If this computer can decide to reboot itself, it must have now reached self-awareness!

They're patenting a method of exchanging the keys to use for that cipher, and claiming using SSL/TLS to exchange the keys to use for RC4 violates their patent.

Not precisely. Here is Claim 1 of the patent:

providing a seed value to both said transmitter and receiver,
generating a first sequence of pseudo-random key values based on said seed value at said transmitter, each new key value in said sequence being produced at a time dependent upon a predetermined characteristic of the data being transmitted over said link,
encrypting the data sent over said link at said transmitter in accordance with said first sequence,
generating a second sequence of pseudo-random key values based on said seed value at said receiver, each new key value in said sequence being produced at a time dependent upon said predetermined characteristic of said data transmitted over said link such that said first and second sequences are identical to one another a new one of said key values in said first and said second sequences being produced each time a predetermined number of said blocks are transmitted over said link, and
decrypting the data sent over said link at said receiver in accordance with said second sequence.

So note that the keys are already provided (exchanged) in the first limitation. Then there's the issue of deriving the receiver and transmitter keys. This could refer to the pseudo-random function (PRF) used to generate session keys in TLS, but my understanding is that they're only asserting this against RC4 configurations.

That last clue is what makes me think that the "first sequence of pseudo-random key values" is RC4 output, and "encrypting" is XORing the plaintext with those values.

Nevermind that the patent was actually filed in 1989, long before the World Wide Web was even invented.

The problem here is not that the patent was filed before SSL was invented (about 1995) -- that could be fine, if SSL was using a patented technology that pre-dated its own invention.

The problem here is that the attorneys are accusing the practice of 'sending network records over a wire and encrypting them with a stream cipher', where in this case the cipher is (I believe RC4). However RC4 was invented in the 1980s and should pre-date this patent. I'm certain that somebody used it to encrypt network traffic in an almost identical manner, so there should be prior art.

Moreover, stream ciphers in general have been around for much longer than that. Someone somewhere has published/deployed this idea before. It should not be a live patent. Note that the case has never been tested by a court.

This post gives a high-level summary of the attack:

http://blog.cryptographyengineering.com/2012/10/attack-of-week-cross-vm-timing-attacks.html

(I previously posted this as AC, but it vanished.)

My favorite is the Apple ][ disk controller, most notably the read synchronization and decoding achieving 5, then ultimately 6 useful data bits per raw 8 bits, using little discrete logic and a small (P)ROM.

Recently had this situation.

Nirsoft's free "SearchMyFiles" http://www.nirsoft.net/utils/search_my_files.html has a straightforward Find Duplicates mode which helped a lot. It is easy (the most "complex" is designating the base locations for searches as e.g. K:\;L:\;P:\;Q:\), fast, never crashed on me, and had only cosmetic issues ("del" key not working). I recommend running it with administrative privileges so that it does not miss files.

50% of faculty would be transferred to other engineering departments (ECE, ISE, and BME)

Just to clarify: The other 50% of faculty will move to better Universities. All of the good ones anyway.

My University is already treating this as a huge hiring opportunity.

Keeps developers from getting tunnel vision, giving them a larger view of the whole ecosystem.

Or it could be because Apple pays somewhat lower salaries than other Silicon Valley companies, and is consequently less able to get its hands on talent. Who knows.

written for MacOS and somehow been run through a translation layer that converts MacOS system calls to Windows system calls.

If that's the case, then the Mac version is converting MacOS system calls to Windows calls and then back again. In short: the problem is iTunes, not the Windows version.

Set-up a separate team of programmers. One working on the original iTunes for one final release (11), and a new one rewriting the whole thing to produce a better cleaner iTunes (12).

And here's where you run into the real problem: Apple never devotes enough coding resources to do this sort of stuff. This is why it took a year+ to get copy/paste on the iPhone, and it's also why iCloud doesn't feel 'quite there yet'.

I'm not at Apple, but people who are tell me that there's basically an A-team of good coders, and they get shifted around to whatever project makes the most sense at the time. Apple probably has the cash to fix this, but they don't seem to want to.

As a more general complaint, why isn't iOS PC-free yet? iCloud cost Apple a fortune and it almost lets me do everything without iTunes -- yet try to put a video on my phone, suddenly I'm looking for my USB cable and trying to figure out which computer has my iTunes library on it (because god forbid I sync with the wrong one, I'll wipe my phone).

So how, then, do they detect the breach, which is usually far more difficult than protecting the stuff in the first place.

A common approach is to insert 'canaries' into the datasets. These are wholly-invented users whose credentials should never show up in any system, anywhere. If they do start showing up in significant numbers, you have a breach. By measuring which, and how many of these fake users turn up, you get a read on how many records you lost.

Not that this necessarily has anything to do with this case. It's also possible that the thieves were openly advertising their haul on the 'net, and some law enforcement agent happened to be listening in.

Note that I agree with everything the GP poster said, but his comments do have an inkling of truth. We are experiencing an economic change in the United States, and may have been experiencing it for 20 years -- masked only by the 90s stock boom and real-estate bubbles. The change is characterized by lower-than-expected growth, and a difference in the way that growth has been distributed. Much of the growth is occurring overseas, and while Americans are profiting off of it, the profits aren't being equally distributed.

This may or may not have something to do with increasing world population, but in the longer term, we do face real population pressures. Not the Stand-on-Zanzibar strawman, where the country literally gets too crowded. Rather, we're facing huge resource pressures. There's reason to believe that our economy is already being constrained by energy resource limitations (read: oil), and not so much because the world population is increasing (though it is) but because large swaths of it have decided not to live in poverty anymore. There are 2.5 billion people expected to come out of poverty in the next few decades, and nobody has a clue how that's going to work. You could live in the middle of the Mojave desert and still be affected by that. And it's not just oil -- look up 'peak potassium' if you want another reason to be concerned. And of course, there's nuclear proliferation and climate change, which appears likely to happen whether or not you believe that humans are involved.

Many of these concerns can probably be addressed, but not by the economic system we're currently operating. So while I don't think that the Occupy protestors are explicitly looking three to four decades into the future, I hope that they're successful because the only way I see our way of life lasting 50 years is if we all make some dramatic changes to the way our government and economic elites behave. It's going to be a bumpy ride, and our current arrangement is like locking 90% of the population into steerage and driving the ship with abandon through a field of icebergs.

there is truth to the point that many of the people at the protests didn't even know why they were there. Literally, when asked on camera, they couldn't give an answer. They just wanted to be part of an anti-authority movement.

Preserving and defending the right to peaceably assemble, all by itself is a good enough justification for doing it from time to time. I bet a lot of protestors initially who initially had no, or no good reason, to protest eventually found one when the cops teargassed them or otherwise used excessive force. They also probably learned a lot about our democracy.

And yes, every protest is going to have some bad apples. Welcome to reality. If this is unacceptable to you, maybe we should abandon our constitutional right to do it in the first place.

It's not just bad corporate policies. It's the entire commercial security industry as well:

http://blog.cryptographyengineering.com/2012/03/why-antisec-matters.html

Yes. But you're making it as if Apple were Monsanto lying about 3 headed babies because their mothers ate corn in the 3rd trimester.

What I'm saying is that Apple collected a profit by lying to its customers, they should be liable for some or all of that profit.

Has our culture degraded to the point where this thought is shocking? If so, please kill me.