You can stuff arbitrary words into your message headers with most mailers. They generally won't be seen when the recipient looks at the message. If you are a pine users, add a line similar to the following to your.pinerc:
customized-hdrs=X-HiEchelon: tempest anthrax fissile ebola revolt CIA pentagon jihad
I loved this film - a neatly plausible plot (with a decent basis in reality), interesting characters (again based on real people), aesthetic cinematography and a good story with lots of wit and "in-jokes".
I registered a couple of domain names through MelbourneIT recently. They were quite a bit more expensive than NSI, but the service was much better (it couldn't be any worse:).
But then again I am a Melbournian, so I may be biased:)
My sister registered a domain through NSI - they screwed up the delegation and ignored three months of attempts to fix it.
Is RSA still important? If so, what niche does it fill?
RSA is still very important because it is the de-facto standard for asymmetric encryption. Other PK algorithms (DH) are much more cumbersome to use in a disconnected environment, and AFAIK no other PK algorithm supports multiple recipients and signatures as easily as RSA.
There is a lot of infrastructure already using RSA. There is little point in throwing it all away when the algorithm is going to be free by the end of next year.
RSADSI is a big company who depends heavily on the RSA algorithm for their revenue. You can bet that they have scores of lawyers who will try to intimidate anyone who tries to use the RSA algorithm after expiry.
They would probably not win any case that made it to court, but that is enough to scare many smaller companies into purchasing a license. Most of the larger companies already have licenses.
PGP (2.x at least) still uses the IDEA algorithm which is patented by Ascom Systec of Switzerland, so it is not totally free.
GnuPG does not use any patented algorithms and is a much better product anyway. There also exist plug-in RSA implementations which allow it be backwards compatible with PGP 2.x.
The whole article is predicated on a false dichotomy, and goes on to draw false conclusions.
The "mappers" vs "packers" terminology is carefully loaded to promote one mode of operation at the expense of another. This sort of linguistic trick seeks to hide deeper problems - that "mapping" a.k.a goal-focused thinking and "packing" a.k.a process focused thinking are equally important and that people need to employ both modes of thought in completing large problems.
I do believe that the author is on to something with his explanation of why some individuals consistently attain massively higher levels of performance than others. The best developers can internalise large parts of a problem domain concurrently, and thus develop better abstractions and decomposition stratergies.
More importantly, though, what's to stop a small country willing to devote a relatively (for a country) small amount of money to building a distributed computing facility (or a Beowulf cluster, for that matter) and simply smashing away at whatever encryption method the bank is using? Wasn't the 64-bit DES key just brute-forced not too long ago by distributed.net?
BTW if you are aiming to brute-force crypto, you are better of sinking your money into loads of FPGAs than a beowulf cluster. (unless you want to simulate nuclear detonations during off hours:)
If you are using a algorithm and key length that has been broken *very publically* (hell, there is even a HOWTO^H^H^H^H^Hbook about it!), then you deserve everything you get.
Penrose drove the stake through his own credibility:)
His speculations about the supposed quantum computations occurring in crystalline microtubules in the brain is scoffed at by physicists and physicians alike. I have heard that there is a treatment for gout which destroys many of these structures (without turning its users into zombies).
Penrose's arguments about a new form of mathematics and physics being necessary to explain consciousness stuck me as carefully clothed mysticism.
A better argument against strong AI can be found in Vernor Vinge's science fiction works: our inability to manage the complexity of large software systems:)
I would guess that a large portion of what these numbers stations "play" is random padding to prevent traffic patterns inadvertently giving away information (e.g. a large number of messages on the eve of an invasion).
Of course this padding would be statistically indistinguishable from the OTP encrypted material they play the rest of the time, and about as "crackable".
Re:Vernor Vinge, Van Eck, locus
on
Smart Dust
·
· Score: 1
That article is both freaky and enthralling. Yes, I did make the Diamond Age connection the moment I read the subject, and gosh, this is exactly the motes(mites?) from Diamond Age.
It made me think more of Pham Nuwen's Localizers from Venor Vinge's excellent _A Deepness in the Sky_.
Couldn't agree more - Suck was fresh in 1995, but they are very stale now.
Hypocritical too - they were bought out by Wired Ventures LLC:)
Re:If you don't like X, help XFree people to make
on
Is X The Future?
·
· Score: 1
"If you don't like Fords, help Ford make a better car!"
Screw that. We'll write our own windowing system and let X people back-port our code to their lame-ass "UI".
Great attitude - considering that most of the work that goes into the only usable free windowing system from Unix is done by volunteers, your attitude demonstrates at once a lack of both respect and clue.
X has never looked better. We already have two excellent desktops, window managers that cater for just about everyone's tastes and are soon to get an OpenGL DRI and Xinerama.
While it is a pity that X still lacks alpha channel and anti-aliased font support in the server, there is no reason that this cannot be added because X is fully Open Source. It also has the distinct advantage over its "challengers" in that it is not just vapor:)
The ISP *is* doing the right thing. Why should they mess with their infrastructure and stigmatise a class of users (i.e the ones with so-called 'adult' material) to satisfy the needs of a company with a broken product?
There are legal reasons too. If the ISP starts making judgements as to the content of their webservers, then they leave themselves open to lawsuits against them. If they do not, then they can claim that they are just carriers of the information and take no editorial control.
The problem with pervasive networking and content enriched email is that it turns every old application into a security-critical application.
Not so long ago it seemed that you could get away with not auditing the many large applications which are not set[ug]id and do not directly process data from the network.
Nowadays even the most innocuous tool is going to have malicious data piped through it sooner or later - ghostscript, libjpeg, your cddb-enabled CD applet.
While an attacker may not crack root directly through such attackes, it still let them use your account - i.e you email, PGP keys and personal files. They may still crack root later using keystoke sniffers, careless passwords or bugs in local setuid apps.
The solution? We can start by making sure that all developers understand that security is a basic requirement for all software - you would think that this is a given, but alas security is usually an afterthought (if it is considered at all). Compliers like stackguard-gcc and languages with built-in security like Java will help, as will fast virtual machines that we can use to imprision suspicious code.
Slashdot Mirror
Anybody else find it ironic that we call ourselves a democracy yet cater to the minorities rather than the majorities?
Last time I looked at the population figures, Americans *are* the minority.
Free / Open Source software existed long before the creation of Linux, and would probably be nearly as popular even if Linux did not exist.
Apache and Perl are two free software projects that have reached far more people than Linux, and has garnered more acceptance in corporate circles.
You can stuff arbitrary words into your message headers with most mailers. They generally won't be seen when the recipient looks at the message. If you are a pine users, add a line similar to the following to your .pinerc:
customized-hdrs=X-HiEchelon: tempest anthrax fissile ebola revolt CIA pentagon jihad
I loved this film - a neatly plausible plot (with a decent basis in reality), interesting characters (again based on real people), aesthetic cinematography and a good story with lots of wit and "in-jokes".
I registered a couple of domain names through MelbourneIT recently. They were quite a bit more expensive than NSI, but the service was much better (it couldn't be any worse :).
:)
But then again I am a Melbournian, so I may be biased
My sister registered a domain through NSI - they screwed up the delegation and ignored three months of attempts to fix it.
Is RSA still important? If so, what niche does it fill?
RSA is still very important because it is the de-facto standard for asymmetric encryption. Other PK algorithms (DH) are much more cumbersome to use in a disconnected environment, and AFAIK no other PK algorithm supports multiple recipients and signatures as easily as RSA.
There is a lot of infrastructure already using RSA. There is little point in throwing it all away when the algorithm is going to be free by the end of next year.
RSADSI is a big company who depends heavily on the RSA algorithm for their revenue. You can bet that they have scores of lawyers who will try to intimidate anyone who tries to use the RSA algorithm after expiry.
They would probably not win any case that made it to court, but that is enough to scare many smaller companies into purchasing a license. Most of the larger companies already have licenses.
PGP (2.x at least) still uses the IDEA algorithm which is patented by Ascom Systec of Switzerland, so it is not totally free.
GnuPG does not use any patented algorithms and is a much better product anyway. There also exist plug-in RSA implementations which allow it be backwards compatible with PGP 2.x.
The Wonderful Wankometer rates the press release as having a considerable wank quotient.
Close, but the particles don't have to be charged.
The whole article is predicated on a false dichotomy, and goes on to draw false conclusions.
The "mappers" vs "packers" terminology is carefully loaded to promote one mode of operation at the expense of another. This sort of linguistic trick seeks to hide deeper problems - that "mapping" a.k.a goal-focused thinking and "packing" a.k.a process focused thinking are equally important and that people need to employ both modes of thought in completing large problems.
I do believe that the author is on to something with his explanation of why some individuals consistently attain massively higher levels of performance than others. The best developers can internalise large parts of a problem domain concurrently, and thus develop better abstractions and decomposition stratergies.
There is one person's account of a job interview with the NSA available online.
IIRC Phrack published the NSA security manual a few years back.
Looks like it is ready to take on you choice of Monster (Godzilla, Mothra) or Giant Robot :)
More importantly, though, what's to stop a small country willing to devote a relatively (for a country) small amount of money to building a distributed computing facility (or a Beowulf cluster, for that matter) and simply smashing away at whatever encryption method the bank is using? Wasn't the 64-bit DES key just brute-forced not too long ago by distributed.net?
:)
BTW if you are aiming to brute-force crypto, you are better of sinking your money into loads of FPGAs than a beowulf cluster. (unless you want to simulate nuclear detonations during off hours
If you are using a algorithm and key length that has been broken *very publically* (hell, there is even a HOWTO^H^H^H^H^Hbook about it!), then you deserve everything you get.
Penrose drove the stake through his own credibility :)
:)
His speculations about the supposed quantum computations occurring in crystalline microtubules in the brain is scoffed at by physicists and physicians alike. I have heard that there is a treatment for gout which destroys many of these structures (without turning its users into zombies).
Penrose's arguments about a new form of mathematics and physics being necessary to explain consciousness stuck me as carefully clothed mysticism.
A better argument against strong AI can be found in Vernor Vinge's science fiction works: our inability to manage the complexity of large software systems
Why isn't this release called Mandrake 1.2? Its not like they have been through six major revisions yet.
Redhat's version is bloated enough, but at least there were major, incompatible changes between revisions (e.g. libc)
I would guess that a large portion of what these numbers stations "play" is random padding to prevent traffic patterns inadvertently giving away information (e.g. a large number of messages on the eve of an invasion).
Of course this padding would be statistically indistinguishable from the OTP encrypted material they play the rest of the time, and about as "crackable".
That article is both freaky and enthralling. Yes, I did make the Diamond Age connection the moment I read the subject, and gosh, this is exactly the motes(mites?) from Diamond Age.
It made me think more of Pham Nuwen's Localizers from Venor Vinge's excellent _A Deepness in the Sky_.
Couldn't agree more - Suck was fresh in 1995, but they are very stale now.
:)
Hypocritical too - they were bought out by Wired Ventures LLC
"If you don't like Fords, help Ford make a better car!"
Screw that. We'll write our own windowing system and let X people back-port our code to their lame-ass "UI".
Great attitude - considering that most of the work that goes into the only usable free windowing system from Unix is done by volunteers, your attitude demonstrates at once a lack of both respect and clue.
Hell yeah - electropaint is the most cool screensaver ever to save pixels.
A Free release would be wonderful.
Stego does not rely on STO - good stego is about hiding data such that an observer cannot even prove that it is there.
X has never looked better. We already have two excellent desktops, window managers that cater for just about everyone's tastes and are soon to get an OpenGL DRI and Xinerama.
:)
While it is a pity that X still lacks alpha channel and anti-aliased font support in the server, there is no reason that this cannot be added because X is fully Open Source. It also has the distinct advantage over its "challengers" in that it is not just vapor
The ISP *is* doing the right thing. Why should they mess with their infrastructure and stigmatise a class of users (i.e the ones with so-called 'adult' material) to satisfy the needs of a company with a broken product?
There are legal reasons too. If the ISP starts making judgements as to the content of their webservers, then they leave themselves open to lawsuits against them. If they do not, then they can claim that they are just carriers of the information and take no editorial control.
Cyberpatrol is broken, fix that.
Could this information be used to set up competing root servers?
The problem with pervasive networking and content enriched email is that it turns every old application into a security-critical application.
Not so long ago it seemed that you could get away with not auditing the many large applications which are not set[ug]id and do not directly process data from the network.
Nowadays even the most innocuous tool is going to have malicious data piped through it sooner or later - ghostscript, libjpeg, your cddb-enabled CD applet.
While an attacker may not crack root directly through such attackes, it still let them use your account - i.e you email, PGP keys and personal files. They may still crack root later using keystoke sniffers, careless passwords or bugs in local setuid apps.
The solution? We can start by making sure that all developers understand that security is a basic requirement for all software - you would think that this is a given, but alas security is usually an afterthought (if it is considered at all). Compliers like stackguard-gcc and languages with built-in security like Java will help, as will fast virtual machines that we can use to imprision suspicious code.