Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:Change in operations instead of cash.... (Score 1) 246

No... CDs are an industry standard format, which the consumer experience shows can be used with any devices, so selling a CD that cannot be played in a CD player would be deceptive marketing.

There are DRM solutions for audio CDs that are supposed to make the them unrippable or even unplayable in a computer's CD drive (one method is to make a multi-session disc with an audio session and a data session, under the assumption that a PC will ignore the audio session if a data session is present while a regular CD player will ignore the data session). In my experience, these CDs will play fine in a PC (and iTunes can rip them without issue), but many car stereos struggle with them.

Comment Re:Change in operations instead of cash.... (Score 1) 246

That's a bad analogy. Auto parts, by and large, have always been proprietary.

Car parts aren't proprietary. You can second-source most mechanical and electrical parts, and it is not uncommon for larger assemblies (suspensions, transmissions, even engines) to be interchangeable between models from competing manufacturers because they were either developed jointly or sourced from the same third party.

Comment Re:OT: Vladimir Lenin - a murderer like all Commie (Score 2) 246

[...] The US too had a Civil War — 50 years before Russia. There was plenty of killing, some of it unwarranted, but there were no mass-murders. That, in my not so humble opinion, is because we are (or were) an Individualist country. On contrast [sic], 70 years before our Civil War here, France too had its own — being a Collectivist society, they had an awful lot of mass-executions. [...]

The American Civil War was, for all practical purposes, a conventional war between two nation states. The French Revolution was not; it was not even a civil war (unless you count the revolt in Vendée where loyalists attacked republican forces with material support from the United Kingdom). The mass executions of the Reign of Terror were political purges, pure and simple. Meanwhile, your “individualist country” is responsible for the enslavement, internment and mass murder of millions of its own (abducted) citizens on its own (stolen) territory, and the political faction which you seem to support is doing its damned best to continue the tradition, so shut the fuck up.

Comment Re:Me neither (Score 1) 178

I wouldn't trust chip based encryption either, and I wouldn't trust anybody else that did.

Assuming we're only talking about ciphers and not protocols: by definition, there is one and only one possible ciphertext for any given combination of key and plaintext. Thus, there is no way to introduce a weakness in an implementation which would not be trivially detectable by comparison with any other implementation; in fact, the result would be unusable as it would not be interoperable with other implementations.

(With a caveat for algorithms which require a random initialization vector; don't let the implementation choose the IV for you.)

Comment Re:Is there any way to gain trust in a chip? (Score 1) 178

You can't be sure with true randomness. With cryptographically secure randomness you can be (at least within a specified tolerance around 2^-128).[citation needed]

You can never be sure. The keystream of a good stream cipher is fully deterministic, yet statistically indistinguishable from the output of a good PRNG.

Comment TFA is completely wrong (Score 1) 178

FreeBSD has been using Yarrow for 10+ years, and no FreeBSD release has ever shipped with the option to feed the stream from a HWRNG directly to /dev/random. The only news here is that we have a new framework in the kernel for plugging hardware pseudo-random number generators into Yarrow, and an explicit policy (issued in my capacity as FreeBSD Security Officer) to not expose HWPRNGs directly to userland. There was some pressure from corporate users who want the raw feed for compliance reasons, but they were told to use RDRAND etc. directly rather than through /dev/random.

Be careful when a loop exits to the same place from side and bottom.