break in to Debian, it was notices within 24 hours. Break into Gentoo, noticed in 1 hour.
These are breakins to project servers - a handfull at best.
Break in to Microsoft, not noticed for MONTHS.
This was a breakin to a campus and national network of thousands of nodes. It's quite a bit more complicated and thus difficult to monitor everything going on on the Microsoft network than what happens on a few servers.
Kevin Mitnick repeatedly waived his right to a speedy trial which is guaranteed by the Constitution
You can't waive a constitutional right. Also, the prosecution repeatedly refused to present evidence for the defense to review - making it difficult for them to make a case, thus they had to delay.
I think not. Corporations can't put you in jail for things (courts and juries do that.) People can shop with a different company if they don't like one, they can't as easily pick and choose governments. The list goes on and on - in short: corporate actions do not ammount to a police state, unless the government is also the corporations (communism).
It reminds me of those commercials too - except I can only remember the one where the two hot girls are arguing about it, and end up fighting each other in a pond.... wow they are hot.
Under US law the cops don't need a warrant for anything you willfully disregard, and that extends to bodily waste.
The same applies for everyone in the country, not just cops. Also, this is a practice that I don't have a problem with. If you are discarding something, why should you have any expectation of controlling it?
I wonder: how can they tell that a 2 ^ 512 possibility range is as secure as a 2 ^ 15360 probabilities scheme?
Because breaking RSA does not involve brute forcing the bits, it involves factoring huge ass numbers into primes. Look up the differences between symmetric and asymmetric (or private and public) key cryptosystems.
Oh come on, I know Bush's administration is all for privatization and turning to the private sector and all, but this?
I believe that the technological divide between the NSA and the private sector has been shrinking over the years. I also don't think they would have selected this product if they didn't have good reason to. I suspect that this product was probably developed with some degree of NSA involvement, either contract work there or by former contractors/employees. And, low and behold, as I RTFA it says:
Certicom has worked with the NSA, based at Fort Meade, Md., on several classified projects in the past, and this agreement is essentially an outgrowth of that work, officials said.
So, it appears to have a lot of NSA involvement in the development. Actually, RTFAing a bit more closely it appears NSA is licensing the algorithm from Certicom. So they may not even be using the code from Certicom, they could be developing all the systems in house. Clearly, they wouldn't make a move like this without thoroughly analyzing the algorithms involved.
So what comes out is a solution that was produced much cheaper than a similar inhouse effort, and this will save the tax payers money (which sounds good to this poor college student.) I have to say I'm surprised at the Agency going after a commercial product for classified purposes, but I'm sure they have good reasons.
What makes ECC so much better vs AES with a key size of 256?
I'm sure a small ammount of googling could tell you this, but comparing ECC to AES is like comparing apples to oranges. ECC is a public key algorithm, and AES is a symmetric key algorithm. Thus, you would have to look up the fundamental differences between public and private key algorithms to find the differences between ECC and AES.
The difference between ECC and algorithms like RSA, for example, is that elliptic algorithms can work with smaller keysizes, and this should have been noticable from the slashdot post that points out the commercial product uses a smaller keysize than the equiviliant strength RSA key.
The penalty for violating a law should be much larger than the cost of following the law.
How many orders of magnitude of punishment beyond the origional damage do you want? Say a spam costs $1 (I'd say it costs about a cent, but for aguments sake I'll give you latitude.) A $1,000 fine is THREE orders of magnitude in punishment. That's insane. That's like sending someone to jail for 20-50 years for taking some cycles on a machine without permission. Punishment should appropriately match the offense, that is all.
allow private individuals to sue spammers and collect damages of up to $1,000 per e-mail.
That's a nice pair of little clauses there.
How do you figure a fine of $1,000 per e-mail is a nice clause? One of the biggest complaints I have with the american justice system these days is a broad divsion between crimes and consequences (and in punishing responsibility for harm.) There is no way a single e-mail could cause $1,000 worth of damage. Thats an absurd punishment for a virtually victimless crime. Don't get me wrong, I hate spam as much as the next guy. However, there are technical means to alleviate the problem, and a huge fine is not reflective of the damage done.
I just had a western civilization exam today. So to make up for my poor score on the test itself, I will attempt to impart something I actually did learn in the class (that was not tested). To quote my text:
[...] the philosopher Democritus (b. ca. 460 B.C.) [...] concluded that all things consisted of tiny, indivisible particles, which could be arranged and rearranged in an infinate variety of configurations. He called these particles
atoma, "the uncuttable" (from which the word atom is derived).
I see this as a chicken-and-egg problem. Employers don't understand the importance of secure programming because it isn't taught in college.
Oh please, employers don't need to take queues from colleges - they can figure out what is needed and what isn't very efficiently: look at sales. If security was worth wasting time over, they would be doing it now.
Employers don't understand the importance of secure programming because users don't care that products don't work properly and it is more difficult to code something well (secure or not) than it is to code something that mostly works.
I know users that get blue screens of death all the time. They ask why and I tell them poor programming. All they say is "oh." They don't say "Really? Maybe we should find a better product to replace this one." Never once have I heard this reasponse. Users just reboot and go on because they don't care/know any better.
Re:Patent protection?
on
Cracking GSM
·
· Score: 1
I belive the very act of listening to other people's phone calls makes you a criminal
You think that intercepting radio waves broadcast through my house and body is a criminal act? That seems a bit far fetched.
Whenever I talk on my cell phone, I realize that a multitude of people can be listening from people in the room to people in the cell area with radio scanners. If it's something sensitive, I'll use a landline or a secure channel. When I'm on my computer, I realize anyone on my collission domain can be intercepting my communications. If it's something sensitive, I'll use a secure channel.
Simple fact is, there are technical ways to setup secure communications - and people who think broadcast can be secure from eavesdropping are crazy.
Fascinating. I had a toshiba laptop about five years that had three dimensions. In fact, I thought the current trend was to move from 3D laptops to almost 2D ones with things like tablet PCs. Sometimes it's hard to keep up with trends.
expensive useless prestige projects like XBox and MSN and above all marketing.
Let's see - game consoles seem to be moving to the general purpose computers and entertainment center of the household. With a dvd player, the coolest games, and internet access - this is all many Joe Users want or need. If this trend continues, Microsoft obviously wants to have a large stake in it to keep their company moving products.
MSN is their attempt to get a hold in the Internet access market. Seeing as the Internet is pretty fucking popular, it makes sense to want a dog in that show. Does it make sense to be in dialup anymore? Maybe not, but if it really pisses you off buy some MS stock and sway the board away from the practice.
The costs to develop the stuff is quite low, especially in the case of Windows and Office where there isn't any real development anyway,
just bugfixing, retheming and repackaging. [Emphasis mine]
So it is now clear you don't know much about software development as a cycle. Bugfixing and matinence can be upwords of half the development cost of a piece of software. How often do you hear about Windows and Office bugs? Every week at least? Those all have to be fixed. As well as the countless other bugs because MS likes to release its software fast to get to market.
Even smaller countries could easily afford it.
And certainly the largest country with a slave labor force.
For 250 bucks I can get a gig of SDRam for my PDA/Smartphone which can play mp3s.
How fast does this kill the battery?
Re:802.11g
on
FCC Goes WiFi
·
· Score: 3, Insightful
Why not have 2 separate APs, then? One for 802.11b and one for 802.11g?
There's this thing called money that is used as a medium of exchange between people in the market place. It is valuable because it is rare and represents the value of work that is done. Incase you haven't heard, the economy is being a bit slow and the government doesn't have gobbs of it anymore (and neither do we). So to implement twice as many APs they would hate to tax me (one way or another) some more to pay for them. No thanks.
In fact, seeing the defecit we're running - why are they buying APs at all? Is this going to save me money? Is it going to increase my benefits? I'll wager no on both counts.
Interesting. I assume you're trying to make monopoly plural (it doesn't make sense to be posessive in this context). Now, I fail to see how more than one monopoly can exist in the same market, seeing as that would defeat the whole idea of a monopoly.
Slashdot Mirror
"My daddy always told me 'Son, just break one law at a time.'"
And this is informative and insighful how?
It reminds me of those commercials too - except I can only remember the one where the two hot girls are arguing about it, and end up fighting each other in a pond.... wow they are hot.
So what comes out is a solution that was produced much cheaper than a similar inhouse effort, and this will save the tax payers money (which sounds good to this poor college student.) I have to say I'm surprised at the Agency going after a commercial product for classified purposes, but I'm sure they have good reasons.
The difference between ECC and algorithms like RSA, for example, is that elliptic algorithms can work with smaller keysizes, and this should have been noticable from the slashdot post that points out the commercial product uses a smaller keysize than the equiviliant strength RSA key.
So, this puts the atom at abount 2400 years old.
I have always been a big fan of physically shredding hard drives which have contained sensitive data What's the bit density of a modern hard drive?
Employers don't understand the importance of secure programming because users don't care that products don't work properly and it is more difficult to code something well (secure or not) than it is to code something that mostly works.
I know users that get blue screens of death all the time. They ask why and I tell them poor programming. All they say is "oh." They don't say "Really? Maybe we should find a better product to replace this one." Never once have I heard this reasponse. Users just reboot and go on because they don't care/know any better.
Whenever I talk on my cell phone, I realize that a multitude of people can be listening from people in the room to people in the cell area with radio scanners. If it's something sensitive, I'll use a landline or a secure channel. When I'm on my computer, I realize anyone on my collission domain can be intercepting my communications. If it's something sensitive, I'll use a secure channel.
Simple fact is, there are technical ways to setup secure communications - and people who think broadcast can be secure from eavesdropping are crazy.
Fascinating. I had a toshiba laptop about five years that had three dimensions. In fact, I thought the current trend was to move from 3D laptops to almost 2D ones with things like tablet PCs. Sometimes it's hard to keep up with trends.
MSN is their attempt to get a hold in the Internet access market. Seeing as the Internet is pretty fucking popular, it makes sense to want a dog in that show. Does it make sense to be in dialup anymore? Maybe not, but if it really pisses you off buy some MS stock and sway the board away from the practice. So it is now clear you don't know much about software development as a cycle. Bugfixing and matinence can be upwords of half the development cost of a piece of software. How often do you hear about Windows and Office bugs? Every week at least? Those all have to be fixed. As well as the countless other bugs because MS likes to release its software fast to get to market. And certainly the largest country with a slave labor force.
Do you actually think you will win? If so, will you be dissapointed if you win with such a small percentage of californians to voted supporting you?
In fact, seeing the defecit we're running - why are they buying APs at all? Is this going to save me money? Is it going to increase my benefits? I'll wager no on both counts.