Different Bob's. Bob of the Slack is JR Bob Dobbs, the symbolic diety of the Church of the Subgenious. I'd tell you what they believe in, but I'd get it wrong and have a hundred screaming fanatic threatening to burn my house down.
MS Bob was a poor attempt at a bad idea. The idea was to have a cute little guy follow you around on your computer and provide help when you need it. Kinda like that jumping paper clip in Word. People heralded it as an (probably the only) example of Microsoft innovation. No one liked it or bought it and it's fallen into the annals of history next to the Edsel.
The GUI code isn't free or published. You could make something that has the MacOSX internals, but it wouldn't look like MacOSX and probably won't run MacOSX applications (I have to assume the toolkit is part of the non-free stuff. Imagine trying to run Gnome applications on Linux without GTK).
I don't see where Bruce is going berserk with condemnation. There are small problems with the liscense. He pointed them out and politely asked them to be fixed. It all seemed extrodinarily civil and polite.
If Apple want's Debian's seal of approval, they'll have to change the liscense. If they don't care, they don't have to. No one's saying Apple sucks if they don't, just that it might be a good idea if they did.
I don't think changing the liscense in the way Bruce describes would invite lawsuits. All he's suggesting is they leave the Mach liscense alone and leave a clause for "what if Apple goes under".
I don't understand. I didn't see any reference to enemies in Bruce's article. He merely pointed out some technical flaws and encouraged Apple to correct them.
If I submit code to go into the Linux kernel, and it has technical flaws, I would be surprised if the reviewers were this gentle. I don't see why a legal liscense should be any different.
PGP private keys are encrypted with a passphrase. Granted, passphrases aren't the most secure thing in the world. Even so, PGP has the benefit of modern crypto research and should be a lot harder to crack than Unix passwords.
The KDE project uses a widget library called Qt. It provided stuff like buttons, scrollbars, text areas, etc. Qt is made by a company named Troll Tech. For a while, Qt wasn't Open Source. This caused a lot of problems in the Linux community because KDE, which was to be the standard desktop, was using a proprietary toolkit. Harmony was started to rewrite Qt as Open Source. Since the, Troll Tech has made a new liscense which most people accept as Open Source. So, you can understand why the Harmony project is dead.
The "bashing" of this algorithm has nothing to do with the fact that the author was female. It is standard practice to subject any crypto algorithm for peer review before using it. Proving the security of an algorithm is tough or impossible. Thus, you generally try to break it before you blindly accept that it works.
Claiming that the author has no peer is simply silly. Saying that the men and women whose works are the basis for all information security today (including people like Ron Rivest, Taher El Gamal and Whit Diffie) are not good enough to look at the work of the author is completely ridiculous.
Further more, your attitude is not only wrong headed, it is dangerous. If we are to accept this algorithm _before seeing the math and/or code_ simply because the author is female is a recipe for disaster.
You seem to think we are attacking this girl. That is not the case. We are attackign the press who've heralded this algorithm as the next big thing without doing the proper research. We are treating the author's work in the only responsible manner; by refusing to use it until it has undergone intensive study and testing. This peer review has been applied to every algorithm we use (including RSA and DES...the most popular asymmetric and symmetric algorithms) and is continued to be applied (see the articles on the EFF's awesome Deep Crack and the DES III challenge as well as Daniel Bleichenbacher's latest results against RSA with PKCS1 padding).
Your attitude is that of an uneducated child, atacking that which you know nothing about. Please educate yourself before you outdo the imbecility done by the press.
It's not a hog in the sense of taking 32 megs of RAM. It's a hog in the sense that the ciphertext is large.
If you encrypt a session key with a 1024 bit RSA key, the ciphertext will be at most 1024 bits big. If you use this woman's algorithm, it'd be either 4096 bits (which makes sense to me, being a 2x2 matrix) or 8192 bits (which is what the article said).
The problem here is this means a larger message to send across the wire. But, not so much larger that the algorithm is useless. I mean, 8192 bits is 1K, which is smaller than most images on the net, smaller than most text-only email messages, for that matter.
The speed isn't a very big issue either. 20x faster than an RSA encryption sounds good, but it doesn't mean much. You do one RSA encryption per session. The encryption generally takes the better part of a second. From 1 second to.05 seconds, once per email or SSL session, doesn't really matter all that much, IMNSHO.
The big deal with her invention is that it isn't patented, and that we obviously have a brilliant girl on our hands. If she can do this now, watch out for her after she's had a real education. Even if the security is totally flawed, she has impress Ron Rivest with her knowledge of number theory. I don't think I had even heard of number theory when I was 16.
From the rumors (again: rumors) I her, it's primarily going to be random number generation. As people probably know, getting good random numbers from a deterministic machine is really tough. Intel's new chips will provide real random numbers (I imagine through radioactive degredation, but I don't know). This would be an incredible boon to possibly the toughest problem in crypto (next to trust management).
You can prove that cracking RSA is as difficult as factoring the product of two large primes. It is entirely possible that this algorithm is also based on that problem. Thus, you could prove this is as tough as RSA.
If this gets confirmed, I wonder if it'll affect the trial. The quote at the bottom by the government guy seems a pretty damning statement. Soemthing about the government not doing anything about it because there are so few choices in the marketplace. A monopoly so deep, it's got the US government strapped.
Slashdot Mirror
looking at PACKAGES.TXT, glibc2 is installed. Whether this means that everything uses it or not, I dunno.
somehow a "." got at the end of the URL. Just erase it and everything should be sunshine and roses.
Different Bob's. Bob of the Slack is JR Bob Dobbs, the symbolic diety of the Church of the Subgenious. I'd tell you what they believe in, but I'd get it wrong and have a hundred screaming fanatic threatening to burn my house down.
MS Bob was a poor attempt at a bad idea. The idea was to have a cute little guy follow you around on your computer and provide help when you need it. Kinda like that jumping paper clip in Word. People heralded it as an (probably the only) example of Microsoft innovation. No one liked it or bought it and it's fallen into the annals of history next to the Edsel.
The Edsel was a car that didn't sell.
The GUI code isn't free or published. You could make something that has the MacOSX internals, but it wouldn't look like MacOSX and probably won't run MacOSX applications (I have to assume the toolkit is part of the non-free stuff. Imagine trying to run Gnome applications on Linux without GTK).
I don't see where Bruce is going berserk with condemnation. There are small problems with the liscense. He pointed them out and politely asked them to be fixed. It all seemed extrodinarily civil and polite.
If Apple want's Debian's seal of approval, they'll have to change the liscense. If they don't care, they don't have to. No one's saying Apple sucks if they don't, just that it might be a good idea if they did.
I don't think changing the liscense in the way Bruce describes would invite lawsuits. All he's suggesting is they leave the Mach liscense alone and leave a clause for "what if Apple goes under".
I don't understand. I didn't see any reference to enemies in Bruce's article. He merely pointed out some technical flaws and encouraged Apple to correct them.
If I submit code to go into the Linux kernel, and it has technical flaws, I would be surprised if the reviewers were this gentle. I don't see why a legal liscense should be any different.
PGP private keys are encrypted with a passphrase. Granted, passphrases aren't the most secure thing in the world. Even so, PGP has the benefit of modern crypto research and should be a lot harder to crack than Unix passwords.
The KDE project uses a widget library called Qt. It provided stuff like buttons, scrollbars, text
areas, etc. Qt is made by a company named Troll Tech. For a while, Qt wasn't Open Source. This caused a lot of problems in the Linux community because KDE, which was to be the standard desktop, was using a proprietary toolkit. Harmony was started to rewrite Qt as Open Source. Since the, Troll Tech has made a new liscense which most people accept as Open Source. So, you can understand why the Harmony project is dead.
The "bashing" of this algorithm has nothing to do with the fact that the author was female. It is standard practice to subject any crypto algorithm for peer review before using it. Proving the security of an algorithm is tough or impossible. Thus, you generally try to break it before you blindly accept that it works.
Claiming that the author has no peer is simply silly. Saying that the men and women whose works are the basis for all information security today (including people like Ron Rivest, Taher El Gamal and Whit Diffie) are not good enough to look at the work of the author is completely ridiculous.
Further more, your attitude is not only wrong headed, it is dangerous. If we are to accept this algorithm _before seeing the math and/or code_ simply because the author is female is a recipe for disaster.
You seem to think we are attacking this girl. That is not the case. We are attackign the press who've heralded this algorithm as the next big thing without doing the proper research. We are treating the author's work in the only responsible manner; by refusing to use it until it has undergone intensive study and testing. This peer review has been applied to every algorithm we use (including RSA and DES...the most popular asymmetric and symmetric algorithms) and is continued to be applied (see the articles on the EFF's awesome Deep Crack and the DES III challenge as well as Daniel Bleichenbacher's latest results against RSA with PKCS1 padding).
Your attitude is that of an uneducated child, atacking that which you know nothing about. Please educate yourself before you outdo the imbecility done by the press.
It's not a hog in the sense of taking 32 megs of RAM. It's a hog in the sense that the ciphertext is large.
.05 seconds, once per email or SSL session, doesn't really matter all that much, IMNSHO.
If you encrypt a session key with a 1024 bit RSA key, the ciphertext will be at most 1024 bits big. If you use this woman's algorithm, it'd be either 4096 bits (which makes sense to me, being a 2x2 matrix) or 8192 bits (which is what the article said).
The problem here is this means a larger message to send across the wire. But, not so much larger that the algorithm is useless. I mean, 8192 bits is 1K, which is smaller than most images on the net, smaller than most text-only email messages, for that matter.
The speed isn't a very big issue either. 20x faster than an RSA encryption sounds good, but it doesn't mean much. You do one RSA encryption per session. The encryption generally takes the better part of a second. From 1 second to
The big deal with her invention is that it isn't patented, and that we obviously have a brilliant girl on our hands. If she can do this now, watch out for her after she's had a real education. Even if the security is totally flawed, she has impress Ron Rivest with her knowledge of number theory. I don't think I had even heard of number theory when I was 16.
From the rumors (again: rumors) I her, it's primarily going to be random number generation. As people probably know, getting good random numbers from a deterministic machine is really tough. Intel's new chips will provide real random numbers (I imagine through radioactive degredation, but I don't know). This would be an incredible boon to possibly the toughest problem in crypto (next to trust management).
You can prove that cracking RSA is as difficult as factoring the product of two large primes. It is entirely possible that this algorithm is also based on that problem. Thus, you could prove this is as tough as RSA.
If this gets confirmed, I wonder if it'll affect the trial. The quote at the bottom by the government guy seems a pretty damning statement. Soemthing about the government not doing anything about it because there are so few choices in the marketplace. A monopoly so deep, it's got the US government strapped.