A quantum computer will probably never have 'registers' in the conventional sense since deterministic I/O like in a standard register would alter the quantum state every time a photon hit the qubits. In fact, beyond solving certain specific types of problems don't expect a quantum computer to be running minesweeper anytime soon. IANAP but from what I've seen of current experiments, the results aren't even exact like you would expect from a regular CPU, rather, a whole crapload of qubit runs are executed at once, and the most probable realized state is considered to be the 'answer'. I'm not even sure if it is possible to 'reset' the qubits after the operation without destroying them. Physcists, feel free to chime in now.
I do see your point, but remember that you could argue the RSA is useless because if I did it over a 32 bit address space it's easy to prime-factorize any number and therefore increasing it to a 2048 bit space is "just avoiding the problem". As CPU power increases it becomes more economical to move to more complex hash/ecryption schemes over larger address spaces. And there's even good news: it's a hell of a lot cheaper for me to move my PC to a new SHA system than it will be to crack it, even with the algorithm issues.
If it's encrypted, then it can't be tampered with anyway (assuming that your algorithm-of-choice hasn't been broken yet).
It is perfectly possible to deterministically alter an encrypted message. Another thing to remember is that in any PKI system, everyone knows your encryption key so unless there are signed hashes in the encrypted mail (and above & beyond that ALL of the relevant data are properly authenticated), Alice could easily fake a message from Bob that would be completely encrypted in your key.
First of all, I can't trust this article because it's not digitally signed!
Now, on to the point. If someone comes out and says: "the default Linux kernel released by most distributions is not secure." I'll say 'hell yes'. Note that this is not what TFA states, it is a much broader screed against open source in general.
The problem is that if Microsoft wanted to launch a rational attack on Linux's security they would also be attacking their own products. I'm not even talking about the differences between open and closed source here, I'm talking about the ways that Linux and Windows both are susceptible to security issues. Right now most default Linux distributions put out kernels and user-space utilities in a system that assumes every piece of software has to be perfect to ensure security! (especially anything running as root) Windows is basically the same way. Once a hole gets found, it is easily possible to hijack and entire system.
Now, at this point the arguments between Linux and Windows invariably devolve along the lines of: Linux gives you the source code so you can find the bugs yourself or Windows runs too many services and that's why its not secure. On the windows side we get arguments about how you 'can't trust unsigned open-source code!' (which actually does have some merit if you don't check source signatures you grab from some random mirror, but does not really speak to the OSS development model). The problem is that these arguments are more about which system is easier to band-aid than which system is innately more secure.
Let's really look at default Linux vs. Windows. Both have admin and user accounts, both follow a similar model of discretionary access controls, both can be hacked remotely although windows tends to get hit more because it runs too many standardized services.
The point of this very long rant is that Linux does indeed have security problems that are not of a nature much different than Windows. I would say the better track record of Linux so far is NOT due to it being open-source; that does help finding bugs, but plenty of Windows bugs are found and fixed before the Windows boxes are hacked. Instead it's because Linux (with some exceptions) does not install a bunch of stuff by default, Linux systems are not as homogeneous as Windows systems (software monoculture time), and Linux admins have historically been better than Windows admins (this is definitely something that will be subject to change in the next few years).
So is there a solution? Well, nothing is ever going to be perfect, but systems like SELinux and GRSec are big improvements because instead of saying "the whole system is perfect" they instead say "components in this system will be compromised, how to we isolate and protect it?"
There's a problem though, these systems require old-time Linux users to deal with new restrictions they might not want to deal with. I promise you that SELinux policies that work great on a production webserver would drive you insane on a development box, but you need to protect both machines, a hacker will target both.
I'll save my rant on Microsoft's security for when this story gets duped, it's another mess entirely. Just MS is foobarred should not be an excuse for not looking to find and fix problems in Linux.
I understand your confusion with the wacky measurements.... Here's the solution:
The speed of light is precisely 1 blarg per kroton.
See, it's no longer some arbitrary number!
but I just can't use a 64 bit desktop CPU anymore!
OK! If that's your problem I'll be happy to stop by and collect your 64 bit CPU and replace it with a state-of-the art i386 (DX!). Thank you come again.
Yes this story has already been posted. But don't worry! Since there is no link to Netcraft it will be duped again when there is official confirmation!
I want a laptop hard drive that doesn't use any battery power at all
Well if we are going to avoid rewriting the laws of physics (no they don't only exist to make money for the evil batter manufacturers) you had better tell me which non-battery source you want to power your non-existent harddrive. I hate to break it to you, but even if I could encode data at the quantum level using some insanely advanced storage technology.... it would still require some power.
Re:If you need to Kompile it yourself...
on
KDE 3.4 goes Beta
·
· Score: 2, Informative
It's not that bad on Gentoo. I mean, I have a mid-range P4 system that will spend roughly 6 hours compiling a full KDE install even with all the crap that I could forgo but don't bother to. As long as I'm not trying to play a 3D game or anything I can still get work done without any hassles.
Hey, I bet all the guys who have Athlon-64's will chime in now about how they get done compiling before they even have the packages downloaded:)
Uh huh... I just hope his skin color is correct and that he doesn't commit any cardinal sins like trying to work for a living. I've noticed that most people who really are getting the good stuff from govt. are usually the ones who made a point of being too good to do any work like the rest of us 'evil people' who actually pay the taxes.
No, actually it should be reduce... each stage is smaller---> more overall stages. Witness Prescott.. it has ~10 more pipeline stages than Northwood did, each one is doing less (and hence can be clocked faster)
Intel is now moving away from this since the performance gains just aren't there and the power consumption is getting terrible (like they said in the clock-less posts... you must distribute clock to all those stages amongst other power-sucking things)
If ksvg is so wonderful, please post a link showing a screenshot of the SVG weather svg app in action. The only thing I've ever seen from ksvg are some gimmicky static SVG images. Oh, and the svg icons ARE NOT SVG! They are.png's rendered from static svg images, and I'm not even sure they use any kde tools to make the svg icons in the first place.
Too bad Linux still doesn't have any type of real support for SVG in its main browsers (Firefox didn't even suggest downloading the crappy Adobe plugin)
SVG: Still Vapory Goodness in Linux.
Dude... They already did that back in the 80's.
See, there was this guy who looked a lot like David Hasselhoff, and he had this sweet camaro dipped in this stuff that made it impervious to any attack. I think the car's name was KITT or something. Anyway, they had many interesting adventures but while KITT was never scratched on the outside, they never could get Hasselhoff's perma-whitefro shedding out of the upholstry.
I can't believe my president has 'twang.'
Man I'm glad we've never elected ANY other presidents cough Abrahamn Lincoln cough who spoke with a twang.
And something else.. since you are probably the standard Slashdot anti-social ubergeek I bet that if we put you up in front of a crowd of people your nasal whining and stagefright would make that 'idiot' Bush look like Cicero.
Obviously Eh Steve Jobs is jealous of the Slashdot Borg icon that Bill gets. He wants to be Eh Steve of Borg* too, and hence has a subconcious cube fetish.
* Note that all of his borg cubes would have incredibly slick industrial plastic colors instead of that ugly guts-showing Bill O-the-Borg look.
When computers become as complicated as the human brain they will be able to "evolve" on their own, without the need of humans, and evolution will continue at a breakneck pace.
I think you're making the age-old mistake of confusing complexity with intelligence. I hate to say this but my linux box running on hardware millions of times faster than ENIAC is still not one iota 'smarter' than ENIAC (or an abacus for that matter).
Here's another example: a hurricane is an incredibly complex phenomenom that to an untrained observer might appear to show signs of 'life' (growing, using energy, showing organization of behavior). But just because a hurricane is incredibly complex does not make it alive, much less intelligent.
why do americans build their houses of wood?
As a former Floridian I can tell you that they don't, at least not in the major Hurricane areas. Wood houses are much more common in the rest of the country, and I might add that a properly built wood house can be pretty tough. There are areas of the Atlantic coast with more wood construction, but they are in places where a hurricane hasn't landed in recorded history. It could happen though, and would probably spawn new building codes.
I forget the exact 3 letter abbreviation, but standard Florida code calls for concrete block construction with steel rebar, as well as extra bindings to keep the roof of a building from being blown off which is the major precursor to full structural failure.
As for hurricanes getting worse due to global warming, there is a much more important natural cycle that plays a far larger role. Back in the 1940's there were hurricanes worse than what we have today, but then the weather system was not able to effectively track them, and far fewer people lived in FL anyway.
(like ALL other closed source software)
-- inaccurate Accurate:
(like ALL other closed source AND open source software)
If you don't believe me try reading the GPL some time.
"It's not stealing, only the big evil RIAA loses money!"
I know somebody who is not rich, not an evil RIAA executive, and hell, he doesn't even make music, but he has personally been hurt by P2P file traders who think it's their 'right' to get everything they want for free.
This guy does in depth analysis of political issues and publishes research online that are used by high school and college debate teams. He provides a very valuable service since there would not be enough time to stay abreast of current political issues and also be prepared to debate so his reports act as executive summaries to condense all the garbage floating around on Google.
So what happens to his stuff? Well there are a few people out there who will pay for it, but then P2P kicks in and for every 1 debate team that buys the report there are probably 10 that don't.
"Information wants to be free!" "It's evil to want to get money for your work!" (in which case why do you complain when your job is outsourced?)
This guy is providiing a valuable service, and he does it all on his own, but I'm sure there will be 10 posts rationalizing why stealing his work is OK and he is worse than Bush for daring to charge to make the lives of other people easier.
What do you mean sadly? Shouldn't we be glad that these bastards are stupid and leave as much as possible for us to find them? Or did you watch Fraudenheit 9/11 too many times and believe that Haliburton and the Zionists did it and Osama is just a scapegoat?
OK, so Macromedia makes a viewer for SVG but they have a preference for their own technololgy. That's like attacking OpenOffice for making a system that can read MS Word documents while encouraging its own document format. Right now Macromedia appears to have done a hell of a lot more to support SVG by making a viewer for it than all of OSS who talks about SVG all day long but I have yet to see a single OSS utility to employ SVG beyond a couple of gimmicky static images. So should we say that open source developers are trying to kill SVG??
I thought the real mindgames were all the 503's Slashdot has been throwing as part of a guerilla marketing campaign for the Manchurian Candidate or something.
I think the story raises a good point. The best analogy I could pint out would be a dam where new leaks keep popping up and you quickly rush to patch them. You spend so much time patching over the leaks that the fundamental design problems in the dam are never fixed.
There are multiple strategies that will actually improve security far more than just trying to ferret out a new vulnerability. I personally recommend using Java or another type-safe language for programming if at all possible since the most common memory management errors are eliminated. Hoevwer, the best way to stop major security breaches is to have a security layer that will assume software programs will be compromised somehow. Then, the security layer is more interested in enforcing access to the system that program ought to have instead of just trusting the effective user ID of the program to hopefully do the right thing.
A bit of karma-whoring here for my thesis project which is based on earlier work in Mandatory Access Controls in Linux, as well as the much more well-known SELinux
kernel modules.
I personally did my thesis in Domain & Type Enforcment which simply puts running processes into various different domains that have certain access rights to Types. A type is just a name tag assigned to files, and in my case you can also type system calls, network sockets, and eventually even Linux capabilities. It is similar to part of SELinux but also designed to be much simpler to understand & implement as well.
Anyway, these systems all are designed with the assumption that vital processes will be compromised and the onus is on the policy writers to enforce least-privilege on the processes. This may sound difficult to do, but it is actually trivial compared to the approach we are using now which is to try and figure out every possible attack and write perfect software (the point of the article). It is much easier to define what a program is supposed to do than every nasty malicious thing someone on the Internet can dream up that it should not do.
I've ranted long enough, but I think that there are good solutions to stopping about 90% of the crap that we see going on today, and that the other 10% will be fun to keep us security professionals employed:p
Slashdot Mirror
A quantum computer will probably never have 'registers' in the conventional sense since deterministic I/O like in a standard register would alter the quantum state every time a photon hit the qubits. In fact, beyond solving certain specific types of problems don't expect a quantum computer to be running minesweeper anytime soon. IANAP but from what I've seen of current experiments, the results aren't even exact like you would expect from a regular CPU, rather, a whole crapload of qubit runs are executed at once, and the most probable realized state is considered to be the 'answer'. I'm not even sure if it is possible to 'reset' the qubits after the operation without destroying them. Physcists, feel free to chime in now.
I do see your point, but remember that you could argue the RSA is useless because if I did it over a 32 bit address space it's easy to prime-factorize any number and therefore increasing it to a 2048 bit space is "just avoiding the problem". As CPU power increases it becomes more economical to move to more complex hash/ecryption schemes over larger address spaces. And there's even good news: it's a hell of a lot cheaper for me to move my PC to a new SHA system than it will be to crack it, even with the algorithm issues.
If it's encrypted, then it can't be tampered with anyway (assuming that your algorithm-of-choice hasn't been broken yet).
It is perfectly possible to deterministically alter an encrypted message. Another thing to remember is that in any PKI system, everyone knows your encryption key so unless there are signed hashes in the encrypted mail (and above & beyond that ALL of the relevant data are properly authenticated), Alice could easily fake a message from Bob that would be completely encrypted in your key.
First of all, I can't trust this article because it's not digitally signed!
Now, on to the point. If someone comes out and says: "the default Linux kernel released by most distributions is not secure." I'll say 'hell yes'. Note that this is not what TFA states, it is a much broader screed against open source in general.
The problem is that if Microsoft wanted to launch a rational attack on Linux's security they would also be attacking their own products. I'm not even talking about the differences between open and closed source here, I'm talking about the ways that Linux and Windows both are susceptible to security issues. Right now most default Linux distributions put out kernels and user-space utilities in a system that assumes every piece of software has to be perfect to ensure security! (especially anything running as root) Windows is basically the same way. Once a hole gets found, it is easily possible to hijack and entire system.
Now, at this point the arguments between Linux and Windows invariably devolve along the lines of: Linux gives you the source code so you can find the bugs yourself or Windows runs too many services and that's why its not secure. On the windows side we get arguments about how you 'can't trust unsigned open-source code!' (which actually does have some merit if you don't check source signatures you grab from some random mirror, but does not really speak to the OSS development model). The problem is that these arguments are more about which system is easier to band-aid than which system is innately more secure.
Let's really look at default Linux vs. Windows. Both have admin and user accounts, both follow a similar model of discretionary access controls, both can be hacked remotely although windows tends to get hit more because it runs too many standardized services.
The point of this very long rant is that Linux does indeed have security problems that are not of a nature much different than Windows. I would say the better track record of Linux so far is NOT due to it being open-source; that does help finding bugs, but plenty of Windows bugs are found and fixed before the Windows boxes are hacked. Instead it's because Linux (with some exceptions) does not install a bunch of stuff by default, Linux systems are not as homogeneous as Windows systems (software monoculture time), and Linux admins have historically been better than Windows admins (this is definitely something that will be subject to change in the next few years).
So is there a solution? Well, nothing is ever going to be perfect, but systems like SELinux and GRSec are big improvements because instead of saying "the whole system is perfect" they instead say "components in this system will be compromised, how to we isolate and protect it?"
There's a problem though, these systems require old-time Linux users to deal with new restrictions they might not want to deal with. I promise you that SELinux policies that work great on a production webserver would drive you insane on a development box, but you need to protect both machines, a hacker will target both.
I'll save my rant on Microsoft's security for when this story gets duped, it's another mess entirely. Just MS is foobarred should not be an excuse for not looking to find and fix problems in Linux.
I understand your confusion with the wacky measurements.... Here's the solution:
The speed of light is precisely 1 blarg per kroton.
See, it's no longer some arbitrary number!
but I just can't use a 64 bit desktop CPU anymore!
OK! If that's your problem I'll be happy to stop by and collect your 64 bit CPU and replace it with a state-of-the art i386 (DX!). Thank you come again.
In case you want some facts to backup my previous troll: check it out yall It even links the same website.
Yes this story has already been posted. But don't worry! Since there is no link to Netcraft it will be duped again when there is official confirmation!
I want a laptop hard drive that doesn't use any battery power at all
Well if we are going to avoid rewriting the laws of physics (no they don't only exist to make money for the evil batter manufacturers) you had better tell me which non-battery source you want to power your non-existent harddrive. I hate to break it to you, but even if I could encode data at the quantum level using some insanely advanced storage technology.... it would still require some power.
It's not that bad on Gentoo. I mean, I have a mid-range P4 system that will spend roughly 6 hours compiling a full KDE install even with all the crap that I could forgo but don't bother to. As long as I'm not trying to play a 3D game or anything I can still get work done without any hassles. :)
Hey, I bet all the guys who have Athlon-64's will chime in now about how they get done compiling before they even have the packages downloaded
Uh huh... I just hope his skin color is correct and that he doesn't commit any cardinal sins like trying to work for a living. I've noticed that most people who really are getting the good stuff from govt. are usually the ones who made a point of being too good to do any work like the rest of us 'evil people' who actually pay the taxes.
No, actually it should be reduce... each stage is smaller---> more overall stages. Witness Prescott.. it has ~10 more pipeline stages than Northwood did, each one is doing less (and hence can be clocked faster)
Intel is now moving away from this since the performance gains just aren't there and the power consumption is getting terrible (like they said in the clock-less posts... you must distribute clock to all those stages amongst other power-sucking things)
If ksvg is so wonderful, please post a link showing a screenshot of the SVG weather svg app in action. The only thing I've ever seen from ksvg are some gimmicky static SVG images. .png's rendered from static svg images, and I'm not even sure they use any kde tools to make the svg icons in the first place.
Oh, and the svg icons ARE NOT SVG! They are
Too bad Linux still doesn't have any type of real support for SVG in its main browsers (Firefox didn't even suggest downloading the crappy Adobe plugin)
SVG: Still Vapory Goodness in Linux.
Dude... They already did that back in the 80's.
See, there was this guy who looked a lot like David Hasselhoff, and he had this sweet camaro dipped in this stuff that made it impervious to any attack. I think the car's name was KITT or something. Anyway, they had many interesting adventures but while KITT was never scratched on the outside, they never could get Hasselhoff's perma-whitefro shedding out of the upholstry.
I can't believe my president has 'twang.'
Man I'm glad we've never elected ANY other presidents cough Abrahamn Lincoln cough who spoke with a twang.
And something else.. since you are probably the standard Slashdot anti-social ubergeek I bet that if we put you up in front of a crowd of people your nasal whining and stagefright would make that 'idiot' Bush look like Cicero.
Obviously Eh Steve Jobs is jealous of the Slashdot Borg icon that Bill gets. He wants to be Eh Steve of Borg* too, and hence has a subconcious cube fetish.
* Note that all of his borg cubes would have incredibly slick industrial plastic colors instead of that ugly guts-showing Bill O-the-Borg look.
When computers become as complicated as the human brain they will be able to "evolve" on their own, without the need of humans, and evolution will continue at a breakneck pace.
I think you're making the age-old mistake of confusing complexity with intelligence. I hate to say this but my linux box running on hardware millions of times faster than ENIAC is still not one iota 'smarter' than ENIAC (or an abacus for that matter).
Here's another example: a hurricane is an incredibly complex phenomenom that to an untrained observer might appear to show signs of 'life' (growing, using energy, showing organization of behavior). But just because a hurricane is incredibly complex does not make it alive, much less intelligent.
why do americans build their houses of wood?
As a former Floridian I can tell you that they don't, at least not in the major Hurricane areas. Wood houses are much more common in the rest of the country, and I might add that a properly built wood house can be pretty tough. There are areas of the Atlantic coast with more wood construction, but they are in places where a hurricane hasn't landed in recorded history. It could happen though, and would probably spawn new building codes.
I forget the exact 3 letter abbreviation, but standard Florida code calls for concrete block construction with steel rebar, as well as extra bindings to keep the roof of a building from being blown off which is the major precursor to full structural failure.
As for hurricanes getting worse due to global warming, there is a much more important natural cycle that plays a far larger role. Back in the 1940's there were hurricanes worse than what we have today, but then the weather system was not able to effectively track them, and far fewer people lived in FL anyway.
(like ALL other closed source software)
-- inaccurate
Accurate:
(like ALL other closed source AND open source software)
If you don't believe me try reading the GPL some time.
"It's not stealing, only the big evil RIAA loses money!"
I know somebody who is not rich, not an evil RIAA executive, and hell, he doesn't even make music, but he has personally been hurt by P2P file traders who think it's their 'right' to get everything they want for free.
This guy does in depth analysis of political issues and publishes research online that are used by high school and college debate teams. He provides a very valuable service since there would not be enough time to stay abreast of current political issues and also be prepared to debate so his reports act as executive summaries to condense all the garbage floating around on Google.
So what happens to his stuff? Well there are a few people out there who will pay for it, but then P2P kicks in and for every 1 debate team that buys the report there are probably 10 that don't.
"Information wants to be free!" "It's evil to want to get money for your work!" (in which case why do you complain when your job is outsourced?)
This guy is providiing a valuable service, and he does it all on his own, but I'm sure there will be 10 posts rationalizing why stealing his work is OK and he is worse than Bush for daring to charge to make the lives of other people easier.
What do you mean sadly? Shouldn't we be glad that these bastards are stupid and leave as much as possible for us to find them?
Or did you watch Fraudenheit 9/11 too many times and believe that Haliburton and the Zionists did it and Osama is just a scapegoat?
OK, so Macromedia makes a viewer for SVG but they have a preference for their own technololgy. That's like attacking OpenOffice for making a system that can read MS Word documents while encouraging its own document format. Right now Macromedia appears to have done a hell of a lot more to support SVG by making a viewer for it than all of OSS who talks about SVG all day long but I have yet to see a single OSS utility to employ SVG beyond a couple of gimmicky static images. So should we say that open source developers are trying to kill SVG??
I thought the real mindgames were all the 503's Slashdot has been throwing as part of a guerilla marketing campaign for the Manchurian Candidate or something.
I think the story raises a good point. The best analogy I could pint out would be a dam where new leaks keep popping up and you quickly rush to patch them. You spend so much time patching over the leaks that the fundamental design problems in the dam are never fixed. :p
There are multiple strategies that will actually improve security far more than just trying to ferret out a new vulnerability. I personally recommend using Java or another type-safe language for programming if at all possible since the most common memory management errors are eliminated. Hoevwer, the best way to stop major security breaches is to have a security layer that will assume software programs will be compromised somehow. Then, the security layer is more interested in enforcing access to the system that program ought to have instead of just trusting the effective user ID of the program to hopefully do the right thing.
A bit of karma-whoring here for my thesis project which is based on earlier work in Mandatory Access Controls in Linux, as well as the much more well-known SELinux
kernel modules.
I personally did my thesis in Domain & Type Enforcment which simply puts running processes into various different domains that have certain access rights to Types. A type is just a name tag assigned to files, and in my case you can also type system calls, network sockets, and eventually even Linux capabilities. It is similar to part of SELinux but also designed to be much simpler to understand & implement as well.
Anyway, these systems all are designed with the assumption that vital processes will be compromised and the onus is on the policy writers to enforce least-privilege on the processes. This may sound difficult to do, but it is actually trivial compared to the approach we are using now which is to try and figure out every possible attack and write perfect software (the point of the article). It is much easier to define what a program is supposed to do than every nasty malicious thing someone on the Internet can dream up that it should not do.
I've ranted long enough, but I think that there are good solutions to stopping about 90% of the crap that we see going on today, and that the other 10% will be fun to keep us security professionals employed