Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:One time pad (Score 1) 124

Because then your compression function effectively becomes your encryption function. And it wasn't designed for security.

Keep in mind these are simple issues to identify and exploit. All these "what-if" scenarios have been played out repeatedly, which is why the standard response is always "use a proven secure algorithm, don't roll your own cryptographic solution." It's easier, less bug prone,and the security has been analyzed by more qualified people than you can afford. Any known weaknesses have already been identified and fixed.

Comment Re:It was bound to happen. (Score 2) 224

> There are no wealthy actors, musicians, authors, or anyone in the tech industry? Huh, guess I'll go buy me farm.

There are, but they all required land to do it. Musicians need food and shelter to make music, this requires land. Every cent of wealth generated in all of history can be traced back to the land (or sea) and until we can practically leave the planet, this constraint will remain.

Comment Re:Incrementing (Score 1) 267

Well, next time write:
x = ++x;

I've pretty much trained myself to never use post-increment unless a statement is incorrect without it, and even then I'm unhappy if the statement has any other side effect at all (unless the entire idiom is lifted straight from K&R, and then I ponder why the code is rolling its own iterator loop.)

Post-increment can fail in interesting ways (yes, those darn sequence points). In addition, when using a template metaprogramming library, post-increment can trigger a large state copy that an unwary programmer doesn't expect. It can be horrifically less efficient.

On the other hand, the ternary operator (even a compound ternary operator) has FAR FEWER semantic ass-bites that plain old post-increment.

Post-increment: Visually familiar, but badly behaved.
Ternary: Visually unfamiliar (to some), but well behaved.

In the STL context, an important property of the ternary operator is that you don't have to declare the return type of the expression (whereas with an if/else assignment into an intermediate variable, you do). Maybe this is less important now with better "auto" support.

A prudent ?: will also keep you on the straight and narrow with respect to the ODR. You can avoid re-typing shared sub-expressions. Anyone ever debugged a program where consecutive lines of code intended to contain an identical subexpression, but actually didn't? No, I didn't think so.

Really, when someone complains about the ?: operator as some form of diabolical trickery, I flip the bozo bit. But you just can't get a programmer to embrace it for The Right Reasons who won't first master sequence points and the horror show of post-increment.

Grasshopper, this is your debugger.

Debugger, this is your new grasshopper. Enjoy your tasty meal.

Comment Re:One time pad (Score 1) 124

What you've described has been known for centuries as a "book cipher". Benedict Arnold used one during the American Revolutionary War to protect his treasonous communication with England.

Anyway, there's a really fun way to beat this kind of encryption today. If Mallory can get Alice or Bob to send a copy of BLACK_SQUARE.BMP, it's literally game over. Imagine XORing your key against a bunch of binary zeros. The result is a big patch of the cleartext version of the data that is your key. Google will find that faster than you can.

I did this to a friend who had the same idea in a "you'll never guess my encryption" challenge. After getting him to download a copy of BLACK.GIF, I stared at the intercepted results for many seconds longer than I should have. It output a repeating string of something like SLASHDOTTODHSALS, so I said that's your key. He was arguing because his key was SLASHDOT, and his "algorithm" was to invert the letters of the key word and append a copy to the end of the key. My mind boggled because I was expecting encryption, not immediate success at recovering his key and data.

Now, let's say you're smart enough to avoid encrypting BLACK_SQUARE.BMP. I can still achieve most of the same results by predicting that your data stream will contain "Host:", "Content-Type:", "Accept: text/plain", "User-Agent:", "HTML", "BODY", and other such 'cribs' (I was all set up to apply this logic to the intercepted message from my friend mentioned above.) By matching fragments of my guesses with your message, I can look to see if I recover legible text. It only takes a surprisingly small amount of recovered text to be able to identify the source.

Comment Re:Insecurity culture.... (Score 1) 568

they transform his life-time into working-time

I would love to be a fly on the wall when the ghost of proletariats-future explains to Karl how "now trending in the proletariat zeitgeist of the year 2015" is incessant chatter about why there's still so little content available in 4k.

Karl: What's 4k?

Ghost [glancing furtively at iWatch appointment calendar]: Ahhhh, we have a little bit of catching up to do, don't we? How about we just leave that unanswered for now and call it a night?

Comment Re:Insecurity culture.... (Score 1) 568

Anyone who doesn't bother to understand how a 401(k) works deserves the penalties they get.

Aside from being the reincarnation of Marie Antoinette, you're probably one of those guys who mainly eats berries, nuts, and seeds because the paleolithic digestive system has not yet caught up with modern living.

I suggest you pack a copy of the American tax code dealing with the 401(k) into a time machine (if it will fit) and t-fax it back to Leibniz or Goethe or Voltaire or Darwin for a second opinion concerning it's common-man sex appeal.

Comment Re: Sure you can. (Score 1) 478

OS X on the Mac has FAR more chance of attracting interest from Joe Consumer than Linux does.

You would think, and then Apple decides to solder the RAM onto the Mac Mini and the Mini I can buy today configured as close to identical to my buddy's Mac Mini from several years ago (quad core i7, SSD, upgraded to 16 GB) costs half a grand CAD more today than it did then.

Because of this stupid speed bump, the small office where I'm presently working went back to Windows in a recent IT refresh after we had all pretty much convinced ourselves to make the collective jump to OS X.

Maybe we could have made the initial outlay work at 8 GB per machine instead of 16 GB (saving ourselves CAD $240 per machine) but then we would have ended up with boxes permanently capped at 8 GB.

If we were certain out company would double in size over the next two years, we could have handed the RAM-crippled Mac Minis off to junior staff and brought in another wave of less-crippled Minis at that time for the regulars.

Wouldn't it all have been so simple if we had an Apple-like certainty concerning our future staffing levels and revenue growth?

Just think, we could have used the Mini as a corporate status symbol to keep new employees in their proper place, instead of having a culture where an employee says "hey, I need to test drive all these memory heavy apps to get my work done, can we rush out and get me some fat sticks at a fair street price?" (In our shop, we tend to run beefy compute on actual servers, which is where we'll spend the money saved on the client side.)

No wait!

Using RAM-crippled hand-me-downs could have negative impact on corporate culture. I know! We'll give everyone an identical, over-speced OS X mini tower so no-one complains.

No wait, second edition!

We'll get a pickup truck full of cheap-ass used Windows 7 boxes with four memory slots each and treat them as interchangeable and disposable. Then when we're back in a revenue-positive situation, we'll take a look at the post-Skylake landscape to see whether Apple has regained its sanity.

Comment Re:Passed data with a ton of noise? (Score 1) 377

The question is: is the signal-to-noise ratio good enough? If so a cheap cable that passes the data is every bit as good as an expensive one, so long as the packets arrive intact at the other end.

Ethernet already does a lot to counter noise. The signals are differential pairs (so instead of having ground and signal, you have signal+ and signal-). The wire pairs are twisted, which keeps them in close proximity. Interference tends to be common mode noise (so for two wires close together it will affect the signal in each wire almost the same), and differential amplifiers are designed to only amplify the difference between the two wires and will therefore reject common mode noise. Each end also has an isolating transformer, and each end has proper termination (to avoid things like reflections which can bugger up signal integrity). It takes a significantly terrible out-of-spec twisted pair cable to make ethernet stop working.

Incidentally, the signalling for 100baseTX ethernet only has a fundamental frequency of 31.25MHz (naively people would expect 1MHz per 1Mbps but this is not so). 100baseTX uses a 3 level (in other words +1, 0, -1) non return to zero signalling (in other words, a 1 will cause the signal to change level and a 0 will cause the signal to remain at the current level - or it might be the other way around, it's a long time since I did this stuff). Each 4 bits is encoded into a 5 bit symbol designed to prevent long runs of 0s (which would cause the signal level to remain constant for too long). Lots of people call an ethernet connection a "broadband" connection, but it's not, it's baseband (hence the "base" in 100baseTX).

If God had not given us sticky tape, it would have been necessary to invent it.