1. you have to give the user the plaintext for it to be useful (otherwise they cannot do ANYTHING with it)
2. you cannot give the user the plaintext for it to be even remotely secure (even giving them ciphertext is something that should be avoided)
you can do one of both but obviously it is impossible to do both
(btw, you do not have to be retransmitting anything, the radiation your tv gives of is more than enough to reconstruct the image in a 100m circle around it IIRC)
other practical thingies
-> you cannot avoid giving would-be hackers more than enough material to do whatever analysis they want (record every tv channel for 30 mins for example)
-> every hacker will know, probably down to the kilobyte in simpler devices, where the key is stored in tmemory
-> there are a lot of, both commercial and otherwise, incentives to be able to break this
-> revocation lists don't matter if every device can be broken in a matter of days and if not every single single device has a seperate key will infuriate consumers as they see their access revoced without having done anything.
-> giving every single device a seperate key requires a complete redesign of every cable network on the planet (as they simply do not have the capacity for 500 encrypted streams (10 channels/user, 50 users/subnet)
-> you obviously can record the decrypted data, i'd like to see them avoid recording the signal fed to the television tube, which, for obvious reasons, cannot be encrypted
-> there are already programs that record ms-drm'ed content by simply taking screenshots, and writing such a program is a trivial matter
-> tracing down decrypting users is possible with steganography, but it will require a VERY well designed system to do it, to the point that even todays best mathematitians haven't been able to do it. (they're trying though, it's possible, albeit unlikely that they will succeed)
So you are not at all bothered by *completely* lowering any and all defenses against hacking you have ? They can do ANYTHING they want in that program, and you wouldn't be able to make out the difference. Nevermind the possibility of your data getting destroyed/screwed in the process, or your windows/linux installation fucked up. You need administrative access on the network to check all the files, which is enough to manipulate the kernel, which is a security breach that can not be detected (if exploited right) and gives them full access to *all* your systems forever.
they're okay with people they don't trust running
unidentified software on their computers (that obviously
hold mission critical data), AND they let that software
communicate with an external server. They deserve no
better than what they will get, which is all their
trade secrets forced down their BACK ORIFICE and into
microsoft's hands.
Daniel Goscomb, one of the lead developers of Smoothwall, responds:
In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.
sjah... reading on
The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.
so you only have one layer of security ? The inability of any attacker to get a shell ? That's it ? I must admit I have not checked if you do that or not but...
In my opinion you should at least take a number of these precautions...
-> no shell access for nobody but root (of course this is enforced by putting a check in the main loop of bash, which mails "murder" if anybody tries differently)
-> all binaries --x--x--x, on a single partition which is the only one mounted without the "noexec" and with "ro" flag
-> *all* daemons chrooted, none have anything in their/bin or/sbin directory that even remotely resembles a shell or mount program (ie do not use perl, use mod_perl, do not use php, use mod_php, etc)
-> *all* programs compiled from source
-> there is no such thing as an irrelevant permission
Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.
plain text ? wrong permissions ? why would you take a chance ?
He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.
again... why take the chance ?
As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via.htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.
user authentication is only irrelevant until a hacker gets by the first layer of security (which apparently on your system is the *only* layer of security)
I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.
to quote the other article :
When a group of developers- more than ever one active in the spirit of GPL-want to successfully distribute a good product, they are usually interested in feedback, in order to improve their product. My concrete indications of security problems within SmoothWall found sheer disinterest with Richard Morrell, developer and project initiator. "That doesn't matter" was about the politest of all comments comment. Trust in the developer's competence and integrity is a basic pre-requisite for the usage of security relevant software. Morell has thoroughly destroyed mine."
this suggests he has contacted you... wether or not he did I cannot verify, but if he quotes answers from you ("That doesn't matter"), he probably did contact you, and you certainly confirmed that comment with the above reply, I politely wonder about the next part of that sentence (... was about the politest of all comments comment.)
Why wouldn't you simply launch a probe into orbit of a planet, so that the excess energy is used to maintain orbit, Nasa's been using gravity for both acceleration and deceleration for decades. You don't think that we can ourselves give sufficient energy to a probe to reach pluto in less than 2 years ?
One could compare the users to people who like to push buttons they don't know. If you don't absolutely trust the source DON'T EXECUTE IT ? Is it really that hard to comprehend ? If there's a red button on a cube-like humming box I made, you will not push it. Why is it that when I send you a program you do push the button ? NOT knowing what it does ?
And sjeesj, using outlook should be made a crime. Everybody knows it is the main tool for destroying the internet. It really should be banned. Don't let kids play with fire/knives/outlook !
-> The average add is 16-50kb
-> The average number of ads is 10 (it's BAD isn't it)
-> 10 spam messages a month per person who visits cnn.com
-> 1 spam message = at least 20 kb
-> cnn.com boasts 100.000 visitors daily
law enforcement logic:
the damage to our society not to mention our way of life is enormous
bsa logic:
1 megabyte = 0.35 cents, so that's costing us BILLIONS
american logic:
WILL SOMEONE PLEASE THINK OF THE CHILDREN
On the contrary, this would be a very good thing, If money is worth tracking (ie they go through the trouble) is has been somewhere interesting... now I realize you might be a megalomaniac, but why the hell would you (or some hacker) care how much money I'm carrying ? I can assure you it's not much, and not very interesting. No, this would eliminate "anonymous" money, which would be a very good thing people have a point when they say that if you don't want your wife to know you did something 1 of 2 things is wrong : she shouldn't be your wife, or you shouldn't be doing it. Now 1 person would care in that case : your wife, not me, not anybody else. And she will not get access to the database. Anonymous money is what makes crime possible (think about it) it's what makes hiring assasins possible, it's what makes fraud possible, etc etc. I say we get rid of it.
Money does not really mean anything anyway. It basically sucks. Science is (right now) bringing us closer and closer to a situation where anything but research and art is worthless. Now there aren't many researches, and there are very few artists (more than enough wannabies though). Most people cannot do meaningful jobs, even right now that trend is progressing (yes there are a number of people required to run mcdonaldses but dumb loan slaves should not represent a significant amount of people)
then again the romans did this : "bread and games" they called it. Maybe that's our future too.
Easy... gravity waves pass once, planets cause a recurring effect, and given a bit of statistics you can distinguis the two ( a fourier analysis should clear things up also )
They have the freedom to put any licence
on their project, even after it's released, so if
you want to make a commercial app with their
compiler, you'll have to get a licence from them,
but only if it is agressively copylefted (ie not
LGPL)
This is the same approach as taken by lineo,
it's just too bad they're not the best programmers
in their line of business (www.rtai.org), although
I'd play safe and still get a patent licence from
them, even though it's completely unfair that they
get money for an idea that wasn't theirs in the
first place (there were emulators back in 1980 so
one operating system on top of another is not
really an innovation).
Anything you do within the "sovereignty" of a country is governed over by the laws of a country. Since you americans have apparently decided that you fully control the DNS space, and thus the visible part of the internet, you should really not be surprised that antother country does the same
Europe does not want anything racist on it's wires, doesn't it have jurisdiction over those wires ? Certainly it does. How do you stop people from transmitting racist things ? Simple, you sue them. Is that legal ? Ofcourse because they willingly transmitted illegal stuff over Europe's wires. Are they going to get convicted ? Defineately.
In america you can say "Black people are the dumbest, most stupid assholes I've ever seen", but you cannot say "encryption X works like so...". I really don't get the principles you live by. Then again, as the last round of elections proved, neither do you. "Have a nice day".
it is a TECHNOLOGICAL LIMITATION, it is NOT a fundamental law of physics as you seem to be implying. The only problem is that we need to find something significantly lighter than a photon to detect that photon.
Image the situation like this : we're trying to detect an elephant by throwing elephants at it. Is it any wonder the originial elepant will respond to our "measuring" ? That is the real reason for Heisenberg's principle.
The second we detect an indirect way to detect photons (let's say we detect the gravitational surge) this law will apply only in a much more limited form. There are more than sufficient fields surrounding photons, we just need to build scanners sensitive enough to detect fields that weak (of course without amplifying them)
EVERY np complete problem can be mapped on any other (because it can be expressed in a simple logic language, and given one of the solutions you can generate any other by doing math with the solution you have). If you can calculate something that takes infinite processing power, you can calculate any other thing that requires that same amount.
The implications would be simple yet brutal, breaking a key of 128 bits would require 128 times the amount of time to break a 1 bit key.
There are still stronger mathematical formulae, but they must have continuous key spaces for encryption to work, if they want to defeat this, in other words, you will not only need an infinite amount of possible keys, but also an infinite amount of keys between any two given keys.
But that's not more than normal... you can destroy public key encryption in a simpler way...
The security of PKE is that you cannot easily determine the exponent of a given number. In other words given a and (a^n mod m), you cannot easily determine n. Right now there are algorithms that only work if n complies with a simple restriction. The alternative to that method is trying everything out. If some smart mind can generalise those algorithms we would have lost encryption as we know it...
I only know a dutch text discussing this... "Fundamenten van de informatica" by B.Demoen
If this thing gets somewhat more advanced you will eventually become able to use the classic "man in the middle" attack. And since there are no keys involved in the crypto, it will work if you have only a connection to the cable. Sure it will cause some extra errors, as you cannot exactly copy the state of the photons, but that will only lead to the session being restarted, wich will make the mitm attack even simpler.
I see only 1 advantage of using this over traditional electrical wires, you have to actually break the cable to get to the data, but that is also the case now with fibre-optics, so it really doesn't matter.
Embedded linux is so great because it comes entirely in source. The embedded market is the embedded market so you could do things to the drivers to adjust the operating system to your needs.
Let's say you want to build a hard-real-time audio processor, with windows such a thing is simply impossible, because adjusting the scheduler is not something you will be able to do. Furthermore the driver for the audio card IN SOURCE is required to test for problems there.
In my experience you can get an embedded linux kernel running on 3 megs of flash and 16 megs of ram (they didn't have anything smaller, so excuse me).
There are a lot of useful projects working with embedded linux (see opensource.lineo.com. let's see them duplicate those first. Also software that works on linux can simply work, without modifications (although people tend to make it somewhat smaller) on embedded linux.
This is microsoft marketing strategies... first, we give you a number of programs free... with the added promise that you can get a lot more free programs if you just switch over to linux (because 10% packages will never work on windows, 90% will not be updated nearly as fast as their linux counterparts), and we show you that you can actually do a lot more (be more up-to-date etc) if you just use linux...
When the Anglo-Dutch oil company tried to register shell.de as its website in May 1996, it discovered the name belonged to a firm that bought famous trade names and sold them on.
On the other hand...
"The judge said everyone had the right to a website in their name, regardless of whether it was for business or personal use."
However, this was meaningless if there was such a large gap between two interests claiming the name.
The name Shell was well known, the judge said, and most customers would expect to find the firm's website at shell.de, not that of the individual.
I hate to say it but this does sound as a valid point... Isn't using www.AndreasShell.de or www.FamilyShell.de a fair compromise between the two parties ? This is probably what the judge hopes to accomplish...
anti-hacking measures of the X-box, you are hereby requested to remove that comment from slashdot, any other websites you have posted it, irc of course, and -duh- your mind.
If you do not comply immediately we warn you that you face a fine of up to 500.000$ and 20 years in jail. Or we could just send someone to kill you, which would cost us max 50.000$ and 2 weeks in predetention
Should you comply immediately we can still do this. You have cost us $0.01 to post this on slashdot and we will not stand for it !
my dream handheld would not have a screen at all. It would be glasses, that project an interface to a computer on your arm (so it stays out of the way unless you want it to).
I'm really dreaming of something where you're finger (ideally any finger) is used to control the interface so that a multitude of interfaces can be provided, from a point and -well- point somewhat harder interface to a virtual keyboard and trackball
Ideally of course the handheld would be entirely contained within those glasses, and connectivity would be provided with built-in 802.11b(and a) and a bluetooth extension (with very good bandwidth) would provide the other connectors (firewire is a must, it beats the hell out of 100 mbit)
Disk space would be provided with a plastic band that goes around the back of your head, to avoid such a treasure falling off, and it could be filled with ibm microdrives.;-)
It would contain a color camera with good resolution (a firewire camera with at least 1024x768) (actually i think 2 camera's would be cool, one pointed backwards and one pointed forward, and moveable by software to stabilize the picture)
It would contain an array (I'm not kidding) of other sensors, but specifically accoustic sensors (ideally both soud, radiowaves and everything in between (VERY ideally every frequency simultaneously)) both sending and receiving, so it can be used to listen to people standing miles away (cellphone replacement, peer-to-peer networking, but also snooping, radar, seeing what's behind a wall...), and even to project sounds around you (such a thing just has to beat the crap out of even the best speakers you can find) (I know sound... radio... totally different things... different sensors jadda jadda jadda, but hey I'm dreaming)
Of course, a decent battery life is a must, but if you can include some solar panels (or like those watches that charge themselves a you move) it would be a plus.
You do realize that this would be VERY close to force software to be free.
This would destroy the ability of a hobby programmer to make a buck with a good program. (mirc springs to mind)
In the long run I believe it would destroy free software by making it unusuable for consulting companies (unless they do some heavy-duty legal maneuvering)
Disclosure of Middleware Interfaces- Microsoft will be required to provide software developers with the interfaces used by Microsoft's middleware to interoperate with the operating system. This will allow developers to create competing products that will emulate Microsoft's integrated functions.
Disclosure of Server Protocols- The Final Judgment also ensures that other non-Microsoft server software can interoperate with Windows on a PC the same way that Microsoft servers do. This is important because it ensures that Microsoft cannot use its PC operating system monopoly to restrict competition among servers. Server support applications, like middleware, could threaten Microsoft's monopoly.
Freedom to Install Middleware Software--Computer manufacturers and consumers will be free to substitute competing middleware software on Microsoft's operating system.
Ban on Retaliation--Microsoft will be prohibited from retaliating against computer manufacturers or software developers for supporting or developing certain competing software. This provision will ensure that computer manufacturers and software developers are able to take full advantage of the options granted to them under the proposed Final Judgment without fear of reprisal.
I must say this looks VERY promising...
I can't wait to see the microsoft docs for their protocols...
think about it for a split second
1. you have to give the user the plaintext for it to be useful (otherwise they cannot do ANYTHING with it)
2. you cannot give the user the plaintext for it to be even remotely secure (even giving them ciphertext is something that should be avoided)
you can do one of both but obviously it is impossible to do both
(btw, you do not have to be retransmitting anything, the radiation your tv gives of is more than enough to reconstruct the image in a 100m circle around it IIRC)
other practical thingies
-> you cannot avoid giving would-be hackers more than enough material to do whatever analysis they want (record every tv channel for 30 mins for example)
-> every hacker will know, probably down to the kilobyte in simpler devices, where the key is stored in tmemory
-> there are a lot of, both commercial and otherwise, incentives to be able to break this
-> revocation lists don't matter if every device can be broken in a matter of days and if not every single single device has a seperate key will infuriate consumers as they see their access revoced without having done anything.
-> giving every single device a seperate key requires a complete redesign of every cable network on the planet (as they simply do not have the capacity for 500 encrypted streams (10 channels/user, 50 users/subnet)
-> you obviously can record the decrypted data, i'd like to see them avoid recording the signal fed to the television tube, which, for obvious reasons, cannot be encrypted
-> there are already programs that record ms-drm'ed content by simply taking screenshots, and writing such a program is a trivial matter
-> tracing down decrypting users is possible with steganography, but it will require a VERY well designed system to do it, to the point that even todays best mathematitians haven't been able to do it. (they're trying though, it's possible, albeit unlikely that they will succeed)
So you are not at all bothered by *completely* lowering any and all defenses against hacking you have ? They can do ANYTHING they want in that program, and you wouldn't be able to make out the difference. Nevermind the possibility of your data getting destroyed/screwed in the process, or your windows/linux installation fucked up. You need administrative access on the network to check all the files, which is enough to manipulate the kernel, which is a security breach that can not be detected (if exploited right) and gives them full access to *all* your systems forever.
Damn can you believe some of these guys ?
they're okay with people they don't trust running
unidentified software on their computers (that obviously
hold mission critical data), AND they let that software
communicate with an external server. They deserve no
better than what they will get, which is all their
trade secrets forced down their BACK ORIFICE and into
microsoft's hands.
Daniel Goscomb, one of the lead developers of Smoothwall, responds:
... reading on
...
...
/bin or /sbin directory that even remotely resembles a shell or mount program (ie do not use perl, use mod_perl, do not use php, use mod_php, etc)
... why take the chance ?
.htaccess files, and has no interaction with the CGI at all, other than when you change the passwords.
... wether or not he did I cannot verify, but if he quotes answers from you ("That doesn't matter"), he probably did contact you, and you certainly confirmed that comment with the above reply, I politely wonder about the next part of that sentence ( ... was about the politest of all comments comment.)
In our opinion this article is extremely badly researched and written. Furthermore it shows a lack of knowledge on the author's part.
sjah
The main concern he has is that of people being able to log in to the firewall and read configuration files. This point is irrelevant as there is only a single user that can access the shell, root. This also removes the need of shadow password files, if you have access to the machine to get the passwd file, you are already in as root anyhow.
so you only have one layer of security ? The inability of any attacker to get a shell ? That's it ? I must admit I have not checked if you do that or not but
In my opinion you should at least take a number of these precautions
-> no shell access for nobody but root (of course this is enforced by putting a check in the main loop of bash, which mails "murder" if anybody tries differently)
-> all binaries --x--x--x, on a single partition which is the only one mounted without the "noexec" and with "ro" flag
-> *all* daemons chrooted, none have anything in their
-> *all* programs compiled from source
-> there is no such thing as an irrelevant permission
Secondly he complains of plain text passwords for the ppp passwords. This is not our doing. The passwords are stored in this format as pppd requires them to be in plain text in the two files. He also mentions that the permissions of these files are wrong. If he looked a little more closely he would have seen that they are in fact symlinks to the 2 real files, which do have the proper permissions on them.
plain text ? wrong permissions ? why would you take a chance ?
He also mentions the same "problem" with the shared keys system in FreeSWAN. Again, they are stored like this as FreeSWAN requires them in this format to read them.
again
As to the part about user authentification of the CGI scripts. This is completely irrelevant. There is no authentication in the CGI scripts. The authentication is done via
user authentication is only irrelevant until a hacker gets by the first layer of security (which apparently on your system is the *only* layer of security)
I also find it disturbing that the author gave us no room for comment in his article, nor did i see anything to suggest he had even asked us about these so called "problems". We would have been happy to answer any questions he had.
to quote the other article :
When a group of developers- more than ever one active in the spirit of GPL-want to successfully distribute a good product, they are usually interested in feedback, in order to improve their product. My concrete indications of security problems within SmoothWall found sheer disinterest with Richard Morrell, developer and project initiator. "That doesn't matter" was about the politest of all comments comment. Trust in the developer's competence and integrity is a basic pre-requisite for the usage of security relevant software. Morell has thoroughly destroyed mine."
this suggests he has contacted you
Why wouldn't you simply launch a probe into orbit of a planet, so that the excess energy is used to maintain orbit, Nasa's been using gravity for both acceleration and deceleration for decades. You don't think that we can ourselves give sufficient energy to a probe to reach pluto in less than 2 years ?
there's something wrong with people who execute it.
One could compare the users to people who like to push buttons they don't know. If you don't absolutely trust the source DON'T EXECUTE IT ? Is it really that hard to comprehend ? If there's a red button on a cube-like humming box I made, you will not push it. Why is it that when I send you a program you do push the button ? NOT knowing what it does ?
And sjeesj, using outlook should be made a crime. Everybody knows it is the main tool for destroying the internet. It really should be banned. Don't let kids play with fire/knives/outlook !
-> The average add is 16-50kb
-> The average number of ads is 10 (it's BAD isn't it)
-> 10 spam messages a month per person who visits cnn.com
-> 1 spam message = at least 20 kb
-> cnn.com boasts 100.000 visitors daily
law enforcement logic:
the damage to our society not to mention our way of life is enormous
bsa logic:
1 megabyte = 0.35 cents, so that's costing us BILLIONS
american logic:
WILL SOMEONE PLEASE THINK OF THE CHILDREN
american logic 2:
what do we care ?
american logic 3:
TERRORISTS !!!
the other guy is serious ... difference enough for ya ?
On the contrary, this would be a very good thing, If money is worth tracking (ie they go through the trouble) is has been somewhere interesting ... now I realize you might be a megalomaniac, but why the hell would you (or some hacker) care how much money I'm carrying ? I can assure you it's not much, and not very interesting. No, this would eliminate "anonymous" money, which would be a very good thing people have a point when they say that if you don't want your wife to know you did something 1 of 2 things is wrong : she shouldn't be your wife, or you shouldn't be doing it. Now 1 person would care in that case : your wife, not me, not anybody else. And she will not get access to the database. Anonymous money is what makes crime possible (think about it) it's what makes hiring assasins possible, it's what makes fraud possible, etc etc. I say we get rid of it.
Money does not really mean anything anyway. It basically sucks. Science is (right now) bringing us closer and closer to a situation where anything but research and art is worthless. Now there aren't many researches, and there are very few artists (more than enough wannabies though). Most people cannot do meaningful jobs, even right now that trend is progressing (yes there are a number of people required to run mcdonaldses but dumb loan slaves should not represent a significant amount of people)
then again the romans did this : "bread and games" they called it. Maybe that's our future too.
Easy ... gravity waves pass once, planets cause a recurring effect, and given a bit of statistics you can distinguis the two ( a fourier analysis should clear things up also )
want to hire me ? ;-)
Because they want to make money
They have the freedom to put any licence
on their project, even after it's released, so if
you want to make a commercial app with their
compiler, you'll have to get a licence from them,
but only if it is agressively copylefted (ie not
LGPL)
This is the same approach as taken by lineo,
it's just too bad they're not the best programmers
in their line of business (www.rtai.org), although
I'd play safe and still get a patent licence from
them, even though it's completely unfair that they
get money for an idea that wasn't theirs in the
first place (there were emulators back in 1980 so
one operating system on top of another is not
really an innovation).
Anything you do within the "sovereignty" of a country is governed over by the laws of a country. Since you americans have apparently decided that you fully control the DNS space, and thus the visible part of the internet, you should really not be surprised that antother country does the same
...". I really don't get the principles you live by. Then again, as the last round of elections proved, neither do you. "Have a nice day".
Europe does not want anything racist on it's wires, doesn't it have jurisdiction over those wires ? Certainly it does. How do you stop people from transmitting racist things ? Simple, you sue them. Is that legal ? Ofcourse because they willingly transmitted illegal stuff over Europe's wires. Are they going to get convicted ? Defineately.
In america you can say "Black people are the dumbest, most stupid assholes I've ever seen", but you cannot say "encryption X works like so
it is a TECHNOLOGICAL LIMITATION, it is NOT a fundamental law of physics as you seem to be implying. The only problem is that we need to find something significantly lighter than a photon to detect that photon.
Image the situation like this : we're trying to detect an elephant by throwing elephants at it. Is it any wonder the originial elepant will respond to our "measuring" ? That is the real reason for Heisenberg's principle.
The second we detect an indirect way to detect photons (let's say we detect the gravitational surge) this law will apply only in a much more limited form. There are more than sufficient fields surrounding photons, we just need to build scanners sensitive enough to detect fields that weak (of course without amplifying them)
EVERY np complete problem can be mapped on any other (because it can be expressed in a simple logic language, and given one of the solutions you can generate any other by doing math with the solution you have). If you can calculate something that takes infinite processing power, you can calculate any other thing that requires that same amount.
... you can destroy public key encryption in a simpler way ...
...
... "Fundamenten van de informatica" by B.Demoen
The implications would be simple yet brutal, breaking a key of 128 bits would require 128 times the amount of time to break a 1 bit key.
There are still stronger mathematical formulae, but they must have continuous key spaces for encryption to work, if they want to defeat this, in other words, you will not only need an infinite amount of possible keys, but also an infinite amount of keys between any two given keys.
But that's not more than normal
The security of PKE is that you cannot easily determine the exponent of a given number. In other words given a and (a^n mod m), you cannot easily determine n. Right now there are algorithms that only work if n complies with a simple restriction. The alternative to that method is trying everything out. If some smart mind can generalise those algorithms we would have lost encryption as we know it
I only know a dutch text discussing this
If this thing gets somewhat more advanced you will eventually become able to use the classic "man in the middle" attack. And since there are no keys involved in the crypto, it will work if you have only a connection to the cable. Sure it will cause some extra errors, as you cannot exactly copy the state of the photons, but that will only lead to the session being restarted, wich will make the mitm attack even simpler.
;-)
I see only 1 advantage of using this over traditional electrical wires, you have to actually break the cable to get to the data, but that is also the case now with fibre-optics, so it really doesn't matter.
just my thoughts, are they good ones ?
Embedded linux is so great because it comes entirely in source. The embedded market is the embedded market so you could do things to the drivers to adjust the operating system to your needs.
Let's say you want to build a hard-real-time audio processor, with windows such a thing is simply impossible, because adjusting the scheduler is not something you will be able to do. Furthermore the driver for the audio card IN SOURCE is required to test for problems there.
In my experience you can get an embedded linux kernel running on 3 megs of flash and 16 megs of ram (they didn't have anything smaller, so excuse me).
There are a lot of useful projects working with embedded linux (see opensource.lineo.com. let's see them duplicate those first. Also software that works on linux can simply work, without modifications (although people tend to make it somewhat smaller) on embedded linux.
You probably haven't checked the price of those 3d tools lately ... the only one in my pricerange is povray ...
;-)
... ;-)
We're not gonna copy those tools illegaly now are we ?
And btw, 3D studio 4 (the dos version) has a lot of possibilities and renders nearly real-time on an athlon 700
This is microsoft marketing strategies... first, we give you a number of programs free ... with the added promise that you can get a lot more free programs if you just switch over to linux (because 10% packages will never work on windows, 90% will not be updated nearly as fast as their linux counterparts), and we show you that you can actually do a lot more (be more up-to-date etc) if you just use linux ...
sounds like a winner to me
This may be a case of domain squatting
...
... ...
When the Anglo-Dutch oil company tried to register shell.de as its website in May 1996, it discovered the name belonged to a firm that bought famous trade names and sold them on.
On the other hand
"The judge said everyone had the right to a website in their name, regardless of whether it was for business or personal use."
However, this was meaningless if there was such a large gap between two interests claiming the name.
The name Shell was well known, the judge said, and most customers would expect to find the firm's website at shell.de, not that of the individual.
I hate to say it but this does sound as a valid point
Isn't using www.AndreasShell.de or www.FamilyShell.de a fair compromise between the two parties ? This is probably what the judge hopes to accomplish
anti-hacking measures of the X-box, you are hereby requested to remove that comment from slashdot, any other websites you have posted it, irc of course, and -duh- your mind.
If you do not comply immediately we warn you that you face a fine of up to 500.000$ and 20 years in jail. Or we could just send someone to kill you, which would cost us max 50.000$ and 2 weeks in predetention
Should you comply immediately we can still do this. You have cost us $0.01 to post this on slashdot and we will not stand for it !
my dream handheld would not have a screen at all. It would be glasses, that project an interface to a computer on your arm (so it stays out of the way unless you want it to).
;-)
...), and even to project sounds around you (such a thing just has to beat the crap out of even the best speakers you can find) (I know sound ... radio ... totally different things ... different sensors jadda jadda jadda, but hey I'm dreaming)
;-)
I'm really dreaming of something where you're finger (ideally any finger) is used to control the interface so that a multitude of interfaces can be provided, from a point and -well- point somewhat harder interface to a virtual keyboard and trackball
Ideally of course the handheld would be entirely contained within those glasses, and connectivity would be provided with built-in 802.11b(and a) and a bluetooth extension (with very good bandwidth) would provide the other connectors (firewire is a must, it beats the hell out of 100 mbit)
Disk space would be provided with a plastic band that goes around the back of your head, to avoid such a treasure falling off, and it could be filled with ibm microdrives.
It would contain a color camera with good resolution (a firewire camera with at least 1024x768) (actually i think 2 camera's would be cool, one pointed backwards and one pointed forward, and moveable by software to stabilize the picture)
It would contain an array (I'm not kidding) of other sensors, but specifically accoustic sensors (ideally both soud, radiowaves and everything in between (VERY ideally every frequency simultaneously)) both sending and receiving, so it can be used to listen to people standing miles away (cellphone replacement, peer-to-peer networking, but also snooping, radar, seeing what's behind a wall
Of course, a decent battery life is a must, but if you can include some solar panels (or like those watches that charge themselves a you move) it would be a plus.
I've obviously taken the RED pill
You do realize that this would be VERY close to force software to be free.
This would destroy the ability of a hobby programmer to make a buck with a good program. (mirc springs to mind)
In the long run I believe it would destroy free software by making it unusuable for consulting companies (unless they do some heavy-duty legal maneuvering)
from the press release :
...
...
Disclosure of Middleware Interfaces- Microsoft will be required to provide software developers with the interfaces used by Microsoft's middleware to interoperate with the operating system. This will allow developers to create competing products that will emulate Microsoft's integrated functions.
Disclosure of Server Protocols- The Final Judgment also ensures that other non-Microsoft server software can interoperate with Windows on a PC the same way that Microsoft servers do. This is important because it ensures that Microsoft cannot use its PC operating system monopoly to restrict competition among servers. Server support applications, like middleware, could threaten Microsoft's monopoly.
Freedom to Install Middleware Software--Computer manufacturers and consumers will be free to substitute competing middleware software on Microsoft's operating system.
Ban on Retaliation--Microsoft will be prohibited from retaliating against computer manufacturers or software developers for supporting or developing certain competing software. This provision will ensure that computer manufacturers and software developers are able to take full advantage of the options granted to them under the proposed Final Judgment without fear of reprisal.
I must say this looks VERY promising
I can't wait to see the microsoft docs for their protocols