Yeah, sorry, they had to be relative primes of course. My bad.
Actually that's what it said after the first -, but I forgot that slashdot has the anoying habit of removing anything between the greater than / lesser than signs, even in plain text mode.
But then again, I should have previewed my comment.
McAfee firewall personal edition (once?) blocked all access to 127.x.x.x and you could only enable this one IP at a time. So a firewall *can* protect you from yourself. Question is if you want it to (I didn't, my Java application suddenly could not be debugged anymore).
Most applications that can be run by normal users have full connect capabilities to any network. One could argue if that is a good thing, especially within a corporate environment. I'd say: probably not. You've got a valid point here, even though you are just using it as an example.
How can you write a secure program if you don't know what a buffer overflow is?
He could have a manager/software engeneer that told him to use managed code (.NET/Java) or any scripting language. Simple. And best practices for safe coding are best found in books that are not "how to hack" books. Unless that means how to design/write safe code books (but I think it doesn't).
Rot- would be smarter - like Rot-7 or Rot-13. You would not rotate into your old passwords that quickly.
Anyway, use a (very cheap) PDA with a single password and a password tool (create/store) and you're set. Don't enable WiFi and/or bluetooth of course...
Paper has very nice properties: - very fine print - colour possible - reads easily, even in low light / from an angle - bends pretty easily - rather light - pretty cheap - works with a variety of pens etc. - available in any size
And also a few less favourable: - environmental problems - difficult to convert to digital (OCR is not that good, and scanning every page is time-consuming) - difficult to sort/search - it's only light in small quantities - difficult to destroy (completely) - not so good with water - slow to transport.
The end of the paper era will only come if there is a digital equivalent to paper. I can see a letter sized map with e-Ink/flash/bluetooth succeed eventually to take over a small part of the market. It should at least be able to do the things paper does well, and then add some.
Currently the paperless office only exists on PC's and maybe organizers/cell phones. These devices do have some properties that set them off against the unfavourable parts about paper. But they do not compete on readability, size, weight, cost. As long as this is the case, the paperless office is just a dream.
Automagically, you said it! Besides, it has QtParted with shrink, copy of partitions build in, mounts NTFS (RO if you like) and *if* you use OO.org & thunderbird etc. you can read back all your files. It seems to be way more useful than a XP startup disk. And you can safe your settings as well, all the setup stuff you need to do is saved for that machine.
France? Why go to France? AFAIK, this works as well in Belgium (a country which you can reach in just about 3 hours from anywhere in the Netherlands). Anyway, (again AFAIK) the PIN is encrypted on the magnetic stripe. Not so smart. So it is better than a Credit Card, but not *much* better.
Or you should push your government to put an environmental tax on it so you can return it to the shop where you bought it. This tax can be used by the manufacturer to dispose or recycle the product. You're going to pay for it one way or the other anyway. Note that this is not hypothetical, in NL (and probably a lot of other European countries) they have such a scheme for electronics already.
Why the hey would you make a scheme on par with mechanical keys if you can do better? And maybe the shape of mechanical keys is also some protection? Most key copiers start out with a basic key and put that further in shape.
There is a difference between releasing new software and bugfixes/security fixes. The first one I have no problem paying for (although I'd rather not). The second one I have a big problem with, since bugfixes are fixes on something that should have worked to begin with, and the second one poses a security risks. I also abhor companies that make hundreds of tiny changes and charge for that, new versions (for which you should pay for) should be significantly different from the previous versions.
Anyway I am happily running a lot of OS software on Windows on my client PC (including an X server) and running everything else on my Linux server. The only software I pay for are the OS (excluding MS office and everything else) and entertainment. That way I don't need Linspire - which is good, since most copies don't equal the original.
Knoppix seems to solve that by putting things in parentheses. Since it is basically a "install once" thingy, I would have preferred it the other way around, and more grouped. But the good thing is is that you get both the name of the application and the type of program.
There is a difference here. I have seem lots of URL's in the game to their makers. Most of the times, these games have been bought and distributed by someone else. There is no way of knowing if the burger shop payed the man writing the game. There is the credit in writing the game as well as hosting the game. Not that I agree on his actions though. He should have just contacted them and come to an agreement. Maybe even making some money out of it.
No I don't think that that displayed link was giving credit. It's in the game itself so Fuddruckers is not giving credit to anyone. If they would have bought the game, that link would have been the same. Then again, I would have been mightely anoyed to skip through some bullshit "credit" pages before starting the game.
...if you talk one breed of programmer that will *never* switch to Linux, it's probably them. I don't know a single VB developer that does anything outside of Windows.
Lets just hope they jump ship to C# or Java instead. Lets do away with those compatibility issues. Arrays start at 0, hurray:)
Back in the old DOS days, a neighbour of mine worked with the police. He was working in Amsterdam (together with 10.000nds of other law inforcers). He was one of the more knowledgable computer users there. His idea of securing files was enabling the "hidden" attribute. I kid you not.
That said, they were so smart to not have a network to their most sensitive network however.
Yeah, well, Windows or Linux is not so much a trusted platform in that sense. A trojan could also listen for passwords, or just run parts of the browser to get to the stored cache. And we seem to be talking about offline investigations here.
What if the other party is not your car? Someone walks past your desk, puts your key in a cheapo copy device and the drive will fill it no questions asked? What kind of scheme is that?
Yeah, well, they also call this OAEP (a padding scheme which uses hash functions as well as a random) it seems. Obviously you should keep yourself as much as possible to cryptographic standards. Only a fool would create his own scheme for something like this. If I remember correctly, Schneider (the author of the book) himself has said something similar.
As another contributer wrote, it is probably easier to keep to symetric cryptography.
Yep, that would work. As long as the keys are safe, you wouldn't want anyone be able to copy the keys. Besides stealing the car, their would be no prove that someone did not have access granted or not (fraud).
The protocol is not that much of an issue (as long as it is chosen with care). The other practical considerations are much more important. Even RSA processors are not that expensive anymore, but I agree that it would be overkill for this kind of "problem".
Slashdot Mirror
Yeah, sorry, they had to be relative primes of course. My bad.
Actually that's what it said after the first -, but I forgot that slashdot has the anoying habit of removing anything between the greater than / lesser than signs, even in plain text mode.
But then again, I should have previewed my comment.
McAfee firewall personal edition (once?) blocked all access to 127.x.x.x and you could only enable this one IP at a time. So a firewall *can* protect you from yourself. Question is if you want it to (I didn't, my Java application suddenly could not be debugged anymore).
Most applications that can be run by normal users have full connect capabilities to any network. One could argue if that is a good thing, especially within a corporate environment. I'd say: probably not. You've got a valid point here, even though you are just using it as an example.
He could have a manager/software engeneer that told him to use managed code (.NET/Java) or any scripting language. Simple. And best practices for safe coding are best found in books that are not "how to hack" books. Unless that means how to design/write safe code books (but I think it doesn't).
Rot- would be smarter - like Rot-7 or Rot-13. You would not rotate into your old passwords that quickly.
Anyway, use a (very cheap) PDA with a single password and a password tool (create/store) and you're set. Don't enable WiFi and/or bluetooth of course...
Paper has very nice properties:
- very fine print
- colour possible
- reads easily, even in low light / from an angle
- bends pretty easily
- rather light
- pretty cheap
- works with a variety of pens etc.
- available in any size
And also a few less favourable:
- environmental problems
- difficult to convert to digital (OCR is not that good, and scanning every page is time-consuming)
- difficult to sort/search
- it's only light in small quantities
- difficult to destroy (completely)
- not so good with water
- slow to transport.
The end of the paper era will only come if there is a digital equivalent to paper. I can see a letter sized map with e-Ink/flash/bluetooth succeed eventually to take over a small part of the market. It should at least be able to do the things paper does well, and then add some.
Currently the paperless office only exists on PC's and maybe organizers/cell phones. These devices do have some properties that set them off against the unfavourable parts about paper. But they do not compete on readability, size, weight, cost. As long as this is the case, the paperless office is just a dream.
Automagically, you said it! Besides, it has QtParted with shrink, copy of partitions build in, mounts NTFS (RO if you like) and *if* you use OO.org & thunderbird etc. you can read back all your files. It seems to be way more useful than a XP startup disk. And you can safe your settings as well, all the setup stuff you need to do is saved for that machine.
France? Why go to France? AFAIK, this works as well in Belgium (a country which you can reach in just about 3 hours from anywhere in the Netherlands). Anyway, (again AFAIK) the PIN is encrypted on the magnetic stripe. Not so smart. So it is better than a Credit Card, but not *much* better.
It is only a "fucking article" before someone reads it. After that, it's just "the article".
Or you should push your government to put an environmental tax on it so you can return it to the shop where you bought it. This tax can be used by the manufacturer to dispose or recycle the product. You're going to pay for it one way or the other anyway. Note that this is not hypothetical, in NL (and probably a lot of other European countries) they have such a scheme for electronics already.
Why the hey would you make a scheme on par with mechanical keys if you can do better? And maybe the shape of mechanical keys is also some protection? Most key copiers start out with a basic key and put that further in shape.
Start your engines!
There is a difference between releasing new software and bugfixes/security fixes. The first one I have no problem paying for (although I'd rather not). The second one I have a big problem with, since bugfixes are fixes on something that should have worked to begin with, and the second one poses a security risks. I also abhor companies that make hundreds of tiny changes and charge for that, new versions (for which you should pay for) should be significantly different from the previous versions.
Anyway I am happily running a lot of OS software on Windows on my client PC (including an X server) and running everything else on my Linux server. The only software I pay for are the OS (excluding MS office and everything else) and entertainment. That way I don't need Linspire - which is good, since most copies don't equal the original.
Knoppix seems to solve that by putting things in parentheses. Since it is basically a "install once" thingy, I would have preferred it the other way around, and more grouped. But the good thing is is that you get both the name of the application and the type of program.
There is a difference here. I have seem lots of URL's in the game to their makers. Most of the times, these games have been bought and distributed by someone else. There is no way of knowing if the burger shop payed the man writing the game. There is the credit in writing the game as well as hosting the game. Not that I agree on his actions though. He should have just contacted them and come to an agreement. Maybe even making some money out of it.
I love hotlinks. They make the life of Addblocker much easier :)
What kind of information were you trying to get playing burger games? This is entertainment. You propose making hollywood movies free as well?
No I don't think that that displayed link was giving credit. It's in the game itself so Fuddruckers is not giving credit to anyone. If they would have bought the game, that link would have been the same. Then again, I would have been mightely anoyed to skip through some bullshit "credit" pages before starting the game.
...if you talk one breed of programmer that will *never* switch to Linux, it's probably them. I don't know a single VB developer that does anything outside of Windows.
:)
Lets just hope they jump ship to C# or Java instead. Lets do away with those compatibility issues. Arrays start at 0, hurray
VIA EPIA and see link above for normal PC. Sigh.
Back in the old DOS days, a neighbour of mine worked with the police. He was working in Amsterdam (together with 10.000nds of other law inforcers). He was one of the more knowledgable computer users there. His idea of securing files was enabling the "hidden" attribute. I kid you not.
That said, they were so smart to not have a network to their most sensitive network however.
Yeah, well, Windows or Linux is not so much a trusted platform in that sense. A trojan could also listen for passwords, or just run parts of the browser to get to the stored cache. And we seem to be talking about offline investigations here.
What if the other party is not your car? Someone walks past your desk, puts your key in a cheapo copy device and the drive will fill it no questions asked? What kind of scheme is that?
Yeah, well, they also call this OAEP (a padding scheme which uses hash functions as well as a random) it seems. Obviously you should keep yourself as much as possible to cryptographic standards. Only a fool would create his own scheme for something like this. If I remember correctly, Schneider (the author of the book) himself has said something similar.
As another contributer wrote, it is probably easier to keep to symetric cryptography.
Yep, that would work. As long as the keys are safe, you wouldn't want anyone be able to copy the keys. Besides stealing the car, their would be no prove that someone did not have access granted or not (fraud).
The protocol is not that much of an issue (as long as it is chosen with care). The other practical considerations are much more important. Even RSA processors are not that expensive anymore, but I agree that it would be overkill for this kind of "problem".