I could see doing it in front of a bunch of people that were explicitly there for a sex show or something but not in front of a bunch of fellow tech dorks there for a tech show.
I have no problem with my girlfriend doing a lap dance for me. I like it and I would even do it in front of people in the right situation (see above). I don't mind one bit all the guys drooling over a girl that is with me.
Frankly strippers and the like do absolutely nothing for me. They are not attractive in the least. They epitomize the superficial fake world that many people live in. They are payed to dance on you, they don't want to be with you, it's all lies and that is a huge turnoff. To put it another way: I care about content and quality, not presentation. Be we know what side you fall on.:)
Who the hell would want a lap dance on a stage in front of tons of people. That would be awkward and unpleasant even if you liked lap dances from strangers (rubbing their diseases all over you, heh).
Also, cosmic rays and such can screw up memory if they happen to pass through the chip.
Besides that there are bad components on the motherboard that can affect memory as well. Bad capacitors, power regulators, defective interconnects. Lots and lots of things can cause memory errors.
In the end I broke down and now and ordering three systems worth of parts from Newegg, which, of course, satisfies my inner geek but has lead to significant delays in getting the hardware I need.
Probably going to be more delayed than you think. I wouldn't scratch build systems that I needed "right now." Doing that for one system might be OK but I'll hazard a guess and say that you have about a 25% chance of failed parts for each system you build. In your case that would mean you have about a 75% of getting bad parts. That means RMA delays, etc.
On top of that you damn well better hope all the parts you got work nicely together. Any time you build something from scratch there is a chance of things not working well together, especially since the hardware is always changing which makes it nearly impossible to get proven stuff unless you have already built a bunch of systems recently... Whether it be OS, driver/software incompatibility or just plain hardware compatibility problems, it can be frustrating when using unproven parts.
I always build my own systems but I can't deny the worth of having an integrated and tested machine. I put up with a lot of crap to have my personally built machines.
Indeed. I cut my Internet teeth watching 1200 baud data flow in KA9Q NOS via packet radio. It was so slow and synchronous that you could really examine each packet as you were doing stuff, taught me way more about networking than any book.
I don't know. I fear pain more than death. I think that is true for most people in fact. Generally dying is going to be quite painful so that's the real fear, not necessarily the death part.
So if you're facing a long painful death, suicide probably looks pretty attractive for most anyone I bet.
I think you need to read the article again. This doesn't bypass TrueCrypt's security. If you steal the computer you can't use this technique to get at the encrypted data. This attack needs the person to enter their password to decrypt the volume.
I think the only presumption is that for some reason people think someone can't install anything on their computer just because the entire drive is encrypted. That logic is flawed because there is still plenty of unencrypted code that must be run to bootstrap the machine. This attack uses the boot sector but there is also a TrueCrypt bootloader that runs and various other things that could be installed to get the user's password (eg. hardware keylogger).
In short, if anyone ever has physical access to your machine then you're screwed, doesn't matter if your whole drive is encrypted. That is common knowledge though.
So yeah, if someone is running live software on your machine then there isn't much you can do. If there is decrypted data then it's essentially available to anything on the machine.
I mean if you're going to do this you could just modify the TrueCrypt code (bootloader in this case) itself to do what you want.
That's not completely true. If you can verify and trust who signed the cert then that will guarantee who you're talking to. This could be a self-signed cert or anything really but you have to be able to know 100% that the cert you're trusting is the correct one (this would be establishing the initial trust). Once you trust it then if someone tries a MITM attack you will get a warning, a real warning that you should not ignore.
The board of the non-profit has now passed a resolution that we will never do any business with Wells Fargo ever again, nor will we maintain a bank account with Bank of America or any other bank that accepted TARP funds.
Anyone know of a good mortgage company that did not accept bailout funds? Bank of America bought my mortgage company and I want to switch to someone else. I have been looking around but I don't know which companies suck.
Partly but that doesn't explain it all. It's very easy to bind to other libraries in Lua. It's almost fun actually, which causes some problems because there are often multiple bindings available for the same library, but I digress.
I think the real issue is that Lua is relatively "new." Now I know Lua has been around a long time but it really wasn't until it hit version 4 or 5 that it started to shine and version 5 has only been around for 6 years.
Lua is an absolutely wonderful environment to work in. It's tiny, simple, fast (for a scripting language) and powerful all rolled up into one. Like I said, extending the language and binding to binaries so simple that it's almost fun and it's so easy to embed in other applications.
I actually thought it had been renewed for another season, oh well.
I ignored the "Terminator" part of the show and let it stand on its own. From that standpoint it was OK. Certainly better than all the "Ow, my balls!" crap on TV and at least the show progressed, unlike some others (*cough* Lost).
It may be available but it doesn't work. I believe the problem is due to Java being 64-bit and the PC/SC system being 32-bit (or vice versa, I can't remember). Snow Leopard is suppose to be "more" 64-bit so we'll have to see.
Try to run a Java 6 compiled applet in Apple's Java 5 JVM (ie. run a Java 6 applet on a default install of OSX). Especially in Safari... It might depend on the particular pieces you are importing but in my experience very bad stuff happens when you do this (like the application freezing dead).
On top of that, Safari's integration with Java is flakey as hell. For example, try passing a JSObject from Javascript into an applet and then call from Java into that object. It works on most every single system I have tested except Safari which gets a null pointer exception. Of course the whole JSObject integration in general is kind of flakey. Just now Firefox on Linux blew up when I tried to do a JSObject.call with the first parameter set to null. Firefox exploded. Yeah, real safe programming you guys are doing...
The one that affects me most is the missing javax.smartcardio. I'm actually not sure what else is missing (if anything).
Not that it matters a whole lot because I have found Java to be somewhat unstable on OSX anyway. I have an applet that will freeze any application running the JVM solid (eg. Safari or standalone). The app won't even be able to be killed with "-KILL" and makes it difficult to even reboot the machine which is the only way to recover.
I didn't realize that about the older macs. That sucks. Now I'm reconsidering my choice to use Java instead of normal browser plugins.
Well Java Cards have been around for a little more than 12 years which means you would have been a neophyte and I'm sure you will agree with me that beginners in this field have a huge learning curve.
You're not going to find it in the documentation. Like I said, it's not publicized because obviously this is not something the manufacturers want people to know about. There are two ways I usually find out about this. One is when I'm working for the hardware manufacturer and I get to see the details at the lowest level. The other is when I have problems with a card and the manufacturer ends up needing to give me tools that do stuff to the card that should not be possible. In general though you won't find many people that know about this stuff.
I'm afraid you'll have to take my word for it because I'm bound by NDA for anything more specific. Or don't take my word for it. I don't care really, it just secures my job position that much more.;)
Well, these are off-the-shelf cards, so if there are back doors, they're already there. That has nothing to do with this protocol.
Uh yeah, I think we have established that. It was the whole point of my post.
Also, it's not really accurate to say that Javacards have a "back door if you know the keys". They're delivered from the manufacturer with an initial key set, which is generally swapped out for new, randomly-generated keys by the card issuer.
I wasn't talking about the issuer keys. There are more keys that let you in to other levels of the card hardware. This is not generally publicized and the only reason I know about it is because of how long I have been working in this field. Now this may not be true of all Java Cards but it is for every one I have seen.
In this particular case the risk of a backdoor is going to be in the hardware. That is, the smartcard itself. You can't easily look in there and see what's going on.
Their specification indicates they are using Java Cards and most if not all Java Cards do in fact have a backdoor if you know the keys. Often these keys are embedded in the card's firmware and can't be changed. They are designed to allow easy mass production and personalization and are generally only available to the manufacturer (or I assume other interested parties such as the government). Now it could be that they are using cards I have not seen before but that's unlikely.
The main problem is that you have no idea what's in the card's firmware or how the hardware is put together. It's up the card manufacturer to determine that. A government could easily get them to install keys that are only available to law enforcement or whatever.
Don't get me wrong, it can be done right and secure but right now it's hard to tell if the cards are free of backdoors.
1993 386DX40 4 MB of very expensive RAM 345 MB Maxtor hard-drive Stack of floppies that had been downloaded over BBS/FidoNet with a 14.4 kbps telephone modem Linux kernel version was something like 0.97 or so.
I'm not sure if my first try was with Slackware, SLS, or who knows what.
It was at that time that I fell in love with the UNIX way of doing things. It was like an OS written just for programmers.
That has way too much overhead. Writing to flash memory is slow as hell, then you have to encrypt the contents as well which is a CPU-heavy task. Now multiply that by millions of customers. Think of all the equipment maintenance, power consumption, support staff. That eats straight into your profits and ends up costing more than whatever loss there is from doing it the normal way.
I don't run Windows because it doesn't do what I want an OS to do. All the security flaws, DRM, and who knows what. It's too hard to know what's under the covers. The stupid DRM activation crap prevents me from changing my hardware too often or easily migrating my install on a whim. I'm a developer, I need that flexibility.
It's not about being comfortable. It's about using an OS that works with me and not against me.
I do run Windows, I run it all the time in fact, but only in a VM. Same goes for OS X. See, I still get to stay on top of all the new developments, various OS's, and development on them. I just run them on top of my powerful, stable, secure primary OS that does what I want and I don't have to worry about it.
Linux has been my primary OS for more than 15 years and it's going to stay that way for as long as I can see. The only OS I would consider switching to would be one of the BSD's (in order to get ZFS) but only if it is able to run the current version of VMware and currently that is not the case.
Those games are pretty slow. UT2004 is kinda fast but still not up the twitch action in Quake 3 (or Quake 2 for that matter).
Back when I played those games my vision and reflexes were enhanced very noticeably. While driving especially I noticed that I could see even the tiniest thing moving or various things that caught be attention. My favorite trick was to grab flies straight out of the air with my hands. It always impressed people. When I stopped playing as much I pretty much lost that ability completely after a few months.
Ya, me too. I remember compiling those kernels on a 386DX40 (with math coprocessor! lol). I had 4 MB of RAM which cost more than $300 back then due to the shortages, what a ripoff (but necessary to play Doom). It took about 45 minutes to compile even though the source base was tiny compared to what it is now. I also ran X11 just fine even though the "minimum" RAM was 8 MB.
I don't have that computer any more but I still use the monitor in my server room and the 345 MB Maxtor HD from that machine still works. That drive also cost more than $300... $1 per megabyte, crazy.
Slashdot Mirror
SVG has a font mechanism that seems perfect for this (including compression).
Why are they inventing something new?
I could see doing it in front of a bunch of people that were explicitly there for a sex show or something but not in front of a bunch of fellow tech dorks there for a tech show.
I have no problem with my girlfriend doing a lap dance for me. I like it and I would even do it in front of people in the right situation (see above). I don't mind one bit all the guys drooling over a girl that is with me.
Frankly strippers and the like do absolutely nothing for me. They are not attractive in the least. They epitomize the superficial fake world that many people live in. They are payed to dance on you, they don't want to be with you, it's all lies and that is a huge turnoff. To put it another way: I care about content and quality, not presentation. Be we know what side you fall on. :)
Who the hell would want a lap dance on a stage in front of tons of people. That would be awkward and unpleasant even if you liked lap dances from strangers (rubbing their diseases all over you, heh).
Ever heard of Tin Whiskers?
Also, cosmic rays and such can screw up memory if they happen to pass through the chip.
Besides that there are bad components on the motherboard that can affect memory as well. Bad capacitors, power regulators, defective interconnects. Lots and lots of things can cause memory errors.
In the end I broke down and now and ordering three systems worth of parts from Newegg, which, of course, satisfies my inner geek but has lead to significant delays in getting the hardware I need.
Probably going to be more delayed than you think. I wouldn't scratch build systems that I needed "right now." Doing that for one system might be OK but I'll hazard a guess and say that you have about a 25% chance of failed parts for each system you build. In your case that would mean you have about a 75% of getting bad parts. That means RMA delays, etc.
On top of that you damn well better hope all the parts you got work nicely together. Any time you build something from scratch there is a chance of things not working well together, especially since the hardware is always changing which makes it nearly impossible to get proven stuff unless you have already built a bunch of systems recently... Whether it be OS, driver/software incompatibility or just plain hardware compatibility problems, it can be frustrating when using unproven parts.
I always build my own systems but I can't deny the worth of having an integrated and tested machine. I put up with a lot of crap to have my personally built machines.
Indeed. I cut my Internet teeth watching 1200 baud data flow in KA9Q NOS via packet radio. It was so slow and synchronous that you could really examine each packet as you were doing stuff, taught me way more about networking than any book.
I don't know. I fear pain more than death. I think that is true for most people in fact. Generally dying is going to be quite painful so that's the real fear, not necessarily the death part.
So if you're facing a long painful death, suicide probably looks pretty attractive for most anyone I bet.
I think you need to read the article again. This doesn't bypass TrueCrypt's security. If you steal the computer you can't use this technique to get at the encrypted data. This attack needs the person to enter their password to decrypt the volume.
I think the only presumption is that for some reason people think someone can't install anything on their computer just because the entire drive is encrypted. That logic is flawed because there is still plenty of unencrypted code that must be run to bootstrap the machine. This attack uses the boot sector but there is also a TrueCrypt bootloader that runs and various other things that could be installed to get the user's password (eg. hardware keylogger).
In short, if anyone ever has physical access to your machine then you're screwed, doesn't matter if your whole drive is encrypted. That is common knowledge though.
So yeah, if someone is running live software on your machine then there isn't much you can do. If there is decrypted data then it's essentially available to anything on the machine.
I mean if you're going to do this you could just modify the TrueCrypt code (bootloader in this case) itself to do what you want.
Kind of "duh" story if you ask me.
Certs never guarantee who you're talking to
That's not completely true. If you can verify and trust who signed the cert then that will guarantee who you're talking to. This could be a self-signed cert or anything really but you have to be able to know 100% that the cert you're trusting is the correct one (this would be establishing the initial trust). Once you trust it then if someone tries a MITM attack you will get a warning, a real warning that you should not ignore.
I'm curious what you pay for your power. You say it saves you money (however small) but what are you comparing it to?
My power is supplied by a nuclear plant about 15 miles from here. My power averages $0.08 per kWh. Where do you fall?
The board of the non-profit has now passed a resolution that we will never do any business with Wells Fargo ever again, nor will we maintain a bank account with Bank of America or any other bank that accepted TARP funds.
Anyone know of a good mortgage company that did not accept bailout funds? Bank of America bought my mortgage company and I want to switch to someone else. I have been looking around but I don't know which companies suck.
Partly but that doesn't explain it all. It's very easy to bind to other libraries in Lua. It's almost fun actually, which causes some problems because there are often multiple bindings available for the same library, but I digress.
I think the real issue is that Lua is relatively "new." Now I know Lua has been around a long time but it really wasn't until it hit version 4 or 5 that it started to shine and version 5 has only been around for 6 years.
Lua is an absolutely wonderful environment to work in. It's tiny, simple, fast (for a scripting language) and powerful all rolled up into one. Like I said, extending the language and binding to binaries so simple that it's almost fun and it's so easy to embed in other applications.
Lua is what Javascript should have been.
I actually thought it had been renewed for another season, oh well.
I ignored the "Terminator" part of the show and let it stand on its own. From that standpoint it was OK. Certainly better than all the "Ow, my balls!" crap on TV and at least the show progressed, unlike some others (*cough* Lost).
It may be available but it doesn't work. I believe the problem is due to Java being 64-bit and the PC/SC system being 32-bit (or vice versa, I can't remember). Snow Leopard is suppose to be "more" 64-bit so we'll have to see.
Try to run a Java 6 compiled applet in Apple's Java 5 JVM (ie. run a Java 6 applet on a default install of OSX). Especially in Safari... It might depend on the particular pieces you are importing but in my experience very bad stuff happens when you do this (like the application freezing dead).
On top of that, Safari's integration with Java is flakey as hell. For example, try passing a JSObject from Javascript into an applet and then call from Java into that object. It works on most every single system I have tested except Safari which gets a null pointer exception. Of course the whole JSObject integration in general is kind of flakey. Just now Firefox on Linux blew up when I tried to do a JSObject.call with the first parameter set to null. Firefox exploded. Yeah, real safe programming you guys are doing...
The one that affects me most is the missing javax.smartcardio. I'm actually not sure what else is missing (if anything).
Not that it matters a whole lot because I have found Java to be somewhat unstable on OSX anyway. I have an applet that will freeze any application running the JVM solid (eg. Safari or standalone). The app won't even be able to be killed with "-KILL" and makes it difficult to even reboot the machine which is the only way to recover.
I didn't realize that about the older macs. That sucks. Now I'm reconsidering my choice to use Java instead of normal browser plugins.
The result? PPC Macs are stuck on Java 1.5; Intel Macs have outdated, slow, and exploit vulnerable Java 1.6...
Not only that but the Java "1.6" they support isn't the full version, it's missing all sorts of API's that are in the Sun version.
I'm not a huge Java fan but I wish Apple would step up their Java support. I hear rumors that Snow Leopard will contain the full Java 1.6 from Sun.
Well Java Cards have been around for a little more than 12 years which means you would have been a neophyte and I'm sure you will agree with me that beginners in this field have a huge learning curve.
You're not going to find it in the documentation. Like I said, it's not publicized because obviously this is not something the manufacturers want people to know about. There are two ways I usually find out about this. One is when I'm working for the hardware manufacturer and I get to see the details at the lowest level. The other is when I have problems with a card and the manufacturer ends up needing to give me tools that do stuff to the card that should not be possible. In general though you won't find many people that know about this stuff.
I'm afraid you'll have to take my word for it because I'm bound by NDA for anything more specific. Or don't take my word for it. I don't care really, it just secures my job position that much more. ;)
Well, these are off-the-shelf cards, so if there are back doors, they're already there. That has nothing to do with this protocol.
Uh yeah, I think we have established that. It was the whole point of my post.
Also, it's not really accurate to say that Javacards have a "back door if you know the keys". They're delivered from the manufacturer with an initial key set, which is generally swapped out for new, randomly-generated keys by the card issuer.
I wasn't talking about the issuer keys. There are more keys that let you in to other levels of the card hardware. This is not generally publicized and the only reason I know about it is because of how long I have been working in this field. Now this may not be true of all Java Cards but it is for every one I have seen.
In this particular case the risk of a backdoor is going to be in the hardware. That is, the smartcard itself. You can't easily look in there and see what's going on.
Their specification indicates they are using Java Cards and most if not all Java Cards do in fact have a backdoor if you know the keys. Often these keys are embedded in the card's firmware and can't be changed. They are designed to allow easy mass production and personalization and are generally only available to the manufacturer (or I assume other interested parties such as the government). Now it could be that they are using cards I have not seen before but that's unlikely.
The main problem is that you have no idea what's in the card's firmware or how the hardware is put together. It's up the card manufacturer to determine that. A government could easily get them to install keys that are only available to law enforcement or whatever.
Don't get me wrong, it can be done right and secure but right now it's hard to tell if the cards are free of backdoors.
1993
386DX40
4 MB of very expensive RAM
345 MB Maxtor hard-drive
Stack of floppies that had been downloaded over BBS/FidoNet with a 14.4 kbps telephone modem
Linux kernel version was something like 0.97 or so.
I'm not sure if my first try was with Slackware, SLS, or who knows what.
It was at that time that I fell in love with the UNIX way of doing things. It was like an OS written just for programmers.
That has way too much overhead. Writing to flash memory is slow as hell, then you have to encrypt the contents as well which is a CPU-heavy task. Now multiply that by millions of customers. Think of all the equipment maintenance, power consumption, support staff. That eats straight into your profits and ends up costing more than whatever loss there is from doing it the normal way.
Yeah, not gonna happen.
I don't run Windows because it doesn't do what I want an OS to do. All the security flaws, DRM, and who knows what. It's too hard to know what's under the covers. The stupid DRM activation crap prevents me from changing my hardware too often or easily migrating my install on a whim. I'm a developer, I need that flexibility.
It's not about being comfortable. It's about using an OS that works with me and not against me.
I do run Windows, I run it all the time in fact, but only in a VM. Same goes for OS X. See, I still get to stay on top of all the new developments, various OS's, and development on them. I just run them on top of my powerful, stable, secure primary OS that does what I want and I don't have to worry about it.
Linux has been my primary OS for more than 15 years and it's going to stay that way for as long as I can see. The only OS I would consider switching to would be one of the BSD's (in order to get ZFS) but only if it is able to run the current version of VMware and currently that is not the case.
Those games are pretty slow. UT2004 is kinda fast but still not up the twitch action in Quake 3 (or Quake 2 for that matter).
Back when I played those games my vision and reflexes were enhanced very noticeably. While driving especially I noticed that I could see even the tiniest thing moving or various things that caught be attention. My favorite trick was to grab flies straight out of the air with my hands. It always impressed people. When I stopped playing as much I pretty much lost that ability completely after a few months.
Ya, me too. I remember compiling those kernels on a 386DX40 (with math coprocessor! lol). I had 4 MB of RAM which cost more than $300 back then due to the shortages, what a ripoff (but necessary to play Doom). It took about 45 minutes to compile even though the source base was tiny compared to what it is now. I also ran X11 just fine even though the "minimum" RAM was 8 MB.
I don't have that computer any more but I still use the monitor in my server room and the 345 MB Maxtor HD from that machine still works. That drive also cost more than $300... $1 per megabyte, crazy.