Not only the PKCS series, but also the various encoding methods. And clearly these are inadequate for everyone, so we get PGP formats, SSH/OpenSSH/PuTTY formats, etc.
If there had been a much smaller, more universal set of key formats, interoperable crypto would have been far easier.
On my paranoid days, I begin to suspect the TLA agencies on the standards committees deliberately introduced complexity to limit take-up.
Late posting moderation multiplier=2
Re:Well.. it's not theft!
on
Euro DMCA Fails
·
· Score: 2, Insightful
Quoting from the article: "However when an employee takes source code, or a company removes protection from a demo version of software and sells it as its own product, it certainly feels like theft, but technically it is not stealing. The case of Oxford v Morris held that software was not property and copying it was not stealing for the purpose of the Theft Act. However it is copyright infringement."
You may well not agree with other points in this article, such as the need to criminalise circumvention, as software publishers are too poor to bring their own court case.
But let's not further devalue the language, by calling copyright infringement by incorrect emotive words such as theft and piracy.
But you might have to fix the date. As OS/8 used only three bits for the year, it experienced a preview of Y2K problems in 1978, when the date wrapped round to 1970.
Funny thing is that all the traffic jams I see in central London are caused by the traffic lights. At some junctions (e.g. Cheapside to Bank) the green period is so short, it's only just possible for two buses to get through.
Very many streets are almost clear of traffic, despite the news reports. But I'm sure much greater throughput on the busier streets could be managed by selective use of one-way streets to avoid requiring lights.
Incidentally, the proposed cameras are not the same as the surveillance cameras. The car toll cameras will need to be more like speed cameras, to provide evidence of individual cars entering (and presumable number-plate recognition).
My key problem with current IDS systems is that they look for attacks, but I really want to know is if the attack is successful. The only use I have for attack counts is to justify the budget for security systems!
Let me suggest an alternative. Since you can build for $5000 or buy for under £3200 a terabyte disk store, why not record all network traffic in a rolling log for a few days or weeks. A background process can look for attack signatures, and see what the response was. So an IDS attack signature of "cat/etc/passwd" won't be reported unless it appears that a password file actually was returned.
The NSWC Shadow project is similar, but does not necessarily record all traffic.
One great advantage of having a historical log is you can see if you had been attacked, during the interval between an exploit being discovered and being notified with a new IDS signature. If you know you were not exploited, you save a lot of time not needing to check systems or reinstall to be on the safe side.
"CWEB is a version of WEB for documenting C, C++, and Java programs.... If you are in the software industry and do not use CWEB but your competitors do, your competitors will soon overtake you---and you'll miss out on a lot of fun besides."
The CWEB page also includes example programs, but you will have to run them through CWEB to get the hyperlinked PDF files.
1) Good argument for those about to leave school. But not for the K-14 ages, as the software they encounter will be different. Think back 8 years - is your knowledge of the word processor you used in 1993 relevant to Office XP?
Far better to teach the concepts as they will apply to any future products. (And I thought that's what good education is about, teaching people to think.)
2)There's always Citrix / Windows Terminal Server, and the free Linux ICA client.
3)So make out the software bill to FSF, Gnu, or your favourite Linux vendor.
While the deployment and cost savings are attractive, it seems to me to be adding to the security risk to include vulnerability and penetration testing tools on a firewall.
Based on the current description, Guardent also seem to be missing a trick: combining IDS and firewall allows the creation of an IPS (Intrusion Prevention System) where detection of selected IDS signatures would cause the connection to be dropped.
But it's quite simple to compress any file to 50 bits or so. Let's say there are 10^10 computers in the world (more than one each), with 10^5 files on each. So there are only 10^15 files in the world. As 10^15 ~= 2^50 you only need 50 bits to represent any file in the world.(:-)
Shame about the amount of directory storage needed in this scheme. Mind you, Google's getting close!
My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.
At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.
I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)
But what to do about reputational damage? Or going onto known spammer lists?
Re:Are you smoking crack?
on
This is IT?
·
· Score: 1
BURKS, the Brighton University Resource Kit for Students is an excellent CD-based resource kit intended for computer science students, though available to anyone. Only £7.50 GBP (+ postage) for 4 CDs, including Mandrake Linux 8.0, Windows compilers, tools and utilities, copies of FAQ files and the Dictionary of Computing, and much more. The whole contents is available on-line so you can see what you are getting.
I've been using BlueJ from Monash University. As it's written in Java, it can run on multiple platforms.
I'm not sure how big a project can be created with it, but then I only ever get time for small amounts of code (:-(
My 12-year old son feels much more at home learning with this type of environment, he can't appreciate why old-timers like myself work with command lines and vi! IDEs turn education into a kind of computer game.
I've been wondering why no-one seems to make any VGA (640x480) resolution projectors any more? If they were available at half the price of the current XGA projectors, they would make a nice projection TV system.
Slashdot Mirror
Why are there so many variants of crypto key formats?
Not only the PKCS series, but also the various encoding methods. And clearly these are inadequate for everyone, so we get PGP formats, SSH/OpenSSH/PuTTY formats, etc.
If there had been a much smaller, more universal set of key formats, interoperable crypto would have been far easier.
On my paranoid days, I begin to suspect the TLA agencies on the standards committees deliberately introduced complexity to limit take-up.
Late posting moderation multiplier=2
Quoting from the article: "However when an employee takes source code, or a company removes protection from a demo version of software and sells it as its own product, it certainly feels like theft, but technically it is not stealing. The case of Oxford v Morris held that software was not property and copying it was not stealing for the purpose of the Theft Act. However it is copyright infringement."
You may well not agree with other points in this article, such as the need to criminalise circumvention, as software publishers are too poor to bring their own court case.
But let's not further devalue the language, by calling copyright infringement by incorrect emotive words such as theft and piracy.
But you might have to fix the date. As OS/8 used only three bits for the year, it experienced a preview of Y2K problems in 1978, when the date wrapped round to 1970.
Not a record, though, the PDP-6 overflowed first.
Or you can spend $200 on an upgradable warranteed 800 MHz PC with LindowsOS.
If only they were available in UK. Still, the X-Box is now $201+tax, not too bad an exchange rate.
And my floppy disk was previously labelled "Windows NT Recovery Disk" which seemed too appropriate to change!
Very many streets are almost clear of traffic, despite the news reports. But I'm sure much greater throughput on the busier streets could be managed by selective use of one-way streets to avoid requiring lights.
Incidentally, the proposed cameras are not the same as the surveillance cameras. The car toll cameras will need to be more like speed cameras, to provide evidence of individual cars entering (and presumable number-plate recognition).
For more on "helping" congestion, see news on filling in bus lay-bys to force cars to queue (free registration may be required. Of course, the planners don't mention that the following buses will also be forced to queue behind the queuing cars.
Let me suggest an alternative. Since you can build for $5000 or buy for under £3200 a terabyte disk store, why not record all network traffic in a rolling log for a few days or weeks. A background process can look for attack signatures, and see what the response was. So an IDS attack signature of "cat /etc/passwd" won't be reported unless it appears that a password file actually was returned.
The NSWC Shadow project is similar, but does not necessarily record all traffic.
One great advantage of having a historical log is you can see if you had been attacked, during the interval between an exploit being discovered and being notified with a new IDS signature. If you know you were not exploited, you save a lot of time not needing to check systems or reinstall to be on the safe side.
Anyone like to build me one?
An excellent collection of links to SSH client and server products is maintained by FreeSSH. Includes free and fee versions.
How long until the Konqueror team pick up the opportunity to sell their web shortcuts? "gg:" must be worth a bit (:-)
"CWEB is a version of WEB for documenting C, C++, and Java programs.
The CWEB page also includes example programs, but you will have to run them through CWEB to get the hyperlinked PDF files.
BT Exact Technologies recently published a paper on designing for colour blindness. More information and colour palettes are on "Safe web colours for colour-deficient vision".
Far better to teach the concepts as they will apply to any future products. (And I thought that's what good education is about, teaching people to think.)
2)There's always Citrix / Windows Terminal Server, and the free Linux ICA client.
3)So make out the software bill to FSF, Gnu, or your favourite Linux vendor.
While the deployment and cost savings are attractive, it seems to me to be adding to the security risk to include vulnerability and penetration testing tools on a firewall.
Based on the current description, Guardent also seem to be missing a trick: combining IDS and firewall allows the creation of an IPS (Intrusion Prevention System) where detection of selected IDS signatures would cause the connection to be dropped.
Comments?
But it's quite simple to compress any file to 50 bits or so. Let's say there are 10^10 computers in the world (more than one each), with 10^5 files on each. So there are only 10^15 files in the world. As 10^15 ~= 2^50 you only need 50 bits to represent any file in the world.(:-)
Shame about the amount of directory storage needed in this scheme. Mind you, Google's getting close!
My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.
At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.
I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)
But what to do about reputational damage? Or going onto known spammer lists?
Is it a SegFault when it goes wrong?
BURKS, the Brighton University Resource Kit for Students is an excellent CD-based resource kit intended for computer science students, though available to anyone. Only £7.50 GBP (+ postage) for 4 CDs, including Mandrake Linux 8.0, Windows compilers, tools and utilities, copies of FAQ files and the Dictionary of Computing, and much more. The whole contents is available on-line so you can see what you are getting.
I'm not sure how big a project can be created with it, but then I only ever get time for small amounts of code (:-(
My 12-year old son feels much more at home learning with this type of environment, he can't appreciate why old-timers like myself work with command lines and vi! IDEs turn education into a kind of computer game.
I've been wondering why no-one seems to make any VGA (640x480) resolution projectors any more? If they were available at half the price of the current XGA projectors, they would make a nice projection TV system.