Though the PCWeek tests favour NT (for reasons well covered elsewhere), they do not do so by the ludicrous margin the original tests gave, and the Linux's community's cries of "foul" were entirely just and accurate: these tests show that Mindcraft did indeed load the die.
Furthermore, Weiner has never managed to justify the claim that he had asked for help in "several Linux discussion groups" when setting up the first test: searches show that he only posted *one* article, and that was met with requests for clarification that was never forthcoming. So as it stands we're quite justified in believing that Weiner is a flat-out liar on top of his other sins. That's not vindication. --
I know of *no* system that solves all the problems SRP does. If you do, please give details - "other solutions have been published" isn't very informative.
Also, the key stretching paper explains why the technique described there is more appropriate than the technique you reference for passwords. --
I agree with you that two-factor authentication is necessary for any real security. However, if you can't get that, insist at least that real password security is used, and that means using Secure Remote Password or SRP. This protocol is not patent encumbered and has an open source implementation; it provides a remote password login protocol immune to dictionary attacks, various forms of spoofing, and password equivalence problems.
I believe it is the *only* way to do networked passwords without nasty security flaws.
SRP can be securely combined with two-factor authentication for best security. Good luck - and don't look to the banks for examples of how to do things right! --
You can read all about Cygnus and its free software business plan from Michael Tiemann's chapter of "Open Sources: Voices from the Open Source Revolution" (aka The Book that Slashdot Made). --
The CS-Cipher description isn't properly available on their Web pages: they require you to turn on Javascript and register before you can fetch the description, and their registration form is broken.
Words cannot describe my contempt and loathing for the unutterably rude people who hide information they should be making freely available behind registration forms, or JavaScript, or worse both. That their form doesn't even work just shows they're incompetent as well as stupidly unpleasant; the two often go together.
Anyway, so, anyone know a perfectly ordinary URL where a description can be found? --
"Ich Bin Ein Auslander" is the excellent first track on "Dos Dedos Mis Amigos" by Pop Will Eat Itself; it's about the rise of the far right, though of course the name is inspired by JFK's famous quote. In fact everything by this band is wonderful and you should go out and get it all. --
Slashdot's reporting on mainstream media is fair in a way that their reporting on us isn't, because Slashdot includes the link to their content and you're expected to look for yourself. The mainstream media very clearly *don't* expect you to go and look, they want you to take their word for it, and usually they don't even do the easy, obvious thing of including the hyperlink. I can only conclude that they'd much rather you weren't in a position to conveniently compare their description of anything with the thing itself.
Let's see those hyperlinks please. And not just to the head of the story - link to every comment you've exerpted, so we can see the words you quote in context, and the replies it garnered. True, it will make it easier for us to judge the quality of the reporting, but if you would like to be seen to be honest then it's just a burden you'll have to bear.
(Mike@ABC - if you're reading this, I'd love to know what you think!) --
It's odd, really; in other areas of endeavour, people seem to understand perfectly well that fighting for freedom is all about trying to stop people from taking away that freedom. --
That's apt-get *dist-upgrade*...
on
Debian Freezing
·
· Score: 4
for those running Slink who don't want to destroy their system.
Hope this helps (and don't let those spud gun pellets moulder down the side of the sofa)... --
I think you're confusing Linux with Red Hat. In fact, Red Hat has no special "official" status: it is simply one Linux distribution amongst many, although a perfectly good one. --
Microsoft's accounting practices have been under scrutiny for a while now. Check for example this Seattle Times story from July 1st about an SEC probe into alleged artificial manipulation of quarterly results. --
I think there's a sense in which devising systems to allow and facilitate collaborative human thought is the most worthwhile activity possible.
I mean, I think I would rather see a project to end global poverty than satellite comms for all, but insofar as the priorities of those with power are screwed up (strangely, in favour of those with power), our ability to do something about those priorities rests on our ability to work together and think together, and in that way I think that the work that gets done by free software authors to bring computing and connectivity to the masses does more towards such lofty ends than any ten dollar donation to UNICEF.
And once we have abolished hunger, and war, and homelessness... what shall we do to entertain ourselves? Sure, there's plenty of places to explore, but geography (or space exploration) has value in the same way that metallurgy or computer science has value: it's all room for discovery, and food for the mind. Comms technology doesn't just provide such mind food: it multiplies it six billionfold. More if you take into account the cross-pollination effects it allows.
So, I agree that all these inflated IPOs are ridiculous, but I couldn't be further from the opinion that fiddling with the Net necessarily means ignoring any sort of "real issues" that need tackling: facilitating our ability to tackle them is what's needed most of all. --
The entire thread entitled "css" in the October archives is a 404. It looks like the list owners had to worry about export restrictions in those articles.
If someone would be kind enough to mirror those articles somewhere, I'd be curious to read a technical description of the CSS algorithms. --
Funnily enough, the "mega-rant" answers the very example you quote of police not explaining how their gun works...
...and anyway, I think the point you're making is the *same* point the rant is making: that Star Trek is fun so long as you don't try and pretend that it can be taken at all seriously, as many do. --
Read the description in NTK of how the crypto on a DVD is organised: the whole disk is encrypted with a single random key, then the key is itself encrypted several times, once for each DVD manufacturer. Your DVD player will have only one of these manufacturer master keys built in, so the corresponding encrypted key needs to be on the disk for you to read it.
The nasty bit is this: the idea was that if a given key is leaked, they simply stop using it on newly pressed disks. Bang: the key in *your* brand of DVD player was leaked, so now neither you nor anyone else with a player from that manufacturer can play new disks. This threat has never been carried out.
Fortunately, they screwed up the crypto: master keys can be brute forced in a few days. Basically DVD locking is dead; they'd have to come up with a forward-and-backward incompatible "DVD Plus" format to rescue things now.
However, this is so far the industry's best effort at a universal copy-resistant format; as the tide turns our way, it might hopefully be their last. --
Bruce mentioned my work on Solitaire in his article; you can read about that in Problems with Bruce Schneier's "Solitaire". It also includes a C implementation of the cipher... --
Seriously, free software has seen the successes it has because it shows about the right amount of cooperation with proprietary software. You can't reach into the sources of a GPL application, change it, and sell it as a proprietary application - but you can connect to a GPL server with your proprietary client, or run your proprietary app on your GPL kernel.
As far as I'm concerned, the LGPL fixes a potential bug in the GPL - one way that two separate pieces of software can talk, dynamic library linking, might not be allowed, so we explicitly permit it. Yet RMS seems to think this bug should stay. As far as I can see, this artificial distinction will only make calls from proprietary software into free software (or vice versa) somewhat less convenient: you have to go through CORBA or some similar gateway.
I think that use of the LGPL (the "Liberal General Public License", as I now dub it in riposte) would most usefully increase - that all new programs should start using this license, since it seems increasingly that today's standalone program is tomorrow's library. --
Anderson and Kuhn's original paper is well worth reading for a very informative look at what Soft Tempest technologies can do for both attack and defence. I strongly recommend against speculating about any part of this technology until you've read this clear and extraordinary paper. --
People are still quoting Red Hat's 7M figure from over a year ago. The number of users will have *at least* doubled since then, and my finger-in-the-air estimate would be more like tripled or quadrupled. Red Hat, or someone else with the money, would be well advised to sample again and see how many we can find. --
Slashdot Mirror
Though the PCWeek tests favour NT (for reasons well covered elsewhere), they do not do so by the ludicrous margin the original tests gave, and the Linux's community's cries of "foul" were entirely just and accurate: these tests show that Mindcraft did indeed load the die.
Furthermore, Weiner has never managed to justify the claim that he had asked for help in "several Linux discussion groups" when setting up the first test: searches show that he only posted *one* article, and that was met with requests for clarification that was never forthcoming. So as it stands we're quite justified in believing that Weiner is a flat-out liar on top of his other sins. That's not vindication.
--
Remember the "doubly-translated Madonna interview" that appeared here a few weeks ago, and turned out to have been made up by Gary Trudeau?
--
...Beowulf cluster you could make out of those!
(Score: -1, Unoriginal)
Seriously, all we really want to know is which of the machines on the list are Linux clusters of some sort. This is still Slashdot, after all...
--
I know of *no* system that solves all the problems SRP does. If you do, please give details - "other solutions have been published" isn't very informative.
Also, the key stretching paper explains why the technique described there is more appropriate than the technique you reference for passwords.
--
I agree with you that two-factor authentication is necessary for any real security. However, if you can't get that, insist at least that real password security is used, and that means using Secure Remote Password or SRP. This protocol is not patent encumbered and has an open source implementation; it provides a remote password login protocol immune to dictionary attacks, various forms of spoofing, and password equivalence problems.
I believe it is the *only* way to do networked passwords without nasty security flaws.
Also, passwords should always be subject to key stretching: see Schneier et. al., Secure Applications of Low-Entropy Keys.
SRP can be securely combined with two-factor authentication for best security. Good luck - and don't look to the banks for examples of how to do things right!
--
You can read all about Cygnus and its free software business plan from Michael Tiemann's chapter of "Open Sources: Voices from the Open Source Revolution" (aka The Book that Slashdot Made).
--
The CS-Cipher description isn't properly available on their Web pages: they require you to turn on Javascript and register before you can fetch the description, and their registration form is broken.
Words cannot describe my contempt and loathing for the unutterably rude people who hide information they should be making freely available behind registration forms, or JavaScript, or worse both. That their form doesn't even work just shows they're incompetent as well as stupidly unpleasant; the two often go together.
Anyway, so, anyone know a perfectly ordinary URL where a description can be found?
--
"Ich Bin Ein Auslander" is the excellent first track on "Dos Dedos Mis Amigos" by Pop Will Eat Itself; it's about the rise of the far right, though of course the name is inspired by JFK's famous quote. In fact everything by this band is wonderful and you should go out and get it all.
--
Slashdot's reporting on mainstream media is fair in a way that their reporting on us isn't, because Slashdot includes the link to their content and you're expected to look for yourself. The mainstream media very clearly *don't* expect you to go and look, they want you to take their word for it, and usually they don't even do the easy, obvious thing of including the hyperlink. I can only conclude that they'd much rather you weren't in a position to conveniently compare their description of anything with the thing itself.
Let's see those hyperlinks please. And not just to the head of the story - link to every comment you've exerpted, so we can see the words you quote in context, and the replies it garnered. True, it will make it easier for us to judge the quality of the reporting, but if you would like to be seen to be honest then it's just a burden you'll have to bear.
(Mike@ABC - if you're reading this, I'd love to know what you think!)
--
Reverse-engineering the GNU Public Virus.
It's odd, really; in other areas of endeavour, people seem to understand perfectly well that fighting for freedom is all about trying to stop people from taking away that freedom.
--
for those running Slink who don't want to destroy their system.
Hope this helps (and don't let those spud gun pellets moulder down the side of the sofa)...
--
I think you're confusing Linux with Red Hat. In fact, Red Hat has no special "official" status: it is simply one Linux distribution amongst many, although a perfectly good one.
--
So, is it Red Hat Linux by royal appointment?
--
Microsoft's accounting practices have been under scrutiny for a while now. Check for example this Seattle Times story from July 1st about an SEC probe into alleged artificial manipulation of quarterly results.
--
You must get very confused on reading your own .sig...
--
I think there's a sense in which devising systems to allow and facilitate collaborative human thought is the most worthwhile activity possible.
... what shall we do to entertain ourselves? Sure, there's plenty of places to explore, but geography (or space exploration) has value in the same way that metallurgy or computer science has value: it's all room for discovery, and food for the mind. Comms technology doesn't just provide such mind food: it multiplies it six billionfold. More if you take into account the cross-pollination effects it allows.
I mean, I think I would rather see a project to end global poverty than satellite comms for all, but insofar as the priorities of those with power are screwed up (strangely, in favour of those with power), our ability to do something about those priorities rests on our ability to work together and think together, and in that way I think that the work that gets done by free software authors to bring computing and connectivity to the masses does more towards such lofty ends than any ten dollar donation to UNICEF.
And once we have abolished hunger, and war, and homelessness
So, I agree that all these inflated IPOs are ridiculous, but I couldn't be further from the opinion that fiddling with the Net necessarily means ignoring any sort of "real issues" that need tackling: facilitating our ability to tackle them is what's needed most of all.
--
The entire thread entitled "css" in the October archives is a 404. It looks like the list owners had to worry about export restrictions in those articles.
If someone would be kind enough to mirror those articles somewhere, I'd be curious to read a technical description of the CSS algorithms.
--
Funnily enough, the "mega-rant" answers the very example you quote of police not explaining how their gun works...
...and anyway, I think the point you're making is the *same* point the rant is making: that Star Trek is fun so long as you don't try and pretend that it can be taken at all seriously, as many do.
--
Read the description in NTK of how the crypto on a DVD is organised: the whole disk is encrypted with a single random key, then the key is itself encrypted several times, once for each DVD manufacturer. Your DVD player will have only one of these manufacturer master keys built in, so the corresponding encrypted key needs to be on the disk for you to read it.
The nasty bit is this: the idea was that if a given key is leaked, they simply stop using it on newly pressed disks. Bang: the key in *your* brand of DVD player was leaked, so now neither you nor anyone else with a player from that manufacturer can play new disks. This threat has never been carried out.
Fortunately, they screwed up the crypto: master keys can be brute forced in a few days. Basically DVD locking is dead; they'd have to come up with a forward-and-backward incompatible "DVD Plus" format to rescue things now.
However, this is so far the industry's best effort at a universal copy-resistant format; as the tide turns our way, it might hopefully be their last.
--
Bruce mentioned my work on Solitaire in his article; you can read about that in Problems with Bruce Schneier's "Solitaire". It also includes a C implementation of the cipher...
--
If you want to know why the creaking Star Trek universe has to be retired, the Star Trek Mega-Rant makes it very clear indeed.
--
And that's why you should use the LGPL for your next library, ladies and gentlemen.
(see "Why you shouldn't use the Library GPL for your next library" if you don't know what I'm talking about.)
Seriously, free software has seen the successes it has because it shows about the right amount of cooperation with proprietary software. You can't reach into the sources of a GPL application, change it, and sell it as a proprietary application - but you can connect to a GPL server with your proprietary client, or run your proprietary app on your GPL kernel.
As far as I'm concerned, the LGPL fixes a potential bug in the GPL - one way that two separate pieces of software can talk, dynamic library linking, might not be allowed, so we explicitly permit it. Yet RMS seems to think this bug should stay. As far as I can see, this artificial distinction will only make calls from proprietary software into free software (or vice versa) somewhat less convenient: you have to go through CORBA or some similar gateway.
I think that use of the LGPL (the "Liberal General Public License", as I now dub it in riposte) would most usefully increase - that all new programs should start using this license, since it seems increasingly that today's standalone program is tomorrow's library.
--
Maybe we should be posting URLs to alt.humor.best-of-slashdot. This is just great!
Oh, by the way, you don't come with any warranty, not even an implied one of MERCHANTABILITY or FITNESS FOR ANY PARTICULAR PURPOSE...
--
Anderson and Kuhn's original paper is well worth reading for a very informative look at what Soft Tempest technologies can do for both attack and defence. I strongly recommend against speculating about any part of this technology until you've read this clear and extraordinary paper.
--
People are still quoting Red Hat's 7M figure from over a year ago. The number of users will have *at least* doubled since then, and my finger-in-the-air estimate would be more like tripled or quadrupled. Red Hat, or someone else with the money, would be well advised to sample again and see how many we can find.
--