Of course it's enforceable. It's like registering firearms. No one comes to your house to be sure you've done it, but if in the course of some other investigation it becomes known that you didn't you get a nice fine or get to spend some time in jail. Sending a fake key is all well and good until someone tries to use it and finds that it doesn't work. You might want to look at the criminal penalties in any proposed bills before trying such an approach.
Don't let these attempts slide by believing they won't seriously impinge on your freedom. They do. They will.
I don't know about you but compiling 50,000 different encryptions on top of each other is pretty damn hard to decrypt.
No, you don't. 50,000 encryptions is ridiculous in the extreme. We have *single* algorithms now which have been exposed to detailed cryptanalysis and remain unbroken. Additional encryption increases the cost of encryption, but doesn't necessarily increase the security, and certainly not as much as you'd like. 3DES, for example, has 168 bits of key but only 112 bits of strength.
As soon as you plug an encryption on top of that one, you just made it exponentially harder because now you have to know what the encrypted file is suppose to look like. Keep plugging them on top of each other and it nearly becomes impossible. So, frankly, you don't what you are talking about.
You assume, incorrectly, that I need to duplicate your algorithm to duplicate your result, which is incorrect. To simplify, if your algorithm is ROT13 five times, I'll do just fine to ROT13 once. Multiple encryption is nothing more than a more complicated algorithm with a longer key. You now need to deal with 200,000+ bit keys with your 50k encryptions. If you use the same key, it's just a more complicated, but not necessarily more secure, algorithm. It *might* be stronger, but the cryptographic landscape is littered with algorithms and methods which once upon a time *might* have been stronger.
Go ahead and roll your own. Just don't be surprised when its broken. Certainly don't expect anyone who actually wants to keep their data secure to use it.
Call it a pet peeve of mine, but its rather important to be able to say what you mean. This statement is equivalent to "No software can be developed open source." I suspect the author (of the book, not the review) intended to convey "Some software can't be developed open source." We should really take a moment to be sure we're saying what we intend to say.
We don't know, and never will. Due to the way our electoral system works, we don't count all the votes. In most cases, you win all or none of a state (exceptions being states where you win all or none of a district). If A gets 3,000,000 votes and B gets 2,000,000 votes, there's no need to count the last 500,000 votes because they aren't going to change the result in any case. Even assuming Gore won the popular vote, that doesn't change who the elected president is.
Was it not plainly obvious that the SC ruled along party lines to support the questionable #'s from Fla.?
No, it was plainly obvious that the Supreme Court upheld the Constitution. Florida has the right to determine how it will cast its vote for president. It does not have the right to change its mind after the fact. This fact is not dependent on how many people are upset that their guy didn't win.
It really isn't that tough if you know what you are doing.
That's true, it isn't that hard, although based on your post I'd say you're not going to be writing anything resistant to serious cryptanalysis any time soon.
The important point that you've entirely failed to make is that when commercial crypto is backdoored, terrorists won't use commercial encryption. They'll write their own. Those who think they don't have the necessary skills probably would have thought they couldn't fly 767s either. Even if they don't have the skills, they have the money to buy the skills.
Backdooring commercial crypto will do nothing but insure that the data we really want to see will only be transmitted on noncommercial encryption. While I understand the motivation, this is a naive course. We must not give away our freedom to private communication, most especially when the benefit will be very nearly zero.
Re:What can be done? Nothing.
on
More On Tragedy
·
· Score: 1
The only effective weapon against terrorism is to do absolutely nothing.
And what, exactly, do you base this on? Which nation has "defeated" terrorism by doing nothing? Or is this perhaps nothing more than your arbitrarily fabricated theory?
Nearly all of us need to sit back and admit we have no information or basis to decide what the right response is. These terrorists aren't misbehaving children. Pretending they are is dangerous beyond measure.
I'm still out to lunch on the whole 2nd amendment debate, but could you imagine the air-rage case if people carried concealed weapons on planes!?
The same point applies. How many people are going to be flaming jackasses when they know the other 100+ passengers will render them into hamburger if they present a clear risk to the health and safety of the passengers on the flight.
I can just imagine a scenario where you get the talk about floating across the Atlantic on your seat cushion in the event of a crash. Oh, and each of you has a loaded Glock under your seat. In the event of a hijacking, you're urged in the strongest terms to shoot to kill.
Who's going to hijack a plane like that? Who's going to assault the flight crew? Very, very few, and never the same person twice.
Now of course I don't suggest we do this, but armed personnel on the plane is hardly a bad idea. In fact, we did it for many years. They're called Air Marshalls and they were specifically trained for combat in the confined space of an airline cabin. Its sad we need something like this to make people understand that guns are primarily tools of protection.
I went to a (IMO) nice college that decided all incoming freshmen should be required to purchase them beginning the year after I graduated. I thought it was a hideously bad idea. We're talking about a required purchase of a $2,000+ piece of hardware for something like 6.000 people. $12,000,000. Sitting in MOST of these classes I can't begin to imagine how a laptop would have helped or been useful. IT is simply not the cure-all nontechnical people would believe it is. I occasionally took my own laptop to class, where I would either work on other assignments or work on "real" (paid) work. Never once did it actually benefit the course I was in.
I did however, get a big laugh the year it was implemented when I picked up a copy of the school paper. The cover story was about the new laptop initialitive and featured a picture (from behind) of a student in class during a lecture...playing solitaire.:)
$12,000,000 so students can goof off and ignore the lectures. Way to go, guys. I'm sure 12 year olds will be so much more responsible than 18 year olds.
SSN is public data. You can buy credit headers from the major credit bureaus which contain SSNs.
No data like this can safely be used as an authenticator. You possibly use it as a unique identifier, but knowledge of it proves absolutely nothing. Nor does knowledge of mother's maiden name or any of the other items negligent companies ask for "for security purposes". Oh, good, now I can only be defrauded by family, close friends, or anyone who can be bothered to piece together the few bits of information needed to defeat this.
I exchanged money for a copy of the program. What do I get in exchange for the restriction that I can make only one backup copy? That I can't reverse engineer it? That I can't write a review saying the product proves sufficient monkeys and typewriters can write software as well as Shakespeare, and publish it?
Nope, sorry, it goes like this:
Go to store
Exchange money for software
Go home
Open box
Exchange rights for...nothing?
Which is where UCITA comes in. It legitimizes this non-transaction.
I've remembered up to 20 or so at a time that were in the "random pronouncable" category (application generated). 10 or so of the "truly random" category work fine, too.
Of course, I have to admit there have been times I had no idea what the passwords actually were. I just knew how to type them.:) There was even one occasion, early in my SA career where I had to give the password to someone who had paged me (yes, I knew absolutely who he was). I called back from a pay phone, and on finding out what he needed to do, told him I'd have to call him back from somewhere with a keyboard.:P
Companies don't have first amendment rights. Companies don't have rights at all. Rights are for people. We've so much abused and diluted the word that it has become meaningless.
Harry Browne's position, as I recall, was that while he, personally, was pro life, he didn't support a federal ban on it because restricting abortion isn't a power granted to the Federal government. Without making a judgement on abortion either way (I *do* have my opinion, though), its nice to see a candidate for Federal office who recognized that election doesn't mean blanket power to do whatever you damn well please.
If only Bush, Clinton, McCain, Kennedy, Daschle, and friends would realize the same thing, we'd be much better off.
Its not a bad thing if it is voluntary. It is a bad thing if I, as a consumer who goes out of his way not to be profiled, have my data collected, compiled, and sold against my will.
It is a bad thing if it is used to manipulate kids to hassle their parents to buy the plastic crap put out by major toy manufacturers. I know from my own kids that they're a sucker for any ad. They want one of everything. Abusing that is immoral, and as a parent, I want a way to opt out.
It is a bad thing if it is indiscriminate and indiscreet. How do you prevent ads for Dad's products, which might be inappropriate for kids, from showing up during Junior's TV viewing. After 11pm? My kids, sadly, follow my schedule, and sometimes don't go to bed until 3 to 5 am. Perhaps you're a single guy who does order pay-per-view porn at all hours. The ads are fine until the day mom and dad come over for dinner.
No, thanks, I don't want targeted ads. I don't want ads at all. Give me a big, giant catalog and fsck off. When there's something I want, I'll go find it. Until then I'll continue to buy from companies who don't go out of their way to profile me.
Let me get this straight. In the fifties, NASA calculated these trajectories by hand with a slide rule. Today, these same problems require supercomputers. Sorry guy, the math that you seem to believe is so complicated is called calculus, and doesn't require a supercomputer. It doesn't even require a calculator.
Earlier posters have said it better and with more wit than I hope to muster, so to Mr. Adams I'd like to offer a heartfelt thank you. Your writings brightened many lives. You will be missed.
Really? When did God give private corporations rights? I wish He'd come up with some Commandments for them.
I'm not really opposed to technology which prevents illegal copying from happening, provided it doesn't make legal copying impossible. I just want to shine a bit of light on the fact that people have rights. Companies are legal constructs. They have favorable laws, but no rights.
Close analogy, but PCs won't cause you a
crippling injury or physical pain when you poochscrew it as opposed to falling off
Microsoft Bicycle 2001.
That all depends on what the PC is doing. Software, in general, has killed people, and will continue to do so. According to this report, software failure contributed to the crash of an MV-22 Osprey recently, resulting in 4 deaths. You didn't hear about the Windows failure which shut down a navy warship for 2 hours either, I suppose?
One measure I'd like to see is strict liability enforced on closed-source programs.
No weaseling out. The logic would be that since they hold the source secret, their
customers cannot fix any problems themselves, so the publisher must be liable
for all losses.
That presumes that there's a magic wand you can wave to insure that 40,000,000 LOC projects can be made sufficiently bug free. There isn't. If you want strict liability, software houses will just raise prices to cover the added cost. Software won't be less buggy, just more expensive. Besides, it isn't the government's role to wipe your nose for you and demand quality products. If you don't like the buggy crap being pushed by major software companies we know and hate, don't buy them.
Until we can divorce the pursuit of capital from advances in science, we are
doomed to have any advance kepted restained by the barriers of the a
accumulation of that wealth. If at any point, an advancement is deemed to be a
money killer, it will be abandoned. [Napster being a slightly trollish example]
And if we divorce the pursuit of advances in science from the rewards of a capitalist society, who will make those advances? Look at those who are doing it now, and ask how many would have chosen that path had there not been a financial reward? Corporate R&D is profit driven, obviously, and University research is profit driven. Nearly everyone building the society you're so fortunate to live in don't do it out of the goodness of their hearts. They do it because you choose to pay them well to do so.
Yes, the child was being taunted. What nobody understands is that the child did not respond as any societally appropriate person should.
I have to wonder what the societally appropriate reaction to a year of that sort of treatment is. Saying, effectively, "I wish you were dead." strikes me as rather mild. If it were my child, I'd applaud him or her for beating the crap out of them, which is surely a stronger response than saying "If I had a gun, you'd be dead".
If the child was being put through a perpetual hell, why didn't he go to school officials and put an end to it?
Because they really, truly, don't get it. "Everybody gets teased", they say, without understanding there's a line. They simply don't believe the child is being put through perpetual hell. Kids will be kids, right? Its all fun and games until somebody is pushed over the edge, and then its "How dare you fall!"
What is the moral of the lesson? Learn to accept both your own and other people's problems, and then get over
it. When I went to high school with my former persecutors, I promised myself that I wouldn't be bullied or made
fun of. Don't cry out for sympathy if you decide to threaten the lives of others because you don't have the guts to
do something about the situation yourself.
Congratulations. I have to wonder how your experience would have been had you never moved away and your former persecutors, as you call them, had continued to force you into the niche they believed you belonged in. I can assure you, as I'm sure can many others, that its quite different without the break, and its quite different at 16 compared to 10.
Truth is, as children we don't have the basis for rational judgements. You can't subject a child to a year or more of hell and expect him to "Do the Right Thing", when the adults who've been witness to the situation have failed to do the right thing consistently for that year. This 16 year old child, in the heat of the moment and after a year of abuse, did nothing more than say words. He made a statement which might be interpreted as a threat. Might. Personally, I'd send my children into a school filled with Sean Sheeleys without reservation, and certainly ages before I'd subject them to the f*ckwits we all seem to have known so well.
According to Fred Brooks (yes, that Fred Brooks), you shouldn't do it for the money. You'll spend more in tuition and lost income for the years you're in graduate school than you'll regain in increased salary. His suggestion was to get a PhD in Comp Sci if you can't bear the idea of not getting a PhD in Comp Sci. IOW, do it if you love it and are willing to take the hit in lifetime income.
Back to the children real quick. Who defines what abuse is? I'm not talking about
physical injury. If I decide as a parent that my child should be allowed to wath sex
and violence, that's my right as a parent. It's an ethical decision that I make. And
it's not for anyone else to butt in.
Who is exactly the question I'm posing. I don't want it to be Uncle Sam (or your national equivalent, wherever you are), nor do I accept that children are absolutely subject to the potentially destructive whims of their parents. If you're vigorously applying a baseball bat to your child, I think that child has a right to be protected from you. I am choosing to examine physical injury because it provides a concrete example where I suspect many people would say "Yes, we as a society (but not as a governmental ruling class) should act to stop that." It establishes, for me, that there is a line to be drawn, that contributing 23 chromosomes to the kid doesn't give you the right to harm or destroy it. You and I have rights, but so do our kids.
The only one who have a right to fight for the children are the parents of those
children.
I tend to agree, but for the nagging case of parents who abuse their children. I'm deeply opposed to setting the government above parents, but also deeply opposed to standing by while children are abused, injured, or killed by their parents. That's the problem with generalizations. There's almost always an exception.
US will have to accept that the rest of the world will not accept spying on them.
And the US doesn't accept the rest of the world spying on them, but that doesn't stop the rest of the world, now does it? We all spy, to the best of our ability, on each other. This is not news. And sure, if a Chinese spyplane appeared 60 miles away from Seattle or N.Y., I'm sure it'd get a U.S. sponsored fighter escort, but I don't think we'd deliberately bring it down.
Slashdot Mirror
Don't let these attempts slide by believing they won't seriously impinge on your freedom. They do. They will.
No, you don't. 50,000 encryptions is ridiculous in the extreme. We have *single* algorithms now which have been exposed to detailed cryptanalysis and remain unbroken. Additional encryption increases the cost of encryption, but doesn't necessarily increase the security, and certainly not as much as you'd like. 3DES, for example, has 168 bits of key but only 112 bits of strength.
You assume, incorrectly, that I need to duplicate your algorithm to duplicate your result, which is incorrect. To simplify, if your algorithm is ROT13 five times, I'll do just fine to ROT13 once. Multiple encryption is nothing more than a more complicated algorithm with a longer key. You now need to deal with 200,000+ bit keys with your 50k encryptions. If you use the same key, it's just a more complicated, but not necessarily more secure, algorithm. It *might* be stronger, but the cryptographic landscape is littered with algorithms and methods which once upon a time *might* have been stronger.
Go ahead and roll your own. Just don't be surprised when its broken. Certainly don't expect anyone who actually wants to keep their data secure to use it.
Call it a pet peeve of mine, but its rather important to be able to say what you mean. This statement is equivalent to "No software can be developed open source." I suspect the author (of the book, not the review) intended to convey "Some software can't be developed open source." We should really take a moment to be sure we're saying what we intend to say.
We don't know, and never will. Due to the way our electoral system works, we don't count all the votes. In most cases, you win all or none of a state (exceptions being states where you win all or none of a district). If A gets 3,000,000 votes and B gets 2,000,000 votes, there's no need to count the last 500,000 votes because they aren't going to change the result in any case. Even assuming Gore won the popular vote, that doesn't change who the elected president is.
No, it was plainly obvious that the Supreme Court upheld the Constitution. Florida has the right to determine how it will cast its vote for president. It does not have the right to change its mind after the fact. This fact is not dependent on how many people are upset that their guy didn't win.
That's true, it isn't that hard, although based on your post I'd say you're not going to be writing anything resistant to serious cryptanalysis any time soon.
The important point that you've entirely failed to make is that when commercial crypto is backdoored, terrorists won't use commercial encryption. They'll write their own. Those who think they don't have the necessary skills probably would have thought they couldn't fly 767s either. Even if they don't have the skills, they have the money to buy the skills.
Backdooring commercial crypto will do nothing but insure that the data we really want to see will only be transmitted on noncommercial encryption. While I understand the motivation, this is a naive course. We must not give away our freedom to private communication, most especially when the benefit will be very nearly zero.
And what, exactly, do you base this on? Which nation has "defeated" terrorism by doing nothing? Or is this perhaps nothing more than your arbitrarily fabricated theory?
Nearly all of us need to sit back and admit we have no information or basis to decide what the right response is. These terrorists aren't misbehaving children. Pretending they are is dangerous beyond measure.
The same point applies. How many people are going to be flaming jackasses when they know the other 100+ passengers will render them into hamburger if they present a clear risk to the health and safety of the passengers on the flight.
I can just imagine a scenario where you get the talk about floating across the Atlantic on your seat cushion in the event of a crash. Oh, and each of you has a loaded Glock under your seat. In the event of a hijacking, you're urged in the strongest terms to shoot to kill.
Who's going to hijack a plane like that? Who's going to assault the flight crew? Very, very few, and never the same person twice.
Now of course I don't suggest we do this, but armed personnel on the plane is hardly a bad idea. In fact, we did it for many years. They're called Air Marshalls and they were specifically trained for combat in the confined space of an airline cabin. Its sad we need something like this to make people understand that guns are primarily tools of protection.
I did however, get a big laugh the year it was implemented when I picked up a copy of the school paper. The cover story was about the new laptop initialitive and featured a picture (from behind) of a student in class during a lecture...playing solitaire.
$12,000,000 so students can goof off and ignore the lectures. Way to go, guys. I'm sure 12 year olds will be so much more responsible than 18 year olds.
No data like this can safely be used as an authenticator. You possibly use it as a unique identifier, but knowledge of it proves absolutely nothing. Nor does knowledge of mother's maiden name or any of the other items negligent companies ask for "for security purposes". Oh, good, now I can only be defrauded by family, close friends, or anyone who can be bothered to piece together the few bits of information needed to defeat this.
Nope, sorry, it goes like this:
Go to store
Exchange money for software
Go home
Open box
Exchange rights for...nothing?
Which is where UCITA comes in. It legitimizes this non-transaction.
I've remembered up to 20 or so at a time that were in the "random pronouncable" category (application generated). 10 or so of the "truly random" category work fine, too.
Of course, I have to admit there have been times I had no idea what the passwords actually were. I just knew how to type them. :) There was even one occasion, early in my SA career where I had to give the password to someone who had paged me (yes, I knew absolutely who he was). I called back from a pay phone, and on finding out what he needed to do, told him I'd have to call him back from somewhere with a keyboard. :P
Companies don't have first amendment rights. Companies don't have rights at all. Rights are for people. We've so much abused and diluted the word that it has become meaningless.
Harry Browne's position, as I recall, was that while he, personally, was pro life, he didn't support a federal ban on it because restricting abortion isn't a power granted to the Federal government. Without making a judgement on abortion either way (I *do* have my opinion, though), its nice to see a candidate for Federal office who recognized that election doesn't mean blanket power to do whatever you damn well please. If only Bush, Clinton, McCain, Kennedy, Daschle, and friends would realize the same thing, we'd be much better off.
It is a bad thing if it is used to manipulate kids to hassle their parents to buy the plastic crap put out by major toy manufacturers. I know from my own kids that they're a sucker for any ad. They want one of everything. Abusing that is immoral, and as a parent, I want a way to opt out.
It is a bad thing if it is indiscriminate and indiscreet. How do you prevent ads for Dad's products, which might be inappropriate for kids, from showing up during Junior's TV viewing. After 11pm? My kids, sadly, follow my schedule, and sometimes don't go to bed until 3 to 5 am. Perhaps you're a single guy who does order pay-per-view porn at all hours. The ads are fine until the day mom and dad come over for dinner.
No, thanks, I don't want targeted ads. I don't want ads at all. Give me a big, giant catalog and fsck off. When there's something I want, I'll go find it. Until then I'll continue to buy from companies who don't go out of their way to profile me.
Let me get this straight. In the fifties, NASA calculated these trajectories by hand with a slide rule. Today, these same problems require supercomputers. Sorry guy, the math that you seem to believe is so complicated is called calculus, and doesn't require a supercomputer. It doesn't even require a calculator.
Earlier posters have said it better and with more wit than I hope to muster, so to Mr. Adams I'd like to offer a heartfelt thank you. Your writings brightened many lives. You will be missed.
I'm not really opposed to technology which prevents illegal copying from happening, provided it doesn't make legal copying impossible. I just want to shine a bit of light on the fact that people have rights. Companies are legal constructs. They have favorable laws, but no rights.
Truth is, as children we don't have the basis for rational judgements. You can't subject a child to a year or more of hell and expect him to "Do the Right Thing", when the adults who've been witness to the situation have failed to do the right thing consistently for that year. This 16 year old child, in the heat of the moment and after a year of abuse, did nothing more than say words. He made a statement which might be interpreted as a threat. Might. Personally, I'd send my children into a school filled with Sean Sheeleys without reservation, and certainly ages before I'd subject them to the f*ckwits we all seem to have known so well.
According to Fred Brooks (yes, that Fred Brooks), you shouldn't do it for the money. You'll spend more in tuition and lost income for the years you're in graduate school than you'll regain in increased salary. His suggestion was to get a PhD in Comp Sci if you can't bear the idea of not getting a PhD in Comp Sci. IOW, do it if you love it and are willing to take the hit in lifetime income.