There's no need to dig even particularly deep, Gimp is far, far behind Photoshop in terms of functionality.
If all you do is crop and polish the occasional JPEG from your digital camera, you might not notice. But if you're any kind of professional, Gimp is a joke.
And even with Photoshop not exactly being a paragon of good interface design, Gimp manages to be much, much worse.
So what exactly is that that you think malware wants to do that it can do as root but not as a user?
Re:Python is part of the answer
on
Open Source Math
·
· Score: 2, Insightful
You are confusing maths and physics. Mathematicians do not care about galaxies, nor the "real world" at all. Their proofs and theorems live entirely in the world of abstract logic.
the reason for dalvik is entirely technical. Incorrect. There is a very big legal issue in that Sun does not allow non-GPLed software to run on the GPLed mobile Java unless you buy a license. That is what this, and many previous and no doubt many future stories are about.
Java on the desktop is GPLed, with an extra exception that allows non-GPL software to run on it.
JavaME does not have this exception, thus forcing phone manufacturers to pay for a commercial license to escape having to GPL their entire software stacks (which they will not and often can not do).
And that is why Google made their own VM, to work around this huge limitation Sun put in to protect their profits.
(2) Microsoft has said that this is a redundant key in case the first key is lost. We all know that is a bogus explanation. We do not. All we know is that it doing things this way would be sloppy, but who ever claimed Microsoft were good at doing things the right way? It may be bogus, or it may just be stupidity on the part of Microsoft. We simply do not know.
(4) The key is for access to the encryption system, the Cryptographic API. (5) The key is used to update the cryptography components, and we all know that if you can update one component, you can update any. And what is your attack scenario for using this supposed backdoor?
This is valid because it is the same basic motive, spy on people's communications, and the same people NSA. You are begging the question by claiming it "the same basic motive", as you do not know the motive, and again when you say the same people, because you do not know that either.
Why is it so hard to believe or accept that an encryption key named NSAKEY in a large government contractor's software: Windows, wouldn't be for the NSA? Because the NSA has not traditionally been in the business of weakening encryption, but strengthening it. The wiretapping thing is by all indications a very recent development, and it has shocked many because the NSA has been so very strongly against doing that sort of thing in the past. As the NSAKEY thing happened quite some time in the past, you'd have to show that the NSA would actually want to do such a thing at that time, which by most indications they would not.
The original quote is a quite a bit older than Churchill, and the flavour of it is also quite different. The one you quoted is quite butchered, and says something else entirely from what the original meant to convey.
Thanks to an anonymous poster for digging that link out earlier.
Show me one a single example of what kind of maliciousness the secret rooms in the telcos is supposed to represent. Completely unrelated to the topic at hand. Don't act like an idiot, please.
The issue is that the back door is there, that we *can* know. What back door? That's what I was asking. How is NSAKEY supposed to be a back door? What can the NSA do if they, as the still unproven accusation goes, have the opposite key to NSAKEY?
I was asking for some proof that the whole NSAKEY deal was anything other than a storm in a teacup. Like, a single example of what kind of maliciousness it was supposed to represent.
Note that if the NSA *had* designed all 4 algorithms, the fact that the described attack is specific only to one of them would not particulary calm my suspicions. Perhaps not, but even so your original statement would still be false, as the attack was very specific to that algorithm. Of course there could have been backdoors in the others, but they would have to be entirely unrelated ones.
The only thing I remember clearly was that no respectable security professional ever found any actual backdoor. There was only ever those six letters, nothing else.
Huh? You seem to be implying either that the algorithm criticized by Bruce is in fact secure, or that the insecure algorithm is unlike the other three in some way that renders the other three immune to a similar insecurity. Neither implication makes any sense. Sorry, the second implication is both completely true, and makes perfect sense. I don't really understand how you could claim otherwise.
It is unlike the other three, just as the other three are all unlike each other. It uses elliptic curves, where the other three don't, and the attack is specific to elliptic curves.
Thanks ever so much for the feature-checklist defense. That's the exact thing that is holding phone development back - the inability to see past the feature list that says "MP3 player!" and realize that that MP3 player is clumsy and unusable.
The iPhone is breaking new ground exactly because it is prettier, smoother and more friendly. That is what I was talking about from the start.
Thanks for posting the exact same thing that was already posted, and showing a complete lack of understanding of the entire concept of interface design.
right when sun is doing the right thing by releasing a GPL'ed Java Except that is the exact reason they did what they did. Sun's license requires all surrounding code to also be GPL'd on mobile platforms (but have a special exception for this for the desktop version). This is basically so that phone providers, who neither want nor can release this code have to pay them for commercial licenses.
The last thing you want is a "whole world of potential interface designs", because that just means companies that won't put the effort into proper interface design will make more horrible interfaces, but now they'll use fancy 3d effects.
This is looking decidedly un-exciting so far. It looks like an API to make more of the exact same kind of garbage that has been produced by phone makers so far.
What phones desperately need is much, much better interface design. That's not solved by a new OS, and it's certainly not solved by one whose emulator has eleven funcion keys above the keypad.
Apple is breaking new ground, but this seems planted squarely in the past.
I could be wrong, I hope I am wrong, but I don't see it yet.
Slashdot Mirror
There's no need to dig even particularly deep, Gimp is far, far behind Photoshop in terms of functionality.
If all you do is crop and polish the occasional JPEG from your digital camera, you might not notice. But if you're any kind of professional, Gimp is a joke.
And even with Photoshop not exactly being a paragon of good interface design, Gimp manages to be much, much worse.
The only one malware wants to do is the rootkit one, and even that is just a bonus. It can do its real work just fine without it.
So what exactly is that that you think malware wants to do that it can do as root but not as a user?
You are confusing maths and physics. Mathematicians do not care about galaxies, nor the "real world" at all. Their proofs and theorems live entirely in the world of abstract logic.
Incorrect.
Java on the desktop is GPLed, with an extra exception that allows non-GPL software to run on it.
JavaME does not have this exception, thus forcing phone manufacturers to pay for a commercial license to escape having to GPL their entire software stacks (which they will not and often can not do).
And that is why Google made their own VM, to work around this huge limitation Sun put in to protect their profits.
(5) The key is used to update the cryptography components, and we all know that if you can update one component, you can update any. And what is your attack scenario for using this supposed backdoor? This is valid because it is the same basic motive, spy on people's communications, and the same people NSA. You are begging the question by claiming it "the same basic motive", as you do not know the motive, and again when you say the same people, because you do not know that either. Why is it so hard to believe or accept that an encryption key named NSAKEY in a large government contractor's software: Windows, wouldn't be for the NSA? Because the NSA has not traditionally been in the business of weakening encryption, but strengthening it. The wiretapping thing is by all indications a very recent development, and it has shocked many because the NSA has been so very strongly against doing that sort of thing in the past. As the NSAKEY thing happened quite some time in the past, you'd have to show that the NSA would actually want to do such a thing at that time, which by most indications they would not.
Perhaps you should have looked just a bit closer.
http://answers.google.com/answers/threadview?id=374518
The original quote is a quite a bit older than Churchill, and the flavour of it is also quite different. The one you quoted is quite butchered, and says something else entirely from what the original meant to convey.
Thanks to an anonymous poster for digging that link out earlier.
Churchill meant nothing, as he never said that. The original quote is quite different in flavour:
http://answers.google.com/answers/threadview?id=374518 (Thanks to another poster earlier in the thread.)
I was asking for some proof that the whole NSAKEY deal was anything other than a storm in a teacup. Like, a single example of what kind of maliciousness it was supposed to represent.
You are the person making the claim, the job to supply proof is yours. Do it, or retract your claim.
No, that's what crackpots and people with an axe to grind with Microsoft claimed it was.
If you know different, please quote a reliable source. That would mean a real security researcher.
The only thing I remember clearly was that no respectable security professional ever found any actual backdoor. There was only ever those six letters, nothing else.
No, the correct word to use is "may". Anything else would be intellectual dishonesty of the worst kind.
Most cryptosystems rely on extremely strong random number generators. Anything less would make them utterly worthless.
It is unlike the other three, just as the other three are all unlike each other. It uses elliptic curves, where the other three don't, and the attack is specific to elliptic curves.
For your entertainment, here's the Slashdot discussion of Wikileaks when it was first announced.
Try to see how many claims you can find that the site is either a scam, or dead on arrival!
Thanks ever so much for the feature-checklist defense. That's the exact thing that is holding phone development back - the inability to see past the feature list that says "MP3 player!" and realize that that MP3 player is clumsy and unusable.
The iPhone is breaking new ground exactly because it is prettier, smoother and more friendly. That is what I was talking about from the start.
So... Letting people make non-free software is evil, but charging people money to make non-free software is not?
Thanks for posting the exact same thing that was already posted, and showing a complete lack of understanding of the entire concept of interface design.
The last thing you want is a "whole world of potential interface designs", because that just means companies that won't put the effort into proper interface design will make more horrible interfaces, but now they'll use fancy 3d effects.
This is looking decidedly un-exciting so far. It looks like an API to make more of the exact same kind of garbage that has been produced by phone makers so far.
What phones desperately need is much, much better interface design. That's not solved by a new OS, and it's certainly not solved by one whose emulator has eleven funcion keys above the keypad.
Apple is breaking new ground, but this seems planted squarely in the past.
I could be wrong, I hope I am wrong, but I don't see it yet.