Desktop biometric scanners that transmit the biometric through an insecure network to a server for verification are a fraud and security through obscurity (don't laugh, people actually do this kind of thing). This device, while not perfect, looks like it can offer some real security because it performs the verification internally.
A quote from the article you are linking to: "Biometrics are powerful and useful, but they are not keys. They are useful in situations where there is a trusted path from the reader to the verifier."
In this case there is a trusted path from the reader to the verifier because they are both inside the same tamper-resistant pacakge (no, not tamper-proof, there is no such thing).
"Trusted" is always a relative term and depends on the resources available to your opponent. If your opponent is a foreign government then even secure (breakable) hardware and (bribable, killable) guards may not be enough.
I don't know how many casual attackers have access to a focused ion beam workstation and the knowledge required to operate it and try to crack a multilayer tamper-resistant chip. See this article for more information about the techniques used to crack smartcards. Remember that this device is thicker and more expensive than a smartcard and could theoretically provide much better tamper resistance.
Correctly applied biometrics can let you have some security even when facing intentional misuse. I'd rather have access to my medical information protected by this kind of biometric token rather than a password that will end up on a post-it note on the secretary's monitor or a smartcard that will be "shared" because it is not tied to a specific person. Experience has shown that most people will bypass security in every imaginable way. Biometrics can help enfore an organization's security policy under these conditions.
Personally, I will stick to my passphrases (6 words, at least 2 of them not in any dictionary...)
Good idea, if the specs of the device are public it shouldn't be too difficult to modify GnuPG to use it.
> Lock the key, not with a passphrase, but with a unique hash from the biometric data;
You can't generate a consistent hash from a biometric - two readings will never be exactly the same and in cryptographic applications a single bit error will render the hash useless.
Instead, biometrics are compared by a pattern-matching engine that can tolerate some errors. This means that your private key will actually be stored in plaintext inside the token and you must rely on physical tamper-resistance to protect it.
> Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.
The real problem is not a damaged fingerprint - it's a damaged or lost token. You must have some kind of recovery mechanism for this case and, naturally, it will also cover the less common case of an injured finger.
This is interesting because a cellular phone takes so much power for the RF transmission that the CPU consumption is relatively negligible. I don't know about you, but I really like the fact that a Palm runs forever on a pair of AAAs. I don't like the rechargeable Palm V, Palm IIIc, PocketPCs, etc.
NASA's current budget, adjusted for inflation, is not much lower than what it was in the peak of the Apollo program, but it's mostly wasted on a bloated payroll.
If you are really looking for the reasons for their unimpressive performance you should ask any organizational psychologist. Post-Challenger NASA is a recurring example in all the textbooks.
If you want people with a regular phone to be able to call you you must have a number assigned according to the phone company's numbering plan. This means that even if everyone gets this kind of phone and we bypass the circuit switching phone network for virtually all calls we are still dependent on the phone company for assigning numbers. Sorta like our dependence on the InterNIC in the past, except that you can't assign your own hostnames under your domain - you must register each hostname seperately.
A fifth lingua franca which you forgot to mention is Aramaic which was spoken throughout the middle east and large parts of the mediterranean for many centuries. It is preserved today in a few isolated communities in Syria and in many jewish scriptures.
I agree that English is effectively the new lingua franca for the foreseeable future. Maybe it's time to revive Charles Kay Ogden's Basic English proposal - a subset of English that is more simple to learn than regular English. (yes, that's right, more simple, not "simpler")
Don't know about the shuttle, but the glass mission control center in Houston uses Alphas running Digital Unix. The old dial-and-gauge mission control center used during the Apollo missions is now preserved as a histroical monument.
Instead of a few lame names like.shop and.banc the best solution would be to find a way to let people add TLDs that they really want, while keeping some kind of limit on the number of new TLDs. One way to limit it would be to charge a high price. I think there is a way to do this while still keeping it possible for groups of individuals without a centralized budget to create new TLDs.
My suggestion: let anyone pre-register a name under an arbitrary TLD and give their credit card number. It will be verified but not charged. If more than, say, 150 names under the same new TLD are pre-registered the TLD is created, any preregistered names are created under the new TLD and the credit cards are billed.
If you want a new TLD (.linux for example) you can organize a campaign to get 150 people to preregister names under the proposed TLD. Of course, someone with enough money can register all 150 names by themselves - but they will not own the new TLD, anyone can register names under it afterwards.
I believe that technically the root domain should be able to handle a large number of TLDs.
You don't need a lot of transmission power if you can get the jammer really close to your target. Jammer artillery shells bury themselves in the ground and their protroding antennas are made to look like the vegetation making them hard to find and disable. They are cheap and very effective.
The 44 floor triangular tower of Azrieli Center in Tel Aviv had a huge millenium countdown animated display. There were rumors that the programmer wrote Tetris for that display but eventually didn't run it. IIRC, the display controller was running Linux.
that they were probably trying to write a hash function but accidentally used only reversible contructs.
The operations they use look like lots of amateur "crypto" I have seen - an obfuscation of meaningless operations. I guess an algorithm like DES looks equally meaningless and obfuscated to someone who doesn't understand the underlying principles.
BTW, the BSD md5_crypt includes some equally meaningless and obfuscated operations and was probably written by someone without serious crypto knowledge. However, since he had the good sense to use MD5 as the underlying building block it is still secure.
If you think that riding a tank full of volatile, flammable liquid is bad...
How about riding a massive wheel rotating at well over 1000 revolutions per second, where any failure of the magnetic bearings results in all that energy being released instantaneously?
Sure, flywheels are cool and efficient, I might like one in the basement instead of a UPS, but I sure don't want to ride one.
The Kingdom of Tonga in the South Pacific hosts a server that freely distributes over the Internet BSAFEeay, a free, public domain implementation of RSA Data Security?s BSAFE Applications Programming Interface (API). The site advertises that its cryptographic offerings are "made outside the US, so there [are] no ITAR restrictions."
Ahem... Cypherpunks Tonga is actually located in the Netherlands - anyone can buy a.to domain name. Their website claims that "yes, there are cypherpunks in Tonga" but it is probably a joke.
Operators of FreeNet nodes will spend a significant amount of resources such as bandwidth, storage and CPU. Naturally, not all node operators will be equally interested in all types of content. Is there any way for node operators to determine on what content their re$ources will be spent?
Apparently, a lot of people here like to shout "beowulf cluster" and don't understand much about the problems of massively parallel computing.
The bottleneck is inter-processor communication. If all you are doing is trying to brute force a cipher the processors are almost independent and easily reach the theoretical aggregate performance figures. But if you are doing complex physical simulations you can end up waiting for data most of the time and using only a fraction of your theoretical parallel power.
This is especially true of things that don't break down nicely into regular blocks. For a wind tunnel simulation you can assign different sections of the tunnel to different processors and each one communicates only with its neighbors with nice, predictable access patters. For something like a simulation of a car crash this will not work too well, though.
Tera's architecture is based around a high throughput communication fabric. The cost of this architecture is the latency - it can take many cycles from the time you request a piece of data stored in another processor until it traverses the switch fabric and the result comes back. To get around this problem each processor runs many threads with very fine granularity - it switches to a different thread every instruction cycle. By the time the next instruction for the same thread is scheduled for execution the results of a remote memory access are already available, without wait states. Each of these "virtual processor" threads is not particularly fast but the total throughput is very high.
This presents the programmer with a simple shared-memory multithreaded programming model. No need to reengineer your program to a specific message passing architecture supported by the target machine.
During flight their record looks ok, but hundreds were killed in accidents on the ground including several launch pad explosions.
But you do have to admire the fact that when they had problems on the Mir they hung on and fixed them. Whenever the shuttle has the slightest problem it simply returns to mother earth.
----
I found a mirror with full dist and ISOs
on
RedHat 6.2 - RSN
·
· Score: 4
zoot-doc.iso 594576 Kb Fri Mar 10 00:20:00 2000 zoot-i386.iso 656134 Kb Thu Mar 9 18:39:00 2000 zoot-sparc.iso 613072 Kb Thu Mar 9 18:42:00 2000 zoot-srpms.iso 580122 Kb Thu Mar 9 18:41:00 2000
And then I realized that minutes after I announce it it will be slashdotted and my download speed will drop.
What if some US legislators think it's a good idea and try to pass it as law? If that should happen it will become increasingly difficult for other countries to remain havens of anonymity.
Precedents can be dangerous. It doesn't matter if there are workarounds.
You keep fighting with RPM, overriding dependencies, installing packages directly from source and generally using it against the way it was designed and then you wonder why it's not working for you?
The dependencies are there for a reason. Sure, they can sometimes be a pain, but so are seat belts and type checking. Overriding dependencies is possibly, but I rarely find it necessary.
RPM works just great if you work with it instead of against it. Learn how to build RPMs. It's easy. You can pick it up in a few hours just by looking at.spec file. When I get a package with no RPM I make one myself and upload it to contrib.redhat.com. Updating an RPM to a newer version of the package is even easier.
I find that most people are sincere about their own motives but always question other people's motives. Why is that?
Need I remind you that Mr. Spielberg has just about all the money he could ever want and achieved more than most people could hope for? (including, eventually, an Oscar:-)
Slashdot Mirror
Desktop biometric scanners that transmit the biometric through an insecure network to a server for verification are a fraud and security through obscurity (don't laugh, people actually do this kind of thing). This device, while not perfect, looks like it can offer some real security because it performs the verification internally.
A quote from the article you are linking to:
"Biometrics are powerful and useful, but they are not keys. They are useful in situations where there is a trusted path from the reader to the verifier."
In this case there is a trusted path from the reader to the verifier because they are both inside the same tamper-resistant pacakge (no, not tamper-proof, there is no such thing).
"Trusted" is always a relative term and depends on the resources available to your opponent. If your opponent is a foreign government then even secure (breakable) hardware and (bribable, killable) guards may not be enough.
I don't know how many casual attackers have access to a focused ion beam workstation and the knowledge required to operate it and try to crack a multilayer tamper-resistant chip. See this article for more information about the techniques used to crack smartcards. Remember that this device is thicker and more expensive than a smartcard and could theoretically provide much better tamper resistance.
Correctly applied biometrics can let you have some security even when facing intentional misuse. I'd rather have access to my medical information protected by this kind of biometric token rather than a password that will end up on a post-it note on the secretary's monitor or a smartcard that will be "shared" because it is not tied to a specific person. Experience has shown that most people will bypass security in every imaginable way. Biometrics can help enfore an organization's security policy under these conditions.
Personally, I will stick to my passphrases (6 words, at least 2 of them not in any dictionary...)
----
Good idea, if the specs of the device are public it shouldn't be too difficult to modify GnuPG to use it.
> Lock the key, not with a passphrase, but with a unique hash from the biometric data;
You can't generate a consistent hash from a biometric - two readings will never be exactly the same and in cryptographic applications a single bit error will render the hash useless.
Instead, biometrics are compared by a pattern-matching engine that can tolerate some errors. This means that your private key will actually be stored in plaintext inside the token and you must rely on physical tamper-resistance to protect it.
> Only real problem would be if you damaged the fingerprint - and there is no reason why the key can't be stored ten times, one per digit.
The real problem is not a damaged fingerprint - it's a damaged or lost token. You must have some kind of recovery mechanism for this case and, naturally, it will also cover the less common case of an injured finger.
For an interesting approach to the problem of secret key recovery see Protecting Secret Keys with Personal Entropy
----
PalmOS is also moving to the ARM processor.
This is interesting because a cellular phone takes so much power for the RF transmission that the CPU consumption is relatively negligible. I don't know about you, but I really like the fact that a Palm runs forever on a pair of AAAs. I don't like the rechargeable Palm V, Palm IIIc, PocketPCs, etc.
----
NASA's current budget, adjusted for inflation, is not much lower than what it was in the peak of the Apollo program, but it's mostly wasted on a bloated payroll.
If you are really looking for the reasons for their unimpressive performance you should ask any organizational psychologist. Post-Challenger NASA is a recurring example in all the textbooks.
----
If you want people with a regular phone to be able to call you you must have a number assigned according to the phone company's numbering plan. This means that even if everyone gets this kind of phone and we bypass the circuit switching phone network for virtually all calls we are still dependent on the phone company for assigning numbers. Sorta like our dependence on the InterNIC in the past, except that you can't assign your own hostnames under your domain - you must register each hostname seperately.
----
A fifth lingua franca which you forgot to mention is Aramaic which was spoken throughout the middle east and large parts of the mediterranean for many centuries. It is preserved today in a few isolated communities in Syria and in many jewish scriptures.
I agree that English is effectively the new lingua franca for the foreseeable future. Maybe it's time to revive Charles Kay Ogden's Basic English proposal - a subset of English that is more simple to learn than regular English. (yes, that's right, more simple, not "simpler")
----
Download the RPM
----
Don't you find it strange? Could this have anything to do with the circumstances of his death?
----
Don't know about the shuttle, but the glass mission control center in Houston uses Alphas running Digital Unix. The old dial-and-gauge mission control center used during the Apollo missions is now preserved as a histroical monument.
----
Instead of a few lame names like .shop and .banc the best solution would be to find a way to let people add TLDs that they really want, while keeping some kind of limit on the number of new TLDs. One way to limit it would be to charge a high price. I think there is a way to do this while still keeping it possible for groups of individuals without a centralized budget to create new TLDs.
My suggestion: let anyone pre-register a name under an arbitrary TLD and give their credit card number. It will be verified but not charged. If more than, say, 150 names under the same new TLD are pre-registered the TLD is created, any preregistered names are created under the new TLD and the credit cards are billed.
If you want a new TLD (.linux for example) you can organize a campaign to get 150 people to preregister names under the proposed TLD. Of course, someone with enough money can register all 150 names by themselves - but they will not own the new TLD, anyone can register names under it afterwards.
I believe that technically the root domain should be able to handle a large number of TLDs.
Comments?
----
You don't need a lot of transmission power if you can get the jammer really close to your target. Jammer artillery shells bury themselves in the ground and their protroding antennas are made to look like the vegetation making them hard to find and disable. They are cheap and very effective.
----
The 44 floor triangular tower of Azrieli Center in Tel Aviv had a huge millenium countdown animated display. There were rumors that the programmer wrote Tetris for that display but eventually didn't run it. IIRC, the display controller was running Linux.
----
that they were probably trying to write a hash function but accidentally used only reversible contructs.
The operations they use look like lots of amateur "crypto" I have seen - an obfuscation of meaningless operations. I guess an algorithm like DES looks equally meaningless and obfuscated to someone who doesn't understand the underlying principles.
BTW, the BSD md5_crypt includes some equally meaningless and obfuscated operations and was probably written by someone without serious crypto knowledge. However, since he had the good sense to use MD5 as the underlying building block it is still secure.
----
If you think that riding a tank full of volatile, flammable liquid is bad...
How about riding a massive wheel rotating at well over 1000 revolutions per second, where any failure of the magnetic bearings results in all that energy being released instantaneously?
Sure, flywheels are cool and efficient, I might like one in the basement instead of a UPS, but I sure don't want to ride one.
----
The Kingdom of Tonga in the South Pacific hosts a server that freely distributes over the Internet BSAFEeay, a free, public domain implementation of RSA Data Security?s BSAFE Applications Programming Interface (API). The site advertises that its cryptographic offerings are "made outside the US, so there [are] no ITAR restrictions."
.to domain name. Their website claims that "yes, there are cypherpunks in Tonga" but it is probably a joke.
Ahem... Cypherpunks Tonga is actually located in the Netherlands - anyone can buy a
----
Operators of FreeNet nodes will spend a significant amount of resources such as bandwidth, storage and CPU. Naturally, not all node operators will be equally interested in all types of content. Is there any way for node operators to determine on what content their re$ources will be spent?
----
Apparently, a lot of people here like to shout "beowulf cluster" and don't understand much about the problems of massively parallel computing.
The bottleneck is inter-processor communication. If all you are doing is trying to brute force a cipher the processors are almost independent and easily reach the theoretical aggregate performance figures. But if you are doing complex physical simulations you can end up waiting for data most of the time and using only a fraction of your theoretical parallel power.
This is especially true of things that don't break down nicely into regular blocks. For a wind tunnel simulation you can assign different sections of the tunnel to different processors and each one communicates only with its neighbors with nice, predictable access patters. For something like a simulation of a car crash this will not work too well, though.
Tera's architecture is based around a high throughput communication fabric. The cost of this architecture is the latency - it can take many cycles from the time you request a piece of data stored in another processor until it traverses the switch fabric and the result comes back. To get around this problem each processor runs many threads with very fine granularity - it switches to a different thread every instruction cycle. By the time the next instruction for the same thread is scheduled for execution the results of a remote memory access are already available, without wait states. Each of these "virtual processor" threads is not particularly fast but the total throughput is very high.
This presents the programmer with a simple shared-memory multithreaded programming model. No need to reengineer your program to a specific message passing architecture supported by the target machine.
----
During flight their record looks ok, but hundreds were killed in accidents on the ground including several launch pad explosions.
But you do have to admire the fact that when they had problems on the Mir they hung on and fixed them. Whenever the shuttle has the slightest problem it simply returns to mother earth.
----
zoot-doc.iso 594576 Kb Fri Mar 10 00:20:00 2000
zoot-i386.iso 656134 Kb Thu Mar 9 18:39:00 2000
zoot-sparc.iso 613072 Kb Thu Mar 9 18:42:00 2000
zoot-srpms.iso 580122 Kb Thu Mar 9 18:41:00 2000
And then I realized that minutes after I announce it it will be slashdotted and my download speed will drop.
Shall I be selfish?
sgc://qbjaybnq.fbheprsbetr.arg/cho/zveebef/erqu
----
- Hummingbird flying platform
- The Moller
- Hiller Flying platform
- SkyRider
For more information why ducted fans are a good idea for reasons other than safety see this article.----
What if some US legislators think it's a good idea and try to pass it as law? If that should happen it will become increasingly difficult for other countries to remain havens of anonymity.
Precedents can be dangerous. It doesn't matter if there are workarounds.
----
You keep fighting with RPM, overriding dependencies, installing packages directly from source and generally using it against the way it was designed and then you wonder why it's not working for you?
.spec file. When I get a package with no RPM I make one myself and upload it to contrib.redhat.com. Updating an RPM to a newer version of the package is even easier.
The dependencies are there for a reason. Sure, they can sometimes be a pain, but so are seat belts and type checking. Overriding dependencies is possibly, but I rarely find it necessary.
RPM works just great if you work with it instead of against it. Learn how to build RPMs. It's easy. You can pick it up in a few hours just by looking at
----
I believe this open source project isn't getting anywhere mear the amount of attention it should considering its side and importance.
Does anyone else here share this opinion?
Could it be related to the fact that it is centered in Japan?
----
You can use this script instead.
----
I find that most people are sincere about their own motives but always question other people's motives. Why is that?
:-)
Need I remind you that Mr. Spielberg has just about all the money he could ever want and achieved more than most people could hope for? (including, eventually, an Oscar
----