...is to remember that beautiful people are people too.
Sorry, I've seen so many followups to this article discussing strategies for "picking up chicks" and getting enough money to "keep them happy" that I think I have to make this point. Even one-night-stands will be more fun with a person than a sexual object. --
And memory falls off over time as the inverse cube? --
Re:What an amazingly bad idea
on
Beaming Money
·
· Score: 1
PGP ran on 386's just fine, so it won't be that bad. Plus there's a decent chance they're using elliptic curve stuff for efficiency.
If Martin Hellman is involved it seems likely they know what they're doing. I only wish they'd make the text on their Website readable - I guess I'll just have to use Lynx... --
Trying to block sites with "bad" content is clearly a hopeless task, and objectionable in a number of ways people have already outlined. The only way I can see to create a kid-friendly version of the Internet is to allow access only to sites that carry some *positive* marker of being suitable content. A large body of volunteers in, say, schools could be empowered to hand out the marks, and to withdraw them if there's a complaint, and if I get such a mark then it becomes my responsibility to apply it to those parts of my website where it's appropriate.
Libraries and bookstores have "kid's" sections, and the content in the rest of the bookstore is not rated for content: it's not just the "adult" section that may contain (eg) graphic descriptions of sex or violence, but any of the "fiction" section. This seems the sensible way to go about things.
If you're looking for an alternative to CVS's complexity, check out PRCS. I've found it to be an amazingly clean system to set up and use, with a simpler model of what's going on. No client/server yet; version 2.0 will support full disconnected distributed operation. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
You're mistaken: you'd have to use something like a 3000-bit RSA key to get the same security as a 128-bit IDEA key. Public key systems are used because of their convenience, not becuase of their strength.
The "Irish girl cipher" (I forget the right name, Cayley-something) was mostly the work of another cryptographer; she solved some important implementation problems. It's not the big deal everyone thinks it is; Schneier's comment was that the *important* news was the arrival of a good new cryptographer, not the actual work itself. I don't quite know what you mean by "(unproven)"; the word has two meanings. No cipher is proven in the mathematical sense: many ciphers *have* proven_1 to be secure through experience, but no cipher except the impractical one-time-pad *is* proven_2 secure mathematically, if you get my meaning. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
IT WAS MY ASSESSMENT THAT WE WOULD FAIL ON THIS PATH. Please take note of this statement. How could I NOT make the Linux decision if I truly believe this? How could we continue on a path that I think will have us fail? Who will benefit if we fail?
It seems to me that he was right: yet another proprietary platform wouldn't stand a chance in the modern marketplace, and Linux may be their only hope of survival. If that's so, then going QNX becaue it maximises coolness wouldn't be the good thing to do, would it? -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
If this is, as you describe, a standard challenge-response protocol, then it isn't all that secure.
First, the server has to store your password so that it can work out the "correct" answer to your challenge. Compare this to Unix passwords: an attacker can read everything on your hard drive and still not know what to present in order to log in.
Worse, if I can intercept just one exchange with the server I can start trying to guess your passphrase. Passphrases tend not to be very well chosen, so guessing attacks are rather too effective and it's important to make them as difficult as possible.
Anyone who needs to use networked passwords should implement both of the following techniques if at all possible:
Unless you're trying to encrypt an OC3 line on the fly, software crypto is *much more* than fast enough. A stream cipher like Panama can encrypt around 5 bits per clock cycle, which translates as around 1.4 Gbits/sec even on a 300 MHz machine.
Most of the AES candidates should do 1 Gbit/sec without too much expenditure in hardware.
Neat, but not *that* neat. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Hybrid systems as used in all modernc crypto are much faster and much more secure than what you propose. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
IPv6 has a variety of other mechanisms for securing corporate hosts more flexible and less intrusive than NAT. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Contradicting an earlier response to this question, I can confirm that the GPS service available to civilians is deliberately kept to a precision of no better than around 100 yards. This is called "selective availability" (SA) and is implemented with a simulated clock error on each of the satellites: it is by far the largest source of imprecision in GPS measurements.
Military GPS users have access to a second, encrypted channel which allows them to circumvent SA and also gain accurage measurements of ionospheric delay error, since you can get a good guess at the absolute signal delay by measuring the difference between delays of signals at different frequencies.
Civilian GPS users can get around SA with a system called "differential GPS" (DGPS), in which a ground station at a precisely known position near to the roving receiver broadcasts the error term in the signal it receives, allowing the roving receiver to compensate. DGPS allows position measurement to within 2-3 metres.
For measuring small relative displacements, there's also RGPS which can measure down to the centimetre level.
None of this is secret or denied or anything, it's all part of the publically released GPS specs. I had to learn all this stuff when I used to work for a navigation company that handled deep-sea surveys. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
That's the wrong way around: if they want to push IIS, they'll want to leverage support on other platforms to that end, meaning they'll go further towards IIS-only extensions in IE. They already push their own proprietary alternative to WebDAV: if you try and use it and your ISP doesn't support it, you'll get an error message suggesting you switch to a different ISP.
What exactly does Metcalfe have to believe in order for Peterley to avoid chewing paper on that fateful New Year's Day? He doesn't quite make the terms clear.
Mind you, I'm pretty sure that Metcalfe will concede that he's changed his mind, but I like to see these things made concrete... -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Reconstructions based on X-rays depend on the fact that everything allows at least a little of the X-rays through, so you can always get some information from each ray. Fillings are pretty much opaque to X-rays, and the result is huge regions of the scan covered in streaks where the contents could not be reconstructed. Since the real world is full of objects that are opaque to visible light, I'm guessing that the technique at work here is pretty dissimilar to X-ray CT. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Of course, there was nothing illegal about Microsoft's use of satellite-bourne death rays to vaporise the headquarters of other high-tech firms: it was simply competing vigorously within the law. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Even if quantum computing can ever be made to work (meaning Shor-style computation - the way computers work today already depends on quantum effects) it is far too specialised to be useful for general purpose computation.
The successor I've seen for electrical computing is fully-optical computing. Lasers carry your signals, optical gates switch them. You can cross signals over without interference, and the theoretical limits on gate performance and size are ludicrously high. Sorry, no URL - I saw it at a lecture about, uh, fifteen years ago. But I know it's still an area of active research. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Whoops, of course millions of things need public key, but they don't need hardware acceleration. Damn those thinkoes.
There's special hardware designed to keep your secret keys more secure, now, but that's a different matter. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
A stream cipher like RC4 can encrypt and decrypt data faster than you can read it from your hard drive. A modern processor can do a public key operation in fractions of a second. Few applications need public key crypto, perhaps only very heavily loaded secure servers. Almost no-one needs secret key (eg DES) in hardware: maybe only routers.
For most of us, such a chip wouldn't make anything we do noticeably faster or more secure. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
I'm fascinated by crypto. I think that "Snow Crash" is a masterpiece of storytelling, and "Zodiac" is also damn good. I bought this book as soon as I could, and in the end I only finished it so I could say I had.
Mr. Stevenson needs to return to tight storytelling; I mostly found his random asides about family histories and suchlike offputting. I think the "tutorial-in-novel" approach comes across as heavy handed. All the women in the book exist for the male characters to fall in and out of love with, which it's hard to ignore when he keeps putting forth his offputting attitude to sex. The plot twists aren't very twisty. The characters are all schematics. Qwyglhm doesn't sit well with the rest of the book. The ending is deeply unsatisfactory. And the appendix describing the encryption algorithm used in the book (which I read first, on Counterpane's home page) turns out to be full of spoilers.
Don't bother. Wait 'till Stevenson writes something short again, and maybe that will reward the time to read it. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
The spec of PDF is published, and there are Open Source viewers for it. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
I was looking for a new job only the other week and encountered exactly these problems. It struck me that a Hacker Recruitment Agency, which handled only the highest caliber people but understood hackish quirks, could totally clean up the high end of the recruitment market. Just follow the instructions on the Clue Train: http://www.cluetrain.org/ and try doing the job as humans rather than as robots. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
These responses, while regrettable, were entirely predictable. Mindcraft is putting them on display as a brush with which to tar *all* criticism they've received, and to draw attention away from their own clearly biased methodology.
They told at least one direct lie in that report. It's important we keep the real villans in perspective, since I'm sure all villans receive immature flames as well as well reasoned criticisms and it should never be a reason to dismiss the points of their better critics or to let them off the hook. -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Recruiters can't always see websites
on
Feature:Geek Jobs
·
· Score: 1
I tried to solve this problem by putting my CV on my web site in four different formats (ASCII, HTML, PDF, Postscript) and sending the URL to recruiters along with a brief summary, so they could download the one they wanted. I got the reply "please email me your CV", naturally with no indicator of what format they could accept.
I eventually found out that their corporate firewall prevented them from viewing external websites.
Stupid, or stupid? -- Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Slashdot Mirror
...is to remember that beautiful people are people too.
Sorry, I've seen so many followups to this article discussing strategies for "picking up chicks" and getting enough money to "keep them happy" that I think I have to make this point. Even one-night-stands will be more fun with a person than a sexual object.
--
And memory falls off over time as the inverse cube?
--
PGP ran on 386's just fine, so it won't be that bad. Plus there's a decent chance they're using elliptic curve stuff for efficiency.
If Martin Hellman is involved it seems likely they know what they're doing. I only wish they'd make the text on their Website readable - I guess I'll just have to use Lynx...
--
Trying to block sites with "bad" content is clearly a hopeless task, and objectionable in a number of ways people have already outlined. The only way I can see to create a kid-friendly version of the Internet is to allow access only to sites that carry some *positive* marker of being suitable content. A large body of volunteers in, say, schools could be empowered to hand out the marks, and to withdraw them if there's a complaint, and if I get such a mark then it becomes my responsibility to apply it to those parts of my website where it's appropriate.
Libraries and bookstores have "kid's" sections, and the content in the rest of the bookstore is not rated for content: it's not just the "adult" section that may contain (eg) graphic descriptions of sex or violence, but any of the "fiction" section. This seems the sensible way to go about things.
Thoughts?
--
If you're looking for an alternative to CVS's complexity, check out PRCS. I've found it to be an amazingly clean system to set up and use, with a simpler model of what's going on. No client/server yet; version 2.0 will support full disconnected distributed operation.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
You're mistaken: you'd have to use something like a 3000-bit RSA key to get the same security as a 128-bit IDEA key. Public key systems are used because of their convenience, not becuase of their strength.
The "Irish girl cipher" (I forget the right name, Cayley-something) was mostly the work of another cryptographer; she solved some important implementation problems. It's not the big deal everyone thinks it is; Schneier's comment was that the *important* news was the arrival of a good new cryptographer, not the actual work itself.
I don't quite know what you mean by "(unproven)";
the word has two meanings. No cipher is proven in the mathematical sense: many ciphers *have* proven_1 to be secure through experience, but no cipher except the impractical one-time-pad *is* proven_2 secure mathematically, if you get my meaning.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
If this is, as you describe, a standard challenge-response protocol, then it isn't all that secure.
First, the server has to store your password so that it can work out the "correct" answer to your challenge. Compare this to Unix passwords: an attacker can read everything on your hard drive and still not know what to present in order to log in.
Worse, if I can intercept just one exchange with the server I can start trying to guess your passphrase. Passphrases tend not to be very well chosen, so guessing attacks are rather too effective and it's important to make them as difficult as possible.
Anyone who needs to use networked passwords should implement both of the following techniques if at all possible:
Key stretching: http://www.counterpane.com/low-entropy.html
SRP:
http://srp.stanford.edu/srp/index.html
These papers make clear the problems that arise if you *don't* use these techniques...
http://srp.stanford.edu/srp/index.html
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Unless you're trying to encrypt an OC3 line on the fly, software crypto is *much more* than fast enough. A stream cipher like Panama can encrypt around 5 bits per clock cycle, which translates as around 1.4 Gbits/sec even on a 300 MHz machine.
Most of the AES candidates should do 1 Gbit/sec without too much expenditure in hardware.
Neat, but not *that* neat.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Hybrid systems as used in all modernc crypto are much faster and much more secure than what you propose.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
IPv6 has a variety of other mechanisms for securing corporate hosts more flexible and less intrusive than NAT.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Contradicting an earlier response to this question, I can confirm that the GPS service available to civilians is deliberately kept to a precision of no better than around 100 yards. This is called "selective availability" (SA) and is implemented with a simulated clock error on each of the satellites: it is by far the largest source of imprecision in GPS measurements.
Military GPS users have access to a second, encrypted channel which allows them to circumvent SA and also gain accurage measurements of ionospheric delay error, since you can get a good guess at the absolute signal delay by measuring the difference between delays of signals at different frequencies.
Civilian GPS users can get around SA with a system called "differential GPS" (DGPS), in which a ground station at a precisely known position near to the roving receiver broadcasts the error term in the signal it receives, allowing the roving receiver to compensate. DGPS allows position measurement to within 2-3 metres.
For measuring small relative displacements, there's also RGPS which can measure down to the centimetre level.
None of this is secret or denied or anything, it's all part of the publically released GPS specs. I had to learn all this stuff when I used to work for a navigation company that handled deep-sea surveys.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
That's the wrong way around: if they want to push IIS, they'll want to leverage support on other platforms to that end, meaning they'll go further towards IIS-only extensions in IE. They already push their own proprietary alternative to WebDAV: if you try and use it and your ISP doesn't support it, you'll get an error message suggesting you switch to a different ISP.
However, I'm pretty sure they'll fail.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Question:
"Are we alone in the Universe?"
Hypothetical answer:
"We don't know.
We didn't even look."
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
What exactly does Metcalfe have to believe in order for Peterley to avoid chewing paper on that fateful New Year's Day? He doesn't quite make the terms clear.
Mind you, I'm pretty sure that Metcalfe will concede that he's changed his mind, but I like to see these things made concrete...
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Reconstructions based on X-rays depend on the fact that everything allows at least a little of the X-rays through, so you can always get some information from each ray. Fillings are pretty much opaque to X-rays, and the result is huge regions of the scan covered in streaks where the contents could not be reconstructed. Since the real world is full of objects that are opaque to visible light, I'm guessing that the technique at work here is pretty dissimilar to X-ray CT.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Of course, there was nothing illegal about Microsoft's use of satellite-bourne death rays to vaporise the headquarters of other high-tech firms: it was simply competing vigorously within the law.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Even if quantum computing can ever be made to work (meaning Shor-style computation - the way computers work today already depends on quantum effects) it is far too specialised to be useful for general purpose computation.
The successor I've seen for electrical computing is fully-optical computing. Lasers carry your signals, optical gates switch them. You can cross signals over without interference, and the theoretical limits on gate performance and size are ludicrously high. Sorry, no URL - I saw it at a lecture about, uh, fifteen years ago. But I know it's still an area of active research.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
Whoops, of course millions of things need public key, but they don't need hardware acceleration. Damn those thinkoes.
There's special hardware designed to keep your secret keys more secure, now, but that's a different matter.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
A stream cipher like RC4 can encrypt and decrypt data faster than you can read it from your hard drive. A modern processor can do a public key operation in fractions of a second. Few applications need public key crypto, perhaps only very heavily loaded secure servers. Almost no-one needs secret key (eg DES) in hardware: maybe only routers.
For most of us, such a chip wouldn't make anything we do noticeably faster or more secure.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
I'm fascinated by crypto. I think that "Snow Crash" is a masterpiece of storytelling, and "Zodiac" is also damn good. I bought this book as soon as I could, and in the end I only finished it so I could say I had.
Mr. Stevenson needs to return to tight storytelling; I mostly found his random asides about family histories and suchlike offputting. I think the "tutorial-in-novel" approach comes across as heavy handed. All the women in the book exist for the male characters to fall in and out of love with, which it's hard to ignore when he keeps putting forth his offputting attitude to sex. The plot twists aren't very twisty. The characters are all schematics. Qwyglhm doesn't sit well with the rest of the book. The ending is deeply unsatisfactory. And the appendix describing the encryption algorithm used in the book (which I read first, on Counterpane's home page) turns out to be full of spoilers.
Don't bother. Wait 'till Stevenson writes something short again, and maybe that will reward the time to read it.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
The spec of PDF is published, and there are Open Source viewers for it.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
I was looking for a new job only the other week and encountered exactly these problems. It struck me that a Hacker Recruitment Agency, which handled only the highest caliber people but understood hackish quirks, could totally clean up the high end of the recruitment market. Just follow the instructions on the Clue Train: http://www.cluetrain.org/ and try doing the job as humans rather than as robots.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
These responses, while regrettable, were entirely predictable. Mindcraft is putting them on display as a brush with which to tar *all* criticism they've received, and to draw attention away from their own clearly biased methodology.
They told at least one direct lie in that report. It's important we keep the real villans in perspective, since I'm sure all villans receive immature flames as well as well reasoned criticisms and it should never be a reason to dismiss the points of their better critics or to let them off the hook.
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.
I tried to solve this problem by putting my CV on my web site in four different formats (ASCII, HTML, PDF, Postscript) and sending the URL to recruiters along with a brief summary, so they could download the one they wanted. I got the reply "please email me your CV", naturally with no indicator of what format they could accept.
I eventually found out that their corporate firewall prevented them from viewing external websites.
Stupid, or stupid?
--
Employ me! Unix,Linux,crypto/security,Perl,C/C++,distance work. Edinburgh UK.