Don't generalize the problem into thinking that everyone who drops out of school in the U.S. is not intelligent or not interested in their education. I dropped out of high school in 2001 for the sole purpose of benefiting my education. Now, instead of flipping burgers (as "short-term gain" would imply), I have 5 years of solid experience working as a programmer. As I write this, I am in my office in central Tokyo working on cutting edge security applications.
There was a class I took my Junior year that made me realize that I had no business being in school. The course was entitled "Independent Study in Mathematics" and my work there included presentations on the theory of RSA and another on a simple type of chess AI. We also took math tests for fun in there. There were no bad grades unless the teacher thought you didn't try. Your motivation for doing your work was that you were interested in it.
After having been given a taste for learning, I dropped out after realizing how much the other classes just slowed me down.
For a better explanation, I'll turn you over to a New York State Teacher of the Year, John Gatto. This is a brief exerpt from one of his essays entitled "The Six-Lesson Schoolteacher", available here. Also, a larger selection of his critique of the school system can be found here.
The first lesson I teach is: "Stay in the class where you belong."
The second lesson I teach kids is to turn on and off like a light switch.
The third lesson I teach you is to surrender your will to a predestined chain of command.
The fourth lesson I teach is that only I determine what curriculum you will study.
In lesson five I teach that your self-respect should depend on an observer's measure of your worth.
In lesson six I teach children that they are being watched.
...as a Certificate Authority to ensure that any sites they issue certificates to are trustworthy. All PKI systems are based on this kind of trust model. If there is any lack of trust/confidence in online ssl-encrypted commerce, it is their fault. Merely because they have been ignoring their role as a trust arbitrator and giving out certs to anyone, they decide now to actually do their part, charge more, and have Microsoft put a flashy "green for go" interface on it.
Then, of course, you must slam Firefox for "losing the browser war" by not keeping up by making their URLs turn green. You know, (speculation alert) you can probably bet Microsoft patented the green url indicator anyway, locking Firefox out.
I feel the need to second this as an American living and working in Tokyo.
Although it wasn't my intention to leave the country for political reasons (I did it for the awesome job), I was often one of the ones who said they would leave the states because of the US political system being so far disconnected from reality.
Now that I am here I love it. I'm not sure if the language barrier is a contributer to that or not. It could very well be that all the same political bullshit is still there and I am just not hearing it.
All in all, I like it because Japan seems to be missing that "spoiled child" attitude that is so prevalent in the United States.
Ironically, TFA displays a blantant lack of respect for intellectual property and copyright. While it is busy smashing RMS for "demanding that the big tech outfits crack open their proprietary code whenever they inserted lines from [GNU/]Linux", it fails to realize that the FSF owns that code. Stallman and the FSF have just as much a right to enforce open source as Microsoft does to enforce closed source. Yet another case of confusing "free" and "freedom".
This author is completely ignorant of the issues surrounding Open Source/Free Software. He just realized all his favorite Fortune 500 companies were investing in a "socialist" operating system and let the FUD fly to make himself feel better.
As a matter of legality, (IANAL, etc..) the school has no power whatsoever to shut down any server that does not run on their own network. They also do not have the power to keep the student from hosting the server even if he signs a Acceptable Use Policy that says exactly that, because it is not a use of the school's network to do so. What they do have the power to do, however, is monitor his network usage to determine if he was using it as a means to cirumvent the in-place network restrictions. I'm guessing that probably he was. In that case they probably already have an AUP that he signed that says how they can punish him.
As a matter of practcality, the network restrictions that schools (and businesses) place on their network users can commonly be too extreme and disabling to advanced geeks. If you need you access, a proxy is a very good way because they are a grey area of sorts in terms of security. HTTP has been jokingly refered to as UFBP (Universal Firewall Bypass Protocol.)
At my previous job I found that their HTTP proxy server allowed SSH conections through it as long as the remote SSH daemon was listening on port 443. This allowed me access to my personal email, AIM, IRC, my files, and really anything considering SSH port forwarding but I never used it for anything malicious or perverted. I'm positive that they didn't mean to allow that but they (mis)configured it to allow it and nothing I signed disallowed it.
Anyway, the key thing is that if you need that access, don't tell anyone else how to get it. They'll likely never find out if you keep your secret (esp if you use SSL), and if they do they can really only ask you to stop because bouncing traffic is a grey area in most AUP contracts. You may gain popularity and/or cool points by giving out access to your goofy friends, but you will get shut down.
Why don't the software companies license by something that they can control? A "number of threads" model would be more fair. Or at least, the license can't assume that all the hardware is there for it to use and profit from.
If I had an 8 processor server running an existing application that I also wanted a low-end DB server on, I could just buy a single thread license instead of an 8 cpu one. Later, if the DB server couldn't handle the load, I could simply upgrade it to a 2 or 3 thread server.
I went through the same thing you did. I bought and retured several RAID cards. One was unsupported and the others had binary only drivers. So, I just got an extra drive controller and let Linux-2.6 work it's magic. On my worstation, I have been using 3 plain-ATA drives in both a RAID5 and RAID-0 configuration for about a year now. I highly recommend this method unless you have some need to access your disks from a lesser OS.
The logical disk's read speeds with RAID0 are (as expected) three times faster than normal (162 MB/s). The RAID5 partition reads at almost 2x, but writing is slow because of the parity. RAID5 writes also take up about 5% of my CPU which is an Athlon 2500+. Not really a heavy load for a modern processor.
Using pure linux also gives you much more control of the organization of your data. As the device mapper operates at a block device level, you can RAID partitions or even files instead of whole drives like with a card. This is what enables me to use 0 and 5 by partitioning the drives.
that China can compete with the U.S. Tech when we have the best Math and Science schools on the planet. I mean, there is so much interest within the U.S. to keep up innovation and not just be technology whores. Besides, we've patented everything anyway.
Resetting the password is not trivial at all. There are two options, use a logic analyzer and try to intercept the pieces of the password on it's way in to generate the checksum (haven't heard of anyone being able to accomplish this), or take the drive apart in a clean room, erase the password of the platters and attach a virgin controller.
Actually replacing the controller would probably not have to be done in a clean room. The way that newer HDDs are manufactured is to have the platters and heads sealed in a metal box with a ribbon cable or something going to an external controller. Since you don't have to break the seal on the drive enclosure, replacing the controller becomes a relatively simple matter involving a screwdriver and possibly light solder work, but *only* if the new controller is exactly the same as the old one.
It's a much cheaper method than hiring a data forensics consultant, but it would still not be cheap. It would cost you the price of a whole new drive (the only way to get an identical controller) to get your data back.
For some, the inablity to disable the password feature could cause huge monitary damages. If someone were to be so malicious, for example, they could disable thousands of drives across a corporate network with a single password, and then demand ransom for its disclosure.
No. Encryption algorithms are supposed to act as one way functions when you don't have the key. If this algorithm is properly implemented (but nothing ever really is), no intrinic property of the algorithm would speed up the cracking process. Going backwards (decryption) *with* a key is faster, but going backwards without a key (cracking) is totally different.
All of this may be well and good, but I don't any real engineers are going to be choosing this over AES anytime soon. AES was a competition backed by NIST to replace the current encryption standard (3DES). Most of the world's top cryptographers submitted thier algorithm. Only after a very long and very thourogh peer review process did the NIST declare Rijandel's submission to be the winner, and therefore the new AES standard.
Two-factor authentication is not useless. It works for local log-in,
and it works within some corporate networks. But it won't work for
remote authentication over the Internet. I predict that banks and
other financial institutions will spend millions outfitting their users
with two-factor authentication tokens. Early adopters of this
technology may very well experience a significant drop in fraud for a
while as attackers move to easier targets, but in the end there will be
a negligible drop in the amount of fraud and identity theft.
He cites two types of attack against two-factor authentication: Man in the middle, and a Sniffer Trojan. Password authentication is already suffering from these attacks, and increasing complexity will make such attacks at least slightly harder. He doesn't mean that two-factor authenticaion would be in any way worse than passwords, ever.
Most of Mr. Schneier's article was about how banks were trying to use this as a secuity panacea. This is certainly not the case, especially since there is money involved; Nothing keeps attackers from going that extra mile.
...but their site seems to have been/.'ed with record speed. I would greatly prefer to run 100% linux, but I have VMWare installed just to run photoshop and access the occasional website that has gets trashed without the worlds most standand non-standards-complient browser.
the beginnings of Linux-3.0.0???
from Linux kernel readme:
WHAT IS LINUX?
Linux is a Unix clone written from scratch by Linus Torvalds with
assistance from a loosely-knit team of hackers across the Net.
It aims towards POSIX compliance.
The next major version will be released when the new kernel will break support for almost all existing binaries. If all the kernel interfaces are tweaked and made to be posix compliant. We may be seeing the Linux-3.0.0 soon!
Slashdot Mirror
There was a class I took my Junior year that made me realize that I had no business being in school. The course was entitled "Independent Study in Mathematics" and my work there included presentations on the theory of RSA and another on a simple type of chess AI. We also took math tests for fun in there. There were no bad grades unless the teacher thought you didn't try. Your motivation for doing your work was that you were interested in it.
After having been given a taste for learning, I dropped out after realizing how much the other classes just slowed me down.
For a better explanation, I'll turn you over to a New York State Teacher of the Year, John Gatto. This is a brief exerpt from one of his essays entitled "The Six-Lesson Schoolteacher", available here. Also, a larger selection of his critique of the school system can be found here.
...as a Certificate Authority to ensure that any sites they issue certificates to are trustworthy. All PKI systems are based on this kind of trust model. If there is any lack of trust/confidence in online ssl-encrypted commerce, it is their fault. Merely because they have been ignoring their role as a trust arbitrator and giving out certs to anyone, they decide now to actually do their part, charge more, and have Microsoft put a flashy "green for go" interface on it.
Then, of course, you must slam Firefox for "losing the browser war" by not keeping up by making their URLs turn green. You know, (speculation alert) you can probably bet Microsoft patented the green url indicator anyway, locking Firefox out.
With all the past talk of border security technology here, I read this headline as "Sensor Grid Prevents Immigrant Flooding"
I feel the need to second this as an American living and working in Tokyo.
Although it wasn't my intention to leave the country for political reasons (I did it for the awesome job), I was often one of the ones who said they would leave the states because of the US political system being so far disconnected from reality.
Now that I am here I love it. I'm not sure if the language barrier is a contributer to that or not. It could very well be that all the same political bullshit is still there and I am just not hearing it.
All in all, I like it because Japan seems to be missing that "spoiled child" attitude that is so prevalent in the United States.
Ironically, TFA displays a blantant lack of respect for intellectual property and copyright. While it is busy smashing RMS for "demanding that the big tech outfits crack open their proprietary code whenever they inserted lines from [GNU/]Linux", it fails to realize that the FSF owns that code. Stallman and the FSF have just as much a right to enforce open source as Microsoft does to enforce closed source. Yet another case of confusing "free" and "freedom".
This author is completely ignorant of the issues surrounding Open Source/Free Software. He just realized all his favorite Fortune 500 companies were investing in a "socialist" operating system and let the FUD fly to make himself feel better.
I've come to find that these are actually quite common here too.. see http://en.wikipedia.org/wiki/Toilets_in_Japan
As a matter of legality, (IANAL, etc..) the school has no power whatsoever to shut down any server that does not run on their own network. They also do not have the power to keep the student from hosting the server even if he signs a Acceptable Use Policy that says exactly that, because it is not a use of the school's network to do so. What they do have the power to do, however, is monitor his network usage to determine if he was using it as a means to cirumvent the in-place network restrictions. I'm guessing that probably he was. In that case they probably already have an AUP that he signed that says how they can punish him.
As a matter of practcality, the network restrictions that schools (and businesses) place on their network users can commonly be too extreme and disabling to advanced geeks. If you need you access, a proxy is a very good way because they are a grey area of sorts in terms of security. HTTP has been jokingly refered to as UFBP (Universal Firewall Bypass Protocol.)
At my previous job I found that their HTTP proxy server allowed SSH conections through it as long as the remote SSH daemon was listening on port 443. This allowed me access to my personal email, AIM, IRC, my files, and really anything considering SSH port forwarding but I never used it for anything malicious or perverted. I'm positive that they didn't mean to allow that but they (mis)configured it to allow it and nothing I signed disallowed it.
Anyway, the key thing is that if you need that access, don't tell anyone else how to get it. They'll likely never find out if you keep your secret (esp if you use SSL), and if they do they can really only ask you to stop because bouncing traffic is a grey area in most AUP contracts. You may gain popularity and/or cool points by giving out access to your goofy friends, but you will get shut down.
Why don't the software companies license by something that they can control? A "number of threads" model would be more fair. Or at least, the license can't assume that all the hardware is there for it to use and profit from.
If I had an 8 processor server running an existing application that I also wanted a low-end DB server on, I could just buy a single thread license instead of an 8 cpu one. Later, if the DB server couldn't handle the load, I could simply upgrade it to a 2 or 3 thread server.
I went through the same thing you did. I bought and retured several RAID cards. One was unsupported and the others had binary only drivers. So, I just got an extra drive controller and let Linux-2.6 work it's magic. On my worstation, I have been using 3 plain-ATA drives in both a RAID5 and RAID-0 configuration for about a year now. I highly recommend this method unless you have some need to access your disks from a lesser OS.
The logical disk's read speeds with RAID0 are (as expected) three times faster than normal (162 MB/s). The RAID5 partition reads at almost 2x, but writing is slow because of the parity. RAID5 writes also take up about 5% of my CPU which is an Athlon 2500+. Not really a heavy load for a modern processor.
Using pure linux also gives you much more control of the organization of your data. As the device mapper operates at a block device level, you can RAID partitions or even files instead of whole drives like with a card. This is what enables me to use 0 and 5 by partitioning the drives.
General Infomation
that China can compete with the U.S. Tech when we have the best Math and Science schools on the planet. I mean, there is so much interest within the U.S. to keep up innovation and not just be technology whores. Besides, we've patented everything anyway.
Actually replacing the controller would probably not have to be done in a clean room. The way that newer HDDs are manufactured is to have the platters and heads sealed in a metal box with a ribbon cable or something going to an external controller. Since you don't have to break the seal on the drive enclosure, replacing the controller becomes a relatively simple matter involving a screwdriver and possibly light solder work, but *only* if the new controller is exactly the same as the old one.
It's a much cheaper method than hiring a data forensics consultant, but it would still not be cheap. It would cost you the price of a whole new drive (the only way to get an identical controller) to get your data back.
For some, the inablity to disable the password feature could cause huge monitary damages. If someone were to be so malicious, for example, they could disable thousands of drives across a corporate network with a single password, and then demand ransom for its disclosure.
No. Encryption algorithms are supposed to act as one way functions when you don't have the key. If this algorithm is properly implemented (but nothing ever really is), no intrinic property of the algorithm would speed up the cracking process. Going backwards (decryption) *with* a key is faster, but going backwards without a key (cracking) is totally different.
"We prove that our design is immune to differential and linear cryptanalysis"
See Bruce Schneier's "Snake Oil", Warning Sign #8: Security proofs.
"Secure Science will be offering a challenge at the end of April, introducing the cipher to the public."
See: Warning Sign #9: "Cracking contests" and "The Fallacy of Cracking Contests"
All of this may be well and good, but I don't any real engineers are going to be choosing this over AES anytime soon. AES was a competition backed by NIST to replace the current encryption standard (3DES). Most of the world's top cryptographers submitted thier algorithm. Only after a very long and very thourogh peer review process did the NIST declare Rijandel's submission to be the winner, and therefore the new AES standard.
From Bruce's article:
Two-factor authentication is not useless. It works for local log-in, and it works within some corporate networks. But it won't work for remote authentication over the Internet. I predict that banks and other financial institutions will spend millions outfitting their users with two-factor authentication tokens. Early adopters of this technology may very well experience a significant drop in fraud for a while as attackers move to easier targets, but in the end there will be a negligible drop in the amount of fraud and identity theft.
He cites two types of attack against two-factor authentication: Man in the middle, and a Sniffer Trojan. Password authentication is already suffering from these attacks, and increasing complexity will make such attacks at least slightly harder. He doesn't mean that two-factor authenticaion would be in any way worse than passwords, ever.
Most of Mr. Schneier's article was about how banks were trying to use this as a secuity panacea. This is certainly not the case, especially since there is money involved; Nothing keeps attackers from going that extra mile.
--Sean
while I whip my dongle out.
...but their site seems to have been /.'ed with record speed.
I would greatly prefer to run 100% linux, but I have VMWare installed just to run photoshop and access the occasional website that has gets trashed without the worlds most standand non-standards-complient browser.