As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start?
No. Depending on what you want to do, you can use either key to encrypt, then the other key is used to decrypt. If you want to send a message that only the intended receiver can decrypt, you encrypt using the receiver's public key. If you want to sign a message, you use the private key to encrypt. Then anyone can confirm the message came from you by using the your public key to decrypt.
So, if you wanted to trick someone into cracking a specific private key, you could use the corresponding public key to encrypt data belonging to a large number of (preferably very important) people.
if $200 is worth less to you than your week of unpaid overtime, you should have bought the tool and used it on your own
While developers can frequently get away with using FOSS tools, this is rarely the case with commercial tools. If a developer goes ahead and buys a tool that management refused to pay for, then the company is not going to have either an expense report (with receipt) or a purchase order to prove the company really has a license to use said software. The company can not afford to pretend it isn't there, if/when it finds outs.
In my experience (I am a consultant), Management's position on purchasing "non-essential" development tools is the same as it always has been - it was "no" before FOSS, and still "no", now. In fact, those managers also say "no" to the FOSS tools, claiming that the "other costs" of FOSS tools exceed the money not spent.
Most of the developers I have worked with that do use FOSS tools are doing so secretly.
I remember a copy protection scheme that quarter-stepped the floppy drive head between sectors, so the tracks on the disk were recorded in spirals. It wasn't a grinding sound, but it did make a lot of clicks (16 per each rev of the disk). This meant that a simple bit copy would result in a corrupted copy - until someone came out with a quad track density drive.
Even though it would be delicious irony for them to shutdown TOR - after all, the US Navy created it - I would say TrueCrypt.
TOR (and Freenet) is too easy to co-opt. Anyone can locally modify their copy of the software and deploy "spyware enhanced" entry and exit nodes. Traffic between the exit node and final destination is not (TOR) encrypted. Also, even if otherwise encrypted, traffic analysis is useful due to the fact that entry and exit traffic can be correlated.
TrueCrypt, however, represents a real problem. While it would be easy enough to foist a back-doored version on to most potential TrueCrypt users, the people who are really serious about keeping their private information private, would build from source and be extremely careful about where they got the source from.
On the other hand, truly shutting down an open source project is likely impossible. Also, it is virtually certain that the software has been extensively analyzed for implementation weaknesses, so it might be decided to allow users to think they are secure.
as far as I can see, all they did was lie. is that against the law?
In this case, yes. They committed fraud to gain access. Thus, the access was unauthorized. So, therefore, all the actions they took once access was gained. These alone should be worth several years in jail. Then, as I suggested in an earlier post, add in 14,000,000 counts of service disruption. Any competent prosecutor should easily get those kids a minimum of 5 years actual jail time.
Well, even if just charged with simple disruption of service, there would be 14,000,000 counts of it. A very token-ish 1 minute per count would add up to over 26 years in prison, while a less token-ish 1 hour per count would be almost 1600 years.
Seems to me that even a just-graduated, newly hired, junior assistant prosecutor should be able to persuade even a "soft" judge to order at least 5 years
The reality was, that the kids just wanted to pretend they were doing OOP. They still used straight C, they just created structs and organized functions in files as if they were classes.
You don't need an object oriented language to do object oriented programming, just the will and discipline to do it.
FYI, FWIW, the original implementation of C++ was as a preprocessor to C.
OO languages certainly make it easier to do OOP, however, in my experience, the compiled executable is usually much larger than if you "hand code" OOP in a non-OO langage. Of course, in my experience, even hand coded OOP results in larger executables than non-OOP coding.
It's not just about inter-ISP traffic, the ISPs are concerned about the traffic in their own networks as well. P2P among an ISP's customers puts a load on the internal network, especially inter-region traffic.
They wouldn't have gone to the trouble of ramrodding OOXML through the standards process if they weren't going to try and leverage it somehow outside of being able to say they have an open standard
Oh they will leverage this in as many ways as they can, starting with telling all those pesky governments that have "open standards only for documents" policies and say "Our formats are open standards - see, the ISO says so."
Linux based systems will have no artificial limitations mandated for inexpensive new PC categories but MS will insist on all kinds. They'll either cripple the "UMPC Editions" or mandate what can and can't be built into hardware eligible for those licenses
And due to mass market realities, those same hardware limitations will be there for Linux, too. Any version that has more capability with cost more than the savings from using Linux. Look at the XP version of the Asus Eee - it has a smaller SSD (15GB, IIRC) than the otherwise identical Linux version (20GB, IIRC), so is priced less than the Linux version. Guess which version will sell more?
In my observation, a lot of FOSS apps are better supported on Windows than any other platform. Inkscape is one example. I like it alot, but to keep up with the latest, I have to compile it myself, which for Inkscape requires updating a lot of build tools each time.
Their aim, mostly met, it to make you think they do indeed have a monopoly (or rather, cartel) and that all music is RIAA music
Given that they persuaded the US Copyright and Royalty Board to make them the default collector of all royalties - including for indy music, they basically do have a cartel over all music in the US.
With no human (or, presumably other animal) crew, it needs only a sealed capsule for the electronics, batteries, etc, and for flotation. As long as the boat can stay more or less upright - or can right itself - it will be able to continue sailing.
In the article, it mentions that the virtual car was steered by mouse or trackball. This is not the normal way to steer a car or truck. Also, they are leaving out the immersive nature of real life driving. I know I am a lot better a driving a real car than even a top of the line, arcade video game car.
I am not saying the data is useless, but the study is flawed and the conditions of the simulation probably play a significant role in the difference.
I have used SVN in a distributed manner by using wrapper scripts to creatively abuse "svn switch".
For me, the biggest obstacle SVN put in my way is lack of full support for aliasing keywords. My work around was to use only $Id$ with my local repository and the only the others with the central repository.
I agree, putting proper support for distributed development would be a good idea, though there are lots of issues to make decisions about, though not necessarily require real action to resolve.
IT loves being able to simply tgz the SVN directory Pretty sure that's not the correct way to backup a Subversion repo
When the repository DB type is "FSFS", you can simply tgz the repo. I have retored such backups a few times.
In my observation, this is ideal for a corporate IT environment because you are not asking them to do anything beyond the filesystem dump they are already doing.
I regularly modify or repair the test boxes I use for my work. If I didn't, I'd be wasting time waiting for overloaded techs to do it. Of course, there are a lot of things I have to have the techs do, but at least I know the limits of my soldering and other basic electronic skills.
One of my clients has their on-site data center in an isolated basement room with 50cm thick, solid walls, accessible only through a single, reinforced steel door in a secured room above. Also, the data center has a pure nitrogen atmosphere. Signs on the entry door, as well as the door to the security room warn "Non Breathable Environment. Breathing apparatus required" Said apparatus is in a separate secured room, in built-in, double locked safes. Both secured rooms have guards on duty 24/7.
Admittedly, I have not checked Palm prices recently, but when I bought my wife a T5, I recall it being $400, while I'm sure Palm now has something better for $400, I question whether it is equivalent to a $400 Eee.
There is one chance of a major technological change: Wireless Internet access is starting to spread, and may reach equal speeds. But at this point you either have to have the government break the monopoly or hope the cellular companies do a better job soon.
You overlook the fact that the major wireless carriers are also (most of) the major wired broadband providers. Sure Verison wireless could enter areas currently wired by Comcast, Wow or other, but what makes you think they would actually complete?
Being right inside the boundry between 2 cities, I have a choice of 3 wired providers: AT&T, Comcast and Wow - and all 3 know this. While I used get letters from the other 2 to switch for the low introductory rate of $xx for 3 months (or maybe 6), each of the 3's rates are within a few dollars of each other (same with the intro rates), so where is the competion? I am still paying $60/month, same as when only Wow was available. (and they no longer offer the switch over rates to me because I have already switched 5 times)
Slashdot Mirror
No. Depending on what you want to do, you can use either key to encrypt, then the other key is used to decrypt. If you want to send a message that only the intended receiver can decrypt, you encrypt using the receiver's public key. If you want to sign a message, you use the private key to encrypt. Then anyone can confirm the message came from you by using the your public key to decrypt.
So, if you wanted to trick someone into cracking a specific private key, you could use the corresponding public key to encrypt data belonging to a large number of (preferably very important) people.
True, but it would still be possible to deploy "spyware enhanced" nodes.
While developers can frequently get away with using FOSS tools, this is rarely the case with commercial tools. If a developer goes ahead and buys a tool that management refused to pay for, then the company is not going to have either an expense report (with receipt) or a purchase order to prove the company really has a license to use said software. The company can not afford to pretend it isn't there, if/when it finds outs.
In my experience (I am a consultant), Management's position on purchasing "non-essential" development tools is the same as it always has been - it was "no" before FOSS, and still "no", now. In fact, those managers also say "no" to the FOSS tools, claiming that the "other costs" of FOSS tools exceed the money not spent.
Most of the developers I have worked with that do use FOSS tools are doing so secretly.
I remember a copy protection scheme that quarter-stepped the floppy drive head between sectors, so the tracks on the disk were recorded in spirals. It wasn't a grinding sound, but it did make a lot of clicks (16 per each rev of the disk). This meant that a simple bit copy would result in a corrupted copy - until someone came out with a quad track density drive.
Even though it would be delicious irony for them to shutdown TOR - after all, the US Navy created it - I would say TrueCrypt.
TOR (and Freenet) is too easy to co-opt. Anyone can locally modify their copy of the software and deploy "spyware enhanced" entry and exit nodes. Traffic between the exit node and final destination is not (TOR) encrypted. Also, even if otherwise encrypted, traffic analysis is useful due to the fact that entry and exit traffic can be correlated.
TrueCrypt, however, represents a real problem. While it would be easy enough to foist a back-doored version on to most potential TrueCrypt users, the people who are really serious about keeping their private information private, would build from source and be extremely careful about where they got the source from.
On the other hand, truly shutting down an open source project is likely impossible. Also, it is virtually certain that the software has been extensively analyzed for implementation weaknesses, so it might be decided to allow users to think they are secure.
Depends on your definition of shutdown. More likely, I see the service being manipulated by social engineering.
In this case, yes. They committed fraud to gain access. Thus, the access was unauthorized. So, therefore, all the actions they took once access was gained. These alone should be worth several years in jail. Then, as I suggested in an earlier post, add in 14,000,000 counts of service disruption. Any competent prosecutor should easily get those kids a minimum of 5 years actual jail time.
Well, even if just charged with simple disruption of service, there would be 14,000,000 counts of it. A very token-ish 1 minute per count would add up to over 26 years in prison, while a less token-ish 1 hour per count would be almost 1600 years.
Seems to me that even a just-graduated, newly hired, junior assistant prosecutor should be able to persuade even a "soft" judge to order at least 5 years
You don't need an object oriented language to do object oriented programming, just the will and discipline to do it.
FYI, FWIW, the original implementation of C++ was as a preprocessor to C.
OO languages certainly make it easier to do OOP, however, in my experience, the compiled executable is usually much larger than if you "hand code" OOP in a non-OO langage. Of course, in my experience, even hand coded OOP results in larger executables than non-OOP coding.
What about using something like a surfboard? Laying on it instead of standing, of course - unlike the scene at the end of Darkstar.
It's not just about inter-ISP traffic, the ISPs are concerned about the traffic in their own networks as well. P2P among an ISP's customers puts a load on the internal network, especially inter-region traffic.
Oh they will leverage this in as many ways as they can, starting with telling all those pesky governments that have "open standards only for documents" policies and say "Our formats are open standards - see, the ISO says so."
And due to mass market realities, those same hardware limitations will be there for Linux, too. Any version that has more capability with cost more than the savings from using Linux. Look at the XP version of the Asus Eee - it has a smaller SSD (15GB, IIRC) than the otherwise identical Linux version (20GB, IIRC), so is priced less than the Linux version. Guess which version will sell more?
In my observation, a lot of FOSS apps are better supported on Windows than any other platform. Inkscape is one example. I like it alot, but to keep up with the latest, I have to compile it myself, which for Inkscape requires updating a lot of build tools each time.
Given that they persuaded the US Copyright and Royalty Board to make them the default collector of all royalties - including for indy music, they basically do have a cartel over all music in the US.
and bind them into debt. (Oblig LOTR ref)
With no human (or, presumably other animal) crew, it needs only a sealed capsule for the electronics, batteries, etc, and for flotation. As long as the boat can stay more or less upright - or can right itself - it will be able to continue sailing.
In the article, it mentions that the virtual car was steered by mouse or trackball. This is not the normal way to steer a car or truck. Also, they are leaving out the immersive nature of real life driving. I know I am a lot better a driving a real car than even a top of the line, arcade video game car.
I am not saying the data is useless, but the study is flawed and the conditions of the simulation probably play a significant role in the difference.
I have used SVN in a distributed manner by using wrapper scripts to creatively abuse "svn switch".
For me, the biggest obstacle SVN put in my way is lack of full support for aliasing keywords. My work around was to use only $Id$ with my local repository and the only the others with the central repository.
I agree, putting proper support for distributed development would be a good idea, though there are lots of issues to make decisions about, though not necessarily require real action to resolve.
When the repository DB type is "FSFS", you can simply tgz the repo. I have retored such backups a few times.
In my observation, this is ideal for a corporate IT environment because you are not asking them to do anything beyond the filesystem dump they are already doing.
I regularly modify or repair the test boxes I use for my work. If I didn't, I'd be wasting time waiting for overloaded techs to do it. Of course, there are a lot of things I have to have the techs do, but at least I know the limits of my soldering and other basic electronic skills.
One of my clients has their on-site data center in an isolated basement room with 50cm thick, solid walls, accessible only through a single, reinforced steel door in a secured room above. Also, the data center has a pure nitrogen atmosphere. Signs on the entry door, as well as the door to the security room warn "Non Breathable Environment. Breathing apparatus required" Said apparatus is in a separate secured room, in built-in, double locked safes. Both secured rooms have guards on duty 24/7.
Admittedly, I have not checked Palm prices recently, but when I bought my wife a T5, I recall it being $400, while I'm sure Palm now has something better for $400, I question whether it is equivalent to a $400 Eee.
You overlook the fact that the major wireless carriers are also (most of) the major wired broadband providers. Sure Verison wireless could enter areas currently wired by Comcast, Wow or other, but what makes you think they would actually complete?
Being right inside the boundry between 2 cities, I have a choice of 3 wired providers: AT&T, Comcast and Wow - and all 3 know this. While I used get letters from the other 2 to switch for the low introductory rate of $xx for 3 months (or maybe 6), each of the 3's rates are within a few dollars of each other (same with the intro rates), so where is the competion? I am still paying $60/month, same as when only Wow was available. (and they no longer offer the switch over rates to me because I have already switched 5 times)