No, it is not. A cryptosystem is only as strong as its weakest link. In Quantum Cryptography the weakest link is not the actual encryption but the authentication of both parties. If Eve pretends to be Bob to Alice and vice versa, Quantum Cryptography can be broken faster than the Caesar code this Italian mafioso was using.
Won't building a model based on an equation automatically prove a theory that is based on that equation?
No. In Physics a theory makes claims that can be falsified by an experiment. The theory (general relativity) is already there and the experiments will be carried out by LIGO and LISA (the latter having been delayed indefinitely thanks to Bush's plans).
However, we strongly assume that General Relativity must break down at some point and give way to some theory of quantum gravity. There are several such theories and we simply don't know which is correct, if any. So if one of these experiments showed a deviation from general relativity that would be very exciting.
If you explain exactly what is being patched, then you give the hackers a pretty clear roadmap of what they need to do to exploit all of the unpatched systems, don't you?
You do that already by providing a patch. The bad guys will simply look at the differences of the binaries and find out what has been patched. So instead of helping the good guys, Microsoft gives an information advantage to the bad guys.
If they have to make the source available under the GPL, then it's child's play to unhook the DRM, yes?
Probably. However, in most jurisdictions it would be illegal to distribute such a stripped version thanks to those aggressive anti-curcumvention legislation that now exists in many countries. And I don't think a great deal of people would switch to compiling their own packages to remove the restrictions.
The GPL cannot prevent this. While it forbids that the distributor places additional contraints it cannot do anything about local laws. In such cases, software freedom is denied by the state.
Suddenly we see why the anti-DRM clauses in GPLv3 aren't such a bad idea after all.
I think the author of the editorial makes a rather trivial point. (They could have made the point a lot stronger, pointing out that malware, spyware, adware, trojans, etc., are all able to be run from within unprivileged user-space.)
I don't think it's a trivial point as there are many people who don't get it that reducing privileges isn't a solution.
(a) Smaller target.
That point is becoming more and more moot due to things like Metasploit.
(b) Remote exploits. This, I think, is a lesser issue, but not a trivial one--there are a considerable number of remote exploits in Microsoft software, and there have been a non-trivial number of viruses and malware that spread through this vector.
I think the key question is to determine the ways the PC of an average user gets compromised and decide which OS does a better job in preventing these attack vectors.
In my experience, there are two major ways a Windows box gets owned, either by a remote exploit or by tricking the user into running malicious code. As you say, *NIX wins the first category, although Microsoft is slowly catching up.
The second category is much more interesting, however. Under *NIX, it usually requires pretty much knowledge if you want to execute third-party code (unless some brain-dead distribution registers wine as the default handle for EXE files).
Wikipedia is (mostly) hosted in the US. The German court does not have jurisdiction. End of story. They can do whatever they want to the wikipedia.de domain, but de.wikipedia.org as well as the actual content is totally unaffected.
I wouldn't be too sure about that. If Jimbo decides to ignore this issue, Wikimedia Germany might face paying fines and damages since the original offender is out of reach. German law has some provisions allowing this and they are enforced quite often, especially when dealing with links to sites in another jurisdiction.
"In particular, Aichmann and Nimtz have recently transmitted Mozart's 40th Symphony as frequency modulated microwaves through an 11.4 cm length of barrier wave guide at an FTL group velocity of 4.7 c, receiving audibly recognizable music from the microwave photons that survived their barrier passage. The transit time through the barrier was about 81 picoseconds and was observed to be constant for barriers with widths varying from 4.0 cm to 11.4 cm."
Nimtz is a clever PR guy but a lousy physicist. Every physics undergrad should know that both the group and phase velocity of electromagnetic waves can have arbitrary values and that this doesn't contradict special relativity. The important question is how fast information is being transmitted and for this neither the group nor the phase velocity is suitable.
Undue harshness given the state of the literature. It *has* been reproduced extensively, so those comments are completely incorrect; the main controversy is about the level of radiation emitted. Subsequent experiments in better conditions have reduced much of the criticism.
Do you have any references of experiments carried out to verify Taleyarkhan's observations?
I would have to say that Eclipse is one of the most important open source projects out there. Thousands of developers use the Eclipse IDE for day to day developement of enterprise Java applications.
How can a Java IDE be one of the most important Open Source projects when there is no usable Open Source Java implementation available?
5.91 (19) The coding for the software that is used to operate the system on election day and to tally the votes cast is publicly accessible and may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election.
This is somewhat less than what is usually meant by the term "Open Source". But it seems that at least voting machines running a completely closed operating systems are ruled out.
Replacing one religion with another doesn't help a bit. Quantum Mechanics is not predictible, and thus fails at the test of being a science by your own rules.
This is utter nonsense. For example, quantum mechanics allows a precise calculation of the gyromagnetic factor of the electron, which is the most accurately measured natural constant at the moment.
Wouldn't a qubyte just provide an indeteminate number of somewhere between 0 and 255 zombie cats?
Correct. What was meant here is that the unitary matrix describing the evolution of the system has N^2-1 independent entries. For the qubits, they simply used two different eigenstates of the Calcium ions as described in their paper in Nature.
The guy raises an interesting point when he says that it's impossible to get support for heavily patched code. That's true but he misses the most important rule of Free Software Development: get your patches included upstream.
You won't have to do as much maintenance work and can concentrate on new features or a different task. And of course, you don't have to patch all installations once you want to upgrade to a new upstream version.
BTW: Try to get that done with proprietary software (given that they let you modify the code at all).
The biggest problem is the changeover. You could probably do it in 15 minutes or so, but getting to each keyboard with a soldering iron for that time in a busy hotel would be difficult if you don't want to rent each room in turn.
Nice idea. Wouldn't be it much easier to just use a USB keylogger? However, keystrokes (i.e. username and password combinations) are probably not that valuable information so that the earnings would cover your expenses.
How about this: knock at an occupied hotel room (preferably dressed like the hotel staff) and say that you have to take the PC to do some maintenance work. Take one of those WiFi devices with two USB ports and put it inside of the computer's case. Replace the PC's USB connectors so they lead to your WiFi box and attach the second USB port to a "real" port.
If the WiFi box is running a customized kernel that simply routes the USB communication to the PC, you could sniff the traffic. Even better would be to read out the whole USB disk and send it over the wireless link to a machine that stores all the data. Do that for every room and you recieve all confidential data from every person that uses one of these PCs
How, then, would you propose to sell "digital media"? If you don't like the per-copy scheme, describe a scheme that will work and allow all people involved to be making the same amount of money they're making now (not an unreasonable stipulation, I think).
Flat licensing based on the number of dead tree subscriptions/library size/... Saves a lot of money on DRM and doesn't cripple the product.
Sure send me to some baddie site, won't do much on my system. Whatever malware sent down the pipe to me can't do anything to change my system (C:\WINDOWS).
It still can transform your machine into a zombie host spreading spam and performing dDoS attacks. Or change some numbers in your precious documents. Or insert a backdoor into the piece of code you just wrote.
The "Don't work as superuser" doctrine is often greatly overestimated.
Perhaps it will really provide a solid way to distribute software seamlessly.
Given how many of the recently discovered vulnerabilities were in the JavaScript or ActiveScript part of the browser, this indeed seems to be a good idea for seamless malware distribution.
Slashdot Mirror
We wiped the machine with an industrial strength removal program,
s /secmgmt/sm0504.mspx
http://www.microsoft.com/technet/community/column
installed Firefox, locked it down, and asked her to go out to the same website. NOTHING - not one single piece of spyware - got through on Firefox.
You were simply lucky, Firefox currently has an unpatched remote hole as well.
Sorry, but this *is* unbreakable.
No, it is not. A cryptosystem is only as strong as its weakest link. In Quantum Cryptography the weakest link is not the actual encryption but the authentication of both parties. If Eve pretends to be Bob to Alice and vice versa, Quantum Cryptography can be broken faster than the Caesar code this Italian mafioso was using.
Won't building a model based on an equation automatically prove a theory that is based on that equation?
No. In Physics a theory makes claims that can be falsified by an experiment. The theory (general relativity) is already there and the experiments will be carried out by LIGO and LISA (the latter having been delayed indefinitely thanks to Bush's plans).
However, we strongly assume that General Relativity must break down at some point and give way to some theory of quantum gravity. There are several such theories and we simply don't know which is correct, if any. So if one of these experiments showed a deviation from general relativity that would be very exciting.
If you explain exactly what is being patched, then you give the hackers a pretty clear roadmap of what they need to do to exploit all of the unpatched systems, don't you?
You do that already by providing a patch. The bad guys will simply look at the differences of the binaries and find out what has been patched. So instead of helping the good guys, Microsoft gives an information advantage to the bad guys.
If they have to make the source available under the GPL, then it's child's play to unhook the DRM, yes?
Probably. However, in most jurisdictions it would be illegal to distribute such a stripped version thanks to those aggressive anti-curcumvention legislation that now exists in many countries. And I don't think a great deal of people would switch to compiling their own packages to remove the restrictions.
The GPL cannot prevent this. While it forbids that the distributor places additional contraints it cannot do anything about local laws. In such cases, software freedom is denied by the state.
Suddenly we see why the anti-DRM clauses in GPLv3 aren't such a bad idea after all.
If GCSE History serves me correctly, didn't Hitler [1] do something like this?
Yup, the 1933 Enabling Act.
... why don't they use it?
Almost every PDF document on the OSDL website has been created on a Windows PC or on a Mac. Even the Desktop Linux Survey Report shows:
$ pdfinfo DTL_Survey_Report_Nov2005.pdf
Title: Microsoft Word DTL_Survey_Report_v4.doc
Creator: Word
Producer: Mac OS X 10.4.3 Quartz PDFContext
This makes it sound as if only the Enterprise servers are secure and reliable enough for business applications, which is not the case.
Novell is right. Take a look at the SLES life-cycle (7 years), which is extremely important in an enterprise environment. BTSTMT.
I think the author of the editorial makes a rather trivial point. (They could have made the point a lot stronger, pointing out that malware, spyware, adware, trojans, etc., are all able to be run from within unprivileged user-space.)
I don't think it's a trivial point as there are many people who don't get it that reducing privileges isn't a solution.
(a) Smaller target.
That point is becoming more and more moot due to things like Metasploit.
(b) Remote exploits. This, I think, is a lesser issue, but not a trivial one--there are a considerable number of remote exploits in Microsoft software, and there have been a non-trivial number of viruses and malware that spread through this vector.
I think the key question is to determine the ways the PC of an average user gets compromised and decide which OS does a better job in preventing these attack vectors.
In my experience, there are two major ways a Windows box gets owned, either by a remote exploit or by tricking the user into running malicious code. As you say, *NIX wins the first category, although Microsoft is slowly catching up.
The second category is much more interesting, however. Under *NIX, it usually requires pretty much knowledge if you want to execute third-party code (unless some brain-dead distribution registers wine as the default handle for EXE files).
Just because Jimbo is a godking over there doesn't mean he makes all the decisions. The Wikimedia Foundation has a board that includes Jimbo.
AFAIK the injunction (the first one, not the one that took wikipedia.de down) is directly addressed to him.
Wikipedia is (mostly) hosted in the US. The German court does not have jurisdiction. End of story. They can do whatever they want to the wikipedia.de domain, but de.wikipedia.org as well as the actual content is totally unaffected.
I wouldn't be too sure about that. If Jimbo decides to ignore this issue, Wikimedia Germany might face paying fines and damages since the original offender is out of reach. German law has some provisions allowing this and they are enforced quite often, especially when dealing with links to sites in another jurisdiction.
"In particular, Aichmann and Nimtz have recently transmitted Mozart's 40th Symphony as frequency modulated microwaves through an 11.4 cm length of barrier wave guide at an FTL group velocity of 4.7 c, receiving audibly recognizable music from the microwave photons that survived their barrier passage. The transit time through the barrier was about 81 picoseconds and was observed to be constant for barriers with widths varying from 4.0 cm to 11.4 cm."
Nimtz is a clever PR guy but a lousy physicist. Every physics undergrad should know that both the group and phase velocity of electromagnetic waves can have arbitrary values and that this doesn't contradict special relativity. The important question is how fast information is being transmitted and for this neither the group nor the phase velocity is suitable.
Undue harshness given the state of the literature. It *has* been reproduced extensively, so those comments are completely incorrect; the main controversy is about the level of radiation emitted. Subsequent experiments in better conditions have reduced much of the criticism.
Do you have any references of experiments carried out to verify Taleyarkhan's observations?
I would have to say that Eclipse is one of the most important open source projects out there. Thousands of developers use the Eclipse IDE for day to day developement of enterprise Java applications.
How can a Java IDE be one of the most important Open Source projects when there is no usable Open Source Java implementation available?
From TFB:
5.91 (19) The coding for the software that is used to operate the system on election day and to tally the votes cast is publicly accessible and may be used to independently verify the accuracy and reliability of the operating and tallying procedures to be employed at any election.
This is somewhat less than what is usually meant by the term "Open Source". But it seems that at least voting machines running a completely closed operating systems are ruled out.
Replacing one religion with another doesn't help a bit. Quantum Mechanics is not predictible, and thus fails at the test of being a science by your own rules.
This is utter nonsense. For example, quantum mechanics allows a precise calculation of the gyromagnetic factor of the electron, which is the most accurately measured natural constant at the moment.
What makes .NET more attractive?
The availability of an open source implementation that is actually usable.
Wouldn't a qubyte just provide an indeteminate number of somewhere between 0 and 255 zombie cats?
Correct. What was meant here is that the unitary matrix describing the evolution of the system has N^2-1 independent entries. For the qubits, they simply used two different eigenstates of the Calcium ions as described in their paper in Nature.
The guy raises an interesting point when he says that it's impossible to get support for heavily patched code. That's true but he misses the most important rule of Free Software Development: get your patches included upstream.
You won't have to do as much maintenance work and can concentrate on new features or a different task. And of course, you don't have to patch all installations once you want to upgrade to a new upstream version.
BTW: Try to get that done with proprietary software (given that they let you modify the code at all).
The biggest problem is the changeover. You could probably do it in 15 minutes or so, but getting to each keyboard with a soldering iron for that time in a busy hotel would be difficult if you don't want to rent each room in turn.
Nice idea. Wouldn't be it much easier to just use a USB keylogger? However, keystrokes (i.e. username and password combinations) are probably not that valuable information so that the earnings would cover your expenses.
How about this: knock at an occupied hotel room (preferably dressed like the hotel staff) and say that you have to take the PC to do some maintenance work. Take one of those WiFi devices with two USB ports and put it inside of the computer's case. Replace the PC's USB connectors so they lead to your WiFi box and attach the second USB port to a "real" port.
If the WiFi box is running a customized kernel that simply routes the USB communication to the PC, you could sniff the traffic. Even better would be to read out the whole USB disk and send it over the wireless link to a machine that stores all the data. Do that for every room and you recieve all confidential data from every person that uses one of these PCs
How, then, would you propose to sell "digital media"? If you don't like the per-copy scheme, describe a scheme that will work and allow all people involved to be making the same amount of money they're making now (not an unreasonable stipulation, I think).
Flat licensing based on the number of dead tree subscriptions/library size/... Saves a lot of money on DRM and doesn't cripple the product.
Lotus Notes is the *client* and yes, it is pretty much Windows-only but so is MS Outlook.
Lotus Notes runs under Linux if you use wine. IIRC IBM had to do some work to get it going, but at least since 2002 it's possible.
Sure send me to some baddie site, won't do much on my system. Whatever malware sent down the pipe to me can't do anything to change my system (C:\WINDOWS).
It still can transform your machine into a zombie host spreading spam and performing dDoS attacks. Or change some numbers in your precious documents. Or insert a backdoor into the piece of code you just wrote.
The "Don't work as superuser" doctrine is often greatly overestimated.
Perhaps it will really provide a solid way to distribute software seamlessly.
Given how many of the recently discovered vulnerabilities were in the JavaScript or ActiveScript part of the browser, this indeed seems to be a good idea for seamless malware distribution.
Next they modify the data you receive to influence your opinion.
You mean like insert_coin? They run a proxy on proxy.odem.org:7007 which makes reading Slashdot quite an interesting experience.