Hoarding the addresses wasn't against any rules because when those addresses were allocated the rules didn't exist and the rules were not applied retroactively to existing allocations only to new allocations made under the new rules.
Selling the addresses might have been against rules in the past (the legal status of early allocations was never very clear) but nowadays the three biggest RIRs are open to the idea of selling IP addresses subject to some conditions. Presumably MIT came to a deal with ARIN to allow this split/sale.
The market approach to handling IP addresses is probably the least bad option at this point. As the price rises people will re-evaluate what services truly need a public IPv4 address and what services can make do with a more economical option.
IPv6 is fundamentally not very different from IPv4. Yes there were a load of half-baked ideas from the IPv6 proponents but you don't have to use them. If you want you can use DHCPv6 in stateful mode and even use NAT66 to run IPv6 in almost exactly the same way you run IPv4. Yes there are issues with features such as port security on switches but that is because port security is in itself a hack and therefore needs to be updated for IPv6.
Running dual-stack however is a massive PITA. Basically it means you have to set everything up twice and every machine has two identities. Introducing yet another new protocol to the mess isn't going to help anything.
I think we are set up for a long and painful period where some networks are dual stack, some are v6 only, some are v4 only and the v6-only networks talk to the v4-only networks through various types of transition mechanisms.
The thing is the IANA (and by extension the RIRs) only have power because the cabel of backbone operations (at least one of which owns a couple of/8 blocks) say they do. Attempting to forciblly reclaim addresses like you propose could well cause major backbone operators to tell IANA to go fuck themselves. Having different providers disagree on who is the rightful owner of addresses is not good for anyone.
Yes a market based approach means a few early adopters got a moderately large chunk of money for doing very little but it also means that "hoarded" addresses get brought into service without the use of force that could smash the Internet to peices.
Because in the early days the Internet had an 8 bit network field and a 24 bit host field. So every network got what was later called a "class A" and even later called a "/8".
Some of those allocations were reclaimed when networks shut down, but MIT kept a network running continuously, so they were able to keep their allocation.
The legal status of legacy allocations has never been especially clear. They were allocated before the RIRs even existed and long before anyone thought IP addreses would have any value.
In any case after arguing about it for years most of the major RIRs (ARIN, RIPE and APNIC) have allowed sale of IP addresses subject to some conditions. They have concluded that making IPv4 addresses a marketable commodity is the least-bad way to manage the post-exhaustion era.
I guess that MIT probablly cut a deal with ARIN allowing them to carve up the block into smaller sub-blocks (allowing them to sell the unused sub-blocks while keeping the used ones) in exchange for agreeing to ARIN taking a role in the address space's management.
It seems K-cups are about $15 for a pack of 24 which works out to $0.625 each. That is expensive compared to a bulk coffee maker sure, but it's cheap enough to be acceptable to many middle class people, it's almost certainly cheaper than grabbing a drink from a takeaway/cafe.
Juicero packs are about $7 each, an order of magnitude more. That is going to be enough to put a lot of people off.
The Direct Debit system doesn't need to be secure, because the liability is entirely with the bank. If there is a dispute, they are required to immediately reverse the withdrawal from your account.
Even if the fraud is quickly reversed (apparently whatever the legal requirements say some banks are quite reluctant to reverse direct debits) it's still a big hassle to deal with and that is assuming it gets noticed it in the first place.
So as long as the details needed to set up a direct debit are pretty much the same as the details needed to make a deposit I'm going to be selective about who gets to see said details. That creates a market for services like paypal where all someone needs to know to send me money is my email address.
it's also relatively unlikely that they'll pass the vetting required to be permitted to initiate DD transactions
Afaict just like with card fraud the thief doesn't normally steal your money directly. They use your money to buy goods/services (e.g. mobile phones on contract) which they can then fence.
Sadly at least in the UK forcing banks to replace the fundamentally insecure direct debit system with something that is actually secure is not something we customers can do.
Encrypting client connection data gives little more than a false sense of security. If the client needs to automatically log in then it needs to be able to automatically decrypt the creditials. If the server can do that then most likely so can the sysadmin.
Accounts used for automatic authentication should have their credentials rotated frequently and the minimum privilages practical to do their job. Unfortunately that is a PITA to do so people often don't:/
And Debian itself changed too, at the time Ubuntu was introduced Debian was stuck in it's longest release cycle ever at possibly the worst possible time. A time when auto configuration was starting to mature. A time when SATA had just been introduced.
But a few years later the world had changed. Debian got onto a stable release schedule of just-under two years . New hardware was much less of an issue due to consolidation in the chipset/graphics markets and the move from add-on SATA controllers that used chipset-specific drivers to SATA ports integrated in the chipset and supported through either IDE emulation or AHCI.
"BREAKING news: Payload fairing LANDED SUCCESSFULLY. Fairing has thruster systems and steerable parachute. Was just shown pic of intact fairing floating in ocean."
There are two ways a game can respond to screen resoloution changes. One is to keep the view the same but draw it in more detail. That works pretty well for realtime-rended 3D games but for 2D tile based games like starcraft it would mean having extra copies of all the artwork or using ugly scaling.
The other is to give players with higher resolution screens more stuff on-screen at once (like how most desktop environments worked). The difficult thing with that is especially in a combat-focussed game seeing more at once gives you an obvious advantage.
Or they can just choose to design for a fixed resolution. Starcraft was fixed 640x480.
Portal itself was a great little game but afaict it didn't try to be a standalone "AAA" title. It was an "extra" bundled in as part of the orange box. It was relatively short, had little in the way of graphics (indoor pristine test chambers are real simple from a graphics perspective), little in the way of story,
It was only four years later after the original had proven itself that they released the sequel which extended the concept into a much larger and more varied game.
The problem AIUI is that you won't see the overreading with a simple resistive test load hooked up. Only when you start shoving a heap of harmonics down the line.
On skylake you already need either a PS2 keyboard or a modified windows DVD to install win7 because intel changed how the USB controller worked. The new controller needs XHCI drivers to work at all (while the old controller only needed them to get USB3 speeds).
Once there is self driving cars, the taxis will be as cheap as private cars on per mile basis when averaged over entire year.
I have my doubts.
Firstly there is the question of how much the self-driving equipment will cost, both initially and in maintiance. My feeling is that to make self-driving cars safe will require a far more rigourous approach to maintiance than cars get today.
Secondly people respect their own stuff more than they respect other people's stuff and tolerate thier own filth better than they tolerate other people's filth. So I would expext taxis even self driving ones to need more cleaning and interior maintaince than owned cars.
Thirdly the taxis even if self-driving will have to clock up significant empty milage getting from one job to the next.
Fourthly the lifetime of a car is limited by miles as well as years.
I think there is likely to be a transition but I expect it to be a slow one. People who already own and drive cars will continue to do so but people who don't currentlyhave a driving license will be less likely to go out and get a license and car. At least where I live starting to drive is considerablly more expensive then continuing to drive.
As far as I can tell, this is a non-cryptographic use of hashing.
Git uses sha1 hashes to identify everything.
A (possiblly signed) tag references a commit by hash A commit references a tree by hash A tree references a list of files and subtrees by hash
If a commit you fetch references hashes you already have the files for in your local git tree they will not be re-fetched, the existing ones will simply be used.
The whole point of git is to be distributed, so it should be safe to fetch commits from untrusted sources, inspect them and throw them away without worrying that they will change the meaning of commits you later fetch from trusted sources. It should be safe to download commits over an insecure connection and then verify the commit hash (either by a signed tag or by checking out of band) to ensure that the commit hasn't been tampered with.
The latter part of linus's mail is quite a well-reasoned argument as to why the current attack on SHA1 isn't too big a deal for source code repositories.
If a "distinct chosen prefix" collision attack shows up then the risk gets much higher. For MD5 it took about 2 years to go from a basic collision attack to a distinct chosen prefix one.
googling " const int one = 65536" turns up some C sharp graphics code as the first result, c sharp has a 32-bit int so it's not an overflow.
It looks to me like the constant is being used to implement 16.16 fixed point maths inside a 32-bit int. One of those things that makes you go wtf at first but makes perfect sense when you understand it in context.
The absoloute value of one "coin" is not a useful comparision. It doesn't really matter whether you have lots of "coins" with a low value per coin or fewer with a higher value per coin.
More interesting as a measure of the relative importance of cryptocurrencies is the "market cap". The value per coin times the number of coins in circulation.
By that measure dogecoin's significance is about 0.1% of bitcoin's
Slashdot Mirror
Hoarding the addresses wasn't against any rules because when those addresses were allocated the rules didn't exist and the rules were not applied retroactively to existing allocations only to new allocations made under the new rules.
Selling the addresses might have been against rules in the past (the legal status of early allocations was never very clear) but nowadays the three biggest RIRs are open to the idea of selling IP addresses subject to some conditions. Presumably MIT came to a deal with ARIN to allow this split/sale.
The market approach to handling IP addresses is probably the least bad option at this point. As the price rises people will re-evaluate what services truly need a public IPv4 address and what services can make do with a more economical option.
To put that in perspective HPs market cap is about 30 Billion dollars.
IPv6 is fundamentally not very different from IPv4. Yes there were a load of half-baked ideas from the IPv6 proponents but you don't have to use them. If you want you can use DHCPv6 in stateful mode and even use NAT66 to run IPv6 in almost exactly the same way you run IPv4. Yes there are issues with features such as port security on switches but that is because port security is in itself a hack and therefore needs to be updated for IPv6.
Running dual-stack however is a massive PITA. Basically it means you have to set everything up twice and every machine has two identities. Introducing yet another new protocol to the mess isn't going to help anything.
I think we are set up for a long and painful period where some networks are dual stack, some are v6 only, some are v4 only and the v6-only networks talk to the v4-only networks through various types of transition mechanisms.
The thing is the IANA (and by extension the RIRs) only have power because the cabel of backbone operations (at least one of which owns a couple of /8 blocks) say they do. Attempting to forciblly reclaim addresses like you propose could well cause major backbone operators to tell IANA to go fuck themselves. Having different providers disagree on who is the rightful owner of addresses is not good for anyone.
Yes a market based approach means a few early adopters got a moderately large chunk of money for doing very little but it also means that "hoarded" addresses get brought into service without the use of force that could smash the Internet to peices.
Because in the early days the Internet had an 8 bit network field and a 24 bit host field. So every network got what was later called a "class A" and even later called a "/8".
Some of those allocations were reclaimed when networks shut down, but MIT kept a network running continuously, so they were able to keep their allocation.
The legal status of legacy allocations has never been especially clear. They were allocated before the RIRs even existed and long before anyone thought IP addreses would have any value.
In any case after arguing about it for years most of the major RIRs (ARIN, RIPE and APNIC) have allowed sale of IP addresses subject to some conditions. They have concluded that making IPv4 addresses a marketable commodity is the least-bad way to manage the post-exhaustion era.
I guess that MIT probablly cut a deal with ARIN allowing them to carve up the block into smaller sub-blocks (allowing them to sell the unused sub-blocks while keeping the used ones) in exchange for agreeing to ARIN taking a role in the address space's management.
It seems K-cups are about $15 for a pack of 24 which works out to $0.625 each. That is expensive compared to a bulk coffee maker sure, but it's cheap enough to be acceptable to many middle class people, it's almost certainly cheaper than grabbing a drink from a takeaway/cafe.
Juicero packs are about $7 each, an order of magnitude more. That is going to be enough to put a lot of people off.
http://www.keurig.com/beverage...
https://www.juicero.com/the-pa...
The Direct Debit system doesn't need to be secure, because the liability is entirely with the bank. If there is a dispute, they are required to immediately reverse the withdrawal from your account.
Even if the fraud is quickly reversed (apparently whatever the legal requirements say some banks are quite reluctant to reverse direct debits) it's still a big hassle to deal with and that is assuming it gets noticed it in the first place.
So as long as the details needed to set up a direct debit are pretty much the same as the details needed to make a deposit I'm going to be selective about who gets to see said details. That creates a market for services like paypal where all someone needs to know to send me money is my email address.
it's also relatively unlikely that they'll pass the vetting required to be permitted to initiate DD transactions
Afaict just like with card fraud the thief doesn't normally steal your money directly. They use your money to buy goods/services (e.g. mobile phones on contract) which they can then fence.
The Dreamliner's batteries continue to pose a problem,
Do you have a source for that claim? They were an issue a few years back but i'm not seeing anything recent.
Sadly at least in the UK forcing banks to replace the fundamentally insecure direct debit system with something that is actually secure is not something we customers can do.
Encrypting client connection data gives little more than a false sense of security. If the client needs to automatically log in then it needs to be able to automatically decrypt the creditials. If the server can do that then most likely so can the sysadmin.
Accounts used for automatic authentication should have their credentials rotated frequently and the minimum privilages practical to do their job. Unfortunately that is a PITA to do so people often don't :/
And Debian itself changed too, at the time Ubuntu was introduced Debian was stuck in it's longest release cycle ever at possibly the worst possible time. A time when auto configuration was starting to mature. A time when SATA had just been introduced.
But a few years later the world had changed. Debian got onto a stable release schedule of just-under two years . New hardware was much less of an issue due to consolidation in the chipset/graphics markets and the move from add-on SATA controllers that used chipset-specific drivers to SATA ports integrated in the chipset and supported through either IDE emulation or AHCI.
Because if you lie and the lie ever gets found out it gives them an easy excuse to fire you.
http://forum.nasaspaceflight.c...
"BREAKING news: Payload fairing LANDED SUCCESSFULLY. Fairing has thruster systems and steerable parachute. Was just shown pic of intact fairing floating in ocean."
Anywhere you care about being able to answer the question "what was on branch x on date y".
There are two ways a game can respond to screen resoloution changes. One is to keep the view the same but draw it in more detail. That works pretty well for realtime-rended 3D games but for 2D tile based games like starcraft it would mean having extra copies of all the artwork or using ugly scaling.
The other is to give players with higher resolution screens more stuff on-screen at once (like how most desktop environments worked). The difficult thing with that is especially in a combat-focussed game seeing more at once gives you an obvious advantage.
Or they can just choose to design for a fixed resolution. Starcraft was fixed 640x480.
Portal itself was a great little game but afaict it didn't try to be a standalone "AAA" title. It was an "extra" bundled in as part of the orange box. It was relatively short, had little in the way of graphics (indoor pristine test chambers are real simple from a graphics perspective), little in the way of story,
It was only four years later after the original had proven itself that they released the sequel which extended the concept into a much larger and more varied game.
The problem AIUI is that you won't see the overreading with a simple resistive test load hooked up. Only when you start shoving a heap of harmonics down the line.
On skylake you already need either a PS2 keyboard or a modified windows DVD to install win7 because intel changed how the USB controller worked. The new controller needs XHCI drivers to work at all (while the old controller only needed them to get USB3 speeds).
You are behind the times, ICQ and AIM were merged and then split again and ICQ was sold off.
Once there is self driving cars, the taxis will be as cheap as private cars on per mile basis when averaged over entire year.
I have my doubts.
Firstly there is the question of how much the self-driving equipment will cost, both initially and in maintiance. My feeling is that to make self-driving cars safe will require a far more rigourous approach to maintiance than cars get today.
Secondly people respect their own stuff more than they respect other people's stuff and tolerate thier own filth better than they tolerate other people's filth. So I would expext taxis even self driving ones to need more cleaning and interior maintaince than owned cars.
Thirdly the taxis even if self-driving will have to clock up significant empty milage getting from one job to the next.
Fourthly the lifetime of a car is limited by miles as well as years.
I think there is likely to be a transition but I expect it to be a slow one. People who already own and drive cars will continue to do so but people who don't currentlyhave a driving license will be less likely to go out and get a license and car. At least where I live starting to drive is considerablly more expensive then continuing to drive.
As far as I can tell, this is a non-cryptographic use of hashing.
Git uses sha1 hashes to identify everything.
A (possiblly signed) tag references a commit by hash
A commit references a tree by hash
A tree references a list of files and subtrees by hash
If a commit you fetch references hashes you already have the files for in your local git tree they will not be re-fetched, the existing ones will simply be used.
The whole point of git is to be distributed, so it should be safe to fetch commits from untrusted sources, inspect them and throw them away without worrying that they will change the meaning of commits you later fetch from trusted sources. It should be safe to download commits over an insecure connection and then verify the commit hash (either by a signed tag or by checking out of band) to ensure that the commit hasn't been tampered with.
The latter part of linus's mail is quite a well-reasoned argument as to why the current attack on SHA1 isn't too big a deal for source code repositories.
If a "distinct chosen prefix" collision attack shows up then the risk gets much higher. For MD5 it took about 2 years to go from a basic collision attack to a distinct chosen prefix one.
AIUI Declawing cats is common practice in some countries (the USA in particular) and is a highly controversial subject.
googling " const int one = 65536" turns up some C sharp graphics code as the first result, c sharp has a 32-bit int so it's not an overflow.
It looks to me like the constant is being used to implement 16.16 fixed point maths inside a 32-bit int. One of those things that makes you go wtf at first but makes perfect sense when you understand it in context.
The absoloute value of one "coin" is not a useful comparision. It doesn't really matter whether you have lots of "coins" with a low value per coin or fewer with a higher value per coin.
More interesting as a measure of the relative importance of cryptocurrencies is the "market cap". The value per coin times the number of coins in circulation.
By that measure dogecoin's significance is about 0.1% of bitcoin's
http://coinmarketcap.com/