Err, don't you just forward the appropriate port and...poof!...it works behind NAT? Or do they mean on multiple machines behind a NAT, each with its own client/connection?
Nitpick...5.32379*10^28 per person, assuming a world population of 6,391,727,078, which is the current world population estimate according to the US census bureau.
That means one address for each atom in a pile of carbon that weighs 2369 lbs! (88435 moles)
I have an emergency OS X (10.3.5) boot partition on my iPod, so I can boot my machine over firewire in the event of a disk problem. Ta-Da! I think having the option to ban external storage devices is a great feature for an OS to have. But I'm sure there are ways to fool it into thinking it's an internal disk or something.
Bah, I've read a lot of crypto books (just got my MS in Computer Science - Information Assurance) and I can't ever remember seeing a Mallory, just our friends Alice, Bob, and Eve.
I agree. By this same logic, if someone steals a CD from a record store, then the loss stated by the record store should only be the cost of buying that CD from the publisher, NOT the retail price of the CD, because they only lose the amount they SPENT on the CD. As for the publisher, they can only claim how much the physical production of the CD cost, + whatever they had to pay the artist to get their work (tiny fractions of pennies per CD).
Incorrect...I remember when I first heard of these sometime in 2000, and I looked her up on the UW directory server (she still went there) and her last name was indeed Heoler or Hoeler or whatever the file was labeled, not Heller. I believe she lived in either Sellery or Ogg, maybe Witte (I used to go there). I also read an article that she was mobbed upon returning to school and had to move into a private dorm, and left school soon thereafter (I believe).
Yeah, transfering 4.7GB of data across the internet was totally out of the question in 1997 (unless you were in college on ethernet), but now I could grab a 4.7GB image from a Torrent within a day with my cable modem connection. So what'll stop us from downloading 200GB super-HD movies across our mega-super-broadband in 2011? Didn't RFTA.
It doesn't, it shows the insensitivity and ignorance of US marketers to cultures other than American. "No one would notice"? They've got to be kidding, after all the most common first name in the world is Muhammad.
Ha, no joke to me friend, my wonderful Mac only has firewire and USB 1.1 Is it so hard to put a firewire port on these devices? Come on, it can't cost THAT much more....or offer 2 models.
Sorry, I realize this post came off kind of negative. I totally agree that having a phone that plays games and does internet- stuff is handy, heck I read the news on the bus on the way to work on my krappy Sprint phone, but when everyone jumps on the bandwagon without any real thought to how the devices work, that's when the trouble starts. Kind of like how it's now accepted practice to "turn off anti-virus software when installing this program", what if that program installs a virus?....no one thinks about that. Being responsible and mindful of the stuff you run is important.
Plus, I'm just sick of simple devices being upgraded into uselessness. My cell phone occasionally crashes and I have to pop off the battery to reboot it....that just sucks, it's a cell-phone for christ sake, not a full-fledged operating system. They should some better embedded system programmers.
Yes, it's true you would have to worry about carrying around another gadget, but at least a gadget to play downloaded games from an untrusted source can't make phone calls that cost you money. It's called seperation of privilage, and if one device does everything all you have to get it one bad apple application and you're toast.
This is why Microsoft software can be exploited with such great success, becuase all the applications are tightly bound together, making it easy for an attacker to write an ActiveX contol on a web page that then talks to Outlook and harvests email addys, then goes over your SAM file and extracts your password hash for offline cracking, etc. Maybe better software sandboxing can fix this, but I want a phone with all the code in ROM or flashed in by the manufacturer, so it's a nice, controlled environment.
It's a trade-off between convenience and security. The more features you add, and the easier it is to use those features ("Download untrusted game content? OK!"), the more trouble you can get into. Some day when you have an electronic wallet will you play untrusted games on it, allowing it to send all your money instantly to some guy in Romania? It's a matter of putting all your eggs in one basket.
And yes, I can imagine a networked toaster than can download new images to burn on your toast via a matrix of grid elements (I've already seen this in the "Hardware Hacking Projects for Geeks" book, what if they commercialized it and you could download image files?), and what if you had an alarmclock that would wake you up earlier if there was bad traffic? Those are both strong possibilities; after all, 15 years ago who would have thought we'd have TiVO, all they could imagine would be feasible would be a VCR at that point.
As much of a technophile as I am, I'm starting to see a disturbing trend in technology...nifty new technology that's supposed to make your life more convenient (TiVO, VoIP, multi-function cell phones) almost always end up having problems, and end up creating a lot of stress and headache (although whether this negates the device's 'usefulness' is debatable, obviously). We've had telephones for quite a while now, same thing with cars, TV, etc, but all of a sudden there are troubleshooting prodecures for everything.
I don't want to live in a world where I have to download patches and updates for my phone, TV, cell phone, alarmclock, bathroom scale, toaster, fridge, etc, every other week, or worry about them charging me money or disclosing private information. Some things work just great already and don't need all sorts of crazy upgrading, networking, or convergence. If you had a portable game thingy (not connected to any network) to play 'Mosquitoes', you wouldn't have to worry about this!
Republicans are what we call "Virtucrats", who espouse the virtues of marriage (MUST be between a man and a woman) and other institutions (like constant sobriety, except from alcohol of course), and feel that their views need to be applied to everyone. Somehow two men or two women being married HURTS their marriages to their wives and makes it less meaningful, even though these actions have NO EFFECT on them. Allowing gays and lesbians to get married does not open the door to the dilution of marriage's meaning, although I would say that drive-through marriages in Vegas does, but you don't see them campaigning against that! Let people do what they want to do, and stop making decicions for them.
1) go up and accept your check
2) nod and smile alot
3) donate your check back to the charity
4) ???
5) Profit!!
Sorry, it's not even funny, but I had to.....bahaha!
Or scanning the crowd looking for someone they're meeting. What, exactly, about "darting eyes" indicates criminal or suspicious behavior?
Haven't you seen the Simpsons episode featuring Mel Gibson and and remake of "Mr. Smith Goes to Washington?" It's obvious the dog is to blame....dum dum DUM!
When I was about 11 I had a Nintendo controller called Max (had some slidey thing in place of the standard d-pad, easier to control) that stopped working after being hung by the cord across the freshly turned-on TV screen too many times. Lots of voltage + nice conducting controller cord + controller = bad.
So my Dad, being the EE guys he is, rummages around through some random bins of ICs in our basement, finds a replacement for this totally random chip, removes the old one and pops in the new one, and it still worked fine 7 or 8 years later.
The whole idea of EALs within the Common Criteria (CC) is that they are based on something called a Protection Profile (PP). This basically lays out what kind of environment the system will live in, and what threats the system needs to protect itself against. If the systems meets the requirements of protection laid out in the PP, it can be granted increasingly higher EAL levels the more thoroughly it can be proven that the system can protect itself according to the protection profile.
Windows' EAL4 rating is based on a NON-HOSTILE Protection profile (also known as a Common Access Protection Profile (CAPP)), meaning that hardly any threats were listed on its' PP. A quote from this site says it all:
5. Setting a Low Bar
An important part of the CC is the Protection Profile, a standardized statement of requirements for what a given kind of product should do. In many cases, these standardized documents set a low bar for security. Windows 2000, for example, was certified against the Common Access Protection Profile[3], which
... provides for a level of protection, which is appropriate for an assumed non-hostile, and well-managed user community requiring protection against threats of inadvertent or casual attempts to breach the system security. The profile is not intended to be applicable to circumstances in which protection is required against determined attempts by hostile and well-funded attackers to breach system security. The CAPP does not fully address the threats posed by malicious system development or administrative personnel.
Jonathan Shapiro at Johns Hopkins has done a great job of translating that into colloquial English[4]:
Don't hook this to the Internet, don't run email, don't install software unless you can 100% trust the developer, and if anybody who works for you turns out to be out to get you, you are toast.
In the real world, Windows 2000 systems require protections beyond the low bar set by the CAPP. Nonetheless, defense buyers are free to purchase and deploy off-the-shelf Windows boxes: They simply check the box marked "EAL4". Checkbox security is fraught with risk.
So if you say "This system will never be hooked up to anything that could possibly be malicious", it is very easy to say "Yes, in this setting, Windows lives up to its' PP quite well!" and give it an EAL4. Pure crap.
This is absolutely correct; I bought a rev 2 (or whatever, around Feb '01) PS2 I've had to send in for official Sony repair TWICE since I bought it. For anyone who doesn't know, if your PS2 starts destroying games (as mine did twice, scratching the hell out of them with circular grooves), they'll not only repair your PS2 for free (regardless of warranty), but they'll send you a check for the full, original retail value of the games. Crappy hardware, but good customer service.
Why is Serpent better than Rinjadel? Hardware AES is fast enough to encrypt streaming HDTV (I think), and if you had a machine that could crack DES (yes, single DES) in like 1 minute it would take something like 100 trillion years to crack AES with that same machine.
Slashdot Mirror
Err, don't you just forward the appropriate port and ...poof!...it works behind NAT? Or do they mean on multiple machines behind a NAT, each with its own client/connection?
Nitpick...5.32379*10^28 per person, assuming a world population of 6,391,727,078, which is the current world population estimate according to the US census bureau.
That means one address for each atom in a pile of carbon that weighs 2369 lbs! (88435 moles)
I have an emergency OS X (10.3.5) boot partition on my iPod, so I can boot my machine over firewire in the event of a disk problem. Ta-Da! I think having the option to ban external storage devices is a great feature for an OS to have. But I'm sure there are ways to fool it into thinking it's an internal disk or something.
MOD PARENT TROLL! Sneaky, but not all that sneaky
Bah, I've read a lot of crypto books (just got my MS in Computer Science - Information Assurance) and I can't ever remember seeing a Mallory, just our friends Alice, Bob, and Eve.
I agree. By this same logic, if someone steals a CD from a record store, then the loss stated by the record store should only be the cost of buying that CD from the publisher, NOT the retail price of the CD, because they only lose the amount they SPENT on the CD. As for the publisher, they can only claim how much the physical production of the CD cost, + whatever they had to pay the artist to get their work (tiny fractions of pennies per CD).
Incorrect...I remember when I first heard of these sometime in 2000, and I looked her up on the UW directory server (she still went there) and her last name was indeed Heoler or Hoeler or whatever the file was labeled, not Heller. I believe she lived in either Sellery or Ogg, maybe Witte (I used to go there). I also read an article that she was mobbed upon returning to school and had to move into a private dorm, and left school soon thereafter (I believe).
Yeah, transfering 4.7GB of data across the internet was totally out of the question in 1997 (unless you were in college on ethernet), but now I could grab a 4.7GB image from a Torrent within a day with my cable modem connection. So what'll stop us from downloading 200GB super-HD movies across our mega-super-broadband in 2011? Didn't RFTA.
It doesn't, it shows the insensitivity and ignorance of US marketers to cultures other than American. "No one would notice"? They've got to be kidding, after all the most common first name in the world is Muhammad.
Ha, no joke to me friend, my wonderful Mac only has firewire and USB 1.1 Is it so hard to put a firewire port on these devices? Come on, it can't cost THAT much more....or offer 2 models.
Sorry, I realize this post came off kind of negative. I totally agree that having a phone that plays games and does internet- stuff is handy, heck I read the news on the bus on the way to work on my krappy Sprint phone, but when everyone jumps on the bandwagon without any real thought to how the devices work, that's when the trouble starts. Kind of like how it's now accepted practice to "turn off anti-virus software when installing this program", what if that program installs a virus?....no one thinks about that. Being responsible and mindful of the stuff you run is important.
Plus, I'm just sick of simple devices being upgraded into uselessness. My cell phone occasionally crashes and I have to pop off the battery to reboot it....that just sucks, it's a cell-phone for christ sake, not a full-fledged operating system. They should some better embedded system programmers.
Yes, it's true you would have to worry about carrying around another gadget, but at least a gadget to play downloaded games from an untrusted source can't make phone calls that cost you money. It's called seperation of privilage, and if one device does everything all you have to get it one bad apple application and you're toast.
This is why Microsoft software can be exploited with such great success, becuase all the applications are tightly bound together, making it easy for an attacker to write an ActiveX contol on a web page that then talks to Outlook and harvests email addys, then goes over your SAM file and extracts your password hash for offline cracking, etc. Maybe better software sandboxing can fix this, but I want a phone with all the code in ROM or flashed in by the manufacturer, so it's a nice, controlled environment.
It's a trade-off between convenience and security. The more features you add, and the easier it is to use those features ("Download untrusted game content? OK!"), the more trouble you can get into. Some day when you have an electronic wallet will you play untrusted games on it, allowing it to send all your money instantly to some guy in Romania? It's a matter of putting all your eggs in one basket.
And yes, I can imagine a networked toaster than can download new images to burn on your toast via a matrix of grid elements (I've already seen this in the "Hardware Hacking Projects for Geeks" book, what if they commercialized it and you could download image files?), and what if you had an alarmclock that would wake you up earlier if there was bad traffic? Those are both strong possibilities; after all, 15 years ago who would have thought we'd have TiVO, all they could imagine would be feasible would be a VCR at that point.
As much of a technophile as I am, I'm starting to see a disturbing trend in technology...nifty new technology that's supposed to make your life more convenient (TiVO, VoIP, multi-function cell phones) almost always end up having problems, and end up creating a lot of stress and headache (although whether this negates the device's 'usefulness' is debatable, obviously). We've had telephones for quite a while now, same thing with cars, TV, etc, but all of a sudden there are troubleshooting prodecures for everything.
I don't want to live in a world where I have to download patches and updates for my phone, TV, cell phone, alarmclock, bathroom scale, toaster, fridge, etc, every other week, or worry about them charging me money or disclosing private information. Some things work just great already and don't need all sorts of crazy upgrading, networking, or convergence. If you had a portable game thingy (not connected to any network) to play 'Mosquitoes', you wouldn't have to worry about this!
Republicans are what we call "Virtucrats", who espouse the virtues of marriage (MUST be between a man and a woman) and other institutions (like constant sobriety, except from alcohol of course), and feel that their views need to be applied to everyone. Somehow two men or two women being married HURTS their marriages to their wives and makes it less meaningful, even though these actions have NO EFFECT on them. Allowing gays and lesbians to get married does not open the door to the dilution of marriage's meaning, although I would say that drive-through marriages in Vegas does, but you don't see them campaigning against that! Let people do what they want to do, and stop making decicions for them.
1) go up and accept your check
2) nod and smile alot
3) donate your check back to the charity
4) ???
5) Profit!!
Sorry, it's not even funny, but I had to.....bahaha!
This will give all budding CS majors (and lazy security geeks) a reason to hunt for bugs, other than being inquisitive.
Or scanning the crowd looking for someone they're meeting. What, exactly, about "darting eyes" indicates criminal or suspicious behavior?
Haven't you seen the Simpsons episode featuring Mel Gibson and and remake of "Mr. Smith Goes to Washington?" It's obvious the dog is to blame....dum dum DUM!
When I was about 11 I had a Nintendo controller called Max (had some slidey thing in place of the standard d-pad, easier to control) that stopped working after being hung by the cord across the freshly turned-on TV screen too many times. Lots of voltage + nice conducting controller cord + controller = bad.
So my Dad, being the EE guys he is, rummages around through some random bins of ICs in our basement, finds a replacement for this totally random chip, removes the old one and pops in the new one, and it still worked fine 7 or 8 years later.
Windows' EAL4 rating is based on a NON-HOSTILE Protection profile (also known as a Common Access Protection Profile (CAPP)), meaning that hardly any threats were listed on its' PP. A quote from this site says it all: So if you say "This system will never be hooked up to anything that could possibly be malicious", it is very easy to say "Yes, in this setting, Windows lives up to its' PP quite well!" and give it an EAL4. Pure crap.
This is absolutely correct; I bought a rev 2 (or whatever, around Feb '01) PS2 I've had to send in for official Sony repair TWICE since I bought it. For anyone who doesn't know, if your PS2 starts destroying games (as mine did twice, scratching the hell out of them with circular grooves), they'll not only repair your PS2 for free (regardless of warranty), but they'll send you a check for the full, original retail value of the games. Crappy hardware, but good customer service.
Why is Serpent better than Rinjadel? Hardware AES is fast enough to encrypt streaming HDTV (I think), and if you had a machine that could crack DES (yes, single DES) in like 1 minute it would take something like 100 trillion years to crack AES with that same machine.
A bear is ursine, not canine! =)