Consider this. In Europe almost all EULAs of software products are illegal and void. In theory, people could sue companies or ignore the EULAs and sue if the companies try to apply them, but in reality nobody does it. Who has the money and will to pay for a lawyer and risk year-long lawsuits only to get a $15 CD coupon and a pre-formulated apology with advertisement leaflet in the end?
The right way to fix a broken system is to fix it, not to help lawyers get richer.
No software is 100% secure, all you can do is fix bugs and security holes as they become evident.
Absolutely spot on. I'm in the aviation business and sometimes our clients demand 100% secure software. They want us to use ridiculous and complicated tools like Spark and formal software verification. This is what I say to them: Look, no software is 100% secure, all you can do is fix bugs and security holes as they become evident. That's why our company uses Objective-C applications and the latest iPads for everything in the plane. Yes, you've heard me right: everything. We replace all microcontrollers and all avionics electronic equipment in the plane with Apple iPads, which are wired to actuators and sensors by hand. And the best thing is: This also gives the pilots access to thousands of great apps (such as Angry Birds) they can use during long and boring flights!
Sure, it's not a 100% secure, but then again, no software is, so what the fuck. We fix the bugs as they come up. Plus, it's cheaper.
I'm the maker of a password manager for non-mobile platforms and can't think of any technical reasons why a mobile app would be less secure, as long as you don't intentionally sacrifice security for performance. However, from my own surveys of my "competitors" on Linux, Windows, and OS X I can assure you that not half of the programs out there can keep the promises it makes.
One thing you might check out to evaluate such apps is whether the encryption method is made public and whether the author explains exactly which hashing and salting methods he uses. Of course, if you want to make sure you need the source code but it's a good rule of thumb. Just writing AES means nothing, it could be AES in ECB mode with weak password hashing and no salting. But to be honest, I've even seen apps that store the passwords XOR encoded in the prefs file, no kidding.
There are databases and search applications that can be made more accurate with the new data. For example, Denmark has an online system where citizens can enter the name of two drugs and get a list of possible side effects and warnings. There are also big US and European databases of this kind, although less open to the public (I believe).
Honi soit qui mal y pense? Perhaps you are not fully aware of the fact that MPEG-LA are waiting now until H.264 is fully adopted and has "won" the race, and only afterwards start suing other companies and software makers?
The patents are valid until 2027 and the licensing terms are renewed every 5 years...
If you're a God-loving, honest, and straight down to earth, hard-working, non-gay and non-commie/non-socialist man (a real man, not one of those metrosexual pervs) who likes to buy products very much, then you probably have nothing to fear. I guess.
But with every power user they also lose 5-10 ordinary customers. Or do you think my girlfriend or any of my friends will buy a Sony product after having asked me for advice?
God, you really have to wonder what's going on in the brains of Sony managers. If they had embraced the hacking/modding community like e.g. Lego did or at least tolerated it silently, they'd have obtained tons of free content, fan pages, free customer service, new customers and new uses for their hardware. Instead, they are constantly yelling "fuck you" at their regular customers and, quite frankly, I doubt that there are any "power" users left who would buy a Sony product.
It would help if the new UIs were based on actual studies in user interface ergonomy because I could swear this is no longer the case. Apple, Microsoft, Google, rather seem to "invent" GUIs and interface elements based on patent portfolios and wishful corporate thinking... heck, even Ubuntu is going into that direction.
Sigh. I can't say that I haven't seen that coming (including the Insightful) but still couldn't resist... Anyway, I'll never understand language afficionados.
C/C++ inherently buyy and unsafe?
No more buggy than code written in any other language, and only unsafe in the hands of people that don't know what they're doing.
A programming language is a tool, and you've got to chose the right tool for the right job. If you like a particular language and want to advertise it you should better emphasize its strong points rather than living in constant denial and invent silly arguments why weak points are in fact a strength. The argument that language X is only unsafe for people who don't know what they're doing is just ridiculous nonsense. But how much convenience, speed, or safety you need depends on the purpose, right? It's just a tool. In comparison to languages like Eiffel, Haskell, and Ada, C and C++ are inherently buggy and unsafe. There is no point in denying that. That doesn't mean that they are not the right choice for some (or most, if you think so) projects.
Regarding high integrity systems, maybe we should force advocates of language X to fly airplanes and drive cars that have been programmed from bottom to top in language X and let natural selection to the rest...
Aren't the basic programming concepts understood and defined now?
Not when it comes to parallel programming with the inherent synchronization issues. Particularly the attempts to automatically parallelize seemingly sequential programs are still in their infancy and even if these are more problems of compiler optimization these need a certain amount of support in the core language such as immutable data structures in the right place or a particular synchronization model.
But yeah, it is annoying that many recent languages are worse than what was there before in terms of readability, security, or practical expressivity. I'm not a big fan of Ada because of its sometimes arcane syntax and its verbosity, but you've got to admit that many modern languages barely have half of its features. Or, take those languages who shall remain unnamed whose inventors try to sell dynamic scoping as a good thing (whereas in reality they were probably just unable or too lazy to implement lexical scope).
That being said, in the end it's the libraries that count, and another big problem is that libraries are constantly being rewritten for each language or interfaced from inherently buggy and unsafe languages like C and C++. It's understandable and somewhat unavoidable but still idiotic.
overly broad patents owned by litigious corporations with deep pockets have created a fear among inventors or potential inventors that any new invention will be labeled as infringing by some corporation owning some broad patent.
The even worse problem is that this fear is justified.
Be it in software or hardware, an inventor nowadays has only two choices: Either you sell out your invention to one of the few big quasi-monopoly companies who hold large enough patent portfolios and bank accounts to defend themselves, or you have to make sure that you're not successful to stay under the radar of patent trolls.
Exactly! That's why I'm planning to buy 20000 copies of Madonna's Like a Virgin at a discount price of 15000 USD and store them in my Google account. That way, since elsewhere a song costs 99 cent each, I'll save 4800 bucks. A bargain, if you ask me.
Brute force is out of question if the cipher is secure and implemented correctly. Regarding techniques without brute force, it depends. If the keys are really independent and the system is designed with care it can and usually will be more secure. If I remember correctly, for two keys often triple encryption with minimum key (TEMK) is used and there is a proof that it is no less secure than single-pass encryption. (If you want, you can also take this as a confirmation of your claim.)
Generally speaking, increasing rounds or encryption passes can make the encryption more secure but careful cryptanalysis is needed to ensure it is not actually weakened. When encrypting twice, it is better to use two different ciphers than the same one and the keys must both be secure (enough entropy) and independent from each other.
Slashdot Mirror
Probably wouldn't help much.
Consider this. In Europe almost all EULAs of software products are illegal and void. In theory, people could sue companies or ignore the EULAs and sue if the companies try to apply them, but in reality nobody does it. Who has the money and will to pay for a lawyer and risk year-long lawsuits only to get a $15 CD coupon and a pre-formulated apology with advertisement leaflet in the end?
The right way to fix a broken system is to fix it, not to help lawyers get richer.
You have an intriguing sense of humor. Apple user?
No software is 100% secure, all you can do is fix bugs and security holes as they become evident.
Absolutely spot on. I'm in the aviation business and sometimes our clients demand 100% secure software. They want us to use ridiculous and complicated tools like Spark and formal software verification. This is what I say to them: Look, no software is 100% secure, all you can do is fix bugs and security holes as they become evident. That's why our company uses Objective-C applications and the latest iPads for everything in the plane. Yes, you've heard me right: everything. We replace all microcontrollers and all avionics electronic equipment in the plane with Apple iPads, which are wired to actuators and sensors by hand. And the best thing is: This also gives the pilots access to thousands of great apps (such as Angry Birds) they can use during long and boring flights! Sure, it's not a 100% secure, but then again, no software is, so what the fuck. We fix the bugs as they come up. Plus, it's cheaper.
I'm the maker of a password manager for non-mobile platforms and can't think of any technical reasons why a mobile app would be less secure, as long as you don't intentionally sacrifice security for performance. However, from my own surveys of my "competitors" on Linux, Windows, and OS X I can assure you that not half of the programs out there can keep the promises it makes.
One thing you might check out to evaluate such apps is whether the encryption method is made public and whether the author explains exactly which hashing and salting methods he uses. Of course, if you want to make sure you need the source code but it's a good rule of thumb. Just writing AES means nothing, it could be AES in ECB mode with weak password hashing and no salting. But to be honest, I've even seen apps that store the passwords XOR encoded in the prefs file, no kidding.
Congratulations! I haven't met him personally yet, but know many of his seminal papers and must say that he really deserves this award! Great work!
But it's got to be binary or at least ASCII.
There are databases and search applications that can be made more accurate with the new data. For example, Denmark has an online system where citizens can enter the name of two drugs and get a list of possible side effects and warnings. There are also big US and European databases of this kind, although less open to the public (I believe).
"blue rays", "ultraviolent", "voodoo"... I can't really put my finger on it, but there appears to be something sinister about it!
Which is a load of bullshit.
Honi soit qui mal y pense? Perhaps you are not fully aware of the fact that MPEG-LA are waiting now until H.264 is fully adopted and has "won" the race, and only afterwards start suing other companies and software makers?
The patents are valid until 2027 and the licensing terms are renewed every 5 years...
Maybe Google could buy MPEG-LA and end this nonsense once and for all?
They should buy MPEG-LA and then sack all of them. That would be great...
If you're a God-loving, honest, and straight down to earth, hard-working, non-gay and non-commie/non-socialist man (a real man, not one of those metrosexual pervs) who likes to buy products very much, then you probably have nothing to fear. I guess.
1. Nuke Brussels (not much of a loss)
2. Let the viruses do the rest.
3. Profit $$$
But with every power user they also lose 5-10 ordinary customers. Or do you think my girlfriend or any of my friends will buy a Sony product after having asked me for advice?
God, you really have to wonder what's going on in the brains of Sony managers. If they had embraced the hacking/modding community like e.g. Lego did or at least tolerated it silently, they'd have obtained tons of free content, fan pages, free customer service, new customers and new uses for their hardware. Instead, they are constantly yelling "fuck you" at their regular customers and, quite frankly, I doubt that there are any "power" users left who would buy a Sony product.
That sounds like pretty good news to me because the worst thing I can imagine is being held alive artificially in a coma.
So yes, please don't hesitate to let me die after a severe head trauma and give my organs to others. Thanks!
It would help if the new UIs were based on actual studies in user interface ergonomy because I could swear this is no longer the case. Apple, Microsoft, Google, rather seem to "invent" GUIs and interface elements based on patent portfolios and wishful corporate thinking... heck, even Ubuntu is going into that direction.
They will sue you for infringement of 100+ patents if you're successful with it.
Ha ha ha, good joke. Yeah, it's easy to get this impression nowadays so broken is the patent system...
Sigh. I can't say that I haven't seen that coming (including the Insightful) but still couldn't resist... Anyway, I'll never understand language afficionados.
C/C++ inherently buyy and unsafe?
No more buggy than code written in any other language, and only unsafe in the hands of people that don't know what they're doing.
A programming language is a tool, and you've got to chose the right tool for the right job. If you like a particular language and want to advertise it you should better emphasize its strong points rather than living in constant denial and invent silly arguments why weak points are in fact a strength. The argument that language X is only unsafe for people who don't know what they're doing is just ridiculous nonsense. But how much convenience, speed, or safety you need depends on the purpose, right? It's just a tool. In comparison to languages like Eiffel, Haskell, and Ada, C and C++ are inherently buggy and unsafe. There is no point in denying that. That doesn't mean that they are not the right choice for some (or most, if you think so) projects.
Regarding high integrity systems, maybe we should force advocates of language X to fly airplanes and drive cars that have been programmed from bottom to top in language X and let natural selection to the rest...
Aren't the basic programming concepts understood and defined now?
Not when it comes to parallel programming with the inherent synchronization issues. Particularly the attempts to automatically parallelize seemingly sequential programs are still in their infancy and even if these are more problems of compiler optimization these need a certain amount of support in the core language such as immutable data structures in the right place or a particular synchronization model.
But yeah, it is annoying that many recent languages are worse than what was there before in terms of readability, security, or practical expressivity. I'm not a big fan of Ada because of its sometimes arcane syntax and its verbosity, but you've got to admit that many modern languages barely have half of its features. Or, take those languages who shall remain unnamed whose inventors try to sell dynamic scoping as a good thing (whereas in reality they were probably just unable or too lazy to implement lexical scope).
That being said, in the end it's the libraries that count, and another big problem is that libraries are constantly being rewritten for each language or interfaced from inherently buggy and unsafe languages like C and C++. It's understandable and somewhat unavoidable but still idiotic.
overly broad patents owned by litigious corporations with deep pockets have created a fear among inventors or potential inventors that any new invention will be labeled as infringing by some corporation owning some broad patent.
The even worse problem is that this fear is justified.
Be it in software or hardware, an inventor nowadays has only two choices: Either you sell out your invention to one of the few big quasi-monopoly companies who hold large enough patent portfolios and bank accounts to defend themselves, or you have to make sure that you're not successful to stay under the radar of patent trolls.
Exactly! That's why I'm planning to buy 20000 copies of Madonna's Like a Virgin at a discount price of 15000 USD and store them in my Google account. That way, since elsewhere a song costs 99 cent each, I'll save 4800 bucks. A bargain, if you ask me.
How weird, you cannot link to it...
Absofuckinglutely.
That's why you would have to point your browser to solarmovie.eu instead of .com if you wanted to watch movies for free.
But, of course, I do not recommend that, because it would presumably be illegal.
Brute force is out of question if the cipher is secure and implemented correctly. Regarding techniques without brute force, it depends. If the keys are really independent and the system is designed with care it can and usually will be more secure. If I remember correctly, for two keys often triple encryption with minimum key (TEMK) is used and there is a proof that it is no less secure than single-pass encryption. (If you want, you can also take this as a confirmation of your claim.)
Generally speaking, increasing rounds or encryption passes can make the encryption more secure but careful cryptanalysis is needed to ensure it is not actually weakened. When encrypting twice, it is better to use two different ciphers than the same one and the keys must both be secure (enough entropy) and independent from each other.