Slashdot Mirror


User: petermgreen

petermgreen's activity in the archive.

Stories
0
Comments
10,783
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,783

  1. Re:What about CentOS? on Red Hat Nears $1 Billion In Revenues, Closing Door On Clones · · Score: 3, Informative

    Straight clones should still be possible as long as redhat complies with the GPL, the main things their changes to kernel packaging will do it

    1: make it harder for unrelated distros (e.g. debian) to pigyback of redhats long term support work for kernel releases
    2: make it harder for anyone else to provide high quality support for redhats patched kernels by making it much harder for them to answer the question when something goes wrong of "what did redhat change and why".

  2. Re:Terminal Velocity? on IPhone 4 Survives 1,000 Foot Fall From Plane · · Score: 1

    Given two objects of equal mass and proportional shape, the smaller will have a higher terminal velocity

    Given two objects of equal density and proportional shape the smaller will have lower terminal velocity because perpendicular area goes with the square of dimension and volume goes with the cube of dimension.

  3. Re:Terminal Velocity? on IPhone 4 Survives 1,000 Foot Fall From Plane · · Score: 1

    But terminal velocity is not about density.

    Roughly speaking terminal velocity is proportional to weight and inversely proportional to area perpendicular to the falling direction. This means that smaller objects tend to fall slower

  4. Re:G's on IPhone 4 Survives 1,000 Foot Fall From Plane · · Score: 3, Informative

    The Gs will change through the flight

    When it initially starts falling air resistance will be negligable and it will experiance approximately 0G
    As it approaches terminal velocity and stops accelerating the G-force experianced will increase tending back towards 1G
    When it hits the ground things get complex
    After it has settled on the ground it will experiance 1G

    During hitting the ground is where things get really complex. A simple model assuming that the objects are rigid and that "contact forces" appear instantlygives a result of infinite acceleration and therefore infinite Gs. In reality different parts of the object will experiance different Gs as the object deforms on impact.

  5. Re:And the CAs do ... what again? on Phony Web Certs Issued For Google, Yahoo, Skype · · Score: 1

    Since in essence things come down to complete trust of a third party CA.

    It's worse than that, they come down to complete trust of every CA listed in your browsers root list and every CA they have delegated to.

  6. Re:And the CAs do ... what again? on Phony Web Certs Issued For Google, Yahoo, Skype · · Score: 1

    If they merely implement it then the MITM can simply implement a DNS proxy that strips all DNSSEC related information.

    To fix the mess browsers basically have to drop support for the broken CA system completely and I don't see that happening any time soon.

  7. Re:Well on Phony Web Certs Issued For Google, Yahoo, Skype · · Score: 2

    Also given that we know how easy it is for goverments to coerce large buisnesses even in countries that supposedly have checks and balances you can basically assume that the goverment of any country with a recognised CA in it can get a cert to use to MITM your traffic.

  8. Re:Snow Crash? on Google Engineer Releases Open Source Bitcoin Client · · Score: 1

    Reliably enforcing taxation is pretty much impossible regardless of the currency. The main way western countries (at least the USA the UK) have got arround this is by collecting most of the tax from larger entites, the more transactions an entity is involved in the greater the chance of getting caught cheating and the more thay have to lose when they do cheat. While it is nominally the employee being taxed the taxes are required to be calculated and collected by their employer. Similarly sales tax/vat is collected by the retailer as part of the purchase.

  9. Re:Bitcoin is good, but problematic. on Google Engineer Releases Open Source Bitcoin Client · · Score: 1

    More implementations of the software are always good. But, they don't actually matter. It's the blockchain that matters. So long as the various implementations use the same blockchain (which is the cryptographic chain that indicates which address has how many bitcoins), things will stay together.

    I saw someone else say this was not a full P2P implementation. One concern I see is if too many user run "client only" implementations then the network may fall apart.

    Bitcoin uses cryptography to verify who performed an action but it uses a P2P network of many cooperating nodes to track what transactions have happened so far and reject transactions that would conflict with previous ones (the "spending money you have already spent" scenario). Without this tracking the system would fall apart.

  10. Re:This ain't rocket surgery on Why Doesn't Every Website Use HTTPS? · · Score: 1

    IIRC there are flags you can set on cookies so the "insecure" ID is sent on all requests and the "secure" ID is only sent on HTTPS requests. I agree you have to be careful though.

  11. Re:The Duke ain't PC on Duke Nukem Forever Multiplayer Mode Predictably Controversial · · Score: 1

    Afaict the way to get arround this is to keep a seperate brand for your "adult" games push that as the brand for your adult games. So when people think of "the company behind GTA" they think "rockstar games" not "take 2 interactive".

  12. Re:But they're not unrelated... on Why Doesn't Every Website Use HTTPS? · · Score: 1

    Without some way for Bob to verify that the person claiming to be "Alice" is, indeed, the real Alice that's about as much use as an ashtray on a motorbike.

    With unencrypted data mallory can merly evesdrop. Evesdropping is easy and safe.

    With encrypted data with insecure certificates mallory must insert himself in the middle of the connection. While not impossible this is both technically harder and carries a risk that Bob and Alice will in some way discover that their certificates don't match. In particular in the case of HTTPs mallory has to make an educated guess (he can look at whether the root is a recognised CA or not but he can't know whether bob has CAs in her trusted list that aren't in his list or not) as to whether the users are likely to be validating the certificates for a particular connection or not and therefore whether it is safe to MITM it or not.

    The only responsible thing the browser can do is warn you that (as far as it is concerned) the connection could still be insecure before displaying the "secure connection" symbol.

    It should provide appropriate warning and that warning needs to be implemented in a blocking manner (that is the warning must be presented and the user must accept or reject it before continuing) because a MITM can impose himself into your connection between the connection where you see the page with a form on it and the padlock in the corner and the connection where you submit that form but IMO that warning should NOT imply that the connection is less secure than if no encryption was used in the first place. Ideally browser vendors should also create a url scheme that specifies ssl without certificate checking so that sites that want that for whatever reason can get it without either unessacerry warnings or breaking the security of sites that use https fully.

    P.S. IMO stateful stuff built on the inherently stateless web is really a massive hack. That is why we have so many webapp related security issues.

  13. Re:The security advantage may not last long anyway on Why Doesn't Every Website Use HTTPS? · · Score: 1

    HTTPs is only really for protection against low end attackers. Against high end attackers (goverment agencies, possiblly even well connected corps and skilled hackers) you run into the problem that the authentication (which protects against MITM attacks) model used is at at best as strong as the weakest CA and in practice almost certainly weaker than any one CA would be on their own (since different CAs will likely have different vulerabilities).

  14. Re:This ain't rocket surgery on Why Doesn't Every Website Use HTTPS? · · Score: 1

    A solution to this would be to generate TWO authentication tokens. One token is visible in the clear and is used to authenticate low impact actions. The other is restricted to SSL and is used to authenticate more potentially destructive actions.

    A variant of this technique is asking the user to re-enter their password (over SSL of course) when performing a potentially destructive action.

  15. Re:virtual hosts, money on Why Doesn't Every Website Use HTTPS? · · Score: 1

    WRONG

    The key problem is that the server must present it's certificate to the browser before it sees the http "host:" header which tells it which name based virtual host it is supposed to be serving.

    It is possible to have one cert that covers multiple domains. This is fine if you own all the domains your server will be hosting but I've yet to find a SSL certificate provider that will provide a certificate covering your customers domains.

    So they added an extension called SNI which allows a SSL client to specify what domain it is asking for during the SSL handshake. Unfortunately IE on XP doesn't support it.

  16. Re:virtual hosts, money on Why Doesn't Every Website Use HTTPS? · · Score: 1

    AIUI MS considers the SSL support a separate component of windows not a part of IE. So IE on windows vista/7 supports it but IE (regardless of version) on XP doesn't.

  17. Re:virtual hosts, money on Why Doesn't Every Website Use HTTPS? · · Score: 1

    Most of the major browsers support SNI

    The below is based on a combination of wikipedia and personal knowlage.

    Firefox uses it's own SSL engine and has supported SNI for ages.

    IE and safari on windows use the built in windows SSL support so they support it on vista and 7 but not on XP.

    Safari on OS-X supports it on Mac OS X 10.5.6 or higher. I have no idea what the ratio of different OS X versions in the wild are.

    The situation with chrome seems unclear, wikipedia links a google bugreport that talks about switching to mozilla NSS but also claims "Although many report Chrome 8 does not work with SNI on XP and Win7.

    The bottom line is that support is fairly widespread but a substantial proportion of your visitors are likely to be using browser/OS combinations that don't support it and that will not change until XP dies out.

  18. Re:Cost on Why Doesn't Every Website Use HTTPS? · · Score: 1

    The question is which will happen first, will XP become irrelevant (making SNI usable) or will IPv6 become ubiquitous (making SNI pointless)?

  19. Re:Cost on Why Doesn't Every Website Use HTTPS? · · Score: 1

    How is it Microsoft's responsibility that people are still using a ten year old operating system?

    There wasn't a successor at all for 5 years, then when a successor did come out it was widely (rightly or wrongly) regarded as a turd. It's only in the last couple of years that they have released another version that is regarded as decent. Even then many people are comfortable with XP and reluctant to relearn the interface (all versions of windows up to and including vista could be setup to look and feel much like win95, 7 can't).

    The changes required to backport the API that supported SNI and use it in IE would be far smaller and less intrusive than many other changes MS made to windows XP over it's lifecycle so it's not as if "it would be a disruptive change" is a reasonable excuse.

    If your target demographic is in that pool of people

    I bet even among those with plenty of disposable income you will find a lot of XP users either because they think their current computer is adequate or because they have been actively avoiding vista and/or 7 (until very recently the likes of dell would sell you a machine with XP and you can still find XP machines new old stock without too much trouble).

    And then there is the fact that many people use the internet at work for both work related and private reasons.

  20. Re:Cost on Why Doesn't Every Website Use HTTPS? · · Score: 1

    According to that article safari on XP doesn't support it either and if you actually look at the references section it seems the situation with chrome on XP seems unclear ""Google Chrome, Issue 43142, Use SSLClientSocketNSS on Windows by default". 2010-10-29 - Although many report Chrome 8 does not work with SNI on XP and Win7. https://code.google.com/p/chromium/issues/detail?id=43142."

  21. Re:And because IPv4 addresses are scarce on Why Doesn't Every Website Use HTTPS? · · Score: 1

    You can also host multiple hostnames (either on the same domain or on multiple domains) on one IP by having all the sites in the subjectaltname of one cert. You just have to find a CA who is prepared to issue such a cert and the CA will have to reissue the cert whenever domains need to be added.

    Afaict many CAs will do this if you own all the domains but at least the ones i've looked at customers domains to be included on a cert owned by their provider (which would be needed to host multiple customers on the same IP/port with this system). Some of them also seem to be quite expensive (though startssl look reasonable)

  22. Re:Certificate? on Why Doesn't Every Website Use HTTPS? · · Score: 1

    The free certs from the likes of StartCom are relatively weak 128/256-bit encryption.

    meh, the fact that there are loads of CAs and any CA can impersonate any website is IMO a far bigger vulerability than the strength of the encryption.

  23. Re:Bribery fines are funny on IBM Charged With Bribing Korean, Chinese Officials · · Score: 1

    Personally I think punishing anyone who bribes is the wrong way to go about fixing things. In a highly corrupt society all it does it push people into a no-win situation, if you don't bribe then you are at a huge disadvantage (possibly unable to do business at all) if you do bribe then you are at risk of someone in power using that as an excuse to throw the book at you.

  24. Re:Well of course on 2011 MacBook Pros Confirmed To Crash Under Load · · Score: 3, Insightful

    Note: since the GP quoted in pounds i'm using UK prices from both dell and apple.

    A £999 inc VAT and shipping (closest price in this list to £1000) macbook pro comes with a 13 inch screen and a 2.3GHz dual-core Intel Core i5. Unfortunately the model number wikipedia lists for the CPU doesn't seem to match up with anything on intels website but assuming the turbo is similar to the models that straddle it it would have a max turbo with all cores active arround 2.8 GHz. If you want a 15 inch machine with a quad core (there is no option for a 15 inch with a dual core or a 13 inch with a quad core that will set you back £1,549.00 inc VAT and shipping)

    Comparing to dell it depends what you compare with. If you compare to the 13 inch vostro 3300 with an i5-480M then a machine with similar specs (older processor family but higher clockspeed so probablly overall similar) is £559.00 plus VAT and shipping which will put the total arround £700. OTOH if you compare to the 15 inch vostro line (in PC laptops 15 inch models tend to be cheaper than equivilent 13 inch models) then things get cheaper still.

    So the GP was exaggerating a bit but still there is a fairly steep premium for apple hardware and this is compounded by apple's very limited selection which means you often end up buying far more than you actually require.

  25. Re:And the advantage is...? on Graphics-Enabled CPUs To Take Off In 2011 · · Score: 3, Informative

    And the advantage is...?

    The advantage of shared memory graphics is reduced cost and power consumption.
    The advantage of integrating the memory controller in the CPU is it allows the CPU faster access to memory.
    The advantage of reducing the number of high speed chips is reduced cost and power consumption.

    So with that in mind lets consider the options for a CPU with an integrated memory controller.

    Putting the shared memory graphics on a seperate chip would require a link to the CPU that offered high speed high priority ram access by the GPU and would still leave you with two high speed chips. AMD do this with hypertransport though IIRC they usually have a small ammount of dedicated graphics memory as well to keep the framebuffer traffic off the hypertransport links.

    Not offering shared memory graphics at all rules a platform out of the low end market and makes it less than ideal for the business market in general. Intel did this with the nahelm quad and hex core processors and I belive are planning to do the same with the LGA2011 high end sandy bridge chips.

    So the natural thing to do is to put the shared memory graphics on the CPU with the memory controller. Intel did this with the dual core nahelm chips and with the LGA1155 mainstream sandy bridge chips.

    So there will be more computers with crappy integrated graphics.

    Probablly a few more because there were no nahelm quad cores with integrated graphics support. So if you wanted a fast quad core you pretty much had to have discrete graphics as well whether you wanted them or not.

    Practically speaking sandy bridge puts things pretty much back the way they were before with the choice of processor core count decoupled from whether to use integrated graphics. It's just those integrated graphics are in the CPU rather than the northbridge. Hopefully this will mean the likes of dell will finally migrate off LGA775.

    Oh, and btw, wasn't the plan until recently to basically replace the CPU with the GPU?

    GPUs are great at some types of calculation but suck at branch heavy code. So many algorithms have to be completely redesigned to run on them. IIRC in the case of video encoding GPUs can do it quicker but only using cut down encoders that produce lower quality results.

    AMD was at one point planning to make units that combined the best of both (note: the fusion name which originally reffered to this is now being used to reffer to CPUs and GPUs on the same die but logcially seperate). Dunno if they still are.