Microsoft calls their article a "reality check." Too bad they forgot to do a "facts check." Many of their points come from Netcraft which tracks web server usage. Funny how the Netcraft Survey shows Netscape and Apache as the only two growing server markets, and that Apache has exponential growth compared to IIS, and has 10x the number of servers.
But there is cause for alarm here. Microsoft speaks to IT customers, and end users. But who do we speak to; each other? We are not the ones who need to be convinced. Someone needs to stand up with their own version of a "reality check" that caters to the same people who are reading (and believing) the MS article. However, we will link to our facts, not just claim them.
Maybe we should notify Netcraft of the "misuse" of their facts.
We see this stuff all the time. It is the Slashdot theme. The Internet (notice, capitalized) theme. Some organization tries to block some new technology, and inevitably fails. One day, they will learn you cannot stop the future. Let me clarify:
1) Will they stop ALL the internet phone services as they come out? 2) How about stopping cell phones? 3) And if I decide to provide a proxy that accesses the service, will they ban proxies? Or will they ban my site? 4) So then when a student wants to report on internet phone services for their e-commerce paper, or thesis: Do they ban the student, the class, or the thesis?
None of these examples are outragous. They are really quite reasonable! The ban they have is a single plausable event. But the concept, philosphy behind what they are doing cannot last. There are too many holes.
And Just to put a nice positive spin in this, let me give you some other examples of this concept, that will die for similar reasons: 1) The new "magical" copy protection on audio CDs 2) Encryption to prevent copying DVDs 3) Holding up mp3 players in court 4) Schools and libraries filtering Internet content.
You cannot stop technology. You must EVOLVE it, or USE it.:)
Did anyone notice that Andover.net holds several purely-algorithmic patents? This is ridiculous! What do my fellow human readers think? And what could the be using these for?
United States Patent 6,906,450 Malda, et al. 27-Nov-1997
Method and implementation for phony discussion posting and moderation
Abstract:
A computer implemented process for detecting stories already posted to existing news wires by extracting HTML meta information to determine article. Relevant facts and debates are determined by querying random information from search engines and recondstructing information into text based follow ups. Quality of posts can be determined by additional evaluation or manual random assignment.
The humorous thing here is that we are all chumps. The purpose of this challenge was not to stump us, but to make us view the site.
Ofcourse, the counterpoint is that noone who solved the puzzle actually read any of the text for content. They were too busy clicking View source, view source, ooh, binary!
I thought that.25 was the basic limit of standard optical lithography, and that by adding new high-tech focusing lenses, we could get the beam down to to.18 micron. After that, X-Ray lithography was necessary. Anyone know what kind of fabrication they used?
To re-iterate. There are now two (2) ways to obtain credit card numbers:
Method #1: * Crack into a highly secure server, likely behind a firewall (details left out, this part is easy) * Apply heuristics and a random number searching algorithm on the hard drive (heuristics + classic compression algorithms such as LZW will work here) * Use the keys to monitor transactions with this server and obtain credit card numbers * Use credit card numbers to purchase online pron
Method #2: * Get job at local store for approx. 1 hour * Obtain tools: pen, paper, or a good memory * Use tools to store credit card numbers * Use credit card numbers to purchase online pron
The opening of this new method, number one (1), could be a serious threat to e-commerce. It makes e-commerce almost 1% as dangerous as physical world purchases! I know I'll never type https:// again and feel safe. I'm doing my purchases with complete safety: over the phone.
The big question is, who is the top man? Ofcourse, if this were to happen, the US would become the richest country in the world, buy out all the other countries, then release their constitutions back to the people. Chaos is good.
Getting phiolosophical here (and a little off topic):
What happens when these kinds of "privacy killing" devices are ubiquitous? How about when no implant is needed to track you? ("Kirk: He's the only vulcan on the whole ship, can't you get a lock on him?") Perhaps we will stop caring about privacy. We will succumb to the fact that all our knowledge is shareable, and we will not become quiet mice, but louder than ever. We will share our thoughts without fear of judgement or retribution. At that point, humanity will become more productive than ever before. How many geniuses sit silently without sharing their thoughts, for fear of becoming insane?
Perhaps that world isn't so bad after all. But for it to work, humanity must grow at the same rate as technology.
(Okay, this won't ACTUALLY happen, but its a nice thought)
I am very naive on this issue here - I assumed that VESA DDC eliminated configuration of refresh rates by informing the system of this info at boot up? Windows '98 seems to know exactly what the "optimal" refresh rates are for any monitor/video board combination manufactured after 1996(and some older ones)
Is this a case of Linux distros just not shipping with support for this? It seems if it were as simple as a querying the BIOS somehow at bootup, we would have this issue licked.
Just posting to cast my vote. Lots of places get obvious patents - but few ever sue over them. And this patent IS obvious. It's already implemented all over the place!
(Aside: I did a one-click purchase in my e-commerce class last year. Should I get sued? Or does that mean I invented it first?)
With all the sites coming under fire, and the MPAA on a witch hunt, we seem to have forgotten the real cause of this problem.
The US Government's arrogance in limiting the keys to 40 bits. MPAA and DVD manufacturers should be in an outcry over this stupidity.
Xing for letting go of an unencrypted key, and violating the security standards of the CSS protocol. Where are they owning up to this?
A few more technical issues
on
RoboFly
·
· Score: 1
In the article, they say "...the aerodynamic principles that keep 747s aloft do not work on such a small a scale." And the article on Micrplanes agrees when they say "...Aerodynamics aren't proportional like mechanical miniaturization..."
Why not? If you could, in theory, take everything in a plane a 747 scale it down (jet engine and all) why would it not fly a scale distance?
How small can we make cameras these days? Enough resolution for an AI chip to recognize objects and fly around (pretending for a moment that we could do image recognition of that quality, although the Mars lander did)
This is not what they do, but theoretically, couldn't you improve performance (and decrease compatability) by making a modem with PPP&TCP/IP in hardware. Something that does the protocol encapsulation in hardware once it knows the setup. Negotiates the PPP and sends the info back to the OS after connection? Less IO to the modem (which IS an issue with externals) and better "heuristics" for knowing when to dump a packet. The PING could be faster simply because the delay of the modem waiting for the ICMP packet to get encapsulated and sent to the modem is gone. THe modems could be pinging each other, not the PCs. By the waay, the post from Effugas (effugas@best.com) is 99% likely as the right answer.
If you are eating potatoes now, I suggest reading the article before you indulge too much.
They had people fast for an evening, then fed them food, then realized that their memory got better. Is this news? Maybe the reason they did better is BECAUSE THEY WEREN'T SO HUNGRY!!!
The experiment shows that the people who drank the glucose suppliment drink showed the least improvement. And those who ate mashed potatoes and barley had the most improvement. Maybe that is because THE PEOPLE WHO MERELY HAD A DRINK WERE STILL HUNGRY!!!
The experiment is silly. The test didn't feed people any non-glucose foods, so the control section was invalid. The researches believed the glucose in the potatoes was the cause. Thus they predicted that the glucose drink would help the most. It didn't. The ones who ate barley and potatoes did the best. So it is obviously not the glucose. More likely, it was that they needed solid food.
My understanding was the SSL did not require any specific encryption algorithm, but was a way to encapsulate any encrypted data - or is it HTTPS that I am thinking of?
Either way, we don't NEED to use RSA. Can't someone just make a Netscape+Apache support Blowfish or something like that
The problem with recompiling for IPv6 is that coders are lazy, and didn't do things right.
The sockaddr_in and hostent structures were meant to vary in size, that is why they are defined as arrays of n-bytes, with n specified in the structure. But most programmers thought it was easier to use a single 32-bit number, instead of an array.
And so incompatabilities arise. It should not be difficult to baby step existing code to do things RIGHT using the IPv4 headers, then plunge into IPv6. In my case, I wrote libraries around BSD sockets, so all I need to do is change a small library, for older code, it may be more difficult.
I will be difficult, but I don't think for those reasons:
Verb tenses are not the problem. Every language can express every tense, just in a different way. Hard yes, impossible no.
Additionally, approximations work well enough. Ex. Most English readers couldn't tell you the difference between past tense and preterite(sp?) tense.
Grammar is easily defined. 90% of language could be described in a BNF. adv-adj-noun in one, noun-adj-adv in another. So what. That is probably the simplest part.
My interest would be in the meta-language design. Words by number? string? Grammar by parsing into a std format, or classifying each word? Are there multiple ways to organize a statement? What about this "word hierchy" they talk about. Quite cool there.
I think it is silly that we even HAVE top level domains. Sure, it is an easy way to split the database into a finite system, but that should have minimal performance improvements (remember your big O notation gentlemen, linear factors are irrelevant).
Why should I have to get mycompany.com, mycompany.net, mycompany.cc, mycompany.org... just to prevent my competitors from stealing my web traffic? Should'nt there be ONE www.mycompany?
What if I fill out the web forms to register the same domain at 2 different registrars? Ex. NSI is taking forever, so I just go to register.com and do it.
NSI has subscribed to the bes possible security flaw of all - The Slashdot effect. Now that they are hosed, noone can get to their accounts! (At least I cannot seem to get in - timeouts on the site galore)
Primary private keys don't get copied. They are P-R-I-V-A-T-E.
Example: The US govt stores private keys for on ONE computer, somewhere obscure, which has laser alarms, guards, etc. They even has computers where if someone touches them, they self erase to protect private keys!
Supposing MS is concerned about their keys, they would store those keys in one place, securely (probably on a Linux machine:)) And no copies exist. Making copies makes it no longer secure.
A better idea is to make a second, entirely different key, that the NSA or some other trustable organization can store.
The original article made no sense to me. This was an attempt by the overreactive anti-Microsoft community to bring out yet another security flaw. Not that there aren't plenty already. The original article needed much more substantiation before it was brought to the press.
Frankly, I mistrust the freely available download to patch the bug more than I mistrust Microsoft's response. What a great way to fool people into downloading a virus: Call it patch!
Ofcourse it is true: MS does have a back door in Windows, it's called "ActiveX" or "Microsoft Office":)
Jordy nearly hit the nail on the head. To elaborate, I see two main issues:
1) Performance due to missing and wasted functionality. The "scroll" problem is because unlike Windows & Mac, X does not support a nice scrolling functions like "copy block up and only redraw the bottom line" like Windows does. And thus your hardware accelerated equivalent goes unused. X doesn't have the complex "update/validation regions" This shows it is missing key functions. It's just dated.
2) No single master wrapper exists, so there is no uniform interface. Windows + Mac enjoy tyranny, and thus conformity. So all apps look the same, act the same, and have the same look and feel.
The solution, if I may so boldly say, is to learn that competition is good, but cooperation is better. Compete for a new graphical protocol, compete for a new wrapper, then agree to use the winner. Doesn't KDE/Gnome/whatever promise this?
Microsoft calls their article a "reality check." Too bad they forgot to do a "facts check." Many of their points come from Netcraft which tracks web server usage. Funny how the Netcraft Survey shows Netscape and Apache as the only two growing server markets, and that Apache has exponential growth compared to IIS, and has 10x the number of servers.
But there is cause for alarm here. Microsoft speaks to IT customers, and end users. But who do we speak to; each other? We are not the ones who need to be convinced. Someone needs to stand up with their own version of a "reality check" that caters to the same people who are reading (and believing) the MS article. However, we will link to our facts, not just claim them.
Maybe we should notify Netcraft of the "misuse" of their facts.
We see this stuff all the time. It is the Slashdot theme. The Internet (notice, capitalized) theme. Some organization tries to block some new technology, and inevitably fails. One day, they will learn you cannot stop the future. Let me clarify:
:)
1) Will they stop ALL the internet phone services as they come out?
2) How about stopping cell phones?
3) And if I decide to provide a proxy that accesses the service, will they ban proxies? Or will they ban my site?
4) So then when a student wants to report on internet phone services for their e-commerce paper, or thesis: Do they ban the student, the class, or the thesis?
None of these examples are outragous. They are really quite reasonable! The ban they have is a single plausable event. But the concept, philosphy behind what they are doing cannot last. There are too many holes.
And Just to put a nice positive spin in this, let me give you some other examples of this concept, that will die for similar reasons:
1) The new "magical" copy protection on audio CDs
2) Encryption to prevent copying DVDs
3) Holding up mp3 players in court
4) Schools and libraries filtering Internet content.
You cannot stop technology. You must EVOLVE it, or USE it.
^H^H^H^H^HAnonymous Coward
Did anyone notice that Andover.net holds several purely-algorithmic patents? This is ridiculous! What do my fellow human readers think? And what could the be using these for?
United States Patent 6,906,450
Malda, et al. 27-Nov-1997
Method and implementation for phony discussion posting and moderation
Abstract:
A computer implemented process for detecting stories already posted to existing news wires by extracting HTML meta information to determine article. Relevant facts and debates are determined by querying random information from search engines and recondstructing information into text based follow ups. Quality of posts can be determined by additional evaluation or manual random assignment.
The humorous thing here is that we are all chumps. The purpose of this challenge was not to stump us, but to make us view the site.
Ofcourse, the counterpoint is that noone who solved the puzzle actually read any of the text for content. They were too busy clicking View source, view source, ooh, binary!
Truly sad...
I thought that .25 was the basic limit of standard optical lithography, and that by adding new high-tech focusing lenses, we could get the beam down to to .18 micron. After that, X-Ray lithography was necessary. Anyone know what kind of fabrication they used?
To re-iterate. There are now two (2) ways to obtain credit card numbers:
Method #1:
* Crack into a highly secure server, likely behind a firewall (details left out, this part is easy)
* Apply heuristics and a random number searching algorithm on the hard drive (heuristics + classic compression algorithms such as LZW will work here)
* Use the keys to monitor transactions with this server and obtain credit card numbers
* Use credit card numbers to purchase online pron
Method #2:
* Get job at local store for approx. 1 hour
* Obtain tools: pen, paper, or a good memory
* Use tools to store credit card numbers
* Use credit card numbers to purchase online pron
The opening of this new method, number one (1), could be a serious threat to e-commerce. It makes e-commerce almost 1% as dangerous as physical world purchases! I know I'll never type https:// again and feel safe. I'm doing my purchases with complete safety: over the phone.
The big question is, who is the top man? Ofcourse, if this were to happen, the US would become the richest country in the world, buy out all the other countries, then release their constitutions back to the people. Chaos is good.
Getting phiolosophical here (and a little off topic):
What happens when these kinds of "privacy killing" devices are ubiquitous? How about when no implant is needed to track you? ("Kirk: He's the only vulcan on the whole ship, can't you get a lock on him?") Perhaps we will stop caring about privacy. We will succumb to the fact that all our knowledge is shareable, and we will not become quiet mice, but louder than ever. We will share our thoughts without fear of judgement or retribution. At that point, humanity will become more productive than ever before. How many geniuses sit silently without sharing their thoughts, for fear of becoming insane?
Perhaps that world isn't so bad after all. But for it to work, humanity must grow at the same rate as technology.
(Okay, this won't ACTUALLY happen, but its a nice thought)
I am very naive on this issue here - I assumed that VESA DDC eliminated configuration of refresh rates by informing the system of this info at boot up? Windows '98 seems to know exactly what the "optimal" refresh rates are for any monitor/video board combination manufactured after 1996(and some older ones)
...
Is this a case of Linux distros just not shipping with support for this? It seems if it were as simple as a querying the BIOS somehow at bootup, we would have this issue licked.
Excerpt from Windows registry for Vision Graphic 19" monitor:
.
.
.
MaxResolution 1600x1200
MonitorRanges 30-95,50-150,+,+
EDID 00 ff ff ff ff ff ff 00 28 ae c7
DPMS 1
.
.
.
The only missing component is knowing the limitations of the video board and how to set it.
Just posting to cast my vote.
Lots of places get obvious patents - but few ever sue over them. And this patent IS obvious. It's already implemented all over the place!
(Aside: I did a one-click purchase in my e-commerce class last year. Should I get sued? Or does that mean I invented it first?)
In the article, they say "...the aerodynamic principles that keep 747s aloft do not work on such a small a scale." And the article on Micrplanes agrees when they say "...Aerodynamics aren't proportional like mechanical miniaturization..."
Why not? If you could, in theory, take everything in a plane a 747 scale it down (jet engine and all) why would it not fly a scale distance?
How small can we make cameras these days? Enough resolution for an AI chip to recognize objects and fly around (pretending for a moment that we could do image recognition of that quality, although the Mars lander did)
This is not what they do, but theoretically, couldn't you improve performance (and decrease compatability) by making a modem with PPP&TCP/IP in hardware. Something that does the protocol encapsulation in hardware once it knows the setup. Negotiates the PPP and sends the info back to the OS after connection? Less IO to the modem (which IS an issue with externals) and better "heuristics" for knowing when to dump a packet. The PING could be faster simply because the delay of the modem waiting for the ICMP packet to get encapsulated and sent to the modem is gone. THe modems could be pinging each other, not the PCs. By the waay, the post from Effugas (effugas@best.com) is 99% likely as the right answer.
If you are eating potatoes now, I suggest reading the article before you indulge too much.
They had people fast for an evening, then fed them food, then realized that their memory got better. Is this news? Maybe the reason they did better is BECAUSE THEY WEREN'T SO HUNGRY!!!
The experiment shows that the people who drank the glucose suppliment drink showed the least improvement. And those who ate mashed potatoes and barley had the most improvement. Maybe that is because THE PEOPLE WHO MERELY HAD A DRINK WERE STILL HUNGRY!!!
The experiment is silly. The test didn't feed people any non-glucose foods, so the control section was invalid. The researches believed the glucose in the potatoes was the cause. Thus they predicted that the glucose drink would help the most. It didn't. The ones who ate barley and potatoes did the best. So it is obviously not the glucose. More likely, it was that they needed solid food.
My understanding was the SSL did not require any specific encryption algorithm, but was a way to encapsulate any encrypted data - or is it HTTPS that I am thinking of?
Either way, we don't NEED to use RSA. Can't someone just make a Netscape+Apache support Blowfish or something like that
The problem with recompiling for IPv6 is that coders are lazy, and didn't do things right.
The sockaddr_in and hostent structures were meant to vary in size, that is why they are defined as arrays of n-bytes, with n specified in the structure. But most programmers thought it was easier to use a single 32-bit number, instead of an array.
And so incompatabilities arise. It should not be difficult to baby step existing code to do things RIGHT using the IPv4 headers, then plunge into IPv6. In my case, I wrote libraries around BSD sockets, so all I need to do is change a small library, for older code, it may be more difficult.
I will be difficult, but I don't think for those reasons:
Verb tenses are not the problem. Every language can express every tense, just in a different way. Hard yes, impossible no.
Additionally, approximations work well enough. Ex. Most English readers couldn't tell you the difference between past tense and preterite(sp?) tense.
Grammar is easily defined. 90% of language could be described in a BNF. adv-adj-noun in one, noun-adj-adv in another. So what. That is probably the simplest part.
My interest would be in the meta-language design. Words by number? string? Grammar by parsing into a std format, or classifying each word? Are there multiple ways to organize a statement? What about this "word hierchy" they talk about. Quite cool there.
I think it is silly that we even HAVE top level domains. Sure, it is an easy way to split the database into a finite system, but that should have minimal performance improvements (remember your big O notation gentlemen, linear factors are irrelevant).
Why should I have to get mycompany.com, mycompany.net, mycompany.cc, mycompany.org... just to prevent my competitors from stealing my web traffic? Should'nt there be ONE www.mycompany?
What if I fill out the web forms to register the same domain at 2 different registrars? Ex. NSI is taking forever, so I just go to register.com and do it.
oooh! The fun! The havoc!
NSI has subscribed to the bes possible security flaw of all - The Slashdot effect. Now that they are hosed, noone can get to their accounts! (At least I cannot seem to get in - timeouts on the site galore)
Primary private keys don't get copied. They are P-R-I-V-A-T-E.
:)) And no copies exist. Making copies makes it no longer secure.
Example: The US govt stores private keys for on ONE computer, somewhere obscure, which has laser alarms, guards, etc. They even has computers where if someone touches them, they self erase to protect private keys!
Supposing MS is concerned about their keys, they would store those keys in one place, securely (probably on a Linux machine
A better idea is to make a second, entirely different key, that the NSA or some other trustable organization can store.
The original article made no sense to me. This was an attempt by the overreactive anti-Microsoft community to bring out yet another security flaw. Not that there aren't plenty already. The original article needed much more substantiation before it was brought to the press.
:)
Frankly, I mistrust the freely available download to patch the bug more than I mistrust Microsoft's response. What a great way to fool people into downloading a virus: Call it patch!
Ofcourse it is true: MS does have a back door in Windows, it's called "ActiveX" or "Microsoft Office"
Jordy nearly hit the nail on the head. To elaborate, I see two main issues:
1) Performance due to missing and wasted functionality. The "scroll" problem is because unlike Windows & Mac, X does not support a nice scrolling functions like "copy block up and only redraw the bottom line" like Windows does. And thus your hardware accelerated equivalent goes unused. X doesn't have the complex "update/validation regions" This shows it is missing key functions. It's just dated.
2) No single master wrapper exists, so there is no uniform interface. Windows + Mac enjoy tyranny, and thus conformity. So all apps look the same, act the same, and have the same look and feel.
The solution, if I may so boldly say, is to learn that competition is good, but cooperation is better. Compete for a new graphical protocol, compete for a new wrapper, then agree to use the winner. Doesn't KDE/Gnome/whatever promise this?