Slashdot Mirror

Back in the eighties, Brazil had a roaring microcomputer industry, based almost entirely on pirated versions of popular pcs of the time, such as the Sinclair Spectrum , Apple IIe, and Tandy Color Computer. More recently, the PT government decided to "break the patents" on essential medications, such as the AIDs cocktail and Viagra, unilaterally declaring that IP doesn't apply to them, and it's ok for the Brazilian pharmaceutical industry to sell it without any regard to internation law. Back in 2007, a popular Brazilian film, "Tropa de Elite", made its debute in Rio de Janeiros' pirated DVD vendors before it make it to the big screen. My point is saying all of this is that if anybody is stupid enough to trust their IP to a Brazilian company, they deserve what they'll get - the "Ei-Padi Dois" being sold by kids in São Paulo's Rua Santa Efigênia before the initial production run has made it through the factory's docking bay doors.

While this might well help save lives, I don't think it would make that much difference in a place like Rio de Janeiro, where corruption is rife. A previous governor is being investigated for walking off with US $30 million supposedly spent on social programs and his wife, who also governed for a term, swindled another US $38 million that was supposed to have been spent on health. Of course, these numbers are tiny in comparison to the hundreds of millions being cited in oficial investigations into these and other scandals.

Rio is last place on the planet that I would ever recommend anyone spend even $1 on health initatives, unless, through some miracle, the endemic corruption in the governmental structures was somehow fixed.

Enjoy your staying power.

A renowned brazilian computer science professor has posted in his blog (sorry, it is in Portuguese) an in interview with a security consultant hired to assess the voting machines: http://smeira.blog.terra.com.br/2008/09/08/eleicoes-tse-esconde-a-verdade-sobre-as-urnas/ His results are pretty scary, but what is even more scary is what the government has decided to do in response (google translated): "But the fact is that the partial reports indicate so many vulnerabilities in the system, ranging from Generation of Media to writing data to floppy disk, the TSE (brazilian government agency) has decided to: 1) keep the reports secret to completely prevent voters to know that the Brazilian system has vulnerabilities , 2) prevent the penetration tests requested in 2006 by political parties, 3) abandon the current project for electronic ballot boxes after the elections of 2008, 4) to extend the contract with FACTA/CenPRA to try to develop a new project of electronic ballot boxes more reliable for the elections of 2010 and 5) to misinform the voters, in public denying the existence of security holes, saying that tests of penetration will be allowed in 2008." The following website gives more details learn more about the penetration tests performed on the voting machines (again, in Portuguese): http://www.brunazo.eng.br/voto-e/textos/penetracao1.htm

(some links to brazilian sites)

The Aedes aegypti mosquito is the same mosquito that spreads the yellow fever.

Here in Brazil we are now having some yellow fever cases on urban areas (usually we have cases at the forest, but we dont have on urban areas since 1942).

People are getting a little paranoid and running to have the vacinne (which by the way is very effective), since it protects only for ten years and most of population dont have it. I have it because I traveled to north five years ago and it was obligatory.

Oingo Boingo forever!

Many people don't know, but Brazil diplomacy works with reciprocity in all cases (that's why americans are required a visa to enter Brazil). About 3 years ago, the USA started to photograph every foreign citizen arriving to its territory. Based on diplomatic reciprocity, all americans citizen were also photographed and identified at entering. Then in January 24th, 2004, Dale Robbin Hersh, an American Airlines pilot decided to have some fun at the brazilian authorities expenses by discretly flipping his middle finger when photographed, as you can see in his pic. He was immediately arrested for disrespect towards authority and released after paying a US$15,000 fine. Back to the USA, he was suspended from his work for some time. Why did he do that? Because the identification of americans was slow, he was tired after a long trip and had to wait about 2 hours in a line to be identified. He thought this identification was bulsh*t (and it really was, the risk of an american terrorist trying to enter illegally in Brazil to do something wrong must be below zero), but the law is the law. And the americans were just getting here the same treatment brazilians were getting in the USA. If you want respect, you have to give respect back.

This is business. Cicarelli made part of her fame woking at MTV Brasil. And, some time ago, the the tv channel started a service similar to the youtube http://mtv.terra.com.br/mtvoverdrive/. Ironically, Cicarelli hosts one of that tv shows where someone can find a girlfriend (or a boyfriend), and she use to incentivate everybody to kiss. he he

Read the full paper. Its very interesting. As stated in the paper, people can be distinguished by their handwriting, by their fingerprints, etc etc. New studies states that people can be distinguished by their mouse movements, strokes in a keyboard (the time between strokes in two different keys). Even their usual movements in a city can be tracked by a handheld device and used to distinguish people. This paper is just another way to distinguish people: the way people browse the internet. I'm sure I'm the only one here at the company who visits slashdot about 4 times / day in almost always the same hours of the day, visits http://thedailywtf.com/ once a day at about 8pm GMT, opens http://google.com/ig every hour and check the news in http://www.terra.com.br/ every X hours.

Imagine that being used by a bank. If an account owner usually checks the statement, read the selected news about investments and then start making payments and transfers, an alert (and maybe an extra security check) could be done if the user suddenly changes the behaviour. If someone that claims to be the account owner logs in and instantly transfers 1M to another account, something is very strange :-)

Whirlpool is a good choice these days. It's longer than most of the hashes out there, but I don't believe there have been any attacks yet demonstrated against it.

For those pythoners out there I wrote a quick wrapper for it that should get you started. Excuse any site errors and just hit refresh

As you pointed below:

"apologia: discurso ou texto em que se defende, justifica ou elogia (esp. alguma doutrina, ação, obra etc.) "

"apologia ao crime" = "discurso ou texto em que se defende, justifica ou elogia" algum crime.

I'm a native speaker, and aware of the coloquial meaning of the word. To illustrate the word, I will point to an example:

Preso mais um jovem por apologia ao crime no Orkut (Another youngster arrested for "apologia ao crime" on orkut.com)

The article is interesting both as an illustration of the correct use of the word (and the reason for what I mixed up the words) and as an illustration of how far incitement of crimes is going on orkut.com. In short, he talked too much on orkut, drew suspicious over himself, got his house searched and arrested because he had illegal weapons and connections with organized crime.

As it seems you are a proficient portuguese speaker, the lack of english translation (and historical background for the facts showed there) will not stop you to read and understand what is being said there.

Anyway, that's semantics. I made a mistake, tried to correct it, people understood what I tried to say and, if you are not happy, that is not my problem.

The Experiment by Fredric Brown.

You can find the Leap ahead logo here:
http://tecnologia.terra.com.br/interna/0,,OI813997 -EI4803,00.html

The page is in portuguese. But the news is the same.

Yes, for example Whirlpool

Non-pay-for link: http://paginas.terra.com.br/informatica/paulobarre to/WhirlpoolPage.html

Hey, it was made by a Brazilian! Cool!

...better use Tiger or Whirlpool (based on AES). AFAIK there are no known vulnerabilities or attacks for these two yet.

> I've not seen a good public explanation for the differences between its design and that of Rijndael. Any light you can shed?

Yup. Look for the section "Differences between RIJNDAEL and W" on this page:

http://paginas.terra.com.br/informatica/paulobarre to/WhirlpoolPage.html

Google for whirlpool produces a bunch of pages about the washing machine company. This is probably what you're referring to.

SHA-2 in 256 and 512 bit flavors isn't the only alternative folks. Among other nifty hashes, there's whirlpool: Linux 2.6 kernel crypto API entry for whirlpool and a page with whirlpool details.

The paper says nothing about RIPEMD-128 or RIPEMD-160, which are strengthened versions of the original RIPEMD. The original RIPEMD attack paper that the above-linked paper cites was done by H. Dobbertin in '95. In '96 he co-authored the paper that introduced RIPEMD-128 and RIPEMD-160.

This is also reflected in the "Attack(s)" column on the Hashing Function Lounge page which others have cited.

Damn, just stumbled through the paper on Whirlpool - wow, that is very nice. Downloaded the ref code already and will have a few evenings of digging through new code; always a good time ... well, some of the time anyway (perl, i'm looking at you, sweetie).

Anyway, you guys should check that paper out: This is a link to their page. Good stuff.

Something else that's nagging me about SHA-1 (and the other SHA family members). Call me paranoid or whatever you like, but we all know the NSA has had the best hardware on the planet for a long time, probably more than just a few razor sharp minds come through (money does talk from time to time), and well, it just does sit plausible with me that a 'perfect' hashing algorithm (or any other for that matter) would be released to the public by the NSA. Let 'em have this flawed one, see what they do with it, can they can break it, see if they break it, if they do, release the next in line of closer-but-not-the-real-deal algos. Just .... nags at me you see. They have a very real, very serious intrest in having the most secure, assured, and proofable encryption/hashing/etc algos in the world. Great for them, i'd just like to stick to something from someone else for now ... in case our views of 'private' and 'no-longer-private-for-citizens' begin to differ.

• (R04) V. Rijmen, "Update on SHA-1", accepted for CT-RSA'2005
  
• P. Hawkes, M. Paddon, G. G. Rose, "On Corrective Patterns for the SHA-2 Family", Cryptology ePrint Archive, Report 2004/207
  

If this definite break is confirmed, I think we will need to conclude that the entire family is suspect for any genuinely important purpose.

There are a bunch of hashing algorithms on the Hashing Function Lounge that are listed as having no known attacks. At present, the most widespread is Whirlpool. I think it likely that one of these will replace SHA as the hashing function of choice in major cryptographic areas.

The Hashing Function Lounge also lists Cellhash, Parallel FFT-Hash , RIPEMD-128, RIPEMD-160, Subhash and Tiger as (so far) unbroken.

The SNES was gray with purple accents, and the controller had purple buttons. It sold pretty well.

Everyone hated how the XBox looked and how big it was. Sleek? Hah.

Basically, video games grew up in the late 90's. Blood, guts, naked volleyball players. Nintendo knows you don't have to have these things in a game to make it a good game, so for the most part they kept it out. I believe that should be left up to the game publisher, not the console company, and Sony will let you publish any hunk of crap you want for the Playstation. So you have a ton of mediocre games. That also lets Sony brag that they have '1,000' games in their library.

The other problem with Nintendo is their propreitary media formats. They were the last one to go to optical discs, and when they did, they used a non-standard format.

What's Whirlpool? I've found a site about it but who endorses it over sha1, or should I use both, or what?

There are Control group for this kind of addiction called "Pearl Jam"

Take a look at their activity

WRONG!

That would be TERRA NETWORKS.

They have JUST called me (last half hour) and woke me up to tell me that I was pirating a copy of Windows 2000 professional using "some kind of file sharing application", and that "in case of reincidency I would have my account cancelled" and legal measures etc etc

Needless to say, they got their butt cancelled in the same hour.

"Retro Space", picture Translation

/. "what happens when you cook your palm pilot"

The first link says they are "rare" too bad, I still want one.

Explanation Note

We're not suing anyone, and the request for explanation is not related to a personal question.

Microsoft remains engaged with a respectfull and open dialogue with the government, customers and industry to address the brazilian economy and comunity needs.

Microsoft is present in this country for more than 14 years. Our commitment with this country is for a long time. Through our 10,000 partners, 45.000 jobs are generated in Brazil and more than R$ 1 billion (US$ 330 millions) is collected in taxes annually.

Rinaldo Zangirolami
General Director of Legal and Corporate Affairs
Microsoft Brasil

In the defense of open source, Amadeu did not spare Microsoft from his criticism, whom he accused of performing the "practice of trafficing" for offering the operating system Windows to some governments and mayors for installation in their digital inclusion programs. "This is a trojan horse, using the critical masses to guarantee the continuing imprisonment of the country."

iksrazal

"Typically, a swarm bot is a collection of simple robots (s-bots) that self-organize according to algorithms inspired by the bridge-building and task-allocation activities of ants."

Replicators, anyone?

Unlike many older games this could be remade in glorious 3D without losing any of its charm or unique character. Frankly I am stumped why Konami has never bothered doing just that. And since we are talking about them anyway, the same is true for S.D. Snatcher.

Of course the their third great MSX games is now a world-famous bestseller...

Right there in the same league with Red Hat and Suse is Brasil's own home grown Linux, Conectiva. Not as well known in North America, yet it is perhaps the most popular Linux in the Southern Hemisphere of the Americas.

Hyperlink, anyone?

Para todos aqueles que lÃem portuguÃs, aqui vai uma pequena explicaÃão: o site Linux Today não compreendeu o artigo original da EFE, que na verdade faz referÃncia a uma matéria publicada no jornal Valor hà umas duas semanas.

O governo federal tomou a decisão estratégica de usar softwares livres o mÃximo possÃvel, e não foi aprovada nenhuma lei que obriga seu uso. O Sérgio Amadeu coordena o programa Governo EletrÃnico, e até agosto vai aprontar um estudo que irà levantar onde é possÃvel usar Linux e softwares livres, sem prejudicar o trabalho governamental. O primeiro grande sistema a sofrer uma migraÃão é o do comprasnet, o pregão eletrÃnico do governo que hoje opera sobre um mainframe e que serà trocado por um cluster de servidores Intel com Linux. Sou repÃrter do caderno Internet do Jornal do Brasil e escrevi uma extensa matéria sobre o assunto. Na segunda-feira procurem o JB nas bancas para saber mais, ou acessem o site http://jbonline.terra.com.br/internet.

Exercise Decathalon

In fact, the Rijndael designers were considering changing Rijndael's S-box during the AES process. NIST, however, for not entirely known reasons, did not allow the Rijndael designers to do this.

Now, as it turns out, the Rijndael designers have designed some other ciphers after Rijndael. These ciphers have different S-Boxes. In fact, the Rijndael designers revised ("tweaked" as they call it) each cipher to have a representation which is easy to implement in hardware; most of the die space used when implementing Rijndael on an ASIC is implementing the S-box.

The ciphers in question are Whirlpool and Anubis (Anubis uses an involutional S-box which might possibly make it weaker). In fact, my software project does not use Rijndael proper as a psudo-random-number-generator; it uses a Rijndael variant with the "tweaked" Whirlpool S-box.

- Sam

P.S. I should also mention Khazad, named after the bridge Gandalf fights balrog at, which uses Anubis' S-box.

In fact, the Rijndael designers were considering changing Rijndael's S-box during the AES process. NIST, however, for not entirely known reasons, did not allow the Rijndael designers to do this.

Now, as it turns out, the Rijndael designers have designed some other ciphers after Rijndael. These ciphers have different S-Boxes. In fact, the Rijndael designers revised ("tweaked" as they call it) each cipher to have a representation which is easy to implement in hardware; most of the die space used when implementing Rijndael on an ASIC is implementing the S-box.

The ciphers in question are Whirlpool and Anubis (Anubis uses an involutional S-box which might possibly make it weaker). In fact, my software project does not use Rijndael proper as a psudo-random-number-generator; it uses a Rijndael variant with the "tweaked" Whirlpool S-box.

- Sam

P.S. I should also mention Khazad, named after the bridge Gandalf fights balrog at, which uses Anubis' S-box.

In fact, the Rijndael designers were considering changing Rijndael's S-box during the AES process. NIST, however, for not entirely known reasons, did not allow the Rijndael designers to do this.

Now, as it turns out, the Rijndael designers have designed some other ciphers after Rijndael. These ciphers have different S-Boxes. In fact, the Rijndael designers revised ("tweaked" as they call it) each cipher to have a representation which is easy to implement in hardware; most of the die space used when implementing Rijndael on an ASIC is implementing the S-box.

The ciphers in question are Whirlpool and Anubis (Anubis uses an involutional S-box which might possibly make it weaker). In fact, my software project does not use Rijndael proper as a psudo-random-number-generator; it uses a Rijndael variant with the "tweaked" Whirlpool S-box.

- Sam

P.S. I should also mention Khazad, named after the bridge Gandalf fights balrog at, which uses Anubis' S-box.

Bruce Schneier states that "I am wary of using MD5", due to a "weakness in the compression function". "one of the basic design principals of MD5 - to design a collision-resistant compression function - has been violated", though "this has no practical impact on the security of the hash function".

However, the full MD4 algorithm could not be attacked.

So I wonder how much better MD5 is over MD4? More complex might not mean better at the end of the day.

SHA1 seems to be better and has not had any successful cryptanalysis attacks yet. But the original SHA spec had a flaw that the NSA refused to elaborate on, which has most likely been fixed in SHA1.

Yes, I have VPC/2 and I am running OS/2 @ home. I only need Win32 if I get an application (like tax application in Germany or a library application) I can not use with ODIN.

This happens only five times a year and for all other my wife and myself use OS/2!

Some examples:

• Communication with ADSL or/and ISDN, to FidoNet and the Internet.
• Answering machine
• Programming with jEDIT on a native Java aplication.
• Exchanging Sounds and songs with AudioGalaxy/2 or LimeWire in the GNUtella network
• Word processing, Using Spreadsheet or Layout application with Papyrus or StarOffice 5.1a.
• Web Browser like Mozilla or Opera
• ...and many, many more

My source is www.os2.org and as long as I can work with OS/2 I will do it because it is fast, rock solid and it has a nice GUI the *nix community could learn from!

the same image but on higher quality can be seen here

The XBox has some fantastic hardware, but it puts the developer in a DirectX 8.1 sandbox. If the game is a 3D, with textures and snazy vertex shading, then the Xbox hardware is wonderfull.

If the programmer needs somthing else: like generateing all the textures using algorithms, or simulating deformable shapes on a per-pixel basis, that the design like the massivly parrallel and massivly flexible PS2 really shines.

Anand had a great example of this: Electronic A rts just used one of the the PS2 vector units to encode Dolby 5.1. sound. Thats flexible.

It's kinda like compairing the Atari 2600 to the ColecoVision - the Atari was really felxible but limited in processing power, but Coleco had a wonderfull sprite chip and a great processor.

Unfortunatly the Coleco design was inflexable, and Atari programmers were able for move the 2600 from being a pong macheine, into generating alomost thoushands of colors and thousands of sounds. The Coleco had decent games, but nobody was able to coax anything truly unique out of it.

The Atari 2600 went from Combat http://outerspace.terra.com.br/special/historia/co mbat.JPG
to psudo 3D Poleposition http://www.whimsey.com/z26/POLEPSN.GIF due to it's fexibility.

Perhaps the PS2 will do a likewise transformation.

They are still going forward with it in Brazil, where they announced the whole subscription thing in a big bash with Terra Lycos. Check out the little banner on the front page:

Terra Brazil

The deal would be that Terra would host Microsoft's applications, and users would also pay through Terra's systems.

The price? About US$6 upfront, plus about US$13 monthly.