The government never issued SSN with the intent of being a universal identifier.
Really? What would be the problem with that? Isn't that exactly what it's for?
Also, there's nothing wrong, from a security standpoint, with issuing universal identifiers.
For instance, on most online sites I have the "universal" identifier "jonaskoelker". No one seems to want to "steal" it from me, so in that sense it's universal (I can get it when-/whereever I want).
The problem is that in most real-life security protocols, the conceptual "login form" has only a field for the username, and no password; or, alternatively, also a password field and a rule that everyone's password is equal to their username.
[discussing key revocation] yes because the govt. has shown such wisdom in the past by making it easy to replace social security numbers
The real failure is not the lack of revocation of SSNs.
Consider this hypothetical security protocol for proving that you are who you claim: you tell them a name, an address and an SSN. The verifier looks up in the person database under your SSN and checks that your claimed name and address matches what the database says.
You have to revoke your SSN after every single use, because otherwise the verifier can "prove" they're you.
The real failure is in the "proving-I'm-me" protocol: it works by you revealing your "password". That is the real problem.
Meh.... unbreakable encryption is easy, or so close to it that the difference is largely irrellevant: [protocol] [...]
Well, this will have to be performed over a channel which solves almost all the important cryptographic problems.
If not, consider this scenario:
Alice wants to send something to Bob. Both know A, B and C (why not p, q and n?). She sends out D^Xs. She receives D' from someone. She sends out D'^Ys.
Consider Bob: he receives E from someone, sends out E^Xd. Then he receives E' from someone and computes E'^Yd.
There is no guarantee and no way to check whether "someone" is the person you think you're talking to; they might appear to be Bob in Alice's eyes and vice versa while in reality they're Doctor Evil.
There's also no way to be sure that the message(s) you receive from the network have any particular relation to what you sent out. Doctor Evil could, for instance, multiply the data by 2 without anyone noticing.
Besides, doing modular exponentiation is slow like molasses. You really do not want to do that for every chunk of data; you'd much rather use those kinds of operations to agree on a (secret) key for a symmetric cipher (say, AES) and then encrypt the data using the symmetric cipher.
I hope to god no one implements this.
Factoring methods will not break the encryption because what would normally be associated as a public/private key pair (X,Y) in some other encryption protocols is never shared with the other party.
And that is why all you can know is that you sent an encrypted message to someone: there's nothing distinguishing your intended receiver from anyone else. The sender/receiver has no shared secret knowledge, nor any private/public asymmetric knowledge, so anyone can do the same computations as either intended party in this protocol.
Similar to optimization, there are two rules for cryptography:
Don't design your own
Don't design your own, unless it goes through thorough review by cryptography experts (this rule is for experts only).
If you're curious about my background, I'm a crypto phd student (that I am, even if you're not curious). I want to stress: I'm not trying to make an argument from authority.
I'm also not trying to make crypto an exclusive thing; I welcome anyone to educate themselves on the matters of cryptography. It's just that this shit is hard, and if you don't know your shit, your own designs is extremely likely to be insecure.
Holy shit, batman. I thought you were joking. It turns out it was reality tickling my funny-bone.
I especially "like" the quote "Emphasis on scientific evidence supporting: [...]". They're saying up-front "we're here to give you a skewed and biased impression of how the real world works, independent of whether the real world supports our biases".
I can rephrase their bulleted list, too:
"For 45 years(1), we've been spamming the whole world(3), sullying the name of all major sciences(4) and cheating quality control systems(2) in order to convert you to our preconceived notions(6)."
The opportunity of employing people is that they aren't spending their time enriching society in other ways.
Wouldn't it be better if their labor wasn't needed, and they instead (say) worked at some kind of manufacturing? Then society would have more cars/TVs/furniture/${item}.
The GPF on the mailing list is probably when the terminator is blown to pieces. Not to worry, it automatically reboots (and proceeds to get smashed, but the software worked fine).
Mr. Stallman, and the ever shrinking group of people who care what he thinks, need to grow up. [...] Everything has a cost.
You're making two unrelated points. When RMS says "free", about 90% of the time it refers to freedom, not price.
He's not opposed (I would assume) to pay for his computers or Internet connectivity. He's also not opposed to paying for software, but I assume he gets all his needs met by zero-cost (and free-as-in-freedom) software. I seem to recall him saying the FSF (presumably under his leadership) spent money, paying coders to write GNU userspace tools (grep, tar, that stuff).
What he is opposed to is other people having (undue) control over your (choices in) software and your data. That's what this is all about.
I have little doubt that if people could get sales by knocking on your door and punching you in the face to make a sale, they would do exactly that. They don't care about the harm they cause.
I'd ask a doctor how I can punch people in the face in a way that limits the expected damages as much as possible.
It is mathematically proven that there is no system that is more fair than this one.
Could you please refer to an English proof, or failing that at least translate from german what "more fair" means; i.e. what the theorem actually says?
I'm skeptical of the claim that there's "no system more fair". I think you have to (somewhat arbitrarily) decide what fair should mean in the context of the theorem; whether that's the fairness we really want from election systems is open to debate.
Then there's of course Arrow's Impossibility theorem, which may or may not apply to the voting system in question.
Slashdot Mirror
Lobbies vs. People vs. Pirates.
And let me tell you, the **AA hates us for our freedoms!
(scnr)
just as likely to crash your browser as a zip file.
I use IE6, you insensitive clod!
221 Megabytes! For a document reader!?
Hey! It's not just a document reader!
It also has M-x tetris.
you'd go from people [...] unflattering references to their[=~"people"'s] sexual preference.
Such as "We're fucking homo gays!!"?
(fucking: adj !verb)
;-)
The government never issued SSN with the intent of being a universal identifier.
Really? What would be the problem with that? Isn't that exactly what it's for?
Also, there's nothing wrong, from a security standpoint, with issuing universal identifiers.
For instance, on most online sites I have the "universal" identifier "jonaskoelker". No one seems to want to "steal" it from me, so in that sense it's universal (I can get it when-/whereever I want).
The problem is that in most real-life security protocols, the conceptual "login form" has only a field for the username, and no password; or, alternatively, also a password field and a rule that everyone's password is equal to their username.
That is the real problem.
[discussing key revocation] yes because the govt. has shown such wisdom in the past by making it easy to replace social security numbers
The real failure is not the lack of revocation of SSNs.
Consider this hypothetical security protocol for proving that you are who you claim: you tell them a name, an address and an SSN. The verifier looks up in the person database under your SSN and checks that your claimed name and address matches what the database says.
You have to revoke your SSN after every single use, because otherwise the verifier can "prove" they're you.
The real failure is in the "proving-I'm-me" protocol: it works by you revealing your "password". That is the real problem.
Meh.... unbreakable encryption is easy, or so close to it that the difference is largely irrellevant: [protocol] [...]
Well, this will have to be performed over a channel which solves almost all the important cryptographic problems.
If not, consider this scenario:
Alice wants to send something to Bob. Both know A, B and C (why not p, q and n?). She sends out D^Xs. She receives D' from someone. She sends out D'^Ys.
Consider Bob: he receives E from someone, sends out E^Xd. Then he receives E' from someone and computes E'^Yd.
There is no guarantee and no way to check whether "someone" is the person you think you're talking to; they might appear to be Bob in Alice's eyes and vice versa while in reality they're Doctor Evil.
There's also no way to be sure that the message(s) you receive from the network have any particular relation to what you sent out. Doctor Evil could, for instance, multiply the data by 2 without anyone noticing.
Besides, doing modular exponentiation is slow like molasses. You really do not want to do that for every chunk of data; you'd much rather use those kinds of operations to agree on a (secret) key for a symmetric cipher (say, AES) and then encrypt the data using the symmetric cipher.
I hope to god no one implements this.
Factoring methods will not break the encryption because what would normally be associated as a public/private key pair (X,Y) in some other encryption protocols is never shared with the other party.
And that is why all you can know is that you sent an encrypted message to someone: there's nothing distinguishing your intended receiver from anyone else. The sender/receiver has no shared secret knowledge, nor any private/public asymmetric knowledge, so anyone can do the same computations as either intended party in this protocol.
Similar to optimization, there are two rules for cryptography:
If you're curious about my background, I'm a crypto phd student (that I am, even if you're not curious). I want to stress: I'm not trying to make an argument from authority.
I'm also not trying to make crypto an exclusive thing; I welcome anyone to educate themselves on the matters of cryptography. It's just that this shit is hard, and if you don't know your shit, your own designs is extremely likely to be insecure.
Holy shit, batman. I thought you were joking. It turns out it was reality tickling my funny-bone.
I especially "like" the quote "Emphasis on scientific evidence supporting: [...]". They're saying up-front "we're here to give you a skewed and biased impression of how the real world works, independent of whether the real world supports our biases".
I can rephrase their bulleted list, too:
"For 45 years(1), we've been spamming the whole world(3), sullying the name of all major sciences(4) and cheating quality control systems(2) in order to convert you to our preconceived notions(6)."
("(n)" refers to the nth bullet)
in the time it takes to post this comment another 2 "Cave chicks go Rex riding" websites will have been created.
I think you mean "2 Girls 1 Rex"
We should only do things that protect and spin things in the interests of our country.
Are you saying that the killings in Iraq are a PR move?
I can't believe that---there are so many things wrong with that. So if not that, could you please explain what it means?
I think it's very interesting that if you go RTFA (yeah, I'm new here), you can read the related headline[1]:
"Desktop Linux: Why it may have lost its chance"
I think the dear AST is up to no good...
[1]: http://www.itworld.com/open-source/67022/desktop-linux-why-it-may-have-lost-its-chance
I though Minix was dead for some 15 years....
Did netcraft confirm it?
At least it is employing people
The opportunity of employing people is that they aren't spending their time enriching society in other ways.
Wouldn't it be better if their labor wasn't needed, and they instead (say) worked at some kind of manufacturing? Then society would have more cars/TVs/furniture/${item}.
Holy shit, you might be on to something.
It's well known that the terminator runs on the 6502 microprocessor (http://en.wikipedia.org/wiki/MOS_Technology_6502).
Apparently Linux does as well: http://lkml.indiana.edu/hypermail/linux/kernel/0004.0/0000.html
The GPF on the mailing list is probably when the terminator is blown to pieces. Not to worry, it automatically reboots (and proceeds to get smashed, but the software worked fine).
With a name like BJ_Covert_Action, I wouldn't be surprised if you were part of it!
That's pretty interesting coming from BiggerIsBetter...
A tiny computer that can download files while another computer sits idly by.
Yo dawg, we herd you like torrents, so we put a computer in your computer so you can torrent while you torrent.
Mr. Stallman, and the ever shrinking group of people who care what he thinks, need to grow up. [...] Everything has a cost.
You're making two unrelated points. When RMS says "free", about 90% of the time it refers to freedom, not price.
He's not opposed (I would assume) to pay for his computers or Internet connectivity. He's also not opposed to paying for software, but I assume he gets all his needs met by zero-cost (and free-as-in-freedom) software. I seem to recall him saying the FSF (presumably under his leadership) spent money, paying coders to write GNU userspace tools (grep, tar, that stuff).
What he is opposed to is other people having (undue) control over your (choices in) software and your data. That's what this is all about.
See for instance http://www.gnu.org/philosophy/free-sw.html and http://www.gnu.org/philosophy/selling.html for some views on freedom and money.
Except at the "meet the contestant" part, maybe, which by the way should be fascinating.
"So, computer, you're about two months old, and you grew up in IBM's labs, right?"
"Bite my shiny metal ass"
What about [...] ASS subtitles.
That has got to be the shittiest acronym ever! I wonder who would approve of it; you know, who would get behind it.
Sheesh... I can't imagine people's behavior online seriously being influenced by some silly "rating" system.
Oh, and by the way...
My head just metasplode!
I have little doubt that if people could get sales by knocking on your door and punching you in the face to make a sale, they would do exactly that. They don't care about the harm they cause.
I'd ask a doctor how I can punch people in the face in a way that limits the expected damages as much as possible.
See, I'm an ethical douchebag ;-)
It is mathematically proven that there is no system that is more fair than this one.
Could you please refer to an English proof, or failing that at least translate from german what "more fair" means; i.e. what the theorem actually says?
I'm skeptical of the claim that there's "no system more fair". I think you have to (somewhat arbitrarily) decide what fair should mean in the context of the theorem; whether that's the fairness we really want from election systems is open to debate.
Then there's of course Arrow's Impossibility theorem, which may or may not apply to the voting system in question.
What, you wanted a Digg account named "Anonymous Coward"?
My suggestion to the submitter is to try a more honorable career, like record-company executive or drug-dealer.
I recommend prostitution.
At least you're being honest and up front about screwing your customers for money.
Someone who goes "la la la" into a microphone gets 70 year copyright.
No. If they do it when they're 25, they get a 120 year copyright: death at 75, 70 years after that, 75 - 25 + 70 = 120.