I wondered if any of the/. crowd can tell us about college books that are electronic. I understand that some colleges offer course text only electronically and it has an expiration date that is just beyond the end of the semester. That prevents you from selling it back to the bookstore to be sold the next semester as a used book.
Stupidity in the extreme coming along later in life. Has to be genetic.
Maybe it came early in you or you were in such a rush to say something about GB you didn't think. George Bush 41 (43's father, the current President you are foolishly trying to malign) is still regarded highly and is still popular. Only a fool would call 41 stupid and therefore it couldn't be genetic. Check out 41 here - http://www.whitehouse.gov/history/presidents/gb41. html
Sorry, I think you misunderstood what I was getting at. I'm merely stating that I think it's entirely plausible to have researchers in physics or mathematics at the age of 18. However, I do not think that an 18-year-old has the social context to conduct social research. I also do not think that the educational system stresses learning that could go towards that--you know, classic literature about the human condition, philosophy, stuff like that.
Yes, of course you're right on that.
-because he thought philosophy courses were liberal arts fluff (he also never took a statistical analysis course--"You have truth data, and that's all there is to it")! I think he would be a much better researcher if he knew what he was talking about when these topics came up. A short course in epistemology would probably do him a lot of good, as well as these high school kids.
I think it is delightful to find these people. You get to watch the gears turn and with any luck they become a first rate scientist if they are guided the right way. Of course guidance alone means nothing, they can become anything from a rocket scientist to a priest. Same program, same guy leading it. You are in fact right by the way. I know this from over 20 years of working with teens. I can also tell you that I don't think a course on epistemology would be worth while for high school kids. I don't think that many of them are capable of understanding it. The program I work with, we start with around 50,000 kids and we used to end up with about 70 that were self starters and interested in science. The last few years we are lucky if we get 4. I also work with the science fair as a judge, also for around 20 years. I'm not happy with what I have seen over the years. A steady decline of good science being taught. This needs to be fixed first or the US as a country is in big trouble. Much to my surprise not even a drivers license seems that important to teens lately. Something that when I was growing up you had to have to even be considered anything.
If I seem bitter it is because I am. At a local school that is a science and tech school, they have liberal arts teachers trying to teach science. It is a small wonder why the kids have no clue, the teachers are clueless. I think this also finds its way into the junk science that you are probably aware of as well. If you have a good program and can get it integrated into the high school program and it is effective then go for it. I think it would do the country a lot of good.
Two, I notice a complete lack of representation by the "soft" sciences.
Has to do with the competition in this case. Intel isn't into that.
But some of that context used to be handled by education as well--you had to read the classics, you had to study some philosophy, you had to know history. My aero engineer friend has really never done any of that, so he's an engineer who doesn't know what "empiricism" means. Is this also a failing by our educational system? Isn't such education necessary to be a good researcher?
I'm wondering if you know what empiricism means (What do the classics, philosophy have to do with flight? Unless it is flight theory which he should know) or perhaps you mean this in a way that I'm not thinking of at the moment. The educational system has plenty of liberal arts stuff. Too much if it is still like it was when I went to college. Generally it isn't useful to the research itself. It may be useful in the presentation of his work, however. His manager may be a pointy-haired boss in which case he will have to know that stuff in order to get around him. With any luck the people he deals with know what they are doing and can talk the talk.
Let's get the Security and Exchange Comission involved and see if there is enough evidence to charge McBride and the others with fraud. I expect an article on this in the next 6 months.
While the likelyhood that somebody does such is low, it's certainly not impossible.
Actually not. The profile for murder in certain instances is a white male and very educated. So say they hear about someone threatening to kill a target in public. There is your mark! Watch any number of whodunit shows to find out how to complete it and not make the mistake that got that guy caught, add this in for more incriminating "evidence". For those of us that saw Mythbusters last night, bonus points for using "hot dog" urine to distract a guard dog to complete the ruse.
Can I ask you, what show must one watch to be part of the masses and not capable of thinking?
Er... you're kidding, right? Maybe you don't watch TV? By the way, he didn't say they were not capable of thinking, he said they were not capable of thinking on their own. Big difference.
So, are you one of those people that can think on their own or do you really need help thinking of a show? This is so easy even a cave man could do it.
He says Linux isn't open because every time he opens his mouth and says something really, really stupid, everyone calls him an idiot and tells him to shut up.
Once again, proof that there's nothing so irritating as a dumbass who thinks he's smart.
What you wrote - well done! How about how he goes on to try to rescue Laura Didio, AKA "didiot" and others. Linux isn't ready for the desktop he says again... yet I've been using it for many years. I guess that was an illusion. As if OS-X and Windows always work right and never bomb. The biggest problem I see is companies like Adobe not porting their stuff to Linux, usually with some lame excuse. So I end up still using a Windows box for some things. Not the end of the world, however I see no valid reason why that stuff hasn't been ported yet. Perhaps business see the Linux community as a bunch of freeloaders. Anything but pay for something. To a certain extent that is true, however there are users of windows and Mac OSX that feel the same way. Maybe we should do more to dispell this myth and show we have a wallet. There is money to be made here, perhaps a great deal more.
However he does bring up a good point about Linux being so generic. It is often the case for example that I see it dinged on security and the distro they used is probably the weakest one out there (intentionally I bet). No SELinux or even basic security stuff set up. OTOH, RedHat for example has international security certifications. So they could compare say Solaris, Windows, RHEL (with and without SELinux) and have it be meaningful. Something that would compare very well.
I also wonder if he has a valid point to GPL 3.0. Could be fire on the horizon or more FUD. I'm hoping FUD. GPL 2.0 has worked so well it seems.
I've read the code and the history in question and I probably understand the problem far better than you do. Assumption of ignorance on the part of those with whom you disagree is the very kind of "knee-jerk reaction" you assert I've had.
It wasn't an assumption of ignorance, it is fact. If you know me you would know I wouldn't dare talk to you like that unless I was very darn sure of myself. I had a lot more in my response. I deleted it all. I think my helping you and pointing things out like I had is the worst thing I could do for you. That is because you have to learn this lesson the hard way, like I did. All I can do is point you in the right direction and that direction is towards login. You did begin in the right spot, telnet is certainly a great place to start an investigation and is also where I started. Then I found out that isn't where the problem is (i.e. look at other source to telnet). I know, I was surprised too. Keep looking, pay attention to the rfc's. Especially the later ones. Then look at login and why this is a login problem and not a telnet problem.
No, that's not correct. login(1) is just fine; telnetd fails to correctly validate user input, passing arguments to login that it should not.
Another slashdotter spouting off with no clue. Hint - know what you are talking about before telling anyone they are wrong. What you said is a typical knee-jerk reaction, probably from someone that thinks they know a lot about security. Look here - http://isc.sans.org/diary.html?storyid=2220 . Did you even bother to do a "man login" to see what parms it takes? You expect login to not check for such things?
If you were getting bugtraq notices you would know that telnet worked EXACTLY as designed. The -f option was added to login in Solaris and that is why the bug is only in the later versions Solaris - 10 and 11. The parameter also gets passed to login in the previous versions, however since it didn't support it nothing bad happened. It asked you for a username, then password. In the vulnerable version, it isn't up to telnet to ask for a password, login does that. This is also not the same bug that showed up in AIX.
Before telling me I'm wrong again, tell SUN they are wrong because that is what they said and they are the ones that fixed it. Of course if you are smart you would see that there is another way to attack the machine.
Oh and sorry to attack you like that... however your handle is "The Man" and it isn't often I get to tell "The Man" off like that.
It won't help because the vulnerability is in login (that telnetd calls) and not with telenetd. Since this is almost a month old and everyone should know by now, here it is -
To evolve is to change. In a biological context, to evolve is to change by means of reproduction and mutation.
Hi liquidscript. This is a way over simplification. It also misses the point of the article that I was getting at.... I thought about also including a bit about viruses and computers... however I thought the humor would get lost.... I also know about plans for robots/computers in the future... where sex may actually be possible... But that is for another slashdot article... Reminds me of some Vax jokes.
In an industrial sense, to evolve is to change through design.
You left out the meat in a meat ball recipe. There is a distinction and a difference. It is a continual change from a lower, simpler, or worse to a higher, more complex, or better state. This dictates that something has to have something to do with something in the past and it has to be a continual change. Did a plane evolve from the little red wagon? Of course not unless you get silly. Why force us to say it was evolutionary? Maybe it was revolutionary? Perhaps "chemical reaction" describes what happened better. A simple design change that isn't necessarily making it a higher, more complex or a better state? Could be a more cost effective or not as labor intensive state. Maybe it is a material change that effectively is the same product for example. Most people also equate evolution with chance, as if man had nothing to do with it and intelligence was not necessary. A slap in the face to engineers and scientists everywhere. For example carbon nanotubes, did that "evolve" from something else? Of course not, it was designed by man. Why require them to say it did.
Words have different meanings in different contexts. All this argumentation about specific meanings of words, such as "to evolve," is useless semantics.
Indeed, what I was getting at in the first place. Evolution has become a meme http://webster.com/dictionary/meme or perhaps some might even say propaganda. They want everyone to use the word to spread it so it can become "fact" when in fact it isn't yet. It is a theory like wave theory, string theory to name just two. If you think it is fact, show me the proof. Feel free to get back to me on that one. Do me a favor and understand what a proof is before responding.
Have to be careful, he is advocating the thought police. Next he may want every paper to contain the word evolution someplace in it because no science could possibly be true without some sort of evolution. You don't want that do you?
So why all the fuss over a word? If they don't want to say evolution, why make them? That is what the article is all about, forcing the meme. By you insisting they use the word evolution, you have sucummed to the meme (the idea, usage, spread it), if not outright propaganda (we evolved, damnit!). Worse, you probably don't even realize it and will probably even argue about it. Think about it for a while.
Eisenhower (33rd President) bemoaned it and coined the term "military industrial complex".
These three words are so often misrepresented it isn't funny. He didn't bemoan it, he encouraged it. He was for a strong defense. He was also for peace. What he said in the proper context is here - http://en.wikipedia.org/wiki/Military-industrial_c omplex copied here:
A vital element in keeping the peace is our military establishment. Our arms must be mighty, ready for instant action, so that no potential aggressor may be tempted to risk his own destruction...
This conjunction of an immense military establishment and a large arms industry is new in the American experience. The total influence -- economic, political, even spiritual -- is felt in every city, every statehouse, every office of the federal government. We recognize the imperative need for this development. Yet we must not fail to comprehend its grave implications. Our toil, resources and livelihood are all involved; so is the very structure of our society.
In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.
We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals so that security and liberty may prosper together.
You can't have a strong military without a strong relationship with industry that builds what they use. It is often the case that these "unwarranted influence"s he is talking about are military personnel themselves or Congress. In fact his original draft of this farewell speech had "military industrial congressional complex" instead. Too bad he didn't say that. Someone comes up with a stupid idea for a promotion or work fair project, and gets it. OTOH some ideas are killed because nobody would get a perk out of it. He also founded People to People and did many more things.
What happened to him is a hazard of that field. I've seen it done before, this is the first time I've heard someone taking it to court and winning. Now if we can just get that for every place security guys work.
Don't try to apply the biological concept of evolution to other fields. The word itself just refers to something unfolding over time.
This is what I'm talking about. This meme confuses people and the meaning and it becomes so embeded that it is impossible to eradicate. Read here - http://en.wikipedia.org/wiki/Evolution . Unfolding over time used to be called progress in most cases. In your context there should also be a distinction because there is a difference. Sometimes things unfold without any thought, perhaps that could be called evolution. However where it is intentional (i.e. the scientific world where things are being developed), thought was involved then it should be intelligent design. That is why I said if it is apropriate then use it. If it isn't then don't.
I also have to wonder if the meme you speak of wasn't intentional, probably from years ago. Say everything "evolved" and therefore you can't not believe in it. An attempt to make a scientific theory into a fact. It may be fact, however we can't say that yet.
Sometimes I hear people say something like "the evolution of computers." Really, computers have sex? The improvements are a function of how they were used and bad ones were killed off by nature? How absurd. Computers are clearly intelligently designed, by humans. Humans decide what to include, improve upon or ditch. Genetics has nothing to do with it. In fact today humans do have the ability to design molecules and even life, the so called Genetically Modified (GM) boogyman.
Even in science it is often misused. Mix hydrogen and oxygen and you get water, some people say it "evolved" into water. Again, how absurd. It was a chemical reaction. Some people still think humans evolved from apes that are around now. Evolution theory shows that isn't the case, whatever it was that we evolved from is dead, has been dead for a very long time. That creature may look sort of like an ape, however it wasn't an ape. That creature may be common to both species, however.
So it may be that they are not avoiding the word as much as people think, it may be that the word evolution isn't the right word to describe what is going on. If it is then use the word, if it isn't then use the right word.
Surveillance is not the answer, it doesn't make a difference if there are too many criminals to monitor. Gun laws (as Americans will say, right to bear arms etc) are not the answer. This has lead me to believe that there is no answer. We have to be politically correct remember. Don't discriminate against trolls, they're people too.
You would be wrong on that. You should read the book "More guns, less crime". What you obviously have been told is what I call the "Mommy toy" reaction. That is, just take guns away as if it was a misused toy, as if that will work. It hasn't worked anywhere in the world. For instance, would you rob a bank if you thought some of the people are armed? Would you be quite so cocky if you thought the other guy is armed? No, a well armed society is a polite society. Hollywood really did the west a disservice that way. It was entertainment. I know I feel much safer out in Colorado where guys have guns on their belts than in Washington where they have proably the toughest gun laws in the country and the worst problem.
So maybe the answer is surveillance and when you find the criminal, shoot them like they do here - http://rawstory.com/news/2007/Kenya_s_overworked_p olice_gun_down__01222007.html . Easier than arresting them and it would give people an incentive to not commit crimes. I know, it is negative reinforcement but it works. Shouldn't be a problem since you have them on camera. Better yet, have it set so the camera can shoot them on site. Guy tries to rob someone and suddenly he is on the ground in pain from the camera gunshot. Hey, this sounds like a movie plot.
Why is that? There are companies that sell random number generation hardware. Are you saying they're flawed or something?
Short answer - yes. However it is more than adequate for most applications. Even commercial/business/banking encryption. The biggest threat there isn't the encryption being cracked, it is the guy taking your credit card to ring you up or the card reader for example. There are far cheaper ways of getting secret information than to try to attack the encryption. Besides, the random number generator isn't as important there. I'm talking about people that need to keep stuff secure even if the enemy has an unlimited budget and they haven't been able to get someone on the inside or someplace else that is much easier to crack. OTP would work for business too, however like I said before it isn't practical.
You'd have to kill me if you told me. Feel free to trot that out, but I hope you don't expect me to take your word for it.
Maybe you didn't read all of what I wrote to you? Maybe you have cryptographers confused with some other organization? There are things called laws against such conduct with very severe penalties. I'd have to be a total idiot to do such a thing. Once again you don't have to take my word for it. Go to the National Cryptographic Museum. There is a reference out there that talks about OTP and gets very close to what I would like to tell you towards the bottom here - http://www.vectorsite.net/ttcode_04.html where he talks about OTP. Essentially the intro course I didn't want to reiterate here though it seems that I have and you still don't get it. If you are smart you can figure it out from there. If not, feel free to continue to believe OTP can never be cracked. Feel free to believe in the tooth fairy as well.
Sure. If you redefine "decrypt" or "break" as "guess about" then it becomes really easy.
The name of the game is to crack it by any means available. There are very strict rules on how this can be done in the case of an educated guess. Often it is the case they use encryption that you don't know the length, you have to do it the hard way. Sometimes that means brute force. Sometimes that means something else. Anyhow, have a nice day.
I'd be interested to read any references you can supply indicating that that is the "whole point" of encryption. I have never heard this before. My understanding is the whole point of encryption is to restrict information to those it's intended for.
Context is important. You do want to restrict who can read the information. One barrier to OTP traditionally is it is as large as the message. Before computers that was a real pain and error prone. Practical encryption means you have something small to hide something large (steganography - something large to hide something small but that is another area). Kind of tough to explain this without getting into an intro course on this and an advanced course on why OTP isn't that secure. Maybe I can explain a bit below.
And what is inherently non-random about them?
One very important part of a OTP is that each space must be truly random to work. Otherwise if there is a pattern then it will help you with the subsequent symbols (i.e. characters and spaces). In practice it is very difficult to get a truly random generator. Find the pattern and you are well on your way to cracking it and any other OTP's from whoever made that pad. They tend to always use the same random generator because they believe it is random.
Thanks, but I doubt it. I don't think my math skills are that good.
That is unfortunate. We need more scientific type people. Too many are old and retiring.
it isn't. After everything you've said, you haven't mentioned one time when a properly implemented OTP system has had its encryption broken. That is because if all the rules are followed, there is simply no way to break the encryption - it is not even possible in theory. It does not matter how much computing power you have, it does not matter how much time you have, and it does not matter what algorithms you have access to. It simply cannot be done. Since a cryptographic attack on such a system is useless, one must attack it another way, which is certainly possible to do.
Are you still going to tell me it's possible to break the encryption of a correct OTP system?
Sure I am. It has been done before. I can't give away the store here for obvious reasons (i.e. mention even a single case), that is why I mentioned the National Cryptographic Museum. I know that stuff is ok to be in public view and they have an example. What I know might not be and I can't take a chance on that. However there are certain things you know about OTP. For example how many symbols it is. If you happen to know who sent it and what it may be about then you already have important information on what it might say. Guesses are often very useful in practice. If you know that and where it should be then it can cut down possibilities considerably. Often times you don't need to decrypt the entire message, you only need to decrypt enough to be useful. Like a date or name for example ("Rainbow Warrior", Midway Island). One time pads are very useful for things like that as it turns out. So even if you did follow all the strict rules on it, it is possible to still figure out what was said if I know enough about it. Sure, if you used a OTP to encrypt something I have no clue about it probably would remain a mystery forever, perhaps even from you if you lost your own pad. You probably wouldn't do that, you would use it to hide something you didn't want others to see.... and what might that be? Of course that can be used as a counter measure as well. Send your laundry list, letter to your daughter, text from a news paper even nonsense through OTP just to keep real messages obscured. Of course by doing that you may expose the pattern to the OTP. See where this is going? This is why it isn't used. Strong ciphers don't divulge things like the length of the message, context, spaces. You are in the dark the whole way through if at all possible. Very costly to break it, computationally.
So yes, OTP can be very secure to unbreakable in theory. In practice they can be surprisingly breakable. The worst thing you can do is be arrogent and think it is unbreakable.
Anybody who says that doesn't know what they're talking about. One-time pads, if implemented correctly, are unbreakable encryption.
Talk about a caveat emptor. If we break it you would simply claim it wasn't implemented correctly. Big deal. And you have the nerve to say I don't know what I'm talking about? You have been mislead.
You would be wrong about one time pads in the real world. They (by they I mean some of the most secretive, unreasonable, well funded governments the world has seen) have tried that before. Obviously you haven't visited the National Cryptography Museum as they have real life examples and how they were compromised. The whole point to encryption is to use a key that is shorter than the message. In the case of one time pads that isn't true. Otherwise if it is shorter then you are talking about an algorithm of some sort and therefore (so far) it theoretically can be cracked. One time pads were brought up in class as well and that is what he said. Do you seriously think a simple ceasar substitution cipher with a random base per character is viable (i.e. your one time pad)? If you do, work for the enemy... please. Point in fact, when one time pads have been used in the past, they ended up being used more than once (and often many more times than once) making your example breakable, even trivial. One time pads are simply not that handy nor random. Please don't feel bad about this. If you go into this field you may turn out to be a first rate cryptologist. I think it was one of the most humbling diciplines I ever undertook. I thought I was so smart (yes, I was young back then too) only to find out what I had done had been tried before. Worse, it may be an excersize to crack in your first homework assignment. That happened to a guy that thought he had the end all and be all encryption routine. I think most of the class managed to crack his cipher that night. Those that didn't were in way over their head and we usually didn't see them much anymore. Another point to drive this home - don't you think that if one time pads were that unbreakeable and viable they would use that (more in business, government, etc) rather than spending billions to develop the science required for quantum crypt? USB key drives are dirt cheap and hold a lot, surely we could make a bunch of them with one time pads. I wouldn't bet much on it being secure. At least secure for very long. I feel much safer using an algorithm that is considered military grade, even the AES standard.
Which of course does not imply you will be right the next time you use it.:-)
It is right until it isn't. I may not live to see that. Sort of like Moore's law... he may end up dying before it is wrong. As unlikely as that has seemed a number of times. I think I will live to see Moore's get broken. I feel safe with mine.
Usually the first thing you are told in a cryptography course is "Anyone that claims their encryption is unbreakable is either a liar or doesn't know what he is talking about." I used that quote years ago when IBM claimed it had an unbreakable crypt system and I was shown to be right. I claimed it for this quantum crap years ago but never bothered to submit a proof on it. Seemed obvious to me. Besides, someone else already had a handle on it and could write better than I can. So here is yet another attempt. I'm not buying it. Probably more secure but not unbreakable.
Besides, the technology isn't the real issue anyhow. It is the people at both ends that have access to the data. They are the real problem with keeping stuff secret.
Three months (closer to four) is how long it took every CF bulb in the house to stop working.
You're right. I took mine back to Lowes, turns out there was a recall on them. I bought a bunch of packages from them and I still had the receipt. Seems to me they were "lights america" brand, however I may be wrong. I have replaced almost every light bulb in my house. Some have been in service for a decade already, the ones that replaced the 150 Watt bulbs. I had 6 in my basement, today one of the originals remains and that one will probably blow soon. I even use them outside for the light post. I get many years out of even the small ones burning for many hours each day. Sometimes you can catch them on sale.
I run my lights for about two hours a day, tops. Maybe four. I don't really live in my house, so the utility difference is nill.
Maybe. Depends on where you live. In your case you might save about $7/month (.07 KWH, 10 X 100 Watt bulbs (1KW/H), 4 hours/day and then 20 watt CF). Now multiply this over thousands of houses... Maybe you burn a light or two to discourage burglers? Anyhow, it is probably safe to buy them again. Just hold onto your receipt.
By manufacturing a "crisis", the government will HAVE to deregulate and then you'll see so much bandwidth you won't believe it, but it will cost a lot of money.
Not quite. The net isn't regulated right now. "Net neutrality" will regulate it, you do realize that don't you? If you think it is regulated, post the corresponding law. You won't be able to because it doesn't exist. "Net neutrality" is manufactured to dupe people into thinking they need the governments help to stop the evil business from taking advantage of them. Sometimes they even cite cases where say a competing voip was slowed down, for a few days until it hit blogs (used to be it would hit the newspapers and then TV) and then they lift it. I'd rather have that than to get the government involved, thank you. If we really need it then ok, pass the law and be careful how it is worded. That law can make it so instead of an inconvenience, you are really screwed. For example how they "helped" us with voting irregularities in the 2000 election, passed new laws in most places that required new computer voting machines? Yea, we didn't need that kind of help as so many artices on/. will show.
This reminds me how Vint Cerf said the internet was going to fail due to the load... a decade ago. He ended up eating his hat over that one. He should have waited for 9/11/2001, it did fail that day for a while. 9/12/2001 it was back to normal. Anyhow be careful what you wish for, you might get it.
Slashdot Mirror
7/20/1969, 38 years ago - http://en.wikipedia.org/wiki/Moon_landing . I remember watching the sucky video as it was happening.
I wondered if any of the /. crowd can tell us about college books that are electronic. I understand that some colleges offer course text only electronically and it has an expiration date that is just beyond the end of the semester. That prevents you from selling it back to the bookstore to be sold the next semester as a used book.
If I seem bitter it is because I am. At a local school that is a science and tech school, they have liberal arts teachers trying to teach science. It is a small wonder why the kids have no clue, the teachers are clueless. I think this also finds its way into the junk science that you are probably aware of as well. If you have a good program and can get it integrated into the high school program and it is effective then go for it. I think it would do the country a lot of good.
Let's get the Security and Exchange Comission involved and see if there is enough evidence to charge McBride and the others with fraud. I expect an article on this in the next 6 months.
So, are you one of those people that can think on their own or do you really need help thinking of a show? This is so easy even a cave man could do it.
However he does bring up a good point about Linux being so generic. It is often the case for example that I see it dinged on security and the distro they used is probably the weakest one out there (intentionally I bet). No SELinux or even basic security stuff set up. OTOH, RedHat for example has international security certifications. So they could compare say Solaris, Windows, RHEL (with and without SELinux) and have it be meaningful. Something that would compare very well.
I also wonder if he has a valid point to GPL 3.0. Could be fire on the horizon or more FUD. I'm hoping FUD. GPL 2.0 has worked so well it seems.
Sure you want that? With an aging population this really could be TMI.
It wasn't an assumption of ignorance, it is fact. If you know me you would know I wouldn't dare talk to you like that unless I was very darn sure of myself. I had a lot more in my response. I deleted it all. I think my helping you and pointing things out like I had is the worst thing I could do for you. That is because you have to learn this lesson the hard way, like I did. All I can do is point you in the right direction and that direction is towards login. You did begin in the right spot, telnet is certainly a great place to start an investigation and is also where I started. Then I found out that isn't where the problem is (i.e. look at other source to telnet). I know, I was surprised too. Keep looking, pay attention to the rfc's. Especially the later ones. Then look at login and why this is a login problem and not a telnet problem.
Another slashdotter spouting off with no clue. Hint - know what you are talking about before telling anyone they are wrong. What you said is a typical knee-jerk reaction, probably from someone that thinks they know a lot about security. Look here - http://isc.sans.org/diary.html?storyid=2220 . Did you even bother to do a "man login" to see what parms it takes? You expect login to not check for such things?
If you were getting bugtraq notices you would know that telnet worked EXACTLY as designed. The -f option was added to login in Solaris and that is why the bug is only in the later versions Solaris - 10 and 11. The parameter also gets passed to login in the previous versions, however since it didn't support it nothing bad happened. It asked you for a username, then password. In the vulnerable version, it isn't up to telnet to ask for a password, login does that. This is also not the same bug that showed up in AIX.
Before telling me I'm wrong again, tell SUN they are wrong because that is what they said and they are the ones that fixed it. Of course if you are smart you would see that there is another way to attack the machine.
Oh and sorry to attack you like that... however your handle is "The Man" and it isn't often I get to tell "The Man" off like that.
It won't help because the vulnerability is in login (that telnetd calls) and not with telenetd. Since this is almost a month old and everyone should know by now, here it is -
telnet -l "-froot" [hostname]
Hi liquidscript. This is a way over simplification. It also misses the point of the article that I was getting at.... I thought about also including a bit about viruses and computers... however I thought the humor would get lost.... I also know about plans for robots/computers in the future... where sex may actually be possible... But that is for another slashdot article... Reminds me of some Vax jokes.
In an industrial sense, to evolve is to change through design.
You left out the meat in a meat ball recipe. There is a distinction and a difference. It is a continual change from a lower, simpler, or worse to a higher, more complex, or better state. This dictates that something has to have something to do with something in the past and it has to be a continual change. Did a plane evolve from the little red wagon? Of course not unless you get silly. Why force us to say it was evolutionary? Maybe it was revolutionary? Perhaps "chemical reaction" describes what happened better. A simple design change that isn't necessarily making it a higher, more complex or a better state? Could be a more cost effective or not as labor intensive state. Maybe it is a material change that effectively is the same product for example. Most people also equate evolution with chance, as if man had nothing to do with it and intelligence was not necessary. A slap in the face to engineers and scientists everywhere. For example carbon nanotubes, did that "evolve" from something else? Of course not, it was designed by man. Why require them to say it did.
Words have different meanings in different contexts. All this argumentation about specific meanings of words, such as "to evolve," is useless semantics.
Indeed, what I was getting at in the first place. Evolution has become a meme http://webster.com/dictionary/meme or perhaps some might even say propaganda. They want everyone to use the word to spread it so it can become "fact" when in fact it isn't yet. It is a theory like wave theory, string theory to name just two. If you think it is fact, show me the proof. Feel free to get back to me on that one. Do me a favor and understand what a proof is before responding.
Have to be careful, he is advocating the thought police. Next he may want every paper to contain the word evolution someplace in it because no science could possibly be true without some sort of evolution. You don't want that do you?
So why all the fuss over a word? If they don't want to say evolution, why make them? That is what the article is all about, forcing the meme. By you insisting they use the word evolution, you have sucummed to the meme (the idea, usage, spread it), if not outright propaganda (we evolved, damnit!). Worse, you probably don't even realize it and will probably even argue about it. Think about it for a while.
These three words are so often misrepresented it isn't funny. He didn't bemoan it, he encouraged it. He was for a strong defense. He was also for peace. What he said in the proper context is here - http://en.wikipedia.org/wiki/Military-industrial_c omplex copied here :
A vital element in keeping the peace is our military establishment. Our arms must be mighty, ready for instant action, so that no potential aggressor may be tempted to risk his own destruction...
This conjunction of an immense military establishment and a large arms industry is new in the American experience. The total influence -- economic, political, even spiritual -- is felt in every city, every statehouse, every office of the federal government. We recognize the imperative need for this development. Yet we must not fail to comprehend its grave implications. Our toil, resources and livelihood are all involved; so is the very structure of our society.
In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist.
We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals so that security and liberty may prosper together.
You can't have a strong military without a strong relationship with industry that builds what they use. It is often the case that these "unwarranted influence"s he is talking about are military personnel themselves or Congress. In fact his original draft of this farewell speech had "military industrial congressional complex" instead. Too bad he didn't say that. Someone comes up with a stupid idea for a promotion or work fair project, and gets it. OTOH some ideas are killed because nobody would get a perk out of it. He also founded People to People and did many more things.
What happened to him is a hazard of that field. I've seen it done before, this is the first time I've heard someone taking it to court and winning. Now if we can just get that for every place security guys work.
This is what I'm talking about. This meme confuses people and the meaning and it becomes so embeded that it is impossible to eradicate. Read here - http://en.wikipedia.org/wiki/Evolution . Unfolding over time used to be called progress in most cases. In your context there should also be a distinction because there is a difference. Sometimes things unfold without any thought, perhaps that could be called evolution. However where it is intentional (i.e. the scientific world where things are being developed), thought was involved then it should be intelligent design. That is why I said if it is apropriate then use it. If it isn't then don't.
I also have to wonder if the meme you speak of wasn't intentional, probably from years ago. Say everything "evolved" and therefore you can't not believe in it. An attempt to make a scientific theory into a fact. It may be fact, however we can't say that yet.
Even in science it is often misused. Mix hydrogen and oxygen and you get water, some people say it "evolved" into water. Again, how absurd. It was a chemical reaction. Some people still think humans evolved from apes that are around now. Evolution theory shows that isn't the case, whatever it was that we evolved from is dead, has been dead for a very long time. That creature may look sort of like an ape, however it wasn't an ape. That creature may be common to both species, however.
So it may be that they are not avoiding the word as much as people think, it may be that the word evolution isn't the right word to describe what is going on. If it is then use the word, if it isn't then use the right word.
You would be wrong on that. You should read the book "More guns, less crime". What you obviously have been told is what I call the "Mommy toy" reaction. That is, just take guns away as if it was a misused toy, as if that will work. It hasn't worked anywhere in the world. For instance, would you rob a bank if you thought some of the people are armed? Would you be quite so cocky if you thought the other guy is armed? No, a well armed society is a polite society. Hollywood really did the west a disservice that way. It was entertainment. I know I feel much safer out in Colorado where guys have guns on their belts than in Washington where they have proably the toughest gun laws in the country and the worst problem.
So maybe the answer is surveillance and when you find the criminal, shoot them like they do here - http://rawstory.com/news/2007/Kenya_s_overworked_p olice_gun_down__01222007.html . Easier than arresting them and it would give people an incentive to not commit crimes. I know, it is negative reinforcement but it works. Shouldn't be a problem since you have them on camera. Better yet, have it set so the camera can shoot them on site. Guy tries to rob someone and suddenly he is on the ground in pain from the camera gunshot. Hey, this sounds like a movie plot.
Short answer - yes. However it is more than adequate for most applications. Even commercial/business/banking encryption. The biggest threat there isn't the encryption being cracked, it is the guy taking your credit card to ring you up or the card reader for example. There are far cheaper ways of getting secret information than to try to attack the encryption. Besides, the random number generator isn't as important there. I'm talking about people that need to keep stuff secure even if the enemy has an unlimited budget and they haven't been able to get someone on the inside or someplace else that is much easier to crack. OTP would work for business too, however like I said before it isn't practical.
You'd have to kill me if you told me. Feel free to trot that out, but I hope you don't expect me to take your word for it.
Maybe you didn't read all of what I wrote to you? Maybe you have cryptographers confused with some other organization? There are things called laws against such conduct with very severe penalties. I'd have to be a total idiot to do such a thing. Once again you don't have to take my word for it. Go to the National Cryptographic Museum. There is a reference out there that talks about OTP and gets very close to what I would like to tell you towards the bottom here - http://www.vectorsite.net/ttcode_04.html where he talks about OTP. Essentially the intro course I didn't want to reiterate here though it seems that I have and you still don't get it. If you are smart you can figure it out from there. If not, feel free to continue to believe OTP can never be cracked. Feel free to believe in the tooth fairy as well.
Sure. If you redefine "decrypt" or "break" as "guess about" then it becomes really easy.
The name of the game is to crack it by any means available. There are very strict rules on how this can be done in the case of an educated guess. Often it is the case they use encryption that you don't know the length, you have to do it the hard way. Sometimes that means brute force. Sometimes that means something else. Anyhow, have a nice day.
Context is important. You do want to restrict who can read the information. One barrier to OTP traditionally is it is as large as the message. Before computers that was a real pain and error prone. Practical encryption means you have something small to hide something large (steganography - something large to hide something small but that is another area). Kind of tough to explain this without getting into an intro course on this and an advanced course on why OTP isn't that secure. Maybe I can explain a bit below.
And what is inherently non-random about them?
One very important part of a OTP is that each space must be truly random to work. Otherwise if there is a pattern then it will help you with the subsequent symbols (i.e. characters and spaces). In practice it is very difficult to get a truly random generator. Find the pattern and you are well on your way to cracking it and any other OTP's from whoever made that pad. They tend to always use the same random generator because they believe it is random.
Thanks, but I doubt it. I don't think my math skills are that good.
That is unfortunate. We need more scientific type people. Too many are old and retiring.
it isn't. After everything you've said, you haven't mentioned one time when a properly implemented OTP system has had its encryption broken. That is because if all the rules are followed, there is simply no way to break the encryption - it is not even possible in theory. It does not matter how much computing power you have, it does not matter how much time you have, and it does not matter what algorithms you have access to. It simply cannot be done. Since a cryptographic attack on such a system is useless, one must attack it another way, which is certainly possible to do.
Are you still going to tell me it's possible to break the encryption of a correct OTP system?
Sure I am. It has been done before. I can't give away the store here for obvious reasons (i.e. mention even a single case), that is why I mentioned the National Cryptographic Museum. I know that stuff is ok to be in public view and they have an example. What I know might not be and I can't take a chance on that. However there are certain things you know about OTP. For example how many symbols it is. If you happen to know who sent it and what it may be about then you already have important information on what it might say. Guesses are often very useful in practice. If you know that and where it should be then it can cut down possibilities considerably. Often times you don't need to decrypt the entire message, you only need to decrypt enough to be useful. Like a date or name for example ("Rainbow Warrior", Midway Island). One time pads are very useful for things like that as it turns out. So even if you did follow all the strict rules on it, it is possible to still figure out what was said if I know enough about it. Sure, if you used a OTP to encrypt something I have no clue about it probably would remain a mystery forever, perhaps even from you if you lost your own pad. You probably wouldn't do that, you would use it to hide something you didn't want others to see.... and what might that be? Of course that can be used as a counter measure as well. Send your laundry list, letter to your daughter, text from a news paper even nonsense through OTP just to keep real messages obscured. Of course by doing that you may expose the pattern to the OTP. See where this is going? This is why it isn't used. Strong ciphers don't divulge things like the length of the message, context, spaces. You are in the dark the whole way through if at all possible. Very costly to break it, computationally.
So yes, OTP can be very secure to unbreakable in theory. In practice they can be surprisingly breakable. The worst thing you can do is be arrogent and think it is unbreakable.
Talk about a caveat emptor. If we break it you would simply claim it wasn't implemented correctly. Big deal. And you have the nerve to say I don't know what I'm talking about? You have been mislead.
You would be wrong about one time pads in the real world. They (by they I mean some of the most secretive, unreasonable, well funded governments the world has seen) have tried that before. Obviously you haven't visited the National Cryptography Museum as they have real life examples and how they were compromised. The whole point to encryption is to use a key that is shorter than the message. In the case of one time pads that isn't true. Otherwise if it is shorter then you are talking about an algorithm of some sort and therefore (so far) it theoretically can be cracked. One time pads were brought up in class as well and that is what he said. Do you seriously think a simple ceasar substitution cipher with a random base per character is viable (i.e. your one time pad)? If you do, work for the enemy... please. Point in fact, when one time pads have been used in the past, they ended up being used more than once (and often many more times than once) making your example breakable, even trivial. One time pads are simply not that handy nor random. Please don't feel bad about this. If you go into this field you may turn out to be a first rate cryptologist. I think it was one of the most humbling diciplines I ever undertook. I thought I was so smart (yes, I was young back then too) only to find out what I had done had been tried before. Worse, it may be an excersize to crack in your first homework assignment. That happened to a guy that thought he had the end all and be all encryption routine. I think most of the class managed to crack his cipher that night. Those that didn't were in way over their head and we usually didn't see them much anymore. Another point to drive this home - don't you think that if one time pads were that unbreakeable and viable they would use that (more in business, government, etc) rather than spending billions to develop the science required for quantum crypt? USB key drives are dirt cheap and hold a lot, surely we could make a bunch of them with one time pads. I wouldn't bet much on it being secure. At least secure for very long. I feel much safer using an algorithm that is considered military grade, even the AES standard.
Which of course does not imply you will be right the next time you use it. :-)
It is right until it isn't. I may not live to see that. Sort of like Moore's law... he may end up dying before it is wrong. As unlikely as that has seemed a number of times. I think I will live to see Moore's get broken. I feel safe with mine.
Besides, the technology isn't the real issue anyhow. It is the people at both ends that have access to the data. They are the real problem with keeping stuff secret.
You're right. I took mine back to Lowes, turns out there was a recall on them. I bought a bunch of packages from them and I still had the receipt. Seems to me they were "lights america" brand, however I may be wrong. I have replaced almost every light bulb in my house. Some have been in service for a decade already, the ones that replaced the 150 Watt bulbs. I had 6 in my basement, today one of the originals remains and that one will probably blow soon. I even use them outside for the light post. I get many years out of even the small ones burning for many hours each day. Sometimes you can catch them on sale.
I run my lights for about two hours a day, tops. Maybe four. I don't really live in my house, so the utility difference is nill.
Maybe. Depends on where you live. In your case you might save about $7/month (.07 KWH, 10 X 100 Watt bulbs (1KW/H), 4 hours/day and then 20 watt CF). Now multiply this over thousands of houses... Maybe you burn a light or two to discourage burglers? Anyhow, it is probably safe to buy them again. Just hold onto your receipt.
Not quite. The net isn't regulated right now. "Net neutrality" will regulate it, you do realize that don't you? If you think it is regulated, post the corresponding law. You won't be able to because it doesn't exist. "Net neutrality" is manufactured to dupe people into thinking they need the governments help to stop the evil business from taking advantage of them. Sometimes they even cite cases where say a competing voip was slowed down, for a few days until it hit blogs (used to be it would hit the newspapers and then TV) and then they lift it. I'd rather have that than to get the government involved, thank you. If we really need it then ok, pass the law and be careful how it is worded. That law can make it so instead of an inconvenience, you are really screwed. For example how they "helped" us with voting irregularities in the 2000 election, passed new laws in most places that required new computer voting machines? Yea, we didn't need that kind of help as so many artices on /. will show.
This reminds me how Vint Cerf said the internet was going to fail due to the load... a decade ago. He ended up eating his hat over that one. He should have waited for 9/11/2001, it did fail that day for a while. 9/12/2001 it was back to normal. Anyhow be careful what you wish for, you might get it.