Good point. This is quite true. XOR is unbreakable provided that your key is random, and is as long as the data you are encrypting. Like you said, this would be a One time pad, and thus perfectly secure. The downside is, of course, that you need a very long key, and can never reuse it.
However, using a small key and XOR-ing it periodically with the data is very insecure and can be broken easily.
When one wants security coupled with a (relatively) small, fixed-length, reusable key, block ciphers such as AES are the way to go. The JumpDrive people got this right.
The article under discussion is short on details, but I can guess from what's said that the JumpDrive software probably generates an AES key from a user-supplied password. This is fine, but the mistake seems to lie in storing the password on the drive itself, 'in an XOR encrypted form'. Now, this probably means that the XOR key that is used to attempt to hide the password is known; i.e. can be gotten from the software.
Even though the XOR key is as long as the password, this is of course very insecure in this case. It's very easy to recover the password, generate the AES key, and decrypt.
This only goes to show that any cryptographic method is only as strong as the weakest link.
I feel obliged to plug one of my favorite bands here.
If you haven't heard of Machinae Supremacy yet, I recommend you check them out. They are a very cool Swedish band who mix different styles, play with synths a lot, and are self-professed gaming nuts.
In the current context, The Great Gianna Sisters is particularily salient. It's a remix of / tribute to the theme song of the C64 game of the same name. Excellent stuff.
Actually, it's less of a joke than you might think. Here's an interesting bit from the article:
Note that in order to run 5th edition UNIX with gbaunix, you must have an RK05 disk image of 5th edition UNIX, which is not included in the gbaunix distribution. SCO owns the copyright for the 5th edition (and several others).
Thankfully, Caldera released (under a BSD-style license) this particular UNIX edition, along with some others, shortly before the name change in 2002. Here is the license [PDF Alert], if anyone's interested.
In quantum teleportation, complete information about the quantum state of a particle is instantaneously transferred by the sender, who is usually called Alice, to a receiver called Bob.
So, this would only be useful for sending information about a quantum state to guys named Bob? The quantum state thing is limiting enough, but c'mon... Bob?
Well, tell you what. I'm changing my name to Bob. If you can't beat them, join them. I mean, these guys will be the information uberlords of the future. People will queue up to them, asking 'Did anything come for me yet?' And they will go, like, 'Show me the money!'
The Bobs of the future will be ultra-popular and rich.
...
Yes, I haven't taken my medication today? Why do you ask?:P
Ah, jolly good! I shall make my device-related purchases exclusively from this franchise in the future.
That is, if I ever find myself in the position of actually having any device-related purchases to carry out... rotten things, devices... but perhaps those Creative ones are better though.
Overall, I'm looking forward to reviews of the non-Creative devices.
I'm not. As a patron of the arts, I find this statement unexplicable. Creativity is what separates us from the lower animals! It is the foundation of civilization!
Go and play with your non-Creative devices, plebeian. Some people were just not born to appreciate the finer things in life. Run along now, you're cramping my contemptuos sneer.
Seriously, this all sound very, very fishy. All the stories given are quite short, both in length and on details. For instance, Moscow News reports this:
Speaking at a conference hosted by Russian Information Agency Novosti, Aleksandr Gostev from Kaspersky Labs said information on this terrorist attack was published on special websites. He did not elaborate.
...
The executive director of Dr.Web antivirus lab, Mikhail Bychinsky, quoted by Lenta.ru web agency said he had not heard of such an attack. "I do not believe in mass internet attacks because the main servers are defended, and Kaspersky Labs has been foretelling doomsday for a long time."
A case of cry wolf, most likely. The main question is 'Why the hell?'
But what about making an a plot out of the text?:P
Cheap shot, I know. I just happen to be nearly finished reading Snow Crash, my first Neal Stephenson novel. It has been critized for its lackluster plot, which I tend to agree with somewhat. But I nevertheless enjoyed the book very much for its style, wit, and imagination.
I hear Cryptonomicon is awesome though. I'm definitely going to read that one next.
Spam is another thing kind of like the electric guitar, though it's much darker, less palatable. Clearly the people who originated the technology never in their wildest dreams could have imagined that everyone on Earth who has e-mail would get 30 penis enlargement advertisements a day!
30?Everyone? Hah! I don't get nearly that much spam to my brand-new gmail account, spellraiser@gmail.com...
>... and script kiddies decide to get their kicks messing with your air conditioning during a heat wave?
Hah! The security of my Internet-enabled thermostat is impregnable! I hereby officially dare each and every little script kiddie out there to come and try and mess with it.
The IP address of my thermostat is 127.0.0.1! Bring it on!
P.S. Yeah, I know, this one is shamelessly stolen from here.
In the Chequers, Doctorow mentions the original title for one of the novels he's working on, a story about a spam filter that becomes artificially intelligent and tries to eat the universe. "I was thinking of calling it/usr/bin/god."
"That's great!" Stross remarks.
Well, great for those who know that "/usr/bin" is the repository for Unix programs and that "god" in this case would be the name of the program, but a tad abstract for the rest of us. This tendency can make for difficult reading--one early reader of a Stross story complained that to understand it, people would have to overdose for a month on Slashdot (a blog that calls itself "News for Nerds"). Still, it's this fluency in computer science that allows these writers to approach the future so boldly. "Stross and Doctorow are just kind of right in there, down with their heads in the bits," says novelist Bruce Sterling, one of the original cyberpunks.
Sounds great! Guess I might just have found my new idols - and I was even reading about the Singularity the other day, namely Staring into the Singularity by Eliezer Yudkowsky. What a funny coincidence.
The letters quoted in the article give interesting insights into the mindset of these terrorists. This is something quite different and much deeper than the simple-minded rhetoric that President Bush and the rest of his administration chant again and again: 'They are evil, they hate freedom, they want to destroy our way of life.'
For instance, take this extract from a letter written by Ramzi bin al-Shibh (written after the Afghan invasion, but before the Iraqi invasion):
Because of Saddam and the Baath Party, America punished a whole population. Thus its bombs and its embargo killed millions of Iraqi Muslims. And because of Osama bin Laden, America surrounded Afghans and bombed them, causing the death of tens of thousands of Muslims... God said to assault whoever assaults you, in a like manner... In killing Americans who are ordinarily off limits, Muslims should not exceed four million non-combatants, or render more than ten million of them homeless. We should avoid this, to make sure the penalty [that we are inflicting] is no more than reciprocal. God knows what is best.
And then there is this, written by Bin Laden himself:
Our current battle is against the Jews. Our faith tells us we shall defeat them, God willing. However, Muslims find that the Americans stand as a protective shield and strong supporter, both financially and morally. The desert storm that blew over New York and Washington should, in our view, have blown over Tel Aviv. The American position obliged Muslims to force the Americans out of the arena first to enable them to focus on their Jewish enemy. Why are the Americans fighting a battle on behalf of the Jews? Why do they sacrifice their sons and interests for them?
Now, of course there is no denying that the mindset behind all this is evil. But it is rational in its twisted way. There are specific and clear reasons for why these people commit acts of terrorism. By absolutely refusing to face these reasons, America and its allies risks alienating every single militant Muslim in the world, little by little. Why are the real reasons behind terrorism so rarely discussed?
And he [McBride] predicted that "open blogs" like Slashdot will start to tell SCO's side of the story, and then the media will get to understand what is really going on.
Allow me to be the first to 'tell SCO's side of the story, then (Slashdot style, of course):
The quote above actually contains a link to www.ferretnews.org (which is owned by an organization called Californians For Ferret Legalization). Among other things, they have this thing called Misinformation of the Week:
Check out the "MISINFORMATION of the Week" series to see how the legislature, the press and the Governor have been misled by two California State agencies. Get involved now and help us fight the ferret misinformation campaign!
Well guys, I think this slashdot discussion just might be a perfect candidate for this, once there's a fair amount of comments here. Oh boy will there be 'ferret misinformation' about that poor BSA ferret. ^_^
Slashdot Mirror
However, using a small key and XOR-ing it periodically with the data is very insecure and can be broken easily.
When one wants security coupled with a (relatively) small, fixed-length, reusable key, block ciphers such as AES are the way to go. The JumpDrive people got this right.
The article under discussion is short on details, but I can guess from what's said that the JumpDrive software probably generates an AES key from a user-supplied password. This is fine, but the mistake seems to lie in storing the password on the drive itself, 'in an XOR encrypted form'. Now, this probably means that the XOR key that is used to attempt to hide the password is known; i.e. can be gotten from the software.
Even though the XOR key is as long as the password, this is of course very insecure in this case. It's very easy to recover the password, generate the AES key, and decrypt.
This only goes to show that any cryptographic method is only as strong as the weakest link.
If you haven't heard of Machinae Supremacy yet, I recommend you check them out. They are a very cool Swedish band who mix different styles, play with synths a lot, and are self-professed gaming nuts.
In the current context, The Great Gianna Sisters is particularily salient. It's a remix of / tribute to the theme song of the C64 game of the same name. Excellent stuff.
Dear punk,
I am NOT ugly. You sonnofabitch. Your geek ass better have some good home defense, because I am coming over there to KICK YOUR ASS!
Sincerely,
Daniel Stern
Yes
I mean, no!
Yes!
No!
Yes .. no ... yesno ... yes!
...
No!
GHAAAAAAAAAAAA!
... Your comment has too few characters per line (currently 3.8).
Lameness filter is lame
That's not hope, that's just demoralizing. Now I'm going to have to give up my childhood dream of becoming a 'Scientist who makes cool robots'.
Heartless bastard ...
Note that in order to run 5th edition UNIX with gbaunix, you must have an RK05 disk image of 5th edition UNIX, which is not included in the gbaunix distribution. SCO owns the copyright for the 5th edition (and several others).
Thankfully, Caldera released (under a BSD-style license) this particular UNIX edition, along with some others, shortly before the name change in 2002. Here is the license [PDF Alert], if anyone's interested.
Because like everyone knows, Open Source = Communism :-)
Kl gur jnl, lbh fcryyrq 'pbasvqrapr' vapbeerpgyl.
In quantum teleportation, complete information about the quantum state of a particle is instantaneously transferred by the sender, who is usually called Alice, to a receiver called Bob.
So, this would only be useful for sending information about a quantum state to guys named Bob? The quantum state thing is limiting enough, but c'mon ... Bob?
Well, tell you what. I'm changing my name to Bob. If you can't beat them, join them. I mean, these guys will be the information uberlords of the future. People will queue up to them, asking 'Did anything come for me yet?' And they will go, like, 'Show me the money!'
The Bobs of the future will be ultra-popular and rich.
...
Yes, I haven't taken my medication today? Why do you ask? :P
That is, if I ever find myself in the position of actually having any device-related purchases to carry out ... rotten things, devices ... but perhaps those Creative ones are better though.
I'm not. As a patron of the arts, I find this statement unexplicable. Creativity is what separates us from the lower animals! It is the foundation of civilization!
Go and play with your non-Creative devices, plebeian. Some people were just not born to appreciate the finer things in life. Run along now, you're cramping my contemptuos sneer.
That O'Shaughnessy bloke sure is one heck of a solipsist.
Step 0: Open IE
Couldn't even drag the scrollbar in Firefox :-/
Then I opened IE and tried it - jackpot. Nice little booom.exe in my startup folder. I have SP2 installed. Good grief.
Yes, but I still think water cooling is the way to go, personally.
Speaking at a conference hosted by Russian Information Agency Novosti, Aleksandr Gostev from Kaspersky Labs said information on this terrorist attack was published on special websites. He did not elaborate.
...
The executive director of Dr.Web antivirus lab, Mikhail Bychinsky, quoted by Lenta.ru web agency said he had not heard of such an attack. "I do not believe in mass internet attacks because the main servers are defended, and Kaspersky Labs has been foretelling doomsday for a long time."
A case of cry wolf, most likely. The main question is 'Why the hell?'
I mean, jumping from version 3.1 to a whopping 95 in just over 3 years ... it boggles the mind.
Here's to the fine people at Microsoft!
Thank you, thank you. No, thank you. You can stop applauding now. Really.
Cheap shot, I know. I just happen to be nearly finished reading Snow Crash, my first Neal Stephenson novel. It has been critized for its lackluster plot, which I tend to agree with somewhat. But I nevertheless enjoyed the book very much for its style, wit, and imagination.
I hear Cryptonomicon is awesome though. I'm definitely going to read that one next.
Spam is another thing kind of like the electric guitar, though it's much darker, less palatable. Clearly the people who originated the technology never in their wildest dreams could have imagined that everyone on Earth who has e-mail would get 30 penis enlargement advertisements a day!
30? Everyone? Hah! I don't get nearly that much spam to my brand-new gmail account, spellraiser@gmail.com ...
...
Oh crap!
Hah! The security of my Internet-enabled thermostat is impregnable! I hereby officially dare each and every little script kiddie out there to come and try and mess with it.
The IP address of my thermostat is 127.0.0.1! Bring it on!
P.S. Yeah, I know, this one is shamelessly stolen from here.
In the Chequers, Doctorow mentions the original title for one of the novels he's working on, a story about a spam filter that becomes artificially intelligent and tries to eat the universe. "I was thinking of calling it /usr/bin/god."
"That's great!" Stross remarks.
Well, great for those who know that "/usr/bin" is the repository for Unix programs and that "god" in this case would be the name of the program, but a tad abstract for the rest of us. This tendency can make for difficult reading--one early reader of a Stross story complained that to understand it, people would have to overdose for a month on Slashdot (a blog that calls itself "News for Nerds"). Still, it's this fluency in computer science that allows these writers to approach the future so boldly. "Stross and Doctorow are just kind of right in there, down with their heads in the bits," says novelist Bruce Sterling, one of the original cyberpunks.
Sounds great! Guess I might just have found my new idols - and I was even reading about the Singularity the other day, namely Staring into the Singularity by Eliezer Yudkowsky. What a funny coincidence.
For instance, take this extract from a letter written by Ramzi bin al-Shibh (written after the Afghan invasion, but before the Iraqi invasion):
Because of Saddam and the Baath Party, America punished a whole population. Thus its bombs and its embargo killed millions of Iraqi Muslims. And because of Osama bin Laden, America surrounded Afghans and bombed them, causing the death of tens of thousands of Muslims ... God said to assault whoever assaults you, in a like manner ... In killing Americans who are ordinarily off limits, Muslims should not exceed four million non-combatants, or render more than ten million of them homeless. We should avoid this, to make sure the penalty [that we are inflicting] is no more than reciprocal. God knows what is best.
And then there is this, written by Bin Laden himself:
Our current battle is against the Jews. Our faith tells us we shall defeat them, God willing. However, Muslims find that the Americans stand as a protective shield and strong supporter, both financially and morally. The desert storm that blew over New York and Washington should, in our view, have blown over Tel Aviv. The American position obliged Muslims to force the Americans out of the arena first to enable them to focus on their Jewish enemy. Why are the Americans fighting a battle on behalf of the Jews? Why do they sacrifice their sons and interests for them?
Now, of course there is no denying that the mindset behind all this is evil. But it is rational in its twisted way. There are specific and clear reasons for why these people commit acts of terrorism. By absolutely refusing to face these reasons, America and its allies risks alienating every single militant Muslim in the world, little by little. Why are the real reasons behind terrorism so rarely discussed?
I thought it was just a myth ...
No one I know personally has had much of a life since the release of Doom III. :-/
And he [McBride] predicted that "open blogs" like Slashdot will start to tell SCO's side of the story, and then the media will get to understand what is really going on.
Allow me to be the first to 'tell SCO's side of the story, then (Slashdot style, of course):
1. File lots of lawsuits
2. ???
3 Profit!
Sorry, that was just too good to miss :P
Looks like this guy is going to have to get a new account. Such a pity.
The quote above actually contains a link to www.ferretnews.org (which is owned by an organization called Californians For Ferret Legalization). Among other things, they have this thing called Misinformation of the Week:
Check out the "MISINFORMATION of the Week" series to see how the legislature, the press and the Governor have been misled by two California State agencies. Get involved now and help us fight the ferret misinformation campaign!
Well guys, I think this slashdot discussion just might be a perfect candidate for this, once there's a fair amount of comments here. Oh boy will there be 'ferret misinformation' about that poor BSA ferret. ^_^