Slashdot Mirror


User: maxwell+demon

maxwell+demon's activity in the archive.

Stories
0
Comments
12,279
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,279

  1. Re:BSD on GoogleOS Scenarios · · Score: 1
    Its suppositivly a network backed by AI to offer you the services you want.

    No. That one is called Skynet.
  2. Re:The myth of Windows GUI consistency. on Office 2007 UI License · · Score: 1

    Indeed, with more applications moving to Gnome or KDE, I guess on Linux the problem will lessen over time. Moreover, the high configurability of the Linux GUIs means that distributions can make the UIs of both quite similar in the distribution's default configurations.

    Thus maybe at some time we get to a situation where Linux interfaces are actually more consistent than Windows interfaces!

  3. Re:I don't normally say things like this, but on Green Light For ITER Fusion Project · · Score: 3, Interesting

    The Apollo program did cost an estimated $135 billion in today's dollars. And the expected payoff was what?
    $12 billion is less that 1/10 of that. And it might give us a great source of energy.

  4. Re:I don't normally say things like this, but on Green Light For ITER Fusion Project · · Score: 1

    Ok, let's rename the project to "green fusion power" and let everyone know it's hydrogen energy we are speaking about! :-)

  5. Re:Not political on An Inconvenient Truth · · Score: 1

    No, I don't return to nature. Unless nature suddenly started to grow energy-saving light bulbs, busses and trains. Or maybe switching my computer off when I don't use it for some time (e.g. over night) is returning to nature?

    And no, all that won't ruin me.

  6. Re:BitTorrent on An Inconvenient Truth · · Score: 1

    And after all, you'd be a pirate, and thus fighting global warming directly.
    BTW, why should Al Gore object if you use his invention to distribute his movie ... ;-)

  7. Re:Not political on An Inconvenient Truth · · Score: 1
    Ok, let's assume that tomorrow something is moving toward where you currently live coming from, say, Iran, and all the experts who looked at it say it's most probably a rocket carrying an atomic bomb, and the nearest nuclear-safe bunker is far enough away that you only have a good chance to reach it in time if you run to it immediatly, would you
    1. run as fast as possible to get into the atomic bunker, or
    2. continue life normally, because after all, there's not yet any hard proof that the thing is indeed an atomic bomb carrying rocket, and interrupting your normal life style would be too inconvenient, and may even be harmful to you, so you won't do it just on speculation and consensus of experts?

  8. Re:The real question is... on AMD Fusion To Add To x86 ISA · · Score: 1
    ... do they think we're going to run binary blobs on our computers in order to use the CPU?

    You already do. Except that the binary blob (aka microcode) is embedded into the CPU. Which is somewhat inavoidable because without a working CPU there would be no way to read that binary blob into the CPU (although I could imagine to have a CPU which initially cannot do anything but read some binary blob from a specified memory address residing in the system bios flash, which then contains the actual implementation of the CPU instructions).
  9. Re:trouble ahead?, trouble behind. on Novell Responds To Microsoft's IP Claims · · Score: 1

    If I had the choice between a flashy-screen-ATM and a boring one, I know which I'd choose. Hint: If I want to see videos, I use my TV or my computer.

  10. Re:On the contrary... on Stop Global Warming With Smog? · · Score: 1

    Of course, the real solution is to increase piracy.

  11. Re:Ok what if it gets too cool? on Stop Global Warming With Smog? · · Score: 3, Funny

    Reminds me of the old joke:

    Two planets meet: "Hello, how are you?" - "Bad. I've got homo sapiens." - "Don't worry. That passes."

  12. Re:Simulations on Stop Global Warming With Smog? · · Score: 1, Informative
    We can't predict weather 5 days out with our current computer models, how could they possibly predict these other trends?

    When will people stop using this silly argument?

    Do you know if in ten days it will be warmer or cooler than now? Probably not.
    Do you know if the next summer will be warmer than the next winter? If you live in the northern hemisphere, at a sufficient distance to the equator, I'd bet on it.

    So how can we know that the summer will be warmer than the winter if we can't even tell the temperature change in about ten days? Think about it!
  13. Deja vu ... on Stop Global Warming With Smog? · · Score: 1

    I knew I've read about that on Slashdot before.
    If you follow the link in the old Slashdot story, you'll find out that it's indeed about Paul Crutzen's idea as well.

  14. Re:I got a question... on A New Vulnerability In RSA Cryptography · · Score: 2, Informative
    THESE ARE BIGINTS!!!

    STOP SHOUTING!
    Guess why I used a loop instead of a single increment instruction in my example code? Exactly: Because it's a bigint!

    they have nothing to do with what an x86 thinks they are

    I've used x86 assembly as example because there you can see exactly where a branch occurs. I could also have written some generic C code to do the same which could have been in a bigint library (OTOH I can imagine a bigint library using assembler as well, just in order to speed things up).

    that is the branching they are talking about in the article nothing else.

    What about actually reading the article? They explicitly don't target the multiplication algorithm, but the branch in the SM loop itself.

    In short such attack don't work will in multitasking OSs running on multiple execution pipeline processors.

    Again, RTFA. Their attack specifically works in multitasking OSs running on multiple execution pipeline processors (such as Intel's Hyperthreading). It won't work on multicore processors with only one pipeline per core, however.
  15. Re:Not in the USA on Life Without Traffic Signs · · Score: 1

    OTOH, I frequently read here on Slashdot how terrible people behave in US cinemas. I've never experienced such bad behaviour in German cinemas.

  16. Re:I got a question... on A New Vulnerability In RSA Cryptography · · Score: 1
    I guess your "-" all should habe been "="?

    For di=0:
    C = di /* now C = 0 */
    C = C * A /* still C = 0 */
    C = C + 1 /* now C = 1 */
    For di=1:
    C = di /* now C = 1 */
    C = C * A /* now C = M-1 */
    C = C + 1 /* now C = M */
  17. Re:I got a question... on A New Vulnerability In RSA Cryptography · · Score: 2, Interesting
    everyone one of the statements that contain *, mod and + have
    branching. Or did you just think they magically happen?

    The question is if they have exploitable branching. For example, the only + in that algorithm is the C=C+1, and that can clearly be done without exploitable branching, e.g. with the following x86 assembler code (assuming lsb-first storage, as usual for x86):
    ADD1TOC:
      mov ecx, LENGTH
      mov esi, ADDRC
      mov edi, ADDRC
      clc
    LOOP:
      lodsd
      adc eax, 1
      stosd
      dec ecx
      jnz LOOP
    Note that the only branch here is the jnz for the loop, but that doesn't reveal anything about the key.

    Also multiplication can be implemented without exploitable branches. I'm not completely sure about modulo, but I don't see an immediate reason why it shouldn't be possible as well.

    The fact that internally the processor has to make decisions does not have any relevance for this exploit, because those won't affect the branch predictor (which is only concerned with instruction-level branches, not possible branches in microcode). So yes, from the instruction level view, the addition/multiplication "magically" happen (the "magic" of course being in the microcode and the digital logic of the processor).
  18. Re:Is this only during key generation? on A New Vulnerability In RSA Cryptography · · Score: 1

    No, it's during key usage.

  19. Re:I got a question... on A New Vulnerability In RSA Cryptography · · Score: 4, Interesting
    After now having read the complete article: Shouldn't it be possible to eliminate the branches completely?
    The following loop (adapted from fig. 3 in the paper) should IMHO work as well (although less efficiently):
    S = M
    A = M - 1
    for i from 1 to n-1 do
      S = S * S (mod N)
      C = di /* should be doable without branch by just bit masking and shifting */
      C = C * A
      C = C + 1 /* now if di was 1, C is M, otherwise C is 1 */
      S = S * C (mod N)
    return S
    The only branch here is in the for loop, and that's independent of the key. Unless there are exploitable branches in the multiplication routine, of course.
  20. Re:Unsecure computer - no secrets. Big deal ! on A New Vulnerability In RSA Cryptography · · Score: 1

    You don't need a priviledged access to the CPU. A normal shell account and a compiler suffice. That's usually not enough to read someone else's keyboard typing.

  21. Re:Unsecure computer - no secrets. Big deal ! on A New Vulnerability In RSA Cryptography · · Score: 2, Informative

    On a multi-user system, someone may well have the right to run arbitrary code on the same processor, but not to access your data.

  22. Re:I got a question... on A New Vulnerability In RSA Cryptography · · Score: 1

    What about just adding small random timing loops into the encryption algorithm? That is, just make so much noise in timing that you simply cannot recognise the signal in it.

  23. Re:Now we're screwed... on Novell Injects MS Lawsuit Exploit Into Open Office · · Score: 1

    Is there already a Windows port of vrms? :-)

  24. Re:Screen Capture on Transec, a Secure Authentication Tag Library · · Score: 1

    Of course if such a solution became widespread enough, malware would probably commonly attack the integrity of VMware itself, in order to infect the host OS. Also note that whatever program can modify the CD image can also modify the checksum.

  25. Re:what is it about voting machine companies? on Transec, a Secure Authentication Tag Library · · Score: 1
    but for an on-line voting system, there are so much better things you can do, like send people a list of one-time passwords along with their voter registration card.

    Or have the voter registration card be a smartcard with one-time passwords directly stored on them (protected by a password/pin which is never transmitted anywhere, not even to the computer the smartcard reader is connected to). You'd need to have a smartcard reader with pin field for online voting, but hey, if you don't want to pay for that, you can still go to the traditional voting booth.

    Yes, there'd still be the possibility that the smartcard reader is compromised, so it sends your smartcard PIN to the computer, where a malware can read it (that's the only way the reader can be compromised, besides causing it to not work at all, since the actual PIN authentification is done on the smart card).

    Thinking about it, you could also use the card reader to enter your vote (e.g. you have a candidate list, and type 3 on the reader panel to select candidate 3), thus effectively bypassing the computer in the voting process, which only transmits the voting data (encrypted by the card). That way, the only things to trust are the candidate list (but the correctness of that can be easily verified, since there's no secret data on it), the smartcard and the card reader. Ok, the computer has to be trusted to correctly submit the data, but that should be easy to verify, too.

    Of course the hard part is to verify that your data is handled correctly after submission ...