To circumvent The New York Times required "free registration," click here.
Another Winderful innovation by the wonderful PhD's at Google! (http://www.google.com)
Yes, they are really great, are they not?
I have heard they are working on the new
"reversed filtering"
(or "negative filtering")
option of
on images.google.com's
SafeSearch.
Now, that is what I call innovation!
The link on the website points
to mmdsetup.exe--what's wrong with that?
Please don't tell me it cannot run on ScummVM
after unpacking... Just-- don't tell me!
If some of you don't already know,
ScummVM
(available at scummvm.sf.net)
is
"a 'virtual machine' for several classic graphical point-and-click adventure
games. It is designed to run: Adventure Soft's
Simon the Sorcerer 1 and 2; Revolution's
Beneath A Steel Sky, Broken Sword 1 and Broken Sword 2; Flight of the Amazon Queen;
and games based on LucasArts'
SCUMM (Script Creation Utility for Maniac
Mansion) system. SCUMM is used for many games,
including Monkey Island, Day of the Tentacle, Sam and Max and more.
Compatibility with supported games is continually improving, so check back often." -- from www.scummvm.sourceforge.net.
The link on the website points
to mmdsetup.exe--what's
wrong with that?
Please don't tell me it cannot run on ScummVM
after unpacking...
Just-- don't tell me!
I can assure you that my hands are hardly funky, for my tilde is right next to number one, exactly between escape and tabulator.
On a standard US keyboard that will produce a backtick (`) rather than a tilde.
On a standard US keyboard pressing "3" will produce the number three
(3) rather than the octothorpe... Unless one holds
(or otherwise activates the state of)
the shift key. The same goes for $%^&* et cetera.
Don't forget BlueEyedOS: a BeOS-inspired operating system powered by a Linux kernel.
IMHO a very good approach, as using the Linux kernel and XFree86 will take care of the lack-of-drivers problem that the original BeOS had. Also, this will give it decent OpenGL performance for free, which was also one of the weak points of the original BeOS (and will be one of the other sucessors).
That's a very good idea.
We should also use rxvt and bash and GNU
fileutils, textutils and other command line tools
and Perl to give it a decent CLI.
Also, APT could be used as a great
package management system.
That should solve most of the weak points of the original BeOS.
I know, let's call it Bebian GNU/Linux!
Well, Euro banknotes already have unique codes printed on them. E.g. I've got here one starting with X0688...
OK, they want software to stop working when it detects money?
Good. Let's all start inserting
The EURion Constellation [1]everywhere we can,
on our websites, on our t-shirts, on our cars and
literally everywhere. Then, when people start noticing that they cannot print their God damned holiday photos because there is some jerk with some freaking dots on his t-shirt on them, maybe they will stop using software inluding this stupid black-box banknote detection code. We can do it, people.
[1] It's a Google link, I don't want to link directly to eurion.pdf
to avoid slashdotting the server.
Please tell me,
"to revamp" is a verb from "revenge," isn't it?
Why do I always have bad feelings when I read
"Microsoft,"
"licensing,"
"competition" and
"Linux"
in the same sentence?
I must be paranoid or something.
(By the way,
wouldn't it make more sense if the link
"as Reuters article suggests"
actually pointed to
the Reuters article instead of the Yahoo
link which suspiciously looks like
pay-per-click partnership program URL?)
Such a headline always sounds like good news.
Let me guess... This new Microsoft licensing plans
will be good for customers,
good for competition and especially good for free software
including, but not limited to, GNU GPL,
and there will be lots of positive feedback on Slashdot,
am I right? Am I right? Please tell me I am!
OK, I'll RTFA... Somehow I have a bad feeling, I don't know why...
It must be that tin-foil hat and all that, I guess... *sigh*
Note to self:
in order to permanently disable any dutch server
(naturally excluding known large email servers)
or client, send two Blaster
UDP packets with spoofed source IP
to one of a number of dutch ISPs
using virbl.
Seriously,
this is truly amazing.
I have never heard of any other DoS attack
in history which would need sending only one IP packet
every 12 hours.
Even 20000x smurf amplifier
on a class-B broadcast
saturating the entire T3 I once saw
looks like nothing compared to
the possibilities
of exploiting this "worm blocking" system,
which is much easier, cleaner and quieter than anything
I have seen before.
Truly amazing.
~ is used as the one's complement in C. Reference: K&R2, p. 49. P.S. *I* don't use the one's complement much, but then I don't do a lot of low-level programming.
Yes. It is also used in Unix shells as a shorthand for $HOME environment variable.
In Perl unary ~ performs bitwise negation,
binary =~
binds a scalar expression to a pattern match,
binary !~ binds a scalar expression to a pattern match
with return value negated in the logical sense,
and in Perl 6 where already non-ASCII
Unicode characters not present on standard keyboard are
being used after using all of the characters on US keyboard,
unary ~ imposes a string context on its argument,
binary ~ is a string concatenation operator
with ~= assignment operator,
~&, ~| and
~^ are charwise (string) AND, OR and XOR operators
with ~&=, ~|= and ~^=
assignment versions,
there is also smartmatch ~~ operator and
its negated version !~...
Yes, I know it! Still,
the concerned reader might not be a hacker and thus have little use for the tilde key.
(Hint: Score:5, Funny)
The US keyboard has # above the 3, where the pound sign should be. That is why they often mistakenly call # 'pound' instead of octothorpe (official designation) or hash (common colloquial term) or sharp (Microsoftism).
Actually, this is hardly microsoftism,
though Microsoft makes total fools out of themselves
writing "C#" and saying "C sharp."
The sharp sign is used in music
(as in Waltz No. 7 in C sharp minor, Op. 64 No. 2
by Frederic Chopin)
where C sharp (or Cis) means a tone between C and D
(the same as D flat, or Des) and
is a totally different glyph than octothorpe.
Octothorpe is '#' or 0x23 in ASCII and Unicode
and it has two horizontal and two diagonal lines, while
the sharp sign is 0x1d129 in Unicode
and has two vertical and two diagonal lines.
There is no sharp sign in ASCII.
See the U1D100 Unicode chart, page 3, section Accidentals with
music flat sign, music natural sign and music sharp sign.
Summary: Microsoft hasn't invented "sharp."
They are still fools nonetheless.
The last time I used the tilde key must have been yesterday, I don't know about you but, cd ~ is alot easier than typing/home/whatever. And none can forget the use of the all important backtick(`) that shares space with the tilde.
And URLs? I often use ~ multiple times daily...
Well, yes, you are technically correct.
Being a Perl programmer I use tilde (and any other punctuation mark, for that matter) more often than any single letter or digit.
Nevertheless, between my frequent uses of the tilde key,
I also try to use my (apparently poor) sense of humour
and satira for which I sincerely apologize.
It's been said before...
and I'll say it again:
If I can hear it, I can copy it.
This is very insightful.
Very insightful indeed.
Do I have to remind the 1769 history of
13 years old
Wolfgang Amadeus Mozart
(1756-1791)
and the Miserere by Gregorio Allegri
in Sistine Chapel?
I don't think so.
I believe everyone here remembers
how this one of the
unquestionably
most significant and influential composers in history,
Wolfgang Amadeus Mozart,
was the first person who has literally
circumvented the copy-protection of Sistine Chapel
with nothing more but bare ears and his pure genius.
Please let me quote Wikipedia:
Among the musical compositions of Allegri were two volumes of concerti, published in 1618 and 1619; two volumes of motets, published in 1620 and 1621; besides a number of works still in manuscript. He was one of the earliest composers for stringed instruments, and Athanasius Kircher has given one specimen of this class of his works in the Musurgia. But the most celebrated composition of Allegri is the Miserere, still annually performed in the Sistine Chapel at Rome. It is written for two choirs, the one of five and the other of four voices, and has obtained a celebrity which, if not entirely factitious, is certainly not due to its intrinsic merits alone.
The mystery in which the composition was long shrouded, no single copy being allowed to reach the public, the place and circumstances of the performance, and the added embellishments of the singers, account to a great degree for much of the impressive effect of which all who have heard the music speak. This view is confirmed by the fact that, when the music was performed at Venice by permission of the pope, it produced so little effect that the emperor Leopold I, Holy Roman Emperor., at whose request the manuscript had been sent, thought that something else had been substituted. In spite of the precautions of the popes, the Miserere has long been public property.
In 1769 Mozart heard it and wrote it down, and in 1771 a copy was procured and published in England by Dr Burney. The entire music performed at Rome in Holy Week, Allegri's Miserere included, has been issued at Leipzig by Breitkopf and Härtel. Interesting accounts of the impression produced by the performance at Rome may be found in the first volume of Felix Mendelssohn's letters and in Miss Taylor's Letters from Italy.
It is worth repeating:
If I can hear it, I can copy it.Amen.
Wolfgang Amadeus Mozart
himself has proved it
in the age of 13.
Could we really need any better proof?
Could there even be any better proof?
Please keep in mind that
there is more complexity and beauty
in every minute of
Allegri's Miserere than in the whole
content produced by RIAA in any year.
Let us not forget this very important fact.
So now people will have to
send digital photographs of their fingerprint together with
digital content, so people could reproduce it
Tsutomu Matsumoto style:
"His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time."
I wonder how long before the first universal fingerprint starts circulating like proprietary software activation codes do today.
In practical terms, VeriTouch's breakthrough in anti-piracy technology means that no delivered content to a customer may be copied, shared or otherwise distributed because each file is uniquely locked by the customer's live fingerprint scan.
Let me guess...
Those geniuses from VeriTouch haven't read
this 1998 essay by Bruce Schneier, have they?
So... They have finally invented a working copy-prevention technique.
Bravo. I've been waiting for literally decades.
Have they also invented a lossless compression of random data by any chance? Because it would be great if they had.
It would make my network faster. Also, I would like a pony.
My God, what a waste of time...
Very recently,
to my unimaginable surprise,
I have noticed that I haven't used
the tilde key
for any purpose other than hitting it by accident.
I know that
once upon a time people were using the tilde key.
They were using it like there was no tomorrow.
I don't use it now, though, which makes me very sad.
Does the tilde key serve any purpose any more?
Does it still serve any purpose whatsoever?
If not, will it ever serve a purpose?
Will it ever make any sense?
If not, should it be removed, moved, or replaced?
If so, will we be able to see it in museum?
What if later I find some use for this key,
but it will have been gone long ago? What then?
What will be the future of this little key?
What, I ask?
Thank you very much, Slashdot, for your answer!
Sincerely, Concerned reader.
P.S. I love reading Slashdot and especially the Ask Slashdot section, when people always ask so interesting questions! THANK YOU VERY MUCH! (Oh, God damn it! I used caps lock!)
I occasionally use it for shouting on people who wrongly insist on considering it dead. But funny jokes aside,
I use it for writing very complex SQL queries, like SELECT x FROM t WHERE x > 0 etc. where it is much easier to use shift for relatively uncommon lowercase characters than for relatively common uppercase ones.
Furthermore, even more importantly, when I invert the shift state in my keyboard driver I lock caps lock to neutralize this effect on alphabetical characters, so when I am writing in Perl I don't have to hit shift to write
~!@#$%^&*()_+|{}:"et al
which are much more common than decimal numbers et cetera.
Caps lock is absolutely crucial here, because I
don't want to write in uppercase letters,
except for SQL.
It would be impossible without caps lock.
Caps lock might be an old techonogy but it is still
a very convenient one, just like num lock and
especially scroll lock.
Finally we have something which is not vulnerable to the rubber-hose cryptanalysis. Now the attackers can brute-force me as hard and as long as they want and I will not be able to tell them my password even if I want to! Now I feel totally safe, because even in the case of the most inhumane torturing, I will take my password to my grave. It's like using fingerprints in ATMs so the thief has to cut my finger off instead of taking my ATM card in order to steal my money, except for the lack of
gelatin exploit. This is great news. I can stop recommending Password Safe to my users now.
If you're going to boycott LinuxToday, you're also going to need to
boycott the OSDN which runs many of the same ads.
Hmmm. Has/. has signed on to the boycott?
I don't care!
I am not going to boycott Linux--not
today, not ever!
For me it is clear
that I should use Linux even though people like Darl McBride want otherwise. I just don't care!
Personally, I use one called djbdns. It's extremely small and basically bug free! The author actually will pay $50,000 to whoever finds the first exploit in it or something.
"I offer $500 to the first person to publicly report a verifiable security hole in the latest version of djbdns."
$500 is hardly $50,000 but even if it was $50,000,
please keep in mind that a hypothetical non-public exploit
of tinydns would be worth much more than $50,000
for anyone who would want to use it seriously.
Please remember that by compromising DNS server you can effectively
control mail and websites, even without compromising the mail and web servers themselves. I have already seen web traffic for compromised domains routed through proxy servers controlled by attackers (or smtp traffic redirected via external relays, for that matter). This might be very powerful and can be quite hard to detect, especially when you provide correct dns info to internal network.
With all due respect to D. J. Bernstein,
even though I do believe that his name server
is probably the most secure one in use today,
his cracking contest is hardly meaningful.
There is an interesting article,
The Fallacy of Cracking Contests
by Bruce Schneier, published in
the December 1998 issue of
The Crypto-Gram Newsletter:
You see them all the time: "Company X offers $1,000,000 to anyone
who can break through their firewall/crack their algorithm/make a
fraudulent transaction using their protocol/do whatever." These are
cracking contests, and they're supposed to show how strong and secure the
target of the contests are. The logic goes something like this: We
offered a prize to break the target, and no one did. This means that the
target is secure.
It doesn't.
Contests are a terrible way to demonstrate security. A
product/system/protocol/algorithm that has survived a contest unbroken is
not obviously more trustworthy than one that has not been the subject of a
contest. The best products/systems/protocols/algorithms available today
have not been the subjects of any contests, and probably never will be.
Contests generally don't produce useful data. There are three basic
reasons why this is so.
1. The contests are generally unfair.
Cryptanalysis assumes that the attacker knows everything except the
secret. He has access to the algorithms and protocols, the source code,
everything. He knows the ciphertext and the plaintext. He may even know
something about the key.
And a cryptanalytic result can be anything. It can be a complete break:
a result that breaks the security in a reasonable amount of time. It can
be a theoretical break: a result that doesn't work
"operationally," but still shows that the security isn't as good
as advertised. It can be anything in between.
Most cryptanalysis contests have arbitrary rules. They define what the
attacker has to work with, and how a successful break looks. Jaws
Technologies provided a ciphertext file and, without explaining how their
algorithm worked, offered a prize to anyone who could recover the
plaintext. This isn't how real cryptanalysis works; if no one wins the
contest, it means nothing.
Most contests don't disclose the algorithm. And since most
cryptanalysts don't have the skills for reverse-engineering (I find it
tedious and boring), they never bother analyzing the systems. This is why
COMP128, CMEA, ORYX, the Firewire cipher, the DVD cipher, and the Netscape
PRNG were all broken within months of their disclosure (despite the fact
that some of them have been widely deployed for many years); once the
algorithm is revealed, it's easy to see the flaw, but it might take years
before someone bothers to reverse-engineer the algorithm and publish it.
Contests
What does it mean to own an "acre" of "land" that doesn't actually exist? If it's purely virtual, how can there be a shortage of land? Can something with a literally infinate supply be a commodity like REAL land is?
[...] it's stupid to pay for something that you cannot verify what you're actually buying, is in infinate supply (at least in theory) and otherwise holds no intrinsic value...
Interestingly enough this is exactly the reason why I never "buy" proprietary software (which I would never "own" anyway).
Very interesting and insightful.
Slashdot Mirror
Yes, they are really great, are they not? I have heard they are working on the new "reversed filtering" (or "negative filtering") option of on images.google.com's SafeSearch. Now, that is what I call innovation!
If some of you don't already know, ScummVM (available at scummvm.sf.net) is "a 'virtual machine' for several classic graphical point-and-click adventure games. It is designed to run: Adventure Soft's Simon the Sorcerer 1 and 2; Revolution's Beneath A Steel Sky, Broken Sword 1 and Broken Sword 2; Flight of the Amazon Queen; and games based on LucasArts' SCUMM (Script Creation Utility for Maniac Mansion) system. SCUMM is used for many games, including Monkey Island, Day of the Tentacle, Sam and Max and more. Compatibility with supported games is continually improving, so check back often." -- from www.scummvm.sourceforge.net.
With ScummVM you can play Maniac Mansion (original), Maniac Mansion (enhanced), Zak McKracken and the Alien Mindbenders (original), Zak McKracken and the Alien Mindbenders (enhanced), Zak McKracken and the Alien Mindbenders (256 - FmTowns), Indiana Jones and the Last Crusade, Indiana Jones and the Last Crusade (256), Indiana Jones and the Last Crusade (256 - FmTowns), Loom, Loom (256 - FmTowns), The Secret of Monkey Island (EGA), Passport to Adventure (Indy3, Monkey and Loom demos), Loom (256 color CD version), The Secret of Monkey Island (VGA Floppy), The Secret of Monkey Island (VGA CD), The Secret of Monkey Island (Alternative VGA CD), The Secret of Monkey Island (Sega CD), Monkey Island 2: LeChuck's revenge, Monkey Island 2: LeChuck's revenge (DOS Demo), Indiana Jones 4 and the Fate of Atlantis, Indiana Jones 4 and the Fate of Atlantis (Demo), Putt-Putt Joins The Parade (DOS Demo), Putt-Putt Joins The Parade (DOS), Putt-Putt Goes To The Moon (DOS Demo), Putt-Putt Goes To The Moon (DOS), Putt-Putts Fun Pack,
The link on the website points to mmdsetup.exe--what's wrong with that? Please don't tell me it cannot run on ScummVM after unpacking... Just-- don't tell me!
To circumvent The New York Times required "free registration," click here.
It's funny how "octothorpe" and "sharp" sound a lot like "octopus" and "shark," is it not? I, for one, find it truly hilarious!
On a standard US keyboard pressing "3" will produce the number three (3) rather than the octothorpe... Unless one holds (or otherwise activates the state of) the shift key. The same goes for $%^&* et cetera.
That's a very good idea. We should also use rxvt and bash and GNU fileutils, textutils and other command line tools and Perl to give it a decent CLI. Also, APT could be used as a great package management system. That should solve most of the weak points of the original BeOS. I know, let's call it Bebian GNU/Linux!
OK, they want software to stop working when it detects money? Good. Let's all start inserting The EURion Constellation [1] everywhere we can, on our websites, on our t-shirts, on our cars and literally everywhere. Then, when people start noticing that they cannot print their God damned holiday photos because there is some jerk with some freaking dots on his t-shirt on them, maybe they will stop using software inluding this stupid black-box banknote detection code. We can do it, people.
[1] It's a Google link, I don't want to link directly to eurion.pdf to avoid slashdotting the server.
"Microsoft Revamps Licensing Plans"
Please tell me, "to revamp" is a verb from "revenge," isn't it? Why do I always have bad feelings when I read "Microsoft," "licensing," "competition" and "Linux" in the same sentence? I must be paranoid or something.
(By the way, wouldn't it make more sense if the link "as Reuters article suggests" actually pointed to the Reuters article instead of the Yahoo link which suspiciously looks like pay-per-click partnership program URL?)
"Microsoft Revamps Licensing Plans"
Such a headline always sounds like good news. Let me guess... This new Microsoft licensing plans will be good for customers, good for competition and especially good for free software including, but not limited to, GNU GPL, and there will be lots of positive feedback on Slashdot, am I right? Am I right? Please tell me I am! OK, I'll RTFA... Somehow I have a bad feeling, I don't know why... It must be that tin-foil hat and all that, I guess... *sigh*
Note to self: in order to permanently disable any dutch server (naturally excluding known large email servers) or client, send two Blaster UDP packets with spoofed source IP to one of a number of dutch ISPs using virbl.
Seriously, this is truly amazing. I have never heard of any other DoS attack in history which would need sending only one IP packet every 12 hours. Even 20000x smurf amplifier on a class-B broadcast saturating the entire T3 I once saw looks like nothing compared to the possibilities of exploiting this "worm blocking" system, which is much easier, cleaner and quieter than anything I have seen before. Truly amazing.
Yes. It is also used in Unix shells as a shorthand for $HOME environment variable. In Perl unary ~ performs bitwise negation, binary =~ binds a scalar expression to a pattern match, binary !~ binds a scalar expression to a pattern match with return value negated in the logical sense, and in Perl 6 where already non-ASCII Unicode characters not present on standard keyboard are being used after using all of the characters on US keyboard, unary ~ imposes a string context on its argument, binary ~ is a string concatenation operator with ~= assignment operator, ~&, ~| and ~^ are charwise (string) AND, OR and XOR operators with ~&=, ~|= and ~^= assignment versions, there is also smartmatch ~~ operator and its negated version !~... Yes, I know it! Still, the concerned reader might not be a hacker and thus have little use for the tilde key. (Hint: Score:5, Funny)
Actually, this is hardly microsoftism, though Microsoft makes total fools out of themselves writing "C#" and saying "C sharp." The sharp sign is used in music (as in Waltz No. 7 in C sharp minor, Op. 64 No. 2 by Frederic Chopin) where C sharp (or Cis) means a tone between C and D (the same as D flat, or Des) and is a totally different glyph than octothorpe. Octothorpe is '#' or 0x23 in ASCII and Unicode and it has two horizontal and two diagonal lines, while the sharp sign is 0x1d129 in Unicode and has two vertical and two diagonal lines. There is no sharp sign in ASCII. See the U1D100 Unicode chart, page 3, section Accidentals with music flat sign, music natural sign and music sharp sign. Summary: Microsoft hasn't invented "sharp." They are still fools nonetheless.
Well, yes, you are technically correct. Being a Perl programmer I use tilde (and any other punctuation mark, for that matter) more often than any single letter or digit. Nevertheless, between my frequent uses of the tilde key, I also try to use my (apparently poor) sense of humour and satira for which I sincerely apologize.
I can assure you that my hands are hardly funky, for my tilde is right next to number one, exactly between escape and tabulator.
This is very insightful. Very insightful indeed. Do I have to remind the 1769 history of 13 years old Wolfgang Amadeus Mozart (1756-1791) and the Miserere by Gregorio Allegri in Sistine Chapel? I don't think so. I believe everyone here remembers how this one of the unquestionably most significant and influential composers in history, Wolfgang Amadeus Mozart, was the first person who has literally circumvented the copy-protection of Sistine Chapel with nothing more but bare ears and his pure genius. Please let me quote Wikipedia:
It is worth repeating: If I can hear it, I can copy it. Amen. Wolfgang Amadeus Mozart himself has proved it in the age of 13. Could we really need any better proof? Could there even be any better proof? Please keep in mind that there is more complexity and beauty in every minute of Allegri's Miserere than in the whole content produced by RIAA in any year. Let us not forget this very important fact.
So now people will have to send digital photographs of their fingerprint together with digital content, so people could reproduce it Tsutomu Matsumoto style:
"His more interesting experiment involves latent fingerprints. He takes a fingerprint left on a piece of glass, enhances it with a cyanoacrylate adhesive, and then photographs it with a digital camera. Using PhotoShop, he improves the contrast and prints the fingerprint onto a transparency sheet. Then, he takes a photo-sensitive printed-circuit board (PCB) and uses the fingerprint transparency to etch the fingerprint into the copper, making it three-dimensional. (You can find photo-sensitive PCBs, along with instructions for use, in most electronics hobby shops.) Finally, he makes a gelatin finger using the print on the PCB. This also fools fingerprint detectors about 80% of the time."
I wonder how long before the first universal fingerprint starts circulating like proprietary software activation codes do today.
In practical terms, VeriTouch's breakthrough in anti-piracy technology means that no delivered content to a customer may be copied, shared or otherwise distributed because each file is uniquely locked by the customer's live fingerprint scan.
Let me guess... Those geniuses from VeriTouch haven't read this 1998 essay by Bruce Schneier, have they? So... They have finally invented a working copy-prevention technique. Bravo. I've been waiting for literally decades. Have they also invented a lossless compression of random data by any chance? Because it would be great if they had. It would make my network faster. Also, I would like a pony. My God, what a waste of time...
Dear Slashdot,
Very recently, to my unimaginable surprise, I have noticed that I haven't used the tilde key for any purpose other than hitting it by accident. I know that once upon a time people were using the tilde key. They were using it like there was no tomorrow. I don't use it now, though, which makes me very sad. Does the tilde key serve any purpose any more? Does it still serve any purpose whatsoever? If not, will it ever serve a purpose? Will it ever make any sense? If not, should it be removed, moved, or replaced? If so, will we be able to see it in museum? What if later I find some use for this key, but it will have been gone long ago? What then? What will be the future of this little key? What, I ask?
Thank you very much, Slashdot, for your answer!
Sincerely,
Concerned reader.
P.S. I love reading Slashdot and especially the Ask Slashdot section, when people always ask so interesting questions! THANK YOU VERY MUCH! (Oh, God damn it! I used caps lock!)
I occasionally use it for shouting on people who wrongly insist on considering it dead. But funny jokes aside, I use it for writing very complex SQL queries, like SELECT x FROM t WHERE x > 0 etc. where it is much easier to use shift for relatively uncommon lowercase characters than for relatively common uppercase ones. Furthermore, even more importantly, when I invert the shift state in my keyboard driver I lock caps lock to neutralize this effect on alphabetical characters, so when I am writing in Perl I don't have to hit shift to write ~!@#$%^&*()_+|{}:" et al which are much more common than decimal numbers et cetera. Caps lock is absolutely crucial here, because I don't want to write in uppercase letters, except for SQL. It would be impossible without caps lock. Caps lock might be an old techonogy but it is still a very convenient one, just like num lock and especially scroll lock.
Finally we have something which is not vulnerable to the rubber-hose cryptanalysis. Now the attackers can brute-force me as hard and as long as they want and I will not be able to tell them my password even if I want to! Now I feel totally safe, because even in the case of the most inhumane torturing, I will take my password to my grave. It's like using fingerprints in ATMs so the thief has to cut my finger off instead of taking my ATM card in order to steal my money, except for the lack of gelatin exploit. This is great news. I can stop recommending Password Safe to my users now.
Probably from autopsy.
...can coexist, fortunately.
I don't care! I am not going to boycott Linux--not today, not ever! For me it is clear that I should use Linux even though people like Darl McBride want otherwise. I just don't care!
You might want to read the first line of the djbdns security guarantee:
$500 is hardly $50,000 but even if it was $50,000, please keep in mind that a hypothetical non-public exploit of tinydns would be worth much more than $50,000 for anyone who would want to use it seriously. Please remember that by compromising DNS server you can effectively control mail and websites, even without compromising the mail and web servers themselves. I have already seen web traffic for compromised domains routed through proxy servers controlled by attackers (or smtp traffic redirected via external relays, for that matter). This might be very powerful and can be quite hard to detect, especially when you provide correct dns info to internal network.
With all due respect to D. J. Bernstein, even though I do believe that his name server is probably the most secure one in use today, his cracking contest is hardly meaningful. There is an interesting article, The Fallacy of Cracking Contests by Bruce Schneier, published in the December 1998 issue of The Crypto-Gram Newsletter:
Interestingly enough this is exactly the reason why I never "buy" proprietary software (which I would never "own" anyway). Very interesting and insightful.