If you use the typical method of changing the least significant bit of every color component of every pixel in an image, the new image is different then the original one, but still "makes sense" visually.
You can't do the same for text though. You'd get unexisting words and weird characters. Unless there's a way I don't know of.
It's been a long time since Java, the last major change in programming languages.
How exactly is Java a major change in programming languages? I mean to me, it really ressembles Modula3 and pascal _a lot_ (much more so then C++). I don't really consider it a major change in programming languages except that there is a powerful company behind it with tons of programmers supplying a huge number of basic packages (which is really cool). Plus suns markets the language like a language has never been marketed before.
Anyway all this to say... what's really new about it?
What can I say... Maybe you should use a privacy tool, there are some good ones out there. What your company did is really not ethical, but if you are realistic then you should expect many companies to act the same...
Seriously though, you should protect your privacy yourself, don't expect companies to be ethical.
If your traffic is routed through at least 2 freedom proxies, then no single entity on the route knows both the source and destination. That's what makes it really interesting IMO.
This system can't work. It protects the contents of your message, but it doesn't hide the fact that a communication between you and another party took place.
In other words, it doesn't protect privacy.
Most of the time, the important thing to know is that a communication took place, even if you don't know the contents. If you suspect someone of illegal activity (or simply want access to someone's confidential information) and that person sends a mail with SafeMessage, you can know where that message was sent (the protocol is probably easily identifiable) thanks to the peer to peer connection. So the next thing to do is to either break in the recepient's computer or use much more sophisticated equipement so spy on the recipient (you know where he lives, so you're all set if you're a governement agency).
The government is probably going to laugh at that one.
I'm really not impressed.
Plus why are they insisting on the peer to peer thing? All traffic will still go through an ISP.
is because he wants to sell each episode on VHS, and when he's done selling them, he will release them on DVD and cash in a second time.
As a kid, I used to think Lucas was a really "clean" director that would not let any commercial incentives interfere with what he really wanted to put on screen. Yeah right!
In any case, he is a business man before anything else. Episodes IV-VI were really good (except for the Ewoks and the "You're my sister"). But Episode I, even though it was a very entertaining movie, was really centered around selling TOYS TOYS TOYS.
First of all, for those interested, the company that makes the modems is Trisignal, located in montreal, and their web site is at:
http://www.trisignal.com
About a future LAN interface, it can't be otherwise. The sega network won't be operational in North America before next summer, at which time the modem will already have obseleted itself! The president of Trisignal (the company that makes the modem) himself said: "Now if only we could plug ADSL in that beast" or something like that.
Anyway, I hope they don't start making custom adsl modems (or cable), but I don't think they would make that mistake. Surely they will simply make a LAN interface.
You once said you were very interested in persistent worlds and the technical challenges they presented. Rightly so, since if you take a look at Everquest or Ultima Online, these are projects that anyone would dream to work on: server programming, network programming, graphic rendering, database programming, load balancing, etc... Maybe online RPGs don't need super high frame rates and are less sensitive to latency, but other then that, it seems to me there are even more technical challanges then in q3!:)
On the other side, an online RPG requires a huge team of artists and level designers and 'world designers (magic system, combat system, classes, etc) and you've been known to like a small teams. But if you were entrusted with strictly technical stuff, would you feel motivated to work on an online RPG? (would you want to?)
You once said you were very interested in persistent worlds and the technical challenges they presented. Rightly so, since if you take a look at Everquest or Ultima Online, these are projects that anyone would dream to work on: server programming, network programming, graphic rendering, database programming, load balancing, etc... Maybe online RPGs don't need super high frame rates and are less sensitive to latency, but other then that, it seems to me there are even more technical challanges then in q3!:)
On the other side, an online RPG requires a huge team of artists and level designers and 'world designers (magic system, combat system, classes, etc) and you've been known to like a small teams. But if you were entrusted with strictly technical stuff, would you feel motivated to work on an online RPG? (would you want to?)
That's not all. He also mentionned how much he likes vc++ (it is a very good IDE). He also said good things about code warrior (that he used at some point when writing some mac specific code for q3 I believe), but that he still preferred vc++.
Equifax supports DSA certs. Try to get in contact with one of their engineers. They were still sorting some things out last time I talked to them. I'm not sure they are "commercially" supporting DSA but they have the capability to do so and it could happen soon.
While, DSA and DH-EG are very good algorithms, each has its own quirks and you still need two sets of keys. [...] In addition, RSA is by far the most widely implemented algorithm and so it is very important for interoperability between implementations and across standards.
True. In fact, many products from large companies (IBM, Novell) do not even support DSA based ciphersuites.
But if you are doing a security scheme where you have your own software components for both the server and the client, then DSA might not be such a bad thing.
I work at a company that does telecom products. Our lawyers did a lot of research on the RSA patent. Some of you may already know this, but some of you might not:
RSA ---
RSA is protected by a US patent. Everyone knows this. However, the patent only applies to the US, which does NOT include Canada (some people think the RSA patent also applies to Canada since our crypto laws are identical). So if you are not an american company, you can sell your product WITH RSA all over the world except in the US.
In the US I would suggest using DSA instead of RSA. Works very well. The only problem is that you will have trouble finding certificate authorities that support DSA (Verisign, GTE Cybertrust, etc... only support RSA certs). You might want to check these:
http://www.equifax.com : they are supposed to have DSA support.
http://www.arcanvs.com : they already support DSA certs.
http://www.thawte.com : they support DSA certs BUT they are signed by an intermediate DSA issuing cert that in turn is signed by an RSA cert. So it doens't really work if you have to avoid using RSA. BUT, if enough people e-mail the president of Thawte and say they would like DSA certs they might provide support earlier... By the way, the president (Mark Shuttleworth) answers e-mails in less then a day and he knows more then just sales figures...
Also, Thawte has the greatest test facility among all CAs out there! Just go in the "test" section on their web page. You can test everything, RSA certs, DSA certs, PKCS7 chains, etc.
RC4 ---
RC4 is not patented, but it is copyrighted. Not the algorithm, but its implementation. However, as we all know the algorithm was leaked some years ago and today it is considered public knowledge since you can find it in any book. So you can use the algorithm FREE anywhere in the world if you make your own implementation without basing your work on an implementation that was done by RSADSI. You also have to rename the algorithm. You can't use the name "RC4". But you can use "AV4" for instance.
If you are not using RSA then you might want to forget about RC4 because there are not SSL Ciphersuites that combine DSA (the RSA alternative) and RC4.
MD2 ---
We also did some research on that (our lawyers actually) and you can actually use the name MD2 (unlike RC4) and use the alg. free if you can write an implementation independantly of any implementation done by RSADSI or the implementation found in the RFC.
I don't know about MD5 because we used a library that gave us the right to use MD5...
Hmmmm, I must admit I don't see how a ping flooding question can be off topic when the subject was a network intrusion book.
Maybe they are being VERY picky and ping flooding was considered off topic since it's not an intrusion attack but rather a DoS attack?:)
Bah, just keep in mind that slashdot's system randomly assigns moderating rights to some users for a very limited amount of time. I guess the system is good in general, and like all systems sometimes weird people are given moderation rights (for a short while luckily). It's just frustrating for you since you are the victim, but in general it works ok.
Slashdot Mirror
Stegnography in text... It would work.
If you use the typical method of changing the least significant bit of every color component of every pixel in an image, the new image is different then the original one, but still "makes sense" visually.
You can't do the same for text though. You'd get unexisting words and weird characters. Unless there's a way I don't know of.
What can I say... Maybe you should use a privacy tool, there are some good ones out there. What your company did is really not ethical, but if you are realistic then you should expect many companies to act the same...
Seriously though, you should protect your privacy yourself, don't expect companies to be ethical.
If your traffic is routed through at least 2 freedom proxies, then no single entity on the route knows both the source and destination. That's what makes it really interesting IMO.
He's right nonetheless.
This is not meant as flame bait.
This system can't work. It protects the contents of your message, but it doesn't hide the fact that a communication between you and another party took place.
In other words, it doesn't protect privacy.
Most of the time, the important thing to know is that a communication took place, even if you don't know the contents. If you suspect someone of illegal activity (or simply want access to someone's confidential information) and that person sends a mail with SafeMessage, you can know where that message was sent (the protocol is probably easily identifiable) thanks to the peer to peer connection. So the next thing to do is to either break in the recepient's computer or use much more sophisticated equipement so spy on the recipient (you know where he lives, so you're all set if you're a governement agency).
The government is probably going to laugh at that one.
I'm really not impressed.
Plus why are they insisting on the peer to peer thing? All traffic will still go through an ISP.
"No advanced story lines given"
:)
Right, there are probably no advanced story lines, judging from episode 1 !
Carnivore? No wonder people are worried. If they had called it "Lady peace" or "guardian angel" people wouldn't be so scared! :)
is because he wants to sell each episode on VHS, and when he's done selling them, he will release them on DVD and cash in a second time.
As a kid, I used to think Lucas was a really "clean" director that would not let any commercial incentives interfere with what he really wanted to put on screen. Yeah right!
In any case, he is a business man before anything else. Episodes IV-VI were really good (except for the Ewoks and the "You're my sister"). But Episode I, even though it was a very entertaining movie, was really centered around selling TOYS TOYS TOYS.
First of all, for those interested, the company that makes the modems is Trisignal, located in montreal, and their web site is at:
http://www.trisignal.com
About a future LAN interface, it can't be otherwise. The sega network won't be operational in North America before next summer, at which time the modem will already have obseleted itself! The president of Trisignal (the company that makes the modem) himself said: "Now if only we could plug ADSL in that beast" or something like that.
Anyway, I hope they don't start making custom adsl modems (or cable), but I don't think they would make that mistake. Surely they will simply make a LAN interface.
Hi John,
:)
You once said you were very interested in persistent worlds and the technical challenges they presented. Rightly so, since if you take a look at Everquest or Ultima Online, these are projects that anyone would dream to work on: server programming, network programming, graphic rendering, database programming, load balancing, etc... Maybe online RPGs don't need super high frame rates and are less sensitive to latency, but other then that, it seems to me there are even more technical challanges then in q3!
On the other side, an online RPG requires a huge team of artists and level designers and 'world designers (magic system, combat system, classes, etc) and you've been known to like a small teams. But if you were entrusted with strictly technical stuff, would you feel motivated to work on an online RPG? (would you want to?)
Hi John,
:)
You once said you were very interested in persistent worlds and the technical challenges they presented. Rightly so, since if you take a look at Everquest or Ultima Online, these are projects that anyone would dream to work on: server programming, network programming, graphic rendering, database programming, load balancing, etc... Maybe online RPGs don't need super high frame rates and are less sensitive to latency, but other then that, it seems to me there are even more technical challanges then in q3!
On the other side, an online RPG requires a huge team of artists and level designers and 'world designers (magic system, combat system, classes, etc) and you've been known to like a small teams. But if you were entrusted with strictly technical stuff, would you feel motivated to work on an online RPG? (would you want to?)
That's not all. He also mentionned how much he likes vc++ (it is a very good IDE). He also said good things about code warrior (that he used at some point when writing some mac specific code for q3 I believe), but that he still preferred vc++.
Equifax supports DSA certs. Try to get in contact with one of their engineers. They were still sorting some things out last time I talked to them. I'm not sure they are "commercially" supporting DSA but they have the capability to do so and it could happen soon.
While, DSA and DH-EG are very good algorithms, each has its own quirks and you still need two sets of keys. [...] In addition, RSA is by far the most widely implemented algorithm and so it is very important for interoperability between implementations and across standards.
True. In fact, many products from large companies (IBM, Novell) do not even support DSA based ciphersuites.
But if you are doing a security scheme where you have your own software components for both the server and the client, then DSA might not be such a bad thing.
You're right, the laws are different. I wrote my post to quickly. Thank you for pointing that out.
I work at a company that does telecom products. Our lawyers did a lot of research on the RSA patent. Some of you may already know this, but some of you might not:
RSA
---
RSA is protected by a US patent. Everyone knows this. However, the patent only applies to the US, which does NOT include Canada (some people think the RSA patent also applies to Canada since our crypto laws are identical). So if you are not an american company, you can sell your product WITH RSA all over the world except in the US.
In the US I would suggest using DSA instead of RSA. Works very well. The only problem is that you will have trouble finding certificate authorities that support DSA (Verisign, GTE Cybertrust, etc... only support RSA certs). You might want to check these:
http://www.equifax.com : they are supposed to have DSA support.
http://www.arcanvs.com : they already support DSA certs.
http://www.thawte.com : they support DSA certs BUT they are signed by an intermediate DSA issuing cert that in turn is signed by an RSA cert. So it doens't really work if you have to avoid using RSA. BUT, if enough people e-mail the president of Thawte and say they would like DSA certs they might provide support earlier... By the way, the president (Mark Shuttleworth) answers e-mails in less then a day and he knows more then just sales figures...
Also, Thawte has the greatest test facility among all CAs out there! Just go in the "test" section on their web page. You can test everything, RSA certs, DSA certs, PKCS7 chains, etc.
RC4
---
RC4 is not patented, but it is copyrighted. Not the algorithm, but its implementation. However, as we all know the algorithm was leaked some years ago and today it is considered public knowledge since you can find it in any book. So you can use the algorithm FREE anywhere in the world if you make your own implementation without basing your work on an implementation that was done by RSADSI. You also have to rename the algorithm. You can't use the name "RC4". But you can use "AV4" for instance.
If you are not using RSA then you might want to forget about RC4 because there are not SSL Ciphersuites that combine DSA (the RSA alternative) and RC4.
MD2
---
We also did some research on that (our lawyers actually) and you can actually use the name MD2 (unlike RC4) and use the alg. free if you can write an implementation independantly of any implementation done by RSADSI or the implementation found in the RFC.
I don't know about MD5 because we used a library that gave us the right to use MD5...
Hmmmm, I must admit I don't see how a ping flooding question can be off topic when the subject was a network intrusion book.
:)
Maybe they are being VERY picky and ping flooding was considered off topic since it's not an intrusion attack but rather a DoS attack?
Bah, just keep in mind that slashdot's system randomly assigns moderating rights to some users for a very limited amount of time. I guess the system is good in general, and like all systems sometimes weird people are given moderation rights (for a short while luckily). It's just frustrating for you since you are the victim, but in general it works ok.
(and yes, my post is definitely off topic)
Whether you have xDSL or Cable modem, in the end the real bottleneck is whether or not your provider is overselling its bandwidth or not.
Could you be more specific? What is it you didn't like?