I doubt that it would be released by the NSA... why should they? If the NSA does have quantum computers, they definitely wouldn't tell anyone. Just think of what enemy nations would say: "Oh, they can crack any cipher in current use. I guess we just won't send any secret information for a while", and the NSA doesn't get any information.
Probably more likely is that it's starting to be re-discovered by the public (assuming that the NSA has QCs), just like RSA. If so, we probably won't be hearing anything about it from the NSA for a while.
I was able to install it a while ago on my system. It was fun for a while, but I couldn't really do much with it. It was hard to figure out exactly what to do. For example, to run emacs, I first had to make some changes to the configuration of the system.
Recently, I again tried installing it on the same partition I used before. This time, however, I couldn't get it to boot at all. I tried the debian distribution of it, which was unable to find the filesystem I installed it on, even though I entered it in (using the HURD-style device names). The version from the GNU website would find the filesystem, but would later go into an infinite loop.
I'd say it has a while to go before it becomes more useable; however, when it does, I'd really like to use it. I'm quite excited about the advantages that it will eventually have over Linux.
I have a cable modem that uses DHCP. Every once in a while, I'd see that another remote root exploit was found. I'd pretty much say "Well, I don't really need that. Probably only people running websites, or more important things. I'm using DHCP, and nobody will attack me, anyway".
Then, later, my computer gets rooted. People, ALWAYS update when big security flaws are found! You'll save yourself the trouble of backing up and reinstalling the whole system later on!
If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on,"...
That problem can easily be solved. Just start each message with a certain keyprase, or, even better, a pseudorandom number. Both people would share the seed, and, after that, the message would start with something like <distance from seed><number> (Distance from seed is how many numbers must be generated before this one.) Any message where the distance from the seed is the same as from a previous message from that sender will be rejected.
This makes it so that if one message is cracked, the person in the middle still couldn't pretend to be one of the people cummunicating. It would also be impossible to brute-force without first seeing a few million emails. Also, the seed would be easy for someone to remember.
Good point. However, there's always steganography. They probably wouldn't mind seeing "I've attached some pictures of my vacation..." when in reality the lower 2 bits of the images contain the encrypted message (or any other steganography method... although I don't think they'd be thrilled with something like "I've decided to include 3 MB of text that resembles Shakespeare..."!)
Any keys for today's cryptography methods will be useless, because they could be factored easily. However, this will not mean the death of privacy- with the problem, comes a solution. It turns out that the quantum properties can be used incredibly well for encryption. Not only would it be impossible to intercept a messgae, but you could even tell if someone was trying to!
Hehe... when I first learned about RSA, I wrote some programs to implement it on my graphing calculator. The highest keys it could handle were about 10 bits- anything more would generate numbers too big for the calculator to handle! What's more, the calculator itself was able to factor these keys in about 15 seconds!
The solution to that is to compile your compiler with some other brand of compiler, in which case the malignant code will not be inserted.
Yes- but how can you trust the other comiler? Maybe it also inserts backdoors- how can we be sure?
And even if the hack detected structure, how long would the structure go unchanged? If someone tweaks the code to fix a bug, the structure changes, the detection fails, and you again obtain a clean compiler.
I think that this is the only way you could be sure the compiler is alright- modify the compiler code you're about to compiler. Change the structure, the order that functions appear, rename commandline args, change every filename, etc. It seems like a lot of work, but remember: Once you have one compiler you know works fine, you know that anything you compile with it will compile what you think it's compiling. (Confused yet?;) )
Wait... the flight simulator WAS deliberate?!?!? I had thought it was a bug! Can't accidentally forgetting brackets in certain places turn a spreadsheet program into a flight simulator!?;)
Has anyone deciphered this line? It sounds like this says, "We let your window manager do what it's supposed to do and don't try to interfere", which is what it should do, but I've never heard it phrased this way.
No- I think it's the opposite. By default, it doesn't let the WM do anything. However, you can allow it to in the options.
I've thought about things like that before- replacing the current DVD standards with open-source standards.
However, the problem is: Why would companies want to change over? To them, the current DVD system is fine; ours would only provide advantages to us, not to them.
On the other hand, if we were to add in several features lacking in current DVDs, it may be possible... eventually. But replacing standards takes a long time.
On the other hand, the reverse is equally true. When there's a problem with Linux, we disregard it, yet problems with Windows (like this) are considered a big deal. People from one group, in general, dislike the other, and thus want to make their problems seem small, and the other company's problems seem big.
This bring up another point: If there are so many other Linux trademarks, what gives Linus the sole right to select which ones are worthy of the Linux name? I do like Linus for his OS, but he does seem to be turning a bit evil now;)
I don't intend this as flamebait, but: what was the whole eToy[s] thing about? A company forcing another to give up the domain name, because (among other things) it included profanity. I don't fully understand why this good when Linus does this, but not when eToys does.
But think about the whole eToy[s] thing... would that not also just be defending a trademark? It seems to me that when some other company does this, we (and by that I include me; I am guilty of this too) get very angry. Yet when Linus does this, we celebrate. Is this right?
However, there is one difference I can see. The eToy[s] was about a domain name that was already in use, and had been for a while. This, on the other hand, is ones that were about to be sold.
This could be quite a bad thing. Right now, for those reasons, many people are rather concerned about computers. With bugs like this, that concern could easily spread to almost all electronic devices.
Firstly, the kernel is tiny, and I have seen one version of X that is only a few MB. Also, who says Netscape has to be used? Furthermore, recompiling the kernel is by no means necissary. It can be done, but that doesn't mean it's required. I think a web enabled embedded Linux would need 8-16 MB, max.
Hear, Hear! I am in complete agreement. The only thing I think will happen is crazy people running around doing damage- but virtually nothing computer related.
Slashdot Mirror
I doubt that it would be released by the NSA... why should they? If the NSA does have quantum computers, they definitely wouldn't tell anyone. Just think of what enemy nations would say: "Oh, they can crack any cipher in current use. I guess we just won't send any secret information for a while", and the NSA doesn't get any information.
Probably more likely is that it's starting to be re-discovered by the public (assuming that the NSA has QCs), just like RSA. If so, we probably won't be hearing anything about it from the NSA for a while.
-----
I was able to install it a while ago on my system. It was fun for a while, but I couldn't really do much with it. It was hard to figure out exactly what to do. For example, to run emacs, I first had to make some changes to the configuration of the system.
Recently, I again tried installing it on the same partition I used before. This time, however, I couldn't get it to boot at all. I tried the debian distribution of it, which was unable to find the filesystem I installed it on, even though I entered it in (using the HURD-style device names). The version from the GNU website would find the filesystem, but would later go into an infinite loop.
I'd say it has a while to go before it becomes more useable; however, when it does, I'd really like to use it. I'm quite excited about the advantages that it will eventually have over Linux.
-----
This could cause more harm for their customers...
I have a cable modem that uses DHCP. Every once in a while, I'd see that another remote root exploit was found. I'd pretty much say "Well, I don't really need that. Probably only people running websites, or more important things. I'm using DHCP, and nobody will attack me, anyway".
Then, later, my computer gets rooted. People, ALWAYS update when big security flaws are found! You'll save yourself the trouble of backing up and reinstalling the whole system later on!
-----
If the third party can trick you into thinking that he's your intended recipient, you're absolutely screwed. In the case of PKI, for instance, if the man-in-the-middle can get your trust and say something like, "Sorry, John, I had a hard disk crash last week, and the old floppy I had my backup keyring on is corrupted. I needed to make a new key pair, you'll have to use that to send messages from now on,"...
That problem can easily be solved. Just start each message with a certain keyprase, or, even better, a pseudorandom number. Both people would share the seed, and, after that, the message would start with something like <distance from seed><number> (Distance from seed is how many numbers must be generated before this one.) Any message where the distance from the seed is the same as from a previous message from that sender will be rejected.
This makes it so that if one message is cracked, the person in the middle still couldn't pretend to be one of the people cummunicating. It would also be impossible to brute-force without first seeing a few million emails. Also, the seed would be easy for someone to remember.
-----
Good point. However, there's always steganography. They probably wouldn't mind seeing "I've attached some pictures of my vacation..." when in reality the lower 2 bits of the images contain the encrypted message (or any other steganography method... although I don't think they'd be thrilled with something like "I've decided to include 3 MB of text that resembles Shakespeare..."!)
-----
Any keys for today's cryptography methods will be useless, because they could be factored easily. However, this will not mean the death of privacy- with the problem, comes a solution. It turns out that the quantum properties can be used incredibly well for encryption. Not only would it be impossible to intercept a messgae, but you could even tell if someone was trying to!
-----
Hehe... when I first learned about RSA, I wrote some programs to implement it on my graphing calculator. The highest keys it could handle were about 10 bits- anything more would generate numbers too big for the calculator to handle! What's more, the calculator itself was able to factor these keys in about 15 seconds!
-----
Don't you mean non contiguous? ;)
-----
Well, by symphony orchestra has FireWire!
-----
The solution to that is to compile your compiler with some other brand of compiler, in which case the malignant code will not be inserted.
;) )
Yes- but how can you trust the other comiler? Maybe it also inserts backdoors- how can we be sure?
And even if the hack detected structure, how long would the structure go unchanged? If someone tweaks the code to fix a bug, the structure changes, the detection fails, and you again obtain a clean compiler.
I think that this is the only way you could be sure the compiler is alright- modify the compiler code you're about to compiler. Change the structure, the order that functions appear, rename commandline args, change every filename, etc.
It seems like a lot of work, but remember: Once you have one compiler you know works fine, you know that anything you compile with it will compile what you think it's compiling. (Confused yet?
-----
Wait... the flight simulator WAS deliberate?!?!? I had thought it was a bug! Can't accidentally forgetting brackets in certain places turn a spreadsheet program into a flight simulator!? ;)
-----
Has anyone deciphered this line? It sounds like this says, "We let your window manager do what it's supposed to do and don't try to interfere", which is what it should do, but I've never heard it phrased this way.
No- I think it's the opposite. By default, it doesn't let the WM do anything. However, you can allow it to in the options.
-----
Isn't Mitnik banned from using cell phones? So, it must be possible!
-----
"The player program does not read the raw data off the CD and dump it in a file"
/dev/dsp.
Yes it does, on Linux at least. Remember that devices are treated as files; the cd player just dumps it to
-----
I've thought about things like that before- replacing the current DVD standards with open-source standards.
However, the problem is: Why would companies want to change over? To them, the current DVD system is fine; ours would only provide advantages to us, not to them.
On the other hand, if we were to add in several features lacking in current DVDs, it may be possible... eventually. But replacing standards takes a long time.
-----
On the other hand, the reverse is equally true. When there's a problem with Linux, we disregard it, yet problems with Windows (like this) are considered a big deal.
People from one group, in general, dislike the other, and thus want to make their problems seem small, and the other company's problems seem big.
-----
Yes, but it can run Linux. That's the good part: It's the only abacus that can run it.
-----
This bring up another point: If there are so many other Linux trademarks, what gives Linus the sole right to select which ones are worthy of the Linux name? I do like Linus for his OS, but he does seem to be turning a bit evil now ;)
-----
I don't intend this as flamebait, but: what was the whole eToy[s] thing about? A company forcing another to give up the domain name, because (among other things) it included profanity. I don't fully understand why this good when Linus does this, but not when eToys does.
-----
But think about the whole eToy[s] thing... would that not also just be defending a trademark? It seems to me that when some other company does this, we (and by that I include me; I am guilty of this too) get very angry. Yet when Linus does this, we celebrate. Is this right?
However, there is one difference I can see. The eToy[s] was about a domain name that was already in use, and had been for a while. This, on the other hand, is ones that were about to be sold.
Still, it does seem a bit wrong...
-----
Most drinks are like that, anyway. Orange soda is almost nothing like oranges, etc.
-----
This could be quite a bad thing. Right now, for those reasons, many people are rather concerned about computers. With bugs like this, that concern could easily spread to almost all electronic devices.
-----
Firstly, the kernel is tiny, and I have seen one version of X that is only a few MB.
Also, who says Netscape has to be used?
Furthermore, recompiling the kernel is by no means necissary. It can be done, but that doesn't mean it's required.
I think a web enabled embedded Linux would need 8-16 MB, max.
-----
Hear, Hear! I am in complete agreement. The only thing I think will happen is crazy people running around doing damage- but virtually nothing computer related.
-----
Yeah, but in The Oregon Trail, the wildlife doesn't shoot back!
-----