No, against a one-time pad, bruteforce won't work, because the key is never re-used so you've no basis to know that any output from your decryption is more valid than any other.
The first 1024 bytes of Hamlet, XOR'd with 1024 truly random bytes, is indistinguishable from random bytes.
XOR that with the same bytes again, and you get 1024 bytes of Hamlet back. XOR it with most random streams of bytes, and you'll get something that looks equally random. XOR it with a particular different list of bytes, and you get 1024 bytes of Moby Dick. XOR it with another list of bytes, and you get a version of Hamlet in which "Bernardo" is replaced with "Slashdot".... and as an attacker, you've no way of knowing which one of those, if any, was the original plaintext.
I don't think this is about quantum phenomena. The glass has a randomised construction, but it needs to be a repeatable source of randomisation.
The process seems to be: Both parties meet, and feed some random data into a process which uses both their glasses and produces a few GB of "combined key". Alice's glass and Bob's glass are different. But either can be used to extract the OTP from the "shared key".
I wonder whether that's true.I must admit I haven't used a Linux GUI for years -- and where I did, it was a window manager for XTerms. I get the impression there are an awful lot more Linux instances in server roles than in desktop roles.
But in any case, what does the G in "Gnome" stand for?
In 1994, at university, I was in much the same situation (except it was only Sun -- we didn't have SGI boxes, and I couldn't make head nor tail of the solitary NeXT box).
I cut my teeth on SunOS. Then I got a 486 and ran Slackware on it in my dorm room. I found that bash was better than csh (which our admins had made the default shell on SunOS). I found that GNU date was better than SunOS date.
Then I found that our admins had a/usr/gnu/bin NFS mount for the Sun boxes, which we just had to put in our paths to make SunOS feel like Slackware.
So for the last three years of my four year course, I was running GNU/Linux at home and GNU/SunOS in the labs.
The point being that the GNU utilities were the "nice thing" I was interacting with. The kernel was only there to prop them up.
Imagine the problem of "privileged ports" disappearing because those services (ftp, http, etc.) no longer need any sort of root access.
The "privileged ports" restriction is a historical artefact that should be retired, in my opinion. It supposedly reassures the client that the service they're talking to is blessed by root on the server. That meant something in the days when UNIX only ran on big expensive boxes with admins holding the reins tight; when people generally trusted the routes between hosts. It means almost nothing when everyone and their dog can be root on a system of their own, and you've no idea what NAT routers and MITM exploits are messing with your TCP packets.
I reckon the risk introduced by programs starting as root, and the programmer having to get the privilege-dropping code right, far outweighs the benefits of privileged ports.
Services should run as non-root users. The OS should let them bind to low port numbers. Clients should use SSL/SSH/etc. to establish trust, if required -- and never treat a port number as any sort of evidence of trustworthiness.
Surely in the past "every bit of performance mattered" more than it does today? You can compensate for slow software by throwing faster hardware at the problem. Today we have faster hardware.
That said, I'm not volunteering to use a slower kernel full-time.
That's entirely pragmatic of you, and that's fine.
But say you wanted to try out an experimental device driver. In Linux it would be a kernel module. If it went wrong, it could potentially cause a kernel panic and halt your entire system. Or, since it has kernel privileges, it could just quietly spy on some element of your system and phone home with your confidential data without you knowing.
On a microkernel, your experimental device driver would run in separate memory space to other components. If the experimental driver crashes out, the rest of the system keeps going. It can't spy on your other components, because its access is restricted.
It may not address a need *you* have, but it may well be useful to others.
Listing every single component of the system is stupid. Linux is the kernel, Linux is what gets recognized as the OS. There are a lot of programs that go into making the system usable - each one need not be referenced in the name.
Mmm, but why do you choose the kernel as the piece so important that you name your whole system after it?
I'm forever seeing posts that say "Windows sucks and Linux rules, because in Linux I can do stuff like {insert neat adhoc bash script}". But you could run that script in a MacOS terminal, with Darwin replacing the Linux kernel. You could run it in Cygwin, with the combination of the Windows Kernel and the Cygwin compatibility libraries replacing the Linux kernel.
Linux is great, but it's a thin layer compared to the collection of GNU (mostly) tools that *actually provide the interface people love*.
infamous scumbag Steve “Lightspeed” Jones, a pornographer who specializes in “barely legal” genre (i.e. he recruits and films very young girls)
(emphasis theirs)
Now, by all means call him a scumbag on the basis of his extortion and blackmail. By all means find actual ways in which the way he produces porn is scummy.
But the "barely" in "barely legal" means they're above the age of consent, and hence not "very young". Indeed, since he's in the US, and they're (barely) legal, they must be 18 (2 years older than the age of consent in many countries), and capable of making their own decisions.
If you eat or drink anything red, you're probably eating ground up insects.
From that very article: "As of 2005, the market price of cochineal was between 50 and 80 USD per kilogram, while synthetic raw food dyes are available at prices as low as 10–20 USD per kilogram."
So most red things probably aren't coloured with cochineal.
Who says you cannot mix them with other meats or even heat dry and grind them as a powder additive to other foods? The nutrition is what we are looking for here - not necessarily the "grossing out" of folks.
Unless you're going to covertly introduce ground insects to food, people will know. And if they know, they'll be grossed out.
Personal experience suggests to me that at least a third of people in the UK are grossed out by black pudding -- part of our culinary heritage! There's nothing outwardly unappealing about a slice of black pudding. But people have been told that it's made of blood, and that's enough to put them off.
I'll eat pretty much anything. I've had Japanese colleagues play "take the gaijin to the izakaya and gross him out with weird foods", and I won (not that shirako is exactly pleasant...).
But even I find the idea of eating insects a bit revolting. I mean, I'd give it a go, but I'd grimace a bit the first few times.
In order to make any kind of impact, insect-eating would have to become really mainstream. We live in a society where lots of people won't even eat tripe, trotters, tongue or black pudding. Good luck getting these people to eat insects.
What they don't realize (and you don't seem to either), is the reason it is acceptable and safe is because it is a steak (unexposed), ground and served immediately.
That's why I said "just eat it very soon after grinding".
The demo video I saw (can't find the link now) showed a Samsung S3 (I think) with a normal Android UI on its touchscreen.
They plugged it into a monitor with HDMI, and used a bluetooth keyboard/mouse, and got a fully-fledged Ubuntu desktop on the monitor.
I'm not sure whether Linux was hosting Android, Android was hosting Linux, or whether both were hosted by a third layer. But they were able to share resources -- there were desktop apps that manipulated the Android address book for example.
Perhaps I misunderstand what you mean by "millennial-class"...
But if it means "a tsunami of a kind that happens every 1000 years on average", then my naive feel for stats suggests that a facility expected to run for 50 years has a 1-in-20 chance of experiencing one. That seems like something they should be prepared for.
It seems to me that, given the impact of a failure, they should have been prepared for the 1-in-200 chance of experiencing the biggest tsunami in 10,000 years. I bet there are are other 1-in-200 chances that there are careful safeguards against.
Yes, speaking as a British beer snob who's travelled the US coast-to-coast, there are astonishingly good craft beers in shops throughout the US. They tend towards the very hoppy pale ale, which I absolutely love, and they have inspired more of that kind of beer in the UK.
However, Bud Lite, PBR etc. are definitely blander than any of the mainstream British/European lagers served in British pubs.
I think there are two aspects to appreciating node.js
- you have to grok the Javascript flavour of functional programming. That can come from a background in "real" FP languages, or it can come from working with callback-centric browser-side JS.
- you have to read the node.js core API docs. All of them. It's quite compact, so it doesn't take long. But once you've done it you understand what the framework can achieve.
Slashdot Mirror
No, against a one-time pad, bruteforce won't work, because the key is never re-used so you've no basis to know that any output from your decryption is more valid than any other.
The first 1024 bytes of Hamlet, XOR'd with 1024 truly random bytes, is indistinguishable from random bytes.
XOR that with the same bytes again, and you get 1024 bytes of Hamlet back. ... and as an attacker, you've no way of knowing which one of those, if any, was the original plaintext.
XOR it with most random streams of bytes, and you'll get something that looks equally random.
XOR it with a particular different list of bytes, and you get 1024 bytes of Moby Dick.
XOR it with another list of bytes, and you get a version of Hamlet in which "Bernardo" is replaced with "Slashdot".
I don't think this is about quantum phenomena. The glass has a randomised construction, but it needs to be a repeatable source of randomisation.
The process seems to be: Both parties meet, and feed some random data into a process which uses both their glasses and produces a few GB of "combined key". Alice's glass and Bob's glass are different. But either can be used to extract the OTP from the "shared key".
There's nothing new about one-time pads, and your story is plausible (I think I've heard it before).
OTPs have definitely been used in real spycraft. People were literally issued with a book of random numbers, to be very closely guarded.
What's new here is the way of storing OTPs so that they can't unobtrusively be copied.
Just embed the glass in a credit card sized gizmo, and put a reader in laptops.
I wonder whether that's true.I must admit I haven't used a Linux GUI for years -- and where I did, it was a window manager for XTerms. I get the impression there are an awful lot more Linux instances in server roles than in desktop roles.
But in any case, what does the G in "Gnome" stand for?
In 1994, at university, I was in much the same situation (except it was only Sun -- we didn't have SGI boxes, and I couldn't make head nor tail of the solitary NeXT box).
I cut my teeth on SunOS. Then I got a 486 and ran Slackware on it in my dorm room. I found that bash was better than csh (which our admins had made the default shell on SunOS). I found that GNU date was better than SunOS date.
Then I found that our admins had a /usr/gnu/bin NFS mount for the Sun boxes, which we just had to put in our paths to make SunOS feel like Slackware.
So for the last three years of my four year course, I was running GNU/Linux at home and GNU/SunOS in the labs.
The point being that the GNU utilities were the "nice thing" I was interacting with. The kernel was only there to prop them up.
Imagine the problem of "privileged ports" disappearing because those services (ftp, http, etc.) no longer need any sort of root access.
The "privileged ports" restriction is a historical artefact that should be retired, in my opinion. It supposedly reassures the client that the service they're talking to is blessed by root on the server. That meant something in the days when UNIX only ran on big expensive boxes with admins holding the reins tight; when people generally trusted the routes between hosts. It means almost nothing when everyone and their dog can be root on a system of their own, and you've no idea what NAT routers and MITM exploits are messing with your TCP packets.
I reckon the risk introduced by programs starting as root, and the programmer having to get the privilege-dropping code right, far outweighs the benefits of privileged ports.
Services should run as non-root users. The OS should let them bind to low port numbers. Clients should use SSL/SSH/etc. to establish trust, if required -- and never treat a port number as any sort of evidence of trustworthiness.
Surely in the past "every bit of performance mattered" more than it does today? You can compensate for slow software by throwing faster hardware at the problem. Today we have faster hardware.
That said, I'm not volunteering to use a slower kernel full-time.
That's entirely pragmatic of you, and that's fine.
But say you wanted to try out an experimental device driver. In Linux it would be a kernel module. If it went wrong, it could potentially cause a kernel panic and halt your entire system. Or, since it has kernel privileges, it could just quietly spy on some element of your system and phone home with your confidential data without you knowing.
On a microkernel, your experimental device driver would run in separate memory space to other components. If the experimental driver crashes out, the rest of the system keeps going. It can't spy on your other components, because its access is restricted.
It may not address a need *you* have, but it may well be useful to others.
Listing every single component of the system is stupid. Linux is the kernel, Linux is what gets recognized as the OS. There are a lot of programs that go into making the system usable - each one need not be referenced in the name.
Mmm, but why do you choose the kernel as the piece so important that you name your whole system after it?
I'm forever seeing posts that say "Windows sucks and Linux rules, because in Linux I can do stuff like {insert neat adhoc bash script}". But you could run that script in a MacOS terminal, with Darwin replacing the Linux kernel. You could run it in Cygwin, with the combination of the Windows Kernel and the Cygwin compatibility libraries replacing the Linux kernel.
Linux is great, but it's a thin layer compared to the collection of GNU (mostly) tools that *actually provide the interface people love*.
From TFA:
infamous scumbag Steve “Lightspeed” Jones, a pornographer who specializes in “barely legal” genre (i.e. he recruits and films very young girls)
(emphasis theirs)
Now, by all means call him a scumbag on the basis of his extortion and blackmail. By all means find actual ways in which the way he produces porn is scummy.
But the "barely" in "barely legal" means they're above the age of consent, and hence not "very young". Indeed, since he's in the US, and they're (barely) legal, they must be 18 (2 years older than the age of consent in many countries), and capable of making their own decisions.
Black pudding, white pudding, fruit pudding, haggis all on the same plate - tattie scones, bacon and egg.
What a treat; and I'm not even Scottish.
If you eat or drink anything red, you're probably eating ground up insects.
From that very article: "As of 2005, the market price of cochineal was between 50 and 80 USD per kilogram, while synthetic raw food dyes are available at prices as low as 10–20 USD per kilogram."
So most red things probably aren't coloured with cochineal.
I'll eat trotters and black pudding with gusto!
And haggis...? Can't get enough of that!
You, me, and, um, about a third of the British population, based on my gut-feel and no other evidence :)
Who says you cannot mix them with other meats or even heat dry and grind them as a powder additive to other foods? The nutrition is what we are looking for here - not necessarily the "grossing out" of folks.
Unless you're going to covertly introduce ground insects to food, people will know. And if they know, they'll be grossed out.
Personal experience suggests to me that at least a third of people in the UK are grossed out by black pudding -- part of our culinary heritage! There's nothing outwardly unappealing about a slice of black pudding. But people have been told that it's made of blood, and that's enough to put them off.
Pretty much this.
I'll eat pretty much anything. I've had Japanese colleagues play "take the gaijin to the izakaya and gross him out with weird foods", and I won (not that shirako is exactly pleasant...).
But even I find the idea of eating insects a bit revolting. I mean, I'd give it a go, but I'd grimace a bit the first few times.
In order to make any kind of impact, insect-eating would have to become really mainstream. We live in a society where lots of people won't even eat tripe, trotters, tongue or black pudding. Good luck getting these people to eat insects.
That's some confusing branding, right there!
Thanks for the clarification.
What they don't realize (and you don't seem to either), is the reason it is acceptable and safe is because it is a steak (unexposed), ground and served immediately.
That's why I said "just eat it very soon after grinding".
The demo video I saw (can't find the link now) showed a Samsung S3 (I think) with a normal Android UI on its touchscreen.
They plugged it into a monitor with HDMI, and used a bluetooth keyboard/mouse, and got a fully-fledged Ubuntu desktop on the monitor.
I'm not sure whether Linux was hosting Android, Android was hosting Linux, or whether both were hosted by a third layer. But they were able to share resources -- there were desktop apps that manipulated the Android address book for example.
It does seem potentially useful.
Just eat it very soon after grinding. Steak Tartare.
Perhaps I misunderstand what you mean by "millennial-class"...
But if it means "a tsunami of a kind that happens every 1000 years on average", then my naive feel for stats suggests that a facility expected to run for 50 years has a 1-in-20 chance of experiencing one. That seems like something they should be prepared for.
It seems to me that, given the impact of a failure, they should have been prepared for the 1-in-200 chance of experiencing the biggest tsunami in 10,000 years. I bet there are are other 1-in-200 chances that there are careful safeguards against.
I've seen someone say, with a straight face, "I'm a staunch royalist, but if Prince Charles ever becomes king, I'll become a republican".
what in my comment (you just quoted the whole thing...be more specific if you expect a response) woud indicate otherwise?
"He probably made a full frame 5 minute animated short movie using high-level animation software then saved it as a .gif"
Which a brief look at the page itself shows he didn't.
Yes, speaking as a British beer snob who's travelled the US coast-to-coast, there are astonishingly good craft beers in shops throughout the US. They tend towards the very hoppy pale ale, which I absolutely love, and they have inspired more of that kind of beer in the UK.
However, Bud Lite, PBR etc. are definitely blander than any of the mainstream British/European lagers served in British pubs.
I think there are two aspects to appreciating node.js
- you have to grok the Javascript flavour of functional programming. That can come from a background in "real" FP languages, or it can come from working with callback-centric browser-side JS.
- you have to read the node.js core API docs. All of them. It's quite compact, so it doesn't take long. But once you've done it you understand what the framework can achieve.