I was wondering, what happens if you lose your phone, or if it is stolen? Are there any limits on how much you can 'spend via SMS'; perhaps the number of purchases is capped to N/day? Or it is just the responsibility of the owner to keep an eye on their phone?
That's a very good observation. My guess is that in the majority of the cases people bump into it by accident, therefore it is safe to say that pr0n found them (almost as in Soviet Russia:-), and not vice-versa.
Sure, once you've seen it, you'll probably look for more of that stuff; but would there be a greater demand in pr0n if these accidental discoveries weren't common?
Spam is a way to advertise a product. This means that there is some information which allows me to establish a connection to the physical entity that actually sells the thing being advertised.
Why not thoroughly read the spam-email and use the information they provide against them? For instance - if they leave their phone number, address or provide a URL, one can [actions] call that number or visit that place and fine them, press charges, 'politely ask them not to do that', and so on. In the case of the web-site, find who hosts them, ask the hosting service where payments come from, find who the payer is, goto [actions].
In other words, since we cannot eliminate the senders of the spam, we can eliminate those who pay those who send it [or create zombie networks to do the job, etc]
It might be expensive to pay these visits or fund the investigations, but in the long run it will save a lot more money [than the amount of money LOST because of spam, either for bandwidth, blocked networks, etc].
Eventually, the spammers will probably host their sites in countries that have no laws against spam, but in that case it will be much easier to ban those networks; which will lead to those states adopting the necessary laws to fight such businesses.
My question is - what makes this model not a good one? [certainly I'm not the only one with this idea; why hasn't it been tried?]
Windows is an operating system, not a SMTP server, or a product designed to send spam.
Extrapolating from your idea: we can blame it on the manufacturers who provide the hardware that makes networks possible - that will definitely eliminate spam and all the evil things Internet 'offers' us.
But the most important thing is that even is [by a miracle] Microsoft and Windows vanish from the face of the planet - spam will stay. In other words, your solution will not solve the problem.
This review seems to be nothing but a set of screenshots that illustrate the OS in one moment or another, meaning that it is just one of the many similar ones out there.
"Thanks to the Gnome Theme Manager it is also very easy to change and modify your desktop theme."
As if this was some sort of a new boombastic feature:-)
I am still waiting for a review which can explain a non-Linux person [such as myself] why the GUI is so slow. My guess is that the video card's hardware acceleration is not used. Other reviews [ http://www.stanton-finley.net/fedora_core_5_instal lation_notes.html ] were more helpful, and explained that this distro is not shipped with nVidia's or ATI's drivers. Moreover [taken from the above mentioned link]:
"The kernel that ships with the Fedora Core 5 release iso images is not compatible with third party 3D graphics acceleration drivers."
How is THAT supposed to NOT anti-attract a newbie?
Is there somebody who can explain things in a simple way?
First of all, have you considered the case in which your daughter's opponent could actually fight back and cause some real damage? Have you thought about the fact that your daughter could have accidentally hurt that bad_girl too bad?
You were lucky that things ended as they ended, but frankly, it was just luck; because there is a small probability that the developments could have followed a different scenario.
And I am surprised that as an adult, you advised that... and now you're writing how you managed to get out of this clean with the help of the lawyer and the copies of the complaints you submitted in the past.
While I agree with you in the long run, I still think that children need to be handled with care. - Have you tried talking to that girl's parents? - Why haven't you involved your lawyer at the time they simply ignored your letters?
As a kid, I used to be bugged by others who were stronger than me. Yes, that made school taste like hell to me. I simply couldn't imagine how it is possible to harass other people, not realizing that one day you may become a victim yourself. And because of that, I am not "blacklisting" you, as I've been in the shoes of a victim; however, I think that all "evil" must be eliminated by avoiding it, not by fighting back and letting it accumulate somewhere else (and then reach the surface).
Someone could deliberately change their writing style, hoping that would make the reader think that the author is from .
But that requires good language skills and knowledge of several foreign languages; I believe people who have these skills are too smart to be playing around with nasty things on the Internet.
Yeah right, are you kidding me? Where did you get that kind of statistics from?
I think phishers are everywhere, it's just that you and I get more of those things by email, because it comes without our asking for it. We normally stay away from nasty sites because we're tech-educated users - that makes it seem like phishing exists only in emails.
But phishers are everywhere, in case you don't see them, it doesn't mean they don't exist. My latest discovery was a computer back at the uni - the internet is very slow there, so I was surprised that the email service page opened really fast when I launched the browser.
Well, it wasn't really the mail server;-) it was a page on localhost, with all the forms and labels that exist on the real login page. The fun part is that when one entered their credentials, these were then redirected to the actual server [after being stored in a local database], so the mailbox opened and the victim had no reasons to believe that something went wrong.
You cannot fight this on the server side, because the server will only see that some data comes from a given client, not knowing that this was redirected from a local page. The credentials are valid, so why not?
I think the best way to protect yourself from these threats [if you can't watch your back without third party tools] is to get a password manager which binds the credentials to a URL. If the URL is bogus, the forms will simply not be filled automaticaly, and then you realize that you should take a better look at the address bar.
the phrase "Google it" is used maybe more than once a day
Sure, but that doesn't mean that they are indeed the best. I think that people will keep using 'to google' as a verb that represents 'internet search', but not necessarily a google-search.
A similar case is with Xerox; in my area, people say 'to xerox' and that means 'to make a copy', even though the copy machine that does the job is most likely to be a Canon, or some other non-Xerox brand.
Also, a lot of people say 'memory stick', while they refer to a usual USB flash drive.
Is Xerox the leader of copy-machines? Is Sony the leader of the flash-memory market? Even if 'to google' sticks to our vocabulary for the next couple of years, it doesn't mean that all our bases will belong to them until the universe will cease to exist.
The gas planets consist of a mixture of gases; there is no actual surface one could walk on.
How will it be possible to deploy some sort of a mining construction in such an environment? [not to mention its hostility: the temperatures, enormous gravity (ex: on Jupiter)
why wouldn't they just let me open a second account with the same e-mail
[A] Either there is a constraint which prohibits identical emails for different users (that's how they thought it should be); [B] or their database uses the email address as a key, thus there cannot be duplicates. If they designed the database schema in a different way, multiple emails would be possible, but it probably wasn't in their initial plans.
Migrating the content of one DB to another one (same data, but different table layout, and different integrity constraints, etc) is a very complex process. Unless you really know what you're doing, tuples might be lost, anomalies could be introduced, and so on. However, I am sure that PayPal folks have the money to pay for this; so it's probably [A].
I wish things were that way, but that is impossible in the world of today. Doing all that is the equivalent of ignoring many other problems our society faces at the moment.
Aren't you worried about drug research? What if AIDS kills us all before we reach step III?
This scheme might work if it is accepted at a global scale, but that will not happen, because our world is a world of contrasts. I believe your plan might become reality if the whole planet becomes a single nation. In that case space exploration WILL become a priority (otherwise we'll just die here when the resources are exhausted). But that is a very distant future.
That's a fair observation, I must say; but how is this a fraud? Did I lie to you or to anyone above?
I mentioned that certification is important and that not anyone can get it; I also wrote some arguments (you found them inconvincing, fine - we have different opinions) then I provided an example of an application that _is_ certified. You should check out NIST's records before announcing that somebody is 'a FRAUD'.
And finally, I never wrote that I am in no way connected to the company, so what you have 'revealed' was not hidden.
Yes, I do believe that Private Disk is a great application, which is why I brought it up. Somebody above called me a troll, just for the fact that I was insolent enough to say that TrueCrypt might not be perfect. That is what makes someone a troll? and that is what makes me 'a FRAUD'? Come on, if those were my intentions, I would've posted anonymously and that's it; people like you wouldn't be able to "google me out" and "bust the myth", instead I chose to openly share my thoughts. If you call an honest person 'a FRAUD', then you should redefine either 'honest' or 'fraud'.
Yes, I wish the software I promote to become more popular, but I haven't spammed you with news about it, didnt force you to buy it, didn't say that everybody else sucks and that all your bases are not your bases anymore:-)
Back a few years I read a great book - Creierul, O enigma descifrata, translated from Romanian, it means "The brain - a deciphered enigma". The author named the concept "MDT: Modeling Device Theory"; the brain is treated as a device that is designed to make predictions about the real world, based on the input from the organs and the experience of the person (which is structured in models).
The book is fantastic, the author proposes an abstract model that explains how the brain works at the software level. The model is able to explain many things, including God [why we need such an entity, and what its actual role is], and love.
The idea is that the brain operates with models, which are meant to make predictions of the future, ones that are as accurate as possible. If a prediction is incorrect, the model is updated, hence the future predictions [based on that model] will be closer to the real deal. There are different models, such as school, internet, apple, etc. The models are inter-connected [think of a graph with a helluvalot of nodes]. The model "school" can be connected with the model "internet", which in its turn is connected with the model "slashdot", and so on.
Love is one of such models, what makes it different is the number of other nodes it has connections with.
Back to school and internet and slashdot: I have internet access at school, and that's where I read slashdot. If you take the school-model out, it's not a big deal; I can use another one, for instance "internet-cafe", and substitute the "dead" one with it.
That's not the case of love - take the dear person away, and the model-structure might collapse, because the absent model cannot be substituted.
This was a very generalized description. The idea is that love is just a software-level dependence: many other models point to it, and if love disappears, whatever you try to do - you get something like a null-pointer assignment.
If you understand Romanian - this book is definitely worth it!
Yes. Ever heard of test vectors? It's easy to verify if a cipher is correctly implemented using official test vector sets
I am not an expert in the field, but still, I am interested in the explanation of this: the same output can be generated in more than one way, even if the input is the same. Can someone really good at hi-tech maths come up with a nifty method that will generate the right output for the specified input AND do some background stuff, without getting caught? Think of it as of an obfuscated C analog in math/cryptography/etc.
The most important point is, however, that being open source is a _premise_ of any security software that is to be trusted by general public. Closed source security is not real security.
I understand the idea, but then, if we follow the same logic - how is open source security real security when it relies on methods chosen by the government?
The S-boxes weren't there in IBM's initial DES design, then they were added, and the explanation of their appearance is still a mistery. So we have to face the fact that we are still clueless about what they really^ do. If I were the government, I'd sure as hell implement all the backdoors in the algorithms themselves, not in the software that applies them. This is the low-level way to do the job cleanly.
So we don't trust the government, yet we trust the algorithms it chose for us. Perhaps it would be 100% backdoor-free if the algorithms themselves were developed by the open-source community; but it seems that mathematicians, unlike programmers, cannot work on pure enthusiasm. Peer-review? Yes, take the official FIPS doc written by the government, and make sure that programmers have followed that correctly. That will prove that programmers do what the doc says, not that programmers did something that has no backdoors [regardless of their doing it consciously or not].
My general conclusion is that if the government wants to screw us - they'll find ways to do it. IMHO 'fixing' the algorithm is the most efficient way to silently screw everybody.
^ - i.e. not what they tell us they actually do, but what they really actually do (if I can express myself that way).
Well, TrueCrypt is freeware and open-source, but there is also another aspect that has to be taken into account - it is NOT a certified product.
Institutions such as NIST test the implementations of the algorithms, then the program either gets certified or not.
The problem is that without certification, we do not know whether what they've implemented is what they think they've implemented*.
The point is that they might use some obscure algorithm nobody knows - which has no guaranteed strength; thus one cannot rely on it. They can also implement standard algorithms such as AES or DES - but were they correctly implemented?
Sure - "why don't you take the sources and look at them yourself?" some might say, but is everybody competent enough to do that?
On the other hand, implementing something and then certifying it, means that:
[a] it was done right
[b] it is as strong as the standard says
In the case of encryption, the strength is in the key itself and in the mathematical basis of the algorithm, NOT in the obscurity of the mechanisms applied within the software.
One minor thing - NIST certification is expensive, I doubt TrueCrypt will pass it, unless some company pays for this. Commercial encryption software is a different thing, if they want to be treated seriously, they must go for it. An example is Private Disk.
* an old saying:
"The problem with computer programs and programmers is that the program does what the programmer wrote, not what he thought he wrote".
In poor states [such as the one I'm in], people use to work abroad, where earnings are much better. When they gather sufficient resources, they get back to their home-country, do NOT invest money in the contry's economy, instead they decide to buy things produced in other states, including the one they've just come from.
In other words, if I went to work in Elbonia - I would support their economy by producing something for them or offering a specific service; and when I'm back, I buy elbonian products, thus the money I've earned go back to Elbonia.
True, this will revive the elbonian economy, but not that it leads to the decline of my state's economy [as in a zero-sum game]; however, this will make progress slower for me and my fellow-citizens.
And in the long run, perhaps our entire civilization IS involved in a zero-sum game? If it is not, then perhaps it still takes some time until we realize it is.
I think I can make an addition here. At the university, I often exchange my programs and papers with my colleagues; we analyze each other's works and then discuss them and share the experience.
A few days ago, I was chatting with another student from the same uni (but a couple of years younger), she takes the same class and was assigned a task similar to the one I had when I was at her age.
I found out that she purchased from someone a bundle of projects for that class... And among them was one signed with my name.
And then I realized that somebody took the product of my work without my knowing it, and then fucking SOLD it to somebody, so that they could just change the name and give it as their own... Dammit..
That happened to me before too, but in none of the cases the project was paid for.
In my university there are multiple places where you can print out your stuff in exchange for a small fee. Well, it seems that it is THE place where all the leaks happen, the guys do a ctrl+C / ctrl+V before they do a ctrl+P.
Conclusions: - never print your stuff on computers that do not belong to you - use some sort of copy protection.. a PDF that doesn't allow you to copy/print comes into mind:-) One can easily get over this, but at least it's better than nothing.
Guys, now I happen to be on the other end of the barricades amid this DRM conflict, and it doesn't feel good.
You can get a free certificate on this site, and there are others who issue free certificates; though they are only for testing purposes and expire fast (unlike the ones from Dekart).
Browsing signed emails is s-l-o-w, at least with exchange.
Yep, and also, mail clients usually make a copy of your outgoing messages, but it is encrypted NOT with the recepient's key (otherwise you wouldn't be able to read the stuff in your Sent Mail folder). So not only that it is slower, but it actually takes twice the space!
External devices that have a USB interface are subject to a different problem - unsafe hardware removal.
I've seen many cases in which everything was gone because somebody wasn't pacient enough to wait until the device could be safely removed. So I would make sure that this risk is handled too. Otherwise losing data in such a way will be more frequent than losing data 'via' CDs.
you might want to watch this movie, it illustrates a similar idea.
Also, some time in the past I read a book by the Strugatski brothers, ah, I forgot the title; anyway, there was this state that placed special towers all over their territory, and the towers had an impact on the population's way of thinking. Therefore it was easier to control them. There were also a few people who were not affected by the towers, they had to get outta there, because the government kept searching and eliminating them, one by one.
Anyway, the point is that this idea has been explored multiple times.
Slashdot Mirror
I see, so this thing is indeed real.
I was wondering, what happens if you lose your phone, or if it is stolen? Are there any limits on how much you can 'spend via SMS'; perhaps the number of purchases is capped to N/day? Or it is just the responsibility of the owner to keep an eye on their phone?
I've heard that they also have a system which allows one to do payments via SMS, everything will become a part of the phone bill.
Is that correct? Can somebody provide more details?
That's a very good observation. My guess is that in the majority of the cases people bump into it by accident, therefore it is safe to say that pr0n found them (almost as in Soviet Russia :-), and not vice-versa.
Sure, once you've seen it, you'll probably look for more of that stuff; but would there be a greater demand in pr0n if these accidental discoveries weren't common?
Spam is a way to advertise a product. This means that there is some information which allows me to establish a connection to the physical entity that actually sells the thing being advertised.
Why not thoroughly read the spam-email and use the information they provide against them? For instance - if they leave their phone number, address or provide a URL, one can [actions] call that number or visit that place and fine them, press charges, 'politely ask them not to do that', and so on. In the case of the web-site, find who hosts them, ask the hosting service where payments come from, find who the payer is, goto [actions].
In other words, since we cannot eliminate the senders of the spam, we can eliminate those who pay those who send it [or create zombie networks to do the job, etc]
It might be expensive to pay these visits or fund the investigations, but in the long run it will save a lot more money [than the amount of money LOST because of spam, either for bandwidth, blocked networks, etc].
Eventually, the spammers will probably host their sites in countries that have no laws against spam, but in that case it will be much easier to ban those networks; which will lead to those states adopting the necessary laws to fight such businesses.
My question is - what makes this model not a good one? [certainly I'm not the only one with this idea; why hasn't it been tried?]
Windows is an operating system, not a SMTP server, or a product designed to send spam.
Extrapolating from your idea: we can blame it on the manufacturers who provide the hardware that makes networks possible - that will definitely eliminate spam and all the evil things Internet 'offers' us.
But the most important thing is that even is [by a miracle] Microsoft and Windows vanish from the face of the planet - spam will stay. In other words, your solution will not solve the problem.
This review seems to be nothing but a set of screenshots that illustrate the OS in one moment or another, meaning that it is just one of the many similar ones out there.
:-)
l lation_notes.html ] were more helpful, and explained that this distro is not shipped with nVidia's or ATI's drivers. Moreover [taken from the above mentioned link]:
"Thanks to the Gnome Theme Manager it is also very easy to change and modify your desktop theme." As if this was some sort of a new boombastic feature
I am still waiting for a review which can explain a non-Linux person [such as myself] why the GUI is so slow. My guess is that the video card's hardware acceleration is not used. Other reviews [ http://www.stanton-finley.net/fedora_core_5_insta
"The kernel that ships with the Fedora Core 5 release iso images is not compatible with third party 3D graphics acceleration drivers."
How is THAT supposed to NOT anti-attract a newbie?
Is there somebody who can explain things in a simple way?
I am not a parent, but I believe you were wrong.
First of all, have you considered the case in which your daughter's opponent could actually fight back and cause some real damage?
Have you thought about the fact that your daughter could have accidentally hurt that bad_girl too bad?
You were lucky that things ended as they ended, but frankly, it was just luck; because there is a small probability that the developments could have followed a different scenario.
And I am surprised that as an adult, you advised that... and now you're writing how you managed to get out of this clean with the help of the lawyer and the copies of the complaints you submitted in the past.
While I agree with you in the long run, I still think that children need to be handled with care.
- Have you tried talking to that girl's parents?
- Why haven't you involved your lawyer at the time they simply ignored your letters?
As a kid, I used to be bugged by others who were stronger than me. Yes, that made school taste like hell to me. I simply couldn't imagine how it is possible to harass other people, not realizing that one day you may become a victim yourself. And because of that, I am not "blacklisting" you, as I've been in the shoes of a victim; however, I think that all "evil" must be eliminated by avoiding it, not by fighting back and letting it accumulate somewhere else (and then reach the surface).
Someone could deliberately change their writing style, hoping that would make the reader think that the author is from .
But that requires good language skills and knowledge of several foreign languages; I believe people who have these skills are too smart to be playing around with nasty things on the Internet.
"so nobody uses SMTP clients anymore"
;-) it was a page on localhost, with all the forms and labels that exist on the real login page. The fun part is that when one entered their credentials, these were then redirected to the actual server [after being stored in a local database], so the mailbox opened and the victim had no reasons to believe that something went wrong.
Yeah right, are you kidding me? Where did you get that kind of statistics from?
I think phishers are everywhere, it's just that you and I get more of those things by email, because it comes without our asking for it. We normally stay away from nasty sites because we're tech-educated users - that makes it seem like phishing exists only in emails.
But phishers are everywhere, in case you don't see them, it doesn't mean they don't exist. My latest discovery was a computer back at the uni - the internet is very slow there, so I was surprised that the email service page opened really fast when I launched the browser.
Well, it wasn't really the mail server
You cannot fight this on the server side, because the server will only see that some data comes from a given client, not knowing that this was redirected from a local page. The credentials are valid, so why not?
I think the best way to protect yourself from these threats [if you can't watch your back without third party tools] is to get a password manager which binds the credentials to a URL. If the URL is bogus, the forms will simply not be filled automaticaly, and then you realize that you should take a better look at the address bar.
A similar case is with Xerox; in my area, people say 'to xerox' and that means 'to make a copy', even though the copy machine that does the job is most likely to be a Canon, or some other non-Xerox brand.
Also, a lot of people say 'memory stick', while they refer to a usual USB flash drive.
Is Xerox the leader of copy-machines? Is Sony the leader of the flash-memory market? Even if 'to google' sticks to our vocabulary for the next couple of years, it doesn't mean that all our bases will belong to them until the universe will cease to exist.
The gas planets consist of a mixture of gases; there is no actual surface one could walk on.
How will it be possible to deploy some sort of a mining construction in such an environment? [not to mention its hostility: the temperatures, enormous gravity (ex: on Jupiter)
Migrating the content of one DB to another one (same data, but different table layout, and different integrity constraints, etc) is a very complex process. Unless you really know what you're doing, tuples might be lost, anomalies could be introduced, and so on. However, I am sure that PayPal folks have the money to pay for this; so it's probably [A].
I wish things were that way, but that is impossible in the world of today. Doing all that is the equivalent of ignoring many other problems our society faces at the moment.
Aren't you worried about drug research? What if AIDS kills us all before we reach step III?
This scheme might work if it is accepted at a global scale, but that will not happen, because our world is a world of contrasts. I believe your plan might become reality if the whole planet becomes a single nation. In that case space exploration WILL become a priority (otherwise we'll just die here when the resources are exhausted). But that is a very distant future.
That's a fair observation, I must say; but how is this a fraud? Did I lie to you or to anyone above?
:-)
I mentioned that certification is important and that not anyone can get it; I also wrote some arguments (you found them inconvincing, fine - we have different opinions) then I provided an example of an application that _is_ certified. You should check out NIST's records before announcing that somebody is 'a FRAUD'.
And finally, I never wrote that I am in no way connected to the company, so what you have 'revealed' was not hidden.
Yes, I do believe that Private Disk is a great application, which is why I brought it up. Somebody above called me a troll, just for the fact that I was insolent enough to say that TrueCrypt might not be perfect. That is what makes someone a troll? and that is what makes me 'a FRAUD'? Come on, if those were my intentions, I would've posted anonymously and that's it; people like you wouldn't be able to "google me out" and "bust the myth", instead I chose to openly share my thoughts. If you call an honest person 'a FRAUD', then you should redefine either 'honest' or 'fraud'.
Yes, I wish the software I promote to become more popular, but I haven't spammed you with news about it, didnt force you to buy it, didn't say that everybody else sucks and that all your bases are not your bases anymore
Back a few years I read a great book - Creierul, O enigma descifrata, translated from Romanian, it means "The brain - a deciphered enigma". The author named the concept "MDT: Modeling Device Theory"; the brain is treated as a device that is designed to make predictions about the real world, based on the input from the organs and the experience of the person (which is structured in models).
The book is fantastic, the author proposes an abstract model that explains how the brain works at the software level. The model is able to explain many things, including God [why we need such an entity, and what its actual role is], and love.
The idea is that the brain operates with models, which are meant to make predictions of the future, ones that are as accurate as possible. If a prediction is incorrect, the model is updated, hence the future predictions [based on that model] will be closer to the real deal. There are different models, such as school, internet, apple, etc. The models are inter-connected [think of a graph with a helluvalot of nodes]. The model "school" can be connected with the model "internet", which in its turn is connected with the model "slashdot", and so on.
Love is one of such models, what makes it different is the number of other nodes it has connections with.
Back to school and internet and slashdot: I have internet access at school, and that's where I read slashdot. If you take the school-model out, it's not a big deal; I can use another one, for instance "internet-cafe", and substitute the "dead" one with it.
That's not the case of love - take the dear person away, and the model-structure might collapse, because the absent model cannot be substituted.
This was a very generalized description. The idea is that love is just a software-level dependence: many other models point to it, and if love disappears, whatever you try to do - you get something like a null-pointer assignment.
If you understand Romanian - this book is definitely worth it!
I understand the idea, but then, if we follow the same logic - how is open source security real security when it relies on methods chosen by the government?
The S-boxes weren't there in IBM's initial DES design, then they were added, and the explanation of their appearance is still a mistery. So we have to face the fact that we are still clueless about what they really^ do. If I were the government, I'd sure as hell implement all the backdoors in the algorithms themselves, not in the software that applies them. This is the low-level way to do the job cleanly.
So we don't trust the government, yet we trust the algorithms it chose for us. Perhaps it would be 100% backdoor-free if the algorithms themselves were developed by the open-source community; but it seems that mathematicians, unlike programmers, cannot work on pure enthusiasm. Peer-review? Yes, take the official FIPS doc written by the government, and make sure that programmers have followed that correctly. That will prove that programmers do what the doc says, not that programmers did something that has no backdoors [regardless of their doing it consciously or not].
My general conclusion is that if the government wants to screw us - they'll find ways to do it. IMHO 'fixing' the algorithm is the most efficient way to silently screw everybody.
^ - i.e. not what they tell us they actually do, but what they really actually do (if I can express myself that way).
Institutions such as NIST test the implementations of the algorithms, then the program either gets certified or not.
The problem is that without certification, we do not know whether what they've implemented is what they think they've implemented*.
The point is that they might use some obscure algorithm nobody knows - which has no guaranteed strength; thus one cannot rely on it. They can also implement standard algorithms such as AES or DES - but were they correctly implemented?
Sure - "why don't you take the sources and look at them yourself?" some might say, but is everybody competent enough to do that?
On the other hand, implementing something and then certifying it, means that:
[a] it was done right
[b] it is as strong as the standard says
In the case of encryption, the strength is in the key itself and in the mathematical basis of the algorithm, NOT in the obscurity of the mechanisms applied within the software.
One minor thing - NIST certification is expensive, I doubt TrueCrypt will pass it, unless some company pays for this. Commercial encryption software is a different thing, if they want to be treated seriously, they must go for it. An example is Private Disk.
* an old saying:
I think it does, but it depends on the case.
In poor states [such as the one I'm in], people use to work abroad, where earnings are much better. When they gather sufficient resources, they get back to their home-country, do NOT invest money in the contry's economy, instead they decide to buy things produced in other states, including the one they've just come from.
In other words, if I went to work in Elbonia - I would support their economy by producing something for them or offering a specific service; and when I'm back, I buy elbonian products, thus the money I've earned go back to Elbonia.
True, this will revive the elbonian economy, but not that it leads to the decline of my state's economy [as in a zero-sum game]; however, this will make progress slower for me and my fellow-citizens.
And in the long run, perhaps our entire civilization IS involved in a zero-sum game? If it is not, then perhaps it still takes some time until we realize it is.
Will somebody please make up an 'In Soviet Russia' joke?
What's wrong with you, slashdot? Somebody? Please?!
I think I can make an addition here. At the university, I often exchange my programs and papers with my colleagues; we analyze each other's works and then discuss them and share the experience.
:-) One can easily get over this, but at least it's better than nothing.
A few days ago, I was chatting with another student from the same uni (but a couple of years younger), she takes the same class and was assigned a task similar to the one I had when I was at her age.
I found out that she purchased from someone a bundle of projects for that class... And among them was one signed with my name.
And then I realized that somebody took the product of my work without my knowing it, and then fucking SOLD it to somebody, so that they could just change the name and give it as their own... Dammit..
That happened to me before too, but in none of the cases the project was paid for.
In my university there are multiple places where you can print out your stuff in exchange for a small fee. Well, it seems that it is THE place where all the leaks happen, the guys do a ctrl+C / ctrl+V before they do a ctrl+P.
Conclusions:
- never print your stuff on computers that do not belong to you
- use some sort of copy protection.. a PDF that doesn't allow you to copy/print comes into mind
Guys, now I happen to be on the other end of the barricades amid this DRM conflict, and it doesn't feel good.
You can get a free certificate on this site, and there are others who issue free certificates; though they are only for testing purposes and expire fast (unlike the ones from Dekart).
Browsing signed emails is s-l-o-w, at least with exchange.
Yep, and also, mail clients usually make a copy of your outgoing messages, but it is encrypted NOT with the recepient's key (otherwise you wouldn't be able to read the stuff in your Sent Mail folder). So not only that it is slower, but it actually takes twice the space!
External devices that have a USB interface are subject to a different problem - unsafe hardware removal.
I've seen many cases in which everything was gone because somebody wasn't pacient enough to wait until the device could be safely removed. So I would make sure that this risk is handled too. Otherwise losing data in such a way will be more frequent than losing data 'via' CDs.
you might want to watch this movie, it illustrates a similar idea.
Also, some time in the past I read a book by the Strugatski brothers, ah, I forgot the title; anyway, there was this state that placed special towers all over their territory, and the towers had an impact on the population's way of thinking. Therefore it was easier to control them. There were also a few people who were not affected by the towers, they had to get outta there, because the government kept searching and eliminating them, one by one.
Anyway, the point is that this idea has been explored multiple times.
what's the difference between "max 32" and "up to 32"? :-)
Try these
:-)
Private Disk (lots of features, highly customizeable)
Private Disk Multifactor (Comes with biometry and smart card authentication)
Private Disk Light (this is the free version)
I wrote about these tools in an earlier post. I am very satisfied with this thing, bought it for half the price - student discount