I actually think mostly the same... but I still sometimes get to places through URLs. Particularly if our hypothetical on-line tea store had a stone and mortar store they'd probably hand out cards or flyers with their URL. In cases like this the URL sometimes is all you've got because the store is new and Google hasn't indexed it yet, or the site has a low PageRank (lower at least than other search results), or because the store's name uses words that are too common.
So, the store would have to pay Google so whenever someone searches for "Solo Te Store" their link comes up... which would be like a DNS, except for the fact that I can pay for my competing store to show up on the same query and probably steal some customers.
Domain names are a really poor solution to identifying and accessing web sites, but alternatives seem to have their share of problems too.
Accented vowels would be a problem, at least in spanish. Though their use is "mandatory", people with mediocre spelling don't use them in the internet. Even people who use them don't always do it: even though the use of accents is mostly regular, there are many (and very common) irregular placements.
Let's say for instance we have an online shop for tea called "Sólo Té" (Tea Only). Both accents are due to irregular rules ("Sólo" = "Only" and "Solo" = "Alone", "Te" is a personal pronoun and "Té" = Tea). Some people would try the current www.solote.com, others would try the correct www.sóloté.com, some would try www.sólote.com and yet others www.soloté.com depending on their spelling capabilities.
What this basically means is that in order to make sure everybody finds your domain and to avoid phishing you have to register four different domains.
A solution to this problem could be what Google does right now with accents: map them to the unnacented vowel. Thus "Solo Te" and "Sólo Té" would both find the "Sólo Té" store.
In this particular case, though, it's a matter of IT staff expecting it to be easy and not bothering to familiarize themselves with Linux enough to competently deploy it.
It's not "bothering to familiarize with Linux"... it's "spending money so IT staff gets familiarized with Linux". Be it on courses, books or simply the time they spend sitting reading through man pages and HOWTOs.
Either taking some time to plan the deployment more thoroughly or hiring an expert to do it takes money.
Actually, as a South American (Argentinian) I can say that at least in spanish speaking countries the word for "American" (Americano) is widely and proudly used to describe inhabitants of the "American continent" (from North to Central and South America) "Sudamericano" (South American) is also used, with an obviously more restricted meaning.
At least in Argentina the use of "Americans" by citizens of the USA is resented... and they're never ever called "Americanos" but rather "Estadounidenses" (Meaning "From the united states"... a bit like "United statian"), "Norteamericanos" (North Americans), if not "Yanquis" (Yankees) or Gringos (which is not as used in Argentina as in other english speaking countries).
So the government is making a big deal out of their non-encryption and the Guardian is making a big deal out of their non-cracking.
What I see here is that both are feeding the general public complete garbage... which has nothing to do with the real discussion on whether these passports are secure enough or not.
Yes, what you just described is mostly what digital signatures are all about AFAIK... and they're already doing it. No need to include the private key with the data when you do this... the private key can be held at a "highly secret location" by a "trusted party".
Okay, that you for showing you have no understanding of cryptography. The problem with DVD encryption is that is what a weak cipher. It is built on a 40-bit key (mistake one) and a stream cipher (potential mistake two). This weak encryption method was the real problem with CSS, not some fundamental flaw of cryptography.
My understanding of cryptography is probably weak... yet I though that CSS was not broken because they cracked the weak cipher, but rather because whoever made the XING software DVD Player forgot to encrypt the decryption key or something like that. And anyway... since you're handing me the ciphertext (CSS encrypted DVD), the decryption key (in the player), and expecting me to use them to generate the plaintext (the digital video) I don't see how the scheme could be actually secure.
Encryption is usually about everybody not having the password... so if every agent in an airport has it, or if every DVD player has it inside, there's no way it can be really secure. You basically want "everybody" to decrypt the data... not a surprise if they're able to.
I certainly agree that making sure the checks are made is an issue. But the willingness of a store employee to check my personal data shouldn't be the same as a federal agent in a more critical situation.
You could mandate a delay in authorizations (like Firefox does with downloads and extensions) during which the agent could check the face... you could have the agent's screen next to the window where the traveler is, so the photo would appear right next to the face... you could have the software take a picture from the traveler and present the agent with five different traveler photos plus the one from the passport and have him match both, in order to make sure he checks it. And that's just off the top of my head. I believe some good schemes could be devised that tie the automatic check to some task that would encourage or mandate the agent to perform a good visual ID.
I'm sure it's much easier to build a secure process than to build a secure passport.
I think the second only requires a small amount of imagination - clone a passport of someone who looks similar to you and you are good to go, especially since the customs agents will inevitably start relying on the computer to validate people rather than their own judgement.
You wouldn't even need to clone it for that... merely steal it. If agents inevitably start relying on the computer that's where the problem lies. The checking procedure could be designed in order to somehow "force" a visual ID.
There's a lot you can innovate in that direction, which deals more with psychology than encryption. While making un-clonable passports would probably be a lot harder if not impossible.
The author of the piece (yeah, TFA) gets his panties in a bunch because the encryption key of the passport (which has the data encrypted with 3DES) is passport number, date of birth and expiration date. Then he says:
So they are using strong cryptography to prevent conversations between the passport and the reader being eavesdropped, but they are then breaking one of the fundamental principles of encryption by using non-secret information actually published in the passport to create a 'secret key'
What fundamental principle of encryption are they breaking? If anything, a fundamental principle of encryption is that there can't be such a thing as a "secret key" if you're either putting it in the passport or if you're deploying it to everybody that needs to scan passports (remember DVD encryption?).
What's important is to have the data in the passport (along with the picture) digitally signed, in order to avoid tampering. The article claims that these passports are indeed signed and they didn't break the signature. Big surprise, since all they did was get a RFID reader and decrypt 3DES with the key right in front of them.
"If you can read the chip, then you can clone it," he says. "You could use this to clone a passport that would exploit the system to illegally enter another country."
Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports. And it could be more easily patched after deployment.
The article then presents some more valid points... but these have nothing to do with the basic encryption being broken. FUD mostly, surprise, surprise.
If it means I no longer have to pay for any Universal CDs because Microsoft is doing it for me then I'm getting a Zune right now! Woo hoo!
But I suspect that just like with the "blank cds tax" it means you are paying for being suspect of doing something that's still illegal and which you might get sued for. Brilliant... a tax that you shouldn't be paying, either because you don't download illegal MP3s or because accepting the tax as rightful means admitting to doing "copyright violations".
The thing is... where do you draw the line on what being "uninformed" means?
At the very least you would know if you're voting mostly for or somewhat against the current administration, and I assume you have some sort of opinion about the current administration. It'd be an informed vote, then. Of sorts.
You don't need to know medicine to choose a doctor. You try to get one you can trust.
Not so. You still need a firewall to monitor outgoing connections (which might be launched by malware) and to be protected even if some program (malware or not) decides to open some ports without your consent or knowledge. Also, to make sure you're not giving the same privileges to people in the internet as to people on your LAN (you might have a shared printer or disk).
I fail to see how I'm nuts. You shouldn't answer disrespectfully by default just because this is Slashdot.
My IE6 doesn't claim to have a "Delete cache" option. It does have a "Delete locally stored content from disk" option (or something like that, my IE6 is in Spanish). My IE7 is at home, so I can't check it right now... so it might actually claim to do something it doesn't, I'm not sure.
The disk copy is gone, but there's a copy in memory. Not so hard to understand, really...
My guess is this already happened in IE6, and probably in Firefox as well... the same thing happens with browsing history. Though you clear it, unless you restart the browser the "back" and "forward" buttons will still work and remember the pages you've been to.
Through the options window you can make IE ignore the cache and just load the pages every time... that's almost mandatory when working with web services and the like.
Kudos to apple for hosting a heck of a good trailers site...
... problem is, it's sometimes the ONLY place where you can find trailers for some movies. I guess they have some sort of deal with studios. And they force you to install the latest versions of Quicktime... the last one being unnecessarily bundled with iTunes (which I hate downloading or installing since I don't like the concept of "music library" or the iTunes GUI). Plus, even if you go and download Quicktime, it's a watered down version of a commercial product that lacks features like full screen playback. Woo hoo.
WMP was always a bit suck interface-wise... but at least it's a flimsy wrapper around Direct Show, which means you can easily program a new interface without knowing the first thing about video codecs.
To me, MS always bundled too little apps with the OS.
It took them until Windows XP to bundle a.zip decompressor (not as good as most shareware decompressors), or CD burning capabilities (so basic that any CD burner comes bundled with something better, though they might come in handy on occasion). And there's still no PDF viewer bundled, altough it's a very basic piece of software and Mac OS X comes with one.
Wordpad and Notepad are hardly enough for anyone, and I don't know why they still bother with Paint. The sound recorder app is so basic it's hardly useful. Hyperterminal and Imaging (two sort of "third party" apps) are a welcome addition, but they're less and less relevant each year. The games are the same old same old (they add a new one every five years).
It'd be stupid for them not to bundle Internet Explorer and Outlook express, since a browser and e-mail client are mandatory pieces of software in any new computer. Whether they should also bundle Mozilla and/or Opera it's a valid discussion, but since people would then expect them to give support for either I can see why Microsoft would never bundle them... or answer every call with "see if it works with IE" causing outrage among slashdotters.
Since they're free, I welcome that install CDs come with IIS, ASP.NET and other "Application Server" tecnologies... specially if that means they get security patches through Windows Update as any other standard componentes. I'd fail to see the harm if SQL Server Express (free) and Visual Studio Express (free) also came bundled as optional components, since almost nobody uses a DBMS or compiler/IDE just because it came bundled (as can be said of a web browser and a new user).
Slashdot Mirror
I actually think mostly the same... but I still sometimes get to places through URLs. Particularly if our hypothetical on-line tea store had a stone and mortar store they'd probably hand out cards or flyers with their URL. In cases like this the URL sometimes is all you've got because the store is new and Google hasn't indexed it yet, or the site has a low PageRank (lower at least than other search results), or because the store's name uses words that are too common.
So, the store would have to pay Google so whenever someone searches for "Solo Te Store" their link comes up... which would be like a DNS, except for the fact that I can pay for my competing store to show up on the same query and probably steal some customers.
Domain names are a really poor solution to identifying and accessing web sites, but alternatives seem to have their share of problems too.
Accented vowels would be a problem, at least in spanish. Though their use is "mandatory", people with mediocre spelling don't use them in the internet. Even people who use them don't always do it: even though the use of accents is mostly regular, there are many (and very common) irregular placements.
Let's say for instance we have an online shop for tea called "Sólo Té" (Tea Only). Both accents are due to irregular rules ("Sólo" = "Only" and "Solo" = "Alone", "Te" is a personal pronoun and "Té" = Tea). Some people would try the current www.solote.com, others would try the correct www.sóloté.com, some would try www.sólote.com and yet others www.soloté.com depending on their spelling capabilities.
What this basically means is that in order to make sure everybody finds your domain and to avoid phishing you have to register four different domains.
A solution to this problem could be what Google does right now with accents: map them to the unnacented vowel. Thus "Solo Te" and "Sólo Té" would both find the "Sólo Té" store.
I got modded funny, but it's actually true.
And killer chances for ad placement!!!
When watching this video Google Ads are offering me:
Stun guns: Free Shipping
Free shipping on all Tasers and Stun
Guns. Great Prices!!
Too bad there isn't an UCLA ad right next to it...
Archeologist from the 23rd century going through or email archives: "Wow! These guys must have had humongous penises with all the enlarging going on!"
It's not "bothering to familiarize with Linux"... it's "spending money so IT staff gets familiarized with Linux". Be it on courses, books or simply the time they spend sitting reading through man pages and HOWTOs.
Either taking some time to plan the deployment more thoroughly or hiring an expert to do it takes money.
Actually, as a South American (Argentinian) I can say that at least in spanish speaking countries the word for "American" (Americano) is widely and proudly used to describe inhabitants of the "American continent" (from North to Central and South America) "Sudamericano" (South American) is also used, with an obviously more restricted meaning.
At least in Argentina the use of "Americans" by citizens of the USA is resented... and they're never ever called "Americanos" but rather "Estadounidenses" (Meaning "From the united states"... a bit like "United statian"), "Norteamericanos" (North Americans), if not "Yanquis" (Yankees) or Gringos (which is not as used in Argentina as in other english speaking countries).
There's "Estados Unidos no Brasil" (United States of Brazil)... and everybody calls it simply "Brazil". So we have:
United States of Brazil -> Brazil
United States of Mexico -> Mexico
United States of America -> America
So the government is making a big deal out of their non-encryption and the Guardian is making a big deal out of their non-cracking.
What I see here is that both are feeding the general public complete garbage... which has nothing to do with the real discussion on whether these passports are secure enough or not.
Yes, what you just described is mostly what digital signatures are all about AFAIK... and they're already doing it. No need to include the private key with the data when you do this... the private key can be held at a "highly secret location" by a "trusted party".
Encryption is usually about everybody not having the password... so if every agent in an airport has it, or if every DVD player has it inside, there's no way it can be really secure. You basically want "everybody" to decrypt the data... not a surprise if they're able to.
I certainly agree that making sure the checks are made is an issue. But the willingness of a store employee to check my personal data shouldn't be the same as a federal agent in a more critical situation.
You could mandate a delay in authorizations (like Firefox does with downloads and extensions) during which the agent could check the face... you could have the agent's screen next to the window where the traveler is, so the photo would appear right next to the face... you could have the software take a picture from the traveler and present the agent with five different traveler photos plus the one from the passport and have him match both, in order to make sure he checks it. And that's just off the top of my head. I believe some good schemes could be devised that tie the automatic check to some task that would encourage or mandate the agent to perform a good visual ID.
I'm sure it's much easier to build a secure process than to build a secure passport.
You wouldn't even need to clone it for that... merely steal it. If agents inevitably start relying on the computer that's where the problem lies. The checking procedure could be designed in order to somehow "force" a visual ID.
There's a lot you can innovate in that direction, which deals more with psychology than encryption. While making un-clonable passports would probably be a lot harder if not impossible.
What fundamental principle of encryption are they breaking? If anything, a fundamental principle of encryption is that there can't be such a thing as a "secret key" if you're either putting it in the passport or if you're deploying it to everybody that needs to scan passports (remember DVD encryption?).
What's important is to have the data in the passport (along with the picture) digitally signed, in order to avoid tampering. The article claims that these passports are indeed signed and they didn't break the signature. Big surprise, since all they did was get a RFID reader and decrypt 3DES with the key right in front of them.
Don't see how you can... but anyway an exploit would be a problem with the reading software, not with the passports. And it could be more easily patched after deployment.
The article then presents some more valid points... but these have nothing to do with the basic encryption being broken. FUD mostly, surprise, surprise.
Yes, it struck me as well... why are indians concerned about the amazon? or is it the on-line bookstore they're trying to protect?
If it means I no longer have to pay for any Universal CDs because Microsoft is doing it for me then I'm getting a Zune right now! Woo hoo!
But I suspect that just like with the "blank cds tax" it means you are paying for being suspect of doing something that's still illegal and which you might get sued for. Brilliant... a tax that you shouldn't be paying, either because you don't download illegal MP3s or because accepting the tax as rightful means admitting to doing "copyright violations".
The thing is... where do you draw the line on what being "uninformed" means?
At the very least you would know if you're voting mostly for or somewhat against the current administration, and I assume you have some sort of opinion about the current administration. It'd be an informed vote, then. Of sorts.
You don't need to know medicine to choose a doctor. You try to get one you can trust.
Not so. You still need a firewall to monitor outgoing connections (which might be launched by malware) and to be protected even if some program (malware or not) decides to open some ports without your consent or knowledge. Also, to make sure you're not giving the same privileges to people in the internet as to people on your LAN (you might have a shared printer or disk).
I fail to see how I'm nuts. You shouldn't answer disrespectfully by default just because this is Slashdot.
My IE6 doesn't claim to have a "Delete cache" option. It does have a "Delete locally stored content from disk" option (or something like that, my IE6 is in Spanish). My IE7 is at home, so I can't check it right now... so it might actually claim to do something it doesn't, I'm not sure.
The disk copy is gone, but there's a copy in memory. Not so hard to understand, really...
My guess is this already happened in IE6, and probably in Firefox as well... the same thing happens with browsing history. Though you clear it, unless you restart the browser the "back" and "forward" buttons will still work and remember the pages you've been to.
Through the options window you can make IE ignore the cache and just load the pages every time... that's almost mandatory when working with web services and the like.
Would you be as kind as to point to some examples of what you call "Rogue" South American countries?
In the case of music videos, I'd say they're advertisements themselves.
I hate Quicktime.
... problem is, it's sometimes the ONLY place where you can find trailers for some movies. I guess they have some sort of deal with studios. And they force you to install the latest versions of Quicktime... the last one being unnecessarily bundled with iTunes (which I hate downloading or installing since I don't like the concept of "music library" or the iTunes GUI). Plus, even if you go and download Quicktime, it's a watered down version of a commercial product that lacks features like full screen playback. Woo hoo.
Kudos to apple for hosting a heck of a good trailers site...
WMP was always a bit suck interface-wise... but at least it's a flimsy wrapper around Direct Show, which means you can easily program a new interface without knowing the first thing about video codecs.
To me, MS always bundled too little apps with the OS.
.zip decompressor (not as good as most shareware decompressors), or CD burning capabilities (so basic that any CD burner comes bundled with something better, though they might come in handy on occasion). And there's still no PDF viewer bundled, altough it's a very basic piece of software and Mac OS X comes with one.
It took them until Windows XP to bundle a
Wordpad and Notepad are hardly enough for anyone, and I don't know why they still bother with Paint. The sound recorder app is so basic it's hardly useful. Hyperterminal and Imaging (two sort of "third party" apps) are a welcome addition, but they're less and less relevant each year. The games are the same old same old (they add a new one every five years).
It'd be stupid for them not to bundle Internet Explorer and Outlook express, since a browser and e-mail client are mandatory pieces of software in any new computer. Whether they should also bundle Mozilla and/or Opera it's a valid discussion, but since people would then expect them to give support for either I can see why Microsoft would never bundle them... or answer every call with "see if it works with IE" causing outrage among slashdotters.
Since they're free, I welcome that install CDs come with IIS, ASP.NET and other "Application Server" tecnologies... specially if that means they get security patches through Windows Update as any other standard componentes. I'd fail to see the harm if SQL Server Express (free) and Visual Studio Express (free) also came bundled as optional components, since almost nobody uses a DBMS or compiler/IDE just because it came bundled (as can be said of a web browser and a new user).