We are not supposed to be, 2048 should be considered the minimum going forward.
Why aren't we using keys that are 1048576-bits?
It would take too long to encrypt anything, and there are diminishing margins of return when key sizes grow so large. If you are using more than 16384 bit keys, you are doing it wrong -- if you really need security that far into the future, you should be using ECC (which is more efficiently in terms of key sizes) or something that is secure even in the presence of a quantum computer like McEliece.
Also, keep in mind that such a large public key will require a larger symmetric key to even be meaningful -- 16384 bit RSA has no real advantage over 4096 bit RSA if you are using 128 bit AES. You also need to worry about the entropy available to your system, which could erase whatever advantage larger key sizes might have.
Could the results have anything to do with alcohol being much easier to acquire than pot?
Coffee is easier to acquire, as there are no regulations at all. Strange that caffeine is not part of this study. Maybe the authors' definition of "drugs" was tainted by American propaganda...
If we're going to assume conspiracy, put down the DEA, prisons, and drug cartels as behind it too
Not too far from the truth. Considering that the DEA has the power to declare drugs to be illegal, that they are employed to track down and arrest people who possess, produce, or sell illegal drugs, and have had their power expanded more than any other law enforcement agency because of the drug war, I do not think it is some crazy conspiracy theory to think that the DEA is part of the problem here. Nor is it crazy tho think that private prisoner operators are part of the problem -- they are making billions of dollars maintaining the largest prison population in the world.
Cartels, no -- because they have no real say over laws or politics in America, not because they would fail to push for the continuation of the war on drugs if they could.
I think the real reason is simply that too many people think
Already wrong -- alcohol prohibition was the result of stupid ideas about a drug, the war on drugs is a concerted, deliberate effort to achieve certain goals. People are fed plenty of propaganda, but the politicians and businessmen with the power to continue or end the drug war are not idiots. They know what they are doing, and they know why they area doing it, and they know that their approach is not based on what is best for the American people.
I think it is a more plausible explanation than blaming alcohol and tobacco companies (and I've heard pharmaceutical companies blamed too)
Oh yeah?
unless you have evidence that it is actually happening
Alcohol is a bit different, with the top recipients of alcohol industry donations having mixed voting records on drugs -- still plenty of support for military tactics, but less opposition to medical marijuana initiatives (there is a lot more to worry about, though -- let's not forget the hundreds of other prohibited drugs).
On the whole? Tobacco and pharmaceuticals are big supports of the war on drugs; alcohol companies are supportive but less so. That's just judging by a few minutes of Googling; I am sure a deeper investigation would reveal more.
No, most neonazis grew up in a world where mass murder is an unquestionable evil, a crime against humanity, something that only psychopaths would willingly organize. Most neonazis talk a big game about how Jews have too much power and how black people/gypsies/whatever are ruining our country, but they do not know what Nazism was. Most neonazis have no idea that the Nazis meant disease in the literal sense, and that the holocaust was viewed by the Nazis as a way to protect their race from a disease. Most neonazis have no idea what the Nazi movement was, they only know that it involved the sort of racism they support (blaming Jews, gypsies, and black people for everything). Ironically, many neonazis extend their hatred to Catholics as well.
Marching millions people into industrial-scale death camps? Shooting people on public streets? Forced, non-consensual, secret sterilization? People who just want to wave the swastika around because they think it is the symbol of racism cannot bring themselves to believe that the real Nazis were capable of such psychopathic acts, since that requires them to accept that the real Nazis were psychopaths (and that they are waving around the flag and symbol of those psychopaths). It is easier for them to just convince themselves that it is part of some Jewish conspiracy to discredit the Germans and to extract money from the USA for Israel.
The paper does not dispute that the climate is changing as a result of human pollution.
The paper calls into question previous methods of evaluating historical data, and asserts that orbital changes have had a greater effect on the Earth's climate over the past 2000 years than CO2 emissions have had over the past 200 years (note that the timescales different by a factor of ten).
There is still a nice big spike coinciding with the industrial era.
Do not pick and choose words or results from scientific papers. The scientists who published this paper are part of the X who agree that CO2 emissions are warming the planet.
They in no way deny that human activity has affected the climate, they simply assert that changes in the Earth's orbit have caused more significant changes.
However, we've gotten sick of the console-makers' sense that somehow they OWN us as customers, and can reach further and further into our lives to control the console experience downstream.
We have; most gamers and people in general have not. Note the immense popularity of consoles and console games, and other locked down vendor-controlled devices (cell phones, iPads, etc.).
It's pretty easy to consider the desktop PC the greatest "open" device out there, and OSS options on it have always had these problems. But instead of the single device manufacturer locking OSS out, it's component makers not releasing driver sources or specifications.
Except that the open source development community has basically shown that they can reverse engineer hardware and produce their own drivers. There is no worry about breaking the law when you distribute an open source driver. Compare that to the situation with geohot.
Not Apple; Nintendo, Sony, Sega, etc. were the pioneers of locking down consumer computers. Before Apple was even a company, people were talking about computation being sold as a utility -- you would only rent access through a terminal to a mainframe.
Yes, manufacturers are doing this. Yes, they are locking down the device, and yes, GPLv3 is incompatible with such a platform.
Re:Then it will be revived again
on
Bye ACTA, Hello CETA
·
· Score: 3, Insightful
You're missing the point. The lobbyists are never "defeated" -- they keep trying to get what they want, and we need a more permanent solution to that problem. Yes, people eventually run out of energy -- the fact that one protest has remained active in Frankfurt does not mean that people can keep coming out and protesting whenever lobbyists try to attack the Internet.
Look at it this way: we are fighting the wrong battle. Instead of protesting ACTA-like treaties, we should be pushing for laws that protect the Internet from such things. We need to slap down the lobbyists and the industries they represent once and for all -- so that we don't have to go out and protest the same laws and treaties every few months. We should be moving our focus on to new issues, not rehashing the same old problems over and over again. Voting no on an individual treaty is putting a band-aid on a broken leg; we need to vote yes on a resolution that rules out all such treaties.
Nobody thinks they are doing the world a favor by fighting copyright or trademark infringement. They know they are doing a specific industry a favor. No person with any power actually thinks copyrights, patents, trademarks, or trade secrets carry any moral weight; the purpose of such legal constructs is to give a boost to particular industries.
Eventually, protesters run out of steam. High-paid lobbyists don't stop. This sort of thing will be revived over and over until the industry gets what it wants. That's how democracy works, right? Keep demanding things until people lose the energy to vote against you.
What safety are you referring to there? The things that make C unsafe also make C++ unsafe, and on top of that, you have things like:
int f(char*);
int f(int);
std::string f(){}// Compilers are not required to return an error here
int operator,(int a, int b){//...}// Does not necessarily work as expected
Classname::~Classname(){memberOfStreamType.close();}// Could cause abort() to be called; more likely to do so in C++11
Only experts can be expected to write reliable or safe code in C++, and even experts can be surprised by the ways things can go wrong. Like C, C++ is riddled with ambiguous statements, undefined behavior, unpredictable results, and C++ also adds unreliable constructs. We need a language that is not like C++ when we write high level programs.
Actually, I'm pretty sure that personal computers were simply "meant" to be useful to the most people possible
No, PCs were built by people who wanted to own and control their computers, and whose opinion was that everyone else should have that freedom. In the 1960s (years before PCs), IBM, AT&T and other companies were already talking about how to bring computers into offices and homes, by selling computation as a utility. The plan was for you to have a terminal in your house, which would connect to a mainframe, and you would pay by the CPU hour, by the storage you used, etc. The computer itself would be equipment owned and operated by the utility.
The point of PCs was to give you a computer that you owned and operated, rather than one you rented. You could install whatever hardware you wanted, you could run whatever software without worrying about the bill, you could modify the system in arbitrary ways. It was never a choice between PCs and having no computer access, it was a choice between PCs and renting time on some mainframe.
Perhaps sad for those of us who tinker, but whether or not the bootloader is locked will have zero impact on the vast majority of personal computer users...
I disagree; stronger DRM means tighter controls on what people can do. Copy a movie to your tablet, so you can watch it on the go? That will be something people will be forced to pay for, or even forbidden from doing in the first place. This is not just about hackers. Ordinary people often have no idea what their computer is truly capable of because they are using software, and now hardware, that is designed to restrict them.
It's also sensationalist to assume that those of us who do tinker will not still have plenty of hardware options
Yeah, but we may be forced to make decisions that we would not have had to make otherwise. What if dual booting becomes impossible, because Windows will not run on a system without these restrictions? That will stop a lot of people -- people who cannot afford two computers (like me when I was in middle school) and who cannot give up Windows.
Either turn off "secure boot" (buy x86)
Not necessarily easy to do; OEMs do not have to cooperate and enable custom mode, let alone allow you to disable the feature entirely.
you may also just build your PC yourself
There is no guarantee that Windows will actually run on such a system. Look at the effort required to get Mac OS X running on a homebrew system; what reason does Microsoft have to make Windows available on a home-built system? Maybe only OEMs will get to do that, or maybe only OEMs will be allowed to install Windows with support for certain entertainment services (e.g. Netflix), etc.
I know that it is a little paranoid, but Microsoft does not have a history of being soft on these things. Remember when they integrated Internet Explorer into the desktop? If Microsoft is pushing this because they envision the future of home computer as being entertainment-oriented -- and I strongly suspect that this is the case -- it is reasonable to assume that they will do everything they can to create a "media ecosystem." Why shouldn't OEMs be cutting deals with media companies? Why wouldn't Microsoft want to position Windows as the software that is used for that purpose? This is something that will probably make a lot of money, for Microsoft and the OEMs that ship Windows systems, and the entertainment companies. Perhaps homebrew systems will also get access -- for a price, and probably a higher price than what OEMs pay.
Of course servers won't have locked bootloaders, either.
I used to think this, but I am not so sure about that anymore. Why not have locked bootloaders on servers? There is a larger security concern there (the stakes are much higher; even if bootloader rootkits are a ra
Why spend time and money learning some other "more appropriate" language (or buying an air compressor and nail gun) when you already have a tool at your fingertips that will do what you need.
Indeed, although sometimes you save yourself a lot of headaches by getting a tool that was built for your task. I have, in a pinch, used a screw driver to hammer nails, but a screw driver is no replacement for a hammer.
That being said, Python+SciPy+NumPy is fine for data analysis; people use it all the time, and it works as well as R or MatLab. It is not as though we are talking about QuickBasic for data analysis.
So, since there are dictators who attack their own citizens with military weapons, we can just ignore free speech rights? Internet freedom is a subset of freedom of speech.
Generic drugs are almost always cheaper than name brands. Drop the patents, let the NIH and NSF fund drug research (and drop the war on drugs crap too -- let researchers have the freedom to research drugs without having to worry about political correctness or right-wing drug policies), and let pharmaceutical companies produce the drugs that researchers discover in a competitive market. It is not that markets have no place at all here, it is that research should not be market-driven.
Put your home directory on another partition and you're as good as reinstalling another Distro's product. Problem solved. Where's the difficulty again?
You also need to remember to set the uid and gid correctly for the user you create, you need to double check that the SELinux policies are compatible, you sometimes need to make sure that some different version of the software between distros won't destroy configuration settings, etc. It is not as simple as having a clever partitioning scheme.
Now, we get to add another item to the list: make sure the distro's signing key is on your system.
How will the OEMs be held to that? By what legal force?
Standards do matter, because people expect their devices to comply with standards. Nothing actually requires a wireless NIC to be compliant with the 802.11 standards (2.4GHz, 5.8GHz, and 900MHz are all unlicensed bands, and there are a few proprietary networking systems that use those frequencies), but people would be pretty angry if their NIC did not reliably connect to WiFi networks. At the very least, Microsoft is going to assume the UEFI standard when they produce Windows disks.
Right now Microsoft does require that user loaded keys and a way to turn off secure boot be enabled for Windows 8 certification
Except, of course, on ARM.
They cannot mandate that to the OEMs, because of the anti-trust case, ironically.
Indeed, although Microsoft has no reason to create such a mandate; I do not honestly expect Microsoft to be a proponent of user freedom. Canonical, on the other hand, should -- they are, at least in theory, an open source company.
Slashdot Mirror
Why are we screwing with 1024-bit keys?
We are not supposed to be, 2048 should be considered the minimum going forward.
Why aren't we using keys that are 1048576-bits?
It would take too long to encrypt anything, and there are diminishing margins of return when key sizes grow so large. If you are using more than 16384 bit keys, you are doing it wrong -- if you really need security that far into the future, you should be using ECC (which is more efficiently in terms of key sizes) or something that is secure even in the presence of a quantum computer like McEliece.
Also, keep in mind that such a large public key will require a larger symmetric key to even be meaningful -- 16384 bit RSA has no real advantage over 4096 bit RSA if you are using 128 bit AES. You also need to worry about the entropy available to your system, which could erase whatever advantage larger key sizes might have.
Could the results have anything to do with alcohol being much easier to acquire than pot?
Coffee is easier to acquire, as there are no regulations at all. Strange that caffeine is not part of this study. Maybe the authors' definition of "drugs" was tainted by American propaganda...
people with substance abuse problems naturally gravitate first to legal (and hence more easily acquirable) substances.
Caffeine?
If we're going to assume conspiracy, put down the DEA, prisons, and drug cartels as behind it too
Not too far from the truth. Considering that the DEA has the power to declare drugs to be illegal, that they are employed to track down and arrest people who possess, produce, or sell illegal drugs, and have had their power expanded more than any other law enforcement agency because of the drug war, I do not think it is some crazy conspiracy theory to think that the DEA is part of the problem here. Nor is it crazy tho think that private prisoner operators are part of the problem -- they are making billions of dollars maintaining the largest prison population in the world.
Cartels, no -- because they have no real say over laws or politics in America, not because they would fail to push for the continuation of the war on drugs if they could.
I think the real reason is simply that too many people think
Already wrong -- alcohol prohibition was the result of stupid ideas about a drug, the war on drugs is a concerted, deliberate effort to achieve certain goals. People are fed plenty of propaganda, but the politicians and businessmen with the power to continue or end the drug war are not idiots. They know what they are doing, and they know why they area doing it, and they know that their approach is not based on what is best for the American people.
I think it is a more plausible explanation than blaming alcohol and tobacco companies (and I've heard pharmaceutical companies blamed too)
Oh yeah?
unless you have evidence that it is actually happening
Well, since you asked...
http://www.drugfree.org/about/our-partners/sponsors-supporters
Note the pharmaceutical companies. By the way, here are some of the people that alcohol and tobacco companies make big campaign contributions to:
Alcohol is a bit different, with the top recipients of alcohol industry donations having mixed voting records on drugs -- still plenty of support for military tactics, but less opposition to medical marijuana initiatives (there is a lot more to worry about, though -- let's not forget the hundreds of other prohibited drugs).
On the whole? Tobacco and pharmaceuticals are big supports of the war on drugs; alcohol companies are supportive but less so. That's just judging by a few minutes of Googling; I am sure a deeper investigation would reveal more.
Net neutrality: ensuring that the Internet does not become like this.
No, most neonazis grew up in a world where mass murder is an unquestionable evil, a crime against humanity, something that only psychopaths would willingly organize. Most neonazis talk a big game about how Jews have too much power and how black people/gypsies/whatever are ruining our country, but they do not know what Nazism was. Most neonazis have no idea that the Nazis meant disease in the literal sense, and that the holocaust was viewed by the Nazis as a way to protect their race from a disease. Most neonazis have no idea what the Nazi movement was, they only know that it involved the sort of racism they support (blaming Jews, gypsies, and black people for everything). Ironically, many neonazis extend their hatred to Catholics as well.
Marching millions people into industrial-scale death camps? Shooting people on public streets? Forced, non-consensual, secret sterilization? People who just want to wave the swastika around because they think it is the symbol of racism cannot bring themselves to believe that the real Nazis were capable of such psychopathic acts, since that requires them to accept that the real Nazis were psychopaths (and that they are waving around the flag and symbol of those psychopaths). It is easier for them to just convince themselves that it is part of some Jewish conspiracy to discredit the Germans and to extract money from the USA for Israel.
Do not pick and choose words or results from scientific papers. The scientists who published this paper are part of the X who agree that CO2 emissions are warming the planet.
They in no way deny that human activity has affected the climate, they simply assert that changes in the Earth's orbit have caused more significant changes.
However, we've gotten sick of the console-makers' sense that somehow they OWN us as customers, and can reach further and further into our lives to control the console experience downstream.
We have; most gamers and people in general have not. Note the immense popularity of consoles and console games, and other locked down vendor-controlled devices (cell phones, iPads, etc.).
It's pretty easy to consider the desktop PC the greatest "open" device out there, and OSS options on it have always had these problems. But instead of the single device manufacturer locking OSS out, it's component makers not releasing driver sources or specifications.
Except that the open source development community has basically shown that they can reverse engineer hardware and produce their own drivers. There is no worry about breaking the law when you distribute an open source driver. Compare that to the situation with geohot.
Not Apple; Nintendo, Sony, Sega, etc. were the pioneers of locking down consumer computers. Before Apple was even a company, people were talking about computation being sold as a utility -- you would only rent access through a terminal to a mainframe.
Locked down platform? Any vendor would have to have a market or app store comparable in many ways to those already in place by Apple and Google
http://www.wimm.com/
Yes, manufacturers are doing this. Yes, they are locking down the device, and yes, GPLv3 is incompatible with such a platform.
You're missing the point. The lobbyists are never "defeated" -- they keep trying to get what they want, and we need a more permanent solution to that problem. Yes, people eventually run out of energy -- the fact that one protest has remained active in Frankfurt does not mean that people can keep coming out and protesting whenever lobbyists try to attack the Internet.
Look at it this way: we are fighting the wrong battle. Instead of protesting ACTA-like treaties, we should be pushing for laws that protect the Internet from such things. We need to slap down the lobbyists and the industries they represent once and for all -- so that we don't have to go out and protest the same laws and treaties every few months. We should be moving our focus on to new issues, not rehashing the same old problems over and over again. Voting no on an individual treaty is putting a band-aid on a broken leg; we need to vote yes on a resolution that rules out all such treaties.
Nobody thinks they are doing the world a favor by fighting copyright or trademark infringement. They know they are doing a specific industry a favor. No person with any power actually thinks copyrights, patents, trademarks, or trade secrets carry any moral weight; the purpose of such legal constructs is to give a boost to particular industries.
https://torrentfreak.com/record-label-infringes-own-copyright-site-pulled-081019/
Eventually, protesters run out of steam. High-paid lobbyists don't stop. This sort of thing will be revived over and over until the industry gets what it wants. That's how democracy works, right? Keep demanding things until people lose the energy to vote against you.
Why does it take two months?
The same reason months elapse between movies being shown in theaters and movies being released on DVD.
safety of C++,
What safety are you referring to there? The things that make C unsafe also make C++ unsafe, and on top of that, you have things like:
Only experts can be expected to write reliable or safe code in C++, and even experts can be surprised by the ways things can go wrong. Like C, C++ is riddled with ambiguous statements, undefined behavior, unpredictable results, and C++ also adds unreliable constructs. We need a language that is not like C++ when we write high level programs.
Actually, I'm pretty sure that personal computers were simply "meant" to be useful to the most people possible
No, PCs were built by people who wanted to own and control their computers, and whose opinion was that everyone else should have that freedom. In the 1960s (years before PCs), IBM, AT&T and other companies were already talking about how to bring computers into offices and homes, by selling computation as a utility. The plan was for you to have a terminal in your house, which would connect to a mainframe, and you would pay by the CPU hour, by the storage you used, etc. The computer itself would be equipment owned and operated by the utility.
The point of PCs was to give you a computer that you owned and operated, rather than one you rented. You could install whatever hardware you wanted, you could run whatever software without worrying about the bill, you could modify the system in arbitrary ways. It was never a choice between PCs and having no computer access, it was a choice between PCs and renting time on some mainframe.
Perhaps sad for those of us who tinker, but whether or not the bootloader is locked will have zero impact on the vast majority of personal computer users...
I disagree; stronger DRM means tighter controls on what people can do. Copy a movie to your tablet, so you can watch it on the go? That will be something people will be forced to pay for, or even forbidden from doing in the first place. This is not just about hackers. Ordinary people often have no idea what their computer is truly capable of because they are using software, and now hardware, that is designed to restrict them.
It's also sensationalist to assume that those of us who do tinker will not still have plenty of hardware options
Yeah, but we may be forced to make decisions that we would not have had to make otherwise. What if dual booting becomes impossible, because Windows will not run on a system without these restrictions? That will stop a lot of people -- people who cannot afford two computers (like me when I was in middle school) and who cannot give up Windows.
Either turn off "secure boot" (buy x86)
Not necessarily easy to do; OEMs do not have to cooperate and enable custom mode, let alone allow you to disable the feature entirely.
you may also just build your PC yourself
There is no guarantee that Windows will actually run on such a system. Look at the effort required to get Mac OS X running on a homebrew system; what reason does Microsoft have to make Windows available on a home-built system? Maybe only OEMs will get to do that, or maybe only OEMs will be allowed to install Windows with support for certain entertainment services (e.g. Netflix), etc.
I know that it is a little paranoid, but Microsoft does not have a history of being soft on these things. Remember when they integrated Internet Explorer into the desktop? If Microsoft is pushing this because they envision the future of home computer as being entertainment-oriented -- and I strongly suspect that this is the case -- it is reasonable to assume that they will do everything they can to create a "media ecosystem." Why shouldn't OEMs be cutting deals with media companies? Why wouldn't Microsoft want to position Windows as the software that is used for that purpose? This is something that will probably make a lot of money, for Microsoft and the OEMs that ship Windows systems, and the entertainment companies. Perhaps homebrew systems will also get access -- for a price, and probably a higher price than what OEMs pay.
Of course servers won't have locked bootloaders, either.
I used to think this, but I am not so sure about that anymore. Why not have locked bootloaders on servers? There is a larger security concern there (the stakes are much higher; even if bootloader rootkits are a ra
Why spend time and money learning some other "more appropriate" language (or buying an air compressor and nail gun) when you already have a tool at your fingertips that will do what you need.
Indeed, although sometimes you save yourself a lot of headaches by getting a tool that was built for your task. I have, in a pinch, used a screw driver to hammer nails, but a screw driver is no replacement for a hammer.
That being said, Python+SciPy+NumPy is fine for data analysis; people use it all the time, and it works as well as R or MatLab. It is not as though we are talking about QuickBasic for data analysis.
So, since there are dictators who attack their own citizens with military weapons, we can just ignore free speech rights? Internet freedom is a subset of freedom of speech.
I see what you did there...
(OK, you made me laugh out loud. Thanks!)
Generic drugs are almost always cheaper than name brands. Drop the patents, let the NIH and NSF fund drug research (and drop the war on drugs crap too -- let researchers have the freedom to research drugs without having to worry about political correctness or right-wing drug policies), and let pharmaceutical companies produce the drugs that researchers discover in a competitive market. It is not that markets have no place at all here, it is that research should not be market-driven.
Put your home directory on another partition and you're as good as reinstalling another Distro's product. Problem solved. Where's the difficulty again?
You also need to remember to set the uid and gid correctly for the user you create, you need to double check that the SELinux policies are compatible, you sometimes need to make sure that some different version of the software between distros won't destroy configuration settings, etc. It is not as simple as having a clever partitioning scheme.
Now, we get to add another item to the list: make sure the distro's signing key is on your system.
The standard? What standard?
The UEFI standard.
How will the OEMs be held to that? By what legal force?
Standards do matter, because people expect their devices to comply with standards. Nothing actually requires a wireless NIC to be compliant with the 802.11 standards (2.4GHz, 5.8GHz, and 900MHz are all unlicensed bands, and there are a few proprietary networking systems that use those frequencies), but people would be pretty angry if their NIC did not reliably connect to WiFi networks. At the very least, Microsoft is going to assume the UEFI standard when they produce Windows disks.
Right now Microsoft does require that user loaded keys and a way to turn off secure boot be enabled for Windows 8 certification
Except, of course, on ARM.
They cannot mandate that to the OEMs, because of the anti-trust case, ironically.
Indeed, although Microsoft has no reason to create such a mandate; I do not honestly expect Microsoft to be a proponent of user freedom. Canonical, on the other hand, should -- they are, at least in theory, an open source company.