Oh, and it's not once a year, it's once a year on average, over four years. So if you work on a big project for 2-3 years and then get a flurry of papers out at the end, then that's fine too.
Now you cost us a good book !
Wait, I thought TFA was about Charles Stross?
- The new FreeBSD randomness framework allows whitening algorithms (Yarrow, Fortuna, whatever) to be plugged in easily, along with multiple sources.
- Linux initially trusted RDRNG unconditionally to provide streams of random numbers, then backtracked to only using it as an input to whitening. FreeBSD only ever used it as an input to the PRNG and now has a more generic framework for doing so.
- Neither the new, or the old, FreeBSD random number generation framework is vulnerable to the attack published in October (and covered on Slashdot) on the Linux random number generator.
The big problem is that it's very hard to get good entropy early on in the boot process (when things like TCP sequence numbers and sometimes when SSH server keys are initially generated). You can use a hash of the kernel, but that's shared between other machines with the same kernel. You can use the time, but that's likely known to the attacker (and in some embedded systems will always be the same on every boot, until it queries an external source and corrects it). You can use interrupt times, but the ones from the disk / flash are likely to be similar, if not the same, across boots of the same kernel and the early network ones are susceptible to attack by people on the local network.
The hardware RNG definitely gives you some entropy, and so using it to stir the pool for Yarrow helps a lot here. Later on, there is a lot more entropy. As you start to get disk access patterns based on system use and network connections from a variety of sources, interrupt times give quite a lot of entropy. It still helps to mix in the hardware RNG, however.
As I said in another post, it's quite unlikely that the hardware is intentionally compromised (although it's a nice attack, so I wouldn't guarantee that future versions won't be), but it's very likely that it provides less entropy than advertised. This makes it fine for input into a PRNG like Yarrow of Fortuna (I think Fortuna made it into FreeBSD 10, if not it should be in 10.1), but not adequate for general use. The point of a PRNG algorithm like Yarrow is to generate an unpredictable sequence of numbers from some source entropy seed, which can change over time. As long as you have enough entropy, you will get a cryptographically secure sequence of pseudo-random numbers. All this work is doing is saying 'we trust the hardware to give us some entropy, but we don't trust it to give us all of the entropy that we need'.
This work has been ongoing for about a year, since long before the NSA stuff came out. The consensus has been for a while that some hardware random number generators give very good entropy, but some are very poor and it's difficult to tell without querying them a few million times and plotting the distribution which one you have. Add to that, some of them appear to be influenced by the temperature, and as Stephen Murdoch's attack on Tor showed influencing the temperature of someone else's server is not always as difficult as you'd think.
It seems quite unlikely that the hardware RNGs are tampered with, although it would be a very neat hypothetical attack if you could influence a specific RNG in such a way that you could reduce the entropy to, say, 16 bits within a larger space and only you be able to determine what the real space was, but it's very likely that some of them are quite bad. Adding Yarrow makes you a bit safer, because there will be other entropy sources mixed in and so even a relatively poor RNG helps stir the pool.
 Or some other whitening algorithm - Yarrow is the default, but there are some newer ones that are better, at the cost of a footprint that is not desirable for embedded devices, and FreeBSD 10 now includes a framework to make it easy to plug in the one you want.
Maybe the law should read that only local groups can put up monuments. That way, they represent the community, not some politically-correctness thing. The Satanist group is from New York - they shouldn't have any sayso as to what happens in Oklahoma. Now, if they have a branch in Tulsa, and the branch wants to put up a monument, that is different.
Problem is, when you let outside groups dictate what can or cannot be put up, then no one is going to be happy. I could go around the country demanding that all government and public education places that have statues or names of Chris Columbus on them change because I am offended that some idiot who doesn't even understand the science of his own time and then goes and starts slave trade, paprticipates in human trafficing of children, did horrible acts against humanity and was actually stripped of his office and title by his own government for these reasons. I could sue the entire city of Columbus, Ohio, sue the District of Columbia, sue CBS, etc.
Let's stick though with seperation of Church and State. Does anyone know what the First Ammendment actually says?
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances
This speaks to the United States Congress and the federal government. The issue in place is about an Oklahoma State Building on state land. First Ammendment doesn't apply (although some Supreme Court decisions may state otherwise - I honestly do not know every court decision ever made, I am not a law student). By extension, the first Ammendment does not apply to schools or city governments.
However, in 1947, there was a Supreme Court decision. Justice Hugo Black wrote, 'The "establishment of religion" clause of the First Amendment means at least this: Neither a state nor the Federal Government can set up a church. Neither can pass laws which aid one religion, aid all religions, or prefer one religion to another
This did extend the first Ammendment to include states, and, from my brief research, is where the term "seperation of church and state" appear.
So governments cannot establish a church, and by this ammendment, a state or federal government cannot setup their own religious monuments (this does not apply to cities). But, likewise they cannot prevent a private entity from setting up a monument because to do so would show preference to one religion or another (or lack of religion). So they cannot stop a group from doing this.....
and it doesn't say this, but you could go back to this - this is STATE land, so a New York group really should have no say. If it was federal land, that would be different.
This is just a badly designed business model. The most successful companies I have worked for have managers and VPs who have risen through their IT departments and know how things work. They are the best at understanding the ups and downs of workloads, so understand the concept of having periods of down time, they understand the concept of on-call and will work to either try to minimize how often a person is on-call or try to work in some kind of compensation, they understand technologies and actually listen to their teams when making business decisions, they are good at dealing with the end-users because they can set realistic expectations, and when researching new technologies, they ask the teams who will be implementing it to research products rather than putting out a general call to vendors.... I honestly do not understand why companies will put someone with no IT background over different IT departments or over the IT department as a whole. You wouldn't go grab a random Congressman with no military experience and give him the rank of General in the armed forces, yet this is exactly what many companies do with their IT departments.
They also allow you to manage your own encryption keys
I like the part about state vs. fed gov.
how can you be sure that your cloud provider is not suffering from bitrot on your stored files?
Works for me - better than what I have going on at home, and cheaper than I could set up something like this. And anyways, I still have my External HDD backups as well. Its just another level of backup to keep me from data loss.
I have been going through this issue myself. In a single weekend of photo and video taking, I can easily fill up a 16 gig memory card, sometimes a 32 gig. About 10 years ago I lost about two years worth of pictures due to bitrot (ie my primary failed, and the backup DVD-Rs were unreadable after only a year - I was able to recover only a handfull of photos using disc-recovery software). Since then, I kept at least three backups, and reburning discs every couple of years. But if I can fill up two BD-Rs in a weekend, and given the high price of media, that wasn't an option. Extra harddrives?
I finally realized the best way was just to get a Carbonite account. They are about $70 a year for unlimited encrypted storage space (if you are really anal, I guess you could always put things into TrueCrypt encrypted file containers and upload them). The worst part is how long it takes to do a backup on a residental broadband line (it would also suck if your ISP has data caps). It has taken me about 2 weeks to do half a terrabyte.
The deal is, the peace of mind that comes from this is huge, and it is cheaper than buying another harddrive.
Yes, I know that is not the question you asked, but I feel like it is a much more practical alternative. I mean, as I continue backing stuff up, I am sure I will pass a terrabyte. How much are you going to pay for discs, for harddrives? Then trying to keep them safe and secure, and having to worry about bitrot?
Seriously, I've lost family pictures and videos before even though I had backups, and it sucked. Do yourself a favor and get a cloud backup. Yeah, it may take a while to do your backups and restorations, but it is worth it.
If we can delay it long enough, 3d printing might get good enough that all gun control is moot. We can defeat it like we defeated the Clipper Chip - by letting the cat out of the bag.