Given a "black box" implementation of a random number generator, is it possible to test its output sufficiently to gain some faith in its proper randomness?
The answer is an outright no.
The thing that crypto depends on isn't that a stream of random numbers appears to be random. It is that the next number is utterly unpredictable. No one, not even the person who generated it, will know what it will be. This means if it is used as a key to protected some data, no one can predict what that key will be.
One of ways every cryptographic cipher or hash is checked is to verify its output is indistinguishable from random data. If it isn't there is a weakness in the cipher or hash. So the output from any good cipher or hash will always appear to be completely random according to any test we can devise. But - the output is also completely predictable.
So all NSA need to do in their black box is start with a predictable key or salt (the time would be fine), push it through a cipher or hash and output something which by appears completely random. If the random number is used to as 128 bits AES key it will appear file to any test the user can generate. But say they use a 1us tick to generate the time, and the NSA knows to say within 10 minutes when the key was generated, then they will only have to brute force against 1 billion keys (in other words that 128 bit key only has 30 bits of entropy). This is trivial to do.
QED, the answer is emphatically no - there is no way to test if a black box is generating truly random numbers. Every black box must be treated as untrustworthy - which is exactly what BSD, Linux and I hope everybody else does.
5. On some of these kits (eg, the BionX), you can put the motor into reverse - ie it becomes a generator. So if you live in a flat area and want to simulate hills, you can do that too.
The entire article is rubbish. It's little more that a viral ad for CSO, at Adobe's expense.
Yes, they used 3DES. 3DES has a number of nice attributes. It's strong, and it's slow. And if the password is kept safe, it's equivalent to a hash - but an unknown one. Being unknown renders it immune to brute force attacks. Being immune to brute force attacks makes it as good as bcrypt, scrypt and PBKDF2, but without the speed penalty those incur.
The one weakness is that password leaking. I gather it hasn't, so far. Which means that the passwords are safer than an alternative they recommend - salted with SHA-2. In fact, if they were salted with a single round of SHA-2 most of the passwords would be brute forced by now.
Which means while Adobe has done a good job of keeping those passwords safe (well aside from the leak), the security advice offered by CSO in the article is just plain wrong. Which makes the/. writeup of the article wrong. It should say "In trying to teach Adobe to suck eggs, CSO proves they know nothing about password security."
Hear hear! A bit of background to the politics of this:
NFTables is brought to you by a group of codes created when Alexey Kuznetsov decided to replaced the low level linux network stack for Linux 2.2 to make it more like what Cisco provided in IOS. The result added whole pile of new functionality to Linux (eg routing rules), and a shiny new highly module traffic control engine. Alexey produced a beautifully written postscript documentation for the new user land routing tools (the "ip" command), and 100 line howto for the far more complex traffic control engine tools (the "tc" command).
Technically it was a was tour de force. But to end users it could at best be called a modest success. Alexey re-wrote the net-utils tools ("ifconfig", "route" and friends) to use the new system, and did such a good job very few bothered to learn the new "ip" command even though the documentation was good and it introduced a modest amount of new features. But real innovation was the traffic control engine, and to this day bugger all people know how to use it.
At this point it could have gone two ways. Someone could have brought tc's documentation up to the same standard Alexey provided for ip, or they could ignore the fact that almost no one used the code already written and add more of the same. They did the latter.
It was also at this time the network code wars started in the kernel. Not many people know that a modest amount of NAT, filtering and so on can be done by Alexey's new ip command. But rather than build on that Rusty Russell just ported the old ipfwadm infrastructure, called it ipchains (and later replaced it with iptables). There was some overlap between Rusty's work and tc, and this has grown over time. For example the tc U32 filter could do most of the packet tests ipchain's introduced over time on day 1. Technically the modular framework provided by tc was more powerful than ipchains, and inherently faster. Tc was however near impossible for mere mortals to use even if they had good documentation. There were some outside efforts to fix this - tcng was an excellent out-of-tree attempt to fix the complexity problems of tc. But in what seems like a recurring theme, it was out of tree and ignored. In contrast, Rusty provided ipchains with the some best documentation on the planet. In the real world the result of these two efforts are plain to see - while man + dog uses iptables, there maybe 100 people on the planet who can use tc.
Another example of the same thing is IMQ. IMQ lets you unleash the full power of the traffic control engine on incoming traffic. (Natively the traffic control engine only deals with packets being sent, not incoming packets - a limitation introduced for purely philosophical reasons). IMQ was very well documented, and heavily used. The people who brought you tc had a list of technical objections to IMQ. I don't know whether they were real or just a case of Not Invented Here, but I'd give them the benefit of the doubt - they are pretty bright guys. So they replaced it with their own in-kernel-tree concoction. (For those of you who don't follow the kernel "in-tree" means it comes with the Linux Kernel. An out-of-tree module like IMQ means at the very least you have to compile the module source, and possibly the entire kernel.) For a while this discouraged the developers of IMQ so much they stopped working on it. If you follow that link, you will see it's back now. Why? Because the thing that replaced it had absolutely no documentation. They never do. So no one could use the replacement. Again, in the end, the thing code that was documented won the day.
By now you might be guess where this is heading. We have two groups in the kernel competing to provide the
If the comments here are right, it wasn't the technologies Silk Road is based on that caused the issue, it was that he used dumb things like gmail addresses and mailing fake documents to his physical address. So the underlying technology stands firm, and it is now well know the he made millions from it.
There are two ways you can remove a weed. One way is to carefully dig it up, roots and all, and put it in the incinerator. The second way is to wait into it had flowers, then hit it with a weed wacker; spreading it seeds far and wide. This looks like the latter.
If I didn't know better I say someone in the Department of Justice is trying to set themselves up for a job for life. But I do know better. They aren't that smart.
They loose 20% of their capacity - when they are fully charged or fully discharged. Quoting Wikipedia:
Loss rates vary by temperature: 6% loss at 0 C (32 F), 20% at 25 C (77 F), and 35% at 40 C (104 F). When stored at 40%–60% charge level, the capacity loss is reduced to 2%, 4%, and 15%, respectively.
And yes, that is real. On reading that 5 years ago I decided to store my laptop's battery in the backpack, at 50% charge, unless I planned to use it. It still has 2/3's of charge today.
All that aside, again quoting Wikipedia on the ESS - the Tesla's battery system:
The ESS is expected to retain 70% capacity after 5 years and 50,000 miles (80,000 km) of driving (10,000 miles (16,000 km) driven each year). However, a July 2013 study found that even after 100,000 miles, Roadster batteries still have 80%-85% capacity and the only significant factor is mileage (not temperature)
As it happens, 80%-85% after 100,000 means 80%-85% after 500 cycles, which just happens to fit the characteristics of a LiMn battery. So there is nothing remarkable about the Telsa's performance. It's just today's battery technology done right. Granted, given it is almost always done wrong, this is a major achievement.
Quite true. The Minister for Industry is in charge of Science, and in particular the CSIRO. Which is how we end up with the minister in charge of CSIRO having no mention of educational attainments on his Wikipedia Page (does he have any?), and is climate skeptic.
I don't know what lots translates to in the US, but here in Australian it translates to a ballot paper 1.0 meter wide. The polling booths are 0.6ms wide, so you can lay the thing flat. The number of candidates exceeded our printing technology (or maybe the ballot paper had to fit into the ballot box - I don't know), but its put a maximum size on the ballot paper. The only option to fit every candidate on was to reduce the point size of the print. The had to reduce it to 6 point to make it fit.
Humans can't read 6 point. So the had to issue magnifying glasses so we could read the damned things.
Still, that isn't the problem. We have two more complications. We have preferential voting. This means you have to number every box from 1 to the number of candidates. It works wonderfully well the number of candidates is sane - far better than the US system of first past the post.
Only in the senate the number of candidates isn't sane. It is literally near impossible to mark 100 candidates without duplication or missing a number. To have a hope you have to spend ages double checking and triple checking, and if you make a mistake you can't correct it. Corrections on a ballot paper invalid it. You have to ask for a new ballot sheet and start again, and pray you don't make a different bloody mistake.
Are you getting the idea now? It is clear it is near impossible for a human to make a valid full senate vote? Good. Because what happens next leads us to the current situation, where a man who had a video of him & his mates flinging kangaroo poo at each other up on YouTube during the election got elected to the current Australian federal senate.
Because it is impossible to fill in, they had to simplify it. What they did seems fair enough. They introduced "above the line" voting. To vote above the line you effectively delegate your vote a 1 party. In other words you mark one box. The party has submitted a full senate vote to the Electoral Commission earlier, and that is used as your full preferential senate vote. You can still do a full preferential vote by filling in every square below the line, but you would have to be completely anal.
So, think about it. How do you game this system? If you are a big party it isn't easy, but if you aren't so tied down by ethics you create lots of little parties with confusingly similar names. The Electoral Commission helpfully colludes with you by randomising those names on the ballot sheet. So the voter is confronted to 20 to 30 names of parties most of which he has never heard of before, on a piece of paper so wide he can't lay it flat in the ballot box so he can read them in a single pass. Naturally lots of mistakes are made. The preferential system means if a small party doesn't get in, their votes (which remember they control now) flow to another party of their choice. It doesn't take much imagination to how they might make their choices.
There is one final twist. For the senate, you aren't electing 1 person. You are electing 6. The 1st 5 winners have almost certainly gobbled up more than 90% of the votes, so the last one is determined by tiny fraction.
The really sad part of all of this is while the extra complexity of preferential voting is more than worth it when electing one candidate, it is a complete waste of time when electing 6.
Anyway, don't lecture us Aussie's on how to completely fuck up a voting system. We have all of you beat by a large margin.
Yes, he is evidently a man of some character. It seems he enjoys dropping other peoples pants, hitting them with sticks, and spitting on the camera man. And he did have clip up on YouTube of him partaking in root poo fight.
But look on the bright side. Given the state Australian politics over the past 3 years this might be a plus. Surely he was just planning ahead, and picking up survival skills.
I wonder what his position is on the how VDSL vectoring will effect competition in the broadband wholesale market?
Thanks, this finally explains how SSL interception proxies are able to intercept my traffic at sites I work at.
No, I didn't explain that. But since you are so nice about it I will. When the corporation owns the hardware they can install anything they want. What they install is a self signed certificate with the signing bit set into the browser, and they tell the browser this cert is a CA. There are so many CA's there days you would have to be an actuary to spot it in the list. When your browser contacts https://www.host.com/ you automagically get a cert authorised by that self signed cert.
In the end you trust whoever firefox or whatever trusts says you should trust as CA's. That normally works. Except when someone else installs Firefox. Then you trust whoever they say you should trust, because they can edit the CA list Firefox / Chrome / whatever has.
Actually, all they need is the CA to sign a cert with the "allowed to sign" bit set. Then they can MITM anyone. Given TrustWave sold one of these to a company not so long ago, I doubt it would be hard to find a CA willing to pony up. Given some CA's in the world are government owned organisations, this has almost certainly happened somewhere already.
As others have said, what keeps the current PKI system working isn't the inherent trustworthiness CA's (they aren't trustworthy), or because NSA has scruples (it doesn't). Its the fact that in time they will almost be certainly found out.
Where I live at least, in Australia, I am not sure what proportion of SSL connections are already MITM'ed. But it would have to be above 10%. All schools do it, many government offices do it, many businesses do it.
The thing all these organisations have in common is they own the computers they are compromising. The corollary is if you care about your privacy, you need to use only hardware you control. But this has been known for years. What this story makes plain is you must also use software "you control", otherwise NSA and others will backdoor it just as eagerly as they have done with the hardware. You can't absolutely control all software you use of course, but open source is a good proxy.
We are absolute, miserable failures at buying software.
True, but give some bureaucracies credit - they are at least trying to work around that problem. The NSW police for example have trialled stealing it instead of buying it.
Suffolk County Criminal Intelligence Detectives received a tip from a Bay Shore based computer company regarding suspicious computer searches conducted by a recently released employee. The former employee’s computer searches took place on this employee’s workplace computer. On that computer, the employee searched the terms “pressure cooker bombs” and “backpacks.”
I actually agree with almost everything Drew wrote with the exception of his GC statements
I'm courious. Drew said two things about GC:
- It's slower than manual memory allocation in memory constrained environments.
- It's faster than manual memory allocation where there 5x or more of actual memory usage.
He didn't say GC always introduces huge latencies, probably because given an incremental GC and enough memory it doesn't. So which of the two assertions are you disagreeing with?
Or to put is another way, going by Drew's data if EA had lots of memory for whatever they were putting in the GC heap and their primary consideration was speed, they would have been far better off using GC.
The biggest weakness in Drew's argument that GC is and will remain dominant cause is IMHO the assumption that a phone will always be memory constrained. We have 2G phones now. 4G can't be far away. You can hardly call 4G "memory constrained". If mobile slowness were just caused by GC, my guess is at 4G most apps will have far more than 5x their memory requirements, so GC should actually help. I'm also guessing mobile will remain slow. The trifecta that ensures this is:
- JavaScript is and will always remain a slow language, for the reasons Drew says.
- CPU speed on mobile will remain slow, again for the reasons he says, and
- The one thing area of improvement we are seeing in mobile, the growing in the number of cores, doesn't help JavaScript can't use because it's single threaded.
DRM cannot be open-source, for an obvious reason: If it were, you could just comment out the 'don't copy' line and recompile.
You are suffering from a delusion - you believe DRM works. Yet we all know perfect DRM is an impossibility. If it wasn't obvious 10 years ago, surely after 10 years of watching every deployed DRM scheme being cracked it must be obvious to blind Freddie now. All those cracked DRM schemes were closed source.
Publishing the DRM scheme as open source rather than closed source will, at best, delay the crack by a year or so. And what practicle difference will that make? None. They live and survive with piracy now. Yes, you can recompile FireFox, but 99% of the world's population can't. You might say that isn't an issue - they just download a "cracked" version of firefox from someone other than Mozilla. But you know what, they can just download cracked version of IE too. But most people don't because it comes with risks - as in you will be using that same browser to do your banking. So most people stay honest.
And that's the best they can ever hope to achieve - keeping the honest people honest. We now know that's good enough - because that's all they have now with Silverlight.
I'm not sure I understand what the fuss is all about. Our nice little series of tubes is not going to be diminished if "the movie studios remove movies from the web" in any significant way
For most here the fuss isn't about what the movie studios want - everybody knows they are self interested control freaks who don't have a clue how the internet, markets or piracy work. The fuss about the W3C. They seem to have lost the plot.
The W3C's job is to standardise the web, so web content can be viewed on any platform, any OS, any device and looks much the same. So if the W3C comes up with a DRM scheme, we all expect it to run on everything. This probably means the only DRM "blessed" by the W3C would be software only, which I am sure the moguls would hate. But the W3C wasn't created to brown nose media moguls, it's an engineering organisation whose mission is to come up with standards that will work everywhere. Yet here they proposing something that won't work everywhere and is exactly what the media moguls want. WTF?
I should stop there, but I won't. The really annoying part about this wouldn't be that hard to come up DRM that is good enough, and yet still appease the arse holes. The arse holes want DRM that encrypts the complete path so it can't be cracked, and pure software DRM can always be cracked. The only minor nit with the request is it is an impossible ask. All DRM can be cracked by definition. Why they still demand the impossible after every fucking DRM scheme deployed by them in the last decade has been cracked is utterly beyond me. Watching an engineering organisation like the W3C pander to such fantasies makes me ashamed of my profession.
The W3C could come up with a single standardised software only DRM that worked on every device, and add a few knobs for the twits who insist that making it impossible for some potential customers to view their product is a good idea. Yes, that software only DRM will be cracked, just like every other DRM scheme. But we know it is good enough because that is what they have now with Flash and Silverlight. So everyone would be happy. The world can get along with modest DRM that keeps the honest people from temptation, the W3C can stick to their remit, and the twits can send themselves broke by trying to defy physics. And as you say, no one gives a shit about the twits.
All these development models are designed to deliver code to a customer. There is a beginning and an end. Waterfall, Agile, whatever - they all assume this. They just disagree about how you take the journey.
It's true there is a beginning. But for the developer there is no end. He is never thinking about the end, because the end is when the code dies. If it dies, he has failed. Thus he doesn't plan for it, instead he actively plans for avoiding it.
Software isn't a deliverable product. It doesn't wear, and if it constantly evolves it will never die. In that way it's like a living organism. Occasionally it sheds copies that are delivered to the customer, but for the developer that isn't a singularly important event. Instead the developer is constantly thinking about about where he wants to be in 10 minutes, in 10 hours, in 10 days, in 10 months and 10 years, fully aware that if he gets any of those decision badly wrong the organism in his care might go extinct.
Thus any development process, like Agile or Waterfall, that plans for a definitive end point will never be satisfying solution. They are all based on a fiction - software should be treated like a toothbrush, something you deliver to the customer and forget. In their hearts, all developers hope that isn't true, for their code anyway.
It is, yes, but with e.g. Flash or Silverlight you get a large, fat binary,
You have listed some of their disadvantages. How about listing their advantages as well:
These large blobs run on just about all hardware. They could even run on Android. Granted not iOS, but that is a commercial decision on Apple's part, not a technical one.
These large blobs implement the DRM entirely in software, which means technically the can run on anything.
The fact hat Netflix, Youtube and whatever are happy with these blobs means, despite their claims if they don't get this they will withdraw all content, the reality is they were prepared to use a slightly weaker form of DRM if that was all they were given.
If the W3C's proposed DRM scheme insisted that there be one standardised software only DRM implementation that existed in every browser, then I would be happy enough. In the case that W3C would be behaving like a standards body and ensuring there was a single standard that could be run by everything.
In this case they are doing the reverse. The current proposal will break the one thing that makes the web useful. It is a truly universal platform, meaning any content can be view anywhere. From that point of view it is actually worse than what we have now with proprietary plugins.
Technology wise, we have been at the point these the Glass haters are so concerned about for a few years now. We are recorded all the time, everywhere. Worried about being recorded when you go down the street - already happens. Worried about being recorded in a shopping mall - already happens. Worried about being record in a club - not only does that happen, where I live they also demand a photo of your ID card as well. Worried about your car's licence plate being tracked via digital number plate recognition - already happens. Worried your purchases being tracked and sold off for marketing companies - already happens. Worried about your photo being surreptitiously taken while using an ATM - already happens. Worried about a video being taken of you as you scan all the sanitary items at the self checkout - already happens. Worried about a marketing company getting hold of a copy of most of the worlds emails and mining them for personal data they can sell off - already happens.
For some reason, although there is nothing unique or special about Google Glass, the 99% of the world who apparently think today will be the same as yesterday have woken up to the fact that 2013 will be nothing like 2003. And they are focusing their rage at Google Glass.
It's all over my friends. Much privacy we used to have is history. All that remains is for you to get used to the fact. If you don't like it, well you are far too late to the party to do anything about it. It's not like haven't been told over and over again this was going to happen. Most notably when Scott McNealy said, "You have zero privacy anyway. Get over it.". In a classic case of shooting the messenger, McNealy was roundly criticised for that remark.
Dany Adams: It's interesting, in humans if you were six years old and you cut the tip of your finger off it would grow back, as long as the doctors do not do the normal thing, which is to pull some skin and cover the wound to prevent infection, which is a very good thing to do, but if you don't do that and you allow it to stay open, it will in fact regenerate if you are six years old.
For those of you who don't know, asm.js is a subset of JavaScript that's meant to be easy to compile. In other words if you use asm.js the code your will work in all browsers, but should run faster in some. In that FAQ they say their compiled asm.js runs at about 1/2 the speed of C, making it roughly twice as fast as JavaScript V8.
Which is wonderful, except that JavaScirpt is a prick of a language, and so I'd imagine that asm.js is a tedious, prick of a language. But Dart compiled to asm.js - sounds like a marriage made in heaven.
Well that, and if you are measuring the health of an open source project the number of downloads is meaningless. The only thing that matters is the rate of change of the code base. LO has more developers, they are doing more work, and the gap is only growing larger.
In the end, the users will follow the developers. They don't have much choice really.
The point wasn't that government has no business blocking that site, or that there wasn't a good reason to do so, or that the web site didn't deserve to be blocked.
The point is that we are a democracy, so when our government censors something like this it must be done in a transparent and open way. What happened is that suddenly a IP address disappeared. When the ISP's were asked why it disappeared they said they were gagged. When the government departments were asked each only volunteered it had nothing to do with them. It is very unlikely all of them didn't know, they were just not saying. And now we know who ordered it to be blocked, we still don't know the specifics.
It's not just that it's a bad way to run a democracy. It's a bad way to run things in general. A whole pile of legit web sites were blocked. They weren't notified. When they noticed they didn't know why, and thus could not take steps to fix them problem. And once it was fixed they had no way of getting the block removed. This is just plain dumb. The person who thought it was a good way to do things needs to be dragged over the coals.
Your statement does not back what I have read here in the US,
If what you have written here bears any resemblance to what your what your friends write in the US, you are bunch of conspiracy theorists inventing rubbish and feeding off it.
However, onto your actual claims. Regarding storage - you must have an approved gun safe. Personally, I think the law is too weak. Most of out gun crime is now committed by guns stolen from domestic gun safes. A wooden cupboard with a padlock on it is nowhere near good enough. It needs to be a real safe, bolted to the floor and lined with concrete. They aren't expensive.
Regarding ammo - you go the local hardware store and buy it. About the only restriction is you need to produce you gun licence. It must be stored securely, of course.
As for storing the things safely making them useless - you must use guns differently to how we use them in Australia. Here we take them out of storage before firing them.
The most onerous part of Australia law is being registered to own a gun. It is not hard to get registered and you certainly do not need a reason - "I want to" is good enough. There is no limit to the number of guns you can own (I know people who have 30 of them), but you do have to display a minimum competence in gun handling, you do have to prove you have safe and secure storage for it, and you do have to keep your registration up to date. It's less effort than getting a car drivers licence, and far less effort then getting a ham radio licence.
But it does involve some ongoing effort. And that is the point. That is enough to stop people who have no interest in guns whatsoever from keeping one in the draw, just waiting to be misused. For people who a genuine interest in guns like yourself the law isn't a barrier to owning a whole armory, and isn't meant to be.
as soon as they lost their ability to fight (gave up the guns)
As an Australian who has played with guns recently, that's factually inaccurate. Almost all Australian adults can own a gun if they wish to. In fact many of us own entire rooms full of them. The only exceptions are the same as everywhere else - the mentally ill, felons and so on. We are perhaps a little more restricted in the types of gun we can own - you need to have a professional reason to own concealable weapons and automatics.
Slashdot Mirror
The answer is an outright no.
The thing that crypto depends on isn't that a stream of random numbers appears to be random. It is that the next number is utterly unpredictable. No one, not even the person who generated it, will know what it will be. This means if it is used as a key to protected some data, no one can predict what that key will be.
One of ways every cryptographic cipher or hash is checked is to verify its output is indistinguishable from random data. If it isn't there is a weakness in the cipher or hash. So the output from any good cipher or hash will always appear to be completely random according to any test we can devise. But - the output is also completely predictable.
So all NSA need to do in their black box is start with a predictable key or salt (the time would be fine), push it through a cipher or hash and output something which by appears completely random. If the random number is used to as 128 bits AES key it will appear file to any test the user can generate. But say they use a 1us tick to generate the time, and the NSA knows to say within 10 minutes when the key was generated, then they will only have to brute force against 1 billion keys (in other words that 128 bit key only has 30 bits of entropy). This is trivial to do.
QED, the answer is emphatically no - there is no way to test if a black box is generating truly random numbers. Every black box must be treated as untrustworthy - which is exactly what BSD, Linux and I hope everybody else does.
5. On some of these kits (eg, the BionX), you can put the motor into reverse - ie it becomes a generator. So if you live in a flat area and want to simulate hills, you can do that too.
The entire article is rubbish. It's little more that a viral ad for CSO, at Adobe's expense.
Yes, they used 3DES. 3DES has a number of nice attributes. It's strong, and it's slow. And if the password is kept safe, it's equivalent to a hash - but an unknown one. Being unknown renders it immune to brute force attacks. Being immune to brute force attacks makes it as good as bcrypt, scrypt and PBKDF2, but without the speed penalty those incur.
The one weakness is that password leaking. I gather it hasn't, so far. Which means that the passwords are safer than an alternative they recommend - salted with SHA-2. In fact, if they were salted with a single round of SHA-2 most of the passwords would be brute forced by now.
Which means while Adobe has done a good job of keeping those passwords safe (well aside from the leak), the security advice offered by CSO in the article is just plain wrong. Which makes the /. writeup of the article wrong. It should say "In trying to teach Adobe to suck eggs, CSO proves they know nothing about password security."
Hear hear! A bit of background to the politics of this:
NFTables is brought to you by a group of codes created when Alexey Kuznetsov decided to replaced the low level linux network stack for Linux 2.2 to make it more like what Cisco provided in IOS. The result added whole pile of new functionality to Linux (eg routing rules), and a shiny new highly module traffic control engine. Alexey produced a beautifully written postscript documentation for the new user land routing tools (the "ip" command), and 100 line howto for the far more complex traffic control engine tools (the "tc" command).
Technically it was a was tour de force. But to end users it could at best be called a modest success. Alexey re-wrote the net-utils tools ("ifconfig", "route" and friends) to use the new system, and did such a good job very few bothered to learn the new "ip" command even though the documentation was good and it introduced a modest amount of new features. But real innovation was the traffic control engine, and to this day bugger all people know how to use it.
At this point it could have gone two ways. Someone could have brought tc's documentation up to the same standard Alexey provided for ip, or they could ignore the fact that almost no one used the code already written and add more of the same. They did the latter.
It was also at this time the network code wars started in the kernel. Not many people know that a modest amount of NAT, filtering and so on can be done by Alexey's new ip command. But rather than build on that Rusty Russell just ported the old ipfwadm infrastructure, called it ipchains (and later replaced it with iptables). There was some overlap between Rusty's work and tc, and this has grown over time. For example the tc U32 filter could do most of the packet tests ipchain's introduced over time on day 1. Technically the modular framework provided by tc was more powerful than ipchains, and inherently faster. Tc was however near impossible for mere mortals to use even if they had good documentation. There were some outside efforts to fix this - tcng was an excellent out-of-tree attempt to fix the complexity problems of tc. But in what seems like a recurring theme, it was out of tree and ignored. In contrast, Rusty provided ipchains with the some best documentation on the planet. In the real world the result of these two efforts are plain to see - while man + dog uses iptables, there maybe 100 people on the planet who can use tc.
Another example of the same thing is IMQ. IMQ lets you unleash the full power of the traffic control engine on incoming traffic. (Natively the traffic control engine only deals with packets being sent, not incoming packets - a limitation introduced for purely philosophical reasons). IMQ was very well documented, and heavily used. The people who brought you tc had a list of technical objections to IMQ. I don't know whether they were real or just a case of Not Invented Here, but I'd give them the benefit of the doubt - they are pretty bright guys. So they replaced it with their own in-kernel-tree concoction. (For those of you who don't follow the kernel "in-tree" means it comes with the Linux Kernel. An out-of-tree module like IMQ means at the very least you have to compile the module source, and possibly the entire kernel.) For a while this discouraged the developers of IMQ so much they stopped working on it. If you follow that link, you will see it's back now. Why? Because the thing that replaced it had absolutely no documentation. They never do. So no one could use the replacement. Again, in the end, the thing code that was documented won the day.
By now you might be guess where this is heading. We have two groups in the kernel competing to provide the
If the comments here are right, it wasn't the technologies Silk Road is based on that caused the issue, it was that he used dumb things like gmail addresses and mailing fake documents to his physical address. So the underlying technology stands firm, and it is now well know the he made millions from it.
There are two ways you can remove a weed. One way is to carefully dig it up, roots and all, and put it in the incinerator. The second way is to wait into it had flowers, then hit it with a weed wacker; spreading it seeds far and wide. This looks like the latter.
If I didn't know better I say someone in the Department of Justice is trying to set themselves up for a job for life. But I do know better. They aren't that smart.
They loose 20% of their capacity - when they are fully charged or fully discharged. Quoting Wikipedia:
And yes, that is real. On reading that 5 years ago I decided to store my laptop's battery in the backpack, at 50% charge, unless I planned to use it. It still has 2/3's of charge today.
All that aside, again quoting Wikipedia on the ESS - the Tesla's battery system:
As it happens, 80%-85% after 100,000 means 80%-85% after 500 cycles, which just happens to fit the characteristics of a LiMn battery. So there is nothing remarkable about the Telsa's performance. It's just today's battery technology done right. Granted, given it is almost always done wrong, this is a major achievement.
Quite true. The Minister for Industry is in charge of Science, and in particular the CSIRO. Which is how we end up with the minister in charge of CSIRO having no mention of educational attainments on his Wikipedia Page (does he have any?), and is climate skeptic.
I don't know what lots translates to in the US, but here in Australian it translates to a ballot paper 1.0 meter wide. The polling booths are 0.6ms wide, so you can lay the thing flat. The number of candidates exceeded our printing technology (or maybe the ballot paper had to fit into the ballot box - I don't know), but its put a maximum size on the ballot paper. The only option to fit every candidate on was to reduce the point size of the print. The had to reduce it to 6 point to make it fit.
Humans can't read 6 point. So the had to issue magnifying glasses so we could read the damned things.
Still, that isn't the problem. We have two more complications. We have preferential voting. This means you have to number every box from 1 to the number of candidates. It works wonderfully well the number of candidates is sane - far better than the US system of first past the post.
Only in the senate the number of candidates isn't sane. It is literally near impossible to mark 100 candidates without duplication or missing a number. To have a hope you have to spend ages double checking and triple checking, and if you make a mistake you can't correct it. Corrections on a ballot paper invalid it. You have to ask for a new ballot sheet and start again, and pray you don't make a different bloody mistake.
Are you getting the idea now? It is clear it is near impossible for a human to make a valid full senate vote? Good. Because what happens next leads us to the current situation, where a man who had a video of him & his mates flinging kangaroo poo at each other up on YouTube during the election got elected to the current Australian federal senate.
Because it is impossible to fill in, they had to simplify it. What they did seems fair enough. They introduced "above the line" voting. To vote above the line you effectively delegate your vote a 1 party. In other words you mark one box. The party has submitted a full senate vote to the Electoral Commission earlier, and that is used as your full preferential senate vote. You can still do a full preferential vote by filling in every square below the line, but you would have to be completely anal.
So, think about it. How do you game this system? If you are a big party it isn't easy, but if you aren't so tied down by ethics you create lots of little parties with confusingly similar names. The Electoral Commission helpfully colludes with you by randomising those names on the ballot sheet. So the voter is confronted to 20 to 30 names of parties most of which he has never heard of before, on a piece of paper so wide he can't lay it flat in the ballot box so he can read them in a single pass. Naturally lots of mistakes are made. The preferential system means if a small party doesn't get in, their votes (which remember they control now) flow to another party of their choice. It doesn't take much imagination to how they might make their choices.
There is one final twist. For the senate, you aren't electing 1 person. You are electing 6. The 1st 5 winners have almost certainly gobbled up more than 90% of the votes, so the last one is determined by tiny fraction.
The really sad part of all of this is while the extra complexity of preferential voting is more than worth it when electing one candidate, it is a complete waste of time when electing 6.
Anyway, don't lecture us Aussie's on how to completely fuck up a voting system. We have all of you beat by a large margin.
Yes, he is evidently a man of some character. It seems he enjoys dropping other peoples pants, hitting them with sticks, and spitting on the camera man. And he did have clip up on YouTube of him partaking in root poo fight.
But look on the bright side. Given the state Australian politics over the past 3 years this might be a plus. Surely he was just planning ahead, and picking up survival skills.
I wonder what his position is on the how VDSL vectoring will effect competition in the broadband wholesale market?
No, I didn't explain that. But since you are so nice about it I will. When the corporation owns the hardware they can install anything they want. What they install is a self signed certificate with the signing bit set into the browser, and they tell the browser this cert is a CA. There are so many CA's there days you would have to be an actuary to spot it in the list. When your browser contacts https://www.host.com/ you automagically get a cert authorised by that self signed cert.
In the end you trust whoever firefox or whatever trusts says you should trust as CA's. That normally works. Except when someone else installs Firefox. Then you trust whoever they say you should trust, because they can edit the CA list Firefox / Chrome / whatever has.
Actually, all they need is the CA to sign a cert with the "allowed to sign" bit set. Then they can MITM anyone. Given TrustWave sold one of these to a company not so long ago, I doubt it would be hard to find a CA willing to pony up. Given some CA's in the world are government owned organisations, this has almost certainly happened somewhere already.
As others have said, what keeps the current PKI system working isn't the inherent trustworthiness CA's (they aren't trustworthy), or because NSA has scruples (it doesn't). Its the fact that in time they will almost be certainly found out.
Where I live at least, in Australia, I am not sure what proportion of SSL connections are already MITM'ed. But it would have to be above 10%. All schools do it, many government offices do it, many businesses do it.
The thing all these organisations have in common is they own the computers they are compromising. The corollary is if you care about your privacy, you need to use only hardware you control. But this has been known for years. What this story makes plain is you must also use software "you control", otherwise NSA and others will backdoor it just as eagerly as they have done with the hardware. You can't absolutely control all software you use of course, but open source is a good proxy.
True, but give some bureaucracies credit - they are at least trying to work around that problem. The NSW police for example have trialled stealing it instead of buying it.
From http://techcrunch.com/2013/08/01/employer-tipped-off-police-in-pressure-cookerbackpack-gate-not-google/:
I'm courious. Drew said two things about GC:
He didn't say GC always introduces huge latencies, probably because given an incremental GC and enough memory it doesn't. So which of the two assertions are you disagreeing with?
Or to put is another way, going by Drew's data if EA had lots of memory for whatever they were putting in the GC heap and their primary consideration was speed, they would have been far better off using GC.
The biggest weakness in Drew's argument that GC is and will remain dominant cause is IMHO the assumption that a phone will always be memory constrained. We have 2G phones now. 4G can't be far away. You can hardly call 4G "memory constrained". If mobile slowness were just caused by GC, my guess is at 4G most apps will have far more than 5x their memory requirements, so GC should actually help. I'm also guessing mobile will remain slow. The trifecta that ensures this is:
You are suffering from a delusion - you believe DRM works. Yet we all know perfect DRM is an impossibility. If it wasn't obvious 10 years ago, surely after 10 years of watching every deployed DRM scheme being cracked it must be obvious to blind Freddie now. All those cracked DRM schemes were closed source.
Publishing the DRM scheme as open source rather than closed source will, at best, delay the crack by a year or so. And what practicle difference will that make? None. They live and survive with piracy now. Yes, you can recompile FireFox, but 99% of the world's population can't. You might say that isn't an issue - they just download a "cracked" version of firefox from someone other than Mozilla. But you know what, they can just download cracked version of IE too. But most people don't because it comes with risks - as in you will be using that same browser to do your banking. So most people stay honest.
And that's the best they can ever hope to achieve - keeping the honest people honest. We now know that's good enough - because that's all they have now with Silverlight.
For most here the fuss isn't about what the movie studios want - everybody knows they are self interested control freaks who don't have a clue how the internet, markets or piracy work. The fuss about the W3C. They seem to have lost the plot.
The W3C's job is to standardise the web, so web content can be viewed on any platform, any OS, any device and looks much the same. So if the W3C comes up with a DRM scheme, we all expect it to run on everything. This probably means the only DRM "blessed" by the W3C would be software only, which I am sure the moguls would hate. But the W3C wasn't created to brown nose media moguls, it's an engineering organisation whose mission is to come up with standards that will work everywhere. Yet here they proposing something that won't work everywhere and is exactly what the media moguls want. WTF?
I should stop there, but I won't. The really annoying part about this wouldn't be that hard to come up DRM that is good enough, and yet still appease the arse holes. The arse holes want DRM that encrypts the complete path so it can't be cracked, and pure software DRM can always be cracked. The only minor nit with the request is it is an impossible ask. All DRM can be cracked by definition. Why they still demand the impossible after every fucking DRM scheme deployed by them in the last decade has been cracked is utterly beyond me. Watching an engineering organisation like the W3C pander to such fantasies makes me ashamed of my profession.
The W3C could come up with a single standardised software only DRM that worked on every device, and add a few knobs for the twits who insist that making it impossible for some potential customers to view their product is a good idea. Yes, that software only DRM will be cracked, just like every other DRM scheme. But we know it is good enough because that is what they have now with Flash and Silverlight. So everyone would be happy. The world can get along with modest DRM that keeps the honest people from temptation, the W3C can stick to their remit, and the twits can send themselves broke by trying to defy physics. And as you say, no one gives a shit about the twits.
All these development models are designed to deliver code to a customer. There is a beginning and an end. Waterfall, Agile, whatever - they all assume this. They just disagree about how you take the journey.
It's true there is a beginning. But for the developer there is no end. He is never thinking about the end, because the end is when the code dies. If it dies, he has failed. Thus he doesn't plan for it, instead he actively plans for avoiding it.
Software isn't a deliverable product. It doesn't wear, and if it constantly evolves it will never die. In that way it's like a living organism. Occasionally it sheds copies that are delivered to the customer, but for the developer that isn't a singularly important event. Instead the developer is constantly thinking about about where he wants to be in 10 minutes, in 10 hours, in 10 days, in 10 months and 10 years, fully aware that if he gets any of those decision badly wrong the organism in his care might go extinct.
Thus any development process, like Agile or Waterfall, that plans for a definitive end point will never be satisfying solution. They are all based on a fiction - software should be treated like a toothbrush, something you deliver to the customer and forget. In their hearts, all developers hope that isn't true, for their code anyway.
You have listed some of their disadvantages. How about listing their advantages as well:
If the W3C's proposed DRM scheme insisted that there be one standardised software only DRM implementation that existed in every browser, then I would be happy enough. In the case that W3C would be behaving like a standards body and ensuring there was a single standard that could be run by everything.
In this case they are doing the reverse. The current proposal will break the one thing that makes the web useful. It is a truly universal platform, meaning any content can be view anywhere. From that point of view it is actually worse than what we have now with proprietary plugins.
Yep, I think you have nailed it.
Technology wise, we have been at the point these the Glass haters are so concerned about for a few years now. We are recorded all the time, everywhere. Worried about being recorded when you go down the street - already happens. Worried about being recorded in a shopping mall - already happens. Worried about being record in a club - not only does that happen, where I live they also demand a photo of your ID card as well. Worried about your car's licence plate being tracked via digital number plate recognition - already happens. Worried your purchases being tracked and sold off for marketing companies - already happens. Worried about your photo being surreptitiously taken while using an ATM - already happens. Worried about a video being taken of you as you scan all the sanitary items at the self checkout - already happens. Worried about a marketing company getting hold of a copy of most of the worlds emails and mining them for personal data they can sell off - already happens.
For some reason, although there is nothing unique or special about Google Glass, the 99% of the world who apparently think today will be the same as yesterday have woken up to the fact that 2013 will be nothing like 2003. And they are focusing their rage at Google Glass.
It's all over my friends. Much privacy we used to have is history. All that remains is for you to get used to the fact. If you don't like it, well you are far too late to the party to do anything about it. It's not like haven't been told over and over again this was going to happen. Most notably when Scott McNealy said, "You have zero privacy anyway. Get over it.". In a classic case of shooting the messenger, McNealy was roundly criticised for that remark.
No.
But if you are under the age of 6, not wrapping a finger in a bandage means it will probably grow back. From www.abc.net.au/radionational/programs/scienceshow/4632692 (click on Transcript):
For those of you who don't know, asm.js is a subset of JavaScript that's meant to be easy to compile. In other words if you use asm.js the code your will work in all browsers, but should run faster in some. In that FAQ they say their compiled asm.js runs at about 1/2 the speed of C, making it roughly twice as fast as JavaScript V8.
Which is wonderful, except that JavaScirpt is a prick of a language, and so I'd imagine that asm.js is a tedious, prick of a language. But Dart compiled to asm.js - sounds like a marriage made in heaven.
Well that, and if you are measuring the health of an open source project the number of downloads is meaningless. The only thing that matters is the rate of change of the code base. LO has more developers, they are doing more work, and the gap is only growing larger.
In the end, the users will follow the developers. They don't have much choice really.
You sir, miss the point.
The point wasn't that government has no business blocking that site, or that there wasn't a good reason to do so, or that the web site didn't deserve to be blocked.
The point is that we are a democracy, so when our government censors something like this it must be done in a transparent and open way. What happened is that suddenly a IP address disappeared. When the ISP's were asked why it disappeared they said they were gagged. When the government departments were asked each only volunteered it had nothing to do with them. It is very unlikely all of them didn't know, they were just not saying. And now we know who ordered it to be blocked, we still don't know the specifics.
It's not just that it's a bad way to run a democracy. It's a bad way to run things in general. A whole pile of legit web sites were blocked. They weren't notified. When they noticed they didn't know why, and thus could not take steps to fix them problem. And once it was fixed they had no way of getting the block removed. This is just plain dumb. The person who thought it was a good way to do things needs to be dragged over the coals.
If what you have written here bears any resemblance to what your what your friends write in the US, you are bunch of conspiracy theorists inventing rubbish and feeding off it.
However, onto your actual claims. Regarding storage - you must have an approved gun safe. Personally, I think the law is too weak. Most of out gun crime is now committed by guns stolen from domestic gun safes. A wooden cupboard with a padlock on it is nowhere near good enough. It needs to be a real safe, bolted to the floor and lined with concrete. They aren't expensive.
Regarding ammo - you go the local hardware store and buy it. About the only restriction is you need to produce you gun licence. It must be stored securely, of course.
As for storing the things safely making them useless - you must use guns differently to how we use them in Australia. Here we take them out of storage before firing them.
The most onerous part of Australia law is being registered to own a gun. It is not hard to get registered and you certainly do not need a reason - "I want to" is good enough. There is no limit to the number of guns you can own (I know people who have 30 of them), but you do have to display a minimum competence in gun handling, you do have to prove you have safe and secure storage for it, and you do have to keep your registration up to date. It's less effort than getting a car drivers licence, and far less effort then getting a ham radio licence.
But it does involve some ongoing effort. And that is the point. That is enough to stop people who have no interest in guns whatsoever from keeping one in the draw, just waiting to be misused. For people who a genuine interest in guns like yourself the law isn't a barrier to owning a whole armory, and isn't meant to be.
As an Australian who has played with guns recently, that's factually inaccurate. Almost all Australian adults can own a gun if they wish to. In fact many of us own entire rooms full of them. The only exceptions are the same as everywhere else - the mentally ill, felons and so on. We are perhaps a little more restricted in the types of gun we can own - you need to have a professional reason to own concealable weapons and automatics.