Heh... you're lucky. I seated a PCI card in wrong once and it shorted out. Fortunately, it was only $10 or so to replace.
But, you may have a point: it might be possible to electrically tap the PCI or PCI Express bus and do bad things with DMA, even if the bus wasn't built to support hot-swapping. You'd probably need custom hardware, a lot of time, and a lot of luck, though. Also, you'd need to keep power to the CPU on, meaning stuff like chassis intrusion detectors would be a sufficient countermeasure.
The story is actually very interesting. The Bill of Rights was enacted as a compromise to get the Constitution passed. The Constitution was not our first government -- that was the Articles of Confederation, but the Articles of Confederation basically wasn't working at all because it was a very poor design.
Some highlights: it gave the federal government so little power it couldn't do anything. It couldn't even pass taxes; the states were supposed to voluntarily pitch in. It also required unanimous consent in Congress to pass any law, and Congress was all there was; there was no executive or judicial branch.
So some of the leaders -- the Federalists -- drafted the Constitution to replace it. But there were Anti-Federalists, and they argued the central government would become so powerful it would eventually turn tyrannical. So, the Bill of Rights was added to placate them. We can see now that was a really, really Good Idea(TM).
Personally, though coding certainly helped, I think my high school economics classes really helped dispel a lot of my personal "magical thinking" about social issues. That framework is much more useful than if/then/else for thinking about human endeavors. I think CS is cool, of course, but economics and statistics (correlation versus causation) are the logical/mathematical fields we should be pushing for everyone to know.
For all practical purposes, you are incorrect. Desktops and laptops do not typically support PCI Express hot swapping; this is a feature implemented only on high-end server chipsets.
I assume you mean PCI Express, since PCI-X is an obsolete standard not used on modern systems, but the answer is the same for PCI, PCI-X, and PCI Express, so no matter.
The TRESOR-HUNT attack works by having the attacker plug a malicious peripheral into the running computer, then having that peripheral use DMA to write malicious code into the computer's RAM which copies the encryption key out of the CPU.
Plugging a PCI card into a computer while it is running is likely to fry the motherboard, or at the very least cause an immediate system crash, so this is not a risk.
I am the author of Loop-Amnesia, a system similar to TRESOR, but more sophisticated in that it supports multiple encrypted volumes. After looking over the article, it does not appear that this is at all similar. It also does not appear to protect against the cold boot attack as claimed.
The authors claim a 2% performance reduction. Such a reduction implies that the instructions are not being decrypted literally on-the-fly; the reduction would be much more severe then. They're using a tactic called a "TLB split", which corrupts the cached page table so that reading memory gets you different results from executing it. A page of executable code is likely decrypted with a key stored in the CPU, put in a different physical page, and then the TLB split is performed so that executes go to the other page while reads still go to the encrypted page.
The cold boot attack dumps physical memory. This tactic corrupts virtual memory to frustrate analysis. The executable code is still stored in RAM somewhere, just not somewhere where you can get to it by reading from a virtual memory address. The cold boot attack would still work fine.
Finally, TRESOR and Loop-Amnesia are not broken. TRESOR-HUNT only works if you enable DMA on your FireWire bus. You shouldn't be doing that anyway.
It's experimental now, but it won't always be. Are you saying that you won't use it because it's experimental now, or you won't ever use it because you think there is something fundamentally wrong with the approach?
Why would you use virtualization in such an environment? Not trying to be argumentative, but it doesn't seem like virtualizing a bunch of database servers would be that big a win. So many people post here about virtualization that I'd like to know what they find so useful about it.
I personally just don't like the concept of adding a layer between the OS and the hardware. The OS is supposed to handle running different programs and providing the environment they need to run. If it's not, fix the OS, don't just add another layer and take the associated performance hit.
If anyone wants to argue this point because you think Singleton is a good design pattern, you're a bad programmer and should consider getting a MBA.
That's not a very good argument.
Even if it's the one good example of a time when a singleton might actually be a good fit for something, the code review board will shoot it down.
Where do you work where you have an entire board dedicated to code review?! How do you get anything done!?
The only places where that much red tape is justified is with pacemakers, airplanes, manned space flight, and anything with the word "nuclear" in it. And maybe a few other cases, but you get the idea.
If you're having trouble seeing why this works, start with noting that you're basically using b as an accumulator, and go from there.
It's linear time because you're only doing one recursive call per method and you're decreasing n by one with each recursive call. It's only constant space if you have a smart compiler that can get rid of the stack frames that would be generated in an unoptimized implementation. The needed optimization is called tail recursion. Tail recursion is basically a cheat where you count on the compiler to optimize away your recursion into an iterative loop when your recursive call is the final instruction of the function; the optimization logic to do that is not hard. Python is a notable language that does NOT do this optimization.
The desktop is quite crusty on R-Pi too. It's fine for embedded/server use though, and I do not have complaints about those scenarios. It will be interesting to see how Windows 10 performs on R-Pi 2.:)
Umm... R-Pi 2 is still ARM, right? So, wouldn't the answer be, "not at all, because MS is bailing out of ARM"? They discontinued the ARM-based Surface recently.
I verified that and it is properly using the official Intel graphics driver.
Weird. Have you checked what glxinfo says? I think it's possible for OpenGL to be software rendering even if the driver isn't VESA in certain broken setups. Another good step would be to try Knoppix on it, to see if it's a distro-specific issue or not. I used Knoppix recently on some random computers with Intel drivers and desktop effects worked fine.
XFCE hasn't seen a new release in almost 3 years, the compositor tears (because it is based on XRender), and it does not have any desktop effects. Windows on the same hardware runs cool zoom animations and translucency without a hitch. Other than that, XFCE seems relatively glitch-free, so I agree that it's one of the best choices.
No, they haven't had a major release recently, but XFCE is definitely still maintained. It's possible to get Compiz to work with XFCE, but, like sibling poster suggests, I would just not use desktop effects if they're not working. I'm sure I could get them working if I really tried, but I'm not using desktop effects on any of my machines. They're a novelty item that wears off quickly.
Now you are just cheerleading.:) You can't realistically say that your experience is "pretty bug-free" if X (in practice: whole desktop) crashes roughly weekly.
One machine out of six, man:) And I was using a beta distro, and I think it might be fixed now. I actually think it's one screensaver that causes or caused it, but I don't know which one because xscreensaver uses a random one each time it starts. It could also be a hardware issue with the machine, though I doubt it.
Elementary OS had horrible tearing, choppy and slow animations, and popped up a "System problem detected" right on the first boot.
Uh... my guess would be ElementaryOS somehow didn't auto-detect your graphics card right and you were using X with VESA. That would do that. I just set up a Linux laptop with an Intel graphics card. Worked great; VA-API allows hardware-accelerated 1080i H264 video, with deinterlacing, with no tearing. I'm sure it could handle the 10 or so polygons used for desktop effects without problem.
Linux is not the way to breathe life into an old computer anymore. That time was 15 years ago. These days you can make an old PC run Linux fast only by using a simple window manager and turning off all the desktop effects. Even then you would be left dealing with loads of bugs everywhere.
Dude, Linux runs on the Raspberry Pi. In the last few years I set up Linux on a system with a 700MHz Celeron and 256MB RAM. I've purchased a Linux VM with 128MB of "virtual" RAM. It'll run.
Use XFCE on old hardware. And new hardware; it's the current king of traditional desktop interfaces in the window manager world.
GNOME, KDE, and the others have lost their minds. That doesn't mean you have to drink the kool-aid, too.
Re bugs, my experience has been Linux is pretty bug-free. The only thing I'm running into trouble with is X deciding to segfault every week or so on my work machine. Annoying as fuck, but at least I can restart it without restarting the whole computer. It seems to be fixed in the last update, too, though it hasn't been long enough. And, I'm running Slackware-current, which is technically a beta distro though it's usually pretty stable.
Cinavia's not really important anyway because it only blocks you if you use a Blu-Ray player for playback. All you have to do is play the the files on a computer with a FLOSS video player like mplayer or vlc and the Cinavia will be ignored.
I agree that programming languages are not real languages. There are similarities, which are useful when teaching the subject, but they are definitely different disciplines.
I'd like to relate an anecdote, here. I majored in CS. I declared a major in Economics as well. However, the College of Liberal Arts (offering Economics) required foreign language, while the College of Natural Sciences (offering CS) did not. I had taken foreign language in high school, but more was required. I ended up dropping Economics as a major, because I wasn't going to waste time taking more foreign language just to get a second undergraduate degree. Though I generally support breadth requirements in undergraduate study, I consider this an unfortunate result of the requirement.
You allude to one of the most disgusting loopholes in the US justice system, which is that double jeopardy does not apply across the federal/state boundary. So, yes, the feds can try you, you can be found innocent, and then the state gets another bite at the apple.
This is VERY uncommon, though, because both federal and state prosecutors typically will, as agency policy, NOT exercise this right, because it's so unfair to do that and so out-of-keeping with the spirit of the constitution. But there have been instances where they have done this. And it's disgusting.
You've just described a highly dysfunctional work environment, except for the hot coworker part and the "I-sometimes-need-to-do-boring-stuff" part. The boring stuff part becomes dysfunctional if it gets too much, though. I can say from experience that not everywhere is like you describe. Long term, you might want to changing jobs.
As mentioned elsewhere, a number of factors correlate to create a highly artificial and dysfunctional social environment in lower education. A company where you're dealing with high-school social problems is a dysfunctional company. Hell, due mainly to honors classes keeping the bored clowns out of my way, my actual high school experience had few high-school social problems. The lower education dysfunctional environment was mostly middle school and lower.
Slashdot Mirror
Heh ... you're lucky. I seated a PCI card in wrong once and it shorted out. Fortunately, it was only $10 or so to replace.
But, you may have a point: it might be possible to electrically tap the PCI or PCI Express bus and do bad things with DMA, even if the bus wasn't built to support hot-swapping. You'd probably need custom hardware, a lot of time, and a lot of luck, though. Also, you'd need to keep power to the CPU on, meaning stuff like chassis intrusion detectors would be a sufficient countermeasure.
I intended no sarcasm. I think the Bill of Rights was a very good idea.
The story is actually very interesting. The Bill of Rights was enacted as a compromise to get the Constitution passed. The Constitution was not our first government -- that was the Articles of Confederation, but the Articles of Confederation basically wasn't working at all because it was a very poor design.
Some highlights: it gave the federal government so little power it couldn't do anything. It couldn't even pass taxes; the states were supposed to voluntarily pitch in. It also required unanimous consent in Congress to pass any law, and Congress was all there was; there was no executive or judicial branch.
So some of the leaders -- the Federalists -- drafted the Constitution to replace it. But there were Anti-Federalists, and they argued the central government would become so powerful it would eventually turn tyrannical. So, the Bill of Rights was added to placate them. We can see now that was a really, really Good Idea(TM).
I get writing a compiler, but why a text editor?
Personally, though coding certainly helped, I think my high school economics classes really helped dispel a lot of my personal "magical thinking" about social issues. That framework is much more useful than if/then/else for thinking about human endeavors. I think CS is cool, of course, but economics and statistics (correlation versus causation) are the logical/mathematical fields we should be pushing for everyone to know.
For all practical purposes, you are incorrect. Desktops and laptops do not typically support PCI Express hot swapping; this is a feature implemented only on high-end server chipsets.
Additionally, grow up.
I assume you mean PCI Express, since PCI-X is an obsolete standard not used on modern systems, but the answer is the same for PCI, PCI-X, and PCI Express, so no matter.
The TRESOR-HUNT attack works by having the attacker plug a malicious peripheral into the running computer, then having that peripheral use DMA to write malicious code into the computer's RAM which copies the encryption key out of the CPU.
Plugging a PCI card into a computer while it is running is likely to fry the motherboard, or at the very least cause an immediate system crash, so this is not a risk.
I am the author of Loop-Amnesia, a system similar to TRESOR, but more sophisticated in that it supports multiple encrypted volumes. After looking over the article, it does not appear that this is at all similar. It also does not appear to protect against the cold boot attack as claimed.
The authors claim a 2% performance reduction. Such a reduction implies that the instructions are not being decrypted literally on-the-fly; the reduction would be much more severe then. They're using a tactic called a "TLB split", which corrupts the cached page table so that reading memory gets you different results from executing it. A page of executable code is likely decrypted with a key stored in the CPU, put in a different physical page, and then the TLB split is performed so that executes go to the other page while reads still go to the encrypted page.
The cold boot attack dumps physical memory. This tactic corrupts virtual memory to frustrate analysis. The executable code is still stored in RAM somewhere, just not somewhere where you can get to it by reading from a virtual memory address. The cold boot attack would still work fine.
Finally, TRESOR and Loop-Amnesia are not broken. TRESOR-HUNT only works if you enable DMA on your FireWire bus. You shouldn't be doing that anyway.
It's experimental now, but it won't always be. Are you saying that you won't use it because it's experimental now, or you won't ever use it because you think there is something fundamentally wrong with the approach?
Well, LTE roaming could still be useful to you even if there are no roaming agreements. Just get a local SIM.
I get that, but you can do process migration without virtualization: http://criu.org/Main_Page
Is it just because that's experimental still?
Why would you use virtualization in such an environment? Not trying to be argumentative, but it doesn't seem like virtualizing a bunch of database servers would be that big a win. So many people post here about virtualization that I'd like to know what they find so useful about it.
I personally just don't like the concept of adding a layer between the OS and the hardware. The OS is supposed to handle running different programs and providing the environment they need to run. If it's not, fix the OS, don't just add another layer and take the associated performance hit.
If anyone wants to argue this point because you think Singleton is a good design pattern, you're a bad programmer and should consider getting a MBA.
That's not a very good argument.
Even if it's the one good example of a time when a singleton might actually be a good fit for something, the code review board will shoot it down.
Where do you work where you have an entire board dedicated to code review?! How do you get anything done!?
The only places where that much red tape is justified is with pacemakers, airplanes, manned space flight, and anything with the word "nuclear" in it. And maybe a few other cases, but you get the idea.
Yes, they can. Do some research before posting rather than talking out of your ass.
http://en.wikipedia.org/wiki/D...
My best attempt to translate that from what I think is Haskell to an imperative pseudocode, in case anyone is curious what's going on:
define fib_aux(int n, int a, int b) returning int:
{
if(n>=1)
return fib_aux(n-1,b,a+b)
else
return b
}
define fib(int n) returning int:
{
return fib(n,0,1)
}
If you're having trouble seeing why this works, start with noting that you're basically using b as an accumulator, and go from there.
It's linear time because you're only doing one recursive call per method and you're decreasing n by one with each recursive call. It's only constant space if you have a smart compiler that can get rid of the stack frames that would be generated in an unoptimized implementation. The needed optimization is called tail recursion. Tail recursion is basically a cheat where you count on the compiler to optimize away your recursion into an iterative loop when your recursive call is the final instruction of the function; the optimization logic to do that is not hard. Python is a notable language that does NOT do this optimization.
Like I said: one machine out of six, and I'm using a beta distro.
Like you, I typically only reboot when the power goes out.
The desktop is quite crusty on R-Pi too. It's fine for embedded/server use though, and I do not have complaints about those scenarios. It will be interesting to see how Windows 10 performs on R-Pi 2. :)
Umm ... R-Pi 2 is still ARM, right? So, wouldn't the answer be, "not at all, because MS is bailing out of ARM"? They discontinued the ARM-based Surface recently.
I verified that and it is properly using the official Intel graphics driver.
Weird. Have you checked what glxinfo says? I think it's possible for OpenGL to be software rendering even if the driver isn't VESA in certain broken setups. Another good step would be to try Knoppix on it, to see if it's a distro-specific issue or not. I used Knoppix recently on some random computers with Intel drivers and desktop effects worked fine.
XFCE hasn't seen a new release in almost 3 years, the compositor tears (because it is based on XRender), and it does not have any desktop effects. Windows on the same hardware runs cool zoom animations and translucency without a hitch. Other than that, XFCE seems relatively glitch-free, so I agree that it's one of the best choices.
No, they haven't had a major release recently, but XFCE is definitely still maintained. It's possible to get Compiz to work with XFCE, but, like sibling poster suggests, I would just not use desktop effects if they're not working. I'm sure I could get them working if I really tried, but I'm not using desktop effects on any of my machines. They're a novelty item that wears off quickly.
Now you are just cheerleading. :) You can't realistically say that your experience is "pretty bug-free" if X (in practice: whole desktop) crashes roughly weekly.
One machine out of six, man :) And I was using a beta distro, and I think it might be fixed now. I actually think it's one screensaver that causes or caused it, but I don't know which one because xscreensaver uses a random one each time it starts. It could also be a hardware issue with the machine, though I doubt it.
Elementary OS had horrible tearing, choppy and slow animations, and popped up a "System problem detected" right on the first boot.
Uh ... my guess would be ElementaryOS somehow didn't auto-detect your graphics card right and you were using X with VESA. That would do that. I just set up a Linux laptop with an Intel graphics card. Worked great; VA-API allows hardware-accelerated 1080i H264 video, with deinterlacing, with no tearing. I'm sure it could handle the 10 or so polygons used for desktop effects without problem.
Linux is not the way to breathe life into an old computer anymore. That time was 15 years ago. These days you can make an old PC run Linux fast only by using a simple window manager and turning off all the desktop effects. Even then you would be left dealing with loads of bugs everywhere.
Dude, Linux runs on the Raspberry Pi. In the last few years I set up Linux on a system with a 700MHz Celeron and 256MB RAM. I've purchased a Linux VM with 128MB of "virtual" RAM. It'll run.
Use XFCE on old hardware. And new hardware; it's the current king of traditional desktop interfaces in the window manager world.
GNOME, KDE, and the others have lost their minds. That doesn't mean you have to drink the kool-aid, too.
Re bugs, my experience has been Linux is pretty bug-free. The only thing I'm running into trouble with is X deciding to segfault every week or so on my work machine. Annoying as fuck, but at least I can restart it without restarting the whole computer. It seems to be fixed in the last update, too, though it hasn't been long enough. And, I'm running Slackware-current, which is technically a beta distro though it's usually pretty stable.
Firefox for Android? Well, this is basically Mozilla's half-assed imitation of Chrome for Android. Pretty much nobody actually uses it.
I use it. I don't think Chrome for Android even works on Android 2.3 anymore. Firefox for Android is a pretty solid browser.
Uh, what about this: https://torrentfreak.com/dvd-r...
Cinavia's not really important anyway because it only blocks you if you use a Blu-Ray player for playback. All you have to do is play the the files on a computer with a FLOSS video player like mplayer or vlc and the Cinavia will be ignored.
I agree that programming languages are not real languages. There are similarities, which are useful when teaching the subject, but they are definitely different disciplines.
I'd like to relate an anecdote, here. I majored in CS. I declared a major in Economics as well. However, the College of Liberal Arts (offering Economics) required foreign language, while the College of Natural Sciences (offering CS) did not. I had taken foreign language in high school, but more was required. I ended up dropping Economics as a major, because I wasn't going to waste time taking more foreign language just to get a second undergraduate degree. Though I generally support breadth requirements in undergraduate study, I consider this an unfortunate result of the requirement.
Ah, I misunderstood you.
You allude to one of the most disgusting loopholes in the US justice system, which is that double jeopardy does not apply across the federal/state boundary. So, yes, the feds can try you, you can be found innocent, and then the state gets another bite at the apple.
This is VERY uncommon, though, because both federal and state prosecutors typically will, as agency policy, NOT exercise this right, because it's so unfair to do that and so out-of-keeping with the spirit of the constitution. But there have been instances where they have done this. And it's disgusting.
I tried to mod you up, but apparently my points just expired. Your description of the joy of math was among the most eloquent I've read. Thank you.
You've just described a highly dysfunctional work environment, except for the hot coworker part and the "I-sometimes-need-to-do-boring-stuff" part. The boring stuff part becomes dysfunctional if it gets too much, though. I can say from experience that not everywhere is like you describe. Long term, you might want to changing jobs.
As mentioned elsewhere, a number of factors correlate to create a highly artificial and dysfunctional social environment in lower education. A company where you're dealing with high-school social problems is a dysfunctional company. Hell, due mainly to honors classes keeping the bored clowns out of my way, my actual high school experience had few high-school social problems. The lower education dysfunctional environment was mostly middle school and lower.