You cannot make the blanket statement that "256 bits is too short for any algorithm".
The example you give of 1024-bit RSA is probably *weaker* than, say, 256-bit AES. This is because the strength of an asymmetric algorithm lies in the intractibility of a certain mathematical problem. A breakthrough in mathematics (say, the art of factoring large primes in RSA's case) could render an algorithm obsolete and easily crackable.
A similar breakthrough is much more unlikely to occur in the field of shifting bits in a message about, which is how symmetric algorithms work.
I stumbled upon an article by Bruch Schneider a while back that explained that, weaknesses in the algorithm excepted, a symmetric cipher is pretty much unbreakable once the key length passes 128 bits. Unfortunatly I can't find it now, but the explantion he uses is mentioned in this article:
Keys with 128 bits will probably remain unbreakable by brute force for the foreseeable future. Even larger keys are possible; in the end we will encounter a limit where the energy consumed by the computation, using the minimum energy of a quantum mechanic operation for the energy of one step, will exceed the energy of the mass of the sun or even of the universe.
As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys. RSA recommends that 1024-bit keys may be used until 2010 and that 2048-bit keys may be used until 2030. An RSA key length of 3072 bits should be use if security is required beyond 2030. Draft key management guidelines under consideration by NIST further suggest that 15360-bit RSA keys are equivalent in strength to 256-bit symmetric keys.
In pre-SP2 versions of Windows, the firewall was enabled late enough in the boot procedure to give a significant window during which a computer could be attacked.
There are sooooo many apps on Windows that draw their own controls, often because the programmers just have no clue.:)
In this case it's Thunderbird's fault--GTK provies a perfectly nice listbox control, but I'm sure they have a good reason to use their own for the time being. Mozilla and co used to be much worse, Try comparing an early build of Firebird to the latest Firefox and see how many controls have been changed to by drawn with GTK.
The biggest problem in this area is Openoffice. It does everything itself--probably because Gtk+ and Qt weren't mature enough to consider using when the project was started, and in an uncommon stroke of common sense somebody at Sun didn't make them use CDE (yuck).
I read some time ago that OpenOffice 2 will have the user interface layer completly separated from the rest of the code, so that it would be able to use both GTK+ and Qt; but unfortunatly I can't find any more information about this process, leading me to believe that it has been abandoned until a later verson.:(
Re:Time for X11R7 or even X12
on
The Power of X
·
· Score: 4, Insightful
But it wouldn't. Plenty of hardware can't do transparancy, and is used on systems that aren't powerful enough to do the job in software. Besides, it would break the protocol.
People said that fonts would be better served by making font rendering a core part of the system. What do we have today to show for it? A crufty, obsolete, nonextensible set of functions for drawing glyphs on the server side, that no new development uses because Xft/pango/fontconfig work together to do a much better job on the client side.
No one foresaw anti-aliased text, Unicode, truetype fonts, glyphs drawn with an alpha channel, etc. Fortunatly the mechanism that X provides allows a client to use these features without requiring every X server it comes into contact with to be upgraded to X12 or whatever.
This is because Thunderbird draws its own column headings; if you zoom in on the offending area, it looks much more obvious.
I think we'll be stuck with Mozilla projects doing their own graphical things for quite some time.:)
I don't actually know what theme that desktop is, I would guess Windowmaker or some derivative, spiced up to use the new features of this Xorg release.
If you are looking for a pleasant, well-integrated environment, you should really try Gnome 2.6, with the Industrial theme. The default GTK+ theme isn't too hot; fortunatly Indubstrial (based of Industrial) will be the default theme of Gnome 2.8.
Re:unified desktop
on
The Power of X
·
· Score: 2, Informative
No, you are correct.
Most users new to Linux will be using Gnome and KDE. Most of the programs that they will run into (those which don't do everything themselves, poorly, such as games) are written for GTK+ and Qt. A user's first impression of either desktop environment would be improved tremendously if the default themes for each environemnt didn't look like complete ass.
Fortunatly, the default theme for Gnome 2.8 will be Indubstrial, which is based off the very smooth Industrial theme.
Likewise, the next version of KDE (perhaps 3.3 already?) uses Plastik instead of the godawful Keramic theme.
Now all we need is for freedesktop.org to finish their cunning gtk engine that uses qt to draw everything--thereby unifying the look (if not the functionalty, behaviour, feel) of both desktops.
Although personally I want the opposite effect: to make the few qt/KDE apps I run look like they use Industrial, not switch my entire desktop over to Plastik.:)
Re:Time for X11R7 or even X12
on
The Power of X
·
· Score: 5, Insightful
Then in ten years time, you will end up with exactly the same situation we are in today; obsolete crap in the base protocol, all effective new development in extensions. Except that you will have utterly broken backwards compatibility in the process.:)
Time and time again, X11 has showed us that it is better to provide mechanism, not dictate policy--even unto the protocol itself.
The Extensions mechanism provides the X11 protocol with extrodinary forwards compatibility.
You can take a modern X11 Window Server from 2004, connect to it a crufty old X client from some godawful old piece of embedded hardware from twenty years ago, and have it work perfectly. At the same time, your modern server can perform nifty tasks that the protocol's designers never dreamed would be necessary, such as, well, everything Keith Packard and co are doing today.:)
Re:Unfortunate...
on
The Power of X
·
· Score: 2, Informative
Not to mention the fact that there is more to the process than translating an app's user interface.
* the 127 symbols of ASCII are, surprisingly enough, not sufficient to display non-english languages (and even with ASCII I can't type my country's courrency symbol (£))
* text is not always written left-to-right; many languages also have extremley complicated rules for compositing glyphs; for example, I believe Arabic characters have all sorts of weird rules about whether (and where) a horizontal line is drawn.
Run kcontrol --reverse some time for a trippy but pointed example of what this is like, BTW:D
Re:Unfortunate...
on
The Power of X
·
· Score: 2, Insightful
But without internationalisation, software developed in, say, French, would present a French user interface to you!
i18n means that gettext, or whatever, simply pulls out the en_US strings and the user is none the wiser.
One could argue that the only "theft" here is being committed by the RIAA and other media conglomerates. Perpetual copyright extension means that copyrighted information never enters the public domain, thereby depriving the public of it!
Not to mention the fact that not a single dime of the money from these court cases has reached the hands of the artists whose interests the RIAA so altruisticly protects.
I never said that copyright infringment wasn't wrong and/or illegal. I merely corrected someone who appears to be confused about the name given to a certian crime.
The US Supreme Court itself makes the distinction between Theft and Copyright Infringement. They are legally distinct terms; the actions one must perform to commit them are different; and the punishments for committing them differ. So please do not confuse one with the other.
From DOWLING v. UNITED STATES, 473 U.S. 207 (1985):
Since the statutorily defined property rights of a copyright holder have a character distinct from the possessory interest of the owner of simple "goods, wares, [or] merchandise," interference with copyright does not easily equate with theft, conversion, or fraud. The infringer of a copyright does not assume physical control over the copyright nor wholly deprive its owner of its use. Infringement implicates a more complex set of property interests than does run-of-the-mill theft, conversion, or fraud.
Yuck, marketing. Right up there with Lawyer and Politican for 'most fundamentally corrupt occupation'. 99% of the job is to trick people into buying shit that they neither want nor need.
I can't stand adverts these days--and I live in the UK, where advertising is relitively subtly. I think if I ever returned to the US I would die from an overdose.
Neither can filesystem-level encryption replace block-level encryption. Encryption performed at different levels can be useful for different tasks--the two do not need to be mutually exclusive.
Think of it as the comparison between using 802.1x vs IPSec vs TLS vs PGP. Different layers to serve different purposes.:)
The problem with nuclear fission is that Uranium is expensive and limited. I remember reading (no source, sorry) that if we got 100% of our energy from nuclear fission, we would only have enough Uranium to last 50 years.:(
No _way_ is it possible to get 3.3 packaged and debugged (accross eleven architectures) in a week. KDE 3.2.whatever is very stable, Sarge will release with that version.:)
Slashdot Mirror
You cannot make the blanket statement that "256 bits is too short for any algorithm".
The example you give of 1024-bit RSA is probably *weaker* than, say, 256-bit AES. This is because the strength of an asymmetric algorithm lies in the intractibility of a certain mathematical problem. A breakthrough in mathematics (say, the art of factoring large primes in RSA's case) could render an algorithm obsolete and easily crackable.
A similar breakthrough is much more unlikely to occur in the field of shifting bits in a message about, which is how symmetric algorithms work.
I stumbled upon an article by Bruch Schneider a while back that explained that, weaknesses in the algorithm excepted, a symmetric cipher is pretty much unbreakable once the key length passes 128 bits. Unfortunatly I can't find it now, but the explantion he uses is mentioned in this article:
Finally, Wikipedia has this to say in an article on key length:
In pre-SP2 versions of Windows, the firewall was enabled late enough in the boot procedure to give a significant window during which a computer could be attacked.
Is this the "shatter attack"? Or is the windows-equivalent of setuid(2) really free for any process to call? :)
There are sooooo many apps on Windows that draw their own controls, often because the programmers just have no clue. :)
:(
In this case it's Thunderbird's fault--GTK provies a perfectly nice listbox control, but I'm sure they have a good reason to use their own for the time being. Mozilla and co used to be much worse, Try comparing an early build of Firebird to the latest Firefox and see how many controls have been changed to by drawn with GTK.
The biggest problem in this area is Openoffice. It does everything itself--probably because Gtk+ and Qt weren't mature enough to consider using when the project was started, and in an uncommon stroke of common sense somebody at Sun didn't make them use CDE (yuck).
I read some time ago that OpenOffice 2 will have the user interface layer completly separated from the rest of the code, so that it would be able to use both GTK+ and Qt; but unfortunatly I can't find any more information about this process, leading me to believe that it has been abandoned until a later verson.
But it wouldn't. Plenty of hardware can't do transparancy, and is used on systems that aren't powerful enough to do the job in software. Besides, it would break the protocol.
People said that fonts would be better served by making font rendering a core part of the system. What do we have today to show for it? A crufty, obsolete, nonextensible set of functions for drawing glyphs on the server side, that no new development uses because Xft/pango/fontconfig work together to do a much better job on the client side.
No one foresaw anti-aliased text, Unicode, truetype fonts, glyphs drawn with an alpha channel, etc. Fortunatly the mechanism that X provides allows a client to use these features without requiring every X server it comes into contact with to be upgraded to X12 or whatever.
This is because Thunderbird draws its own column headings; if you zoom in on the offending area, it looks much more obvious.
:)
I think we'll be stuck with Mozilla projects doing their own graphical things for quite some time.
I don't actually know what theme that desktop is, I would guess Windowmaker or some derivative, spiced up to use the new features of this Xorg release.
If you are looking for a pleasant, well-integrated environment, you should really try Gnome 2.6, with the Industrial theme. The default GTK+ theme isn't too hot; fortunatly Indubstrial (based of Industrial) will be the default theme of Gnome 2.8.
No, you are correct.
:)
Most users new to Linux will be using Gnome and KDE. Most of the programs that they will run into (those which don't do everything themselves, poorly, such as games) are written for GTK+ and Qt. A user's first impression of either desktop environment would be improved tremendously if the default themes for each environemnt didn't look like complete ass.
Fortunatly, the default theme for Gnome 2.8 will be Indubstrial, which is based off the very smooth Industrial theme.
Likewise, the next version of KDE (perhaps 3.3 already?) uses Plastik instead of the godawful Keramic theme.
Now all we need is for freedesktop.org to finish their cunning gtk engine that uses qt to draw everything--thereby unifying the look (if not the functionalty, behaviour, feel) of both desktops.
Although personally I want the opposite effect: to make the few qt/KDE apps I run look like they use Industrial, not switch my entire desktop over to Plastik.
Then in ten years time, you will end up with exactly the same situation we are in today; obsolete crap in the base protocol, all effective new development in extensions. Except that you will have utterly broken backwards compatibility in the process. :)
:)
Time and time again, X11 has showed us that it is better to provide mechanism, not dictate policy--even unto the protocol itself.
The Extensions mechanism provides the X11 protocol with extrodinary forwards compatibility.
You can take a modern X11 Window Server from 2004, connect to it a crufty old X client from some godawful old piece of embedded hardware from twenty years ago, and have it work perfectly. At the same time, your modern server can perform nifty tasks that the protocol's designers never dreamed would be necessary, such as, well, everything Keith Packard and co are doing today.
Not to mention the fact that there is more to the process than translating an app's user interface.
:D
* the 127 symbols of ASCII are, surprisingly enough, not sufficient to display non-english languages (and even with ASCII I can't type my country's courrency symbol (£))
* text is not always written left-to-right; many languages also have extremley complicated rules for compositing glyphs; for example, I believe Arabic characters have all sorts of weird rules about whether (and where) a horizontal line is drawn.
Run kcontrol --reverse some time for a trippy but pointed example of what this is like, BTW
But without internationalisation, software developed in, say, French, would present a French user interface to you!
i18n means that gettext, or whatever, simply pulls out the en_US strings and the user is none the wiser.
Whoops, forgot to provide a link <http://www.netjus.org/pages/giurisprudenzax.asp?a rticle=12link>, and to muse some more.
One could argue that the only "theft" here is being committed by the RIAA and other media conglomerates. Perpetual copyright extension means that copyrighted information never enters the public domain, thereby depriving the public of it!
Not to mention the fact that not a single dime of the money from these court cases has reached the hands of the artists whose interests the RIAA so altruisticly protects.
I never said that copyright infringment wasn't wrong and/or illegal. I merely corrected someone who appears to be confused about the name given to a certian crime.
The US Supreme Court itself makes the distinction between Theft and Copyright Infringement. They are legally distinct terms; the actions one must perform to commit them are different; and the punishments for committing them differ. So please do not confuse one with the other.
From DOWLING v. UNITED STATES, 473 U.S. 207 (1985):
Since the statutorily defined property rights of a copyright holder have a character distinct from the possessory interest of the owner of simple "goods, wares, [or] merchandise," interference with copyright does not easily equate with theft, conversion, or fraud. The infringer of a copyright does not assume physical control over the copyright nor wholly deprive its owner of its use. Infringement implicates a more complex set of property interests than does run-of-the-mill theft, conversion, or fraud.
The downloader has not deprived the copyright owner of his property. It is not stealing, it is copyright infringement.
Yuck, marketing. Right up there with Lawyer and Politican for 'most fundamentally corrupt occupation'. 99% of the job is to trick people into buying shit that they neither want nor need.
I can't stand adverts these days--and I live in the UK, where advertising is relitively subtly. I think if I ever returned to the US I would die from an overdose.
user_pref("dom.disable_window_move_resize", true);
There are a whole bunch of similar settings to disable scripts from hiding browser chrome, bringing windows to the front, etc.
Would he have been sucessful without US support?
Besides, it's not like Hussain is the only example. Iran 1953, Guatemala 1954, Chile 1973, to mention a few.
Neither can filesystem-level encryption replace block-level encryption. Encryption performed at different levels can be useful for different tasks--the two do not need to be mutually exclusive.
:)
Think of it as the comparison between using 802.1x vs IPSec vs TLS vs PGP. Different layers to serve different purposes.
And ICQ. Unfortunatly it is simple anonymous end-to-end stuff, so there is no guarantee that you are talking to who you think you are talking to.
Nice. Audio works fine here, perhaps the output from mplayer will help you:
http://nopaste.php-q.net/79703
How did you extract the 'real' movie URL from the stub movie that can't be played without the oficial QT player?
The problem with nuclear fission is that Uranium is expensive and limited. I remember reading (no source, sorry) that if we got 100% of our energy from nuclear fission, we would only have enough Uranium to last 50 years. :(
Server should release if the App crashes. If that fails, Ctrl+Alt+KeypadDivide/Multiply. :)
From open(2):
creat is equivalent to open with flags equal to
O_CREAT|O_WRONLY|O_TRUNC.
So it's shorthand for a commonly chosen set of options.
No _way_ is it possible to get 3.3 packaged and debugged (accross eleven architectures) in a week. KDE 3.2.whatever is very stable, Sarge will release with that version. :)
Maybe they don't have townies in America?