I saw David at the Information Security Decision conference in Chicago last week. He presented his findings there...he seemed quite geeked about it. I thought he might cream himself on stage he was so excited.
There's really no advantage to having a server encrypt and decrypt each user's data with a different key. The server will have to know all the keys to perform the decryption at least (public keys allow secure encryption without the server knowing the private key), so it's only as secure as encrypting the entire drive and then relying on filesystem permissions. Root will always be able to read any files that are encrypted/decrypted on the server itself. If clients encrypt their files before storing them on the server, then the server can safely store everything in plaintext.
Encrypting before storing would be all well and good except:
Users tend to leave the organization.
Users tend to loose keys and forget passwords. At which point they expect the IT department to be able to recover their data.
Unfortunately, right now there is nothing that is a valid piece of identification in the US that most people have. A Driver's License is a joke. Nobody has a passport.
The smaller that a chip's surface area is, the more that can be carved out of a single silicon wafer, reducing per-chip manufacturing costs and therefore making a computer more competitive. Power6, like the second-generation Cell, is built with a manufacturing process with 65-nanometer circuitry elements, letting more electronics be squeezed onto a given surface area.
The cost of making chips, by far, is the R&D cost. The "first" chip costs hundreds of millions to make. Once the "first chip" is made the margin cost is VERY low. Beyond recovering R&D costs....the rest is just distribution channel costs....then....PROFIT!
>> The chip can only be read at a distance of 1 mm, so it avoids many of the privacy concerns of RFID. It has about 1000 times the storage capacity and 100-1000 times the data transfer rate of RFID.
RFID has been able to be read FAR from it's original spec'd distance...so have bluetooth devices. How long will this 1 mm last? What if this 1 mm becomes 1,000 mm?
As hundreds and thousands of slashdot readers hammer the web server with their un-overloaded Firefox web browsers the server begins to overload and fry like an egg on the ceramic tiles of a freshly landed NASA glider.
Until all the DRM gets solidified (and legal downloadable larger-studio content won't happen without DRM, regardless of what anyone says) and the bandwidth to pull down large files reachs a larger share of the American populace I wouldn't waste my time either.
The reason we're seeing this -- and this is going to be the norm for DRM systems -- is that DRM is fundamentally an impossible problem. Making it work at all involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work.
"Computer users around the globe recognize that the most serious threats to security exist because of inherent weaknesses in the Microsoft operating system."
IMO, the lawyers who used the obfuscatory tactic should be disbarred.
At the very least they should be referred to the ethic's board in the jurisdiction. Another example of Corporate America (and their lawyers!) getting a slap on the wrists. Any other company sued by MS for infrindging patents would probably end up bankrupt by the fines (no less the court costs). $140M is a drop in the bucket for MS...much like $140 would be to me.
We've long used IT to spot and forecasts weather trends. I have long wondered why we couldn't make a system to predict market trends/events given any number of variables.
The accountability they take in the future might be less than inspiring. From the article:
It is certain that AOL will vigorously contest the EFF's complaint, with the linchpin of its defense being that the whole thing was a horrible idea from AOL's new research unit that will never be repeated. Unfortunately, horrible ideas can have real-world ramifications, and even though AOL is "deeply sorry" and swears it will never happen again, there need to be some safeguards in place to prevent a recurrence.
I wonder what would happen to a murder defendant that tried to use that defense. "I'm sorry your Honor....my left hand pulled the trigger without my permission. It won't happen again! I promise!
Bottom line, respondeat superior says it is their unit, their employees, THE COMPANY is responsible.
That is what we do in my shop. Usually there are still some people who can reek havoc on things...esp. people who know what they are doing.
From my personal experience, unless properly implemented...which it usually isn't, seperation of duties is just a joke for security and makes legitimate work take 2x as long.
I was thinking the same thing. Wouldn't it make more sense to harvest ADULT stem cells from the father's body to create sperm for his offspring rather than some other already fully formed embryo?
This way the gentic material is his and not someone else's.
Furthermore...you then get rid of the whole embryonic stem cell debate......unless.....of course....the whole idea was to get private money to blow... *shrugs*
Slashdot Mirror
GWB phased out the fourth amendment long ago with a double secret executive order! DUH! Stay with the times, man! ;)
I saw David at the Information Security Decision conference in Chicago last week. He presented his findings there...he seemed quite geeked about it. I thought he might cream himself on stage he was so excited.
Unfortunately, said defendant could ounter-sue to invalidate the patent based on "prior work".
There's really no advantage to having a server encrypt and decrypt each user's data with a different key. The server will have to know all the keys to perform the decryption at least (public keys allow secure encryption without the server knowing the private key), so it's only as secure as encrypting the entire drive and then relying on filesystem permissions. Root will always be able to read any files that are encrypted/decrypted on the server itself. If clients encrypt their files before storing them on the server, then the server can safely store everything in plaintext.
Encrypting before storing would be all well and good except:
In the future we'll have numbers instead of names, and I'll be number 1!
Don't you mean.....42?
Unfortunately, right now there is nothing that is a valid piece of identification in the US that most people have. A Driver's License is a joke. Nobody has a passport.
*Raises his hand*....I have a passport.
I'm thinking these kids have some mental issues....9 8207965240
w arcraft.html
http://video.google.com/videoplay?docid=-71531520
http://www.break.com/index/mom-tells-kid-no-more-
Kudos to Demon Xanth Wataru for the video references.
The smaller that a chip's surface area is, the more that can be carved out of a single silicon wafer, reducing per-chip manufacturing costs and therefore making a computer more competitive. Power6, like the second-generation Cell, is built with a manufacturing process with 65-nanometer circuitry elements, letting more electronics be squeezed onto a given surface area.
The cost of making chips, by far, is the R&D cost. The "first" chip costs hundreds of millions to make. Once the "first chip" is made the margin cost is VERY low. Beyond recovering R&D costs....the rest is just distribution channel costs....then....PROFIT!>> The chip can only be read at a distance of 1 mm, so it avoids many of the privacy concerns of RFID. It has about 1000 times the storage capacity and 100-1000 times the data transfer rate of RFID.
RFID has been able to be read FAR from it's original spec'd distance...so have bluetooth devices. How long will this 1 mm last? What if this 1 mm becomes 1,000 mm?
As hundreds and thousands of slashdot readers hammer the web server with their un-overloaded Firefox web browsers the server begins to overload and fry like an egg on the ceramic tiles of a freshly landed NASA glider.
The 0km depth would be consistant with the depth that FoxNews was reporting the underground tests would have taken place at.
Until all the DRM gets solidified (and legal downloadable larger-studio content won't happen without DRM, regardless of what anyone says) and the bandwidth to pull down large files reachs a larger share of the American populace I wouldn't waste my time either.
DRM is a pipe dream that will never happen. I happen to agreen with Bruce Schneier's views on DRM:
The reason we're seeing this -- and this is going to be the norm for DRM systems -- is that DRM is fundamentally an impossible problem. Making it work at all involves tricks, and breaking DRM is akin to "fixing" the software so the tricks don't work.
"Computer users around the globe recognize that the most serious threats to security exist because of inherent weaknesses in the Microsoft operating system."
Aren't they delusional?
Seriously....is Microsoft TRYING to chase off their customers? Or is pissing off customers just a "feature"?
I think the next Slashdot story will be about the authors' arrest for DMCA violation. :-(
Sad....but prolly true
IMO, the lawyers who used the obfuscatory tactic should be disbarred.
At the very least they should be referred to the ethic's board in the jurisdiction. Another example of Corporate America (and their lawyers!) getting a slap on the wrists. Any other company sued by MS for infrindging patents would probably end up bankrupt by the fines (no less the court costs). $140M is a drop in the bucket for MS...much like $140 would be to me.
We've long used IT to spot and forecasts weather trends. I have long wondered why we couldn't make a system to predict market trends/events given any number of variables.
The accountability they take in the future might be less than inspiring. From the article:
It is certain that AOL will vigorously contest the EFF's complaint, with the linchpin of its defense being that the whole thing was a horrible idea from AOL's new research unit that will never be repeated. Unfortunately, horrible ideas can have real-world ramifications, and even though AOL is "deeply sorry" and swears it will never happen again, there need to be some safeguards in place to prevent a recurrence.
I wonder what would happen to a murder defendant that tried to use that defense. "I'm sorry your Honor....my left hand pulled the trigger without my permission. It won't happen again! I promise!
Bottom line, respondeat superior says it is their unit, their employees, THE COMPANY is responsible.
That is what we do in my shop. Usually there are still some people who can reek havoc on things...esp. people who know what they are doing.
From my personal experience, unless properly implemented...which it usually isn't, seperation of duties is just a joke for security and makes legitimate work take 2x as long.
I was thinking the same thing. Wouldn't it make more sense to harvest ADULT stem cells from the father's body to create sperm for his offspring rather than some other already fully formed embryo?
This way the gentic material is his and not someone else's.
Furthermore...you then get rid of the whole embryonic stem cell debate......unless.....of course....the whole idea was to get private money to blow... *shrugs*
saying the state's IT division didn't have the authority to make that decision and has disregarded the needs of disabled citizens.
How about poor citizens who can't afford the Microsoft Tax?
DUH! The NYPD! Just watch Law & Order!
If you're so inclined (I'm not)...you could use the beads for.......all sorts of alternative uses?
How about CRIMINALLY CHARGED. I am FED UP with Media Giants getting away with Criminal Computer Hacking.
So it's kind of like the NFL Draft. Headline: Godaddy picks up Yahoo.eu in the second round of the .EU Draft!