I remember back in the nineties we were all trying to get the ECC memory for the computers we built. The ECC memory was expensive and we all discussed whether a particular configuration would justify the expense of ECC memory or might just survive without. The amounts of memory at the time were measured in megabytes, not gigabytes, like now. So we all thought that some time in the future, in five years or so, the ECC memory will cost the same as the non-ECC memory and all computers will finally come equipped with ECC memory by default, because the amounts of memory would simply require the use of error correction.
What is ECC memory?
Error-correcting code memory – Error Checking & Correction, ECC – is a type of computer memory that detects and corrects the most common data corruption as the data is passed in and out of the memory. ECC memory has additional memory banks that store checksums of data stored in the memory.
At the time, the calculations showed that with the “typical” desktop the error rate in the memory would be sufficiently low and not present a danger. However, the amount of memory in a typical computer has increased by several orders of magnitude since then. Only while we talked about a few hundred megabytes of memory the errors were negligible. Once you step over the gigabyte threshold, memory errors become a statistical reality. Without the ECC memory, we accumulate errors in our data and algorithms every single day.
It is surprising that with the current state of technology we are not using ECC memory everywhere, just as I thought back in the nineties we would. At least, for your own good, do get ECC memory on the computers you use.… --> continue reading →
Stob at The Reg shares the latest of word on the buzziness of buzzwords:
(1.0 best, -1.0 worst)
design by contract
unit test (as noun)
unit test (as verb)
Incidentally, one of the latest BOFH is about jargon too. So, am I not the only one tired of jargon?… --> continue reading →
An extremely interesting article by Bruce Schneier titled “The Vulnerabilities Market and the Future of Security” is available at Forbes and on his own site. A must-read for anyone even remotely interested in security.… --> continue reading →
In December, Microsoft apparently conceded to public pressure by quietly updating the Windows 8 logo certification requirements with a mandate that a desktop computer user must be able to control (and disable) the Secure Boot feature on any Windows 8 computer that is not based on ARM technology. This looks like a victory for free software users, as it will allow a person to install GNU/Linux or other free software operating system in place of Windows 8.
But, this is no time for celebration, because Microsoft has also added a treacherous mandate for makers of ARM-based computers — such as a tablets, netbooks, and smartphones — requiring them to build their machines with Restricted Boot technology. Such computers are designed to lock a user into only being able to run Windows 8, absolutely preventing her from being able to install a free software operating system on her computer. Since smartphones and tablets are some of the most commonly used computers, it’s vital that we get straightforward and clear information about this threat out to the public.
Already know what this is about? Then take action now:
- Raise awareness and have fun while putting pressure on Microsoft and computer makers by entering the Restricted Boot Webcomic Contest.
- Winning submissions will be featured on the front page of fsf.org for a month.
- Entries must be submitted by March 17th by emailing firstname.lastname@example.org.
- Sign the statement “Stand up for your freedom to install free software.”
- For individuals
- For organizations and corporations
If this is the first you’re hearing about this whole Restricted Boot vs. Secure Boot business, read the full story.
You can support this campaign and the rest of the FSF’s work by joining as a member or making a donation today.
Josh, John, Matt, and Richard
Free Software Foundation
P.S. This is a verbatim copy of the FSF newsletter. I see no need to say it differently.… --> continue reading →
The folks over at École Polytechnique of Lausanne have published a very interesting paper titled “Ron was wrong, Whit is right“. This is not too mathematical for a cryptanalitical paper and understandable even to someone without crypto background. It is more of an investigation into the properties of the public keys available publically on the internet. The guys explain how by collecting a large number of keys from the internet in very proper and official ways and analyzing them they were able to find collisions that basically allow one person to impersonate another not to mention some basically weak keys that offer no security at all. Fascinating stuff.
A cool comment is all the way at the bottom says:
“The lack of sophistication of our methods and findings make it hard for us to believe that what we have presented is new, in particular to agencies and parties that are known for their curiosity in such matters. It may shed new light on NIST’s 1991 decision to adopt DSA as digital signature standard as opposed to RSA, back then a “public controversy”.
Which is probably true, you know…… --> continue reading →
It is a very rare occasion when I want to endorse a product in a public way. However, now I am just in such a mood. I bought a WD TV Live Plus box a couple of months ago to hold my videos and photos at home. Unfortunately, it did not come with a wireless network connection so it had to stay off-line until yesterday.
And yesterday I had a crazy idea to stick a nano-WiFi (whatever that means) USB stick into it. The box has two USB slots to connect two USB hard drives. So I just put the wireless network stick into the second slot. I expected nothing, I was sure it would check that it is not a disk and then I would just put the WiFi stick back to the desk drawer whence it came. Imagine my surprise…
I open the settings menu and I see the wireless network settings staring back at me. To say I was dumbfounded does not even begin to describe my state at that point. After recovering my thoughts and a cup of tea I went about setting it up and 30 seconds later the thing was happily connected to my home network.
This is brilliant. I sincerely congratulate WD engineers on this piece of hardware. Not only it works great as a video player and a photo viewer but it recognized and used a piece of obscure hardware thrown at it without so much as a backward glance. Way to go, guys!
P.S. If you go and use it, make sure you have the HDMI interface, the “normal” video quality sucks.… --> continue reading →
Some people take security seriously by traveling light to China and Russia. An excellent routine is to erase the devices when you travel somewhere at all. Why carry all the important things that can get stolen? Keep it at home and take only the necessary – that is not only for security but a common sense too.
But you can get too paranoid. When the article mentions that “a thermostat in one of its corporate apartments were still communicating with an Internet address in China” you cannot help going like “yeah, right!” A healthy amount of paranoia is, well, healthy but this is taking the fear levels too far. Not to worry, soon your refrigerator will be reporting to China what you ate for breakfast back in California. Be scared.… --> continue reading →
Something is definitely wrong with the object-oriented software design. Did you notice? I forces the hierarchical view of, basically, anything onto the designer. This is equally a property of the languages and the design methods. If you make object-oriented design or you write object-oriented software you equally end up with a hierarchical system.
What’s wrong with it? Maybe nothing. It just severely limits the view of the problems that we attempt to resolve with our software. The world is not always hierarchical but we try always to drag it kicking and screaming into our unified model. Sometimes that will fail. Actually, given the variety of problems, probably even most of the time it will fail.
And the important thing is that we do not notice this anymore. We think in limiting ways. We are used to the model. We assume the model of object-oriented design will fit anything and everything without ever thinking about it. Unconsciously, we made the decision to narrow our choices. And that is definitely wrong.… --> continue reading →
What is “security”? Well, not in broad sense, that is, but in software security? What does it mean: to develop secure software? What do we understand to fall into the realm of software security?
I tell you what I mean when I say “software security”. For me, the software security means to bring the intent of the original designer to the customer.
This is very simple. The designer had some idea in mind when designing the software. He had some intention for the software to function in a particular way. That mental picture is translated into design, brought over into development, translated into source code, translated into binary, delivered, installed and configured at the csutomer’s site. And our task is to ensure that what operates now at the customer’s site reflects exactly what developer had in mind. If it does not – we have a breach of security.
I know that this is a very broad definition and it encompasses many areas traditionally thought to be … --> continue reading →