he says the specs for C or C++, for example, are so big that the compilers that implement those specs will contain bugs
And he should know - I was unlucky enough to have to use his Zortech C++ compiler, and it was absolutely terrible. Loads of code generation errors, a debugger that couldn't cope with large programs, and generally a royal pain.
NT definitely had this problem, but Win2k seems to have solved it (mostly). I used to run as an admin on NT 4, but now I run as a power user on Win2k. The "RUNAS" command line tool lets me do exactly what you suggest - run a command as another user, ie the local admin. (And it lets you run a new shell if you want too.)
There's also the massively non-obvious-but-documented-if-you-know-where-to-lo ok feature that if you hold down shift while right-clicking a program (or something like that) the Explorer will let you do a run as.
Because they were (and are) designed to transmit voice not data.
Clever engineering is used to subvert this purpose, but it's obviously a lot easier to get a good data transfer system if you design it from scratch to transfer data.
In my experience most people leave there computers running at work 24x7 (not my power...). A few have too. I found old unix users just shut off there monitors..Microsoft could automatically shut off monitors on the NT login screen and set the machine to "sleep" but they don't. That would help a lot.
Ah but they do. Ordinary NT 4 will turn the screen off if you have an EnergyStar monitor and an appropriate screen saver installed (which probably came with the machine).
And 2000 does all the power saving stuff right out of the box. (The guy opposite me installed 2000 a few weeks ago; now when he comes in and touches his mouse in the morning his monitor turns back on, throwing a few nasty jitters through my screen.)
Consider connecting to Amazon (say). You verify the certificate and give your credit card number.
There's the rub. Do you really verify the certificate? Does your browser warn you if there are problems? Would you notice if the certificate was for a slightly differently spelled domain? Do you check if the certificate is on a revocation list?
Any user who doesn't always check these things very carefully is vulnerable to being spoofed by a fake server.
The proposal includes umlauts - it's based on a mapping to US-ASCII from any Unicode string. (Admittedly if you only wanted to represent a handful of European languages you'd come up with a different scheme, but it would obviously be less general.)
Presumably they're pitching it at the asian market cos that's where they expect to make money.
There are apparently good reasons for not allowing 8-bit characters not in US-ASCII in domain names - it would break too much.
Shame the questions are either really obvious or just downright strange. I get the impression the interviewer doesn't know much about encryption.
And where did the question about rfc2692 come from? I'm not surprised the reply was "No comment" (although "What are you talking about?" would be just as reasonable).
Perhaps I'm being stupid, but I don't really see how this is any worse than the situation with non-e-signatures
Suppose someone shows up in court with a document with what looks like my signature on it. This is evidence that I signed it. But I can introduce evidence that I didn't (e.g. by saying I didn't). It's then up to the other person to show that I really did - e.g. by comparing it to real examples of my signature, or getting a handwriting effect in. And ultimately the court/judge/jury will have to decide whether on the evidence I did or did not sign the document.
Similarly, someone may claim they have my electronic signature, but they still need to be able to prove to a court's satisfaction that I actually signed what they're holding. Depending on the sophistication of the technology used that may be more or less difficult.
If one forgets normal Slashdot paranoia and accept that the courts have a certain amount of common sense, where's the problem?
Don't forget that we've had technology around for 20 years that allows easy, undetectable duplication of signatures - fax machines. And yet the sky hasn't fallen.
There may easily be something I've missed - for a start I haven't seen the text of the act itself (URL anybody?). But I haven't seen anything here on Slashdot that points out any actual problems.
But it's a start on the bootstrapping process. Nanotechnology will be built by nanotechnology (how else?). Somehow we need to be able to build the tools that will build the tools... that will save/take over the world. That's where this sort of thing should come in.
There are certainly recorded cases of problems in the lighthouse era. Certain charming people would set up fake lighthouses to lure ships onto rocks, then steal the cargo & murder survivors, if any.
It just goes to show that there have always been unscrupulous people willing to subvert security systems. Bringing fancy electronics into it doesn't change the fundamental problems.
Not relying on security by obscurity means you should assume your attacker has full knowledge, and ensure that you are still secure. Obscurity by itself is not neccessarily a bad thing, only relying on it for security is.
It doesn't mean that you have to make it easy for the attacker to gain that knowledge, like telling the whole world. Why make life any easier for them?
As an example, it's a pretty safe assumption that the military's cipher systems are designed to be secure even if the attacker knows the algorithm. But the algorithms are still classified.
On the other hand, I agree that wide review is likely to improve security.
We're not talking about Hertz; we're talking about hertz. (The unit is spelled in lower case, to distinguish it from the man it's named after.)
And I know you're joking, but it's a bit silly to get the case wrong when replying to a post pointing out how slashdotters should understand case is important.
Not exatly. Power throughout the EU is nominal 230V, 50Hz. This includes both UK and France.
(UK used to be 240V, and everywhere else 220V. This was resolved by the bureaucrats deciding that both were sufficiently close to 230V that we could just pretend that's what they were, with sufficiently large tolerances. Hence the 'nominal'. In due course the allowed tolerances will decrease again, and then we'll really all be on 230V.)
Of course the plugs will stay different.
In any case, most laptops will take just about any power supply you can find, so this is all of purely theoretical interest.
The UK version of the same European law on privacy, which I assume is fairly similar, places restrictions on collecting "personal data". (Which is a good thing, and I'm amazed the States doesn't have something similar yet.)
But if all that is being sent up is what graphics card you have, without any information on who you are, then this isn't personal data.
A problem only arises if the data relates to an identifiable person; this doesn't. And personally I don't see a problem with it.
Interesting that you should ask who invented the light bulb as well as the first computer.
Others have pointed out that Colussus has a pretty strong claim to the first computer (only slightly hampered by the fact that it was officially secret until the 70s).
But are you sure Edison invented the light bulb? Joseph Swan had one earlier (although it didn't work that well).
There are of course strong cultural biases here: I'm British, as were Swan and Colussus. I'm sure a Frenchman could tell you the two Frenchmen who invented the lightbulb & computer, and so on for other nationalities.
And you're just following the American bias on this.
Slashdot Mirror
> Can a melicious version of this code be put out there
;-)
Would that be what they call a honey trap?
Sometimes intent is the crux of whether a crime has been committed or not.
For example, getting married is a crime - if you do so believing that you are already married (even if you're wrong), then it's bigamy.
Similarly giving truthful evidence under oath can be a crime - if you do so believing it to be untrue.
(This is true in my local jurisdiction, anyway. YMMV)
Obviously intent can be difficult to prove, but the courts seem to manage to cope OK.
And he should know - I was unlucky enough to have to use his Zortech C++ compiler, and it was absolutely terrible. Loads of code generation errors, a debugger that couldn't cope with large programs, and generally a royal pain.
NT definitely had this problem, but Win2k seems to have solved it (mostly). I used to run as an admin on NT 4, but now I run as a power user on Win2k. The "RUNAS" command line tool lets me do exactly what you suggest - run a command as another user, ie the local admin. (And it lets you run a new shell if you want too.)
o ok feature that if you hold down shift while right-clicking a program (or something like that) the Explorer will let you do a run as.
There's also the massively non-obvious-but-documented-if-you-know-where-to-l
Because they were (and are) designed to transmit voice not data.
Clever engineering is used to subvert this purpose, but it's obviously a lot easier to get a good data transfer system if you design it from scratch to transfer data.
Ah but they do. Ordinary NT 4 will turn the screen off if you have an EnergyStar monitor and an appropriate screen saver installed (which probably came with the machine).
And 2000 does all the power saving stuff right out of the box. (The guy opposite me installed 2000 a few weeks ago; now when he comes in and touches his mouse in the morning his monitor turns back on, throwing a few nasty jitters through my screen.)
The article talks about trolley buses, not trams.
(Trolley buses are ordinary buses powered by overhead electric cables; trams are light rail systems usually similarly powered.)
But it's right these things still exist; the article mentions the ones in Vancouver, which I've seen and seem to work pretty well.
There's the rub. Do you really verify the certificate? Does your browser warn you if there are problems? Would you notice if the certificate was for a slightly differently spelled domain? Do you check if the certificate is on a revocation list?
Any user who doesn't always check these things very carefully is vulnerable to being spoofed by a fake server.
No it isn't.
You may be thinking the comment somehow becomes part of the macro definition and is substituted in where the macro is used. If so, you're wrong.
(There were some ancient buggy compilers that did this. But standard C++ doesn't.)
The proposal includes umlauts - it's based on a mapping to US-ASCII from any Unicode string. (Admittedly if you only wanted to represent a handful of European languages you'd come up with a different scheme, but it would obviously be less general.)
Presumably they're pitching it at the asian market cos that's where they expect to make money.
There are apparently good reasons for not allowing 8-bit characters not in US-ASCII in domain names - it would break too much.
Shame the questions are either really obvious or just downright strange. I get the impression the interviewer doesn't know much about encryption.
And where did the question about rfc2692 come from? I'm not surprised the reply was "No comment" (although "What are you talking about?" would be just as reasonable).
Perhaps I'm being stupid, but I don't really see how this is any worse than the situation with non-e-signatures
Suppose someone shows up in court with a document with what looks like my signature on it. This is evidence that I signed it. But I can introduce evidence that I didn't (e.g. by saying I didn't). It's then up to the other person to show that I really did - e.g. by comparing it to real examples of my signature, or getting a handwriting effect in. And ultimately the court/judge/jury will have to decide whether on the evidence I did or did not sign the document.
Similarly, someone may claim they have my electronic signature, but they still need to be able to prove to a court's satisfaction that I actually signed what they're holding. Depending on the sophistication of the technology used that may be more or less difficult.
If one forgets normal Slashdot paranoia and accept that the courts have a certain amount of common sense, where's the problem?
Don't forget that we've had technology around for 20 years that allows easy, undetectable duplication of signatures - fax machines. And yet the sky hasn't fallen.
There may easily be something I've missed - for a start I haven't seen the text of the act itself (URL anybody?). But I haven't seen anything here on Slashdot that points out any actual problems.
But it's a start on the bootstrapping process. Nanotechnology will be built by nanotechnology (how else?). Somehow we need to be able to build the tools that will build the tools ... that will save/take over the world. That's where this sort of thing should come in.
There are certainly recorded cases of problems in the lighthouse era. Certain charming people would set up fake lighthouses to lure ships onto rocks, then steal the cargo & murder survivors, if any.
It just goes to show that there have always been unscrupulous people willing to subvert security systems. Bringing fancy electronics into it doesn't change the fundamental problems.
Not relying on security by obscurity means you should assume your attacker has full knowledge, and ensure that you are still secure. Obscurity by itself is not neccessarily a bad thing, only relying on it for security is.
It doesn't mean that you have to make it easy for the attacker to gain that knowledge, like telling the whole world. Why make life any easier for them?
As an example, it's a pretty safe assumption that the military's cipher systems are designed to be secure even if the attacker knows the algorithm. But the algorithms are still classified.
On the other hand, I agree that wide review is likely to improve security.
We're not talking about Hertz; we're talking about hertz. (The unit is spelled in lower case, to distinguish it from the man it's named after.)
And I know you're joking, but it's a bit silly to get the case wrong when replying to a post pointing out how slashdotters should understand case is important.
Not exatly. Power throughout the EU is nominal 230V, 50Hz. This includes both UK and France.
(UK used to be 240V, and everywhere else 220V. This was resolved by the bureaucrats deciding that both were sufficiently close to 230V that we could just pretend that's what they were, with sufficiently large tolerances. Hence the 'nominal'. In due course the allowed tolerances will decrease again, and then we'll really all be on 230V.)
Of course the plugs will stay different.
In any case, most laptops will take just about any power supply you can find, so this is all of purely theoretical interest.
The UK version of the same European law on privacy, which I assume is fairly similar, places restrictions on collecting "personal data". (Which is a good thing, and I'm amazed the States doesn't have something similar yet.)
But if all that is being sent up is what graphics card you have, without any information on who you are, then this isn't personal data.
A problem only arises if the data relates to an identifiable person; this doesn't. And personally I don't see a problem with it.
Interesting that you should ask who invented the light bulb as well as the first computer.
Others have pointed out that Colussus has a pretty strong claim to the first computer (only slightly hampered by the fact that it was officially secret until the 70s).
But are you sure Edison invented the light bulb? Joseph Swan had one earlier (although it didn't work that well).
There are of course strong cultural biases here: I'm British, as were Swan and Colussus. I'm sure a Frenchman could tell you the two Frenchmen who invented the lightbulb & computer, and so on for other nationalities.
And you're just following the American bias on this.