I'm not saying that anonymity on the net is a bad thing... I'm just saying it can't happen... Computers need to know what computers they're talking to in order to communicate (except for broadcasting purposes, but that's not how we do things)...
If you want anonymity, don't expect to find it on the Net... It's just not really feasible. If you want to communicate anonymously & privately, all the methods you mentioned above will work just fine... They're just easily duplicated in the online world
This is probably due to laziness on Microsofts part, or due to their marketing drones... I seem to recall the same thing occuring a few years back with Lotus Notes... The domestic version used 64-bit keys, while the "for export" version used 40-bit keys plus a 24-bit NSA key... The end result being that anyone interested in the data would face a 64-bit key (probably considered unbreakable a few years ago) while the NSA would only need to crack a 40 bit key (been breakable for quite a while)... This only applied to the exported versions, though.
Microsoft, in their marketing wisdom, probably chose not to have a domestic version and an exportable version, so as not to taint buyers of the exportable version with notion that it had easily defeated security. Therefore, they kept quiet about it, and did what Lotus did, but for their entire product line rather than just the part that was destined for sale outside the US...
I'd be much more angry with MSFT than the NSA... It's their (NSA's) job to collect information and spy, it's up to the people, businesses, and our gov't reps to try to
That anonymity on the net is gone, hasn't existed, and won't exist... Think IP addresses... your ISP knows it... Did you ask them how long they keep their logs when you signed up? Who runs Anonymizer? What are their creditials? Face it, everything you do or say on the net is and will be traceable.
Encryption can help, but it doesn't defeat traffic analyis. And unless everyone is using it, encrypted communications serve to raise warning flags, that "this" message is supposed to be secret... And PGP, as simple as it is, is too much to bother people like my mother with... No matter how alarming it is to her, she'd then have to explain to all her friends how to use PGP as well... Not a simple task.
No.. it already happened.. What I want to know is how long it takes to make it to the mainstream... MUCH longer than two, I'd think... There's still money to be made with.15 micron,.10 micron, etc... whatever the measurement is, it'd be DAMN expensive to make that large a leap at this point...
For specialized applications and people with deep pockets, 3 to 5 years may be feasible... but for us? It's 10 to 15 years, at least
Besides how small can you get? (Which i doubt will ever get smaller than 1 molecule), I wonder how long it will take for this to make it to market. Probably 10 or 15 years... A lot of tech sits in research labs forever, going through refinements prior to being shipped as an actual product. Witness protein based storage, etc...
This is probably due to laziness on Microsofts part, or due to their marketing drones... I seem to recall the same thing occuring a few years back with Lotus Notes... The domestic version used 64-bit keys, while the "for export" version used 40-bit keys plus a 24-bit NSA key... The end result being that anyone interested in the data would face a 64-bit key (probably considered unbreakable a few years ago) while the NSA would only need to crack a 40 bit key (been breakable for quite a while)... This only applied to the exported versions, though.
Microsoft, in their marketing wisdom, probably chose not to have a domestic version and an exportable version, so as not to taint buyers of the exportable version with notion that it had easily defeated security. Therefore, they kept quiet about it, and did what Lotus did, but for their entire product line rather than just the part that was destined for sale outside the US...
I'd be much more angry with MSFT than the NSA... It's their (NSA's) job to collect information and spy, it's up to the people, businesses, and our gov't reps to try to keep them in check.
According to the PGP manual distributed with the binaries, MD5 is just about completely broken... Meaning that it is possible to generate new text that conforms to the old signature. The alterntive is SHA, developed by: the NSA...
I guess it's a battle of the lesser of two evils, broken implentation vs. strong implentation written by the organization that everyone seems to love to hate
Based on what I know, briefly... The FBI told him they were on to him & his group. He went out of his way to taunt them by defacing a military site. For that, HE'S NOT GONNA GET JUST A SLAP ON THE WRIST.
Simply defacing a site, who cares? I mean, anyone in the world should have a tape backup somewhere that they can grab and restore. When you start talking gov't & military sites, though, the action is taken much more seriously. Just like if you spray paint something on a building, that's vandalism, but if someone spraypainted something on the Vietnam Memorial, they'ed be lynched either in or out of jail...
2 - The new G3 on my desk is much faster than the old G3 it replaced... And being that a LOT of my time has been spent waiting for my screen to redraw (I swear, I can see the little rectangles being drawn!)... But still, then old new G3 was plenty fast for most day to day activities that I was placing on it...
3 - Do you expect an ad campaign targetted solely at 3d Modelers? No... They've been rambling quite a bit about Altivec, or whatever it's called now! All that implies that they're going after the 3d Market, because to waste that on just 2d graphics and, what?, speech recognition, would be a waste...
Yeah, the mac has Formz and EIAS for the high end, Studio Pro, Infini-D, and Lightwave-3D at the midrange, and a slew of low-end software... But it's still a ways away from being accepted in a lot of the 3D community, just for lack of plug-ins, lack of extremely high-end apps, and lack of 3D Studio, which seems to be one of the more commonly used programs...
Intellegence in the music industry? (I hope i spelled the I word correctly!)
The DAT in DAT stands for Audio. DAT's were supposed to compete in the market against CD's... Too bad the Music Industry got the legislated out of the market.
The Music Industry is trying in Canada (according to/.) tax all media that digital music can be encoded on, but specifiaclly CD-R's...
The Music Industry has on several occassions forbade artists from posting their music on their own websites.
The industry is NOT eager for the internet to catch as a music distribution channel because once that happens, there's much less need for them. Right now, they finance artists studio time, hire artists to do cover art, pay for the pressing of the CD's, etc... this gets artists into very repressive contracts in order to "make it big". Once that happens, it makes it difficult to escape to independence...
Now, a band merely needs to come up with enough $$$ to get into a studio, and then aquire a web-presence. True, today MP3 doesn't completely stack up that well against CD's and such... But in a few years, the MP3 craze will be over as a new lossless format emerges... MP3's small file size won't be so cool once the country as a whole is using DSL, etc...
But once that happens (digital music distribution), you've effectively killed off the main reason to have the "music industry" in the first place.
1 - Emulation went away in OS8... They re-wrote the chunks of the OS that were still being handled in emulation in either 8 or 8.1... Yes, there is still an emulator as part of the OS, but that's there only to support 680x0 apps... If you're using native applications, you're not at all involved in emulation
2 - The ATI Rage 128 is a very fast chip... Probably not as fast as that other thing announced here today, but it's still damn fast.
3 - They're marketing it to their core audience: creative professionals, scientists, etc...
4 - Be's mostly (if not entirely) pulled away from developing future versions of the BeOS for PowerPC's...
I like the Mac well enough, but it's pretty tiresome to have every Mac afficianado act like you've accused them of child molestation everytime there's a complaint about the OS.
Not like that ever happens with/. crowd when one points out a flaw of Linux (which there are some of...)
Also, just because the format is crackable, that doesn't mean that "Joe Average" knows that it is, that the tools exist, and where to get said tools... Besides, a crackable format is better from a security standpoint than one that doesn't even try. Granted, Bowies got money, but it's his work he's putting up there, and he has the reasonable expectation of getting paid for it. If someone goes and pays for it, cracks it, then redistributes it in MP3 format, you're doing him a disservice, and you're stopping the hundreds of other artists stuck on repressive record labels that want to distribute their music on line who'll be told: "look what happeend to Bowie: someone cracked his music and gave it away for free and no one bought his CD..."
Pardon me, but what good is reading the source for a non-programmer or non-crpytographer. Should we be on the lookout for comments in the code that read:
Even being a qualified progammer is almost as useless unless you know the math involved. You really just need to trust the source which you acquired the code... There really are few people that can read the code, line by line, and recognize any errors or sources of insecurity as they go.
No... You're only liable for the first $50 dollars of credit card fraud. Past that it all comes out of the issuing banks pockets. Yes, someone could rig up a progarm to do $49.99 charges all day long until the credit card was maxed out, but thanks to the privacy-invading customer profiling, credit card companies can spot suspicious transactions and halt them from occuring until they've recieved verbal authorization by you.
no, ALL US currency exists in the form of gold in places like Fort Knox, etc... Records of currency, however, are a different story. The hope would be that banks, etc, are using software that isn't hard coded to do 512 bit crytpo so that they can feed in a larger key and make everyone feel safe again.
Just assume that they can, then. My PGP install has options for generating 2048 bit keys, 3072 bit keys, 4096 bit keys, and everything inbetween. So far as I understand it, it takes the computer a LOT longer to generate the key itself (not like it matters, you only need to do it once), but the actual encryption takes just about the same time using a 512 bit key as a 4096 bit one... Imagine, not having to worry about these advances until such time that 3900 bits is starting to feel a little close to unsafe.
Twinkle? That's Shamir's device, true? We already went through this before:
It'd take 2 days to break 512 bit RSA.
There's no mention of scalability.
It seemed to be a brute force cracker.
Given that, 1024 bit crypto is still pretty much in the clear... A few years from now everyone may need to rethink that, but not today, given what we know publicly.
OTP is yes, the most provably secure encryption available. It's implentation is just daunting, though. Exchange different, custom CD's with everyone you want to ever exchange info with. If you're that worried, you won't want to FedEx it, so instead you need to get an airplane ticket and arrive face to face to exchange pads... If said CD is ever intercepted, stolen, etc... your data is wide open...
Stop pushing One Time Pads as a viable substitute for public key encryption... The logistics make it incredibly difficult to implement securely and without extreme headaches. Yes, for top secret communications, where discovery=death or torture, and you can find a way to exchange pads, by all means go for it... But it's useless in the context of e-commerce and every-day implentable encryption.
#1 - it were spurred by complaints by artists of piracy
#2 - said money was being used to pay the artists...
Instead: #1 - Artists being screwed by labels is incredibly commonplace, whereas pretty much the only artists that have successfully screwed a record company are the Sex Pistols...
#2 - Seems record companies keep bigger and bigger slices of the profits as music moves from LP to Cassette to CD... Cost's of production lower, prices rise, and the artists get a smaller and smaller take.
Therefore, though I can't speak for canada, I hope to join or start a class-action suit should they ever try that here. Besides all that, I have plenty of uses for cassettes, DAT's, CD-R, and just about anything else that in no way even approaches the record industries territory.
That all said, I know some people with 200+ CD collections of pirated CD's... I don't condone or agree with it, but their stance is "The band won't get more than a dollar from this CD anyhow"... Should we penalize the users of the mediums for the reputation the labels have hoist upon themselves?
Actually you're not a criminal for copying a Redhat CD, are you? I thought everything beyond Netscape was open-source... now if you copied the application CD...
That was all stated in relation to commerial/proprietary software. I don't think that all the software I want to use or their equivilants will be available in source code form at any time in the near future, if ever.
Like always, I myself advocate using the best tool for the job, even if it means paying for it
The "much hated register"? I find the Register to be generally the most informative website out there. Unadulterated news, with what seems to be almost prophetic insight.... I check that site prior to Slashdot when i first arrive @ work every morning.
Slashdot Mirror
I'm not saying that anonymity on the net is a bad thing... I'm just saying it can't happen... Computers need to know what computers they're talking to in order to communicate (except for broadcasting purposes, but that's not how we do things)...
If you want anonymity, don't expect to find it on the Net... It's just not really feasible. If you want to communicate anonymously & privately, all the methods you mentioned above will work just fine... They're just easily duplicated in the online world
This is probably due to laziness on Microsofts part, or due to their marketing drones... I seem to recall the same thing occuring a few years back with Lotus Notes... The domestic version used 64-bit keys, while the "for export" version used 40-bit keys plus a 24-bit NSA key... The end result being that anyone interested in the data would face a 64-bit key (probably considered unbreakable a few years ago) while the NSA would only need to crack a 40 bit key (been breakable for quite a while)... This only applied to the exported versions, though.
Microsoft, in their marketing wisdom, probably chose not to have a domestic version and an exportable version, so as not to taint buyers of the exportable version with notion that it had easily defeated security. Therefore, they kept quiet about it, and did what Lotus did, but for their entire product line rather than just the part that was destined for sale outside the US...
I'd be much more angry with MSFT than the NSA... It's their (NSA's) job to collect information and spy, it's up to the people, businesses, and our gov't reps to try to
That anonymity on the net is gone, hasn't existed, and won't exist... Think IP addresses... your ISP knows it... Did you ask them how long they keep their logs when you signed up? Who runs Anonymizer? What are their creditials? Face it, everything you do or say on the net is and will be traceable.
Encryption can help, but it doesn't defeat traffic analyis. And unless everyone is using it, encrypted communications serve to raise warning flags, that "this" message is supposed to be secret... And PGP, as simple as it is, is too much to bother people like my mother with... No matter how alarming it is to her, she'd then have to explain to all her friends how to use PGP as well... Not a simple task.
No.. it already happened.. What I want to know is how long it takes to make it to the mainstream... MUCH longer than two, I'd think... There's still money to be made with .15 micron, .10 micron, etc... whatever the measurement is, it'd be DAMN expensive to make that large a leap at this point...
For specialized applications and people with deep pockets, 3 to 5 years may be feasible... but for us? It's 10 to 15 years, at least
Besides how small can you get? (Which i doubt will ever get smaller than 1 molecule), I wonder how long it will take for this to make it to market. Probably 10 or 15 years... A lot of tech sits in research labs forever, going through refinements prior to being shipped as an actual product. Witness protein based storage, etc...
By the way, first! Maybe....
This is probably due to laziness on Microsofts part, or due to their marketing drones... I seem to recall the same thing occuring a few years back with Lotus Notes... The domestic version used 64-bit keys, while the "for export" version used 40-bit keys plus a 24-bit NSA key... The end result being that anyone interested in the data would face a 64-bit key (probably considered unbreakable a few years ago) while the NSA would only need to crack a 40 bit key (been breakable for quite a while)... This only applied to the exported versions, though.
Microsoft, in their marketing wisdom, probably chose not to have a domestic version and an exportable version, so as not to taint buyers of the exportable version with notion that it had easily defeated security. Therefore, they kept quiet about it, and did what Lotus did, but for their entire product line rather than just the part that was destined for sale outside the US...
I'd be much more angry with MSFT than the NSA... It's their (NSA's) job to collect information and spy, it's up to the people, businesses, and our gov't reps to try to keep them in check.
According to the PGP manual distributed with the binaries, MD5 is just about completely broken... Meaning that it is possible to generate new text that conforms to the old signature. The alterntive is SHA, developed by: the NSA...
I guess it's a battle of the lesser of two evils, broken implentation vs. strong implentation written by the organization that everyone seems to love to hate
Based on what I know, briefly... The FBI told him they were on to him & his group. He went out of his way to taunt them by defacing a military site. For that, HE'S NOT GONNA GET JUST A SLAP ON THE WRIST.
Simply defacing a site, who cares? I mean, anyone in the world should have a tape backup somewhere that they can grab and restore. When you start talking gov't & military sites, though, the action is taken much more seriously. Just like if you spray paint something on a building, that's vandalism, but if someone spraypainted something on the Vietnam Memorial, they'ed be lynched either in or out of jail...
2 - The new G3 on my desk is much faster than the old G3 it replaced... And being that a LOT of my time has been spent waiting for my screen to redraw (I swear, I can see the little rectangles being drawn!)... But still, then old new G3 was plenty fast for most day to day activities that I was placing on it...
:)
3 - Do you expect an ad campaign targetted solely at 3d Modelers? No... They've been rambling quite a bit about Altivec, or whatever it's called now! All that implies that they're going after the 3d Market, because to waste that on just 2d graphics and, what?, speech recognition, would be a waste...
Yeah, the mac has Formz and EIAS for the high end, Studio Pro, Infini-D, and Lightwave-3D at the midrange, and a slew of low-end software... But it's still a ways away from being accepted in a lot of the 3D community, just for lack of plug-ins, lack of extremely high-end apps, and lack of 3D Studio, which seems to be one of the more commonly used programs...
I'll give you 2 for 4, how's that?
Intellegence in the music industry? (I hope i spelled the I word correctly!)
/.) tax all media that digital music can be encoded on, but specifiaclly CD-R's...
The DAT in DAT stands for Audio. DAT's were supposed to compete in the market against CD's... Too bad the Music Industry got the legislated out of the market.
The Music Industry is trying in Canada (according to
The Music Industry has on several occassions forbade artists from posting their music on their own websites.
The industry is NOT eager for the internet to catch as a music distribution channel because once that happens, there's much less need for them. Right now, they finance artists studio time, hire artists to do cover art, pay for the pressing of the CD's, etc... this gets artists into very repressive contracts in order to "make it big". Once that happens, it makes it difficult to escape to independence...
Now, a band merely needs to come up with enough $$$ to get into a studio, and then aquire a web-presence. True, today MP3 doesn't completely stack up that well against CD's and such... But in a few years, the MP3 craze will be over as a new lossless format emerges... MP3's small file size won't be so cool once the country as a whole is using DSL, etc...
But once that happens (digital music distribution), you've effectively killed off the main reason to have the "music industry" in the first place.
1 - Emulation went away in OS8... They re-wrote the chunks of the OS that were still being handled in emulation in either 8 or 8.1... Yes, there is still an emulator as part of the OS, but that's there only to support 680x0 apps... If you're using native applications, you're not at all involved in emulation
2 - The ATI Rage 128 is a very fast chip... Probably not as fast as that other thing announced here today, but it's still damn fast.
3 - They're marketing it to their core audience: creative professionals, scientists, etc...
4 - Be's mostly (if not entirely) pulled away from developing future versions of the BeOS for PowerPC's...
I like the Mac well enough, but it's pretty tiresome to have every Mac afficianado act like you've accused them of child molestation everytime there's a complaint about the OS.
/. crowd when one points out a flaw of Linux (which there are some of...)
Not like that ever happens with
Also, just because the format is crackable, that doesn't mean that "Joe Average" knows that it is, that the tools exist, and where to get said tools... Besides, a crackable format is better from a security standpoint than one that doesn't even try. Granted, Bowies got money, but it's his work he's putting up there, and he has the reasonable expectation of getting paid for it. If someone goes and pays for it, cracks it, then redistributes it in MP3 format, you're doing him a disservice, and you're stopping the hundreds of other artists stuck on repressive record labels that want to distribute their music on line who'll be told: "look what happeend to Bowie: someone cracked his music and gave it away for free and no one bought his CD..."
Someone moderate that down, PLEASE?
Pardon me, but what good is reading the source for a non-programmer or non-crpytographer. Should we be on the lookout for comments in the code that read:
START: BOGUS ENCRYPTION ROUTINE
blah blah blah
END: BOGUS ENCRYPTION ROUTINE
or
EMBED: DECRYPTION KEY
Even being a qualified progammer is almost as useless unless you know the math involved. You really just need to trust the source which you acquired the code... There really are few people that can read the code, line by line, and recognize any errors or sources of insecurity as they go.
No... You're only liable for the first $50 dollars of credit card fraud. Past that it all comes out of the issuing banks pockets. Yes, someone could rig up a progarm to do $49.99 charges all day long until the credit card was maxed out, but thanks to the privacy-invading customer profiling, credit card companies can spot suspicious transactions and halt them from occuring until they've recieved verbal authorization by you.
no, ALL US currency exists in the form of gold in places like Fort Knox, etc... Records of currency, however, are a different story. The hope would be that banks, etc, are using software that isn't hard coded to do 512 bit crytpo so that they can feed in a larger key and make everyone feel safe again.
Just assume that they can, then. My PGP install has options for generating 2048 bit keys, 3072 bit keys, 4096 bit keys, and everything inbetween. So far as I understand it, it takes the computer a LOT longer to generate the key itself (not like it matters, you only need to do it once), but the actual encryption takes just about the same time using a 512 bit key as a 4096 bit one... Imagine, not having to worry about these advances until such time that 3900 bits is starting to feel a little close to unsafe.
Twinkle? That's Shamir's device, true? We already went through this before:
It'd take 2 days to break 512 bit RSA.
There's no mention of scalability.
It seemed to be a brute force cracker.
Given that, 1024 bit crypto is still pretty much in the clear... A few years from now everyone may need to rethink that, but not today, given what we know publicly.
OTP is yes, the most provably secure encryption available. It's implentation is just daunting, though. Exchange different, custom CD's with everyone you want to ever exchange info with. If you're that worried, you won't want to FedEx it, so instead you need to get an airplane ticket and arrive face to face to exchange pads... If said CD is ever intercepted, stolen, etc... your data is wide open...
Stop pushing One Time Pads as a viable substitute for public key encryption... The logistics make it incredibly difficult to implement securely and without extreme headaches. Yes, for top secret communications, where discovery=death or torture, and you can find a way to exchange pads, by all means go for it... But it's useless in the context of e-commerce and every-day implentable encryption.
I actually wouldn't mind this if:
#1 - it were spurred by complaints by artists of piracy
#2 - said money was being used to pay the artists...
Instead:
#1 - Artists being screwed by labels is incredibly commonplace, whereas pretty much the only artists that have successfully screwed a record company are the Sex Pistols...
#2 - Seems record companies keep bigger and bigger slices of the profits as music moves from LP to Cassette to CD... Cost's of production lower, prices rise, and the artists get a smaller and smaller take.
Therefore, though I can't speak for canada, I hope to join or start a class-action suit should they ever try that here. Besides all that, I have plenty of uses for cassettes, DAT's, CD-R, and just about anything else that in no way even approaches the record industries territory.
That all said, I know some people with 200+ CD collections of pirated CD's... I don't condone or agree with it, but their stance is "The band won't get more than a dollar from this CD anyhow"... Should we penalize the users of the mediums for the reputation the labels have hoist upon themselves?
Actually you're not a criminal for copying a Redhat CD, are you? I thought everything beyond Netscape was open-source... now if you copied the application CD...
Hey, I earn much more than i spend on my software. Seems quite justifiable to me.
That was all stated in relation to commerial/proprietary software. I don't think that all the software I want to use or their equivilants will be available in source code form at any time in the near future, if ever.
Like always, I myself advocate using the best tool for the job, even if it means paying for it
The "much hated register"? I find the Register to be generally the most informative website out there. Unadulterated news, with what seems to be almost prophetic insight.... I check that site prior to Slashdot when i first arrive @ work every morning.