I believe that we need to have a competitor for Passport. Well, that is nothing new. I would highly appreciate if Project Liberty has the guts to build private credentials (you might want to look here for more Info by Adam Shostack). This would be THE alternative for specialized identification (you have to be of legal age to see this page, you have to be Mr. Smith to view your taxes,...). We need identification, but it needs to be untraceable and there must be no way to collect and combine information.
COuld it be that/. readers are all over the world. When you close your tired eyes somebody will be sitting at work, in school, at home and be pretty awake to read/. Just a thought, you know...
Did you guys notice. They renewed their contract with Akamai. The map is served through them. So did CNN notice that a single company cannot serve the immense volume that these terrible times demand?
There is no easy answer to this question. It certainly depends on the alogorithms used. It depends on who implemented it, tamperfree devices, and much more. Here are a couple of links that might give the interested reader some points to start:
In the light of last weeks terror attacks and the obvious need for coordination on the attacker's side, most likely by the means of encrypted messages, I can understand the people's reaction. But let us have a look at what cryptography achieves. Cryptography achieves that an eavesdropper cannot read the content of a message. Cryptography does not mask the fact that there is a message being exchanged between two parties. The knowledge of a message interchange (and maybe a peak in activity) is an important piece of knowledge to criminal investigators. Sometimes it is not important to know what a message contains, but to know that there is a message. Now when you are implementing backdoors in popular cryptoolkits you are forcing people to use other means. For instance steganography. Hide the fact that you are sending a message at all. For instance use a webcam that shows the picture of a busy place in London. Now embedd a message in every 16th, 15th, 14th,... (alternate it please) bit and send it to all viewers. One of the viewers knows that there is a message and the time of the broadcast. He will get the message, others won't. Yes, there _are_ methods to detect embedded messages, but these methods do not perform very well on a constantly changing stream of information. This would be method one. There are other possibilities. Even if you put a backdoor in a package like PGP, the algorithms are open, what will stop a terrorist from implementing his own PGP. This is not rocket science. What will stop him to exchange a shared secret (use the good old book-page method or whatever) and then use an insane amount of bits for a symmentric encyption? So I do not think that backdoors will do much good. They will stop Joe Blow "I hide Pr0n" but not somebody who is educated about cryptography and knows how to use (and implement) it.
Well, this really depends on your nature. If I can lock myself in my home office and I have a project (like developing a new protocol or something similar) that, in the first place, does not require constant communication with my co-workers it works even better for me at home as in the office. But, and that might become a problem, at some point in time you need to meet with your co-workers. Sit around a whiteboard, discuss, let ideas float around. What I would recommend for you is do an analysis of your work. How much time do you have to spend in meetings (and not because of the social effects of them), how much do you work alone. Show these numbers to your boss. Maybe work out something like 3 days at home, 2 days in the office. But be prepared to make a deal like setting performance milestones. If you do perform on or exceed your current performance level you should be fine. But do your homework first.
in Half-Life it is only my skill which changes my ability to get a weapon. And if it is gone, I just wait for a while and it will be back. And if not I just kill the next sucker standing by and get it. But now for the serious comment. Besides playing stupid online shooters I still play MUDs (Multi-User-Dungeons), the good ol' text based ones. We are definitely not as massive as these new Ecoquest, Ultima Online, and whatever but we see the same problems. People offering (virtual) money for swords, to kill somebody, a quest or whatever you can achieve in the game. We don't carry it out on ebay, though. If virtual money (which belongs to the game) is offered, I do not see any problems with that. You earn the money in the game and everybody has basically the same chance to do so. In the real-world (and please no "that's capitalism" replies now) not everyone has the same chance. And some people might get incredible powerful in a very short time. And that kills the fun in the game (IMHO). In those MUDs I play, you have admins that take care of it. You even have a player council that might take care of it. I am looking forward to play Neverwinter Nights, an RPG that will allow 64 simultaneous players. I can run my own server and if people wreck the game, they get banned (/evil grin).
I couldn't agree more with you. Being German and having moved to the US, I observe several things. Americans are "Pseudo Health Fetishists". Everything is fat-free, low-fat, diet or whatever. People are always buying all this stuff but then eat for lunch a nice, Big Mac meal at the McD around the corner. But it comes with a Diet Coke. Phhhhh... As you said, everything has adverse effects. Coffee, Alcohol maybe even milk. But, as long as you do all of this in reasonable portions it helps you living a joyful life. And life is too short anyway. If you take all the joy out of living your life and consuming things that make you happy, what is the point in maybe living a year longer. Oh, btw, you still might get hit by that car with the drunken Cop at the wheel. Oh, never mind, that only happens in New York...
When I was 15, I wanted to be 16 so I can drink beer (legally) like the "big guys". When I was 16, I couldn't wait to be 18 and have my own car. Then it was time to get 19 and finish high school. And then, be 24, finish your studies. Then again, get older to gain responsibility and make things happen in the job. Now I am there and want to be back at the beginning again...
OK, first of all, this thing was built by Securify, by a now defunct group which was based in Boston. They are the same guys who, btw, built American Express Blue. The program includes a full fledged PKI solution, with your credentials stored on the chip. You can use it for signing in for special services, use it to purchase online. You just have to remember a PIN. The funny thing is that Providian, the first Issuer to give out the cards, SELLS the necessary Smartcardreader for 19.95. Speaking of consumer adoption...
and/. and even the Washington Post are helping. There is too much at stake for the whole community, science and simply the people that this must be taken the whole way through. Protection of digital content is understandable and needs also our support. If music, videos, games are pirated all the time, at some time there will be no more music, videos or games. We all know that. But if people pointing out flaws in standards are punished it will be much worse. Science will suffer. Innovation will suffer. The industry must understand that this case is not about piracy. It is about fair use. And the work of people like Niels Ferguson or Dmitry Sklyarov might actually help the industry to find a standard that protects the owner's rights and does not restrict fair use of copyrighted material that I and everybody else out there purchased!
Well, this happened in the past to DigiCash as many of you might remember. The point there was not that the company was really out of money, the point was to get rid of Dr. David Chaum. Look here for details. Today eCash Technologies is a successful company with continuing support from the PREVIOUS Investors (the ones that pulled the plug). So, I do not think that this is the end for Loki. If they focus on their successful business and have patient Investors PLUS MANY customers. But that shouldn't be a problem, should it?
My post, which was intended to be controversial, sure triggers a lot of reaction. In Posters and Moderators. Just looking at the moderation totals is interesting by itself: Moderation Totals:Flamebait=1, Troll=1, Insightful=2, Overrated=1, Total=5. I am, personally, not that this would interest too many people, an advocat of the right OS for the right purpose. I run Win98 at home. I like to PLAY Computer Games like Baldur's Gate (and my wife does), I run Win2k at work (well, company policy) and FreeBSD for my webservers (stable, fast, I like it). And I would love to have information on every OS when I am reading "news for nerds, stuff that matters". Because other Operating Systems than Linux DO matter. Even if you don't like it. And, my quotes from the changelog where meant to stir the discussion (100% success on that one). People, I can only say one thing: try to be more open towards people and things that are different from what you might like or value. It is not up to you to judge whether they are right or wrong. They have to come to that conclusion by themselves.
They shot a warning and the scientific community, threatening people to discuss their findings. We had a nice story here yesterday about Niels Ferguson (formerly at Digicash, his homepage, btw, can be found here). So for them it was a step in the right direction. The problem is way more fundamental, going hand in hand with the full disclosure discussion that goes on today. People will find security flaws and, if you do not publish them, "Blackhats", people doing this for BUSINESS, will exploit them. If you disclose your findings and help the organizations (because, no matter what you say, somebody who owns the rights for content should have the right to protect it) to find a reasonable level of security enabling them to maintain their business, you help the companies. And this is a good thing. Alternative models might work in some places (Shareware, donations, voluntary work) but not in all cases. And people want to pay their bills, raise their kids and send them to school. If you think that is wrong, then we might want to start a new discussion on capitalism vs. communism vs. marxism and other models.
but what is so exciting about:
- Alan Cox: more driver merges
- Daniel Phillips: unlazy use-once
and so on? I mean is there a Slahdot article when Microsoft gives out a new Windows 2000 SP? Including the changes and fixes (mirrored in the comments)? When there is a new major release, yeah, that's worth a story (and I expect the same when Windows XP ships, when Apple OS XI is there and the next major FreeBSD is out). These are newsworthy stories, a 0.01 change in version number is not. And now, FLAME ON, but I had to write this...
Too bad, they just released the new Demo of Kohan. And it looks nice! Very nice! For more information go here. But, I guess they might pull of a chapter 11. But it wont be the same company after that. Maybe many things will have to go... Many things as in free things...
Dear Demo Fellows!
Some of you might remember the famous first Demo Maker by TRSI for the Amiga, enabling many people that did not have the skills and/or time to learn coding to make their own Demos on the Amiga. Some of you might also remember the PC Version of it. It was published by Data Becker in those famous 90s. The Author, Andreas Schwaab, died about 6 weeks ago after a long sickness. I hope that you have some good memories of him and his work. I will for sure miss a very good friend!
2nd Reality was indeed like a wakeup call for the scene. Demos got better, some of them more content (away from pure effect coding to some content). It is kind of sad that too many kids are turning their talent to destroy things (read hacking), drawing satisfaction from this. I used to be in the cracking and demo scene for many, many years, unfortunately never winning a big competition, only scoring 3rd place at The Party in Denmark once. People should remember that it was the Demo Scene innovating many of the effects that people are oh so used to in Games these days. As mentioned before, you should have a look at www.scene.org or www.theparty.dk for some more info on the good ol days. Hope the scene will continue. - Friday of The Coexistence (and TSI, The Damned and others)
Why not? It is a nice example of people coming together, making some funny pictures out of real life and go and make them a clock. I don't care if this is "too much time on your hands production", but I like it. It is a waste of bandwidth... So what? Stupid people talking on their mobile phones about things like "honey I left the office and I will be home in half an hour" and jamming up the capacity of the mobile phone cells during rush hour are wasting bandwidth, too...
The officials will call this an accident, the system is so new, this will never happen again, yadda, yadda, yadda. Welcome to 1984, a bit late, but nevertheless my warmest welcome. While this system might be used for good, it also introduces a complete new level of observation which can lead to some pretty funny things. Like employer (official agencies in the first place) research. Oh, Mr. Anderson, you have a second life. During the day you are a computer programmer at xxx and during the night you are known as Neo, Cyberpimp, we cannot hire you for the new job... and so on, just let your imagination play a little...
Once you do this, you are changing THEIR computers. And you might be a known entity. And their lawyers will be all over you. It is the same whether the system is infected or vulnerable. You are changing what belongs to somebody else. And that puts you in the same position as the author(s) of the CRs.
Well, I dont know. First find out what OS Bad Guy is using (let us assume Windows for a second). Now go and exchange (!) the existing low level keyboard driver to log (send?) the data in an unsispicious location. But you are correct, the hardware device might be more feasible. But again I guess it is small enough to be implanted within the keyboard itself. I am not sure how much it can record, but memory is getting smaller. WAY smaller...
Besides, you shouldn't answer flames from A/Cs. You don't read slashdot much, do you? Well, actually I read too much/. and there might be a good reason for somebody posting as an A/C. Like working there. What you describe might be reasonable if somebody there read too much Applied Cryptography... So it might be worth responding (like I do now). I missed the closing lie tag (maybe my eyes interpreted it as an opening tag for your little flame). Sad to hear that nobody I am aware of took the time yet to reengineer the whole application. Maybe I should... *sigh*
Slashdot Mirror
I believe that we need to have a competitor for Passport. Well, that is nothing new. I would highly appreciate if Project Liberty has the guts to build private credentials (you might want to look here for more Info by Adam Shostack). This would be THE alternative for specialized identification (you have to be of legal age to see this page, you have to be Mr. Smith to view your taxes, ...). We need identification, but it needs to be untraceable and there must be no way to collect and combine information.
COuld it be that /. readers are all over the world. When you close your tired eyes somebody will be sitting at work, in school, at home and be pretty awake to read /. ...
Just a thought, you know
Did you guys notice. They renewed their contract with Akamai. The map is served through them. So did CNN notice that a single company cannot serve the immense volume that these terrible times demand?
There is no easy answer to this question. It certainly depends on the alogorithms used. It depends on who implemented it, tamperfree devices, and much more. Here are a couple of links that might give the interested reader some points to start:
Peter Gutmann's excellent crypto tutorial
Some information on Blind Signatures
A very nice link page for privacy and encryption
Ron Rivest's (the R in RSA) homepage with an excellent link section
And a link to buy Applied Cryptography, even if the stories lack accuracy it is a good read
Happy reading!
In the light of last weeks terror attacks and the obvious need for coordination on the attacker's side, most likely by the means of encrypted messages, I can understand the people's reaction. But let us have a look at what cryptography achieves. Cryptography achieves that an eavesdropper cannot read the content of a message. Cryptography does not mask the fact that there is a message being exchanged between two parties. The knowledge of a message interchange (and maybe a peak in activity) is an important piece of knowledge to criminal investigators. Sometimes it is not important to know what a message contains, but to know that there is a message. Now when you are implementing backdoors in popular cryptoolkits you are forcing people to use other means. For instance steganography. Hide the fact that you are sending a message at all. For instance use a webcam that shows the picture of a busy place in London. Now embedd a message in every 16th, 15th, 14th, ... (alternate it please) bit and send it to all viewers. One of the viewers knows that there is a message and the time of the broadcast. He will get the message, others won't. Yes, there _are_ methods to detect embedded messages, but these methods do not perform very well on a constantly changing stream of information. This would be method one. There are other possibilities. Even if you put a backdoor in a package like PGP, the algorithms are open, what will stop a terrorist from implementing his own PGP. This is not rocket science. What will stop him to exchange a shared secret (use the good old book-page method or whatever) and then use an insane amount of bits for a symmentric encyption? So I do not think that backdoors will do much good. They will stop Joe Blow "I hide Pr0n" but not somebody who is educated about cryptography and knows how to use (and implement) it.
Well, this really depends on your nature. If I can lock myself in my home office and I have a project (like developing a new protocol or something similar) that, in the first place, does not require constant communication with my co-workers it works even better for me at home as in the office. But, and that might become a problem, at some point in time you need to meet with your co-workers. Sit around a whiteboard, discuss, let ideas float around. What I would recommend for you is do an analysis of your work. How much time do you have to spend in meetings (and not because of the social effects of them), how much do you work alone. Show these numbers to your boss. Maybe work out something like 3 days at home, 2 days in the office. But be prepared to make a deal like setting performance milestones. If you do perform on or exceed your current performance level you should be fine. But do your homework first.
/. is international, so you might wanna check it out:
Tagesschau
Welt
Rheinische Post
Spiegel Online
Stern
All of these sites have good picture coverage for those who do not speak German. And they are way faster than all US sites at the moment!
in Half-Life it is only my skill which changes my ability to get a weapon. And if it is gone, I just wait for a while and it will be back. And if not I just kill the next sucker standing by and get it. But now for the serious comment. Besides playing stupid online shooters I still play MUDs (Multi-User-Dungeons), the good ol' text based ones. We are definitely not as massive as these new Ecoquest, Ultima Online, and whatever but we see the same problems. People offering (virtual) money for swords, to kill somebody, a quest or whatever you can achieve in the game. We don't carry it out on ebay, though. If virtual money (which belongs to the game) is offered, I do not see any problems with that. You earn the money in the game and everybody has basically the same chance to do so. In the real-world (and please no "that's capitalism" replies now) not everyone has the same chance. And some people might get incredible powerful in a very short time. And that kills the fun in the game (IMHO). In those MUDs I play, you have admins that take care of it. You even have a player council that might take care of it. I am looking forward to play Neverwinter Nights, an RPG that will allow 64 simultaneous players. I can run my own server and if people wreck the game, they get banned (/evil grin).
I couldn't agree more with you. Being German and having moved to the US, I observe several things. Americans are "Pseudo Health Fetishists". Everything is fat-free, low-fat, diet or whatever. People are always buying all this stuff but then eat for lunch a nice, Big Mac meal at the McD around the corner. But it comes with a Diet Coke. Phhhhh ... As you said, everything has adverse effects. Coffee, Alcohol maybe even milk. But, as long as you do all of this in reasonable portions it helps you living a joyful life. And life is too short anyway. If you take all the joy out of living your life and consuming things that make you happy, what is the point in maybe living a year longer. Oh, btw, you still might get hit by that car with the drunken Cop at the wheel. Oh, never mind, that only happens in New York ...
...
When I was 15, I wanted to be 16 so I can drink beer (legally) like the "big guys". When I was 16, I couldn't wait to be 18 and have my own car. Then it was time to get 19 and finish high school. And then, be 24, finish your studies. Then again, get older to gain responsibility and make things happen in the job. Now I am there and want to be back at the beginning again
What I forgot, rumours have it that the old Consulting/PKI group got all back into Charlie Waltons old/new company Caradas.
OK, first of all, this thing was built by Securify, by a now defunct group which was based in Boston. They are the same guys who, btw, built American Express Blue. The program includes a full fledged PKI solution, with your credentials stored on the chip. You can use it for signing in for special services, use it to purchase online. You just have to remember a PIN. The funny thing is that Providian, the first Issuer to give out the cards, SELLS the necessary Smartcardreader for 19.95. Speaking of consumer adoption ...
and /. and even the Washington Post are helping. There is too much at stake for the whole community, science and simply the people that this must be taken the whole way through. Protection of digital content is understandable and needs also our support. If music, videos, games are pirated all the time, at some time there will be no more music, videos or games. We all know that. But if people pointing out flaws in standards are punished it will be much worse. Science will suffer. Innovation will suffer. The industry must understand that this case is not about piracy. It is about fair use. And the work of people like Niels Ferguson or Dmitry Sklyarov might actually help the industry to find a standard that protects the owner's rights and does not restrict fair use of copyrighted material that I and everybody else out there purchased!
Well, this happened in the past to DigiCash as many of you might remember. The point there was not that the company was really out of money, the point was to get rid of Dr. David Chaum. Look here for details. Today eCash Technologies is a successful company with continuing support from the PREVIOUS Investors (the ones that pulled the plug). So, I do not think that this is the end for Loki. If they focus on their successful business and have patient Investors PLUS MANY customers. But that shouldn't be a problem, should it?
My post, which was intended to be controversial, sure triggers a lot of reaction. In Posters and Moderators. Just looking at the moderation totals is interesting by itself: Moderation Totals:Flamebait=1, Troll=1, Insightful=2, Overrated=1, Total=5. I am, personally, not that this would interest too many people, an advocat of the right OS for the right purpose. I run Win98 at home. I like to PLAY Computer Games like Baldur's Gate (and my wife does), I run Win2k at work (well, company policy) and FreeBSD for my webservers (stable, fast, I like it). And I would love to have information on every OS when I am reading "news for nerds, stuff that matters". Because other Operating Systems than Linux DO matter. Even if you don't like it. And, my quotes from the changelog where meant to stir the discussion (100% success on that one).
People, I can only say one thing: try to be more open towards people and things that are different from what you might like or value. It is not up to you to judge whether they are right or wrong. They have to come to that conclusion by themselves.
They shot a warning and the scientific community, threatening people to discuss their findings. We had a nice story here yesterday about Niels Ferguson (formerly at Digicash, his homepage, btw, can be found here). So for them it was a step in the right direction. The problem is way more fundamental, going hand in hand with the full disclosure discussion that goes on today. People will find security flaws and, if you do not publish them, "Blackhats", people doing this for BUSINESS, will exploit them. If you disclose your findings and help the organizations (because, no matter what you say, somebody who owns the rights for content should have the right to protect it) to find a reasonable level of security enabling them to maintain their business, you help the companies. And this is a good thing. Alternative models might work in some places (Shareware, donations, voluntary work) but not in all cases. And people want to pay their bills, raise their kids and send them to school. If you think that is wrong, then we might want to start a new discussion on capitalism vs. communism vs. marxism and other models.
but what is so exciting about: ...
- Alan Cox: more driver merges
- Daniel Phillips: unlazy use-once
and so on? I mean is there a Slahdot article when Microsoft gives out a new Windows 2000 SP? Including the changes and fixes (mirrored in the comments)? When there is a new major release, yeah, that's worth a story (and I expect the same when Windows XP ships, when Apple OS XI is there and the next major FreeBSD is out). These are newsworthy stories, a 0.01 change in version number is not. And now, FLAME ON, but I had to write this
Too bad, they just released the new Demo of Kohan. And it looks nice! Very nice! For more information go here. But, I guess they might pull of a chapter 11. But it wont be the same company after that. Maybe many things will have to go ... Many things as in free things ...
Dear Demo Fellows!
Some of you might remember the famous first Demo Maker by TRSI for the Amiga, enabling many people that did not have the skills and/or time to learn coding to make their own Demos on the Amiga. Some of you might also remember the PC Version of it. It was published by Data Becker in those famous 90s. The Author, Andreas Schwaab, died about 6 weeks ago after a long sickness. I hope that you have some good memories of him and his work. I will for sure miss a very good friend!
2nd Reality was indeed like a wakeup call for the scene. Demos got better, some of them more content (away from pure effect coding to some content). It is kind of sad that too many kids are turning their talent to destroy things (read hacking), drawing satisfaction from this. I used to be in the cracking and demo scene for many, many years, unfortunately never winning a big competition, only scoring 3rd place at The Party in Denmark once. People should remember that it was the Demo Scene innovating many of the effects that people are oh so used to in Games these days. As mentioned before, you should have a look at www.scene.org or www.theparty.dk for some more info on the good ol days. Hope the scene will continue.
- Friday of The Coexistence (and TSI, The Damned and others)
Why not? It is a nice example of people coming together, making some funny pictures out of real life and go and make them a clock. I don't care if this is "too much time on your hands production", but I like it. It is a waste of bandwidth ... So what? Stupid people talking on their mobile phones about things like "honey I left the office and I will be home in half an hour" and jamming up the capacity of the mobile phone cells during rush hour are wasting bandwidth, too ...
The officials will call this an accident, the system is so new, this will never happen again, yadda, yadda, yadda. Welcome to 1984, a bit late, but nevertheless my warmest welcome. While this system might be used for good, it also introduces a complete new level of observation which can lead to some pretty funny things. Like employer (official agencies in the first place) research. Oh, Mr. Anderson, you have a second life. During the day you are a computer programmer at xxx and during the night you are known as Neo, Cyberpimp, we cannot hire you for the new job ... and so on, just let your imagination play a little ...
Once you do this, you are changing THEIR computers. And you might be a known entity. And their lawyers will be all over you. It is the same whether the system is infected or vulnerable. You are changing what belongs to somebody else. And that puts you in the same position as the author(s) of the CRs.
Well, I dont know. First find out what OS Bad Guy is using (let us assume Windows for a second). Now go and exchange (!) the existing low level keyboard driver to log (send?) the data in an unsispicious location. But you are correct, the hardware device might be more feasible. But again I guess it is small enough to be implanted within the keyboard itself. I am not sure how much it can record, but memory is getting smaller. WAY smaller ...
What exactly is the big deal of writing a keyboard driver?
Besides, you shouldn't answer flames from A/Cs. You don't read slashdot much, do you? Well, actually I read too much /. and there might be a good reason for somebody posting as an A/C. Like working there. What you describe might be reasonable if somebody there read too much Applied Cryptography ... So it might be worth responding (like I do now). I missed the closing lie tag (maybe my eyes interpreted it as an opening tag for your little flame). Sad to hear that nobody I am aware of took the time yet to reengineer the whole application. Maybe I should ... *sigh*