Incidentally, my favourite factoid about Mount Everest is that it was named after Sir George Everest (pronounced Eve-Rest, not Ever-Est)
Sir Everest was in charge of the British geographic survey of India - a country which covered far more territory in the days the British Raj than it does now...
I have seen it stated that historically it is more proper to call it Mount Qomolangma, however I doubt that name will catch on...
Cool potters job title, but is that the "I design high-tensile turboprop blades" type of ceramic engineer or the "I slipcast plates for a living" type?
(not attempting to undermine you, just wondering where you fit on the scale...)
[taken from the text of IEEE 1944: Stupid Standard Units]
One Football Field = a,b (a being area in SI units, b being country-code of usage)
One Library Of Congress (LOC) = x,y (x being defined in number of volumes held, y being seconds since founding of library) Note: For integer systems of eight bits or less which only use current era times, the variant Great Library of Alexandria (GLOA) may be used - this is egual to (zero,time) UFN
No, sorry - It's Ray and I'm in the UK...presumably you went to school with a guy named Adam who had this sorta thing going on. hope you meet again some day.
That was a very clear, well written and reasoned refutation, and you are substantially correct. In fact, IMHO it is the first post in this thread to be worthy of positive karma!
I will admit that I have taken "security by obscurity" to it's logical literal extreme here, which is indeed an ideosyncracy of mine. It's not that I'm particularly trolling - It was originally because someone disagreed with my assertion that RSA was not secure in an absolute sense, which I (still) believe is utter tripe.
In fact it's mostly that I won't back down from an argument just because someone tells me I'm wrong unless someone responds to what I have written, and not to what they think they have read. I am, however, happy to injure their prejudices with the cognitive dissonance of unusual usage to get my point across...and while I may be being disingenous I am only returning the favour.
I don't mean to confuse people by this method, but if it does, I believe it's because they're reacting, instead of thinking. I strongly dislike the automatic use of perjorative Terms Of Art such as "security by obscurity" because they promote Lazy Thinking; i.e. "That is bad" rather than "That is bad in this case because..."
However you have responded reasonably, and so I admit defeat.
For the benefit of others: I still maintain transmitting data in a physically secure medium is still inherently better than broadcasting it. Anyway comparing broadcasting RSA encrypted packets and clear packets down a wire is comparing apples to oranges.
You really have no idea how public key encryption systems work, do you?
Why, yes I do. I even understand the mathematical principals behind it. If you'd read my other posts you'd know it. In fact you even seem to think XOR style bit rotation is less secure than RSA. You do not seem to know that One-time Pad is the undisputed king of cryptography and is unbreakable if executed correctly. Who's the guy who doesn't know his stuff about cryptography here?
Or are you trying to be clever and suggesting that if I don't provide the root password and IP then I'm somehow using "security through obscurity" and thus you somehow win?
I'm not trying to be clever, and I have won - I know you can't see it from up there on your high horse, but all cryptography relies on obscurity. That's the reason it's called a "Private Key". Just because calling a good security algorythm "Security through obscurity" pushes your negative buttons, doesn't make it untrue... "Security through obscurity" may seem perjorative to you, but it is in fact one of the best kinds of security.
Really, read up on cryptography
Long before this argument started I read up on public/private key encryption. PGP was very interesting when it first hit the net in the early ninties. I'm not arguing from ignorance here - have you ever heard the saying "when you argue with fools, be careful they are not doing the same thing"? Really, I suggest YOU read up on cryptography. That URL again: One-time Pad
(I bet there are some articles on Wikipedia, if not I may have to write some just for you)
get back to me when you can have a relevant conversation.
It's terribly rude to be so dismissive. Particularly when you're wrong.
Now is it better to not have WiFi or an ethernet jack on the outside of your house from a security standpoint? Sure, you do provide an added risk.
Okay, I take that as meaning all else being equal WiFi is less secure than point-to-point cabling. The original assertion.
But if you run WiFi properly configured, firewalled and with encryption (like IPSec, not WEP) over it then there is no way anyone will read your email that way.
I would agree that RSA is secure enough for the moment. In fact I never disagreed. Only tramps and other crazy folks argue with themselves.
If the people of those states do not have any hope of popular representation, what is keeping them in the Union?
I'd say having the US military machine kick the Sam Hell out of them and put in puppet State Legislatures? Seems like that's what happened last time someone seceeded from the Union...
Yes, the mechanism by which RSA works is very well known. It is based on integers calculated using extremely high primes.
But you miss the point.
If the two particular high primes become known, factoring your public and private keys becomes very fast and easy. the obscurity is in those primes and your keys not the encryption and decryption algorithms. Incidentally it's physical security that protects those keys.
I repeat security by obscurity is not as good on it's own as when it's combined with a physical security layer.
I issue the same challenge I gave to hast : If you're so sure relying on RSA (or indeed any private password system) is not security by obscurity, just post your machine IPs, root passwords and RSA private keys here on slashdot and we'll see how quick you get rooted. And as you're defending wireless, how about your zip code to give the wardrivers a heads up?
If you're so sure relying on RSA (or indeed any private password system) is not security by obscurity, just post your machine IPs, root passwords and RSA private keys here on slashdot and we'll see how quick you get rooted. Can you spot where the security by obscurity lies?
Your straw man is interesting, but attacking my throwaway "buried treasure" metaphor instead of my actual point that it's better to deny any external point of access at all is pretty darn lazy.
just pointing out security by obscurity (and that's all an RSA key is; those ridiculously long time-to-crack estimates are getting smaller every day...if a more efficient prime factoring method turns up it'll all be useless) is not as good as when it's combined physical security.
kinda the diffenence between storing treasure in a safe and storing it safe in your private estate replete with motivated guys in machine gun nests...
IPSEC can be brute brute-forced and/or dictionary attacked, just like anything can... and IPtables are the same, if the cracker can assume any neccessary IP address and remain adressable. Whereas a net based attack must come from a correctly addressed (even if it's a compromised 3rd party) machine, or the packets will simply never return to the attacker.
You are comparatively safe with IPsec, however this is just because five people down the block don't know what it is, making them a softer target.
Anyone who really wants in to a cable based LAN has to find a place to jack in, and you're fitting a metaphorical socket to your front door.
Of course, any external networking connections are inherently insecure compared to none - physical security is the best security layer, But I doubt many/. readers are using that policy.
My wallet was made by a local leatherworker to his own demented wallet dreams, It's just over a year old and it's served its' purpose well.
It's very thin and only has three slot for cards, but I really like thin wallets and only carry two cards anyway - I use the third slot for any recent receipts - I like to keep things simple and don't really understand the mentality of having 4 credit cards 5 store cards and the last six months receipts.
well, seeing as the article you link is about what the USGS and the University of Washington said on suday the 26th and the article referenced in the seattle times goes on about what the vulcanologists, geophysicists, seismographs and Mount St Helens did on the 27th, I'd say there was some new information revealed. A classic case of RTFA unfortunately...
Hell's teeth, man! Why does someone always have to come up with a crackpot conspiracy theory.
If it's not the CIA or illuminati it's some sort of mythical "darkness". When will people learn that occams razor indicates the camera has probably been stolen by aliens. or crackheads.
I doubt they'll panic. Heck, if Mount Vesuvius and the behaviour of the Neapolitans is anything to go by, The USGS is plain lucky that people are not living inside the caldera and stealing their sensors for fun and profit.
P.S.
To the public: You don't even know what caldera means, do you. Yes, you there reading/. The one who thinks it's just the old name for the SCO group. That's right, I mean you, the one who only knows what a gnu is because of the FSF logo.
AMD and Intel both subscribe to the IEEE 754 standard for FPU units, which defines the functions of single and double precision FPU operations and various other things, like how to handle the inevitable rounding errors.
No FPU meeting this standard will produce different results than any other FPU. They're just faster or slower at doing it.
You'll only start getting differences when you hack non-standard speed optimisations into your code. It's unfair to blame Intel and AMD for people writing incompetently coded software - they just provide the stick, it's the coder who's beating you with it.
Slashdot Mirror
Incidentally, my favourite factoid about Mount Everest is that it was named after Sir George Everest (pronounced Eve-Rest, not Ever-Est)
Sir Everest was in charge of the British geographic survey of India - a country which covered far more territory in the days the British Raj than it does now...
I have seen it stated that historically it is more proper to call it Mount Qomolangma, however I doubt that name will catch on...
Oh yeah, and I'm a ceramic engineer...
Cool potters job title, but is that the "I design high-tensile turboprop blades" type of ceramic engineer or the "I slipcast plates for a living" type?
(not attempting to undermine you, just wondering where you fit on the scale...)
I learned how to code 6502 assembler at school. It's a bit weird now I come to think of it, but I did. Never did me any harm. Didn't help, though.
It's not a constant, it's a variable.
[taken from the text of IEEE 1944: Stupid Standard Units]
One Football Field = a,b (a being area in SI units, b being country-code of usage)
One Library Of Congress (LOC) = x,y (x being defined in number of volumes held, y being seconds since founding of library)
Note: For integer systems of eight bits or less which only use current era times, the variant Great Library of Alexandria (GLOA) may be used - this is egual to (zero,time) UFN
No, sorry - It's Ray and I'm in the UK...presumably you went to school with a guy named Adam who had this sorta thing going on. hope you meet again some day.
That was a very clear, well written and reasoned refutation, and you are substantially correct. In fact, IMHO it is the first post in this thread to be worthy of positive karma!
I will admit that I have taken "security by obscurity" to it's logical literal extreme here, which is indeed an ideosyncracy of mine. It's not that I'm particularly trolling - It was originally because someone disagreed with my assertion that RSA was not secure in an absolute sense, which I (still) believe is utter tripe.
In fact it's mostly that I won't back down from an argument just because someone tells me I'm wrong unless someone responds to what I have written, and not to what they think they have read. I am, however, happy to injure their prejudices with the cognitive dissonance of unusual usage to get my point across...and while I may be being disingenous I am only returning the favour.
I don't mean to confuse people by this method, but if it does, I believe it's because they're reacting, instead of thinking. I strongly dislike the automatic use of perjorative Terms Of Art such as "security by obscurity" because they promote Lazy Thinking; i.e. "That is bad" rather than "That is bad in this case because..."
However you have responded reasonably, and so I admit defeat.
For the benefit of others: I still maintain transmitting data in a physically secure medium is still inherently better than broadcasting it.
Anyway comparing broadcasting RSA encrypted packets and clear packets down a wire is comparing apples to oranges.
That's the point, imbecile.
Okay, one piece at a time:
You really have no idea how public key encryption systems work, do you?
Why, yes I do. I even understand the mathematical principals behind it. If you'd read my other posts you'd know it. In fact you even seem to think XOR style bit rotation is less secure than RSA. You do not seem to know that One-time Pad is the undisputed king of cryptography and is unbreakable if executed correctly. Who's the guy who doesn't know his stuff about cryptography here?
Or are you trying to be clever and suggesting that if I don't provide the root password and IP then I'm somehow using "security through obscurity" and thus you somehow win?
I'm not trying to be clever, and I have won - I know you can't see it from up there on your high horse, but all cryptography relies on obscurity. That's the reason it's called a "Private Key". Just because calling a good security algorythm "Security through obscurity" pushes your negative buttons, doesn't make it untrue... "Security through obscurity" may seem perjorative to you, but it is in fact one of the best kinds of security.
Really, read up on cryptography
Long before this argument started I read up on public/private key encryption. PGP was very interesting when it first hit the net in the early ninties. I'm not arguing from ignorance here - have you ever heard the saying "when you argue with fools, be careful they are not doing the same thing"? Really, I suggest YOU read up on cryptography. That URL again: One-time Pad
(I bet there are some articles on Wikipedia, if not I may have to write some just for you)
Don't worry, Wikipedia's got it
get back to me when you can have a relevant conversation.
It's terribly rude to be so dismissive. Particularly when you're wrong.
Now is it better to not have WiFi or an ethernet jack on the outside of your house from a security standpoint? Sure, you do provide an added risk.
Okay, I take that as meaning all else being equal WiFi is less secure than point-to-point cabling. The original assertion.
But if you run WiFi properly configured, firewalled and with encryption (like IPSec, not WEP) over it then there is no way anyone will read your email that way.
I would agree that RSA is secure enough for the moment. In fact I never disagreed. Only tramps and other crazy folks argue with themselves.
Stop trolling.
I'm not. Are you, Mr Anonymous Coward?
This ridiculous challenge has nothing to do with wireless security and you know it.
That's correct. It is entirely to do with your assertion that RSA has no obscure elements. It has, so deal with it.
I challenge you to provide all the above information for your wired network.
No, because I don't assert that there are no obscure elements to RSA.
If the people of those states do not have any hope of popular representation, what is keeping them in the Union?
I'd say having the US military machine kick the Sam Hell out of them and put in puppet State Legislatures? Seems like that's what happened last time someone seceeded from the Union...
Cryptography is obfuscation. That Is The Point Of Its Existance. End Of Story.
Yes, the mechanism by which RSA works is very well known. It is based on integers calculated using extremely high primes.
But you miss the point.
If the two particular high primes become known, factoring your public and private keys becomes very fast and easy. the obscurity is in those primes and your keys not the encryption and decryption algorithms. Incidentally it's physical security that protects those keys.
I repeat security by obscurity is not as good on it's own as when it's combined with a physical security layer.
I issue the same challenge I gave to hast : If you're so sure relying on RSA (or indeed any private password system) is not security by obscurity, just post your machine IPs, root passwords and RSA private keys here on slashdot and we'll see how quick you get rooted. And as you're defending wireless, how about your zip code to give the wardrivers a heads up?
See where the "obscurity" is yet?
If you're so sure relying on RSA (or indeed any private password system) is not security by obscurity, just post your machine IPs, root passwords and RSA private keys here on slashdot and we'll see how quick you get rooted. Can you spot where the security by obscurity lies?
Your straw man is interesting, but attacking my throwaway "buried treasure" metaphor instead of my actual point that it's better to deny any external point of access at all is pretty darn lazy.
just pointing out security by obscurity (and that's all an RSA key is; those ridiculously long time-to-crack estimates are getting smaller every day...if a more efficient prime factoring method turns up it'll all be useless) is not as good as when it's combined physical security.
kinda the diffenence between storing treasure in a safe and storing it safe in your private estate replete with motivated guys in machine gun nests...
when most people use the word "ironic", the irony is that they don't know what the word actually means.
It's a sort of self-fulfilling socratic irony...
IPSEC can be brute brute-forced and/or dictionary attacked, just like anything can... and IPtables are the same, if the cracker can assume any neccessary IP address and remain adressable. Whereas a net based attack must come from a correctly addressed (even if it's a compromised 3rd party) machine, or the packets will simply never return to the attacker.
/. readers are using that policy.
You are comparatively safe with IPsec, however this is just because five people down the block don't know what it is, making them a softer target.
Anyone who really wants in to a cable based LAN has to find a place to jack in, and you're fitting a metaphorical socket to your front door.
Of course, any external networking connections are inherently insecure compared to none - physical security is the best security layer, But I doubt many
I owned one for about a year, and finally threw it out due to wear and tear a couple of months ago.
You threw it out?!? How wasteful! You should have repaired it with duct tape...
My wallet was made by a local leatherworker to his own demented wallet dreams, It's just over a year old and it's served its' purpose well.
It's very thin and only has three slot for cards, but I really like thin wallets and only carry two cards anyway - I use the third slot for any recent receipts - I like to keep things simple and don't really understand the mentality of having 4 credit cards 5 store cards and the last six months receipts.
well, seeing as the article you link is about what the USGS and the University of Washington said on suday the 26th and the article referenced in the seattle times goes on about what the vulcanologists, geophysicists, seismographs and Mount St Helens did on the 27th, I'd say there was some new information revealed. A classic case of RTFA unfortunately...
Uhuh. Uuuum, why is your link also linked in this slashdot article? Could it be that you're karma whoring, or are you simply unobservant?
I suggest you learn to tell the difference between an update and a dupe.
Hell's teeth, man! Why does someone always have to come up with a crackpot conspiracy theory.
If it's not the CIA or illuminati it's some sort of mythical "darkness". When will people learn that occams razor indicates the camera has probably been stolen by aliens. or crackheads.
I doubt they'll panic. Heck, if Mount Vesuvius and the behaviour of the Neapolitans is anything to go by, The USGS is plain lucky that people are not living inside the caldera and stealing their sensors for fun and profit.
/. The one who thinks it's just the old name for the SCO group. That's right, I mean you, the one who only knows what a gnu is because of the FSF logo.
P.S.
To the public: You don't even know what caldera means, do you. Yes, you there reading
fair enough.
That may change though - 754 is under revision right now...
AMD and Intel both subscribe to the IEEE 754 standard for FPU units, which defines the functions of single and double precision FPU operations and various other things, like how to handle the inevitable rounding errors.
No FPU meeting this standard will produce different results than any other FPU. They're just faster or slower at doing it.
You'll only start getting differences when you hack non-standard speed optimisations into your code. It's unfair to blame Intel and AMD for people writing incompetently coded software - they just provide the stick, it's the coder who's beating you with it.
I don't know. Ask Gary Gilmour.
"Concentrate more on promoting than on demoting...Simply disagreeing with a comment is not a valid reason to mark it down."
I suggest you read the moderation guidelines...
Incidentally, If it gets moderated at all this post will probably get moderated down. That's okay, I got karma to burn.