John Stewart, while very funny, definatly wears his politics on his shoulder. Stewart speaks his mind and has openly supported one political party over the other. The CBS anchor job requires a neutral position,
That's silly.
Everone has their biases, it's just about having integrity and doing you job right.
Dan Rather was actually good at hiding his political beliefs, I doubt Stewart could be as successful.
The point is not to hide that fact that you have political beliefs, it's to not lot them interfere with your work.
There is a HUGE difference there. It's the difference between being a lying asshole and someone who is honest.
It amazes me that people have such twisted views about when it's okay to have political beliefs. Who told you to think this way?
Here are the references from Applied Cryptography (ISBN 0471117099):
R.J. Anderson and T.M.A. Lomas, "Fortifying Key Negotiating Schemes with Poorly Chosen Passwords," Electronics Letters, v. 30, n. 12, 23 Jun 1994, pp. 1040-1041.
T.M.A. Lomas, "Collision-Freedom, Considered Harmful, or How to Boot a Computer," Proceedings of the 1995 Korea-Japan Workshop on Information Security and cryptography, Inuyama, Japan, 24-26 Jan 1995, pp 35-42
You're really resotring to an emotional argument about what capitialist would or would not do.
Copyright represents an artificial market barrier. Although you claim such-and-such is not a capitalist's view of copyright, in TRUE capitalism, copyright simply wouldn't even exist.
Regardless of the reasons it was initially implemented, you have to look at why it's been successful. Information is still not free, and it's still necessary to reproduce work done by corporations who won't share. There has to be something else to it.
This does not make sense. As I said: "Stallman's open source is about the freedom of information, and not unnecessarily reproducing work due to a gov't granted monopoly."
You claim that it's not, but you don't really provide any support. Sure everything is not open source, but that does not change the ideology of open source.
Technically, Mr. Gates is right. The whole Open Source idea is a communist idea, not in terms of Soviet Russia (where software owns you) but in terms of a community of workers all banding together to produce their own labor, instead of selling themselves to the capitalists.
No, it's really not.
There's nothing about Stallman's idea that demand we all have equal ownership of anything or a state-controlled economy.
Even if a law was passed tomorrow that said all new software must be created under the GPL, the result would not be the end of programming as a means of gainful employment in a capitalist society.
Software producers would simply switch over to a bounty system. Organizations would be sponsored by groups with similar needs to fund the creation of mutually beneficial software.
In some ways it would actually be more like capitalism because the amount of money a software producer makes would be tied more towards quantity and quality of code produced rather than number of near-zero-incremental-cost boxes shipped. (In pure competition, all producers make zero economic profit.)
It's important to remember that copyright is not a fundamental part of capitalism.
Seriously, folks, the current situation of Linux v. Microsoft is exactly what Marx and Engels were talking about.
While it may seem like that's true at first glance, if you try and delve into the ideals in any depth, that's just not the case. Stallman's open source is about the freedom of information, and not unnecessarily reproducing work due to a gov't granted monopoly.
Non-cooperation and gov't granted monopolies just aren't fundamental tenets of capitalism.
Umm... if this was required by law for ISPs to implement, which is the only way this would be dangerous at all, then why wouldn the law award jack shit in a "huge lawsuit" for "mucking" with SSL root certificates?
Like how selling cigarettes is legal? ...not like tobacco companies have ever had to pay any money for their "legal" actions.
If you happen to solve the man in the middle problem without third parties, don't post it here, write it in a journal and win the Turing award.
I can't claim to have solved it myself, but I am at least clueful enough to know there there is a "solution".
Anyways, it's ridiculous to believe that the gov't could prevent you from getting a single key for your trusted third party, assuming you're even slightly clever. As I said in another post, just publish it in the NYT. It's going to be pretty damned obvious if they mess with it.
Rest assured that the NSA is already doing this en masse for suspected terrorist (and other ?) activities.
Can you back this up? Somehow I doubt it.
Crime prevention rarely take into account revenue streams of individual companies.
But those compaines themselves do, and they will very often employ lots of lawyers and lobbyists.
All the **AA has to do is to sponsor legislation that will make copyright infringement a federal offense, and noone will think twice about SSL-mitm-attacks by the ISP.
There's gotta be at least five things wrong with that sentance....
Yeah, as long as you're not connected to a switch, you're secure.
The hardware doesn't matter, it's all a matter of who signs who's keys and where you get that information. All you need is one key that you know hasn't been mucked with. If you're going to get really paranoid just publish a copy of that key in the New York Times.
There even exist techniques that make a MITM attack very difficult without even requiring a trusted third party. Do a seach on "fortified key negotiation".
To be secure this requires the server to provide a certificate signed by a trusted third party (like Versign et al as you said). However setting this kind of protocol in a P2P system will requires every potential user to get a certificate from a truted authority.
Nope, you just need a single server to have a proper verisign key, and then you can trust it to sign other keys. In reality, you'd probably want a dozen or so servers located in various countries and employing secret sharing.
he certificates will probably carry identify information (for instance Thawte free certificate are based on verified email address), so ZZAA will just have to hook a computer to a P2P network, try to download the lastest hype movie/tune/whatever and will get a nice list of potential victims.
Instead of saying "I'm Alice", you would say "I'm 132.123.123.123" and give the session key a short time to expire. So yes, they'd get your IP and maybe your system clock, but your ISP already has that.
sure it would, that is the whole point behind the man-in-the-middle attack.
Actually, no it wouldn't work. Not for a well-designed system anyways. As long as the initial download of the app occurs via an SSL connection, you can send as many public keys with the app as you choose.
However, this requires central registration and management of keys, something which is unlikely to be palatable to P2P users for obvious reasons and thus the man-in-the-middle problem will persist when computing session keys for encryption on P2P networks.
Trent already exists in the form of Verisign, et al and any ISP mucking around with SSL root certificates is just asking for a huge lawsuit. Not only would that create a huge potential for online fraud, but it would also directly threaten Verisign's revenue stream. And it would also violate a myriad of computer crime laws. Just as your trasfer to an encrypted connection with amazon.com is seamless and easy, so may it be on p2p.
A really clever approach to something like this would take advantage of techniques like "secret sharing" so that the comprimise of a single server, or even serveral servers would not cause the system to fail. Then the servers would be placed in various countries throughtout the world to make any sort of legal attack on the system ridiculously expensive.
Perhaps I'm too sleepy to think (I'm too sleepy to read the article), but precisely what is the difference? A password is a string you know, a passphrase is a string you know. One is probably longer than the other, big deal.
There IS no worthwhile difference.
One may be longer than the other, but the longer the passwhatever is, the more likely I am to use dictionary words.
The REAL solution is to use passwords properly, and to protect anything else with strong encryption.
When is it safe to use passwords?
When you are sure you can limit the number of attempts.
If you are not sure you can do this, you should be using one of the myriad of cryptographically secure protocols are developed and in use by people who actually care and have devoted their lives to studying this sort of thing.
THIS MEANS USING A KEY THAT IS NOT MADE UP OF DICTIONARY WORDS! (And is long enough to be considered secure.)
The password vy6d89jt is going to take, on avereage.5 * 36^8 or 1,410,554,953,728 guesses.
The passphrase ethernetwarriormagical is going to use words from probably the 10,000 most common dictionary words so it's going to take on average.5*10000^3 = 500,000,000,000 guesses.
So while you think you're more secure by requiring your employees to type an extra 14 characters, you're acutally just wasting time and are actually LESS SECURE than before.
Now the real killer is that my analysis of the "passphrase" used something that didn't totally follow the rules of english syntax. Using an actual senctance is going to be even worse because an attacker is only going to have to check for sentenaces that make sense.
There are, however, certain key combinations that don't play full chords. I'm not sure if it's the internal keyboard matrix decoding or the microcontroller's firmware.
AFAIK, (PS/2) PC keyboards are limited to something like three or four simultaneuos key presses. As you suspect, it must have something to with the keyboard matrix, the interface spec, or both.
I have experienced a similar effect with various MIDI sequencing packages, using a PC keyboard as the controller, so I would say you can rule out your firmware.
So what exactly do you attribute the tendency for such fucking obvious patents sliding through? I'd guess bribes if I didn't believe that you should never attribute to malice what can be adequately explained by stupidity...
Are there you hit on the problem: The fundamental idea behind the USPTO just doesn't work anymore.
It is silly to believe that a single organization can understand every technology on the planet.
IMO, the solution to this is admit that the USPTO has turned into a registry of "I invented this, on this date". Then, there is not automatic presumption of validity and a defendant does not have an uphill battle in court. Then you remove much of the incentive for trying to sneak frivilous patents through.
I'm probably going to get modded into oblivion for saying this.... But why don't people just not read dupes?
That would imply that they read the articles in the first place.
I mean, it's not really hurting you that it's there...and some of us didn't see the first one, but see the second one. It just doesn't seem worth complaining over.
What sucks is that it:
Wastes people's time
Hurts slashdot's credibility
Between the constant misspellings and duplicate articles, it hurts slashdot finanacially because some people (like me) are a lot less likely to subscribe. If this was just a small venture being run out of somebody's basement, I certainly wouldn't say anything, but for a publicly-traded company I think it hurts their image.
Don't get me wrong, I think slashdot, sourcefourge, etc are all great things, but it hurts to see your friend hitting himself repeatedly with a brick. You want him to stop, so you say "Hey! Stop that!"
It's not that I'm anti-slashdot, I'm just anti-slashdot hitting itself in the face with a brick. It makes you ugly and unattractive to newcomers.
If you're posting details about your "paranoid" security mechanisms, you're not really paranoid.
I know you're joking but...
Posting them to slashdot is a lot cheaper than hiring an expert to point out all the holes he missed. We'll tell him what's wrong with his system in exchange for "karma" and it doesn't cost him anything.
Overkill implies that he was actually secure. Mounting an encrypted disk on a system that uses a swap file is just not secure.
The simple solution (for personal computers) is removeable media like a external USB harddrive. Connect it to your PC when you need to access sensitive information. Yes this dosent help if your system is all ready compromised, but if this has all ready happened chances are your fucked either way.
A MUCH better solution is to use something like Knoppix with its encrypted home drive option. You have NO swap file, and it's harder to hack than just booting from a CD and installing a keylogger.
really if you have information that is this important, why the hell are you connecting that machine to the internet anyways.
Gee... maybe becuase he needs to use that information while he's on the internet?
Your online banking password does you a fat lot of good it you can get online to use it.
Security is about resonable tradeoffs. Yes you want to be secure, but not at the expense of not being able to get anything done.
Windows will leave temp files all over the place and your pagefile could have any data that was kept in RAM. The superparanoid run Linux w/ an encrypted root partition and Windows inside a VM from an encrypted disk image.
Amazingly, this is the first post I've noticed that points out this obovious flaw.
256 bit AES is silly if those encrypted files are being read normally on a computer with an unencrypted swap file.
It's like going out, buying the most expensive lock you can get, and putting it on a cardboard box.
Why would you want to block parts of a software radio project? Are you one of those fools that believes in security through obscurity?
I can't tell whether you're being sarcastic or if you misunderstood what I was saying. The current set of FCC rules blocks certain aspects of the GNU radio project, and I think it sucks.
Up until about 10 years ago, it was legal to build a "dc to daylight" receiver and listen to anything you could hear. Now it is illegal to sell a receiver that can receive the analog cellular phone bands. AND there is a requirement the it be difficult to modify, so ifdef=in_us is out.
This is exactly what is meant by security through obscurity. It should be the responsibility of those transmitting over the public airwaves to keep their private communications secret.
I don't want to do it, it's what the gov't is already doing.
Here's the same statement again, formatted more clearly:
A GOOD FCC chairman would fix problems with stupid regulations that:
give analog cellphone users a false sense of security
block open source 802.11x drivers
pretty much make parts of the GNU radio project illegal.
How the heck do you think you could/would accomplish it?
The current FCC rules make easily-hackable, broadband receivers illegal. In essence you can only sell a broadband, software defined radios if the software cannot be modified by the end user.
He has done a surprisingly good job of staying moderate in terms of amount of regulation.
Moderate in terms of record breaking politcally motivated fines, or moderate in terms of expaning the FCC's power beyond it's legal mandate into the forced implementation of the "broadcast flag"?
As an electrical engineer curretly involved in RF related work I think it's bullshit that the guy in charge of regulating the electromagnetic spectrum knows pretty much fuck-all about it.
A GOOD FCC chairman would fix problems with stupid regulations that give analog cellphone users a false sense of security, block open source 802.11x drivers, and pretty much make parts of the GNU radio project illegal. He would be something more than a total corporate puppet, and place the public interest above that of whichever corporation is currently lobbying him.
For example, this means that Clearchannel would not be able to put reaters on stations that I can't start a low power FM station on.
MPAA maybe, but most members of the RIAA just "lend" the artist the money to create and promote their work and then collect it back after they sell records.... If the artist doesn't the artist owes.
No, it's worse than that. The money is used for advertising and production.
The actual MUSIC has already been written. It's not as if they give these artists one year's living expenses to write an album.
The "great" thing is, since all the advertising gets paid for by the artist, they can advertise as much as they want and it doesn't come out of their cut. Given that advertising is always going to increase their sales, economics dictates that they're going to spend the artist's money until the artist makes exactly nothing.
"There are, however, quite a number that do have "correct" answers if you are willing to postulate that the commercial interests of a small number of people should not be more important than the good of the community."
There are a number of people who do not follow that view.
Which says nothing about its validity. How many of those people who don't ascribe to that view do so out of simple greed?
There is not a centralized media system in the US. That is such a bogus statement. There are now, at this time, more viewpoints, more sources of raw information, and more sources of opinions than at any time in US history.
Close, but not quite. It doesnt have to actively made available - pushed - to voters. It has to be *available* for seeking. Everything a voter needs to make an informed choice is available.
This too is a very naive viewpoint. Were the Pentagon Papers, availible for the seeking?
No, it took an ACTIVE press, fighting all the way up to the supreme court, in order for that information to see the light of day.
Its not really possible to capture video off of DVI at the moment (DVI is basically uncompressed video - 180MB/s)
Then how the hell does it get displayed!
If the electronics exist to decode the signal, it CAN be captured, it's just a matter of difficulty. It's quite possible to say, capture every Nth bit via a simple shift register, and dump that data simultaneously to 20 regular hard disks. Now you're only writing at 9MB/s.
At this point you can store an hour of full-bitrate video, process it however you want, or even play it back at full speed using another simple shift register.
Somebody really could make all this happen inside a single, sub-$1000 FPGA.
There is no reason that democracy and capitalism go together.
It has been demonstrated, in many different countries, that Capitalism and Totalitarianism/Fascism/Monarchies can go hand in hand.
And I would say that the OPPOSITE has been demonstrated.
Capitalism invariably leads to a dillution of power, end runs around the existing systems and eventually, the dictator looses power because a group of wealthy businessmen wish it to be so.
If the majority in a democracy vote for a communst-style economic plan, why is this less feasible than creating laws to respect capitalistic rights?
Because you're not taking into account that it takes what is essentially a totalitarian state to enforce communism.
If doesn't matter WHAT people vote for unless it's actually going to be enforced, and if true communism is going to be enforced it means an envionment that is antithetical to democracy. It's not very democratic for the gov't to control all the newspapers, for example.
All these "But communism could really work" discussions always try to divorce themselves from the REALITY associated with implementing communist ideals. There is a REASON that all the major experiments in communism have failed, but rather than learn from those experiences and develop a better idea, many people just say "yeah, but they didn't do it right."
They didn't do it right because the concept is fundamentally unworkable. I submit that's it's simply not possible to do it right in the same way that balancing a pin on top of another pin just is not going to happen. It's a fundametally unstable system, just asking for disaster.
By taking all the capital (power) out of the hands of people and placing it under control of the gov't, the people themselves can do all of jack shit to make the gov't listen to them.
When you concentrate all the economic and politcal power in the hands of one organization, you're really just giving that organization carte blanche to do whatever they want.
It doesn't matter what their orignal mandate is because there's no one else powerful enough to make them follow it. They can even control the media to the extent that many aren't even aware their mandate isn't being followed.
but there has yet to be a true communist state. there have been plenty of totalitarian ones, however.
Some might say there's a reason for that...
the pre-conditions for communism to arise are not met. there is not a surplus of necessities. we simply can not feed/cloth/house everyone.
First, we do produce enough food to feed everyone, it just doesn't get distributed. Second I don't see how "a surplus of everything" is a necessary precondition for communism.
scarcity still exists, and as such, communism is an inefficient economic system.
Communism is an inefficent system in the same way tha capitalism is. They both are great at managing certain things, but fall totally by the wayside with others.
and thats another point - communism is an economic system, not political.
It's *really* nieve to think that you can divorce the two. Money is power and politcal postion is power. They will ALWAYS influence each other. Any system that cannot cope with this fact is hopelessly broken.
That's not a backup - that's a userland implementation of RAID 1 with very high latency.
I make daily differential backups (via AMANDA) to a rotating set of 12 tapes. If I accidentally delete/etc/shadow or some other important file, I have nearly two weeks to discover the problem and restore a previous version from tape. Your idea gives you, oh, until about the time that rsync discovers the missing file and dutifully nukes it from your "backup" drive.
Read his post again. He doesn't leave the drive plugged in.
If he had 12 hard disks, he too would have "nearly two weeks" to discover the problem.
Forgive me replying to myself, but I hadn't realized that the subject of this article was talking about searching for TEXT with images. I must admit that's a harder problem.
My method really only encompasses searching for images with images. You could add text by searching through ALT tags, and processing the text on a page which contains a given image.
A lot of pages with a picture of the eiffel tower would have the word "Paris" on them, for example.
Slashdot Mirror
John Stewart, while very funny, definatly wears his politics on his shoulder. Stewart speaks his mind and has openly supported one political party over the other. The CBS anchor job requires a neutral position,
That's silly.
Everone has their biases, it's just about having integrity and doing you job right.
Dan Rather was actually good at hiding his political beliefs, I doubt Stewart could be as successful.
The point is not to hide that fact that you have political beliefs, it's to not lot them interfere with your work.
There is a HUGE difference there. It's the difference between being a lying asshole and someone who is honest.
It amazes me that people have such twisted views about when it's okay to have political beliefs. Who told you to think this way?
Here is an example of fortified key negotiation in use (a little sparse on details though).
Here are the references from Applied Cryptography (ISBN 0471117099):
R.J. Anderson and T.M.A. Lomas, "Fortifying Key Negotiating Schemes with Poorly Chosen Passwords," Electronics Letters, v. 30, n. 12, 23 Jun 1994, pp. 1040-1041.
T.M.A. Lomas, "Collision-Freedom, Considered Harmful, or How to Boot a Computer," Proceedings of the 1995 Korea-Japan Workshop on Information Security and cryptography, Inuyama, Japan, 24-26 Jan 1995, pp 35-42
You're really resotring to an emotional argument about what capitialist would or would not do.
Copyright represents an artificial market barrier. Although you claim such-and-such is not a capitalist's view of copyright, in TRUE capitalism, copyright simply wouldn't even exist.
Regardless of the reasons it was initially implemented, you have to look at why it's been successful. Information is still not free, and it's still necessary to reproduce work done by corporations who won't share. There has to be something else to it.
This does not make sense. As I said: "Stallman's open source is about the freedom of information, and not unnecessarily reproducing work due to a gov't granted monopoly."
You claim that it's not, but you don't really provide any support. Sure everything is not open source, but that does not change the ideology of open source.
Technically, Mr. Gates is right. The whole Open Source idea is a communist idea, not in terms of Soviet Russia (where software owns you) but in terms of a community of workers all banding together to produce their own labor, instead of selling themselves to the capitalists.
No, it's really not.
There's nothing about Stallman's idea that demand we all have equal ownership of anything or a state-controlled economy.
Even if a law was passed tomorrow that said all new software must be created under the GPL, the result would not be the end of programming as a means of gainful employment in a capitalist society.
Software producers would simply switch over to a bounty system. Organizations would be sponsored by groups with similar needs to fund the creation of mutually beneficial software.
In some ways it would actually be more like capitalism because the amount of money a software producer makes would be tied more towards quantity and quality of code produced rather than number of near-zero-incremental-cost boxes shipped. (In pure competition, all producers make zero economic profit.)
It's important to remember that copyright is not a fundamental part of capitalism.
Seriously, folks, the current situation of Linux v. Microsoft is exactly what Marx and Engels were talking about.
While it may seem like that's true at first glance, if you try and delve into the ideals in any depth, that's just not the case.
Stallman's open source is about the freedom of information, and not unnecessarily reproducing work due to a gov't granted monopoly.
Non-cooperation and gov't granted monopolies just aren't fundamental tenets of capitalism.
Umm... if this was required by law for ISPs to implement, which is the only way this would be dangerous at all, then why wouldn the law award jack shit in a "huge lawsuit" for "mucking" with SSL root certificates?
...not like tobacco companies have ever had to pay any money for their "legal" actions.
Like how selling cigarettes is legal?
If you happen to solve the man in the middle problem without third parties, don't post it here, write it in a journal and win the Turing award.
I can't claim to have solved it myself, but I am at least clueful enough to know there there is a "solution".
Anyways, it's ridiculous to believe that the gov't could prevent you from getting a single key for your trusted third party, assuming you're even slightly clever. As I said in another post, just publish it in the NYT. It's going to be pretty damned obvious if they mess with it.
Rest assured that the NSA is already doing this en masse for suspected terrorist (and other ?) activities.
Can you back this up? Somehow I doubt it.
Crime prevention rarely take into account revenue streams of individual companies.
But those compaines themselves do, and they will very often employ lots of lawyers and lobbyists.
All the **AA has to do is to sponsor legislation that will make copyright infringement a federal offense, and noone will think twice about SSL-mitm-attacks by the ISP.
There's gotta be at least five things wrong with that sentance....
Yeah, as long as you're not connected to a switch, you're secure.
The hardware doesn't matter, it's all a matter of who signs who's keys and where you get that information. All you need is one key that you know hasn't been mucked with. If you're going to get really paranoid just publish a copy of that key in the New York Times.
There even exist techniques that make a MITM attack very difficult without even requiring a trusted third party. Do a seach on "fortified key negotiation".
To be secure this requires the server to provide a certificate signed by a trusted third party (like Versign et al as you said). However setting this kind of protocol in a P2P system will requires every potential user to get a certificate from a truted authority.
Nope, you just need a single server to have a proper verisign key, and then you can trust it to sign other keys. In reality, you'd probably want a dozen or so servers located in various countries and employing secret sharing.
he certificates will probably carry identify information (for instance Thawte free certificate are based on verified email address), so ZZAA will just have to hook a computer to a P2P network, try to download the lastest hype movie/tune/whatever and will get a nice list of potential victims.
Instead of saying "I'm Alice", you would say "I'm 132.123.123.123" and give the session key a short time to expire. So yes, they'd get your IP and maybe your system clock, but your ISP already has that.
"This wouldn't work with public key encryption."
sure it would, that is the whole point behind the man-in-the-middle attack.
Actually, no it wouldn't work. Not for a well-designed system anyways. As long as the initial download of the app occurs via an SSL connection, you can send as many public keys with the app as you choose.
However, this requires central registration and management of keys, something which is unlikely to be palatable to P2P users for obvious reasons and thus the man-in-the-middle problem will persist when computing session keys for encryption on P2P networks.
Trent already exists in the form of Verisign, et al and any ISP mucking around with SSL root certificates is just asking for a huge lawsuit. Not only would that create a huge potential for online fraud, but it would also directly threaten Verisign's revenue stream. And it would also violate a myriad of computer crime laws. Just as your trasfer to an encrypted connection with amazon.com is seamless and easy, so may it be on p2p.
A really clever approach to something like this would take advantage of techniques like "secret sharing" so that the comprimise of a single server, or even serveral servers would not cause the system to fail. Then the servers would be placed in various countries throughtout the world to make any sort of legal attack on the system ridiculously expensive.
Perhaps I'm too sleepy to think (I'm too sleepy to read the article), but precisely what is the difference?
.5 * 36^8 or 1,410,554,953,728 guesses.
.5*10000^3 = 500,000,000,000 guesses.
A password is a string you know, a passphrase is a string you know.
One is probably longer than the other, big deal.
There IS no worthwhile difference.
One may be longer than the other, but the longer the passwhatever is, the more likely I am to use dictionary words.
The REAL solution is to use passwords properly, and to protect anything else with strong encryption.
When is it safe to use passwords?
When you are sure you can limit the number of attempts.
If you are not sure you can do this, you should be using one of the myriad of cryptographically secure protocols are developed and in use by people who actually care and have devoted their lives to studying this sort of thing.
THIS MEANS USING A KEY THAT IS NOT MADE UP OF DICTIONARY WORDS! (And is long enough to be considered secure.)
The password vy6d89jt is going to take, on avereage
The passphrase ethernetwarriormagical is going to use words from probably the 10,000 most common dictionary words so it's going to take on average
So while you think you're more secure by requiring your employees to type an extra 14 characters, you're acutally just wasting time and are actually LESS SECURE than before.
Now the real killer is that my analysis of the "passphrase" used something that didn't totally follow the rules of english syntax. Using an actual senctance is going to be even worse because an attacker is only going to have to check for sentenaces that make sense.
There are, however, certain key combinations that don't play full chords. I'm not sure if it's the internal keyboard matrix decoding or the microcontroller's firmware.
AFAIK, (PS/2) PC keyboards are limited to something like three or four simultaneuos key presses. As you suspect, it must have something to with the keyboard matrix, the interface spec, or both.
I have experienced a similar effect with various MIDI sequencing packages, using a PC keyboard as the controller, so I would say you can rule out your firmware.
So what exactly do you attribute the tendency for such fucking obvious patents sliding through? I'd guess bribes if I didn't believe that you should never attribute to malice what can be adequately explained by stupidity...
Are there you hit on the problem:
The fundamental idea behind the USPTO just doesn't work anymore.
It is silly to believe that a single organization can understand every technology on the planet.
Sure, they have people who are SUPPOSED to investigate these things, but it's easy to take a simple, obvious idea and write it up in such a convoluted way that someone won't even realize that a "circular transportation device" is actually a wheel.
IMO, the solution to this is admit that the USPTO has turned into a registry of "I invented this, on this date". Then, there is not automatic presumption of validity and a defendant does not have an uphill battle in court. Then you remove much of the incentive for trying to sneak frivilous patents through.
That would imply that they read the articles in the first place.
I mean, it's not really hurting you that it's there...and some of us didn't see the first one, but see the second one. It just doesn't seem worth complaining over.
What sucks is that it:
Don't get me wrong, I think slashdot, sourcefourge, etc are all great things, but it hurts to see your friend hitting himself repeatedly with a brick. You want him to stop, so you say "Hey! Stop that!"
It's not that I'm anti-slashdot, I'm just anti-slashdot hitting itself in the face with a brick. It makes you ugly and unattractive to newcomers.
If you're posting details about your "paranoid" security mechanisms, you're not really paranoid.
I know you're joking but...
Posting them to slashdot is a lot cheaper than hiring an expert to point out all the holes he missed. We'll tell him what's wrong with his system in exchange for "karma" and it doesn't cost him anything.
What the author did was serious overkill.
Overkill implies that he was actually secure. Mounting an encrypted disk on a system that uses a swap file is just not secure.
The simple solution (for personal computers) is removeable media like a external USB harddrive. Connect it to your PC when you need to access sensitive information. Yes this dosent help if your system is all ready compromised, but if this has all ready happened chances are your fucked either way.
A MUCH better solution is to use something like Knoppix with its encrypted home drive option. You have NO swap file, and it's harder to hack than just booting from a CD and installing a keylogger.
really if you have information that is this important, why the hell are you connecting that machine to the internet anyways.
Gee... maybe becuase he needs to use that information while he's on the internet?
Your online banking password does you a fat lot of good it you can get online to use it.
Security is about resonable tradeoffs. Yes you want to be secure, but not at the expense of not being able to get anything done.
Windows will leave temp files all over the place and your pagefile could have any data that was kept in RAM. The superparanoid run Linux w/ an encrypted root partition and Windows inside a VM from an encrypted disk image.
Amazingly, this is the first post I've noticed that points out this obovious flaw.
256 bit AES is silly if those encrypted files are being read normally on a computer with an unencrypted swap file.
It's like going out, buying the most expensive lock you can get, and putting it on a cardboard box.
Why would you want to block parts of a software radio project? Are you one of those fools that believes in security through obscurity?
I can't tell whether you're being sarcastic or if you misunderstood what I was saying. The current set of FCC rules blocks certain aspects of the GNU radio project, and I think it sucks.
Up until about 10 years ago, it was legal to build a "dc to daylight" receiver and listen to anything you could hear. Now it is illegal to sell a receiver that can receive the analog cellular phone bands. AND there is a requirement the it be difficult to modify, so ifdef=in_us is out.
This is exactly what is meant by security through obscurity. It should be the responsibility of those transmitting over the public airwaves to keep their private communications secret.
I don't want to do it, it's what the gov't is already doing.
Here's the same statement again, formatted more clearly:
A GOOD FCC chairman would fix problems with stupid regulations that:
How the heck do you think you could/would accomplish it?
The current FCC rules make easily-hackable, broadband receivers illegal. In essence you can only sell a broadband, software defined radios if the software cannot be modified by the end user.
He has done a surprisingly good job of staying moderate in terms of amount of regulation.
Moderate in terms of record breaking politcally motivated fines, or moderate in terms of expaning the FCC's power beyond it's legal mandate into the forced implementation of the "broadcast flag"?
As an electrical engineer curretly involved in RF related work I think it's bullshit that the guy in charge of regulating the electromagnetic spectrum knows pretty much fuck-all about it.
A GOOD FCC chairman would fix problems with stupid regulations that give analog cellphone users a false sense of security, block open source 802.11x drivers, and pretty much make parts of the GNU radio project illegal. He would be something more than a total corporate puppet, and place the public interest above that of whichever corporation is currently lobbying him.
For example, this means that Clearchannel would not be able to put reaters on stations that I can't start a low power FM station on.
MPAA maybe, but most members of the RIAA just "lend" the artist the money to create and promote their work and then collect it back after they sell records.... If the artist doesn't the artist owes.
No, it's worse than that. The money is used for advertising and production.
The actual MUSIC has already been written. It's not as if they give these artists one year's living expenses to write an album.
The "great" thing is, since all the advertising gets paid for by the artist, they can advertise as much as they want and it doesn't come out of their cut. Given that advertising is always going to increase their sales, economics dictates that they're going to spend the artist's money until the artist makes exactly nothing.
"There are, however, quite a number that do have "correct" answers if you are willing to postulate that the commercial interests of a small number of people should not be more important than the good of the community."
There are a number of people who do not follow that view.
Which says nothing about its validity. How many of those people who don't ascribe to that view do so out of simple greed?
There is not a centralized media system in the US. That is such a bogus statement. There are now, at this time, more viewpoints, more sources of raw information, and more sources of opinions than at any time in US history.
That's a really ignorant thing to say. When you have the founder of frickin CNN, Ted Turner, complaining that even he, with his vast resources would be unable to start another CNN-like network if he wanted to, due to media conolidation, it's just plain silly to claim that things are better than ever.
Close, but not quite. It doesnt have to actively made available - pushed - to voters. It has to be *available* for seeking. Everything a voter needs to make an informed choice is available.
This too is a very naive viewpoint.
Were the Pentagon Papers, availible for the seeking?
No, it took an ACTIVE press, fighting all the way up to the supreme court, in order for that information to see the light of day.
Its not really possible to capture video off of DVI at the moment (DVI is basically uncompressed video - 180MB/s)
Then how the hell does it get displayed!
If the electronics exist to decode the signal, it CAN be captured, it's just a matter of difficulty.
It's quite possible to say, capture every Nth bit via a simple shift register, and dump that data simultaneously to 20 regular hard disks. Now you're only writing at 9MB/s.
At this point you can store an hour of full-bitrate video, process it however you want, or even play it back at full speed using another simple shift register.
Somebody really could make all this happen inside a single, sub-$1000 FPGA.
There is no reason that democracy and capitalism go together.
It has been demonstrated, in many different countries, that Capitalism and Totalitarianism/Fascism/Monarchies can go hand in hand.
And I would say that the OPPOSITE has been demonstrated.
Capitalism invariably leads to a dillution of power, end runs around the existing systems and eventually, the dictator looses power because a group of wealthy businessmen wish it to be so.
If the majority in a democracy vote for a communst-style economic plan, why is this less feasible than creating laws to respect capitalistic rights?
Because you're not taking into account that it takes what is essentially a totalitarian state to enforce communism.
If doesn't matter WHAT people vote for unless it's actually going to be enforced, and if true communism is going to be enforced it means an envionment that is antithetical to democracy.
It's not very democratic for the gov't to control all the newspapers, for example.
All these "But communism could really work" discussions always try to divorce themselves from the REALITY associated with implementing communist ideals. There is a REASON that all the major experiments in communism have failed, but rather than learn from those experiences and develop a better idea, many people just say "yeah, but they didn't do it right."
They didn't do it right because the concept is fundamentally unworkable. I submit that's it's simply not possible to do it right in the same way that balancing a pin on top of another pin just is not going to happen. It's a fundametally unstable system, just asking for disaster.
By taking all the capital (power) out of the hands of people and placing it under control of the gov't, the people themselves can do all of jack shit to make the gov't listen to them.
When you concentrate all the economic and politcal power in the hands of one organization, you're really just giving that organization carte blanche to do whatever they want.
It doesn't matter what their orignal mandate is because there's no one else powerful enough to make them follow it. They can even control the media to the extent that many aren't even aware their mandate isn't being followed.
but there has yet to be a true communist state. there have been plenty of totalitarian ones, however.
Some might say there's a reason for that...
the pre-conditions for communism to arise are not met. there is not a surplus of necessities. we simply can not feed/cloth/house everyone.
First, we do produce enough food to feed everyone, it just doesn't get distributed. Second I don't see how "a surplus of everything" is a necessary precondition for communism.
scarcity still exists, and as such, communism is an inefficient economic system.
Communism is an inefficent system in the same way tha capitalism is. They both are great at managing certain things, but fall totally by the wayside with others.
and thats another point - communism is an economic system, not political.
It's *really* nieve to think that you can divorce the two. Money is power and politcal postion is power. They will ALWAYS influence each other. Any system that cannot cope with this fact is hopelessly broken.
That's not a backup - that's a userland implementation of RAID 1 with very high latency. I make daily differential backups (via AMANDA) to a rotating set of 12 tapes. If I accidentally delete /etc/shadow or some other important file, I have nearly two weeks to discover the problem and restore a previous version from tape. Your idea gives you, oh, until about the time that rsync discovers the missing file and dutifully nukes it from your "backup" drive.
Read his post again. He doesn't leave the drive plugged in.
If he had 12 hard disks, he too would have "nearly two weeks" to discover the problem.
Forgive me replying to myself, but I hadn't realized that the subject of this article was talking about searching for TEXT with images. I must admit that's a harder problem.
My method really only encompasses searching for images with images. You could add text by searching through ALT tags, and processing the text on a page which contains a given image.
A lot of pages with a picture of the eiffel tower would have the word "Paris" on them, for example.