We have to assume everything up to this point is compromised and start pretty much from scratch. Replace AES with TwoFish, re-design all the lower level protocols, increase all key lengths, remove any ability to downgrade security and mercilessly cut off clients that don't upgrade when an issue is found.
I don't think any of that is strictly necessary. Verify the math and inspect the implementations, but there's no need to throw it all away. Some amount of paranoia is justified, but throwing it all away goes too far.
The whole trusted certificate system has to be replaced as well, which is going to be hard.
I agree there are serious issues with the current system, but I am at a loss to come up with what would replace it.
Because the designers of the Linux random number generator code designed things such that if RdRand is compromised, it doesn't reduce the strength of the random number generated. However, if it is not compromised, then the randomness is stronger.
Why should we give up a potential benefit if there is no possible harm?
But for security purposes using it to unlock your phone or identify you to the device as the current user is pretty sweet
Sure, unless you're wearing gloves, or when you have wrinkled fingers from swiming or bathing, or you have grease on your fingers from eating, or you have a job where you have to wash your hands a lot (doctor, nurse, new parent, etc).
Rebasing is extremely handy when you have multiple branches being developed. Whenever a branch is merged, you rebase the other branches so that the merged feature gets pulled into each branch.
"Locks" like what is being suggested here is simply another point of failure on a system that is optimized to have as few failure points as possible. No one that knows anything about guns will willingly buy this.
There are people who get just as much satisfaction out of improving existing code as "feature" programmers get out of creating new features, both in the open source community and working for business.
If you identify the missing 10% and make it visible to those people, unless your process makes contributing painful or your code base is painful to work through, chances are someone will be willing to work on it, especially if they are directly impacted by it.
As an open source project, the best thing you can do to encourage people to help with the code is to make your codebase clean and readable and let people know what the issues are.
France can't turn down their nuclear stations without raising the cost of operation of them. So they have a surplus of night time energy that they have to sell at a loss.
This seems suspicious to me. Can you provide a link that explains this in useful detail?
I've been a happy user of FVWM for the last decade or so. The man page can be a bit daunting, but once you get a feel for configuring it (assuming you don't like one of the pre-packaged themes), it's kind of fun to mess with it.
Gentoo doesn't use systemd (unless you choose to). I think it defaults ot openrc (which may or may not be better, I suppose...works well enough for me).
For my pencil needs, I've settled on 0.3mm using 2B lead.
For my pen needs, I've put a fine blue fisher space pen refill in an Embassy Pen and love it. I've used space pen refills in various bodies for years now and absolutely love them.
IP over power lines is a horrible idea! The noise it creates across multiple bands is, quite frankly, illegal. Vendors made promises about keeping the noise within certain limits and they failed across the board. That's why IP over power lines is almost completely gone now.
The sad thing is that it took the HAMs pointing out the violations to get the authorities to act.
I've been using FVWM exclusively for close to a decade now, but I still hope that one of the "standard" desktop environments becomes usable enough that I no longer have to maintain my own.
There is nothing random about targeting military equipment, jammers or otherwise.
There is nothing random about placing military equipment in a school, hospital, or other traditionally civilian structure.
If you don't want something blown up, don't put military equipment in it. Tying your civilian infrastructure to your military infrastructure is just plane stupid.
Slashdot Mirror
We have to assume everything up to this point is compromised and start pretty much from scratch. Replace AES with TwoFish, re-design all the lower level protocols, increase all key lengths, remove any ability to downgrade security and mercilessly cut off clients that don't upgrade when an issue is found.
I don't think any of that is strictly necessary. Verify the math and inspect the implementations, but there's no need to throw it all away. Some amount of paranoia is justified, but throwing it all away goes too far.
The whole trusted certificate system has to be replaced as well, which is going to be hard.
I agree there are serious issues with the current system, but I am at a loss to come up with what would replace it.
Because the designers of the Linux random number generator code designed things such that if RdRand is compromised, it doesn't reduce the strength of the random number generated. However, if it is not compromised, then the randomness is stronger.
Why should we give up a potential benefit if there is no possible harm?
But for security purposes using it to unlock your phone or identify you to the device as the current user is pretty sweet
Sure, unless you're wearing gloves, or when you have wrinkled fingers from swiming or bathing, or you have grease on your fingers from eating, or you have a job where you have to wash your hands a lot (doctor, nurse, new parent, etc).
Rebasing is extremely handy when you have multiple branches being developed. Whenever a branch is merged, you rebase the other branches so that the merged feature gets pulled into each branch.
Then you haven't thought things through.
"Locks" like what is being suggested here is simply another point of failure on a system that is optimized to have as few failure points as possible. No one that knows anything about guns will willingly buy this.
There are people who get just as much satisfaction out of improving existing code as "feature" programmers get out of creating new features, both in the open source community and working for business.
If you identify the missing 10% and make it visible to those people, unless your process makes contributing painful or your code base is painful to work through, chances are someone will be willing to work on it, especially if they are directly impacted by it.
As an open source project, the best thing you can do to encourage people to help with the code is to make your codebase clean and readable and let people know what the issues are.
They do.
France can't turn down their nuclear stations without raising the cost of operation of them. So they have a surplus of night time energy that they have to sell at a loss.
This seems suspicious to me. Can you provide a link that explains this in useful detail?
I think the term you're looking for is "opportunity cost".
I've been a happy user of FVWM for the last decade or so. The man page can be a bit daunting, but once you get a feel for configuring it (assuming you don't like one of the pre-packaged themes), it's kind of fun to mess with it.
Gentoo doesn't use systemd (unless you choose to). I think it defaults ot openrc (which may or may not be better, I suppose...works well enough for me).
And what happens to your children or wife while you're cowering under your bed?
I will not depend on the kindness of someone who has already violated the sanctity of my house to protect the safety of my family.
When did the lack of religion become a religion?
I think you misunderstand what atheism is.
Complete this sentence: Theism is to Atheism what Religion is to _______?
For my pencil needs, I've settled on 0.3mm using 2B lead.
For my pen needs, I've put a fine blue fisher space pen refill in an Embassy Pen and love it. I've used space pen refills in various bodies for years now and absolutely love them.
A lot of momentum, sure, but also a lot of inertia...when things start going wrong, it can be hard to change course.
You try getting 35 mpg on a pot-hole filled road.
Can't be done.
FVWM has been my WM for almost a decade, but I'm willing to give these new DE's a try.
IP over power lines is a horrible idea! The noise it creates across multiple bands is, quite frankly, illegal. Vendors made promises about keeping the noise within certain limits and they failed across the board. That's why IP over power lines is almost completely gone now.
The sad thing is that it took the HAMs pointing out the violations to get the authorities to act.
Exactly this.
If you weren't an anonymous coward, I would have modded you up.
I've been using FVWM exclusively for close to a decade now, but I still hope that one of the "standard" desktop environments becomes usable enough that I no longer have to maintain my own.
How does the new legislation make things worse?
"Just deserts"
Or, if you prefer,
"What goes around, comes around"
The perception is that this move by Samsung is in direct response to Apple's litigation in other countries.
Don't be stupid.
There is nothing random about targeting military equipment, jammers or otherwise.
There is nothing random about placing military equipment in a school, hospital, or other traditionally civilian structure.
If you don't want something blown up, don't put military equipment in it. Tying your civilian infrastructure to your military infrastructure is just plane stupid.
The US can't start anything without provoking the Chinese, but if North Korea starts it, what are the Chinese going to do?
The problem is that we don't know what the climatologist accounted for or how they accounted for it because they didn't show their work.
Now that we have the data, we can do our own analysis and decide if the climatologists were right, kind of right, wrong, or malicious.
And now we wait to see the analysis of the data by 3rd parties.
This is how good science is done.