Slashdot Mirror


User: HiThere

HiThere's activity in the archive.

Stories
0
Comments
17,789
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 17,789

  1. Re:Marketing on Silent Circle Moving Away From NIST Cipher Suites After NSA Revelations · · Score: 1

    Well, it's known that they've ordered one specially designed...but I don't think that's built yet, and it seems more of an experimental "proof of concept" machine than something serious. Which is why I give factorization encryption 5 years. That's probably being a bit conservative, but they ARE looking. Of course, there may be roadblocks such that a decent quantum computer is actually impossible, but that's probably not the way to bet.

  2. Re:Marketing on Silent Circle Moving Away From NIST Cipher Suites After NSA Revelations · · Score: 1

    No. Largely right, but No.

    A random one-time pad is secure until/unless the decoder gets his hands on a copy (Though you might want to encrypt a prime number of bits at a time. I'm not sure what happens if you encrypt chunks of characters.)

    Also, public key encryption (say twofish, or even AES) is probably safe if you have a long enough key barring either a theoretical breakthrough in factorization of decent quantum computers. But you might be wise to not use the default parameters. (What you *should* use, I don't know. I'm not a cryptographer.) But say that it's good for five years as an estimate. Note that without that "theoretical breakthrough" or quantum computers, a decent key length will be safe for the lifetime of the universe...IF decent parameters are used.

    If you're using a one-time pad, you don't need to secure the message, only the pad. But you need an out-of-band secure means to transfer the pad.

    OTOH, if your computer has WiFi....well, the computer probably isn't secure. If it's connected to the internet, then it probably isn't secure. Etc. Message interception in transit is only one means of interception. Interception when/while/after decoding is another. And a trojan is an excellent way to intercept the message...though it needs to be a bit more targeted than just recording everybody's messages.

  3. Re:What does this use? on Silent Circle Moving Away From NIST Cipher Suites After NSA Revelations · · Score: 1

    Sorry to hash the joke, but that's double ROT128. Unless, of course you're using a 16-bit or 32 bit character.

  4. Re:Motivation on Security Researchers Rewarded With $12.50 Voucher To Buy Yahoo T-Shirt · · Score: 1

    No. White hat hackers will just generall ignore Yahoo. What Yahoo will get is various shades from darkish grey to black, and the shades of grey will have just gotten a bit darker.

  5. Re:Where does it say... on Security Researchers Rewarded With $12.50 Voucher To Buy Yahoo T-Shirt · · Score: 1

    It sure doesn't need to be an insult. A $13 voucher that can only be spent to advertise the company...that's an insult.

  6. Re:This is news? on Security Researchers Rewarded With $12.50 Voucher To Buy Yahoo T-Shirt · · Score: 1

    Actually, their job is to protect the government. To do this they are allowed to enforce the laws, and several other things. This is basically PR and economics. (A safe environment is generally more profitable, which means it pays more taxes.) And if they observe a major crime (felony) they are supposed to try to arrest the perpetrator. Misdeameanors are optional. They can arrest, or warn, or even ignore.

    And I'm talking about honest cops. There are all to many who don't measure up to that. And the "honest cops" protect them. Also remember that nobody chooses to become a cop who doesn't want to exercise authority (which may be either a good or a bad thing).

  7. Re:This is news? on Security Researchers Rewarded With $12.50 Voucher To Buy Yahoo T-Shirt · · Score: 1

    No, as P.T.Barnum is supposed to have said "There's a sucker born every minute."

    And it doesn't take "everyone who finds a vulnerability". It just takes one, as long as the others aren't motivated to report it "responsibly". (I wouldn't bother to report it if after the bother of dealing with lots of idiots and paperwork, the only reward was $13 off and advertisement for the company I was trying to help. And that's what they offered. I bet they still make a profit if the t-shirt is sold.)

  8. Re:So . . . on Security Researchers Rewarded With $12.50 Voucher To Buy Yahoo T-Shirt · · Score: 2

    Put it this way:
    If folks despise a company, some who would otherwise help them will decline to, and others who would otherwise ignore them will act to harm them. Perhaps you don't think people *should* act that way, but they *do*. And I'm not at all certain that this isn't reasonable. I tend to help my friends in preference to helping strangers, and I'd be quite reluctant to help someone who had spit in my face. That I wouldn't give him a faceful of knuckles says more about my being a rather passive person than about what I think is a reasonable reaction.

  9. Re:chump change on Google May Face Fine Under EU Privacy Laws · · Score: 1

    Well, *if* the assertion that "most of the other search engines are just scraping Google" is correct, and Google stopped covering France (unlikely, but if they stopped doing business there the coverage would probably cease growing, and might shrink) then the other search engines wouldn't have the information either. So perhaps "go dark" is a bit excessive, but "go dim" sound correct.

    This, of course, hinges on the correctness of the primary assertion. I'm certainly aware that SOME of the other search engines operate by "scraping Google", but I'm not sure this is true of all of them.

  10. Re:^This on Students Hack School-Issued iPads Within One Week · · Score: 1

    The reason the schools are so awful is primarily the high student to teacher ratio. Secondarily, teachers are not allowed to discharge students for not being willing to either study, or allow the rest of the class to study. Thirdly, teachers are coerced into teaching mainly how to pass tests.

    Those three are at the top of the list. Other reasons aare less significant. The IPADs are gimmics, and don't have much use except as motivators.

    N.B.: In NO grade is a student to teacher ration of more than 15 :1 reasonable. In lower grades it shoul be lower. One can argue that in college it's reasonable to have *some* lecture classes with a large audience. Also in the Junior and Senior years of high school. But those need to be supplemented with at least an equal number of "section meetings" (for each student) where the ration should be nearer to 10 : 1. And it can be argued that the "lectures" should be available on the internet for perusal as needed, and that there should be "jump to frame" and "pause" features added to the replay.

  11. Re:this is for cheap proton therapy on 3mm Inexpensive Chip Revolutionizes Electron Accelerators · · Score: 1

    Proton? But this is an electron accellerator. You could use it to feed a proton accelerator, I suppose....but it wouldn't be simple.

    Better to build something analogous and feed it with hydrogen ions. Also note that it requires a preheater stage, and that protons don't have synchroton radiation. So anything analogous is going to be QUITE difficult. (OTOH, protons don't need a linear accelerator, they can use rings.)

    Actually, I think nothing even analogous would work for protons. And even doing it with positrons would be diffucult, as this isn't being done in a vacuum, so you'd get anihilizations. It's probably only good for electrons...though you could (and must, if I understand correctly) use it as input to another process. And you also need a pre-processor stage that genertes the stuff you feed the chip.

    P.S.: As has been pointed out, you can't link the chips in series, or at least not much, because you start running into energies where the electrons smash matter rather than going through it, but you should be able to gang them in parallel, to generate a more intense beam.

  12. Re:Avoid eleptic curve algoritms on Did NIST Cripple SHA-3? · · Score: 2

    Not this year. Massive computer arrays will never handle factoring large numbers with large prime factors until there is a major theoretical breakthrough (which can't be predicted).

    Quantum computers ARE a major threat, but not this year. The NSA has publicly ordered a large one, but large this year is probably only large enough to test their approach. So if your data is time sensitive, you are still safe.

    Two or three years from now...who can say. Progress *is* being made on quantum computers. Perhaps it will hit a roadblock. Then factorization stays safe barring that theoretical breakthrough. Perhaps it won't. Then in five years, all of today's encrypted signals may be readily readable.

    In this context I think it's safe to presume that the NSA's quantum computer capabilities aren't dramatically ahead of everyone elses. The things would have to many other important uses.

  13. Re:Avoid eleptic curve algoritms on Did NIST Cripple SHA-3? · · Score: 1

    But factoring, while hard, is reasonably handleable if you have a quantum computer. Which, as it happens, the NSA has recently contracted for (publicly).

    Is this also true of the elliptic curves? (On the one hand, I don't know, but on the other hand, the NSA chose the magic numbers.)

    Twofish and blowfish are probably the best choices if you need to worry about that kind of thing. But I'm no cryptographer, and haven't studied the problem, so don't take that seriously.

    As someone earlier suggested, if you are really concerned, figure out how to use a one-time pad. But this requires out-of-band secure communication. Few people are that concerned.

  14. Re:Why do we even go to these orgs anymore... on Did NIST Cripple SHA-3? · · Score: 1

    One time pad is, of course, best, *if* you can use it. But it requires that both the sender and the receiver have a copy, and that the interceptor *NOT* have a copy. (Or not be able to determine that they do. Dostoyevski's "Crime and Punishment" would make a decent one time pad, until it was known that that was what you were using. Then you might as well have been sending in clear.

  15. Re:Why do we even go to these orgs anymore... on Did NIST Cripple SHA-3? · · Score: 1

    We don't know that there was any direct pressure. We don't know there wasn't, either. And there was clearly indirect pressure.

    They're guilty, we just aren't sure exactly HOW guilty.

  16. Re:But does it change anything? on When Criminals and Terrorists Communicate In Real Time · · Score: 1

    Do you know anyone who was made afraid of the terrorists by 9/11? I don't. I know several people, however, who were made afraid by the US government's "response" to that action. (Response was in quotes because I don't believe it to be a response, but rather an excuse to do something they'd been looking for a way to do.)

  17. Re:Possibly Greatly Overblown on 'Zombie' Hormone Disruptors Rise From the Dead · · Score: 1

    That's not the ONLY way it's misleading. Most of the literature focuses on ONE pollutant. What exists in the wild is a mixture of several. Sometimes several subcritical doses of different drugs will produce an above critical effect. This is though to be one of the causes behind the coral and amphibian dieoffs. (Yes, a fungus is the proximate cause in the case of the amphibians, but exposure to a "safe" dose of a mixture of pollutants appears to have weakened their immune system to the point where it is often fatally weak.

  18. Re:Everytime I read about C++1Y.. on LLVM's Libc++ Now Has C++1Y Standard Library Support · · Score: 1

    Smart pointers can't release nets of data because there are still references to each allocated cell. The references are mutually or cyclicaly referential, and there may be no external references, but there are still, possibly multiple, references. Garbage collection can notice that there are no external references to the data. The simplest example is a doubly linked list. Each cell in the list both references, and is referenced by, it's successor, if the head of the list is freed that doesn't free the list, it just makes it inaccessible.

    Yes, there are ways to handle this. But you need to use them, and each one is a potential memory leak. Which is likely not to be noticed in a small test case, but which will cause a problem when the program runs in production.

    Yes, C/C++ have garbage collectors. But because of the language design they need to work a lot harder than do garbage collectors of a language that properly separates pointers from other data. In practice it doesn't seem much of a problem, because people don't use them unless they REALLY need them. And your last sentence is a bit confusing. What in a running program isn't memory that COULD be collected? Are you talking about freeing memory from object databases (like ZODB) or what?

  19. Re:Everytime I read about C++1Y.. on LLVM's Libc++ Now Has C++1Y Standard Library Support · · Score: 1

    You are right, one can do much more with templates. In D templates are a turing complete language. I still don't like them. I tend to make decisions at run time, not at compile time, because they depend on the data that is read. This, of course, depends entirely on what you are doing. For some things, templates are great. But from my point of view the only useful part of them is captured by generics. (Don't think of Java generics, think of Ada. Java got it wrong because they kludged them into the language as a retrofit which couldn't break any working code. Possibly Haskell or OCaML got the concept better than Ada, but I don't know those languages well enough to comment. And I think they just called the idea "types", which ARE determined at compile time, but which are calculated by the compiler.)

    Smart pointers are nice in many ways. Most types of smart pointers, however, can't release nets of data. Garbage collection can, but determining that there are no external references. This has a time penalty, but, OTOH, it saves on space. So garbage collection vs. smart pointers is a time-space tradeoff. Which is best depends on what you are doing. OTOH, C/C++ are languages which are ill-suited to garbage collection, because you can't rely on data either being or not-being a pointer without a LOT of checking and calculation. Languages that are stricter on type conversions are better suited for garbage collectors.

  20. Re:Everytime I read about C++1Y.. on LLVM's Libc++ Now Has C++1Y Standard Library Support · · Score: 1

    I haven't used EMACS for decades. When I did my fingers hurt from the contortions. They're LESS willing to accept multiple simultaneous keypresses now than they were. (It's not Lisp, but Bigloo Scheme tried to use SLIME, and I wasn't impressed. Of course, there were lots of problems, and things didn't load properly, but still...geany is much easier to use. It *does* have a Lisp mode, but I'm not sure what it does, and nobody has ever recommended it. As I don't use Lisp currently, I haven't investigated further.

    As for quicklisp...when the main page says paraphrase "to find out more go to twitter" I'm a bit dubious. I know it only claims to be beta, but as documentation goes that's pretty poor. (Presumably they have better documentation somewhere, but...the main web page says check twitter???)

    Yes, I have heard that CLOS is quite good. But it's hard to get far enough for that to become significant.

    P.S.: One of the things I dislike about Lisp, and a few other languages, is the lack of reasonable documentation tools. Doxygen is far from perfect, but it produces usable documentation. Epydoc is better, if you're using Python2. Ruby has a couple of acceptable tools. Smalltalk...well, Smalltalk is self contained. I'm not real thrilled with their documentation ideas, but they sort of work. Vala ... valadoc is promissing to develop into an acceptable documentation tool, but it's got a ways to go. Still, Vala doesn't claim to be out of beta. Java not only has javadoc, it can also use Doxygen. Lisp....well, if it's got a documentation tool, I don't know about it.

    P.P.S.: WRT functional programming: Languages need to support functional programming, because there are places where it's extremely useful. They also need to avoid only supporting functional programming, because one frequently NEEDS mutable state. My preferences lean heavily towards Object Oriented, but they sure don't begin and end there. Languages need to support multiple paradigms. One of the problems with Java is that external functions are a kludge. (Define them as static members of a class named, perhaps, Global.) In Java this isn't much of a problem, though, because one is already limited to one external class per file.

  21. Re:Everytime I read about C++1Y.. on LLVM's Libc++ Now Has C++1Y Standard Library Support · · Score: 1

    Since I tend to find ALL environments, except things like Java, Python, and Ruby, a bit buggy, I can't really say. When did you hear that it was particularly buggy? (As it's under considerable development, the precise version is significant.)

    I tend to find more problems with my C++ code than with my D code. Of course, that's probably me, but ... And the C++ code is harder to debug. OTOH, if I need to use a library that crosses language boundaries, that does add another problematic element. It may depend on what you are doing. C/C++ gives me a lot of trouble when handling unicode strings. (For that, even Vala is better.)

  22. Re:Yes. on Ask Slashdot: Are We Witnessing the Decline of Ubuntu? · · Score: 1

    It doesn't matter that they are separate entities, they are entities whose actions affect the same group of people. So they reinforce each other. (Or, of course, the opposite if they weren't to make the same kind of bad decision...but that's a counterfactual argument.)

  23. Re:Everytime I read about C++1Y.. on LLVM's Libc++ Now Has C++1Y Standard Library Support · · Score: 1

    Lisp has it's points...but it's not that great. And many of the libraries that I want to use are a real pain to use from it. And the only decent development environment I've found is actually for Scheme (Racket), and while it provides, e.g., futures, it doesn't actually execute the code in parallel. (Yes, I know that's not actually a criticism of Common Lisp. For that stick with the libraries and the lack of a development environment.)
    P.S.: I once, long ago, bought a copy of Franz Lisp (my first common lisp). It was OK, but not great. And updating it would have cost me the other arm and leg. A usabe version isn't cheap. So I formed my opinions recently based on SBCL and CMUCL.

    Some people like Haskell, but I have a hard time thinking that way.

    Etc.

    Currently I've settled on D as the best compromise. It's missing a lot of libraries, but if there's a C interface, it's usually possible to link them to D.

    As for C/C++... my real problems with them are memory management and unicode. (With C++ I also despise the way one is required to use templates for everything. Generics are much preferable.)

    Now except for memory management and inflexibility (leading to verbosity), esp. in handling character strings, Ada is preferable in every way that I'm aware of to C++. C++ *used* to be a simpler language to learn, but that's not true any longer. The standard has expanded to the point where Ada is simple in comparison. (Ada *does* have usable memory management, but it's a lot more complex than a decent garbage collector. So while it's better than C/C++, it loses out in comparison to D, among others.)

    As for Java...I consider that it's way of handling unicode is broken. It works for many "characters", but not for the less common cases. And argument can be made for either utf-8 or utf-32, but utf-16 is a terrible compromise, even when done well, and Java is not an example of it being done well.

  24. Re:NSA's fucking job on President of Brazil Lashes Out At NSA Espionage Programs In Speech To UN · · Score: 1

    I notice that you are anonymous. Forgive me for suspecting that you are an astroturfer.

    If you want an anonymous comment to be taken seriously, you must provide a logical argument, rather than a false assertion.

    P.S.: Were it true, it being one's job to break the law is not a justification for doing so, or bank robbers would have get-out-of-jail-free cards.

  25. Re:Hate unity? There are other *buntus. on Ask Slashdot: Are We Witnessing the Decline of Ubuntu? · · Score: 1

    Mate was sluggish a year, or perhaps a bit more, ago. I mean the Mint Mate. I hear it's improved, but I haven't tried it recently.