... but the real measure of steganography is detectability. It is very difficult to make steganography that cannot be detected statistically. Even Outguess is broken now. And I doubt that this method will be "secure," especially if whoever is spying on you watches the image in transit. Then if you subtract the message out you are SCREWED, because they xor and find it, or at least an encrypted version. In any case, they can prove the message is there. However, if they don't have access to your computer until afterward, just erase the images and you're fine, or JPEG them to remove the steg, or whatever. In fact, if nobody is watching your communications, why the heck would you use steg in the first place?? Looks like a proof of principle, not a real steg scheme.
weird. Works perfectly with the wheel button on my Logitech mouse (has only 2 buttons + wheel, but good enough for me). Blame Microsoft as usual, I guess. However, I agree that more directions would be useful, if hard to pull off. I mean, if you make their G thing, do you really make right-hand turns?
Well, you have to have some activation for the gestures. So you can't trigger them by accident unless you set a stupid modifier (like button 1). Having a 2-button mouse+wheel (native support in OS X!!!), I bound "gesture" to the wheel button, and haven't screwed up yet because I never press the wheel for other reasons.
"Free as in beer" means free in the same sense as "FREE BEER!!!!" signs, i.e. it doesn't cost you anything. Of course, such signs often lie, but that's not the point. Free as in speech means you can do basically whatever you want with it, a la GNU GPL, which says essentially:
"you can copy this program as much as you want, edit source code, redistribute it, reverse-engineer it, sell it, etc, but anything you give/sell to other people based on this must be licensed under the GPL, except that you can put warrantees on it, too."
You might have to pay for a GPLed program (eg RedHat Linux), but you can go and give free-as-in-beer (or even not free-as-in-beer) copies to all your friends, as long as you give them the GPL too. Free-as-in-speech is also known as copyleft.
Parent is troll, or else trying to be funny but isn't. I'll bite anyway.
Basically, Sandia is betting the safety and sanctity of the Free World on computer simulations... Basically, you're saying the safety of the free world rests on our ability to blow the rest of the world off the face of the earth with nukes. But you know what? We can do that already. We have enough ICBMs to kill the "godless commies" a hundred times over, and i have no idea why we are doing more testing unless it's for some sort of intercepter. Now those have to be modeled first, and you can't test them anyway because that would require an atmospheric blast (bad).
Please, contact your local senator and representative, explain the dire need for the US to resume nuclear testing to prove that we have a valid, proven deterrent. See above, for why this is unnecessary. Also recall the so-called "Nuclear Test Ban Treaty." I wonder what that does....
In conclusion, the parent is a troll or a very stupid bigot. Let's hope it's the former.
Although I would be extremely frustrated in your situation, I don't think that Apple has "ripped you off again." Presumably you thought the upgrade was worth it, otherwise you wouldn't have bought it. I fail to understand how giving other people freebies "fucks you over." Unless those other people are competing with you. Which, unless you have some unusual circumstances, they are not.
You're right, you need four, but this isn't why, and the math is ugly. You can't tell how far away a signal is from a given point, unless it's broadcasting with known constant strength or sending a time signal or something like that. What you can tell (sometimes) is how far away the signal is from router A, compared to router B. You might have a ratio of distances, or a difference of distances, either of which pinpoints location on a hyperboloid. This surface is two-dimensional, and for every reference you add, you strip off one dimension, so you need two more references. After that, the solution will be unique with high probability, as long as your references are not coplanar. The math, requiring simultaneous quadratics, is not pretty.
If you could tell the exact distance to the signal from each access point, you could probably place 3 of them cleverly to give you a good location. For example, if the access points were on the top floor, you take the solution below them, unless you believe the person accessing your network to be warskydriving.
Yep. I had a Mac LC. I changed my bomb error to say, "someone set up us the bomb!" Fun, editing error messages. There's a hack somewhere that replaces the BSOD with Haiku:
Windows XP crashed. I am the blue screen of death. No one hears your screams.
One for some disk-scanning tool was:
Three things are certain: Death, taxes and loss of data. Guess which has occurred.
Then there's the +++OUT OF CHEESE ERROR+++ +++MELON MELON MELON+++ +++REDO FROM START+++ error, copied from The Hogfather
The problem with dry ice is that it's dangerous (CO2 asphyxiation) in closed areas. Not if you ventillate right. Remember that CO2 is heavier than air, so a high vent and a low vent solvethe problem.
I think you may have to reconsider that when these come out.
Just like the floppy was killed by the Zip disk. Seriously, what you need in a floppy replacement:
Cheap. This should happen over time.
Random access. Not the case with current CDRW, but could happen with this Philips thing.
DEPLOYED EVERYWHERE. I doubt it will happen with this drive. CDs are just too good, and I can't see the point for home computers in having anything smaller than mini-CDs. Cellphones or cameras, maybe, but it's not like the average Joe has a camera or a bleeding-edge media cellphone. We'll see in about 2 years. On the other hand, you could make a bitching USB keychain out of these things (except for the moving parts). Maybe pocket drives will catch on, but for £70?. Whatever.
SUPPORTED BY BIOS. Not going to happen for a good long time.
It would be pretty cool if they could build a decent screen into a pair of glasses though. Then the portability of something this size would be a definite benifit.
Mr. Miller should get his key more widely signed then.
Signed by whom? It would take a people signing each other's keys for him to get into my (relatively small) web of trust. And if he isn't, there is absolutely no reason to trust the sigs. If someone wanted to impersonate Damien Miller, they could just make 10 fake keys and sign Damien's fake key with them. So you just have to trust that this is the right key, in which case you might as well take it on faith that the file isn't trojaned or that the MD5 sum is correct.
I'm not that paranoid, so I don't care. The MD5 matches, as does the sig, which convinces me. I also have a Mac, and Apple hasn't released a native installer for this yet, so I might as well wait and save myself a messy UNIX install (have to dowload a bunch of libs otherwise), in which time any forgery will be discovered anyway.
Note that a quick search indicates that there are no less than 5 currently active and 3 inactive keys belonging to "Damien Miller" (and there seem to be about 5 different Damien Millers who use PGP) on the keyserver, so there's not much reason to trust that this one is actually him.
Mike
Re:Where is the public key to check the sig?
on
OpenSSH 3.5 Released
·
· Score: 2, Informative
If you are referring to Damien Miller's public key, you can get it off the keyservers. Or, you can get it right here:
They do have a GPG detached sig. The portable version is signed by Damien Miller (and verified, and it matches the MD5), for example. But, on the other hand, Damien miller's key has no sigs on it, so there's no reason for us to believe that it really belongs to him...
So, in the end, you're just going to have to trust that *somebody* isn't out to get you, unless you want to run through the source code line-by-line......Or, you can download it now, wait a few days (faster than examining the source), and see if they post "OpenSSL trojaned!!" to the front page of Slashdot, then install it. Take your pick.
Here's my view on the MS apps for MacOS X. I'm not a computer god, nor have I used all of these products for extensive periods of time, but on the other hand, I'm not an Apple PR agent either.
Office X: great application suite, costs too much money. I use Appleworks, which is not as easy to use as Office. However, it does come preinstalled, and it lacks a certain Clippy and a million auto-incorrect features (most of which I just turn off anyway). Not to mention it's smaller. Any assignment that requires technical typesetting, I use TeX, which is much easier to install/use under MacOS X than Windows. It's nice having a command line to type latex whatever.tex into:-)
MSIE: The best browser I can find on OS X. Faster than Mozilla, better plug-in support than Chimera. It's funny how Moz renders as fast as MSIE, if not faster, but you have typing lag in the Address bar if other stuff is running, and that's just not acceptable. MSIE is buggy, but of course you have the same problem with Chimera and Moz.
Entourage: Never used it. My mail client is Mail, which has just about everything I ever wanted in a mail client: dock status icons (without being annoying), a good junk filter (although I rarely get junk mail), fast interface, and supported by PGP 8.0. Entourage is, too, but not as well: you can't use PGP/MIME or automatic decryption (with a password of course). I live Apple's silly iCal for scheduling, because I keep most of my scheduling info on a dead-tree calendar.
Various other comments about MacOS X vs Windows: I haven't broken it yet. Fink (beta under Jag) is buggy, and has screwed up some UNIX installs (crash while patching config files, etc), but that hasn't screwed up any native apps and the UNIX ones mostly work right (GIMP runs great). It's not that surprising either when installing unstable packages with a package manager in beta.
Non-UNIX stuff installs much more easily than in Windows. I hate the Windows install wizards. It's also easier to uninstall most programs (trash the app's folders in applications and Library; use Locate to clean up any additional files from poorly written apps; often they put stuff in app support too).
And perhaps the best thing is, I can ssh into my computer from across campus! Not to mention run Apache...
WalMart can choose what they want to carry. They did the following analysis: (# people we will piss off by selling their kids a porn game)*(# people each of them will get to boycott our store)*($$ those people would otherwise spend here) vs (# people we would buy a porn game at WalMart, of all places)*(price of the game) + (# people who will boycott WalMart for not selling porn)*(percentage of those people that don't already know WalMart doesn't sell porn)*($$ they would otherwise spend)
It isn't hard to figure out that the first number is bigger:-)
The one thing that scares me about that this post is the last line:
I can't wait until these batteries are available.
And what are you going to do with your 20-pack of mini C4 charges? Unless, of course, you are an army officer (I can't see why a private would be so excited about a new weapon).
You can still get your data. They do not erase it. They do not erase your keys. They do not erase anything, the program just doesn't work anymore. If you want your data back, you can still get it back with the freeware version which will be released by then, or with GPG, or with an older version of the software, or whatever.
The exception is if you have your data on a PGP disk, in which case you will have to go through some trouble, like buying the commercial version. The idea is that you are just testing that feature in the beta, not relying on it to store your data. But, hey, you can always set the date to December 6, launch the program, decrypt your data, and go on your merry way.
Slashdot Mirror
... but the real measure of steganography is detectability. It is very difficult to make steganography that cannot be detected statistically. Even Outguess is broken now. And I doubt that this method will be "secure," especially if whoever is spying on you watches the image in transit. Then if you subtract the message out you are SCREWED, because they xor and find it, or at least an encrypted version. In any case, they can prove the message is there. However, if they don't have access to your computer until afterward, just erase the images and you're fine, or JPEG them to remove the steg, or whatever. In fact, if nobody is watching your communications, why the heck would you use steg in the first place?? Looks like a proof of principle, not a real steg scheme.
There is, by the way, a graphics tablet version of this already integrated with the system, as part of the Inkwell handwriting recognition software.
weird. Works perfectly with the wheel button on my Logitech mouse (has only 2 buttons + wheel, but good enough for me). Blame Microsoft as usual, I guess. However, I agree that more directions would be useful, if hard to pull off. I mean, if you make their G thing, do you really make right-hand turns?
Well, you have to have some activation for the gestures. So you can't trigger them by accident unless you set a stupid modifier (like button 1). Having a 2-button mouse+wheel (native support in OS X!!!), I bound "gesture" to the wheel button, and haven't screwed up yet because I never press the wheel for other reasons.
Right. So they shouldn't have to make the page accessible to blind people either, right?
I agree, the Searchking case is ridiculous. But your logic is flawed.
"Free as in beer" means free in the same sense as "FREE BEER!!!!" signs, i.e. it doesn't cost you anything. Of course, such signs often lie, but that's not the point. Free as in speech means you can do basically whatever you want with it, a la GNU GPL, which says essentially:
"you can copy this program as much as you want, edit source code, redistribute it, reverse-engineer it, sell it, etc, but anything you give/sell to other people based on this must be licensed under the GPL, except that you can put warrantees on it, too."
You might have to pay for a GPLed program (eg RedHat Linux), but you can go and give free-as-in-beer (or even not free-as-in-beer) copies to all your friends, as long as you give them the GPL too. Free-as-in-speech is also known as copyleft.
Parent is troll, or else trying to be funny but isn't. I'll bite anyway.
Basically, Sandia is betting the safety and sanctity of the Free World on computer simulations... Basically, you're saying the safety of the free world rests on our ability to blow the rest of the world off the face of the earth with nukes. But you know what? We can do that already. We have enough ICBMs to kill the "godless commies" a hundred times over, and i have no idea why we are doing more testing unless it's for some sort of intercepter. Now those have to be modeled first, and you can't test them anyway because that would require an atmospheric blast (bad).
Please, contact your local senator and representative, explain the dire need for the US to resume nuclear testing to prove that we have a valid, proven deterrent. See above, for why this is unnecessary. Also recall the so-called "Nuclear Test Ban Treaty." I wonder what that does....
In conclusion, the parent is a troll or a very stupid bigot. Let's hope it's the former.
Although I would be extremely frustrated in your situation, I don't think that Apple has "ripped you off again." Presumably you thought the upgrade was worth it, otherwise you wouldn't have bought it. I fail to understand how giving other people freebies "fucks you over." Unless those other people are competing with you. Which, unless you have some unusual circumstances, they are not.
You're right, you need four, but this isn't why, and the math is ugly. You can't tell how far away a signal is from a given point, unless it's broadcasting with known constant strength or sending a time signal or something like that. What you can tell (sometimes) is how far away the signal is from router A, compared to router B. You might have a ratio of distances, or a difference of distances, either of which pinpoints location on a hyperboloid. This surface is two-dimensional, and for every reference you add, you strip off one dimension, so you need two more references. After that, the solution will be unique with high probability, as long as your references are not coplanar. The math, requiring simultaneous quadratics, is not pretty.
If you could tell the exact distance to the signal from each access point, you could probably place 3 of them cleverly to give you a good location. For example, if the access points were on the top floor, you take the solution below them, unless you believe the person accessing your network to be warskydriving.
Frog generators!
It's the "Jovial" one right now, but for a while it gave an error:
HTTP error 403: file is none of your business
You have a lot of nerve even clicking on this link.
elsif($a 0)
die "Error: You shouldn't see this unless I forgot a less than sign (or Slashdot removed it)."
Yep. I had a Mac LC. I changed my bomb error to say, "someone set up us the bomb!" Fun, editing error messages. There's a hack somewhere that replaces the BSOD with Haiku:
Windows XP crashed.
I am the blue screen of death.
No one hears your screams.
One for some disk-scanning tool was:
Three things are certain:
Death, taxes and loss of data.
Guess which has occurred.
Then there's the
+++OUT OF CHEESE ERROR+++
+++MELON MELON MELON+++
+++REDO FROM START+++
error, copied from The Hogfather
The problem with dry ice is that it's dangerous (CO2 asphyxiation) in closed areas. Not if you ventillate right. Remember that CO2 is heavier than air, so a high vent and a low vent solvethe problem.
I think you may have to reconsider that when these come out.
Just like the floppy was killed by the Zip disk. Seriously, what you need in a floppy replacement:
Cheap. This should happen over time.
Random access. Not the case with current CDRW, but could happen with this Philips thing.
DEPLOYED EVERYWHERE. I doubt it will happen with this drive. CDs are just too good, and I can't see the point for home computers in having anything smaller than mini-CDs. Cellphones or cameras, maybe, but it's not like the average Joe has a camera or a bleeding-edge media cellphone. We'll see in about 2 years. On the other hand, you could make a bitching USB keychain out of these things (except for the moving parts). Maybe pocket drives will catch on, but for £70?. Whatever.
SUPPORTED BY BIOS. Not going to happen for a good long time.
It would be pretty cool if they could build a decent screen into a pair of glasses though. Then the portability of something this size would be a definite benifit.
Yes! NOMAD, here I come!
Yeah. Like DVD-R. Everyone was raving about how you could burn a disk with 5GB on it instead of 700MB, but you don't see those on the market...
Oh, wait...
Mr. Miller should get his key more widely signed then.
Signed by whom? It would take a people signing each other's keys for him to get into my (relatively small) web of trust. And if he isn't, there is absolutely no reason to trust the sigs. If someone wanted to impersonate Damien Miller, they could just make 10 fake keys and sign Damien's fake key with them. So you just have to trust that this is the right key, in which case you might as well take it on faith that the file isn't trojaned or that the MD5 sum is correct.
I'm not that paranoid, so I don't care. The MD5 matches, as does the sig, which convinces me. I also have a Mac, and Apple hasn't released a native installer for this yet, so I might as well wait and save myself a messy UNIX install (have to dowload a bunch of libs otherwise), in which time any forgery will be discovered anyway.
Note that a quick search indicates that there are no less than 5 currently active and 3 inactive keys belonging to "Damien Miller" (and there seem to be about 5 different Damien Millers who use PGP) on the keyserver, so there's not much reason to trust that this one is actually him.
Mike
If you are referring to Damien Miller's public key, you can get it off the keyservers. Or, you can get it right here:
f ga QvCvqK0bN0AF1ZG slfCqQn9ACTmsn42 +VCyW4hdwUGSBS6 Z2O7tFDnJNagF55v lnK0uMQwCg/8RUW PYJwAuhiQWAKxGRw p/ZyTaWCSERUBRV KbtVSZvRkgUfRNOk rcH2eiY8Iz6est1 6qDzLPdx6F3BAk2L G+TTwlKUPuGqOtb QnMm9Jat/yg9N6ni gSIiFyG8ixh1671 5AcPMST5v7v6O/ug 9aYWERZ0zjUhRHp PS5LeXHs28oVLlH7 QuRGFtaWVuIE1pG 1pbmRyb3Qub3JnPo hXBBMRAgAXBQI6o 7LA4b/nEiDMgCZAU zKq241h5GTJxC0I dasvS9uQINBDqa5t QQCADz/XnCcyleJ NOGp398Eh4Q9rkEp 5NH1qVecG953FuD 2VOY3h7SyfU25pcY iHEa1grfKPVoWm9 wgJR6H69lp4/cD2G yNaGarwY9HLvHFF FHrM0AzveIswgNpJ 0xNWXX8iXGsr3Y8 WdtmAylsio5+iZfW tdOb/Xpk2Yx5Ld+ bBZ0NjScNBo3kPSS CnQ6jRHokkz55rf Kke/TdT6wuCb4CdF S6tPgPrfYV+iwqj emEdIouShelikAAO 7QDKMr7vAjH8n0h pQGSaTukdPjKlG7s KwMu20ssK9DGVpu BVCsyf2D6GNW97Pf KQSkzFeZsbVB4Sj 4izawUiEYEGBECAA YFAjqa5tQACgkQA os+IiyAgAAn02wGO l1Wo/YJ+RY+c6K
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0 (Build 288) Beta
mQGiBDqa5pwRBADJSEyXXsgXiyytN93prDPTPmrueRP9lQQ
Vxxk9wlSXQp3+Qw5+qqsN5ovzsn39r9pq
5myh65ZJTK1ufWCZFssxQ0EiALagu4DlH
QYDmisEHjkarAapPaupxjhkD/j9riCVas
4Dg9QxpuwHKIT8BeDA3hJa/9Yxu5jec2N
J64dGWuGMKQW0GEqW+OXpRTTPJZ0mgPmU
6u2EA/4+1CBYZ8mXq9GJnLRBPAoYwSJJz
gGGKfzvpjY7DeJzDI0Cub+tRova8gFg+T
ybtYLYhUUbdYM29PwGBNfZhGIOYwfFE9U
bGxlciAoUGVyc29uYWwgS2V5KSA8ZGptQ
muacBQsHCgMEAxUDAgMWAgECF4AACgkQz
guS6ht9i9ZsAoL/oXCmFsofARehZF6Aak
9hmxgyntr35ZQJKx9g6ftBw178JSwM3O7
edT9IAXqr8pjp5tdqMYCcaKy+aJ0Sw1zV
53IwWGVVtquF5dimAe75+D0aXyVCOv0Ez
vXONY2qm/GV5OjyOUO41gmQ4pyXQh+goc
Cvqm7JoIU9JKxDV+96bxDLfTdKpoLYKb6
ady9/+n3m6cvAAURCACrvoVSbd0MR0FWX
+MHe7dqxCJ3pmu7aROl2fgug6wob+7+qX
2NB/BatePGg7Z6UALaULQ0m83DCEVLJNn
zwMpwRMXnvCM6zYlS9i1kOm8LVATk0Wyi
PgulTZ7rHqXl4juY8LQ2j4dPNaPoKWG8J
RQrVTchgBSYoxRVW3fLk/yc3TC5Abh6Gp
zo7LA4b/nEgftgCdHIZUDVAWDRa5siSi8
N58TmAPE
=rCFY
-----END PGP PUBLIC KEY BLOCK-----
They do have a GPG detached sig. The portable version is signed by Damien Miller (and verified, and it matches the MD5), for example. But, on the other hand, Damien miller's key has no sigs on it, so there's no reason for us to believe that it really belongs to him...
...Or, you can download it now, wait a few days (faster than examining the source), and see if they post "OpenSSL trojaned!!" to the front page of Slashdot, then install it. Take your pick.
So, in the end, you're just going to have to trust that *somebody* isn't out to get you, unless you want to run through the source code line-by-line...
I think su was already taken :-)
Here's my view on the MS apps for MacOS X. I'm not a computer god, nor have I used all of these products for extensive periods of time, but on the other hand, I'm not an Apple PR agent either.
:-)
Office X: great application suite, costs too much money. I use Appleworks, which is not as easy to use as Office. However, it does come preinstalled, and it lacks a certain Clippy and a million auto-incorrect features (most of which I just turn off anyway). Not to mention it's smaller. Any assignment that requires technical typesetting, I use TeX, which is much easier to install/use under MacOS X than Windows. It's nice having a command line to type latex whatever.tex into
MSIE: The best browser I can find on OS X. Faster than Mozilla, better plug-in support than Chimera. It's funny how Moz renders as fast as MSIE, if not faster, but you have typing lag in the Address bar if other stuff is running, and that's just not acceptable. MSIE is buggy, but of course you have the same problem with Chimera and Moz.
Entourage: Never used it. My mail client is Mail, which has just about everything I ever wanted in a mail client: dock status icons (without being annoying), a good junk filter (although I rarely get junk mail), fast interface, and supported by PGP 8.0. Entourage is, too, but not as well: you can't use PGP/MIME or automatic decryption (with a password of course). I live Apple's silly iCal for scheduling, because I keep most of my scheduling info on a dead-tree calendar.
Various other comments about MacOS X vs Windows: I haven't broken it yet. Fink (beta under Jag) is buggy, and has screwed up some UNIX installs (crash while patching config files, etc), but that hasn't screwed up any native apps and the UNIX ones mostly work right (GIMP runs great). It's not that surprising either when installing unstable packages with a package manager in beta.
Non-UNIX stuff installs much more easily than in Windows. I hate the Windows install wizards. It's also easier to uninstall most programs (trash the app's folders in applications and Library; use Locate to clean up any additional files from poorly written apps; often they put stuff in app support too).
And perhaps the best thing is, I can ssh into my computer from across campus! Not to mention run Apache...
WalMart can choose what they want to carry. They did the following analysis:
:-)
(# people we will piss off by selling their kids a porn game)*(# people each of them will get to boycott our store)*($$ those people would otherwise spend here)
vs
(# people we would buy a porn game at WalMart, of all places)*(price of the game) + (# people who will boycott WalMart for not selling porn)*(percentage of those people that don't already know WalMart doesn't sell porn)*($$ they would otherwise spend)
It isn't hard to figure out that the first number is bigger
The one thing that scares me about that this post is the last line:
I can't wait until these batteries are available.
And what are you going to do with your 20-pack of mini C4 charges? Unless, of course, you are an army officer (I can't see why a private would be so excited about a new weapon).
You can still get your data. They do not erase it. They do not erase your keys. They do not erase anything, the program just doesn't work anymore. If you want your data back, you can still get it back with the freeware version which will be released by then, or with GPG, or with an older version of the software, or whatever.
The exception is if you have your data on a PGP disk, in which case you will have to go through some trouble, like buying the commercial version. The idea is that you are just testing that feature in the beta, not relying on it to store your data. But, hey, you can always set the date to December 6, launch the program, decrypt your data, and go on your merry way.