> And if that's the case, why would Mojang EVER feel obligated to release their serve source code because a guy who literally stole it anyway is demanding they do so?
Because the bukkit project which released the decompiler/disassembled portions was owned by Mojang. And Mojang knew full well it was happening while they owned the project. So it was essentially Mojang who released it.
For dual screen setups, using the proprietary drivers is an absolute mess, while the open source drivers work perfectly. And the free drivers are perfectly adequate for non-high-end-gaming. I can play Minecraft at 1920x1600 with the open source Radeon driver at acceptable framerates.
Yes. There are free software projects making a driver for each of those, build upon Mesa. Both AMD (a lot) and NVIDIA (in small measure) has actually contributed to those projects, in addition to their closed source drivers.
My impression is that basically all Linux distributions install the open source drivers by default. And in my experience, installing the proprietary drivers is messy.
And most distributions uses 3D in the window manager by default.
So I imagine that many more Linux users use the open source drivers (which in turn use Mesa) than uses the proprietary drivers.
> 2^128 - 2^112 [...] it's significant, especially if you have a huge data center in Utah.
But 2^128/2^112=2^16=65536
As an upper limit, assume that you remove 100*2^112. But that will still only eliminate 100/65536=0.1% of the search space. Any key that is brute-forceable by NSA with those 0.1% removed is also brute-forceable without those 0.1% of the search space removed.
> What may be worse (I don't know) is the simultaneous equations that it creates that are invariant for keys from such a source. Maybe they could be used in a cryptographic attack to help solve the sorts of attack that try to build big systems of simultaneous equations to attack the key schedule.
Something like this seems slightly more likely. But assuming the bits were perfectly random before the removal of repeated blocks, for finite keys it still doesn't generate anything that couldn't have been generated by chance without the removal of repeated blocks.
Meh - NSA at the same time asked them to use a too short key length. And it was an open secret for a long time that NSA could brute-force it. https://en.wikipedia.org/wiki/...
Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.
For starters, they can come clean. All their press releases have been exercises in trying to say as little as possible, and be as misleading as possible whiile still not literally lying. For example, their non-denial of the $10,000,000 deal with NSA had half the press falsely reporting that RSA claimed there never any $10,000,000 deal.
Dual_EC_DRBG has been documented since 2006/2007 to be an insecure CSPRNG, even without the backdoor. I knew about it for example, and I do not even work in that field. The only way nobody at RSA Security (a huge company specializing in security) could not have heard about it is by putting their hands over their ears and yelling LALALA. And they didn't put 2 and 2 together about why NSA paid them $10,000,000 when the possible backdoor was discussed in the media and the cryptographic community?
I can accept that RSA Security might have been fooled in 2004. But they have not even tried to explain why they kept using Dual_EC_DRBG after 2006/2007. They have been caught with the hand in the cookie jar, and refuse to even try to defend themselves. Why should I try to invent explanations for their innocence for them?
> what evidence could RSA show us that would reinstate our trust
The point is that the circumstantial evidence is so hugely strong. This is not unfair - this is reality.
It is like finding you standing over a corpse in a pool of blood and a knife in your hand, with a $10 million payment to your account from the victims worst enemy. And you refusing to talk about how you got there, or why the victim's worst enemy sent you the $10 million. Do you think I have no right to make assumptions in that case?
Are you referring to this RSA's CTO Sam Curry's "defense", which Mathew Green and Matt Blaze has had so much fun ridiculing? http://blog.cryptographyengine...
RSA Security really haven't made anything close to a coherent defense.
Slashdot Mirror
Why do you need permission to listen to radio signals? I thought the FCC were only concerned with sending radio signals? Why would they care?
GNSS satellites orbit at 23,222km, so I would assume the signals were more or less globally available in any case.
> While security experts think the zero-day may be overpriced, they think the hacker will find a buyer regardless.
If they think there is a buyer who will pay $90,000 for it, then it is per definition not overpriced.
A Toyota is a type of car. A video codec is not a type of video coding format. Your bad example suggests that you have missed the point.
> VP9 is an open source codec
No, VP9 is a video coding format. A program which can decode data in VP9 format is a "codec".
Similar to how the C Programming Language is not a compiler.
https://www.youtube.com/watch?...
I am guessing that wrapping it in tinfoil would fix it? I know it works great for stopping the mind-control waves from getting into my head.
Here in Denmark, power is reliable enough to run a Linux server directly off a wall socket, and still get an uptime measured in years.
postfix.server from https://github.com/vonSchlotzk... :
[Unit]
Description=Postfix Mail Daemon
After=network.target
[Service]
Type=forking
ExecStart=/usr/sbin/postfix start
ExecStop=/usr/sbin/postfix stop
Restart=always
[Install] /etc/init.d/postfix :
WantedBy=multi-user.target
266 lines, too long to print here, and just as ugly as sendmail.
So the postfix sysv init script is 113 lines LONGER while the .service file is 4 lines SHORTER than the sendmail example.
Prices fell more like 40%: http://www.jcmit.com/flashpric...
> And if that's the case, why would Mojang EVER feel obligated to release their serve source code because a guy who literally stole it anyway is demanding they do so?
Because the bukkit project which released the decompiler/disassembled portions was owned by Mojang. And Mojang knew full well it was happening while they owned the project. So it was essentially Mojang who released it.
Intel has an insanely high Gross Profit Margin of 75%. That is the opposite of selling at a loss.
http://www.thestreet.com/story...
> As of now, only AfriNIC is not in address exhaustion mode."
That is not true - ARIN (north America's RiR) is still handing out IPv4's and will continue to do so until down to their last /10.
https://www.arin.net/resources...
For dual screen setups, using the proprietary drivers is an absolute mess, while the open source drivers work perfectly. And the free drivers are perfectly adequate for non-high-end-gaming. I can play Minecraft at 1920x1600 with the open source Radeon driver at acceptable framerates.
Yes. There are free software projects making a driver for each of those, build upon Mesa. Both AMD (a lot) and NVIDIA (in small measure) has actually contributed to those projects, in addition to their closed source drivers.
My impression is that basically all Linux distributions install the open source drivers by default. And in my experience, installing the proprietary drivers is messy.
And most distributions uses 3D in the window manager by default.
So I imagine that many more Linux users use the open source drivers (which in turn use Mesa) than uses the proprietary drivers.
MineCraft
And from http://www.sintel.org/download
> 2^128 - 2^112 [...] it's significant, especially if you have a huge data center in Utah.
But 2^128/2^112=2^16=65536
As an upper limit, assume that you remove 100*2^112. But that will still only eliminate 100/65536=0.1% of the search space. Any key that is brute-forceable by NSA with those 0.1% removed is also brute-forceable without those 0.1% of the search space removed.
> What may be worse (I don't know) is the simultaneous equations that it creates that are invariant for keys from such a source. Maybe they could be used in a cryptographic attack to help solve the sorts of attack that try to build big systems of simultaneous equations to attack the key schedule.
Something like this seems slightly more likely. But assuming the bits were perfectly random before the removal of repeated blocks, for finite keys it still doesn't generate anything that couldn't have been generated by chance without the removal of repeated blocks.
I agree that the output is not random by the standard definition. And obviously a bad RNG.
But making a practical attack based on that seems unlikely to me.
> For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.
Wait what - you designed Intel's RdRand hardware RNG?
So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P
Meh - NSA at the same time asked them to use a too short key length. And it was an open secret for a long time that NSA could brute-force it. https://en.wikipedia.org/wiki/...
> And what if there is a hash collision?
Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.
I freely admit that I assume they are guilty because of 1) all the damning evidence 2) their refusal to defend themselves.
And I submit that all reasonable persons should assume they are guilty for the same reasons. Assuming they are not guilty would be incredibly stupid.
For starters, they can come clean. All their press releases have been exercises in trying to say as little as possible, and be as misleading as possible whiile still not literally lying. For example, their non-denial of the $10,000,000 deal with NSA had half the press falsely reporting that RSA claimed there never any $10,000,000 deal.
Dual_EC_DRBG has been documented since 2006/2007 to be an insecure CSPRNG, even without the backdoor. I knew about it for example, and I do not even work in that field. The only way nobody at RSA Security (a huge company specializing in security) could not have heard about it is by putting their hands over their ears and yelling LALALA. And they didn't put 2 and 2 together about why NSA paid them $10,000,000 when the possible backdoor was discussed in the media and the cryptographic community?
I can accept that RSA Security might have been fooled in 2004. But they have not even tried to explain why they kept using Dual_EC_DRBG after 2006/2007. They have been caught with the hand in the cookie jar, and refuse to even try to defend themselves. Why should I try to invent explanations for their innocence for them?
> what evidence could RSA show us that would reinstate our trust
The point is that the circumstantial evidence is so hugely strong. This is not unfair - this is reality.
It is like finding you standing over a corpse in a pool of blood and a knife in your hand, with a $10 million payment to your account from the victims worst enemy. And you refusing to talk about how you got there, or why the victim's worst enemy sent you the $10 million. Do you think I have no right to make assumptions in that case?
> What RSA Security has specifically said is that they knew about the backdoor when they made the $10,000,000 deal.
That should of course have been:
> What RSA Security has specifically said is that they didn't know about the backdoor when they made the $10,000,000 deal.
Are you referring to this RSA's CTO Sam Curry's "defense", which Mathew Green and Matt Blaze has had so much fun ridiculing? http://blog.cryptographyengine...
RSA Security really haven't made anything close to a coherent defense.