There's been a lot of recent news that modern humans in Europe and Asia interbred with Neandertals after they left Africa enough to show up in modern human genes (and some Asians interbred with other pre-modern humans over there), but that Africans who stayed in Africa didn't.
So did these genetic studies look for Neandertal markers, and if so, what did they find?
.info is a gTLD, running under ICANN rules. Since the only IP that ICANN cares about is Intellectual Property, not the Internet Protocol, you can expect that the Trademark Police want to control it. On the other hand, Afilias is registered in Ireland, not the US, so there's some chance of getting due process (to the extent that UDRP gives small players due process), compared to a US-based registrar (who tend to just roll over and play dead when requested.)
But.me is the ccTLD for Montenegro, so even if Afilias is cooperative about following ICANN's rules for.info, they should be using Montenegro's rules for.me. Hopefully you'd at least get a UDRP process before losing your name.
Infrared will blind you just as effectively as visible light lasers, and with visible light you can see the colored dot that tells you where you pointed it. If you can't aim at targets, you can't tell that you're hitting a target you weren't aiming at, and at least somebody who has a red dot show up on his chest knows to evade whoever's doing it.
I agree with you that bundles sound unlikely to be useful.
Spray paint or baseball bats are fast and easy, and a typical problem that criminals have is not how to steal something, but how to not get caught when selling it. I'm not sure how much market there is for police-model closed-circuit TV cameras that, uhh, fell off a truck.
It's probably Javascript - I'd normally blame Flash, but that's generally wrapped up in Plugincontainer,exe these days, and the CPU count shows up in Firefox.
That's SPIES, not spouses:-) Actually, no, it's not a mobo in the sense you're thinking of. It's a microcontroller board with a bunch of analog and digital inputs, though you can now support some higher-end input devices as well. SPI is a simple bus for chips to talk to each other, typically used for things like a D/A converter or accelerometer chip or EEPROM to talk to a controller chip.
After we're done slashdotting arduino.cc, go take a look around. Arduino makes an open hardware and software design for an 8-bit microcontroller board with a bunch of pins for analog and digital input and output, with a friendly C-based integrated development environment. Even if you're an artist and not an electronics engineer, it's a friendly easy-learning-curve environment for building electronics that respond to sensors, and taking technology that used to be opaque magic and turn it into transparent crafts you can understand.
Typical kinds of things people do with Arduinos are blink LEDs, use all sorts of input sensors for distance or temperature to control blinking LEDs, move servos or other motors, build simple robots, sew them into clothing so you can blink LEDs in time to music or when you wave your arms, turn on your lawn sprinklers when your plants are dry, that kind of stuff.
What this new release does is two main things - there's one new 8-bit board that's simpler, cheaper, and a bit more powerful, and there's another new board that has a 32-bit CPU and a lot more sensor I/O. The 8-bit designs are a somewhat limited programming environment (which is enough for a lot of things, and can be an intellectual puzzle if you like that sort of thing). The 32-bit design will let you do much more powerful projects, which may be especially useful for music or video, and it's still cheap and friendly.
Leonardo 32U4 vs. Smaller Atmel Chips
on
Arduino Goes ARM
·
· Score: 1
Arduino's current Uno design burns an entire Atmega chip converting USB to less-useful serial, matching what they used to do with a more specific serial chip, and it's difficult to really use the USB through that interface. The new Arduino Leonardo follows on that by using one of Atmega's newer chips that does USB functions as well as general processing in one chip, so it makes it easier to do a lot of the functions they mentioned, like keyboard and mouse protocols. The catch is that all of Atmel's AVR chips with the USB functions are in surface-mount packages, unlike the friendly DIPs that the 168 and 328 used, or 8-pin DIPs like the 45 and 85. It's a much cleaner and more efficient design, but I've got mixed feelings about the loss of user-accessibility compared to popping a chip into the Arduino and reprogramming it.
Dual core is still really useful
on
Arduino Goes ARM
·
· Score: 0
If you're running WIndows and one of your processes explodes, like Firefox seems to almost daily, and starts trying to burn up the entire CPU, it used to be a real problem, because the user interface became unresponsive. With dual-core, what usually happens is that one core gets burned up by Firefox, but the other one's available for other processes, like driving your UI or running mail or killing Firefox.
There are chiropractors who are total quacks, believing everything the early chiropractors promised and also newer newage woowoo stuff. There are also chiropractors who do really good physical therapy work and have a deep understanding of anatomy. I've been to both (:-) and my first chiropractor was also an MD.
Newer chiropractors tend to have gotten a lot better anatomy training than the old ones. My current one does believe a bit too much stuff about the efficacy of shining blue laser lights on skin (sigh), but she's also really good at rotator cuff problems and telling you what's going on with which muscles, what you're doing that messes them up, and exercises to strengthen the things that need it. She's also pretty good at lower back issues, ok with wrist problems, and doesn't really know much about other hand problems but knows she doesn't know that.
Yeah, I probably should have gone into more detail. They're ok when they work, except when they're broken, which they often are, but the better alternative is short-expiration-time certs, unless you're also trusting already-expired certificates, which most people do, in which case both common approaches are broken.
If we had shipped DNSSEC back before web commerce became widespread, we'd be in a lot better shape. You'd be able to know that the public key you had for microsoft.com was owned by the people who'd registered the name microsoft.com with the.com domain registry, and that the public key you had for www.microsoft.com was certified by the people who owned the name microsoft.com. It's not perfect - you'd have just as much certainty that the public key you had for mocrosoft.cm was owned by the people who'd registered that name with the.cm domain registry, which wouldn't tell you anything about whether it was really Bill Gates's company - but at least you'd know that if you were talking to www.microsoft.com, the only people who could eavesdrop were the people who ran the website you were talking to.
There were organizational/political reasons this didn't happen. The NSA/FBI/etc. used the anti-Communist ITAR rules to prevent export of DNSSEC code, even a "bones" version that John Gilmore developed that didn't include the crypto modules, and the RSA patent made it difficult to use it even in the US. And once ICANN took over the domain name business, it was obvious that the only IP they cared about was Intellectual Property, not the Internet Protocol, and they dragged their heels for years, probably partly as a favor to the US government, who'd given them their quasi-monopoly position and could take it away from them if it wanted.
There were also technical issues - the protocol had to make tradeoffs between the people who wanted perfect security and the people who wanted scalability, and while certifying the properties of domain names that do exist scales really well, certifying the non-existence of domain names that don't exist is a lot trickier, but the perfect-security folks thought it needed to be done. And error handling is hard - DNS resolvers usually live at a part of the protocol stack and applications infrastructure that doesn't have a user interface, and they have to handle cases like "here's the IP address but the certificate's invalid, do you want to connect anyway?" and "here's the IP address but the cert's invalid" and "that IP address has a reverse-lookup that resolves to 42 different names, 13 of which have matching forward certificates" and such.
It's not like the current CA system doesn't have serious problems as well, but it did get there first, which carries a lot of infrastructural weight, especially when the people running the DNS system are also selling CAs.
The current system is that your browser ships with a bunch of CA's listed in it, many of which are currently in business, and some of which are trustable, and some of which are random corporate leftovers run by shadowy anonymous figures, and if you're like most people you haven't bothered listing them (or if you did, it was years ago.) So from a technical standpoint, perhaps you're in deep trouble, but it's your own fault because you didn't look. See figure 1.
From a business/financial standpoint, it's different. Many of those CAs are run by reputable firms, whose business models are that they'll give a certificate to anybody who pays them $100 (or whatever the going rate is this year), and they'll certify that the payer's credit card was good, and maybe, just maybe, they'll only deliver the SSL certificate to an email address or web site that matches the keys they just certified, or do some similarly minimal level of validation. Some of the CAs, of course, require more documentation, charge more money, and provide methods for a user to validate one of their certificates other than using it and seeing if their browser flagged it. But not everybody uses those CAs - Microsoft.com probably does, and Microsfot.cm probably doesn't. So from a business/financial standpoint, you're in sort of the same condition you were in in the previous paragraph, except that you can rely on the financial guarantees that the CA gave you, the user of a browser that trusted their certificate, unless you didn't pay them anything, in which case you should also see figure 1.
Back to technology, there's the problem of whether a certificate is still good. That's backed by three things, expiration dates on the certificates, ability to validate a certificate chain, and revocation lists that the CAs provide to deal with the problem of certificates that were compromised before they expired. Expiration dates on most certificates tend to either be the remaining fraction of one year (because the CA is charging for them on an annual bases) or "already expired". And that certificate chain's useful, if the CAs on it are still in business and their certificates haven't already expired, unless their certification system has been compromised without being detected, in which case see figure 1.
And then there's the user interface issue - if you're directly using a browser, and everything's good, it'll probably turn a little lock icon green, which you won't notice. Otherwise, it'll give you a dialog box, "Security problem - See figure 1 [Click OK]", and you'll click OK, and you'll either feel fine, or you'll have this little nagging feeling that something was wrong, but you're not sure what.
And then there's the financial layer again. If the certificate was protecting your credit card number, and you're in the US, you're liable for at most $50 if it got stolen, and otherwise it was probably just protecting your Facebook account, in which case the worst that'll happen is somebody posting rude notes to your friends, or overwatering the shrubbery in your farm. So fundamentally, you don't care that the CA system is broken.
One of the advantages of having been one of the early cypherpunks is that I got to watch a lot of this stuff develop, see many of the things that were done right or wrong, and know a lot of people who are either much smarter than I am (too many of them to list here) or who went out and Did The Right Thing at the Right Time (special shout-out to the Netscape folks, who went and shipped encryption for free even though the legality was dubious, which not only catalyzed the internet commerce business but broke the government's anti-crypto stronghold.) Lots of the solutions that shipped weren't perfect, and lots of the solutions that were Perfect never shipped, and lots of the solutions people spent time on didn't have problems associated with them, but it did still transform the world.
IPv6 security options can give you end-to-end encryption similar to what IPSEC gives you, if you always turn it on.
End to end encryption means that nobody can eavesdrop on connections that you've set up to the party on the far end. If that party is actually the party you think they are, and they're somebody you should trust, that's a Good Thing - if they're a Man In The Middle, you lose (though it reduces the number of ankle-biters who might be trying to eavesdrop on you, and it's kind of comforting to know that your credit card is only being stolen by the Russian Mafia and not by the other people in the coffee shop with you.)
End to End Encryption doesn't give you a way to authenticate connections to people you don't already know. That's a job for certification authorities, or somebody doing a similar job. If you do already know the party at the other end, and have an authenticated connection of some kind (like a pre-shared key or a SecureID token or a courier with a briefcase handcuffed to his arm or a yellow sticky note or a PGP key on a business card that somebody who wasn't an impostor handed you ), end-to-end encryption systems can do things like Diffie-Hellman key exchange to bootstrap that into a full connection.
"Every organization has access to its own key in DNS" is an assertion about the DNS system, not the network or transport protocols. It sounds like you're thinking about DNSSEC, which _should_ have been deployed decades ago (but among other problems, they were blocked by the US ITAR anti-crypto mafiosi.) If DNSSEC had been deployed properly along with the DNS system, you could be sure that if you had the correct IP address for microsoft.com, you'd also have the correct public key for setting up connections to microsoft.com's web site, and if you have the correct IP address for m1cr0s0tf.com, you'd also have the correct public key for setting up connections to m1cr0s0tf.com, which might or might not be somebody you want to talk to.
IPSEC as a wrapper is closely related to the early IPv6 security models. It does provide eavesdropping protection and/or session integrity protection, but it doesn't solve the problem of identifying the party at the other end of the connection - it leaves that to other applications, typically hand-installed pre-shared passwords or else password tokens.
Not only does SSL operate at a different level of the protocol stack, but the important problem it's trying to solve isn't just the eavesdropping, it's primarily the authentication of the party at the other end of the connection.
They were the ones who certified Enron's accounts, claiming their books weren't cooked. Oops, it turned out that the books were cooked, and the company whose trade was supposed to be giving you an honest estimate of a company's financial status was exposed as not doing that, and they vanished nearly overnight. (There are leftovers, like their consulting business, but even they changed their name.)
On the other hand, of course there are the bond rating agencies like Moody's and S&P who rated AIG and the banks and all those CDOs as AAA low risk, when many of them were in fact Junk--, and they're still around. But Diginotar doesn't have the same level of governmental backing that the US rating agencies have.
I'm assuming this is at a university - are there other facilities available already?
How long will the CPU-burning requirements last? Does it make sense to buy hardware, or to rent time on Amazon's cloud? Is it worth spending a month of programmer time to port to GPU/DSP if it saves you three months of computation? Have you done any models on what you need?
When you say "CPU-bound", what do you mean? Is it fixed-point or floating-point? What precision? Is it large-memory or small-memory? Is it a standard problem space, like image processing or cryptography? For some problems, e.g. small memory fixed-point, you can buy DSP boards that will be several orders of magnitude faster than generic PC hardware, and won't require much application porting.
Do you have a spare grad student to do hardware/sysadmin grunt work? For 4000 pounds, you can probably buy about 40 sets of motherboard+power supply, if you have a grunt to build boxes for them, or about 20 sets of pre-built desktop PCs, or about 4 high-end Dell rack servers.
Google mapped SSIDs as a side project of driving their StreetView camera cars everywhere. If that had been all they'd done, they probably wouldn't have been bothered by the government, but as was widely reported, they also recorded a lot of actual Wifi user traffic at the same time, in addition to the SSIDs themselves. That really annoyed a lot of people, leading to government investigations into Google's data collection.
So this was a project that was well-known for not foreseeing really obvious stuff:-)
The service Google is talking about here tracks the physical location of Wifi hubs by SSID, and because of regulatory pressure they're letting the Wifi hub users opt out. But how are they going to do that? Let anybody fill out a web form saying "SSID '12345678' is mine" and opt out? (Or at least implement some minimal security by requiring you to also provide the street address, so they can validate that you know where that SSID is, though you could still forge an opt-out for your local Starbucks?)
One thing they don't talk about is whether they're tracking anything by IP address, or just by SSID. I'd really like to tell them not to track anything from my Wifi Access Point's IP address:-)
Meanwhile, I'm the owner of "linksys" - please opt me out!
There's a big difference between not paying your creditors back for money you've already borrowed and either laying off Federal employees or telling them they can keep working at half-salary. Not only is not paying your creditors unconstitutional, but it makes it really hard to borrow more money for them in the future, and until the economy's in good shape, both parties want to run a deficit because they don't have the political will to raise taxes to cover the spending they want.
Radical sudden austerity is really unpleasant, but if you stiff your creditors, then you'll find yourself having to do just as much austerity, and permanently instead of merely temporarily.
There's no surprise it's being announced when the Republican Tea Party primary warmup debates are going on. Obama couldn't get the Debt Ceiling deal done without giving away 3/4 of the store, when not doing so would have supposedly caused a Constitutional crisis (it wouldn't have actually caused the US to default, in spite of what Obama and the Tea Partiers said, but would have caused massive cuts in Social Security checks and Federal paychecks.) And he's pretending that he can announce a "Jobs Bill" and expect a Republican House to pass any of it just on his say-so?
In fact that's where I got mine the last time I had it, and no, it's not actually very good once you're an adult.:-) Back in the late 80s, I was working on air-traffic control systems design, and on one trip we actually had a free half-day in DC, so my coworker and I got to go to the museum and say we were doing it "for business reasons!" The ATC stuff they had was mainly for local tower control, and we were working on wide-area systems that trip, so it wasn't directly related, but it was the first place we got to look at the real stuff instead of endless reams of documentation. (And we didn't bother making excuses for why we had to go to the National Gallery - there was a good Impressionists exhibit in town.) Fortunately for us, our company didn't win the design bid for that system, and IBM were the poor suckers who won and had to implement that impossibly overspecified mess with full mil-spec development standards and everything - they finished years behind schedule and billions over budget.
Slashdot Mirror
There's been a lot of recent news that modern humans in Europe and Asia interbred with Neandertals after they left Africa enough to show up in modern human genes (and some Asians interbred with other pre-modern humans over there), but that Africans who stayed in Africa didn't.
So did these genetic studies look for Neandertal markers, and if so, what did they find?
.info is a gTLD, running under ICANN rules. Since the only IP that ICANN cares about is Intellectual Property, not the Internet Protocol, you can expect that the Trademark Police want to control it. On the other hand, Afilias is registered in Ireland, not the US, so there's some chance of getting due process (to the extent that UDRP gives small players due process), compared to a US-based registrar (who tend to just roll over and play dead when requested.)
But .me is the ccTLD for Montenegro, so even if Afilias is cooperative about following ICANN's rules for .info, they should be using Montenegro's rules for .me. Hopefully you'd at least get a UDRP process before losing your name.
Will it help you get to the cake?
Infrared will blind you just as effectively as visible light lasers, and with visible light you can see the colored dot that tells you where you pointed it. If you can't aim at targets, you can't tell that you're hitting a target you weren't aiming at, and at least somebody who has a red dot show up on his chest knows to evade whoever's doing it.
I agree with you that bundles sound unlikely to be useful.
Spray paint or baseball bats are fast and easy, and a typical problem that criminals have is not how to steal something, but how to not get caught when selling it. I'm not sure how much market there is for police-model closed-circuit TV cameras that, uhh, fell off a truck.
It's probably Javascript - I'd normally blame Flash, but that's generally wrapped up in Plugincontainer,exe these days, and the CPU count shows up in Firefox.
That's SPIES, not spouses :-) Actually, no, it's not a mobo in the sense you're thinking of. It's a microcontroller board with a bunch of analog and digital inputs, though you can now support some higher-end input devices as well. SPI is a simple bus for chips to talk to each other, typically used for things like a D/A converter or accelerometer chip or EEPROM to talk to a controller chip.
After we're done slashdotting arduino.cc, go take a look around. Arduino makes an open hardware and software design for an 8-bit microcontroller board with a bunch of pins for analog and digital input and output, with a friendly C-based integrated development environment. Even if you're an artist and not an electronics engineer, it's a friendly easy-learning-curve environment for building electronics that respond to sensors, and taking technology that used to be opaque magic and turn it into transparent crafts you can understand.
Typical kinds of things people do with Arduinos are blink LEDs, use all sorts of input sensors for distance or temperature to control blinking LEDs, move servos or other motors, build simple robots, sew them into clothing so you can blink LEDs in time to music or when you wave your arms, turn on your lawn sprinklers when your plants are dry, that kind of stuff.
What this new release does is two main things - there's one new 8-bit board that's simpler, cheaper, and a bit more powerful, and there's another new board that has a 32-bit CPU and a lot more sensor I/O. The 8-bit designs are a somewhat limited programming environment (which is enough for a lot of things, and can be an intellectual puzzle if you like that sort of thing). The 32-bit design will let you do much more powerful projects, which may be especially useful for music or video, and it's still cheap and friendly.
Arduino's current Uno design burns an entire Atmega chip converting USB to less-useful serial, matching what they used to do with a more specific serial chip, and it's difficult to really use the USB through that interface. The new Arduino Leonardo follows on that by using one of Atmega's newer chips that does USB functions as well as general processing in one chip, so it makes it easier to do a lot of the functions they mentioned, like keyboard and mouse protocols. The catch is that all of Atmel's AVR chips with the USB functions are in surface-mount packages, unlike the friendly DIPs that the 168 and 328 used, or 8-pin DIPs like the 45 and 85. It's a much cleaner and more efficient design, but I've got mixed feelings about the loss of user-accessibility compared to popping a chip into the Arduino and reprogramming it.
If you're running WIndows and one of your processes explodes, like Firefox seems to almost daily, and starts trying to burn up the entire CPU, it used to be a real problem, because the user interface became unresponsive. With dual-core, what usually happens is that one core gets burned up by Firefox, but the other one's available for other processes, like driving your UI or running mail or killing Firefox.
There are chiropractors who are total quacks, believing everything the early chiropractors promised and also newer newage woowoo stuff. There are also chiropractors who do really good physical therapy work and have a deep understanding of anatomy. I've been to both (:-) and my first chiropractor was also an MD.
Newer chiropractors tend to have gotten a lot better anatomy training than the old ones. My current one does believe a bit too much stuff about the efficacy of shining blue laser lights on skin (sigh), but she's also really good at rotator cuff problems and telling you what's going on with which muscles, what you're doing that messes them up, and exercises to strengthen the things that need it. She's also pretty good at lower back issues, ok with wrist problems, and doesn't really know much about other hand problems but knows she doesn't know that.
Yeah, I probably should have gone into more detail. They're ok when they work, except when they're broken, which they often are, but the better alternative is short-expiration-time certs, unless you're also trusting already-expired certificates, which most people do, in which case both common approaches are broken.
Sorry. It's classic Intermet jargon from the days that figures were typically ASCII art. Here's the first example I found on Google.
If we had shipped DNSSEC back before web commerce became widespread, we'd be in a lot better shape. You'd be able to know that the public key you had for microsoft.com was owned by the people who'd registered the name microsoft.com with the .com domain registry, and that the public key you had for www.microsoft.com was certified by the people who owned the name microsoft.com. It's not perfect - you'd have just as much certainty that the public key you had for mocrosoft.cm was owned by the people who'd registered that name with the .cm domain registry, which wouldn't tell you anything about whether it was really Bill Gates's company - but at least you'd know that if you were talking to www.microsoft.com, the only people who could eavesdrop were the people who ran the website you were talking to.
There were organizational/political reasons this didn't happen. The NSA/FBI/etc. used the anti-Communist ITAR rules to prevent export of DNSSEC code, even a "bones" version that John Gilmore developed that didn't include the crypto modules, and the RSA patent made it difficult to use it even in the US. And once ICANN took over the domain name business, it was obvious that the only IP they cared about was Intellectual Property, not the Internet Protocol, and they dragged their heels for years, probably partly as a favor to the US government, who'd given them their quasi-monopoly position and could take it away from them if it wanted.
There were also technical issues - the protocol had to make tradeoffs between the people who wanted perfect security and the people who wanted scalability, and while certifying the properties of domain names that do exist scales really well, certifying the non-existence of domain names that don't exist is a lot trickier, but the perfect-security folks thought it needed to be done. And error handling is hard - DNS resolvers usually live at a part of the protocol stack and applications infrastructure that doesn't have a user interface, and they have to handle cases like "here's the IP address but the certificate's invalid, do you want to connect anyway?" and "here's the IP address but the cert's invalid" and "that IP address has a reverse-lookup that resolves to 42 different names, 13 of which have matching forward certificates" and such.
It's not like the current CA system doesn't have serious problems as well, but it did get there first, which carries a lot of infrastructural weight, especially when the people running the DNS system are also selling CAs.
The current system is that your browser ships with a bunch of CA's listed in it, many of which are currently in business, and some of which are trustable, and some of which are random corporate leftovers run by shadowy anonymous figures, and if you're like most people you haven't bothered listing them (or if you did, it was years ago.) So from a technical standpoint, perhaps you're in deep trouble, but it's your own fault because you didn't look. See figure 1.
From a business/financial standpoint, it's different. Many of those CAs are run by reputable firms, whose business models are that they'll give a certificate to anybody who pays them $100 (or whatever the going rate is this year), and they'll certify that the payer's credit card was good, and maybe, just maybe, they'll only deliver the SSL certificate to an email address or web site that matches the keys they just certified, or do some similarly minimal level of validation. Some of the CAs, of course, require more documentation, charge more money, and provide methods for a user to validate one of their certificates other than using it and seeing if their browser flagged it. But not everybody uses those CAs - Microsoft.com probably does, and Microsfot.cm probably doesn't. So from a business/financial standpoint, you're in sort of the same condition you were in in the previous paragraph, except that you can rely on the financial guarantees that the CA gave you, the user of a browser that trusted their certificate, unless you didn't pay them anything, in which case you should also see figure 1.
Back to technology, there's the problem of whether a certificate is still good. That's backed by three things, expiration dates on the certificates, ability to validate a certificate chain, and revocation lists that the CAs provide to deal with the problem of certificates that were compromised before they expired. Expiration dates on most certificates tend to either be the remaining fraction of one year (because the CA is charging for them on an annual bases) or "already expired". And that certificate chain's useful, if the CAs on it are still in business and their certificates haven't already expired, unless their certification system has been compromised without being detected, in which case see figure 1.
And then there's the user interface issue - if you're directly using a browser, and everything's good, it'll probably turn a little lock icon green, which you won't notice. Otherwise, it'll give you a dialog box, "Security problem - See figure 1 [Click OK]", and you'll click OK, and you'll either feel fine, or you'll have this little nagging feeling that something was wrong, but you're not sure what.
And then there's the financial layer again. If the certificate was protecting your credit card number, and you're in the US, you're liable for at most $50 if it got stolen, and otherwise it was probably just protecting your Facebook account, in which case the worst that'll happen is somebody posting rude notes to your friends, or overwatering the shrubbery in your farm. So fundamentally, you don't care that the CA system is broken.
One of the advantages of having been one of the early cypherpunks is that I got to watch a lot of this stuff develop, see many of the things that were done right or wrong, and know a lot of people who are either much smarter than I am (too many of them to list here) or who went out and Did The Right Thing at the Right Time (special shout-out to the Netscape folks, who went and shipped encryption for free even though the legality was dubious, which not only catalyzed the internet commerce business but broke the government's anti-crypto stronghold.) Lots of the solutions that shipped weren't perfect, and lots of the solutions that were Perfect never shipped, and lots of the solutions people spent time on didn't have problems associated with them, but it did still transform the world.
IPv6 security options can give you end-to-end encryption similar to what IPSEC gives you, if you always turn it on.
End to end encryption means that nobody can eavesdrop on connections that you've set up to the party on the far end. If that party is actually the party you think they are, and they're somebody you should trust, that's a Good Thing - if they're a Man In The Middle, you lose (though it reduces the number of ankle-biters who might be trying to eavesdrop on you, and it's kind of comforting to know that your credit card is only being stolen by the Russian Mafia and not by the other people in the coffee shop with you.)
End to End Encryption doesn't give you a way to authenticate connections to people you don't already know. That's a job for certification authorities, or somebody doing a similar job. If you do already know the party at the other end, and have an authenticated connection of some kind (like a pre-shared key or a SecureID token or a courier with a briefcase handcuffed to his arm or a yellow sticky note or a PGP key on a business card that somebody who wasn't an impostor handed you ), end-to-end encryption systems can do things like Diffie-Hellman key exchange to bootstrap that into a full connection.
"Every organization has access to its own key in DNS" is an assertion about the DNS system, not the network or transport protocols. It sounds like you're thinking about DNSSEC, which _should_ have been deployed decades ago (but among other problems, they were blocked by the US ITAR anti-crypto mafiosi.) If DNSSEC had been deployed properly along with the DNS system, you could be sure that if you had the correct IP address for microsoft.com, you'd also have the correct public key for setting up connections to microsoft.com's web site, and if you have the correct IP address for m1cr0s0tf.com, you'd also have the correct public key for setting up connections to m1cr0s0tf.com, which might or might not be somebody you want to talk to.
IPSEC as a wrapper is closely related to the early IPv6 security models. It does provide eavesdropping protection and/or session integrity protection, but it doesn't solve the problem of identifying the party at the other end of the connection - it leaves that to other applications, typically hand-installed pre-shared passwords or else password tokens.
Not only does SSL operate at a different level of the protocol stack, but the important problem it's trying to solve isn't just the eavesdropping, it's primarily the authentication of the party at the other end of the connection.
They were the ones who certified Enron's accounts, claiming their books weren't cooked. Oops, it turned out that the books were cooked, and the company whose trade was supposed to be giving you an honest estimate of a company's financial status was exposed as not doing that, and they vanished nearly overnight. (There are leftovers, like their consulting business, but even they changed their name.)
On the other hand, of course there are the bond rating agencies like Moody's and S&P who rated AIG and the banks and all those CDOs as AAA low risk, when many of them were in fact Junk--, and they're still around. But Diginotar doesn't have the same level of governmental backing that the US rating agencies have.
UUUUUUUUU
The umber hulk hits! - more
The umber hulk hits! - more
The umber hulk hits! - more
You die - more
I'm assuming this is at a university - are there other facilities available already?
How long will the CPU-burning requirements last? Does it make sense to buy hardware, or to rent time on Amazon's cloud? Is it worth spending a month of programmer time to port to GPU/DSP if it saves you three months of computation? Have you done any models on what you need?
When you say "CPU-bound", what do you mean? Is it fixed-point or floating-point? What precision? Is it large-memory or small-memory? Is it a standard problem space, like image processing or cryptography? For some problems, e.g. small memory fixed-point, you can buy DSP boards that will be several orders of magnitude faster than generic PC hardware, and won't require much application porting.
Do you have a spare grad student to do hardware/sysadmin grunt work? For 4000 pounds, you can probably buy about 40 sets of motherboard+power supply, if you have a grunt to build boxes for them, or about 20 sets of pre-built desktop PCs, or about 4 high-end Dell rack servers.
Google mapped SSIDs as a side project of driving their StreetView camera cars everywhere. If that had been all they'd done, they probably wouldn't have been bothered by the government, but as was widely reported, they also recorded a lot of actual Wifi user traffic at the same time, in addition to the SSIDs themselves. That really annoyed a lot of people, leading to government investigations into Google's data collection.
So this was a project that was well-known for not foreseeing really obvious stuff :-)
The service Google is talking about here tracks the physical location of Wifi hubs by SSID, and because of regulatory pressure they're letting the Wifi hub users opt out. But how are they going to do that? Let anybody fill out a web form saying "SSID '12345678' is mine" and opt out? (Or at least implement some minimal security by requiring you to also provide the street address, so they can validate that you know where that SSID is, though you could still forge an opt-out for your local Starbucks?)
One thing they don't talk about is whether they're tracking anything by IP address, or just by SSID. I'd really like to tell them not to track anything from my Wifi Access Point's IP address :-)
Meanwhile, I'm the owner of "linksys" - please opt me out!
There's a big difference between not paying your creditors back for money you've already borrowed and either laying off Federal employees or telling them they can keep working at half-salary. Not only is not paying your creditors unconstitutional, but it makes it really hard to borrow more money for them in the future, and until the economy's in good shape, both parties want to run a deficit because they don't have the political will to raise taxes to cover the spending they want.
Radical sudden austerity is really unpleasant, but if you stiff your creditors, then you'll find yourself having to do just as much austerity, and permanently instead of merely temporarily.
There's no surprise it's being announced when the Republican Tea Party primary warmup debates are going on. Obama couldn't get the Debt Ceiling deal done without giving away 3/4 of the store, when not doing so would have supposedly caused a Constitutional crisis (it wouldn't have actually caused the US to default, in spite of what Obama and the Tea Partiers said, but would have caused massive cuts in Social Security checks and Federal paychecks.) And he's pretending that he can announce a "Jobs Bill" and expect a Republican House to pass any of it just on his say-so?
In fact that's where I got mine the last time I had it, and no, it's not actually very good once you're an adult. :-) Back in the late 80s, I was working on air-traffic control systems design, and on one trip we actually had a free half-day in DC, so my coworker and I got to go to the museum and say we were doing it "for business reasons!" The ATC stuff they had was mainly for local tower control, and we were working on wide-area systems that trip, so it wasn't directly related, but it was the first place we got to look at the real stuff instead of endless reams of documentation. (And we didn't bother making excuses for why we had to go to the National Gallery - there was a good Impressionists exhibit in town.) Fortunately for us, our company didn't win the design bid for that system, and IBM were the poor suckers who won and had to implement that impossibly overspecified mess with full mil-spec development standards and everything - they finished years behind schedule and billions over budget.