Slashdot Mirror


User: DavidTC

DavidTC's activity in the archive.

Stories
0
Comments
10,705
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,705

  1. Re:Survey methodology? on Reuters: 80% of Chinese Computers Virus Infected · · Score: 1
    While correlation does not equal causation, that doesn't anything to do with this.

    It would if they were attempting to equate a high virus rate with a high piracy rate, but as you pointed out, this study didn't prove any high rate, it proved, once again, that most computer users don't know when they are infected by a virus, so polling them about it is not useful.

  2. Re:"Touched by a virus" on Reuters: 80% of Chinese Computers Virus Infected · · Score: 1

    Um, in what universe does Touched by an Angel have anything to do with ABC/Disney?

  3. Re:Hooray for Snake Oil - Go for it, Patent your O on What Would You Do With a New Form of Encryption? · · Score: 3, Informative
    ...since any intelligent use of OTPs always requires that plaintext and key material NOT be exposed to your enemy...

    This probably applies to any cryptosystem, BTW. ;)

  4. Re:Here's a quote... on What Would You Do With a New Form of Encryption? · · Score: 2, Insightful
    Proving you're smart in encryption shouldn't translate into proving you're smart in security matters.

    Bruce has proven he's smart in both, but I know a middling amount about security, and the only encyption stuff I completely understand is basic stuff like OTPs and how public/private keys function (Not now to code a program that uses them, mind you, just that you get two large primes and multiply them together, and one prime and the product together is the private key and the other is the public key.) and that a quick way to factor the product of two large primes would really suck for 75% of the encrpytion out there, though I've heard elliptic curve stuff doesn't rely on large primes and is safe.

    That almost literally is the sum of my knowledge. I couldn't tell you a damned thing about RSA4, or what that faily new theoretical attack on almost every encryption algorithm out there that I read recently in Counterpane.

    But at least I'm smart enough to know I'm incompetant in that area. ;)

    Meanwhile, I know enough about software security to write software that is free from security issues. (Note 'know enough' does not always translate into 'actually do'.) I'm not claiming tobe an expert, and some of the SE-Linux documentation shut my brain down, but I know how to setup a firewall and how to check for and fix a buffer overflow. But you could hand me a PGP message and a key and give me internet access (sans downloading PGP) and a day and I couldn't decode it, while I'm sure Bruce could.

    Encryption and security are not the same thing at all, anymore than cameras are real-world security. Real world security are cameras and security monitors and employeee screening and strong locks, and sometimes security guards and increasing complicated things.

    Encryption is 'just' a tool of computer security. (I put 'just' in quotes because encryption is nowhere near being a subset of computer security, encryption is probably more complicated than all other security issues put together.) Luckily, there are people out there who make encryption a drop in solution, so people who know about securing computers to not have to be math experts either. The experts can say 'this is not decodeable, you can send passwords over it' and we'll all nod and hope they know what they're talking about.

    Or, of course, we could all be Bruce, and know everything.

  5. Re:Mathematically impossible on What Would You Do With a New Form of Encryption? · · Score: 1
    I was under the assumption that you'd want to hash the plaintext, then encrypt the hash.

    Of course, that will 'reduce' the number of possible solutions by by only allowing ones that match the hash, but that's defeated by the fact you have no idea of what the hash is. However, it would let the receiver verify the message decoded right.

    (Or, more to the point, from the right spot on the pad. Miss a message and you can't decode things...but you could have a program that says 'That message didn't decode right, you may have missed a message, do you want for me to search forward for correct hashs?'. You could do this manually, and even automate it with a english recognizer, but it's nice to just have the computer automatically discard every message except the right one, without trying to see if it fit. Plus the computer wouldn't have to try to decompress the plaintext, or screw up if it's a GIF instead of a text message... The odds of a good hashing algorythm matching incorrectly is insane, and it would be very easy to just press 'keep searching' those one in fifty billion times it happens.)

    This makes each message a bit longer, though, so you actually need more pad than plaintext. (Well, before compression, that is. It would be reasonable to assume that 99.99% of plaintext messages can at least be compressed enough to fit in a hash in the 'extra' amount, because they are mostly text. A 100 character message that compresses to 65 bytes and adds 8 bytes for a hash doesn't worry anyone. And non-text messages are going to be so large that eight characters don't really matter.)

  6. That can't work, because... on What Would You Do With a New Form of Encryption? · · Score: 1

    kIdiKsuIWldopSPiSUiIU83Sjs8kaAS DIe81aIhATDODAqxiAid9Ad1dMnzAmq

  7. Re:'Many-Time Pad' on What Would You Do With a New Form of Encryption? · · Score: 1
    It's not worthwhile to do complicated remapping. You might as well, at the start of the message, include, in plain text, the exact offset you're using.

    Of course, this assumes you're using the pad correctly, aka, not ever using any of the bits more than once.

  8. Re:If you want to make money, patent it on What Would You Do With a New Form of Encryption? · · Score: 1

    You can actually encrypt a OTP with a OTP and use it again....of course, this doesn't help you in any way, because the other end would also have to have the second OTP, and, if they do, it's easiest to just use that.

  9. Re:Easy. on What Would You Do With a New Form of Encryption? · · Score: 1
    Which is why no one uses OTP unless they want to communicate a really secure message at a later time, but are in physical contact earlier. Like the military and intelligent community. Physically hand someone a CD, and you can send someone 700 megs of data that you know for a fact cannot be intercepted at any point except the ends. They'd have to steal either the message before encryption or after decryption, or one of the two CDs.

    Of course, there's always the 'two pathes are harder to break than one' concept. I don't know if it's technically OTP, but you can simply generate the 'OTP' at the time, and send it over one channel and the encrypted data over another. Probably best to do this after you've encrypted it using conventional means, though.

  10. Re:DON'T MAIL STUFF TO YOURSELF!!! on What Would You Do With a New Form of Encryption? · · Score: 1

    Hell, some small banks do it even if you aren't.

  11. Re:learn to play the patent game on What Would You Do With a New Form of Encryption? · · Score: 2, Insightful
    If it's actually a one time pad, posting files encrypted by it on Usenet won't prove anything. ;)You can just make up any key to match any file that size.

    Of course, 'it's a one time pad, but I'm using it more than once' is just idiotic on the face of it.

  12. Re:Easy. on What Would You Do With a New Form of Encryption? · · Score: 5, Informative
    And, of course, everyone says it's a myth, but no one explains why, and thus it will balloon into a large and idiotic argument.

    The reason it's a myth is that it's perfectly possible to mail yourself an open envelope. Do that a few times when you're 18, wait ten years, and seal them up with a decade of inventions, make a billion dollars.

    But there's nothing wrong with the theory, and there are plenty of ways to do something similiar. For example, banks keep track of when people access safe deposit boxes, so you could just rent one of those and stick it in there.

    Actually, banks probably provide a service of this exact type.

    Of course, the only reason this would matter is if someone steals your invention. If they invent it independently, you gain nothing at all. they've patented your invention, and it doesn't even count as prior art. (It has to be published to be that.)

    But the whole thing's stupid. By defination you can't reuse one time pads, so I'm not sure how this even got on slashdot.

  13. Re:Been there, done that.... on Handling Campus AUP (non-)Violations? · · Score: 2, Insightful
    I don't know what's going on in your school, but at SPSU, the internal network was paid for by the housing authority, which is completely paid for by the student living there.

    The college had no more right to demand that it was only used for educational purposes than they'd have the right to demand that your room was only used for educational purposes. Now, basic sanity rules are good, just like the 'can't have loud music at all hours' rule. But that is more like a housing covenant than university rules.

    Now, internet access, on the other hand, is iffy by default, because it's not entirely paid for by the students living there. But the internal network is, and not really the university's business.

  14. Re:Telezapper on Fighting Telemarketers with Technology · · Score: 1
    You paid 50 dollars for a device that plays a tone over the phone?

    Just a year ago I bought a device that not only did that, but had a radio built in and a handset that would let me talk to people over the phone, and if I was not there there record a message. This device is called a 'cordless phone/digital answering machine' and it's an amazing new technology that should be showing up in stores about ten years ago.

    Mine was about 40 dollars.

  15. Re:Part of the problem... on Fighting Telemarketers with Technology · · Score: 1
    They once had a test market thingy at the Taco Bell I went every day for lunch. Every day that one week I ate something for free. Sometimes it was a meal, sometimes it was a small thing and I had to buy more to eat. And I filled out one form about it every day, and one form about Taco Bell and the food there in general.

    They asked me all sorts of interesting questions, like 'Would you like a taco and a drink for $1.00?' and stuff like that. And I was the first person I know to eat one of their cheese things that I can't think of the name of. (They're just cheese and sauce in a folded taco shell.)

    And that's the kind of corperate contact I have no problems with at all. Ask me my opinions, damnit, I'll tell you what I want from you.

  16. Re:It's much more fun on Fighting Telemarketers with Technology · · Score: 1

    That's the same reason I hum 'Greensleeves' while they're talking.

  17. Re:Why it's good to live in PA on Fighting Telemarketers with Technology · · Score: 1
    You know, it's all well and good to say that you'd call them, but they have to use the phone to call people, just in case, because there's not a book of phone numbers that you can look in to find someone who sells vinyl siding. I mean, how are you supposed to find them...

    What? What do you mean, 'yellow pages'?

  18. Re:I have a cell phone on Fighting Telemarketers with Technology · · Score: 1
    As someone else pointed out, you don't need phone service to have 911. Just cancel your service.

    Though I'm a little baffled as to why you check your answering machine if you honestly aren't using the line. Just let it ring.

    BTW, for emergency 911, it's actually a lot easier to just leave a few old cellphones laying around. Turned off, they hold their charge for months, and if it's a 'person in my house about to kill me' emergency, or a 'house on fire' type of emergency, I'm glad to know that I don't have to stand there making a phone call, and that my lines cannot be cut or damaged. (Or just another phone knocked off the hook.) And cell phone companies are required to provide 911 service to service-less phones.

  19. Re:Doo-doo-doot gadgets also stump public librarie on Fighting Telemarketers with Technology · · Score: 1
    What, mailing them that they have a book? I don't think that would work.

    And they probably do have email notifications.

  20. Re:Why? Because of 4-5 marketing calls A DAY [Wash on Fighting Telemarketers with Technology · · Score: 1

    That is telephonre harrassment, it's illegal, and the telephone companies are required to do something about it. If they refuse, or try to charge you, contact the police.

  21. Re:Give me a break! on Linux TCO: Less Than Half The Cost of Windows · · Score: 1
    Yeah, Open Office runs WAY better, can do more, is easier to install and maintain than MS Office (not).

    Please, marvel at the trollness. OpenOffice literally takes five seconds to install. (Or, at least, five seconds of your time to install.) It's one commmand, dude: rpm -U http://internalserver/openoffice.rpm

    Please explain how you can install MS Office in that amount of time. Or, more to the point, how you can install it in less time. Pointing at a file on the network (or a cd) and running a command that says 'install this' is pretty much the fastest way to install anything. If you want to install it remotely, it's 'ssh -l root machine rpm -U http://internalserver/openoffice.rpm'.

    I'm not one of those crazy people who thinks Windows has no useful CLI, but even though I don't know anything about it, I can be damned sure you can't install things with less than one command. (With the exception of autorun, but if you've got user machines that can install Office from a normal user you're pretty screwed anyway. And I've never seen a 'automatically completely install MS Office with no prompting CD' anyway, that would be a very annoying CD to have laying around.)

    Of course, you can always automatically install things with login scripts and whatnot, but that's just as easy to do for Linux as Windows. And isn't possibly with a standard Office install, you have to setup their special magical background install stuff.

    And I honestly have no idea how you 'maintain' office software. Openoffice just works. I don't know what you'd have to do to maintain it. (Don't have the slightest idea how you're maintain MS Office either...I know it has service packs, but they can't be that often, and I'm sure it can auto update.)

  22. Re:Perhaps... on Linux TCO: Less Than Half The Cost of Windows · · Score: 1
    Are there similar problems with patches in Linux?

    No, and this is one of the issues I have with Windows.

    Linux doesn't 'patch', ironically for a system that has the source available. When I get told there's an update, it's a new version number, and the entire package is updated. Not to mention there's a consistent way to install packages. (In fact, there's only the consistent way, that's the only way to do it.)

    It'd a lot more sane then the Windows 'patch something and leave no trace of it' approach. It's much easier to just do an 'rpm -q packagename' and get what version it is.

  23. Re:Can anybody confirm this? on Stealware: Kazaa et al Stealing Link Commissions · · Score: 1
    Um, we've had articles about this exact fucking practice for more than a year.

    But, please, remain in your little universe unexposed to real events.

  24. Re:Illegal Laws on Cringely On Civil Disobedience · · Score: 1

    12 and over is a delibrately misleading statistic. How about 18 and older?

  25. Re:I'll Start (Unless Somebody Has Beat Me To It) on Cringely On Civil Disobedience · · Score: 1

    (Psst. There has only been one episode of Firefly.)