With that design, there will be a period of time where a record has been "written" but is not readable. This will only be viable when new records are being added. In any situation where a record is being updated or deleted, something hitting one of the "read" DB servers will get the old record.
This could get really nasty for an application that reads the DB, and then writes something based on what it just read.
We already hashed this discussion out a bit on the firewall-wizards list.
Jurisdictions that make possesion of certain tools illegal refer to them as burglary tools. This is by state or by county. It is quite illegal to carry lockpicks in some places if you're not a licensed locksmith.
The definition of burglary tools is anything that has been classified as burglary tools.
There is no licensing for security professionals or system administrators.
Therefore, since L0phtcrack has been classified as a burglary tool in Hopkins, and you can't get a license to "carry" it, it's illegal to have there, for as long as the "burglary tool" classification sticks.
Mine too. It's a Timex Ironman Triathlon. Said it was 3/1 today. Since there's no year for me to set, I don't know how it would get it right. IIRC, no digital watch I've had has gotten Feb. 29th correct.
Sure. Office 2003, instead of having slides telling how cool the product is during install, could have full-motion video clips of Gates telling you the same thing. "Hi. I'm Bill Gates, and I'd like to tell you about the benefits of registering your copy of Office 2003."
Do you have below average intelligence? Are you sometimes a follower, feel a need to be part of a large circle of friends perceived as the "in crowd"?
Do you think you have high self-esteem? Are you confused by cults because of your inability to understand the belief without beliving it yourself? Are you facinated with weapons, and wish you could hold a position where you could abuse them legally? Do you suck at games with themes of violence and death, and frequently blow yourself up with your own rocket launcher?
Are you under the impression that you don't come from a dysfunctional home? Covet authority? Blindly accept criticism?
If the answer to most or all of the above is yes, then congratulations and welcome to the FBI.
Ocasionally, I browse sci.crypt, and I see a fair number of algorithms posted there. I also see some "breaks" for them posted. So, there's one possible place.
I've seen a number of cryptographers say they don't have a lot of time, and no, they won't break your algorithm for you. Well, not unless you pay them. Bruce is one of those.
However, I've seen posts where they've broken someone's alg. in the time it took to read it, and they sometimes reply.
Here's something I've had in mind for some time: An Internet-based crypto club, where rank amateurs could post their own algs., and break those of others. Sci.crypt does that to some degree. Something that is more explicitly for creating & breaking would be appropriate, though. I don't have time to run such a thing, but I'd like to participate casually. I imagine that there could be a built-in prestige system that tracks how long particular algs. take to break, etc..
It could also possibly attract better cryptographers as well. If there is a ranking system, then that could act as filter for the real cryptographers. For example, if a particular alg. has "survived" for 6 months, it could be ranked as "good" for the crypto club, and then a real cryptographer could come along and dash the author's hopes.
Well, uhh, those of us who are posting, obviously. (not you.)
Bruce is fairly famous, in the appropriate circles. The general public doesn't know even the most famous cryptographers. If you're concerned about Bruce's fame, wait a little while and watch his new company. If it takes off like I expect it might, he'll be famous enough.
There's a worse problem with your assertion, though. Bruce is a very interesting guy, and a good speaker. He rarely gives an answer (in this type of situation) with any math or technical details in it. In other words, he does a good job of giving answers that everyone can read and understand. Did you read his answers?
I suspect the relatively small number of replies so far (for Slashdot) are due to the fact that Bruce often leaves little to refute, and that he answers very matter-of-factly, leaving little room for "religious" debate.
You want your 8-bit smartcard to be able to comunicate with your 64-bit desktop, don't you? If they're not using the same alg. & protocol, that won't work.
Couldn't they just get their two letter ISO country code, open a NIC, and extort money out of corporations for domain names, like all the other little island nations?
I've heard you say many times that unless a particular crypto alg. has undergone lots of public review, it should not be considered safe. Unless possibly it's from the NSA. (Excluding, of course, the NSA stuff that is INTENTIONALLY backdoored.)
The implication there is that the NSA has applied some many resources to the crypto problems,that they are as good as the rest of the cryptographers put together.
My question is: Do you really think that a private process, no matter how many resources applied, can equal the public process?
-Figure out what answers set off the software -Get all your hacker buddies at school together, and when you are all "interviewed", give the answers that mark you as psycho. -Get a lawyer, and insist on a review by competent human psychiatrist
The FCC also has the ability to allow or disallow regulated bodies to collect various fees.
The FCC is supposed to collect fees for itself to cover costs of regulating things. In the case of a "modem tax" they would be charging us to charge us. I really, really, hope that isn't the idea.
More likely is they will allow the RBOCs to collect the fees for themselves. The RBOCs have supposedly been after this for years. The RBOCs complain that the longer call times from Internet users have driven up their costs. Basically, they are complaining that people are taking advantage of the services they have sold. Boo hoo. I have little sympathy for RBOCs that depreciate their equipment over 30 years, delaying new technologies. If PacBell, for example, is so worried about overused lines, why are they actively advertising second phone lines for Internet use?
So if the RBOCs get the money, where is it supposed to go? Equipment upgrades? They could pay for that by slipping everyone an extra $20 charge over 1 year.
What about the CLECs? If I'm a CLEC, I'm entitled to the same fees, right? So I could use these fees to build myself from scratch? Do the RBOCs really want to have the FCC mandate a "tax" that will enable CLECs do sping up at no cost? (Note: this wouldn't really happen.. the RBOCs would just lobby to get some ridiculous requirement put in place to be a CLEC, making it not cost effective.)
How does the FCC/RBOCs know that I'm making a modem call? Are they going to put in equipment to monitor all calls? I.e. charge me to charge me again? Or, more likely, just charge ALL calls, voice or data.
What the RBOCs really would like is to eliminate free local calls. They've done it in most places for ISDN. ISDN is metered, even for residential, by most RBOCs. There doesn't seem to be any particular reason to justify it. They did it because they could. (They can't get away with metering EVERY phone line, so they do the ones that are new and different.)
How about full-time links? Broadband, cable, etc.. that have no per-minute concept attached to them? Is there a flat fee to have it?
If there's a flat fee, how does that not apply to my LAN now? Because I'm not an RBOC/CLEC/whatever? If I throw a lenght of CAT5 across the back fence to run my neighbor, is that OK? If I manage to get right-of-way all the way to my ISP's POP with copper of my own, do I get to skip the charge?
There are way too many problems to be addressed. The closest thing they can do to what they want is to take away all free local calls. I don't think they can get approval for that, so I don't think we'll see any change.
I watched the MTV special with a critical eye. I had some questions about who was taking themselves seriously.
I've read the follow up letter.
I still have no idea which parts I'm supposed to believe and which I'm supposed to disbelieve.
The statements from the L0pht guys and JP were very short. I'm a fan of the L0pht, and would have liked to have seen more. I'm no fan of JP, but honestly he wasn't on long enough to make himself look bad.
I was suspicious about the "disk thing" having seen Hackers, the movie. I expected that the guys were putting Serena on to some degree, as most hackers (at least the ones who would appear on MTV) love attention. They will put on a show if you give them a chance. Don't forget that at least 2 of the guys allready went to the trouble of getting their own TV show of sorts.
What I want to know is how much was Serena acting and sensationalizing? Was she really shocked that someone knew that she had 2 VM boxes? Was her e-mail really hacked, or did she just screw up her password, or was it all staged?
Books have their own sacredness in the eyes of the American people. You can't get away with banning/burning/etc.. books in America as a whole (though, yes, you will occasionally see local incidents.) This is the only reason crypto books are given special consideration.
I don't believe the govt will go after books any time soon. They are already running scared on the crypto issue, because they can see the defeat of restrictions entirely.
I don't think we'll ever see any attempt at controlling export of books.
Unless, of course, it's child porn.:) I don't think the govt can make a case that crypto code is child porn.
Slashdot Mirror
With that design, there will be a period of time where a record has been "written" but is not readable. This will only be viable when new records are being added. In any situation where a record is being updated or deleted, something hitting one of the "read" DB servers will get the old record.
This could get really nasty for an application that reads the DB, and then writes something based on what it just read.
We already hashed this discussion out a bit on the firewall-wizards list.
Jurisdictions that make possesion of certain tools illegal refer to them as burglary tools. This is by state or by county. It is quite illegal to carry lockpicks in some places if you're not a licensed locksmith.
The definition of burglary tools is anything that has been classified as burglary tools.
There is no licensing for security professionals or system administrators.
Therefore, since L0phtcrack has been classified as a burglary tool in Hopkins, and you can't get a license to "carry" it, it's illegal to have there, for as long as the "burglary tool" classification sticks.
Quite stupid, yes?
Mine too. It's a Timex Ironman Triathlon. Said it was 3/1 today. Since there's no year for me to set, I don't know how it would get it right. IIRC, no digital watch I've had has gotten Feb. 29th correct.
And where does it say that once I've purchased a copy of some bits or analog waves that I can't do what I like with it? (Other than redistribute)
It says that on the package, if at all. It's the shrink-warp license problem, which AFAIK, has never gone to court.
Besides, He's already said that licences/contracts don't apply to him.
He also stated that he wrote the code based on someone else's crack of the encryption. Has he even been charged with using it?
Or perhaps deadskunk.com.
Sure. Office 2003, instead of having slides telling how cool the product is during install, could have full-motion video clips of Gates telling you the same thing. "Hi. I'm Bill Gates, and I'd like to tell you about the benefits of registering your copy of Office 2003."
Do you have below average intelligence? Are you sometimes a follower, feel a need to be part of a large circle of friends perceived as the "in crowd"?
Do you think you have high self-esteem? Are you confused by cults because of your inability to understand the belief without beliving it yourself? Are you facinated with weapons, and wish you could hold a position where you could abuse them legally? Do you suck at games with themes of violence and death, and frequently blow yourself up with your own rocket launcher?
Are you under the impression that you don't come from a dysfunctional home? Covet authority? Blindly accept criticism?
If the answer to most or all of the above is yes, then congratulations and welcome to the FBI.
Installing from Windows can be incredibly useful.
That's one less piece to write for the trojan/worm that finds Windows machines, and replaces it with Linux.
Ocasionally, I browse sci.crypt, and I see a fair number of algorithms posted there. I also see some "breaks" for them posted. So, there's one possible place.
I've seen a number of cryptographers say they don't have a lot of time, and no, they won't break your algorithm for you. Well, not unless you pay them. Bruce is one of those.
However, I've seen posts where they've broken someone's alg. in the time it took to read it, and they sometimes reply.
Here's something I've had in mind for some time: An Internet-based crypto club, where rank amateurs could post their own algs., and break those of others. Sci.crypt does that to some degree. Something that is more explicitly for creating & breaking would be appropriate, though. I don't have time to run such a thing, but I'd like to participate casually. I imagine that there could be a built-in prestige system that tracks how long particular algs. take to break, etc..
It could also possibly attract better cryptographers as well. If there is a ranking system, then that could act as filter for the real cryptographers. For example, if a particular alg. has "survived" for 6 months, it could be ranked as "good" for the crypto club, and then a real cryptographer could come along and dash the author's hopes.
Well, uhh, those of us who are posting, obviously. (not you.)
Bruce is fairly famous, in the appropriate circles. The general public doesn't know even the most famous cryptographers. If you're concerned about Bruce's fame, wait a little while and watch his new company. If it takes off like I expect it might, he'll be famous enough.
There's a worse problem with your assertion, though. Bruce is a very interesting guy, and a good speaker. He rarely gives an answer (in this type of situation) with any math or technical details in it. In other words, he does a good job of giving answers that everyone can read and understand. Did you read his answers?
I suspect the relatively small number of replies so far (for Slashdot) are due to the fact that Bruce often leaves little to refute, and that he answers very matter-of-factly, leaving little room for "religious" debate.
Umm..Ok, I'll feed the troll..
:)
Now, keep in mind that linear algebra was difficult for me, and I've repressed most of it.
2) What's a Norman Transform?
3) Clarify "join" in this case. Is M going to be invertible in every case?
4) What's a Gery-Sinner transform?
Do you have any program code for an example? How about a walkthrough of one round w/example data and key?
This alg. doesn't actually do anything, does it?
What's the decrypt process? (same?)
You want your 8-bit smartcard to be able to comunicate with your 64-bit desktop, don't you? If they're not using the same alg. & protocol, that won't work.
Hey, I hear them's good eating.
Couldn't they just get their two letter ISO country code, open a NIC, and extort money out of corporations for domain names, like all the other little island nations?
FYI, he wrote an appendix to it, and consulted on part.
I've heard you say many times that unless a particular crypto alg. has undergone lots of public review, it should not be considered safe. Unless possibly it's from the NSA. (Excluding, of course, the NSA stuff that is INTENTIONALLY backdoored.)
The implication there is that the NSA has applied some many resources to the crypto problems,that they are as good as the rest of the cryptographers put together.
My question is: Do you really think that a private process, no matter how many resources applied, can equal the public process?
-Figure out what answers set off the software
-Get all your hacker buddies at school together, and when you are all "interviewed", give the answers that mark you as psycho.
-Get a lawyer, and insist on a review by competent human psychiatrist
Apply class-action lawsuit as neccessary.
The FCC has the right to collect fees to run itself:
h tm
http://www.darkrose-bds.com/hoax/sample/l-of-c.
The FCC also has the ability to allow or disallow regulated bodies to collect various fees.
The FCC is supposed to collect fees for itself to cover costs of regulating things. In the case of a "modem tax" they would be charging us to charge us. I really, really, hope that isn't the idea.
More likely is they will allow the RBOCs to collect the fees for themselves. The RBOCs have supposedly been after this for years. The RBOCs complain that the longer call times from Internet users have driven up their costs. Basically, they are complaining that people are taking advantage of the services they have sold. Boo hoo. I have little sympathy for RBOCs that depreciate their equipment over 30 years, delaying new technologies. If PacBell, for example, is so worried about overused lines, why are they actively advertising second phone lines for Internet use?
So if the RBOCs get the money, where is it supposed to go? Equipment upgrades? They could pay for that by slipping everyone an extra $20 charge over 1 year.
What about the CLECs? If I'm a CLEC, I'm entitled to the same fees, right? So I could use these fees to build myself from scratch? Do the RBOCs really want to have the FCC mandate a "tax" that will enable CLECs do sping up at no cost? (Note: this wouldn't really happen.. the RBOCs would just lobby to get some ridiculous requirement put in place to be a CLEC, making it not cost effective.)
How does the FCC/RBOCs know that I'm making a modem call? Are they going to put in equipment to monitor all calls? I.e. charge me to charge me again? Or, more likely, just charge ALL calls, voice or data.
What the RBOCs really would like is to eliminate free local calls. They've done it in most places for ISDN. ISDN is metered, even for residential, by most RBOCs. There doesn't seem to be any particular reason to justify it. They did it because they could. (They can't get away with metering EVERY phone line, so they do the ones that are new and different.)
How about full-time links? Broadband, cable, etc.. that have no per-minute concept attached to them? Is there a flat fee to have it?
If there's a flat fee, how does that not apply to my LAN now? Because I'm not an RBOC/CLEC/whatever? If I throw a lenght of CAT5 across the back fence to run my neighbor, is that OK? If I manage to get right-of-way all the way to my ISP's POP with copper of my own, do I get to skip the charge?
There are way too many problems to be addressed. The closest thing they can do to what they want is to take away all free local calls. I don't think they can get approval for that, so I don't think we'll see any change.
I watched the MTV special with a critical eye. I had some questions about who was taking themselves seriously.
I've read the follow up letter.
I still have no idea which parts I'm supposed to believe and which I'm supposed to disbelieve.
The statements from the L0pht guys and JP were very short. I'm a fan of the L0pht, and would have liked to have seen more. I'm no fan of JP, but honestly he wasn't on long enough to make himself look bad.
I was suspicious about the "disk thing" having seen Hackers, the movie. I expected that the guys were putting Serena on to some degree, as most hackers (at least the ones who would appear on MTV) love attention. They will put on a show if you give them a chance. Don't forget that at least 2 of the guys allready went to the trouble of getting their own TV show of sorts.
What I want to know is how much was Serena acting and sensationalizing? Was she really shocked that someone knew that she had 2 VM boxes? Was her e-mail really hacked, or did she just screw up her password, or was it all staged?
Perhaps their society had outlawed hacking, thereby holding ship computer vendors unaccountable to anyone, and leaving them completely vulnerable.
Why some much emphasis on the fact that they were female, when the technology is quite interesting on it's own?
My friend's father had taken the warning from the top step of a ladder, and placed it above the toilet in his bathroom. The label said:
"Warning! Do not sit or stand"
We determined that that left lying down.
Books have their own sacredness in the eyes of the American people. You can't get away with banning/burning/etc.. books in America as a whole (though, yes, you will occasionally see local incidents.) This is the only reason crypto books are given special consideration.
:) I don't think the govt can make a case that crypto code is child porn.
I don't believe the govt will go after books any time soon. They are already running scared on the crypto issue, because they can see the defeat of restrictions entirely.
I don't think we'll ever see any attempt at controlling export of books.
Unless, of course, it's child porn.
I've been using their systems for a while now. My VPN architecture runs on VALinux boxes.
I'd asked my sales guy a few months ago when they were gonna IPO, but of course he couldn't comment.
Often with stories like this, where they don't have details, you'll find that there are wildly carying ideas of chat "cyberwarefare" is.
Army guy#1 "Huh, huh... I, like, ping-of-death'ed him."
Army guy#2 "Dammit! L0phtcrack won't download their pa55w0rdz!!!111!1!1"