Just when I thought that the USB architecture had it right.
First, a story about how a new biometric device is more secure...except that it could be disconnected from the computer. Then there were several comments about the ease of access to the PS/2 port's hardware address, for trojans to sniff. (1, 2, 3)
Now USB is looking at going P2P. That's not a good idea, since even switched networks can be confused by ARP cache poisoning. (Which there surely would be an analog to in any switched P2P network)
Finally, there's a convenience involved in various devices on the USB tree not being able to communicate with each other without relaying through the computer.
Sigh...Sarcasm on Slashdot...The world's best accidental trolling device.
Re:Portion of Internet's data
on
RC5-64 Success
·
· Score: 2
Out of curiosity, what happens when a winner(or false positive) is found? Does the client return the key, or just the fact that the key was found in that block?
Those numbers don't add up. If, however, I change 2TB/day to 2TB/sec:
105GKeys/sec * 8 bytes/key / 2TB/sec * 100% = 41% of the Internet's traffic.
There's gotta be something a bit off here...My mind just doesn't want to register that almost half of the internet's bandwidth is part of a massive computer cluster.
The only portion of the Internet that depends on a central authority, IIRC, is DNS.
But DNS isn't the Internet.
DNS is just an extension to the 'Net, added on later to make URLs easier to understand. Besides, who says we OSS'ers can't come up with, and implement, a better system?
The problem with the Internet that I see, now, is the fact that you need manual effort to fix things like routing issues. Anyone remember about three or four years back when two routers in Florida each thought the other one was the destination for all their incoming connections?
It wouldn't have been so bad if they hadn't told all the other routers in the world that they were where all connections needed to go.
Then there's also the fact that most of Michigan looses its internet connection whenever Chicago has problems. The very nature of hubs make them weak points in the Internet infrastructure.
I like GNU. I like what they stand for. (even if I don't completely agree with it.)
But you have a point. (And someone should mod you "+1 Insightful") Jeez...to continue this post, I'll get modded to -4, Flaimbait. Oh well.
I've noticed that both Microsoft and GNU use "subversive" techniques. Only OSS'ers ever pay attention, though. When Microsoft lies or spreads FUD, (for example, Ballmer is just a front for their hard-core followers and people who believe anything, as long as it's said forcefully) everyone (including myself) in the OSS community cries foul, and we get to see good ol- BillBorg on the main page of Slashdot.
When GNU uses a subversive techniques (like claiming that certain questions are "frequently asked"), most OSS'ers see through it, and the rest figure it out reading Slashdot. But nobody really gives a damn because of the "everybody knows" attitude towards RMS's obsessive tendencies.
I'm not going to go so far as call it "hypocritical," but I can come pretty close. Rather, it's "inevitable" that knowledgable followers/supporters (of any institution) ignore the misdeeds of their leaders. (Anybody remember the "It's nobody's business" attitude about President Clinton?)
They're still leaving the door way open for running different types of servers.
I'm rather impressed at the prompt response of a major player at the DOI. What with all the requests for press he's probably getting, he appears to have a great deal of store set in relatively private "public relations."
Could someone give good, logical reasons? I'm seriously all ears.
Gov't spending my tax dollars on the most expensive software available.
Maybe the EFF should do an awareness campaign to government departments?? Not bombard the poor department heads like most lobbyists. Just fax them (god, not all you slashdot people, though. <shudder!>) some Ph.D's recent report on the advantages of using open source software. Let them recognize the benefits for themselves, so we can let them argue with congress.
Don't send anything to Congress. There aren't enough of us for a grass-roots operation, and we don't have enough money to lobby them "properly."
Sending it to the department head has two advantages: First, you don't have to get through the Senators' and congressmen's screeners. Second, the legislative person will receive a copy of the report, directly, from people they respect more than your average 16-year-old writing a letter.
I'll probably make a link to this post for my sig.
The whole idea behind the system is that it can't be emulated by a computer. By using reality's (nearly) infinite precision, they've attempted to make it impossible for you to model any given card in, say, POV-RAY.
That makes it like PGP keys and SSH. I have to assume it's the server I want, the first time I connect. I store their public key, for future verification.
The same goes with these cardkeys. I have to assume it's the cardkey(easy assumption), and then I store the "public key" of the key. Namely, what the key surface looks like when illuminated from one specific angle, and viewed from another specific angle. The biggest thing about cardkeys, aside from the fact that they're physical objects, is that there's an infinite number of "public" keys.
Therefore, my "simple crack" depends on the fake cardkey being illuminated and viewed from the angle pair it's programmed to mimic.
(God, I love that word. "cardkey" Don't know if anyone said it before I did, though.:)
If they're smart. However, it's common knowledge that many (most?) tech administrators (especially the newbies) don't give a damn how secure their system is, as long as the boss isn't complaining. If it's more complex than an mechanical or electronic door lock, all the store managers I've met will have one of their employees take care of it.
A couple of resulting scenarios:
Fashion store tech clerk controls the code pairs for the store's cardreaders. He's been working there for two years under an assumed name. Now he sells the list of code pairs to the highest bidder.
Or
Privately held maintanence firm administers cardreaders for three different local banks. They don't know it, but their computer storing the code pairs was cracked last week, using a backdoor in Palladium. In Taiwan, counterfeit cardkey production has just stepped up.
The US government now requires that the positioning and structure of cardkeys be meticulously recorded and reported to them. Bankrollee passes on the information to a drug ring, or the Mafia. Two years later, there's a feature on NPR about how Americans are saving less and less in their bank accounts. A few voices claim that their banks are stealing money from their accounts.
If you know the motion pattern of the scanner, and can reproduce the same motion in a scanner of your own, scanning the victim's card, you can "easily" create a copy of the card. All of the supporting technology exists today.
Scan your victim's card, and record the pattern you see.
Place the recording on a similarly-sized device with any type of display. (LCD, LED, anything that can be powered by a small solar panel) "Cheap" copies targeted against "cheap" scanners won't need backlighting for the display.
Make sure the card-sized device has a solar panel on it that will be able to power the display and the supporting IC that controls the display.
When the illuminator turns on, the card has power. The card then immediately starts playing back the stored video, mimicking what the scanner would see had it been the real thing.
This assumes, however, that the scanner has only one "eyepiece." Camoflaging (sp) the card so it looks real to the human observer would probably be difficult.
..It can easily adapt and grow with new hardware and new architectures.
Microsoft has been dependant on Intel for a long time. Their one foray into another architecture (WinNT for the Alpha) was just a proof-of-concept, and didn't go anywhere, IIRC.
The Linux kernel covers several architectures. SGI, x86, Alpha, PPC, and StrongARM are just a few.
It's really nice to finally see a real, immediate threat to Microsoft's dominance. Apple and IBM have enough revenue to run a massive advertising campaign. Even if it just involves OS-X, it'll still produce a large shift away from Microsoft's domain.
I tried to imply that IE was "free" by saying it "started the tradition." Oh well.:)
IE was released as free because Netscape owned the market. People started grabbing IE quickly. That's the primary reason, IMO, that IE has such a large market share.
Netscape started giving away their browser, but it was too late. I don't know how they've managed to survive.
Then Microsoft started bundling IE with Windows, giving them enough leverage to start adding their own features to web pages. It must have been pride that kept Netscape from copying the features IE started providing. I can't decide why Microsoft didn't copy things like the <blink> tag.
Then the browser war started, with each side too indignant to do anything but look for problems with the other's browser. Netscape wasn't able to force Microsoft to play fair(via court rulings...where it became common knowledge that IE is integrated into the OS.), so new users just used what came with their computers, which happened to be IE.
I answer the phone at a small ISP. That means I sign up new customers, and fix problems for old ones. 9 out of 10 new users say they want to use IE. The other 1 usually doesn't want to take the time to download Netscape over their 56k modem.
It's really disheartening. Personally, I want to see some sort of criminal ruling against Microsoft. That'll get enough press to make people think about alternatives.
What makes someone a member of a corporation? A contract? NDAs fall under that description. (IANAL)
As for closing the loophole being a Bad Thing, I agree completely. It just doesn't make sense to create a contract that can't be enforced. It's just lawyer food.
(How can you prove they're using Affero-licensed software? You can't...Any more than I know what brand printer my teacher uses to produce his assignments.)
I can think of thou--er...several bugs in IE, starting with the first by--er...starting with Microsoft's unwillingness to deal with the issue unless it was getting bad press.
Slashdot Mirror
The REALLY cool use will be when people pack one of these in their car.
"Funny...I don't remember Ventura Highway having Wireless access..."
And I'd hate to be those Secret Service guys sniffing out insecure networks in D.C. <shudder>
Just when I thought that the USB architecture had it right.
First, a story about how a new biometric device is more secure...except that it could be disconnected from the computer. Then there were several comments about the ease of access to the PS/2 port's hardware address, for trojans to sniff. (1, 2, 3)
Now USB is looking at going P2P. That's not a good idea, since even switched networks can be confused by ARP cache poisoning. (Which there surely would be an analog to in any switched P2P network)
Well yeah.
Finally, there's a convenience involved in various devices on the USB tree not being able to communicate with each other without relaying through the computer.
That was his point.
Sigh...Sarcasm on Slashdot...The world's best accidental trolling device.
Out of curiosity, what happens when a winner(or false positive) is found? Does the client return the key, or just the fact that the key was found in that block?
Run Win2000 in VMWare under Linux.
Or run Linux in VMWare under Win2000.
Wait a second...didn't I just see an article on Slashdot about how the Internet transfers about 2 TB of data per day?
105GKeys/sec * 8 bytes/key / 2TB/day * 86,400 sec/day * 100% = 35,437.5%
Those numbers don't add up. If, however, I change 2TB/day to 2TB/sec:
105GKeys/sec * 8 bytes/key / 2TB/sec * 100% = 41% of the Internet's traffic.
There's gotta be something a bit off here...My mind just doesn't want to register that almost half of the internet's bandwidth is part of a massive computer cluster.
The only portion of the Internet that depends on a central authority, IIRC, is DNS.
But DNS isn't the Internet.
DNS is just an extension to the 'Net, added on later to make URLs easier to understand. Besides, who says we OSS'ers can't come up with, and implement, a better system?
The problem with the Internet that I see, now, is the fact that you need manual effort to fix things like routing issues. Anyone remember about three or four years back when two routers in Florida each thought the other one was the destination for all their incoming connections?
It wouldn't have been so bad if they hadn't told all the other routers in the world that they were where all connections needed to go.
Then there's also the fact that most of Michigan looses its internet connection whenever Chicago has problems. The very nature of hubs make them weak points in the Internet infrastructure.
I like GNU. I like what they stand for. (even if I don't completely agree with it.)
:)
But you have a point. (And someone should mod you "+1 Insightful") Jeez...to continue this post, I'll get modded to -4, Flaimbait. Oh well.
I've noticed that both Microsoft and GNU use "subversive" techniques. Only OSS'ers ever pay attention, though. When Microsoft lies or spreads FUD, (for example, Ballmer is just a front for their hard-core followers and people who believe anything, as long as it's said forcefully) everyone (including myself) in the OSS community cries foul, and we get to see good ol- BillBorg on the main page of Slashdot.
When GNU uses a subversive techniques (like claiming that certain questions are "frequently asked"), most OSS'ers see through it, and the rest figure it out reading Slashdot. But nobody really gives a damn because of the "everybody knows" attitude towards RMS's obsessive tendencies.
I'm not going to go so far as call it "hypocritical," but I can come pretty close. Rather, it's "inevitable" that knowledgable followers/supporters (of any institution) ignore the misdeeds of their leaders. (Anybody remember the "It's nobody's business" attitude about President Clinton?)
Frankly, I figure everybody already knows.
Even if we realize that nobody else cares, what difference does it make?
We still disagree vehemently with what they do, and that's the first step at changing it.
(And just to clarify your point)
That's "at the user level."
They're still leaving the door way open for running different types of servers.
I'm rather impressed at the prompt response of a major player at the DOI. What with all the requests for press he's probably getting, he appears to have a great deal of store set in relatively private "public relations."
Could someone give good, logical reasons? I'm seriously all ears.
On the other hand...there is the frequently-seen "neighborhood watch" option. :P
Does my family get paid compensation if I get gunned down while searching?
This is big business...with only slightly more positive moral compunctions than drugs.
Gov't spending my tax dollars on the most expensive software available.
Maybe the EFF should do an awareness campaign to government departments?? Not bombard the poor department heads like most lobbyists. Just fax them (god, not all you slashdot people, though. <shudder!>) some Ph.D's recent report on the advantages of using open source software. Let them recognize the benefits for themselves, so we can let them argue with congress.
Don't send anything to Congress. There aren't enough of us for a grass-roots operation, and we don't have enough money to lobby them "properly."
Sending it to the department head has two advantages: First, you don't have to get through the Senators' and congressmen's screeners. Second, the legislative person will receive a copy of the report, directly, from people they respect more than your average 16-year-old writing a letter.
I'll probably make a link to this post for my sig.
The whole idea behind the system is that it can't be emulated by a computer. By using reality's (nearly) infinite precision, they've attempted to make it impossible for you to model any given card in, say, POV-RAY.
:)
That makes it like PGP keys and SSH. I have to assume it's the server I want, the first time I connect. I store their public key, for future verification.
The same goes with these cardkeys. I have to assume it's the cardkey(easy assumption), and then I store the "public key" of the key. Namely, what the key surface looks like when illuminated from one specific angle, and viewed from another specific angle. The biggest thing about cardkeys, aside from the fact that they're physical objects, is that there's an infinite number of "public" keys.
Therefore, my "simple crack" depends on the fake cardkey being illuminated and viewed from the angle pair it's programmed to mimic.
(God, I love that word. "cardkey" Don't know if anyone said it before I did, though.
Indeed. there's a reason you'll see "This building covered by closed circuit television."
It means it can't be jammed or overpowered.
Just thinking about the wife ten years from now discovering porno among my old security tapes...<shudder>.
A couple of resulting scenarios:
Or
I need to use my computer. It's an addiction. I'll only start running on a treadmill if I can get a hand-mounted keyboard.
If you know the motion pattern of the scanner, and can reproduce the same motion in a scanner of your own, scanning the victim's card, you can "easily" create a copy of the card. All of the supporting technology exists today.
Scan your victim's card, and record the pattern you see.
Place the recording on a similarly-sized device with any type of display. (LCD, LED, anything that can be powered by a small solar panel) "Cheap" copies targeted against "cheap" scanners won't need backlighting for the display.
Make sure the card-sized device has a solar panel on it that will be able to power the display and the supporting IC that controls the display.
When the illuminator turns on, the card has power. The card then immediately starts playing back the stored video, mimicking what the scanner would see had it been the real thing.
This assumes, however, that the scanner has only one "eyepiece." Camoflaging (sp) the card so it looks real to the human observer would probably be difficult.
Just remember that OS X has been in concurrent development for use under x86.
..It can easily adapt and grow with new hardware and new architectures.
Microsoft has been dependant on Intel for a long time. Their one foray into another architecture (WinNT for the Alpha) was just a proof-of-concept, and didn't go anywhere, IIRC.
The Linux kernel covers several architectures. SGI, x86, Alpha, PPC, and StrongARM are just a few.
It's really nice to finally see a real, immediate threat to Microsoft's dominance. Apple and IBM have enough revenue to run a massive advertising campaign. Even if it just involves OS-X, it'll still produce a large shift away from Microsoft's domain.
I tried to imply that IE was "free" by saying it "started the tradition." Oh well. :)
IE was released as free because Netscape owned the market. People started grabbing IE quickly. That's the primary reason, IMO, that IE has such a large market share.
Netscape started giving away their browser, but it was too late. I don't know how they've managed to survive.
Then Microsoft started bundling IE with Windows, giving them enough leverage to start adding their own features to web pages. It must have been pride that kept Netscape from copying the features IE started providing. I can't decide why Microsoft didn't copy things like the <blink> tag.
Then the browser war started, with each side too indignant to do anything but look for problems with the other's browser. Netscape wasn't able to force Microsoft to play fair(via court rulings...where it became common knowledge that IE is integrated into the OS.), so new users just used what came with their computers, which happened to be IE.
I answer the phone at a small ISP. That means I sign up new customers, and fix problems for old ones. 9 out of 10 new users say they want to use IE. The other 1 usually doesn't want to take the time to download Netscape over their 56k modem.
It's really disheartening. Personally, I want to see some sort of criminal ruling against Microsoft. That'll get enough press to make people think about alternatives.
I can't think of anything else that'll solve it.
What makes someone a member of a corporation? A contract? NDAs fall under that description. (IANAL)
As for closing the loophole being a Bad Thing, I agree completely. It just doesn't make sense to create a contract that can't be enforced. It's just lawyer food.
(How can you prove they're using Affero-licensed software? You can't...Any more than I know what brand printer my teacher uses to produce his assignments.)
That's why they said "No known security bugs"
Which is still an enviable record.
I can think of thou--er...several bugs in IE, starting with the first by--er...starting with Microsoft's unwillingness to deal with the issue unless it was getting bad press.