Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. Re:Bah! on SHA-3 Finalist Candidates Known · · Score: 1

    It may be bad in hardware, but if it's good in software then I'd consider it superb for software-only uses of hashes.

    This also goes back to an argument I (and a few others) made on the list - since some of the original requirements were being dropped anyway, why not have a runner-up that is acceptably good at everything but is especially good at one that is frequently used?

    That way, you have a "winner" that is good overall but you also have something that has a specialist use but is decent elsewhere.

    In this case, I'd say BMW is ideal for file signatures (be it for file transfers, Tripwire/AIDE-style uses, etc). This isn't something hardware is normally used for and being very fast in software makes it ideal.

  2. Re:Regulations for classified information on Military Bans Removable Media After WikiLeaks Disclosures · · Score: 1

    These are what systems are required to do in the way of security measures, as defined by the Federal Information Processing Standards, the Orange Book and the Common Criteria.

    A lot of the documentation can be found at the Information Assurance Support Environment website, Policy and Guidance

    To summarize, information that is labelled "Secret" can only be stored on a machine that - in the Orange Book system - is classed as B3 or better. The use of security labeling and a mox of host-level and network-level mandatory access controls is supposed to ensure that this is actually mandated at the OS level on each machine and between machines. B3 is equal to the more modern Commmon Criteria EAL4.

    (It is impossible, in theory, to transfer information that is classified at one level into a lower classification, on the same machine or by going through a series of machines. To be able to do so is a violation.)

    To be given an EAL4 rating, that precise combination of hardware and software MUST be tested by an approved laboratory and shown to meet all of the criteria.

    Further, as noted on the FIPS website: "With the passage of the Federal Information Security Management Act of 2002, there is no longer a statutory provision to allow for agencies to waive mandatory Federal Information Processing Standards (FIPS)."

    Mandated Criteria, Rainbow Series and Related

    Mandated Criteria, Common Criteria

    These are NOT optional. These are Federally-mandated requirements. If Manning's computer did not meet these standards, it was NOT authorized to be on the network and the machines that transferred classified information to it were NOT authorized to do so.

  3. Bah! on SHA-3 Finalist Candidates Known · · Score: 5, Interesting

    None of the good names survived!

    Still, there was a lot of debate on the SHA3 mailing list governing the criteria as it was felt that some of the criteria were being abused and others were being ignored. I, and a few others, advocated an approach where the best compromise solution was the "winner" for SHA3 but the runner-up that was best for some specific specialist problem (and still ok at everything else, since it's a runner-up, and also free of known issues) would then be considered the winner as "SHA3b". That way, you'd also get a strong specialist hash. The idea for this compromise was due to SHA2 not being widely adopted because it IS ok for everything but not good for anything. Some people wanted SHA3 to be wholly specialised, others wanted it to be as true to the original specs as possible, the compromise was suggested as a means of providing both without making the bake-off unnecessarily complex or having to have a whole parallel SHA3 contest for the specialist system.

    The main problem with the finalists is the inclusion of Skein. The use of narrow-pipe algorithms has been widely criticised by people far more knowledgable than myself because it violates some of the security guarantees that are supposed to be present. The argument for Skein is that the objection is theoretical.

  4. Re:horse on Military Bans Removable Media After WikiLeaks Disclosures · · Score: 5, Interesting

    The problem is not the decision, so much as that allowing insecure mechanisms (in violation of NSA Security Information notices, Common Criteria instructions for the levels required for secret information and Federal Information Processing Standards, I should add) was not only bloody stupid to begin with, it was in violation of US law regarding the handling of classified information.

    Instead of prosecuting Manning, who at worst is guilty of far less than the Lockheed-Martin officials who publicly sold the plans for the current stealth fighters, one should ask why his actions were even possible in the first place. FIPS standards for secure platforms and NSA publications expressly prohibit the capability to transfer files to insecure formats. It is illegal, under US law, to install or use non-compliant systems for Government purposes. This means that giving Manning the computer violated US law. Do you see anyone charged with violating such US laws? I don't.

  5. Which horse? on Military Bans Removable Media After WikiLeaks Disclosures · · Score: 5, Interesting

    The Pentagon had to ban USB sticks, et al, internally after the biggest single security breach caused by a virus passed around and brought onto the secure SIPRNET within the Pentagon itself. It's unclear to me if the problem was the virus relaying secret information off the secure network, or what, but apparently it was labelled the single biggest security breach by the Pentagon and they're unlikely to be overplaying security holes.

    Mind you, NASA has just released secret information into the public domain by selling hard drives known in advance to contain secret information. These are drives that FAILED in-house auditing for such stuff. And prior to that, disk drives containing blueprints for the current generation of super stealth fighters were sold by Lockheed-Martin to Iran. (And people think Wikileaks did bad stuff?!?!?!?! How the hell does a bunch of personal opinions compare with giving a terrorist-funding nation plans for the top US fighters? Internal to Iran, there's the possibility they will find a weakness. Think Death Star plans. Think the Stealth Fighter shot down in Serbia. Yes, the Serbians blew up one of America's best planes, and with a cruddy cheap missile at that. On an international level, the Russians will doubtless use the plans to improve on their own airfoils and may be able to exploit the design to improve on whatever shape-based stealth they've developed so far.)

    Add to that that NASA servers have been hacked in the past to turn them into file-sharing sites. Which means that whatever classified files were in those exposed directories have been shared as well. Quite plausibly these files were protected by DES only, not triple DES or AES, as "commercially sensitive" data is classified below secret and certainly only used basic DES up until a couple of years before that breech was discovered.

    Then, back in the 90s, there was a breech at the Pentagon due to computers containing classified information being on the public Internet and having .hosts files. (NASA used .hosts files and rsh well into the current millenium and may well still do so.)

    That's four Bloody Obvious horses, with gold bridles and gem-encrusted saddles, that have walked out and were only noticed after they kicked the door down at the stablemaster's house. There may be others.

  6. Re:What's wrong with QoS? on FCC Approving Pay-As-You-Go Internet Plans · · Score: 1

    Your understanding of QoS seems limited. QoS is already used on the Internet, extensively.

    The way you use QoS on aggregate traffic is to guarantee QoS for the aggregate. This is known as Integrated Services (IntServ).

    The way it works is that a backbone router or switch says such-and-such a port has bought a pipe that is X% of the total pipe, so is guaranteed X% of the packets sent through. If there is spare capacity within a given time interval, after it has recieved the X% allocation, then it gets a fair shot at whatever is left over.

    It doesn't guarantee QoS per conversation, per host or even per address block. It does guarantee QoS for the summation of everything coming in, but that is it.

    What it means is that a user with Y% of the ISP's total bandwidth is guaranteed Y% of the packets leaving the ISP, no matter how network-intensive any other service on any other machine is.

    Provided packet-dropping schemes are fair (and WRED and PURPLE are fair), then it further guarantees that of the packets within that Y%, if N% are lost because of congestion, N% of those Y% will be lost for ALL users from that ISP, with no discrimination.

    In short, it is absolutely impossible for someone to clog up the networks with network-intensive applications with such a scheme.

    To claim otherwise is, simply put, moronic. To argue that this isn't QoS because it doesn't guarantee a specific service a specific level of connectivity or that it doesn't place an absolute floor on the level of connectivity is also moronic.

    If it uses a QoS mechanism, it is called QoS whether you like it or not. Your personal terminology is of no significance whatsoever.

    If it provides a level of service guarantee beyond that which the backbone providers claim they can support (without requiring paying per packet), then it falsifies the backbone provider's claims, no matter what dictionary you point to.

    Bitching and moaning doesn't alter what this does. Get over it and accept the ISPs are wrong.

  7. Re:A la carte cables on FCC Approving Pay-As-You-Go Internet Plans · · Score: 1

    Damn, that's going to ruin the channel-changing game.

    (For those unfamiliar with it, you score 1 point every time you change channel part-way through one person's sentence and have what's said on the other channel create something that forms a complete sentence. Bonus of 1 point if what's formed is gramatically correct, a further 1 point if what's formed also makes some sort of sense.)

  8. Re:What I can't get my head around... on Pentagon Papers Ellsberg Supports Wikileaks · · Score: 4, Insightful

    Pffft. Those same people didn't seem to mind Wikileak's standards for redaction when they published papers by governments hostile to the US. Indeed, as I recall, those people didn't object in the slightest to leaks about any other government at all. Or indeed, leaks about corrupt organizations (other than popular American brands).

    The US government's position that Wikileaks has endangered informants is also questionable (given that one of those "informants" was feeding bad information and assassinated 7 CIA agents, another was a hoaxer, an unknown number of these informants have been killed by Predator strikes, and an unknown number have been discovered through inept US handling). It's also not terribly consistant with history, since informants have traditionally been regarded as expendable and informing entirely at their own risk.

    (I'd also note that informants for other governments over the course of history and for the Taliban have generally had a low survival rate at the hands of the US or other Western powers. I'm curious as to how these objectors explain why it's ok for one side to persecute collaborators but not the other.)

    It's one rule for those you like, another for those you hate. Politics as usual.

    It's also the American obsession with winning. The idea of losing is evil in their eyes, although anyone going to war is naive to pretend that the outcome is guaranteed. The reality is that the war cannot be "won" - partly though ineptness on the Allied forces, but also because nobody has been willing to actually say what "winning" means. There's no victory conditions to achieve and therefore no benchmarks to test against. The "war against terror" has no defined opponents (even the "Taliban" isn't a unified entity but an ill-defined collection of tribes and external parties with few - if any - objectives in common and certainly no leadership structure), so we can't even say "winning is beating such-and-such an opponent in some way".

  9. Re:Duh! Get ready for it on FCC Approving Pay-As-You-Go Internet Plans · · Score: 2
  10. What's wrong with QoS? on FCC Approving Pay-As-You-Go Internet Plans · · Score: 1, Informative

    You pay for a specific pipe already. If the ISPs and core routers enabled fair-service curve, each pipe would get a fair chance at the upstream pipe. Heavy users would then not swamp lighter users and lighter users would not subsidise heavy users. This eliminates all of the (somewhat technologically ignorant) objections raised by ISPs and by some of the posters here. Then you add in ECN, which instructs a machine to throttle back if it is behaving badly on the network (and blocks machines that won't play fair). Packet-dropping schemes like BLACK and PURPLE deal with

    This isn't rocket science. Hell, these days even rocket science isn't rocket science. Neither of these suggestions would be difficult. They've been discussed in depth since the 1990 and have reached an amazing level of quality control that is fair to all users and equitable to all providers. Without raising costs.

  11. Re:A la carte cables on FCC Approving Pay-As-You-Go Internet Plans · · Score: 2

    Sensible answer: Since the reciever doesn't send a request for a specific channel, and can record one channel when you watch another, you must logically be getting every channel (including those you can't watch because they're scrambled). A sufficiently powerful digital box could grab all the feeds in parallel.

    Max Headroom answer: If you compressed all the data sufficiently, you might very well be able to watch all the channels simultaneously. The brain's I/O bandwidth is probably greater than Comcast's.

    Silly Answer: Since 3D television works on the idea of one eye recieving one channel and the other eye recieving a different channel, you could watch two channels at the same time.

  12. Re:Duh! Get ready for it on FCC Approving Pay-As-You-Go Internet Plans · · Score: 2

    Tle old International Packet Switch Stream used pay-as-you-use and it was in a hell of a lot more countries than the Internet, with far more secure services. It died.

  13. Re:HMS Invincible on British Aircraft Carrier For Sale On Auction Site · · Score: 1

    Nyah! Not if I win! I bid 3 herring and the toenail clippings of a troll.

  14. Re:Question on TSA Saw My Junk, Missed Razor Blades, Says Adam Savage · · Score: 1

    Metal does... interesting things in the presence of radiation. If you have a spare microwave, put an aluminium pie dish inside. Do NOT use a microwave that is not very expendible. So long as you use low enough power and have some level of absorbtion, the microwave will survive long enough for you to get some GREAT arcs.

    Metal in a bag or suitcase would likely show up totally black on an X-Ray. A razorblade, edge-on, would do the same. However, razors aren't cuboids. The edge is very sharp. The effects on what will make it back to the camera aren't obvious, but you should be able to use a ray-tracer to simulate the effect. Regardless, it should be damn obvious.

  15. Re:He Is A Reverse Engineer on Rootkit In a Network Card Demonstrated · · Score: 1

    Well, it depends a bit on taste. I imagine some people would do a bricklayer, but so long as they keep that to themselves it doesn't bother me.

  16. Re:Do these guys have any driver experience at all on Rootkit In a Network Card Demonstrated · · Score: 1

    You're assuming intelligence. An intelligent person would come to the same conclusions as you have. The same caution has come out for the Intel microcode uploader, flash-based BIOSes of all kinds and intelligent devices that can handle uploadable programs. It's not new, it's not even that dramatic, but it is (sooner or later) going to be highly significant. And all those who failed to take any action now will deny that they were ever told it was a possibility, and all those manufacturers who opted for pointless industrial secrets will point fingers at everyone but themselves. Same old, same old.

    As for what skill it would take - well, anyone with rudimentary coding skill and a copy of FTP can grab hold of OpenBIOS, Tiara, Flashrom, Coreboot, Linux' flash drivers and any number of firmware uploaders. That gives enough information to cover a great many different cases. Most of the hard work has already been done. There may well be Black Hat tools that already use these mechanisms to embed malware into programmable devices.

  17. Re:They Why ZFS? on Running ZFS Natively On Linux Slower Than Btrfs · · Score: 1

    Actually, at the enterprise level you'd be best using an intermediate piece of hardware to handle compression - for much the same reason. Throughput.

    Since most enterprise-level systems use some form of SAN or NAS storage, it's not too bad to do something like this. A SAN/NAS device that compresses the data isn't a massive bottleneck over and above all the other bottlenecks created by this type of storage.

    Alternatively, I don't see why the disk controllers themselves can't handle compression. They're already fairly complex, it would allow the manufacturers to advertise the drives as larger without actually needing to change anything, and it would squeeze more data into the buffers giving them greater read performance.

  18. Re:For ZFS, speed is a secondary goal on Running ZFS Natively On Linux Slower Than Btrfs · · Score: 1

    Damn. I was going to ask Stephen Hawking if he wanted to join a juggler's association.

  19. Re:I'm using btrfs on my home partition. on Running ZFS Natively On Linux Slower Than Btrfs · · Score: 1

    Why? Because the reference implementation is GPLed? Other implementations of the same standard can be licensed under whatever the author(s) damn well feel like. Therefore any other organization can put a re-implementation in any kernel they want.

  20. Re:They Why ZFS? on Running ZFS Natively On Linux Slower Than Btrfs · · Score: 1

    Depends. Is the null device in userspace or kernelspace? If the latter, you've context switches to include.

  21. Re:They Why ZFS? on Running ZFS Natively On Linux Slower Than Btrfs · · Score: 1

    My understanding of daha's post is that since (some) other FS' also support things like compression, compression cannot be used as a definitive reason for using ZFS. Of course, this depends on the type of compression used (not all methods are equal) and on how good the different implementations are, but compression in and of itself is not a differentiator when both sides of the equation use it.

  22. Re:They Why ZFS? on Running ZFS Natively On Linux Slower Than Btrfs · · Score: 1

    It's an interesting question, but not necessarily the right question. I'll explain what I mean. In some cases, a UDP connection with error-handling and retry mechanisms at each end will be faster than a TCP connection. They have the same feature set, but the results are different.

    In this case, the question is surely "what features does ZFS have that (some other fs) does not, what is the cost for each feature, and for those features duplicatable outside the FS, what would be the cost to gain those features by other means?"

    Without the additional information, you have an incomplete picture as you don't know the cost:benefit ratio of that particular implementation versus other implementations. It is only the complete picture that would let you get a good understanding for how the FS plays out in practice.

  23. Re:Russian OS.. on Is Linux At the End of Its Life Cycle? · · Score: 1

    Hold on, didn't Balmer say that Linux was a Communist product? Wouldn't that automatically make it Russian?

  24. Re:Google Translate on Is Linux At the End of Its Life Cycle? · · Score: 1

    It might be what the exec said, but that doesn't mean it's an accurate translation. I'm not sure that anthropologists have successfully developed a Bizspeak-to-English dictionary yet.

  25. Re:How many members in this cult? on USB Is the Devil's Connection · · Score: 1

    This cave and this one sound perfect to start with. What do you think? Good places for hiding from daemons?