top Linux RNG May Be Insecure After All
The real security concern with VMs is duplication
... if you clone a bunch of VMs but they start with the same entropy pool, then generate an SSL cert after clone, the other SSL certs will be easily predicted.
Yeah, I encountered that the other day. Built a VM, took a snapshot, did some stuff, reverted, did the same stuff. I was testing a procedure doc I was writing. Part of the procedure was creating an SSL cert, and I got an identical one on both attempts. That seems a little fishy to me; I would expect the certs to be (by the standards of cryptography) very similar, not
identical. With that said, I didn't actually generate the cert myself, I ran a script (which I didn't write) to do it. The script might be using the same random seed or something. Or it could be a characteristic of moznss.
Feeling good about your EC2 instances, eh?
No shit. It might be worthwhile to use your desktop or some other hardware you control to seed your VM's PRNG with higher-quality entropy. That way, you should at least be able to avoid collisions with other VMs on the same hardware.
top Crowdsourced Finnish Copyright Initiative Meets Signature Requirement
That's a great idea, but the problem is that the cost of digital reproduction is near enough zero as makes no difference. If you publish an e-book, and I buy a copy for $5, why would anyone else buy a copy when they could get one for free from me? Some people would do it out of habit. Others would do it because they feel it's the honest thing to do. But most people would not. I've got to imagine that it would be really hard to make a living this way.
You'd probably have to switch to a Kickstarter-like model. The prospective author uploads a high-level summary of what he wants to write. People who want to read it donate a couple bucks. The author then writes something and releases it for free. This would probably work, at least in a sense, but it'd be hard to fund longer works this way. You'd get a lot of short stories, novellas, and serials. I've got nothing against those formats, but I do like to have some diversity.
Philosophically, we're both in total agreement. I really only have a problem with how it would work (or not) in practice. I think a more realistic solution would be to have copyright, just like we do now, but with a
drastically reduced term. Like, one year by default, up to a maximum of five years if you apply for an extension each year. If you can't break even on your copyrighted work in less than five years, you're never going to. If people are willing to wait for your copyright to expire rather than buying now, your work isn't important enough to deserve protection. about a year and a half ago
top Sarah Thee Campagna Makes Robot Sculptures (Video)
Yeah, the summary reads like word salad. Hell, the woman's
name reads like word salad. about a year and a half ago
top Snowden Is Lying, Say House Intelligence Committee Leaders
In this context, "internal" means "within the NSA," and "external" means "outside the NSA, but still within the federal government."
about a year and a half ago
top Hospital Resorts To Cameras To Ensure Employees Wash Hands
Hilariously topical malapropism.
about a year and a half ago
top Supreme Court Rules For Monsanto In Patent Case
The herbicide in question -- Roundup, aka glyphosate -- kills plants that aren't genetically modified to be resistant to it. If you plant a bunch of non-GM corn and then spray the whole thing with Roundup, you will kill everything, including the corn. So yeah, I can't imagine any reason a farmer would be doing that either.
about a year and a half ago
top Lawsuit Could Expose Whether Top VC Firms Are Actually Good Investments
It is if you can sell the duck for enough money to buy 400 shells.
top Xbox Originator: "Stupid, Stupid Xbox!!"
seriously, the bootloader on modern hardware doesn't need all that bullshit.
Yes, it does need "all that bullshit." Booting from anything except an on-board hard disk controller on a PC BIOS is a hackjob. It's just an absolutely horrible clusterfuck. The fact that it ever works at all is a testament to the hard work put in over the past 20+ years by all the bootable expansion card makers.
I'm not trying to be a dick, but your comment really makes me think that you've never used anything except a desktop PC. In the server world, you always boot from an expansion card -- note that onboard NICs count as expansion cards in this context, because the BIOS can't boot from them directly; it has to pass control to the NIC's BIOS, which handles PXE -- at least once in the server's life to kickstart it. And there are a good number of situations where you
never boot from a local hard disk. That's not just PXE. It also includes iSCSI and FC HBAs, ROMs or flash devices, RAID controllers, and probably a raft of things that I've simply never encountered.
I think that OpenBoot would've been a better choice than UEFI, personally. But I don't think any knowledgeable person can dispute the need for
something better than the 1980s-era PC BIOS.
top Valve Sued In Germany Over Game Ownership
Ultimately, I think the compromise that we will get is that you will be able to resell used games, and you, the distributor, and the publisher will all get a cut. It's unfair for the publisher to get anything -- it doesn't right now, with physical media-only resales -- but you know they will fight and fight to prevent resales at all. The only way they'll ever agree to it is if they get something in return. Unfair though it might be, I don't see any solution that doesn't result in them getting a piece of the action.
The great thing is that digitally-distributed games are fungible. There's no difference between my used copy and your used copy, or even between a used copy and a new one. This means that you can handle them exactly the same way we handle stocks, bonds, and commodities, all of which are fungible too. It makes pricing largely automatic. Pricing could actually be made completely automatic, although it would work better if you at least let sellers put in bids manually.
top RIM's BB10 Campaign Requires Some Serious Work
I'd love to see an email app that complies with IT demands for a PIN lock, encryption, and remote wipe capabilities
without turning those features on for the entire phone. I don't want to enter a goddamn PIN code just so I can play Zookeeper Battle. I don't need to encrypt the pictures of my wife and kid I have on my phone. And I don't think IT really cares if my Plants vs. Zombies achievements get stolen by a hacker.
I mean, I still wouldn't buy a Blackberry device. But that strikes me as an actual business-related value-add they could offer. All the other stuff people are talking about here -- "connect to an Exchange server" and "view Excel spreadsheets" seem to be the most common -- can already be done by every other phone in existence. Those aren't awesome things your BB does. Those are basic, entry-level features that any modern smartphone must have.
top Github Kills Search After Hundreds of Private Keys Exposed
It's probably obvious and I'm just being stupid, but I can't think what you could possibly break by setting all perms to 777.
Anything with the sticky, setuid, or setgid bits set.
top A Mythbuster's Biggest Tech Headaches (and Solutions)
My car's approach is that pulling on the door handle twice from the inside will unlock (and open) the door. I wouldn't precisely call it intuitive, but it doesn't take long to figure out either. Actually, I think it
is intuitive, it's just that people are so used to having to unlock the doors another way (push a button, flip a switch, pull a knob, whatever) that they don't expect it and therefore become confused.
BMW's rationale is that when you're in a panic situation -- on fire, sinking in a lake, etc. -- you're just going to pull on the handle until the door opens. It's a pretty decent idea. The problem, and it's a big one, is that it's probably electrical. So if the car loses power for some reason, you wouldn't be able to open the door. It could probably be done mechanically, though. For all I know it is.
ctr2sprt hasn't submitted any stories.
ctr2sprt has no journal entries.