that this system was something that "in principle" the police could pull together very easily. He went on to say, that of course, he was just a techy, he didn't get involved in politics, etc. This was a couple of years ago at a conference about public services and XML in Manchester.
At the time I thought he had his tin-foil hat on a bit too tight, but now I see he genuinely was giving us a hint of things to come.
It's so sad the changes that have been made in the name of the "War on Terror". A never ending war it will be - at what point do you declare "That's it! All terrorists have gone away!" so liberties sacrificed in its name will not return until we can wrest back some sanity into our political process. Let's hope we don't let it slide too far.
I am so sick of the "If you have nothing to hide" argument trotted out by nanny-state apologists. Have we learned nothing from history?
Let's see merciless transparency in government and the public sector, and independant metrics on performance. Then I might just about trust them with systems like this. But probably not.
Ahh, sorry, I misunderstood what was being proposed. You're saying that each read and write to the swap area is encrypted with a key randomly chosen at boot time. I thought you meant that the entire swap area was encrypted at boot time in order to obscure the previous run, which clearly wouldn't work very well.
Still, it still shows that getting a high level of security is frequently non-obvious. Some applications store temporary files as working backups, and these may not be in the encrytped file partition. There are all sorts of ways a user can leave traces behind.
Actually, having thought about it, this won't work. A forensic team will not switch the computer on to copy the hard drive. They will extract the hard drive and do a byte level copy of the data on it. The system will then have the last run unencrypted (unless you try to encrypt the swap file when the machine is closed down, rather than booting up, of course).
Hmmmm... interesting idea. I couldn't comment on how secure this really is, but it sounds like a good idea.
Anyway, the point is still made that simply encrypting the source files isn't normally sufficient to give real security for a user. Flaws in the implementation of algorithms may occasionally be exploited, but far more likely to be exploited is how the user interacts with the machine and their security software.
Few users have the technical skills to really use a computer in such a way as to prevent a forensic team from uncovering anything. And people get lazy too, even if they start with all the right ideas.
When data is used by an application, it can end up in the swap file or partition, even if the original file is encrypted. So yes, just encrypting source files won't necessarily stop a forensic team from recovering things of interest.
It is falsifiable, come up with a model that shows how life can happen on its own
Evolution doesn't have anything to say about the origin of life, and has never pretended to. That is a separate question. It describes how life changes over time, not how it started.
Actually, I think the CMA does need updating to take account of DOS attacks.
Your analogy with physical world crimes is very good. I particularly like your example of 1000 people standing outside a shop preventing legitimate customers from entering.
However, if gatherings of 1000 people outside shops to prevent commerce became (a) commonplace and (b) possible to do anonymously, I think we might see a law against "prevention of commerce", or even "denial of service" in the physical world too.
There is no particular reason to privilege the physical world over the digital. I agree that in many cases "new" technological crimes are not new crimes at all; merely old crimes in new clothes. In these cases, there should be no need for new legislation, just an acknowledgement that a new medium or avenue for the crime has become possible.
However, new technology sometimes opens up entirely new crimes, or makes a crime possible that was not economic or otherwise feasible before. This is the case with DOS attacks.
Well, it's been fun reading this discussion, in a here-we-go-again sort of way. Anyone dares to suggest that software might be easier to use by normal people, and most of you have a hissy fit. But then you guys probably change your underwear using a command line interface.
Regardless of the particular comments Dvorak makes, software could be a hell of a lot easier to use. Unless you all think that just having a WIMP interface is the be-all and end-all of interface and interaction design.
I've just finished reading "The Design of Everyday Things", by Donald A. Norman. I totally recommend it. Funny, wise and thought provoking.
I think we need to understand that the word "document" is being used in a very broad sense here. He's mostly saying that documents should be able to include content from other documents - not just a link to them - the content itself - but via a link rather than copy and paste. And this should be done via open standards - a position I'm sure most people here will agree with.
This facilities annotation and reuse of works. Scholars can produce a commentary on another scholar's work, without disturbing the original. Layer's of meaning can be overlaid on any text and queried. It's a fine vision, but he doesn't explain it very well to those who don't already get it.
While I applaud your cry for honesty to rule, I'm afraid I'm rather more cynical about human nature. Maybe not even cynical is the right word. I remember reading somewhere (sorry, can't remember where) about the simulated evolution of populations . It suggested all populations operated sub-optimally due to the presence of freeloading and the necessity to detect and punish this activity, where punishment also carries a cost to the punisher. Populations that never punished freeloading died out, for obvious reasons.
Note that I'm not suggesting that violating copyright is morally equivalent to freeloading in all cases (fair use). I'm not even suggesting that copyright is necessarily the best solution to incentivising creativity and culture.
I am suggesting though that any system which relies on the honesty of all participants is doomed to failure.
Errr... no. Copyright protects the right of the author to dispose of the work as they see fit and asserts the moral rights of the author to be identified as such. The GPL is founded on these legal rights.
You may not like what other people do with the power that copyright law confers, but it's hard to see how anything like the GPL could be enforced without some equivalent kind of legal backing. Possibly contract law could do the trick, but IANAL.
I did not know there was an "implicit" first strike policy. I'm also not sure what you mean by "implicit". Surely if it's official policy, then it's explicit?
But I suspect a MAD policy would be necessary regardless of the published policies of your enemies. Would you take it on trust that a nation would not use a first-strike just because they don't have a first-strike policy?
Wrong. MAD did not advocate pre-emptive strikes. It referred to the ability to launch an attack on detection of a first-strike by an enemy (before you got wiped out), meaning you both got wiped out. That's a good incentive not to launch a first strike.
The new policy is for American pre-emptive strikes. Not the same thing at all. I suggest you retake your history class.
...sigh... why would muslim fundamentalists be aligned with a secular dictatorship? The fundamentalists hated Saddam too.
They may both have hated America, but for completely different reasons.
9/11 and Iraq are not linked, and never were, except in the imaginations of political spin doctors who wanted to create fear and justification for an illegal war.
And you sir, receive the "Order of the Unreasonable Faith in the Internet as the Fount of all Knowledge *".
I've read a few books about the history of zero, and it's not obvious, and neither can it's origin be traced to any one people. We can probably assume that the author of *an entire book* about the history of zero might have used a few other sources than Google and his own imagination, and will probably have cited them in a bibliography. Even if this is not the case, it's nice to have a reference to another source, and you can always look for other books on the subject if that one does not satisfy you...
* Have a look at the recent wiki editors comments. He removed bits he did not believe were true using another source on the internet as his justification. I'm not saying he's wrong, but still...
This has nothing to do with creating more secure hash algorithms. You are actually attempting to devise your own encryption scheme which is applied before hashing.
This won't make a viable hash algorithm, as hash algorithms by definition do not require a secret key - to be useful they should be reproducable by anyone - this is why they have applications in data integrity or digital signatures, amongst others.
You rightly identify the fact that to be useful, your scheme must encode how the mappings are to be performed - which is the key. But why invent your own encryption routine? Your encryption seems to be a kind of simple diffusion apparatus, but operating at a character rather than a bit level, and I suspect would be easily crackable.
In the case where you want to obscure the relationship between the source document and the hash (so only those who need to know can verify the hash - e.g. in authentication mechanisms), just use HMACs (which are keyed hashes).
"Microsoft is clearly working hard to make sure that commercial software is worth the money, and is going to give the competitors a run for their money."
>The important thing is that the image is stored (and encrypted) on BoA's server. So a phisher wouldn't have access to it, and would have to guess what your image is
Simply not true. They don't have to guess your image, and encrypting the image on their server does absolutely nothing. Here's how it works:
You go to the phishing site, which looks just like the real thing, and you enter your details.
The phishing site passes these on to the real bank site and the bank happily sends the image to it. They phishing site shows the image to you, etc. etc.
It's called a man-in-the-middle attack. If you don't know, right from the start, that you are really communicating with the correct site, they can simply wrap all your requests and pass them back and forth.
This is now *less* secure than a simple username and password, as users will be convinced by the image and maybe won't inspect the URL as carefully.
Digital preservation is a pretty hard task, mostly because we haven't yet collectively acknowledged that our society now relies on a digital memory that is extremely fragile.
Given that this problem is quite hard to solve in the long term (although much easier if just for the short term), it would probably be better to donate the material to an organisation with the resources and longevity to secure it.
Over the long term, you will have to migrate storage media every few years. You will also have to migrate file formats, as software and standards becomes obsolete, unless you want to try emulation as a digital preservation technique , although most organisations in the field are going down the format migration route.
As far as document formats go, OCRing to PDF, or OpenOffice might be your best bet, as these formats are widely readable.
You could check out lizardtech's wavelet document format (www.lizardtech.com). It produces very small file sizes (e.g. 50Kb from a huge scan), has built-in indexing of text, and even has an open source toolkit, although the open source version doesn't do the OCR indexing.
The Japanese archives are using this format to archive many of their documents, and we have explored it at the UK National Archives. The downside, of course, is it's not a very widely used format, so tool support will be patchy, but if you can roll your own solution, it may be perfect. 10,000 documents at 50Kb each - only 500Mb.
The problem is not recording, storing, migrating and managing all this stuff. The problem is locating the good stuff in the midst of all the boring stuff. This problem has two parts: deciding what's interesting (historians often find commonplace stuff, like an old bill of sale, as, if not more interesting than the record it was accidentally left in), and actually having the man power to appraise it in the first place.
It is actually cheaper to archive more stuff digitally, knowing that some of it won't be very interesting, than it is to micro-appraise the records and only take the "good" bits, and then rely on the increasing sophistication of search engines to help mine it all.
Slashdot Mirror
Are you mods on something? Why is this modded funny? Parent is correct.
that this system was something that "in principle" the police could pull together very easily. He went on to say, that of course, he was just a techy, he didn't get involved in politics, etc. This was a couple of years ago at a conference about public services and XML in Manchester.
At the time I thought he had his tin-foil hat on a bit too tight, but now I see he genuinely was giving us a hint of things to come.
It's so sad the changes that have been made in the name of the "War on Terror". A never ending war it will be - at what point do you declare "That's it! All terrorists have gone away!" so liberties sacrificed in its name will not return until we can wrest back some sanity into our political process. Let's hope we don't let it slide too far.
I am so sick of the "If you have nothing to hide" argument trotted out by nanny-state apologists. Have we learned nothing from history?
Let's see merciless transparency in government and the public sector, and independant metrics on performance. Then I might just about trust them with systems like this. But probably not.
Ahh, sorry, I misunderstood what was being proposed. You're saying that each read and write to the swap area is encrypted with a key randomly chosen at boot time. I thought you meant that the entire swap area was encrypted at boot time in order to obscure the previous run, which clearly wouldn't work very well.
Still, it still shows that getting a high level of security is frequently non-obvious. Some applications store temporary files as working backups, and these may not be in the encrytped file partition. There are all sorts of ways a user can leave traces behind.
Actually, having thought about it, this won't work. A forensic team will not switch the computer on to copy the hard drive. They will extract the hard drive and do a byte level copy of the data on it. The system will then have the last run unencrypted (unless you try to encrypt the swap file when the machine is closed down, rather than booting up, of course).
Hmmmm... interesting idea. I couldn't comment on how secure this really is, but it sounds like a good idea.
Anyway, the point is still made that simply encrypting the source files isn't normally sufficient to give real security for a user. Flaws in the implementation of algorithms may occasionally be exploited, but far more likely to be exploited is how the user interacts with the machine and their security software.
Few users have the technical skills to really use a computer in such a way as to prevent a forensic team from uncovering anything. And people get lazy too, even if they start with all the right ideas.
When data is used by an application, it can end up in the swap file or partition, even if the original file is encrypted. So yes, just encrypting source files won't necessarily stop a forensic team from recovering things of interest.
It is falsifiable, come up with a model that shows how life can happen on its own
Evolution doesn't have anything to say about the origin of life, and has never pretended to. That is a separate question. It describes how life changes over time, not how it started.
Actually, I think the CMA does need updating to take account of DOS attacks.
Your analogy with physical world crimes is very good. I particularly like your example of 1000 people standing outside a shop preventing legitimate customers from entering.
However, if gatherings of 1000 people outside shops to prevent commerce became (a) commonplace and (b) possible to do anonymously, I think we might see a law against "prevention of commerce", or even "denial of service" in the physical world too.
There is no particular reason to privilege the physical world over the digital. I agree that in many cases "new" technological crimes are not new crimes at all; merely old crimes in new clothes. In these cases, there should be no need for new legislation, just an acknowledgement that a new medium or avenue for the crime has become possible.
However, new technology sometimes opens up entirely new crimes, or makes a crime possible that was not economic or otherwise feasible before. This is the case with DOS attacks.
Well, it's been fun reading this discussion, in a here-we-go-again sort of way. Anyone dares to suggest that software might be easier to use by normal people, and most of you have a hissy fit. But then you guys probably change your underwear using a command line interface.
8 78645-6414220?v=glance&n=283155&n=507846&s=books&v =glance
Regardless of the particular comments Dvorak makes, software could be a hell of a lot easier to use. Unless you all think that just having a WIMP interface is the be-all and end-all of interface and interaction design.
I've just finished reading "The Design of Everyday Things", by Donald A. Norman. I totally recommend it. Funny, wise and thought provoking.
http://www.amazon.com/gp/product/0465067107/103-3
That's a good point. I guess you have to detect cycles in references. How you deal with them would be up to the user I suppose.
I think we need to understand that the word "document" is being used in a very broad sense here. He's mostly saying that documents should be able to include content from other documents - not just a link to them - the content itself - but via a link rather than copy and paste. And this should be done via open standards - a position I'm sure most people here will agree with.
This facilities annotation and reuse of works. Scholars can produce a commentary on another scholar's work, without disturbing the original. Layer's of meaning can be overlaid on any text and queried. It's a fine vision, but he doesn't explain it very well to those who don't already get it.
While I applaud your cry for honesty to rule, I'm afraid I'm rather more cynical about human nature. Maybe not even cynical is the right word. I remember reading somewhere (sorry, can't remember where) about the simulated evolution of populations . It suggested all populations operated sub-optimally due to the presence of freeloading and the necessity to detect and punish this activity, where punishment also carries a cost to the punisher. Populations that never punished freeloading died out, for obvious reasons.
Note that I'm not suggesting that violating copyright is morally equivalent to freeloading in all cases (fair use). I'm not even suggesting that copyright is necessarily the best solution to incentivising creativity and culture.
I am suggesting though that any system which relies on the honesty of all participants is doomed to failure.
Errr... no. Copyright protects the right of the author to dispose of the work as they see fit and asserts the moral rights of the author to be identified as such. The GPL is founded on these legal rights.
You may not like what other people do with the power that copyright law confers, but it's hard to see how anything like the GPL could be enforced without some equivalent kind of legal backing. Possibly contract law could do the trick, but IANAL.
Yup - as soon as I saw this piece, I immediately thought of EarthWeb. Cheesy story, but great forward thinking - I love it.
I did not know there was an "implicit" first strike policy. I'm also not sure what you mean by "implicit". Surely if it's official policy, then it's explicit?
But I suspect a MAD policy would be necessary regardless of the published policies of your enemies. Would you take it on trust that a nation would not use a first-strike just because they don't have a first-strike policy?
Wrong. MAD did not advocate pre-emptive strikes. It referred to the ability to launch an attack on detection of a first-strike by an enemy (before you got wiped out), meaning you both got wiped out. That's a good incentive not to launch a first strike.
The new policy is for American pre-emptive strikes.
Not the same thing at all. I suggest you retake your history class.
...sigh... why would muslim fundamentalists be aligned with a secular dictatorship? The fundamentalists hated Saddam too.
They may both have hated America, but for completely different reasons.
9/11 and Iraq are not linked, and never were, except in the imaginations of political spin doctors who wanted to create fear and justification for an illegal war.
And you sir, receive the "Order of the Unreasonable Faith in the Internet as the Fount of all Knowledge *".
B B%FA&kind=jn&mode=1)"
I've read a few books about the history of zero, and it's not obvious, and neither can it's origin be traced to any one people. We can probably assume that the author of *an entire book* about the history of zero might have used a few other sources than Google and his own imagination, and will probably have cited them in a bibliography. Even if this is not the case, it's nice to have a reference to another source, and you can always look for other books on the subject if that one does not satisfy you...
* Have a look at the recent wiki editors comments. He removed bits he did not believe were true using another source on the internet as his justification. I'm not saying he's wrong, but still...
"Description - removing portion that is not true. Contradicting source: http://dictionary.goo.ne.jp/search.php?MT=%BF%F4%
This has nothing to do with creating more secure hash algorithms. You are actually attempting to devise your own encryption scheme which is applied before hashing.
This won't make a viable hash algorithm, as hash algorithms by definition do not require a secret key - to be useful they should be reproducable by anyone - this is why they have applications in data integrity or digital signatures, amongst others.
You rightly identify the fact that to be useful, your scheme must encode how the mappings are to be performed - which is the key. But why invent your own encryption routine? Your encryption seems to be a kind of simple diffusion apparatus, but operating at a character rather than a bit level, and I suspect would be easily crackable.
In the case where you want to obscure the relationship between the source document and the hash (so only those who need to know can verify the hash - e.g. in authentication mechanisms), just use HMACs (which are keyed hashes).
I won't rest until we can eliminate wrongdoing
So what is he doing in bed before he gets up in the morning... Hmmm... best not answer that one.
"Microsoft is clearly working hard to make sure that commercial software is worth the money, and is going to give the competitors a run for their money."
Errr... yes, I'm sure it's worth every penny.
>The important thing is that the image is stored (and encrypted) on BoA's server. So a phisher wouldn't have access to it, and would have to guess what your image is
Simply not true. They don't have to guess your image, and encrypting the image on their server does absolutely nothing. Here's how it works:
You go to the phishing site, which looks just like the real thing, and you enter your details.
The phishing site passes these on to the real bank site and the bank happily sends the image to it. They phishing site shows the image to you, etc. etc.
It's called a man-in-the-middle attack. If you don't know, right from the start, that you are really communicating with the correct site, they can simply wrap all your requests and pass them back and forth.
This is now *less* secure than a simple username and password, as users will be convinced by the image and maybe won't inspect the URL as carefully.
Digital preservation is a pretty hard task, mostly because we haven't yet collectively acknowledged that our society now relies on a digital memory that is extremely fragile.
Given that this problem is quite hard to solve in the long term (although much easier if just for the short term), it would probably be better to donate the material to an organisation with the resources and longevity to secure it.
Over the long term, you will have to migrate storage media every few years. You will also have to migrate file formats, as software and standards becomes obsolete, unless you want to try emulation as a digital preservation technique , although most organisations in the field are going down the format migration route.
As far as document formats go, OCRing to PDF, or OpenOffice might be your best bet, as these formats are widely readable.
You could check out lizardtech's wavelet document format (www.lizardtech.com). It produces very small file sizes (e.g. 50Kb from a huge scan), has built-in indexing of text, and even has an open source toolkit, although the open source version doesn't do the OCR indexing.
The Japanese archives are using this format to archive many of their documents, and we have explored it at the UK National Archives. The downside, of course, is it's not a very widely used format, so tool support will be patchy, but if you can roll your own solution, it may be perfect. 10,000 documents at 50Kb each - only 500Mb.
The problem is not recording, storing, migrating and managing all this stuff. The problem is locating the good stuff in the midst of all the boring stuff. This problem has two parts: deciding what's interesting (historians often find commonplace stuff, like an old bill of sale, as, if not more interesting than the record it was accidentally left in), and actually having the man power to appraise it in the first place.
It is actually cheaper to archive more stuff digitally, knowing that some of it won't be very interesting, than it is to micro-appraise the records and only take the "good" bits, and then rely on the increasing sophistication of search engines to help mine it all.