Maybe they've developed a new algorithm that looks for 'mu' answers like yours? Real experts will usually ask for more information before answering your question - professional experts like doctors and lawyers sometimes don't answer your question at all!
Get this process down to something small enough to quietly function in a barn and you could build a weapon inside the borders of your target. A gold mine or somesuch would be all you need for cover.
Sure, but then you've got to think about food and accommodation for the fifty goons you'll need to guard Macguyver while you force him to build the bomb. Then there's water, power, and sanitation. And where are you going to park all the jeeps?
It might sound like I'm being picky but these are the kind of things you need to think about if you want to get your project green-lighted by a major terrorist organization.
As long as there are controls to make sure they don't take it too far, I'll support it.
And how will you know when they've taken it too far? How will you find out what's been hidden from you 'for your own protection'?
Censors can't be made accountable to the electorate, because revealing what was censored would mean it was no longer censored. Maybe censors could be monitored by another government body, but then that body couldn't be made accountable to the electorate, because revealing what was censored would mean it was no longer censored.
As far as I can see, censorship is not compatible with truly democratic government.
And it looks like the stripped-down version of Fedora will be available from the Red Hat public repository, so we can all benefit from the optimisations.
I agree it's possible if they say the digits out loud - that's the system used by Zfone, on the assumption that the attacker can't imitate voices. I didn't realise that was the intention with this phone too but I guess it makes sense.
I'm not sure I understand - how would Alice or Bob be able to send the random seed over the compromised channel without the MIM replacing it with a seed that would match the hash of the MIM's key? Alice and Bob might arrive at different hash values, but they wouldn't be able to discover that fact using the compromised channel.
The sound of the other party's voice is used for authentication: by reading out the fingerprint of the key, you ensure that both parties are seeing the same key, which wouldn't be the case in a man-in-the-middle attack.
This page says it's a 4-digit hash. The man-in-the-middle would only need to generate a trivial number of keys to find one with the same hash as the authentic key (furthermore, the keys could probably be generated in advance and stored in a lookup table).
I'm not sure what you mean about a proprietary algorithm - it uses Diffie-Hellman and AES, both of which are open, peer-reviewed algorithms.
"For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if
(a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and
(b) the contrary is not proved beyond a reasonable doubt."
They don't need the encryption keys for mobile phones.
1) Information is only encrypted between the phone and the base station, so they can just tap the base station
2) Some of the encryption algorithms are known to be broken, others are secret and probably backdoored
Thanks for the pointer, I'll have a look at Linked. I'm currently studying censorship-resistant communication - friend-to-friend networks seem to be a promising approach, but we need to find out what kind of structure they'll have, whether they'll scale, whether they'll be robust, etc. There are some links on social networks, small world graphs and scale-free graphs in my bibliography. I have to admit there are a lot I haven't read and I've found the maths quite taxing!
The idea of connector nodes was popularised by Malcolm Gladwell, but it originally came from Barabasi and Albert's model of scale-free graphs. Scale-free graphs typically have short paths between any pair of nodes, together with a degree distribution that follows a power law: most nodes have only a few edges, while a handful of nodes have a significant fraction of all the edges in the graph. Removing these high-degree 'hubs' or 'connectors' breaks the graph into small, isolated components.
Social networks are often claimed to have a power law degree distribution, and scale-free graphs have been proposed as a model of social networks, but there are two problems with this suggestion:
The model described by Barabasi and Albert only produces a power law degree distribution while the graph is growing. Once the graph reaches a steady state, with nodes leaving as well as joining, the power law degree distribution disappears.
Scale-free graphs don't exhibit high clustering, which is observed in social networks and captured by the small world model of Watts and Strogatz. (Clustering means that if X knows Y and Z, it's likely that Y knows Z.) However, there are modified versions of the Barabasi-Albert model that incorporate clustering.
;) Fair point, but in a monolithic kernel all the library routines share the same address space and run in supervisor mode. I'm talking about userspace libraries that would have access to the address space of the calling process but not vice versa. Maybe the similarity to a monolithic kernel would make it easier to convert existing kernel modules into libraries?
Now consider a microkernel. The filesystem driver is a separate server process. Executing a system call means sending a message to that server and waiting for an answer.
Perhaps the best way to implement a microkernel is not to move as much as possible into userspace processes, but to move as much as possible into userspace libraries? A library call is synchronous, just like a system call, so writing a reentrant function for a library shouldn't be any harder than writing a reentrant function for a kernel.
The server could be multi-threaded, for example. But how many threads should it spawn ? And how much system resources are they going to waste ? A monolithic kernel has none of these problems.
A library has none of these problems either.
Of course you'd have to protect the library's state from the caller, which would involve a partial context switch when calling one of the library's functions - the 'call gate' would be one of the services provided by the microkernel. The protected library would have access to the caller's state, however, so it would be possible to pass a pointer to a data structure and have it filled in, for example, just like a normal library or monolithic kernel. A protected library call needn't be as expensive as an interprocess context switch, even for architectures without segment registers, because you'd only need to flush the TLB on the way out of the library call, not on the way in.
Anyway, that's enough armchair OS design for one morning...;-)
Thanks, I'd never heard of that place before. I mentioned the US because the post I was replying to mentioned the US. Do you actually read the threads you reply to?
Do you think dissidents would really be given visas to work in the US? On the contrary, it's quite possible your coworkers were collecting information for the Chinese government.
Users on the Chinese side of the wall don't need to install any software - they just temporarily configure their browser to use a proxy run by a user on the other side of the wall. The person running the proxy sends the address, port number, username and password to friends or relatives in China by email (which seems like the weak link to me).
The only way to tear down the Great Firewall of China is for the regime to collapse.
Is Chinese law morally equivalent to US law, even though one country is (approximately) authoritarian and the other is (approximately) democratic? Should we respect a country's laws even when they don't represent the will of its populace?
I agree that we should be guided by the rule "do to others what you would like to be done to you", and that's why I'm working to subvert censorship in authoritarian regimes. If I were living in such a regime, I'd want people in other countries to do the same for me.
Tor clients retrieve the list of proxies from (at last count) three central directory servers with static addresses. Block access to those servers and you block access to Tor.
Slashdot Mirror
Maybe they've developed a new algorithm that looks for 'mu' answers like yours? Real experts will usually ask for more information before answering your question - professional experts like doctors and lawyers sometimes don't answer your question at all!
Sure, but then you've got to think about food and accommodation for the fifty goons you'll need to guard Macguyver while you force him to build the bomb. Then there's water, power, and sanitation. And where are you going to park all the jeeps?
It might sound like I'm being picky but these are the kind of things you need to think about if you want to get your project green-lighted by a major terrorist organization.
The National Watcher-Watching Agency (and its regulatory body, the National National Watcher-Watching Agency-Watching Committee).
And how will you know when they've taken it too far? How will you find out what's been hidden from you 'for your own protection'?
Censors can't be made accountable to the electorate, because revealing what was censored would mean it was no longer censored. Maybe censors could be monitored by another government body, but then that body couldn't be made accountable to the electorate, because revealing what was censored would mean it was no longer censored.
As far as I can see, censorship is not compatible with truly democratic government.
Emphasis mine.
And it looks like the stripped-down version of Fedora will be available from the Red Hat public repository, so we can all benefit from the optimisations.
Shame they won't be distributing these laptops in the US and UK.
Agreed, especially if it only needs to rearrange the digits Alice reads out...
I agree it's possible if they say the digits out loud - that's the system used by Zfone, on the assumption that the attacker can't imitate voices. I didn't realise that was the intention with this phone too but I guess it makes sense.
I'm not sure I understand - how would Alice or Bob be able to send the random seed over the compromised channel without the MIM replacing it with a seed that would match the hash of the MIM's key? Alice and Bob might arrive at different hash values, but they wouldn't be able to discover that fact using the compromised channel.
The sound of the other party's voice is used for authentication: by reading out the fingerprint of the key, you ensure that both parties are seeing the same key, which wouldn't be the case in a man-in-the-middle attack.
Like he said, a terrorist.
I'm not sure what you mean about a proprietary algorithm - it uses Diffie-Hellman and AES, both of which are open, peer-reviewed algorithms.
That's two legal jurisdictions, let's see how many we can get.
From the text of the Act:
"For the purposes of this section a person shall be taken to have shown that he was not in possession of a key to protected information at a particular time if
(a) sufficient evidence of that fact is adduced to raise an issue with respect to it; and
(b) the contrary is not proved beyond a reasonable doubt."
So in other words... maybe.
They don't need the encryption keys for mobile phones.
1) Information is only encrypted between the phone and the base station, so they can just tap the base station
2) Some of the encryption algorithms are known to be broken, others are secret and probably backdoored
Cheers,
Michael
Social networks are often claimed to have a power law degree distribution, and scale-free graphs have been proposed as a model of social networks, but there are two problems with this suggestion:
;) Fair point, but in a monolithic kernel all the library routines share the same address space and run in supervisor mode. I'm talking about userspace libraries that would have access to the address space of the calling process but not vice versa. Maybe the similarity to a monolithic kernel would make it easier to convert existing kernel modules into libraries?
Perhaps the best way to implement a microkernel is not to move as much as possible into userspace processes, but to move as much as possible into userspace libraries? A library call is synchronous, just like a system call, so writing a reentrant function for a library shouldn't be any harder than writing a reentrant function for a kernel.
The server could be multi-threaded, for example. But how many threads should it spawn ? And how much system resources are they going to waste ? A monolithic kernel has none of these problems.
A library has none of these problems either.
Of course you'd have to protect the library's state from the caller, which would involve a partial context switch when calling one of the library's functions - the 'call gate' would be one of the services provided by the microkernel. The protected library would have access to the caller's state, however, so it would be possible to pass a pointer to a data structure and have it filled in, for example, just like a normal library or monolithic kernel. A protected library call needn't be as expensive as an interprocess context switch, even for architectures without segment registers, because you'd only need to flush the TLB on the way out of the library call, not on the way in.
Anyway, that's enough armchair OS design for one morning... ;-)
Thanks, I'd never heard of that place before. I mentioned the US because the post I was replying to mentioned the US. Do you actually read the threads you reply to?
Do you think dissidents would really be given visas to work in the US? On the contrary, it's quite possible your coworkers were collecting information for the Chinese government.
The only way to tear down the Great Firewall of China is for the regime to collapse.
Maybe... or maybe it's the other way round. ;-)
I agree that we should be guided by the rule "do to others what you would like to be done to you", and that's why I'm working to subvert censorship in authoritarian regimes. If I were living in such a regime, I'd want people in other countries to do the same for me.
Tor clients retrieve the list of proxies from (at last count) three central directory servers with static addresses. Block access to those servers and you block access to Tor.