It would be pretty interesting if it's true, however -- my guess would be that a large animal capable of avoiding detection for so long in well-explored areas would be interestingly intelligent.../i
I'm not surprised given the region. It's not so much that they area is impossibly dense or remote but that there's been so much turmoil in this region over the past century that it's quite inhospital to exploration.
As shortly following the famous quote "The mass of men lead lives of quiet desperation" comes "A stereotyped but unconscious despair is concealed even under what are called the games and amusements of mankind. There is no play in them, for this comes after work. But it is a characteristic of wisdom not to do desperate things."
Thoreau deplored modern society. He was passionate about learning and thought that a man should spend all of his being trying to learn as much as possible about everything. He would roll over in his grave if he knew people used his writings to re-enforce fiction--Thoreau had absolutely no time for fiction or any other kinds of "games or amusements".
Quotes are dangerous things. Don't use them unless you are absolutely positive that you know exactly what point the author was trying to convey.
As if that's the only way, or even the most prevalent way, that people infiltrate systems.
No, it's about trust. If my system is attacked, I have to start from scratch because they could have hit my kernel/boot loader/etc. If you establish a trusted portion of the OS then you can begin to propagate that trust down.
The idea goes like this, a signed boot loader that will only execute a signed kernel that will only execute signed kernel modules that only will allow signed binaries to run is impossible to hijack.
Check out this. Apparently I was mistaken in that the IBM chipset doesn't have tamper resistent features. This was specifically to allow a user to get at his own key (given the proper technology).
Also, this is the industry that decided it was worth saving $1 to have the CPU do all the processing for the modem or the sound card. There is no way they would be interested in adding a processor that does encryption if they did not have a deeper purpose.
This chip costs a lot more than a $1.. the business case is obvious though. They sell this as a security features (especially with ThinkPads). It's fast enough to do on-the-fly encryption to your harddrive. This means your entire harddrive is encrypted so that if you lose your laptop, the data cannot be recovered.
This is a *huge* selling point for corporations who are worried about losing corporate secrets. In fact, if the Bush campaign was using ThinkPads with this feature enabled, then they don't have to worry about those stolen laptops..
There's definitely a business case, IBM wouldn't waste that kind of money just to be evil.
If TCPA is as you describe, then there'd be no reason such a chip couldn't be fully emulated in software. Would this be correct?
Only sort of. You could definitely emulate the functionality but it wouldn't be as secure since then the private key store wouldn't be tamper resistent. But yeah, other than that you could.
If you look at the patches that have been submitted to projects like OpenSSL, it's essentially changes to offload the crypto portions to this chip and if the chips not present, to just do it in software.
So we're kind of already doing software emulation of the TCPA...
Dah, dude, you can shut it off in the BIOS. It's not a bad thing.
However, an interesting little tidbit, AFAIK this thing is tamper resistent. Let's say you tried to remove it and tried to get at the private keys within it, I believe the way it works is that there's actually some sort of corusive material that will get released and literally destroy the chip.
Pretty cool stuff that pretty much guarentees your data's safety. I wanna reiterate though, you can shut it off in the BIOS. If you had software that was stupid enough to require this to be used for some malicious purpose (I can't think of one btw since there's no sort of unique identifier or anything on this chip--you supply it with the private keys) then you could easily disable it and the software would know no difference.
There is no reason anyone should be concerned about TCPA. IBM has been a very responsible citizen here.
Check out Dave Safford's rebuttal to some of the TCPA-related FUD. Keep in mind though, you were the one throwing FUD, it's your responsibility to provide evidence since you were the one making accusations. I'd say you should take some of your own advice.
My friend works on this technology. I take it personally when people spread FUD about it. I'm acting toward you as you have been acting toward TCPA. It's hard to argue with someone who says things that are irrelevant and have no factual basis isn't it?
Sure, I could turn it off in the BIOS, but Joe Six-Pack isn't going to know this, and maybe that's just as well.
Well hell, I don't trust those FPUs. I think they should be optional. The fact that these new processors all come with FPUs bothers me. What if there's some CIA back door in the CPU so they can keep track of all my calculations?
Back in the day, I could choose to have a FPU or not, *now* it's embedded in the hardware with no way to turn it off. That should be an option. That's all I'm saying here. I'm not knocking the technology. I'm simply pointing out that it should be optional, and not embedded like a hardware version of IE.
At first I gave you the benefit of the doubt, but now I'm pretty sure you're just a twit. Your argument is moronic.
Now a super-secure system would be great, but do you honestly want something in your box that keeps you from running what you tell it to run? I could be wrong about this, but it's what this sound like to me: a super-encrypted safebox that won't let me check my e-mail if I don't use the approved e-mail application for that computer.
This chip has nothing to do with this! I don't understand where this FUD comes from. Do you think that this chip has little Gremlins in it that watch what you're doing and decides on what you're allowed to do?
This chip is a crypto co-processor. It's specs are entirely open. You can disable it in the BIOS. Moreover, it doesn't actually do anything unless you use it in your software. Please stop spreading lies about something you don't know anything about.
I know you're not intentionally pushing this BS, but repeating rumors is just as bad...
Techheads don't need this chip... but AOL users do. if its optional, I'm all for the idea -- but if it's just going to be there, then I don't want anything to do with it.
Wth is a techhead? I'd consider myself pretty technologically literate but the only way I could build a truely secure system is with a chip like this. The only way I'd imagine it'd be possible to do the same is if someone memorized a 1024-bit RSA key or something that they entered everytime their system booted and was then used to decrypt the entire hard drive.
This chip basically provides a tamper-resistant place to store such a key. I think you've got pretty high expectations of "techheads" if you expect them to provide the same sort of level of security that this chip provides...
TCPA (the chip that's in these PCs) is simply a Crypto co-processor. It provides acceleration for common crypto algorithms and it also provides a tamper-resistant storage location for keys. IBM maintains an Open Source implementation for the processor.
There's already been really neat things done with the chip like a truely secure version of Linux that's entirely tamper proof (this is doing by signing the kernel and boot loader with the TCPA.
Put away the foil hats people, this is actually really cool innovative technology that so far has given Linux an edge in the security world over Windows.
I have a Linksys wireless switch behind my cable modem. My main Linux server is set up as a DMZ host. This server was built via Gentoo and the only services running that are exposed is ssh and Apache2.
I've not had an issue in the 2 years I've had this setup. I don't have problems with email worms and such because well all my machines run Linux:-)
I've got a similiar setup for my parents and they've had minimal problems running all Windows. They've had some spyware issues lately because of some bad downloading but what can you do.
A good informal definition of strong typing (note I did not say "static") is that all type errors are caught.
Well, I kind of don't really like this definition very much. The problem with a language like C is definitely different than one like C++. In C, types are implicitly converted between each other. In C++, this isn't the case. However, for performance and backward compatibility C++ offers mechanisms such that you can perform explicit conversions between types that can result in undefined behavior in error situations.
Now, undefined behavior in an error caused by an explicit type conversion isn't bad in my mind. Considering that an explicit type conversion is really just an operator (in fact, it's an overloadable operator in C++) it really doesn't matter what the semantics are here.
Java is strongly typed, and has both static and dynamic typing. The compiler catches many type errors, and the runtime system catches every other type error.
Thank you. This is the most intelligent thing I've seen in this conversation so far. My original post was based on the characterization that Java was a "strong staticly typed" language and C++ was a "weak staticly typed" language.
There's an implicit conversion. If you look at the definition of strong/weak typing from Wikipedia:
Weak typing means that types are implicitly converted (or cast) when they are used. If we were to revisit the previous example:
Run the above code in C++ and you'll get errors. C++ is more strongly typed than C. I think you should read a little before you start saying such things.
There are all sorts of polymorphism. At any rate, polymorphism doesn't automatic mean your dynamically typed. However, if all your objects are have the same base class, and you have common operators that work on that base class (like say, equals or compareTo), then you've eventually made dynamic typing.
If you violate type rules in Java, you get (at worst) a well-defined runtime error.
That doesn't sound very static to me..
And btw, take a look under the covers at the new collections. They're implemented internally by new'ing Object[]s b/c of the weirdness of Java generics.
Also they provide object accessor methods.
You've also demonstrated one of Java's weak-typed new features--autoboxing. int's get converted to Integers automagically now. Again, not very static nor very strong.
I don't think the technical reason that people consider C/C++ weakly typed that you can get undefined behavior with casts but rather that C is pretty nasty about implicit casting to void* in that it does it all the time.
You get weird things like void* to implicit int casts too. I believe that's why C gets this distiniction. However, this was pretty much eliminated in C++. I don't think it's fair to say C++ is weakly typed..
And you can do the same thing in Java too btw. It's a well known Java weirdism.
You can have a single array of type Shape with base classes Square and Rectangle. If you initialize the Shape array with a Rectangle away, you can then assign the Shape array new Square elements. No exceptions, you won't get an error until you actually try to use the element (not when you cast).
Um, dude, static typing means that a variables type is defined at compile time. Polymorphism is a dynamic typing mechanism.
All containers in Java are polymorphic. Since we still like to say Java's statically typed, we say it's weakly typed.
For the most part, people don't have polymorphic containers. It's a practice not generally recommended in the absentence of a strong pointer wrapper.
RTTI would be that information know at runtime. It's at least limited in C++, but every non-primative shares the same base class in Java so there's quite a bit of instanceof's going on as people are forced implement Object interfaces for things like equals or compareTo.
If you wrote all of your Java code to take Objects are your parameters, how would this be different from a dynamically typed language?
Why? Because you can cast to a void *? You can cast to Object in Java and it's not checked until run time. The typing of Java is no stronger than C++.
At least we have strongly-typed collections in C++. How many times have you pulled the wrong thing out of a Java collection and not found this out until run-time...
I almost never watch a movie over again. The theatre is much much cheaper. My typical movie experience consists of:
Tickets: $5 x 2 = $10 Beer: $3.50 x 2 = $7 Food: $5 x 2 = $10
Of course, the number of beers goes up depending on how bad the movie is.. but that's the great thing about the Draft House, no matter how bad a movie is, you can order enough beer to make it better:-)
There was a guy trying to build an app that you describe. His idea was to proxy all network traffic and modify the password fields after some central authentication took place.
This works for trivial protocols like SMTP or HTTP but it doesn't work for very secure protocols. Protocols like Kerberos are tamper resistant so this just isn't practical.
Google declares that one of the governing values behind their corporation is that "They will not be evil". The discussion here is whether they are violating that.
The chinese government approached google telling them that they must not show search results to blocked sites or that google will be themselves blocked.
Google asked themselves what's better, having no presence in China, or having some presence.
Perhaps they could even sneak in some things through the cache, give priority to sites that haven't yet been blocked by the government.
It's hard to make a decision about how evil Google is being here. If they just up and decided to censor results or if they're doing this to try to win some Chinese government contract then I would certainly agree that they have violated their own code of conduct.
Slashdot Mirror
It would be pretty interesting if it's true, however -- my guess would be that a large animal capable of avoiding detection for so long in well-explored areas would be interestingly intelligent.../i
I'm not surprised given the region. It's not so much that they area is impossibly dense or remote but that there's been so much turmoil in this region over the past century that it's quite inhospital to exploration.
As shortly following the famous quote "The mass of men lead lives of quiet desperation" comes "A stereotyped but unconscious despair is concealed even under what are called the games and amusements of mankind. There is no play in them, for this comes after work. But it is a characteristic of wisdom not to do desperate things."
Thoreau deplored modern society. He was passionate about learning and thought that a man should spend all of his being trying to learn as much as possible about everything. He would roll over in his grave if he knew people used his writings to re-enforce fiction--Thoreau had absolutely no time for fiction or any other kinds of "games or amusements".
Quotes are dangerous things. Don't use them unless you are absolutely positive that you know exactly what point the author was trying to convey.
As if that's the only way, or even the most prevalent way, that people infiltrate systems.
No, it's about trust. If my system is attacked, I have to start from scratch because they could have hit my kernel/boot loader/etc. If you establish a trusted portion of the OS then you can begin to propagate that trust down.
The idea goes like this, a signed boot loader that will only execute a signed kernel that will only execute signed kernel modules that only will allow signed binaries to run is impossible to hijack.
Check out this. Apparently I was mistaken in that the IBM chipset doesn't have tamper resistent features. This was specifically to allow a user to get at his own key (given the proper technology).
Also, this is the industry that decided it was worth saving $1 to have the CPU do all the processing for the modem or the sound card. There is no way they would be interested in adding a processor that does encryption if they did not have a deeper purpose.
This chip costs a lot more than a $1.. the business case is obvious though. They sell this as a security features (especially with ThinkPads). It's fast enough to do on-the-fly encryption to your harddrive. This means your entire harddrive is encrypted so that if you lose your laptop, the data cannot be recovered.
This is a *huge* selling point for corporations who are worried about losing corporate secrets. In fact, if the Bush campaign was using ThinkPads with this feature enabled, then they don't have to worry about those stolen laptops..
There's definitely a business case, IBM wouldn't waste that kind of money just to be evil.
If TCPA is as you describe, then there'd be no reason such a chip couldn't be fully emulated in software. Would this be correct?
Only sort of. You could definitely emulate the functionality but it wouldn't be as secure since then the private key store wouldn't be tamper resistent. But yeah, other than that you could.
If you look at the patches that have been submitted to projects like OpenSSL, it's essentially changes to offload the crypto portions to this chip and if the chips not present, to just do it in software.
So we're kind of already doing software emulation of the TCPA...
Dah, dude, you can shut it off in the BIOS. It's not a bad thing.
However, an interesting little tidbit, AFAIK this thing is tamper resistent. Let's say you tried to remove it and tried to get at the private keys within it, I believe the way it works is that there's actually some sort of corusive material that will get released and literally destroy the chip.
Pretty cool stuff that pretty much guarentees your data's safety. I wanna reiterate though, you can shut it off in the BIOS. If you had software that was stupid enough to require this to be used for some malicious purpose (I can't think of one btw since there's no sort of unique identifier or anything on this chip--you supply it with the private keys) then you could easily disable it and the software would know no difference.
There is no reason anyone should be concerned about TCPA. IBM has been a very responsible citizen here.
Check out Dave Safford's rebuttal to some of the TCPA-related FUD. Keep in mind though, you were the one throwing FUD, it's your responsibility to provide evidence since you were the one making accusations. I'd say you should take some of your own advice.
My friend works on this technology. I take it personally when people spread FUD about it. I'm acting toward you as you have been acting toward TCPA. It's hard to argue with someone who says things that are irrelevant and have no factual basis isn't it?
Sure, I could turn it off in the BIOS, but Joe Six-Pack isn't going to know this, and maybe that's just as well.
Well hell, I don't trust those FPUs. I think they should be optional. The fact that these new processors all come with FPUs bothers me. What if there's some CIA back door in the CPU so they can keep track of all my calculations?
Back in the day, I could choose to have a FPU or not, *now* it's embedded in the hardware with no way to turn it off. That should be an option. That's all I'm saying here. I'm not knocking the technology. I'm simply pointing out that it should be optional, and not embedded like a hardware version of IE.
At first I gave you the benefit of the doubt, but now I'm pretty sure you're just a twit. Your argument is moronic.
Now a super-secure system would be great, but do you honestly want something in your box that keeps you from running what you tell it to run? I could be wrong about this, but it's what this sound like to me: a super-encrypted safebox that won't let me check my e-mail if I don't use the approved e-mail application for that computer.
This chip has nothing to do with this! I don't understand where this FUD comes from. Do you think that this chip has little Gremlins in it that watch what you're doing and decides on what you're allowed to do?
This chip is a crypto co-processor. It's specs are entirely open. You can disable it in the BIOS. Moreover, it doesn't actually do anything unless you use it in your software. Please stop spreading lies about something you don't know anything about.
I know you're not intentionally pushing this BS, but repeating rumors is just as bad...
Techheads don't need this chip... but AOL users do. if its optional, I'm all for the idea -- but if it's just going to be there, then I don't want anything to do with it.
Wth is a techhead? I'd consider myself pretty technologically literate but the only way I could build a truely secure system is with a chip like this. The only way I'd imagine it'd be possible to do the same is if someone memorized a 1024-bit RSA key or something that they entered everytime their system booted and was then used to decrypt the entire hard drive.
This chip basically provides a tamper-resistant place to store such a key. I think you've got pretty high expectations of "techheads" if you expect them to provide the same sort of level of security that this chip provides...
TCPA (the chip that's in these PCs) is simply a Crypto co-processor. It provides acceleration for common crypto algorithms and it also provides a tamper-resistant storage location for keys. IBM maintains an Open Source implementation for the processor.
There's already been really neat things done with the chip like a truely secure version of Linux that's entirely tamper proof (this is doing by signing the kernel and boot loader with the TCPA.
Put away the foil hats people, this is actually really cool innovative technology that so far has given Linux an edge in the security world over Windows.
I have a Linksys wireless switch behind my cable modem. My main Linux server is set up as a DMZ host. This server was built via Gentoo and the only services running that are exposed is ssh and Apache2.
:-)
I've not had an issue in the 2 years I've had this setup. I don't have problems with email worms and such because well all my machines run Linux
I've got a similiar setup for my parents and they've had minimal problems running all Windows. They've had some spyware issues lately because of some bad downloading but what can you do.
A good informal definition of strong typing (note I did not say "static") is that all type errors are caught.
Well, I kind of don't really like this definition very much. The problem with a language like C is definitely different than one like C++. In C, types are implicitly converted between each other. In C++, this isn't the case. However, for performance and backward compatibility C++ offers mechanisms such that you can perform explicit conversions between types that can result in undefined behavior in error situations.
Now, undefined behavior in an error caused by an explicit type conversion isn't bad in my mind. Considering that an explicit type conversion is really just an operator (in fact, it's an overloadable operator in C++) it really doesn't matter what the semantics are here.
Java is strongly typed, and has both static and dynamic typing. The compiler catches many type errors, and the runtime system catches every other type error.
Thank you. This is the most intelligent thing I've seen in this conversation so far. My original post was based on the characterization that Java was a "strong staticly typed" language and C++ was a "weak staticly typed" language.
I think you'll agree this statement is incorrect.
Ok, don't believe me. Run:
struct test a;
void *b =
There's an implicit cast.
Also, do:
int a = b;
There's an implicit conversion. If you look at the definition of strong/weak typing from Wikipedia:
Weak typing means that types are implicitly converted (or cast) when they are used. If we were to revisit the previous example:
Run the above code in C++ and you'll get errors. C++ is more strongly typed than C. I think you should read a little before you start saying such things.
There are all sorts of polymorphism. At any rate, polymorphism doesn't automatic mean your dynamically typed. However, if all your objects are have the same base class, and you have common operators that work on that base class (like say, equals or compareTo), then you've eventually made dynamic typing.
If you violate type rules in Java, you get (at worst) a well-defined runtime error.
That doesn't sound very static to me..
And btw, take a look under the covers at the new collections. They're implemented internally by new'ing Object[]s b/c of the weirdness of Java generics.
Also they provide object accessor methods.
You've also demonstrated one of Java's weak-typed new features--autoboxing. int's get converted to Integers automagically now. Again, not very static nor very strong.
I don't think the technical reason that people consider C/C++ weakly typed that you can get undefined behavior with casts but rather that C is pretty nasty about implicit casting to void* in that it does it all the time.
You get weird things like void* to implicit int casts too. I believe that's why C gets this distiniction. However, this was pretty much eliminated in C++. I don't think it's fair to say C++ is weakly typed..
And you can do the same thing in Java too btw. It's a well known Java weirdism.
You can have a single array of type Shape with base classes Square and Rectangle. If you initialize the Shape array with a Rectangle away, you can then assign the Shape array new Square elements. No exceptions, you won't get an error until you actually try to use the element (not when you cast).
Um, dude, static typing means that a variables type is defined at compile time. Polymorphism is a dynamic typing mechanism.
All containers in Java are polymorphic. Since we still like to say Java's statically typed, we say it's weakly typed.
For the most part, people don't have polymorphic containers. It's a practice not generally recommended in the absentence of a strong pointer wrapper.
RTTI would be that information know at runtime. It's at least limited in C++, but every non-primative shares the same base class in Java so there's quite a bit of instanceof's going on as people are forced implement Object interfaces for things like equals or compareTo.
If you wrote all of your Java code to take Objects are your parameters, how would this be different from a dynamically typed language?
Bah, I can't believe people stilll shovel this stuff.
C/C++ = Weakly statically typed
Java/C# = Strongly statically typed
Why? Because you can cast to a void *? You can cast to Object in Java and it's not checked until run time. The typing of Java is no stronger than C++.
At least we have strongly-typed collections in C++. How many times have you pulled the wrong thing out of a Java collection and not found this out until run-time...
The silly things they print in textbooks...
I almost never watch a movie over again. The theatre is much much cheaper. My typical movie experience consists of:
:-)
Tickets: $5 x 2 = $10
Beer: $3.50 x 2 = $7
Food: $5 x 2 = $10
Of course, the number of beers goes up depending on how bad the movie is.. but that's the great thing about the Draft House, no matter how bad a movie is, you can order enough beer to make it better
There was a guy trying to build an app that you describe. His idea was to proxy all network traffic and modify the password fields after some central authentication took place.
This works for trivial protocols like SMTP or HTTP but it doesn't work for very secure protocols. Protocols like Kerberos are tamper resistant so this just isn't practical.
Google declares that one of the governing values behind their corporation is that "They will not be evil". The discussion here is whether they are violating that.
It quite possibly could have gone done like this:
The chinese government approached google telling them that they must not show search results to blocked sites or that google will be themselves blocked.
Google asked themselves what's better, having no presence in China, or having some presence.
Perhaps they could even sneak in some things through the cache, give priority to sites that haven't yet been blocked by the government.
It's hard to make a decision about how evil Google is being here. If they just up and decided to censor results or if they're doing this to try to win some Chinese government contract then I would certainly agree that they have violated their own code of conduct.
It might not be that way though.