It is true that a quantum computer wourld basically render all crypto schemes in use today
obsolete. However, along with the advent of quantum computing comes a crypto that is
unbreakable.
Crypto has many uses aside from strict confidentiality. It is also useful for authentication. Sending messages to people you've never met (web-of-trust). Digital cash....and more. So the "quantum cryptography" isn't a replacement for the types of cryptography that are impacted by quantum computing (namely public key systems).
Sounds like a good book. Hopefully it will give some of the the people who make decisions at companies a little bit more realistic view of what security is all about. Many of them have practically no clue and are easily swayed by ridiculous claims from snake oil vendors. It might also be good for computer weenies who have difficulty tempering their desire for perfect security.
In today's business model, it doesn't cost much more to listen to the most popular musicians
(with the exception of live shows, and I'm not sure how much of that is venue-gouging). A CD
is a CD, and the extra profit comes from volume.
It's not the venues. Some bands that strive to have low ticket prices play the same venues as the bands with exhorbitant prices. For instance, Phish will play Madison Square Garden and it will cost $25 a ticket, $30 for a special New Years Eve show. The Stones will play there and it's $100 for the nose bleeders.
The newly released distributed file system called Mojo Nation that has something like this. It uses a digital cash-like system to create an economy in resources (disk space, bandwidth, and CPU). All transactions are paid for in Mojo. Artists/publishers can also be tipped directly. It's a very cool system, check it out.
It's still under development but all open source. They have a site on SourceForge.
In the look & feel department, C# feels very much like C++. More so
than even Java. While Java syntax borrows much of the C++
syntax, some of the corresponding language constructs have a
slightly different form of use. While this is hardly a complaint, it's
interesting to note that the designers of C# went a little further in
making it look like C++. This is good for the same reason it was
good with Java. Being a professional C++ programmer, I use C++
way more than any other language. Eiffel, for instance, has a much
cleaner syntax than either C++, C# or Java, and at face value it
does seem as though one should bear with new syntax if this is
going to lead to cleaner, more easily understandable code, but for
an old dog like myself, not having to remember so much new syntax
when switching to another language is nothing short of a blessing
*sarcasm*
I'm so lame that I am unable to learn a new programming language syntax. Even though it's been thirty years since computers have become powerful enough to support parsers that can figure out the end of a statement without an explicit delimiter, it makes me feel all warm and fuzzy inside when I put that semicolon at the end of every line. Even though named arguments might be preferable to sequences of anonymous types, a new messaging syntax would more than my fossilized brain can tolerate. Asking mere computer programmers to learn something new is asking a little too much, after all, programmers tend to be slow learning. Instead, we should perpetuate outdated and inconvenient syntax. We wouldn't want to frighten the poor wittle programmers with something as radical and hard to grasp as a different syntax.
*sarcasm*
this is a unique device and will allow such searches to be more exact, but if you think that you'll
encounter this while entering the local deli, think again. trust me - it may take a Supreme Court
ruling, but that plume belongs to you and will be subject to the same rules and regulations of
search/seizure.
Think again. The plume could easily be construed as waste heat eminating from your body. Waste heat isn't protected by the 4th amendment. There was a case involving the use of infrared cameras on houses to detect heat emissions from basements (i.e. from grow lights). The Supremes ruled that the heat was waste and could be searched without a warrant.
In any event, your local deli could install these if they wished. Only the government is limited by the constitution with respect to searches. If you don't wish to be searched by your local deli or concert venue you always have the choice of not going.
One of my favorite topics in cryptography is the "Dining Cryptographers Problem" It describes a method to broadcast messages with unconditional sender untraceability. It's very simple and the basic protocol can be carried out by people sitting around a table with a single coin. Everyone knows that high school boys are fascinated by secret codes and ciphers...
In fact, it's so simple, here is the description of the protocol from the paper. The paper elaborates on why it works and generalizes it and also includes a proof.
Three cryptographers are sitting down to dinner at their favorite three-star restaurant. Their waiter informs them that arrangements have been made with the maitre d'hotel for the bill to be paid anonymously. One of the cryptographers might be paying for the dinner, or it might have been NSA (U.S. National Security Agency). The three cryptographers respect each other's right to make an anonymous payment, but they wonder if NSA is paying. They resolve their uncertainty fairly by carrying out the following protocol:
Each cryptographer flips an unbiased coin behind his menu, between him and the cryptographer on his right, so that only the two of them can see the outcome. Each cryptographer then states aloud whether the two coins he can see--the one he flipped and the one his left-hand neighbor flipped--fell on the same side or on different sides. If one of the cryptographers is the payer, he states the opposite of what he sees. An odd number of differences uttered at the table indicates that a cryptographer is paying; an even number indicates that NSA is paying (assuming that the dinner was paid for only once). Yet if a cryptographer is paying, neither of the other two learns anything from the utterances about which cryptographer it is.
You can learn a lot about cryptography, networking, synchronization, etc... by implementing a basic version of the network.
Artists would be better off creating their own sites for fans to download.......
The problem is that it is very expensive to run a server that can handle lots of fans downloading big music files. You need lots of bandwidth and that is still pretty expensive.
Check out Mojo Nation which is a distributed file system that makes it inexpensive to publish something that is very popular while maintaining a way to get paid. It reduces the load on individual servers by spreading files out among different hosts (redundantly) and uses market economics to prevent the "tradgedy of the commons" problem...
The only way that will happen is if music recordings no longer becomes "copyright-able". The reason why sharing recordings is illegal is because the recordings are copyrighted. It doesn't matter that it's music, the same applies to anything that's copyrighted.
Just because something is Copyrighted doesn't mean you can't legally share it with Napster. There are tons of artists who have given permission to trade their music but still retain the Copyright. Live concerts by Metallica, Pearl Jam, Dave Matthews, Phish, Grateful Dead, etc... are all legally tradeable on Napster (or anywhere else).
Isn't Gnutellanet being stopped right now due to some kind of DoS attack (randomized request packets & such)? Have they figured out how to fight those attacks yet?
Yes, MojoNation. A DoS attack uses resources, with MojoNation you have to provide resources in order use others. DoS attacks become pointless because they pay the victims and actually help the system to grow!
No, you are missing the point of the MojoNation system. You download something for free (well, it costs Mojo, but that won't be worth much) and later, if you like it, then you can leave a "tip" for the artist/publisher directly.
MojoNation seperates the payment of the creation of the content from the delivery of the content.
It is similar to the Street Performer Protocol. MojoNation seperates the payment of the creation of the data (the artists/publishers) from the payment for the delivery of the data.
Searching, uploading, downloading, etc... is payed for with Mojo; a microcurrency that is backed in CPU, Disk, and Bandwidth. When you download something, it costs Mojo (probably not ever going to be worth a whole lot). You earn Mojo by providing serivces like a content tracker/searcher, block server, or relay server.
After you have downloaded something, if you like it, you can leave a "tip" for the producer/artist (they have public keys and digital pseudonym).
Mojo Nation isn't a "pay per download" service like you might expect.
There are two types of payment systems built-in: Mojo and the PayLars system. The payment of the data is seperated from the payment of the delivery of the data. Mojo is a microcurrency economy backed by CPU, Disk, and Bandwidth. Whenever you want to search, upload, or download, or whatever, you pay in Mojo. Mojo is like digital cash, you can give the tokens to other people.... or sell them (on eBay or whatever). You can also earn Mojo by running a content tracker/searcher, a block server, or a relay server.
You download whatever you want, you pay whoever you got it from a little Mojo for their bandwidth and disk space. After the fact, if you liked it a lot, you can leave a "tip" for the artist/publisher (I believe in real money). So if your HD crashes you just download it again from someone.
Data is broken into lots of small redundant chunks. Only half of the available chunks are necessary to recreate the file. So the system is resistant to servers disappearing or hard drives getting cleared. Popular data stays around since the servers earn Mojo for letting people download it. You also put a lot less load on each individual server since you only need a small part of the total amount of data from each one. The client keeps track of which servers offer fast and reliable service.
Mojo Nation is intended to make in inexpensive to serve popular data, with a built-in way to get paid for it. Right now, it costs a lot to serve popular data; you need a fast connection and big servers.
As I understand it, there are two seperate payment systems. There is the microcurrency economy of Mojo that is backed with CPU, Disk, and Bandwidth. Searching, uploading, and downloading cost Mojo. You can earn Mojo by providing content trackers/searchers or by running a block server or relay server.
There is a seperate payment system for "tipping" content producers. This is for the artist. After you've downloaded something, if you like it you can tip the publisher. Public key cryptography lets you create persistent pseudonyms that cannot be forged. It seperates the payment of the creation of data from the actual delivery of the data. The Mojo Nation people believe this is the type of only artist compensation system that will work; they have to stop worrying about how and where people got the data and provide a way to get compensated after it has been acquired.
There is a reputation system built in. On a low level, your client remembers which block servers provided complete blocks and in a timely manner. At a higher level, your client can remember which content providers make good music, or encode music well...
Metadata and data are seperate. Data is split into lots of redundant chunks spread over many servers. The "map" to reassemble the blocks along with XML metadata describing the file is stored on seperate content trackers. You search the trackers for what you want, or someone sends you the metadata some other way, and then your client finds the blocks and reassembles the original file. With XML metadata you can get much richer fully searchable indexes than simple file names a.la. Gnutella. The metadata can be digitally signed too.
If it comes from Apple it won't have Graffiti. The Newton had real handwriting recognition. The Palm did not because it couldn't do it given the power/weight/price constraints. The Newton had it, but at the cost of being large, slow, and expensive; that's a big reason why it failed initially.
Has anyone seriosuly compared the time it takes to write something via hand writing recognition (i.e. on a Palm) vs. the time it takes with a keyboard?
You can't compare the Palm's so-called "handwriting recognition" to the Newton's. First of all, you could write anywhere on the screen (wherever you wanted the text), not just in a special spot, so your hand moves naturally; not the unnatural writing-every-character-in-the-same-spot thing you get with the Palm. Secondly, you could use your own hand writing, not one chosen by the engineers because it was easy to parse. Thirdly, you could write as fast as you wanted, the bitmaps are saved in place and later converted to actual strings in the background.
So you can write as fast as you would write on paper. For many people, that's faster than they can type.
The Newton failed because the software was so advanced that the available technology to run it was slow, expensive, large, and heavy. The Palm was a serious step backwards but it ran acceptably in available, inexpensive, and small/lightweight hardware. Now that there has been a few iterations of Moores law, the Newton stuff is poised to come back.
There was a virtal screen app for OpenStep known as "VirtSpace"... There is nothing that indicates that it would not be possible to port or recreate it for OSX. It's just not going to ship with OS-X.
What raptor21 wants will be out in January as Mac OS-X:
1) Unified standard printing architecture.
Mac OS-X has this. Since the display uses the same imaging model as printing (PDF), you get WYSIWYG for free. To print you just tell your objects to display themselves into a different buffer. The print panel, printer selection, print queues, and everything else are done for you and shared by every application (and it's not based on lpr)
2) Resuable components for the primary functions of applications.
Cocoa comes with many reusuable components. It has the obvious ones: text fields, buttons, scrolling views, matricies, table views, gas guages, check boxes, pop up lists, etc... It has many more. It has an extremely powerful multi-view text system that does multiple columns, rich text, unicode, spell checking, etc... There's tab views and "drawers", font and color panels, color wells,split views, a database independent access kit that rules (EOF), printing, faxing, and more. There's a document framework, undo, an extremely powerful pasteboard system, services, and filter services (plug ins that translate files from a foreign format to something your application can understand).
All of these resources are shared by all applications, where possible, to conserve resources. Most of them are very easy to use and many require no coding to setup. For instance, to add retractable drawers to the sides of your windows, you just drag-connect lines from the drawer instance to the window instance, to the view to be contained inside the drawer, and a line from the button/actuator-widget to the drawer instance and boom you are in business. No coding...
3) a standard for user interface (menu options e.t.c) Like edit->prefrences and not tools->options and file properties and every other place .
Apple certainly has the best reputation for this. All of these details are specified in a UI guidelines document and standard menu configurations are built into InterfaceBuilder.
4) A standard method for software installation. Like src goes here and binaries go here and so on.An API to make installation easy such that icons get put in the menu and links get crated automatically on the desktop.
X has a nice built-in software installer. When you install it leaves a receipt you can click on to uninstall or just compress some software.
X has a very powerful "Bundle" system (from NeXT). A bundle is a directory containing various subdirctories that contain application resources (binaries, source, headers, documentation, images, sounds, strings to be displayed the user, UI's, etc..). Localizable resources (like string, images, UI's) are kept in seperate directories for the region/language the resources are specific to. The Bundle class automatically fetches the proper localized resource based on the user's localization preferences. The Application itself is a bundle and there are bundles known as "Frameworks" for shared libraries. Frameworks can contain anything (code, headers, source, docs, images, sounds, etc...) and are stored together and are versioned (two or more different versions coexist peacefully: no more problems of a newly installed app installing an incompatible version on top of an existing version).
No API is needed for putting icons into the dock since the user can simply drag the application icon there himself; no having to drag icons into some obscure folder deep inside the system hierarchy.
Oh yeah, it's all running on BSD Unix with a Mach kernel. The sources of which are available here.
So you see, Unix can be made into a modern operating environment for all users, with a consistent user interface, and an API that is a joy to use for developers. However, they didn't build it on X and you'll probably have to buy a Mac to get it for now.
Python has been completely implemented in Java, it's called JPython. It runs on any JVM and you have access to the entire Java class library. It's wonderful for scripting Java applications or even writing complete applications and standalone scripts that utilize Java classes (in addition to the rich selection of Python clasess). You also get real garbage collection and threads, thanks to the JVM.
One of the best things, however, is the JPython interactive shell. It is a fantastic way to prototype and play with Java; interactive access to Java classes! woo hoo!
As I recall, one of the arguments his attorney was going to make was that forcing him to divulge this info in order to recover his property would violate his constitutional protection against self-incrimination.
While it hasn't been tested in court, many experts such as Mike Godwin believe the 5th amendment will not protect you from being forced to divulge your encryption keys and/or passphrases. They believe that encryption is like a safe and the passphrase is like the combination; there is lots of case law saying that safe combinations do not count as testimony and are not protected by the 5th amendment.
Oh yeah, tricky stuff like "My passphrase is 'I killed Jane Doe' so I can't be forced to divulge it" won't fly in court. Judges don't think that kind of thing is cute at all. If you refuse to obey a Judge's order, you can be held in Contempt of Court indefinitely. However, after a few years the Judge might release you if he believes there isn't a reasonable chance of you coughing up the keys. If the alternative is a mandatory-minimum 25 year or more sentence resulting from the newly discovered evidence, it might be a worthwhile strategy.
It's important to use perfect forward secrecy whenever possible. In perfect forward secrecy, the private/public key pair is not used to encrypt the session key, but only to authenticate it. The session key is then emphemeral and never stored. That means later recovery of the private key will not allow the attacker to decrypt previously recorded communication (only conduct future man-in-the-middle attacks and other authentication based attacks). Of course, this is not terribly useful for stored data. That's why you should store your sensitive data in your brain, or Sealand, where it is out of reach of the court.
The 1988 Electronic Communications Privacy Act, which has aften been ignored in these days of the DMCA, says that it is only legal to snoop on employee's email if they do not have a reasonable expectation of privacy. That means the IT departments need to make sure everyone knows that their e-mail may be read, otherwise it's not legal to snoop.
Roger McGuinn: says that aside from modest advances from recording, he never received a penny from royalties from the record companies, even for a gold album (500,000 copies). The only benefit he ever saw from the record companies was the promotion made his live performances popular and that is the sole way he has supported himself. With MP3.com he has made thousands of dollars. In other words: the record companies fucked him over and got rich at his expense but MP3.com was fair and he actually made money.
Mr. McGuinn's very short and to the point testimony can be found here.
The thing is, everyone knows that musicians need money to create music. It's painfully obvious in every single person's life that money is required to survive. If people like something enough they will support it because they know they won't get more if the musician starves. However, the "pay before you play" system the labels are envisioning will never ever work. The only thing that will work is the system buskers have been using for centuries; you hear it for free and if you like it you support them by tossing money into their hat/instrument-case. The difference will be that anyone in the world can listen, which will make the tip jar very full.
Run, don't walk, to Free S/WAN and get free IP/SEC transport level encryption for your Linux box. It can be configured to automagically negotiate strong encryption between any other IP/SEC box on the net (even using other vendor's products).
Slashdot Mirror
Burris
Burris
Burris
It's still under development but all open source. They have a site on SourceForge.
Burris
I'm so lame that I am unable to learn a new programming language syntax. Even though it's been thirty years since computers have become powerful enough to support parsers that can figure out the end of a statement without an explicit delimiter, it makes me feel all warm and fuzzy inside when I put that semicolon at the end of every line. Even though named arguments might be preferable to sequences of anonymous types, a new messaging syntax would more than my fossilized brain can tolerate. Asking mere computer programmers to learn something new is asking a little too much, after all, programmers tend to be slow learning. Instead, we should perpetuate outdated and inconvenient syntax. We wouldn't want to frighten the poor wittle programmers with something as radical and hard to grasp as a different syntax.
*sarcasm*
Burris
In any event, your local deli could install these if they wished. Only the government is limited by the constitution with respect to searches. If you don't wish to be searched by your local deli or concert venue you always have the choice of not going.
Burris
In fact, it's so simple, here is the description of the protocol from the paper. The paper elaborates on why it works and generalizes it and also includes a proof.
You can learn a lot about cryptography, networking, synchronization, etc... by implementing a basic version of the network.A copy of Chaums paper is located here.
Burris
Check out Mojo Nation which is a distributed file system that makes it inexpensive to publish something that is very popular while maintaining a way to get paid. It reduces the load on individual servers by spreading files out among different hosts (redundantly) and uses market economics to prevent the "tradgedy of the commons" problem...
Burris
Burris
MojoNation
Burris
MojoNation seperates the payment of the creation of the content from the delivery of the content.
Burris
Searching, uploading, downloading, etc... is payed for with Mojo; a microcurrency that is backed in CPU, Disk, and Bandwidth. When you download something, it costs Mojo (probably not ever going to be worth a whole lot). You earn Mojo by providing serivces like a content tracker/searcher, block server, or relay server.
After you have downloaded something, if you like it, you can leave a "tip" for the producer/artist (they have public keys and digital pseudonym).
Burris
There are two types of payment systems built-in: Mojo and the PayLars system. The payment of the data is seperated from the payment of the delivery of the data. Mojo is a microcurrency economy backed by CPU, Disk, and Bandwidth. Whenever you want to search, upload, or download, or whatever, you pay in Mojo. Mojo is like digital cash, you can give the tokens to other people.... or sell them (on eBay or whatever). You can also earn Mojo by running a content tracker/searcher, a block server, or a relay server.
You download whatever you want, you pay whoever you got it from a little Mojo for their bandwidth and disk space. After the fact, if you liked it a lot, you can leave a "tip" for the artist/publisher (I believe in real money). So if your HD crashes you just download it again from someone.
Data is broken into lots of small redundant chunks. Only half of the available chunks are necessary to recreate the file. So the system is resistant to servers disappearing or hard drives getting cleared. Popular data stays around since the servers earn Mojo for letting people download it. You also put a lot less load on each individual server since you only need a small part of the total amount of data from each one. The client keeps track of which servers offer fast and reliable service.
Mojo Nation is intended to make in inexpensive to serve popular data, with a built-in way to get paid for it. Right now, it costs a lot to serve popular data; you need a fast connection and big servers.
Burris
There is a seperate payment system for "tipping" content producers. This is for the artist. After you've downloaded something, if you like it you can tip the publisher. Public key cryptography lets you create persistent pseudonyms that cannot be forged. It seperates the payment of the creation of data from the actual delivery of the data. The Mojo Nation people believe this is the type of only artist compensation system that will work; they have to stop worrying about how and where people got the data and provide a way to get compensated after it has been acquired.
There is a reputation system built in. On a low level, your client remembers which block servers provided complete blocks and in a timely manner. At a higher level, your client can remember which content providers make good music, or encode music well...
Metadata and data are seperate. Data is split into lots of redundant chunks spread over many servers. The "map" to reassemble the blocks along with XML metadata describing the file is stored on seperate content trackers. You search the trackers for what you want, or someone sends you the metadata some other way, and then your client finds the blocks and reassembles the original file. With XML metadata you can get much richer fully searchable indexes than simple file names a.la. Gnutella. The metadata can be digitally signed too.
Burris
Burris
So you can write as fast as you would write on paper. For many people, that's faster than they can type.
The Newton failed because the software was so advanced that the available technology to run it was slow, expensive, large, and heavy. The Palm was a serious step backwards but it ran acceptably in available, inexpensive, and small/lightweight hardware. Now that there has been a few iterations of Moores law, the Newton stuff is poised to come back.
Burris
There was a virtal screen app for OpenStep known as "VirtSpace" ... There is nothing that indicates that it would not be possible to port or recreate it for OSX. It's just not going to ship with OS-X.
Burris
All of these resources are shared by all applications, where possible, to conserve resources. Most of them are very easy to use and many require no coding to setup. For instance, to add retractable drawers to the sides of your windows, you just drag-connect lines from the drawer instance to the window instance, to the view to be contained inside the drawer, and a line from the button/actuator-widget to the drawer instance and boom you are in business. No coding...
Apple certainly has the best reputation for this. All of these details are specified in a UI guidelines document and standard menu configurations are built into InterfaceBuilder. X has a nice built-in software installer. When you install it leaves a receipt you can click on to uninstall or just compress some software.X has a very powerful "Bundle" system (from NeXT). A bundle is a directory containing various subdirctories that contain application resources (binaries, source, headers, documentation, images, sounds, strings to be displayed the user, UI's, etc..). Localizable resources (like string, images, UI's) are kept in seperate directories for the region/language the resources are specific to. The Bundle class automatically fetches the proper localized resource based on the user's localization preferences. The Application itself is a bundle and there are bundles known as "Frameworks" for shared libraries. Frameworks can contain anything (code, headers, source, docs, images, sounds, etc...) and are stored together and are versioned (two or more different versions coexist peacefully: no more problems of a newly installed app installing an incompatible version on top of an existing version).
No API is needed for putting icons into the dock since the user can simply drag the application icon there himself; no having to drag icons into some obscure folder deep inside the system hierarchy.
Oh yeah, it's all running on BSD Unix with a Mach kernel. The sources of which are available here.
So you see, Unix can be made into a modern operating environment for all users, with a consistent user interface, and an API that is a joy to use for developers. However, they didn't build it on X and you'll probably have to buy a Mac to get it for now.
Burris
One of the best things, however, is the JPython interactive shell. It is a fantastic way to prototype and play with Java; interactive access to Java classes! woo hoo!
JPython is way cool.
Burris
Oh yeah, tricky stuff like "My passphrase is 'I killed Jane Doe' so I can't be forced to divulge it" won't fly in court. Judges don't think that kind of thing is cute at all. If you refuse to obey a Judge's order, you can be held in Contempt of Court indefinitely. However, after a few years the Judge might release you if he believes there isn't a reasonable chance of you coughing up the keys. If the alternative is a mandatory-minimum 25 year or more sentence resulting from the newly discovered evidence, it might be a worthwhile strategy.
It's important to use perfect forward secrecy whenever possible. In perfect forward secrecy, the private/public key pair is not used to encrypt the session key, but only to authenticate it. The session key is then emphemeral and never stored. That means later recovery of the private key will not allow the attacker to decrypt previously recorded communication (only conduct future man-in-the-middle attacks and other authentication based attacks). Of course, this is not terribly useful for stored data. That's why you should store your sensitive data in your brain, or Sealand, where it is out of reach of the court.
Burris
Burris
Mr. McGuinn's very short and to the point testimony can be found here.
Burris
Burris
Burris
Burris