Humans. There's no need for software apart from setting initial TPM owner keys (and possibly dumping generated keys for backup purposes).
The rest of encryption, key generation and negotiation with hard drive can be handled in hardware. All user intervention can probably be reduced to entering 'owner key' in BIOS and turning on 'encrypt HD' option.
TPMs are pretty secure - TPM spec mandates independent audit of chip manufacturers. TPMs themselves are constructed in a way to make hardware reverse-engineering very hard.
Probably, a high-level government agency could obtain manufacturer's private key. Or it could somehow add a 'backdoor' into TPM hardware. But if you are THAT paranoid - you'd better use completely software solution.
Nah, Chinese room is possible. After all, you can be modeled as a VERY large finite automaton (the number of combinations of quantum states of all atoms of your body is finite).
However, it's absolutely impossible to do this in practice. The number of possible combinations is just too huge.
Well, there's a joke in Russia that Moscow and the rest of Russia are separate states: "Are you from Moscow or from Russia?"
That's actually pretty close to truth. There is a LOT of unpatched pirated Windows installations in Russia (not 99%, but pretty close) and DVDs with pirated software are common.
Hybrids work fine at -40F, they just require battery heating because speed of chemical reactions is too slow at -40F. I.e. they "hold charge" just fine, but can't discharge fast enough at -40F.
It's pretty common to add small heaters to electronic devices which need to work at low temps.
Hmm... In Russia and Ukraine trains usually arrive exactly on time (+- 2 minutes). It's pretty amazing that a train arrives exactly on schedule after 5 day journey from Siberia to Moscow.
It's not THAT hard to do this, you don't even need Mussolini!
"The days of hand-delivered security keys are numbered"
Yeah, sure. Quantum key distribution DOES NOT protect against man-in-the-middle attack. So you'll still need to know that the channel is physically secure before transmitting quantum key.
There's also a nice project called HTMLayout - it's a VERY lightweight HTML engine with support for native widgets and rich CSS styling (far far better than in QT).
It would be nice to see it integrated with QT one day:)
You can sandbox x86 code. It's been done multiple times in pre-VT virtual machines that use JIT to speed code execution. In short, VMs rewrite the code so 'safe' instructions are executed directly on CPU and 'unsafe' instructions are replaced with calls into virtualization layer.
NaCl uses the similar approach. But they don't bother with 'unsafe' instructions and just ban them.
NaCl just does not check that there's no buffer overflows, instead it isolates the program to make sure that buffer overflows do not cause problems.
I.e. you can can overflow, use dangling pointers and cause all sorts of access violations to your heart's contents inside the NaCl sandbox. But it won't cause a security breach.
IPv6 has some really nice features. I have deployed IPv6 on my networks (6to4 rules!) and now I can SSH into _any_ computer from _any_ computer - all computers have public IPv6 addresses.
Additionally, reverse 6to4 provides fully automatic reverse DNS delegation.
Samba4 is excruciatingly close to true AD support. I'm now using it for my own network for a handful of WinXP computers. I think in about 1 year Samba4 will be ready for production.
Most of providers now have near-realtime billing interoperability. Also, international roaming providers require home network authorization for _each_ call.
You know, the lifetime of a water molecule in atmosphere is (on average) several _days_. The lifetime of a carbon dioxide molecule can essentially be _infinite_ if carbon sinks fail.
No. I know perfectly well that all inertial frames are equals.
I object to parent's statement that the true birth of the Crab Nebula was in 5446 BC. It just makes no sense because it assumes that time is absolute.
Also, why 5446 BC? The Earth (and the whole Solar System) moves relative to the Crab Nebula, so we need to compensate for the time dilation. It'll be small, but it's there.
And it gets even more fun if you are talking about quasars and remote galaxies when you need to consider effects of space expansion.
Linux supports booting using TPM. Sort of.
I got recently involved in a flame-war on grub.devel mailing list then I offered to add TPM support to the mainline GRUB2 - http://article.gmane.org/gmane.comp.boot-loaders.grub.devel/9367
Humans. There's no need for software apart from setting initial TPM owner keys (and possibly dumping generated keys for backup purposes).
The rest of encryption, key generation and negotiation with hard drive can be handled in hardware. All user intervention can probably be reduced to entering 'owner key' in BIOS and turning on 'encrypt HD' option.
TPMs are pretty secure - TPM spec mandates independent audit of chip manufacturers. TPMs themselves are constructed in a way to make hardware reverse-engineering very hard.
Probably, a high-level government agency could obtain manufacturer's private key. Or it could somehow add a 'backdoor' into TPM hardware. But if you are THAT paranoid - you'd better use completely software solution.
TPM works like that.
There's a notion of TPM owner - ownership change requires proof of physical presence, and during ownership change you need to enter passphrase.
You can later use this passphrase to extract almost all keys from the TPM module.
Also, I bet there'll be a possibility to dump generated passphrase and print it out.
Nah, Chinese room is possible. After all, you can be modeled as a VERY large finite automaton (the number of combinations of quantum states of all atoms of your body is finite).
However, it's absolutely impossible to do this in practice. The number of possible combinations is just too huge.
Well, there's a joke in Russia that Moscow and the rest of Russia are separate states: "Are you from Moscow or from Russia?"
That's actually pretty close to truth. There is a LOT of unpatched pirated Windows installations in Russia (not 99%, but pretty close) and DVDs with pirated software are common.
Wrong. There's Mozilla ActiveX component - http://www.iol.ie/~locka/mozilla/control.htm (which is used in Wine for IE emulation, BTW).
Wrong and wrong.
Hybrids work fine at -40F, they just require battery heating because speed of chemical reactions is too slow at -40F. I.e. they "hold charge" just fine, but can't discharge fast enough at -40F.
It's pretty common to add small heaters to electronic devices which need to work at low temps.
Disclaimer: I worked at Arctic conditions.
Exactly to millisecond? Microsecond? Maybe exactly to a Plank time?
For most purposes +-2 minutes interval is 'exact'.
Hmm... In Russia and Ukraine trains usually arrive exactly on time (+- 2 minutes). It's pretty amazing that a train arrives exactly on schedule after 5 day journey from Siberia to Moscow.
It's not THAT hard to do this, you don't even need Mussolini!
"The days of hand-delivered security keys are numbered"
Yeah, sure. Quantum key distribution DOES NOT protect against man-in-the-middle attack. So you'll still need to know that the channel is physically secure before transmitting quantum key.
There's also a nice project called HTMLayout - it's a VERY lightweight HTML engine with support for native widgets and rich CSS styling (far far better than in QT).
It would be nice to see it integrated with QT one day :)
No, no, no.
You can sandbox x86 code. It's been done multiple times in pre-VT virtual machines that use JIT to speed code execution. In short, VMs rewrite the code so 'safe' instructions are executed directly on CPU and 'unsafe' instructions are replaced with calls into virtualization layer.
NaCl uses the similar approach. But they don't bother with 'unsafe' instructions and just ban them.
NaCl just does not check that there's no buffer overflows, instead it isolates the program to make sure that buffer overflows do not cause problems.
I.e. you can can overflow, use dangling pointers and cause all sorts of access violations to your heart's contents inside the NaCl sandbox. But it won't cause a security breach.
Nope. NaCl is designed to be secure, read the PDF (I read it some time ago).
It's not really that hard, VMWare/VBox does something like this for 10 years now.
There might be some subtle race condition bugs, but so far it looks very well thought out.
IPv6 has some really nice features. I have deployed IPv6 on my networks (6to4 rules!) and now I can SSH into _any_ computer from _any_ computer - all computers have public IPv6 addresses.
Additionally, reverse 6to4 provides fully automatic reverse DNS delegation.
All for free.
Then you might try HTMLayout - it's a stand-alone HTML renderer which can be easily embedded in a C++ (or .NET) application.
And it's being ported to Linux right now.
Samba4 is excruciatingly close to true AD support. I'm now using it for my own network for a handful of WinXP computers. I think in about 1 year Samba4 will be ready for production.
OpenChange is also moving at a fast pace.
The reason for $1m-2m licenses is that it takes a lot of money to develop complex custom software for small number of users.
Of course, there's also a margin for profit for software development company, but usually it's not large enough to justify re-development.
Most of providers now have near-realtime billing interoperability. Also, international roaming providers require home network authorization for _each_ call.
You know, the lifetime of a water molecule in atmosphere is (on average) several _days_. The lifetime of a carbon dioxide molecule can essentially be _infinite_ if carbon sinks fail.
And do you take time dilation into account? Because the Solar System moves relative to the Crab Nebula.
How about metric space expansion?
No. I know perfectly well that all inertial frames are equals.
I object to parent's statement that the true birth of the Crab Nebula was in 5446 BC. It just makes no sense because it assumes that time is absolute.
Also, why 5446 BC? The Earth (and the whole Solar System) moves relative to the Crab Nebula, so we need to compensate for the time dilation. It'll be small, but it's there.
And it gets even more fun if you are talking about quasars and remote galaxies when you need to consider effects of space expansion.
That's because it's CORRECT. There's no such thing as 'absolute time'.
1054AD _was_ the time of birth of the Crab Nebula from _our_ point of view.