I stand corrected. What I should have said is a more secure operating system. BSD seems to allow for stupider users and still retain some security. But still, it shouldn't be on a network with public or even encrypted wireless access. Computers that must be physically accessed in order to be compromised are the most secure computers.
If you hadn't replied already, I would have said exactly the same thing. It shouldn't even have an IP address on a network connected to the wide world. Computers not attached to networks cannot be hacked into remotely. Also, they should be running a secure operating system, such as BSD. Linux probably wouldn't even do the trick for something as critical as this.
Who agrees with me that we need to start a new country in Siberia or somewhere more convenient with open-source-style laws and constitution protecting civil liberties and (physical) property?
Limited copyright laws, no corporate patents, no DMCA, strict (and enforced) antitrust laws...
This is beginning to sound very much like what the founders wanted: protection of personal liberties and physical property. Where did that go? How did we lose these ideals and get to the point we are at over the past 200 years (~1812 was when the US really became independent, depending on how you look at it)?
Actually, you can buy a PC without windows installed. From Dell, you can get a desktop or laptop with Ubuntu or FreeDOS installed, and from System76 the only option is Ubuntu. My next computer will probably be from System76, as Dell has given me enough problems. The only parts of my computer I haven't replaced for free under warranty are the body (not warrantied), memory, CPU, and CD/DVD drive. The keyboard has been replaced twice. Not acceptable standards for a company to have. I'd much rather go with an unknown.
Other than that, point taken. Microsoft has a monopoly and the vast majority of people don't care. It's unfortunate, but true. (Keep in mind that those involved in/. are not a majority.)
Wait... so if it sends a challenge to the RFID and sends the same challenge to a database to see if they have the same response... then can't you just hook up your RFID copy to query the database and send the correct response?
Here's how I would do it: Have a secret password stored on the device and the same password stored in the database. You ask the device to identify itself. It hashes the password with a random salt that it can get from radio noise. It sends you the salt it used and the hash. You send both to the database, and the database identifies the chip if given correct information, otherwise returns an error.
You need a good hash, though, like the crypt function used for storing, oh, I don't know, passwords on Linux? Those are salted, too, in order to increase the security of the hash by protecting it from rainbow table attacks, and by making it so that two people can have the same password and have no indication of it.
Something that has lasted a very long time is ethernet. I can't imagine that that standard is likely to change too much. Same with HTTP and basic HTML. Therefore, I vote that you create your own device with a DVD drive attached to a small server that will create a network to which a computer can connect if attached by ethernet. Then it would serve the content of the DVD.
This should probably only be attempted by the adventurous and hardware savvy, as you would want to design your own hardware that is not powered by a CMOS battery.
The problem is that there is still homogeneity at the software level if everyone is running Window$. Linux is already heterogeneous in its applications, such as email clients, web browsers, music players, et cetera... You don't need hardware to create heterogeneity. The same software has the same vulnerabilities. Hardware tends to be much harder to hack, so heterogeneity at that level is useless except when talking about DRM.
I have one of those! Actually, two, but one was bought at a garage sale for use as extra parts, and does not always work. Manual cameras are awesomely fun to use! The control!!!
Yes, you may think that you're way above average as a driver, and you'd _never_ possibly cause an accident. Guess what? So does everyone else. Over 90% of the people think that their driving is above average. It's mathematically impossible. Well, actually, it isn't mathematically impossible. If 10% of people are bad at driving, and everybody else is equally good at driving, then 90% of people are above average.
However, this is certainly not the case, and I understand your point.
On another note, studies show that headsets are no better than just using the cellphone. Participants talking did not notice obvious things, such as a person walking around in a gorilla suit.
As for the movie theaters, if people really cared all that much, the theaters would already be lined with lead to block the signal. Obviously, people don't care that much.
They certainly don't have as much influence in the OSS community, because they aren't on the software channels yet, whereas firefox is (and hasn't even been released yet?!)
me@my-laptop:~$ opera --version ERROR: ld.so: object 'libjvm.so' from LD_PRELOAD cannot be preloaded: ignored. ERROR: ld.so: object 'libawt.so' from LD_PRELOAD cannot be preloaded: ignored. Opera 9.27 . Build 709 for Linux. Qt library 3.3.8b. me@my-laptop:~$ firefox --version Mozilla Firefox 3.0, Copyright (c) 1998 - 2008 mozilla.org me@my-laptop:~$
Both were installed off software channels, and both upgrade with "sudo apt-get upgrade" if an upgrade is available.
I agree that intrusive checks are pointless if they are meant to save lives. Aeroplane transportation is still much safer than car transportation, terrorists or not. So more effort needs to be taken in order to make the roads safer, not "increasing security" on an aeroplane.
Seriously, I will never trust security based on any sort of recognition, be it facial, iris, fingerprints, DNA, etc. The thing is that it is too easy to A) fake, and B) shoot yourself in the foot.
Because software recognizing anything always has to forgive a little, that breaks the security. Worse, how do you store the information of, say, a person's face? With passwords (on Linux) you hash the password with a salt, so that two people can have the same password and never know it. But what do you do with a face? Do you store the pixels? Do you store lines and measurements? Do you store color? In any case, this information actually has to be stored so that it can be compared with the live information from the fingerprint-reader or web-cam. That means lower security, since it might be feasible to read that information even if it is impossible to change. And if you can read that information, then you can replicate it in such a way that it matches the original information.
Regarding (B), say the person gets into an accident, has plastic surgery, gets stitches in their thumb, loses an eye, loses a hand, et cetera. Now they are rejected by their computer. But, if they had had a password or a pin, they still would have been able to log in. At this point, I am repeating what has already been said, so I will stop now.
As a comment on DNA, that should be easy to collect, as it is all over your computer. Or, if there isn't enough of it on your computer, it must be set up in a way where you have to take a cheek swab or a blood sample every time you want to log in, in the first case the garbage will do to find your source, and in the second, well, who really wants to do that just to log into their computer anyway?
In short, I am perfectly serious when I say, "It's more passwords and PINs for me!"
In my defense, I never said that they are getting what they deserve. On the contrary, anyone who gets a virus has my sympathy (since I had at least one when I still used windows).
I support linux for other reasons, mostly having to do with freedom and the ability to customize. Viruses don't really come into the picture for me. In addition, antitrust is important to me.
The thing is, though, that with linux there is one extra step: the program needs execution privileges. chmod a+x./file
In addition, most programs on linux are installed from software channels, and the distributor's software channels should be virus- and trojan-free.
As a last point, most people who write viruses write them for windows because the greatest number of people run it.
I lied. There is one more point. If you attack linux, everyone in the community rises up against you and throws fiery hailstones at your property. The hailstones can go through any firewall:)
What if there were a system for voting that were online encrypted over ssl that used personal information such as birthday, SSN, name, etc to verify that the person actually was who she said she was? This might be more secure than the current voting system, since often you don't need any form of identification in order to vote. This way, someone would have to steal your identity in order to vote in your name, and it would be hard to steal enough identities to cause a significant change in the election results.
Or are some people still two technologically inept to figure out how to use such a system?
Perhaps it still has the same faults that electronic voting today has: that the manufacturer can cause fraud.
Yeah it is, if you are lucky enough to get something BSD licensed. No guarantee that's going to happen even if all the projects it was based on were BSD, it might be all locked up proprietary when you obtain a derivative software. You're absolutely right. Just look at Mac OS X. I don't see any source code for that...
Slashdot Mirror
I stand corrected. What I should have said is a more secure operating system. BSD seems to allow for stupider users and still retain some security. But still, it shouldn't be on a network with public or even encrypted wireless access. Computers that must be physically accessed in order to be compromised are the most secure computers.
If you hadn't replied already, I would have said exactly the same thing. It shouldn't even have an IP address on a network connected to the wide world. Computers not attached to networks cannot be hacked into remotely. Also, they should be running a secure operating system, such as BSD. Linux probably wouldn't even do the trick for something as critical as this.
Who agrees with me that we need to start a new country in Siberia or somewhere more convenient with open-source-style laws and constitution protecting civil liberties and (physical) property?
Limited copyright laws, no corporate patents, no DMCA, strict (and enforced) antitrust laws...
This is beginning to sound very much like what the founders wanted: protection of personal liberties and physical property. Where did that go? How did we lose these ideals and get to the point we are at over the past 200 years (~1812 was when the US really became independent, depending on how you look at it)?
25 years ago I wasn't.
Only 235 patents? I thought it was more...
PgUP/PgDN, seriously?
Actually, you can buy a PC without windows installed. From Dell, you can get a desktop or laptop with Ubuntu or FreeDOS installed, and from System76 the only option is Ubuntu. My next computer will probably be from System76, as Dell has given me enough problems. The only parts of my computer I haven't replaced for free under warranty are the body (not warrantied), memory, CPU, and CD/DVD drive. The keyboard has been replaced twice. Not acceptable standards for a company to have. I'd much rather go with an unknown.
Other than that, point taken. Microsoft has a monopoly and the vast majority of people don't care. It's unfortunate, but true. (Keep in mind that those involved in /. are not a majority.)
You've got it straight.
In many ways, it sucks to try to do business in this country, particularly if your company is big enough to plunder.
-jcr
Unless, of course, you are Microsoft.
I suppose you are right, but that's still not how I would set it up. It requires the chip knowing too much.
True, but really? Add DRM when you can do the following?
dd if=/dev/cdrom of=/tmp/deleteme
replace dvd
dd if=/dev/cdrom of=/tmp/deleteme
(Device names may vary on your distro/hardware.)
Wait... so if it sends a challenge to the RFID and sends the same challenge to a database to see if they have the same response... then can't you just hook up your RFID copy to query the database and send the correct response?
Here's how I would do it:
Have a secret password stored on the device and the same password stored in the database. You ask the device to identify itself. It hashes the password with a random salt that it can get from radio noise. It sends you the salt it used and the hash. You send both to the database, and the database identifies the chip if given correct information, otherwise returns an error.
You need a good hash, though, like the crypt function used for storing, oh, I don't know, passwords on Linux? Those are salted, too, in order to increase the security of the hash by protecting it from rainbow table attacks, and by making it so that two people can have the same password and have no indication of it.
Damn it! I knew I shouldn't have wasted my time with that!
I don't think you have this exactly right. This is not a comparison. It is saying that IE created the six processes, not the testers.
Something that has lasted a very long time is ethernet. I can't imagine that that standard is likely to change too much. Same with HTTP and basic HTML. Therefore, I vote that you create your own device with a DVD drive attached to a small server that will create a network to which a computer can connect if attached by ethernet. Then it would serve the content of the DVD.
This should probably only be attempted by the adventurous and hardware savvy, as you would want to design your own hardware that is not powered by a CMOS battery.
The problem is that there is still homogeneity at the software level if everyone is running Window$. Linux is already heterogeneous in its applications, such as email clients, web browsers, music players, et cetera... You don't need hardware to create heterogeneity. The same software has the same vulnerabilities. Hardware tends to be much harder to hack, so heterogeneity at that level is useless except when talking about DRM.
I have one of those! Actually, two, but one was bought at a garage sale for use as extra parts, and does not always work. Manual cameras are awesomely fun to use! The control!!!
However, this is certainly not the case, and I understand your point.
On another note, studies show that headsets are no better than just using the cellphone. Participants talking did not notice obvious things, such as a person walking around in a gorilla suit.
As for the movie theaters, if people really cared all that much, the theaters would already be lined with lead to block the signal. Obviously, people don't care that much.
They certainly don't have as much influence in the OSS community, because they aren't on the software channels yet, whereas firefox is (and hasn't even been released yet?!)
me@my-laptop:~$ opera --version
ERROR: ld.so: object 'libjvm.so' from LD_PRELOAD cannot be preloaded: ignored.
ERROR: ld.so: object 'libawt.so' from LD_PRELOAD cannot be preloaded: ignored.
Opera 9.27 . Build 709 for Linux. Qt library 3.3.8b.
me@my-laptop:~$ firefox --version
Mozilla Firefox 3.0, Copyright (c) 1998 - 2008 mozilla.org
me@my-laptop:~$
Both were installed off software channels, and both upgrade with "sudo apt-get upgrade" if an upgrade is available.
Why do you need to give me seventy percent of your profits? You do.
And you should be cool with that.
I agree that intrusive checks are pointless if they are meant to save lives. Aeroplane transportation is still much safer than car transportation, terrorists or not. So more effort needs to be taken in order to make the roads safer, not "increasing security" on an aeroplane.
It's more passwords and PINs for me!
Seriously, I will never trust security based on any sort of recognition, be it facial, iris, fingerprints, DNA, etc. The thing is that it is too easy to A) fake, and B) shoot yourself in the foot.
Because software recognizing anything always has to forgive a little, that breaks the security. Worse, how do you store the information of, say, a person's face? With passwords (on Linux) you hash the password with a salt, so that two people can have the same password and never know it. But what do you do with a face? Do you store the pixels? Do you store lines and measurements? Do you store color? In any case, this information actually has to be stored so that it can be compared with the live information from the fingerprint-reader or web-cam. That means lower security, since it might be feasible to read that information even if it is impossible to change. And if you can read that information, then you can replicate it in such a way that it matches the original information.
Regarding (B), say the person gets into an accident, has plastic surgery, gets stitches in their thumb, loses an eye, loses a hand, et cetera. Now they are rejected by their computer. But, if they had had a password or a pin, they still would have been able to log in. At this point, I am repeating what has already been said, so I will stop now.
As a comment on DNA, that should be easy to collect, as it is all over your computer. Or, if there isn't enough of it on your computer, it must be set up in a way where you have to take a cheek swab or a blood sample every time you want to log in, in the first case the garbage will do to find your source, and in the second, well, who really wants to do that just to log into their computer anyway?
In short, I am perfectly serious when I say, "It's more passwords and PINs for me!"
In my defense, I never said that they are getting what they deserve. On the contrary, anyone who gets a virus has my sympathy (since I had at least one when I still used windows).
I support linux for other reasons, mostly having to do with freedom and the ability to customize. Viruses don't really come into the picture for me. In addition, antitrust is important to me.
The thing is, though, that with linux there is one extra step: the program needs execution privileges. chmod a+x ./file
:)
In addition, most programs on linux are installed from software channels, and the distributor's software channels should be virus- and trojan-free.
As a last point, most people who write viruses write them for windows because the greatest number of people run it.
I lied. There is one more point. If you attack linux, everyone in the community rises up against you and throws fiery hailstones at your property. The hailstones can go through any firewall
But is it really a lower bound? I can think of many configurations that take fewer than 18 moves.
What if there were a system for voting that were online encrypted over ssl that used personal information such as birthday, SSN, name, etc to verify that the person actually was who she said she was? This might be more secure than the current voting system, since often you don't need any form of identification in order to vote. This way, someone would have to steal your identity in order to vote in your name, and it would be hard to steal enough identities to cause a significant change in the election results.
Or are some people still two technologically inept to figure out how to use such a system?
Perhaps it still has the same faults that electronic voting today has: that the manufacturer can cause fraud.
Yeah it is, if you are lucky enough to get something BSD licensed. No guarantee that's going to happen even if all the projects it was based on were BSD, it might be all locked up proprietary when you obtain a derivative software. You're absolutely right. Just look at Mac OS X. I don't see any source code for that...