With any security system, researchers build on weaknesses found piece by piece.
If we're talking about crypto, that's not always true.
RSA is claimed to be secure, when used in the right way, against some number of scenarios (wikipoogle for IND-CCA2). For instance, if you give me two plaintexts and I encrypt one, you can't tell which one I encrypted (when RSA is used with OAEP). In particular, you can't learn any single bit of the plaintext behind the encryption. Add some more scenarios; then we have a "piece-by-piece" claim about the security of RSA (possibly even proofs that breaks can give us a factoring).
On the other hand, when we construct protocols that combine several pieces, we often do it in the Universal Composability model. That is, we describe in a black-box fashion how an ideal functionality should behave. Then we show that if we have implementations of each black box, our way of combining them yields something that acts like black-box design we were trying to implement. Thus: we have shown our construction secure, without looking at each attack one by one.
An example: "Secure Transfer"; boiled down, a user inputs a message. Later, the network delivers the message to the other user. The adversary, who can monitor the network, learns the length of the message.
Another example: Authenticated Transfer. The same, except the adversary learns the message.
You can build ST from AT: have the receiver first send a public key, then have the sender send the message encrypted with the public key. If we assume our cryptosystem to be secure, one can show that this implements ST.
I've omitted the details you need to show it in a formal sense, but it rings true, right? That's what cryptosystems do: obscure the message.
Can we please not use loaded language to describe the two positions?
If limited disclosure is, according to a reasoned interpretation of factual evidence, the only responsible thing to do, why is there still a debate? Are people that blinded by dogma?
Isn't it irresponsible to keep people in the dark and let them continue using insecure technology? Especially when there for most people is a very simple, acceptable solution: plug in the wire if you want security, or don't if you don't.
I can see the value of informing everyone who's affected, so they can plan with better knowledge (reduce the risk or buy more insurance). I can also see the value of not informing the people who are capable of and willing to exploit the people who don't reduce the risk.
I don't know that only full disclosure, or only limited disclosure, is the solution. I think it depends on the vulnerability: who the affected parties are, how severely they are affected, how soon a fix is expected to come out, how easy the vulnerability is to exploit.
And even if the rendering engines were GPL'ed, you could write an RPC wrapper daemon and call the library's services thruogh a socket. Batch calls if you can, to minimize the number of ctx switches.
Depending on what the library does, this may or may not be prohibitive. Talk to the disk? No problem. Do a single dot product? You're dead; look at compiz drawing a window while resizing it, and count the ctx switches.
I don't know much about loaning money, except a fiver off my friends when I'm short on cash.
Is this a Cost of Anarchy thing? That is, if everybody takes care of their own self-interest by doing bad loans, does it become the good payers' self interest to do bad loans as well?
God damn, now I have to do a BSc in economics as well...:D
I would hope that once [Apple has an OS monopoly], people would watch them just as closely as they do MS.
That leaves an interesting question: what happens if everybody runs Linux?
I can imagine hearing the whiners "Linux has a monopoly, antitrust, rabble-rabble blah blah!"
But would there be something to it? How far does the argument "but you have all the source" take you?
On the other hand, as long as there's Debian GNU/NetBSD and Debian GNU/HURD, there isn't a *Linux* monopoly. And as long as there's epiphany, firefox, konqueror and edbrowse, there's no browser monopoly; there's two implementations of X floating around,....
Ever heard the people bitch that there are too many choices with Linux? One cynically wonders how many of them would bitch about too few choices if they had fewer choices...;)
What do you guys think? If Linux takes over not only the Desktop but the world, what would happen?
Quick someone patent "taking the credit for the works of others"....
Taking credit for the works of others increases (on average) public good will, which you can capitalize.
As such, your invention is a business method patent, and violates claim one of my business method patent no. 10583614: "the business method of patenting business methods".
Slashdot Mirror
What, you run a window manager at all??
After editing, one brief command, and the new equation is typeset and displayed.
You could just use fontenc and set up a good ~/.XCompose that lets you input most of the symbols you need.
There's no \mathbb{F} that I could find, and taller-than-one-line \Sigma{}s don't show up well in an xterm. But it works.
When in bash, I like this trick:
sudo apt-get -y install zsh; exec zsh
With any security system, researchers build on weaknesses found piece by piece.
If we're talking about crypto, that's not always true.
RSA is claimed to be secure, when used in the right way, against some number of scenarios (wikipoogle for IND-CCA2). For instance, if you give me two plaintexts and I encrypt one, you can't tell which one I encrypted (when RSA is used with OAEP). In particular, you can't learn any single bit of the plaintext behind the encryption. Add some more scenarios; then we have a "piece-by-piece" claim about the security of RSA (possibly even proofs that breaks can give us a factoring).
On the other hand, when we construct protocols that combine several pieces, we often do it in the Universal Composability model. That is, we describe in a black-box fashion how an ideal functionality should behave. Then we show that if we have implementations of each black box, our way of combining them yields something that acts like black-box design we were trying to implement. Thus: we have shown our construction secure, without looking at each attack one by one.
An example: "Secure Transfer"; boiled down, a user inputs a message. Later, the network delivers the message to the other user. The adversary, who can monitor the network, learns the length of the message.
Another example: Authenticated Transfer. The same, except the adversary learns the message.
You can build ST from AT: have the receiver first send a public key, then have the sender send the message encrypted with the public key. If we assume our cryptosystem to be secure, one can show that this implements ST.
I've omitted the details you need to show it in a formal sense, but it rings true, right? That's what cryptosystems do: obscure the message.
full disclosure/responsible disclosure
Can we please not use loaded language to describe the two positions?
If limited disclosure is, according to a reasoned interpretation of factual evidence, the only responsible thing to do, why is there still a debate? Are people that blinded by dogma?
Isn't it irresponsible to keep people in the dark and let them continue using insecure technology? Especially when there for most people is a very simple, acceptable solution: plug in the wire if you want security, or don't if you don't.
I can see the value of informing everyone who's affected, so they can plan with better knowledge (reduce the risk or buy more insurance). I can also see the value of not informing the people who are capable of and willing to exploit the people who don't reduce the risk.
I don't know that only full disclosure, or only limited disclosure, is the solution. I think it depends on the vulnerability: who the affected parties are, how severely they are affected, how soon a fix is expected to come out, how easy the vulnerability is to exploit.
Does anyone have any hard data on this?
And even if the rendering engines were GPL'ed, you could write an RPC wrapper daemon and call the library's services thruogh a socket. Batch calls if you can, to minimize the number of ctx switches.
Depending on what the library does, this may or may not be prohibitive. Talk to the disk? No problem. Do a single dot product? You're dead; look at compiz drawing a window while resizing it, and count the ctx switches.
Could someone explain how these projects have any kind of public support at all?
Why would they need it?
Sad but true...
According to the latest Netcraft data, to archive the internet you need 534,832 CDs. If you can go without porn, you can make do with about seven.
The sort of people who will be first against the wall when the military coup comes.
But those guys sell us all the plastic pals who are fun to be with.
When that cost is sufficiently low, government has no reason to abstain from listening in.
How about accountability to the people?
and robes...
No wizard hat?
Imagine Bill Gates, Steve Jobs, RMS, and ESR on such a committee.
You need Mark Shuttleworth.
No committee ever gets anything done if its hand can't be forced by a guy with glowing red eyes.
I'm pretty sure RMS is sasquatch.
With all the fur he's having, and his larger-than-life body, I always thought he was King Kong.
I don't know much about loaning money, except a fiver off my friends when I'm short on cash.
Is this a Cost of Anarchy thing? That is, if everybody takes care of their own self-interest by doing bad loans, does it become the good payers' self interest to do bad loans as well?
God damn, now I have to do a BSc in economics as well... :D
VCRs used to be a bitch to program
Yeah, the manual expected you to, like, read an' shit...
Is anyone at Canonical listening?
Have you put it on brainstorm?
If not, go to brainstorm.ubuntu.com, sign up, submit your idea. I think it'll get many up-votes.
Since most distros don't ship with --funroll-loops -O19 --ZOMG-MAKE-CODE-FAST
Jeez, why do people always say that? Try a version of Gentoo that's not, like, five years old. It's just like dependency hell: WE ARE OVER IT.
Nowadays, you use -funroll-loops -funsafe-math-optimizations -O1337 -fZOMG-MAKE-CODE-FAST -falign-functions -fturbo-button -fmodulo-sched -foptimize-register-move -fctrl-alt-cokebottle -funsafe-loop-optimizations -Omore-leet -funswitch-loops -ftree-vect-loop-version -fsyntax-only -fno-pc-lusering.
Just put than in your /etc/makefile.zomg. Not rocket surgery, everybody knows this.
Right? Right?
I would hope that once [Apple has an OS monopoly], people would watch them just as closely as they do MS.
That leaves an interesting question: what happens if everybody runs Linux?
I can imagine hearing the whiners "Linux has a monopoly, antitrust, rabble-rabble blah blah!"
But would there be something to it? How far does the argument "but you have all the source" take you?
On the other hand, as long as there's Debian GNU/NetBSD and Debian GNU/HURD, there isn't a *Linux* monopoly. And as long as there's epiphany, firefox, konqueror and edbrowse, there's no browser monopoly; there's two implementations of X floating around, ....
Ever heard the people bitch that there are too many choices with Linux? One cynically wonders how many of them would bitch about too few choices if they had fewer choices... ;)
What do you guys think? If Linux takes over not only the Desktop but the world, what would happen?
I just upgraded my toaster to linux
Theo disapproves of your choice of words.
and instead type something else in manually (not https: www.mynotsosecurebank.com)
Fixed that for you.
Since the latter could easily be hijacked prior to the typical auto-redirect to https.
Uh-huh. And firefox will display "My Mostly Secure Bank" in the green bar without warning about the self- or unsigned SSL certificate exactly why?
Or is your scenario something different that I'm not considering?
Your woman can be happy?? Am I doing it wrong?
Did this start happening last time you visited? If so, try reprogramming the first channel to something other than playboy. ;)
I have young children
I'm fascinated by your accomplishments and want to subscribe to your newsletter. Mine always fall apart at the joint welds.
Quick someone patent "taking the credit for the works of others"....
Taking credit for the works of others increases (on average) public good will, which you can capitalize.
As such, your invention is a business method patent, and violates claim one of my business method patent no. 10583614: "the business method of patenting business methods".
It's his twin brother. They easily get into arguments.