It may be just me (I suspect not) but I don't believe I have never been on a project in my 25+ year career where there was any time given later to refactor the code as long as it worked as specified. There may have been one somewhere, but I don't remember it. That's not to say I haven't been on projects that were scrapped and restarted some time in the future.
Not to be a hater, but it seems like/. has a story about somebody sending a balloon to the upper atmosphere once a week. This one does have an education angle, but really most of them do. That said, I would love to do it myself sometime, but I wouldn't expect/. to cover it.
Thanks, yeah, you're probably right. After I posted I looked further down the thread and thought, Oh shit, everyone's going to think I'm a creationist nutjob,
Here's the whole article, for those who still can't get to it:
New research: There's no need to panic over factorable keys--just mind your Ps and Qs
By Nadia Heninger - Posted on February 15th, 2012 at 2:16 am
You may have seen the preprint posted today by Lenstra et al. about entropy problems in public keys. Zakir Durumeric, Eric Wustrow, Alex Halderman, and I have been waiting to talk about some similar results. We will be publishing a full paper after the relevant manufacturers have been notified. Meanwhile, we'd like to give a more complete explanation of what's really going on.
We have been able to remotely compromise about 0.4% of all the public keys used for SSL web site security. The keys we were able to compromise were generated incorrectly--using predictable "random" numbers that were sometimes repeated. There were two kinds of problems: keys that were generated with predictable randomness, and a subset of these, where the lack of randomness allows a remote attacker to efficiently factor the public key and obtain the private key. With the private key, an attacker can impersonate a web site or possibly decrypt encrypted traffic to that web site. We've developed a tool that can factor these keys and give us the private keys to all the hosts vulnerable to this attack on the Internet in only a few hours.
However, there's no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. (It's certainly not, as suggested in the New York Times, any reason to have diminished confidence in the security of web-based commerce.) Unfortunately, we've found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis.
We're not going to announce every device we think is vulnerable until we've contacted their manufacturers, but the attack is fairly easy to reproduce from material already known. That's why we are working on putting up a web site that you can use to determine whether your device is immediately vulnerable.
Read on for more details, and watch for our full paper soon.
Don't worry, the key for your bank's web site is probably safe
SSL is used to authenticate every major web site on the Internet, but in our analysis, these were not the keys that were vulnerable to the problems outlined in this blog post.
So which systems are vulnerable? Almost all of the vulnerable keys were generated by and are used to secure embedded hardware devices such as routers and firewalls, not to secure popular web sites such as your bank or email provider. Only one of the factorable SSL keys was signed by a trusted certificate authority and it has already expired. There are signed certificates using repeated keys; some of them are generated by vulnerable devices, some of them are due to website owners submitting known weak keys to be signed, and for some of them we have no good explanation.
Embedded devices are well known to have entropy problems. However, until now it wasn't apparent how widespread these problems were in real, Internet-connected devices.
Background: key generation
Websites and networked computers use public-key cryptography for authentication. The kind of authentication that we will be talking about here is a server certifying to a client that it really is the server that the client intended to connect to. An attacker who knows the private key to one of these systems would be able to impersonate the real system to a client or in many cases decrypt encrypted traffic between the client and server.
The most widely used cryptosystem for this purpose is RSA. The RSA cryptosystem is intended to be based on the difficulty of factoring large numbers. An RSA public key consists of a pair of integers: an encryption exponent e and a modulus N, which is a large integer that itself is the produ
I think this would be a great idea as long as MS keeps it well updated and people don't rely just on it. It would immediately improve the security of the PCs of all the people who don't bother with antivirus, but it may lull others into a false sense of security and give them an incentive to not get any other antivirus which would put a target for virus writers squarely on MS's solution.
I thought that the overall issue is that the dynamic range of the highs & lows is being compressed. So even with a volume limit on the max loudness, would the engineers engineer the song any differently?
A second issue is that the listening environment is changing - music is being played on portable devices in noisy environments - this isn't a fine listening room. As a result, this may be a case where too much dynamic range is lost on the listening audience, as the listener just wants to be able to hear everything without having to fiddle with the volume every few seconds.
Exactly, and this applies even more to watching DVDs in cars without headphones*. My wife is constantly saying "turn it down!" during the loud parts and I have to turn it back up on the quiet parts. Rinse, repeat.
*There are countless kids movies I have heard but never seen. Some are surprisingly enjoyable like that.
Slashdot Mirror
http://en.wikipedia.org/wiki/Pronunciation No, you fail.
It may be just me (I suspect not) but I don't believe I have never been on a project in my 25+ year career where there was any time given later to refactor the code as long as it worked as specified. There may have been one somewhere, but I don't remember it. That's not to say I haven't been on projects that were scrapped and restarted some time in the future.
Someone must have read that women't book, what's it called...?
Your statement only applies to Federal judges. Most judges that would hear a criminal case are not Federal judges.
Not to be a hater, but it seems like /. has a story about somebody sending a balloon to the upper atmosphere once a week. This one does have an education angle, but really most of them do. That said, I would love to do it myself sometime, but I wouldn't expect /. to cover it.
Thanks, yeah, you're probably right. After I posted I looked further down the thread and thought, Oh shit, everyone's going to think I'm a creationist nutjob,
How about carbon dating then? I have no idea, just asking in case someone knows offhand.
That's an interesting story, and one I hadn't heard before. However, I can't help but wonder how the hell you burn down a marble building?
Algae farts!
Under most circumstances, yes, but not at Taum Sauk
Here's the whole article, for those who still can't get to it: New research: There's no need to panic over factorable keys--just mind your Ps and Qs By Nadia Heninger - Posted on February 15th, 2012 at 2:16 am You may have seen the preprint posted today by Lenstra et al. about entropy problems in public keys. Zakir Durumeric, Eric Wustrow, Alex Halderman, and I have been waiting to talk about some similar results. We will be publishing a full paper after the relevant manufacturers have been notified. Meanwhile, we'd like to give a more complete explanation of what's really going on. We have been able to remotely compromise about 0.4% of all the public keys used for SSL web site security. The keys we were able to compromise were generated incorrectly--using predictable "random" numbers that were sometimes repeated. There were two kinds of problems: keys that were generated with predictable randomness, and a subset of these, where the lack of randomness allows a remote attacker to efficiently factor the public key and obtain the private key. With the private key, an attacker can impersonate a web site or possibly decrypt encrypted traffic to that web site. We've developed a tool that can factor these keys and give us the private keys to all the hosts vulnerable to this attack on the Internet in only a few hours. However, there's no need to panic as this problem mainly affects various kinds of embedded devices such as routers and VPN devices, not full-blown web servers. (It's certainly not, as suggested in the New York Times, any reason to have diminished confidence in the security of web-based commerce.) Unfortunately, we've found vulnerable devices from nearly every major manufacturer and we suspect that more than 200,000 devices, representing 4.1% of the SSL keys in our dataset, were generated with poor entropy. Any weak keys found to be generated by a device suggests that the entire class of devices may be vulnerable upon further analysis. We're not going to announce every device we think is vulnerable until we've contacted their manufacturers, but the attack is fairly easy to reproduce from material already known. That's why we are working on putting up a web site that you can use to determine whether your device is immediately vulnerable. Read on for more details, and watch for our full paper soon. Don't worry, the key for your bank's web site is probably safe SSL is used to authenticate every major web site on the Internet, but in our analysis, these were not the keys that were vulnerable to the problems outlined in this blog post. So which systems are vulnerable? Almost all of the vulnerable keys were generated by and are used to secure embedded hardware devices such as routers and firewalls, not to secure popular web sites such as your bank or email provider. Only one of the factorable SSL keys was signed by a trusted certificate authority and it has already expired. There are signed certificates using repeated keys; some of them are generated by vulnerable devices, some of them are due to website owners submitting known weak keys to be signed, and for some of them we have no good explanation. Embedded devices are well known to have entropy problems. However, until now it wasn't apparent how widespread these problems were in real, Internet-connected devices. Background: key generation Websites and networked computers use public-key cryptography for authentication. The kind of authentication that we will be talking about here is a server certifying to a client that it really is the server that the client intended to connect to. An attacker who knows the private key to one of these systems would be able to impersonate the real system to a client or in many cases decrypt encrypted traffic between the client and server. The most widely used cryptosystem for this purpose is RSA. The RSA cryptosystem is intended to be based on the difficulty of factoring large numbers. An RSA public key consists of a pair of integers: an encryption exponent e and a modulus N, which is a large integer that itself is the produ
Please provide documentation on when these regular bailouts of the USPS have occurred. You can't, because you are completely full of shit.
Now, does this mean that a company CAN'T pay them overtime or that they're NOT REQUIRED to pay them overtime? There's a big difference.
Okay, there's no GRAVITATIONAL convection, which is the dominant method that enables fresh oxygen to get to a fire in the earth's atmosphere.
Yeah, but with no convection to carry away the combustion byproducts and bring in more oxygen, it is much more difficult.
I think this would be a great idea as long as MS keeps it well updated and people don't rely just on it. It would immediately improve the security of the PCs of all the people who don't bother with antivirus, but it may lull others into a false sense of security and give them an incentive to not get any other antivirus which would put a target for virus writers squarely on MS's solution.
Really? You think it might be a half million? Or did you just want to get a post near the top?
Was this USB 2.0 or 3.0? I wouldn't think 2.0 would be fast enough to lose this much money this quickly.
If it's cheap, it works, and it buys time it may still be worth doing though. I don't think anyone sane is calling it a long term solution.
Trek's end by John Walker (Autodesk John Walker, not the spy) addresses this also, with a twist: Trek's End full short story online
It's a she, and her real name is Mwende.
I thought that the overall issue is that the dynamic range of the highs & lows is being compressed. So even with a volume limit on the max loudness, would the engineers engineer the song any differently?
A second issue is that the listening environment is changing - music is being played on portable devices in noisy environments - this isn't a fine listening room. As a result, this may be a case where too much dynamic range is lost on the listening audience, as the listener just wants to be able to hear everything without having to fiddle with the volume every few seconds.
Exactly, and this applies even more to watching DVDs in cars without headphones*. My wife is constantly saying "turn it down!" during the loud parts and I have to turn it back up on the quiet parts. Rinse, repeat. *There are countless kids movies I have heard but never seen. Some are surprisingly enjoyable like that.
I heard a while back that he was going to give the company away someday to charity, so not that big a surprise.
Coming out in a year and a half
It's a ploy to keep the funds flowing.