Why was the secret key inside the device?
on
PS3 Root Key Found
·
· Score: 1
Can someone explain what is the rationale behind keeping the private key inside the device?
If it needed to verify the authenticity of digitally signed applications, did it not need to have just the public key that corresponds to the private key of the signer?
Note: I'm one of the authors, if you could take some time to describe your thoughts about this, I'd be very grateful.
The reason I ask is because the "three step decision-making process" you describe does not seem to be universal. For example, I expect games to be fun, but I don't expect an IDE or a video player to be fun, I expect it to work. Can you elaborate on the fun part?
Point #3 is about making more profit, it is a reasonable requirement; but some items are important, even though they don't bring you any money. Ex: a better lamp can make you feel better and make you more productive, but you'd never say that the lamp actually gave you money.
He argues that there are several things that matter more; one that matters the most is the perceived fairness of the queue.
It doesn't matter if the line is long, or that you have to wait slightly longer; what matters is that everybody waits roughly the same amount of time, and there is no way to cheat in such a system.
Giving up control is a feature. When you have options to choose from, there is a chance that you made a sub-optimal choice. In the case of a single line - you are certain you chose the fastest option;-)
The highlight of the paper is that in the context of customer satisfaction, perceivedPerformance > actualPerformance.Whether this rule is the same when it comes to counting the profit - is another matter.
Why not? - who knows the Windows API and the OS internals better than the folks from Microsoft?* - a virus is not exploiting a flaw in the OS, it is just a malicious executable; malicious executables can be written for any platform**
* In my company we have a program that is a kernel mode filter driver for file systems; it filters all the IRPs (requests to interact with file system objects) and using a certain set of criteria, either allows or denies the request. There are many flavours of antiviruses that cause a BSOD when they cannot access a file (I guess they didn't saw it coming, so their code has no handler for such cases because it is inconceivable that sometimes the code execution takes a branch that is different from the developers' neat test environment...)
** If you don't stick to the classic definition of the term "virus" and define it in such a way that it includes any type of malware - then yes, things are different.
There is an interesting book, called "A general theory of love", it describes a model - the triune brain*, which stipulates that the brain is made from 3 different regions (reptilian, limbic, neocortex) and explains how they interact with each other.
The authors provide a lot of examples which illustrate that in the case of mammals, nurture plays a very important role. Children who do not play, or who don't hang out with other humans grow up to be solitary, lacking social skills, their lives are shorter, they get sick more often, etc.
Experiments with other primates yield similar results; read about "the wire mother" and "the pit of despair".
Insects have a much more simple nervous system; the findings described in the article mean that even at such levels - there's still something that can override whatever is defined in the DNA. In the case of complex life forms with a neocortex - this wouldn't be a surprise; I'm impressed by the fact that bees have such a feature.
* The triune brain model is known to have some issues, but it is still an interesting read.
Wouldn't it be cheaper to host it inside the Tor network?
It may not be fast, but talking to a server in orbit isn't going to be much faster. Besides, you don't have to think about "radiation vs hardware", and there is no specific target one can "accidentally" destroy, because the location of the server cannot be determined.
Do you also not take your time when you go to another country and meet new people?
I guess this depends on what brought the aliens here. If they were hungry - we're dinner. If they were explorers who look for interaction - I don't see why they wouldn't try to study us and devise a communication protocol.
Numerous studies have shown detrimental effects to child brain development associated with the early introduction of television and computers. Can you provide some references to such articles please?
I am planning to write some bed-time stories for children (to optimize the development of analytical skills, among other objectives); such studies will help me see a better picture.
Hmmm.. An alternative to that would be "the first thing AI does - invent the concept of 'god'".
In rough terms, I can say that humans use god as a stub, or some sort of a dummy function that always returns "true". This allows us to go on with our calculations (problems in life) without getting stuck, waiting while a function returns; or getting lost in an infinite recursion.
It could be a function like WhatDoIDoWhenResourcesAreOver() - if you know that eventually it returns "you die", then maybe suicide is an option. But there are alternatives - ex: postpone the decision making process (i.e. procrastinate); call another function and expect that the returned result will help you with the previous function in the stack.
Isn't this is how science works for humanity? We don't know what's out there, so we keep expanding the circle of our knowledge (and the area of darkness surrounding it). Do we already know that we are doomed? What would humanity do if the answer was found out?
If a computer had to answer that question, would it not get stuck in an infinite depth recursion? If it knew it would, is it reasonable to assume it would devise stubs that would prevent that from happening?
I also think that a true AI would have to include some sort of imperfection it its modus operandi. Otherwise it would get stuck preparing its experiments, as it will take a lot of resources to prepare the perfect environment (many variables to take into account), or it would have to settle for a certain accuracy (thus allowing errors to happen). These errors can result in imperfect decisions; could they generate human-like, not-so-rational behaviour too?
My point is that unless a sentient machine allows errors, the first thing it really does it get stuck:-)
Nope, not even close. We are still in the early stages of simply characterizing the behavior of these 302 neurons. This sounds very interesting.
Am I correct when I interpret "behaviour" in your statement as "figure out what each neuron gives at the output when it gets a specific input"? Maybe that also implies another question, is the output of a neuron a function of its current state and its input, or does it also depend on the state of the other neurons?
- Can you explain what makes this process difficult? - What else is needed to simulate a neuron, besides its "behaviour"? (quoting that because I am not yet sure I understand you correctly)
The Romans killed one third of all Frenchmen. LITERALLY enslaved another third. And left the final third grovelling for mercy in a destroyed country.
Can you provide a citation for that? I wish to find out whether the Roman modus operandi was the same in other parts of the world. Specifically, I'm interested in how things went after they've conquered Dacia.
They occupied only a province of it, but the weird thing is that their language was assimilated by all the other tribes, with minimal resistance (thus the Romanian language was formed). The romans left after ~100 years, but it seems that was enough to get the job done.
So I'm wondering how that was possible. Some people say that the Dacian tribes were simply very good at foreign languages:-)
On the other hand, I cannot imagine that the Romans came with books and set up campfires and gathered the locals around and began to share Roman wisdom with them and singing "kumba-ya".
So, if you can provide some interesting sources of info on this, that would be greatly appreciated.
This is not possible because the card contains secret keys that are used when the phone registers on the network and authenticates itself.
These keys cannot be read, think of them as private members of a class - they can be accessed by the class itself (i.e. the SIM), but they are not seen on the outside.
The difference is that smart cards (a SIM card is a smart card with a file system that contains data specified in a standard, such as GSM 11.11) are designed to be tamper proof, so reverse engineering them and viewing the raw data (i.e. the secret key) is not practical.
When the phone connects to the network, the network says "encrypt this data with your key", there is some public function inside th card that takes the data and returns the encrypted value - which is then sent back to the network. Thus you can take part in challenge-response schemes, while the key is safely kept inside the card.
Only 4 comments, and someone already pointed that out; Slashdot is fast!
Are you from Romania or from Moldova (Republic of)? From what I know, not everyone in Romania wholeheartedly agrees that the states have to be reunited. The situation in Moldova itself is not clear either.
There is internal resistance on either side, I don't see how this integration will take place in the near future.
I have taken to using the on-screen keyboard so that I can enter with mouseclicks rather than keypresses if I'm on an untrusted machine, but other than that I can't do much else.
A mini-remark: typing stuff on an on-screen keyboard will not help you.
Of course, it depends on the type of keyboard you are using and on the platform, but for instance - Windows' osk.exe (the default one) works by sending WM_KEYUP and WM_KEYDOWN messages to an input window.
A keylogger that uses hooks to watch messages sent to that window will still see the keystrokes.
Here is what the article says: - such bombs were indeed used, 5 times throughout the history of the USSR - the first time it happened in September 1966 - it was a 30 kiloton payload, which was detonated 1.5 km underneath the surface - after that there were 3 other successful explosions of such kind - it once failed in 1972. The problem was that they "failed to cover an alternative gas fountain". I am not sure I know how to interpret that correctly, but from my understanding, there was an "escape tunnel" that lead to the surface of the planet, which they did not or could not block/cover. The result was that a "mushroom cloud" formed on the surface.
The article says the explosion compresses rocks (and all the stuff in the higher layers of the lithosphere), which block the channels from which the gas flows. Water could displace the rocks/matter underneath it - and achieve the same effect. That's a rough translation. EOF
The difference between their case and this case is that the explosions happened underground, at a depth of 1.5.. 2 km, those were NOT underwater explosions.
Another difference is that the Soviets used the method to deal with gas leaks, not oil leaks.
Maybe they should try using regular expressions instead?
* You could have done "fdisk/mbr" or "fixmbr" (as of Win XP) for free. * Some antivirus software comes with bootable CDs; I once used such a live CD from Kaspersky, it boots into a flavour of Linux, has a Windows-like GUI, understands NTFS volumes, connects to the Internet to retrieve the latest updates.
What about networks such as TOR, which are designed to make it impossible to track the originating host of a request?
Also, what if one redirects their requests through hosts that are located in countries outside the jurisdiction of the authority that wants to track the person?
A few months ago I was facing the same task - my conclusion was that asking people wasn't a good idea.
Options to choose from? Maybe... but ask them what they want - and you'll get a set of mutually exclusive requirements, or suggestions that are too expensive to implement, or layouts that conflict with somebody else's wish.
For example, person A wants to be seated near a window, person B wants to be facing the door (such that no one walks behind their back). It turns out they both want the same spot (such is the configuration of the room).
Everyone is an adult, everyone is a reasonable person with analytical skills - yet they weren't really cooperative, pretending they didn't see the XOR between their wish and someone else's wish.
My advice is to make sure that you have enough "dictator willpower" to enforce a decision in the end. Otherwise, if you give people a lot of freedom, they will feel discomfort when eventually you have no choice but to say "We'll do it my way" (they spent time drawing all those excellent sketches, and in the end you just discarded them;-).
Also, be prepared to be nagged in the future - "I told you we should've done X, didn't I?"
On the other hand, if you're just 4 people, and none of them is a female... maybe it will be easy:-)
Slashdot Mirror
Can someone explain what is the rationale behind keeping the private key inside the device?
If it needed to verify the authenticity of digitally signed applications, did it not need to have just the public key that corresponds to the private key of the signer?
If you're on Windows, can you tell me if you'd buy this one? http://private-disk.net/
Note: I'm one of the authors, if you could take some time to describe your thoughts about this, I'd be very grateful.
The reason I ask is because the "three step decision-making process" you describe does not seem to be universal. For example, I expect games to be fun, but I don't expect an IDE or a video player to be fun, I expect it to work. Can you elaborate on the fun part?
Point #3 is about making more profit, it is a reasonable requirement; but some items are important, even though they don't bring you any money. Ex: a better lamp can make you feel better and make you more productive, but you'd never say that the lamp actually gave you money.
is an essay written by Donald Norman, you can read it here: http://www.jnd.org/dn.mss/the_psychology_of_waiting_lines.html
He argues that there are several things that matter more; one that matters the most is the perceived fairness of the queue.
It doesn't matter if the line is long, or that you have to wait slightly longer; what matters is that everybody waits roughly the same amount of time, and there is no way to cheat in such a system.
Giving up control is a feature. When you have options to choose from, there is a chance that you made a sub-optimal choice. In the case of a single line - you are certain you chose the fastest option ;-)
The highlight of the paper is that in the context of customer satisfaction, perceivedPerformance > actualPerformance.Whether this rule is the same when it comes to counting the profit - is another matter.
Why not?
- who knows the Windows API and the OS internals better than the folks from Microsoft?*
- a virus is not exploiting a flaw in the OS, it is just a malicious executable; malicious executables can be written for any platform**
* In my company we have a program that is a kernel mode filter driver for file systems; it filters all the IRPs (requests to interact with file system objects) and using a certain set of criteria, either allows or denies the request. There are many flavours of antiviruses that cause a BSOD when they cannot access a file (I guess they didn't saw it coming, so their code has no handler for such cases because it is inconceivable that sometimes the code execution takes a branch that is different from the developers' neat test environment ...)
** If you don't stick to the classic definition of the term "virus" and define it in such a way that it includes any type of malware - then yes, things are different.
Uhmm... the three of us.
There is an interesting book, called "A general theory of love", it describes a model - the triune brain*, which stipulates that the brain is made from 3 different regions (reptilian, limbic, neocortex) and explains how they interact with each other.
The authors provide a lot of examples which illustrate that in the case of mammals, nurture plays a very important role. Children who do not play, or who don't hang out with other humans grow up to be solitary, lacking social skills, their lives are shorter, they get sick more often, etc.
Experiments with other primates yield similar results; read about "the wire mother" and "the pit of despair".
Insects have a much more simple nervous system; the findings described in the article mean that even at such levels - there's still something that can override whatever is defined in the DNA. In the case of complex life forms with a neocortex - this wouldn't be a surprise; I'm impressed by the fact that bees have such a feature.
* The triune brain model is known to have some issues, but it is still an interesting read.
Wouldn't it be cheaper to host it inside the Tor network?
It may not be fast, but talking to a server in orbit isn't going to be much faster. Besides, you don't have to think about "radiation vs hardware", and there is no specific target one can "accidentally" destroy, because the location of the server cannot be determined.
Do you also not take your time when you go to another country and meet new people?
I guess this depends on what brought the aliens here. If they were hungry - we're dinner. If they were explorers who look for interaction - I don't see why they wouldn't try to study us and devise a communication protocol.
It does apply to software, but it depends on how complex the system is and how many people are involved in the development process.
To get a convincing answer to your question, I suggest that you read "Software requirements" by Karl Wiegers.
Numerous studies have shown detrimental effects to child brain development associated with the early introduction of television and computers.
Can you provide some references to such articles please?
I am planning to write some bed-time stories for children (to optimize the development of analytical skills, among other objectives); such studies will help me see a better picture.
Hmmm.. An alternative to that would be "the first thing AI does - invent the concept of 'god'".
In rough terms, I can say that humans use god as a stub, or some sort of a dummy function that always returns "true". This allows us to go on with our calculations (problems in life) without getting stuck, waiting while a function returns; or getting lost in an infinite recursion.
It could be a function like WhatDoIDoWhenResourcesAreOver() - if you know that eventually it returns "you die", then maybe suicide is an option. But there are alternatives - ex: postpone the decision making process (i.e. procrastinate); call another function and expect that the returned result will help you with the previous function in the stack.
Isn't this is how science works for humanity? We don't know what's out there, so we keep expanding the circle of our knowledge (and the area of darkness surrounding it). Do we already know that we are doomed? What would humanity do if the answer was found out?
If a computer had to answer that question, would it not get stuck in an infinite depth recursion? If it knew it would, is it reasonable to assume it would devise stubs that would prevent that from happening?
I also think that a true AI would have to include some sort of imperfection it its modus operandi. Otherwise it would get stuck preparing its experiments, as it will take a lot of resources to prepare the perfect environment (many variables to take into account), or it would have to settle for a certain accuracy (thus allowing errors to happen). These errors can result in imperfect decisions; could they generate human-like, not-so-rational behaviour too?
My point is that unless a sentient machine allows errors, the first thing it really does it get stuck :-)
Nope, not even close. We are still in the early stages of simply characterizing the behavior of these 302 neurons.
This sounds very interesting.
Am I correct when I interpret "behaviour" in your statement as "figure out what each neuron gives at the output when it gets a specific input"? Maybe that also implies another question, is the output of a neuron a function of its current state and its input, or does it also depend on the state of the other neurons?
- Can you explain what makes this process difficult?
- What else is needed to simulate a neuron, besides its "behaviour"? (quoting that because I am not yet sure I understand you correctly)
Thank you forward.
Can you provide a citation for that? I wish to find out whether the Roman modus operandi was the same in other parts of the world. Specifically, I'm interested in how things went after they've conquered Dacia.
They occupied only a province of it, but the weird thing is that their language was assimilated by all the other tribes, with minimal resistance (thus the Romanian language was formed). The romans left after ~100 years, but it seems that was enough to get the job done.
So I'm wondering how that was possible. Some people say that the Dacian tribes were simply very good at foreign languages :-)
On the other hand, I cannot imagine that the Romans came with books and set up campfires and gathered the locals around and began to share Roman wisdom with them and singing "kumba-ya".
So, if you can provide some interesting sources of info on this, that would be greatly appreciated.
This is not possible because the card contains secret keys that are used when the phone registers on the network and authenticates itself.
These keys cannot be read, think of them as private members of a class - they can be accessed by the class itself (i.e. the SIM), but they are not seen on the outside.
The difference is that smart cards (a SIM card is a smart card with a file system that contains data specified in a standard, such as GSM 11.11) are designed to be tamper proof, so reverse engineering them and viewing the raw data (i.e. the secret key) is not practical.
When the phone connects to the network, the network says "encrypt this data with your key", there is some public function inside th card that takes the data and returns the encrypted value - which is then sent back to the network. Thus you can take part in challenge-response schemes, while the key is safely kept inside the card.
This article provides a high-level overview of why that is not possible:
http://www.lazybit.com/index.php/2009/10/05/how-to-clone-a-sim-card-not?blog=2
I was wondering about the same thing.
This is the best photo of Pluto currently available: http://www.tau.ac.il/~morris/03411203/chapter5/Pluto_color.jpg
Why is it not possible to point the same telescope towards Pluto and get a better image? Are there some constraints?
Only 4 comments, and someone already pointed that out; Slashdot is fast!
Are you from Romania or from Moldova (Republic of)? From what I know, not everyone in Romania wholeheartedly agrees that the states have to be reunited. The situation in Moldova itself is not clear either.
There is internal resistance on either side, I don't see how this integration will take place in the near future.
A mini-remark: typing stuff on an on-screen keyboard will not help you.
Of course, it depends on the type of keyboard you are using and on the platform, but for instance - Windows' osk.exe (the default one) works by sending WM_KEYUP and WM_KEYDOWN messages to an input window.
A keylogger that uses hooks to watch messages sent to that window will still see the keystrokes.
You can try this hint: http://www.lazybit.com/index.php/a/2007/03/01/free_keylogger_protection It will confuse the person who reads the log, but it makes the data entry procedure much longer and error-prone.
p.s. keystrokes typed inside a virtual machine can also be grabbed, as the host OS "sees" them first, and that's where the keylogger is.
It is also an easy way to develop bad habits.
I started programming in Delphi, my programs were full of global variables and duplicated chunks of code.
If you choose that path, make sure there is some supervision - to help them stay on the right path.
I think it was a profoundly religious person who didn't want to write the string "god" because they thought they'd end up in hell for doing that.
Isn't that obvious? :-)
What if the software is available as a trial download, but it requires a hardware product that people need in order to actually use the program?
The hardware can be a typical device, manufactured by different vendors, not just the one who made the software.
Basically, people can try the program, but without the device - the program cannot be truly tested.
What are your thoughts on this one?
The article itself does not cite any source.
Here is what the article says:
- such bombs were indeed used, 5 times throughout the history of the USSR
- the first time it happened in September 1966
- it was a 30 kiloton payload, which was detonated 1.5 km underneath the surface
- after that there were 3 other successful explosions of such kind
- it once failed in 1972. The problem was that they "failed to cover an alternative gas fountain". I am not sure I know how to interpret that correctly, but from my understanding, there was an "escape tunnel" that lead to the surface of the planet, which they did not or could not block/cover. The result was that a "mushroom cloud" formed on the surface.
The article says the explosion compresses rocks (and all the stuff in the higher layers of the lithosphere), which block the channels from which the gas flows. Water could displace the rocks/matter underneath it - and achieve the same effect. That's a rough translation.
EOF
The difference between their case and this case is that the explosions happened underground, at a depth of 1.5 .. 2 km, those were NOT underwater explosions.
Another difference is that the Soviets used the method to deal with gas leaks, not oil leaks.
Maybe they should try using regular expressions instead?
* You could have done "fdisk /mbr" or "fixmbr" (as of Win XP) for free.
* Some antivirus software comes with bootable CDs; I once used such a live CD from Kaspersky, it boots into a flavour of Linux, has a Windows-like GUI, understands NTFS volumes, connects to the Internet to retrieve the latest updates.
Of course, I believe common sense is the best antivirus: http://www.lazybit.com/index.php/2007/08/05/why_i_dont_use_an_antivirus?blog=2
What about networks such as TOR, which are designed to make it impossible to track the originating host of a request?
Also, what if one redirects their requests through hosts that are located in countries outside the jurisdiction of the authority that wants to track the person?
Can you provide a picture or a drawing of your layout?
A few months ago I was facing the same task - my conclusion was that asking people wasn't a good idea.
Options to choose from? Maybe... but ask them what they want - and you'll get a set of mutually exclusive requirements, or suggestions that are too expensive to implement, or layouts that conflict with somebody else's wish.
For example, person A wants to be seated near a window, person B wants to be facing the door (such that no one walks behind their back). It turns out they both want the same spot (such is the configuration of the room).
Everyone is an adult, everyone is a reasonable person with analytical skills - yet they weren't really cooperative, pretending they didn't see the XOR between their wish and someone else's wish.
My advice is to make sure that you have enough "dictator willpower" to enforce a decision in the end. Otherwise, if you give people a lot of freedom, they will feel discomfort when eventually you have no choice but to say "We'll do it my way" (they spent time drawing all those excellent sketches, and in the end you just discarded them ;-).
Also, be prepared to be nagged in the future - "I told you we should've done X, didn't I?"
On the other hand, if you're just 4 people, and none of them is a female... maybe it will be easy :-)