What if there were a way to combine your critical plaintext with some other unimportant plaintext in a way that you could have two keys. One key would decrypt the cyphertext to yield the real plaintext. The other key would decrypt the same cyphertext to yield the decoy plaintext.
When big brother denies your fifth amendment rights against self-incrimination and demands the key or you rot in prison, hand over the key that decrypts the decoy text and say, "See. It was just some stupid email about my car."
Of course you'd have to encrypt everything to be consistent, but that's not really a bad idea anyway.
I think the biggest problem with EULA's is that they can be agreed to without being fully displayed to or read by the end user.
IANAL but but I do know that paper contracts work the same way. If you sign a lease or a loan agreement, there is no requirement that you actually turn the paper over and read the leagalese on the back. And if that legalese states that some other document is included in the contract, you don't have to read that, either. In fact, the other party does not have to make the included document available to you.
You can just blissfully sign the paper and not worry about it. If you should ever contest the terms of the contract and take it to court, the judge won't care if you read it or not. All he'll ask is if that's your signature and if you say yes, the case is closed.
Okay, for those who are lawyers, there are some rights that you cannot sign away. And you might have a case if you can show that there was deceit involved.
But for the vast majority of simple contracts such as leases and loan agreements, all the details are spelled out and you can read it if you like, or not. Most people just sign, because if they don't sign, they don't get the new car or the new apartment. Same with software: you don't click "OK", you don't get to use the program. For most people, that's all that matters.
the 8" floppy is effectively lost to me because I don't have easy access to a drive that can read it anymore
I do. I still have a working CP/M system and an old 386SX-16 with a Compaticard and an 8" drive. The Compaticard's software can read/write about 300 different floppy formats - CP/M, DOS or Wang word processor (but not Apple). I can't do hard-sectored diskettes, though, because I don't have a hard-sectored drive.
I was left wondering what about Windows95 (as opposed to say Windows 3.1) that it was where sound card support started working.
WIN 3.1 didn't even support a Soundblaster out-of-the-box, IIRC. You had to run the SB installer which handled both the DOS and Windows configuration. WIN 95 was the first Windows to do the sound card setup as part of the OS install.
The author specifically stated he wasn't doing anything but OS installation, so running a Soundblaster setup diskette would have been cheating.
Although they are standard equipment now, sound cards were add-on options back in the day and not all that common in 1991 when WIN 3.1 was written.
What are bean counters necessary for, when no one's making any beans?
True, in a non-profit group there is a reduced need for accountants, but bean counters will find beans to count none the less. Sort of like Da Count (Count von Count) on Sesame Street. These folks are also good at organizing things, maintaining version numbers, deciding what updates go into which version, coordinating schedules and cut-off dates and generally telling other people what to do.
I know that last bit sounds like a bad thing and many OSS folks don't like to be told what to do, but some discipline is necessary in any organization. If things seem to be a little too chaotic, then some more discipline is needed, either internal (self-discipline) or external.
How about wirting *anything* that hasn't been done 1000 times already?
I don't know whether the parent's view is accurate or not, but it does point out something I learned in [shudder] "diversity training".
In a successful organization, there are several types of individuals: those that do the R-and-D; the blue-sky dreamers who dream up uses for the stuff the R-and-D folks invent; the "people persons" who sell the products the dreamers dream up; and the accountants and production control bean counters who take pleasure in making sure that schedules are met and the bills are collected/paid. Take away any one group and the others are doomed to failure.
From my limited knowledge of OSS, it seems like it might be very heavy in the R-and-D department, but very, very light in all the others. They all are necessary.
Is this a strategic shortcoming of OSS? Are there some possible strategic alliances that might restore some balance?
I don't have any answers, but these seem like valid concerns.
My understanding is that current crypto systems rely on the fact that keys take an extremely long time to be brute forced because currently computers are not efficient at all at factoring.
From the article:
"MagiQ Technologies, Inc., the quantum
information processing (QIP) company, today announced the general availability
of its Navajo Secure Gateway, the world's first commercially available quantum
key distribution (QKD) system."
Note that this product makes no claim for more than secure key distribution only, not for general data encryption. You pick your own encryption method and MagiQ will make sure your keys get from here to there securely.
Once the keys have been distributed, you use them to encrypt your sensitive data using RSA, triple-DES, etc (pick your own poison). This encrypted data is no more secure against brute force that it was without the quantum key distribution method.
It appears that MagiQ is only guaranteeing that your keys won't get hijacked.
15 hours of how to move in traffic isn't driving instruction. People need to know what to do when they understeer and oversteer. They need to have done it before, over and over, so they learn how to react.
After my kids completed their required training classes, I took them out behind a local abandoned strip mall. They accelerated to about 35 mph, then locked the brakes. Over and over. There was enough small gravel and dirt on the asphalt to give them a chance to slide and drift.
Yes, it was hard on the tires, but several weeks later when my son came to a skidding stop 12 inches from a dump truck, I wasn't really concerned about the tires. I imagine he was expecting to get chewed out for misjudging his stopping distance, but all I said was , "Good job!"
This is good only if they hammer the point home that people should not rely on this to keep them safe.
While I agree completely with your sentiment, I'm afraid the public's reaction will be, "If I can't rely on it, why should I pay for it?"
So all we'll see is a little half-hidden sticker somewhere and a disclaimer in the owner's manual. They can't afford to belabor the point. It would be a marketing disaster.
And the source code is probably long gone. One of Autocoder's "strengths" was that you could easily patch the object deck without having to re-compile. The compiles took a long time, so everyone just added a patch card or two or three to the end of the object deck, (which was punched cards), and re-ran the failing job. After serveral iterations, the patch cards outnumbered the original object code cards. The source code no longer matched what was running in production, so it was tossed in the trash. Any new enhancements were made via patch cards, and you were basically doing a manual assembly at that point.
So if you want to maintain Autocoder, you should have the instruction set memorized and understand the concept of "word-marks".
It's different in the mainframe world, too. Each OS image has a hierarchical filesystem for Open Systems components' use (with root,/bin,/usr,/etc, etc.), but that whole filesystem is housed in just one medium-sized MVS data set on one disk volume. We have eight OS images and thousands of disk volumes, so naming conventions are important.
Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.
Investigators could program their supercomputers to flag packets of information that met certain criteria, such as a certain IP number, a certain traffic pattern or a certain kind of content. As soon as a packet is flagged, investigators would apply for warrants to assemble the packets and read the messages' contents.
If we are to believe the NSA, they don't necessarily read contents. They analyze routing, then get a warrant to read the contents.
If we assume that they can crack PGP, etc., then using email encryption may be false security. They don't have to crack every encrypted email, only the ones that get flagged based on routing.
You name your hard drives?
(insert raised eyebrow here.)
You don't !?
How do you keep them straight?
I mean, with nine systems at home, many with multiple drives, and all visible on the network, I had to name them all to keep from accidentally getting the wrong one.
At work, with thousands of drives, we just number them in an efficient-but-hardly-interesting way. I think I shall relabel TSP517 (Temp Storage Pool) to BADGER and see if anyone takes notice.
Slashdot Mirror
He did, but the broker's Windows box got owned and the report went to ftp.sec.com.
When big brother denies your fifth amendment rights against self-incrimination and demands the key or you rot in prison, hand over the key that decrypts the decoy text and say, "See. It was just some stupid email about my car."
Of course you'd have to encrypt everything to be consistent, but that's not really a bad idea anyway.IANAL but but I do know that paper contracts work the same way. If you sign a lease or a loan agreement, there is no requirement that you actually turn the paper over and read the leagalese on the back. And if that legalese states that some other document is included in the contract, you don't have to read that, either. In fact, the other party does not have to make the included document available to you.
You can just blissfully sign the paper and not worry about it. If you should ever contest the terms of the contract and take it to court, the judge won't care if you read it or not. All he'll ask is if that's your signature and if you say yes, the case is closed.Okay, for those who are lawyers, there are some rights that you cannot sign away. And you might have a case if you can show that there was deceit involved.
But for the vast majority of simple contracts such as leases and loan agreements, all the details are spelled out and you can read it if you like, or not. Most people just sign, because if they don't sign, they don't get the new car or the new apartment. Same with software: you don't click "OK", you don't get to use the program. For most people, that's all that matters.Due to vital maintenance work, some Institute of Physics Web sites are temporarily unavailable."
In physics, the Slashdot Effect is called "vital maintenance work".How quaint.
They were decoy goups set up by the crackers as honeypots to attract the FBI and observe its techniques.
I do. I still have a working CP/M system and an old 386SX-16 with a Compaticard and an 8" drive. The Compaticard's software can read/write about 300 different floppy formats - CP/M, DOS or Wang word processor (but not Apple). I can't do hard-sectored diskettes, though, because I don't have a hard-sectored drive.
How important is your data?Maybe he's posting from .au and it is tommorrow.
Considering the fact that UDP is also the acronymn for Usenet Death Penalty, it doesn't seem like the choices are all that different.
Freewill? Riiiiiight.Embarrassed?? But I thought "Flesh Gordon" was a high-brow flick!?
WIN 3.1 didn't even support a Soundblaster out-of-the-box, IIRC. You had to run the SB installer which handled both the DOS and Windows configuration. WIN 95 was the first Windows to do the sound card setup as part of the OS install. The author specifically stated he wasn't doing anything but OS installation, so running a Soundblaster setup diskette would have been cheating.
Although they are standard equipment now, sound cards were add-on options back in the day and not all that common in 1991 when WIN 3.1 was written.
I'll give this topic some actual thought and maybe post an update later...
Is it just me, or was the opium of the '60s a lot purer and.. well.. just plain nicer?
It was definitely cheaper! Or so I've heard..Tell that to Mrs.C as we're curled up on the sofa "watching TV". ;)
The social interaction is the only reason I watch TV.True, in a non-profit group there is a reduced need for accountants, but bean counters will find beans to count none the less. Sort of like Da Count (Count von Count) on Sesame Street. These folks are also good at organizing things, maintaining version numbers, deciding what updates go into which version, coordinating schedules and cut-off dates and generally telling other people what to do.
I know that last bit sounds like a bad thing and many OSS folks don't like to be told what to do, but some discipline is necessary in any organization. If things seem to be a little too chaotic, then some more discipline is needed, either internal (self-discipline) or external.All the good names were already taken.
I don't know whether the parent's view is accurate or not, but it does point out something I learned in [shudder] "diversity training".
In a successful organization, there are several types of individuals: those that do the R-and-D; the blue-sky dreamers who dream up uses for the stuff the R-and-D folks invent; the "people persons" who sell the products the dreamers dream up; and the accountants and production control bean counters who take pleasure in making sure that schedules are met and the bills are collected/paid. Take away any one group and the others are doomed to failure.From my limited knowledge of OSS, it seems like it might be very heavy in the R-and-D department, but very, very light in all the others. They all are necessary.
Is this a strategic shortcoming of OSS? Are there some possible strategic alliances that might restore some balance?I don't have any answers, but these seem like valid concerns.
From the article:
Note that this product makes no claim for more than secure key distribution only, not for general data encryption. You pick your own encryption method and MagiQ will make sure your keys get from here to there securely."MagiQ Technologies, Inc., the quantum information processing (QIP) company, today announced the general availability of its Navajo Secure Gateway, the world's first commercially available quantum key distribution (QKD) system."
Once the keys have been distributed, you use them to encrypt your sensitive data using RSA, triple-DES, etc (pick your own poison). This encrypted data is no more secure against brute force that it was without the quantum key distribution method.
It appears that MagiQ is only guaranteeing that your keys won't get hijacked.I've heard you can use steganography to hide your data in .JPGs ;)
After my kids completed their required training classes, I took them out behind a local abandoned strip mall. They accelerated to about 35 mph, then locked the brakes. Over and over. There was enough small gravel and dirt on the asphalt to give them a chance to slide and drift.
Yes, it was hard on the tires, but several weeks later when my son came to a skidding stop 12 inches from a dump truck, I wasn't really concerned about the tires. I imagine he was expecting to get chewed out for misjudging his stopping distance, but all I said was , "Good job!"While I agree completely with your sentiment, I'm afraid the public's reaction will be, "If I can't rely on it, why should I pay for it?"
So all we'll see is a little half-hidden sticker somewhere and a disclaimer in the owner's manual. They can't afford to belabor the point. It would be a marketing disaster.Ah, you young whipper-snappers.
That's IBM 1401 Autocoder.And the source code is probably long gone. One of Autocoder's "strengths" was that you could easily patch the object deck without having to re-compile. The compiles took a long time, so everyone just added a patch card or two or three to the end of the object deck, (which was punched cards), and re-ran the failing job. After serveral iterations, the patch cards outnumbered the original object code cards. The source code no longer matched what was running in production, so it was tossed in the trash. Any new enhancements were made via patch cards, and you were basically doing a manual assembly at that point.
So if you want to maintain Autocoder, you should have the instruction set memorized and understand the concept of "word-marks".
It's different in the mainframe world, too. Each OS image has a hierarchical filesystem for Open Systems components' use (with root, /bin, /usr, /etc, etc.), but that whole filesystem is housed in just one medium-sized MVS data set on one disk volume. We have eight OS images and thousands of disk volumes, so naming conventions are important.
Headers also pick up the numeric or Internet Protocol (IP) address of all the computers a packet touches as it travels from its originating machine all the way to its destination. Every computerized device connected to the Internet has its own unique IP number.
Investigators could program their supercomputers to flag packets of information that met certain criteria, such as a certain IP number, a certain traffic pattern or a certain kind of content. As soon as a packet is flagged, investigators would apply for warrants to assemble the packets and read the messages' contents.If we are to believe the NSA, they don't necessarily read contents. They analyze routing, then get a warrant to read the contents.
If we assume that they can crack PGP, etc., then using email encryption may be false security. They don't have to crack every encrypted email, only the ones that get flagged based on routing.(insert raised eyebrow here.)
You don't !?
How do you keep them straight?I mean, with nine systems at home, many with multiple drives, and all visible on the network, I had to name them all to keep from accidentally getting the wrong one.
At work, with thousands of drives, we just number them in an efficient-but-hardly-interesting way. I think I shall relabel TSP517 (Temp Storage Pool) to BADGER and see if anyone takes notice.Reminds me of a conversation with my ex-wife:
She: You're sick.Me: You have no sense of humor.
She: Yes I do, but that's not funny.
Me: I rest my case.
Thanks Michael! The Badger story made my day!