Oh ok, well at the time of some software I wrote a couple of years back you still needed the lisence. Didn't know the patent had expired, but still in the case of this new cryptosystem, I would assume that the patent is newer.
ah, I understand now, I thought when you said release as OSS you were assuming releasing a program that does the same thing without the lisence. Apologies for the misunderstanding, I didn't rightly understand your verbage which is entirely my fault.
didn't mean to be redundant, and it may have clarified for other blockheads like me who read your post wrong, or took the wrong meaning somehow. (I got no sleep last night, so my brain isn't exactly on par at the moment... I neeeeed caffiene)
Agreed, I was just saying comparing the cryptosystem to source code is like comparing the laws of physics to a car. A car uses the laws of physics, but if you could license someone had a patent on the laws of physics, talking about making a cheaper car (aka OSS car) means nothing when the NSA is licensing the laws, not the car.
Ok, ok really really bad analogy, but a lot of people seem to be confusing encryption with software. Software uses encryption, encryption does not use software, it is math, just like 2+2.
They can't whip up their own implementation because its not the software that is lisenced but the algorithms itself. I mean, yes they could whip up an implementation of Certicom's ECC and distribute the software, but that would be illegal. Its not a software patent, its a patent on the mathematics behind the software. Just like SSH uses RSA. RSA has a patent, you pay for (or are given rights to) RSA. SSH probably has some license agreement with RSA. RSA gives out license to their cryptosystem pretty freely I think (see a section of the MindTerm license agreement below)
Again let me stress: It's not programming being licesned here. Its a very very difficult to come up with piece of mathematics. OSS or Proprietary implementations of the code would still require a license from Certicom. Now could we put our minds to it and come up with a different type of ECC encryption-possibly, but that takes more mathematics than I have, or most slashdotters probably have. It's the reason people like Rivest, Shamir, and Addlement get payed top dollar, because they are some of the brightest mathematicians in the world, and were able to come up with one simple algorithm (and it is simple) and prove that it was secure. It isn't like solving a programming problem, its completely creating from scratch a new way of doing something, almost reinventing the wheel.
13. RSA LICENSE
MindTerm contains code implementing the RSA algorithm which is patented and subject to licensing in certain countries (e.g. the United States). It is therefore illegal to use MindTerm (for ANY purpose, even non-commercial) without proper licensing from RSA in these countries. We have been in contact with RSA on this matter and might be able to provide a licensed version of MindTerm for non-commercial use, and, for a fee, for commercial use, should we reach an agreement with them. More information will appear here when available.
And in case you are wondering, the base RSA algorithm is simple:
e,n = public key d,n = private key
W = message
W^e mod n = C W = C^d mod n (the equals sign in W = C^... is actually a congruency sign)
See how simple that is? But try to come up with an algorithm of comparable security. I stress again Its not a source (so no OSS) its an algorithm.
I stated this in another post, but I've got a link now:
The NSA is not lisencing software, it is lisencing the right to use Certicom's ECC cryptosystem. Cryptosystems now are usually known even when proprietary to allow mathematicians and cryptographers the ability to test the security of it. (The RSA cryptosystem for instance is thoroughly explained on RSA's web-site, but you would still need a lisence to use the algorithm in a program)
I found a tutorial by Certicom on their ECC cryptosystem here.
PS. I could be wrong, but from the article it seems that "intellectual property" and "This is the first time that the NSA has endorsed any sort of public-key cryptography system." that they are not actually lisencing software but are in fact lisencing the cryptosystem. If I am wrong, I humbly apologize.
In cryptography it's usually not a program that gets lisenced, but an algorithm (or cryptosystem). My guess would be that ECC has the copyright or patent or whatever you get on their algorithm which would make it illegal to write a program using elliptic curve cryptography (or at least their algorithm) without permission from the company. I once wrote a project that used the RSA cryptosystem for education purposes and I had to obtain permission from RSA legal to use the cryptosystem. (However it might be public now...)
Also between AES and ECC. My guess would be ECC is much more secure than AES. If a 512-bit key for ECC is the equiv of a 15360-bit key in RSA that sounds extremely secure. As far as the last time I checked a 4096-bit RSA key was virtually unbreakable in any normal time span by even the fastest supercomputers built.
Finally what the other replies to your question have been, about comparing apples and oranges: AES is a symmetrical key, meaning, the key that encrypts also decrypts.
Public/Private Key encryption deals with two keys, the public key is freely available to anyone becuase when a message is encrypted with the public key it can not be decrypted with the public key. It must be decrypted with the private, or secret key.
Anaconda is really easy to use (I use RedHat). To me PickAx is the coolest part of Progeny's project (because I use redhat and not debian.) From my understanding (very limited) it would allow me to create my own linux distribution based on Debian and have anaconda as the graphical installer which is exactly the kind of tool I would love to play with. Does anyone know if this is a correct assumption?
If it's true I could create very specialized linux distributions for the different types of computers desktops/servers/media which would be a fun toy to play with.
What is a subversion repository? And will someone update slashdot when they make the move from internal CVS to comminuty subversion repository? I wan't to get my hands on the code!
agreed, however It seems that the new versions of office throw all those standards out the window. I don't really want to upgrade office, but apparently I won't be able to read documents of those who do upgrade. they decided to rewrite the standard, and throw business owners a curve ball, or am I missing something?
You are right, but show me a perfectly objective forum, and I'll show you a forum that agree's with your viewpoints.
Objectivity is almost impossible-humans are imperfect beings.
First let me say: i was playing devils advocate. I love Java, I don't use PHP. I'm new to Java Databases. I ran the installation stuff for MySQL to Java, it didn't throw any errors, I added the.jar files to my classpath and my IDE's classpath, I ran the above code, and it threw an error that Mysql drivers could not be found. Now I understand that this is because I am ignorant of the process and have probably done something wrong, however I was equally ignorant of the CF process and had no trouble configuring it. Again, I realize that this is because Java is a better/lower-level language than a cute little scripting language like CF (which actually compiles to JSP I think...), but the fact remains that with no experience in either I was able to get CF up in a matter of seconds whereas I now have to go do some reading to figure out how to get Java to connect to the mysql drivers.
Again, I am not trying to step on toes with any of my comments, I just find it interesting to see different sides of the issues, and sometimes that means playing devils advocate. I'm not a fan of PHP, I don't use PHP other than a script or two I wrote to test it. Java is my first love (well ok it somewhat conflicts with C++ but still...) and I choose to program in Java whenever I can (meaning convince those in charge to allow me to, or any time I need something done at home...)
hey! thats cool. I did not know that.
does that mean a function as in a function() as part of a class or by function do you mean like more generic like an entire class file or large chunks of an application?
Re:What about those of us
on
CNet on WinFS
·
· Score: 1
Actually NTFS has built in handling of defragmentation but does not entirely block fragmentation... Yes, its better than FAT32 but it also pads 30% of the disk space. If you put 1GB of data on a 1GB NTFS drive 300 MB will be fragmented. Do your homework before calling someone a retard...
I already wrote one post in favor of PHP. So here is my post in favor of Java. Don't dismiss Java too easily, it has a lot of libraries for doing things that are more difficult to do in Scripting languages...
Anyway I like Java for client side apps, not for applets. I write code on my linux box, and it runs on my MS Laptop and on my Apple Titanium, end of story... The performance boost from C is really neglegable on the client side with computers running as fast as they do today.
I program a number of different languages. Java is my first love, and I know it better than any other, but both PHP and ColdFusion do an excellent job at writing very dynamic web sites. I'm not much of a PHP programmer, only becuase its something I do on my spare time, and not for work (we are a macromedia/windows shop unfortunately:'( ) but at least with CF its much easier to connect to a database than with Java, and I've heard argument that PHP is even better than CF.
Of course in CF, you write custom tags in Java...
Anyway, why write 50 lines of Java when 5 lines of PHP will do?
Re:What about those of us
on
CNet on WinFS
·
· Score: 1
From what I understand, nothing will change in the way data is "stored" from a user standpoint.
C:\myfolder\mydata.data
will remain the same. It's the underpinnings that will change, the way the data is actually physically stored on the disk (disk's do not write the same way your file systems works, in fact they break up files into chunks and throw them all over the disk, that's in part why NTFS needs to be defragged all the time...)
What it will mean, IMHO (and somewhat unknowledgable about fs's), for the end user, is quicker searching of the disk.
I am worried however about the line in the article stating that it "[uses] NTFS...We built on top. NTFS does what it does incredibly well." First off, wasn't Windows ME built 'on top' of previous versions of Windows, and we all know how that turned out... And also NTFS does not do what it does incredibly well, or it wouldn't need to be defragged all the time. Someone needs to disillusion the MS VPs. NTFS does fine, but not outstanding by any stretch of the mind.
I'm curious, what does the new SQL/XML layer mean for applications developers... will it really be that different for us? What if I don't necessarily wan't to use the entirely verbose XML? Or even if I just use [binary encoding] how does adding the XML necessarily make anything better? I use XML where appropriate, mainly for data between apps and web services, but it is by no means an answer to all data storage problems, at least in my opinion.
I don't know a whole lot about different programming techniques on different operating systems, but I do think that programs can be optimized for s certain OS.
All of the programs in the benchmark are natively Windows with the possible exception of Quake III (is that native to Windows or Linux?). Why don't they throw into the mix programs written specifically for Mac that have been ported to PC's? Could the results possible come out differenty?
Apparantly you haven't been a highschool student recently. I am in high school and all last year I opted out of saying the pledge because of West Virginia Board of Education VS. Barnette (1943) because I felt I was being patriotic (exercizing my rights) and idealistic (which was someone silly.) Anyway, I garnered no flak from classmates, I may have been asked once why I didn't say it. Now keep in mind that I respected the flag... I was on my feet, just not reciting the pledge, as is my Constitutional right.
Finally none of my peers care about the pledge, these are high school students, you give them WAY too much credit. If someone doesn't want to say the pledge, nobody cares.
My generation is a post modern one-most of us (not including myself) have fallen to the belief that whatever is right for you is right... patriotism, religion, and morality get brushed away in its wake...
[ps I'll be scared in a year or two when the people I know are voting.]
Lexmark should have been boycotted long before this came out, they are a total scam. I have a lexmark printer, cost about $20 with color and black and white ink. To refill both color and black and white would cost me $80.00! Apparently they are the X-Box of printers, give the expensive stuff away and charge a premium on the cheaper part. Rediculous, I'll buy an HP thank you much.
I believe you, It's probably because I'm a latin student and if virus were a word in Latin, viri would be its plural... I'm ruined for life. I even read things like dividend and pronounce it in my head as (DEE-wah-dend) which would be the proper Latin pronunciation. In other words, I am horrible at English, better at Latin, but good in neither, I guess being fluent in C or Java counts for something though. So I correct my self, viri needs to be changed to viruses. Sorry for the misspellings.
technically, if attacks (hacks) are not targeting the OS there should be a one-to-one ratio of attacks to server OS. If there isn't that would be interesting, I'll look it up later.
I would say there is an important difference between server hacks and viri in that respect. Most people making a virus specifically target windows, while most people hacking a server don't target an OS, but an organization, therefore it is relevant that there are more Linux servers, while the number of MS boxes is not relavent in cases involving virus. The attack focus is different.
Slashdot Mirror
Oh ok, well at the time of some software I wrote a couple of years back you still needed the lisence. Didn't know the patent had expired, but still in the case of this new cryptosystem, I would assume that the patent is newer.
Thanks for pointing that out.
Wasn't Bill Gates Bashing outlook just last week?
I think he called it clunky. Just a thought...
ah, I understand now, I thought when you said release as OSS you were assuming releasing a program that does the same thing without the lisence. Apologies for the misunderstanding, I didn't rightly understand your verbage which is entirely my fault.
didn't mean to be redundant, and it may have clarified for other blockheads like me who read your post wrong, or took the wrong meaning somehow. (I got no sleep last night, so my brain isn't exactly on par at the moment... I neeeeed caffiene)
Agreed, I was just saying comparing the cryptosystem to source code is like comparing the laws of physics to a car. A car uses the laws of physics, but if you could license someone had a patent on the laws of physics, talking about making a cheaper car (aka OSS car) means nothing when the NSA is licensing the laws, not the car.
Ok, ok really really bad analogy, but a lot of people seem to be confusing encryption with software. Software uses encryption, encryption does not use software, it is math, just like 2+2.
They can't whip up their own implementation because its not the software that is lisenced but the algorithms itself. I mean, yes they could whip up an implementation of Certicom's ECC and distribute the software, but that would be illegal. Its not a software patent, its a patent on the mathematics behind the software. Just like SSH uses RSA. RSA has a patent, you pay for (or are given rights to) RSA. SSH probably has some license agreement with RSA. RSA gives out license to their cryptosystem pretty freely I think (see a section of the MindTerm license agreement below)
Again let me stress: It's not programming being licesned here. Its a very very difficult to come up with piece of mathematics. OSS or Proprietary implementations of the code would still require a license from Certicom. Now could we put our minds to it and come up with a different type of ECC encryption-possibly, but that takes more mathematics than I have, or most slashdotters probably have. It's the reason people like Rivest, Shamir, and Addlement get payed top dollar, because they are some of the brightest mathematicians in the world, and were able to come up with one simple algorithm (and it is simple) and prove that it was secure. It isn't like solving a programming problem, its completely creating from scratch a new way of doing something, almost reinventing the wheel.
13. RSA LICENSE
MindTerm contains code implementing the RSA algorithm which is patented and
subject to licensing in certain countries (e.g. the United States). It is
therefore illegal to use MindTerm (for ANY purpose, even non-commercial)
without proper licensing from RSA in these countries. We have been in
contact with RSA on this matter and might be able to provide a licensed
version of MindTerm for non-commercial use, and, for a fee, for commercial
use, should we reach an agreement with them. More information will appear
here when available.
And in case you are wondering, the base RSA algorithm is simple:
e,n = public key
d,n = private key
W = message
W^e mod n = C
W = C^d mod n
(the equals sign in W = C^... is actually a congruency sign)
See how simple that is? But try to come up with an algorithm of comparable security. I stress again Its not a source (so no OSS) its an algorithm.
I stated this in another post, but I've got a link now:
The NSA is not lisencing software, it is lisencing the right to use Certicom's ECC cryptosystem. Cryptosystems now are usually known even when proprietary to allow mathematicians and cryptographers the ability to test the security of it. (The RSA cryptosystem for instance is thoroughly explained on RSA's web-site, but you would still need a lisence to use the algorithm in a program)
I found a tutorial by Certicom on their ECC cryptosystem here.
PS. I could be wrong, but from the article it seems that "intellectual property" and "This is the first time that the NSA has endorsed any sort of public-key cryptography system." that they are not actually lisencing software but are in fact lisencing the cryptosystem. If I am wrong, I humbly apologize.
In cryptography it's usually not a program that gets lisenced, but an algorithm (or cryptosystem). My guess would be that ECC has the copyright or patent or whatever you get on their algorithm which would make it illegal to write a program using elliptic curve cryptography (or at least their algorithm) without permission from the company. I once wrote a project that used the RSA cryptosystem for education purposes and I had to obtain permission from RSA legal to use the cryptosystem. (However it might be public now...)
Also between AES and ECC. My guess would be ECC is much more secure than AES. If a 512-bit key for ECC is the equiv of a 15360-bit key in RSA that sounds extremely secure. As far as the last time I checked a 4096-bit RSA key was virtually unbreakable in any normal time span by even the fastest supercomputers built.
Finally what the other replies to your question have been, about comparing apples and oranges: AES is a symmetrical key, meaning, the key that encrypts also decrypts.
Public/Private Key encryption deals with two keys, the public key is freely available to anyone becuase when a message is encrypted with the public key it can not be decrypted with the public key. It must be decrypted with the private, or secret key.
Anaconda is really easy to use (I use RedHat). To me PickAx is the coolest part of Progeny's project (because I use redhat and not debian.) From my understanding (very limited) it would allow me to create my own linux distribution based on Debian and have anaconda as the graphical installer which is exactly the kind of tool I would love to play with. Does anyone know if this is a correct assumption?
If it's true I could create very specialized linux distributions for the different types of computers desktops/servers/media which would be a fun toy to play with.
What is a subversion repository? And will someone update slashdot when they make the move from internal CVS to comminuty subversion repository? I wan't to get my hands on the code!
agreed, however It seems that the new versions of office throw all those standards out the window. I don't really want to upgrade office, but apparently I won't be able to read documents of those who do upgrade. they decided to rewrite the standard, and throw business owners a curve ball, or am I missing something?
You are right, but show me a perfectly objective forum, and I'll show you a forum that agree's with your viewpoints. Objectivity is almost impossible-humans are imperfect beings.
it already seems /.ed
First let me say: i was playing devils advocate. I love Java, I don't use PHP. I'm new to Java Databases. I ran the installation stuff for MySQL to Java, it didn't throw any errors, I added the .jar files to my classpath and my IDE's classpath, I ran the above code, and it threw an error that Mysql drivers could not be found. Now I understand that this is because I am ignorant of the process and have probably done something wrong, however I was equally ignorant of the CF process and had no trouble configuring it. Again, I realize that this is because Java is a better/lower-level language than a cute little scripting language like CF (which actually compiles to JSP I think...), but the fact remains that with no experience in either I was able to get CF up in a matter of seconds whereas I now have to go do some reading to figure out how to get Java to connect to the mysql drivers.
Again, I am not trying to step on toes with any of my comments, I just find it interesting to see different sides of the issues, and sometimes that means playing devils advocate. I'm not a fan of PHP, I don't use PHP other than a script or two I wrote to test it. Java is my first love (well ok it somewhat conflicts with C++ but still...) and I choose to program in Java whenever I can (meaning convince those in charge to allow me to, or any time I need something done at home...)
hey! thats cool. I did not know that. does that mean a function as in a function() as part of a class or by function do you mean like more generic like an entire class file or large chunks of an application?
Actually NTFS has built in handling of defragmentation but does not entirely block fragmentation... Yes, its better than FAT32 but it also pads 30% of the disk space. If you put 1GB of data on a 1GB NTFS drive 300 MB will be fragmented. Do your homework before calling someone a retard...
do you use Java applications or are you speaking from what youve read, since everything on the internet is true? I actually use a lot of Java apps.
so what exactly would you say DOES scale? ASP.NET? Perl maybe?
I already wrote one post in favor of PHP. So here is my post in favor of Java. Don't dismiss Java too easily, it has a lot of libraries for doing things that are more difficult to do in Scripting languages... Anyway I like Java for client side apps, not for applets. I write code on my linux box, and it runs on my MS Laptop and on my Apple Titanium, end of story... The performance boost from C is really neglegable on the client side with computers running as fast as they do today.
Have you used PHP?
:'( ) but at least with CF its much easier to connect to a database than with Java, and I've heard argument that PHP is even better than CF.
I program a number of different languages. Java is my first love, and I know it better than any other, but both PHP and ColdFusion do an excellent job at writing very dynamic web sites. I'm not much of a PHP programmer, only becuase its something I do on my spare time, and not for work (we are a macromedia/windows shop unfortunately
Of course in CF, you write custom tags in Java...
Anyway, why write 50 lines of Java when 5 lines of PHP will do?
From what I understand, nothing will change in the way data is "stored" from a user standpoint.
C:\myfolder\mydata.data
will remain the same. It's the underpinnings that will change, the way the data is actually physically stored on the disk (disk's do not write the same way your file systems works, in fact they break up files into chunks and throw them all over the disk, that's in part why NTFS needs to be defragged all the time...)
What it will mean, IMHO (and somewhat unknowledgable about fs's), for the end user, is quicker searching of the disk.
I am worried however about the line in the article stating that it "[uses] NTFS...We built on top. NTFS does what it does incredibly well." First off, wasn't Windows ME built 'on top' of previous versions of Windows, and we all know how that turned out... And also NTFS does not do what it does incredibly well, or it wouldn't need to be defragged all the time. Someone needs to disillusion the MS VPs. NTFS does fine, but not outstanding by any stretch of the mind.
I'm curious, what does the new SQL/XML layer mean for applications developers... will it really be that different for us? What if I don't necessarily wan't to use the entirely verbose XML? Or even if I just use [binary encoding] how does adding the XML necessarily make anything better? I use XML where appropriate, mainly for data between apps and web services, but it is by no means an answer to all data storage problems, at least in my opinion.
I don't know a whole lot about different programming techniques on different operating systems, but I do think that programs can be optimized for s certain OS.
All of the programs in the benchmark are natively Windows with the possible exception of Quake III (is that native to Windows or Linux?). Why don't they throw into the mix programs written specifically for Mac that have been ported to PC's? Could the results possible come out differenty?
Apparantly you haven't been a highschool student recently. I am in high school and all last year I opted out of saying the pledge because of West Virginia Board of Education VS. Barnette (1943) because I felt I was being patriotic (exercizing my rights) and idealistic (which was someone silly.) Anyway, I garnered no flak from classmates, I may have been asked once why I didn't say it. Now keep in mind that I respected the flag... I was on my feet, just not reciting the pledge, as is my Constitutional right.
Finally none of my peers care about the pledge, these are high school students, you give them WAY too much credit. If someone doesn't want to say the pledge, nobody cares.
My generation is a post modern one-most of us (not including myself) have fallen to the belief that whatever is right for you is right... patriotism, religion, and morality get brushed away in its wake... [ps I'll be scared in a year or two when the people I know are voting.]
Lexmark should have been boycotted long before this came out, they are a total scam. I have a lexmark printer, cost about $20 with color and black and white ink. To refill both color and black and white would cost me $80.00! Apparently they are the X-Box of printers, give the expensive stuff away and charge a premium on the cheaper part. Rediculous, I'll buy an HP thank you much.
I believe you, It's probably because I'm a latin student and if virus were a word in Latin, viri would be its plural... I'm ruined for life. I even read things like dividend and pronounce it in my head as (DEE-wah-dend) which would be the proper Latin pronunciation. In other words, I am horrible at English, better at Latin, but good in neither, I guess being fluent in C or Java counts for something though. So I correct my self, viri needs to be changed to viruses. Sorry for the misspellings.
technically, if attacks (hacks) are not targeting the OS there should be a one-to-one ratio of attacks to server OS. If there isn't that would be interesting, I'll look it up later.
I would say there is an important difference between server hacks and viri in that respect. Most people making a virus specifically target windows, while most people hacking a server don't target an OS, but an organization, therefore it is relevant that there are more Linux servers, while the number of MS boxes is not relavent in cases involving virus. The attack focus is different.