We should stand up and demand that they [companies] fully support Open Source by releasing code to viable products.
I've never understood this attitude. Especially in the context of the article, this strikes me as extremely ungrateful, rude and even childish. Something about Gift Horses and Mouths springs to mind.
You seem to be saying "Large companies whose business models include the concepts of selling and servicing software should immediately release their entire source code to the world at large". Without getting into the ethics, or the value of one business model over another, this attitude appears to be saying that the whole world should just stop what it's doing and obey the commands of a particular group of people.
Open Source / Free Software is a wonderfull, valuable, empowering movement. It's not the totality of the field, and it probably never will be. When corporations whose entire mindset involves the concept of exchange of cash for goods or services rendered embrace even a fraction of the values of these movements, it is indeed a cause for celebration. Not a time for beating them over the head that they haven't come all the way over from the Dark Side.
Looking beyond the fan-boy name calling, there is a serious point behind this.
Microsoft has made a massive virtue of "making hard stuff easy"; underlying a lot of the products coming out of Redmond is the core value of "Trust us to do the hard stuff for you".
In that context, it's commerically damaging to have revealed to the world-at-large that even Microsoft can't rely on Microsoft to do the hard-stuff (security) for it.. And if Microsoft can't rely on themselves why should anyone else?
Not, I hasten to add, that I believe that this incident will have any long-term consequences of this action. I'm waaay too cynical to believe that any good can come of this.
Pulleth The Other One, it hath Bells On
on
Microsoft Cracked
·
· Score: 3
Any project started within the last 3 months may be potentially vulnerable to a legal Denial of Service attack, yes.
I refuse, however, to believe that there's a Court of Law in the world that's bone-headed enough to believe that project X, running for Y years and fully documented in that time as an open project (cf WINE), has benefited from the unrelated, unadvertised and recent breaking out of MS source code.
Come on.. Doom-saying is all fun and games, but please do try and stay within the bounds of reality...
Re:Is there a point to keeping Mir alive?
on
Mir Lives
·
· Score: 1
Well, I didn't explicitly state it but it was implicit in what I said. By keeping Mir up there we'll learn more of the same. Why is this a good thing? Well, right now we don't know what we don't know about maintaining space habitats so all data is good data that helps puts bounds on the limits of our ignorance.
And the money thing, well I hinted that abandoning-in-place CAN be done (I think Mir's orbit is in the 10yr-to-decay range but don't quote me) AND that this is preferable to destroying by burn up. This would leave the option of a revival open later with significantly low probability of success but high probability of science return ("we failed because xxx needing yyy consideration in the future").
Well, strictly speaking of course you're right - the guy publishes internal protected documents not belonging to him and is therefore clearly legally up a certain creek without a necessary implement.
But if you go beyond the surface legalities here it looks more like a case of the 'net interpreting censorship as damage and routing around it.
The problem statement would appear to be "@Home has service level problems and inconsistent practices in dealing with it. @Home shows little interest in resolving these issues and wishes them not to be discussed".
The list of consequences from this would appear to be a history of postings and action-attempts by @Home customers, none of which were successfull because the Big Nasty Corporation showed no interest in dealing with the problem, and lots of interest in suppressing it's discussion.
However, because of the actions of this fella, @Home's wishes have been effectively denied. Regardless of the legalities, the underlying documentation explaining the causes & action-plan (i.e "we're crap" and "blame the customer" respectively) *have* got out in the wild.
Net result? Well, a whole bunch MORE people think that not only has @Home got a service problem, they've also got an attitude problem. This may influence their purchasing decisions, and may impact @Home the only place they care - the pocket.
Of course, if your stuck somewhere where the choice is @Home or nothing, then perhaps not. Perhaps all that's happened is an (effective) monopoly has been exposed once more as a Bad Thing, rather than any good coming from the episode.
This is true for your own personal comfort level of "well studied". I think the benefit of the AES review period was that a large number of people + organisations interested in the results of this competition could pass a mutually agreed level of that parameter during the competition.
Personally speaking I don't know enough one way or the other to form an objective opinion. Like most people on the planet, outside my own limited horizon of speciality, I have to rely on other trusted experts' opinions and judgements. For me, therefore, having seen the manner in which the AES competition was conducted, and without knowing diddly-squat about the analyses of the algorithms in that competition, I'd have to conclude that if it's good enough for them it's good enough for me.
But if it don't float your boat, fine. If it's for a commercial crypto app then the market will decide, otherwise it's whatever your conscience will let you get away with.
Ain't crypto wonderfull? All those human interests (theoretical, mathematical, technical, ethical, commercial, practical, political) in one little field...
We could go back and forth on this for a while, but essentially it's a personal decision based on an opinion, and I respect your opinion but do not share it.
Firstly, your statement "Rijndael was the one that was least secure" is at best an opinion. Since (to my knowledge) not even a theoretical attack has been found for any of the AES candidates, there can be no objective measure of relative security.
Secondly, I'd take issue with the argument that once a basic threshold has been reached, more eyeballs = more vulnerable. I accept that pretty much all of the AES algorithms are going to be non-trivially broken, hence the caveat.
Note that there may well not exist an attack on these algorithms (although history and a study of the human condition suggests that this outcome is unlikely). Schneir's statement that the best one can say about an algorithm is that it hasn't been cracked yet applies for each and every scientific theory on the planet. This is mearly the most pessimistic (and most appropriate) statement that can be made.
To close, I'd also like to point out that any algorithm can be trivially implemented in an insecure manner. Hence, your hypothesis that Serpent is inherently more secure because it receives less attention is worthless. Remember that each and every *implementation* of the AES algorithms needs to be verified in an open manner for it to be trusted. This is a lot less likely to happen with uncommon implementations (except, of course, for the black-hats with something to gain). With the working assumption that most "new" crypto applications will adopt the AES winner and not the losers, this implies that most industry attention will be focussed on the continuing verification of Rijndael implementations. As time goes by, you can expect the experience-pool that has accumulated with verifying Rijndael implementations to improve - standard suites testing for known risky points etc. This works against you for implementations of more obscure, relatively less-well-known algorithms.
To close, therefore, I would like to suggest that you are still relying on a variant of Security by Obscurity, and that this is not necessarily a good thing for your long term cryptographic needs.
Re:Is there a point to keeping Mir alive?
on
Mir Lives
·
· Score: 3
Quite apart from any of the justifications you'll hear (of which, let's be honest, politics & prestige are the only 2 that count), from a pushing-the-bounds-of-human-knowledge viewpoint the single best reason to keep Mir up there is that, yes indeed it's absolutely vital we understand what goes wrong on long-duration space facilities and how we deal with it.
Think of all that was learned in Mir's fire, and the crash. Ignore the *causes* of those disasters for a moment, and think of what was learnt:
Fire-fighting in zero gravity is both easier and more difficult than on the earth. Easier, because if you shut down the air circulation there's no reason for the fire to spread. More difficult because since the fire's consumed the local oxygen it's tough to get close, the smoke won't disperse on it's own, the heat gets retained and you can re-ignite the fire etc etc etc...
Hull-breaches do not necessarily require instant evacuation. On the other hand, they *will* require evacuation if the offending sections can't be identified and closed off quickly... (damn I really REALLY hope ISS learns this lesson and we don't see cables+wires+ducts getting strung up through bulkheads there when inbuilt connections fail....).
The Mark 1, mod 0 eyeball coupled with Wetware v1.0 is *not* sufficient to handle teleoperated dockings with limited training and even more limited information.
Now think about what's been learnt about maintenance, repair techniques, re-supply, logistics, human psychology in crisis situations... The damn thing is an extremely valuable resource and there's *no way* it should be allowed to re-enter. It would even be worthwhile abandoning-in-place and *attempting* to revisit in 10 years time - even if the attempt fails (I'm thinking of the troubles re-visiting the abandoned Salut 7 here), you'd learn a lot about what's needed just in making the attempt.
I guess my feeling from the opinions expressed in the interview would be that yer man there just doesn't care. I get the impression he's far more interested in doing theoretical algorithm research than in any real-world applications.
Hence his comments - "Rijndael is the engine, it's up to someone else to build the car". In the context of your question, the Draft ThoughtCrime Treaty really addresses legislation of the "car" - applications, processes and protocols making use of encryption - rather than the "engine" (the encryption algorithm) itself.
Calculation using Moores CPU law would suggest that this encryption algorithm should be cracked within 6 months.
Explanation please.
What does Moore's Law have to do with the *identification* of an attack on an algorithm, or with the time to implement such an attack?
If you're implying that a +6-month CPU will be capable of brute-force attacking Rijndael, please explain why current processors cannot do this, and please give an estimate of the time taken to break an arbitary message (i.e. time to search 50% of keyspace).
For bonus points, please provide an estimate of the hardware resources required (now, in 6months, or sometime after the Pentium 6 is released, which ever takes your fancy) in order to provide a realistic interception capability for oh-let's-say AES-encrypted email in near-real-time.
Serpent is actually more secure than Rijndael, even if slightly slower. I personally use serpent in my loopback fs's, and it works really well!
Which nicely summarises why Rijndael won.
The competition was a nice, real-world example of a trade-off between absolute theoretical security and implementation. AES is intended to scale from smartcards to NSA supercomputers.
If AES had been about producing the most secure algorithm, period, then I guess the winner would have been one which included an infinite number of permutations... After all, if it takes an eternity to encrypt you can guarantee that it can't be broken after encryptions:-)
Note that you, too have found that what the US Gov' says doesn't necessarily apply to the real world either. However, your faith in Serpent is perhaps misguided. It may have received a similar level of analysis as Rijndael up to now, but you can guarantee that as an also-ran, it's not going to continue to receive this level of investigation. All of which leaves you more, not less, vulnerable in the longer term....
I would greatly appreciate someone explaining why.tld's can't be placed in the open domain.
Seriously, what's to stop me deciding that NSI/ICANN et al suck, setting up my own virtual (non-connected).TLD DNS server, and having all my geek friends use *it* as a source?
Done properly there's no reason why this can't be integrated with the existing DNS structure - GeekFriendly ISP just tells it's DNS servers to use GeekSource A as primary DNS, and NSI et al as Secondary. That way, GeekFriendly ISP (and everyone downstream) resolves both.geek/.nerd *and*.com/.net/.org etc etc etc.
By the process of natural selection you'd see.tld's come and go, geek-providers thrive and dye just as in every other open project but as long as even one survives in an open mode it's got to be good for competition.. at least with regards to keeping ICANN open and fair.
I see reference to this happening before. Would anyone please explain to me the flaw in this thinking? Thanks.
A fair call, however note that esteemed UK news organisations have only just got up a head of steam (or crawled out of the nearest watering hole; pick your favourite explanation) and caught on to the fact. Hence although it became law yesterday, it's making the news today.
I've been in this situation. It's easy. "whoops, forgot the password."
Of course, if the situation involves Plod[*], you're now in breach of the Regulation of Investigatory Powers (RIP) act which holds you legally accountable for any and all keys/passwords etc that can be traced to you. Welcome to the Big House, where it's your turn to pick up the soap....
[*]Plod, n: Law Enforcement. The Rozzers, Knacker of the Yard, the Police.
The bottom line is that HMG doesn't get I.T. At all. It's sickening really; we have Smilin' Tony telling us we want to be at the forefront of the e-revolution, and then a sickening bunch of has-beans toadying along behind coming up with crap like the R.I.P. bill and this load of old tosh.
The extent of the problem was highlighted on the BBC Breakfast news when the self-styled e-minister Patricia Hewitt said that although yes, the Government was allowing employer snooping, it was only for "reasonable" uses. To paraphrase the good lady "Employers shouldn't pry. We trust them not to go looking at messages that are private". e-minister *blech*. Bet she wouldn't know a website from a kick in the teeth, let alone exactly what barrel of worms she's just opened. "reasonable use only".... nice. Let's see someone get a legal definition of that one; it'd be like nailing jelly to the wall.
What's worse is that Her Majesty's Opposition is just as technically inept, if not more so. I don't mind so much the boneheadedness (hey; I'd make a crap politician so why should they make good geeks?), but I am fed up to the back teeth with smiling baby-kissers telling me all about how great the technology is and how they know *just* how it needs regulating.... Oh, and then hold 1 week unannounced "review" periods for public consultation, then trumpet their spawns-of-satan legislation as "widely approved of by industry and public".
The thought of actually going out and *asking* people what legislation they need (other than the police, of course, who have predictable knee-jerk reactions hence RIP), and *listening* to them instead of patronisingly telling them what they want could never occur to this bunch of rabid style-over-substance image-is-everything inept sheep. I mean... not towing the party line? showing evidence of independent thought? not being "On-message"? Heaven forbid.
TOh dear did I really type that load of tripe? Ah well, it's off my chest now. Just scroll down a bit will you? There is nothing to see here. I'm going to go and lie down with a cold towel and maybe lay off the coffee for a bit.
Mostly, though, I'd be proud, and a little bit scared, to have a fellow geek on board.
Here's where you have to think Corporation not Ego. Having a fellow geek on board is *good* for the company. Speaking from experience, 2 heads are always better than one - even if those 2 heads operate by trying to out-compete with solutions.
After all, I can't be the only one whose best work has been when under pressure to prove geek bragging rights...
Speaking as a user:
The main gripe I have against IT people is that they think the point of computers and networks is to serve their interests. No! The point of
IT is to enable employees to best get their work done, not to provide the most elegant and tractable system for the admins to preside over
This cuts straight to the heart of a 30+ year old argument.
On the one side, BOFH and friends are responsible for providing a manageable, scalable and supportable computing environment that meets the IT needs of the organisation. This includes a spectrum of specific technical requirements depending on applications, coupled with (guarantee it) a wide spectrum of (l)users ranging from K&R re-incarnated at one end to a big steaming pile of Upper Management at the other.
On the other side, we have the (tiny!) fraction of users who do actually know what they're talking about and do actually have valuable ideas as to what tool might scratch their IT itch, and who will *never* be happy with the Ordained Platform as Passed Down From On High.
The answer as always lies in the middle. But, folks, here's the acid test: Will the BOFHs stick to their own rules and run their own platform internally? It's a fair marker of whether the line has been drawn in the right place. If BOFH can't hack it, then you shouldn't either. Otherwise, you owe it to the Company to do the best to stick to the standards.
... Linux is more popular and therefore better?... But by that token windows is better. Why not run NT on the BigIron machines then? I'd personally sooner see that than linux.
Note that to some limited extent this has been tried and failed, namely NT for Alpha, PPC and..er.. one other I can't recall. The problem is that the OS is in the hands of one group with one set of goals, which may not match the goals of the platform implementors, and these implementors cannot have the freedom they get from an Open OS to make whatever changes are necessary (by definition: to implement a non-Open software package on another platform you can bet there are licence agreements to be signed complete with a whole bunch of restrictions and lists of what can/can't be done. Likely including the requirement to pass back any innovations made to the original owner who now gets R&D done free by a 3rd party...)
Essentially the implementors will always be scrabbling behind the OS's owners, trying to keep up, instead of being part of the development process.
Also note that the definition of "popular" you're using may not match that of those who make these decisions. Certainly there is more public discussion of the benefits/shortcomings of the Linux environment at the moment since A) NT's been done to death over the last n years B) since we can all get at the code we've got more to talk about.
The closest big-iron manufacturer's management gets to appropriate technical decision-making is in counting headlines.
All these say "Linux good". *BSD is *possibly* just about on the bottom of their radar-screens, but probably not. You can guarantee that no-one in that chain has even heard of the HURD.
Sadly, this applies to the techies too, although to a lesser extent. Never underestimate the herding mentality, especially within corporate organisational structures.
The other side of this is that the technical decision makers - the architects if you will - have generally come up through the techie trenches but have left all that behind. They won't necessarily be current with the minutia of OS design or implementation, but will have a strong background and understand the basic facts.
Key to this thinking is that industrial-strength OSes require years of development. Linux has had years of development (though not as many as big-iron OSes, by a factor of 3 or more), and has only recently passed this magic threshold where it can be treated seriously because it's been under live-use development for X years.
These are all points in Linux's favour. HURD on the other hand, regardless of any architectural or technical merit, hasn't been discussed, hasn't been *in use* for X years, has a quiet/non-advocating user community (RMS notwithstanding), and is a break with everything these guys know about. HURD is therefore out of the running
Now, if this whole question had done s/HURD/*BSD/ (for some value of net|free|open), then it would be more appropriate. I still think the answer would be the same (rightly or wrongly, Linux is more popular and therefore better).
...delivered to Jeremy Paxman (a BBC journalist)...
Not a BBC journalist, the BBC journalist...
Note for non-UKians: Jezza Paxman is a notorious talking-head famous for verbal jousting with MPs and other officials on "Newsnight". Often amusing to watch, he's also renowned for being a bit of a prima-donna with... how can I put it?... somewhat of an ego problem...
More seriously, anyone with a plausible explanation of why HE should be sent the missing Enigma deserves a +5 moderation...
Slashdot Mirror
This is AFS. Not JFS. Two separate filesystems, doing different jobs. JFS for Linux hasn't been released yet. I believe it's due Real Soon Now.
I've never understood this attitude. Especially in the context of the article, this strikes me as extremely ungrateful, rude and even childish. Something about Gift Horses and Mouths springs to mind.
You seem to be saying "Large companies whose business models include the concepts of selling and servicing software should immediately release their entire source code to the world at large". Without getting into the ethics, or the value of one business model over another, this attitude appears to be saying that the whole world should just stop what it's doing and obey the commands of a particular group of people.
Open Source / Free Software is a wonderfull, valuable, empowering movement. It's not the totality of the field, and it probably never will be. When corporations whose entire mindset involves the concept of exchange of cash for goods or services rendered embrace even a fraction of the values of these movements, it is indeed a cause for celebration. Not a time for beating them over the head that they haven't come all the way over from the Dark Side.
Looking beyond the fan-boy name calling, there is a serious point behind this.
Microsoft has made a massive virtue of "making hard stuff easy"; underlying a lot of the products coming out of Redmond is the core value of "Trust us to do the hard stuff for you".
In that context, it's commerically damaging to have revealed to the world-at-large that even Microsoft can't rely on Microsoft to do the hard-stuff (security) for it.. And if Microsoft can't rely on themselves why should anyone else?
Not, I hasten to add, that I believe that this incident will have any long-term consequences of this action. I'm waaay too cynical to believe that any good can come of this.
Any project started within the last 3 months may be potentially vulnerable to a legal Denial of Service attack, yes.
I refuse, however, to believe that there's a Court of Law in the world that's bone-headed enough to believe that project X, running for Y years and fully documented in that time as an open project (cf WINE), has benefited from the unrelated, unadvertised and recent breaking out of MS source code.
Come on.. Doom-saying is all fun and games, but please do try and stay within the bounds of reality...
Well, I didn't explicitly state it but it was implicit in what I said. By keeping Mir up there we'll learn more of the same. Why is this a good thing? Well, right now we don't know what we don't know about maintaining space habitats so all data is good data that helps puts bounds on the limits of our ignorance.
And the money thing, well I hinted that abandoning-in-place CAN be done (I think Mir's orbit is in the 10yr-to-decay range but don't quote me) AND that this is preferable to destroying by burn up. This would leave the option of a revival open later with significantly low probability of success but high probability of science return ("we failed because xxx needing yyy consideration in the future").
Well, strictly speaking of course you're right - the guy publishes internal protected documents not belonging to him and is therefore clearly legally up a certain creek without a necessary implement.
But if you go beyond the surface legalities here it looks more like a case of the 'net interpreting censorship as damage and routing around it.
The problem statement would appear to be "@Home has service level problems and inconsistent practices in dealing with it. @Home shows little interest in resolving these issues and wishes them not to be discussed".
The list of consequences from this would appear to be a history of postings and action-attempts by @Home customers, none of which were successfull because the Big Nasty Corporation showed no interest in dealing with the problem, and lots of interest in suppressing it's discussion.
However, because of the actions of this fella, @Home's wishes have been effectively denied. Regardless of the legalities, the underlying documentation explaining the causes & action-plan (i.e "we're crap" and "blame the customer" respectively) *have* got out in the wild.
Net result? Well, a whole bunch MORE people think that not only has @Home got a service problem, they've also got an attitude problem. This may influence their purchasing decisions, and may impact @Home the only place they care - the pocket.
Of course, if your stuck somewhere where the choice is @Home or nothing, then perhaps not. Perhaps all that's happened is an (effective) monopoly has been exposed once more as a Bad Thing, rather than any good coming from the episode.
This is true for your own personal comfort level of "well studied". I think the benefit of the AES review period was that a large number of people + organisations interested in the results of this competition could pass a mutually agreed level of that parameter during the competition.
Personally speaking I don't know enough one way or the other to form an objective opinion. Like most people on the planet, outside my own limited horizon of speciality, I have to rely on other trusted experts' opinions and judgements. For me, therefore, having seen the manner in which the AES competition was conducted, and without knowing diddly-squat about the analyses of the algorithms in that competition, I'd have to conclude that if it's good enough for them it's good enough for me.
But if it don't float your boat, fine. If it's for a commercial crypto app then the market will decide, otherwise it's whatever your conscience will let you get away with.
Ain't crypto wonderfull? All those human interests (theoretical, mathematical, technical, ethical, commercial, practical, political) in one little field...
We could go back and forth on this for a while, but essentially it's a personal decision based on an opinion, and I respect your opinion but do not share it.
Firstly, your statement "Rijndael was the one that was least secure" is at best an opinion. Since (to my knowledge) not even a theoretical attack has been found for any of the AES candidates, there can be no objective measure of relative security.
Secondly, I'd take issue with the argument that once a basic threshold has been reached, more eyeballs = more vulnerable. I accept that pretty much all of the AES algorithms are going to be non-trivially broken, hence the caveat.
Note that there may well not exist an attack on these algorithms (although history and a study of the human condition suggests that this outcome is unlikely). Schneir's statement that the best one can say about an algorithm is that it hasn't been cracked yet applies for each and every scientific theory on the planet. This is mearly the most pessimistic (and most appropriate) statement that can be made.
To close, I'd also like to point out that any algorithm can be trivially implemented in an insecure manner. Hence, your hypothesis that Serpent is inherently more secure because it receives less attention is worthless. Remember that each and every *implementation* of the AES algorithms needs to be verified in an open manner for it to be trusted. This is a lot less likely to happen with uncommon implementations (except, of course, for the black-hats with something to gain). With the working assumption that most "new" crypto applications will adopt the AES winner and not the losers, this implies that most industry attention will be focussed on the continuing verification of Rijndael implementations. As time goes by, you can expect the experience-pool that has accumulated with verifying Rijndael implementations to improve - standard suites testing for known risky points etc. This works against you for implementations of more obscure, relatively less-well-known algorithms.
To close, therefore, I would like to suggest that you are still relying on a variant of Security by Obscurity, and that this is not necessarily a good thing for your long term cryptographic needs.
Quite apart from any of the justifications you'll hear (of which, let's be honest, politics & prestige are the only 2 that count), from a pushing-the-bounds-of-human-knowledge viewpoint the single best reason to keep Mir up there is that, yes indeed it's absolutely vital we understand what goes wrong on long-duration space facilities and how we deal with it.
Think of all that was learned in Mir's fire, and the crash. Ignore the *causes* of those disasters for a moment, and think of what was learnt:
Now think about what's been learnt about maintenance, repair techniques, re-supply, logistics, human psychology in crisis situations... The damn thing is an extremely valuable resource and there's *no way* it should be allowed to re-enter. It would even be worthwhile abandoning-in-place and *attempting* to revisit in 10 years time - even if the attempt fails (I'm thinking of the troubles re-visiting the abandoned Salut 7 here), you'd learn a lot about what's needed just in making the attempt.
I guess my feeling from the opinions expressed in the interview would be that yer man there just doesn't care. I get the impression he's far more interested in doing theoretical algorithm research than in any real-world applications.
Hence his comments - "Rijndael is the engine, it's up to someone else to build the car". In the context of your question, the Draft ThoughtCrime Treaty really addresses legislation of the "car" - applications, processes and protocols making use of encryption - rather than the "engine" (the encryption algorithm) itself.
Explanation please.
What does Moore's Law have to do with the *identification* of an attack on an algorithm, or with the time to implement such an attack?
If you're implying that a +6-month CPU will be capable of brute-force attacking Rijndael, please explain why current processors cannot do this, and please give an estimate of the time taken to break an arbitary message (i.e. time to search 50% of keyspace).
For bonus points, please provide an estimate of the hardware resources required (now, in 6months, or sometime after the Pentium 6 is released, which ever takes your fancy) in order to provide a realistic interception capability for oh-let's-say AES-encrypted email in near-real-time.
Which nicely summarises why Rijndael won.
The competition was a nice, real-world example of a trade-off between absolute theoretical security and implementation. AES is intended to scale from smartcards to NSA supercomputers.
If AES had been about producing the most secure algorithm, period, then I guess the winner would have been one which included an infinite number of permutations... After all, if it takes an eternity to encrypt you can guarantee that it can't be broken after encryptions :-)
Note that you, too have found that what the US Gov' says doesn't necessarily apply to the real world either. However, your faith in Serpent is perhaps misguided. It may have received a similar level of analysis as Rijndael up to now, but you can guarantee that as an also-ran, it's not going to continue to receive this level of investigation. All of which leaves you more, not less, vulnerable in the longer term....
I would greatly appreciate someone explaining why .tld's can't be placed in the open domain.
Seriously, what's to stop me deciding that NSI/ICANN et al suck, setting up my own virtual (non-connected) .TLD DNS server, and having all my geek friends use *it* as a source?
Done properly there's no reason why this can't be integrated with the existing DNS structure - GeekFriendly ISP just tells it's DNS servers to use GeekSource A as primary DNS, and NSI et al as Secondary. That way, GeekFriendly ISP (and everyone downstream) resolves both .geek/.nerd *and* .com/.net/.org etc etc etc.
By the process of natural selection you'd see .tld's come and go, geek-providers thrive and dye just as in every other open project but as long as even one survives in an open mode it's got to be good for competition.. at least with regards to keeping ICANN open and fair.
I see reference to this happening before. Would anyone please explain to me the flaw in this thinking? Thanks.
Nope. No cookie for you. Key Escrow *was* in an early draft of RIP but was removed.
It is, however, illegal (carrying a penalty of 2 years chokey) not to hand over any keys when required *whether in your possession or not*.
Heh, so if I use too much TP does that count as pilfering office supplies?
oh please oh please oh please let that one go to court....
A fair call, however note that esteemed UK news organisations have only just got up a head of steam (or crawled out of the nearest watering hole; pick your favourite explanation) and caught on to the fact. Hence although it became law yesterday, it's making the news today.
Of course, if the situation involves Plod[*], you're now in breach of the Regulation of Investigatory Powers (RIP) act which holds you legally accountable for any and all keys/passwords etc that can be traced to you. Welcome to the Big House, where it's your turn to pick up the soap....
[*]Plod, n: Law Enforcement. The Rozzers, Knacker of the Yard, the Police.
The bottom line is that HMG doesn't get I.T. At all. It's sickening really; we have Smilin' Tony telling us we want to be at the forefront of the e-revolution, and then a sickening bunch of has-beans toadying along behind coming up with crap like the R.I.P. bill and this load of old tosh.
The extent of the problem was highlighted on the BBC Breakfast news when the self-styled e-minister Patricia Hewitt said that although yes, the Government was allowing employer snooping, it was only for "reasonable" uses. To paraphrase the good lady "Employers shouldn't pry. We trust them not to go looking at messages that are private". e-minister *blech*. Bet she wouldn't know a website from a kick in the teeth, let alone exactly what barrel of worms she's just opened. "reasonable use only".... nice. Let's see someone get a legal definition of that one; it'd be like nailing jelly to the wall.
What's worse is that Her Majesty's Opposition is just as technically inept, if not more so. I don't mind so much the boneheadedness (hey; I'd make a crap politician so why should they make good geeks?), but I am fed up to the back teeth with smiling baby-kissers telling me all about how great the technology is and how they know *just* how it needs regulating.... Oh, and then hold 1 week unannounced "review" periods for public consultation, then trumpet their spawns-of-satan legislation as "widely approved of by industry and public".
The thought of actually going out and *asking* people what legislation they need (other than the police, of course, who have predictable knee-jerk reactions hence RIP), and *listening* to them instead of patronisingly telling them what they want could never occur to this bunch of rabid style-over-substance image-is-everything inept sheep. I mean... not towing the party line? showing evidence of independent thought? not being "On-message"? Heaven forbid.
TOh dear did I really type that load of tripe? Ah well, it's off my chest now. Just scroll down a bit will you? There is nothing to see here. I'm going to go and lie down with a cold towel and maybe lay off the coffee for a bit.
Here's where you have to think Corporation not Ego. Having a fellow geek on board is *good* for the company. Speaking from experience, 2 heads are always better than one - even if those 2 heads operate by trying to out-compete with solutions.
After all, I can't be the only one whose best work has been when under pressure to prove geek bragging rights...
This cuts straight to the heart of a 30+ year old argument.
On the one side, BOFH and friends are responsible for providing a manageable, scalable and supportable computing environment that meets the IT needs of the organisation. This includes a spectrum of specific technical requirements depending on applications, coupled with (guarantee it) a wide spectrum of (l)users ranging from K&R re-incarnated at one end to a big steaming pile of Upper Management at the other.
On the other side, we have the (tiny!) fraction of users who do actually know what they're talking about and do actually have valuable ideas as to what tool might scratch their IT itch, and who will *never* be happy with the Ordained Platform as Passed Down From On High.
The answer as always lies in the middle. But, folks, here's the acid test: Will the BOFHs stick to their own rules and run their own platform internally? It's a fair marker of whether the line has been drawn in the right place. If BOFH can't hack it, then you shouldn't either. Otherwise, you owe it to the Company to do the best to stick to the standards.
ah well, all of these sites need a garbage-filter on them... esp /.
what can I tell you? El Reg gives me a chuckle on the 10% of stories worth reading. And of course it's written in the One True English.....
Sod Karma.
There's an analysis of this announcement on The Register, here
Short Summary: Intel might be regretting it now, but they're legally committed anyway...
Note that to some limited extent this has been tried and failed, namely NT for Alpha, PPC and ..er.. one other I can't recall. The problem is that the OS is in the hands of one group with one set of goals, which may not match the goals of the platform implementors, and these implementors cannot have the freedom they get from an Open OS to make whatever changes are necessary (by definition: to implement a non-Open software package on another platform you can bet there are licence agreements to be signed complete with a whole bunch of restrictions and lists of what can/can't be done. Likely including the requirement to pass back any innovations made to the original owner who now gets R&D done free by a 3rd party...)
Essentially the implementors will always be scrabbling behind the OS's owners, trying to keep up, instead of being part of the development process.
Also note that the definition of "popular" you're using may not match that of those who make these decisions. Certainly there is more public discussion of the benefits/shortcomings of the Linux environment at the moment since A) NT's been done to death over the last n years B) since we can all get at the code we've got more to talk about.
The closest big-iron manufacturer's management gets to appropriate technical decision-making is in counting headlines.
All these say "Linux good". *BSD is *possibly* just about on the bottom of their radar-screens, but probably not. You can guarantee that no-one in that chain has even heard of the HURD.
Sadly, this applies to the techies too, although to a lesser extent. Never underestimate the herding mentality, especially within corporate organisational structures.
The other side of this is that the technical decision makers - the architects if you will - have generally come up through the techie trenches but have left all that behind. They won't necessarily be current with the minutia of OS design or implementation, but will have a strong background and understand the basic facts.
Key to this thinking is that industrial-strength OSes require years of development. Linux has had years of development (though not as many as big-iron OSes, by a factor of 3 or more), and has only recently passed this magic threshold where it can be treated seriously because it's been under live-use development for X years.
These are all points in Linux's favour. HURD on the other hand, regardless of any architectural or technical merit, hasn't been discussed, hasn't been *in use* for X years, has a quiet/non-advocating user community (RMS notwithstanding), and is a break with everything these guys know about. HURD is therefore out of the running
Now, if this whole question had done s/HURD/*BSD/ (for some value of net|free|open), then it would be more appropriate. I still think the answer would be the same (rightly or wrongly, Linux is more popular and therefore better).
Never underestimate the impact of inertia...
Not a BBC journalist, the BBC journalist...
Note for non-UKians: Jezza Paxman is a notorious talking-head famous for verbal jousting with MPs and other officials on "Newsnight". Often amusing to watch, he's also renowned for being a bit of a prima-donna with... how can I put it?... somewhat of an ego problem...
More seriously, anyone with a plausible explanation of why HE should be sent the missing Enigma deserves a +5 moderation...