A couple of generations ago, you needed a bonfire in the middle of the street to get rid of books full of unpopular ideas. Today, that can be accomplished very quietly with a few inode updates. The Internet and DRMed information is like Alexandria written on gunpowder-impregnated flash paper. Information is easily linked and too rarely duplicated. Unplug a server, and it goes away. We can stand around and shrug when some paedo gets his dirty book pulled from his tablet. Nobody will be there - or care - when it's our turn. Mark my words.
Hmm. In my many years of experience in software development, I've yet to find anything that _specifies_ software behavior as completely as the software itself. Moreover, "repeatability" isn't important at all in software development. It's critical, of course, on an assembly line. So the very goal of ISO/CMM is fundamentally flawed.
That said, documentation of the expectations and capability of software is paramount. So you write your behavior specs first. Then you write code that meets the specs. Oh, and those specs can't be in a dry, dead, out-of-date.docx file. Or in some contrived, expensive tool. It needs to be _in the code_ PART OF THE CODE- an automated test suite that can be run instantly and report immediately the second anything is out-of-spec.
In this way, both the software and the specifications it is intended to meet grow and change together. So you don't have to have business people and business analysts having to make all the hard decisions up front in a vacuum. You get to show them work frequently and be able to respond to changes as their needs evolve.
Development is faster. Progress is measurable in terms of business requirements met. Maintenance is far more inexpensive. Best of all, there are working examples of every bit of code- the tests are current, living, breathing documentation of how each method and unit was designed to work and what business value it was explicitly intended to support.
That's what you need to write your code. Forget the over-priced tools. Anything less is cheating your company or client.
You are remiss in not mentioning github.com which does the favor of free, immediate online hosting of OSS projects and content under git. I don't know how many presenters I've seen with their slides and demo code all on github. It's the killer app that makes git really rock.
SQL syntax is dated and very obtuse. Just look at the different syntax between insert and an update....wouldn't you rather just have "save"?
Object-relational mapping is cumbersome and mis-matched in SQL. 1:many either yields n+1 queries or a monster cartesian product set. And, what about inheritance? It just doesn't jive.
It isn't about losing ACID- although not every purpose needs ACID. Your average shared drive filesystem isn't ACID, for example.
When you have anemic domains that aren't nailed down and need to be readily flexible without big re-designs, JSON-based No-SQL works very well. When you want to avoid n+1 and have well-defined data needs with 4MB of data across your object graph, No-SQL works... very very well. When you want to segregate the business services and its backing data store from the separate concern of BI, No-SQL keeps the riff-raff out of your data store.
It's different. It solves different problems. Keep your mind open.
Where does that leave InnoDB? It's the only game in town for a tried-and-true constraint-enabled MySQL database. I was to understand that Oracle bought that engine up years ago. Were that single piece to go missing, MySQL would be set back to the stone age. The lack of mention about that engine, and lots of talk about third party engines concerns me.
I think the key to small development teams is a good mix of skills and a gelled, stable team.
"Best Practices" go in and out of vogue. Use the techniques that work well for you. Experiment with new things. This is a field still in its infancy- so be willing to spend time enriching yourselves.
Monitor your success in terms of code maintainability and developer/customer relations.
Quake was one of my first gigs out of college. We got paid to play Quake and write a walk-through for it. It became "Id's Guide to Quake." Great resume builder in the day.
Specifically, if an equation is used, it's not a one-time pad because the data was generated deterministically. Duh. You need real, unrepeatable random data. Computers using only math functions can't possibly generate this.
Simply XORing or otherwise slapping pseudorandom garbage over plain text does not make a secure system. Look at how a tiny flaw in the implementation of RC4 in wireless networking makes the system crackable in linear time!
The big problem with a one-time pad is that you're left with keys the size of whatever message you intend to send. And since a real one-time pad CAN'T be generated deterministically (thus its security) the pad must be somehow shared between the two parties.
At best, they have re-invented the symmetric cipher- or something that approaches its intended function. Of course, never, ever trust a new cipher without a good long time of testing and proper cryptoanalysis.
Whoever is doing this is very, very likely selling snake oil. My suggestion is to pick up a copy of GPG, configure to use AES-256/3072 bit public keys and be happy.
I believe the past is the key to the future on DRI. From the introduction of the 8-bit home PC, copy protection has been around in the form of bad sectors, encrypted or altered-format disks, etc.
Judging from the 'cracking' and "0-day warez" BBS sites that sprang up like toad stools, my thought is that it didn't work. Everyone that wanted a copy of some IP (illegally) could get it. Often, with features the original didn't have, like trainers and immortality modes.
Not even the mighty FBI could stop the kids. Of course, today, they'd be known as "terrorist cells" traced by demand for soda, pizza, and bandwidth.
In those glory days of 2400bps-14400bps modems, it was a single company doing everything they could in-house to keep their released programs safe. As any then-15-year-old hacker could tell you, it was fairly easy to break once you had a clue what was going on. The programs were closed-source, of course, and nobody was available from Electronic Arts or Sierra to leak how the protection worked. But it didn't matter. Often, all was necessary was finding a conditional jump in assembly code and either removing it or (my favorite) reversing the logic of the jump.
DRI will require a standard API across the board. It must be a fairly open standard, one implemented by many different companies different ways to achieve exactly the same spec. Of course, there will be licensing and NDA's to use the spec. But, de facto, it will be open.
Everyone who makes any program, anywhere in the world which must interface with DRI information must be trusted not to give away the milk cow. This could be intentional, by creating a program or chip that disregards DRI entirely. Or, a simple coding error or hardware misdesign could achieve the same effect. Lest we forget, it was a poor implementation of the DVD CSS that was ultimately attacked- by a kid.
We live in a world where we can't even get a 100% working closed-source OS from a single company. What will a multi-company, multinational hodgepodge of laws, DRI tech, and various unscrupulous coders bring? It would have to be mandated and codified by bureaucrats who couldn't begin to keep up with the inventive attacks of _kids_, let alone professional thieves. It will at best be fingers in the dike from the outset; and come crashing down with the first torrents of demand from the public at large.
Encryption is just an effort at privacy. We are now deluged into a reality where our government (with the applause of the unthinking, sheep-like masses) is actively working to reduce privacy. We can't have privacy and freedom right now- or ever- if we are to keep from having terrorist activities. That's the sales pitch.
But it doesn't stop there. We won't own our computers or electronic devices. We won't be allowed to alter them or configure them in some unique way. We won't be allowed to code our own software that allows us to access the things we have bought. Many of these things are already laws. More of the same shall be in the future. Consider the initative Intel has to encrypt the connection between your video card and monitor...
Road Runner: What kind of Windows do you run?
Me: X... er, I don't.
Road Runner: You have to have Windows to run RoadRunner.
Me: No, I don't. I'm a UNIX system engineer. Just drop the cable modem off here. Do I need PPPoE or DHCP?
Road Runner: Huh? Do you have Windows? We can't install it if you don't have windows.
Me: Okay... hmmm, sure I've got Win98. (on an unused HD, around here somewhere...)
The cost of freedom is too high for you. Indeed, we do not deserve freedom.
Here is its cost, count it carefully:
1. Re-create the DMCA-infringing software to defeat eBook technology. The best and brightest on Slashdot could do this if they put their minds to it.
2. Everyone who feels strongly about it should not only distribute the source, but also openly decrypt eBooks and make the resulting unencumbered PDFs available- be they servers in the US or outside her borders, CD's, IRC, wireless broadcast, public readings, whatever.
3. Everyone who participates in this should do it absolutely openly, and with the full expectation of being arrested and convicted to the fullest extent of the law. When arrested, demand a trial. Do not plead "no contest" or "guilty". By going to trial, you will make your conviction sentence more severe. Do this knowingly.
4. People must go to prison. Lots of people. For a very long time. A few hundred won't work- but thousands upon thousands of people in jail or prison, not developing software, not being productive- hurts the nation. In fact, there's a limit to how many people can be in jail at one time in a given country. Currently, I believe there are about six million incarcerated in the US. We' need to assess just how many generally young, educatied/technical people would need to be in prison to make the System hurt. Perhaps- just perhaps- if everyone in the U.S. Slashdot/EFF community- lurkers, goat-sexing trolls, hackers, wanna-be's all ended up flooding the prisons, it could turn into a situation where the law was, in fact, unenforcable. And, of course, I'd welcome foreign supporters willing to be arrested as well...
Picture this: 5,000 geeks in kangaroo (court) outfits distributing circumvention software for free on the steps of the very courthouse where Dmitry is currently being tried....
5. Civil opinion might just question what the hell is going on. Laws could be changed or repealed once public sentiment was stroked. Then again, given the outcome of the current drug war in the US, perhaps not.
It's almost too late to stand up and take control of the laws in America, short of a revolution. But it can be done. Peacefully. Ghandi walked to the sea and made salt, breaking a Brittish law (on par with the DMCA) and ended up a martyr.
Seems to me more than a few people decided to walk instead of ride the bus down south in the 60's....
Where are our balls?
Shut up, be entertained, and stop thinking.
Looking closely... a patent trap for the future?
on
RSA Cracked - Not
·
· Score: 1
The guy who came up with the attack seems to have failed- but Ron R. came up with the interesting observation that the attack converts an RSA problem into finding a discrete log in a finite field (Diffie's public key algorithm, first implemented in GPG before RSA became public domain.)
Now, if a math problem can be converted from a patented algorithm into one in the public domain, which wins? Does the PD algorithm fall under the patent, or does the patent go away?
This wouldn't have been trivial a year ago when RSA was still under patent protection. Even two years ago RSA, Inc. was peddling FUD on Diffie's finite field problem, saying it needed more analysis before being trusted.
Mathematics behind both processes look a lot alike to the untrained (only 18 semester hrs of undergrad math) armchair math/crypto geek.
Somehow, this feels like a Windows versus Mac debate. Nobody has yet figured out that Politics is naturally Open Source, and we can cook up our own politics and distribute it at will.
Given four years of development time, we can build our own kernel of policies and values.
We can discuss, debate and critique the actions of the next president. We can have our own revision control system, and decide what would make a better look and feel to politics in America.
We can try it out. Send test candidates to State governments, and on Capitol Hill. We can tweak them. We can work with everything. We can build something that can handle just about any situation without crashing.
We are free to find someone in our midst willing to put a Penguin in the whitehouse instead of a donkey or elephant.
We don't have to buy slick marketed pre-boxed politics. But politics, just like software distributions, takes time and effort to develop. We seem to be too busy clicking on our icons to care.
It wasn't so long ago that Intel was roasted over an open fire for embedding unique serial numbers in their CPUs. No matter how high and lofty their proclaimed goals were, we saw it as an easy way to track people. Even Amnisty International protested.
Now, we see the emergence of the IPv6 protocol attempting to use the embedded supposedly-unique serial number (MAC address) of your NIC. Currently, we believe these numbers can only be tracked to a manufacturer. In time, this can change. If there is the proper political climate, it will.
DHCP isn't perfect. The arbitrary assignment of an IP by your ISP can be traced- but it takes a subpoena and reasonable grounds for obtaining the information. By connecting the number you receive to something on your machine, you effectively remove the ISP as an IP broker. The result is your privacy just became that much easier to thwart.
Once upon a time, my best friend from high school (like-minded geek) offered for me to live with him and bring my computers...
Now we are both professional programmers, both married, and I've lost count of the computers and monitors. It's sweet, all right.
We've been told countless times that this would not work; that we both needed to grow up and realize that having our wives together in the same (admittedly HUGE) house was a bad idea.
Oh, there are issues:
Bandwidth
Doze vs. Linux vs. Be vs. BSD vs. (the per cap winner: Amiga)
Mountain Dew vs. Coke
Perl vs. C
The occasional meat-space squabble
Benefits are there, too: N64 AND PlayStation; LOTS of CD's in the collective; beefy MP3 server (of course), DVD, pool table, toys, toys, toys.
It's not for everyone; and I know it won't last forever. I'm hitting 30 this year, and I'm still waiting to grow up. My life is little different from the average college student, save the college and the occasional international business trip.
You know you're in geekdom when the whole house heads out at 1am for "burritos as big as your head" and/or Pizza.
So it isn't a myth. Geek houses exist. But they grow by themselves. I don't think it would have worked if we tried to make one. It's just what naturally fit for us.
Many jobs require a CIS degree. Especially for high-paying admin and devel jobs.
That said, many jobs rely on (the better indicator IMHO) prior experience. My degree was in hard science and math (who could turn down playing with NeXT/Mathematica when both were new toys?) with an education degree. After experience in state-level statistics and database design, though- few employers questioned my abilities.
Things have changed quite a bit since then. Certainly, knowing the C/C++/Java family of languages and some good solid OOP design strategies will hold you in good stead. These things are taught in college these days. Don't expect an employer to do the training you should have received in school. It's not fair to them and is irresponsible on your part. If you already know how to code, and are familiar with your operating system and hardware, you'll not find much new in college. Most colleges tend to teach toward the people who are new to computers. Geeks are an irritation to profs since we code differently, think differently and can often befuddle them.
A college degree is like membership to a club. Jobs become easier to get if you're a member. It isn't fair. A degree doesn't make you a better coder. In fact, college CIS tends to homogenize and remove the creative spark that I find marks a truly gifted coder. Yet, expect the grad to get the better job (and salary). And, they always will.
Friends, Geeks, Hackerdom!
Lend me your bandwidth!
I come to bury VAX, not praise it.
The Evil of a platform lives after it.
The good oft is interred with the decommissioned hardware.
So let it be with VAX.
MS is of course going after their copyrighted content posted online. However, I expect that we acted exactly as they suspected we would.
The intent is to get rid of the SMB/Kerberos interoperability in Linux and other competing OSes. How to do it?
1. Ignore the spec on Kerberos.
2. When you take heat for this, release the spec using the tried-and-true EULA model. Since it's available "For Free" and in a source code form, it looks and smells to the general public like open souce. Only developers (slashdotters come to mind) will know the difference.
3. You wait until someone on Slashdot or like forum publishes your copyrighted spec against the license agreement; you predictably sue them when it is online.
4. Now, when someone does reverse-engineer the MS-hacked networking protocols, you've got a perfect place to point to where they gained the content- Slashdot - and can sue that it not be included in new distros of Linux, et al.
All of this ensures the nasty MS-OS monopoly continues without any recourse for the Open Source community. Freedom to innovate my ass.
It seems the most obvious way to get this to work is to make all the new monitors support the standard- as well as (presumably) video cards.
Perhaps AGP was designed for this all along?
Still, you're putting encryption (Video card) and decryption (Monitor) in front of an attacker with no limit on the attacks able to be performed. At only a 56 bit keylength, this is as antiquated as single DES; something the EFF Deep-crack system broke in about 22 hours, last I heard. Expect a break, unless it's implemented like a WinModem...
People won't buy all of this unless they need to upgrade for some reason. Microsoft has been planning pay-per-use software for a while. This would be a nice registration enforcement system. MS might also stupidly render the encryption scheme in software; a Good_Thing for the next brave Jon. This is unlikely with Intel, though. You want it in hardware to pick up the speed.
I see somthing along the lines of checking for the security-enhanced video, launching the program and asking for a key to use the program. Everything in the window is encrypted until you pop in the right code.
Is it likely a secure design? No. But I've seen similar designs of software use. For example, the IPIX 360 degree photo creation software requires certificates which are redeemed for codes which work once. And let us not forget what happened to the Shareware Quake with the registered version sitting on the demo CD...
The root of the problem is that we are being forced to consume hardware which is designed to defeat our attempts to customize and devlop software for same. Until this stops, the entire industry has a thumb on us.
This has been a very relevant topic for me. I grew up in (pardon the redundancy) rural West Virginia. I would love nothing better than have a log cabin in the forest with a nice T3 jacked into my home server. It's peaceful there; and it's where I first fell in love with programming. The nice thing about being a programmer is that I can do my job virtually anywhere- and I have. My company had me on four continents last year! Unfortunately, none of those places were home. Why? The key ingredients to keeping the bright, young minds at home are: Job and Education opportunities, Suitable mate-finding/family-rearing potential, Reasonable expectation for financial success in the local economy, pleasing entertainment opportunities (subjective), and most importantly- acceptance from the community. I've watched as my home town (Huntington) dwindled from a 1960's census population of 80,000 down to less than 25,000. It's a beautiful place to put in a Geekdom. Give it fifteen years, and you can buy the whole thing as a ghosttown for cheap.
Slashdot Mirror
// WHY
int WHAT(...) {
return HOW();
}
A couple of generations ago, you needed a bonfire in the middle of the street to get rid of books full of unpopular ideas.
Today, that can be accomplished very quietly with a few inode updates.
The Internet and DRMed information is like Alexandria written on gunpowder-impregnated flash paper.
Information is easily linked and too rarely duplicated. Unplug a server, and it goes away.
We can stand around and shrug when some paedo gets his dirty book pulled from his tablet.
Nobody will be there - or care - when it's our turn.
Mark my words.
Hmm. In my many years of experience in software development, I've yet to find anything that _specifies_ software behavior as completely as the software itself. Moreover, "repeatability" isn't important at all in software development. It's critical, of course, on an assembly line. So the very goal of ISO/CMM is fundamentally flawed.
That said, documentation of the expectations and capability of software is paramount. So you write your behavior specs first. Then you write code that meets the specs. Oh, and those specs can't be in a dry, dead, out-of-date .docx file. Or in some contrived, expensive tool. It needs to be _in the code_ PART OF THE CODE- an automated test suite that can be run instantly and report immediately the second anything is out-of-spec.
In this way, both the software and the specifications it is intended to meet grow and change together. So you don't have to have business people and business analysts having to make all the hard decisions up front in a vacuum. You get to show them work frequently and be able to respond to changes as their needs evolve.
Development is faster. Progress is measurable in terms of business requirements met. Maintenance is far more inexpensive. Best of all, there are working examples of every bit of code- the tests are current, living, breathing documentation of how each method and unit was designed to work and what business value it was explicitly intended to support.
That's what you need to write your code. Forget the over-priced tools. Anything less is cheating your company or client.
You are remiss in not mentioning github.com which does the favor of free, immediate online hosting of OSS projects and content under git. I don't know how many presenters I've seen with their slides and demo code all on github. It's the killer app that makes git really rock.
SQL syntax is dated and very obtuse. Just look at the different syntax between insert and an update. ...wouldn't you rather just have "save"?
Object-relational mapping is cumbersome and mis-matched in SQL. 1:many either yields n+1 queries or a monster cartesian product set. And, what about inheritance? It just doesn't jive.
It isn't about losing ACID- although not every purpose needs ACID. Your average shared drive filesystem isn't ACID, for example.
When you have anemic domains that aren't nailed down and need to be readily flexible without big re-designs, JSON-based No-SQL works very well.
When you want to avoid n+1 and have well-defined data needs with 4MB of data across your object graph, No-SQL works... very very well.
When you want to segregate the business services and its backing data store from the separate concern of BI, No-SQL keeps the riff-raff out of your data store.
It's different. It solves different problems. Keep your mind open.
Where does that leave InnoDB? It's the only game in town for a tried-and-true constraint-enabled MySQL database. I was to understand that Oracle bought that engine up years ago. Were that single piece to go missing, MySQL would be set back to the stone age. The lack of mention about that engine, and lots of talk about third party engines concerns me.
I think the key to small development teams is a good mix of skills and a gelled, stable team.
"Best Practices" go in and out of vogue. Use the techniques that work well for you. Experiment with new things. This is a field still in its infancy- so be willing to spend time enriching yourselves.
Monitor your success in terms of code maintainability and developer/customer relations.
Do that, and you'll have the team you want.
Quake was one of my first gigs out of college. We got paid to play Quake and write a walk-through for it. It became "Id's Guide to Quake." Great resume builder in the day.
Specifically, if an equation is used, it's not a one-time pad because the data was generated deterministically. Duh. You need real, unrepeatable random data. Computers using only math functions can't possibly generate this.
Simply XORing or otherwise slapping pseudorandom garbage over plain text does not make a secure system. Look at how a tiny flaw in the implementation of RC4 in wireless networking makes the system crackable in linear time!
The big problem with a one-time pad is that you're left with keys the size of whatever message you intend to send. And since a real one-time pad CAN'T be generated deterministically (thus its security) the pad must be somehow shared between the two parties.
At best, they have re-invented the symmetric cipher- or something that approaches its intended function. Of course, never, ever trust a new cipher without a good long time of testing and proper cryptoanalysis.
Whoever is doing this is very, very likely selling snake oil. My suggestion is to pick up a copy of GPG, configure to use AES-256/3072 bit public keys and be happy.
I believe the past is the key to the future on DRI. From the introduction of the 8-bit home PC, copy protection has been around in the form of bad sectors, encrypted or altered-format disks, etc.
Judging from the 'cracking' and "0-day warez" BBS sites that sprang up like toad stools, my thought is that it didn't work. Everyone that wanted a copy of some IP (illegally) could get it. Often, with features the original didn't have, like trainers and immortality modes.
Not even the mighty FBI could stop the kids. Of course, today, they'd be known as "terrorist cells" traced by demand for soda, pizza, and bandwidth.
In those glory days of 2400bps-14400bps modems, it was a single company doing everything they could in-house to keep their released programs safe. As any then-15-year-old hacker could tell you, it was fairly easy to break once you had a clue what was going on. The programs were closed-source, of course, and nobody was available from Electronic Arts or Sierra to leak how the protection worked. But it didn't matter. Often, all was necessary was finding a conditional jump in assembly code and either removing it or (my favorite) reversing the logic of the jump.
DRI will require a standard API across the board. It must be a fairly open standard, one implemented by many different companies different ways to achieve exactly the same spec. Of course, there will be licensing and NDA's to use the spec. But, de facto, it will be open.
Everyone who makes any program, anywhere in the world which must interface with DRI information must be trusted not to give away the milk cow. This could be intentional, by creating a program or chip that disregards DRI entirely. Or, a simple coding error or hardware misdesign could achieve the same effect. Lest we forget, it was a poor implementation of the DVD CSS that was ultimately attacked- by a kid.
We live in a world where we can't even get a 100% working closed-source OS from a single company. What will a multi-company, multinational hodgepodge of laws, DRI tech, and various unscrupulous coders bring? It would have to be mandated and codified by bureaucrats who couldn't begin to keep up with the inventive attacks of _kids_, let alone professional thieves. It will at best be fingers in the dike from the outset; and come crashing down with the first torrents of demand from the public at large.
And we can't jail all the kids.
Encryption is just an effort at privacy. We are now deluged into a reality where our government (with the applause of the unthinking, sheep-like masses) is actively working to reduce privacy. We can't have privacy and freedom right now- or ever- if we are to keep from having terrorist activities. That's the sales pitch.
But it doesn't stop there. We won't own our computers or electronic devices. We won't be allowed to alter them or configure them in some unique way. We won't be allowed to code our own software that allows us to access the things we have bought. Many of these things are already laws. More of the same shall be in the future. Consider the initative Intel has to encrypt the connection between your video card and monitor...
Road Runner: What kind of Windows do you run?
Me: X... er, I don't.
Road Runner: You have to have Windows to run RoadRunner.
Me: No, I don't. I'm a UNIX system engineer. Just drop the cable modem off here. Do I need PPPoE or DHCP?
Road Runner: Huh? Do you have Windows? We can't install it if you don't have windows.
Me: Okay... hmmm, sure I've got Win98. (on an unused HD, around here somewhere...)
Stop whining.
The cost of freedom is too high for you. Indeed, we do not deserve freedom.
Here is its cost, count it carefully:
1. Re-create the DMCA-infringing software to defeat eBook technology. The best and brightest on Slashdot could do this if they put their minds to it.
2. Everyone who feels strongly about it should not only distribute the source, but also openly decrypt eBooks and make the resulting unencumbered PDFs available- be they servers in the US or outside her borders, CD's, IRC, wireless broadcast, public readings, whatever.
3. Everyone who participates in this should do it absolutely openly, and with the full expectation of being arrested and convicted to the fullest extent of the law. When arrested, demand a trial. Do not plead "no contest" or "guilty". By going to trial, you will make your conviction sentence more severe. Do this knowingly.
4. People must go to prison. Lots of people. For a very long time. A few hundred won't work- but thousands upon thousands of people in jail or prison, not developing software, not being productive- hurts the nation. In fact, there's a limit to how many people can be in jail at one time in a given country. Currently, I believe there are about six million incarcerated in the US. We' need to assess just how many generally young, educatied/technical people would need to be in prison to make the System hurt. Perhaps- just perhaps- if everyone in the U.S. Slashdot/EFF community- lurkers, goat-sexing trolls, hackers, wanna-be's all ended up flooding the prisons, it could turn into a situation where the law was, in fact, unenforcable. And, of course, I'd welcome foreign supporters willing to be arrested as well...
Picture this: 5,000 geeks in kangaroo (court) outfits distributing circumvention software for free on the steps of the very courthouse where Dmitry is currently being tried....
5. Civil opinion might just question what the hell is going on. Laws could be changed or repealed once public sentiment was stroked. Then again, given the outcome of the current drug war in the US, perhaps not.
It's almost too late to stand up and take control of the laws in America, short of a revolution. But it can be done. Peacefully. Ghandi walked to the sea and made salt, breaking a Brittish law (on par with the DMCA) and ended up a martyr.
Seems to me more than a few people decided to walk instead of ride the bus down south in the 60's....
Where are our balls?
Shut up, be entertained, and stop thinking.
The guy who came up with the attack seems to have failed- but Ron R. came up with the interesting observation that the attack converts an RSA problem into finding a discrete log in a finite field (Diffie's public key algorithm, first implemented in GPG before RSA became public domain.)
Now, if a math problem can be converted from a patented algorithm into one in the public domain, which wins? Does the PD algorithm fall under the patent, or does the patent go away?
This wouldn't have been trivial a year ago when RSA was still under patent protection. Even two years ago RSA, Inc. was peddling FUD on Diffie's finite field problem, saying it needed more analysis before being trusted.
Mathematics behind both processes look a lot alike to the untrained (only 18 semester hrs of undergrad math) armchair math/crypto geek.
Somehow, this feels like a Windows versus Mac debate. Nobody has yet figured out that Politics is naturally Open Source, and we can cook up our own politics and distribute it at will.
Given four years of development time, we can build our own kernel of policies and values.
We can discuss, debate and critique the actions of the next president. We can have our own revision control system, and decide what would make a better look and feel to politics in America.
We can try it out. Send test candidates to State governments, and on Capitol Hill. We can tweak them. We can work with everything. We can build something that can handle just about any situation without crashing.
We are free to find someone in our midst willing to put a Penguin in the whitehouse instead of a donkey or elephant.
We don't have to buy slick marketed pre-boxed politics. But politics, just like software distributions, takes time and effort to develop. We seem to be too busy clicking on our icons to care.
It wasn't so long ago that Intel was roasted over an open fire for embedding unique serial numbers in their CPUs. No matter how high and lofty their proclaimed goals were, we saw it as an easy way to track people. Even Amnisty International protested.
Now, we see the emergence of the IPv6 protocol attempting to use the embedded supposedly-unique serial number (MAC address) of your NIC. Currently, we believe these numbers can only be tracked to a manufacturer. In time, this can change. If there is the proper political climate, it will.
DHCP isn't perfect. The arbitrary assignment of an IP by your ISP can be traced- but it takes a subpoena and reasonable grounds for obtaining the information. By connecting the number you receive to something on your machine, you effectively remove the ISP as an IP broker. The result is your privacy just became that much easier to thwart.
-Ouija-
Once upon a time, my best friend from high school (like-minded geek) offered for me to live with him and bring my computers...
Now we are both professional programmers, both married, and I've lost count of the computers and monitors. It's sweet, all right.
We've been told countless times that this would not work; that we both needed to grow up and realize that having our wives together in the same (admittedly HUGE) house was a bad idea.
Oh, there are issues:
Benefits are there, too: N64 AND PlayStation; LOTS of CD's in the collective; beefy MP3 server (of course), DVD, pool table, toys, toys, toys.
It's not for everyone; and I know it won't last forever. I'm hitting 30 this year, and I'm still waiting to grow up. My life is little different from the average college student, save the college and the occasional international business trip.
You know you're in geekdom when the whole house heads out at 1am for "burritos as big as your head" and/or Pizza.
So it isn't a myth. Geek houses exist. But they grow by themselves. I don't think it would have worked if we tried to make one. It's just what naturally fit for us.
-Ouija-
Many jobs require a CIS degree. Especially for high-paying admin and devel jobs.
That said, many jobs rely on (the better indicator IMHO) prior experience. My degree was in hard science and math (who could turn down playing with NeXT/Mathematica when both were new toys?) with an education degree. After experience in state-level statistics and database design, though- few employers questioned my abilities.
Things have changed quite a bit since then. Certainly, knowing the C/C++/Java family of languages and some good solid OOP design strategies will hold you in good stead. These things are taught in college these days. Don't expect an employer to do the training you should have received in school. It's not fair to them and is irresponsible on your part. If you already know how to code, and are familiar with your operating system and hardware, you'll not find much new in college. Most colleges tend to teach toward the people who are new to computers. Geeks are an irritation to profs since we code differently, think differently and can often befuddle them.
A college degree is like membership to a club. Jobs become easier to get if you're a member. It isn't fair. A degree doesn't make you a better coder. In fact, college CIS tends to homogenize and remove the creative spark that I find marks a truly gifted coder. Yet, expect the grad to get the better job (and salary). And, they always will.
Friends, Geeks, Hackerdom!
Lend me your bandwidth!
I come to bury VAX, not praise it.
The Evil of a platform lives after it.
The good oft is interred with the decommissioned hardware.
So let it be with VAX.
MS is of course going after their copyrighted content posted online. However, I expect that we acted exactly as they suspected we would.
The intent is to get rid of the SMB/Kerberos interoperability in Linux and other competing OSes. How to do it?
1. Ignore the spec on Kerberos.
2. When you take heat for this, release the spec using the tried-and-true EULA model. Since it's available "For Free" and in a source code form, it looks and smells to the general public like open souce. Only developers (slashdotters come to mind) will know the difference.
3. You wait until someone on Slashdot or like forum publishes your copyrighted spec against the license agreement; you predictably sue them when it is online.
4. Now, when someone does reverse-engineer the MS-hacked networking protocols, you've got a perfect place to point to where they gained the content- Slashdot - and can sue that it not be included in new distros of Linux, et al.
All of this ensures the nasty MS-OS monopoly continues without any recourse for the Open Source community. Freedom to innovate my ass.
-Ouija-
Wide-spread availability of files and information over a redundant network is a bad thing? Isn't that what the Internet is all about?
Perhaps we should just turn our little brains over to this moron now and let our 'Net be dismantled.
It seems the most obvious way to get this to work is to make all the new monitors support the standard- as well as (presumably) video cards.
Perhaps AGP was designed for this all along?
Still, you're putting encryption (Video card) and decryption (Monitor) in front of an attacker with no limit on the attacks able to be performed. At only a 56 bit keylength, this is as antiquated as single DES; something the EFF Deep-crack system broke in about 22 hours, last I heard. Expect a break, unless it's implemented like a WinModem...
People won't buy all of this unless they need to upgrade for some reason. Microsoft has been planning pay-per-use software for a while. This would be a nice registration enforcement system. MS might also stupidly render the encryption scheme in software; a Good_Thing for the next brave Jon. This is unlikely with Intel, though. You want it in hardware to pick up the speed.
I see somthing along the lines of checking for the security-enhanced video, launching the program and asking for a key to use the program. Everything in the window is encrypted until you pop in the right code.
Is it likely a secure design? No. But I've seen similar designs of software use. For example, the IPIX 360 degree photo creation software requires certificates which are redeemed for codes which work once. And let us not forget what happened to the Shareware Quake with the registered version sitting on the demo CD...
The root of the problem is that we are being forced to consume hardware which is designed to defeat our attempts to customize and devlop software for same. Until this stops, the entire industry has a thumb on us.
-Ouija-
This has been a very relevant topic for me. I grew up in (pardon the redundancy) rural West Virginia. I would love nothing better than have a log cabin in the forest with a nice T3 jacked into my home server. It's peaceful there; and it's where I first fell in love with programming. The nice thing about being a programmer is that I can do my job virtually anywhere- and I have. My company had me on four continents last year! Unfortunately, none of those places were home. Why? The key ingredients to keeping the bright, young minds at home are: Job and Education opportunities, Suitable mate-finding/family-rearing potential, Reasonable expectation for financial success in the local economy, pleasing entertainment opportunities (subjective), and most importantly- acceptance from the community. I've watched as my home town (Huntington) dwindled from a 1960's census population of 80,000 down to less than 25,000. It's a beautiful place to put in a Geekdom. Give it fifteen years, and you can buy the whole thing as a ghosttown for cheap.
I purchased my A1200, larger HD, M68060 and nic at:
CompuQuick
http://www.infinet.com/~comquick
comquick@infinet.com
614 235 1180
I'm not employed by them; I just like their stuff.