CSS was designed with a 40 bit keylength to comply with
US government export regulation, and as such it easily compromised through brute force attacks ( such are
the intentions of export control ). Moreover the 40 bits have not been put to good use, as the ciphers
succumb to attacks with much lower computational work than which is permitted in the export control
rules. Whether CSS is a serious cryptographic cipher is debatable. It has been clearly been demonstrated that
its strength does not match the keylength. If the cipher was intended to get security by remaining secret, this
is yet another testament to the fact that security through obscurity is an unworkable principle.
What the Norvegian prosecutor is doing is claiming that Jon broke the protection on the DVD keyblock. He didn't.
In fact it was a real professional cryptographer Frank Stevenson that demonstrated how to (a) defeat CSS without a key and (b) how to recover all the keys from the keyblock.
And yet the brave Norvegian prosecutor is going after a kid... His ancestors must be turning wildly in their graves..
Right. And if you're sitting in the US of A, and that's where they send your copy, then the sale was in the USA
So if you sit in the US of A and order some stuff from country 'X' (I.e. you send your CC# to country 'X') , and the company in country 'X' sends the ordered stuff to the US of A, then "the sale was in the USA" ????
No, the *buy* was in the US of A, the *sell* was in Russia. The item was sold *from* Russia, i.e. the seller was in Russia, i.e. the point of *sale* was in Russia. The buyer *requested* and *imported* the software from Russia, it was the *buyer* who initiated the transfer from the *seller* in Russia.
Let me see... clickedy clickedy click...
IP address of www.elcomsoft.com is 217.107.213.131. And "whois" locates this IP address as belonging to "ROSTELECOM-NET, ncc@rt.ru" in Russia... (as does traceroute)
Under the DMCA just creating the tool is illegal. It doesn't matter if everyone or no one uses it.
Isn't the DMCA a USA law ??? Sklyarov did all his programming in Russia..
Is copyright protection realy worth living in a world where a foreign national can sue a individual/company in another country for breaking laws in his country ? Like THIS ?
I suggested that consumers pay 1 cent per commercial skipped (which is about the same as what advertisers pay). That would be equivalent to $10/thousand commercials skipped. I think that's reasonable.
Huh ? But I don't watch commercials in general. I stand up go to the toilet/kitchen, Clean the dishes/whatever.. I HATE commercials. and I most often change channels.
Pay me 10cents for each commercial I watch and we might have something to talk about..
For the majority of people entries from 10 and onwards will be something like :
10.0 The music now plays, but only on that machine with that player.
10.1 The music now plays, but only on that machine with that player.
10.2 The music now plays, but only on that machine with that player.
11. The music doesn't play any more, you need to pay more..
is that the manufacturers still insist upon maintaining obsolete interfaces on their mobos. Seriously, how many of you are going to buy a printer tomorrow that is parellel-only?
Dohhh ? Isn't that like claiming that Floppies are obsolete since no software is delivered on floppies any more ??
I think you should instead think about the number of printers in-use that are parallell-port only, and then think about if the parallell port is "obsolete".
How much will we have to pay to use this standard and how many restrictions will it place on how our software works ? (I.e. can we decide not to implement a part of it we don't want ? (DRM))
You'd think Microsoft didn't have the right to refuse service to anybody they wanted to, especially people they thought
could potentially ruin the service.
I don't see how people who want to pay microsoft for a particular service "could potentially ruin the service." ?? All they have done is to increase the capabilities of the hardware they have payed for ?
Easy question to answer.
If Linux had an exploit that allowed someone to ssh into your box, su to root, then fsck your harddrive, and a patch wasn't released yet, would you be pissed off that bugtraq posted the code to exploit the bug?
Microsoft seems to think that the hole is already patched (they have not relaased a fix, but say they are "looking into it")
I think everybody is "pissed off", just towards different entities..
honestly what good are we going to do with this new info?
Huh ? Like, use it to educate upper management in a civilized manner ??
Sometimes It's like trying to stone them to death with popcorn, but I belive sooner or later there will be enough reasons to "just say no to Microsoft". And when that time comes, they will need as correct information as possible to evaluate the possibilities.
I know some commercial Unixes are certified to C2 if you have it configured right. What about the Linuxes?
Glad you asked. Some people might look at the fact that Linux doesn't have a XYZ 'certification' as a indication of that it is not secure enough to get it.
In reality, such certifications cost a lot of money and small companies like RedHat simply can't affort it (They don't make enough money of release X.Y during it's market-life, to justify such a operation)
What is interesting about this new Windows 2000 certification is that it's for a system that operates in a "safe" environment (i.e. not on the Internet) and Microsoft specifically asked, and paid, for grading at this level.
Now, you can interpret that as you want, but most of us are probably understanding it as "This is how secure Microsoft thinks Windows 2000 actually is". (Such gradings take a long time (few years) and I doubt that Microsoft will have another go at a higher grading before the EOPL (end-of-product-life) of Windows 2000.
It's just silly to claim that "open source" software is more expensive/cheaper. It's like claiming that software written in 'C' is harder to backup.
It all depends more on other factors like how good is the people who are responsable for the production systems in the company. Here, where I work, we have 2 Linux servers side-by-side set up for redundancy (if 1 fails the other continues to do the work). They do all the SMTP and HTTP traffic (about 50 HTTP requests per second) (Squid and Postfix) and basically we don't have to think about them. The only problem is that about 2 times a year we have "memory squeze" errors on the console and one of the machine dies (it's related to the network-card driver eating upp all the mem (for incoming packages) before the kernel starts to swap.
But in short, We never have to think about those machines. They do their job and they do it well.
And yet, it's all "open source" software that runs on them.
If it had happened in England the subject could have been, "Buggy Bugging Backfires On British Bobbies."
Unfortunately, no
It is illegal for the UK media to report on incidents that involve national security.
Yeah, yeah, laugh as you want, you can even claim that it's rediculeus to claim it has anything to do with national security, laugh while you still have the right..
Christ almighty, what the hell do they put in libc to make it 24 megs?
Maximum debugging information..
You are talking about the.a file, which is not very unlike a.tar file. I.e. this is not a library that is needed by any running program.
Do a "ar -tv/usr/lib/libc.a" and you will see that there are about 1200 packages in there with full debugging information and unstripped. It comes from glibc-devel.
Having a huge libc.a simply means that you have lots of development libraries in there. The linker will extract those needed and add if to your binary.
I think the original poster meant/lib/libc.so which is 1.2 MB on my RH7.1
how was the decision made to use MySQL? I can't for the life of me
figure out why so many people pick it for web apps.
Because it's the best value of price/performance people are looking for. Nai-sayers talk about the possiblility of loosing data with MySQL, but in reality the possibility of loosing data only because of MySQL's features (or lack of them) is so slim that you never hear any horror stories from MySQL users.
Slashdot Mirror
From:
http://www-2.cs.cmu.edu/~dst/DeCSS/FrankStevenson
CSS was designed with a 40 bit keylength to comply with US government export regulation, and as such it easily compromised through brute force attacks ( such are the intentions of export control ).
Moreover the 40 bits have not been put to good use, as the ciphers succumb to attacks with much lower computational work than which is permitted in the export control rules.
Whether CSS is a serious cryptographic cipher is debatable. It has been clearly been demonstrated that its strength does not match the keylength. If the cipher was intended to get security by remaining secret, this is yet another testament to the fact that security through obscurity is an unworkable principle.
Here is a short event log of how things happened.
What the Norvegian prosecutor is doing is claiming that Jon broke the protection on the DVD keyblock. He didn't.
In fact it was a real professional cryptographer Frank Stevenson that demonstrated how to (a) defeat CSS without a key and (b) how to recover all the keys from the keyblock.
And yet the brave Norvegian prosecutor is going after a kid ... His ancestors must be turning wildly in their graves ..
Right. And if you're sitting in the US of A, and that's where they send your copy, then the sale was in the USA
So if you sit in the US of A and order some stuff from country 'X' (I.e. you send your CC# to country 'X') , and the company in country 'X' sends the ordered stuff to the US of A, then "the sale was in the USA" ????
No, the *buy* was in the US of A, the *sell* was in Russia. The item was sold *from* Russia, i.e. the seller was in Russia, i.e. the point of *sale* was in Russia. The buyer *requested* and *imported* the software from Russia, it was the *buyer* who initiated the transfer from the *seller* in Russia.
What part of this don't you understand ?
Right, but Elcomsoft did all their *selling* in the USA.
You mean This ?
Let me see ... clickedy clickedy click ...
... (as does traceroute)
IP address of www.elcomsoft.com is 217.107.213.131. And "whois" locates this IP address as belonging to "ROSTELECOM-NET, ncc@rt.ru" in Russia
So the point of selling was definately in Russia.
Under the DMCA just creating the tool is illegal. It doesn't matter if everyone or no one uses it.
Isn't the DMCA a USA law ??? Sklyarov did all his programming in Russia ..
Is copyright protection realy worth living in a world where a foreign national can sue a individual/company in another country for breaking laws in his country ? Like THIS ?
I suggested that consumers pay 1 cent per commercial skipped (which is about the same as what advertisers pay). That would be equivalent to $10/thousand commercials skipped. I think that's reasonable.
Huh ? But I don't watch commercials in general. I stand up go to the toilet/kitchen, Clean the dishes/whatever.. I HATE commercials. and I most often change channels.
Pay me 10cents for each commercial I watch and we might have something to talk about ..
For the majority of people entries from 10 and onwards will be something like :
10.0 The music now plays, but only on that machine with that player. ..
10.1 The music now plays, but only on that machine with that player.
10.2 The music now plays, but only on that machine with that player.
11. The music doesn't play any more, you need to pay more
For those who don't get it, here is a general decoder:
echo "string" | tr
ATTENTION !!!!
This code could land you in JAIL!
I'm missing something ???
The French TGV already drove over 515km/h.
And that was in 1990 !!!
If phoenix, the BIOS manufacturer is giving them hard time, just call it "Vogler" (The Bird Hunter Specialist)
is that the manufacturers still insist upon maintaining obsolete interfaces on their mobos. Seriously, how many of you are going to buy a printer tomorrow that is parellel-only?
Dohhh ? Isn't that like claiming that Floppies are obsolete since no software is delivered on floppies any more ??
I think you should instead think about the number of printers in-use that are parallell-port only, and then think about if the parallell port is "obsolete".
And hey, they even report that VIA is now Microsoft CE .NET 4.1 certified.
?? Sorry, I mean no offense but I don't get it.. What has a "Microsoft CE .NET 4.1 certification" to do with this box ??
How much will we have to pay to use this standard and how many restrictions will it place on how our software works ? (I.e. can we decide not to implement a part of it we don't want ? (DRM))
I don't see how people who want to pay microsoft for a particular service "could potentially ruin the service." ?? All they have done is to increase the capabilities of the hardware they have payed for ?
Easy question to answer.
If Linux had an exploit that allowed someone to ssh into your box, su to root, then fsck your harddrive, and a patch wasn't released yet, would you be pissed off that bugtraq posted the code to exploit the bug?
Microsoft seems to think that the hole is already patched (they have not relaased a fix, but say they are "looking into it")
I think everybody is "pissed off", just towards different entities ..
Huh ? Like, use it to educate upper management in a civilized manner ??
Sometimes It's like trying to stone them to death with popcorn, but I belive sooner or later there will be enough reasons to "just say no to Microsoft". And when that time comes, they will need as correct information as possible to evaluate the possibilities.
I know some commercial Unixes are certified to C2 if you have it configured right. What about the Linuxes?
Glad you asked. Some people might look at the fact that Linux doesn't have a XYZ 'certification' as a indication of that it is not secure enough to get it.
In reality, such certifications cost a lot of money and small companies like RedHat simply can't affort it (They don't make enough money of release X.Y during it's market-life, to justify such a operation)
What is interesting about this new Windows 2000 certification is that it's for a system that operates in a "safe" environment (i.e. not on the Internet) and Microsoft specifically asked, and paid, for grading at this level.
Now, you can interpret that as you want, but most of us are probably understanding it as "This is how secure Microsoft thinks Windows 2000 actually is". (Such gradings take a long time (few years) and I doubt that Microsoft will have another go at a higher grading before the EOPL (end-of-product-life) of Windows 2000.
Pretty much what I thought when I read the title.
And also from the same series:
Teach Yourself brain surgery In 24 Hours
Make Money Fast In 24 Hours
dig . soa >
And restart your nameserver.
It's not that I think you don't belive your statement yourself, it's just that companies have been claiming the same thing since I remember.
So, please name a few examples of what's innovative in Hurd.
It all depends more on other factors like how good is the people who are responsable for the production systems in the company. Here, where I work, we have 2 Linux servers side-by-side set up for redundancy (if 1 fails the other continues to do the work). They do all the SMTP and HTTP traffic (about 50 HTTP requests per second) (Squid and Postfix) and basically we don't have to think about them. The only problem is that about 2 times a year we have "memory squeze" errors on the console and one of the machine dies (it's related to the network-card driver eating upp all the mem (for incoming packages) before the kernel starts to swap.
But in short, We never have to think about those machines. They do their job and they do it well.
And yet, it's all "open source" software that runs on them.
Imagine a beowulf cluster of those..
in your pocket !
Unfortunately, no
It is illegal for the UK media to report on incidents that involve national security.
Yeah, yeah, laugh as you want, you can even claim that it's rediculeus to claim it has anything to do with national security, laugh while you still have the right..
Maximum debugging information..
You are talking about the .a file, which is not very unlike a .tar file. I.e. this is not a library that is needed by any running program. /usr/lib/libc.a" and you will see that there are about 1200 packages in there with full debugging information and unstripped. It comes from glibc-devel.
Do a "ar -tv
Having a huge libc.a simply means that you have lots of development libraries in there. The linker will extract those needed and add if to your binary.
I think the original poster meant /lib/libc.so which is 1.2 MB on my RH7.1
Because it's the best value of price/performance people are looking for. Nai-sayers talk about the possiblility of loosing data with MySQL, but in reality the possibility of loosing data only because of MySQL's features (or lack of them) is so slim that you never hear any horror stories from MySQL users.