Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Comment Re:Yep (Score 5, Informative) 407

Let me add a few datapoints here, as a reminder...

1) The AES competition was launched in part because DES and 3DES were cracked by EFF using FPGA-based brute-force decryption machine. Source :
https://en.wikipedia.org/wiki/EFF_DES_cracker
https://w2.eff.org/Privacy/Crypto/Crypto_misc/DESCracker/HTML/19980716_eff_des_faq.html

As a reminder, DES was THE standard crypto algorithm, vetted and approved by NSA. It could be cracked by EFF only because of Moore's Law and some serious budget and effort.

2) Public-key cryptography was invented separately at GCHQ (UK NSA) and NSA itself, several years *before* Diffie-Hellmann. Source:
https://en.wikipedia.org/wiki/Public-key_cryptography#History

So, yes, these people (NSA/GCHQ) are very good at what they do. They have had at least 10 years of head-start, since cryptography was considered for many years just a branch of mathematics in academic circles. These guys work on nothing but crypto and digital/analog communications, year in, year out. Do not underestimate them.

3) One of the first electronic computers, was delivered to the NSA in the 1950s. NSA later suggested improvements to the company that built it. The first Cray supercomputers were delivered straight to NSA. Again, that was in the 1950s, when most computer companies (IBM comes to mind) were still struggling to define what a computer was good for. Source:

http://www.nsa.gov/public_info/_files/cryptologic_quarterly/digitalcomputer_industry.pdf
http://www.physics.csbsju.edu/370/mathematica/m1_eniac.pdf

4) The NSA and GCHQ have a long history of backdoors. They love these things, as they make their life so much easier. Read on Venona, Enigma, Ivy Bells: all of these were made possible by intercepting/copying one-time pads, selling "unbreakable" German encryption machines and tapping undersea Russian cables. And I am willing to bet these are just a small fraction of what these people have done over the years. Source:

https://en.wikipedia.org/wiki/Venona_project
https://en.wikipedia.org/wiki/Enigma_machine
https://en.wikipedia.org/wiki/Operation_Ivy_Bells

Again, this is just a small fraction of what NSA and GCHQ have done over the years. So, yes, suspecting backdoors in open-source software is... shall we say... only natural.

If I was paid to be a professional paranoid, I would be taking a very long hard look at my computers and telecom equipment right now.

User Journal

Journal Journal: Some more utilities for the toolbox...

From the excellent Daemon Keeper blog:

IPSET (Quickly add numerous IP addresses to NetFilter/Iptables) : http://ipset.netfilter.org/
http://daemonkeeper.net/781/mass-blocking-ip-addresses-with-ipset/

Comment Imagine this for a 5th scenario (Score 1, Informative) 768

This is sometime in the future, in a country strikingly similar to the USA.

You are a young woman.

You are pregnant, due to a rape - maybe your scumbag boyfriend did it, maybe a stranger, maybe even a relative - does not matter.

You decide to terminate the pregnancy.

Since your state does not allow abortion (or puts so many ridiculous rules it's almost impossible to get one), you contact - through a secure email address - a clinic in another state and request an appointment, how much it is going to cost, what's the procedure, etc. and get answers from a doctor. All that information is stored on your laptop, either with full disk encryption (best solution), or in an encrypted file (not-so-good).

Finally, you manage to borrow/beg/steal enough money to go to the clinic, where a doctor performs the abortion. You go home and try very hard to forget about the whole thing.

One day, due to some mistake on your part -- let's say you talked to the wrong person -- state police knocks on your door, arrests you for terminating the pregnancy, seizes your laptop and discovers the incriminating evidence is encrypted.

Since they can charge you with terminating the pregnancy and/or not respecting the state rules on abortion and/or not communicating properly your intention to terminate the pregnancy, but ONLY if they have some solid evidence, they put pressure on you to give them your secret key.

What do you do? Plead the 5th. And then it becomes a case of "he said/she said"... And you get off scot-free, since there is no incriminating evidence, except for some testimony.

So, yeah, given the conservative and regressive nature of the abortion policies in many states, this may, unfortunately, become a possible scenario in the near future.

Now, change a few words in the above story - make abortion ''sexual experimentation that your local laws frown upon'' for instance - and you have another very plausible scenarion EVEN TODAY.

What you do with your own body should be nobodies business but your own.

User Journal

Journal Journal: It is to laugh

I love this comment:

vi is a kitchen knife.
vim is a really nice, sharp, balanced chef's knife.
Emacs is a light saber.
Most of the time, my job requires me to chop vegetables. Occasionally, I have to take on an entire army of robots.

(Source: http://stackoverflow.com/questions/48006/is-it-worth-investing-time-in-learning-to-use-emacs)

User Journal

Journal Journal: A few links for today...

OpenBSD admin scripts: https://github.com/TheArchit/openbsd-scripts
OpenBSD upgrade guide : http://www.openbsd.org/faq/upgrade53.html
Docker/LXC administration : http://www.docker.io

That Is All.

Submission + - 32 Raspberry Pi cluster built to support PhD research (theregister.co.uk)

Noryungi writes: Joshua Kiepert, a PhD student at Boise State University has created a small 32 node Beowulf Cluster, (PDF paper) running Arch Linux to support his PhD research. This allowed him to avoid running his simulation on the official (Xeon-powered) cluster of his university for a cost of slightly less than US$ 2000 — which is the price of a single Xeon machine. While the cluster will never break speed record it allowed him to work on his research for quite a reasonable price.

Comment Re:"Importing" labor? (Score 3, Insightful) 293

You're confusing Europe for the United States. We just made labor exploitation legal. Not exactly a new concept -- the H1-B visa program might have screwed up, but we built our entire railways at the turn of the last century on the backs of chinese immigrants. The European Union has much stricter laws regarding labor exploitation, and also immigration. It's flat out near-impossible to immigrate into many of those countries.

Nope. First of all, re-read the original article: we are talking about people working illegally in European countries. It is entirely possible to move to Europe illegally - just like in the USA, get there with a student (or tourism) visa and just stay in the country instead of going back home. Sure, it sucks because you can be caught (asked to provide valid ID, etc.) and sent back to your country, opening a bank account, renting a place, etc. all of these things are somewhat harder to do when you are illegal, but they can be done in every European country that I know of.

Second, European laws are sinking very fast to the level of the USA. More and more EU countries, under pressure by the same kind of people that are described in the article, are dismantling the only thing that makes life bearable: the protection they gave to their workers. In France, where I reside currently, a law is being considered that would make hiring/firing even easier than in the USA, while reducing social benefits, including firing compensations and unemployment benefits. And it's the same thing pretty much all over Europe.

Remember that unemployment is rising to never-before-seen levels. Youth unemployment stands around 25%-30% in Southern Europe, and sometimes much higher. In the meantime, start-ups are looking at illegal immigrants for techie jobs... Why is that? Because, yes, these people want to stuff as much money in their pockets as possible.

Again, this has nothing to do with finding labor - it has everything to do with screwing Joe Techie. Same as the US H1-B visas.

Comment "Importing" labor? (Score 5, Insightful) 293

Yeah, right.

It's more like: "We don't want to pay proper wages for good techies, so we are breaking/bending every rules to exploit cheap illegal labor and keeping more of the venture capitalist money for ourselves".

Seriously, I have seen this in many a start-up, in France and elsewhere: pay people low - even though their knowledge is what makes your bloody start-up possible - and fire them as soon as they start demanding correct wages and reasonable working hours. Meanwhile, the CEO is looking for the nearest Porsche dealership. It's simply disgusting, and it has nothing to do with France laws and regulations (which can be a pain in the neck, I admit).

Submission + - Hanford nuclear waste vitrification plant "too dangerous" (yahoo.com)

Noryungi writes: Scientific American reports, in a chilling story, that the Hanford, Washington, nuclear waste vitrification treatment plant is off to a bad start. Bad planning, multiple sources of radioactive waste, leaking containment pools are just the beginning. It's never a good sign when that type of article includes the word "spontaneous criticality", if you follow my drift...

Comment It's already there... (Score 2) 299

... And it's called Slackware. Around 2GB if you install everyhting and much, much less than that if you know what you are doing. Easy to keep out stuff like X11, KDE, XFCE, or anything else for that matter - simply make sure the little checkbox is not checked while installing.

But, hey, why take my word for it? Go ahead and install it, you will see.

(Oh, and don't bother whining ''Slackware is hard to learn'' yadda yadda yadda - you wanted customization, right? Live and learn)

User Journal

Journal Journal: Blast from the past...

Wow, that's a really old-looking page:
http://docs.yahoo.com/docs/writeus/error.html
Don't worry - it is SFW.

Comment Crypto, value, etc. (Score 2, Informative) 398

I have a very conflicting view of Bitcoin. Here are a few of my thoughts on the subject:

1- Crypto: how do we know the bitcoin crypto is really good/really secure? Who has done an audit of the code?

Implications: Cryptography is a very hard subject to tackle. Many an encryption scheme has been cracked and left in tatters, that seemed formidable enough at first sight. If the bitcoin cryptography is cracked, then fake bitcoins can be ''mined'' (meaning: created out of thin air) and the whole currency disappears in a puff of smoke (so to speak).

2- Security: how do we know the bitcoin P2P client is really secure? Who had done an audit of the code? What about the currency transmission protocol?

Implications: if you can't "fake" bitcoins, at least you can intercept them out of thin air between Alice and Bob. What then? The same bitcoin exists twice and that cannot be good for bitcoins.

3- Obscurity: who is *really* the creator of Bitcoin? Why is he hiding behind a pseudonym?

Implications: Yes, being paranoid here - but, really, who is this "Satoshi Nakamoto"? Please read more here: https://en.bitcoin.it/wiki/Satoshi_Nakamoto before criticizing this position. Essentially, and as long as we do not know who "he" is, the whole bitcoin-is-a-secure-digital-currency could be some very elaborate scam... Also, see point #1 and #2 above: I would feel a lot more confident in Bitcoin if the currency had been created by a recognized researcher in cryptography and digital currencies.

4- Economics: Bitcoin is essentially a ''fixed size'' currency... As someone has already pointed out, this has ''interesting'' properties, for various values of ''interesting''. If all bitcoins are mined then what?

Implications: once all bitcoins have been "mined", the only result can be a very serious "inflation" in the value of bitcoins if demand for this currency helds up - the only way to maintain a sustainable level of economic activity would be to raise the price of bitcoins by using it sub-division properties (yes, you can split a Bitcoin into smaller values). So right now 1 BT is, say = US$ 1. But what happens when 0.1 BT = US$1? This would imply staggering inflation in the implied value of Bitcoins and a Ponzi-like scheme, where the very first "miners" of BT would reap a staggering reward, leaving everyone else holding the bag. This could potentially bring a crisis of confidence in Bitcoin, and crash the entire currency, tulip-mania style.

You think I am going too far? There is now a cottage industry dedicated to selling you computing platforms (usually using Nvidia/ATI and OpenCL) to mine more Bitcoins. This, to me, smells of a ''mania'' phase, since, lest we forget, Bitcoins are completely immaterial and are not recognized anywhere except within circles of a dubious nature (Silk Road, anyone?).

In other words, yes, Bitcoin is fascinating in many ways... But I am not 100% sure this thing has been thought out in all of its aspects...

Comment Re:So Slackware continue to... (Score 2) 109

Here in the real world Slackware blows as a VM and is irrelevant to the future of cloud computing.

Right. This is why I have Slackware VMs all over the place, with uptimes in the hundreds of days.

Oh, and "cloud" computing can be based on any distribution - not just Ubuntu or Fedora. Slackware is ideal for this, since it is (IMHO) much easier to personalize, manage and configure on a daily basis.

Slashdot Top Deals

"I just want to be a good engineer." -- Steve Wozniak, co-founder of Apple Computer, concluding his keynote speech at the 1988 AppleFest

Working...