Hell, the wife is of the opinion it's cheaper to throw out the printer instead of getting a new toner cartridge, since the cartridge often costs what the printer did and the printer comes with one.:-P
Is she aware that new printers often come with "starter" cartridges that have less toner in them than the "standard" cartridge does.
I disagree. Yes there is a risk that you will end up talking to a man in the middle if you use encryption without authentication. However
1: The attacker does not know if you are performing authentication on a given connection or not. Therefore by attempting to MITM your connections he risks being noticed. 2: MITM is a lot more effort than passive sniffing.
Currently PKI works by having a large number of certification authorities (both roots installed in the browser and intermediates with delegated authority from those roots) any one of which can issue a certificate that will be trusted by the browser to identify a site. So if any one of those certification authorities is compromised by an attacker then the attacker can obtain a certificate with which they can MITM traffic to your site without generating any warnings.
AIUI What the GP is proposing is that multiple independent authorities would need to vouch for a "high security" site so that one compromised certification authority would not be sufficiant to perform a man in the middle attack. It's a nice idea in principle but there are several practical issues to deal with.
1: How do you define independent authority. I'm sure there are cases where multiple root certificates are controlled by the same entity. 2: How do you decide what sites it should apply to. One possibility would be to never allow the number of authorities for a site to go down so once a site had been seen with more than 1 3: How do we modify the protocols to support this. 4: How do we convince site operators to adopt this.
Drop routes containing AS numbers assigned to US companies
Three problems with that.
1: Just because the AS number isn't assigned to a US company doesn't mean that the cable route doesn't go through the US. 2: You will most likely loose access to a large part of the internet (and not just the US either) because afaict most providers will only advertise to you their "best" route to a place and in many cases the "best" route will go via the US. 3: Even if you are ok with all of that the return traffic to you could still come via the US.
To minimise the ammount of your traffic that goes through the US you first have to build the routes that don't go via the US (look at an undersea cable map sometime, notice anything about south america?). Then you have to make sure those routes are used in preference.
There have always been multiple root servers but which one you ended up with was semi-random and they all had the same data.
There have also been alternative roots but with a few exceptions they have not been mandated and as such have been little used.
What I think the GP is suggesting is that countries will run their own roots (not controlled by icann) and then force use of those roots within their borders.
Right now most places access the internet by buying capacity on a fiber to the US or western europe (usually whichever is closer) and then buying transit from a teir 1 provider there. They will sometimes peer or buy transit locally if they think it's in their interests to do so but the US and western europe act as the "routes of last resort".
There are various things a country could do to reduce the ammount of thier traffic that goes via the USA.
1: order local providers to keep local traffic within the country (whether by peering or by buying transit from the country's main provider) even if they don't see it as being in their commercial interests to do so. 2: Install direct links to major trading partners and order providers in their country to use those links even if they don't see it as being in their commercial interests to do so.
Yeah, ESRB ratings are fucked up, they upped san andreas to AO over the hot coffee stuff that couldn't be accessed without using hacked saves or cheat devices and yet they game GTA5 a M when as you say it makes hot coffee look tame.
I could see parents getting comfortable with their kids playing M rated games and then end up getting them GTA5 without realising it's much much more graphic. I have mostly enjoyed GTA5 but I'm not convinced a minigame where you give someone electric shocks, waterboard them and rip a tooth out in the name of extracting information really adds much to either the story or the gameplay.
What's beyond me is why AMC, HBO, etc, insist on not taking my money.
AIUI when a TV show is made it is typically made for and owned by a TV network in it's home country (or sometimes for expensive shows several TV networks in different countries). That TV network (or networks) then sells the rights to it to other TV networks arround the world. The first TV network in a given region to buy it pays a premium because it's "new and exclutive". If they sell copies directly to customers in your country then they can no longer sell it to a TV network in your country as "new and exclusive". So while there is clearly a benefit from selling to you directly there is also potentially a cost.
Not saying I support regionisation, just that I understand why it happens.
A possible solution would be to have an entrypoint at the center of the rotation and have an elevator down to the station.
However if you dock material in the center and move it to the main part of the station you will rob angular momentum from the station as a whole. Similarly moving material to the center to move it will add angular momentum to the station as a whole. Also changes in the mass in the main part of the station will move the center of mass and hence the center of rotation.
The wayback machine retroactively applies robots.txt and they don't seem interested in making any exceptions to that policy. Even in cases where the current owner of the domain is not related to the owner of the domain at the time the material was archived.
The archive isn't strictly wiped out but from the perspective of us normal people it may as well have been.
IIRC they even managed to pursude a court that making an exception so that someone could look stuff up for a legal case would be undue hardship and persude the court that they should instead force the site in question to change their robots.txt.
This [dailymail.co.uk] explains why Apple would sign charging cables.
AIUI with the apple stuff you have a "wall wart" power adaptor which has a USB A socket on it. Then an apple cable with a security chip inside which goes from the USB A socket on the wall wart to the lightning connector on the device.
It's the bottom of the barrel wall warts which are dangerous peices of shit, so if you use a non-apple wall wart with an apple cable you would still be at risk and would not be blocked by apples crypto crap while if you used an apple wall-wart with a non-apple cable you would be blocked by apples crypto crap even though you were not at risk (or at least not at anywhere near as much risk as with the dodgy wall-wart).
Most of these sites started small and then gradually grew. When the choice of what DB to use was made there probablly were only one or two people involved. The idea guy and the coder (who may or may not be the same person).
By the time the project becomes big enough for the issues with mysql to become apparent the app has already been built arround that platform. So the company (which has likely grown to more than two people at this point) has to choose between either keeping piling on the hacks to keep things running with mysql or split their resources between porting to a new DB and keeping the lights on in the meantime.
but the most interesting boards rigght now are http://www.zedboard.org/ Two arm cores and na FPGA in the same chip - can run decent Linux (Ubuntu) and X/desktop (xillybus).
Interesting but
1: they are kinda pricey 2: they don't seem interested in the hobbyist market, they offer digilent for academic use with "Proof of student or professor status is required" and avnet for commercial use. While I haven't tried personally I have been told by a friend that avnet refuse point blank to sell to hobbyists.
What puts me off the odriod products is that afaict none of their current products (not even the new exynos5 octa* monster) have SATA. For a board as cheap and low end as the Pi or BBB that is tolerable but at this price/feature point I really don't think it is.
* This is IMO misleading marketing on Samsung's part, the chip does have 8 cores total but AIUI only four are ever used at one time.
If your production volume is high enough to beat $35 then you may as well do a custom design anyway that has exactly the hardware and interfaces you need.
There is a space between "using an existing board is fine for me" and "I want to do a full custom design from scratch to drive the design into the smallest most efficient form for my project and i'm big enough for hardware vendors to take me seriously".
In that middle ground open hardware designs built out of off the shelf parts are useful because they let you take an existing design where most of the hard work has already been done and make the handful of tweaks needed to meet your application.
Also having the design means they if the board is discontinued then providing the chips are still available (which isn't 100% gauranteed but chips tend to have better lifecycle policies than boards) then with an open design made of off the shelf parts you have the option of getting it made it yourself.
The Pi does not cost $25. I own one and that's a laughable claim. For starters I can't find one for $25 equivalent here in the UK, sure Farnell sell them imported but they'll charge you for shipping unless you order over a certain amount. Amazon sell them bare for £30 - or $50.
As a fellow brit who has been buying embedded linux boards for a while I can tell you that the disconnect between nominal price claimed by the creators and what you actually end up paying is far from unique to the PI. Delivery costs, taxes and distributor markups all add up:(.
A raspberry pi model A from CPC* is £20.05 all in. A model B from CPC is £28.07 a minnowboard from Farnell is £162.83 all in. So at real UK prices (including VAT and delivery) so at real UK prices a minnowboard is about 8x the cost of a Pi model A and just under 6x the cost of a Pi model B.
Accessories do drive up the total cost if you can't scrounge them up from the junk box. Again not unique to the Pi though the Pi's low price does make it more noticable.
* CPC have been handling this Pi thing MUCH better than their parent company Farnell who have been pushing consumer Pi buyers to a crappy microsite.
IIRC (and this is off the top of my head, may be wrong) it has two but only one is accessible on the GPIO header. To get at the other as a plain PWM signal you would have to hack the audio circuit. Hacking the audio circuit is likely to be a pain due to the fact that some of the components you would need to swap are "in the shadow" of the audio connctor and would hence be difficult to replace.
Having a fully featured linux distro on there by default is an advantage IMO. You can (and I do) put debian on other arm boards but then you can start to feel cut of from the communities surrounding those boards.
OTOH it's sad that raspbian needs to exist (and I say this as it's main developer). It needs to exist because the Pi ended up on a CPU core that is basically one step below what all the major hard float distros had chosen to settle on.
8 "buffered GPIO pins" on a nice pin header plus various interfaces including some more GPIO on a nasty expansion connector (one of those white fine pitch surface mount things).
Anyone know how the processor on this thing compares to say a quad coretex A9 (as is commonly seen on arm boards in this price range)?
The same can be said of many linux distros, if you can get your hands on the signing key for one or more of the repositories and you can mess with a user's internet connection you can deliver them modified updates.
For example here is the interesting part (beginning and end trimmed) of an IPv6 trace from bytemark in the UK to aarnet in australia.
4 2001:41c8:0:82::2 (2001:41c8:0:82::2) 7.47 ms 10.455 ms 7.532 ms
5 lonap.he.net (2001:7f8:17::1b1b:1) 12.043 ms 9.53 ms 6.971 ms
6 10gigabitethernet10-4.core1.nyc4.he.net (2001:470:0:128::1) 86.687 ms 77.236 ms 75.476 ms
7 100gigabitethernet7-2.core1.chi1.he.net (2001:470:0:298::1) 102.278 ms 104.13 ms 99.9 ms
8 100gigabitethernet13-1.core1.msp1.he.net (2001:470:0:18e::2) 100.84 ms 102.275 ms 100.756 ms
9 100gigabitethernet9-1.core1.sea1.he.net (2001:470:0:2a0::1) 137.472 ms 132.871 ms 132.908 ms 10 * * * 11 ge-6-1-0.bb1.a.syd.aarnet.net.au (2001:388:1:26::1) 289.227 ms 289.256 ms 289.065 ms
Java applets have had a couple of issues over the years.
In the early days the problem was incompatible variants. MS had their own JVM which was in very widespread use and only supported a very old version of java.
More recently the problem has been that the security design just isn't standing up to the threat level on the modern internet. For "untrusted" applets Java was designed arround the idea of designing a full-featured API and then trying to lock it down to run untrusted code (usually but not always in the context of running applets) but cracks in that lockdown have appeared repeately. For "trusted" applets users don't take the security warning that pops up before running them anywhere near seriously enough.
Still for many years java applets were the best way of achiving some things. Java applets allow you to do things like VNC clients, IRC clients and so-on without having to have a resources hungry "translation server".
It would make "sense" for a country to do this if their priority in immigration policy is to make life easier for their citizens when they go abroad and they actually believe it will have an impact on foreign policy makers. Do you honestly thing that brazil's approach to the US will change US immigration policy towards brazillians? do you think attempting to change it is worth reducing the number of americans who choose brazil as their holiday destination?
In general poor countries want tourists from rich countries. They bring lots of valuable "rich country money" with them and unlikely to stay (why would they when they have a rich country to go to) and work illegally in competition with the locals.
On the other hand rich countries don't especially want tourists from poor countries at least not without checking they are rich first since they won't bring much money and there is a real risk of them staying and working illegally.
Afaict most of the major backbone operators and hosting providers have IPv6 available. It's the access providers who are dragging their heels and that doesn't really affect whether international IPv6 traffic goes through the US or not.
Slashdot Mirror
Hell, the wife is of the opinion it's cheaper to throw out the printer instead of getting a new toner cartridge, since the cartridge often costs what the printer did and the printer comes with one. :-P
Is she aware that new printers often come with "starter" cartridges that have less toner in them than the "standard" cartridge does.
I disagree. Yes there is a risk that you will end up talking to a man in the middle if you use encryption without authentication. However
1: The attacker does not know if you are performing authentication on a given connection or not. Therefore by attempting to MITM your connections he risks being noticed.
2: MITM is a lot more effort than passive sniffing.
Do you even know how PKI works?
Currently PKI works by having a large number of certification authorities (both roots installed in the browser and intermediates with delegated authority from those roots) any one of which can issue a certificate that will be trusted by the browser to identify a site. So if any one of those certification authorities is compromised by an attacker then the attacker can obtain a certificate with which they can MITM traffic to your site without generating any warnings.
AIUI What the GP is proposing is that multiple independent authorities would need to vouch for a "high security" site so that one compromised certification authority would not be sufficiant to perform a man in the middle attack. It's a nice idea in principle but there are several practical issues to deal with.
1: How do you define independent authority. I'm sure there are cases where multiple root certificates are controlled by the same entity.
2: How do you decide what sites it should apply to. One possibility would be to never allow the number of authorities for a site to go down so once a site had been seen with more than 1
3: How do we modify the protocols to support this.
4: How do we convince site operators to adopt this.
Drop routes containing AS numbers assigned to US companies
Three problems with that.
1: Just because the AS number isn't assigned to a US company doesn't mean that the cable route doesn't go through the US.
2: You will most likely loose access to a large part of the internet (and not just the US either) because afaict most providers will only advertise to you their "best" route to a place and in many cases the "best" route will go via the US.
3: Even if you are ok with all of that the return traffic to you could still come via the US.
To minimise the ammount of your traffic that goes through the US you first have to build the routes that don't go via the US (look at an undersea cable map sometime, notice anything about south america?). Then you have to make sure those routes are used in preference.
There have always been multiple root servers but which one you ended up with was semi-random and they all had the same data.
There have also been alternative roots but with a few exceptions they have not been mandated and as such have been little used.
What I think the GP is suggesting is that countries will run their own roots (not controlled by icann) and then force use of those roots within their borders.
Right now most places access the internet by buying capacity on a fiber to the US or western europe (usually whichever is closer) and then buying transit from a teir 1 provider there. They will sometimes peer or buy transit locally if they think it's in their interests to do so but the US and western europe act as the "routes of last resort".
There are various things a country could do to reduce the ammount of thier traffic that goes via the USA.
1: order local providers to keep local traffic within the country (whether by peering or by buying transit from the country's main provider) even if they don't see it as being in their commercial interests to do so.
2: Install direct links to major trading partners and order providers in their country to use those links even if they don't see it as being in their commercial interests to do so.
Yeah, ESRB ratings are fucked up, they upped san andreas to AO over the hot coffee stuff that couldn't be accessed without using hacked saves or cheat devices and yet they game GTA5 a M when as you say it makes hot coffee look tame.
I could see parents getting comfortable with their kids playing M rated games and then end up getting them GTA5 without realising it's much much more graphic. I have mostly enjoyed GTA5 but I'm not convinced a minigame where you give someone electric shocks, waterboard them and rip a tooth out in the name of extracting information really adds much to either the story or the gameplay.
What's beyond me is why AMC, HBO, etc, insist on not taking my money.
AIUI when a TV show is made it is typically made for and owned by a TV network in it's home country (or sometimes for expensive shows several TV networks in different countries). That TV network (or networks) then sells the rights to it to other TV networks arround the world. The first TV network in a given region to buy it pays a premium because it's "new and exclutive". If they sell copies directly to customers in your country then they can no longer sell it to a TV network in your country as "new and exclusive". So while there is clearly a benefit from selling to you directly there is also potentially a cost.
Not saying I support regionisation, just that I understand why it happens.
A possible solution would be to have an entrypoint at the center of the rotation and have an elevator down to the station.
However if you dock material in the center and move it to the main part of the station you will rob angular momentum from the station as a whole. Similarly moving material to the center to move it will add angular momentum to the station as a whole. Also changes in the mass in the main part of the station will move the center of mass and hence the center of rotation.
The wayback machine retroactively applies robots.txt and they don't seem interested in making any exceptions to that policy. Even in cases where the current owner of the domain is not related to the owner of the domain at the time the material was archived.
The archive isn't strictly wiped out but from the perspective of us normal people it may as well have been.
IIRC they even managed to pursude a court that making an exception so that someone could look stuff up for a legal case would be undue hardship and persude the court that they should instead force the site in question to change their robots.txt.
This [dailymail.co.uk] explains why Apple would sign charging cables.
AIUI with the apple stuff you have a "wall wart" power adaptor which has a USB A socket on it. Then an apple cable with a security chip inside which goes from the USB A socket on the wall wart to the lightning connector on the device.
It's the bottom of the barrel wall warts which are dangerous peices of shit, so if you use a non-apple wall wart with an apple cable you would still be at risk and would not be blocked by apples crypto crap while if you used an apple wall-wart with a non-apple cable you would be blocked by apples crypto crap even though you were not at risk (or at least not at anywhere near as much risk as with the dodgy wall-wart).
Most of these sites started small and then gradually grew. When the choice of what DB to use was made there probablly were only one or two people involved. The idea guy and the coder (who may or may not be the same person).
By the time the project becomes big enough for the issues with mysql to become apparent the app has already been built arround that platform. So the company (which has likely grown to more than two people at this point) has to choose between either keeping piling on the hacks to keep things running with mysql or split their resources between porting to a new DB and keeping the lights on in the meantime.
Or they simply see it as a contraction of xbox one and don't even notice that it could be read as "x bone"
but the most interesting boards rigght now are http://www.zedboard.org/
Two arm cores and na FPGA in the same chip - can run decent Linux (Ubuntu) and X/desktop (xillybus).
Interesting but
1: they are kinda pricey
2: they don't seem interested in the hobbyist market, they offer digilent for academic use with "Proof of student or professor status is required" and avnet for commercial use. While I haven't tried personally I have been told by a friend that avnet refuse point blank to sell to hobbyists.
What puts me off the odriod products is that afaict none of their current products (not even the new exynos5 octa* monster) have SATA. For a board as cheap and low end as the Pi or BBB that is tolerable but at this price/feature point I really don't think it is.
* This is IMO misleading marketing on Samsung's part, the chip does have 8 cores total but AIUI only four are ever used at one time.
If your production volume is high enough to beat $35 then you may as well do a custom design anyway that has exactly the hardware and interfaces you need.
There is a space between "using an existing board is fine for me" and "I want to do a full custom design from scratch to drive the design into the smallest most efficient form for my project and i'm big enough for hardware vendors to take me seriously".
In that middle ground open hardware designs built out of off the shelf parts are useful because they let you take an existing design where most of the hard work has already been done and make the handful of tweaks needed to meet your application.
Also having the design means they if the board is discontinued then providing the chips are still available (which isn't 100% gauranteed but chips tend to have better lifecycle policies than boards) then with an open design made of off the shelf parts you have the option of getting it made it yourself.
The Pi does not cost $25. I own one and that's a laughable claim. For starters I can't find one for $25 equivalent here in the UK, sure Farnell sell them imported but they'll charge you for shipping unless you order over a certain amount. Amazon sell them bare for £30 - or $50.
As a fellow brit who has been buying embedded linux boards for a while I can tell you that the disconnect between nominal price claimed by the creators and what you actually end up paying is far from unique to the PI. Delivery costs, taxes and distributor markups all add up :(.
A raspberry pi model A from CPC* is £20.05 all in. A model B from CPC is £28.07 a minnowboard from Farnell is £162.83 all in. So at real UK prices (including VAT and delivery) so at real UK prices a minnowboard is about 8x the cost of a Pi model A and just under 6x the cost of a Pi model B.
Accessories do drive up the total cost if you can't scrounge them up from the junk box. Again not unique to the Pi though the Pi's low price does make it more noticable.
* CPC have been handling this Pi thing MUCH better than their parent company Farnell who have been pushing consumer Pi buyers to a crappy microsite.
wait, it has two, doesn't it?
IIRC (and this is off the top of my head, may be wrong) it has two but only one is accessible on the GPIO header. To get at the other as a plain PWM signal you would have to hack the audio circuit. Hacking the audio circuit is likely to be a pain due to the fact that some of the components you would need to swap are "in the shadow" of the audio connctor and would hence be difficult to replace.
Raspbian is also a great advantage of the Pi.
Having a fully featured linux distro on there by default is an advantage IMO. You can (and I do) put debian on other arm boards but then you can start to feel cut of from the communities surrounding those boards.
OTOH it's sad that raspbian needs to exist (and I say this as it's main developer). It needs to exist because the Pi ended up on a CPU core that is basically one step below what all the major hard float distros had chosen to settle on.
and check this out, 8 gpio pins.
8 "buffered GPIO pins" on a nice pin header plus various interfaces including some more GPIO on a nasty expansion connector (one of those white fine pitch surface mount things).
Anyone know how the processor on this thing compares to say a quad coretex A9 (as is commonly seen on arm boards in this price range)?
The same can be said of many linux distros, if you can get your hands on the signing key for one or more of the repositories and you can mess with a user's internet connection you can deliver them modified updates.
For example here is the interesting part (beginning and end trimmed) of an IPv6 trace from bytemark in the UK to aarnet in australia.
4 2001:41c8:0:82::2 (2001:41c8:0:82::2) 7.47 ms 10.455 ms 7.532 ms
5 lonap.he.net (2001:7f8:17::1b1b:1) 12.043 ms 9.53 ms 6.971 ms
6 10gigabitethernet10-4.core1.nyc4.he.net (2001:470:0:128::1) 86.687 ms 77.236 ms 75.476 ms
7 100gigabitethernet7-2.core1.chi1.he.net (2001:470:0:298::1) 102.278 ms 104.13 ms 99.9 ms
8 100gigabitethernet13-1.core1.msp1.he.net (2001:470:0:18e::2) 100.84 ms 102.275 ms 100.756 ms
9 100gigabitethernet9-1.core1.sea1.he.net (2001:470:0:2a0::1) 137.472 ms 132.871 ms 132.908 ms
10 * * *
11 ge-6-1-0.bb1.a.syd.aarnet.net.au (2001:388:1:26::1) 289.227 ms 289.256 ms 289.065 ms
Java applets have had a couple of issues over the years.
In the early days the problem was incompatible variants. MS had their own JVM which was in very widespread use and only supported a very old version of java.
More recently the problem has been that the security design just isn't standing up to the threat level on the modern internet. For "untrusted" applets Java was designed arround the idea of designing a full-featured API and then trying to lock it down to run untrusted code (usually but not always in the context of running applets) but cracks in that lockdown have appeared repeately. For "trusted" applets users don't take the security warning that pops up before running them anywhere near seriously enough.
Still for many years java applets were the best way of achiving some things. Java applets allow you to do things like VNC clients, IRC clients and so-on without having to have a resources hungry "translation server".
It makes perfect sense to do it that way.
It would make "sense" for a country to do this if their priority in immigration policy is to make life easier for their citizens when they go abroad and they actually believe it will have an impact on foreign policy makers. Do you honestly thing that brazil's approach to the US will change US immigration policy towards brazillians? do you think attempting to change it is worth reducing the number of americans who choose brazil as their holiday destination?
In general poor countries want tourists from rich countries. They bring lots of valuable "rich country money" with them and unlikely to stay (why would they when they have a rich country to go to) and work illegally in competition with the locals.
On the other hand rich countries don't especially want tourists from poor countries at least not without checking they are rich first since they won't bring much money and there is a real risk of them staying and working illegally.
Afaict most of the major backbone operators and hosting providers have IPv6 available. It's the access providers who are dragging their heels and that doesn't really affect whether international IPv6 traffic goes through the US or not.