This is a very odd bug. The result (8500 * 1.000) * 7.71 produces the correct result. But after trying that formula, the original 8500 * 7.71 now produces the correct result too, even though trying it before produced 100000! 850 * 77.1 still produces 100000 even when written as (850 * 1.000) * 77.1.
Someone at Microsoft must be getting a swift kick about now. I wonder what convoluted code could have made such a random bug. Maybe someone with a decompiler who somehow didn't accept to the EULA (or had their four-year old accept it) could tell us what's going on.
I absolutely hate having to Force quit the.exe in order to save my session tabs and free up the memory.
You don't have to force quit Firefox to save your tabs. Just set it to open "My windows and tabs from last time" as the startup option. Your tabs will be automatically saved when you close Firefox. I find too many people abusing the crash recovery system just to save their tabs, when setting a simple option on the first options page will do what they want.
I know I'm answering an AC, but it is a legitimate point.
Longer answer: yeah maybe for some tiny key sizes, but we already have encryption that can't be broken till way past heat death.
You're right, but only for a single device. If you have a single "AES cracker", than it is realistically impossible for it to be cracked. But if you had 1 million AES crackers each working on a subset of keys, than it might be possible for it to be broken. Larger keys will certainly mitigate the problem, but the rising computational power of the average Joe's computer combined with huge botnets will certainly break at least the commonly used 128 byte keys for AES and 1024 byte keys for RSA.
I always wondered if a botnet could get large enough to effectively break encryption.
The only reason AES, RSA, and other algorithms are considered secure is the extremely large amount of time or processing power needed to brute force them. But with a "distributed supercomputer", a botnet operator could potentially brute force the keys, like those protecting Microsoft's driver signing, bank SSL certificates, and even the keys used by certificate authorities.
Breaking them could allow hackers to forge certificates, fake driver signing, sniff bank transactions, and circumvent other security measures. Even TrueCrypt is vulnerable if the encryption keys can be brute forced. With enough processing power, hashing algorithms are potentially vulnerable too; like those used for passwords.
Encryption is so heavily relied on by the computer industry that successful key breaking could cause lots of security problems. The only way to mitigate possible attacks is to use stronger encryption algorithms, use longer keys, and to use multiple encryption layers instead of relying on a single algorithm's strength.
That's why I have the CustomizeGoogle Firefox extension. It has an option to always use a secure connection to GMail, Google Calendar, Google Docs, Google Reader, and Search History. Now I never have to remember to use https:/// it just uses it automatically.
This system would be useful in addition to the current system, but it wouldn't replace the PIN. The x-ray is a good idea, and it would help prevent false negatives, but ensure it's safe! X-rays are a form of radiation, and the results of using them too much would be far worse than the occasional identity theft.
Give me a USB key with incredibly hard to break encryption and a Linux live CD. barring someone installing a keylogger INSIDE the machine it's safe. and there are ways to get around that as well, on screen keyboard for example.
Excellent idea. By booting a portable OS, you remove the untrusted OS/Applications problem. The on-screen keyboard would be a good idea as well, but it would be hard to implement without an OS in memory. A VM would defeat this, but I don't think anyone would go to that length just to steal a password for this one brand of key. If everyone was using these, then hackers might go to more extreme methods. A fingerprint reader would be a welcome addition and would help mitigate attacks from keyloggers. Making the amount of tries before auto-destruction changeable would also be a good idea. It would help rubber-hose attacks since if you set the retry amount to a low number (2-3), you could just give them a couple wrong passwords and your data would be toast.
The IronKey just seems to be an encrypted USB key with better hardware, but not much more secure than TrueCrypt on a normal key. If they could keep their good hardware design, add a fingerprint reader, add the capability to change the number or retries, and implement a good bootable OS with Firefox and Tor, then it would be truly secure. For now, I think I'll stick with my password protected U3 drive with TrueCrypt for my secure files.
The problem isn't with piracy, it's with counterfeiting. Piracy is when someone steals a copy of a product without the owner's permission (like music piracy). Counterfeiting is when someone makes a cheap copy of a product and sells it as the actual product. Hardware is subject to counterfeiting, but not piracy (correct me if I'm wrong). Software is subject to both counterfeiting and piracy. I assume the author simply got his terms mixed up, but the "correct" term here is counterfeiting.
Stop using systems that are inherently flaky. (EG: MS Windows) Move on to something that's proven to be resistant to viruses and the like. MacOSX, Linux, BSD, and other *nix variants are a good bet for the immediate future, but I'd wager that the best bet would be to revive DEC VMS! You're exactly right. No matter how many Band-Aids you put on a strainer, it'll still leak. However instead of using an operating system based on an old operating system like VMS, I would write a totally new operating system from the ground up. Use a new kernel model (like a second generation microkernel) and write it in an object-oriented programming language (like C++ or C#). A nice system of libraries (like the.NET framework) should round out the system. Aim for security first, reliability second, simplicity third, and optimize it for performance last.
The "Updater" model - almost in place now, you pay a subscription fee to have software downloaded automagically that takes care of security issues. The main point here is that for this to work, it has to provide a strong assurance of quality, which this does not. I've seriously been thinking of this model. If it's reasonably priced, and addresses the off-line issue, this distribution model might work. Microsoft has tried this with businesses in Software Assurance, but they overpriced the subscription and under-release the OS updates. Ensuring the licenses aren't used after the subscription expires and getting customers used to the model are the biggest issues that need to be met before it becomes a viable alternative.
Man, got windy on this post. Hope you enjoyed it! I do enjoy long posts full of ideas. Keep it up!
If he opens it, and it fails to become popular he's no worse off than if he left it closed. However, the few customers he does get are better off, because when he gets tired of pushing an unsuccessful product and gives up, they still have the code and can maintain it in their little niche. But he wants to make a living off of it. I would suggest that he keep it closed if he wants to make money off of it. But if he decides to drop it, he ought to BSD the code and give it away, especially to his customers. Netscape did this, and the project that you open sourced might become popular by itself. But there isn't a very strong business case to selling open source software, unless it's with enterprise support (think Redhat, Novell, MySQL).
The line between 'software' and 'pharmaceutical' is already blurring. Once nanotech arrives, the line will be completely obliterated. Software is a bunch of abstract ones and zeros, drugs are physical compounds. Even when some pharmaceutical company patents nano-robots to repair the body, it's still a physical compound, not an abstract pattern. The software to run the robots wouldn't be patentable, but the robots themselves will be.
The Constitution doesn't mention patent law. Indeed, it horribly fails to enumerate the very right to property -- a right which, for a human, is an indivisible part of the rights to life, liberty, and the pursuit of happiness. The U.S. Constitution states in Article 1 Section 8 Paragraph 8 in the list of powers delegated to Congress: To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;
The Constitution doesn't spell out the exact terms, it leaves that up to Congress. Congress split it up into copyrights (to secure authors rights to their respective writings) and patents (to secure inventors rights to their respective discoveries). Congress has full authority to establish a patent system. I agree about the rights to property not being spelled out, but that is a different topic.
Patents, like physical weapons, can be used offensively or defensively. If some company rips you off, your patent is the appropriate weapon to reclaim what's yours. I agree that they can be used as defensive weapons, that's what might happen to M$ if they sue open-source projects, but they are often used as an offensive weapon and bargaining tool, even if the "infringing" company didn't rip anyone off. The article is about a company that is going to use the patent system to rip other companies off, not to protect their own products.
You obviously misunderstood. I said we don't need congress to reform the patent system if the Supreme Court will overturn software patents. We need a company that will take a software patent case up to the Supreme Court if the justices would overturn it (and based on the above comments, I'd say that it's very likely).
Wow, Scalia and Breyer are agreeing is certainly a first.
However, I like the way the Supreme Court is going on the software patent issues. We don't need patent reform, we need some big company with big pockets to pay lawyers (I can think of several companies) and a company with a backbone to stand up to the trolls and take the cases all the way up the the Supreme Court (that leaves about zero companies left). I don't oppose patents in general, just software patents. Businesses that pour tons of money in R&D to develop totally unique products (like drug companies) deserve the right to have a temporary monopoly, that's what is allowed under the constitution. Patents go wrong when they're used as weapons and sole revenue producers. Go Scalia and Breyer!
I have to admit that you're right about the copyright holder's name in the license, but that's not as much of an issue if it's an organization that holds the copyright (i.e. Mozilla, Apache, etc...). The beauty of a permissive license it that that if others contribute under a permissive license, than you can include their changes without having to request copyright permission or include multiple licenses in the source code. It's still a good idea to attribute the specific changes in the code to the author, but unless the author's license requires it, it's not required. Permissive open-source licenses allow total freedom, whereas the GPL is almost totally free, except for the stipulation that you also release it under the GPL. The BSD allows you to release your code under any license, but the GPL requires to release it only under the GPL. I prefer the BSD because I want my code to benefit everyone, not just the open-source programmers.
That's why I like the format of the Creative Commons Licenses. They present an upfront bulleted list of the rights and restrictions for the license, and then include the legalese at the bottom. The user can easily understand what he is agreeing to and the lawyers and judges can't "interpret" it to mean something totally different.
because one of the few requirements of the BSD license is that it contain a notice, which mentions the name of the copyright holder three times. Where does it say that? The old version used to require you to include a notice in all advertising that it was developed by the University of California. The problem was that programmers would modify it to include themselves, and products would have an acknowledgement clause for each of these developers in their advertising which took up a lot of room. That's the biggest reason why they removed the clause in 1999. The new version doesn't have that clause, so it's not an issue anymore.
That's exactly why I like to release my free code under a permissive license. I don't subscribe to the particular ideals of the GPL movement (but I still like their software), and I want to be able to freely distribute and have others freely distribute and use my code without any usage restrictions. I don't want others stealing my code and claiming it as theirs, so that's why I included a clause in my Xenon Freedom License requiring them to include a little attribution note in the source code.
If you have Emacs, the "spook" program will insert a block of text with "suspicious" words in the bottom of your document. The idea is to make the government flag you email and have some government official read your entire boring email to make sure that you're not a terrorist. The benefit of it is that it's obviously a joke and you don't have to spend a few years in jail over it.
My friends don't understand why I like KDE better, but I like the applications, interface, and configurability better than GNOME. It's got a clean, crisp interface whereas GNOME tends to go for the earth tones and weathered icons. The applications also tend to be more complete (like Amarok) and intuitive (like the combination of file and internet browsing in Konqueror).
Not to start the dreaded KDE vs. GNOME fight, just my 2 cents.
Considering that WGA bypasses the hosts file, it's not impossible. I don't think that they'll do it, they could get into more monopoly issues, but it's certainly possible since they control the OS and browser.
Slashdot Mirror
This is a very odd bug. The result (8500 * 1.000) * 7.71 produces the correct result. But after trying that formula, the original 8500 * 7.71 now produces the correct result too, even though trying it before produced 100000! 850 * 77.1 still produces 100000 even when written as (850 * 1.000) * 77.1.
Someone at Microsoft must be getting a swift kick about now. I wonder what convoluted code could have made such a random bug. Maybe someone with a decompiler who somehow didn't accept to the EULA (or had their four-year old accept it) could tell us what's going on.
You don't have to force quit Firefox to save your tabs. Just set it to open "My windows and tabs from last time" as the startup option. Your tabs will be automatically saved when you close Firefox. I find too many people abusing the crash recovery system just to save their tabs, when setting a simple option on the first options page will do what they want.
I know I'm answering an AC, but it is a legitimate point.
Longer answer: yeah maybe for some tiny key sizes, but we already have encryption that can't be broken till way past heat death.You're right, but only for a single device. If you have a single "AES cracker", than it is realistically impossible for it to be cracked. But if you had 1 million AES crackers each working on a subset of keys, than it might be possible for it to be broken. Larger keys will certainly mitigate the problem, but the rising computational power of the average Joe's computer combined with huge botnets will certainly break at least the commonly used 128 byte keys for AES and 1024 byte keys for RSA.
~~FutureDomain~~I always wondered if a botnet could get large enough to effectively break encryption.
The only reason AES, RSA, and other algorithms are considered secure is the extremely large amount of time or processing power needed to brute force them. But with a "distributed supercomputer", a botnet operator could potentially brute force the keys, like those protecting Microsoft's driver signing, bank SSL certificates, and even the keys used by certificate authorities.
Breaking them could allow hackers to forge certificates, fake driver signing, sniff bank transactions, and circumvent other security measures. Even TrueCrypt is vulnerable if the encryption keys can be brute forced. With enough processing power, hashing algorithms are potentially vulnerable too; like those used for passwords.
Encryption is so heavily relied on by the computer industry that successful key breaking could cause lots of security problems. The only way to mitigate possible attacks is to use stronger encryption algorithms, use longer keys, and to use multiple encryption layers instead of relying on a single algorithm's strength.
~~FutureDomain~~The UN website is up, but the page with the Secretary-General's speeches is currently down.s ID=130&Body=xxxxxx&Body1=.
The URL for the actual speech site (bypassing the maintenance page) is http://www.un.org/apps/news/infocusRel.asp?infocu
Are you sure it's not omgponies.slashdot.org?
That's why I have the CustomizeGoogle Firefox extension. It has an option to always use a secure connection to GMail, Google Calendar, Google Docs, Google Reader, and Search History. Now I never have to remember to use https:/// it just uses it automatically.
I'm sure they wouldn't have any voice ads when you dialed 911. Even the $.35 pay phones don't charge for emergency calls.
Mod parent up!
This system would be useful in addition to the current system, but it wouldn't replace the PIN. The x-ray is a good idea, and it would help prevent false negatives, but ensure it's safe! X-rays are a form of radiation, and the results of using them too much would be far worse than the occasional identity theft.
Excellent idea. By booting a portable OS, you remove the untrusted OS/Applications problem. The on-screen keyboard would be a good idea as well, but it would be hard to implement without an OS in memory. A VM would defeat this, but I don't think anyone would go to that length just to steal a password for this one brand of key. If everyone was using these, then hackers might go to more extreme methods. A fingerprint reader would be a welcome addition and would help mitigate attacks from keyloggers. Making the amount of tries before auto-destruction changeable would also be a good idea. It would help rubber-hose attacks since if you set the retry amount to a low number (2-3), you could just give them a couple wrong passwords and your data would be toast.
The IronKey just seems to be an encrypted USB key with better hardware, but not much more secure than TrueCrypt on a normal key. If they could keep their good hardware design, add a fingerprint reader, add the capability to change the number or retries, and implement a good bootable OS with Firefox and Tor, then it would be truly secure. For now, I think I'll stick with my password protected U3 drive with TrueCrypt for my secure files.
The problem isn't with piracy, it's with counterfeiting. Piracy is when someone steals a copy of a product without the owner's permission (like music piracy). Counterfeiting is when someone makes a cheap copy of a product and sells it as the actual product. Hardware is subject to counterfeiting, but not piracy (correct me if I'm wrong). Software is subject to both counterfeiting and piracy. I assume the author simply got his terms mixed up, but the "correct" term here is counterfeiting.
Stop using systems that are inherently flaky. (EG: MS Windows) Move on to something that's proven to be resistant to viruses and the like. MacOSX, Linux, BSD, and other *nix variants are a good bet for the immediate future, but I'd wager that the best bet would be to revive DEC VMS! You're exactly right. No matter how many Band-Aids you put on a strainer, it'll still leak. However instead of using an operating system based on an old operating system like VMS, I would write a totally new operating system from the ground up. Use a new kernel model (like a second generation microkernel) and write it in an object-oriented programming language (like C++ or C#). A nice system of libraries (like the
The "Updater" model - almost in place now, you pay a subscription fee to have software downloaded automagically that takes care of security issues. The main point here is that for this to work, it has to provide a strong assurance of quality, which this does not. I've seriously been thinking of this model. If it's reasonably priced, and addresses the off-line issue, this distribution model might work. Microsoft has tried this with businesses in Software Assurance, but they overpriced the subscription and under-release the OS updates. Ensuring the licenses aren't used after the subscription expires and getting customers used to the model are the biggest issues that need to be met before it becomes a viable alternative. Man, got windy on this post. Hope you enjoyed it! I do enjoy long posts full of ideas. Keep it up!
Only $0.0025.
The Constitution doesn't mention patent law. Indeed, it horribly fails to enumerate the very right to property -- a right which, for a human, is an indivisible part of the rights to life, liberty, and the pursuit of happiness. The U.S. Constitution states in Article 1 Section 8 Paragraph 8 in the list of powers delegated to Congress:
To promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries;
The Constitution doesn't spell out the exact terms, it leaves that up to Congress. Congress split it up into copyrights (to secure authors rights to their respective writings) and patents (to secure inventors rights to their respective discoveries). Congress has full authority to establish a patent system. I agree about the rights to property not being spelled out, but that is a different topic.
Patents, like physical weapons, can be used offensively or defensively. If some company rips you off, your patent is the appropriate weapon to reclaim what's yours. I agree that they can be used as defensive weapons, that's what might happen to M$ if they sue open-source projects, but they are often used as an offensive weapon and bargaining tool, even if the "infringing" company didn't rip anyone off. The article is about a company that is going to use the patent system to rip other companies off, not to protect their own products.
You obviously misunderstood. I said we don't need congress to reform the patent system if the Supreme Court will overturn software patents. We need a company that will take a software patent case up to the Supreme Court if the justices would overturn it (and based on the above comments, I'd say that it's very likely).
Wow, Scalia and Breyer are agreeing is certainly a first.
However, I like the way the Supreme Court is going on the software patent issues. We don't need patent reform, we need some big company with big pockets to pay lawyers (I can think of several companies) and a company with a backbone to stand up to the trolls and take the cases all the way up the the Supreme Court (that leaves about zero companies left). I don't oppose patents in general, just software patents. Businesses that pour tons of money in R&D to develop totally unique products (like drug companies) deserve the right to have a temporary monopoly, that's what is allowed under the constitution. Patents go wrong when they're used as weapons and sole revenue producers. Go Scalia and Breyer!
I have to admit that you're right about the copyright holder's name in the license, but that's not as much of an issue if it's an organization that holds the copyright (i.e. Mozilla, Apache, etc...). The beauty of a permissive license it that that if others contribute under a permissive license, than you can include their changes without having to request copyright permission or include multiple licenses in the source code. It's still a good idea to attribute the specific changes in the code to the author, but unless the author's license requires it, it's not required. Permissive open-source licenses allow total freedom, whereas the GPL is almost totally free, except for the stipulation that you also release it under the GPL. The BSD allows you to release your code under any license, but the GPL requires to release it only under the GPL. I prefer the BSD because I want my code to benefit everyone, not just the open-source programmers.
That's why I like the format of the Creative Commons Licenses. They present an upfront bulleted list of the rights and restrictions for the license, and then include the legalese at the bottom. The user can easily understand what he is agreeing to and the lawyers and judges can't "interpret" it to mean something totally different.
Mod parent up!
That's exactly why I like to release my free code under a permissive license. I don't subscribe to the particular ideals of the GPL movement (but I still like their software), and I want to be able to freely distribute and have others freely distribute and use my code without any usage restrictions. I don't want others stealing my code and claiming it as theirs, so that's why I included a clause in my Xenon Freedom License requiring them to include a little attribution note in the source code.
If you have Emacs, the "spook" program will insert a block of text with "suspicious" words in the bottom of your document. The idea is to make the government flag you email and have some government official read your entire boring email to make sure that you're not a terrorist. The benefit of it is that it's obviously a joke and you don't have to spend a few years in jail over it.
Agreed!
My friends don't understand why I like KDE better, but I like the applications, interface, and configurability better than GNOME. It's got a clean, crisp interface whereas GNOME tends to go for the earth tones and weathered icons. The applications also tend to be more complete (like Amarok) and intuitive (like the combination of file and internet browsing in Konqueror).
Not to start the dreaded KDE vs. GNOME fight, just my 2 cents.
Considering that WGA bypasses the hosts file, it's not impossible. I don't think that they'll do it, they could get into more monopoly issues, but it's certainly possible since they control the OS and browser.
*begins digging through code*