x a-better-chip may have been greater than the amount of fraud perpetrated by a few niche technical types. Security is not about perfection, it's about making it uneconomical to break the security for the rewards of doing so.
But now they're handing out NFC units in phones - ironically, as a means to help you spend your money more easily - the cost of breaking this is reduced to the download of an app.
Smart card chips like those used in these fare cards are designed to provide a fairly high degree of security.
I think that's an optimistic statement..
"The security of MIFARE Classic is terrible. This is not an exaggeration; it's kindergarten cryptography. Anyone with any security experience would be embarrassed to put his name to the design."
That's a quote in response to the use of Mifare Classic in the Transport for London Oyster card ; they've since upgraded to the MIFARE DESFire mode. When I was last involved in the smartcard industry you could break one in a few hours with a Pentium 4, even if you implemented it properly. These days the Classic has been broken comprehensively. Apparently the DESFire is broken too.
The paper states these cards are MIFARE Ultralight. Unless they are the "C" model (and it doesn't sound like they are), they have zero cryptographic protection, unlike the Classic which at least has a tiny 48-bit key. It's main advantage is that it's cheap. And that may have been a valid design choice at the time ; the cost of more expensive chips was probably not worth it when reprogramming these cards required specialized equipment, but the march of progress now means that all the cool kids are getting the equipment they need to do this hack free with their smartphone, ironically because the powers that be wanted to make it easier for them to spend their money.
not for accepting cash
Not true ; banks charge merchants for handling cash. So much so that supermarkets here will offer to add some cash to your bill ("cashback"), obviating the need for you to visit an ATM. You benefit from increased convenience and they benefit from reduced cash handling charges.
the fulfillment of at least part of the DHS mission statement.
.. which is to keep the fear level up so you can justify multi-billion dollar purchases in the name of security... it's just one big snake eating it's tail.
He's arguing for some of the things that separates us from amoebae - will, and joy. If he doesn't want to be kept suffering against his will after his enjoyment from life has departed, that's his business.
It's true. People cling to the suffering shell of their relatives long after they were overdue. They spend tens of thousands of dollars to prolong their suffering, probably against their will.
I think they mean infrared flashlights that will show up on IR goggles but not to the unaided eye.
Making possession a crime makes it impossible to report it though, which makes it much harder to clean up or investigate.
Hypothetical ; you accidentally download some CP from a newsgroup devoted to adult images. Under the current regime, you dare not report it, because you're confessing to a criminal offence that will lose you your job and have the locals oust you from your home with torches and pitchforks.
Being placed on the sex offenders register in some jurisdictions condemns you to exile ; in Miami you'll have to live in a tent under a bridge. But you can get on the register for consensual acts with your 17 year old girlfriend. Or accidentally downloading a few hundred kilobytes. Which hardly seems just.
Presumably the police who investigate these things need special dispensation to even collect evidence. Which is itself a terrible thing, because the police should not be exempt from the laws they are trying to enforce - it sets a bad example.
If you had no fear of possessing the stuff accidentally, you'd have no compunction about reporting it, and it would be far less common to encounter it accidentally.
Open source cola has already been done too.
I always thought you could do backlit e-ink by making the white component flourescent and providing a UV LED backlight ; I wonder if that's how it works.
Yes, but most large ISPs in the UK operate transparent web caches to reduce their interconnect fees, so instead of being served up from your ISP, your page will have to come from Wikipedia.
Actually, if you believe you're going to have nasty side effects, you do. This is the flipside - the "nocebo" effect. It's been proven in much the same way - controlled trials where all recipients were given inert sugar pills but some people were told to expect side effects.
So what's to say that the attitude that traditional pharmaceuticals have side effects, put about by homeopathists (and the leaflets that come in the box) isn't responsible for some proportion of the side effects perceived? (Would love to see some numbers there.)
I agree that there's an overprescription of drugs but why spend money on expensive homeopathic remedies when sugar pills in a variety of shapes and colours, with fancy names, will do just as well.
I'm prescribing you a dimer of glucose and fructose. A definite improvement is possible!
Homeopathy allegedly works by diluting a substance that causes similar symptoms, rather than curing them.
So it would infer that you could cure bacterial infections by diluting a drop of unpasteurised milk 10 million times.
I'm going to take it to the 4th power and suggest that society is rotten at the core.
Charging for an education is the instrument of a society that wants a debt-shackled workforce.
When started my medical degree 20 years ago, my biggest expense was rent. By working summer jobs, living modestly, taking the government student loan, and with a small parental stipend, I was able to finish my course with a debt of less than £10,000 - and this was a 5 year course. I took advantage of the interest rate on the student loan being lower than the level of inflation and took my time paying it off - but I could have cleared it in my first year of work since a junior doctors job came with a rent-free apartment for a year, at the time (which is no longer the case, which amounts to a 20% pay cut) Even though I was only earning £21,000 [1]
The tuition fees per year are now £9,000 ; I pity the younger generation.
For programming jobs I wouldn't even bother with a university education now. Previous education was NOT a factor in my decision on any of my recent hires, just ability and experience.
[1] The junior doctors salary of £21,000 (about $33,000) was a 1998 salary ; while working conditions have improved, largely through a reduction in the absurd number of hours you were expected to work (I used to clock > 80 hour weeks on a regular basis), the salary is now a mere £22,412, when inflation would suggest it should be around £32,000 ; while my hours were much higher than the current crop of doctors, for overtime I was paid a measly 1/3rd of my contracted hourly rate, which means a mere £5,250 of my wage was earned from overtime, despite it being more than half my working hours. Adjusted for this, the base salary should be £24,000, without overtime. If you try to convince me that junior doctors in the NHS are doing no overtime, I'll laugh at you. Cruelly.
That would reduce the need to use your nuclear generator
It's a nice idea, but an RTG can't be shut down, as it works from radioactive decay heat.
I see a larger problem being the lack of the plutonium-238 required to make them. Some of the last of it went up with the Curiosity rover, and they had to scrounge that from the Russians.
The reason they taste like crap is not just because they were transported, but because they are varieties that have been selected for their longevity so that they can be transported.
Given that the tomatoes will probably be left on the vine until they are consumed, there's no reason to use the crappy modern supermarket tomato varieties - they can use heirloom breeds. There's always been a high emphasis on morale considerations in the American space programme, and food has always been one of the things that they pay attention to for morale purposes.
My bad, it was an MD5 collision he claims.
There is no known SHA-1 collision yet in the entire world.
There's a guy further up the thread that claims to have found one ... but he doesn't provide adequate detail to reproduce it.
It's more that there are a bunch of functions concealed in otherwise normal looking modules, that strung together make a piece of malware, rather than the malware being a single unit.
In other words, it's a bit like modern Java programs - importing a whole bunch of enormous libraries just to use one function from each....
Because a pint, or a half, would be a whole glass, and the aim is to study the ability of the drinker to estimate volume based on the glass shape. It's too easy to estimate the volume when you ask them for a volume that's a standard glass size.
Given that WinXP is rather old (don't laugh, our organization is still on XP until next year), it can't cope with a lot of modern storage hardware - and yes, you either have to have a 3.5" floppy disk drive (USB will work, thankfully), or you have to go through the process of rolling your own OEM install disk.
Vista and up do support loading drivers from a USB flash drive, which is a step up.
On Linux, I've never had to have any driver disk ready. Of course, when you DO have driver issues, it's a total PITA. But I research my hardware before I buy it.
I hate to disabuse you of this notion, but exactly the same thing happens on Windows ; only you have to download all the libraries your application depends on every time, even if you already have them, because they all get rolled into a single installer package.
In addition, people roll their own install modules of libraries because they are hell to get hold of and there is no central repository of standard modules, so they screw up other peoples installers with conflicts.
MS had to devote a lot of attention to this in Vista and above, which is why the system folder has become so bloaty with so many versions of the same components all installed in parallel.
The lack of package management on Windows is painful.. couple it with the Registry and it's a world of hurt. On a Linux system, I can do a fresh install, restore my home folder, do a single apt-get with my previously installed package list, make a cup of tea, and get right back on with my work.
On Windows, I have to find driver install disks, reboot for each one, find the application downloads, together with their license keys, reboot for each one (and hope that they don't have some maximum-install-count online DRM that's going to lock me out), reconfigure everything. No, re-imaging from a backup is not always an option, because you don't always reinstall on the same hardware, and Windows blows chunks when you change it's hardware (unlike Linux, which I have never seen have any serious issues bar having to reconfigure X11, mostly because of closed-source binary GPU drivers). You can't just install the drivers and then restore the applications from an archive because of all the data they dump into the registry.
A Windows reinstall leaves the operating system unproductive for a couple of days while you work at making it useful again. A Linux reinstall is something you do in your lunch hour - because of package management. Yes, that includes the commercial packages I use on Linux, which have the sense to store their license keys in your home folder, not in a binary database that also contains a vast amount of crud that is not compatible with your new hardware, etc. Anything else I install in /opt - which usually means restoring an archive and making one soft link.
Not to mention application updates. A single, standard method of publishing and providing updates, rather than a bunch of silly little applets cluttering up my toolbar and holding onto resources (ironically, update notifier applets are probably responsible for a lot of reboots when you update other applications because they hold onto libraries that Windows can't update in place because of it's choice of file-locking policy).
I have a four seater with a three cylinder engine. A Daewoo Matiz. 796cc of raw throbbing power.
Fold down the seats, and you can get a fridge in the back. It does better than the bosses great big BMW for carrying presentation boards to corporate meetings. And it drinks about half of the fuel. And you can buy four of them for one of his.
We had a fuel shortage (due to striking tanker drivers) a few years ago. Boss man announces to us that he knows a station with some fuel today. I say "Oh, that's OK, I have enough for a month in the tank" (to be fair, it was a short drive home).
It's not going to win any performance prizes. But it's entirely adequate for doing even the heaviest grocery shopping. If I need a truck, I'll hire one for a day out of all the money I'm saving on not buying a truck and not burning fuel hauling around what is mostly just a few tons of truck.
It demotivates you. I've lived with stoners and they were some of the most lackadaisical folks I've met. If you're not going to get up off your ass and get a job, and prove that you want to keep it, you're not going to be employed, simple as that.
My POV on the IQ loss is that there's probably a heavy component of just not exercising the mind, because you can't be bothered.