Have you ever tried typing anything in the air? It's not a fun experience at all. Your fingers are just waiting for something to hit. Also, the later touch screens to have tactile feedback. E.g. my android phone is using the buzzer as a soft, fast tactile feedback. I can't see that happening with a table turned keyboard.
If I don't use my mouse, my wrists do no moving at all to type, although I am using keyboards that place the keys in the direction of my fingers (including differently sized keys). I've considered lots of options to get even better protection from RSI, but I'm sure that air-keyboards are not the answer. Maybe I'll go and tame a Dragon instead.
Me too, but they are very nice on a phone, where you cannot really type normally anyways (well, unless you are a true phone junkie I suppose). Keyboards will type slightly easier, but they take up space, cost money and - in my experience - will break down.
I explicitly bought a 13.3 inch laptop (Lenovo keyboard, love it except for the Fn key) instead of a netbook just for this reason. It has a keyboard that uses up most of the space and has great tactile feedback, is quiet and does not "hide" the space bar (putting it too deep, so that you will have to tilt your thumb to use it). It is water-proof to top it off. Personally I hate noisy keyboards, keyboards with lots of travel and keyboards that are tilted towards you. I use a MS "smiley" keyboard at home and a MS natural 4000 at work on a specially lowered desk (with hight adjustable non-reflective monitors to make sure my eyes are not strained any further).
Model M is not something for me... And anybody using such a keyboard or DAS keyboard will get complaints from me. The natural keyboards are noisy enough, the DAS makes a very high pitched noise that is nigh impossible to ignore.
The article you link to says that touch-screens are killed as a mainstream input device. WTF was I using to buy transport tickets from today? How did I manage to call anybody with my Android phone? OK, those screens are all tilted, and they use *buttons* and no idiot is so stupid to let the user control a mouse pointer with a screen anymore. But this Gorilla surely has learned to use touch screens (and would love to have a high res drawing device).
You seriously don't want to do that, unless you want to end up with my hand condition - ultra-dry hands, basically. They are a bit fatty for a darn good reason. Even *optical* fingerprint readers sometimes fail to find my print. If it gets really dry outside, the skin on my hands begins to break down.
Besides, there is no such thing as a completely clean skin - unless you want it to stop regenerating?
And you conclude this from the article? I think that the article is idiotically biased, not Slashdot. Notice also how they even enlist the help of his former friends to go out of the way of making him an example. If there is anything evil going on, it is the state and casino's conspiring against one of their citizens. Even if he's guilty of anything, their behavior is way worse than his.
The difference being that winning jackpots isn't illegal like the other practices you mention. I've also got a bit of an issue with "false jackpots". I've unfortunately never encountered one, and I'll be damned if I am going to use that term *ever*.
I've found out that it is amazing how fast programmers-turned-managers can forget how quickly something can become hard.
I've just had to do a bit of programming, but I had to get a new IDE/API first. It turned out that required a newer version of Eclipse, so I started to convert parts of my old workspace to this new version. Zap, half a day gone. Add a few network issues, a McAfee that inserts minutes into every edit, a new-year speech of the CEO, a few issues around other software packages....
Yeah, the update just takes half an hour. Getting it done can still take a week. Maybe those hours are not all spent on the project, but they take away time none-the-less. If you ever get a project manager that does not understand software time tables, hide, move or - if possible - get him of the project!
Other programmers often understate things too, but they can be worked around. If they are really irritating, give them the job. If they perform well, great. I'm not afraid of programmers that perform better than I do. If not, they've learned a good lesson. Beware design and code quality though.
Well, if you work in a managed software environment you get things like memory protection, where you can't do pointer arithmetic and have to be in bounds. That kind of work more or less requires a VM, which incorporates a slow down - or at least a latency issue.
If you have things like reflection, you need to store the method names and class names in memory. You get great stack traces in return if you ever run into trouble when you are in production in return.
If you use unbounded integers (ones that don't round robin you into trouble) then your software will need to grow them and perform additional commands to make everything work.
If you have modules, you will need to load them separately. If you have modules and services you will have to verify, load and start them.
More secure software does mean overhead, although a well designed application should behave slower, but not *exponentially* slower. So we should be alright.
And you are wrong: software is much more functional and reliable nowadays, we just tend to forget the mistakes from the past and substitute a better yesterday in return. We *could* do much much better though.
I could see this being used by a driver model. A generic driver is present that is able to reprogram the FPGA. Specialized or even derived drivers use the - now static - set of functionality. This could allow you to create generic purpose CPU's that can still be tweaked for certain tasks. It would also allow for upgrades of the algorithms being implemented. Symmetric cryptography and encoding/decoding would be obvious choices.
If updating the FPGA is really slow, I would not try and let applications change the functionality of the FPGA - nobody would like to have slow context switches, whatever the CPU is used for.
Of course, that joke is only funny for small sets of small random numbers. There are plenty good tests for large quantities of random numbers - an entire NIST suite for starters. The chance of one of these large nonces repeating is about the same as an attacker guessing the private key in a single go.
I think the xkcd version of the joke - used in the failOverflow presentation - is even funnier.
Almost right, it was the random nonce required for the signature generation that allowed them to calculate the private keys, not the key seed. Well, *almost* random nonce (number used once) in this case, I suppose.
The FIPS documents state that you may generate the nonce in advance. This is a bit tricky since you should still generate a new one for each signature. They really should rephrase that paragraph.
Generating the nonce in advance just allows for lower latency if you have a slow random number generator.
It does so while giving you false information. Believe me, those kind of robbers are as common as the one that are breaking down your door, and can actually do way more damage. Or are you claiming that everybody that knocks on your door (or better, some unsuspecting elderly person) is to be trusted?
Android is not Windows. App stores / package stores are much less susceptible to malware than each application having its own download/install/update mechanism. Beside that, Android apps play in a sandbox, and if you want to break out of that, you will have to inform the user. Of course, if you install apps using unsigned code from an unverifiable location and ignore all the permissions you have to grant...
Mweh, I haven't had much need to go outside the Google Market to be honest. If I did, it was for some demo code or specialized geeky application which I don't think they will ever target. I don't think most people will visit such sites or share apps with friends (I get loads of tips on apps, but they are by name only, and I look them up / check them out in the Google Market myself). I cannot see anybody visiting Chinese app stores unless they are linked up with them by a Chinese provider.
If the software tries to send information without explicit consent from the user in one way or another, it's malware. Some of that information may be implicit (e.g. pointing out updates, retrieving news for a news application, sharing high-scores for games). Sending out personal information while the application is not meant for that information to be send is clearly malicious. If a program is designed to send information maliciously, isn't it malware (== malicious software) by definition?
They actually *say* that they have got the private key at 8:10 in the video. Is every mod here so stupid that they don't watch the actual presentation. I guess they are.
Mod AC up, I've checked after watching the YouTube video (just to be absolutely sure), and this seems to be the case.
Although it *is* an epic fail, you may argue the safety of the EC algorithm if your RNG fails for signature generation. That is a safety catch that is not present for RSA. So watch out you kids, don't forget to use secure RNG's.
So yes, they have the private key(s) because of a bug in their signature generation implementation. They probably used a software package instead of a HSM (hardware security module), which they should have used.
Mod AC up, I've checked after watching the YouTube video (just to be absolutely sure), and this seems to be the case.
Although it *is* an epic fail, you may argue the safety of the EC algorithm if your RNG fails for signature generation. That is a safety catch that is not present for RSA. So watch out you kids, don't forget to use secure RNG's.
So yes, they have the private key(s) because of a bug in their signature generation implementation. They probably used a software package instead of a HSM (hardware security module), which they should have used.
Slashdot Mirror
I don't think it would work, but what's keeping you from developing a prototype? Buy one or two iPads and get to work!
Personally I see more in an evolution in keyboards that bring some small changes from Dvorak and possibly chord keyboards (among others).
Have you ever tried typing anything in the air? It's not a fun experience at all. Your fingers are just waiting for something to hit. Also, the later touch screens to have tactile feedback. E.g. my android phone is using the buzzer as a soft, fast tactile feedback. I can't see that happening with a table turned keyboard.
If I don't use my mouse, my wrists do no moving at all to type, although I am using keyboards that place the keys in the direction of my fingers (including differently sized keys). I've considered lots of options to get even better protection from RSI, but I'm sure that air-keyboards are not the answer. Maybe I'll go and tame a Dragon instead.
Me too, but they are very nice on a phone, where you cannot really type normally anyways (well, unless you are a true phone junkie I suppose). Keyboards will type slightly easier, but they take up space, cost money and - in my experience - will break down.
I explicitly bought a 13.3 inch laptop (Lenovo keyboard, love it except for the Fn key) instead of a netbook just for this reason. It has a keyboard that uses up most of the space and has great tactile feedback, is quiet and does not "hide" the space bar (putting it too deep, so that you will have to tilt your thumb to use it). It is water-proof to top it off. Personally I hate noisy keyboards, keyboards with lots of travel and keyboards that are tilted towards you. I use a MS "smiley" keyboard at home and a MS natural 4000 at work on a specially lowered desk (with hight adjustable non-reflective monitors to make sure my eyes are not strained any further).
Model M is not something for me... And anybody using such a keyboard or DAS keyboard will get complaints from me. The natural keyboards are noisy enough, the DAS makes a very high pitched noise that is nigh impossible to ignore.
The article you link to says that touch-screens are killed as a mainstream input device. WTF was I using to buy transport tickets from today? How did I manage to call anybody with my Android phone? OK, those screens are all tilted, and they use *buttons* and no idiot is so stupid to let the user control a mouse pointer with a screen anymore. But this Gorilla surely has learned to use touch screens (and would love to have a high res drawing device).
"Your *proposal* is acceptable"
There is this thing called Google, you can use it to fireproof your movie quotes.
You seriously don't want to do that, unless you want to end up with my hand condition - ultra-dry hands, basically. They are a bit fatty for a darn good reason. Even *optical* fingerprint readers sometimes fail to find my print. If it gets really dry outside, the skin on my hands begins to break down.
Besides, there is no such thing as a completely clean skin - unless you want it to stop regenerating?
And you conclude this from the article? I think that the article is idiotically biased, not Slashdot. Notice also how they even enlist the help of his former friends to go out of the way of making him an example. If there is anything evil going on, it is the state and casino's conspiring against one of their citizens. Even if he's guilty of anything, their behavior is way worse than his.
The difference being that winning jackpots isn't illegal like the other practices you mention. I've also got a bit of an issue with "false jackpots". I've unfortunately never encountered one, and I'll be damned if I am going to use that term *ever*.
I've found out that it is amazing how fast programmers-turned-managers can forget how quickly something can become hard.
I've just had to do a bit of programming, but I had to get a new IDE/API first. It turned out that required a newer version of Eclipse, so I started to convert parts of my old workspace to this new version. Zap, half a day gone. Add a few network issues, a McAfee that inserts minutes into every edit, a new-year speech of the CEO, a few issues around other software packages....
Yeah, the update just takes half an hour. Getting it done can still take a week. Maybe those hours are not all spent on the project, but they take away time none-the-less. If you ever get a project manager that does not understand software time tables, hide, move or - if possible - get him of the project!
Other programmers often understate things too, but they can be worked around. If they are really irritating, give them the job. If they perform well, great. I'm not afraid of programmers that perform better than I do. If not, they've learned a good lesson. Beware design and code quality though.
Well, if you work in a managed software environment you get things like memory protection, where you can't do pointer arithmetic and have to be in bounds. That kind of work more or less requires a VM, which incorporates a slow down - or at least a latency issue.
If you have things like reflection, you need to store the method names and class names in memory. You get great stack traces in return if you ever run into trouble when you are in production in return.
If you use unbounded integers (ones that don't round robin you into trouble) then your software will need to grow them and perform additional commands to make everything work.
If you have modules, you will need to load them separately. If you have modules and services you will have to verify, load and start them.
More secure software does mean overhead, although a well designed application should behave slower, but not *exponentially* slower. So we should be alright.
And you are wrong: software is much more functional and reliable nowadays, we just tend to forget the mistakes from the past and substitute a better yesterday in return. We *could* do much much better though.
smart != wise & smart != powerful
I could see this being used by a driver model. A generic driver is present that is able to reprogram the FPGA. Specialized or even derived drivers use the - now static - set of functionality. This could allow you to create generic purpose CPU's that can still be tweaked for certain tasks. It would also allow for upgrades of the algorithms being implemented. Symmetric cryptography and encoding/decoding would be obvious choices.
If updating the FPGA is really slow, I would not try and let applications change the functionality of the FPGA - nobody would like to have slow context switches, whatever the CPU is used for.
The summary is right, the planets probably don't have any telescopes on them. I wonder how he found out even with a telescope though.
Of course, that joke is only funny for small sets of small random numbers. There are plenty good tests for large quantities of random numbers - an entire NIST suite for starters. The chance of one of these large nonces repeating is about the same as an attacker guessing the private key in a single go.
I think the xkcd version of the joke - used in the failOverflow presentation - is even funnier.
Almost right, it was the random nonce required for the signature generation that allowed them to calculate the private keys, not the key seed. Well, *almost* random nonce (number used once) in this case, I suppose.
The FIPS documents state that you may generate the nonce in advance. This is a bit tricky since you should still generate a new one for each signature. They really should rephrase that paragraph.
Generating the nonce in advance just allows for lower latency if you have a slow random number generator.
So changes to the kernel have to be accompanied by the source code, possibly on request.
It does so while giving you false information. Believe me, those kind of robbers are as common as the one that are breaking down your door, and can actually do way more damage. Or are you claiming that everybody that knocks on your door (or better, some unsuspecting elderly person) is to be trusted?
Android is not Windows. App stores / package stores are much less susceptible to malware than each application having its own download/install/update mechanism. Beside that, Android apps play in a sandbox, and if you want to break out of that, you will have to inform the user. Of course, if you install apps using unsigned code from an unverifiable location and ignore all the permissions you have to grant...
Mweh, I haven't had much need to go outside the Google Market to be honest. If I did, it was for some demo code or specialized geeky application which I don't think they will ever target. I don't think most people will visit such sites or share apps with friends (I get loads of tips on apps, but they are by name only, and I look them up / check them out in the Google Market myself). I cannot see anybody visiting Chinese app stores unless they are linked up with them by a Chinese provider.
If the software tries to send information without explicit consent from the user in one way or another, it's malware. Some of that information may be implicit (e.g. pointing out updates, retrieving news for a news application, sharing high-scores for games). Sending out personal information while the application is not meant for that information to be send is clearly malicious. If a program is designed to send information maliciously, isn't it malware (== malicious software) by definition?
They actually *say* that they have got the private key at 8:10 in the video. Is every mod here so stupid that they don't watch the actual presentation. I guess they are.
Mod AC up, I've checked after watching the YouTube video (just to be absolutely sure), and this seems to be the case.
Although it *is* an epic fail, you may argue the safety of the EC algorithm if your RNG fails for signature generation. That is a safety catch that is not present for RSA. So watch out you kids, don't forget to use secure RNG's.
So yes, they have the private key(s) because of a bug in their signature generation implementation. They probably used a software package instead of a HSM (hardware security module), which they should have used.
[post 5, isn't this fun]
Mod parent down, they *DO* have the private key. It's the K that they solve using the calculation in the presentation for gods sake.
Mod AC up, I've checked after watching the YouTube video (just to be absolutely sure), and this seems to be the case.
Although it *is* an epic fail, you may argue the safety of the EC algorithm if your RNG fails for signature generation. That is a safety catch that is not present for RSA. So watch out you kids, don't forget to use secure RNG's.
So yes, they have the private key(s) because of a bug in their signature generation implementation. They probably used a software package instead of a HSM (hardware security module), which they should have used.
[try #4, slashdot broken it seems]