Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Mandrake lost it (Score 1) 156

"they came long before and had an easy to use (and powerful) desktop back when it was almost unheard of"

I used Madrake up to version 9.0. Unlike other distributions it worked out of the box without hours of fiddling to get a working setup. When I installed 9.2, that experience was gone and the Windows partition I hardly ever used before, suddenly became my default choice for a while. Then Ubuntu came along. Hope it doesn't reinvent itself away from usefulness.


Chinese News Reports the Taliban Are Training Monkey Soldiers 232

According to a Chinese news publication, soldiers in Afghanistan may soon come up against a deadly new weapon in the war: monkey soldiers. The report claims that the Taliban are training the monkeys to shoot and kill American soldiers. They also claim to have pictures of monkeys holding AK-47s and Bren light machine guns. From the article: "The New York Magazine has reported about this in jest and stated on Friday, 'No invader has ever conquered Afghanistan, and now we know why. The monkeys will not allow it. It was a good effort, but it's time to pack it in. This is no longer a fight we can win.'”

Google to Open Source the VP8 Codec 501

Several readers noted Google's reported intention to open source the VP8 codec it acquired with On2 last February — as the FSF had urged. "HTML5 has the potential to capture the online video market from Flash by providing an open standard for web video — but only if everyone can agree on a codec. So far Adobe and Microsoft support H.264 because of the video quality, while Mozilla has been backing Ogg Theora because it's open source. Now it looks like Google might be able to end the squabble by making the VP8 codec it bought from On2 Technologies open source and giving everyone what they want: high-quality encoding that also happens to be open. Sure, Chrome and Firefox will support it. But can Google get Safari and IE on board?"

Comment Re:Non-random bits on LiveCD can compromise securi (Score 2, Informative) 422

Not Linux. Randomness comes from the time (hardware, persistent), but also from the randomness of network traffic and other driver miscellanea such as HDD head seek times, mouse movements, keystrokes, CPU temperature data, electrical noise on the power supply (with the right hardware)...

If you start the LiveCD only to use online banking there isn't much time between the startup and the time you need randomness for a secret key. The question is if there is enough time to gather sufficient entropy from the environment.

Others have suggested to seed with the current time, but that is easy to guess for an attacker. Netscape's original SSL implementation was broken because the PRNG used only the current time (in microseconds) and the PID as a random seed ([1], [2]).


Comment Non-random bits on LiveCD can compromise security (Score 1, Interesting) 422

Since a LiveCD doesn't save anything between reboots, it doesn't have a random seed that it keeps changing. Therefore the random number generator is initialized to the same state every time a system is booted (and probably to the same state for all computers using a specific LiveCD image). When the random number generator is in a predictable state, isn't the security of SSL essentially gone? To work around this, one can add some randomness to the random number generator on boot, but it is extra hassle. Something like "echo ssj s lsl sfi random hits on keyboard shdflsh sl fhlinaw nvnai dnsi >/dev/random"

Comment Re:Not at those speeds (Score 1) 51

Quantum mechanics has been tested over several decades and has been found to describe the world we live in very accurately. Any post-quantum deviations would be very minor.

I agree to that. However a very minor deviation could be enough. Cryptography is very, very sensitive to information leaks, far more than pysical measurements. This could well mean that you can break messages later. And, incidentially, you still have a conventional network and conventional encryption for the actual message. This means you have to maintain two networks and one of them is pretty expensive.

During the "hardware phase" of a quantum key exchange there is a certain amount of noise that has to be corrected due to imperfections in the channel and that means that there is in practice always possible with some information leakage. The apparatus therefore estimates the maximum possible amount of information leakage (making sure it is overestimated rather than underestimated) and performs "privacy amplification" to make sure that this information is useless to an eavesdropper (this lowers the key rate and is one of the reasons it is only 1 kbps). Now say an eavesdropper finds a new source of information leakage. This is only a problem if the total information leakage is greater than the estimated maximum leakage.

Here is a thought experiment for the key exchange: Say you can exchange 1kB of key material per second. Alternatively, say you have 1TB disks with one-time pads as key sources. This gives you enough key material for 31 years at the speed of the quantum link. Now, do you suppose creating these HDDs is cheaper or building and operating the quantum link is cheaper? I would say the pre-arranged one-time pads are several orders of magnitude cheaper. In addition, they are more reliable, easier to secure, well understood and use only proven technology.

I agree that creating and securing these HDDs is much cheaper, but a QKD system would fail more gracefully if you have a security breach in some realistic scenarios. Imagine that in month 2 you had an employee with malicious intent at your secure site. If this employee would be able to copy the 1 TB HDD, anyone outside would be able to decrypt anything during the next 31 years. The same person would only be able to leak information from his period of employment if a continuously generated key is used. (This is a somewhat oversimplified version of an argument made by a MagiQ representative)

If you really, really need high security, one-time pads do the job relatively cheap and with known properties. If you need more regular security, conventional encryption is fine. Quantum key exchange has no place in this.

QKD probably has a place in niche markets (companies like MagiQ and IdQuantique actually have customers). An intersting observation regardig the cost of QKD devices is that the cost of a full system is not much higher than the single photon detectors they contain. This means that if somebody finds a way to manufacture single photon detectors cheaply, the cost of QKD devices will drop drastically. If the devices are not very expensive and you already have fibers, why not use them?

Disclaimer: I have benefited from SECOQC funding, but have not worked on anything related to the implemented network or any other QKD implementations.

Comment Re:Not at those speeds (Score 1) 51

Perhaps the mort important weakness is that you cannot really route traffic, but need point-to-point links.

Well, the point of the SECOQC network is to demonstrate a network with routing capabilities. It is a network that consists of many point-to-point links.

All pysical theories have proven inaccurate so far. This could fall over with one PhD student having a bright idea.

Quantum mechanics has been tested over several decades and has been found to describe the world we live in very accurately. Any post-quantum deviations would be very minor. We cannot exclude the possibility that if someone is able to put the fiber through a wormhole, something strange would happen, but from a bright PhD student imagining this possibility to this becoming realistic there is probably a span of several decades.

Also, a quantum cryptography protocol will have to be broken at the time of the key exchange. If someone realizes two minutes later how it could have been broken it's too late. With modern cryptography the encrypted messages may be intercepted and stored until some bright PhD student in computer science makes a breakthrough, so that all messages sent in the past can be decrypted.


Paul Wilmott Wants To Retrain and Reform Wall Street's Quants 198

theodp writes "What if an aeronautics engineer couldn't reconcile his elegant design for a state-of-the-art jumbo jet with Newton's second law of motion and decided to tweak the equation to fit his design? In a way, Newsweek reports, this is what's happened in quantitative finance, which is in desperate need of reform. And 49-year-old Oxford-trained mathematician Paul Wilmott — arguably the most influential quant today — thinks he knows where to start. With his CQF program, Wilmott is out to save the quants from themselves and the rest of us from their future destruction. 'We need to get back to testing models rather than revering them,' says Wilmott. 'That's hard work, but this idea that there are these great principles governing finance and that correlations can just be plucked out of the air is totally false.'"

New HDMI 1.4 Spec Set To Confuse 357

thefickler writes "HDMI Licensing LLC, the company that determines the specifications of the HDMI standard, is set to release the HDMI 1.4 spec on 30 June. Unfortunately it could very well be the most confusing thing to ever happen to setting up a home theater. When the new cables are released, you're going to need to read the packaging very carefully because effectively there are now going to be five different versions of HDMI to choose from — HDMI Ethernet Channel, Audio Return Channel, 3D Over HDMI, 4K x2K Resolution Support and a new Automotive HDMI. At least we can't complain about consumer choice."

Harsh Words From Google On Linux Development 948

jeevesbond writes "The alpha version of Google Chrome is now available for GNU/Linux. Google Chrome developer and former Firefox lead Ben Goodger has some problems with the platform though. His complaints range from the lack of a standardised UI toolkit, inconsistencies across applications, the lack of a unified and comprehensive HIG, to GTK not being a very compelling toolkit. With Adobe getting twitchy about the glibc fork and previously describing the various audio systems as welcome to the jungle, is it time to concentrate on consolidation and standardisation in GNU/Linux in general, and the desktop in particular?"
Operating Systems

Ubuntu Ports To ARM 279

nerdyH writes "Canonical will port Ubuntu Desktop Linux to the ARMv7 architecture. The announcement sets the stage for Intel to lose the traditional 'software advantage' that has enabled x86 to shrug off attacks from other architectures for the last 30 years. How long can it be before Microsoft responds with a Windows 7 port? I mean, x86 just can't do 'idle power' like ARM ... Nokia's N810 tablets can standby for several weeks, just like a cell phone, keeping you 'present' on IM, behind IPv4 NAT the whole time. The first Atom MIDs are standing by for 6-7 hours."

OLPC's "Give 1 Get 1" Comes To Europe 134

Christoph Derndorfer writes "Last year OLPC's XO-laptop was among the hottest Christmas gadgets thanks to the organization's G1G1 program, where you could donate $399 to give one XO-laptop to a child in the developing world and receive one yourself in return. However in 2007 the program was only available for US and Canadian citizens. This year's program, which takes off November 17, is also available to citizens in the EU member states, Switzerland, Russia, and Turkey. This is certainly awesome news for all the OLPC / Linux / gadget enthusiasts here in Europe! P.S. Before anyone asks, these XOs will come equipped with the child-friendly Sugar platform, which is based on Fedora 9, and not Windows XP."

Slashdot Top Deals

Asynchronous inputs are at the root of our race problems. -- D. Winker and F. Prosser