Right now I rather doubt space advertising like that is viable. If it does become viable the lobbyists will come, the ethically challenged congressmen will get kickbacks and campaign donations, and finally a new law will be created entitled to create ``Democracy Zones'' where anyone who pays the goverment X amount of dollars can own their own spot in orbit.
P.S. I wish the auto spellcheck worked in firefox. Oddly enough it does in konqueror.
Traceroute really cannot provide adequate location resolution. Maybe if you were lucky you would get the city right.
GPS is too expensive, and pretty much doomed to fail since your inside. About the best you can do is have a standard cheap GPS module in the adapter and require one plug it in outside until it syncs and then move it inside. People entering their real address is far easier and for 99% of VOIP customers is probably their billing address anyway.
I don't know the details of onstar, but I suppose VOIP based things similar to that could have a GPS unit so that if you had an emergency near your car emergency services could find you easily. Of course this says nothing about the potential to abuse such things...
Its ironic that leaking of politically inconvenient information is probably one of the most effective ways to get security taken seriously, at least within one organization.
Of course they may just label the people who intercepted the unencrypted information terrorists and use it as an excuse for why you must elect them...
Its interesting, but unless you can use multiple cells or something there is not enough power to run any kind of pump.
Afaik one of the major issues with any kind of artificial heart is it kills some of the cells as it pumps.
Still this kind of technology is definitely interesting, and who knows what might be possible in the long term.
I ran into this idea of maintainability when I was putting together the code that ended up in my PhD project. It was quite often I would realise that one more structure here or a change here would make things clearer and easier to understand, but at the cost of considerable changes all over. In the end I think the changes were worth it as I suspect it is worth it to wait and let the kde developers keep konqueror's development clean and as streamlined as possible.
To be honest I'm somewhat disappointed with Apple. If they really have material they could be releasing that would help the kde team figure out things, then they should release it. I don't know that to be the case of course. I wonder if apple has published their side of the story....
I wonder what would happen if say schools around the world all agreed to phase out microsoft in four years, and to that end, they devoted say 1/3 of their financial savings to developing FOSS solutions.
I'm not saying it would definitely work, but I'd say it would have a shot, espeecially when you could have various college professors assign _real_ programming tasks for part of their course assignments.
Of course such a thing might put a lot of software companies out of business, but then it would also put some in business. At any rate, I wouldn't go so far to say such an idea is a good one, but its interesting to toss out anyway.
Hydraulic cylinders often come in 2 or 3 stages, so that you have one cylinder inside another inside another. Basically you get 3x the extension for a given length of cylinder. The max lift should be based on the cross sectional area of the smallest tube afaik.
So I'd imagine for a 3 story elevator you would have to dig a little more than one story down. I suspect the pump, reservior, and the rest could all be set below the elevator. Assume you need to lift 1000# in total then
Force = pressure * area = pressure * pi * r^2.
Assume you limit the hydraulics to a reasonable 2500psi...
1000/ (2500*3.14) = r^2
r=.35
d=.714
You probably want a thicker cylinder to prevent warping though so assume 2 inches in diameter for the smallest part then you get
318psi required.
For that matter if you let the cylinder size expand to be the size of the elevator (like the article), the pressure required continues to drop until it is quite small. Unfortunately, your going to require a lot more volume of whatever your using to move it..
From a more practical standpoint, any reduction in piracy of microsoft software is a very good thing with respect to linux/bsd. Yes some would get XP cd's out of it, but in theory, if more avenues for fake copies of XP are shut down then more people will have to choose between paying microsoft's license fee for XP or installing Linux for free.
I wouldn't mind seeing microsoft shut down every illegal copy since in the end it would help Linux's marker share. Of course, even though I love Gentoo linux, I'm in no hurry to replace XP on my mother's PC. Some things are best left alone and there will be a market for XP for quite a long time I'd think.
Anyone using WEP to secure anything important needs to get a clue.
That being said, skimming the slashdot responses it wasn't WEP's weakness but the weakness of the text to key algorithm in this case.
As far as dictionary best passwords go, it can be phrased more simply as reducing the cardinality of the keyspace. It doesn't matter how you reduce it, it is just the end result that the total keyspace is smaller allowing an easier search.
That being said I'm not willing to say that dictionary based passwords are completely useless in all cases. They are a very bad idea, and make things orders of mangnitudes easier, but in some cases they might be adequate for low levels of security. It just depends on how long the system needs to remain secure and the cost of that security being violated..
I'm curious, how long would it take for the in orbit debrii that is presumably from other satellites and space missions and things, to eventually get caught by earth's gravity and burn up in the atmosphere?
Or will most of it just remain in orbit forever?
I'm assume its not feasible to send up a robotic trash collector that crashes into the ocean when done..
While I haven't studied in it detail. Afaik, most power plants burn something to create steam to turn generators. If you reduce the power demand, the steam pressure required should be less, and the burn rate required should be lower..
So while, I will agree they probably have considerable extra capacity at night, that doesn't necessarily mean its wasted. Also there might be various generator sources around a city. Some might be efficient enough to switch out of the system if the capacity isn't needed for hours.
I think that about the best you can go in practice is use a nice little program that stores your passwords and keep all of them random and different. The different is the important part. Actually it would be nice if the program itself generated the random passwords since hitting keys randomly may not in fact be that random. Of course to be truly random the program should generate the random numbers based partly on information about your random keypresses;) Then use a nice acronym based password for the key to that program like someone suggested.
Of course you can store them in a self contained pda or similar, but unless you can easily paste them in, it becomes very annoying to actually use.
Of course usage of the browser feature to remember passwords might still be a weakness.
Some might argue that biometrics are a great help for password security, but in reality they only help in certain specific situations since ultimately the biometric reduces to data that is unchangeable for a persons lifetime.
For instance you could use biometrics to verify the identity of those going on a plane, provided you also have a real person watching to make sure no one is trying to fool the machine. For ordinary security like on a laptop, sure they help, but I would use a normal password along with the biometric if a high level of security was desired.
Ultimately keeping machines secure is hard, and its usually not because the encryption is weak, but because humans just aren't designed to remember long strings of random digits.
One possible solution would be to design even more complex levels of encryption that take a long time to process so searching takes longer even with a smaller keyspace. One must be careful here though, as you can't just design something complex that takes a long time to convert an 8 digit ascii string to 128 bits since the keyspace cardinality would still be the same as the original password string and you could easily store all the results in a table and never run the algorithm again. Now that I think about it I can't give a quick example of how one would go about designing a private key algorithm like that. Elliptic curve encryption accomplishes this for public key based system as compared to RSA. I may work on it sometime later just for fun. Of course if you do this, it also takes longer to log in. Very few things are without tradeoffs after all.
Well I know enough to review it and may look at it sometime when I get time. That being said it takes a lot of reviews and a lot of hammering at algorithms before you gain a reasonable degree of certainty that it is secure and even then, sometimes a discovery will be made that makes what was secure now insecure.
All in all I'd seriously avoid anything that hasn't been explored for a year or two in any serious applications unless there is some very compelling reason not to. Certainly the AES 128 in my PhD project is more than fast enough to keep up with 802.11b in software. Of course I haven't tried 100MB yet, but I rather suspect there are hardware chips that will handle AES as well. To an extent I'm slightly suspicious when someone says they have a new private key algorithm that is better since only time and a lot of cryptanlaysis shows that.
Remember that private key encryption is generally always fast, and simple compared to public key encryption. This is why elliptic curve cryptography is interesting because of the speedup and the shorter key length possible while, apparently, keeping the same level of security. (Some basic discussion of elliptic curve cryptography is in that link.)
If a university gives some support to a grad student to carry on research it is likely to be much much lower than what an equivalent job would bring in. So unless the support is such that you can actually say a fair salary was paid or something close to develop the work, then no I don't think people have the right to it. I released my PhD work under the GPL to hopefully at some point attract interest in my cryptography design or perhaps just future job prospects, but I still maintain my right to sell it independently. My college loans and bills aren't going to pay themselves, and the project involved several years of part time work. (For the curious see Project Page or the Sourceforge Page )
Yes, quite often something like programming doesn't seem to fit well into doing more than 3 or 4 hours at a time and then you pretty much need a break, for your continued health if nothing else.
Personally I've done a lot of very boring and tedious coding and other problems and sometimes without listening to music or ocassionally skiming a web page to find something interesting to keep my brain from concluding that you really need just five minutes of sleep and then everything will be better. Human beings are not machines, and it is a mistake to model us that simply.
What confuses me is that it seems to be pretty difficult to just go out and buy a stock, non race, engine with a simple fuel injection and control system so that it would meet whatever the epa limits are. I don't even see aftermarket systems except a few at summitracinga and those are quite expensive.
At any rate, I certainly agree any laws that say _how_ you must meet emissions or noise levels standards are wrong. Equivalently. I think there should be reasonable noise and pollution level standards based on the year and type of vehichle. If you upgrade an older car with a system that gets much better emissions ratings and you are willing to accept a more stringent rating for the cars emissions then the government should give you a tax break as an incentive, in my opinion.
My Phd project uses an elliptic curve based design. The test code requires the orinoco drivers to work. Its in the url for the curious. The ses unix name is still pending transfer to me at sourceforge. By the way, I know that ECDSA's use of SHA1 needs updated. I'll get to it eventually.
I'd like to know whats to stop worms and such from propagating on the network of atm's now.
From what little I know the bsd variants have some of the best security around. It would make far more sense to built them around that. For that matter since when does an atm need to do anything but dispense cash? I _want_ anything involved with my money to be as simple as possible since you cannot secure what you don't fully understand, and if you put all that windows baggage on it well security is the cost. Lets pray they strip it down enough that our money stays put, but I rather doubt it.
Speaking of weird things. I think someone said they were moving to 3DES. The question is why? Sure 3DES is probably secure for awhile, but it would seem to make far more sense to go to a 160 bit version of AES since it at least a complete algorithm. While being able to break DES may not help with 3DES right now, the one is made from 3 of the others and who knows what the future may bring.
It would seem to me that countries with the less strict rules and expenses be it copyrights, patents, labor laws, pollution laws, whatever is where the jobs go. That doesn't mean they are good jobs or anything like that, merely that it is cheaper to have work done over there since they don't have to follow the same rules. That seems to me to be the fundamental problem with free trade. If it is not balanced with incentives to equalize work and legal conditions then places like China get much of the business.
Now I'd tend to argue that patents probably are no longer a net benefit since they lock up technology. Companies will still develop new technologies without them, since they want to sell them, and as for the little guy, well I rather doubt many of them could ever survive a patent lawsuit anyway. I suppose a case could be made for helping smaller companies, but even then its dubious. Also the counter argument can be made that small companies and invididuals can be more competitive if they have access to some of the vast array of patented technologies without paying exorbent licensing fees.
Overall big companies can and will crush small companies by the simple method of underpricing them out of business till they die, and I don't think patents will stop this, unless it is just so specific that a competing product is impossible. They seem more of a tool to aid in the crushing.
Companies like SBC are inflexible. They offer ridiculously prices isdn for $142 a month (+ isp fees) from somewhere far far away where I'm at. This requires the use of a repeater because for some strange reason the local CO can't handle ISDN which seems fairly stupid as well.
Now repeaters exist for DSL that would easily put me in range of the local CO without putting a DSLAM in the nearest remote terminal. (I'm between 19.9k and 22k feet depending on which day I asked the phone company.) Do they use these repeaters or small remote terminals so they get customers rather than complaints? Nope. Can SBC and similar get away with this kind of business practice? You bet, since if a serious threat comes their way they can underprice their competetion out of business, whether or not they are making a profit at the moment.
"The point of this bill is to prevent municipalities from taxing citizens to pay for a service most people will never use."
Internet access is a part of the infrastructure system. Without a decent infrastructure businesses do not get built or flourish. It is perfectly reasonable to have goverment provide it since in the end it helps the citizens. I suppose you could wait for the private sector to build roads, water and sewer systems as well, but I wouldn't hold my breath. Heck the SBC near me won't even consider offerering DSL where I am because they can't make a profit fast enough to put a small DSLAM in the remote box. I even offered to pay for the parts, but instead of giving me a real price for a small 24 port dslam (~$1500) they claim it costs $300,000 to a million to offer me DSL. No the private sector is NOT the answer to every problem since their goals are quite simply profit and not whats best for the community.
I agree, if you have a competant cryptographer designing your data embedding algorithm and everything is nicely done with appropriate cryptography and the rest your probably never going to notice that there is anything hidden in whatever your hiding it in. That is, as long as you keep your message reasonably short with respsect to the total data.
Consider also the massive amount of data on the internet these days. I just don't see it being possible to realistically find such things unless you find out about the message embedding in some other way..
Of course even if one were to find them, AFAIK 128bit AES hasn't been broken to say nothing of more elaborate methods..
Slashdot Mirror
P.S. I wish the auto spellcheck worked in firefox. Oddly enough it does in konqueror.
Traceroute really cannot provide adequate location resolution. Maybe if you were lucky you would get the city right.
GPS is too expensive, and pretty much doomed to fail since your inside. About the best you can do is have a standard cheap GPS module in the adapter and require one plug it in outside until it syncs and then move it inside. People entering their real address is far easier and for 99% of VOIP customers is probably their billing address anyway.
I don't know the details of onstar, but I suppose VOIP based things similar to that could have a GPS unit so that if you had an emergency near your car emergency services could find you easily. Of course this says nothing about the potential to abuse such things...
Of course they may just label the people who intercepted the unencrypted information terrorists and use it as an excuse for why you must elect them ...
Its interesting, but unless you can use multiple cells or something there is not enough power to run any kind of pump. Afaik one of the major issues with any kind of artificial heart is it kills some of the cells as it pumps. Still this kind of technology is definitely interesting, and who knows what might be possible in the long term.
I ran into this idea of maintainability when I was putting together the code that ended up in my PhD project. It was quite often I would realise that one more structure here or a change here would make things clearer and easier to understand, but at the cost of considerable changes all over. In the end I think the changes were worth it as I suspect it is worth it to wait and let the kde developers keep konqueror's development clean and as streamlined as possible.
To be honest I'm somewhat disappointed with Apple. If they really have material they could be releasing that would help the kde team figure out things, then they should release it. I don't know that to be the case of course. I wonder if apple has published their side of the story....
I wonder what would happen if say schools around the world all agreed to phase out microsoft in four years, and to that end, they devoted say 1/3 of their financial savings to developing FOSS solutions.
I'm not saying it would definitely work, but I'd say it would have a shot, espeecially when you could have various college professors assign _real_ programming tasks for part of their course assignments.
Of course such a thing might put a lot of software companies out of business, but then it would also put some in business. At any rate, I wouldn't go so far to say such an idea is a good one, but its interesting to toss out anyway.
Hydraulic cylinders often come in 2 or 3 stages, so that you have one cylinder inside another inside another. Basically you get 3x the extension for a given length of cylinder. The max lift should be based on the cross sectional area of the smallest tube afaik. So I'd imagine for a 3 story elevator you would have to dig a little more than one story down. I suspect the pump, reservior, and the rest could all be set below the elevator. Assume you need to lift 1000# in total then Force = pressure * area = pressure * pi * r^2. Assume you limit the hydraulics to a reasonable 2500psi... 1000/ (2500*3.14) = r^2 r=.35 d=.714 You probably want a thicker cylinder to prevent warping though so assume 2 inches in diameter for the smallest part then you get 318psi required. For that matter if you let the cylinder size expand to be the size of the elevator (like the article), the pressure required continues to drop until it is quite small. Unfortunately, your going to require a lot more volume of whatever your using to move it..
From a more practical standpoint, any reduction in piracy of microsoft software is a very good thing with respect to linux/bsd. Yes some would get XP cd's out of it, but in theory, if more avenues for fake copies of XP are shut down then more people will have to choose between paying microsoft's license fee for XP or installing Linux for free.
I wouldn't mind seeing microsoft shut down every illegal copy since in the end it would help Linux's marker share. Of course, even though I love Gentoo linux, I'm in no hurry to replace XP on my mother's PC. Some things are best left alone and there will be a market for XP for quite a long time I'd think.
That being said, skimming the slashdot responses it wasn't WEP's weakness but the weakness of the text to key algorithm in this case.
As far as dictionary best passwords go, it can be phrased more simply as reducing the cardinality of the keyspace. It doesn't matter how you reduce it, it is just the end result that the total keyspace is smaller allowing an easier search.
That being said I'm not willing to say that dictionary based passwords are completely useless in all cases. They are a very bad idea, and make things orders of mangnitudes easier, but in some cases they might be adequate for low levels of security. It just depends on how long the system needs to remain secure and the cost of that security being violated..
Or will most of it just remain in orbit forever?
I'm assume its not feasible to send up a robotic trash collector that crashes into the ocean when done..
So while, I will agree they probably have considerable extra capacity at night, that doesn't necessarily mean its wasted. Also there might be various generator sources around a city. Some might be efficient enough to switch out of the system if the capacity isn't needed for hours.
You have a point. I've seen nigerian scam emails that were much more convincing.
Of course you can store them in a self contained pda or similar, but unless you can easily paste them in, it becomes very annoying to actually use.
Of course usage of the browser feature to remember passwords might still be a weakness.
Some might argue that biometrics are a great help for password security, but in reality they only help in certain specific situations since ultimately the biometric reduces to data that is unchangeable for a persons lifetime.
For instance you could use biometrics to verify the identity of those going on a plane, provided you also have a real person watching to make sure no one is trying to fool the machine. For ordinary security like on a laptop, sure they help, but I would use a normal password along with the biometric if a high level of security was desired.
Ultimately keeping machines secure is hard, and its usually not because the encryption is weak, but because humans just aren't designed to remember long strings of random digits.
One possible solution would be to design even more complex levels of encryption that take a long time to process so searching takes longer even with a smaller keyspace. One must be careful here though, as you can't just design something complex that takes a long time to convert an 8 digit ascii string to 128 bits since the keyspace cardinality would still be the same as the original password string and you could easily store all the results in a table and never run the algorithm again. Now that I think about it I can't give a quick example of how one would go about designing a private key algorithm like that. Elliptic curve encryption accomplishes this for public key based system as compared to RSA. I may work on it sometime later just for fun. Of course if you do this, it also takes longer to log in. Very few things are without tradeoffs after all.
All in all I'd seriously avoid anything that hasn't been explored for a year or two in any serious applications unless there is some very compelling reason not to. Certainly the AES 128 in my PhD project is more than fast enough to keep up with 802.11b in software. Of course I haven't tried 100MB yet, but I rather suspect there are hardware chips that will handle AES as well. To an extent I'm slightly suspicious when someone says they have a new private key algorithm that is better since only time and a lot of cryptanlaysis shows that.
Remember that private key encryption is generally always fast, and simple compared to public key encryption. This is why elliptic curve cryptography is interesting because of the speedup and the shorter key length possible while, apparently, keeping the same level of security. (Some basic discussion of elliptic curve cryptography is in that link.)
I rather suspect I might gain a tolerance to electric shock fairly soon.
If a university gives some support to a grad student to carry on research it is likely to be much much lower than what an equivalent job would bring in. So unless the support is such that you can actually say a fair salary was paid or something close to develop the work, then no I don't think people have the right to it. I released my PhD work under the GPL to hopefully at some point attract interest in my cryptography design or perhaps just future job prospects, but I still maintain my right to sell it independently. My college loans and bills aren't going to pay themselves, and the project involved several years of part time work. (For the curious see Project Page or the Sourceforge Page )
Personally I've done a lot of very boring and tedious coding and other problems and sometimes without listening to music or ocassionally skiming a web page to find something interesting to keep my brain from concluding that you really need just five minutes of sleep and then everything will be better. Human beings are not machines, and it is a mistake to model us that simply.
At any rate, I certainly agree any laws that say _how_ you must meet emissions or noise levels standards are wrong. Equivalently. I think there should be reasonable noise and pollution level standards based on the year and type of vehichle. If you upgrade an older car with a system that gets much better emissions ratings and you are willing to accept a more stringent rating for the cars emissions then the government should give you a tax break as an incentive, in my opinion.
A direct link is http://www.finiteinfinity.com/ses/
My Phd project uses an elliptic curve based design. The test code requires the orinoco drivers to work. Its in the url for the curious. The ses unix name is still pending transfer to me at sourceforge. By the way, I know that ECDSA's use of SHA1 needs updated. I'll get to it eventually.
From what little I know the bsd variants have some of the best security around. It would make far more sense to built them around that. For that matter since when does an atm need to do anything but dispense cash? I _want_ anything involved with my money to be as simple as possible since you cannot secure what you don't fully understand, and if you put all that windows baggage on it well security is the cost. Lets pray they strip it down enough that our money stays put, but I rather doubt it.
Speaking of weird things. I think someone said they were moving to 3DES. The question is why? Sure 3DES is probably secure for awhile, but it would seem to make far more sense to go to a 160 bit version of AES since it at least a complete algorithm. While being able to break DES may not help with 3DES right now, the one is made from 3 of the others and who knows what the future may bring.
Now I'd tend to argue that patents probably are no longer a net benefit since they lock up technology. Companies will still develop new technologies without them, since they want to sell them, and as for the little guy, well I rather doubt many of them could ever survive a patent lawsuit anyway. I suppose a case could be made for helping smaller companies, but even then its dubious. Also the counter argument can be made that small companies and invididuals can be more competitive if they have access to some of the vast array of patented technologies without paying exorbent licensing fees.
Overall big companies can and will crush small companies by the simple method of underpricing them out of business till they die, and I don't think patents will stop this, unless it is just so specific that a competing product is impossible. They seem more of a tool to aid in the crushing.
Now repeaters exist for DSL that would easily put me in range of the local CO without putting a DSLAM in the nearest remote terminal. (I'm between 19.9k and 22k feet depending on which day I asked the phone company.) Do they use these repeaters or small remote terminals so they get customers rather than complaints? Nope. Can SBC and similar get away with this kind of business practice? You bet, since if a serious threat comes their way they can underprice their competetion out of business, whether or not they are making a profit at the moment.
"The point of this bill is to prevent municipalities from taxing citizens to pay for a service most people will never use." Internet access is a part of the infrastructure system. Without a decent infrastructure businesses do not get built or flourish. It is perfectly reasonable to have goverment provide it since in the end it helps the citizens. I suppose you could wait for the private sector to build roads, water and sewer systems as well, but I wouldn't hold my breath. Heck the SBC near me won't even consider offerering DSL where I am because they can't make a profit fast enough to put a small DSLAM in the remote box. I even offered to pay for the parts, but instead of giving me a real price for a small 24 port dslam (~$1500) they claim it costs $300,000 to a million to offer me DSL. No the private sector is NOT the answer to every problem since their goals are quite simply profit and not whats best for the community.
I agree, if you have a competant cryptographer designing your data embedding algorithm and everything is nicely done with appropriate cryptography and the rest your probably never going to notice that there is anything hidden in whatever your hiding it in. That is, as long as you keep your message reasonably short with respsect to the total data. Consider also the massive amount of data on the internet these days. I just don't see it being possible to realistically find such things unless you find out about the message embedding in some other way.. Of course even if one were to find them, AFAIK 128bit AES hasn't been broken to say nothing of more elaborate methods..