If you are in the UK, the packages declared value* is over £15 (£30 for gifts) and the package doesn't slip through (some packages don't seem to get assessed for VAT even though they should be) you will get charged the VAT (normally 20). If it's above some higher value then you may also have to pay customs duty. You will also have to pay a fee for collecting those charges. With the post office this is arround £10, with courior services it can be much higher.
* Sellers in some countries habbitually lie on customs forms.
iOS, Android, Linux (Gnome/KDE), OS X and Windows 8 are now somewhat capable of running the ARM ISA.
However MS has decided that only a gimped version of windows 8 will be available on arm. Anyone who needs a fully functional windows system will still need x86 until/unless MS decidedes to change that. Much the same applies to apple, while iOS has some technical stuff in common with OSX it's functionality is serverely gimped in comparison. Further even if ungimped arm versions of major desktop operating systems were released some form of binary translation would be needed to support existing apps.
AMD should stop developing new x86 microprocessors, and keep making the current ones for a very long time.
Would you really buy an oly technology CPU from AMD when you could buy a newer technology one from Intel with comparable performance at a tiny fraction of the power consumption?
The point of a domain name is it should resolve correctly from on any computer on the internet. A domain that most users can't resolve is pretty much worthless.
Secure boot is only meaningful if the kernel refuses to load untrusted drivers and the signing keys needed to mark code as trusted are kept off the machine you are trying to protect.
A secure boot setup where the owner is in control is potentially useful for high security setups but also a massive PITA (to get any significant benefit you really need a dedicated machine to act as a signing box). A secure boot setup where someone else is in control of the keys means effectively giving up control of your computer.
mmm, I tend to view microsofts actions in the arm market as indicative of what they would do in the x86 market if they thought they could get away with it.
I don't think the speed of light is that big a problem. Light in fiber travels at about 200 kilometers per millisecond. That means for every 100 kilometers of fiber you add about millisecond to the round trip time. With a base in each major city it should be pretty easy to keep the contribution to the round trip time caused by distance below 10ms or so.
Bigger issues IMO are connections that sacrifice latency to get better efficiency (e.g. interleaving on DSL), congestion and the delays inherent in compressing the video down to a level that will pass through the average consumer internet connection. Hopefully as faster links are deployed and old copper is phased out these should become less of an issue.
I think it was best if a customer was within 50 miles of a data center.
I'd think it would be more about internet connection type than distance.
50 miles of fiber should add less than a millisecond to ping time. One ADSL hop with interleaving enabled to make up for a poor quality line or one congested router can easilly add many times that.
There was a flood in thailand, this meant supplies of hard drives were massively reduced. Stockists of hard drives were left with three choices.
1: Crank up the price until demand came down to meet supply 2: Put restrictions in place to stop one customer buying too many, possiblly in combination with smaller price increases. 3: Do nothing
Whichever choice is taken some customers will be pissed off. Choice 1 is likely to be the most profitable if only hard drive profits are looked at. However if people consider hard drive prices unreasonable they may decide to hold off on their computer build/upgrade and hence hold off on buying other parts too. They may also feel bad about the supplier in general causing them to take unrelated buisness elsewhere.
Choice 3 means they won't have any hard drives to sell pretty quickly which will piss off customers who really needed a hard drive right now and will also make it very difficult to sell any other computer components.
There we floods in thailand which significantly reduced the supply of hard drives. Some vendors responded to this by imposing buying restrictions, some imposed caps on the number of drives that could be bought. Many did both.
You would think that vendors would try and get as much money as they can for their stock and to an extent that is true. However for something like hard drives the picture is more complicated. If someone can't buy a hard drive at a price they consider reasonable they won't buy the rest of the bits to build a PC either.
The TCP/IP stack and other OS libraries not getting security updates is certainly a concern. However IMO for a machine behind an "outgoing connections only" firewall/NAT and running client software that makes little use of OS facilities (for example firefox uses it's own SSL library, not the windows one) it is a relatively minor concern. Lack of security updates to client apps that deal with untrused data is a FAR bigger concern IMO.
The main thing I remember about internet explorer for the mac is that it translates edit box text to macroman (or presumablly another legacy mac encoding on systems set up for dffierent languages) before letting the user edit it and then translates it back. This was a MAJOR pain for any website that lets users edit existing unicode text.
There are two similar but slightly different classificaion systems, the old system (still used in the US) uses roman numerals for the classes while the new system uses arabic numerals. Basically class 1 is no risk of damage, class 2 is very little risk of damage. Class 3R (roughly equivilent to IIIA) is a bit more hazardous, class 3b worse still and class IV you don't even want to look at difuse reflections of it.
Most laser pointers are class II but some of the powerful ones are class 3B.
Note that if a laser beam is totally enclosed with interlocks to prevent accidental release the class of the laser system can be lower than the class of the laser contained within. This is the case with things like CD/DVD burners and laser printers. The laser is class 3B but the system as a whole is class 1.
What happens to staff when a franchise is taken over anyway? I would think the low level staff and probablly their immediate bosses must be kept arround as to do otherwise would just cause chaos but how high up the tree does it go?
The GPs post is an anecdote just like the reports from many developers on the internet. Worse he doesn't even really describe his usge scenario. He doesn't give any information on how many servers he is talking about, or how often he "rebuilds world" and what else the servers do
That aside though the impression I get is the quality of the controller is a key factor. Ideally a controller would spread the writes evenly arround the flash while minimising write amplification and avoiding screwing things up itself, even in the event of sudden power loss during a remapping operation. However that is a complex buisness and i'm convinced not all SSD vendors get it right. I notice that the GP is using intel SSDs which have a reputation for being among the most reliable.
2.5 inch and 3.5 inch SATA drives use the same power and data connectors as do full-sized sata optical drives. 1.8 inch drives and slimline optical drives use different connectors IIRC.
This was the problem Raspberry Pi had for their first production batches anyway.
They said it was a factor but not the deal breaker*.However they never revealed just how much it would have been (presumablly because to reveal that would have meant revealing how much they were paying for components and their component suppliers want that info kept confidental).
Also it depends what the finished product is in the eyes of customs laws. See for example sony trying to get various playstation models to count as computers rather than games consoles because games consoles attracted import duty while computers didn't.
* IIRC the deal breaker was they couldn't find any UK factories who could do the work at the required price and in the required volume.
Bottom of the barrel smartphones are not that expensive, closer to $200 maybe less than that. Still too much to include in regular copies of a magazine though.
This was NOT in most copies of the magazine, it was in a tiny fraction and seems pretty clearly to have been done as a publicity stunt.
An ARM SoC is not conceptually different than a PC full of peripherals. It just happens that ARM SoCs have the devices physically integrated into the SoC package.
The big difference is on a modernish* PC pretty much all perhierals are either
1: Of a "standard" type and in well-known "standard" locations in the IO or memory address space 2: On a bus that looks to software like PCI 3: On some other discoverable bus or interface behind a controller that sits on a bus that looks to software like PCI
So In a PC you know where some stuff is from the start and you find the rest by enumerating the PCI bus(es) thorough the PCI configuration space (which is accessed through a well known location in the IO address space). Then in turn enumerating any buses or interfaces you find controllers for on the PCI bus.
While afaict on most arm systems there are no such enumeration features and even if there were (a few arm devices DO have PCI) there is no standard on how to access them. So the infromation has to be provided to the kernel by other methods. Traditionally it was just built into the kernel but this has made it very difficult for general purpose linux distros to properly support arm. So there has been a push to providing it externally from the bootloader "device tree" and thus moving towards a world where arm kernels are no longer device specific.
* Basically any PC that doesn't have ISA cards in it.
I'm guessing they did the simple and therefore relatively easy (but unfortunately not hugely useful because the complex ones are what most people use) platforms first.
So in other words for most users this doesn't mean much YET but now the framework is in-place hopefully other platforms will follow and in the future linux distros will be able to ship one kernel for most popular arm devices. Having said that it depends critically on getting the drivers to actually make those platoforms work properly merged into the upstream kernel as well.
Also the Pi is a bit of a weird case since it's armv6+vfpv2, this means that those wanting good performance on the Pi will likely have to stick with distros where the whole distro (not just the kernel) is compiled with the the Pi in particular in mind since afaict most regular hardfloat distros have picked armv7-a+vfpv3_d16 as their minimum CPU target. There don't seem to be many other armv6 devices that are popular in the hobbyist community (the only armv6 devices i'm personally aware of are the Pi, the via APC and some low end smartphones).
Noone has actually found any collisions yet but there is a risk they may do so in the not too distant future. So if your system relies on collision resistance you probablly want to look into migration plans to something stronger.
Sorry for the newbie question but should I replace:
INSERT INTO users SET username='admin', password=sha1('********')
for:
INSERT INTO users SET username='admin', password=sha3('********')
Not really, collisions aren't really too much of an issue in this application, the attacker would need a preimage attack which is much harder. Generally in password hashing systems the hash function is far from the weakest link however for this use you should.
1: make sure you salt your passwords. Ideally with both a per-installation salt which is stored separately from the password DB and a per-password salt in the password db. 2: consider using a deliberately slow hash function to slow down dictionary/brute force attacks on your passwords. 3: consider privilage seperation between the part of your system that handled password validation and the rest of your system so a break in your webapp doesn't let someone download a copy of the stuff they need to start work on password craking.
You're enormously reducing the number of bits of information present
True
so you will get collisions
No
It is true that collisions must exist but if the output of the hash function is large enough then the number of inputs you would have to try to find a collision by brute force becomes unfeasiblly large even if you don't care what it's a collision with.
Finding any collision at all is considered very bad news for a secure hashing algorithm as it is often quickly extended to finding collisions with common prefixes. From there you can construct two documents in a format like pdf with very different content but the same hash, then you can get someone to sign one using the hash algorithm and their signature will verify on the other.
Slashdot Mirror
Given that they don't even seem able to seize the stuff that violates product safety regulations most of the time I have my doubts.
If you are in the UK, the packages declared value* is over £15 (£30 for gifts) and the package doesn't slip through (some packages don't seem to get assessed for VAT even though they should be) you will get charged the VAT (normally 20). If it's above some higher value then you may also have to pay customs duty. You will also have to pay a fee for collecting those charges. With the post office this is arround £10, with courior services it can be much higher.
* Sellers in some countries habbitually lie on customs forms.
iOS, Android, Linux (Gnome/KDE), OS X and Windows 8 are now somewhat capable of running the ARM ISA.
However MS has decided that only a gimped version of windows 8 will be available on arm. Anyone who needs a fully functional windows system will still need x86 until/unless MS decidedes to change that. Much the same applies to apple, while iOS has some technical stuff in common with OSX it's functionality is serverely gimped in comparison. Further even if ungimped arm versions of major desktop operating systems were released some form of binary translation would be needed to support existing apps.
AMD should stop developing new x86 microprocessors, and keep making the current ones for a very long time.
Would you really buy an oly technology CPU from AMD when you could buy a newer technology one from Intel with comparable performance at a tiny fraction of the power consumption?
The point of a domain name is it should resolve correctly from on any computer on the internet. A domain that most users can't resolve is pretty much worthless.
Secure boot is only meaningful if the kernel refuses to load untrusted drivers and the signing keys needed to mark code as trusted are kept off the machine you are trying to protect.
A secure boot setup where the owner is in control is potentially useful for high security setups but also a massive PITA (to get any significant benefit you really need a dedicated machine to act as a signing box). A secure boot setup where someone else is in control of the keys means effectively giving up control of your computer.
mmm, I tend to view microsofts actions in the arm market as indicative of what they would do in the x86 market if they thought they could get away with it.
I don't think the speed of light is that big a problem. Light in fiber travels at about 200 kilometers per millisecond. That means for every 100 kilometers of fiber you add about millisecond to the round trip time. With a base in each major city it should be pretty easy to keep the contribution to the round trip time caused by distance below 10ms or so.
Bigger issues IMO are connections that sacrifice latency to get better efficiency (e.g. interleaving on DSL), congestion and the delays inherent in compressing the video down to a level that will pass through the average consumer internet connection. Hopefully as faster links are deployed and old copper is phased out these should become less of an issue.
I think it was best if a customer was within 50 miles of a data center.
I'd think it would be more about internet connection type than distance.
50 miles of fiber should add less than a millisecond to ping time. One ADSL hop with interleaving enabled to make up for a poor quality line or one congested router can easilly add many times that.
There was a flood in thailand, this meant supplies of hard drives were massively reduced. Stockists of hard drives were left with three choices.
1: Crank up the price until demand came down to meet supply
2: Put restrictions in place to stop one customer buying too many, possiblly in combination with smaller price increases.
3: Do nothing
Whichever choice is taken some customers will be pissed off. Choice 1 is likely to be the most profitable if only hard drive profits are looked at. However if people consider hard drive prices unreasonable they may decide to hold off on their computer build/upgrade and hence hold off on buying other parts too. They may also feel bad about the supplier in general causing them to take unrelated buisness elsewhere.
Choice 3 means they won't have any hard drives to sell pretty quickly which will piss off customers who really needed a hard drive right now and will also make it very difficult to sell any other computer components.
So that left choice 2.
There we floods in thailand which significantly reduced the supply of hard drives. Some vendors responded to this by imposing buying restrictions, some imposed caps on the number of drives that could be bought. Many did both.
You would think that vendors would try and get as much money as they can for their stock and to an extent that is true. However for something like hard drives the picture is more complicated. If someone can't buy a hard drive at a price they consider reasonable they won't buy the rest of the bits to build a PC either.
I disagree.
The TCP/IP stack and other OS libraries not getting security updates is certainly a concern. However IMO for a machine behind an "outgoing connections only" firewall/NAT and running client software that makes little use of OS facilities (for example firefox uses it's own SSL library, not the windows one) it is a relatively minor concern. Lack of security updates to client apps that deal with untrused data is a FAR bigger concern IMO.
The main thing I remember about internet explorer for the mac is that it translates edit box text to macroman (or presumablly another legacy mac encoding on systems set up for dffierent languages) before letting the user edit it and then translates it back. This was a MAJOR pain for any website that lets users edit existing unicode text.
There are two similar but slightly different classificaion systems, the old system (still used in the US) uses roman numerals for the classes while the new system uses arabic numerals. Basically class 1 is no risk of damage, class 2 is very little risk of damage. Class 3R (roughly equivilent to IIIA) is a bit more hazardous, class 3b worse still and class IV you don't even want to look at difuse reflections of it.
Most laser pointers are class II but some of the powerful ones are class 3B.
Note that if a laser beam is totally enclosed with interlocks to prevent accidental release the class of the laser system can be lower than the class of the laser contained within. This is the case with things like CD/DVD burners and laser printers. The laser is class 3B but the system as a whole is class 1.
Can they find enough railway managers to do that?
What happens to staff when a franchise is taken over anyway? I would think the low level staff and probablly their immediate bosses must be kept arround as to do otherwise would just cause chaos but how high up the tree does it go?
In fact there is a SIX drive one out there.
http://www.newegg.com/Product/Product.aspx?Item=N82E16816215303
the GP's factual technical information.
The GPs post is an anecdote just like the reports from many developers on the internet. Worse he doesn't even really describe his usge scenario. He doesn't give any information on how many servers he is talking about, or how often he "rebuilds world" and what else the servers do
That aside though the impression I get is the quality of the controller is a key factor. Ideally a controller would spread the writes evenly arround the flash while minimising write amplification and avoiding screwing things up itself, even in the event of sudden power loss during a remapping operation. However that is a complex buisness and i'm convinced not all SSD vendors get it right. I notice that the GP is using intel SSDs which have a reputation for being among the most reliable.
You can get a single bracket that will put a couple of SSDs in a 5.25 inch bay
http://www.newegg.com/Product/Product.aspx?Item=N82E16816119028
2.5 inch and 3.5 inch SATA drives use the same power and data connectors as do full-sized sata optical drives. 1.8 inch drives and slimline optical drives use different connectors IIRC.
No, unfortunately at least on newegg there is only one such drive and it's $2,299.99
As usual there is a central range where cost per gigabyte is lowest and drives outside that range are significantly more expensive.
We fed the worl organically for 10 thousand years.
With a world population a tiny fraction of what it is today.
This was the problem Raspberry Pi had for their first production batches anyway.
They said it was a factor but not the deal breaker* .However they never revealed just how much it would have been (presumablly because to reveal that would have meant revealing how much they were paying for components and their component suppliers want that info kept confidental).
Also it depends what the finished product is in the eyes of customs laws. See for example sony trying to get various playstation models to count as computers rather than games consoles because games consoles attracted import duty while computers didn't.
* IIRC the deal breaker was they couldn't find any UK factories who could do the work at the required price and in the required volume.
Bottom of the barrel smartphones are not that expensive, closer to $200 maybe less than that. Still too much to include in regular copies of a magazine though.
This was NOT in most copies of the magazine, it was in a tiny fraction and seems pretty clearly to have been done as a publicity stunt.
An ARM SoC is not conceptually different than a PC full of peripherals. It just happens that ARM SoCs have the devices physically integrated into the SoC package.
The big difference is on a modernish* PC pretty much all perhierals are either
1: Of a "standard" type and in well-known "standard" locations in the IO or memory address space
2: On a bus that looks to software like PCI
3: On some other discoverable bus or interface behind a controller that sits on a bus that looks to software like PCI
So In a PC you know where some stuff is from the start and you find the rest by enumerating the PCI bus(es) thorough the PCI configuration space (which is accessed through a well known location in the IO address space). Then in turn enumerating any buses or interfaces you find controllers for on the PCI bus.
While afaict on most arm systems there are no such enumeration features and even if there were (a few arm devices DO have PCI) there is no standard on how to access them. So the infromation has to be provided to the kernel by other methods. Traditionally it was just built into the kernel but this has made it very difficult for general purpose linux distros to properly support arm. So there has been a push to providing it externally from the bootloader "device tree" and thus moving towards a world where arm kernels are no longer device specific.
* Basically any PC that doesn't have ISA cards in it.
I'm guessing they did the simple and therefore relatively easy (but unfortunately not hugely useful because the complex ones are what most people use) platforms first.
So in other words for most users this doesn't mean much YET but now the framework is in-place hopefully other platforms will follow and in the future linux distros will be able to ship one kernel for most popular arm devices. Having said that it depends critically on getting the drivers to actually make those platoforms work properly merged into the upstream kernel as well.
Also the Pi is a bit of a weird case since it's armv6+vfpv2, this means that those wanting good performance on the Pi will likely have to stick with distros where the whole distro (not just the kernel) is compiled with the the Pi in particular in mind since afaict most regular hardfloat distros have picked armv7-a+vfpv3_d16 as their minimum CPU target. There don't seem to be many other armv6 devices that are popular in the hobbyist community (the only armv6 devices i'm personally aware of are the Pi, the via APC and some low end smartphones).
So is SHA1 unsafe now?
Noone has actually found any collisions yet but there is a risk they may do so in the not too distant future. So if your system relies on collision resistance you probablly want to look into migration plans to something stronger.
Sorry for the newbie question but should I replace:
INSERT INTO users SET username='admin', password=sha1('********')
for:
INSERT INTO users SET username='admin', password=sha3('********')
Not really, collisions aren't really too much of an issue in this application, the attacker would need a preimage attack which is much harder. Generally in password hashing systems the hash function is far from the weakest link however for this use you should.
1: make sure you salt your passwords. Ideally with both a per-installation salt which is stored separately from the password DB and a per-password salt in the password db.
2: consider using a deliberately slow hash function to slow down dictionary/brute force attacks on your passwords.
3: consider privilage seperation between the part of your system that handled password validation and the rest of your system so a break in your webapp doesn't let someone download a copy of the stuff they need to start work on password craking.
You're enormously reducing the number of bits of information present
True
so you will get collisions
No
It is true that collisions must exist but if the output of the hash function is large enough then the number of inputs you would have to try to find a collision by brute force becomes unfeasiblly large even if you don't care what it's a collision with.
Finding any collision at all is considered very bad news for a secure hashing algorithm as it is often quickly extended to finding collisions with common prefixes. From there you can construct two documents in a format like pdf with very different content but the same hash, then you can get someone to sign one using the hash algorithm and their signature will verify on the other.