Comment Re:GPLv4 (Score 1) 480
A committee by the FSF could for example determine what is 'evil' enough to prohibit its use. Do you think that's a good idea?
Please direct your question to the committee.
A committee by the FSF could for example determine what is 'evil' enough to prohibit its use. Do you think that's a good idea?
Please direct your question to the committee.
Nah. Only 2befc6455fdef3fdc8fe4d9770e45d1b like ebff344a30f680b4d1357c87428852a1 flavor.
I think I'll go hunt some af7caaf1e73a2d24924371a370b4ef9b so I can feed my 362842c5bb3847ec3fbdecb7a84a8692 and a nice quiet evening with my 34b46c8cf192431e84ea81109660367b, chatting about the difficulty of talking about a474fb23f886eeaa16223eba872e53b1 that some socially inept scientist decided to name with a hash function.
Once upon a time, there was an open source developer who published an open source project on GitHub and declared that he was going to make a lot of money from it. People were curious; how could he make any money from what he gave away for free? So they asked him what his secret was.
He thought a moment and said: "You too can be making money from your free software project. All you need is to become a consultant."
"Really?" exclaimed the people "We never thought of that! What do you consult about?"
"I consult companies on how to make money from their open source projects"
"Oooh. That's clever. Uh... but what do you use your OSS project for?"
"Sometimes those companies sometimes hire me to write something for them."
"Your OSS project?"
"Well, no. They usually want something different made."
"But it's open source, right?"
"Uh, no."
"So your advice is basically to put your OSS project on your resume so companies know you can code and then will give you a job?"
"Well, yes..."
"So you are not really making any money from your OSS project, you are just using it to get a job?"
"Uh..."
It is worth pointing out that all developers are power users, and will write applications first for themselves unless they are paid to do otherwise. The reason Windows is so popular is the sheer number of applications available for it. Once the "newbie" interface is segregated from the "power user" interface, there will be a lot fewer applications written for the former due to everyone but the big companies leaving for more useful environments. Fewer applications, and the unlikelihood of anybody writing any anytime soon, is what is killing Metro. If you aren't selling to developers first, you will lose - nobody buys Windows to run Windows.
Encryption can be broken, especially the kind that exposes useful information about the plaintext as this one does. A much simpler alternative is to keep your genetic information in your own control, processing it on your own computer with open source software. You know, just what we already do with other sensitive information like passwords.
So why don't NTP servers limit their responses to, say, 1 per 10 seconds per IP address? Even if spoofing, it would not take that long to exhaust the subnet of the attack target.
> more about your tech than your personal ability
So how far are you willing to take that argument? Some of us, like Bolt Usain, have longer legs and so can run more efficiently. Some, like Michael Phelps, have big feet and a swimmingly efficient body shape. Whatever personal ability you may have, their genetic advantage will beat you every time. They may not be engineered, but they are all freaks, because that's what you have to be to win in today's olympics. I don't know why people bother watching it - it's kind of like a freak show, but less entertaining. I mean, why would I care that one freak can run a course 0.01 seconds faster than another? The olympics are dead. We should just get rid of it.
Whether it goes to 11 or not, it better have a 1/4 jack for Marty McFly to plug a guitar into.
There is nothing wrong with this picture. Monopolizing a hole has been a successful evolutionary strategy for millions of years.
Gee, a service I have never heard of before is saying that maybe I have a valuable stash of bitcoins given to me by grateful users of my OSS project and that for a small fee they would be happy to liberate it for me for a tidy profit. Where have I heard this before?
I would add that vibration and handling are likely to contribute to failures. If you mount each drive on rubber grommets so it's isolated from the others, it should last longer. Failures are usually mechanical and less disturbance it gets, the better.
Which is how we end up with things like the weak Zip File and early MS-Office encryption. Companies think they can roll their own, or take shortcuts and end up with weak security. Published algorithms have withstood scrutiny by actual experts, don't assume that your home-grown super-secret encryption will stand up to scrutiny
Funny you mentioning Zip and Office encryption. Neither of those ciphers is broken. If you read the papers you are linking to you'll find that the zip attack exploits its byte-by-byte CBC mode. With only a byte, dependencies between sequential bytes can be put into a solvable matrix. Expanding the block to even 4 bytes would make this attack infeasible. Office encryption break likewise exploits the CBC weakness, due to Office reusing IVs. The cipher, RC4, happens to be one of your published algorithms. This just illustrates that the cipher is only one part of any cryptosystem, and the way you use it also matters. If you know enough to make your blocks large enough, like 16 bytes, and are aware that IVs need to be unique, there is no reason you couldn't design your own secure cipher. Cryptographers are not supergeniuses. All it takes is some attention to detail.
This is the "bad" sort of security through obscurity, because its sole protection is that no one will care enough to try breaking your encryption cipher.
It's not "no one", it's "no one who is able to break it". There is a big difference. When there is only a handful of people in the world who are capable of breaking your cipher, and there is no chance of them taking an interest it, I'd say your cipher is pretty damn secure.
its similar to turning off wifi beaconing or using MAC authentication on unencrypted wifi.
It is instead more similar to using a regular wooden door with a regular keyed lock to protect your house instead of a 6" thick high-strength steel vault door with an electronic lock. Define your threat before you decide on what security measures to take. If you don't, you will go bankrupt and will still get your stuff stolen in some other way. For most of us, a wooden door provides enough security because we need windows for light and can't afford the bulletproof 1"-thick ones. Likewise, most of us protect our data from regular criminals who aren't smart enough to do cryptanalysis. Against such adversaries, any cipher that has no readily available tools will do.
cryptanalysis can break your encryption even without access to your encryption algorithm
I doubt it. That may have been true back when people used substitution ciphers and encrypted plain text. Today's ciphers scramble large blocks and precompress to increase data entropy. I seriously doubt anybody but a top-notch cryptoanalyst can decrypt even the simplest attempt at a cipher from anybody who knows anything at all about cipher design.
Such a cryptoanalyst is likely to be found only at some high level government agency like the NSA and he will likely be too busy to spare any time to decrypt your inane emails to your mistress. Consequently, I would postulate that if you design your own cipher and avoid becoming the next Snowden, your data will be just as safe as if you had used AES.
Fast, cheap, good: pick two.