Why does Stallman demand tacking GNU in front software names? Seems like advertising, hmm?
I've only heard him do it for Linux, and his reasons are sound: he's filling a need (distinguishing the *kernel* "Linux" from the *operating system* "GNU/Linux"). I fail to see a problem with that, especially since he's stated his preference, not imposed it legally on others.
They don't even have to decrypt it; simple use of real encryption is a sign of guilt.
Not really, it's a sign that you are using OpenSSH in a foreign country through a U.S. network (and if I were the head of the OpenSSH team, I'd make damn sure that OpenSSH is INCOMPATIBLE with any insecure algorithms -- even if it had widespread use in the U.S.)
I'd like to see "most americans" implement Kerberos or SSH with backdoor crypto and still consider the network safe.
<rant>
Am I the only one who thinks backdoor crypto is like creating a master key to all the nuclear silos in the world, making a few hundred copies of it (giving these to certain government offices) and NOT expecting an "accident" or three? </rant>
This is an example of when democracy doesn't work. A bunch of people who don't understand what they're doing are asked their opinion.
What percentage of security experts say that backdoor crypto is a safe thing? None? Thought so.
Here's a short discussion as to why backdoor crypto is not safe:
Basically, nobody is going to try to crash your 2048-bit RSA key any time soon, because even once it's technically feasible (given enough resources -- e.g. a Win32 virus that mimics distributed.net), it's not usually worth the effort and/or the risk. Further, if your key does get cracked (or compromised through easier means -- e.g. another virus), you're not happy, but you can just generate a new key and be on your way. However, if cracking that key would give someone access to a significant amount of sensitive data (like the data of an entire country over the course of a year), then the payoff is much greater, and so is the risk to society.
3.7. Larger Works.
You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code.
Re:Copyleft Copyright collision
on
Mozilla Relicensing
·
· Score: 3, Insightful
SAMPLE code should be in the public domain, IMHO. That clears up any and all licensing problems you could ever have.
I'm getting tired of all this "we should ban crypto for security reasons" nonsense. I'm also getting tired of the notion that the military is the only system that needs to be protected. What about airlines? They're part of private industry. Should airlines not be able to use strong encryption to secure their networks?
Of course somebody will say that "crypto with a permit will be okay". Well, that's nice, until you realize that North America is ridden with insecure hosts just waiting to be taken over. Why? Because it's still difficult to make strong cryptography an integral part of any software system -- it's always an add-on. Why is it critical that a bunch of unrelated, unimportant machines, usually owned by universities, home users and corporations, be secured? Distributed Denial of Service Attacks, and Data Theft.
DDoS is an obvious threat. It can take out a anyone on the internet, and there's not much a victim can do to stop it. CodeRed is harmless compared to what a major, well-funded group could create (e.g. as part of a war).
Data theft is another problem, particular when that data is someone's identity. Try locating someone who used a stolen credit card number and a stolen name and a several forged passports to book flights to several major U.S. cities. How did the person get this info? From a student logging into a company machine from a NCD X terminal (no crypto, of course) at the university which is ony flat bridged (i.e. very sniffable) ethernet, rather than using Kerberos . . .
Anyway, I don't have time to finish this argument, but I'm sure other people here can add to it. Feel free to discuss this 'pro-crypto for security' argument and bring up some good points about it. In a few days (weeks?) I'm going to draft a solid case for crypto and security (and submit it for limited review to some newsgroups), then put up a web page and post the link to a bunch of public forums (no, I won't spam or over-cross-post or anything).
Or, if some more-qualified (i.e. more credable in the eyes of the public) security expert (or expert group!) wants to lead this, please let me know so I don't dilute the effort.
Except there is no longer a difference between little brother and big brother. Not to mention the fact that there is no way in hell that the U.S. will manage to force anyone with truly malicious intents to use dumbed-down "encryption".
Nobody is saying that the "murder of 1000's of innocent lives" is justified, but we're trying to figure out what brings people to do these things, and how we can prevent this from happening.
Think about it: has DeCSS really been kept from the rest of the world? What about RSA or DES? Trying to kill the terrorists will not solve the problem, since more will arise. Removing people's reasons for being terrorists has far greater potential. That's what we're saying.
I have it installed (and I also have mozilla-mailnews installed, because some users on my system use it), and it doesn't do anything yet. Isn't there some per-user setting that needs to be made?
My biggest beef about Java used to be that it was slow and not backward-compatible across minor versions. People are saying that Java is faster, and I believe them. However, it is becoming apparent that Java is only a first-generation cross-platform language, and it has many design deficiencies.
Java's second-biggest problem is that it seems to have been designed to run on a virtual machine (or a piece of custom hardware), rather than being translated to native code. This is what made it inefficient for so long. IBM has done a great job of working around this problem, but if it wasn't a problem in the first place, IBM could have spent the time making Java even faster than it s now.
The largest problem I can see with Java, though, it that you're tied to the Java language. This is basically assuming that the Java language fits all for anything that needs to be cross-platform.
My preference right now is the Amiga DE. It's a translated (rather than interpreted) version of assembly language, which means GCC could (at least in theory) have an amigade target. My beef with the Amiga DE is the fact that it's a proprietary standard, which may have been fine 10 years ago, but it certainly doesn't fit into today's reality of open standards.
IVM looks promising in that it seems to address all the problems I've stated above. I hope it does well.
(Please excuse me bad English. It's not my primary language in the morning.)
You are being overly optimistic about the capabilities of a human being. Let's consider your scenario. First of all, you would be reacting to me; I wouldn't have to do near as much reacting. Reaction time alone will put you at a disadvantage. Second, especially on a plane, you are as good as dead if I stab or even slash you in one of the MANY vulnerable places on the human body. Even with pure luck, I'm likely to kill you.
This is why policemen will draw their guns (as opposed to their pepper-spray or knightsticks) against guys with knives. Do you have any idea how many people die from single stab wounds? Ask your doctor how fragile the human body is. You'll be quite surprised, since movies don't come close to being realistic in this respect.
Also, weapons are better than hands in compelling someone to do something, just because of fear.
But anyway, though I agree that sufficiently skilled, unarmed people could probably have done the same thing, I still say that the hijackers were armed.
What about using reverse steganography to generate the key? To wit, use the difference between successive bytes as the key instead of the actual CD values? You can even specify which bits to check... Compare each byte to the last, or every other byte, or every sixteenth byte...
This is known as a restricted algorithm, a.k.a. security through obscurity. It would work for small groups, but widespread use would make this useless.
Slashdot Mirror
Ask and ye shall receive. Knock and it shall be opened unto you.
Ever asked nVidia for specs on any of their cards?
Why does Stallman demand tacking GNU in front software names? Seems like advertising, hmm?
I've only heard him do it for Linux, and his reasons are sound: he's filling a need (distinguishing the *kernel* "Linux" from the *operating system* "GNU/Linux"). I fail to see a problem with that, especially since he's stated his preference, not imposed it legally on others.
Surely it is fair that if you are using MSNBC dynamic content you page, you can't go along and defame the same content.
You are full of crap. This is known as criticism, which is well-accepted in the world by almost anyone who is not receiving it.
They don't even have to decrypt it; simple use of real encryption is a sign of guilt.
Not really, it's a sign that you are using OpenSSH in a foreign country through a U.S. network (and if I were the head of the OpenSSH team, I'd make damn sure that OpenSSH is INCOMPATIBLE with any insecure algorithms -- even if it had widespread use in the U.S.)
One point though: speed limits I've seen are not rediculously low. They usually have everything to do with probability of survival in a collision.
I was being sarcastic. That's why I wrote only in bold and wrote a winking smile ;-).
Chaotic? Oh come on. It's only fluid dynamics! ;-)
*ducks*
I take that back. They would be somewhat useful for robotics, due to the large spaces between pieces. Still, I prefer LEGO.
I'm sorry, but LEGO blocks are much more sturdy (especially with epoxy). These things are nice toys, but suck for prototyping anything.
Depends. Do you mean in the fat molecules, or the atoms?
<rant>
Am I the only one who thinks backdoor crypto is like creating a master key to all the nuclear silos in the world, making a few hundred copies of it (giving these to certain government offices) and NOT expecting an "accident" or three?
</rant>
What percentage of security experts say that backdoor crypto is a safe thing? None? Thought so.
Here's a short discussion as to why backdoor crypto is not safe:
Basically, nobody is going to try to crash your 2048-bit RSA key any time soon, because even once it's technically feasible (given enough resources -- e.g. a Win32 virus that mimics distributed.net), it's not usually worth the effort and/or the risk. Further, if your key does get cracked (or compromised through easier means -- e.g. another virus), you're not happy, but you can just generate a new key and be on your way. However, if cracking that key would give someone access to a significant amount of sensitive data (like the data of an entire country over the course of a year), then the payoff is much greater, and so is the risk to society.
3.7. Larger Works. You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled for the Covered Code.
SAMPLE code should be in the public domain, IMHO. That clears up any and all licensing problems you could ever have.
Of course somebody will say that "crypto with a permit will be okay". Well, that's nice, until you realize that North America is ridden with insecure hosts just waiting to be taken over. Why? Because it's still difficult to make strong cryptography an integral part of any software system -- it's always an add-on. Why is it critical that a bunch of unrelated, unimportant machines, usually owned by universities, home users and corporations, be secured? Distributed Denial of Service Attacks, and Data Theft.
DDoS is an obvious threat. It can take out a anyone on the internet, and there's not much a victim can do to stop it. CodeRed is harmless compared to what a major, well-funded group could create (e.g. as part of a war).
Data theft is another problem, particular when that data is someone's identity. Try locating someone who used a stolen credit card number and a stolen name and a several forged passports to book flights to several major U.S. cities. How did the person get this info? From a student logging into a company machine from a NCD X terminal (no crypto, of course) at the university which is ony flat bridged (i.e. very sniffable) ethernet, rather than using Kerberos . . .
Anyway, I don't have time to finish this argument, but I'm sure other people here can add to it. Feel free to discuss this 'pro-crypto for security' argument and bring up some good points about it. In a few days (weeks?) I'm going to draft a solid case for crypto and security (and submit it for limited review to some newsgroups), then put up a web page and post the link to a bunch of public forums (no, I won't spam or over-cross-post or anything).
Or, if some more-qualified (i.e. more credable in the eyes of the public) security expert (or expert group!) wants to lead this, please let me know so I don't dilute the effort.
Except there is no longer a difference between little brother and big brother. Not to mention the fact that there is no way in hell that the U.S. will manage to force anyone with truly malicious intents to use dumbed-down "encryption".
Think about it: has DeCSS really been kept from the rest of the world? What about RSA or DES? Trying to kill the terrorists will not solve the problem, since more will arise. Removing people's reasons for being terrorists has far greater potential. That's what we're saying.
I doubt you can sue the government over this. Guess who appoints the Supreme Court justices?
I have it installed (and I also have mozilla-mailnews installed, because some users on my system use it), and it doesn't do anything yet. Isn't there some per-user setting that needs to be made?
Java's second-biggest problem is that it seems to have been designed to run on a virtual machine (or a piece of custom hardware), rather than being translated to native code. This is what made it inefficient for so long. IBM has done a great job of working around this problem, but if it wasn't a problem in the first place, IBM could have spent the time making Java even faster than it s now.
The largest problem I can see with Java, though, it that you're tied to the Java language. This is basically assuming that the Java language fits all for anything that needs to be cross-platform.
My preference right now is the Amiga DE. It's a translated (rather than interpreted) version of assembly language, which means GCC could (at least in theory) have an amigade target. My beef with the Amiga DE is the fact that it's a proprietary standard, which may have been fine 10 years ago, but it certainly doesn't fit into today's reality of open standards.
IVM looks promising in that it seems to address all the problems I've stated above. I hope it does well.
(Please excuse me bad English. It's not my primary language in the morning.)
Does anyone know where I can find out how to set up Mozilla to use mutt as its mailto: handler? Google couldn't tell me anything useful.
This is why policemen will draw their guns (as opposed to their pepper-spray or knightsticks) against guys with knives. Do you have any idea how many people die from single stab wounds? Ask your doctor how fragile the human body is. You'll be quite surprised, since movies don't come close to being realistic in this respect.
Also, weapons are better than hands in compelling someone to do something, just because of fear.
But anyway, though I agree that sufficiently skilled, unarmed people could probably have done the same thing, I still say that the hijackers were armed.
WTF do you call knives and box-cutters? People die quite easily from single stab wounds, you know.
This is known as a restricted algorithm, a.k.a. security through obscurity. It would work for small groups, but widespread use would make this useless.