The smart card have contacts that work just right when you put the card in a slot.. I mean I never experienced any problem with it in France or Germany. On the other hand in the US, I had my credit card strip demagnitized or damaged somehow a few times.
Swiping is always faster because you dont have to dial your pin, wait for the terminal to connect to a bank and check that your card works etc... But it does not mean it takes ages. It's more like a completely insecure 2secs process compared to a reaonsably secure one which takes 30sec. I'd rather choose the secure system. It's also more secure for the store.
Why not get read of those magnetic stripes which provide absolutely no security and can be cloned in a fraction of second?
Why not use a smart card instead for payment with a secure PIN... so whenever your card is stolen you're not frightened of what would happen to your account.
That'd make a lot more sense that putting moving the strip of your credit card onto your ID.
I think Iran would gladly love to get the criminal G. W. Bush... and put him into jail or maybe execute him.
Now think about it. How many stupid laws from stupid countries have you broken in your peaceful life in the US. Want an example: ever had sex without being married? That's a serious crime in Iran, Saudi, UAE and many other countries... You can get serious fines and jail time for it.
Either the law is the same in the two countries, which is the case here, and thus it is unfair to extradate the person because he would be more able to defend itself in is home country, he would be able to have support from his family... visits during his jail time. etc... So there should be no extradition. Either the law is different but the crime for the "foreign" country was committed in the home country. In that case what he did is not a crime so there's no extradition. Extradition should be only reserved for cases where the crime occured in a foreign country.
In this case, the extradition is unfair. The crime happened only in Australia. There was no hacking into US computers or anything alike.
I don't know about Canada, but in Europe (at least France and Germany), we have those taxes, and yet they have the right to sue the hell out of you if you pirate music.
So in fact we pay the "pirate" tax and get no benefit for it. I for one, have no trouble "pirating" majors content due to the fact i have paid those fucking taxes, and they do not provide DRM-free music... but if I get caugth, sure as hell, it's illegal.
In France at some point (on december 25th at 11pm last year.. no joke), when the gov attempted to pass a DMCA-like law, a dozen members of the parliament managed to pass a law that said the contrary: if you paid a certain tax you could share music on p2p networks legally... but well, this was later dropped by the gov and it got back to the chamber, got a lot of "angry"' public exposure, but in the end the DMCA-like (EUCD / DADVSI) made it. And NO, they have not removed the fucking taxes on CDs, DVDs, USB sticks etc...
The most fun in the law, is that there is a faire use copy exception... which which can be equal to ZERO copies, as it is the case for DVDs! Yet you pay taxes on free DVDs...
I actually have to complain. I once ordered tracks from "Laura Pausini" or "Mecano" (don't remember) from a certain album (WHICH CANNNOT BE BOUGHT IN MY COUNTRY GRRRR!!) and I ended up with tracks from different albums mixed up together. The thing did not match the list of all the official variations of the album... they just basically made their "own" compilation, and labelled it as "that" album. Pretty bad. After that I stuck to major US/UK albums to be sure I won"t have that labelling problem, that time it was just as bad as p2p...
Although they were so far able to evade these issues due to the fact that Russian copyright law was antiquated and did not cover online sales, the sales in questions should have strictly been limited to Russian customers, not to the entire planet....
allofmp3 pirating indedependant label's aside (yeah that's bad and if you bought music like that you should be ashamed and send directly a check to the label!), is it not because of those stupid local limitations that:
I can't watch CSI on CBS website without using a proxy
buy a DVD in the US, bring it back to Germany and play it without facing jail
can't get a subscription to Sky digital satellite network without a bank account in UK.....
wait forever until they finally dubbed that movie that the rest of the world has already seen...
grrr, when will they stop those stupid limitations. This is just pissing of customers and inciting them to pirate sometimes. The world is a global village now, and I for one, certainly don't care about what is on local/national TV any more...
By dint of (ab)using their international pressure at the WTO level, the US may one day be struck with their own blade, and maybe sooner than later. Anguila is right now suing the US at the WTO for some online obligations the US did not respect, regarding "online gaming" sites(oh it's so morally wrong, blabla crap.. ).
Anyway, for once the born again morons may indeed lose the battle with great shame and economic consiquences. Just imagine scenario: - 1) Anguila wins its case at WTO - 2) US does not comply and pursue the "no online gaming website" policity(stupidity). - 3) As a retaliation and with WTO approbation, Anguila decides to unilateraly ditch DMCA-like obligations! - 4) Instead of online gaming websites, you've got online "music and videos" ones!!!
- 5) US does the same as for online gaming and forbids credit card companies to accept payment there - 6) more people want to d/l music/video in non DRM formats than lose money stupidly online, so even if the law passses, loopholes will be found and published and it won't stop the emoragy - 7) MPAA and RIAA come to beg the US to accept online gaming? nah lolz.. (but that'd be funny anyway). I wonder what #7 might be, it looks like the US morality+IP guard got pretty screwed on that one
- 8) As Billions of people on earth, I don't live in the US, so whatever happens after 4), I just don't care.... By the time the gov of my country realizes such website exists, RIAA/MPAA, and my favorite "Universal Studios" will have filed for bankruptcy... ahh! what a good day to celebrate, the liberations of the artists from their procurers!
No seriously, does the MPAA/RIAA really think people will buy DRMs?
Better than BabelFish I hope.. human made, so prone to errors;)
====
The confidence users have in Internet and in the capacity of the system to secure data has always been relative. And it could collapse if the microprocessor manufacturers and cryptography software editors were to be unable to cope against a new type of attack, fearsomely efficient, discovered by the team directed by the German cryptographer Jean-Pierre Seifert (universities of Haifa and Innsbruck). Electronic commerce could be threatened, but also, more broadly, everything that enables the dematerialization of exchanges, which rely on asymmetrical cryptography applications, would it be ciphers, digital signatures or message integrity checks.
In the still confidential article, the researcher and his colleagues describe the procedure they used to, gather a nearly entire cipher key of 512 bits (a series of as many of 0s and 1s) in a single attempt, that's to say in a few milliseconds. For comparison, the greatest public key that has been broken so far is 640 bits long, and as announced in November 2005, the process involved the usage of 80 microprocessors running at 2.2 Ghz for 3 months.
Since the announcement made this summer, on the International Association of Cryptology Research (IACR), that such an attack was theoretically feasible, microprocessors producers were on their nerves: the chips of nearly all of the computers, world wide, are vulnerable. So much that the head of Intel security, the number 1 microprocessor manufacturer, when confronted with the issue declared that he would be "unavailable for a few weeks". This is because the usual fix against classical attacks on public key cryptography - to increase the size of the keys - will not work this time.
Jean-Pierre Seifert was in fact able to affect the systems from the ground up. As most of the security relies on the incapacity to mathematically deduce the private key, kept secret, from the public one, he chose to study how the microprocessors was reading these confidential data.
He found out that the mode of operation or the chip itself, optimized for calculation speed, was making it vulnerable. "Security was sacrificed for the sake of performance", estimated the researcher.
The attack principle can be summed up as such: to go faster and faster, the microprocessor parallelizes operations and uses a branch prediction system to predict the result of the current operation. If the prediction is good, the computation time is greatly decreased. If not, the processor must go back and start again the elementary operation. It is "sufficient" to measure the computation time when the processor goes through the line of 0s and 1s that constitute the cipher key to able able to deduce it.
This threat, called "Branch Prediction Analysis" (BPA) was already known. It was thought a lot of attempts was necessary to statistically deduce the cipher key, thus making the attack not-practicable. The technique discovered by Jean-Pierre Seifert make it possible to break the key in a single attempt. It relies on the fact that the prediction process, essential to increase the processor speed, is not protected.
A spyware could then be made to listen to the chip discreetly, and send back the key to hackers, foreign intelligence services or competitors.
"A MATTER OF WEEKS"
We are not yet there though. "We have not made a turn key application that would be available online" argues Jean-Pierre Seifert. But he estimates that once the method is made public, in early 2007 during the next RSA conference - RSA, being one of the most popular ciphers -, the making of such software would be "a matter of weeks".
Cryptography specialists confirm that the threat is serious. One of the best world wide public key experts anonymously sums up the situation: "The real solution is to review the conception of the microprocessors itself - a long and difficult process. A short term solution would be to forbid normal applications to run in para
Unfortunately, doing SSL encryption would require a significant amount of processing power in the passport chip. This would be much more expensive.
Basically, the government has traded off security for cost, and chosen a cheaper, less secure version.
Yes.. but it's still an improvement over the "paper only" version.
This time you have to look for someone who looks like the you, access his passport, and clone the RFID.
The alternative would be to wait a couple of years for the price of RFID technology to cost less and support SSL-Like protocols. In the meanwhile we would stick to paper.... An incremental approach makes sense.
Anyone care to enlighten me what the fucking point is of even having a chip in the first place?
To the chip is attached a digital signature that proves that the content provided both by the chip and the passport are guenine. It means you can"t change the photo for instance, or the name or anything... Forging the signature can be made next to impossible if you don't have access to the private key and if the key in question is correctly kept secret.
Now we could have done this without a chip, like with some nice barcode somewhere on the passport. But there's money at stake. It's easier to make politician cash more money on that "revolutionary" RFID technology than some old fashioned bar code...
I have a paper passport. Some dude overlook my passport details, or follow me home.. He can actually find a lot (name, birthplace, address etc.. ) except my passport number without needing to see the real passport. He forges another passport with these details, you get cloned, and you don't know it... the chip has not changed anything concerning this.
there are so much better things you can do, like send people a list of one-time passwords along with their voter registration card.
The company being German this is all the more surprising that they did not think about using it. In Germany, one of the major banks (not to say a monopoly), named Sparkasse, uses One Time Pads for Internet access. You receive a list of pads by "secure" snail-mail, which along with your login and password, lets you have access to sensitive features of the website such money transfers... (In Germany no one uses checks, all is by wire transfers)
So I guess a lot of German Internet users are familiar with the concept. It would have been much simpler, more robust and cheaper to develop... but there was probably less easy money to earn that way...
So Microsoft gives money to NOVEL. In exchange NOVEL can tell its customers hey look, not only you have the right to use that (as before), but now also we can assure you that Microsoft won't sue you (never been done anyway).... ah great. I was sure they would never sue me before any way, there's no such broken e-patent where I live. Or maybe next time I fly over to the US, the DHS will arrest me?
So what? Microsoft wants to give the deal to everyone.. ; hey i want to destribute my own distribution. Can I have a few milliion dollars too Steve? Just to make sure you won't sue me.... anyway, considered I have only $2000 in my bank account, even if you sued me, I would not even be able to cover your legal fee no?
Mmmm.. now i'm trembling. In a few seconds, I will click on a button at a bottom of this page and I will send that to slashdot... and crap, Amazon has patented the one click... Microsoft the click which does different thing if you click for a long or short time.. Ah crap. Maybe using my penis instead of a mouse is not patented, who knows.
Just can't help thinking what would happen if someone used a botnet to make zombie machines log on edonkey.com..... Ok there's no money incententive, but still, having millions of stupid IP addresse of people who don't even have an edonkey! Wish I had a botnet today:)
I did not realize the slashdot article was edited after I posted and provided a link to Johnny cache e-mail. It explains far better the issue than this stupid news publication (please fire the reporter)... I was wondering how you could know/guess so much about the method involve, because the article is "scarce" at best.
And since no informtion was available, I was supposing the issue was linked to a buffer overflow.:)
And it has FireWire-800 too (in additon to FireWire-400).
I'm not sure I understand Apple policy with FW800. Used to be there on the PowerBook... removed in the MacBook Pro (except the 17"). And it's never been in an iMac.
I like FW-800 but odds are E-SATA would be more useful in future. I have seen profesionnal cameras using the FW-800 interface (Allied technologies), but never heard about mass market ones...
But the point is that there shouldn't be any stupid repetitive tasks in the first place.
There are and there will always be. Are you compiling your files one by one? No.. use a makefile, or a tool that generate them... you're using a tool to automatize a process.
Using a lot of little programs that do one thing (the Unix way) gives you the flexibility to set things up just the way you want them to be.
Using an IDE does not prevent you from using those tools. In fact an IDE should - aside from providing its own default internal system - support and play nice with an exhaustive number of such tools and increase their usability. For example, an IDE can parse compiler outputs and highlight the errors in the code, bring you to the line, etc...
And it is, even without IDEs.
Yes. Otherwise I'd have monkeys in my office....
If you spend a lot of time typing things in the console that an IDE could have automated, you haven't been writing enough shell scripts.
I do have. I just don't like browing in the console for finding the error... it's not time efficient.
And there are times, I want to do a certain action only once, and it would be more efficient not to write a script/command line at all but click on 3-4 buttons in a GUI. A search replace on certain files... and what if I want to control visually, that it's not a wrong query? And please, I know how to use grep, sed, and find. It's not the point.
If you can't remember it by heart, your interfaces are too complex.
Sure everyone remembers WIN32 or the XLib by heart.. or even less complex library like QT!. And even if I remember it would be cool if instead of typing the whole name, I could use tab, just like in a shell.... And if it's not semantic, complexion sucks, i don't even want to hear about it.
Again, if accessing documentation is taking up a lot of time, your interfaces are too complex.
Right. I remember what does every system calls on UNIX. Same when you have a project with dozen of developpers, you're not necessarily aware of everything that has been coded. A way to find out quickly the documentation with a simple click on a method or class name is cool... It's like saying that documentation is useless and that code itself is sufficient. It does not scale.
I would tend to agree with your arguments to some extent, but the last two ones are stupid. This reminds me of the attitude of a friend of mine, when I was complaining about how cumbersome XFree was to setup, and he told me he did not need 2D/3D acceleration or even a mouse. Good thing the people who wrote XOrg were not thinking like that.
Current IDEs and especially those from M$, suffer from a lack of flexibility, and there is no dream IDE (i tried many and gave up... one day I think i'll just start coding one). But that does not mean the approach is flawed.
Scripts ans small tools -the UNIX - was the right way, or it would not have survived since the 70s. But nowadays the technology allows much better interactions than a console. In my opinion, what an IDE should do is provide a nice and usable GUI over those systems (usable means not like M$ GUIs. Office being the anti-example). There's nothing shameful in presenting a dialog box for setting up compilation options for gcc, that displays snipset of the man when you go over an item. Who knows all GCC options anyway?
And not everyone is able to use those tools at first. The learning curve is too much... Let the beginners concentrate on the language and not the compilation. But it does not mean that you HAVE to locked on those things...
The problem is that building a bridge between the command line tools and a GUI is not an easy task. And there will always be a case where the task you have to do is well "unique". In console worlds, you'll build a script. In IDE world, you'll probably do
I watched that video. He says it's smth in the driver... and then shows a Mac also says it would work on a PC. Then, all Intel mac laptops have WIFI now, but he choses to use an external WIFI PC-Card, huh.. sorry Express Card. I know Apple are not angels, but I just can't help be suspicious about it: - how can a driver have the same bug on windows and macos x? - why use this stupid external card? what are the chances it did have the same chipset as the internal one? - and odds are the bug is a buffer overrun... does it take a SO LONG for apple to fix a stupid memory overrun?
That story won't finish well foro someone. The smoke screen is too thick. Either: - This guy did overrate some minor problem in a misleading way for Apple laptops. Oh.. a third party driver with a bug. Or it's Apple driver with only a thirdparty card. In that case, he's discredited in the domain of security for the rest of his life. - Apple did really pressure him (as he tends to hint). They're then not only legal jackasses (we know that already) but also incompetent to fix a bug (and that suprises me). In that case the company he's discredited in the domain of security for a while, and they can quit the "virus ads.. mac is secure" for a while.
There are speed cameras everywhere in Europe. But I think my remark requires some precision since UK cameras are a bit nastier.
Everywhere in UK to film cars. It's coupled with OCR software and your plate number is archived whether you commit an infraction or not (speed cameras normally don't archive pictures if you are not overspeeding).
See this article
In london cameras, are used to film people. This could be similar to your store next door having a camera, except some are linked to facial recognition software.
As early as 1998: here
And more recently MI5 plugged the cameras of the London congestion charge area (CCTV with OCR to read plates.. again) to add a facial recognition: see here
Of course the UK is a democracy and at the moment no abuse has been reported to my knowledge. But there's a potential for it, now that we have the technology... well facial recognition still kinda suck though:) But it will improve.
I would like to be as optimistic about Europe. But I'm not...
In most EU countries the EUCD (=local DMCA) has just been voted. Despite the bad example DMCA set, the powerful media industry managed to make the law voted nearly everywhere (ah yeah.. Denmark is a bit of an exception). It's just been voted, so it will take a while before you have the first cases... but there will be.
And regarding the involvement of the NSA. I'm sure similar practices are used by security services in Europe. You just don't know it. A story similar to the watergate failed to impeach the President in France. And the press simply does not have the power here than it has in the US. Odds are that newspapers would be pressured one way or another not to publish such information. Remember. We're 25, with different languages. Newspapers belong to press groups, which are divided among nations... and some of them belong to Universal in the end. Got the picture?
And how about those automated cameras in London and UK which take pictures of license plates/people in the streets? Don't you think Bush is jealous and dreams about it at night?
IDEs are supposed to make your task easy by making automatic stupid repetitive task, and a good IDE must be configurable for all of these in all possible ways. Example of such tasks: - automatic build process, generating a makefile, or at list a part of it (dependencies) if you want flexibility. And don't tell me you like telling which.h you need for every single.c /.cpp file you got... it's stupid, repetitive and SHOULD MUST BE automatized. - rename a class/file and automatize or at least assist you for renaming all the crap that depend on it. - meaningful completion (i mean you have have an objet you type DOT TAB and then you see the methods for this class, with signature.. ) - reporting errors where they are. You browse your file goes where at the right line of the error etc... - let you access to the documentation
And a good IDE should not force you in any way to give up your ways. - you like that text editor. Then make the IDE use it (ok granted. I have never seen an IDE with that feature) - you want Makefiles no problem. You want QT.PRO files no problem... . You won't wanna hear about Make stuff no problem
A good IDEA should just be a nice graphical organized front end to whatever you do painfully typing in a console. And even if you have scripts for that, you still have to browse the output to determine where the error occured in a painful ineffective way...
Slashdot Mirror
The smart card have contacts that work just right when you put the card in a slot.. I mean I never experienced any problem with it in France or Germany. On the other hand in the US, I had my credit card strip demagnitized or damaged somehow a few times.
Swiping is always faster because you dont have to dial your pin, wait for the terminal to connect to a bank and check that your card works etc... But it does not mean it takes ages. It's more like a completely insecure 2secs process compared to a reaonsably secure one which takes 30sec. I'd rather choose the secure system. It's also more secure for the store.
Why not get read of those magnetic stripes which provide absolutely no security and can be cloned in a fraction of second?
Why not use a smart card instead for payment with a secure PIN... so whenever your card is stolen you're not frightened of what would happen to your account.
That'd make a lot more sense that putting moving the strip of your credit card onto your ID.
I think Iran would gladly love to get the criminal G. W. Bush... and put him into jail or maybe execute him.
Now think about it. How many stupid laws from stupid countries have you broken in your peaceful life in the US. Want an example: ever had sex without being married? That's a serious crime in Iran, Saudi, UAE and many other countries... You can get serious fines and jail time for it.
Either the law is the same in the two countries, which is the case here, and thus it is unfair to extradate the person because he would be more able to defend itself in is home country, he would be able to have support from his family... visits during his jail time. etc... So there should be no extradition.
Either the law is different but the crime for the "foreign" country was committed in the home country. In that case what he did is not a crime so there's no extradition.
Extradition should be only reserved for cases where the crime occured in a foreign country.
In this case, the extradition is unfair. The crime happened only in Australia. There was no hacking into US computers or anything alike.
I don't know about Canada, but in Europe (at least France and Germany), we have those taxes, and yet they have the right to sue the hell out of you if you pirate music.
So in fact we pay the "pirate" tax and get no benefit for it. I for one, have no trouble "pirating" majors content due to the fact i have paid those fucking taxes, and they do not provide DRM-free music... but if I get caugth, sure as hell, it's illegal.
In France at some point (on december 25th at 11pm last year.. no joke), when the gov attempted to pass a DMCA-like law, a dozen members of the parliament managed to pass a law that said the contrary: if you paid a certain tax you could share music on p2p networks legally... but well, this was later dropped by the gov and it got back to the chamber, got a lot of "angry"' public exposure, but in the end the DMCA-like (EUCD / DADVSI) made it. And NO, they have not removed the fucking taxes on CDs, DVDs, USB sticks etc...
The most fun in the law, is that there is a faire use copy exception... which which can be equal to ZERO copies, as it is the case for DVDs! Yet you pay taxes on free DVDs...
I actually have to complain. I once ordered tracks from "Laura Pausini" or "Mecano" (don't remember) from a certain album (WHICH CANNNOT BE BOUGHT IN MY COUNTRY GRRRR!!) and I ended up with tracks from different albums mixed up together. The thing did not match the list of all the official variations of the album... they just basically made their "own" compilation, and labelled it as "that" album. Pretty bad. After that I stuck to major US/UK albums to be sure I won"t have that labelling problem, that time it was just as bad as p2p...
Although they were so far able to evade these issues due to the fact that Russian copyright law was antiquated and did not cover online sales, the sales in questions should have strictly been limited to Russian customers, not to the entire planet....
allofmp3 pirating indedependant label's aside (yeah that's bad and if you bought music like that you should be ashamed and send directly a check to the label!), is it not because of those stupid local limitations that:
grrr, when will they stop those stupid limitations. This is just pissing of customers and inciting them to pirate sometimes. The world is a global village now, and I for one, certainly don't care about what is on local/national TV any more...
allofmp3.ai
... ahh! what a good day to celebrate, the liberations of the artists from their procurers!
By dint of (ab)using their international pressure at the WTO level, the US may one day be struck with their own blade, and maybe sooner than later. Anguila is right now suing the US at the WTO for some online obligations the US did not respect, regarding "online gaming" sites(oh it's so morally wrong, blabla crap.. ).
Anyway, for once the born again morons may indeed lose the battle with great shame and economic consiquences. Just imagine scenario:
- 1) Anguila wins its case at WTO
- 2) US does not comply and pursue the "no online gaming website" policity(stupidity).
- 3) As a retaliation and with WTO approbation, Anguila decides to unilateraly ditch DMCA-like obligations!
- 4) Instead of online gaming websites, you've got online "music and videos" ones!!!
- 5) US does the same as for online gaming and forbids credit card companies to accept payment there
- 6) more people want to d/l music/video in non DRM formats than lose money stupidly online, so even if the law passses, loopholes will be found and published and it won't stop the emoragy
- 7) MPAA and RIAA come to beg the US to accept online gaming? nah lolz.. (but that'd be funny anyway). I wonder what #7 might be, it looks like the US morality+IP guard got pretty screwed on that one
- 8) As Billions of people on earth, I don't live in the US, so whatever happens after 4), I just don't care.... By the time the gov of my country realizes such website exists, RIAA/MPAA, and my favorite "Universal Studios" will have filed for bankruptcy
No seriously, does the MPAA/RIAA really think people will buy DRMs?
Yep localhost only... so who is the primary user of localhost public key cryptography techniques?
:)
DRMs! yep yep!...
I would love to see Vista DRMs cracked before the OS even make it to the market...
ok.. i'm probably dreaming, but still it feels good.
Better than BabelFish I hope.. human made, so prone to errors ;)
====
The confidence users have in Internet and in the capacity of the system to secure data has always been relative. And it could collapse if the microprocessor manufacturers and cryptography software editors were to be unable to cope against a new type of attack, fearsomely efficient, discovered by the team directed by the German cryptographer Jean-Pierre Seifert (universities of Haifa and Innsbruck). Electronic commerce could be threatened, but also, more broadly, everything that enables the dematerialization of exchanges, which rely on asymmetrical cryptography applications, would it be ciphers, digital signatures or message integrity checks.
In the still confidential article, the researcher and his colleagues describe the procedure they used to, gather a nearly entire cipher key of 512 bits (a series of as many of 0s and 1s) in a single attempt, that's to say in a few milliseconds. For comparison, the greatest public key that has been broken so far is 640 bits long, and as announced in November 2005, the process involved the usage of 80 microprocessors running at 2.2 Ghz for 3 months.
Since the announcement made this summer, on the International Association of Cryptology Research (IACR), that such an attack was theoretically feasible, microprocessors producers were on their nerves: the chips of nearly all of the computers, world wide, are vulnerable. So much that the head of Intel security, the number 1 microprocessor manufacturer, when confronted with the issue declared that he would be "unavailable for a few weeks". This is because the usual fix against classical attacks on public key cryptography - to increase the size of the keys - will not work this time.
Jean-Pierre Seifert was in fact able to affect the systems from the ground up. As most of the security relies on the incapacity to mathematically deduce the private key, kept secret, from the public one, he chose to study how the microprocessors was reading these confidential data.
He found out that the mode of operation or the chip itself, optimized for calculation speed, was making it vulnerable. "Security was sacrificed for the sake of performance", estimated the researcher.
The attack principle can be summed up as such: to go faster and faster, the microprocessor parallelizes operations and uses a branch prediction system to predict the result of the current operation. If the prediction is good, the computation time is greatly decreased. If not, the processor must go back and start again the elementary operation. It is "sufficient" to measure the computation time when the processor goes through the line of 0s and 1s that constitute the cipher key to able able to deduce it.
This threat, called "Branch Prediction Analysis" (BPA) was already known. It was thought a lot of attempts was necessary to statistically deduce the cipher key, thus making the attack not-practicable. The technique discovered by Jean-Pierre Seifert make it possible to break the key in a single attempt. It relies on the fact that the prediction process, essential to increase the processor speed, is not protected.
A spyware could then be made to listen to the chip discreetly, and send back the key to hackers, foreign intelligence services or competitors.
"A MATTER OF WEEKS"
We are not yet there though. "We have not made a turn key application that would be available online" argues Jean-Pierre Seifert. But he estimates that once the method is made public, in early 2007 during the next RSA conference - RSA, being one of the most popular ciphers -, the making of such software would be "a matter of weeks".
Cryptography specialists confirm that the threat is serious. One of the best world wide public key experts anonymously sums up the situation: "The real solution is to review the conception of the microprocessors itself - a long and difficult process. A short term solution would be to forbid normal applications to run in para
Unfortunately, doing SSL encryption would require a significant amount of processing power in the passport chip. This would be much more expensive.
Basically, the government has traded off security for cost, and chosen a cheaper, less secure version.
Yes.. but it's still an improvement over the "paper only" version.
This time you have to look for someone who looks like the you, access his passport, and clone the RFID.
The alternative would be to wait a couple of years for the price of RFID technology to cost less and support SSL-Like protocols. In the meanwhile we would stick to paper.... An incremental approach makes sense.
Anyone care to enlighten me what the fucking point is of even having a chip in the first place?
To the chip is attached a digital signature that proves that the content provided both by the chip and the passport are guenine. It means you can"t change the photo for instance, or the name or anything... Forging the signature can be made next to impossible if you don't have access to the private key and if the key in question is correctly kept secret.
Now we could have done this without a chip, like with some nice barcode somewhere on the passport. But there's money at stake. It's easier to make politician cash more money on that "revolutionary" RFID technology than some old fashioned bar code...
Same as before...
I have a paper passport. Some dude overlook my passport details, or follow me home.. He can actually find a lot (name, birthplace, address etc.. ) except my passport number without needing to see the real passport. He forges another passport with these details, you get cloned, and you don't know it... the chip has not changed anything concerning this.
there are so much better things you can do, like send people a list of one-time passwords along with their voter registration card.
The company being German this is all the more surprising that they did not think about using it. In Germany, one of the major banks (not to say a monopoly), named Sparkasse, uses One Time Pads for Internet access. You receive a list of pads by "secure" snail-mail, which along with your login and password, lets you have access to sensitive features of the website such money transfers... (In Germany no one uses checks, all is by wire transfers)
So I guess a lot of German Internet users are familiar with the concept. It would have been much simpler, more robust and cheaper to develop... but there was probably less easy money to earn that way...
Ahaha.. whoever made that claim, will soon disappear from the google enginer index altogether !!
So Microsoft gives money to NOVEL. In exchange NOVEL can tell its customers hey look, not only you have the right to use that (as before), but now also we can assure you that Microsoft won't sue you (never been done anyway).... ah great. I was sure they would never sue me before any way, there's no such broken e-patent where I live. Or maybe next time I fly over to the US, the DHS will arrest me?
So what? Microsoft wants to give the deal to everyone.. ; hey i want to destribute my own distribution. Can I have a few milliion dollars too Steve? Just to make sure you won't sue me.... anyway, considered I have only $2000 in my bank account, even if you sued me, I would not even be able to cover your legal fee no?
Mmmm.. now i'm trembling. In a few seconds, I will click on a button at a bottom of this page and I will send that to slashdot... and crap, Amazon has patented the one click... Microsoft the click which does different thing if you click for a long or short time.. Ah crap. Maybe using my penis instead of a mouse is not patented, who knows.
They're the same bandits anyway!!! ;)
Just can't help thinking what would happen if someone used a botnet to make zombie machines log on edonkey.com..... Ok there's no money incententive, but still, having millions of stupid IP addresse of people who don't even have an edonkey! Wish I had a botnet today :)
I did not realize the slashdot article was edited after I posted and provided a link to Johnny cache e-mail. It explains far better the issue than this stupid news publication (please fire the reporter)... I was wondering how you could know/guess so much about the method involve, because the article is "scarce" at best.
:)
And since no informtion was available, I was supposing the issue was linked to a buffer overflow.
Only for the 24". I forgot to mention it :)
And it has FireWire-800 too (in additon to FireWire-400).
I'm not sure I understand Apple policy with FW800. Used to be there on the PowerBook... removed in the MacBook Pro (except the 17"). And it's never been in an iMac.
I like FW-800 but odds are E-SATA would be more useful in future. I have seen profesionnal cameras using the FW-800 interface (Allied technologies), but never heard about mass market ones...
There are and there will always be. Are you compiling your files one by one? No.. use a makefile, or a tool that generate them... you're using a tool to automatize a process.
Using an IDE does not prevent you from using those tools. In fact an IDE should - aside from providing its own default internal system - support and play nice with an exhaustive number of such tools and increase their usability. For example, an IDE can parse compiler outputs and highlight the errors in the code, bring you to the line, etc...
Yes. Otherwise I'd have monkeys in my office....
I do have. I just don't like browing in the console for finding the error... it's not time efficient.
And there are times, I want to do a certain action only once, and it would be more efficient not to write a script/command line at all but click on 3-4 buttons in a GUI. A search replace on certain files... and what if I want to control visually, that it's not a wrong query? And please, I know how to use grep, sed, and find. It's not the point.
Sure everyone remembers WIN32 or the XLib by heart.. or even less complex library like QT!. And even if I remember it would be cool if instead of typing the whole name, I could use tab, just like in a shell.... And if it's not semantic, complexion sucks, i don't even want to hear about it.
Right. I remember what does every system calls on UNIX. Same when you have a project with dozen of developpers, you're not necessarily aware of everything that has been coded. A way to find out quickly the documentation with a simple click on a method or class name is cool... It's like saying that documentation is useless and that code itself is sufficient. It does not scale.
I would tend to agree with your arguments to some extent, but the last two ones are stupid. This reminds me of the attitude of a friend of mine, when I was complaining about how cumbersome XFree was to setup, and he told me he did not need 2D/3D acceleration or even a mouse. Good thing the people who wrote XOrg were not thinking like that.
Current IDEs and especially those from M$, suffer from a lack of flexibility, and there is no dream IDE (i tried many and gave up... one day I think i'll just start coding one). But that does not mean the approach is flawed.
Scripts ans small tools -the UNIX - was the right way, or it would not have survived since the 70s. But nowadays the technology allows much better interactions than a console. In my opinion, what an IDE should do is provide a nice and usable GUI over those systems (usable means not like M$ GUIs. Office being the anti-example). There's nothing shameful in presenting a dialog box for setting up compilation options for gcc, that displays snipset of the man when you go over an item. Who knows all GCC options anyway?
And not everyone is able to use those tools at first. The learning curve is too much... Let the beginners concentrate on the language and not the compilation. But it does not mean that you HAVE to locked on those things...
The problem is that building a bridge between the command line tools and a GUI is not an easy task. And there will always be a case where the task you have to do is well "unique". In console worlds, you'll build a script. In IDE world, you'll probably do
I watched that video. He says it's smth in the driver... and then shows a Mac also says it would work on a PC. Then, all Intel mac laptops have WIFI now, but he choses to use an external WIFI PC-Card, huh.. sorry Express Card. I know Apple are not angels, but I just can't help be suspicious about it:
- how can a driver have the same bug on windows and macos x?
- why use this stupid external card? what are the chances it did have the same chipset as the internal one?
- and odds are the bug is a buffer overrun... does it take a SO LONG for apple to fix a stupid memory overrun?
That story won't finish well foro someone. The smoke screen is too thick. Either:
- This guy did overrate some minor problem in a misleading way for Apple laptops. Oh.. a third party driver with a bug. Or it's Apple driver with only a thirdparty card. In that case, he's discredited in the domain of security for the rest of his life.
- Apple did really pressure him (as he tends to hint). They're then not only legal jackasses (we know that already) but also incompetent to fix a bug (and that suprises me). In that case the company he's discredited in the domain of security for a while, and they can quit the "virus ads.. mac is secure" for a while.
Future will tell.
There are speed cameras everywhere in Europe. But I think my remark requires some precision since UK cameras are a bit nastier.
- Everywhere in UK to film cars. It's coupled with OCR software and your plate number is archived whether you commit an infraction or not (speed cameras normally don't archive pictures if you are not overspeeding).
See this article
- In london cameras, are used to film people. This could be similar to your store next door having a camera, except some are linked to facial recognition software.
As early as 1998: here
And more recently MI5 plugged the cameras of the London congestion charge area (CCTV with OCR to read plates.. again) to add a facial recognition: see here
Of course the UK is a democracy and at the moment no abuse has been reported to my knowledge. But there's a potential for it, now that we have the technology... well facial recognition still kinda suck though:) But it will improve.I would like to be as optimistic about Europe. But I'm not...
In most EU countries the EUCD (=local DMCA) has just been voted. Despite the bad example DMCA set, the powerful media industry managed to make the law voted nearly everywhere (ah yeah.. Denmark is a bit of an exception). It's just been voted, so it will take a while before you have the first cases... but there will be.
And regarding the involvement of the NSA. I'm sure similar practices are used by security services in Europe. You just don't know it. A story similar to the watergate failed to impeach the President in France. And the press simply does not have the power here than it has in the US. Odds are that newspapers would be pressured one way or another not to publish such information. Remember. We're 25, with different languages. Newspapers belong to press groups, which are divided among nations... and some of them belong to Universal in the end. Got the picture?
And how about those automated cameras in London and UK which take pictures of license plates/people in the streets? Don't you think Bush is jealous and dreams about it at night?
IDEs are supposed to make your task easy by making automatic stupid repetitive task, and a good IDE must be configurable for all of these in all possible ways. .h you need for every single .c / .cpp file you got... it's stupid, repetitive and SHOULD MUST BE automatized.
.PRO files no problem... . You won't wanna hear about Make stuff no problem
Example of such tasks:
- automatic build process, generating a makefile, or at list a part of it (dependencies) if you want flexibility. And don't tell me you like telling which
- rename a class/file and automatize or at least assist you for renaming all the crap that depend on it.
- meaningful completion (i mean you have have an objet you type DOT TAB and then you see the methods for this class, with signature.. )
- reporting errors where they are. You browse your file goes where at the right line of the error etc...
- let you access to the documentation
And a good IDE should not force you in any way to give up your ways.
- you like that text editor. Then make the IDE use it (ok granted. I have never seen an IDE with that feature)
- you want Makefiles no problem. You want QT
A good IDEA should just be a nice graphical organized front end to whatever you do painfully typing in a console. And even if you have scripts for that, you still have to browse the output to determine where the error occured in a painful ineffective way...