Or it could be the case that they were just dupes rather than in cahoots with the NSA
The crypto community was uncomfortable with Dual EC DRBG since shortly after it was first promulgated through NIST. If RSA was unaware of this, that's also something they don't want to advertise.
I attended a class at WWDC on this, in '98, and "the next release" was going to support resolution-independent Cocoa "fully". That would have been 10.3 at the time IIRC.
Yeah, more than fifteen years ago. At some point you need to conclude that they don't really care about doing it right.
Something to do with how memory is recalled and then re-remembered
You're probably thinking of the propranolol trial. There has also been promising results with MDMA, also thought to be blocking the re-encoding of bad memories.
aside: submitters - this is Slashdot - you don't have to relate every bit of science to some tangentially related Hollywood movie plot.
Hell, most owners re-key them as a matter of course when they buy them.
What happens when smoke starts coming from one of the units? Or, less dramatically, if there's maintenance that needs to happen for shared systems (plumbing, etc.)?
Also, it seems very unlikely that he's the only one with a key to his flat. If it's a flat, that means it's in a shared building. If he's renting the landlord has a key, for emergency and notified inspection purposes. If he's got a condo, the superintendent has a key for emergency purposes. Unless he owns the building and has a pick-proof lock, his claims on physical security seem to be overstated. OK, I guess he could have an extraordinary contract, but a power outage seems more likely given the information we have.
1) that market is huge for a small/medium business. At Microsoft they can't do anything that won't generate hundreds of millions of dollars. Big multinational corporations suck in terms of nimbleness / addressing the long tail.
2) I think they always should have charged $19/yr for updates, and past 10 years that should have been increasing at $10/yr. That would address the market, but screw all the pirates who keep Windows as a standard. There's not a provable "market" now because nobody is putting their money where their mouth is (except perhaps Munich, et. al.).
If they did #2, all the corporate customers who "simply can't upgrade because X" would find themselves rolling out Win7 within six months because they no longer have a freeloading option.
Have a $16M CNC machine that has to run XP for its control software? Fine, stick it on a VLAN, stick the VLAN behind a firewall, and null route its access to the Internet and only allow SFTP out to the LAN. Keep using XP forever, for all I care.
But that's not the use case most people are bitching about - they just want to run XP forever because it works fine as a program launcher for Outlook 2003 and IE6, and screw the world if their machines get pwned for a botnet.
Of those reasons, I'm betting #1 is 'No driver support for half the hardware in the system.'
Who wrote the initial drivers? Microsoft or third parties? If third parties, are they still around? If so, why aren't they supporting Win7? Does Linux support that hardware?
I have tons of equipment that's better than crap being produced today, but drivers for it don't exist past XP.
Fine, just don't connect your machine to the Internet and put others' at risk.
Microsoft's big "problem" is "free updates". They should have a yearly subscription fee and that should increase as the OS gets older at some predictable rate. That's how to properly price ration an old OS's updates. They simply can't be expected to support XP forever, for free.
On the other hand, they thrive on piracy, so I understand why they have this arrangement.
In theory, sure. In reality, there's a reason that countries with strong currencies have strong militaries to protect those currencies.
Not everybody feels that a currency backed by violence is an ethical arrangement. Nor do they feel that allowing politicians to destroy the value of a currency is a wise course of action.
That's a great point. I'd like to see an open source group get a grant to keep CM (or its successor if they close up) updated for old devices, so less affluent people can have good access to technology.
KitKat should make that even easier, with better memory requirements.
Look. We need state governments and we need a federal government.
The population of the US was about 3.5 million when the Constitution was ratified. That's about the size of Iowa now. California / 6 = 6 million-ish per State (if it goes along population boundaries), about the size of Denmark.
I'm not sure why anybody thinks we need a government to control 300,000,000 people when that sized government comes with such clear problems.
When this was last a Slashdot "story" somebody said, "he's probably busy - here's his phone #, why doesn't somebody give him a call?" So, somebody did that and we get another "story".
The real "story" here is that a lead developer gave up on a project and left without communicating. Perhaps there's a good lesson here about Open Source project governance that.
It certainly is somewhat surprising that the security community and the State Department didn't foresee something like this happening as a result of the spying. How large their blinders must be to have missed this.
Heck, the CIA was warning about "blowback" for foreign operations all through the 90's. Who listened?
Even when it came they couldn't admit it ("they hate us for our freedoms").
P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).
Yeah, it's not like a government can forcibly seize assets and keep you from launching to begin with.
Who's going to invade China to seize their launch assets? Make no mistake, all this kerfuffle really is about China having a million people working on their space program and investing in human presence on The Moon and Mars whilst the other nations continue to shut down their productive capacity.
Space X is wonderful, but they'll always find a home somewhere on Earth for launches, even if their current host country decides to crush them. China would be one example of a country that would be likely to do so.
Property rights might come into play some day, when the moon is crowded or scarce materials are identified in limited places, but until then, good luck writing things down on paper on Earth and expecting anybody to care about that. Property on The Moon will belong to whoever gets there and defends their claim.
If any Earth Nation expects to shoot down transit flights to or from the moon to enforce their paper claim, the ramifications will be far more severe than if they simply did nothing. Perhaps the politicians will mumble and gurgle about it, but then do nothing, as is their typical pattern.
They can provide a polished, stable version of Android that is in many ways better than the original and provide support to the phone manufacturers (perhaps more cheaply than Google?), directly getting a cut from handset sales.
I've got an old Droid 3 that I like the hardware on but never did much like the software, which is now obsolete. One dev got 4.2 working except for the camera - if CM got the camera driver from Moto ($) and put out a KitKat build, I'd gladly pay $30-50 for that.
That's not a terrible business model. I'd also pay that kind of money yearly for an audited and updated build on any phone I carry.
There's a market for truly secure though. There's a very big market in fact.
"Truly free" is a necessary, but not sufficient precondition for "truly secure". This device would probably fine, and perhaps close to ideal, for an airgapped CA.
I'm suspicious of the firmware on the battery, though...
Don't be silly, it is precisely that capability which the carriers want to eliminate.
Yeah, if *you're* not controlling the access to the SIM module, then *somebody else* is. If anybody can think of a secure way to make this happen without the user losing control, please leave a comment.
Little by little, we are making enemies of the world, and until we change our ways
There's little reason for the world to believe in any change until we change our form of governance. Yeah, yeah, the GOP & Dems will give the issue lip service, but it'll be just like Obama's campaign promises unless the system itself gets an overhaul. The current system will provide current results.
Or it could be the case that they were just dupes rather than in cahoots with the NSA
The crypto community was uncomfortable with Dual EC DRBG since shortly after it was first promulgated through NIST. If RSA was unaware of this, that's also something they don't want to advertise.
Which, of course, it does not really do.
I attended a class at WWDC on this, in '98, and "the next release" was going to support resolution-independent Cocoa "fully". That would have been 10.3 at the time IIRC.
Yeah, more than fifteen years ago. At some point you need to conclude that they don't really care about doing it right.
Something to do with how memory is recalled and then re-remembered
You're probably thinking of the propranolol trial. There has also been promising results with MDMA, also thought to be blocking the re-encoding of bad memories.
aside: submitters - this is Slashdot - you don't have to relate every bit of science to some tangentially related Hollywood movie plot.
Hell, most owners re-key them as a matter of course when they buy them.
What happens when smoke starts coming from one of the units? Or, less dramatically, if there's maintenance that needs to happen for shared systems (plumbing, etc.)?
Also, it seems very unlikely that he's the only one with a key to his flat. If it's a flat, that means it's in a shared building. If he's renting the landlord has a key, for emergency and notified inspection purposes. If he's got a condo, the superintendent has a key for emergency purposes. Unless he owns the building and has a pick-proof lock, his claims on physical security seem to be overstated. OK, I guess he could have an extraordinary contract, but a power outage seems more likely given the information we have.
The market for it is obviously still there.
Two reasons:
1) that market is huge for a small/medium business. At Microsoft they can't do anything that won't generate hundreds of millions of dollars. Big multinational corporations suck in terms of nimbleness / addressing the long tail.
2) I think they always should have charged $19/yr for updates, and past 10 years that should have been increasing at $10/yr. That would address the market, but screw all the pirates who keep Windows as a standard. There's not a provable "market" now because nobody is putting their money where their mouth is (except perhaps Munich, et. al.).
If they did #2, all the corporate customers who "simply can't upgrade because X" would find themselves rolling out Win7 within six months because they no longer have a freeloading option.
Have a $16M CNC machine that has to run XP for its control software? Fine, stick it on a VLAN, stick the VLAN behind a firewall, and null route its access to the Internet and only allow SFTP out to the LAN. Keep using XP forever, for all I care.
But that's not the use case most people are bitching about - they just want to run XP forever because it works fine as a program launcher for Outlook 2003 and IE6, and screw the world if their machines get pwned for a botnet.
Of those reasons, I'm betting #1 is 'No driver support for half the hardware in the system.'
Who wrote the initial drivers? Microsoft or third parties? If third parties, are they still around? If so, why aren't they supporting Win7? Does Linux support that hardware?
I have tons of equipment that's better than crap being produced today, but drivers for it don't exist past XP.
Fine, just don't connect your machine to the Internet and put others' at risk.
Microsoft's big "problem" is "free updates". They should have a yearly subscription fee and that should increase as the OS gets older at some predictable rate. That's how to properly price ration an old OS's updates. They simply can't be expected to support XP forever, for free.
On the other hand, they thrive on piracy, so I understand why they have this arrangement.
In theory, sure. In reality, there's a reason that countries with strong currencies have strong militaries to protect those currencies.
Not everybody feels that a currency backed by violence is an ethical arrangement. Nor do they feel that allowing politicians to destroy the value of a currency is a wise course of action.
Naw, man, that's the Depends that you smell. And no shower on the other end - talk about a motivator.
That's a great point. I'd like to see an open source group get a grant to keep CM (or its successor if they close up) updated for old devices, so less affluent people can have good access to technology.
KitKat should make that even easier, with better memory requirements.
Look. We need state governments and we need a federal government.
The population of the US was about 3.5 million when the Constitution was ratified. That's about the size of Iowa now. California / 6 = 6 million-ish per State (if it goes along population boundaries), about the size of Denmark.
I'm not sure why anybody thinks we need a government to control 300,000,000 people when that sized government comes with such clear problems.
When this was last a Slashdot "story" somebody said, "he's probably busy - here's his phone #, why doesn't somebody give him a call?" So, somebody did that and we get another "story".
The real "story" here is that a lead developer gave up on a project and left without communicating. Perhaps there's a good lesson here about Open Source project governance that.
It certainly is somewhat surprising that the security community and the State Department didn't foresee something like this happening as a result of the spying. How large their blinders must be to have missed this.
Heck, the CIA was warning about "blowback" for foreign operations all through the 90's. Who listened?
Even when it came they couldn't admit it ("they hate us for our freedoms").
Nice, thanks - that's great. I was wondering how they turned the thing to make curves!
Actually, no, they won't. Zimbabwe, Angola, Zambia, and others have all rejected GM corn.
I'm trying to be careful of it here at home, but if I were starving that calculus would be much different.
"... We are now merely haggling over the price."
Oh, no, wait, it's $10M.
(apologies to George Bernard Shaw)
P.S. - AC, yes, if you used an RSA CA appliance with the default Dual EC DRBG PRNG configuration, your private key is probably easy to break and your traffic easy to intercept/decrypt if you're not using perfect forward secrecy (assuming that's not on an RSA appliance).
Yeah, it's not like a government can forcibly seize assets and keep you from launching to begin with.
Who's going to invade China to seize their launch assets? Make no mistake, all this kerfuffle really is about China having a million people working on their space program and investing in human presence on The Moon and Mars whilst the other nations continue to shut down their productive capacity.
Space X is wonderful, but they'll always find a home somewhere on Earth for launches, even if their current host country decides to crush them. China would be one example of a country that would be likely to do so.
Property rights might come into play some day, when the moon is crowded or scarce materials are identified in limited places, but until then, good luck writing things down on paper on Earth and expecting anybody to care about that. Property on The Moon will belong to whoever gets there and defends their claim.
If any Earth Nation expects to shoot down transit flights to or from the moon to enforce their paper claim, the ramifications will be far more severe than if they simply did nothing. Perhaps the politicians will mumble and gurgle about it, but then do nothing, as is their typical pattern.
But the proponents of SuSy claim that their theories are elegant!
Yeah, it's elegant except for all the magical unbroken superpartners that are too energetic to exist.
You had me. I looked at the specs and then............... blah.
Yeah, I'd love to support the underdog manufacturer, but I live in the 50% of the country (geo. not pop.) where only Verizon has reasonable coverage.
I know, Qualcomm is the evil, but being able to make calls is worth something.
They can provide a polished, stable version of Android that is in many ways better than the original and provide support to the phone manufacturers (perhaps more cheaply than Google?), directly getting a cut from handset sales.
I've got an old Droid 3 that I like the hardware on but never did much like the software, which is now obsolete. One dev got 4.2 working except for the camera - if CM got the camera driver from Moto ($) and put out a KitKat build, I'd gladly pay $30-50 for that.
That's not a terrible business model. I'd also pay that kind of money yearly for an audited and updated build on any phone I carry.
What other sci-fi movies are there? It's all shit.
According to TFS, Buffy is Sci-Fi. I knew right then not to read the article.
There's a market for truly secure though. There's a very big market in fact.
"Truly free" is a necessary, but not sufficient precondition for "truly secure". This device would probably fine, and perhaps close to ideal, for an airgapped CA.
I'm suspicious of the firmware on the battery, though...
Don't be silly, it is precisely that capability which the carriers want to eliminate.
Yeah, if *you're* not controlling the access to the SIM module, then *somebody else* is. If anybody can think of a secure way to make this happen without the user losing control, please leave a comment.
Little by little, we are making enemies of the world, and until we change our ways
There's little reason for the world to believe in any change until we change our form of governance. Yeah, yeah, the GOP & Dems will give the issue lip service, but it'll be just like Obama's campaign promises unless the system itself gets an overhaul. The current system will provide current results.