Why is it that politicians seem to do everything in their power to undermine public confidence in the election process? What's wrong with having miltary poll stations in Iraq and then simply flying the ballot boxes back? Sure, it's more expensive that e-mail but if the US government can spend billions to put a democracy in the middle east surely a few million dollars could be set aside to insure integrity of the US vote.
Agnostics are intellectual cowards. Reason tells you that there is no god.
Reason says on the balance of probabilities their isn't a god. If this is all that is required to be atheist then I too am an atheist. However, I take atheism to be the belief that the evidence of non-existance is beyond reasonable doubt. This is a tricky proposition considering the fact that the generally accepted notion of God is meant to have unlimited powers.
To illustrate this point, God may well have created the universe 6000 years ago but faked all the evidence to make it look like it really started billions of years ago. God may have faked the appearence of evolution and Adam and Eve may indeed be the truth. Nobody likes the idea of a God that lies but in the Bible it says God created Man in his own image right? Man lies, is it not possible that God does too?
Scientific reason is useless against the proposition of God because by definition God can make the universe look anyway it wants too.
The agnostic, by his refusal to choose, gives each equal creedance.
Interesting point but I disagree. A strong agnostic would simply refuse to give any other point of view creedance because it's impossible to ever know the motive behind the creation of the universe. In my example where God's out to trick humanity is there any scientifc way to evalute the truth of that propostion? In many religions it should be a more plausible notion because a lying God is required to square science against faith. Perhaps God lied to the infidels from the true believers?
The existance of God is an undecidable decision problem because depending on which assumptions you choose to accept you will get a different answer to the question of God?
On a personal note, I couldn't give a shit about God. If it does exist and I do meet it after death then there's (hopefully) quite a while before I meet it. In the mean time I want to work with the real people, that I know exist, to make this world better for all of us. Idealistic? Hell yeah. Better than wasting your precious life in Church on a Sunday? Absolutely.
I'm going to use the 5 step approach that Schneier utilises in Beyond Fear
to analyse security decisions. Hope you enjoy this analysis. I don't have the book to hand so I'm not sure i've
got the steps spot on but it's close enough.
What assets are you trying to protect? The profitability of copyrighted music.
What are the threats to your assets? The biggest threat to profitability is the
very large levels of copyright infringement. This is such a massive risk that considering any other threat
to profitability is a waste of time at this stage.
What is the proposed countermeasure? Suing random copyright infringers.
How does the countermeasure mitigate the risks? The idea is that by suing random copyright infringers
you instill fear in people who are more risk adverse. They don't want to be slapped with a large fine so they'd rather pay
for the record. There are a number of questions that need to be asked. Firstly, how many people does this approach
really scare off? Secondly, How much revenue is it likely to recover? Let's say for every person sued 10 people decide not to infringe and go out and buy the record and each record
brought a record for $3. Then the revenue brought in would be $2232. The cost of the legal action would be more than the revenue recieved.
Even if 100 people were dissuaded for every infringer sued this would only increase to $223,320. You'd likely make a profit over the
cost of the legal action but it'd be small and you've not really done much damage to the millions of remaining pirates. In light of this analysis, I don't think this
counter-measure mitigates the risk.
What side-effects does the proposed counter-measure produce? People generally don't like to buy from a company that likes to sue its
user base so public relations may be damaged. A side-effect of particular note is people boycotting your products. In those circumstances
you've the lost sales as a direct result of deploying the counter-measure - a very bad situation.
Is the trade-off worth it? This step is always subjective but I think the counter measure is meritless given the damage to public image, the small amount of money
recovered from most of the infringers and the small amount of people who actually stop downloading as a result of the legal action. The RIAA should consider other counter-measures.
What would happen if other things in the world were free? What if budding designers and contractors demostrated their skills by building free pubic buildings?
Free as in beer would be kinda strange and other posters have addressed that weirdness. Free as in speech is common place in construction. You have to apply for planning permission which requires submitting the plans to local government. Anyone can request a plan at a small fee. I don't know about you but I think that's quite a free system!
Artists could behave more freely by releasing their work under a GNU style license. That's great but how do they get renumerated for their efforts you ask? Rather than releasing an album you simply release many singles. The artist might sell their single directly from their website at a dollar. Now once you buy that song you can distribute that freely and do all of the other things you can do in a GNU style license however the artist will not release the next single until they feel they've been adequately compensated for their efforts.
If they're crap they disappear pretty quickly. If they have a good fan base they make quite a bit of cash. Stephen King (search for his name in the document) did this successfully with an e-book he wrote. It does work!
So I don't see how increasing the hash length can be more secure, if computing that longer hash takes the same time as a shorter hash. When cracking passwords you are doing exactly the same operation as when the login program is legitimately checking against the password database.
Think of a hash like a random looking pigeon-hole function; I can pass it an arbitrary length string and it'll decide which pigeon-hole to stuff it in. The number of pigeon-holes is determined by the length of the hash so if the algorithm has a hash length of 128-bits then it has 2^128 different pigeon holes.
The obvious way to break a password is to try and find a value that hashes to the same as that stored in the shaddow file. Naturally, A good strategy is to try loads of possible passwords against the hash because people pick lame pretty lame passwords so the chances of success by this method are very good. Okay, so what if you I don't pick a lame password? What is the maximum security this function can offer if I pick a random password?
Well there are only 2^128 different pigeon-holes and an infinitude of strings. This means that eventually two strings will be assigned to the same pigeon-hole. i.e. Two string will hash to the same value. The question is, how long will it take me to find a string that hashes to the same value as that stored in the shaddow file? On average 2^127 attempts!
By increasing the hash length by one bit we have doubled the number of pigeon-holes, so you now have to check an average of 2^128 different hash codes on average. That's doubled the time it takes to break the hash open! If we add another bit then it takes 4 times as long to break as the original construction and so on and so forth.
MD5 and SHA1 are just too fast. If a new hashing algorithm was used that took a second to compute rather than the microsecond or less that an MD5 hash takes, it would make brute-force or dictionary attacks on the password much much more difficult, but wouldn't really get in the way of people logging in - it's only a second.
Nice idea but not very well thought through.. The problem with this is the time to break only scales linearly. If I want to make the hash take twice as long to break then the algorithm has to be twice as slow. Contrast this to adding a bit to the hash length. I can keep the hash roughly the same speed but double the time to crack.
Also, another bit of food for thought. How on earth would such a slow algorithm scale. Imagine a POP3 server with 20 new sessions per second. It'd take a second to verify each connections POP session!
There's a reason why these hashes are designed fast. There designed to incur the smallest possible penalty for legitimate users but really bludgeon the crackers. The best way to make everyone happy is to use a longer bit length.
I have no real problem with companies being subject to tighter restrictions. However,
these restrictions shouldn't be too sweeping. If I send an e-mail to my friend using my Work's e-mail
address the government should not be allowed to view that e-mail without a warrant.
Moreover, there should be a legal definition of what to keep and what can be tossed. I could imagine something like:
"a message that amounts to an instruction to an employee or specifying of company policy.." etc.
I don't want to store twenty thousand pieces of spam that every user might collect over two years. That makes e-mail quite an expensive tool if you have to do that.
There is one question I do have. Did the government have the power to collect so much information in the past? How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?
Or are you arguing that my coffee cup is a ring? And then could I point out that one of the very least useful of all mathematical branches is topology? (at least for now...)
Flaimbait but i'll bite, Who cares if some mathematics a use? Does a painting have a use? Isn't beauty utility enough?
PGP Phone. I don't care if it's law enforcement or not. I want to place a phone call in privacy and frankly I don't trust a huge organisation like the police to use their powers sparingly.
Is this designed to compete directly with MySql or is it like an open source version of Microsofts MSDE. Suitable for a small web app but not for hosting something like slashdot or Amazon? It's cool to see IBM once again support the OSS community.
The clock rate of the CPU went up madly through the 90s but the wind appears to have gone out the sails a little. Is the actual speed of the CPU still climbing but they're doing this without adjusting the clock rate?
Don't really keep up on the hardware these days..:P
For all I know the Indians might be better programmers but working on the law of averages
the problem solving ability of an indivdual is probably independant of their location. So it really is about
the cold, hard dollars. The thing is capitalism isn't any more free than communism. What good is being able
to criticise your government when there is only a choice of two parties?
If you took Joe Six-pack and actually took the time to educate him on the fact that he can't mess with the chips in *HIS* playstation 2 legally because
of some weird-ass law called the DCMA then I bet he'd see the onimous tone to it straight away..
Out sourcing is an evil plain and simple. Why should a company's profit be at the expense of an individuals welfare? Who has the most votes after all.. the individual or the company?
Government should serve you and me before the MD
A.) Getting drunk very much at 8.40 PM (UK time)..
B.) Obliterating your Karma destroyed for comedy value.
C.) Getting drunk on your 21st.
D.) Putting on a monkey thong bought by your female friend that ur girlfriend hates?
D.) Putting it on slashdot for the world to see?
e.) Priceless!!!!!!!!!!
f.) For everything else.. There's mastershaft.
Many of this guy's comments are very good. In many ways, the programing industry is being hit by
a much more general sweep of what I call 'copyright depreciation'. The really huge piracy with games,
music and movies at the moment is a symptom of copyright depreciation and so is programing. I think a key
cultural change in this century will be the rise in the difficulty of the ability to make money off
copyrighted works.
In the past, a company could assemble a team of programmers and pay them to write a program for you.
Really, the only way you could assemble such a team was under this structure. With the invention of the internet
such teams can be assembled on-line and can work in their spare time. Couple this with the ability to be able to
duplicate en mass for effectively zero cost makes this form of development very effective.
In the end, the programmer has to get paid or they can't make a living off it. What we're seeing is the destruction
of huge profit margins and the market force establishing the 'true' value of a programmer.
The RIAA expects the customers to hand over cash for
overpriced CDs, appealing to morality for justification, and yet in act of gross
duplicity it gives libraries crud just to spite them because they lost a court case.
This isn't about morals, it isn't even about the artists.. it's about
the bloody dollars.
Don't get me wrong. I don't support piracy but the RIAA's approach isn't exactly making me willing me
to go out and buy their dross. Fear not, technology has destroyed industries before.
The nice thing to know is that it's usually pretty ruthless in that it takes no prisoners.
I doubt the RIAA will be the exception. No amount of law making saved the canal boats from the invention of the automobile.
We now have the infrastructure to pay the artist not the army of lawyers, executives and other useless staff.
I think all artists would prefer a return to the music and less of the obsession with the dollars. I'd be more willing
to fork out the dollars (will pounds in my case) if I knew the artist was the key beneficiary?
So which is it, secure communications or communications that can be spied on? It can't be both.
It can be and is both. Secure is an adjective - without context it's meaningless. In the context of a traditional factoring/discrete log based key exchange protocol then quantum computers will see a swift end to that period of history. Shors algorithm can factor in the worst case in around log(n)^3 time and log(n) space.
As for other ciphers, such as AES, i'd say it's fairly likely that there will be clever attacks using Quantum computers against these traditional designs but I doubt the attacks will capture be general enough to attack all ciphers you can make on a conventional computer.
At any rate the problem of keeping a message secret has been solved for the best part of a 90 years in the form of the Vernam Cipher. Even a quantum computer can't break this construction. The problem with it is that the key is the same length as the text you want to encrypt. If you have a secure channel capable of moving a n-bit key between two people then why not move the actualy message?
What's interesting is that someone discovered how to make a quantum mechanical channel that allows you to agree bits for use with a Vernam cipher that can detect when anyone trys to eavesdrop on the line. This channel only allows you to communicate random bits between each other but that's okay because we can use the Vernam cipher to protect a message with actual meaning and obtain perfect secrecy.
Since you can tell if a bit has been read by a third-part you can be safe in the knowledge that you have in fact swapped your key in secrecy and thus the message is unreadable.
If people running windows were not so used to running as admin, this would not be a fundemental problem. If Windows was more friendly to being used as a multi user system, then only the os would be the bottleneck (although still a significant one) in making a system secure. I mean, running a browser should be a fairly secure activity, after all, it is such a basic part of every day computer use.
I recommend this simple security fix to Microsoft. Do not allow the administrator account access to internet IPs by default. I'd wager that security problems would be greatly diminished.
How secure is AES 128+ bits anyway? MPEG streams have a pretty regular pattern that offers a lot hints to cryptanalysts. I wouldn't bet on the security of a system that encrypts 2-8 GB of data with such a regular pattern!
If I gave you the transcript of everything ever said by every human that has ever lived and encrypted it with a random key and gave you the resulting cipher-text you'd still have to try 2^127 keys on average to recover the key.Knowing patterns in the plain-text doesn't help you at all!
In fact, even if you could choose what you wanted encrypted under my secret random key and I gave you the resulting encrypted text then even after billions of terrabytes you still wouldn't have any clue what the key is.
<paranoia>This may lead to a key recovery by just comparing the encrypted OS and the unencrypted OS.</paranoia>
No.. almost all decent encryption algorithms are secure against this "known plain-text" attack. AES (and all decent ciphers) can withstand attacks where the attacker can choose the plain-text to be encrypted and then is given the result.
Did anyone else notice the CSS/Drawing bug on Slashdot where the side panel overlapped the side panel slightly. That bug has been fixed in this release.
I have a little different opinion to the article. The reason for the death of the API is probably GNU/Linux. A closed set of poorly documented APIS doesn't compare to much to "We'll give you the source code" -.NET is the halfway house..
It's open and documented such that developers feel comfortable using it and feel like they're getting a powerful suite. It's closed enough such that Microsoft can maintain an effective monopoly on the framework because projects like Mono will always be playing catch-up to some extent.
One thing that Microsoft hope doesn't happen is Mono becoming the defacto standard and not the MS framework. That patent warchest of theirs is probably set aside for that particularly eventuality.
No they're not bundeling this one but be sure as hell they'll use secret APIs in their package and the virus checker that currently work fine with see either diminished performance or just simply break.
Microsoft are generally not very good at the competition game but they are good at crushing people with dodgy business practices.
This raise alot of questions. The key question is What does a pHD actually mean? If pHD is meant to be a sign of knowledge in the subject then this shows i surely the counter example show this is not the case.
I mean that You can't strip someone of knowledge. It's true that he may have faked data but he certainly had detailed knowledge of the field and I strongly suspect his thesis did not contain any errors. His thesis would have demanded more critical examination than a research paper. So i think it's fair to say that he earned that pHD
Is it right for a discredited man to have his pHD removed? Is it right that popular opinion can determine how qualified someone is to make a statement in their field?
Slashdot Mirror
Why is it that politicians seem to do everything in their power to undermine public
confidence in the election process? What's wrong with having miltary poll stations
in Iraq and then simply flying the ballot boxes back? Sure, it's more expensive
that e-mail but if the US government can spend billions to put a democracy in the middle east
surely a few million dollars could be set aside to insure integrity of the US vote.
Simon
Agnostics are intellectual cowards. Reason tells you that there is no god.
Reason says on the balance of probabilities their isn't a god. If this is all that is required to be atheist then I too am an atheist. However, I take atheism to be the belief that the evidence of non-existance is beyond reasonable doubt. This is a tricky proposition considering the fact that the generally accepted notion of God is meant to have unlimited powers.
To illustrate this point, God may well have created the universe 6000 years ago but faked all the evidence to make it look like it really started billions of years ago. God may have faked the appearence of evolution and Adam and Eve may indeed be the truth. Nobody likes the idea of a God that lies but in the Bible it says God created Man in his own image right? Man lies, is it not possible that God does too?
Scientific reason is useless against the proposition of God because by definition God can make the universe look anyway it wants too.
The agnostic, by his refusal to choose, gives each equal creedance.
Interesting point but I disagree. A strong agnostic would simply refuse to give any other point of view creedance because it's impossible to ever know the motive behind the creation of the universe. In my example where God's out to trick humanity is there any scientifc way to evalute the truth of that propostion? In many religions it should be a more plausible notion because a lying God is required to square science against faith. Perhaps God lied to the infidels from the true believers?
The existance of God is an undecidable decision problem because depending on which assumptions you choose to accept you will get a different answer to the question of God?
On a personal note, I couldn't give a shit about God. If it does exist and I do meet it after death then there's (hopefully) quite a while before I meet it. In the mean time I want to work with the real people, that I know exist, to make this world better for all of us. Idealistic? Hell yeah. Better than wasting your precious life in Church on a Sunday? Absolutely.
Simon.
I'm going to use the 5 step approach that Schneier utilises in Beyond Fear to analyse security decisions. Hope you enjoy this analysis. I don't have the book to hand so I'm not sure i've got the steps spot on but it's close enough.
What assets are you trying to protect? The profitability of copyrighted music.
What are the threats to your assets? The biggest threat to profitability is the very large levels of copyright infringement. This is such a massive risk that considering any other threat to profitability is a waste of time at this stage.
What is the proposed countermeasure? Suing random copyright infringers.
How does the countermeasure mitigate the risks? The idea is that by suing random copyright infringers you instill fear in people who are more risk adverse. They don't want to be slapped with a large fine so they'd rather pay for the record. There are a number of questions that need to be asked. Firstly, how many people does this approach really scare off? Secondly, How much revenue is it likely to recover? Let's say for every person sued 10 people decide not to infringe and go out and buy the record and each record brought a record for $3. Then the revenue brought in would be $2232. The cost of the legal action would be more than the revenue recieved. Even if 100 people were dissuaded for every infringer sued this would only increase to $223,320. You'd likely make a profit over the cost of the legal action but it'd be small and you've not really done much damage to the millions of remaining pirates. In light of this analysis, I don't think this counter-measure mitigates the risk.
What side-effects does the proposed counter-measure produce? People generally don't like to buy from a company that likes to sue its user base so public relations may be damaged. A side-effect of particular note is people boycotting your products. In those circumstances you've the lost sales as a direct result of deploying the counter-measure - a very bad situation.
Is the trade-off worth it? This step is always subjective but I think the counter measure is meritless given the damage to public image, the small amount of money recovered from most of the infringers and the small amount of people who actually stop downloading as a result of the legal action. The RIAA should consider other counter-measures.
Simon.
What would happen if other things in the world were free? What if budding designers and contractors demostrated their skills by building free pubic buildings?
Free as in beer would be kinda strange and other posters have addressed that weirdness. Free as in speech is common place in construction. You have to apply for planning permission which requires submitting the plans to local government. Anyone can request a plan at a small fee. I don't know about you but I think that's quite a free system!
Artists could behave more freely by releasing their work under a GNU style license. That's great but how do they get renumerated for their efforts you ask? Rather than releasing an album you simply release many singles. The artist might sell their single directly from their website at a dollar. Now once you buy that song you can distribute that freely and do all of the other things you can do in a GNU style license however the artist will not release the next single until they feel they've been adequately compensated for their efforts.
If they're crap they disappear pretty quickly. If they have a good fan base they make quite a bit of cash. Stephen King (search for his name in the document) did this successfully with an e-book he wrote. It does work!
Simon.
So I don't see how increasing the hash length can be more secure, if computing that longer hash takes the same time as a shorter hash. When cracking passwords you are doing exactly the same operation as when the login program is legitimately checking against the password database.
Think of a hash like a random looking pigeon-hole function; I can pass it an arbitrary length string and it'll decide which pigeon-hole to stuff it in. The number of pigeon-holes is determined by the length of the hash so if the algorithm has a hash length of 128-bits then it has 2^128 different pigeon holes.
The obvious way to break a password is to try and find a value that hashes to the same as that stored in the shaddow file. Naturally, A good strategy is to try loads of possible passwords against the hash because people pick lame pretty lame passwords so the chances of success by this method are very good. Okay, so what if you I don't pick a lame password? What is the maximum security this function can offer if I pick a random password?
Well there are only 2^128 different pigeon-holes and an infinitude of strings. This means that eventually two strings will be assigned to the same pigeon-hole. i.e. Two string will hash to the same value. The question is, how long will it take me to find a string that hashes to the same value as that stored in the shaddow file? On average 2^127 attempts!
By increasing the hash length by one bit we have doubled the number of pigeon-holes, so you now have to check an average of 2^128 different hash codes on average. That's doubled the time it takes to break the hash open! If we add another bit then it takes 4 times as long to break as the original construction and so on and so forth.
Simon.
MD5 and SHA1 are just too fast. If a new hashing algorithm was used that took a second to compute rather than the microsecond or less that an MD5 hash takes, it would make brute-force or dictionary attacks on the password much much more difficult, but wouldn't really get in the way of people logging in - it's only a second.
Nice idea but not very well thought through.. The problem with this is the time to break only scales linearly. If I want to make the hash take twice as long to break then the algorithm has to be twice as slow. Contrast this to adding a bit to the hash length. I can keep the hash roughly the same speed but double the time to crack.
Also, another bit of food for thought. How on earth would such a slow algorithm scale. Imagine a POP3 server with 20 new sessions per second. It'd take a second to verify each connections POP session!
There's a reason why these hashes are designed fast. There designed to incur the smallest possible penalty for legitimate users but really bludgeon the crackers. The best way to make everyone happy is to use a longer bit length.
Simon
I have no real problem with companies being subject to tighter restrictions. However, these restrictions shouldn't be too sweeping. If I send an e-mail to my friend using my Work's e-mail address the government should not be allowed to view that e-mail without a warrant.
Moreover, there should be a legal definition of what to keep and what can be tossed. I could imagine something like:
"a message that amounts to an instruction to an employee or specifying of company policy.." etc.
I don't want to store twenty thousand pieces of spam that every user might collect over two years. That makes e-mail quite an expensive tool if you have to do that.
There is one question I do have. Did the government have the power to collect so much information in the past? How many years worth of company paper memo's were stored? I suspect the ability was much reduced so in which case so why do they need so much more data?
Simon.
Or are you arguing that my coffee cup is a ring? And then could I point out that one of the very least useful of all mathematical branches is topology? (at least for now...)
Flaimbait but i'll bite, Who cares if some mathematics a use? Does a painting have a use? Isn't beauty utility enough?
Simon.
Your hash sir: 59A98F181FE383907E520A391D75B5A7
Simon.
PGP Phone. I don't care if it's law enforcement or not. I want to place a phone call in privacy and frankly I don't trust a huge organisation like the police to use their powers sparingly.
Encryption is the way gents.
Simon.
Is this designed to compete directly with MySql or is it like an open source version of Microsofts MSDE. Suitable for a small web app but not for hosting something like slashdot or Amazon? It's cool to see IBM once again support the OSS community.
Simon
The clock rate of the CPU went up madly through the 90s but the wind appears to have gone out the sails a little. Is the actual speed of the CPU still climbing but they're doing this without adjusting the clock rate?
:P
Don't really keep up on the hardware these days..
Cheers,
Simon.
For all I know the Indians might be better programmers but working on the law of averages the problem solving ability of an indivdual is probably independant of their location. So it really is about the cold, hard dollars. The thing is capitalism isn't any more free than communism. What good is being able to criticise your government when there is only a choice of two parties?
If you took Joe Six-pack and actually took the time to educate him on the fact that he can't mess with the chips in *HIS* playstation 2 legally because of some weird-ass law called the DCMA then I bet he'd see the onimous tone to it straight away..
Out sourcing is an evil plain and simple. Why should a company's profit be at the expense of an individuals welfare? Who has the most votes after all.. the individual or the company? Government should serve you and me before the MD
Simon
A.) Getting drunk very much at 8.40 PM (UK time)..
B.) Obliterating your Karma destroyed for comedy value.
C.) Getting drunk on your 21st.
D.) Putting on a monkey thong bought by your female friend that ur girlfriend hates?
D.) Putting it on slashdot for the world to see?
e.) Priceless!!!!!!!!!!
f.) For everything else.. There's mastershaft.
Many of this guy's comments are very good. In many ways, the programing industry is being hit by a much more general sweep of what I call 'copyright depreciation'. The really huge piracy with games, music and movies at the moment is a symptom of copyright depreciation and so is programing. I think a key cultural change in this century will be the rise in the difficulty of the ability to make money off copyrighted works.
In the past, a company could assemble a team of programmers and pay them to write a program for you. Really, the only way you could assemble such a team was under this structure. With the invention of the internet such teams can be assembled on-line and can work in their spare time. Couple this with the ability to be able to duplicate en mass for effectively zero cost makes this form of development very effective.
In the end, the programmer has to get paid or they can't make a living off it. What we're seeing is the destruction of huge profit margins and the market force establishing the 'true' value of a programmer.
Simon
The RIAA expects the customers to hand over cash for overpriced CDs, appealing to morality for justification, and yet in act of gross duplicity it gives libraries crud just to spite them because they lost a court case. This isn't about morals, it isn't even about the artists.. it's about the bloody dollars.
Don't get me wrong. I don't support piracy but the RIAA's approach isn't exactly making me willing me to go out and buy their dross. Fear not, technology has destroyed industries before. The nice thing to know is that it's usually pretty ruthless in that it takes no prisoners. I doubt the RIAA will be the exception. No amount of law making saved the canal boats from the invention of the automobile.
We now have the infrastructure to pay the artist not the army of lawyers, executives and other useless staff. I think all artists would prefer a return to the music and less of the obsession with the dollars. I'd be more willing to fork out the dollars (will pounds in my case) if I knew the artist was the key beneficiary?
Simon.
So which is it, secure communications or communications that can be spied on? It can't be both.
It can be and is both. Secure is an adjective - without context it's meaningless. In the context of a traditional factoring/discrete log based key exchange protocol then quantum computers will see a swift end to that period of history. Shors algorithm can factor in the worst case in around log(n)^3 time and log(n) space.
As for other ciphers, such as AES, i'd say it's fairly likely that there will be clever attacks using Quantum computers against these traditional designs but I doubt the attacks will capture be general enough to attack all ciphers you can make on a conventional computer.
At any rate the problem of keeping a message secret has been solved for the best part of a 90 years in the form of the Vernam Cipher. Even a quantum computer can't break this construction. The problem with it is that the key is the same length as the text you want to encrypt. If you have a secure channel capable of moving a n-bit key between two people then why not move the actualy message?
What's interesting is that someone discovered how to make a quantum mechanical channel that allows you to agree bits for use with a Vernam cipher that can detect when anyone trys to eavesdrop on the line. This channel only allows you to communicate random bits between each other but that's okay because we can use the Vernam cipher to protect a message with actual meaning and obtain perfect secrecy.
Since you can tell if a bit has been read by a third-part you can be safe in the knowledge that you have in fact swapped your key in secrecy and thus the message is unreadable.
Simon
If people running windows were not so used to running as admin, this would not be a fundemental problem. If Windows was more friendly to being used as a multi user system, then only the os would be the bottleneck (although still a significant one) in making a system secure. I mean, running a browser should be a fairly secure activity, after all, it is such a basic part of every day computer use.
I recommend this simple security fix to Microsoft. Do not allow the administrator account access to internet IPs by default. I'd wager that security problems would be greatly diminished.
Simon
How secure is AES 128+ bits anyway? MPEG streams have a pretty regular pattern that offers a lot hints to cryptanalysts. I wouldn't bet on the security of a system that encrypts 2-8 GB of data with such a regular pattern!
If I gave you the transcript of everything ever said by every human that has ever lived and encrypted it with a random key and gave you the resulting cipher-text you'd still have to try 2^127 keys on average to recover the key .Knowing patterns in the plain-text doesn't help you at all!
In fact, even if you could choose what you wanted encrypted under my secret random key and I gave you the resulting encrypted text then even after billions of terrabytes you still wouldn't have any clue what the key is.
AES is a strong cipher by anyone's definition.
Simon.
That should harden the box pretty effectively.
Simon.
<paranoia>This may lead to a key recovery by just comparing the encrypted OS and the unencrypted OS.</paranoia>
No.. almost all decent encryption algorithms are secure against this "known plain-text" attack. AES (and all decent ciphers) can withstand attacks where the attacker can choose the plain-text to be encrypted and then is given the result.
Simon.
Did anyone else notice the CSS/Drawing bug on Slashdot where the side panel overlapped the side panel slightly. That bug has been fixed in this release.
:D
I love firefox
Si.
I have a little different opinion to the article. The reason for the death of the API is probably GNU/Linux. A closed set of poorly documented APIS .NET is the halfway house..
doesn't compare to much to "We'll give you the source code" -
It's open and documented such that developers feel comfortable using it and feel like they're getting a powerful suite. It's closed enough such that Microsoft can maintain an effective monopoly on the framework
because projects like Mono will always be playing catch-up to some extent.
One thing that Microsoft hope doesn't happen is Mono becoming the defacto standard and not the MS framework.
That patent warchest of theirs is probably set aside for that particularly eventuality.
Simon.
No they're not bundeling this one but be sure as hell they'll use secret APIs in their package and the virus checker that currently work fine with see either diminished performance or just simply break.
Microsoft are generally not very good at the competition game but they are good at crushing people with dodgy business practices.
Simon.
This raise alot of questions. The key question is What does a pHD actually mean?
If pHD is meant to be a sign of knowledge in the subject then this shows i surely
the counter example show this is not the case.
I mean that You can't strip someone of knowledge. It's true that he may have faked data but he certainly had
detailed knowledge of the field and I strongly suspect his thesis did not contain any errors. His thesis would have
demanded more critical examination than a research paper. So i think it's fair to say that he earned that pHD
Is it right for a discredited man to have his pHD removed? Is it right that popular opinion can determine how
qualified someone is to make a statement in their field?
These are questions I find hard to answer.
Simon.