You are trying to protect your privacy not only by encryption, but also by using a remailer
Some data mining in the network databases defeats that!
128bit key is a laugh. One not make a key of 4096 bytes or hell, triple that. 128-bit is not a laugh. It is very difficult to decrypt that. The problem with 128 bits (not to mention 4096!!!) is key management. How do you remember a key with that much entropy without writing it down somewhere?
From: yourself
To: ussama.bin@hilltop.af
jkwehgfkwgfbwrgjerhvgbejrgwefuwefwiugfelvbdskv
wefuweifbkjdsvblsifehvbsibnpweijrbqbzdfgoifhgi
The easiest way for an intelligence service to monitor e-mails is to chart the communication networks. Who is talking to whom (and when and how often, etc)? This is also very easy to do automatically and continously with a computer. Archiving networks costs just a fraction of the resources needed to archive the entire messages (you can keep several years worth of network info on line). This method also expands very easily to other modes of communication, such as telephony, where content deciphering is difficult to do automatically anyway.
Why do people still believe that encryption guarantees privacy? Ridiculous!
And when the government finds the message above and REALLY wants to learn its contents, what decryption method do you think is easiest for them? Brute force analysis of the message or brute force analysis on yourself? How is a fancy 128-bit or "state-of-the-art" cryptography going to help you?
Ok, so a suitcase nuke is difficult to make. What do you think about a truck nuke or an oil tanker nuke? Do all the US ports have radiation detectors? If a suitcase nuke nuke is too small for you, how big nuke do you think you can put in an oil tanker?
Or why limit yourself to nuclear? What do you think about a suitcase full of biological or chemical stuff? Poured into the water systems or something?
Face it, what have the most effective hits against US troops in the middle east been? Missile and fighters, or truck drivers? If the same people want to deliver a nuke to the US, why wouldn't they use the same tactics??
ABM is only protecting you from missiles. Not nukes!
The thing I found annoying was lack of free development tools. OPL was nice but I'd have loved to have a free C++ compiler for it
The C++ compiler you use for developing EPOC applications is GNU C. Is that free enough?
You can download the SDK from here: http://www.symbiandevnet.com/
The only drawback is that it assumes that you are developing on a M$ platform.
If only Symbian could make the EPOC OS open source. Then it would really take off! The EPOC OS is really good and beats PalmOS easily. But I'm afraid that Symbian would rather just stop developing the OS than making it Free. Sigh.
As an American, I just can't get my head around this idea that each outgoing call on a landline phone has a separate charge, and as other posts said, this is what makes such a huge difference between the two systems. I agree. I really would want to have American-style pricing for landline calls. Just think about what this does for internet access!
SMS is cute and all...but I don't see what the purpose is given this system. I used to have the same opinion. I don't use SMS much myself, but here in Sweden all teenagers are using it constantly for chatting. It's great in the classroom! According to the Wired article mentioned above, the operators had $3.6 billion in revenue on SMS last year. I believe that!
That (and not to start a flame war) I am one of those who subscribes to the idea that CDMA and TDMA is superior technology to GSM. I used to have a GSM phone (Aerial) and I have been much happier with CDMA. As a consumer, I could not care less! All I want is interoperability, roaming and global coverage. Which these "superior" technologies fail to deliver!
RECEIVE money by receiveing mobile calls!
on
SMS vs. E-mail?
·
· Score: 2
Is it true that you have to pay to receive mobile calls in the US? This seems very short-sighted. Don't the operators want to create more traffic?
In Sweden there are several operators that give the receive a few cents per minute when they receive a mobile call!
This is very popular, especially with teenagers. And it certainly helps generating more traffic (and profit) for the mobile operators.
The Shamen did this in 1995
on
Protein Music
·
· Score: 3
The last song, "S2 translation" has the following text on the sleeve:
"sequenced from the amino acid characteristics and the DNA coding for protein S2, receptor for serotonin and other tryptamines, thanks to Dr R.D.King for the data."
As you can see in the referenced article, Shamed and R.D.King worked on this a long time ago.
Why would you want to buy a Nomad jukebox? They have chosen to let it be SDMI compatible. This means that they will probably guard any protocols jealously to avoid hacking. They will also not allow any MP3 files to be transferred from the device to the PC of your choice. Crippleware by design!!
Cheaper. And can double as a portable USB hard drive! Don't know if the USB protocol is open though, but I don't think archos need to guard the specs like Creative do.
I can understand that it makes sense to use a Palm computer because it is so small without a keyboard. A good device for reading stuff and doing some data entry using graffiti.
But connecting a keyboard to a Palm!??!?. I mean, get real!
If you need data input, choose a PDA with built-in keyboard; it will be smaller and more comfortable (how can you use a "stowaway" while walking??). Get a Psion Revo plus with 16Mb memory, built-in Word, Excel, web browsing, etc. Fits easily in a pocket.
Actually there was an article in a Swedish newspaper today (SVD) that mentioned that EU is establishing new patent rules so that it will become easier to obtain patents, and that those patents will automatically apply in the entire EU (plus some other associated states).
You see, the politicians have seen statistics that the US grants more patents per year that EU, so that the EU must DO SOMETHING to rectify this! Otherwise Europe will lag behind in innovation!:-O
I did not see any specific information about "software patents", but I'm very afraid we will see much more of this in Europe...
However, rarely are news stories posted anywhere about more traditional financial institutions or retailers. Ok, so there have been a few credit cards exposed online. But, do you know how many fraud schemes there have been invoving physical cards, at places such as gas stations and restaurants?
Sure, credit card frauds have happened before. So what's the problem with online bank security? Why does it have to be so much higher?
I see two new problems with online banking frauds:
Scale. By distributing a virus, I can coordinate bigger attacks. Note that it must not necessarily transfer money to my account. I could just be a vandal and transfer money randomly. Or I could coordinate an online stock trading attack so that on a given day, all people sell all their stock and buy stocks in littlecorp at any price...
You can do damage to the whole system in a new way which is bigger than just emptying some Joes account.
Trust. It is commonly known that credit cards can become lost. Or that ordinary signatures can be forged. But if your digital signature is forged/hacked I think you will have a much larger problem convincing a court that you have been hacked.
...since they all let the customer's PCs do the banking. If you manage to install a trojan in the PC, it can empty the account (or do other malicious stuff). The trojan can get the PIN codes or encryption keys stored on the PC, listen to keystrokes, display its own dialogs, perform man-in-the-middle attacks or whatever.
If you think about it, attaching a smartcard reader to the PC will not help.
The only way to deal with this threat is to attach a non-user-programmable smartcard with its own protected user-interface.
So how does the PayPal software protect your money? How does it work?
If someone installed a trojan in your computer, would he not get instant access to your wallet?
Old "harmless" viruses and trojan horses could only delete your files. Now a virus can delete your cash!
See the terms of use, section II.2.e. PayPal are not liable if this happens!
On the other hand, section III talks about Insurance Against Unauthorized Access.
But how do you prove that a payment to pr0n@s3x.com was unauthorized? If the trojan deletes itself after doing it?
Linux 2.2 and later have IO completion ports; they're called "queued realtime signals" on Linux.
This is actually very great stuff! This will probably be used in the next version of our database server.
The main problem we have is that we need to do asynchronous I/O on FILES also! And to make it more interesting, we want to queue several asynchronous read or write requests to the SAME database file. So if signals are used to complete the file I/O transaction, the si_fd field would not be enough to identify the I/O.
Does anyone know of any work to add asynchronous disk or file I/O to Linux?
In an optimally designed and configured system, you have exactly one thread (or process) pinned to each CPU, each one using non-blocking/asynchronous system calls and callbacks (e.g. signals or NT's IO completion ports) to service many different requests simultaneously.
Yeah right!
I am implementing a SQL based database server on Linux (Mimer). I would love to be able to do it that way, but it would require a new level of asynchronousness from the Linux kernel. In my opinion, one problem with most UNIX OS implementations is that the OS thinks it can suspend CPU processing too easily. How could the database server schedule (say) 10 asynchronous file read or write requests and be notified when they complete? And how do you do efficient and scaleable asynchronous net I/O? poll() and select() don't scale well when you have thousands of simultaneous connections. I am not aware of any I/O completion port architecture on Linux.
I understand that TUX is able to get much greater performance under Linux by not using the conventional kernel APIs and doing the stuff directly in the kernel. But I feel very reluctant about moving an entire SQL database server into the kernel. There must be better ways...
Another problem with the "optimal" single-process event-driven approach is that it tends to turn your code "inside-out". If you have subroutines that calls each other, and when you are 20 routines deep on the stack, you get a database cache miss and need to perform an asynchronous database disk read. How do you reschedule to another task in the process?
user-mode threads
Turn your code inside-out and resolve all cache misses at top level (ugh!) (or set a flag and return up to the main dispatcher? And how do you get back?)
co-routines (anyone have a good package?)
abuse setjmp() and longjmp()
Generally, only the first alternative have proper debugging support.
I don't understand why these types of biometric aythentication devices get so much press!
A fingerprint is like a password. A password can be used for authentication since it is secret. And to keep it secret you change your password often, and avoid using the same password at multiple sites. How do you change your fingerprints?
Take this fingerprint mouse. Understand that each fileserver, web shop company, or other program that needs to perform authentication needs to have your fingerprint to match with what the mouse transmits. It does not matter how well you encrypt or hash your fingerprints. If fingerprint "authentication" catches on, the prints will NOT be secret!
It is difficult to comment on this benchmark. I tried to download the programs, but they were binaries only. Has anyone seen the source code?
What does the server DO?
How much I/O is done per transaction?
How much CPU-bound processing is done per transaction?
Does the server use threads? Is there a pool of threads (how many) or is a thread created for each transaction?
What OS calls does the Linux port use? Which socket calls? Is a new connection created for every transaction? select() or poll()? blocking or nonblocking sockets? etc, etc...
Is the data file opened with O_SYNC to emulate transactional properties?
How were the binaries compiled? Which compiler?
Given that this site seems to be very windows centric, how do I know that the Linux port is done properly by someone who know what she is doing? Can I see the source please?
It would also be nice to see some profiling data from the benchmark. Where is the bottleneck?
CPU utilization
Kernel/user mode utilization per processor
network packets per second
disk traffic per second
Also note that their term "transaction" is probably not a database transaction with ACID properties (as the industry standard TPC benchmark mandates). An ACID transaction needs to store updated data permanently on disk (not file buffers) before the transaction commits. I don't think the test does this.
I am implementing a database manager on Linux and there are some areas where I think NT has better capabilities than Linux (disk I/O for ACID transactions), but that is another story, since this benchmark probably doesn't do ACID transactions.
It ain't happening. No way in heaven or hell is MS porting Office to Linux until it has absolutely no choice
The proof is Macintosh- MS Office for Mac, when MS decides to sell it (which is far from always), has always been at least one major version behind the Windows equivalent. This, probably more than any other factor, is what killed the Macintosh as a business product and what will sooner or later kill it entirely.
This may be the reason why they will release Office on Linux.
Microsoft is so profitable because the Office suite is standard on all major companies. Bills worst nightmare is if some major companies buy Linux for their desktops and start to use Staroffice, or something. In this situation, Bill has to release Office on Linux to keep the file format monopoly/initiative for documents. It might even be a very good port initially, just to squash the office suit competition. But guess which platform the Office suite is going to run best on in the future? If Bill releases office on Linux, he will use it to crush Linux like he crushed the Apple.
In year 2003, magazine reviews will find that the new Windows version runs Office 3.14 times faster than Linux on equivalent machines....
Echelon makes little difference if everyone is using end-to-end transport level strong encryption
Excuse me, but I think this is clueless.
Sure, seeing the actual messages is interesting too, but there is lots of information to be gathered just by monitoring who is talking to who and when. Build graphs of that info, and you see the "communities" on the net and how they interact and relate to each other.
This information is much easier to refine automatically (by computer) than actually understanding what you say in your messages, encrypted or not.
So when they have identified some arms traders (for example), they just do some data mining in their databases, builds the communication graphs, and if you have ever dealt with these people (by phone or internet), you will be found! Then they can correlate your communication patterns with other data (flight travels, bank deposits, etc). They got you now. At this stage, they might want to select a few strategic communications that you have encrypted and send them to the code breaking computers, but I don't think it is critical for what they are doing. They could just as well use other means at this stage if needed.
The purpose of Echelon is allowing them to do this on a global scale.
Look at mambox (http://www.mambox.com). It is a portable CD player which can play your ordinary CDs plus CDR or CDRW with MP3 files. It has a 45 second skip buffer.
Slashdot Mirror
You have to admit that:
You are trying to protect your privacy not only by encryption, but also by using a remailer
Some data mining in the network databases defeats that!
128bit key is a laugh. One not make a key of 4096 bytes or hell, triple that.
128-bit is not a laugh. It is very difficult to decrypt that. The problem with 128 bits (not to mention 4096!!!) is key management. How do you remember a key with that much entropy without writing it down somewhere?
Consider this message:
From: yourself
To: ussama.bin@hilltop.af
jkwehgfkwgfbwrgjerhvgbejrgwefuwefwiugfelvbdskv
wefuweifbkjdsvblsifehvbsibnpweijrbqbzdfgoifhgi
The easiest way for an intelligence service to monitor e-mails is to chart the communication networks. Who is talking to whom (and when and how often, etc)? This is also very easy to do automatically and continously with a computer. Archiving networks costs just a fraction of the resources needed to archive the entire messages (you can keep several years worth of network info on line). This method also expands very easily to other modes of communication, such as telephony, where content deciphering is difficult to do automatically anyway.
Why do people still believe that encryption guarantees privacy? Ridiculous!
And when the government finds the message above and REALLY wants to learn its contents, what decryption method do you think is easiest for them? Brute force analysis of the message or brute force analysis on yourself? How is a fancy 128-bit or "state-of-the-art" cryptography going to help you?
Or why limit yourself to nuclear? What do you think about a suitcase full of biological or chemical stuff? Poured into the water systems or something?
Face it, what have the most effective hits against US troops in the middle east been? Missile and fighters, or truck drivers? If the same people want to deliver a nuke to the US, why wouldn't they use the same tactics??
ABM is only protecting you from missiles. Not nukes!
The C++ compiler you use for developing EPOC applications is GNU C. Is that free enough? You can download the SDK from here: http://www.symbiandevnet.com/
The only drawback is that it assumes that you are developing on a M$ platform.
If only Symbian could make the EPOC OS open source. Then it would really take off! The EPOC OS is really good and beats PalmOS easily. But I'm afraid that Symbian would rather just stop developing the OS than making it Free. Sigh.
I agree. I really would want to have American-style pricing for landline calls. Just think about what this does for internet access!
SMS is cute and all...but I don't see what the purpose is given this system.
I used to have the same opinion. I don't use SMS much myself, but here in Sweden all teenagers are using it constantly for chatting. It's great in the classroom! According to the Wired article mentioned above, the operators had $3.6 billion in revenue on SMS last year. I believe that!
That (and not to start a flame war) I am one of those who subscribes to the idea that CDMA and TDMA is superior technology to GSM. I used to have a GSM phone (Aerial) and I have been much happier with CDMA.
As a consumer, I could not care less! All I want is interoperability, roaming and global coverage. Which these "superior" technologies fail to deliver!
In Sweden there are several operators that give the receive a few cents per minute when they receive a mobile call!
This is very popular, especially with teenagers. And it certainly helps generating more traffic (and profit) for the mobile operators.
amazon link
The last song, "S2 translation" has the following text on the sleeve:
"sequenced from the amino acid characteristics and the DNA coding for protein S2, receptor for serotonin and other tryptamines, thanks to Dr R.D.King for the data."
As you can see in the referenced article, Shamed and R.D.King worked on this a long time ago.
Actually, the true RMS only runs under VMS as far as I know. Check out the documentation here.
It exists and it is called www.mp3.com.
For alternatives, look at Archos 6000.
Cheaper. And can double as a portable USB hard drive! Don't know if the USB protocol is open though, but I don't think archos need to guard the specs like Creative do.
But connecting a keyboard to a Palm!??!?. I mean, get real!
If you need data input, choose a PDA with built-in keyboard; it will be smaller and more comfortable (how can you use a "stowaway" while walking??). Get a Psion Revo plus with 16Mb memory, built-in Word, Excel, web browsing, etc. Fits easily in a pocket.
Also see:
Revo Introduction
Palm vs Revo
You see, the politicians have seen statistics that the US grants more patents per year that EU, so that the EU must DO SOMETHING to rectify this! Otherwise Europe will lag behind in innovation! :-O
I did not see any specific information about "software patents", but I'm very afraid we will see much more of this in Europe...
Someone has to give this machine more disk quickly!
Sure, credit card frauds have happened before. So what's the problem with online bank security? Why does it have to be so much higher?
I see two new problems with online banking frauds:
Scale. By distributing a virus, I can coordinate bigger attacks. Note that it must not necessarily transfer money to my account. I could just be a vandal and transfer money randomly. Or I could coordinate an online stock trading attack so that on a given day, all people sell all their stock and buy stocks in littlecorp at any price... You can do damage to the whole system in a new way which is bigger than just emptying some Joes account.
Trust. It is commonly known that credit cards can become lost. Or that ordinary signatures can be forged. But if your digital signature is forged/hacked I think you will have a much larger problem convincing a court that you have been hacked.
If you think about it, attaching a smartcard reader to the PC will not help.
The only way to deal with this threat is to attach a non-user-programmable smartcard with its own protected user-interface.
Try to write some amounts in Word inside parenthesis, like
I bought apples (10:-), oranges (15:-), ...
:-)
... so I can run xclock!
If someone installed a trojan in your computer, would he not get instant access to your wallet?
Old "harmless" viruses and trojan horses could only delete your files. Now a virus can delete your cash!
See the terms of use, section II.2.e. PayPal are not liable if this happens!
On the other hand, section III talks about Insurance Against Unauthorized Access. But how do you prove that a payment to pr0n@s3x.com was unauthorized? If the trojan deletes itself after doing it?
This is actually very great stuff! This will probably be used in the next version of our database server.
The main problem we have is that we need to do asynchronous I/O on FILES also! And to make it more interesting, we want to queue several asynchronous read or write requests to the SAME database file. So if signals are used to complete the file I/O transaction, the si_fd field would not be enough to identify the I/O.
Does anyone know of any work to add asynchronous disk or file I/O to Linux?
Yeah right!
I am implementing a SQL based database server on Linux (Mimer). I would love to be able to do it that way, but it would require a new level of asynchronousness from the Linux kernel. In my opinion, one problem with most UNIX OS implementations is that the OS thinks it can suspend CPU processing too easily. How could the database server schedule (say) 10 asynchronous file read or write requests and be notified when they complete? And how do you do efficient and scaleable asynchronous net I/O? poll() and select() don't scale well when you have thousands of simultaneous connections. I am not aware of any I/O completion port architecture on Linux.
I understand that TUX is able to get much greater performance under Linux by not using the conventional kernel APIs and doing the stuff directly in the kernel. But I feel very reluctant about moving an entire SQL database server into the kernel. There must be better ways...
Another problem with the "optimal" single-process event-driven approach is that it tends to turn your code "inside-out". If you have subroutines that calls each other, and when you are 20 routines deep on the stack, you get a database cache miss and need to perform an asynchronous database disk read. How do you reschedule to another task in the process?
user-mode threads
Turn your code inside-out and resolve all cache misses at top level (ugh!) (or set a flag and return up to the main dispatcher? And how do you get back?)
co-routines (anyone have a good package?)
abuse setjmp() and longjmp()
Generally, only the first alternative have proper debugging support.
A fingerprint is like a password. A password can be used for authentication since it is secret. And to keep it secret you change your password often, and avoid using the same password at multiple sites. How do you change your fingerprints?
Take this fingerprint mouse. Understand that each fileserver, web shop company, or other program that needs to perform authentication needs to have your fingerprint to match with what the mouse transmits. It does not matter how well you encrypt or hash your fingerprints. If fingerprint "authentication" catches on, the prints will NOT be secret!
What does the server DO?
How much I/O is done per transaction?
How much CPU-bound processing is done per transaction?
Does the server use threads? Is there a pool of threads (how many) or is a thread created for each transaction?
What OS calls does the Linux port use? Which socket calls? Is a new connection created for every transaction? select() or poll()? blocking or nonblocking sockets? etc, etc...
Is the data file opened with O_SYNC to emulate transactional properties?
How were the binaries compiled? Which compiler?
Given that this site seems to be very windows centric, how do I know that the Linux port is done properly by someone who know what she is doing? Can I see the source please?
It would also be nice to see some profiling data from the benchmark. Where is the bottleneck?
CPU utilization
Kernel/user mode utilization per processor
network packets per second
disk traffic per second
Also note that their term "transaction" is probably not a database transaction with ACID properties (as the industry standard TPC benchmark mandates). An ACID transaction needs to store updated data permanently on disk (not file buffers) before the transaction commits. I don't think the test does this.
I am implementing a database manager on Linux and there are some areas where I think NT has better capabilities than Linux (disk I/O for ACID transactions), but that is another story, since this benchmark probably doesn't do ACID transactions.
per@nospam.mimer.se
www.mimer.com
The proof is Macintosh- MS Office for Mac, when MS decides to sell it (which is far from always), has always been at least one major version behind the Windows equivalent. This, probably more than any other factor, is what killed the Macintosh as a business product and what will sooner or later kill it entirely.
This may be the reason why they will release Office on Linux.
Microsoft is so profitable because the Office suite is standard on all major companies. Bills worst nightmare is if some major companies buy Linux for their desktops and start to use Staroffice, or something. In this situation, Bill has to release Office on Linux to keep the file format monopoly/initiative for documents. It might even be a very good port initially, just to squash the office suit competition. But guess which platform the Office suite is going to run best on in the future? If Bill releases office on Linux, he will use it to crush Linux like he crushed the Apple.
In year 2003, magazine reviews will find that the new Windows version runs Office 3.14 times faster than Linux on equivalent machines....
Excuse me, but I think this is clueless.
Sure, seeing the actual messages is interesting too, but there is lots of information to be gathered just by monitoring who is talking to who and when. Build graphs of that info, and you see the "communities" on the net and how they interact and relate to each other.
This information is much easier to refine automatically (by computer) than actually understanding what you say in your messages, encrypted or not.
So when they have identified some arms traders (for example), they just do some data mining in their databases, builds the communication graphs, and if you have ever dealt with these people (by phone or internet), you will be found! Then they can correlate your communication patterns with other data (flight travels, bank deposits, etc). They got you now. At this stage, they might want to select a few strategic communications that you have encrypted and send them to the code breaking computers, but I don't think it is critical for what they are doing. They could just as well use other means at this stage if needed.
The purpose of Echelon is allowing them to do this on a global scale.
Look at mambox (http://www.mambox.com). It is a portable CD player which can play your ordinary CDs plus CDR or CDRW with MP3 files. It has a 45 second skip buffer.