In our university town there are already taxes in place which are aimed at students without directly naming them as the objects of the laws. Restaurant taxes, Alcohol taxes, Property taxes on rental units, Parking law enforcement strategically biased to certain areas, etc. The Mayor in question really isn't too bright if he's being so direct.
I must be missing something here. WHY would someone use the original app instead of one modified to remove said rate limit? I mean the limit itself is going to be artificially imposed with something like "sleep(5)", so "cracking" the binary would be trivial at best, and the first vector I would think. Again, am I missing something here?
Yes, you are missing something, but it is a very common misconception. The "rate limit" is in the algorithm itself, not simply in the application which implements the algorithm.
Here is an example to demonstrate how such a rate limit can be constructed. Begin with a rather fast and strong hashing algorithm such as SHA-256. Now SHA-256 operates in the Merkle-Damgaard chaining mode which is inherently serial, so what you can do to slow it down is to define your password authentication algorithm to be a SHA-256 hash of a "message" which is formed by appending your password with one-billion 32-bit unsigned integers which are just consecutive counter values. Since you don't actually have to store the counter values, this takes no additional memory to implement. Since the algorithm is strongly serial in nature, you can't short-cut the process without breaking SHA-256 (which would be very impressive). Even on the fastest processors, hashing a > 1Gig message with SHA-256 is quite time consuming... at least several seconds per attempt. This provides a very effective rate limit.
I'm glad to know there are people like you who go through my classes. My courses are fairly hard with a high work load, so I have a correspondingly high "withdraw" rate. The students that remain, however, are a joy to teach.
I'm a math prof. I've never used PowerPoint slides. I've occasionally used LaTeX to create slides for a conference or seminar talk, but those are very different from a classroom presentation.
The whole point of human-to-human teaching is interaction! Without that critical component, there is no point in having a professor in the first place... there are these things called "books" which teach quite well in a non-interactive setting. A professor who relies purely on slides, or lectures blindly from ancient notes, has become just another non-interactive static medium, and can be replaced by a book. (In fact, the book will often be superior as it can be consulted easily at the user's convenience.)
One of my colleagues put it best during a discussion about "technology in the classroom." His retort was, "I agree! We definitely need more technology in our classrooms! Let's order more colored chalk!!"
I would argue that a big "lesson learned" to hardware innovators is that your awesome new hardware needs to have a total ecosystem that it can be easily used in. This means a good, cheap development tool chain, and preferable a port of Linux and some major applications.
For example, let's consider Itanium. Despite all the naysayers, the Itanium architecture is beautiful and has tremendous potential, but there isn't any good compiler support for Itanium. (Some would argue that good compilers for Itanium can't even be written, but I think that point is contentious.) So, ignoring the cost overruns and project delays, Intel still ended up with a mighty processor that almost no one can use effectively.
On the other side of the spectrum, look at the AVR. This is a tiny little 8-bit controller, but it was released with a good free compiler, a great simulator, and other development tools. The whole development setup was cheap enough to play with at home, and ended up being used in many academic settings. The result is a wildly popular (and profitable) product.
I'm sad to see SiCortex fold, because I think their MIPS based approach was really cool, but it looks like they just didn't have a broad enough ecosystem to have their equipment widely deployed. Too bad.
Well, one of the benefits of formally recognizing what is occurring is that it allows the practice to be formally challenged without the issue of "state secrets" being relevant.
As the old saying goes, "the problem with unwritten rules is that no one knows where to go to erase them." Here we have formal decision which puts one judge on record as agreeing with the common practice. This decision may now be appealed. The appeals process can allow the judicial branch to decide on the entire practice of warrantless wiretapping without any state secrecy issues being involved! That seems like a good thing to me.
This decision doesn't really change the common practice of law-enforcement agencies does it? Haven't we all already known that the government (and gmail/yahoo/hotmail/your boss etc.) is scanning our email pretty much whenever it wants to?
I dropped my paper because they couldn't seem to get it in the box. After continual complaints of poor service I finally decided I really didn't need it. I don't miss it.
That's the main reason why I stopped getting my local paper! I walk out the door at 6:30am, and if the paper isn't in the box by then, it's a waste. Of course, the idiotic editorials, and the lack of any in-depth reporting on local issues didn't help... at least on slashdot I can be one of the ediots (Laugh. That was funny.)
I'm very thankful to see this reply to the earlier post bashing plumbers, electricians, etc. I'm a math professor, so I certainly value education, but I know that there are plenty of "morons" that end up with college degrees just because their parents were rich enough to foot the bill.
There are skill sets and learned knowledge that don't come from college yet are still immensely valuable to society. If my house is flooding from a busted pipe, I don't want an engineering professor trying to fix it, I want a plumber! And, I sure as hell don't want an electrical engineering professor wiring my house... I want a licensed electrician.
Now, here's my opinion on paying for a university education: never take on a ridiculous debt burden to go to school unless your career options will allow you to quickly pay it off. Just got accepted to Harvard Law School, congrats, of course it's worth getting $300,000 worth of debt. But most people can get a good education at a public university while paying in-state tuition rates. I plan on sending my kids to an in-state public school. (Unless they get some amazing scholarships or I win the lottery.)
Okay, maybe I can't tell if you're just having fun... but the Flat Earth Society is a tongue-in-cheek type of joke. It's like the Church of the Flying Spaghetti Monster. Of course, maybe I'm just too daft to see your double tongue-in-cheekiness...
RedHat (current owner of Cygnus) has made a successful business providing high quality support for FOSS software, and I think that's great! However, the $1T estimate seems like it might just be a tad biased and perhaps ignoring some hidden costs, but I can't tell from the FA because it just references the figure without any details for the estimate.
Theora is an open video codec being developed by the Xiph.org Foundation as part of their Ogg project (It is a project that aims to integrate On2's VP3 video codec, Ogg Vorbis audio codec and Ogg multimedia container formats into a multimedia solution that can compete with MPEG-4 format). Theora is derived directly from On2's VP3 codec; currently the two are nearly identical, varying only in framing headers, but Theora will diverge and improve from the main VP3 development lineage as time progresses.
This is a fantastic piece of work by some of the leading computational number theorists today. Most of the authors are involved in the Sage project in some form or another and their algorithms and code are driving the cutting edge of the field. Great work guys!!
I run a small network of Macs hanging off an Xserve. I use OpenDirectory to administer the accounts. I have Linux boxes getting their home directories and user authentication information from the Xserve as well. The standard Mac OS X Server tools are actually really easy to use, and you can setup client configurations on a couple of archetype client machines and then easily mirror those configurations on your Mac clients with the System Image Utility. Configuring PAM on the Linux machines to use OpenDirectory is pretty simple (it's just LDAP) and the Xserve can export filesystems as NFS shares as well as AFS (Apple, not Andrew, File System).
My only complaint is that I've found it damn near impossible to get OpenDirectory to play together with the ActiveDirectory that our University uses for the rest of its IT infrastructure. As a result, I have to duplicate a lot of services in OpenDirectory that I would rather forward on to the ActiveDirectory servers.
If you have the funds, I'd recommend getting one of the disk arrays to have on the Xserve with a fiber channel connection. The Xserve is a 1U unit, so you can only fit three harddrives in it.
Open source education has existed for thousands of years. It used to be called a "library," although lately it's been called "Wikipedia". The simple fact is that if you can read then you can, in fact, educate yourself if you have sufficient time and dedication. Some of the world's greatest geniuses have been self-educated (e.g. Ramanujan). However, it requires much more time and dedication than the average (or even well above average) human seems to have. Self education also requires a substantial amount of high quality public output to demonstrate the education before others will accept it.
I'm biased, of course, since I'm a university professor. I have observed that the top students in my classes are somewhat self-educating anyway. They do the reading on their own, work more homework problems than assigned, and come to me to ask questions that aren't in the book. Most students, however, need constant classroom interaction for motivation as much as elucidation.
And I'm guessing the fix involved putting the key on a hard, flat surface and hitting it with a hammer....
Almost. Certainly if I had had the courage, then I would have tried that myself. However, the local mechanic actually warned me not to try it myself and said that modern Honda keys have pretty tight tolerances.
The locksmith used a device that looked like two vices that could be stretched apart with a lever.
I'm sure that some of the more handy slashdotters could have fixed it themselves, but I'm not so good with that stuff... which is why I went to the dealer in the first place. I thought they would either straighten it or charge me $20 for a new key and then punch in some code tied to the VIN number... I guess they need a bigger markup, though.
Yes!!!! It is about damn time. I hope the rest of the country will follow suit.
My local Honda Dealership wanted over $350 to "fix" a busted key (the electronics in it were fine, but the metal shaft was bent) by selling me all new electronic components inside the car's ignition system as well as matching "new" keys. I thought that was outrageous, so I took it to a local mechanic who told me that he wasn't allowed to order the parts... but he took one look at the key and said, "take that to a smart locksmith," and then he recommended one. I followed his advice, and the locksmith fixed my key in less than five minutes FOR FREE.
That's one more reason why I don't trust dealership service.
As a mathematician I love it when measurement science is actually able to observe something predicted by theory in previous decades. This is an amazing piece of work that gives me a visceral punch better than a quad espresso.
I'm capable of RTM'ing and Googling to find answers, but especially as I get older, I don't have the time I used to.
I am almost ashamed to admit it, but I'm also one of those "traitors" who has drifted away from Linux (on the desktop) for that very reason. When I was younger and didn't have kids, I didn't mind spend an entire weekend trying to get wireless drivers to work with my recompiled Linux kernel on my laptop. Now, I just want the damn thing to work, and I don't want to read any manuals to have to figure it out. It's not that I'm lazy, I just don't have the time to spend reading manuals when I can shell out a couple hundred bucks once every couple years for an OS that usually "just works". That's why my laptops, desktop at work, and home machines are all Macs. I get my Unix tools, and the generic consumer-grade parts "just work".
I'm still a huge fan of Linux, but I only use it on my big number-crunching machines at work (I'm a math prof.). I also contributed to open source projects (in my vary narrow field of academic interest, admittedly), but even in those projects I've watched things go sadly awry in the "bazaar" model. I'll continue to be an open source advocate, but I'm now a "pragmatic" advocate.
Unfortunately, that's looking more true every day. I remember running a network of Sparcs and bragging to my family members about how they (the Sparcs) were sooo much more powerful than PCs that we had in our homes. Seven years later I was replacing all our Sparcs with x86_64 Linux boxes... too bad Sun just couldn't keep up with hardware development. It would be nice if Oracle really did ramp up hardware R&D for Sun, but I can't see those announcements being anything more than reassurances to nervous enterprise customers.
It's also "ideology" to value education, independent thought, and freedom to choose worthwhile alternatives over degree mills, consumerism, and proprietary lock-ins.
I have nothing against Windows; it is the dominant platform for businesses worldwide, and there are many reasons that a college educated person should be familiar with it. However, I think that a good school will have a diverse enough computing community to have some level of support for Windows, Mac, and Linux, (and maybe even a little BSD and Solaris). Try any large state school with an engineering program.
Slashdot Mirror
In our university town there are already taxes in place which are aimed at students without directly naming them as the objects of the laws. Restaurant taxes, Alcohol taxes, Property taxes on rental units, Parking law enforcement strategically biased to certain areas, etc. The Mayor in question really isn't too bright if he's being so direct.
I must be missing something here. WHY would someone use the original app instead of one modified to remove said rate limit? I mean the limit itself is going to be artificially imposed with something like "sleep(5)", so "cracking" the binary would be trivial at best, and the first vector I would think. Again, am I missing something here?
Yes, you are missing something, but it is a very common misconception. The "rate limit" is in the algorithm itself, not simply in the application which implements the algorithm.
Here is an example to demonstrate how such a rate limit can be constructed. Begin with a rather fast and strong hashing algorithm such as SHA-256. Now SHA-256 operates in the Merkle-Damgaard chaining mode which is inherently serial, so what you can do to slow it down is to define your password authentication algorithm to be a SHA-256 hash of a "message" which is formed by appending your password with one-billion 32-bit unsigned integers which are just consecutive counter values. Since you don't actually have to store the counter values, this takes no additional memory to implement. Since the algorithm is strongly serial in nature, you can't short-cut the process without breaking SHA-256 (which would be very impressive). Even on the fastest processors, hashing a > 1Gig message with SHA-256 is quite time consuming... at least several seconds per attempt. This provides a very effective rate limit.
I'm glad to know there are people like you who go through my classes. My courses are fairly hard with a high work load, so I have a correspondingly high "withdraw" rate. The students that remain, however, are a joy to teach.
NOT ME!
I'm a math prof. I've never used PowerPoint slides. I've occasionally used LaTeX to create slides for a conference or seminar talk, but those are very different from a classroom presentation.
The whole point of human-to-human teaching is interaction! Without that critical component, there is no point in having a professor in the first place... there are these things called "books" which teach quite well in a non-interactive setting. A professor who relies purely on slides, or lectures blindly from ancient notes, has become just another non-interactive static medium, and can be replaced by a book. (In fact, the book will often be superior as it can be consulted easily at the user's convenience.)
One of my colleagues put it best during a discussion about "technology in the classroom." His retort was, "I agree! We definitely need more technology in our classrooms! Let's order more colored chalk!!"
I would argue that a big "lesson learned" to hardware innovators is that your awesome new hardware needs to have a total ecosystem that it can be easily used in. This means a good, cheap development tool chain, and preferable a port of Linux and some major applications.
For example, let's consider Itanium. Despite all the naysayers, the Itanium architecture is beautiful and has tremendous potential, but there isn't any good compiler support for Itanium. (Some would argue that good compilers for Itanium can't even be written, but I think that point is contentious.) So, ignoring the cost overruns and project delays, Intel still ended up with a mighty processor that almost no one can use effectively.
On the other side of the spectrum, look at the AVR. This is a tiny little 8-bit controller, but it was released with a good free compiler, a great simulator, and other development tools. The whole development setup was cheap enough to play with at home, and ended up being used in many academic settings. The result is a wildly popular (and profitable) product.
I'm sad to see SiCortex fold, because I think their MIPS based approach was really cool, but it looks like they just didn't have a broad enough ecosystem to have their equipment widely deployed. Too bad.
Well, one of the benefits of formally recognizing what is occurring is that it allows the practice to be formally challenged without the issue of "state secrets" being relevant.
As the old saying goes, "the problem with unwritten rules is that no one knows where to go to erase them." Here we have formal decision which puts one judge on record as agreeing with the common practice. This decision may now be appealed. The appeals process can allow the judicial branch to decide on the entire practice of warrantless wiretapping without any state secrecy issues being involved! That seems like a good thing to me.
This decision doesn't really change the common practice of law-enforcement agencies does it? Haven't we all already known that the government (and gmail/yahoo/hotmail/your boss etc.) is scanning our email pretty much whenever it wants to?
I use NPR for most of my real news. I often read/listen from their webpage for "free", but I still give them money when they ask for it.
I dropped my paper because they couldn't seem to get it in the box. After continual complaints of poor service I finally decided I really didn't need it. I don't miss it.
That's the main reason why I stopped getting my local paper! I walk out the door at 6:30am, and if the paper isn't in the box by then, it's a waste. Of course, the idiotic editorials, and the lack of any in-depth reporting on local issues didn't help... at least on slashdot I can be one of the ediots (Laugh. That was funny.)
I'm very thankful to see this reply to the earlier post bashing plumbers, electricians, etc. I'm a math professor, so I certainly value education, but I know that there are plenty of "morons" that end up with college degrees just because their parents were rich enough to foot the bill.
There are skill sets and learned knowledge that don't come from college yet are still immensely valuable to society. If my house is flooding from a busted pipe, I don't want an engineering professor trying to fix it, I want a plumber! And, I sure as hell don't want an electrical engineering professor wiring my house... I want a licensed electrician.
Now, here's my opinion on paying for a university education: never take on a ridiculous debt burden to go to school unless your career options will allow you to quickly pay it off. Just got accepted to Harvard Law School, congrats, of course it's worth getting $300,000 worth of debt. But most people can get a good education at a public university while paying in-state tuition rates. I plan on sending my kids to an in-state public school. (Unless they get some amazing scholarships or I win the lottery.)
Must be absolutely horrible having all those evil search engines actually index his pages! I guess his robots files aren't working or something.
int128_t?
It blows my mind how few people use stdint.h when it makes a lot more sense to use that these days.
Agreed!!
I'd mod you up if only I could... but I've never been able to moderate. So, you'll have to settle for my lame little post.
Okay, maybe I can't tell if you're just having fun... but the Flat Earth Society is a tongue-in-cheek type of joke. It's like the Church of the Flying Spaghetti Monster. Of course, maybe I'm just too daft to see your double tongue-in-cheekiness...
RedHat (current owner of Cygnus) has made a successful business providing high quality support for FOSS software, and I think that's great! However, the $1T estimate seems like it might just be a tad biased and perhaps ignoring some hidden costs, but I can't tell from the FA because it just references the figure without any details for the estimate.
From the FAQ on the website:
Theora is an open video codec being developed by the Xiph.org Foundation as part of their Ogg project (It is a project that aims to integrate On2's VP3 video codec, Ogg Vorbis audio codec and Ogg multimedia container formats into a multimedia solution that can compete with MPEG-4 format).
Theora is derived directly from On2's VP3 codec; currently the two are nearly identical, varying only in framing headers, but Theora will diverge and improve from the main VP3 development lineage as time progresses.
What's the point of building a Doomsday machine if you don't tell everyone about it?
This is a fantastic piece of work by some of the leading computational number theorists today. Most of the authors are involved in the Sage project in some form or another and their algorithms and code are driving the cutting edge of the field. Great work guys!!
I run a small network of Macs hanging off an Xserve. I use OpenDirectory to administer the accounts. I have Linux boxes getting their home directories and user authentication information from the Xserve as well. The standard Mac OS X Server tools are actually really easy to use, and you can setup client configurations on a couple of archetype client machines and then easily mirror those configurations on your Mac clients with the System Image Utility. Configuring PAM on the Linux machines to use OpenDirectory is pretty simple (it's just LDAP) and the Xserve can export filesystems as NFS shares as well as AFS (Apple, not Andrew, File System).
My only complaint is that I've found it damn near impossible to get OpenDirectory to play together with the ActiveDirectory that our University uses for the rest of its IT infrastructure. As a result, I have to duplicate a lot of services in OpenDirectory that I would rather forward on to the ActiveDirectory servers.
If you have the funds, I'd recommend getting one of the disk arrays to have on the Xserve with a fiber channel connection. The Xserve is a 1U unit, so you can only fit three harddrives in it.
Open source education has existed for thousands of years. It used to be called a "library," although lately it's been called "Wikipedia". The simple fact is that if you can read then you can, in fact, educate yourself if you have sufficient time and dedication. Some of the world's greatest geniuses have been self-educated (e.g. Ramanujan). However, it requires much more time and dedication than the average (or even well above average) human seems to have. Self education also requires a substantial amount of high quality public output to demonstrate the education before others will accept it.
I'm biased, of course, since I'm a university professor. I have observed that the top students in my classes are somewhat self-educating anyway. They do the reading on their own, work more homework problems than assigned, and come to me to ask questions that aren't in the book. Most students, however, need constant classroom interaction for motivation as much as elucidation.
And I'm guessing the fix involved putting the key on a hard, flat surface and hitting it with a hammer....
Almost. Certainly if I had had the courage, then I would have tried that myself. However, the local mechanic actually warned me not to try it myself and said that modern Honda keys have pretty tight tolerances.
The locksmith used a device that looked like two vices that could be stretched apart with a lever.
I'm sure that some of the more handy slashdotters could have fixed it themselves, but I'm not so good with that stuff... which is why I went to the dealer in the first place. I thought they would either straighten it or charge me $20 for a new key and then punch in some code tied to the VIN number... I guess they need a bigger markup, though.
Yes!!!! It is about damn time. I hope the rest of the country will follow suit.
My local Honda Dealership wanted over $350 to "fix" a busted key (the electronics in it were fine, but the metal shaft was bent) by selling me all new electronic components inside the car's ignition system as well as matching "new" keys. I thought that was outrageous, so I took it to a local mechanic who told me that he wasn't allowed to order the parts... but he took one look at the key and said, "take that to a smart locksmith," and then he recommended one. I followed his advice, and the locksmith fixed my key in less than five minutes FOR FREE.
That's one more reason why I don't trust dealership service.
As a mathematician I love it when measurement science is actually able to observe something predicted by theory in previous decades. This is an amazing piece of work that gives me a visceral punch better than a quad espresso.
I'm capable of RTM'ing and Googling to find answers, but especially as I get older, I don't have the time I used to.
I am almost ashamed to admit it, but I'm also one of those "traitors" who has drifted away from Linux (on the desktop) for that very reason. When I was younger and didn't have kids, I didn't mind spend an entire weekend trying to get wireless drivers to work with my recompiled Linux kernel on my laptop. Now, I just want the damn thing to work, and I don't want to read any manuals to have to figure it out. It's not that I'm lazy, I just don't have the time to spend reading manuals when I can shell out a couple hundred bucks once every couple years for an OS that usually "just works". That's why my laptops, desktop at work, and home machines are all Macs. I get my Unix tools, and the generic consumer-grade parts "just work".
I'm still a huge fan of Linux, but I only use it on my big number-crunching machines at work (I'm a math prof.). I also contributed to open source projects (in my vary narrow field of academic interest, admittedly), but even in those projects I've watched things go sadly awry in the "bazaar" model. I'll continue to be an open source advocate, but I'm now a "pragmatic" advocate.
Unfortunately, that's looking more true every day. I remember running a network of Sparcs and bragging to my family members about how they (the Sparcs) were sooo much more powerful than PCs that we had in our homes. Seven years later I was replacing all our Sparcs with x86_64 Linux boxes... too bad Sun just couldn't keep up with hardware development. It would be nice if Oracle really did ramp up hardware R&D for Sun, but I can't see those announcements being anything more than reassurances to nervous enterprise customers.
It's also "ideology" to value education, independent thought, and freedom to choose worthwhile alternatives over degree mills, consumerism, and proprietary lock-ins.
I have nothing against Windows; it is the dominant platform for businesses worldwide, and there are many reasons that a college educated person should be familiar with it. However, I think that a good school will have a diverse enough computing community to have some level of support for Windows, Mac, and Linux, (and maybe even a little BSD and Solaris). Try any large state school with an engineering program.