Slashdot Mirror


User: betterunixthanunix

betterunixthanunix's activity in the archive.

Stories
0
Comments
6,598
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,598

  1. Re:Of course. on The Internet Helps Iran Silence Activists · · Score: 1

    That is more steganography than cryptography, and it brings up all sorts of other issues. Steganography that hides messages in text is particularly problematic, because it is very easy to erase the hidden message without destroying the innocent message; just hiding white noise in the innocent message could cause a collision with the hidden message and kill the communication. Better techniques hide the message in something like an image, since there is more room for robustness: there are techniques that can survive being printed and scanned back, multiple times.

    Of course, the overall problem with steganography is the warden problem: someone much more powerful than you is aware that you are using steganography, and aware of what your technique is, and will do everything in their power to stop you from using it. Even highly robust steganography systems have been broken; see the SDMI challenge for more information (the steganography was used for watermarking, and it had to be robust enough to survive transcoding between various formats, and all of the robust watermarks were broken and removed in a fairly short time, though not in the time specified by the challenge).

    Of course, in this case, the steganography only needs to remain unbroken for the duration of these protests, so even a system that is eventually broken would still be useful.

  2. Re:Of course. on The Internet Helps Iran Silence Activists · · Score: 1

    " There is no way to define what encrypt traffic looks like "

    Sure there is: it looks like white noise. If you are scanning through packets, and you suddenly come across something that looks like noise, you can just drop it. We are not talking about secret codes that kids use when they are in kindergarden, we are talking about AES and similar ciphers, which are designed to have output that is as close to random noise as possible.

    That is the weak point of cryptography: it is still very obvious that you are communicating, and worse, it is very obvious that you are using encryption (which is actually an information leak, depending on context: unless you encrypt everything, using crypto is like putting a giant sign on your forehead that says, "I HAVE SOMETHING TO HIDE").

  3. Re:I'ts only illegal in the US on The Internet Helps Iran Silence Activists · · Score: 1

    I did not say it was not available, nor did I say that the only crypto experts in the world lived in the US; I said we could not export or reexport crypto systems. The reexport clause is where the real problem lies -- it could be illegal to direct an Iranian to a mirror of NSS or OpenSSL even if the mirror were not in the US, since that is technically reexporting the software.

    So if I wanted to help the Iranian protestors by telling them how to set up cryptography, I would have to start by assuming that they already had the software or knew where to get it -- neither case is likely if they are not already using crypto.

  4. Re:US citizens' have their hands tied - SO WHAT? on The Internet Helps Iran Silence Activists · · Score: 2, Insightful

    Actually, there are still plenty of people who care. The company I work for ships software that uses OpenSSL, and the policy on Iran (and other countries on the "black list") is simple: if I receive an email from someone in Iran, I must immediately forward it to the corporate communications department, I must not reply, and I must not in any way communicate to them how they can obtain our software. This is despite the fact that OpenSSL could easily be obtained in Iran. The same policy applies to anyone who indicates that they intend to reexport the software.

    Believe it or not, the laws of the United States do have important consequences for people who live and work here.

  5. There is more to it on The Internet Helps Iran Silence Activists · · Score: 2, Informative

    For now, AES remains impossible to directly crack. "Directly" being the operative word -- cryptography systems involving AES can be cracked through various other means. You start sending encrypted mail, and the first thing I will do is see if I can get a keystroke logger on your computer, perhaps a hardware unit that I install in your keyboard. If I cannot do that, I'll see if I can perform a side channel attack -- perhaps I can install a microphone near your computer to measure the vibrations caused by power fluctuations, or maybe I can find a way to hide an antenna and measure the EM emissions.

    Don't get me wrong, cryptography would help the Iranians a lot, but it is not a silver bullet. High profile targets would need to be wary of side channel attacks and other attempts to break their crypto, but even low level targets would be risking their lives. The very use of cryptography could be enough to get an Iranian thrown in prison, especially if it becomes known that cryptography is being used to evade government filters to send news of the protests to foreigners.

  6. US citizens' have their hands tied on The Internet Helps Iran Silence Activists · · Score: 4, Informative

    It remains illegal to export or reexport strong cryptography to Iran. Despite Phil Zimmerman's testimony before Congress, and despite his presentation of letters from people around the world who used PGP to save lives, there are still restrictions on who we may export this sort of software to. I have no doubt that the protestors in Iran would benefit immensely if they were using PGP or some similarly strong crypto, but here in the US, you could be imprisoned for sending it to them.

  7. Re:Trends on China Starts/Stops Blocking Google · · Score: 2, Insightful
  8. Re:Nintendo's provision is not unusual on Atari Sub-Sub-Contractor Used ScummVM For Wii Game · · Score: 1

    "The platform is closed and Nintendo control the approval process, what's the downside for them?"

    Nintendo derives a great deal of revenue from payments from game developers, who are required to pay Nintendo for the privilege to develop and ship games for Wii. Allowing a GPL game would very quickly cause Nintendo problems, because the GPL requires royalty-free copying and distribution -- it is possible that the surcharge for blank Wii discs and signed games would become a problem. That alone would be enough to prohibit the GPL, but Nintendo's lawyers just want to be sure that nobody will accidentally put a Wii game in that situation.

    Of course, it appears that they failed at that, since the game in question is now stuck in a licensing nightmare.

  9. Re:I hope the wrong lesson isn't drawn... on Atari Sub-Sub-Contractor Used ScummVM For Wii Game · · Score: 1

    Unless it is BSD licensed. Regardless of the operating system you are using right now, I am pretty sure that there is BSD code in there.

  10. ScummVM is not to blame on Atari Sub-Sub-Contractor Used ScummVM For Wii Game · · Score: 4, Insightful

    ScummVM released their software under the GPL. They did not do this with the intention of preventing Wii development, they did it with the intention of ensuring that all copies of their code, including modified copies, remain open source. ScummVM's developers would love to see ScummVM running on the Wii, and they did not attack anyone for doing this; Nintendo is the belligerent party here, for preventing developers from licensing Wii games in certain ways.

  11. ASCAP has no positive image left on ASCAP Wants To Be Paid When Your Phone Rings · · Score: 1

    Anyone who is familiar with ASCAP but not a member is already aware of their ludicrous claims and tactics, and their ridiculous methods of making money. How much of a PR hit could they possibly take? This sounds like "more of the same" to me...

  12. Re:What exactly is the main thrust of the study? on NIH Spends $400K To Figure Out Why Men Don't Like Condoms · · Score: 1

    ...which is snug but doesn't cut off circulation is the best condom to have on.

    [Oops I left that bit out in my first post...]

  13. Re:What exactly is the main thrust of the study? on NIH Spends $400K To Figure Out Why Men Don't Like Condoms · · Score: 1

    I am of the opposite opinion. Condoms that are too wide kill it for me -- it feels like having a sandwich bag on. Too tight is an issue, of course, but I have generally found that a "normal sized" condom, which is snug but doesn't cut off circulation.

    For those who choose to reply to this: please keep the comments about penis size mature (yes, I know that now everyone is going to make an immature joke about it, but really, save them for a thread where they are not as relevant).

  14. Re:What exactly is the main thrust of the study? on NIH Spends $400K To Figure Out Why Men Don't Like Condoms · · Score: 1

    "The reason is obvious to anybody that's ever used one."

    No, it is only obvious to someone who has used one, and also not had sex without using one. Someone with no points of comparison will not know the difference in sensation. I was once told that the worst thing someone can do is have unprotected sex before they are married -- because they will not want to go back to using a condom.

    Of course, there are other issues, like the fact that in the middle of an intimate moment, one needs to stop, open the condom wrapper (not always easy to do), get it on one's penis (while maintain an erection -- and of course, having your partner help you maintain an erection makes opening the wrapper that much harder), and then go about doing your business. Speaking from my own experience, it is usually easy to forget about the disturbance caused by getting a condom on during an intimate moment, but I know men who do not feel the same way.

  15. "Learn and work hard" on Indian CEO Says Most US Tech Grads "Unemployable" · · Score: 2, Interesting

    It's funny, because when I was an undergraduate, we had a lot of Turkish and Indian students in the electrical engineering and computer science programs (as I double major, I saw it all). "Rampant cheating" is an understatement of how bad things were. These guys could not even cheat creatively: they handed in 100% identical assignments. A friend of mine, who was a graduate student, taught a course called "graduate remedial programming," which was exclusively populated by Indian students, because despite having received a bachelor's in CS (or equivalent) from an Indian university, they were unable to pass an elementary programming exam where they could use any programming language they wanted.

    Yes, perhaps it is a biased sample because all of the students went to the same university. Yet after seeing the level of copyright infringement that Indian programmers seem to commit, I have to wonder if the 300~ students at my university were representative of the norm. As you said, "not all, but many" -- a great deal of Indian workers are: 1. Cheaters, 2. Incompetent and 3. Legally risky as employees.

  16. Free as in freedom on Sothink Violated the FlashGot GPL and Stole Code · · Score: 1

    Free as in freedom, not as in free beer. I thought that the world had moved past that misunderstanding, but now I see that it was just my circle of friends.

  17. What license? on Sothink Violated the FlashGot GPL and Stole Code · · Score: 1

    The GPL also specifies that derivative works (such as Sothink) must be distributed under the same license. What is the Sothink license? Can anyone find that out (I am having some trouble finding the exact license...)?

  18. Re:No more "cool" stuff, please. on Sniffing Browser History Without Javascript · · Score: 1

    "Oh, wait... then web developers will inject 3rd party web code directly into the main document with AJAX, which is even worse."

    Not if you disable Javascript: AJAX = Asynchronous Javascript And Xml.

  19. Re:FIRST! And welcome to fraternity file cabinets on Student Who Released Code From Assignments Accused of Cheating · · Score: 2, Interesting

    And by using these file cabinets instead of putting in the effort to actually learn the material, these frat boys cheated their way through college and cheapened the value of your degree. Nothing ticks me off more these days than people who treat a college degree as a job ticket (I get ticked off by a lot of people), and that is exactly what these frat boys do: they party for 4 years and get their job ticket, then go out into the market and act like they put in as much effort as someone who spent their time studying and trying to become an expert in their field. Why colleges tolerate this, when they could rectify the problem after just one year of cracking down on cheating (and improve their reputation as a serious academic institution in the process) remains a mystery to me (except for the simple, "they are afraid of losing students and their tuition dollars," argument).

  20. Math Work Ethic on Wolfram Alpha Rekindles Campus Math Tool Debate · · Score: 1

    In the spirit of mathematics, here is a counterexample that disproves your "protestant work ethic" concept: angle trisection. The ancient Greeks, who were most certainly not protestants (as they lived before Christianity itself), were unable to figure out how to trisect an angle using a compass and straightedge properly. By improperly using a straightedge (that is, by marking it), it is possible to trisect any given angle, but mathematicians were still interested in the proper way to solve this seemingly simple problem.

    Several centuries later, it was proved that the proper way is actually impossible (as was the case for all the "great problems of antiquity").

    Mathematics is not about getting the answer, it is about understanding the answer. If a student uses WA to help learn how problems are solved and to explore more advanced concepts (I personally used Mathworld to do this when I was in high school), that is a good thing and should be encouraged. However, judging by my classmates in middle school, high school, and college, I doubt that the majority will do this. More likely, it will just become a new way for students to cheat on their homework and force their professors to give easier curves on tests (since they can say, "look at how well I am doing on my homework, clearly the test was just too hard!").

  21. Re:Mod parent up on California To Move To Online Textbooks · · Score: 1

    Maybe that is how things are done in California, but where I grew up (New York City), our textbooks were old but plentiful -- we never had too few for an entire class. Most of the algebra books had been published in the 70s (I went to school in the 90s), and some of the literature/English texts had been published in the 50s and 60s (this is not a joke, the paper was changing color). The worst problem we encountered was the occasional missing page, which was quickly corrected by simply grabbing a second copy (we usually had a few extras). I know that not all elementary and middle schools are so fortunate, and that within the New York City school system there are schools that do not have enough books for all their students, but that is a separate issue from whether or not paper textbooks make more sense than subscriptions...

  22. Mod parent up on California To Move To Online Textbooks · · Score: 5, Insightful

    That is exactly what is going to happen, and the era of reusing textbooks year after year will come to and end. With some subjects, it makes sense to get the most up to date material each year -- geography, politics, etc. -- but with others, it does not -- math, basic physics (not college level QM), etc. Why should schools be forced to pay for new subscriptions every year for material that is not changing?

  23. Re:Blimps maybe? on Analysis Says Planes Might Be Greener Than Trains · · Score: 2, Insightful

    There are nonstop train services, especially along high volume lines. Really, the advantage trains have over planes is only seen on high volume routes anyway, such as the northeast corridor on Amtrak. It is rare for trains to be forced to wait behind other trains on that route (except when waiting to enter a terminal, which is a small fraction of the overall trip), since there are four tracks dedicated to passenger rail, and it is all electric, which is cleaner than diesel.

    Another matter to consider is that many of stops that a train makes are in the centers of towns and cities, while the nearest airport may be 60 miles away or more. Amtrak's service south of Washington DC has stops at several mid-sized towns for which there is no direct flight to or from most major cities (even the major cities along that rail line). If you were to try to fly to those towns, you would have to fly to the nearest major airport, possibly fly to a landing strip near the town, and then get on a bus or into a car to get to the actual town. That is not nonstop service, and that is not necessarily more efficient than rail travel, even diesel powered trains.

  24. Re:That's insane. on Solution For College's Bad Network Policy? · · Score: 1

    You can ban by MAC address if you are worried about someone moving to a different port. Do it at the switch level, so that even if someone moves around, they cannot evade the ban.

    You cannot really identify *who* someone is just by their registration. That is why the policies always explicitly prohibit sharing user names (but there is really no way to stop people from doing this)...

  25. Re:You're not as interesting as you think you are on Solution For College's Bad Network Policy? · · Score: 1

    You are running a binary executable on your Linux machine, with no idea what it is doing. It could be installing a backdoor, a keystroke logger (xspy comes to mind), etc. You do not need to be root to run a process that listens on some random port (>1024) or to run xspy, and even many advanced users cannot create reliable SELinux policies for their personal computers that could prevent such attacks.

    The real answer is to not download and run software from a website. This gets in the way of CSAs -- so universities should stop using CSAs. There is a bit of irony in conditioning users to install software that they are told to download, as part of an effort to prevent those users from installing malware...