Slashback: Letters, Time, Revision 130
Pardon me, do you have the time? Several months ago, we featured a short piece about investigations into clockless computing. Reader xenophrak writes with an update: "Sun Microsystems announces new technology that lets processors run various components of their internals in an asynchronous fashion. The 'FLEETzero' (warning, PDF) chips do not abide by a global clock pulse, and see lower power requirements and heat due to this new feature.
From the web page: 'At the ASYNC 2001 conference, Sun Microsystems Laboratories described FLEETzero, a prototype chip with raw speed roughly twice that of today's chips. Where today's chips use 'synchronous' circuits with a global clock to manage activity, the new, faster FLEETzero chip uses radical new circuits with low-power, asynchronous logic elements that produce timing signals only where and when needed.'
This could have some good impacts on embedded devices, and total processor throughput."
As usual, not so simple. On Saturday you read about Brian K. West, an ISP employee who claimed to be facing unfair threats of prosecution from the FBI for doing nothing more than accidentally discovering a security hole in a local newspaper. A followup posting at Politech indicates that the story isn't quite that simple. Specifically, the FBI's interest in West seems to stem more from alleged attempts at cracking into the violated site than from a simple "found a problem" report. If what the FBI says is true, it changes the story quite a bit.
Time to get a yardstick near the refrigerator ... f97hs writes "Yepps. Delayed almost a week due to regression bugs, the awaited bug-fix release is finally here. Unfortunately, it seems it still can't compile the KDE ARTS-lib (due to, I think, problems with virtual baseclasses). Worth noting is that in order to speed the compiler up, the default to -finline-limit has been lowered. This sometimes leads to considerably slower resulting code, so use -finline-limit=5000 if you compile something you want to be FAST. The mirrors are here and the official release letter from Mark Mitchell might also be worth a read."
Wow (Score:1)
That proves it! (Score:1)
I can see Steve Jobs gloating now - "Our processors don't even *have* a clock!"
Re:Wow (Score:1)
The original quote was "Float like a butterfly, sting like a bee" - the idea of stinging like a butterfly and floating like a bee is somewhat different...
FBI (Score:1)
SAVE ME JEBUS!!!!
Waco, Ruby Ridge, Elian Gonzales... (Score:1)
Bob-
Re:Waco, Ruby Ridge, Elian Gonzales... (Score:1)
knocking shops (Score:1)
Re:Boycott? (Score:1)
They are slow to load, due to the reader starting up. They leave less screen real estate open, if it's the plugin. And they are a pain in the ass to navigate, compared to HTML.
But they're "printable." Oooooooh. (So are text files. So is HTML if it isn't crap) That's the only plus, that there is (usually) no hassle to printing them.
I appreciate the warning.
Re:Boycott? (Score:1)
Re:I wouldn't upgrade to GCC 3.01 quite yet, reaso (Score:1)
Re:I wouldn't upgrade to GCC 3.01 quite yet, reaso (Score:1)
Compiler Optimisation (Score:1)
That seems like a very odd decision
The default should be to favour the end-user at the expense of the developer. Nb. I am a developer!
Re:Compiler Optimisation (Score:1)
Not great PR, but it's all about the money. Customer care is a thing of the past. The worst part is that everyone will just get used to it.
(At least it's not actual quality of code being sacrificed...)
Re:Compiler Optimisation (Score:1)
It's not quite that simple. They've tweaked the inliner a bit, since g++ 3.0 compile times are sometimes hideously slow. Only the default is changed.
It doesn't necessarily produce slower code. Over-aggressive inlining can also be detrimental to execution time. The current limit is an attempt to compromise until better inliner heuristics are found.
The issue has been discussed at length in the GCC archives [gnu.org].
Re:Compiler Optimisation (Score:2)
Obviously the compiler still needs to produce really fast code when I tell it to, though.
Re:Compiler Optimisation (Score:1)
Re:Compiler Optimisation (Score:2)
Thank god you added this last bit.
Otherwise it would have sounded like you worked for a certain very big software company.
It actually sounds like something they would do, y'know.
;-)
- - -
radiofreenation.com
is a news site based on Slash Code
"If You have a Story, We have a Soap Box"
- - -
And how much compile time is gained? (Score:1)
This may also be a simptom of the "microsoft" disease: creeping bloat, reliance on hardware to make up for shortcomings in software, endless features.
The "cost" of making that little bit of effort to optimize for use might be substantial on a titanic project like MS Office, but I cannot imagine that a non-Borg developer would not take pride in their work and at least try.
And then there's Steve Gibson [grc.com] who takes the principle of optimized code to its extreme. Good for him!
Bob-
Re:And how much compile time is gained? (Score:1)
Lesser Known Programming Languages: #13 -- SLOBOL
SLOBOL is best known for the speed, or lack of it, of its compiler. Although many compilers allow you to take a coffee break while they compile, SLOBOL compilers allow you to travel to Bolivia to pick the coffee. Forty-three programmers are known to have died of boredom sitting at their terminals while waiting for a SLOBOL program to compile. Weary SLOBOL programmers often turn to a related (but infinitely faster) language, COCAINE.
About a day. (Score:2)
In any case, I switched back to 2.95. SUre, I cpmile without optimization most of the time, but I like at least to test the program with optimization once or twice a week, to catch any bugs that are only triggered by the optimizer.
Obviously, a day (or even 6 hours) is not acceptable in those circumstances.
They are _not_ optimising for speed of compiler (Score:3, Informative)
1. Speed of compiler.
2. Size of generated code.
3. Speed of generated code.
When comparing gcc 2.95 and gcc 3.0 with regard to inlining alone, the gcc 3.0 inliner is worse on all three counts. They changed the inliner to apply earlier (at the tree level instead of at the rtl level), which gives it far more oppertunities for inlining. This results (for C++ that uses STL) in order of magnitude slower compiles, several times larger binaries, and, because of cache misses and pipelining issues, significantly slower executables.
The problem is that the old inlining heuristics doesn't work with the new (and potentially much better) inliner. As a band-aid, they decreased one of the old parameters in 3.0.1, the inline limit. This avoids the huge compile times and binaries, but also sometimes misses important inlines. Exactly when you get the important inlines, but without the ridiculous inlines, depend on the application. Sometimes you can't.
For 3.1 the GCC developers will install all new inlining heuristics, which will hopefully be consistently better than 2.95. The potential is there with the new tree-based inliner.
In hindsight, it was probably a mistake to release gcc 3.0 before without the new inline heuristics, however 3.0 was already delayed, and is much better for most code.
fast KDE? teach the programmers! (Score:2, Insightful)
No compiler can make up for poor programming...
The amount of needless string copying is mind
boggling (extrapolating from the bugs in kdelibs-2.2/kdoctools)...
--
"If the cows start flying, there is nothing for me
to do in space" -- captain Zelenyj (Green) from
the "Mistery of the Third Planet".
Re:fast KDE? teach the programmers! (Score:2)
...and you think extrapolating to all of KDE from unnamed bugs in one module that was recently rushed into service is sound statistical practice?
1) The KDE code that's not compiling with the new gcc is correct, and it's a compiler bug that's the problem. (At least that's my understanding, someone correct me if I'm wrong.) 2) The speed issue mentioned here has nothing to do with KDE.
As it happens, I do think that KDE is unacceptably slow on less than really fast boxes. But the reasons for that are understood and have nothing to do with "poor programming". (No, I haven't tried the prelinking hacks yet.)
Two more asides:
* Timothy, it would help if you mentioned that the last bit pertains to gcc instead of leaving that a mystery.
* I agree with the person who said it's nuts to have a compiler default to fast compiles and slow executables.
Re:fast KDE? teach the programmers! (Score:1)
Err, my bad. (Although a little additional clarification wouldn't have been out of line...)
Re:fast KDE? teach the programmers! (Score:1)
Setting the compiler to fast executables is something that is only done when the software has reached its release state. Any distributed software will of course include a Makefile or similar which will set the fast executable settings on.
Re:fast KDE? teach the programmers! (Score:1)
Sure, I realize that you would do that, just like you turn on optimization and turn off debugging when you release. Still, to me it seems much safer to default to faster code and expect the programmer to make the change to get faster compiles. Especially in the free software world, where so many apps are written by people as clueless as, well, me, it seems like you'd want to make sure slow code doesn't get unknowingly distributed.
IMHO, of course.
Re:fast KDE? teach the programmers! (Score:2)
As it happens, I do think that KDE is unacceptably slow on less than really fast boxes. But the reasons for that are understood and have nothing to do with "poor programming". (No, I haven't tried the prelinking hacks yet.)
While the objprelink does help somewhat with startup time, it doesn't help with the overall speed of the apps. On my p200, kde2.2 (+objprelink) is still too slow to use day to day.
What are you talking about? (Score:2)
Waldo Bastian wrote an excellent paper [www.suse.de] on the subject of KDE's speed a couple of months ago.
A lot of KDE's speed issues have been hacked at in the new 2.2 release, but the ld issues are still being worked on.
So before you go blaming all of KDE's problems on the current bug reports in one small portion of a big big project, please read the literature at hand.
Ah ha!! (Score:1)
Politech.com (Score:2)
Of course there is always more to the story than the Defendant claims. I think most of the posts WRT that story were suspicious of his claims.
Re:Politech.com (Score:1)
that should be politechbot.com. politech.com is just one of those crap "most popular searches" squatter sites.
Feeble Feebies (Score:4, Insightful)
Security gurus are fond of likening this kind of crime to analogous physical crimes, such as trespassing or breaking and entering. That bears closer examination.
Consider the situation where somebody forgets to lock their front door. Negligent, but not an excuse for entering the house in their absence. On the other hand, trying a door to see if your neighbor remembered to lock it is not considered a hostile act -- as long as you don't enter.
Pushing the simile a little further: suppose you notice that somebody's smashed open your neighbor's front door with a sledge hammer. I suppose it's still technically trespassing, but who would fault you for entering the house to make sure nobody needs help?
So consider the actions of Brian West, and other people like him [google.com], are analagous to the above. When is it like just trying the door, and when is it like entering the house uninvited. I don't think the analogies are obvious, though people seem to find it convenient to assume they are.
Extension to the analogy (Score:2)
So I definitely agree with your line of thinking. Plus, it's a public webserver, for crying out loud: You were already invited to tour most of the premises!
True, West may have poked and prodded more than necessary, but why does the company think it's more important to jail a nosy Samaritan than it is to actually fix their own unsecured property?
feeble indeed (Score:1)
suppose you notice that your neighbor bought a cheap lock and you're able to kick in their door with little effort. Aren't you being a good neighbor by doing so and then maybe going through their personal belongings, just to show them the "security hole" they have? And while we're at it, those windows are made of regular glass! Anyone could break into that house! i don't think so.
if you want to do security research that's great, and I support you. But doing it by actually breaking into people's systems and then claiming you were doing them a favor doesn't cut it. No one's security is perfect, in the real world or in the computer world. How good does my security have to be before you're committing a crime by breaking in and not just "doing me a favor?"
Re:feeble indeed (Score:1)
websites may be public but they reside on privately owned computers. just because i give you the right to use a browser to view my web page doesn't mean i give you the right to circumvent security (however flawed) on my computer and browse around on its hard drive and do whatever else you want with it.
furthermore, if you want to talk about the issue in the context of a business, its easy to say "company X has lousy security! i will break into their office at night and steal their corporate secrets as a favor to them, to show them how poor their locks are" and its the same point.
Re:The flaw in this analogy is (Score:2)
The adage of trying the door is another one i find intersting - point - your neighbour is not home so you go and check if the door is locked just to see ? what do you do if the door is open ? walk in ?
Thats analagous to saying if you leave your door unlocked im justified in stealing everything you own (which would not stand up in a court of law - your insurance company would not pay out but as the thief you would still be charged with theft)
The difficulty comes in trying to apply these standards to computer crime - did he hack it or not ? well from reading all of the linked info the answer looks to be yes he did - including the alleged use of stolen passwords. So he's not the white hat he says he is - if he found a hole and reported it that would be fine - but finding the hole and removing data left him open to charges of hacking or theft of company data - he may have only be doing this in what he saw as a misguided attempt to say - look i got this stuff so your system is compromised you need to fix it - but isnt that asking for trouble ? the company no doubt already feels foolish at having the flaw pointed out so if they find you possess data taken from them they are going to get pissed and try and cover their asses by accusing the user of hacking their systems - the onus of proof then reverts back to him.
Finding the flaw - good thing
Taking file - dumb thing
Does this guy have anything else in his background that would interest the DOJ in him ?? before we simply condemn the company and govt maybe we need to find out if he has a history of cracking systems ? and why was he trying that doot ? (just postulating BUUT) was it that he was looking for a hole for other reasons - found it and maybe got worried he might be caught later so he announced the hole to the company to try and make himself look good ?
I dont know - personally im a IT manager and spend money to keep people out of my systems, that means i dont like the 'just trying to find if you have any holes in your system' excuse - i pay consultants for that and i would consider that anyone looking for an open door to be up to no good - this company wasnt a high profile target and if i was the law and the IS manager at the other company i would be asking what one of my competitors would be doing trying to see if i had any holes in my system - i would immediately suspect corporate espionage (it happens dont laugh) and call in the cops as well.
I think he may have done a silly thing for whatever reasons - but i also wonder if he is being completely honest?
And further (Score:2)
http://www.bkw.org/pdf/stigler-news-hack.pdf
this issue is more than the newspaper - he is accused (and looks like he admitted it) of hacking into a bank and looking at client account balances etc - the guys screwed sorry
Also he hacked into the newpapers site on a rival web hosting company - he was trying to get the newspapers business and no doubt thought he could poke holes in the other company security thus making them look incompetent and getting him the business - this is a stupid move and guaranteed to fail - instead he got jammed and i would not be surpised if he finds his company on the receivin end of a civil lawsuit for his actions - which can only be determined at undermining the business of the other company.
Also when he gets caught he then places his story on websites in a way which is deigned to garner the voluble support of the free source and white hat community - it looks (IMHO) like a simple attempt to cover himself with support (ala dimitri) of the voluble community who he expected i think to defend him.
A bit of reasearch proves this guy is in trouble because he deserves it - once you start hacking into banks you gurantee deepshit if you get caught (and the bank he hacked appears to have Federal Deposit Insurance thus he committed a federal crime) You cannot hack into banks just to check their security or look around.
Maybe this is a lesson to all the would be white hats out there - just because you can doesnt mean you should
Now im dont want to look like im trolling - i would defend the guy if he was in the right - so please understand me when i say that this person deserves no support from our community
What analogy? (Score:2)
A legit key to an apartment complex without doors (Score:1)
I guess (Score:3, Funny)
Re:I guess (Score:1)
On the contrary ... (Score:1)
BTW - there was a great paper about 10 years back out of Caltech where a bunch of students built an async cpu and the did exactly this - cooling it way down and finding it worked faster the colder they get
Re:On the contrary ... (Score:1)
"Cryogenizing"?
"Thermoconducting"?
What?
FBI -- KGB (Score:1)
GCC embedded targets = ? (Score:2)
"- Fixes for some embedded targets that worked in GCC 2.95.3, but
not in GCC 3.0."
so I have to ask what targets ?
I hope its Mips and ARM targets (cover 90% of volume shipments so I guess its those)
and is ARM-standalone back or not ?
oh well anyone know anything ?
regards
john jones
Clockless computing ? Surely this is impossible (Score:1)
This must be a misprint, or some kind of 'troll' article like the ones you sometimes see at hardocp.
Re:Clockless computing ? Surely this is impossible (Score:1)
Re:Clockless computing ? Surely this is impossible (Score:1)
Async clocks can make data metastable (Score:1)
Normally, devices read data on a bus by sampling and holding. But with asynchronous clocks, there is no way to make sure that all the bits on the bus switch at the same time to assure that all devices meet their specified setup and hold times. This can lead to a state whether a bit is neither 1 or 0 but metastable [ti.com] for a short time, after which random noise from outside the flip-flop flips the bit to a 1 or 0. You also get "glitches," or the result of doing logic on the result of a "hazard" or race condition. Designers of asynchronous have to work very carefully to eliminate metastability and glitches.
Clockless is not impossible. (Score:2)
It sounds like they're talking about an asynchronous design.
There are two major styles of logic design: synchronous and asynchronous.
In a synchronous design you have a large number of edge-triggered D-type flip-flops driven by a common clock. This may be all the flip-flops on the chip, or the chip may be divided into several "clock domains", each with all the flip-flops driven by a common clock.
Only edge-triggered D flip-flops are used.
The flip-flops' C inputs are only driven by the domain's clock - never by combinatorial logic (except for combinatorial logic responsible for enabling/disabling a domain's clock.)
D inputs are driven by combinatorial logic from their own and other flip-flops' Q and not-Q outputs and from input pads.
Set and reset inputs are unused, except perhaps for system reset.
Combinatorial logic may not contain loops (which would oscilate if they contain an odd number of inversions, be bistable {implied R/S flip-flops} with an even number of inversions).
Propogation of a signal through the slowest path in combinatorial logic from one flop's output to another's input is enough less than one clock period that the flop's input will be "set up" properly by the next clock edge after the one which changed the driving output.
Synchronous designs tend to be orginized into pipelines - alternate layers of flops and combinatorial logic. Timing is tightly controlled and special care is taken at clock domain boundaries. Clock speed is limited by the "critical path" - the slowest path in the slowest pipeline stage.
Asynchronous logic is essentially any logic that violates one or more of the above rules. For example:
A flip-flop's C input may be driven from another flip-flop's Q or not-Q output or from combinatorial logic. (Canonical example: a ripple counter.)
R/S or J/K flip-flops or D latches may be used.
Set or reset inputs may be used for significant functionality during normal operation.
Propagation time of a signal through combinatorial logic may be semantically significant. "Races" may be deliberately created to produce desired effects, including oscilating timing loops.
Asynchronous designs are characterized by waves of state-change propagating through the logic at the logic's maximum speed, and lack of state-change when nothing interesting is happening. Asynchronous includes a hybrid approach, with large waterfalls of asynchronous circuitry occasionally hitting a register and resynchronizing with a clock ala the layer of D flops at the end of a synchronous pipeline stage.
Most large digital chips and systems today are designed using the easier synchronous style. It allows the use of a number of powerful tools to automate the design process and to automatically generate programs for the machines that test each chip as it comes off the fab. (In a synchronous design it's easy to add a multiplexer to tie some or all of the flops into a set of shift-register "scan chains". These let the tester stop the chip, shift out all the state, shift in a new state, and restart the chip.)
But asynchronous designs, though harder to do properly, have a couple major advantages:
In a synchronous design several of the gates in each flop are switching all the time. CMOS logic mostly consumes power when it switches, so power consumption is mostly proportioinal to clock speed. In a good asynchronous design the state only changes when information is being processed, and only as necessary. Power consumption is mostly proportional to work done, and can easily be a factor of ten lower than an equivalent synchronous design.
Synchronous designs run as fast as their component logic is capable of running.
Automated fabrication testing of asynchronous designs is harder, though there is (or once was) a method to do this: the "Cross Check Array" and the associated test automation tools (which can also deal with synchronous designs at less overhead than fullscan). But Cross Check's technology never caught on in the US. They merged into another company some years ago and I don't know if their technology is available to anybody but Sony - who invested early in return for an unlimited license and was using it throughout their chips as of the Play Station 1 generation.
Re:Clockless computing ? Surely this is impossible (Score:2)
clockless 32 bit ARM for a long time (Score:2)
jez it all gets invented in manchester then the yanks claim they had it first
whats that you say ?
BABY
regards
john jones
doh I ment armulet not armulator (Score:1)
I get so used to typeing armulator & that I put it everwhere
john
Re:doh I ment armulet not armulator (Score:1)
Kelv
(...who read about the Amulet way back when in an old issue of Acorn User)
GCC == the triumph of Free Software (Score:3, Insightful)
Re:GCC == the triumph of Free Software (Score:3, Informative)
- In terms of C++ standards compliance GCC is believed to be the first compiler to achieve full ISO compliance
Who believes that ???They don't support the export keyword for one. [gnu.org]
C++ Standard Core Language Defect Reports [dkuug.dk]
C++ Standard Library Defect Report List [dkuug.dk]
GCC is *not* ISO C++ compliant. (Score:2)
This is no big slight on GCC, because to the best of my knowledge, no other compiler implements export either. Still, it's wrong to claim GCC is ISO C++ compliant. It's not.
Re:GCC == the triumph of Free Software (Score:1)
Agreed.
In terms of C++ standards compliance GCC is believed to be the first compiler to achieve full ISO compliance. No other compiler (commercial or otherwise) can make the same claim.
As others have pointed out, it's not. It's good, though. However, the following compilers are also pretty good, comparable to GCC 3.0: KAI C++ [kai.com]: runs on everything from Linux/x86 to Crays (also has a kick-ass optimizer); MIPSPro C++ (ok it's actually a bit less good than GCC 3.0, but I'm not sure I'm comparing the most recent version here); Compaq's C++ compiler: very good. I was impressed by that one.
Sun's C++ compiler is the worst Unix-vendor C++ compiler I've used (haven't tried IBM's or HP's, though). And BTW, VC++ runs/ran on Alpha, MIPS, and PowerPC. I have a CD of it.
Re:GCC == the triumph of Free Software (Score:1)
compiler mock up) is OK. It's definitely much better than what Sun tries to push down our throat. It also easily beats the old gcc 2.95 series.
Re:GCC == the triumph of Free Software (Score:1)
I almost fell out of my chair when I found out that their comiler is like $5000 (I was spec'ing one of these little Sun Blades, and was, like, oh, hey, I might as well pick that up, figuring it would be maybe $100 tops). It cost 2x what the machine would!
Re:GCC == the triumph of Free Software (Score:2)
Re:GCC == the triumph of Free Software (Score:1)
Oh, well. IIRC GCC 2.95.2 (or something thereabouts) had problems on Alpha too. If you compiled with I think -O2 or higher, it would warning you that there were known GCC bugs on that system.
What version were you using? I know they at least managed to build NT, and Win2K RC2, so I can't imagine it would be *that* bad. Or, then again, maybe it was.
Re:GCC == the triumph of Free Software (Score:2)
The bugs may have been in floating point handling, possibly with assumptions about aliasing of floating point variables in structures. Basically things just refused to work when optimization was turned on. The same software works fine with VC++ on Intel NT, and with GCC, Dec, and Irix compilers.
Our software uses extensive floating point and we compile without ANSI emulation in order to speed it up, this is probably the main difference from the NT kernel. Also MicroSoft probably fixed the bugs as they found them when compiling NT.
GCC does produce slow code (probably 2/3 the speed of the VC++ Alpha code) but at least it works. And the optimized GCC is way faster than the unoptimized VC++.
Re:GCC == the triumph of Free Software (Score:2)
Do you know any other vendor that would ship a slightly modified K&R compiler in 2001?
I can see the future! (Score:1)
Could be written like:
The details about the 'FLEETzero' chips are detailed in this paper http://research.sun.com://../sml2001-0139.pdf [sun.com]
We can then see for ourselves if it's a PDF or perhaps a NY times link. Let me guess, people would rather make things look pretty then give good detailed information about a link...
Re:I can see the future! (Score:1)
Or even better, people could just wave their frickin' mice over the links before clicking and read where the link goes. Come on, people - goatse.cx got me exactly once, and I wised up. Surely this isn't such a hard lesson to learn...
Bragging Rights for Clockless Systems? (Score:1)
Re:Bragging Rights for Clockless Systems? (Score:2)
Nyah, who needs karma anyway? It's funny, dammit. Laugh.
This has been going on for a while (Score:1)
Its really cool stuff, and it can run ridiculously fast. Its just a bitch to design.
Re:As usual, not so simple. (Score:2)
1) He tries hundreds (that's with an 's' there) of times to break into their web app
2) After the hundreds of attempts he finally gets a combination to give him a password file
3) Instead of stopping at the point he *knew* he that he had broken their security, he continue on and goes back logs in as one of the employees
It's a gray area, but there has to be a limit, it sure seems that attempting hundreds (again with an 'S') of attacks against a site, finally getting a password list, and still not stopping? Please, there has to be a sane limit here.
I've purposely ignored the bank portion of this because the above sure looks like illegal activity (curiosity is one thing but to spend hours is another). If you throw the bank stuff into it, it screams of a classic shake down. Walks into the office, I've got a floppy disk with advertisement I want you to put on your site... oh, I "accidentally" got into your site, and in the past I "accidentally" got into the 1st National Bank's website, I also talked to them about their security didn't act very nice to me, so I then talked to the Sr. VP.... It almost has a feel of the mobster saying "Hey, we wouldn't want nothing to happen to your nice establishment. Nasty accidents can happen and we don't want that to happen to you, we'll be your *insurance* to make sure that no "accidents" occur. Capish?"
Re:As usual, not so simple. (Score:2)
It states that he told the site he hacked that he had gotten into the 1st National Bank in McAlester, was able to look at checking, savings & funds transfer; then goes to tell that he informed a bank officer, who also acted in a hostile manner; so he then accessed the bank 2 additional times, and then told a senior VP of an Oklahoma City branch.
Re:As usual, not so simple. (Score:2)
Yes, but if you look at the affidavit
1. He contacts a customer of another (rival) companies services and tries to convince them to use him
2. He seems to decide to get this customer to use him by breaking into the rival companies system - as if aiming to impress them
3. This isnt so easy to do - he needs several hundred attacks to enter the competitors system and then he does it by stealing a password file or hacking one (this is by defenition unauthorised access) Instead of stopping whewn he was sure that he had broken security, he goes one on and goes back logs in using an unauthorised account ans stolen password
4. he then steals files off the system, no doubt trying to prove he was there
5. he boasts about it to the prospective customer at the same time he tells the comany they have a hole in their system (one he had to work hard to find)
6.He then brags that he broke into a bank and looked at their systems - the bank says they dont have a lin to the web - someone is lying here and it think i know who - i suspect he made the claim to establish his bonafides as a l33t haxor but it backfired and that claim is now in court records.
Either that or as another poster said he was making threats that he could do some serious damage here.
You Said :
After all, to truly verify any suspected security hole, one must gain access to at least some information that seems as if it should be protected. Which is in itself a violation of applicable law.
"The term 'exceeds authorized access' under 18 USC | 1030(e)(6) means to access a computer without authorization and to use such access to obtain information in the computer that the accessor is not entitled to obtain." That is so broad, it could apply to looking over your bank teller's shoulder at her computer screen.
I say:
Thats the point it is broad and if the company in question had not hired you to find breaches then you have no right to be attempting to gain access to what is deemed a private system (the fact it has publicly accessible web pages is irellevant) - YOU HAVE NO RIGHT TO REMOVE OR COPY DATA FROM ANY SYSTEM WITHOUT PERMISSION. Thats the fact - the thing that pisses me off is the way in which people think that if you say youre working to fix a problem then its ok to hack into a system - its considered illegal and if you get caught (or brag about it) then you will get in trouble. The white hat argument is used so often it is becoming redundant and this guy is not a white hat.
Any way he could have copied 1 file - maybe an old memo or something - please he took hundreds of files including passwords (check it out - its mentioned as being in the court transcript) - this blows away the small amounts of data routine.
I would like to ask a few questions about mr west so i dont look to be seen as attacking him
1. What age is he (speaks to maturity of action)
2. Has he had any prior offences ?
3. How long has he been in business
These are simple things.
The FBI have charged him based on a complaint from the owners of the system he broke into - thats the law and their right - the problem is all the 'whit hat' and hotmail exploit type hackers and code red designers have turned this subject into a hot potato and they are cracking down hard on hackers - this is apparent and has been for a while - you play where you should not there are consequences.
thats the thing that gets me - you need to know that in life there are consequences for every action - these guys think that they can do what they like, and then cry out when caught contray to the law (and you might think the law sucks but its there and if broken it has penalties),
The fact is this guys is going to be hung by his own mouth as much as anything
Re:As usual, not so simple. (Score:1)
1. What age is he (speaks to maturity of action)
i believe the linuxfreak article states that he's 24 years old.
Re:As usual, not so simple. (Score:2)
Re:As usual, not so simple. (Score:1)
And what's up with LinuxFreak trying to give me PayPal cookies?
Even if this is legitimate, I don't think it'll be long before someone comes up with some BS story to make the hacker community feel like their rights are being trampled on, and then, by the way, I need money for a legal defense. Put out some less-than favorable press to give the story some cover, to make it look legitimate. People don't verify their facts very often even in the mainstream press, much less on-line, and I've yet to see any mention of this story anywhere that isn't directly traceable back to either the LinuxFreak website or Brian K West's website.
I'm probably wrong, but something just doesn't seem right about this, and it's about time for someone to abuse the legal defense fund to defend our freedom thing to steal money. I think that if this guy's legitimate, then he should get the EFF (or some similar, reputable organization) involved, and then we could donate to them for his legal defense.
If I'd be sceptical about it in an email - them I'm skeptical about it on a web site.
Where did he get the FBI affidavit? (Score:2)
Re:Where did he get the FBI affidavit? (Score:2)
Not so casual security hole... (Score:4, Insightful)
A, "hey, I noticed your door's unlocked," from any Joe Schmoe I can appreciate, but what doesn't deserve my thanks is a, "hey, for the past few hours I tried breaking & entering into your place and finally discovered that your backdoor is vulnerable to the XYZZY-lockpick exploit -- you're most welcome...Oh, and btw, nice porn collection you've got there under your bed. Might I suggest a safe?"
Maybe Brian considers himself a kind of Neighborhood Watchman... whose only crime is making damn sure your doors are properly locked, and that a midget thief can't squeeze in through your doggy-door. ;-)
Re:Not so casual security hole... (Score:1)
Someone walks up to your door to insert a flier. When attaching the flier to your door (totally legit), the door opens. Curiousity strikes, and the caller walks in to see if anyone is home (questionable, but if the intent is friendly, not generally a big deal). Note that so far the caller has no intent on stealing anything. The caller then sees a set of keys on the floor, and decides to pick them up to see if they are the keys for the door. Upon discovering that they are, he notifies the owner that his door is open and that the keys are sitting right inside, within plain view of anyone who would want to steal something from him.
I still don't see how he did anything wrong. Illegal? Possibly. Ethically wrong? Not really.
async chips (Score:2)
Really, twice the speed of current devices isn't that impressive; Intel already has p4's operating that fast in their labs.
Thoughts on FLEETZero (Score:1)
The pdf [sun.com] at Sun Research [sun.com] given in the article above seems to be just presentation fodder rather than real research. After digging around the Sun Research site, I came across this page [sun.com] which details their public papers on asynchronous design with some badly broken HTML. Viewing the source and picking through the pieces, I found a much better summary of FLEETZero [sun.com] . The conclusion and future works section is particularly interesting, especially the part about FLOTILLA (a number of FLEET processors working in conjunction) and the potential limitations of the architecture. Well worth reading.
gcc -finline-limit: not so simple (Score:2)
Basically, the inline code have been rewritten in 3.0 (to work on trees instead rtl), which gives a lot more oppertunities for inlining and for further optimizations. However, the old heuristics for inlining have not been adopted to the new code, which means way to much code is inlined in 3.0, which again means much slower compile times, fatter binaries, and even slower binaries because of more cache misses.
In 3.0.1 the inline limit was set down to cure the worst symptoms. However, what is really needed is new heuristics, which will be in 3.1.
over my head? (Score:1)
Re:GCC is a viral program! (Score:1)