That isn't actually how Bluray fell. It is how most people expected Bluray to fall.
Bluray fell because parts of memory containing cryptographic keys have different (much more) entropy than other parts of memory, so if you somehow stop execution of the program at the right moment, all you need to do is search through memory for anything that looks like a key and see if it works.
The authors of software players are apparently very good at writing code which cannot be debugged (a trait they share with most programmers...), but it is difficult to do decryption if you cannot store the key in an easy-to-read format.
You cannot get iOS Unix certified as you cannot even get to something which will run a standard/bin/sh script, and the Unix C API is unavailable. You can jailbreak iOS and install a Unix environment, but out of the box it is not a Unix.
x86 has been implemented on a RISC based core ever since the PentiumPro.
CISC has been RISC with a translation layer from the very beginning. The whole point of RISC is to get rid of the translation layer by ditching all the complex instructions which require it, then implement the rest directly in hardware.
Because instead of replacing 1 HP-UX server with 8 Windows servers, it could have been replaced by 1 Linux server.
Only if the software runs on Linux. Quite a few important commercial software packages started out on HP-UX and Solaris (and AIX if you were "lucky") and was then ported to Windows once people started using x86-based servers and workstations. Porting to Linux would obviously have been a lot easier, but it didn't happen until later or not at all.
Running such software under Linux either meant running Linux on RISC hardware and using a compatibility layer or running the Windows version in Wine. Neither was particularly appealing.
That makes no sense. Defendants cannot commit perjury, they have the right to lie. Therefore a defence attorney cannot be guilty of subornation of perjury by telling the defendant to lie.
where i work we pay Cisco and other vendors for support for this reason and the fact that with a lot of vendors you need to pay to get patches and updates
Paying the vendors for that reason is all well and good, but when did you actually get a solution from a major vendor for a critical problem within a day or so?
I have been in the IT business for a while, and I have never seen it happen. Yes, failed hardware can be replaced within 4 hours (although even that can be problematic enough to achieve in practice) but anything that is not just a case of escaping blue smoke?
The rolling support system where they shift the case around time zones to keep working on it 24 hours a day gets tedious as well, when you have to explain everything all over again every 7-8 hours.
That is why you stick with 2-clause BSD and avoid the fancy ones which talk about advertising or endorsements. It is difficult to find a standard license with wider compatibility than that.
2 clause BSD. If you don't care about licensing, that is the license you should use. It is proven in the field and most other open source/free software licenses are compatible with it. It is pretty much as close to public domain you can get while still keeping your name on the source code and avoiding problems with implied warranties.
If this is true there's a vanishingly small but nonzero chance of recovering any private key, depending on how large the random number is; poorly-written RNGs simply increase that chance spectacularly.
Yes, that is how encryption works. There is also a vanishingly small but non-zero chance that I generate the same 4096-bit RSA key that you just used.
To avoid that chance you need to either switch to a one time pad (where the same chance exists, but the ciphertext can decrypt to anything, so I cannot know that I guessed correctly) or possibly certain forms of quantum encryption.
Yes the article is wrong. It assumes that software vendors would leave security vulnerabilities with entries in Metasploit unfixed for days or even weeks. Surely no vendor would be that irresponsible. Right? Right???
Adding RAM is no substitute for a fast drive. I have tried it. Even going to ridiculous ratios between RAM and disk size like 1:10, you do not get a fast system if the disk is slow. Too many things depend on sync'ed writes to disk even for normal desktop use.
This is true for both Windows and Linux in my experience.
The 8GB is likely to be SLC though. That means it handles the same number of write cycles as approximately 80GB of 2-bit MLC or perhaps 400GB of 3-bit.
The nice thing about SSD's is that the NAND flash does not stop working entirely, it just goes read-only. However, in that state the controller tends to fail and leave all data inaccessible. At least I have heard plenty of anecdotes about flash failure, and I am the only one who got any data off afterwards.
In my case the drive failed in such a way that the first 20GB of an 80GB Intel X25-M turned into zeroes and became read-only. Luckily nothing of value was lost (I had my Windows partition first on the drive). That is not how SSD's are supposed to fail, but it is better than the "drive shows up as 8MB and cannot be read from or written to" that most people experience.
So yes, the hybrid drive with a broken cache is supposed to keep working, just slower. I do not believe that to be the case until I have at least heard of it happening.
Patents have been an issue of national security for a while. Several countries, including the US, has secret patents. It takes someone wiser than me to explain how that promotes the progress of science and useful arts.
There are plenty of sane reasons to use little endian. It means the same pointer can point to a value as 8-bits, 16-bits, 32-bits and so on, and it will get the right value as long as the value does not overflow.
Big-endian only exists because Latin languages write their numbers wrong -- text is written left-to-right but numbers are written right-to-left. This mess has also caused the middle-endian date and time formats currently in use. ISO tries to fix the date format, but unfortunately does it by standardizing exactly the big-endian way that feels so alien to humans.
If computers had been invented by someone writing either left-to-right or right-to-left consistently, big-endian would not have occurred to them. They would naturally write the smallest value first, just like the Arabic inventors of the numbers. Alas...
(Yes I am a convert. I used to think little endian was a sick joke.)
We knew when RSA was created that advances in computation power would eventually make it feasible for us to decrypt its contents. We even know what that boundary is.. and we're coming up on it now.
No, we did not know any such thing. Advances in computation power can be defeated by increasing the key length of RSA, indefinitely. RSA cannot be made useless just by making regular computers run faster.
So give them 5 options, not 3, and make them answer 3 questions each with 5 options. 1/(5^3) is about a 0.8% chance of getting the set of right answers by chance alone.
So you have slowed my attempts down by a factor 100. A determined attacker can easily make thousands of requests per site from individual IP's. That gets tens of spam posts in per site every 15 minutes. Have fun removing those by hand.
If you get all 3 wrong, then you have to wait 15 minutes before trying again.
Good luck implementing that. If you do it per-IP, you will block entire companies or service providers using NAT whenever one user gets the attempt wrong. Also, it will be too much hassle for me to use your site. Anything that is not per-IP is easily defeated by a spammer.
The spammer does not really care about the 15 minute wait anyway, there are plenty of other sites to attack while waiting for the next 15 minute window to open on your site.
Your proposals are less effective and less convenient than existing CAPTCHA.
I am fairly sure that your information is out of date. Not 100% sure admittedly. I have tried the trick of trying to guess which word is the important one before and failed miserably. Try it for yourself, maybe you can do better than I did.
Why can't there be a captcha showing a picture and three buttons with possible answers? Like an image of a baby and three buttons saying MAN, WOMAN, BABY. Or a picture of a running man and buttons saying SLEEP, RUN, CHILD.
Because you just plug that image into Google 3 times with each key word and pick the answer with the highest score. Or, much easier, you just randomly pick one of the options. One in three is a good hit rate, and even if you block by IP, getting past the system hundreds or thousands of times is trivial.
Slashdot Mirror
That isn't actually how Bluray fell. It is how most people expected Bluray to fall.
Bluray fell because parts of memory containing cryptographic keys have different (much more) entropy than other parts of memory, so if you somehow stop execution of the program at the right moment, all you need to do is search through memory for anything that looks like a key and see if it works.
The authors of software players are apparently very good at writing code which cannot be debugged (a trait they share with most programmers...), but it is difficult to do decryption if you cannot store the key in an easy-to-read format.
You cannot get iOS Unix certified as you cannot even get to something which will run a standard /bin/sh script, and the Unix C API is unavailable. You can jailbreak iOS and install a Unix environment, but out of the box it is not a Unix.
x86 has been implemented on a RISC based core ever since the PentiumPro.
CISC has been RISC with a translation layer from the very beginning. The whole point of RISC is to get rid of the translation layer by ditching all the complex instructions which require it, then implement the rest directly in hardware.
Because instead of replacing 1 HP-UX server with 8 Windows servers, it could have been replaced by 1 Linux server.
Only if the software runs on Linux. Quite a few important commercial software packages started out on HP-UX and Solaris (and AIX if you were "lucky") and was then ported to Windows once people started using x86-based servers and workstations. Porting to Linux would obviously have been a lot easier, but it didn't happen until later or not at all.
Running such software under Linux either meant running Linux on RISC hardware and using a compatibility layer or running the Windows version in Wine. Neither was particularly appealing.
Yes I'm wrong. I believed that such a basic right would be recognized in a democracy, but it is not.
Indeed, it appears I am mistaken. The US "justice" system is even crazier than I thought.
That makes no sense. Defendants cannot commit perjury, they have the right to lie. Therefore a defence attorney cannot be guilty of subornation of perjury by telling the defendant to lie.
HS2 is not built yet though, and it certainly has plenty of opposition.
where i work we pay Cisco and other vendors for support for this reason and the fact that with a lot of vendors you need to pay to get patches and updates
Paying the vendors for that reason is all well and good, but when did you actually get a solution from a major vendor for a critical problem within a day or so?
I have been in the IT business for a while, and I have never seen it happen. Yes, failed hardware can be replaced within 4 hours (although even that can be problematic enough to achieve in practice) but anything that is not just a case of escaping blue smoke?
The rolling support system where they shift the case around time zones to keep working on it 24 hours a day gets tedious as well, when you have to explain everything all over again every 7-8 hours.
That is why you stick with 2-clause BSD and avoid the fancy ones which talk about advertising or endorsements. It is difficult to find a standard license with wider compatibility than that.
2 clause BSD. If you don't care about licensing, that is the license you should use. It is proven in the field and most other open source/free software licenses are compatible with it. It is pretty much as close to public domain you can get while still keeping your name on the source code and avoiding problems with implied warranties.
What I was trying to say is that Larry Ellison's love for boats did get someone killed.
Steve Jobs's love for boats did not, as far as I know, kill anyone.
If this is true there's a vanishingly small but nonzero chance of recovering any private key, depending on how large the random number is; poorly-written RNGs simply increase that chance spectacularly.
Yes, that is how encryption works. There is also a vanishingly small but non-zero chance that I generate the same 4096-bit RSA key that you just used.
To avoid that chance you need to either switch to a one time pad (where the same chance exists, but the ciphertext can decrypt to anything, so I cannot know that I guessed correctly) or possibly certain forms of quantum encryption.
Yes the article is wrong. It assumes that software vendors would leave security vulnerabilities with entries in Metasploit unfixed for days or even weeks. Surely no vendor would be that irresponsible. Right? Right???
Adding RAM is no substitute for a fast drive. I have tried it. Even going to ridiculous ratios between RAM and disk size like 1:10, you do not get a fast system if the disk is slow. Too many things depend on sync'ed writes to disk even for normal desktop use.
This is true for both Windows and Linux in my experience.
The 8GB is likely to be SLC though. That means it handles the same number of write cycles as approximately 80GB of 2-bit MLC or perhaps 400GB of 3-bit.
The nice thing about SSD's is that the NAND flash does not stop working entirely, it just goes read-only. However, in that state the controller tends to fail and leave all data inaccessible. At least I have heard plenty of anecdotes about flash failure, and I am the only one who got any data off afterwards.
In my case the drive failed in such a way that the first 20GB of an 80GB Intel X25-M turned into zeroes and became read-only. Luckily nothing of value was lost (I had my Windows partition first on the drive). That is not how SSD's are supposed to fail, but it is better than the "drive shows up as 8MB and cannot be read from or written to" that most people experience.
So yes, the hybrid drive with a broken cache is supposed to keep working, just slower. I do not believe that to be the case until I have at least heard of it happening.
Patents have been an issue of national security for a while. Several countries, including the US, has secret patents. It takes someone wiser than me to explain how that promotes the progress of science and useful arts.
There are plenty of sane reasons to use little endian. It means the same pointer can point to a value as 8-bits, 16-bits, 32-bits and so on, and it will get the right value as long as the value does not overflow.
Big-endian only exists because Latin languages write their numbers wrong -- text is written left-to-right but numbers are written right-to-left. This mess has also caused the middle-endian date and time formats currently in use. ISO tries to fix the date format, but unfortunately does it by standardizing exactly the big-endian way that feels so alien to humans.
If computers had been invented by someone writing either left-to-right or right-to-left consistently, big-endian would not have occurred to them. They would naturally write the smallest value first, just like the Arabic inventors of the numbers. Alas...
(Yes I am a convert. I used to think little endian was a sick joke.)
We knew when RSA was created that advances in computation power would eventually make it feasible for us to decrypt its contents. We even know what that boundary is.. and we're coming up on it now.
No, we did not know any such thing. Advances in computation power can be defeated by increasing the key length of RSA, indefinitely. RSA cannot be made useless just by making regular computers run faster.
So give them 5 options, not 3, and make them answer 3 questions each with 5 options. 1/(5^3) is about a 0.8% chance of getting the set of right answers by chance alone.
So you have slowed my attempts down by a factor 100. A determined attacker can easily make thousands of requests per site from individual IP's. That gets tens of spam posts in per site every 15 minutes. Have fun removing those by hand.
If you get all 3 wrong, then you have to wait 15 minutes before trying again.
Good luck implementing that. If you do it per-IP, you will block entire companies or service providers using NAT whenever one user gets the attempt wrong. Also, it will be too much hassle for me to use your site. Anything that is not per-IP is easily defeated by a spammer.
The spammer does not really care about the 15 minute wait anyway, there are plenty of other sites to attack while waiting for the next 15 minute window to open on your site.
Your proposals are less effective and less convenient than existing CAPTCHA.
I am fairly sure that your information is out of date. Not 100% sure admittedly. I have tried the trick of trying to guess which word is the important one before and failed miserably. Try it for yourself, maybe you can do better than I did.
Why can't there be a captcha showing a picture and three buttons with possible answers? Like an image of a baby and three buttons saying MAN, WOMAN, BABY. Or a picture of a running man and buttons saying SLEEP, RUN, CHILD.
Because you just plug that image into Google 3 times with each key word and pick the answer with the highest score. Or, much easier, you just randomly pick one of the options. One in three is a good hit rate, and even if you block by IP, getting past the system hundreds or thousands of times is trivial.
For every task that a computer is unable to handle, there exists a reasonably well-functioning human who cannot do it either.