Slashdot Mirror

← Back to Users

User: chongo

chongo's activity in the archive.

Stories
0
Comments
158
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 158

  1. Re: forcing researchers abroad on UK: Watch Out For The Return Of ITAR · · Score: 2

    Not every UK scientist would want to move to the US to find a job. Those involved in areas that are currently restricted in the US (new stem cell line work, certain types cloning) would find the entaglement in the US even worse.

  2. Re:help your PM help ypu on Project Management For Programmers? · · Score: 1

    err ... s/asked then/ask them/ ... suffering from being up to late working on a project. :-(

  3. Re:help your PM help ypu on Project Management For Programmers? · · Score: 1

    Errr ... s/ypu/you/g *sigh*

  4. help your PM help ypu on Project Management For Programmers? · · Score: 5, Insightful

    I found that it was easier to sit down with my PM and asked then the one thing they needed to make their job easier. If it was half way reasonable I went out of my way to give that to them ... in turn they seemed more willing to listen to reason and help form a project timeline that was 1/2-way based on reality.

  5. first book upgrade? on iPhoto Book Tackles Version Issues · · Score: 4, Interesting
    ''This is the first 'book upgrade' I've ever heard of.''

    Back in the days when computer documentation was only sent out in dead tree form, those loose-leaf books/binders were upgrade/updatable. CDC manuals, back in the 1970's, came with a free update service that continued well into the late 1980's.

  6. do-it-yourself one time pad on Encryption by Hand? · · Score: 5, Informative
    For a non-public key stream cipher:

    If you allow the addition of dice, say a d20 ...

    Setup by the sender:

    1. Generate a one-time pad by rolling the d20 and writing down the 1's digits (d20 face value mod 10).
    2. Transmit the one-time pad in a secure fashion (use somebody's public key suggestion, hand carry, etc.)
    Setup by the receiver:
    1. Receive the one-time pad from the sender.
    2. Store in a secure place.

    To encrypt:

    1. Convert each plaintext symbol into an alphabet of 100 values (00 thru 99).
    2. For each plaintext digit, remove a digit from the one-time pad and transmit the sum mod 10.
    3. Destroy the used digits of the one-time pad.

    To decrypt:

    1. Receive the cipher text from the sender.
    2. For each digit in the cipher, remove the next digit from the one-time pad and subtract mod 10, from the cipher digit.
    3. Convert the result, pairwise, (00 thru 99 alphabet) into plaintext symbols.
    4. Destroy the used digits of the one-time pad.

    Encrypt example:

    1. Plaintext: Hello
    2. One-time: 9690367034
    3. Alphabet: 0730373740
    4. Transmit: 9320630774

    Decrypt example:

    1. Receive Ciphertext: 9320630774
    2. Receive One-time: 9690367034
    3. Subtract mod 10: 0730373740
    4. Convert to text: Hello

    And yes, the devil in the details is in the secure transmission of the one-time pad (step 2 of sender setup). Key management is never easy. Storage and transmission of one-time pads is one of the reason why this form of crypto is not a realistic choice for most applications. However if you have some way to transmit the one-time pad ahead of time, say visiting the sender ahead of time and dropping off the one-time pad it is not a bad choice.

  7. updated list of who won on 16th IOCCC Winners Announced · · Score: 3, Interesting
    We have had 3 winners convert to non-anonymous status. The list of recent winners is now:

    Best of Show

    Jason Orendorff (USA) - An Adventure-like game

    Most likely to amaze

    Anonymous (Great Britain) - x86/ELF dynamic binary translator

    Best abuse of the rules (Most complete program)

    Fabrice Bellard (France) - A C subset programming system for x86 that can compile and execute itself

    Best X11 Game

    John Williams (USA) - Missile Command

    Best Short Program

    Raymond Cheong (USA) - Arbitrary precision square root

    Best position-independent code

    Brian Westley (USA) - A punch card printer/sorter

    Best Abuse of CPP

    Immanuel Herrmann (Germany) - A Turing machine

    Best Abuse of User

    Edward Rosten (England) - Greasy mouse

    Best One-Liner

    Jens Schweikhardt (Germany) - A shell glob matcher

    Best curses Game

    Kevin Pulo (Australia) - A Pong-like game across network

    Most eye-crossing

    Immanuel Herrmann (Germany) - A SIRDS-shaped SIRDS generator

    Most obfuscated sound

    Pierre-Philippe Coupard (USA) - A talking clock

    Best primal ASCII graphics

    Nicolas Ollinger (France) - Prints primes with a sieve graph

    Best AI

    Doug Beardsley (USA) - A suicide chess program

    Worst driver

    Chris King (USA) - A driver game
  8. Re:Did Microsoft enter this year? on 16th IOCCC Winners Announced · · Score: 4, Interesting
    We (the judges) don't look at who submitted the entries that did not win, so we could not tell you.

    There was the Bill Gates award that was given out back in 1993.

    On a slightly related topic, one can use the Best Utility from 1998 to pootify Microsoft's web site for better reading. :-)

  9. The list of who won on 16th IOCCC Winners Announced · · Score: 5, Informative
    An updated list of who won the 16th IOCCC may be found at:

    http://www.ioccc.org/whowon.html

    We have already had one anonymous winner request to become non-anonymous.

  10. a few liquid nitrogen safety points on Liquid Nitrogen Cooling at Home? · · Score: 5, Informative
    1. Use some reasonable ventilation

      While you may not need a ventilation hood, you should not store liquid nitrogen on a closed room.

      Pay attention to where the chilled nitrogen gas (that has just boiled) is going. Don't store or operate it near the top of stairs that lead down into a sealed room or basement as the chilled gas will flow downstairs and displace some of the air in the lower room.

      You should not have a problem if your rooms have reasonable ventilation / air flow.

    2. Be careful of chilled metal

      You can pour some amount of liquid nitrogen on your hand without a problem because the heat from you hand will form a boiling vapor layer and protect your hand for a while. On the other hand if you dunk something into the liquid nitrogen and chill it and then touch it, you can get a serious burn.

      A wire or aluminum plate that has been chilled to or near liquid nitrogen temperature will burn you almost instantly if you come in contact with it while it is still cold.

    3. Watch for icing and water hazards

      Ice and water can form around equipment where liquid nitrogen is boiling. The water runoff can ruin your hardware. The water can present a shock hazard as well.

      Be sure that your equipment is well grounded. Do not touch your system unless the power cord has been removed. Many motherboards and power supplies have electricity flowing in them even when the system is off. Always unplug before opening the system to reduce the risk of water condensation shock.

    4. Be careful around young kids

      The liquid nitrogen is a attractive hazard for kids. Be on alert of kids live or regularly visit where liquid nitrogen is in use. While you may take reasonable care, young kids may not. Young kids who see adults working with liquid nitrogen may get hurt if they try to play with it on their own.

      A young child can be seriously hurt if they try to touch or drink what they think is funny looking water.

  11. Re:There are alternatives on Factoring Breakthrough? · · Score: 3, Insightful
    So you are saying EC is vulnerable due to that it requires "only" 2^128 ops to crack and it can even be parallelized?

    No, that is not what I am saying. EC is more vulerable than RSA for a given key size where the CPU ops to perform the best known cracking algorithm are the same.

    CPU-op equivalent EC searches require only a modest amount of memory and can be run in parallel with nil communcation requirements. CPU-op equivalent RSA searches require large working sets with matrix operations that do not lend themselves to parallel operations once the initial sieve is performed.

    Even if you deploy a TWINKLE device in an RSA key crack that reduces the initial loading of the matrix to nil, the working set size of the matrix, the swap and/or system communication requirements become non-trivial for an CPU-op equivalent RSA key.

  12. Re:Alternatives such as EC may be vulerable as wel on Factoring Breakthrough? · · Score: 2
    To clarify and avoid confusion:

    The paper suggests a way to improve some of the steps required (such as some of the linear algebra work) to factor using the Number Field Sieve (NFS) for large keys.

    The paper does NOT give a method to improve the speed of cracking EC keys.

    Special purpose hardware could reduce the cost of cracking an RSA key. However: The same could be said of cracking an EC key. Using different special purpose hardware and different performance tuning, one should be able speed up cracking of EC keys as well.

    So ... If the existence of ideas to improve the speed of cracking sufficiently large RSA keys scares you and you worry about that might come next, then you should be even more worried about EC.

    Why? Not because of the exact idea outlined in the paper. The paper does not apply to EC. Because EC is subject to special purpose hardware improvements: perhaps even more than RSA.

    ... and because while two keys, one EC one RSA may require the same number of CPU cycles to crack, the key crack requires only a modest amount of memory, even for large EC keys. The RSA key (by factoring) requires a larger and larger working sets as the key size increases.

  13. Re:There are alternatives on Factoring Breakthrough? · · Score: 3, Insightful
    Sorry for the confusion! Allow me to clarify:

    A common mistake that some people make is to assume that one only needs to count CPU cycles. The so-called "MIPS years" measurements.

    Consider two keys that require the same number of CPU cycles to crack, one Elliptic Curve (EC) and one RSA. The EC key crack requires only a modest amount of memory, even for large EC keys. The RSA key (by factoring) requires a larger and larger working sets as the key size increases.

    Consider the cracking a 256 bit EC key and the cracking of a 1620 bit RSA key by factoring:

    Both efforts require about the same number of CPU operations.

    The EC crack requires only a modest amount of memory (a handful of Megabytes) and can be performed in parallel over many machines with nil communication between them.

    The RSA crack requires a working set of about 120 TBytes (120*1024 GBytes)! On a single machine, you will need ~2^47 bytes of ram in order to not to swap to death. Worse yet, you are evaluating a Matrix. You could try and split it over many machines but them the communication between them (as you perform row/col matrix ops) will kill you.

    So when I said two equivalently hard keys I should had said: two keys that require the same number of CPU operations to crack.

    Two keys can require the same number of CPU ops to crack. However, a 256 bit EC key needs only a modest amount of memory and can be cracked on many machines running in parallel. A 1620 bit RSA requires a HUGE 120 TByte matrix sitting in a single address space where swapping and/or inter-processor communication become a major problem.

  14. Alternatives such as EC may be vulerable as well on Factoring Breakthrough? · · Score: 3, Interesting
    Some have suggested that people should move away from RSA crypto and start using Elliptic Curve (EC) crypto. In fact the paper, if appicable to "useful" key sizes, suggest that the opposite is true.

    The methods described in the paper can be used to improve the cost of cracking EC discrete logs as well. The author, in a recent Usenet posting, points out that the paper's methods are likely to reduce the cost/effort of EC key cracking as well ... perhaps even more than RSA key factoring.

    The paper, combined with other other EC strength concerns suggests that EC is not the technology to turn to at the moment.

    In other words, if this paper has you concerned about the security of RSA keys by factoring, then you should be even more concerned about the safety of Elliptic Curves as well.

    But as others, including the author, have stated (in large friendly letters): DONT PANIC! It is not known if the ideas expressed in the paper are applicable to key sizes that are in common use.

  15. Re:There are alternatives on Factoring Breakthrough? · · Score: 2
    Yes, there are alternatives. However I would not jump into Elliptic Curve (EC) crypto at this point.

    Brute force EC does not require the memory size and bandwidth needed for things such as factoring in the Number Field Sieve (NFS). See:

    Robert D. Silverman's paper

    for more details. In short: Given two equivalently hard keys, one EC and one RSA, the EC key will require memory and less memory/CPU bandwidth and will be cracked for less cost using the state of the art methods we known today. NOTE: These art includes: THINKLE and NFS improvements including those discussed in the paper (on which this discussion thread hangs).

    Worse for EC: It is an active field of research. Every so often somebody publishes yet another eliptic curve special class that can be cracked much faster than brute force. In some cases it is very hard to determine if a given EC belongs to a weak key class. While these are mostly theoritical, the smart cryptologist will view them as troubling for EC key securiy at best.

  16. Re:Doubleclick IP blocks on DoubleClick Gets Into Spam · · Score: 2
    In case you wonder where the doubleclick IP address blocks are geo-located:
    • 204.176.152.248/21 - NEW YORK, NY, USA
    • 206.65.181.96/22 - NEW YORK, NY, USA
    • 206.65.181.104/21 - NEW YORK, NY, USA
    • 63.85.84.0/24 - NEW YORK, NY, USA
    • 204.176.177.0/24 - NEW YORK, NY, USA
    • 208.211.225.0/24 - NEW YORK, NY, USA
    • 208.203.243.0/24 - PALO ALTO, CA, USA
    • 204.178.112.160/19 - NEW YORK, NY, USA
    • 204.253.104.0/23 - NEW YORK, NY, USA
    • 216.230.65.64/28 - ATLANTA, GA, USA
    • 63.77.79.192/27 - NEW YORK, NY, USA
    • 192.65.80.0/24 - SCOTTS VALLEY, CA, USA
    • 128.11.60.64/27 - NEW YORK, NY, USA
    • 128.11.92.0/24 - NEW YORK, NY, USA
    • 199.95.210.0/24 - NEW YORK, NY, USA
    • 199.95.206.0/22 - NEW YORK, NY, USA

  17. 99/1 rule on spammers on Fighting The Spammers Down Under · · Score: 5, Informative
    Over the past 2 years we have noticed that more than 99% of the repeat spam comes from less than 1% of the sites.

    In addition to the usual anti-spam methods:

    one can block IP addresses that attempt to spam on a regular basis. Tools such

    can be configured to block frequent spammer IP addresses from your SMTP ports.

    The following is a list of IP addresses that we have observed spamming on a regular basis. Blocking these sites won't solve your spam problem. On the other hand blocking common spam locations as part of an overall anti-spam system will help.

    12.30.205.0/24 24.2.10.0/24 24.88.20.0/24 61.13.0.0/16 61.30.0.0/16 61.129.0.0/16 61.177.0.0/16 63.100.231.32/28 63.184.200.0/24 64.14.218.128/28 64.65.0.0/18 64.80.216.0/22 64.80.220.0/23 64.208.134.0/15 64.239.0.0/18 66.33.0.0/17 66.72.98.10/32 128.18.0.0/16 128.121.126.220/32 142.154.0.0/16 161.58.0.0/16 192.147.174.0/24 194.91.230.0/24 195.53.155.0/24 195.153.207.128/27 202.9.128.0/19 202.181.196.120/29 205.141.192.0/19 205.141.224.0/21 206.173.16.0/21 206.173.24.0/22 208.50.155.0/24 208.165.228.0/22 208.187.17.192/27 209.38.216.0/22 209.69.0.0/16 209.239.0.0/19 209.239.192.0/19 209.249.0.0/16 210.52.0.0/24 210.85.0.0/16 210.201.0.0/18 210.226.0.0/15 210.228.0.0/14 210.241.0.0/17 211.20.180.0/22 211.21.0.0/16 211.32.0.0/13 211.51.63.171/32 211.226.126.0/24 212.49.192.0/24 212.174.0.0/15 212.216.0.0/16 216.41.0.0/16 216.42.0.0/16 216.53.128.0/17 216.79.0.0/16 216.87.64.0/19 216.122.0.0/16 216.143.68.0/22 216.143.72.0/22 216.143.76.0/24 216.167.0.0/17 216.174.192.0/18 216.183.206.64/28

    Sorry if your IP address is in the above list. If you are not a spammer then it could be that you happen to be using an ISP that tolerates spammers (or is unable/unwilling to block them), or you work for a company that spam, or you are near a poorly configured and poorly maintained site that is abused as an open relay.

  18. Re:we are seeing SNMP scans on Security Hole In SNMP · · Score: 1
    Oops, I should have said:

    We have seen SNMP scans at a rate of about 17 per 3 hours (~5.6/hr) as ot 2300 PST.

    Sorry.

  19. we are seeing SNMP scans on Security Hole In SNMP · · Score: 2, Informative
    We have seen SNMP scans at a rate of about 17 per 4 hours (~6/hr) as of 2300 PST. The rate has been steady for the past 23 hours. One would expect the scan rate to increase as the exploit tool gets into the hands or more script kids. Prior to this week it was rare for someone to probe the SNMP ports.

    The scans are talking the IP address space in pseudo-random order. It appears to hold the top 16 bits constant while walking the lower 16 in a pseudo-random order. We have not seen simple SNMP scans that just walk up the IP address range.

    It appears that the tool is initially just looking for open SNMP ports. The tool could be simply collecting open SNMP ports for later system cracking.

  20. flux and control are also important on Lasetron to Produce Zeptosecond Flashes of Light · · Score: 2, Informative
    Important factors for photon pulses are the flux and the ability to trigger the event. We have had single photon emitters for a while. A single photon: It about as short of a pulse as you can get. Just not very bright. :-)

    What is exciting is about this result is they have achieved a very short controlled photon pulse of a non-trivial brightness.

  21. are they for real or just a bad pun? on Non-Profit Colocation? · · Score: 1
    Pardon me for what may seem like a troll post, but I cannot help wonder if these site/org is for real.

    They call themselves CCCP ... a pun intended or an early April fools joke?

    And their web site: Red background with Yellow letters. If not a visual pun, it shows poor color choice in terms of readability. If their web site is poorly designed, what else is in questionable shape?

  22. follow the money on California's "Wireless-Free" Zone · · Score: 1
    Firstenberg, the author of Microwaving Our Planet, a book that blames ...

    Firstenberg refused to disclose his diagnosis, which allows him to collect disability income.

    A book deal? Disability income? Enough said ...

  23. grub workaround on Major Linux/Athlon CPU bug discovered · · Score: 3, Redundant
    If you're using grub and want a quick but effective workaround, then edit your grub.conf file, which is usually under /boot/grub.conf or /etc. On the end of any line that begins with the word kernel add:

    mem=nopentium

    For good measure, re-install your grub config by running:

    /sbin/grub-install /dev/hda

    Where /dev/hda is your boot disk. For most PC users with IDE drives, it will be /dev/hda .

    Last, just reboot.

  24. /.-ing GEANT on A GEANT Leap Forward In Networking For Research · · Score: 0, Redundant
    GEANT ... with a backbone running at 10 Gbps

    But will it survive a /.? :-)

  25. raw Leonid counts from Fremont Peak on First-hand Account Of The Leonid Shower · · Score: 1
    You can see a graph of the Leonid storm on my web site.

    There were many and frequent bright fireballs. During the peak of the storm (1015-1130 UTC), the sky was frequently filled with multiple meteors! Wow!