Sure. Technically, that's all it will ever be. It still remains an additional requirement on the system that didn't exist before.
In fact, assuring that both keys get destroyed after use, so they can't be used to decrypt recorded messages, is one of the weak points of one-time-pad key administration........Using something like quasar noise - with an intractably large selection-key space - lets you get away with distributing only a small amount of information by your initial secure channel without limiting the amount of information you want to transmit later
All this is true, but needs to be put together to illustrate the issues.
Using Quasars, there still exist two sets of data (A&B) that must be destroyed. If you're saving the quasar data alnog with the messages, it's just like saving those paper sheets of random characters. Using this "key" creates a THIRD bit of data (C).
So now I have to protect A, B and C. Yes, it reduces the amount of bits going through your secure channel, but the only added security (not convenience) you get is in the case where Eve is only able to access a delayed version of the secure channel. There's no justification being provided for why that is such a leap forward in terms of security.
I submit that it's not. It's pretty much trivial to get access to high-speed data networks these days, so why is the case where an attacker can't so significant? It's like saying you're more secure because attackers who can't do long division (at all) can't compute the results necessary read your messages. Sure, there are some people who can't do it, but it's a silly constraint to place on an attacker.
Any built-in addition features in the hardware, the bios or even the preinstalled operating system would be immediately detected and destroy the entire PC business of Lenovo abroad.
I don't think you've thought about this very much, or understand what you just said. How are you going to immediately detect very subtle changes to an IC? Are you superman?
You can't SEE them, and they will be deliberately trying to cover their tracks.
Something like this would actually be very, very hard do detect.
The hardware would be designed to appear normal during things like POST, checksums, etc. Putting no more than five minutes of thought into the subject I can already think of some things to do that would make it very difficult to detect.
Here's a simple example:
Your keyboard has an IC in it. This IC could be modified to record the last 10,000 keystrokes to internal memory. This data would then only be accessible when the proper 1024 bit key was input via the keyboard matrix. It is simply mot possible to detect this without opening the chip.
Do you routinely depackage ICs in your PC and examine them under an electron microscope?
You've also made the poor assumption that Lenovo's cooperation with the Chinese gov't would have to be voluatry. For all we know, the Chinese gov't could have approached a few key people and said "Do what we say or it's off to re-education."
I'm not saying it's definately happening, but dismissing it out of hand is naive. Read about some of the spying techniques we used during the cold war.
However US corporations can inspect the goods returned from manufacturing, verifying that the ROMs and the installed software matches what they provided.
Harder said than done. I could have a chip made that looks just like a ROM, but contains an extra code version that it switches to after say, 100 hours of use.
You could run checksums all you want, but the only way you could catch that is if you either depackage the chips and inspect it, or happen to inspect your computer after it's alreay been in service for 100 hours.
I could even make the chip smart enough to detect when a typical checksum is being done, and revert back to the original code.
People trust computer chips a LOT more than they should.
Such a policy would effectively prevent spying devices because many people would be able to examine the design.
Spying devices are not documented! When things like this are done, a select few people from a supplier are dragged aside to make a modified version of the product. Having access to the drawings for the original, unmodified product does nothing to prevent this.
The ONLY way to tell is to tear the actual product apart, having two vendors and lots of documentation does nothing to help with this.
Instead you just distribute a specifier of what info to grab from the quasars' broadcast
...and when to grab it. You are now adding a time synchronization requirement to the process.
is much easier than doing the same for a pile of data as big as all the messages you'll ever need to send or receive and keeping it secure FOREVER.
1) All the OTP's you're every going to use don't have to be distributed at once.
2) They do not need to be kept secure forever, just until they are used and subsequently destroyed.
See my other post on this, the only additional security here is in the strange situation where an attacker can get only delayed access to your keys. There is no good reason for saying an attacker is subject to this restriction. It's like assuming a safe-cracker can only turn the dial clockwise. It's silly.
Yes, but it's more secure than other keys, because the only way to attack it is to steal the keys before the time that the quasar is monitored. If an attacker discovers the keys afterwards, the key is useless.
In normal OTP, the keys do not exist afterwards, they are destroyed.
There are lots of problems here:
First, there is no fundametal restriction that prevents you from recording multiple sets of data. Second, it would be basically impossible to tell a well-designed man-made transmission from a quasar.
Additionally, it doesn't really solve a problem. Yes, intecepting the key MIGHT be useless afterward, but that's a solution looking for a problem.
Conside the normal OTP scenario:
Alice creates two matching sheets of random data
Alice delivers one of these matching sheets to Bob via a secure channel (also required by the quasar method).
Alice encodes her message and destroys her copy of the key.
Bob receives the message and decodes it
So what step gets eliminated here?
None of them.
The key has to be transferred beforehand, (an additional requirement), and in a normal OTP procedure, you would expect both copies of the key to be destroyed as soon as possible. In the new process you STILL have two sets of data at each end that must be destroyed, and you still have information passing through a "secure channel" that can completely comprimise your secrets. The strength you're touting is not very useful. The ONLY additional protection you get is in a strange hypothetical situation where an attacker can only access a significantly delayed version of your secure channel and does not have sufficient resources to do any recording ahead of time. Without some guarantee that you can always communicate in this implausible manner, you get no added security.
The only real benefit is a *possible* reduction in the amount of data that must pass though the secure channel. I say "possible" because there are real world problems like time synchronizing the receivers, and atmosperic differences between the two locations. (There are reasons why GPS has limited accuracy.)
There's also a major DISADVANTAGE here:
Both parties need to be able to see the same piece of the sky at the same time.
Did you even read my post? I said, IF there are "substantial damages to the corporations ability to make money". Obviously, if there's a sane reason to do otherwise, then it hasn't damaged their ability to make money substantially.
No that's not obvious.
Sun could have charged money for the Java JDK. They chose not to. It's very easy to argume that at least one customer would have been willing to pay money, thus there are "substantial damages".
ANY time a company gives something away you can argue that there are substantial damages.
Think about what you're objecting to.
Think about what you're taking for granted.
An exectuive could easily say that the lawsuit is not worth the risk and financial outlay. They could say it would generate a substantial negative image. They could even say (behind closed doors) that they would risk losing the lawsuit and therefore those patents against OTHER competitors.
Contrary to what you believe corporations are not required to sue to defend patents. IBM has/had a patent on measuring bra cups sizes. Do you see them suing anyone? No they'd look like retards.
Saying that MS would have no choice but to sue is just not the truth. Regardless of what MS actually does, they simply do not HAVE to sue.
You'd just need a tamper-proof electronic design. EPROMs (not EEPROMs, or Flash RAM, just regular non-reprogrammable EPROMs) would be pretty good for this. You write the code onto the EPROM, burn it with a UV, and then it cannot be altered. You then solder the EPROM onto the board, so replacement by someone with access to the electronics is impossible.
I don't think you grasp the amount of resouces that a corrupt individual is able to throw at this problem.
Somebody looking to rig the next presidential election isn't going to go "Oh crap the chip is soldered to the board whatever shall I do!"
They're going to:
desolder the chip and replace it.
piggy-back another chip on top of it.
replace the whole board.
Sneak what YOU THINK is an EEPROM, but is actually a special purpose, backdoored chip onto your assembly line
Or do the last step but at a later date
The point is that your idea is silly. The only way to verify a chip is to depackage it and look at it under a microscope. Saying "I used a PROM" and soldering it to the board is simply not sufficient.
Read up on some of the research WRT to hacking smartcards before further commenting on this subject. The potential gain from a rigged election is easily in the billions of dollars. Spending a few million to get some fake chips made is nothing compartively, and could only be detected by destructive testing. There's a good chance it might not even be detected then.
Exactly the ignorant elitist attitude that will place you near the top of the list when it's time to lay a few people off.
Maybe you aren't aware of this but there are things this in this world that can't be done by just anybody. Brain surgery, pro-sports, quantum physics research, etc.
It's a simple fact of the world that not everyone can do these things. Recognizing that you are one of these people and expecting not to jerked around is not elitist, it's basic self respect.
Fact of the matter is that management needs tech and tech needs management, but neither needs arrogant know-it-alls like you.
I don't think you get it. TFA is basically calling people unprofessional because they don't dress a certain way.
THAT'S arrogant and elitist. It's the damn definition of arrgant and elitist.
Time is not on your side. A more polite and still smart and pleasant to be around kid will soon replace you. Sure they will need some training and education that comes with experience, but the benefits to the management, that you are so quick to insult, of this new fresh blood out weigh your value.
You wish. Senior technical people make good money for good reason. They've been around enough to have enough real world experience not to make REALLY costly mistakes on their employer's time. And contrary to certain people's beliefs education doesn't stop when you get your B.S.
It would also be nice if you could understand that HIS COMMENTS WERE ONLY DIRECTED AT THOSE JUDGING HIM BY HIS APPEARANCE. He's right. Those guys are jerks. He doesn't want to work for them, nor do I.
If you're making technical decisions based on how people dress, you are incompetent and not worthy of respect. It's not that you need to know everything I do to be respected, you just need to not be an asshole.
Ask enough people for "executive summaries" until you know enough not to make silly, arbitray decisions. Do your damn job right and people will respect you. People DIE beacuse of managers like that making bad decisions on critcal projects. (People do not die because an engineer wore a t-shirt to work.)
This is entirely true and will always be true in every situation. If someone materially infriges on a corpoations patents and there are substantial damages to the corporations ability to make money, the corporation has a duty to it's shareholders to enforce the patents.
No it doesn't. As long as leadership can show even a slightly sane reason for doing otherwise, they can do as they please.
As othershave said, the logic you're using would require companies to hire lowest bidder for ever project. It's just nonsense. Companies give things away, overpay, etc all the time. The cases where someone is actually brought to task are those where there is a really grevious abuse.
Failure to enforce bullshit patents is really not an example of such negligence.
And I still think that the patent is bogus.
(You know, it's an innovation because... well... everybody did this, but never on... well, you know... small, portable computers. Yeah, there, it's a complet novelty.)
And the worst part is that becuase they have a patent, the burden of proof is on you to prove that it's invalid.
What this country needs to do is drop the presumption of validity from all patents. The validity of patents should be decided in court cases, with expert witnesses, not by an organization that has a financial incentive to receive as many patent applications as possible and is not punished for granting bogus patents.
You aren't distributing the software with dynamic linkage. And you're not creating a derivative work either, not in the way copyright law defines it.
1) Somehow I get the feeling this isn't metioned explicitly in copyright law....
2) With enough money and a few expert witnesses, it seems pretty obvious that you would be able to show that it is indeed a derivative work.
Consider:
-If I write a "Harry Potter" book with all the same characters, sure I'm not actually distributing someone else's work verbatim, but it's pretty easy to show that I'm profiting of someone else's creation without compensation.
-If I write a real derivitve work of a piece of code and just distribute.diff files, obviously it's still a dervitive work. I may not be distribuiting it in the same format, but using a diff file or dynamic linking is not some magical loophole.
-Regarding loopholes, if what you're saying was really the standard to be used it becomes possible to distribute derivative works of ANYTHING simply by doing a diff and recombining them on the receiving end. I take your painting, make a.gif of it, paint on top of it in another transparent.gif and now I'm in the clear if I only distribute the transparent.gif? Even when I explicitly say it's a derivitve work that requires the other work to be meaningful?
I see that argument a lot, but y'know, I can download an ISO of any major distro via plain ol' FTP or HTTP as fast as my cablemodem will let me.
Please post links to the servers you're using here, especially right before the release of a new version, that should fix things for you.
Bittorrent is *great* for distributing things like ISO's, and UNLIKE FTP SERVERS, IT SCALES.
Those FTP servers may be fast enough for you today, but when 5,000 people decide they want the same thing at the same time, it's going to choke. Bittorrent copes with this gracefully.
Did you RTFA? The analogy is more like Honda buying the Ferrari company and allowing them to continue building the same cars.
If they're going to allow them to do everything the same as before then WTF did they buy them for?
Obviously they plan to change things at both Alienware and Dell or the purchase would be just plain stupid. Use some common sense! It's really more of a question of how long is it going to take Dell to suck the soul out of Alienware, not if it's going to happen.
I'm assuming most geeks are against the click-thru license agreement.
Here's how it works:
1) I am against license agreements in installers. By the time you have the installer, you either have all the rights you need to run the program via default copyright laws, or you are pirating the software.
2) I am NOT against click through license agreements before you can purchase/download software. This is fair as your are making an informed decision. You are being given the details up-front, and are making an informed decision.
3) I am NOT against automatic agreements for DISTRIBUTION of copyrighted works. This is something not allowed by default copyright laws, so the onus is on you to find out IF you are even allowed to distribute it or make derivative works.
I think this is a pretty reasonable stance. There's no need to kill a bunch of trees. The problem isn't the lack of paper and signatures, it's the agreement being sprung upon you AFTER you already have the legal rights to run the software. It's like buying a house and finding a sticker on the door that says "By breaking this seal you agree to the following terms...." No judge in their right mind would stand for such a thing and the standard really should be applied a CDROM, the same as it would be for a book.
When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.
So every time I log into my bank the NSA is trying to crack that transaction? I don't think so.
Believe it or not, there are a LOT of people with good reasons to use encrypted email/browsing/VOIP/etc.
I would suggest what happens is more like:
"Well Bob, here's another message we can't read. Let's do some simple traffic analysis on it to see if it looks suspicious. If so, we'll do some more detailed traffic analysis and maybe we'll archive it until Joe finishes that quatum computer he's working on downstairs."
The plaintext messages are simply going to be subject to analysis of their contents AND traffic analysis. If EITHER of these looks suspicious, they will be examined further. Really, that would mean your chances are higher of being monitored with a plaintext message, assuming you talk to the same people.
It's plausible that they could apply a weighting to encrypted messages, but this would work against their traffic analysis. Even if the weighting did turn out to be beneficial to them, it still probably would not be greater than the penalty you would be facing (in increased monitoring) for sending your messages in the clear.
What you're doing is sort of like saying "OMG don't paint your windows black it will make people suspicious!"
Yes, it will, but only moderately so. It's not like you would be the first guy in history have a darkroom.
So interest in what's behind the windows might slightly increase, but not to a huge degree since there are plenty of perfectly reasonable explanations. Meanwhile the chance of someone successfully monitoring falls dramatically. Overall, it's a win.
Wow! You are exactly the sort of guy I was talking about!
You just keep telling yourself that if it makes you feel better.
I am simply stating what is common knowedge. Being convicted of antitrust violations means nothing to you? What I'm saying has been argued and proven in a court of law and you have not provided a single shred of evidence to the contrary.
Tell you what, go convice both the US and the EU that Microsoft actually isn't a monopoloy, then we'll talk about it.
Environments that roll out patches ad-hoc, with no scheduling or testing, are "mis-managed".
This is a straw-man argument. There is nothing about releasing a patch when it's ready that means there can be no testing or "scheduling" before you do so.
You seem to exist in a fantasy world where logical fallacies don't exist.
In the REAL world it is possible to finish something on ANY day of the month. (It is also possible to have your server broken into on ANY day of the month.)
If you want to do N days of testing on your patches before you install them, then that's your decision. The day of the month you get these patches, does not affect the rate at which time passes by any mystical means so any unnecessary delays are IN ADDITION TO THE N DAYS OF TESTING!
In my opinion, you're much better off having a backup system than trying to "test" patches. While you're "testing" the patch, someone else is reverse engineering it to find the bug it patched.
I'd say a big part of your problem is that you don't seem to understand there are worse things than downtime.
Scheduled maintence is for upgrades and minor bug fixes. It's like changing your oil.
Remote root expliots are like having a blowout or more correctly having your power windows stuck down in the middle of Harlem.
You can make all the emotional arguments about how professional you are, but in reality your client's ass is hanging out it the wind until that fix is installed.
Sure it's nicer for you to have ONLY scheduled maintence. It keeps your hours nice and predictable. In reality it's really not any different than a locksmith refusing to work at particular times.
It's not that work he's doing at mindnight is automatically worse than work he's doing at noon. It's not that he can't test his work at midnight. He just doesn't like getting up at midnight to solve his client's problems.
Actually they reflect reality and are the result of customer requests.
Microsoft has a monopoly. What they do is not a direct reflection of consumer demand.
In managed environments, patches are almost never applied ad-hoc, as they are released. They are collected together then tested and rolled out on a schedule, usually monthly.
Perhaps you mean mis-managed?
Patches should be released when they're ready. Tools should apply them once this happens.
Wating around for a specfic day of the month is silly.
Unbuntu is not the only distro to fix things on a timely basis. Gentoo does this as well.
You don't seem to get it: Every set of software may have vulnerabilities, what sets them apart from each other is:
A) The number of vulnerabilities
B) The severity of these vulnerabilities
C) The time to fix these vulnerabilities
C) IS IMPORTANT.
I don't care what the vendor's patch cycle is, I want it fixed BEFORE someone exploits it. Do you think attackers wait until a specfic day of the month before breaking into your system?
With computers, people tolerate shit they would never tolerate anywhere else. If the front window of your business was smashed, would you accept the response, "We only fix windows on the second Tuesday of each month."?
Of course not, you'd call up someone else to fix it and get them out there asap. You're not going to take foolish risks because of someone else's arbitrary constraints.
Actually I've always thought the ultimate geek dwelling would just be a single floor of some old industrial buidling; someplace where you could hang cable trays directly from exposed cieling beams. (Not to mention 3-ph 480V power, for when you pick up that surplus Cray on eBay.)
I guess if you go down that route, you'd pretty much have to give up on ever getting laid there, though.
Just buy some blinkenlights and have a rave there every once in a while:)
No, it's not. "hate speech" in this country is the incitement of hatred, with a view to violence, against an identifiable group of persons. "Black people commit crimes hurrrr" is not hate speech. "Kill all the niggers" is.
A) Somehow I doubt you are one of the judges who gets to decide what this means, so your particular interpetation doesn't matter.
B) It's completely ridiculous to think the goverment would stick to the strictest definition. Goverments have a habit of bending the rules when it suits their purpose.
C) The defintion you gave is incredibly vague. Saying that you support say, the war in Iraq, would easily fall under that definition. Are Canadains, as individuals not allowed to decide which wars they like and do not? We're not even talking about actually doing something here, just speech!
The only thing that is really censored is hate speech (including Holcaust denial).
First off, one man's "hate speech" might be another man's social commentary. This is particularly true in the case of unflattering statistics about certain ethnic groups.
Second, the level of freedom of speech in a given society has to be measured by the ability to say the most unpopular things you can think of. Societies don't censor people's ability to say "I like flowers."
Third, it is important to let people with stupid ideas actually proclaim them in public so that they might be corrected in their errors. Let both sides have their say and let the free market of ideas decide.
Fourth, by banning "hate speech" you are putting in place the mechanism for yet another holocaust. Part of the reason Hilter was so successful in his campaign was his ability to suppress information. All one has to do is redefine "hate speech" to mean "anything dangerous to those currently in power. Now they can censor their opponents as hateful "anti-canadians".
Similarly, if the police EVER pull you over and ask you if they can search your trunk or vehicle during a routine stop, you can refuse. I have done so, with no recriminations.
Same here.
There's really nothing to to lose by refusing.
A) If the cop thought he had probable cause, he wouldn't be asking in the first place.
B) Cops love to search cars because they get to mess them up and not fix anything. (Think everything in your car sitting in a pile in the dirt and possible damage to your interior.)
I think the issue with the popular views of cell phones on aircraft is the idea that if the interference is a valid issue, then any flight with a cell phone turned on will crash. In reality they're just not sure about the risks, and are trying to minimize the odds that a cell phone might contribute to a crash. As the article itself pointed out, there might not be any direct evidence that cell phones definitely cause plane crashes, but there are crashes where the cause is unknown and cell phones may have contributed.
This doesn't really say much. Anything that was going on *might* have contributed to the crash if the cause is unknown.
Just because most flights manage to reach their destinations--despite the fact that passengers often leave their cell phones turned on--doesn't mean that it isn't a risk, one that the airlines would prefer not to take, since ultimately the airlines are responsible for the safety of their passengers during the flight.
Sigh.
People just don't get it. There may be a risk. It's a possibility. A small, mostly undocumented one, but it's there.
What do you do about it?
You could do something totally futile, like asking people to turn off their cellphones. As I've already explained, this doesn't help you much, it's a given that there will be cellphones, laptops with wifi, etc in the sky.
OR you could do something reasonable, like going around checking your aircraft for susceptibility to out of band transmissions, which would have a MUCH higher probability of actually helping the situation. As a bonus, it would also tell you the approximate severity of the risk.
What you're doing is sort of like arguing the effectiveness of "duck and cover" drills in the event of a nuclear war. You're much better off expending your energy elsewhere.
It doesn't matter which version of Windows you run (okay, not necessarily with '95, '98 or something even more ancient) you can install the same.exe file and run it.
So actually, you can't.
On the other hand, with Linux, you usually have to get the executeable for your specific CPU if not your CPU and flavor of Linux.
With windows you *also* need this. It's just that windows isn't availible for very many CPUs. Try running a 64 bit windows app on your pentium pro.
Same thing with windows versions. Apps usually don't work across all windows versions.
Once again, you'd don't really have a point.
Or, God forbid, you actually have to download the source and build it yourself, which has happened with me with a number of apps because I simply couldn't get the package to install for some reason or another (maybe I couldn't find one of its dependent packages or I couldn't install one of the dependent packages).
You should be using software that manages dependencies for you. What are you running, linux from scratch? Seriously though, you're compaing about things that don't make sense. Tools exist that handle this, yet you're implying it's a universal truth about running linux. It's BS.
Just to give a single example, something as simple as a CPU temp monitoring app, turned out to be a nightmare. I spent 3 days trying to get a couple of them installed. Never managed to pull it off, despite passing tons of messages back and forth on linuxforums.org
Did you never get them installed, or did you never get the actual drivers configured? Somehow I suspect it's the later... something which is a non-issue if you're buying a preconfigured box from Dell.
MPlayer, for example: An app for watching movies, is command-line. That makes no sense to me. Sure, I can get a front-end for it, but why don't they just include one so I don't go have to find one
It does include one!
I use it all the time. Type "gmplayer".
If you're gonna suck at Linux fine, but don't go around pretending it's someone else's fault!
Slashdot Mirror
The synchronization can be approximate.
Sure. Technically, that's all it will ever be. It still remains an additional requirement on the system that didn't exist before.
In fact, assuring that both keys get destroyed after use, so they can't be used to decrypt recorded messages, is one of the weak points of one-time-pad key administration........Using something like quasar noise - with an intractably large selection-key space - lets you get away with distributing only a small amount of information by your initial secure channel without limiting the amount of information you want to transmit later
All this is true, but needs to be put together to illustrate the issues.
Using Quasars, there still exist two sets of data (A&B) that must be destroyed. If you're saving the quasar data alnog with the messages, it's just like saving those paper sheets of random characters. Using this "key" creates a THIRD bit of data (C).
So now I have to protect A, B and C. Yes, it reduces the amount of bits going through your secure channel, but the only added security (not convenience) you get is in the case where Eve is only able to access a delayed version of the secure channel. There's no justification being provided for why that is such a leap forward in terms of security.
I submit that it's not. It's pretty much trivial to get access to high-speed data networks these days, so why is the case where an attacker can't so significant? It's like saying you're more secure because attackers who can't do long division (at all) can't compute the results necessary read your messages. Sure, there are some people who can't do it, but it's a silly constraint to place on an attacker.
Any built-in addition features in the hardware, the bios or
even the preinstalled operating system would be immediately
detected and destroy the entire PC business of Lenovo abroad.
I don't think you've thought about this very much, or understand what you just said. How are you going to immediately detect very subtle changes to an IC? Are you superman?
You can't SEE them, and they will be deliberately trying to cover their tracks.
Something like this would actually be very, very hard do detect.
The hardware would be designed to appear normal during things like POST, checksums, etc. Putting no more than five minutes of thought into the subject I can already think of some things to do that would make it very difficult to detect.
Here's a simple example:
Your keyboard has an IC in it. This IC could be modified to record the last 10,000 keystrokes to internal memory. This data would then only be accessible when the proper 1024 bit key was input via the keyboard matrix. It is simply mot possible to detect this without opening the chip.
Do you routinely depackage ICs in your PC and examine them under an electron microscope?
You've also made the poor assumption that Lenovo's cooperation with the Chinese gov't would have to be voluatry. For all we know, the Chinese gov't could have approached a few key people and said "Do what we say or it's off to re-education."
I'm not saying it's definately happening, but dismissing it out of hand is naive. Read about some of the spying techniques we used during the cold war.
However US corporations can inspect the goods returned from manufacturing, verifying that the ROMs and the installed software matches what they provided.
Harder said than done. I could have a chip made that looks just like a ROM, but contains an extra code version that it switches to after say, 100 hours of use.
You could run checksums all you want, but the only way you could catch that is if you either depackage the chips and inspect it, or happen to inspect your computer after it's alreay been in service for 100 hours.
I could even make the chip smart enough to detect when a typical checksum is being done, and revert back to the original code.
People trust computer chips a LOT more than they should.
Diversified Technology, Inc. Everything is designed and manufactured in-house. They even do custom projects.
Not true, their website clearly shows that they buy from Intel. Chances are these computers probably use RAM, etc as well.
The point is, they don't make all the parts. They do the assembly and design here, but the parts come from elsewhere.
If we went to war with China tomorrow, these guys would be missing their compenents.
I don't think that an all us-made computer is impossible, but it would certainly be very difficult.
Such a policy would effectively prevent spying devices because many people would be able to examine the design.
Spying devices are not documented! When things like this are done, a select few people from a supplier are dragged aside to make a modified version of the product. Having access to the drawings for the original, unmodified product does nothing to prevent this.
The ONLY way to tell is to tear the actual product apart, having two vendors and lots of documentation does nothing to help with this.
Instead you just distribute a specifier of what info to grab from the quasars' broadcast
...and when to grab it. You are now adding a time synchronization requirement to the process.
is much easier than doing the same for a pile of data as big as all the messages you'll ever need to send or receive and keeping it secure FOREVER.
1) All the OTP's you're every going to use don't have to be distributed at once.
2) They do not need to be kept secure forever, just until they are used and subsequently destroyed.
See my other post on this, the only additional security here is in the strange situation where an attacker can get only delayed access to your keys. There is no good reason for saying an attacker is subject to this restriction. It's like assuming a safe-cracker can only turn the dial clockwise. It's silly.
In normal OTP, the keys do not exist afterwards, they are destroyed.
There are lots of problems here:
First, there is no fundametal restriction that prevents you from recording multiple sets of data. Second, it would be basically impossible to tell a well-designed man-made transmission from a quasar.
Additionally, it doesn't really solve a problem. Yes, intecepting the key MIGHT be useless afterward, but that's a solution looking for a problem.
Conside the normal OTP scenario:
So what step gets eliminated here?
None of them.
The key has to be transferred beforehand, (an additional requirement), and in a normal OTP procedure, you would expect both copies of the key to be destroyed as soon as possible. In the new process you STILL have two sets of data at each end that must be destroyed, and you still have information passing through a "secure channel" that can completely comprimise your secrets. The strength you're touting is not very useful.
The ONLY additional protection you get is in a strange hypothetical situation where an attacker can only access a significantly delayed version of your secure channel and does not have sufficient resources to do any recording ahead of time. Without some guarantee that you can always communicate in this implausible manner, you get no added security.
The only real benefit is a *possible* reduction in the amount of data that must pass though the secure channel. I say "possible" because there are real world problems like time synchronizing the receivers, and atmosperic differences between the two locations. (There are reasons why GPS has limited accuracy.)
There's also a major DISADVANTAGE here:
Both parties need to be able to see the same piece of the sky at the same time.
Did you even read my post? I said, IF there are "substantial damages to the corporations ability to make money". Obviously, if there's a sane reason to do otherwise, then it hasn't damaged their ability to make money substantially.
No that's not obvious.
Sun could have charged money for the Java JDK. They chose not to. It's very easy to argume that at least one customer would have been willing to pay money, thus there are "substantial damages".
ANY time a company gives something away you can argue that there are substantial damages.
Think about what you're objecting to.
Think about what you're taking for granted.
An exectuive could easily say that the lawsuit is not worth the risk and financial outlay. They could say it would generate a substantial negative image. They could even say (behind closed doors) that they would risk losing the lawsuit and therefore those patents against OTHER competitors.
Contrary to what you believe corporations are not required to sue to defend patents. IBM has/had a patent on measuring bra cups sizes. Do you see them suing anyone? No they'd look like retards.
Saying that MS would have no choice but to sue is just not the truth. Regardless of what MS actually does, they simply do not HAVE to sue.
I don't think you grasp the amount of resouces that a corrupt individual is able to throw at this problem.
Somebody looking to rig the next presidential election isn't going to go "Oh crap the chip is soldered to the board whatever shall I do!"
They're going to:
The point is that your idea is silly. The only way to verify a chip is to depackage it and look at it under a microscope. Saying "I used a PROM" and soldering it to the board is simply not sufficient.
Read up on some of the research WRT to hacking smartcards before further commenting on this subject. The potential gain from a rigged election is easily in the billions of dollars. Spending a few million to get some fake chips made is nothing compartively, and could only be detected by destructive testing. There's a good chance it might not even be detected then.
Exactly the ignorant elitist attitude that will place you near the top of the list when it's time to lay a few people off.
Maybe you aren't aware of this but there are things this in this world that can't be done by just anybody. Brain surgery, pro-sports, quantum physics research, etc.
It's a simple fact of the world that not everyone can do these things. Recognizing that you are one of these people and expecting not to jerked around is not elitist, it's basic self respect.
Fact of the matter is that management needs tech and tech needs management, but neither needs arrogant know-it-alls like you.
I don't think you get it. TFA is basically calling people unprofessional because they don't dress a certain way.
THAT'S arrogant and elitist. It's the damn definition of arrgant and elitist.
I'll give you an example from them past:
an interesting anecdote, as told by Charles M. Vest, President of the Massachusetts Institute of Technology, during commencement on June 4th, 1999. "In the early years of this century, Steinmetz was brought to General Electric's facilities in Schenectady, New York. GE had encountered a performance problem with one of their huge electrical generators and had been absolutely unable to correct it. Steinmetz, a genius in his understanding of electromagnetic phenomena, was brought in as a consultant - not a very common occurrence in those days, as it would be now. Steinmetz also found the problem difficult to diagnose, but for some days he closeted himself with the generator, its engineering drawings, paper and pencil. At the end of this period, he emerged, confident that he knew how to correct the problem. After he departed, GE's engineers found a large "X" marked with chalk on the side of the generator casing. There also was a note instructing them to cut the casing open at that location and remove so many turns of wire from the stator. The generator would then function properly. And indeed it did. Steinmetz was asked what his fee would be. Having no idea in the world what was appropriate, he replied with the absolutely unheard of answer that his fee was $1000. Stunned, the GE bureaucracy then required him to submit a formally itemized invoice. They soon received it. It included two items: 1. Marking chalk "X" on side of generator: $1. 2. Knowing where to mark chalk "X": $999."
Time is not on your side. A more polite and still smart and pleasant to be around kid will soon replace you. Sure they will need some training and education that comes with experience, but the benefits to the management, that you are so quick to insult, of this new fresh blood out weigh your value.
You wish. Senior technical people make good money for good reason. They've been around enough to have enough real world experience not to make REALLY costly mistakes on their employer's time. And contrary to certain people's beliefs education doesn't stop when you get your B.S.
It would also be nice if you could understand that HIS COMMENTS WERE ONLY DIRECTED AT THOSE JUDGING HIM BY HIS APPEARANCE. He's right. Those guys are jerks. He doesn't want to work for them, nor do I.
If you're making technical decisions based on how people dress, you are incompetent and not worthy of respect. It's not that you need to know everything I do to be respected, you just need to not be an asshole.
Ask enough people for "executive summaries" until you know enough not to make silly, arbitray decisions. Do your damn job right and people will respect you. People DIE beacuse of managers like that making bad decisions on critcal projects. (People do not die because an engineer wore a t-shirt to work.)
This is entirely true and will always be true in every situation. If someone materially infriges on a corpoations patents and there are substantial damages to the corporations ability to make money, the corporation has a duty to it's shareholders to enforce the patents.
No it doesn't. As long as leadership can show even a slightly sane reason for doing otherwise, they can do as they please.
As othershave said, the logic you're using would require companies to hire lowest bidder for ever project. It's just nonsense. Companies give things away, overpay, etc all the time. The cases where someone is actually brought to task are those where there is a really grevious abuse.
Failure to enforce bullshit patents is really not an example of such negligence.
And I still think that the patent is bogus. (You know, it's an innovation because ... well ... everybody did this, but never on ... well, you know ... small, portable computers. Yeah, there, it's a complet novelty.)
And the worst part is that becuase they have a patent, the burden of proof is on you to prove that it's invalid.
What this country needs to do is drop the presumption of validity from all patents. The validity of patents should be decided in court cases, with expert witnesses, not by an organization that has a financial incentive to receive as many patent applications as possible and is not punished for granting bogus patents.
You aren't distributing the software with dynamic linkage. And you're not creating a derivative work either, not in the way copyright law defines it.
.diff files, obviously it's still a dervitive work. I may not be distribuiting it in the same format, but using a diff file or dynamic linking is not some magical loophole. .gif of it, paint on top of it in another transparent .gif and now I'm in the clear if I only distribute the transparent .gif? Even when I explicitly say it's a derivitve work that requires the other work to be meaningful?
1) Somehow I get the feeling this isn't metioned explicitly in copyright law....
2) With enough money and a few expert witnesses, it seems pretty obvious that you would be able to show that it is indeed a derivative work. Consider:
-If I write a "Harry Potter" book with all the same characters, sure I'm not actually distributing someone else's work verbatim, but it's pretty easy to show that I'm profiting of someone else's creation without compensation.
-If I write a real derivitve work of a piece of code and just distribute
-Regarding loopholes, if what you're saying was really the standard to be used it becomes possible to distribute derivative works of ANYTHING simply by doing a diff and recombining them on the receiving end. I take your painting, make a
I see that argument a lot, but y'know, I can download an ISO of any major distro via plain ol' FTP or HTTP as fast as my cablemodem will let me.
Please post links to the servers you're using here, especially right before the release of a new version, that should fix things for you.
Bittorrent is *great* for distributing things like ISO's, and UNLIKE FTP SERVERS, IT SCALES.
Those FTP servers may be fast enough for you today, but when 5,000 people decide they want the same thing at the same time, it's going to choke. Bittorrent copes with this gracefully.
Did you RTFA? The analogy is more like Honda buying the Ferrari company and allowing them to continue building the same cars.
If they're going to allow them to do everything the same as before then WTF did they buy them for?
Obviously they plan to change things at both Alienware and Dell or the purchase would be just plain stupid. Use some common sense! It's really more of a question of how long is it going to take Dell to suck the soul out of Alienware, not if it's going to happen.
I'm assuming most geeks are against the click-thru license agreement.
Here's how it works:
1) I am against license agreements in installers. By the time you have the installer, you either have all the rights you need to run the program via default copyright laws, or you are pirating the software.
2) I am NOT against click through license agreements before you can purchase/download software. This is fair as your are making an informed decision. You are being given the details up-front, and are making an informed decision.
3) I am NOT against automatic agreements for DISTRIBUTION of copyrighted works. This is something not allowed by default copyright laws, so the onus is on you to find out IF you are even allowed to distribute it or make derivative works.
I think this is a pretty reasonable stance. There's no need to kill a bunch of trees. The problem isn't the lack of paper and signatures, it's the agreement being sprung upon you AFTER you already have the legal rights to run the software. It's like buying a house and finding a sticker on the door that says "By breaking this seal you agree to the following terms...." No judge in their right mind would stand for such a thing and the standard really should be applied a CDROM, the same as it would be for a book.
When the NSA goes datamining, they divide the intercepted traffic into two piles: clear and encrypted. Both piles get processed. Except yours has a red flag next to it.
So every time I log into my bank the NSA is trying to crack that transaction? I don't think so.
Believe it or not, there are a LOT of people with good reasons to use encrypted email/browsing/VOIP/etc.
I would suggest what happens is more like:
"Well Bob, here's another message we can't read. Let's do some simple traffic analysis on it to see if it looks suspicious. If so, we'll do some more detailed traffic analysis and maybe we'll archive it until Joe finishes that quatum computer he's working on downstairs."
The plaintext messages are simply going to be subject to analysis of their contents AND traffic analysis. If EITHER of these looks suspicious, they will be examined further. Really, that would mean your chances are higher of being monitored with a plaintext message, assuming you talk to the same people.
It's plausible that they could apply a weighting to encrypted messages, but this would work against their traffic analysis. Even if the weighting did turn out to be beneficial to them, it still probably would not be greater than the penalty you would be facing (in increased monitoring) for sending your messages in the clear.
What you're doing is sort of like saying "OMG don't paint your windows black it will make people suspicious!"
Yes, it will, but only moderately so. It's not like you would be the first guy in history have a darkroom.
So interest in what's behind the windows might slightly increase, but not to a huge degree since there are plenty of perfectly reasonable explanations. Meanwhile the chance of someone successfully monitoring falls dramatically. Overall, it's a win.
Wow! You are exactly the sort of guy I was talking about!
You just keep telling yourself that if it makes you feel better.
I am simply stating what is common knowedge. Being convicted of antitrust violations means nothing to you? What I'm saying has been argued and proven in a court of law and you have not provided a single shred of evidence to the contrary.
Tell you what, go convice both the US and the EU that Microsoft actually isn't a monopoloy, then we'll talk about it.
Environments that roll out patches ad-hoc, with no scheduling or testing, are "mis-managed".
This is a straw-man argument. There is nothing about releasing a patch when it's ready that means there can be no testing or "scheduling" before you do so.
You seem to exist in a fantasy world where logical fallacies don't exist.
In the REAL world it is possible to finish something on ANY day of the month. (It is also possible to have your server broken into on ANY day of the month.)
If you want to do N days of testing on your patches before you install them, then that's your decision. The day of the month you get these patches, does not affect the rate at which time passes by any mystical means so any unnecessary delays are IN ADDITION TO THE N DAYS OF TESTING!
In my opinion, you're much better off having a backup system than trying to "test" patches. While you're "testing" the patch, someone else is reverse engineering it to find the bug it patched.
I'd say a big part of your problem is that you don't seem to understand there are worse things than downtime.
Scheduled maintence is for upgrades and minor bug fixes. It's like changing your oil.
Remote root expliots are like having a blowout or more correctly having your power windows stuck down in the middle of Harlem.
You can make all the emotional arguments about how professional you are, but in reality your client's ass is hanging out it the wind until that fix is installed.
Sure it's nicer for you to have ONLY scheduled maintence. It keeps your hours nice and predictable. In reality it's really not any different than a locksmith refusing to work at particular times.
It's not that work he's doing at mindnight is automatically worse than work he's doing at noon. It's not that he can't test his work at midnight. He just doesn't like getting up at midnight to solve his client's problems.
Actually they reflect reality and are the result of customer requests.
Microsoft has a monopoly. What they do is not a direct reflection of consumer demand.
In managed environments, patches are almost never applied ad-hoc, as they are released. They are collected together then tested and rolled out on a schedule, usually monthly.
Perhaps you mean mis-managed?
Patches should be released when they're ready. Tools should apply them once this happens.
Wating around for a specfic day of the month is silly.
Unbuntu is not the only distro to fix things on a timely basis. Gentoo does this as well.
You don't seem to get it:
Every set of software may have vulnerabilities, what sets them apart from each other is:
A) The number of vulnerabilities
B) The severity of these vulnerabilities
C) The time to fix these vulnerabilities
C) IS IMPORTANT.
I don't care what the vendor's patch cycle is, I want it fixed BEFORE someone exploits it. Do you think attackers wait until a specfic day of the month before breaking into your system?
With computers, people tolerate shit they would never tolerate anywhere else. If the front window of your business was smashed, would you accept the response, "We only fix windows on the second Tuesday of each month."?
Of course not, you'd call up someone else to fix it and get them out there asap. You're not going to take foolish risks because of someone else's arbitrary constraints.
Actually I've always thought the ultimate geek dwelling would just be a single floor of some old industrial buidling; someplace where you could hang cable trays directly from exposed cieling beams. (Not to mention 3-ph 480V power, for when you pick up that surplus Cray on eBay.)
:)
I guess if you go down that route, you'd pretty much have to give up on ever getting laid there, though.
Just buy some blinkenlights and have a rave there every once in a while
No, it's not. "hate speech" in this country is the incitement of hatred, with a view to violence, against an identifiable group of persons. "Black people commit crimes hurrrr" is not hate speech. "Kill all the niggers" is.
A) Somehow I doubt you are one of the judges who gets to decide what this means, so your particular interpetation doesn't matter.
B) It's completely ridiculous to think the goverment would stick to the strictest definition. Goverments have a habit of bending the rules when it suits their purpose.
C) The defintion you gave is incredibly vague. Saying that you support say, the war in Iraq, would easily fall under that definition. Are Canadains, as individuals not allowed to decide which wars they like and do not? We're not even talking about actually doing something here, just speech!
The only thing that is really censored is hate speech (including Holcaust denial).
First off, one man's "hate speech" might be another man's social commentary. This is particularly true in the case of unflattering statistics about certain ethnic groups.
Second, the level of freedom of speech in a given society has to be measured by the ability to say the most unpopular things you can think of. Societies don't censor people's ability to say "I like flowers."
Third, it is important to let people with stupid ideas actually proclaim them in public so that they might be corrected in their errors. Let both sides have their say and let the free market of ideas decide.
Fourth, by banning "hate speech" you are putting in place the mechanism for yet another holocaust. Part of the reason Hilter was so successful in his campaign was his ability to suppress information. All one has to do is redefine "hate speech" to mean "anything dangerous to those currently in power. Now they can censor their opponents as hateful "anti-canadians".
Similarly, if the police EVER pull you over and ask you if they can search your trunk or vehicle during a routine stop, you can refuse. I have done so, with no recriminations.
Same here.
There's really nothing to to lose by refusing.
A) If the cop thought he had probable cause, he wouldn't be asking in the first place.
B) Cops love to search cars because they get to mess them up and not fix anything. (Think everything in your car sitting in a pile in the dirt and possible damage to your interior.)
I think the issue with the popular views of cell phones on aircraft is the idea that if the interference is a valid issue, then any flight with a cell phone turned on will crash. In reality they're just not sure about the risks, and are trying to minimize the odds that a cell phone might contribute to a crash. As the article itself pointed out, there might not be any direct evidence that cell phones definitely cause plane crashes, but there are crashes where the cause is unknown and cell phones may have contributed.
This doesn't really say much. Anything that was going on *might* have contributed to the crash if the cause is unknown.
Just because most flights manage to reach their destinations--despite the fact that passengers often leave their cell phones turned on--doesn't mean that it isn't a risk, one that the airlines would prefer not to take, since ultimately the airlines are responsible for the safety of their passengers during the flight.
Sigh.
People just don't get it. There may be a risk. It's a possibility. A small, mostly undocumented one, but it's there.
What do you do about it?
You could do something totally futile, like asking people to turn off their cellphones. As I've already explained, this doesn't help you much, it's a given that there will be cellphones, laptops with wifi, etc in the sky.
OR you could do something reasonable, like going around checking your aircraft for susceptibility to out of band transmissions, which would have a MUCH higher probability of actually helping the situation. As a bonus, it would also tell you the approximate severity of the risk.
What you're doing is sort of like arguing the effectiveness of "duck and cover" drills in the event of a nuclear war. You're much better off expending your energy elsewhere.
It doesn't matter which version of Windows you run (okay, not necessarily with '95, '98 or something even more ancient) you can install the same .exe file and run it.
So actually, you can't.
On the other hand, with Linux, you usually have to get the executeable for your specific CPU if not your CPU and flavor of Linux.
With windows you *also* need this. It's just that windows isn't availible for very many CPUs. Try running a 64 bit windows app on your pentium pro.
Same thing with windows versions. Apps usually don't work across all windows versions.
Once again, you'd don't really have a point.
Or, God forbid, you actually have to download the source and build it yourself, which has happened with me with a number of apps because I simply couldn't get the package to install for some reason or another (maybe I couldn't find one of its dependent packages or I couldn't install one of the dependent packages).
You should be using software that manages dependencies for you. What are you running, linux from scratch? Seriously though, you're compaing about things that don't make sense. Tools exist that handle this, yet you're implying it's a universal truth about running linux. It's BS.
Just to give a single example, something as simple as a CPU temp monitoring app, turned out to be a nightmare. I spent 3 days trying to get a couple of them installed. Never managed to pull it off, despite passing tons of messages back and forth on linuxforums.org
Did you never get them installed, or did you never get the actual drivers configured? Somehow I suspect it's the later... something which is a non-issue if you're buying a preconfigured box from Dell.
MPlayer, for example: An app for watching movies, is command-line. That makes no sense to me. Sure, I can get a front-end for it, but why don't they just include one so I don't go have to find one
It does include one!
I use it all the time. Type "gmplayer".
If you're gonna suck at Linux fine, but don't go around pretending it's someone else's fault!