I don't agree that it was nothing of consequence. He was able to enter, without breaking in, a facility considered secret. He deomnstrated that the level of security that was claimed didn't exist, and that it may well be possible for someone so minded to wreak havoc at the facility.
You're right, he did break the law. There's probably a reasonable argument to prosecute him for it. But he also brought to light an important failure in the security of an important research facility, and it's a good thing it came to light in such a harmless fashion. That's a paradox of a free society. The reporter broke the law demonstrating a larger failure to carry out a duty of care.
Watch. He will be prosecuted, and any journalists that try to make a fuss about it will be shown the secure facilities and then be reminded that trying to break into a government facility is a bad idea, regardless. The reporter will be shown to be the fool that he is.
Why is he a fool? And why does letting reporters know it's a "bad idea" help? Surely we're not concerned about polite, largely innocuous journalists breaking in. They have something to lose, and can always be shown the Big Stick afterwards to make them promise not to do it again. But so what? It's the people who are aiming to cause disruption in the name of a cause -- and are willing to die for it -- that we're worried about.
You're much more the fool to mix up the process of keeping honest people honest, than the reporter is to demonstrate what a person intent on harm may be able to do.
The checks and balances of a free society include a free media. Ask the military, the state, governments, your next door neighbour or whoever else to regulate themselves, and your naivete will eventually come back to bite you.
"I appreciate the fact that it can be frustrating to hear people abuse language in discussing topics close to your heart, but subtlety is a virtue if you don't want to inspire enmity in everybody you meet."
Good point, well put. It matters if the person across the table thinks you're a nut, and it's short-sighted to the point of being infantile to think that deliberately being a prick to that person is the quickest, surest or most complete route to your goal. Unless your goal is to be thought a prick.
The whole point is that the odds don't stay slim. "Orbital cascade", as mentioned in other posts in this thread. One big bit becomes many smaller bits, those smaller bits might each render another satellite/astronaut/flying saucer into lots more small bits, and so on. Something you can only hope to avoid, since there's no great way of clearing it up once the problem becomes serious.
If it were as simple as "the computer is no better at chess than those who programmed it" well then those folk be better than Kasparov. I'm guessing even that whole Deep Jr. team might not be so convincing playing (collectively) as humans against Kasparov.
What do you think of as a practical application, by the way? (Serious question)
There are any number of situations where it might be appropriate to exchange some performance for increased data security. Just because you can't imagine them, doesn't mean they don't exist.
Japan plans to spend about 1 billion yen (US$8.3 million)... working on the open-source Linux operating system for consumer electronics goods...
That might be a useful amount. Separately:
Tokyo has already budgeted 50 million yen (US$416,000) for next fiscal year to study the possibility of switching government computers to an open-source operating system.
So that's $8.3M for working on embedded Linux, and $416K for a study into looking at moving government computers to using Linux. "Government computers" is kind of a broad brush. Anyone know if that's servers, desktops, or really is just a general look?
Nice. Just downloaded the emulator etc. from that link. Parsec on my 24" Sony monitor. Now I can waste my evenings exactly how I wasted them 20 years ago!
There I go, getting all excited that the classic TI99/4a sideways scrolling shoot-em up is going to made open source. So I'd have a chance to see the workings of one the games that perverted my early development. Alas it's some fancy-schmancy 3D number. New fangled nonsense...
Governments probably do not encrypt sensitive data based on public key cryptography. There is a rumor that the NSA was aware of public key cryptography before RSA invented it, but that they didn't know what to do with it.
Public key algorithms are used for signing documents. According to the German signature law, 1024 bit signatures that meet some additional requirements are considered equivalent to physical signatures. (minimum recommended len for keys valid up to 2005). Thus it is important if intelligence agencies can break 1024 bit RSA keys.
You're right: that is interesting, and it's certainly something of which I wasn't aware. Though it suggests that 2005 is probably a sensible time frame to be retiring the 1024-bit keys. Probably unlikely that $10M will become $10 and 1 year will become 10 minutes that soon.
That's not the point I was addressing. I was suggesting that for the average user (even the average corporate user) this shouldn't be cause for sudden panic. Many people seem concerned that the NSA *is* after Grandma's recipe for secret sauce.
Governments may well not encrypt large chunks of hyper-sensitive data with 1024-bit RSA. Given that "the rest of us" can fairly trivially encrypt using RSA with 4096-bit or larger keys, it'd be a surprise if this were the weak point in a typical government's communications. (If it's a very poor country with miserable IT resources, I bet there's a good chance it's amenable to all sorts of other forms of intelligence gathering, too.)
As always, the tinfoil hat crowd will point out that a machine with such capabilities may already have been constructed and be in use. The NSA, perhaps. And they might be right.
Let's say the NSA has one. Let's say it's actually really good and 100x faster than the system proposed by Shamir and Tromer. That means it can plough through 100 1024-bit RSA keys per year. There are about 280 million people in the US (give or take). Let's say 0.3% of them encrypt using 1024-bit RSA (or below). That gives us about a million people. Let's say each one of those only has a single piece of important data. That's a million pieces of data, and you can crack a hundred of them. Be afraid?
It might be useful if you can (big if) decide exactly what data to go after, and it happens to be RSA = 1024 bit (or anything else equally amenable to being factored using NFS). But if it's 2048-bit RSA, this thing won't have a shot -- it's not fancy knew math that "breaks" RSA, it's a faster implementation of an existing technique. And it's probably not the cue for Joe Public to get paranoid.
You cannot use the knowledge of individuals to analyze society, just as you cannot use the knowledge of society to analyze individuals.
It's also -- forgive me for saying -- a little old-fashioned. It implies that there's a complete break between the individual and the society of which that individual is a part. One must have nothing to with the other. Given that every action by every individual has an impact in the society (however small) this seems unlikely. Like air in a room, the overall behaviour of the system will not be based on the behaviour of one gas molecule, but the system is still just an aggregation of gas molecules.
Might well be that it's of more practical value to study the two separately. Going from mass and electrical charge to "how to build a nice car" might be a long and twisty road. It's probably easier to model it with math that might be a little crass, but gets the job done. But it doesn't mean mass and charge have nothing to do with what the car is made of.
This reminds me of air traffic control (my brother works in ATC).
Air traffic controllers use little paper strips mounted on little plastic strips to manage their aircraft. They keep them in an order, can tell at a glance where everything is supposed to be, and can make changes as required, instantly. The controllers complain that every year or two some whizz comes along and says, "You could make that better with a computer," and presto, kicks off a project to design a "better interface". Except they never deliver a better interface. They deliver a GUI, which requires a mouse or touch pen, and turns each operation into three operations, makes everything depend on one more computer (if your paper strip "goes down", print another). In short, not an improvement. But it's suprisingly how many zealouts assume that the hi-tech solution "must" be better, just because.
Actually, I think you could add utility, but not by changing the interface. Don't make the application fit the interface -- it should be the other way around.
Well now, there's half your problem. Freedom doesn't beget freedom. It needs to be regulated to be as free as possible. Alas the regulations come from within the same system you need to regulate, so they aren't always going to have best of intentions attached. Less cynically, it's also difficult to strike a good balance, and to forsee the outcome of any particular regulation.
(I realise there's a flippant answer to that, which you can use if you like. But if you give an actual answer, be careful you don't end up appealing to God as the source of all moral truth, unless you intend to.)
(Not sure how just how much abuse this'll generate, but let's see...)
So we all hate Bill Gates. Apparently for being ruthlessly successful at exploiting the (fairly) free, capitalist system we all hold dear. We're constantly shocked at the audacity of Microsoft, and Bill is the epitome of the evil that company represents.
This is a guy who (with his wife) is in the process of donating $24 Billion to good causes. Not frat house good causes, not pussyfooting PC good causes. He has set up a well-run foundation (you know, managment and accountability) to see that money put to use combatting aids in India, that sort of thing.
$24 Billion is more than most developed countries in the world will put into that sort of work in our lifetimes.
But we do enjoy banging on that "He tried to squash Netscape!", because that's a) more important and b) surely nothing to do with how we like to run things?
The wrong place to point it out, maybe, but it's fun to sit back and reflect on the irony sometimes.
A lot of people have had success at getting DirecTV customer retention to pay part or all the cost of a triple LNB dish when upgrading. Also, people have squeezed various amounts of free programming from DTV to defray the cost of the HDTV receiver (which is the expensive bit at around $600).
Have a look at this thread at avsforum for more details.
New customer? If you go to buy a DirecTV system at Best Buy or the like, they'll try to take an extra $100-$150 for the triple LNB dish. But you can get one for free. Sign up for DirecTV on one of the regular packages (often free after rebate -- try Blockbuster and you also get a year's free DVD rentals), and tell them you want Para Todos, the Spanish network. That comes off one of the other sats, and you'll get a triple-LNB capable dish. Might not have all three LNBs on it, but the 3rd LNB is about $40, and just slots in with no rewiring etc. You don't actually have to by the Para Todos channels, either -- the dish install and program signup seem to be handled separately. (I went through this a couple of months back after reading about it on the Web.)
This isn't a troll, but what exactly is the niche? For not a lot more size, but less money, you could have a shoebox PC like a Shuttle SS40. For not a lot more space you could buy a laptop of the same performance, and have screen and keyboard. And you still have to plug all the wires in the back and (by the looks of it) provide top and rear venting, so you can't just pack 'em in a rack like crazy.
So, serious question: what's the niche? They're cool, yes, but beyond that?
Yes, with a caveat. At least for the betas, you couldn't configure the network settings using the DVD remote. But you can control the software with the remote once loaded. Haven't had to reconfigure the network since v1.0 came out, so I haven't checked if this has been fixed.
Slashdot Mirror
I don't agree that it was nothing of consequence. He was able to enter, without breaking in, a facility considered secret. He deomnstrated that the level of security that was claimed didn't exist, and that it may well be possible for someone so minded to wreak havoc at the facility.
You're right, he did break the law. There's probably a reasonable argument to prosecute him for it. But he also brought to light an important failure in the security of an important research facility, and it's a good thing it came to light in such a harmless fashion. That's a paradox of a free society. The reporter broke the law demonstrating a larger failure to carry out a duty of care.
Watch. He will be prosecuted, and any journalists that try to make a fuss about it will be shown the secure facilities and then be reminded that trying to break into a government facility is a bad idea, regardless. The reporter will be shown to be the fool that he is.
Why is he a fool? And why does letting reporters know it's a "bad idea" help? Surely we're not concerned about polite, largely innocuous journalists breaking in. They have something to lose, and can always be shown the Big Stick afterwards to make them promise not to do it again. But so what? It's the people who are aiming to cause disruption in the name of a cause -- and are willing to die for it -- that we're worried about.
You're much more the fool to mix up the process of keeping honest people honest, than the reporter is to demonstrate what a person intent on harm may be able to do.
The checks and balances of a free society include a free media. Ask the military, the state, governments, your next door neighbour or whoever else to regulate themselves, and your naivete will eventually come back to bite you.
"I appreciate the fact that it can be frustrating to hear people abuse language in discussing topics close to your heart, but subtlety is a virtue if you don't want to inspire enmity in everybody you meet."
Good point, well put. It matters if the person across the table thinks you're a nut, and it's short-sighted to the point of being infantile to think that deliberately being a prick to that person is the quickest, surest or most complete route to your goal. Unless your goal is to be thought a prick.
The whole point is that the odds don't stay slim. "Orbital cascade", as mentioned in other posts in this thread. One big bit becomes many smaller bits, those smaller bits might each render another satellite/astronaut/flying saucer into lots more small bits, and so on. Something you can only hope to avoid, since there's no great way of clearing it up once the problem becomes serious.
If it were as simple as "the computer is no better at chess than those who programmed it" well then those folk be better than Kasparov. I'm guessing even that whole Deep Jr. team might not be so convincing playing (collectively) as humans against Kasparov.
What do you think of as a practical application, by the way? (Serious question)
The performance hit is not worth the return.
For you, it's not. For someone else, it might be.
There are any number of situations where it might be appropriate to exchange some performance for increased data security. Just because you can't imagine them, doesn't mean they don't exist.
Japan plans to spend about 1 billion yen (US$8.3 million)... working on the open-source Linux operating system for consumer electronics goods...
That might be a useful amount. Separately:
Tokyo has already budgeted 50 million yen (US$416,000) for next fiscal year to study the possibility of switching government computers to an open-source operating system.
So that's $8.3M for working on embedded Linux, and $416K for a study into looking at moving government computers to using Linux. "Government computers" is kind of a broad brush. Anyone know if that's servers, desktops, or really is just a general look?
Nice. Just downloaded the emulator etc. from that link. Parsec on my 24" Sony monitor. Now I can waste my evenings exactly how I wasted them 20 years ago!
Schweet!
There I go, getting all excited that the classic TI99/4a sideways scrolling shoot-em up is going to made open source. So I'd have a chance to see the workings of one the games that perverted my early development. Alas it's some fancy-schmancy 3D number. New fangled nonsense...
Actually there's more than a rumour that it was previously implemented at GCHQ.
Public key algorithms are used for signing documents. According to the German signature law, 1024 bit signatures that meet some additional requirements are considered equivalent to physical signatures. (minimum recommended len for keys valid up to 2005). Thus it is important if intelligence agencies can break 1024 bit RSA keys.
You're right: that is interesting, and it's certainly something of which I wasn't aware. Though it suggests that 2005 is probably a sensible time frame to be retiring the 1024-bit keys. Probably unlikely that $10M will become $10 and 1 year will become 10 minutes that soon.
That's not the point I was addressing. I was suggesting that for the average user (even the average corporate user) this shouldn't be cause for sudden panic. Many people seem concerned that the NSA *is* after Grandma's recipe for secret sauce.
Governments may well not encrypt large chunks of hyper-sensitive data with 1024-bit RSA. Given that "the rest of us" can fairly trivially encrypt using RSA with 4096-bit or larger keys, it'd be a surprise if this were the weak point in a typical government's communications. (If it's a very poor country with miserable IT resources, I bet there's a good chance it's amenable to all sorts of other forms of intelligence gathering, too.)
As always, the tinfoil hat crowd will point out that a machine with such capabilities may already have been constructed and be in use. The NSA, perhaps. And they might be right.
Let's say the NSA has one. Let's say it's actually really good and 100x faster than the system proposed by Shamir and Tromer. That means it can plough through 100 1024-bit RSA keys per year. There are about 280 million people in the US (give or take). Let's say 0.3% of them encrypt using 1024-bit RSA (or below). That gives us about a million people. Let's say each one of those only has a single piece of important data. That's a million pieces of data, and you can crack a hundred of them. Be afraid?
It might be useful if you can (big if) decide exactly what data to go after, and it happens to be RSA = 1024 bit (or anything else equally amenable to being factored using NFS). But if it's 2048-bit RSA, this thing won't have a shot -- it's not fancy knew math that "breaks" RSA, it's a faster implementation of an existing technique. And it's probably not the cue for Joe Public to get paranoid.
You cannot use the knowledge of individuals to analyze society, just as you cannot use the knowledge of society to analyze individuals.
It's also -- forgive me for saying -- a little old-fashioned. It implies that there's a complete break between the individual and the society of which that individual is a part. One must have nothing to with the other. Given that every action by every individual has an impact in the society (however small) this seems unlikely. Like air in a room, the overall behaviour of the system will not be based on the behaviour of one gas molecule, but the system is still just an aggregation of gas molecules.
Might well be that it's of more practical value to study the two separately. Going from mass and electrical charge to "how to build a nice car" might be a long and twisty road. It's probably easier to model it with math that might be a little crass, but gets the job done. But it doesn't mean mass and charge have nothing to do with what the car is made of.
This reminds me of air traffic control (my brother works in ATC).
Air traffic controllers use little paper strips mounted on little plastic strips to manage their aircraft. They keep them in an order, can tell at a glance where everything is supposed to be, and can make changes as required, instantly. The controllers complain that every year or two some whizz comes along and says, "You could make that better with a computer," and presto, kicks off a project to design a "better interface". Except they never deliver a better interface. They deliver a GUI, which requires a mouse or touch pen, and turns each operation into three operations, makes everything depend on one more computer (if your paper strip "goes down", print another). In short, not an improvement. But it's suprisingly how many zealouts assume that the hi-tech solution "must" be better, just because.
Actually, I think you could add utility, but not by changing the interface. Don't make the application fit the interface -- it should be the other way around.
Well now, there's half your problem. Freedom doesn't beget freedom. It needs to be regulated to be as free as possible. Alas the regulations come from within the same system you need to regulate, so they aren't always going to have best of intentions attached. Less cynically, it's also difficult to strike a good balance, and to forsee the outcome of any particular regulation.
So what's "criminal abuse"?
(I realise there's a flippant answer to that, which you can use if you like. But if you give an actual answer, be careful you don't end up appealing to God as the source of all moral truth, unless you intend to.)
You don't understand much about free markets or free societies, do you?
Are you surprised that there's a constant arms race between those seeking to regulate "fairly" and those seeking to preserve their advantage?
If so, why are you surprised?
(Not sure how just how much abuse this'll generate, but let's see...)
So we all hate Bill Gates. Apparently for being ruthlessly successful at exploiting the (fairly) free, capitalist system we all hold dear. We're constantly shocked at the audacity of Microsoft, and Bill is the epitome of the evil that company represents.
This is a guy who (with his wife) is in the process of donating $24 Billion to good causes. Not frat house good causes, not pussyfooting PC good causes. He has set up a well-run foundation (you know, managment and accountability) to see that money put to use combatting aids in India, that sort of thing.
$24 Billion is more than most developed countries in the world will put into that sort of work in our lifetimes.
But we do enjoy banging on that "He tried to squash Netscape!", because that's a) more important and b) surely nothing to do with how we like to run things?
The wrong place to point it out, maybe, but it's fun to sit back and reflect on the irony sometimes.
Have a look at this thread at avsforum for more details.
New customer? If you go to buy a DirecTV system at Best Buy or the like, they'll try to take an extra $100-$150 for the triple LNB dish. But you can get one for free. Sign up for DirecTV on one of the regular packages (often free after rebate -- try Blockbuster and you also get a year's free DVD rentals), and tell them you want Para Todos, the Spanish network. That comes off one of the other sats, and you'll get a triple-LNB capable dish. Might not have all three LNBs on it, but the 3rd LNB is about $40, and just slots in with no rewiring etc. You don't actually have to by the Para Todos channels, either -- the dish install and program signup seem to be handled separately. (I went through this a couple of months back after reading about it on the Web.)
You're quite right. 640KB should be enough for anybody.
Personally, I can't wait to get up in the middle of the night to watch this
Enjoy it those what can.
That way you avoid all those nasty cables, too.
This isn't a troll, but what exactly is the niche? For not a lot more size, but less money, you could have a shoebox PC like a Shuttle SS40. For not a lot more space you could buy a laptop of the same performance, and have screen and keyboard. And you still have to plug all the wires in the back and (by the looks of it) provide top and rear venting, so you can't just pack 'em in a rack like crazy.
So, serious question: what's the niche? They're cool, yes, but beyond that?
Might be cool, but I wouldn't want to bring my kids up in a place like this: Kowloon's Walled City.
Yes, with a caveat. At least for the betas, you couldn't configure the network settings using the DVD remote. But you can control the software with the remote once loaded. Haven't had to reconfigure the network since v1.0 came out, so I haven't checked if this has been fixed.