Recent Comments

Well, with the size of all our collections of data these days, we've got to do something that's not just another hard disk, and is more reasonably portable without fear of dropping it on the floor.

Wait... hold it... you are supposed to shut windows 8 down using the power button? I thought that was a joke

Oh come on. Being popular is not the same thing as having a cult of personality. Granted, sometimes the fans of a person or product can spoil the product, through no fault of the product itself. I'll agree that Tyson gets perhaps a little more press than needed but, none the less, Tyson seems to simply be an outgoing science advocate, much like Bill Nye.

I was going to say, is this really much of an advance over Blu-Ray? Which I've long suspected is the last gasp of optical storage. I'm really not sure what the use case for "archival optical disks" is these days.

Really, really smart. Probably as smart as us. If their trunks were just a little more dextrous (and they're already pretty impressive) we'd have some serious competition.

300GB for double sided, 3 layers a side. 50GB/layer So basically double the density per area of blueray.
If they can make as fast or cheap as the ancient LTO4 (800GB) tape, maybe we can talk. You can get an old drive for $500 and tapes for $20-25.
They'd have to be >$10 per disc for it to make sense.

LTO4 Tapes are about $0.032 / GB
Hardrives are about $0.045 /GB

I just go with harddrives and sell them and buy new ones annually since the price per GB keeps dropping.

Also I've been bitten by bad tapes and "archival media" before.

Sorry if my math is bad,
-sent from my iPhone while driving and eating barley soup. ;)

I was thinking of Fortuna, and I'd see them more as bird baths ;).

He says both are CSPRNGs. Part of the requirement of a CSPRNG is keeping the seed secret. Not using actual entropy sources makes state compromise extension attacks possible. Both tools have their place. You may want to use /dev/urandom for generating noise in image filters, where there is a need for a bulk of data. You can use the entropy collected by the pools of the blocking source as a seed to create a CSPRNG, but using just urandom results in some somewhat unrealistic, yet possible opportunities to attack. See "cryptanalytic attacks on pseudorandom number generators" by schneir and company. The definition of random I like for RNG (and other stuff in general) is that a uniform distribution is formed for outputs. Often a linear congruential generator function is used, and if parameters are chosen carefully, you can choose any input (besides zero, that is problematic value in crypto in many cases) and it will go ahead and create a provably uniform distribution across a given range. It's possible to do it and get the period to be 2^32 - 1 for a 32-bit seed, longer if you pick nice primes (I believe the Linux RNG uses a mersenne twister generator) that has a period of much higher than that. That's actually too perfect for randomness however (sometimes you roll back to back 7s, it happens even for a 2^32 faced die), that's why reseeding is important, and why you want to mix in actual random sources.

His whole article is riddled with "I believe" and "I don't think that's important". His pretty rough simplification is wrong. That's the argument I'm making. The pools are completely separate buffers. Berstein goes on to say in his post:

"I'm not saying that /dev/urandom has a perfect API. It's disappointingly
common for vendors to deploy devices where the randomness pool has never
been initialized; BSD /dev/urandom catches this configuration bug by
blocking, but Linux /dev/urandom (unlike Linux /dev/random) spews
predictable data, causing (e.g.) the widespread RSA security failures
documented on http://factorable.net. But fixing this configuration bug
has nothing to do with the /dev/random superstitions."

So using /dev/urandom may be all fine and dandy (I disagree but I've got time to wait for blocking 256 bits from /dev/random), unless it's not initialized or there is some other implementation problem. With the blocking source, at least you get some bits from source that are local and largely not reproducible (time between keyboard interrupts sampled possibly in the gigahertz), you're already ahead when you get through the hash function. So why not raise the bar when generating keys, if you're this concerned with security and have a high performance need for key generation there are solutions out there also.

tl;dr Blog author doesn't care about some of the theoretical attacks, they're too hard and other crypto will probably break first so why bother

>Some designs don't rely on pools (see Schneir's Yarrow).

So what are the fast accumulaion pool and the slow accumulation pool?

I'm being a little facetious, but my point is, I don't see any obvious way these thingies are going to have any better longevity than your standard old CD, which seem to self-destruct if you pick them up and ever handle them. Moisture peels away the reflective layer, they scratch, heat warps them, etc. The press release says "better quality" or whatever but doesn't specify.

Given the current shift away from discs and all the moving, breakable parts their readers require, I'm wondering if Sony hasn't missed the boat. Discs aren't cool anymore in the same way 3.5" floppies stopped being cool the moment disc technology arrived, or the way the 3.5" guys used to sneer at the old fashioned, 5 1/4" floppy guys. "Hey, go get yourself some real hardware, eh?"

Ironically, tape seems to be making a comeback, possibly because it has proven itself in a way this new tech hasn't.

Is it possible to add to the level of drama? This is currently beating most day time soaps

As it is the SoylentNews domain has apparently been sold to an unknown buyer

I don't think it should go up like that. The new leader had agreed to reimburse the departing founder for startup expenses. Then he (the new guy) tried to renege.

Nothing wrong with personality if it keeps people's interest. Over in the UK we have Prof. Brian Cox, one of the few people to hold a full professorship in physics at a world top 50 university and also had a number 1 pop chart hit. He gets some criticism for his presentation style, but it popularizes a subject usually unpopular with the masses, so it's hard to complain. Plus he looks cute :)

A long time ago, Before Compact disks, I shall call this period "BC", people made due with analog recording devices. Then came the enlightenment of the optical disk. And there was much rejoicing. Much storage was available for pr0n and pictures of cute animals playing the piano. But the users soon fell unwell, for the disk formats of old could not support the massive needs of dvd::rip and MakeMKV. Now cometh the Archival Disk, I shall call this period "AD", and again there was much rejoicing.

Windows usually has me bashing my head against the keyboard in anguished frustration. At least this way it might have a useful outcome and shut the machine down, thus ending my torment.

Imagine the storage capacity of a Library of Congress filled with these discs!

I agree 100%. When the publisher EOLs the online services they aren't going to make any more money out of it, and maybe letting the community run their own services will keep interest in the product so they can sell you a sequel sometime later.

You have to admit, this situation is thorougly entertaining. They are absolutely recreating the scenario of animal farm. You can match up each animal to a staff member or a group of users.

In this consumerist society, is there anything better than savings? I propose we rename it to Daylight 30% off Time!

I enjoy scattering misplaced or incorrect Latin phrases throughout text. And using 'irregardless'; a perfectly cromulent word meaning 'without lack of regard'.

It was okay up until the anime sequences. WTF man? Do we expect the audience to be 12 years old? All it was missing was some b!tches in battlesuits.

'Salted hash' sounds like a delicious snack. Nom.

For the record, he does point out himself that his improved diagram of Linux's RNG is "a pretty rough simplification".
Besides the "a guy on StackOverflow" (who, by chance, happens to be an expert in cryptography), there is also the interesting point made by Daniel Bernstein, and I'd love to hear your knowledgeable insights on that one.
You were saying ?

It's one in the same!

http://www.fremontco.com/clerkandrecorder/motorvehicledepartment/dr2421.pdf

In my country (Belgium), DST was introduced by the German invaders in 1916 (damn, wrong World War for a Godwin).

I think I always knew an s doesn't belong there, but it kind of does. People use it. It doesn't sound that bad. I say we keep it, and banish the lack of S.

Also, lets let bygones be bygones and just accept:

- that effects and affects can be used interchangably.
- all intensive purposes is okay
- alot is understood.

English is a bastardized language that changes based on usage, not via ivory tower grameriticians. or academies.

Naw, even if you get it wrong it lets you continue to register.
(signed: Doesn't double check his answers....)

In 1976, when the government evaluated the effects of DST, they found no significant energy savings. They did find that year-round DST kills children on their way to school.

http://en.wikipedia.org/wiki/Daylight_saving_time_in_the_United_States

I think, thus far, the trig CAPTCHA on the sign-up form may have averted the first round. Now, if I could only find some wood to knock on...

yeah, no idea, I use linux solely myself, a gamer friend of mine gave me the above instructions. :)

The author has a bit of a grasp on the structure of the Linux RNG, but he is missing the large scheme of things. Entropy isn't as handwavy as he makes it out to be, he just claims that it is, so handwave yourself past the blocking to the unblocking read. A guy on StackOverflow agrees too! Blocking does have it's problems, and really ought to be used as a seed for a quality generator function if you need enormous amounts of secure random data (in all likelihood you don't). The facts he lines up don't have anything to do with each other for the most part. The fact that random blocks while urandom doesn't is a performance issue, not a security issue. However, it is always good to have topic brought up every now and then (I personally enjoy it).

Estimating the amount of entropy in a given pool is difficult, Bruce Schneir says that is the real difficulty in creating a CSPRNG. Some designs don't rely on pools (see Schneir's Yarrow). In reality the issue is going to become more and more moot, as hardware instructions are available for latter processors to produce fast streams of random numbers that are adequate for reseeding a CSPRNG quite often, or use the output by itself. Intel's project was called Blue Mountain, and the instruction is available on post-Sandy Bridge architectures (It's non-priveleged, assembly x86 instruction rdrand). I think it would be an interesting patch to allow that to be used within the kernel RNG. It relies on instability of (semi-)digital circuits to create random bits at the speed of the clock. Some people may yell it's NSA backdoored, but using it with dabs of your input, disk and network entropy is better than anything we currently have.

Is using /dev/urandom probably good enough? Yeah probably, but I don't see using /dev/random as such a huge issue in the first place. Want the best of both worlds? Read from /dev/random and write it into /dev/urandom, then do reads from urandom. Don't rely on this guys blog post, because even his improved diagram of the Linux RNG is incorrect. He knows enough to be dangerous, not enough to know that he's dangerous.

Dude - that is absolutely fucking Jesus TittyFucker Christ awesome!

Now that we know profanity works, we can have some meaningful discussion about Oracle's open source efforts! Hot damn.

I agree, the link does not go to the article for me. Javascript?

Really, the two (cult of personality and ability to popularize science) go hand in hand. I'm not sure the latter would be nearly as successful without the former.

I think it's fair to say that 90% of the time people inject a french word in an english sentence, it's horribly mangled. It used to tick me off but now I'm used to it. It certainly detracts from the person's intentions of sounding fancy, however...

can't we make it end? there is no reason to have the changing of time.
and we don't save any time... I rather see it as the commercial powers that push this onto us is forcefully borrowing an hour from us and then giving it back half a year later - without paying any interest! I demand at least 10 minutes interest if I would lend out this hour :-O

but really, just don't do any daylightsavingtime aka "summer time" this year!
+extra bonus: If we stop do it anymore the name/spelling would not matter :-)

XFCE is still fine. Cinnamon and MATE are also great. It's not THAT bad.

A lot of people are experimenting because of the rise of mobile devices. The situation will stabilize eventually when people are more experienced with making desktop interfaces that are adapted to the desktop, but familiar to mobile users.

how to post AC?
it doesn't seem to work.
this looks like a great replacement to slashdot if you can making posting here work with login

I watched some of it. It was OK. Too many commercials though. I will wait to watch the rest on DVD or whatever without interruptions.

Pipedot must have grown so sofisticated even the trolls downmod their own posts!

It seems that my general idea of how /dev/{u,}random works was wrong. Very interesting article.

We use that silly adjustment here but not its English name, you insensitive clod!

The problems with it are

1)The discoverability of the interface using the mouse
2)The leap of faith to think that shutdown might be under settings and then under power.

Its too magical for people to figure out on their own.

They seem to think that adding back a shutdown button, makes windows worse, because you should be shutting down by pressing the power button.

No one I know does that. Probably because of windows 95 that trained everyone to not do it, but still that is the number 1 complaint I get from people who use it.

Some idiot developer needed that function, and didn't think it was a problem because it required a dev api key. He also ignored the fact that they were storing passwords in plain text. Well, I'll double check any api we ever create for something as stupid, though I'm not sure anyone whos ever worked with me was that dumb. And that's saying something.

First PipeDot post!

And then fixing it with updates.

"bananaware": software delivered green, ripens at the customer

Ah, Server 2012, in other words Windows Server Tablet Edition.

What possessed them to use Metro for any part of a server OS GUI?

>viola! Quiet gaming room!

On a point of pedantry, what does a stringed instrument a little bigger than a violin have to do with it?

Heh, I couldn't put up with Win8 a week before I went looking for and installed a third-party desktop program. And every day that I load it up so I can play a game I struggle with whether or not to go to the trouble of wiping it out and putting win7 back on.

"It takes no less than 6 clicks and several full screen transitions to get to it using the default UI."

Swipe in from right or point mouse in right hot corners, (click 1) settings, (click 2) power, (click 3) shutdown.