Interesting. This is something like what I was asking about in my later reply ("The Right way to Store Keys") - I assumed you would want bio-metric corroboration to prevent someone from swiping one of your ibuttons (or whatever) Anyway, is all the support software open source and are all tech specs available for the ibutton?
It would seem the real solution would be to do away with the passphrase and create the private key based on biometric (fingerprint, retina scan, DNA sequence, etc) data. Of course, then, your key is only as secure as your finger, eye, blood, etc. (On second thought, DNA is way too easy to come by, let's scratch that one off the list....)
The concept is called "shocking nonsense" - something containing gross, obscene, or otherwise extreme and improbable juxtapositions of ideas. The example they give is: "Mollusks peck my galloping genitals." (No, really - I'm not making this up!) The idea is that the emotional impact of the phrase itself makes it unlikely that an outside individual would ever guess it.
I don't think dictionary attacks are subject to emotional impact.
One point you are missing: to use an encryption key, at some point it has to travel around the computer in the clear -- and apparently organizations like the CIA can pick that up from an antenna across the street, if for some reason they put their best people and equipment on it.
Not to dispel any paranoia here, but I believe you're talking of Tempest. If that's the case, then (subject to my memory, of course) it only has the ability to show what's on your screen--not pick up data bits being shuffled to your RAM and/or hard drive. Think of it as a wireless VNC viewer, with no ability to control. In that case, it's not so easy to grab your private key.
Who watches them? Other watchers who are wactched by other watchers etcetra for ever. Eventually, there will be so many watchers, _I_ will be one of them, and I will be watching so many other watchers, I'll know what they're doing.
I think you may have it backwards. You're operating on an inverse pyramid, when the true nature of the beast would be a normal pyramid. Translation: lot of watchers at the bottom, but very few at the top. Therefore, your odds of being above other watchers is very slim.
NT is not any fun anymore.
Dos boot disk with Mount NTFS on it and any file on your computer is mine!!
Well, I could just disable booting from the floppy. Or, remove the floppy altogether, for that matter (who the hell uses floppies anymore, anyway?).
But, an even better idea would be to use Win2K's Encrypted File System to encrypt the files I needed to be secure from your peekings. I don't believe MountNTFS can overcome that...though unfortunately, my Enterprise Admin can.
worked...not work. I'm sure a helluva lot of people--yes, even on/.--have had the dubious pleasure of slinging burgers and fries at one point in their lives.
Shyster
Posting AC so as not to trip up the flow for those folks browsing at 1.
It is also possible to throw a lit match into a bucket of gasoline and it go out. It's just a matter of the gasoline having sit long enough for the vapor to disipate. Gasoline vapor is explosive, gasoline liquid not so much. But I'm just nitpicking. Also, I've not tried this, just heard about it. If you have scorched eyebrows tomorrow, don't blame me!
I've put cigarrettes out in both gasoline and lighter fluid, and have never had any harm come to me. True, however, tht gasoline vapor is pretty flammable....
Off topic aside: how many people does it annoy when an 18-wheeler (diesel-powered) explodes all to hell in the movies (non-combustible except under compression...)?
Thing is, my car requires 93 or 94 octane, what would I be able to use instead? Bacon grease?
If you're using 93+ octane (and your car actually requires it), I suspect you will be severely dissapointed with performance after switching to soybean oil....OTOH, for you, it'd probably save you money, since 93+ is often 25+% higher than 87 octane (at least in my area).
[Decriminalizing pot is]...going to be a hard sell to society while pot (ab)use is so high in some areas that it sometimes seems almost as socially disasterous as alcohol.
And yet what would happen if you tried to criminalize alcohol?
I had the same warning in the manual of my bike (a Honda VT500). They provided an explanation as well: rubber tubing used in the engine would corrode.
I am not a mechanic, so mechanically inclined posters are free to elaborate.
Rubber products in the engine (seals and gaskets seperating oil from gasoline from antifreeze, for instance) would definitely dry out and leak. I'm sure this isn't a show stopping problem, however, since it's relatively easy to replace the gaskets with something immune to alcohol.
The other problem, however, is that ethanol at least (not sure on other types of alcohol, but I suspect it's similar) burns a lot hotter than gasoline, and could literally blow your engine apart. A lot (all?) of the high end drag cars run on pure ethanol, but have to use specially hardened pistons and crankshafts and whatnot to withstand the pressure. Oh yeah, and they go thru a complete rebuild after every event. Not exactly consumer-friendly, eh?
Can you imagine the majority of cars in Los Angeles (or some such city) converting to Soybean oil, and having the stench of McDonalds fries replace smog?
Has anybody ever worked in a fast-food restauraunt? Within a half-hour, your entire body is coated in grease. When you get home, every single piece of clothing you wore smells like old grease. No amount of washing will ever get rid of the smell. Believe me...this is not something we want to promote before they've dealt with this problem.....
It is funny. When an attacker illegally slips past security mechanims to retrieve someone elses data it is "because information wants to be free." When an agent of the "government" illegally obtains information, or a corperation quietly accumulates information it is "an invasion of privacy that must be stopped!"
we are all hypocrites
I don't think it's all that black and white. First off, neither the government or a corporation (and this is something people and politicians tend to forget) is a person. They have no rights. They only exist (in theory) because the people allow them to. They only exist because they benefit the people.
Secondly, is the aspect of what is done with that information. If information was free, then there would be no reason to sell and trade my personal information between companies. That annoys me that companies make a profit off of my information. Natural persons don't tend to make a profit off of information....and those that proclaim information wants to be free rarely do. Corporations almost always make a profit off of information, and seek to restrict that information in order to make it more valuable. If I try to restrict my home phone number from being freely available, it's not to make it more valuable, it's to protect my privacy. Totally different motives.
The government, of course, is a special case. They are restricted in their methods because they have an awesome responsibilty to the people. Unfortunately, our (the US) government seems to have forgotten this long ago, and feel that the people serve the government. And besides, the government usually illegally collects information in order to arrest people who think information should be free.
Well, they obviously had to edit the results out becuase of the 1,909,809,200,345,543 references to hand(job) and blow(job). It is Usenet, after all...
And I was having a chat with an AI researcher friend of mine. It turns out that they are doing something just like the matrix to slug brains. They have very very few neurons, so it's pretty easy to hook them up to a simulated body and they are happy and stuff.
The slugs are happy? How is a slug happy? How can you tell if a slug is happy? Do they simply feed it VR of it avoiding salt and pounding footsteps? Or perhaps of becoming a super slug and eating McDonald's french fries with impunity?
Thank you...if I had moderator points, I'd rate this as as +1 Insightful. I hated the Matrix, and not because it's "philosphical questions" went over my head. Because it was a bad movie that did nothing to raise any interesting questions, for me at least. You have finally put into words what I have felt for so long. Thank you, thank you, thank you.
He focuses the whole review on Reeves and ignores all of the genius in the movie's plot and the great acting by Laurence Fishburne. Looking at this guy's bio, he blames Hollywood for selling out. I don't think anyone with an anti-establishment attitude can not like the Matrix. Sounds to me like he adopted that atitude as a front to sound like a hip movie reviewer. Too bad he's a moron.
Wht genius was in The Matrix's plot? That life is all a VR stunt? Granted, with better execution (which I saw on a made for TV movie, for chrissakes!), that plot is workable--but hardly genius. The Matrix might have made a decent book, but the movie was horrendous. I'm as anti-establisment as they come, but that movie really rubs me the wrong way. Bad acting, disjointed editing/directing, and just plain silly to boot. There were some interesting special effects scenes, but Chow Yun-Fat's movies have those too, and they suck as well.
The Matrix was entirely -1 Overrated, and no more "genius" than the Truman Show.
Then again, I despise comic books and anime as well, so maybe I'm just off the/. party line on this one....
A lot of technology in movies is enhanced in this way to conform to movie logic instead of real world logic. I recently watched the James Bond movie "Goldeneye", in which the characters use some super e-mail/chat program that shows a little cartoon icon of whoever is writing. This struck me as being a bit silly (although not impossible this time), but it is the same idea in action.
I actually don't remember that part of the movie, but there is a program called ComicChat that was put out by MS that uses comic strip characters....I just can't see super-suave 007 using it, though. =)
And as a suggestion, change the ID to the computer's MAC address. These things change a lot less frequently [How often does a hardware hacker completely change his ethernet card? Not often.])
MAC addresses can and are faked. Never rely on them for bulletproof security.
According to the (now-defunct) Winmag.com's Insider column (Google cache), the Product Activation will be unaffected by "minor" upgrades. Changing of a motherboard, BIOS chip (I assume flashing the BIOS to a new revision would be OK) or (perhaps?) the CPU could affect it.
Microsoft's FAQ on the subject is a little more vague, specifying only that "It is able to tolerate a certain degree of change in a hardware configuration so that users can change their hardware without having to reactivate the product. If the user completely overhauls the hardware, then activation may be required again, which would take place by telephone." What is a complete overhaul? I'm not sure...I've overhauled my engine before, but not my computer.
Volume licenses should be unaffected, OEM licenses may or may not be, retail definitely will be.
The EULA in Office (apparently) states that the primary user of Office on a desktop may install on a laptop computer for exclusive use. You would get an activation code for that laptop the same way. Windows (retail and OEM) and OEM licenses of Office only allow for a single installed copy.
Office may be reinstalled as many times as necessary on the same machine without a different activation code...but a reformat may require a new code. The FAQ only states that Windows can be installed as many times as necessary on the same machine, but does not say if a reformat (which is really the only way to install Windows properly) would require a new code...I'd guess it wouldn't, however.
All in all, this may actually be a good thing for small corporate customers (those not on the Volume Licensing programs, anyway). Remember those Slashdot stories about small governments and corps being confused on MS licenses? Well, now there's no excuse. If you've got a code for the HW, then you're legal. SPA Audits may become a thing of the past.
As for Windows warez and those that are admitted pirates, we'll just have to wait until some enterprising coder cracks it and links it to Astalavista and bypass it. Shouldn't be any more of an annoyance than other copy protection schemes have been, hopefully.
Why does it seem that Microsoft routinely ignores glaringly obvious security concerns in favor of "convenience"-related features? Is this a false impression, and if so, why is that the impression so many security professionals form when confronted with the history of security in Microsoft products?
No, that is not a false impression. "We have always made an effort to provide highly functional software that makes the user experience as intuitive as possible." Translation: we consciously choose/chose intuitiveness over security (remember that for 90% of Windows users, right clicking and saving an attachment is not intuitive). He then goes on to say that Microsoft is becoming more conscious to security concerns, and are defaulting to some more secure settings to comabt email virii/worms.
Well, apart from question 8 the answers were mostly consistent. But did anyone else notice that Q8 (and the immediately preceeding statements in Q7) were inconsistent?
I think he should have answered Q7 as "We like to think of ourselves as customer focused, and indeed we are where that doesn't interfere with our first priority which is profitability (or the ability to offer software for profit.)" Or generously, perhaps his answer to Q7 was intended to include software developers as the customers on which Microsoft focuses, in which case the two statements become consistent again.
It certainly isn't driven as a first priority by end-customer needs though...
He may like to think of Microsoft as "customer-focused", but every corporation is, at the end, shareholder focused. The only goal of a corporation is to maximize shareholder wealth. If, by being customer-focused, you can get more sales, then great. Otherwise, you're right...once customer focus gets in the way of the wealth, then you've got to change gears. That's Business 101, and any company who doesn't follow it will fail.
Luckily, Linux isn't a company, but a community. Think of it as a nonprofit, volunteer, organization. Linux has no "shareholders" to answer to, and so can be totally customer driven. (Un?)fortunately, different customers have different needs, and so we end up with fragmentation and different solutions to the same problem...which really shoots talk of standards and interoperability in the foot, don't you think?
Perhaps we should get a grip on standards and interoperability (for applications) within the Linux environment before we trash on Microsoft....After all, they are just doing what comes naturally--maximizing shareholder's wealth.
Now, MIT is known for having produced some very bright people. Going there means you are educated by some very bright teachers. Getting a degree there means you are quite something.
MIT is known for accepting some very bright people who flourish in the unique environment there, and go on to do wonderful things.
MIT is an anomaly in higher education, IMHO. Most universities offer no more of an educational experience than a week at the library could give you. Of course, there are a few rewarding professors that you'll come in contact with, and perhaps learn from, but they are few and far between.
Of course, if you're involved in research, then the rules change. You are likely to benefit from the university atmosphere, because it's a non-profit organization, thereby relieving your research of any major commercial motives. Also, you will get to work with other professors and students who are passionate about research. And, of course, let's not forget the amazing amount of funding directed to "research" institutions (funded in part, incidentally, by those same people who you seem to disdain because they are looking for technical training).
Slashdot Mirror
It would seem the real solution would be to do away with the passphrase and create the private key based on biometric (fingerprint, retina scan, DNA sequence, etc) data. Of course, then, your key is only as secure as your finger, eye, blood, etc. (On second thought, DNA is way too easy to come by, let's scratch that one off the list....)
I don't think dictionary attacks are subject to emotional impact.
Not to dispel any paranoia here, but I believe you're talking of Tempest. If that's the case, then (subject to my memory, of course) it only has the ability to show what's on your screen--not pick up data bits being shuffled to your RAM and/or hard drive. Think of it as a wireless VNC viewer, with no ability to control. In that case, it's not so easy to grab your private key.
I think you may have it backwards. You're operating on an inverse pyramid, when the true nature of the beast would be a normal pyramid. Translation: lot of watchers at the bottom, but very few at the top. Therefore, your odds of being above other watchers is very slim.
Well, I could just disable booting from the floppy. Or, remove the floppy altogether, for that matter (who the hell uses floppies anymore, anyway?).
But, an even better idea would be to use Win2K's Encrypted File System to encrypt the files I needed to be secure from your peekings. I don't believe MountNTFS can overcome that...though unfortunately, my Enterprise Admin can.
Shyster
Posting AC so as not to trip up the flow for those folks browsing at 1.
I've put cigarrettes out in both gasoline and lighter fluid, and have never had any harm come to me. True, however, tht gasoline vapor is pretty flammable....
Off topic aside: how many people does it annoy when an 18-wheeler (diesel-powered) explodes all to hell in the movies (non-combustible except under compression...)?
If you're using 93+ octane (and your car actually requires it), I suspect you will be severely dissapointed with performance after switching to soybean oil....OTOH, for you, it'd probably save you money, since 93+ is often 25+% higher than 87 octane (at least in my area).
And yet what would happen if you tried to criminalize alcohol?
Rubber products in the engine (seals and gaskets seperating oil from gasoline from antifreeze, for instance) would definitely dry out and leak. I'm sure this isn't a show stopping problem, however, since it's relatively easy to replace the gaskets with something immune to alcohol.
The other problem, however, is that ethanol at least (not sure on other types of alcohol, but I suspect it's similar) burns a lot hotter than gasoline, and could literally blow your engine apart. A lot (all?) of the high end drag cars run on pure ethanol, but have to use specially hardened pistons and crankshafts and whatnot to withstand the pressure. Oh yeah, and they go thru a complete rebuild after every event. Not exactly consumer-friendly, eh?
Has anybody ever worked in a fast-food restauraunt? Within a half-hour, your entire body is coated in grease. When you get home, every single piece of clothing you wore smells like old grease. No amount of washing will ever get rid of the smell. Believe me...this is not something we want to promote before they've dealt with this problem.....
An RJ45 port in the closet... If that's not a dream home, I don't know what is! :)
An 802.11b wireless home?
It's as good as encryption down here on Earth...
I don't think it's all that black and white. First off, neither the government or a corporation (and this is something people and politicians tend to forget) is a person. They have no rights. They only exist (in theory) because the people allow them to. They only exist because they benefit the people.
Secondly, is the aspect of what is done with that information. If information was free, then there would be no reason to sell and trade my personal information between companies. That annoys me that companies make a profit off of my information. Natural persons don't tend to make a profit off of information....and those that proclaim information wants to be free rarely do. Corporations almost always make a profit off of information, and seek to restrict that information in order to make it more valuable. If I try to restrict my home phone number from being freely available, it's not to make it more valuable, it's to protect my privacy. Totally different motives.
The government, of course, is a special case. They are restricted in their methods because they have an awesome responsibilty to the people. Unfortunately, our (the US) government seems to have forgotten this long ago, and feel that the people serve the government. And besides, the government usually illegally collects information in order to arrest people who think information should be free.
Well, they obviously had to edit the results out becuase of the 1,909,809,200,345,543 references to hand(job) and blow(job). It is Usenet, after all...
The slugs are happy? How is a slug happy? How can you tell if a slug is happy? Do they simply feed it VR of it avoiding salt and pounding footsteps? Or perhaps of becoming a super slug and eating McDonald's french fries with impunity?
Thank you...if I had moderator points, I'd rate this as as +1 Insightful. I hated the Matrix, and not because it's "philosphical questions" went over my head. Because it was a bad movie that did nothing to raise any interesting questions, for me at least. You have finally put into words what I have felt for so long. Thank you, thank you, thank you.
Wht genius was in The Matrix's plot? That life is all a VR stunt? Granted, with better execution (which I saw on a made for TV movie, for chrissakes!), that plot is workable--but hardly genius. The Matrix might have made a decent book, but the movie was horrendous. I'm as anti-establisment as they come, but that movie really rubs me the wrong way. Bad acting, disjointed editing/directing, and just plain silly to boot. There were some interesting special effects scenes, but Chow Yun-Fat's movies have those too, and they suck as well.
The Matrix was entirely -1 Overrated, and no more "genius" than the Truman Show.
Then again, I despise comic books and anime as well, so maybe I'm just off the /. party line on this one....
nerd-rejects?
I actually don't remember that part of the movie, but there is a program called ComicChat that was put out by MS that uses comic strip characters....I just can't see super-suave 007 using it, though. =)
MAC addresses can and are faked. Never rely on them for bulletproof security.
Microsoft's FAQ on the subject is a little more vague, specifying only that "It is able to tolerate a certain degree of change in a hardware configuration so that users can change their hardware without having to reactivate the product. If the user completely overhauls the hardware, then activation may be required again, which would take place by telephone." What is a complete overhaul? I'm not sure...I've overhauled my engine before, but not my computer.
Volume licenses should be unaffected, OEM licenses may or may not be, retail definitely will be.
The EULA in Office (apparently) states that the primary user of Office on a desktop may install on a laptop computer for exclusive use. You would get an activation code for that laptop the same way. Windows (retail and OEM) and OEM licenses of Office only allow for a single installed copy.
Office may be reinstalled as many times as necessary on the same machine without a different activation code...but a reformat may require a new code. The FAQ only states that Windows can be installed as many times as necessary on the same machine, but does not say if a reformat (which is really the only way to install Windows properly) would require a new code...I'd guess it wouldn't, however.
All in all, this may actually be a good thing for small corporate customers (those not on the Volume Licensing programs, anyway). Remember those Slashdot stories about small governments and corps being confused on MS licenses? Well, now there's no excuse. If you've got a code for the HW, then you're legal. SPA Audits may become a thing of the past.
As for Windows warez and those that are admitted pirates, we'll just have to wait until some enterprising coder cracks it and links it to Astalavista and bypass it. Shouldn't be any more of an annoyance than other copy protection schemes have been, hopefully.
Any other questions?
No, that is not a false impression. "We have always made an effort to provide highly functional software that makes the user experience as intuitive as possible." Translation: we consciously choose/chose intuitiveness over security (remember that for 90% of Windows users, right clicking and saving an attachment is not intuitive). He then goes on to say that Microsoft is becoming more conscious to security concerns, and are defaulting to some more secure settings to comabt email virii/worms.
He may like to think of Microsoft as "customer-focused", but every corporation is, at the end, shareholder focused. The only goal of a corporation is to maximize shareholder wealth. If, by being customer-focused, you can get more sales, then great. Otherwise, you're right...once customer focus gets in the way of the wealth, then you've got to change gears. That's Business 101, and any company who doesn't follow it will fail.
Luckily, Linux isn't a company, but a community. Think of it as a nonprofit, volunteer, organization. Linux has no "shareholders" to answer to, and so can be totally customer driven. (Un?)fortunately, different customers have different needs, and so we end up with fragmentation and different solutions to the same problem...which really shoots talk of standards and interoperability in the foot, don't you think?
Perhaps we should get a grip on standards and interoperability (for applications) within the Linux environment before we trash on Microsoft....After all, they are just doing what comes naturally--maximizing shareholder's wealth.
MIT is known for accepting some very bright people who flourish in the unique environment there, and go on to do wonderful things.
MIT is an anomaly in higher education, IMHO. Most universities offer no more of an educational experience than a week at the library could give you. Of course, there are a few rewarding professors that you'll come in contact with, and perhaps learn from, but they are few and far between.
Of course, if you're involved in research, then the rules change. You are likely to benefit from the university atmosphere, because it's a non-profit organization, thereby relieving your research of any major commercial motives. Also, you will get to work with other professors and students who are passionate about research. And, of course, let's not forget the amazing amount of funding directed to "research" institutions (funded in part, incidentally, by those same people who you seem to disdain because they are looking for technical training).