And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.
You encrypt the disk with a master key K. Each user has a password p_u and a key generated from the password, K_u = pbkdf(p_u). Store K encrypted under K_u, for all u, on the disk. The user inputs his password on bootup, the system computes K_u, decrypts K, and is ready to use it for decrypting the disk.
You can destroy the keys with a little bit of dd magic; ask shred for some bit patterns, and/or add some layers of cryptographically random data.
If your CPU has the "aes" instruction, doing crypto in software is fast. You might be able to gain a little by doing it in hardware before it leaves the disk, but I think doing it in software is competitive. The performance differential cost buys you something: you can change keys (or ciphers) in a hardware-agnostic way.
My thumbdrive lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.
And who says slashdotters don't have any fashion sense?
I suspect that this is less about deterrent and more about mitigating data loss.
In my dictionary, "data loss" means you don't have access to the data, whereas "data theft" means someone else has access to the data when they shouldn't.
Backups protect against data loss. Remote disabling protects against data theft.
Full disk encryption also protects against data theft if the laptop is off when stolen. Having the laptop shut down if mydnsname.org/laptop-id/shutdown doesn't 404 (cron job, every minute) would help against data theft if the laptop is on while stolen. If you have a bluetooth phone and enable the screen saver when the phone loses contact with the laptop, it helps you even more if the laptop gets stolen in the on state.
If you trust your backups, you can also backup all the encrypted keys that are on the disk on your secure server, and wipe them from the laptop when you find the shutdown page on the web.
Oh well, I guess the people who like wearing suits and buying stuff trust people who like wearing suits and selling stuff over people who like wearing t-shirts and building stuff.
Here's the latest collection of pictures we gathered up. You're going to love the two girls in 0138.jpg; you can see their tits have juuuust started growing, right at the age where you like them.
The password is the same as last time.
Attached: foo.zip"
Now you're on the hook for a password(-derived key) which you don't know. Interesting... I should probably stop publishing my mail address;)
They allow abusive entities such as the Free Software Foundation to go after Cisco.
I know you're just trying to be funny, but what's worth noticing is that this is the FSF's first lawsuit:
[...] Peter Brown, executive director of the FSF. "In the fifteen years we've spent enforcing our licenses, we've never gone to court before. We have always managed to get the companies we have worked with to take their obligations seriously.
Isn't that interesting? I'm not sure whether Cisco decided to call the FSF's bluff or whether they have some other thinking behind their decisions; but I know that this is going to be interesting to watch.
IIRC, the GPL has been upheld in court before, so (depending on the details of Cisco's actions) the FSF is probably in a good position to win.
I think we can agree that it's in the public interest to pay money to those who make music, movies, TV shows, software, literature and a few other forms of media. Their ability to be copied at almost no cost, and the willingness of consumers to foot the bill for that out of their own pocket means that the hitherto used pricing structure isn't going to work that great.
But for physical objects that can't be copied, only mass produced with massive startup costs, what's wrong with the current pricing structure?
It's not just the music tax that would be bad, it's almost all of them.
That's strange. In Denmark, if you work full time at minimum wage, you're paying at least 40% of what you earn in taxes. Get a well-paid Code Monkey position and you're looking at something like 50-60%. On top of that, there's 25% sales tax added to everything (meaning 20% of what you pay for goods is sales tax). And there's heavy charges added to certain goods, such as cars.
This actually makes a degree of sense to me, because I would expect the variance to be less in the first case
For samples of a normal distribution, the sample variance is f(samples)/n. That makes the deviation sqrt(f(samples))/sqrt(n).
Whether you care about deviation or variance, the more points you sample, the less they deviate "on the whole" from what one might expect.
[30 vs 20 -- or -- 3 vs 2]
I'm no military tactician, but one might expect the gang of three to be able to perform maneuvers that a gang of thirty couldn't pull off; like, say, hide better, or sneak around, or attack the two from multiple directions.
they'd have had to take the photo and wait for ~8 years
How about consent from a parent or guardian?
The consent of a 10 year old can't really be considered consent, in the true word. She almost certainly didn't understand, when the picture was taken, the true implications of it.
I think I agree; not because minors are stupid, but because sexually immature minors don't understand from an intuitive level how their sexuality and the outside perception of their sexuality (or lack of such) plays into this picture.
Minors giving reasonably informed consent to other things (say, medical procedures), that might happen.
Note that their method just looks at the packets. If you also know that the packets originate from a network that only has one customer/peer relationship, and that relationship is with you, you can look at the number of connections with the same protocol as well.
I'm not sure that it's clear we can win the arms race; at least, not in the near future.
Any entrepeneur who would be on the streets through lost revenue in his/her sale and fears it should simply not be trying to earn a living through his or her own business
No matter what you do, people might all of the sudden stop wanting to do business with your kind. Being given an hourly wage by your boss might shield you from the reality, but reality it is none the less.
Use references. Use refcounting smart pointers. Use objects that free their pointers when they die.
[memory safety]
Actually, the biggest problem with C++ and memory management is exceptions. I'm not sure exactly what you mean by "hiding (\"abstraction\")" in the context of memory management. Also, I'm not sure what you mean by the word "safety" in the context of memory.
Slashdot Mirror
And if you're encrypting the whole disk -- where will you keep the encryption keys? How will you boot? Doing it in hardware suddenly makes sense -- probably a slight performance boost, also.
You encrypt the disk with a master key K. Each user has a password p_u and a key generated from the password, K_u = pbkdf(p_u). Store K encrypted under K_u, for all u, on the disk. The user inputs his password on bootup, the system computes K_u, decrypts K, and is ready to use it for decrypting the disk.
You can destroy the keys with a little bit of dd magic; ask shred for some bit patterns, and/or add some layers of cryptographically random data.
If your CPU has the "aes" instruction, doing crypto in software is fast. You might be able to gain a little by doing it in hardware before it leaves the disk, but I think doing it in software is competitive. The performance differential cost buys you something: you can change keys (or ciphers) in a hardware-agnostic way.
My thumbdrive lives on my keyring. It hangs from the beltloop of my pants on a carabiner, and is always right there whenever it is not in use elsewhere.
And who says slashdotters don't have any fashion sense?
I suspect that this is less about deterrent and more about mitigating data loss.
In my dictionary, "data loss" means you don't have access to the data, whereas "data theft" means someone else has access to the data when they shouldn't.
Backups protect against data loss. Remote disabling protects against data theft.
Full disk encryption also protects against data theft if the laptop is off when stolen. Having the laptop shut down if mydnsname.org/laptop-id/shutdown doesn't 404 (cron job, every minute) would help against data theft if the laptop is on while stolen. If you have a bluetooth phone and enable the screen saver when the phone loses contact with the laptop, it helps you even more if the laptop gets stolen in the on state.
If you trust your backups, you can also backup all the encrypted keys that are on the disk on your secure server, and wipe them from the laptop when you find the shutdown page on the web.
Oh well, I guess the people who like wearing suits and buying stuff trust people who like wearing suits and selling stuff over people who like wearing t-shirts and building stuff.
"Hi again, [name]
Here's the latest collection of pictures we gathered up. You're going to love the two girls in 0138.jpg; you can see their tits have juuuust started growing, right at the age where you like them.
The password is the same as last time.
Attached: foo.zip"
Now you're on the hook for a password(-derived key) which you don't know. Interesting... I should probably stop publishing my mail address ;)
Yeah, not releasing on all three major platforms seems pretty brain-.dmg'ed.
I'm seeing a pattern, though. Could it be that developing cross-platform applications is something for which Google doesn't have any aptitude?
They allow abusive entities such as the Free Software Foundation to go after Cisco.
I know you're just trying to be funny, but what's worth noticing is that this is the FSF's first lawsuit:
[...] Peter Brown, executive director of the FSF. "In the fifteen years we've spent enforcing our licenses, we've never gone to court before. We have always managed to get the companies we have worked with to take their obligations seriously.
Isn't that interesting? I'm not sure whether Cisco decided to call the FSF's bluff or whether they have some other thinking behind their decisions; but I know that this is going to be interesting to watch.
IIRC, the GPL has been upheld in court before, so (depending on the details of Cisco's actions) the FSF is probably in a good position to win.
By using Slack, everyone around you will know that your kung-fu is the best kung-fu.
Using Srack gives not the kung-fu. Disciprine... come from within.
So, when humans and robots breed, do they get baby cyborgs?
"great, I can make a robot! ... now what can I do with it?"
Well...
I for one welcome our new robot dominatricies...
It has an absolutely *KILLER* IDE
I'm only leaving emacs for it if it comes with a decent editor!
sewing kit tax
How do you copy a sewing kit over the Internet?
I think we can agree that it's in the public interest to pay money to those who make music, movies, TV shows, software, literature and a few other forms of media. Their ability to be copied at almost no cost, and the willingness of consumers to foot the bill for that out of their own pocket means that the hitherto used pricing structure isn't going to work that great.
But for physical objects that can't be copied, only mass produced with massive startup costs, what's wrong with the current pricing structure?
It's not just the music tax that would be bad, it's almost all of them.
That's strange. In Denmark, if you work full time at minimum wage, you're paying at least 40% of what you earn in taxes. Get a well-paid Code Monkey position and you're looking at something like 50-60%. On top of that, there's 25% sales tax added to everything (meaning 20% of what you pay for goods is sales tax). And there's heavy charges added to certain goods, such as cars.
Yet, we:
If taxation is bad, how come Denmark is such a great place to be?
How am I supposed to put food on my table
You're doing it wrong! You're supposed to put it on your family ;)
This actually makes a degree of sense to me, because I would expect the variance to be less in the first case
For samples of a normal distribution, the sample variance is f(samples)/n. That makes the deviation sqrt(f(samples))/sqrt(n).
Whether you care about deviation or variance, the more points you sample, the less they deviate "on the whole" from what one might expect.
[30 vs 20 -- or -- 3 vs 2]
I'm no military tactician, but one might expect the gang of three to be able to perform maneuvers that a gang of thirty couldn't pull off; like, say, hide better, or sneak around, or attack the two from multiple directions.
I'm not sure it's clear cut.
they'd have had to take the photo and wait for ~8 years
How about consent from a parent or guardian?
The consent of a 10 year old can't really be considered consent, in the true word. She almost certainly didn't understand, when the picture was taken, the true implications of it.
I think I agree; not because minors are stupid, but because sexually immature minors don't understand from an intuitive level how their sexuality and the outside perception of their sexuality (or lack of such) plays into this picture.
Minors giving reasonably informed consent to other things (say, medical procedures), that might happen.
The choice of Helios as a moniker
You mean he can take all the flaming? ;)
Why do people insist on answering rhetorical questions? This is a rhetorical question, don't bother replying.
It's how society works when people aren't being a**holes.
AssertionError: len("ltruist") == 2
Or are we specially gifted around here?
Around here I think we're just special ;)
If playing games ever taught you anything, it should be that cars are something you steal.
The ISPs can probably identify the protocol used, even if it's encrypted:
http://www.shmoocon.org/2007/presentations/PISA.ppt
http://www.shmoocon.org/2007/videos/Encrypted%20Protocol%20Identification%20via%20Statistical%20Analysis%20-%20Rob%20King%20and%20Rohlt%20Dhamankar.mp4
http://www.shmoocon.org/2007/presentations.html
Note that their method just looks at the packets. If you also know that the packets originate from a network that only has one customer/peer relationship, and that relationship is with you, you can look at the number of connections with the same protocol as well.
I'm not sure that it's clear we can win the arms race; at least, not in the near future.
Congress realizes that they have a failing business model
They who---Congress or the RIAA? ;)
What are you talking about? There are tons of people here on slashdot who have never worked for an ISP and know EXACTLY how the internet works!!! ;)
Any entrepeneur who would be on the streets through lost revenue in his/her sale and fears it should simply not be trying to earn a living through his or her own business
No matter what you do, people might all of the sudden stop wanting to do business with your kind. Being given an hourly wage by your boss might shield you from the reality, but reality it is none the less.
Should we all stop working? ;)
[arrays]
Use vectors.
[pointer ownership]
Use references. Use refcounting smart pointers. Use objects that free their pointers when they die.
[memory safety]
Actually, the biggest problem with C++ and memory management is exceptions. I'm not sure exactly what you mean by "hiding (\"abstraction\")" in the context of memory management. Also, I'm not sure what you mean by the word "safety" in the context of memory.