Rule 1: It's not secure unless it's encrypted.
Rule 2: It's not secure unless it's encrypted.
.
.
Rule 47: It's not secure unless it's encrypted.
.
etc
Rule 0: Encryption (on it's own) does not give you security. Sorry.
And, now, the important rules:
It's not secure "Because thay told me it was secure". The people at the other end of the link know less about security than you do. And that's scary.
It's not secure because "Nobody cares what I do online." Wrong. somebody might care. If it's online gaming, I will happily snoop your packets for an advantage.
I hate to spout the truism again, but here I go anyway: "Security is not a product. It's a process"
All you can do is manage the risks. There is no security.
Last year's task was to build a source-code optimiser for a high-level language. The organisers defined the language, provided examples and screwed up. The language was based around a finite state machine, and they forgot to mention that a variable called 'state' was available. They were *very* apologetic.
This sort of competition is fun and rewarding. But it won't help in the *real* world, where we all crank out database code for a living.
I'm sure you want a useable browser. How are you helping? Have you contributed code? Submitted talkbacks? Are you downloading the daily builds?
Or are you another pathetic little twerp with no skills?
Oh, sorry. You may have one skill: Screaming "I want it NOW! And its got to be FREE! And it's got to be PERFECT! Or I'll moan and moan and moan until I'm SICK!".
If that is your skill, then stick with it. One day, who knows, you may be good at it.
And since when didn't mozilla work? I run M16 all day happily as a browser. The mail stuff works. The usenet browser is one of the best there is. The IRC client runs fine for me.
</Sense of humour failure>
I hope you get your +5, funny. Then I really hope you download the source, compile it, play with it and have a lot of fun. I do.
Debunk #1: No it's not. Where did you get the shipping date from? It's done when it's done. Until then, run the stable (milestone) builds. You might be impressed. I am.
Rumour #2: It'll never ship. Too much feature creep, too late.
Debunk #2: And what new features are you talking about? There a some interesting things going on in the sidelines (MathML, for example) but the core of Mozilla is now pretty much feature-complete, and has been for a while
Rumour #3:They're trying to turn it into an operating system.
Debunk #3: No. It's a platform A significant part of a net user's 'screen time' is spent doing web/email/usenet/irc. Mozilla is meant to be the place where you spend that time. It can do all of those things well *now*.
Rumour #4: It's too flexible. It tries to do to much. It's too easy for people to hang things off it.
Debunk... Nope. Yes. It is very flexible. It is very extendable. But it's also very modular.
Because of the philosophy of mozilla (It's a platform, not a browser), you can do *anything* with it. At the moment, you'd be brave to build an office suite on it(unless you have about a terabyte of RAM). But you could. All the bits are there.
Whenever I use mozilla as 'just a browser', I feel guilty. It already does so much that it's astonishing.
I offer a free beer to the first person who sends me a solution to the Tower of Hanoi problem to me written in XUL. For the first person to write a C compiler in XUL, I'll buy their first session with a psychiatrist. They'll need it.
An American friend has informed me that the wonderful city of Reno (which I beleive is your home), in the thrice-blessed state of Nevada has state-supervised brothels and the highest incidence of syphilis in North America.
I am truly sorry. I didn't know.
But, on the bright side, I hear they're doing wonderful things with antibiotics these days. If it's too late for you, then think of the future generations.
Chiasmus. Sounds like a skin complaint. But it's not, is it? It's a rhetorical device. Is it your real name? If so, I apologise, and will represent you at no cost when you sue your parents.
But, I suspect, it's a name you chose to hide your real identity while you post inane comments.
I would apologise for calling you a bigot. In fact I will. When you prove you're not. But the attitude expressed in both the posts here seems to indicate that you consider that mocking someone because of their name is somehow acceptable. Maybe it is. Maybe I'm out of touch. Or maybe you need to grow up, move out of that sad little corner of the world you live in and get a life. Appreciate some diversity. Learn to accept that we're not all called Bubba. And, frankly, (I hate to break this to you) in most places, it's unusual for your brother to be your uncle as well.
Damn straight. Unless an encoder shoud ever fall into the 'wrong hands'. Then, it's open season. A system like this can *only* work if there is a secret algorithm. (alright, theoretically it can, but unless they implant chips in us all...)
And (this is important) a system that relies on a secret algorithm is not secure. Once the algorithm is public, the game is over. Insert billions for new game.
The only way SDMI can be done is if *every* file transfer requires a new key. Theoretically possible, but not realistic.
A small bet: If SDMI is not cracked wide open within one year from now, I will buy you a beer.
The guy's name is Talal Shamoon! In case you missed that, the guy's name is Talal Shamoon!!! Let's all make fun of him.
Yeah! Let's do it! His name isn't 'Bubba'! Let's take our pick-ups down their *now* and beat up on the fancy-pants. Hey - he did well in math at school - he's sure not one of us! Hand me mah shotgun, Ma! Ah'll be back for hot grits later!
I despair. You have devalued *anything* you *ever* say again, for the rest of your sad, bigotted little life.
Fact #3: If you leave unnecesary data (a watermark) in the stream, it is possible to identify the unnecessary data
Fact #4: If you can identify unneccesary data, you can remove it.
The only hard bit is identifying the unnecessary data. But, it's only a form of steganography. If you know the message is there, then all you have to do is find it. It may be hard, but given the past history of the companies involved with SDMI, it won't be *very* hard.
This is another example of the 'Trusted Client' problem There ain't no such puppy as a trusted client. There can't be.
The millions being invested in SDMI is a waste. I hope the people involved have a *very* good set of excuses ready for when the shareholders start asking where the money went.
In the meantime, I will pay for the music I listen to. I'll pay for the DVDs I want to watch. But I'll play them on the platform *I* choose.
Napster is a company that has a closed-source program that is designed for sharing files. They have in the past made efforts to stop other programs interoperating. Recently, they have tried to appeal to some unknown group by saying 'We're an open company'.
Well, they're not. Napster (the product) exists for people who can't manage an FTP session and have no morals. Napster (the business) is about money. We could argue all day about whose money, but you can be sure it's not theirs. All their money is going to lawyers. Just like it always has.
And the basic protocol sucks. I could understand it if the engineering were any good, but it's not.
"Napster, a company that facilitates downloading of copyrighted material (sometimes with the approval of the copyright holder, mostly not) has won a reprieve from their inevitable closure. Napster have always guarded the protocol they use, and have changed the protocol to prevent others from interoperating with them on more than one occasion. For some unknown reason, the erstwhile 'news for nerds' site slashdot has posted three stories about this today. Interestingly, they have been posting stories about 2600 (which is currently not responding) court case at a rate of less than one a day. Your intrepid reporter infers that/. cares more about ripping off music than it does about freedom to link to things that upset people with money. Back to you in the studio, Bob"
Thank you, Casey. And, right after this break: How much would you sell your birthright for? We have 300 million people right here who don't need paying. But first, listen to these important messages..."
I agree that expecting governments to do network security for us is insane. They'd do it badly.
Sysadmins already cooperate well together. Possibly not well enough yet, and some things need to change. If someone emails me and say's 'One of your boxes is DDoSing one of mine (not happened -yet) I *hope* I would bring the offending (cracked) box down fast, make the logs etc. available to law enforcement people and generally try to nail the criminal. In return, I would expect a level of diligence from law enforcement people to prosecute the perpetrator hard. We don't need draconian penalties. Just make them totally liable for all costs and ban them from access to the net for a period.
One of the major problems is getting evidence that is acceptable in a court. Lawyers will do anything to discredit evidence if there is the *slightest* chance it might have been tampered with; and we all know how hard it is to modify a logfile.
Berate me for stupidity, but I can't read the page at www.iam.com.
Looking at the code for the page, you have to be running a browser that supports "ClassID" (which means IE on Intel or Mac). If you haven't got IE, then you will remain sadly ignorant of what they have to sell. But, by reading the JavaScript is must be krad leet g3ar, or they wouldn't have variable names such as "hazyobrowsagotskilz" (I kid you not - read the source)
If I hired a company to build me a site, and it only worked with IE on x86 and mac, I wouldn't sue them. I'd smear their low-grade brains all over the immediate enviroment. With a shotgun.
There is a huge infrastructure in place for refining, distributing and using gasoline/petrol.
It also has some excellent properties. Huge specific energy of combustion(Joules/Kg), fairly safe and easy to store (with care). If you were selecting a fuel for vehicles from scratch, you would consider ease of extraction, price, safety, specific energy, costs of storage etc. And the answer would probably be Diesel, rather than petrol. In UK the number of Diesel cars has increased enormously over the last 15 years, largely because it is fractionally cheaper.
Other choices: Natural gas is viable. It's more costly to store, but cheaper to extract. It is used to power some vehicles in London. Limited refuelling points is an issue, but will get better. Hydrogen is an excellent fuel, but is *very* hard to store. Vegetable oils are used in some buses in UK. This is quite expensive, and the exhaust smells vile. Electric power is still hampered by issues with batteries. The technology is progressing slowly. Only really viable in cities with pollution problems.
Already cars getting 70 miles per gallon have been created simply by being dual electical/internal combustion.
To Americans this may seem strange, but many small European cars do 70-80mpg. A friend of mine has a Volgswagen Lupo (small, but five seats) that he drives 100 miles a day. It does 85mpg.
The main reason for this is fuel costs. A litre of fuel costs about 80p (in UK). That translates to $5.76 a gallon. You'd drive a fuel efficient car at that price.
So, Intel ship it to ISPs, who ship it to users. The ISPs will, therefore, be shipping a *lot* of GPL software, which is great. I'm sure they'll all make the source available (by FTP or whatever). But wouldn't it be nice if they made a point of informing the users (who will probably not know about free software) that they get a whole load of important rights with these systems.
If this sort of Linux-powered device becomes popular (and I think they will - even if not in this incarnation), I think it would be sad if the users didn't know how the software is developed and the freedoms it gives them. Most probably won't care, but it could make a difference to a significant number of people.
Perhaps the GPL should have a clause requiring distributors to specify clearly that software is under GPL.
The downside of shipping lots of Linux boxes to relatively non-technical users is the potential for extra load on the IRC channels and mailing lists where Linux support usually happens. A bit like the September that never ended. I know that RedHat, LinuxCare etc would be delighted to offer support, but you can't use free software for long without realising that excellent support is avavilable for free.
Dell have been shipping boxes with Linux pre-installed for over a year. They just don't shout about it much. Dell is big enough to do pretty much what it wants. They don't have to worry about Microsoft much. If Microsoft tries to impose penalties for failing to worship the Dear Leader, Dell have sufficient access to fat lawyers to take them to the court and win.
Dell are also well known for playing games with suppliers. They *only* ship Intel processors (honest). But they invite AMD engineers to their offices on a regular basis. The rumour is that they do this purely to keep Intel sharp. There are many stories of people seeing Dell boxes at exhibitions labelled 'AMD Inside'. But try and buy one and you get some *very* curious responses from Dell salesdroids.
Dell hates other companies being monopolies. They think that should be their job.
You have learnt enough perl to write a trivial script! Thankyou for sharing this demonstration of your skills with us. For your next trick, you might like to try turning to page 13 of 'Perl for Dummies'. For extra marks, please do it without spitting, sneezing, farting or exuding dandruff. If you are an honours candidate, you should try to locate the shower. We'll be asking you to use it later in the course.
I know this will be painful and difficult, but please see it as your first step towards becoming a civilised human being.
If you feel unable to move onwards at this stage in your social development, please consider going out, buying some spray cans and defacing a public building. Believe me, that takes more skill than writing trivial scripts and posting the output.
However, many problems still plague the infant platform such as standards and a central company to enforce those standards.
I apologise. I have clearly spent the whole of my life misunderstanding standards. Apparently, you need a central company to enforce them. I am so sorry for having thought that open standards work, and closed ones don't. Where do I sign up for re-education?
Please, just look at which standards are used and which aren't. TCP/IP is used by quite a lot of systems. AppleTalk isn't. FTP is used a fair bit. ICQ's proprietary 'send file' doesn't seem to be very popular outside AOL. More people use Ethernet on LANs than use Myrinet (which is often faster). More VCRs use VHS than (the technologically superior) Betamax.
What do the successful standards have in common, I wonder? Are they managed by a single company? I think not.
A standard is only succesful if it is truly open. If it's not, why should I (or anyone else) invest time, effort and shedloads of money developing for it? What's the guarantee that the 'controller' of the standard won't change it tomorrow for competitive advantage? Ever looked at Microsoft Office file formats? They are almost always incompatible between versions.
Succesful standards are there because they get used by lots of people. They get used by lots of people because those users believe that the standard will be stable, and that they can (if neccesary) influence development of the standard.
If you want a gaming standard for Linux (by which I assume you really mean X), then propose one. Invite the interested parties to contribute. Encourage feedback. Keep the process open. I'll say that again: Keep the process open.
Who do you trust for Internet standards? IETF or Microsith?
Assuming you're not an idiot, the only copies of the information are strongly encrypted. Your swap space is encrypted (or you never allow your keys near it - which is hard to do, I grant)
So, the attacker has to go after your encrypted keys, which means (effectively) brute-forcing your pass phrases. Before you notice your box has been rooted, because as soon as you do notice, you lock the attacker out, revoke your keys, and change your pass phrases.
Of course, in a non-ideal world, the attacker patches your binaries, and learns a lot about you from reading *every* unencrypted file on the box. They grab your trivial (login etc) passwords by brute force, thereby reducing the keyspace for their next attack enormously, because they know the sort of passwords you choose. But by now, you're up against serious opposition. It's cheaper to go and see the person you want to talk to than to protect against this mess.
I'm depressed now. Time to grab the latest OpenBSD release.
Well, not quite irrelevant. It should be one that has been bounced on for a few years by serious cryptanalysts with no serious (i.e. non-academic) weaknesses found.
Triple DES is *probably* strong and has stood years of abuse. RC4 is also thought to be strong, and is in the public domain whether RSA like it or not. It has the advantage that it can be coded in about 15 lines. Blowfish is also probably strong. So are *all* the AES candidates. I like Rijndael with 18 rounds and Twofish (I'm betting on Twofish becoming the standard). Serpent is also nice.
But all this is irrelevant. *All* the algorithms I have mentioned are strong against any meaningful attack, and unless you are encrypting gigabytes they all perform well enough on modern hardware.
None of this matters if your implementation sucks. What really matters are things like key generation, key management, ensuring keys are never stored anywhere inappropriate (like on a disk - how are you going to control swapping?), enforcing strong passphrases (this is very hard). Then there's system security. What if someone patches a binary to email them the key during encryption?
Basically, spend your time hardening the implementation. That's where you will be attacked.
Also, don't code them yourself (except for fun) - there are a number of free (usually public domain) implementations of these algorithms. These have been peer-reviewed and tested. The chance of blowing the strength of the algorithm with a stupid coding error is too high to risk.
Slashdot Mirror
Rule 1: It's not secure unless it's encrypted.
Rule 2: It's not secure unless it's encrypted.
.
.
Rule 47: It's not secure unless it's encrypted.
.
etc
Rule 0: Encryption (on it's own) does not give you security. Sorry.
And, now, the important rules:
It's not secure "Because thay told me it was secure". The people at the other end of the link know less about security than you do. And that's scary.
It's not secure because "Nobody cares what I do online." Wrong. somebody might care. If it's online gaming, I will happily snoop your packets for an advantage.
I hate to spout the truism again, but here I go anyway: "Security is not a product. It's a process"
All you can do is manage the risks. There is no security.
Last year's task was to build a source-code optimiser for a high-level language. The organisers defined the language, provided examples and screwed up. The language was based around a finite state machine, and they forgot to mention that a variable called 'state' was available. They were *very* apologetic.
This sort of competition is fun and rewarding. But it won't help in the *real* world, where we all crank out database code for a living.
Faster. Cheaper. Better. Pick any two.
I'm sure you want a useable browser. How are you helping? Have you contributed code? Submitted talkbacks? Are you downloading the daily builds?
Or are you another pathetic little twerp with no skills?
Oh, sorry. You may have one skill: Screaming "I want it NOW! And its got to be FREE! And it's got to be PERFECT! Or I'll moan and moan and moan until I'm SICK!".
If that is your skill, then stick with it. One day, who knows, you may be good at it.
Like you did. What was it you shipped?
And since when didn't mozilla work? I run M16 all day happily as a browser. The mail stuff works. The usenet browser is one of the best there is. The IRC client runs fine for me.
</Sense of humour failure>
I hope you get your +5, funny. Then I really hope you download the source, compile it, play with it and have a lot of fun. I do.
Share and enjoy.
Because of the philosophy of mozilla (It's a platform, not a browser), you can do *anything* with it. At the moment, you'd be brave to build an office suite on it(unless you have about a terabyte of RAM). But you could. All the bits are there.
Whenever I use mozilla as 'just a browser', I feel guilty. It already does so much that it's astonishing.
I offer a free beer to the first person who sends me a solution to the Tower of Hanoi problem to me written in XUL. For the first person to write a C compiler in XUL, I'll buy their first session with a psychiatrist. They'll need it.
An American friend has informed me that the wonderful city of Reno (which I beleive is your home), in the thrice-blessed state of Nevada has state-supervised brothels and the highest incidence of syphilis in North America.
I am truly sorry. I didn't know.
But, on the bright side, I hear they're doing wonderful things with antibiotics these days. If it's too late for you, then think of the future generations.
Chiasmus. Sounds like a skin complaint. But it's not, is it? It's a rhetorical device. Is it your real name? If so, I apologise, and will represent you at no cost when you sue your parents.
But, I suspect, it's a name you chose to hide your real identity while you post inane comments.
I would apologise for calling you a bigot. In fact I will. When you prove you're not. But the attitude expressed in both the posts here seems to indicate that you consider that mocking someone because of their name is somehow acceptable. Maybe it is. Maybe I'm out of touch. Or maybe you need to grow up, move out of that sad little corner of the world you live in and get a life. Appreciate some diversity. Learn to accept that we're not all called Bubba. And, frankly, (I hate to break this to you) in most places, it's unusual for your brother to be your uncle as well.
Sweetness and light,
Chaz
Remember, you won't have the encoder
Damn straight. Unless an encoder shoud ever fall into the 'wrong hands'. Then, it's open season. A system like this can *only* work if there is a secret algorithm. (alright, theoretically it can, but unless they implant chips in us all...)
And (this is important) a system that relies on a secret algorithm is not secure. Once the algorithm is public, the game is over. Insert billions for new game.
The only way SDMI can be done is if *every* file transfer requires a new key. Theoretically possible, but not realistic.
A small bet: If SDMI is not cracked wide open within one year from now, I will buy you a beer.
Peace, Love and MIPS.
The guy's name is Talal Shamoon! In case you missed that, the guy's name is Talal Shamoon!!! Let's all make fun of him.
Yeah! Let's do it! His name isn't 'Bubba'! Let's take our pick-ups down their *now* and beat up on the fancy-pants. Hey - he did well in math at school - he's sure not one of us! Hand me mah shotgun, Ma! Ah'll be back for hot grits later!
I despair. You have devalued *anything* you *ever* say again, for the rest of your sad, bigotted little life.
Enjoy your future on Social Security.
Now, who is trolling whom?
The only hard bit is identifying the unnecessary data. But, it's only a form of steganography. If you know the message is there, then all you have to do is find it. It may be hard, but given the past history of the companies involved with SDMI, it won't be *very* hard.
This is another example of the 'Trusted Client' problem There ain't no such puppy as a trusted client. There can't be.
The millions being invested in SDMI is a waste. I hope the people involved have a *very* good set of excuses ready for when the shareholders start asking where the money went.
In the meantime, I will pay for the music I listen to. I'll pay for the DVDs I want to watch. But I'll play them on the platform *I* choose.
Share and Enjoy.
Napster is a company that has a closed-source program that is designed for sharing files. They have in the past made efforts to stop other programs interoperating. Recently, they have tried to appeal to some unknown group by saying 'We're an open company'.
Well, they're not. Napster (the product) exists for people who can't manage an FTP session and have no morals. Napster (the business) is about money. We could argue all day about whose money, but you can be sure it's not theirs. All their money is going to lawyers. Just like it always has.
And the basic protocol sucks. I could understand it if the engineering were any good, but it's not.
Over to our correspondent in Reality:
/. cares more about ripping off music than it does about freedom to link to things that upset people with money. Back to you in the studio, Bob"
"Napster, a company that facilitates downloading of copyrighted material (sometimes with the approval of the copyright holder, mostly not) has won a reprieve from their inevitable closure.
Napster have always guarded the protocol they use, and have changed the protocol to prevent others from interoperating with them on more than one occasion. For some unknown reason, the erstwhile 'news for nerds' site slashdot has posted three stories about this today. Interestingly, they have been posting stories about 2600 (which is currently not responding) court case at a rate of less than one a day. Your intrepid reporter infers that
Thank you, Casey. And, right after this break: How much would you sell your birthright for? We have 300 million people right here who don't need paying. But first, listen to these important messages..."
"Robert, when are you going to take down that ugly-ass picture of a toad on your site?"
Moderators - this isn't my question. My friend fialar made me post it. Honest.
I agree that expecting governments to do network security for us is insane. They'd do it badly.
Sysadmins already cooperate well together. Possibly not well enough yet, and some things need to change. If someone emails me and say's 'One of your boxes is DDoSing one of mine (not happened -yet) I *hope* I would bring the offending (cracked) box down fast, make the logs etc. available to law enforcement people and generally try to nail the criminal. In return, I would expect a level of diligence from law enforcement people to prosecute the perpetrator hard. We don't need draconian penalties. Just make them totally liable for all costs and ban them from access to the net for a period.
One of the major problems is getting evidence that is acceptable in a court. Lawyers will do anything to discredit evidence if there is the *slightest* chance it might have been tampered with; and we all know how hard it is to modify a logfile.
The laws are there. Let's use them.
Berate me for stupidity, but I can't read the page at www.iam.com.
Looking at the code for the page, you have to be running a browser that supports "ClassID" (which means IE on Intel or Mac). If you haven't got IE, then you will remain sadly ignorant of what they have to sell. But, by reading the JavaScript is must be krad leet g3ar, or they wouldn't have variable names such as "hazyobrowsagotskilz" (I kid you not - read the source)
If I hired a company to build me a site, and it only worked with IE on x86 and mac, I wouldn't sue them. I'd smear their low-grade brains all over the immediate enviroment. With a shotgun.
There is a huge infrastructure in place for refining, distributing and using gasoline/petrol.
It also has some excellent properties. Huge specific energy of combustion(Joules/Kg), fairly safe and easy to store (with care). If you were selecting a fuel for vehicles from scratch, you would consider ease of extraction, price, safety, specific energy, costs of storage etc. And the answer would probably be Diesel, rather than petrol. In UK the number of Diesel cars has increased enormously over the last 15 years, largely because it is fractionally cheaper.
Other choices: Natural gas is viable. It's more costly to store, but cheaper to extract. It is used to power some vehicles in London. Limited refuelling points is an issue, but will get better. Hydrogen is an excellent fuel, but is *very* hard to store. Vegetable oils are used in some buses in UK. This is quite expensive, and the exhaust smells vile. Electric power is still hampered by issues with batteries. The technology is progressing slowly. Only really viable in cities with pollution problems.
I want a fission-powered motorbike.
Already cars getting 70 miles per gallon have been created simply by being dual electical/internal combustion.
To Americans this may seem strange, but many small European cars do 70-80mpg. A friend of mine has a Volgswagen Lupo (small, but five seats) that he drives 100 miles a day. It does 85mpg.
The main reason for this is fuel costs. A litre of fuel costs about 80p (in UK). That translates to $5.76 a gallon. You'd drive a fuel efficient car at that price.
So, Intel ship it to ISPs, who ship it to users. The ISPs will, therefore, be shipping a *lot* of GPL software, which is great. I'm sure they'll all make the source available (by FTP or whatever). But wouldn't it be nice if they made a point of informing the users (who will probably not know about free software) that they get a whole load of important rights with these systems.
If this sort of Linux-powered device becomes popular (and I think they will - even if not in this incarnation), I think it would be sad if the users didn't know how the software is developed and the freedoms it gives them. Most probably won't care, but it could make a difference to a significant number of people.
Perhaps the GPL should have a clause requiring distributors to specify clearly that software is under GPL.
The downside of shipping lots of Linux boxes to relatively non-technical users is the potential for extra load on the IRC channels and mailing lists where Linux support usually happens. A bit like the September that never ended. I know that RedHat, LinuxCare etc would be delighted to offer support, but you can't use free software for long without realising that excellent support is avavilable for free.
Share and Enjoy.
Dell have been shipping boxes with Linux pre-installed for over a year. They just don't shout about it much. Dell is big enough to do pretty much what it wants. They don't have to worry about Microsoft much. If Microsoft tries to impose penalties for failing to worship the Dear Leader, Dell have sufficient access to fat lawyers to take them to the court and win.
Dell are also well known for playing games with suppliers. They *only* ship Intel processors (honest). But they invite AMD engineers to their offices on a regular basis. The rumour is that they do this purely to keep Intel sharp. There are many stories of people seeing Dell boxes at exhibitions labelled 'AMD Inside'. But try and buy one and you get some *very* curious responses from Dell salesdroids.
Dell hates other companies being monopolies. They think that should be their job.
posted from an excellend Dell box running Linux
Your point being?
You have learnt enough perl to write a trivial script! Thankyou for sharing this demonstration of your skills with us. For your next trick, you might like to try turning to page 13 of 'Perl for Dummies'. For extra marks, please do it without spitting, sneezing, farting or exuding dandruff. If you are an honours candidate, you should try to locate the shower. We'll be asking you to use it later in the course.
I know this will be painful and difficult, but please see it as your first step towards becoming a civilised human being.
If you feel unable to move onwards at this stage in your social development, please consider going out, buying some spray cans and defacing a public building. Believe me, that takes more skill than writing trivial scripts and posting the output.
However, many problems still plague the infant platform such as standards and a central company to enforce those standards.
.sig missing due to ethanol consumption
I apologise. I have clearly spent the whole of my life misunderstanding standards. Apparently, you need a central company to enforce them. I am so sorry for having thought that open standards work, and closed ones don't. Where do I sign up for re-education?
Please, just look at which standards are used and which aren't. TCP/IP is used by quite a lot of systems. AppleTalk isn't. FTP is used a fair bit. ICQ's proprietary 'send file' doesn't seem to be very popular outside AOL. More people use Ethernet on LANs than use Myrinet (which is often faster). More VCRs use VHS than (the technologically superior) Betamax.
What do the successful standards have in common, I wonder? Are they managed by a single company? I think not.
A standard is only succesful if it is truly open. If it's not, why should I (or anyone else) invest time, effort and shedloads of money developing for it? What's the guarantee that the 'controller' of the standard won't change it tomorrow for competitive advantage? Ever looked at Microsoft Office file formats? They are almost always incompatible between versions.
Succesful standards are there because they get used by lots of people. They get used by lots of people because those users believe that the standard will be stable, and that they can (if neccesary) influence development of the standard.
If you want a gaming standard for Linux (by which I assume you really mean X), then propose one. Invite the interested parties to contribute. Encourage feedback. Keep the process open. I'll say that again: Keep the process open.
Who do you trust for Internet standards? IETF or Microsith?
And that helps how? (in an ideal world)
Assuming you're not an idiot, the only copies of the information are strongly encrypted. Your swap space is encrypted (or you never allow your keys near it - which is hard to do, I grant)
So, the attacker has to go after your encrypted keys, which means (effectively) brute-forcing your pass phrases. Before you notice your box has been rooted, because as soon as you do notice, you lock the attacker out, revoke your keys, and change your pass phrases.
Of course, in a non-ideal world, the attacker patches your binaries, and learns a lot about you from reading *every* unencrypted file on the box. They grab your trivial (login etc) passwords by brute force, thereby reducing the keyspace for their next attack enormously, because they know the sort of passwords you choose. But by now, you're up against serious opposition. It's cheaper to go and see the person you want to talk to than to protect against this mess.
I'm depressed now. Time to grab the latest OpenBSD release.
Well, not quite irrelevant. It should be one that has been bounced on for a few years by serious cryptanalysts with no serious (i.e. non-academic) weaknesses found.
Triple DES is *probably* strong and has stood years of abuse.
RC4 is also thought to be strong, and is in the public domain whether RSA like it or not. It has the advantage that it can be coded in about 15 lines.
Blowfish is also probably strong. So are *all* the AES candidates. I like Rijndael with 18 rounds and Twofish (I'm betting on Twofish becoming the standard). Serpent is also nice.
But all this is irrelevant. *All* the algorithms I have mentioned are strong against any meaningful attack, and unless you are encrypting gigabytes they all perform well enough on modern hardware.
None of this matters if your implementation sucks. What really matters are things like key generation, key management, ensuring keys are never stored anywhere inappropriate (like on a disk - how are you going to control swapping?), enforcing strong passphrases (this is very hard). Then there's system security. What if someone patches a binary to email them the key during encryption?
Basically, spend your time hardening the implementation. That's where you will be attacked.
Also, don't code them yourself (except for fun) - there are a number of free (usually public domain) implementations of these algorithms. These have been peer-reviewed and tested. The chance of blowing the strength of the algorithm with a stupid coding error is too high to risk.