×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Ask Slashdot: Why Is the Power Grid So Crummy In So Many Places?

thue Re:Outages happen! (516 comments)

Here in Denmark, power is reliable enough to run a Linux server directly off a wall socket, and still get an uptime measured in years.

about three weeks ago
top

Debian's Systemd Adoption Inspires Threat of Fork

thue Re:Fedora fork too (555 comments)

postfix.server from https://github.com/vonSchlotzk... :

[Unit]
Description=Postfix Mail Daemon
After=network.target

[Service]
Type=forking
ExecStart=/usr/sbin/postfix start
ExecStop=/usr/sbin/postfix stop
Restart=always

[Install]
WantedBy=multi-user.target /etc/init.d/postfix :

266 lines, too long to print here, and just as ugly as sendmail.

So the postfix sysv init script is 113 lines LONGER while the .service file is 4 lines SHORTER than the sendmail example.

about 2 months ago
top

DMCA Claim Over GPL Non-Compliance Shuts Off Minecraft Plug-Ins

thue Re:Not quite sure I get the argument. (354 comments)

> And if that's the case, why would Mojang EVER feel obligated to release their serve source code because a guy who literally stole it anyway is demanding they do so?

Because the bukkit project which released the decompiler/disassembled portions was owned by Mojang. And Mojang knew full well it was happening while they owned the project. So it was essentially Mojang who released it.

about 3 months ago
top

Mesa 10.2 Improves Linux's Open-Source Graphics Drivers

thue Re:Still relevant nowadays? (58 comments)

For dual screen setups, using the proprietary drivers is an absolute mess, while the open source drivers work perfectly. And the free drivers are perfectly adequate for non-high-end-gaming. I can play Minecraft at 1920x1600 with the open source Radeon driver at acceptable framerates.

about 6 months ago
top

Mesa 10.2 Improves Linux's Open-Source Graphics Drivers

thue Re:Still relevant nowadays? (58 comments)

Yes. There are free software projects making a driver for each of those, build upon Mesa. Both AMD (a lot) and NVIDIA (in small measure) has actually contributed to those projects, in addition to their closed source drivers.

about 6 months ago
top

Mesa 10.2 Improves Linux's Open-Source Graphics Drivers

thue Re:Still relevant nowadays? (58 comments)

My impression is that basically all Linux distributions install the open source drivers by default. And in my experience, installing the proprietary drivers is messy.

And most distributions uses 3D in the window manager by default.

So I imagine that many more Linux users use the open source drivers (which in turn use Mesa) than uses the proprietary drivers.

about 6 months ago
top

NSA Infiltrated RSA Deeper Than Imagined

thue Re:FIPS 140-2 4.9.2. The Other Back Door. (168 comments)

> 2^128 - 2^112 [...] it's significant, especially if you have a huge data center in Utah.

But 2^128/2^112=2^16=65536

As an upper limit, assume that you remove 100*2^112. But that will still only eliminate 100/65536=0.1% of the search space. Any key that is brute-forceable by NSA with those 0.1% removed is also brute-forceable without those 0.1% of the search space removed.

> What may be worse (I don't know) is the simultaneous equations that it creates that are invariant for keys from such a source. Maybe they could be used in a cryptographic attack to help solve the sorts of attack that try to build big systems of simultaneous equations to attack the key schedule.

Something like this seems slightly more likely. But assuming the bits were perfectly random before the removal of repeated blocks, for finite keys it still doesn't generate anything that couldn't have been generated by chance without the removal of repeated blocks.

about 9 months ago
top

NSA Infiltrated RSA Deeper Than Imagined

thue Re:FIPS 140-2 4.9.2. The Other Back Door. (168 comments)

I agree that the output is not random by the standard definition. And obviously a bad RNG.

But making a practical attack based on that seems unlikely to me.

> For the record, RdRand doesn't do this because I refused to put it in because it's a back door in the spec.

Wait what - you designed Intel's RdRand hardware RNG?

So, since there is a lot of paranoia about backdoors in that, is there a backdoor? :P

about 9 months ago
top

Dropbox's New Policy of Scanning Files For DMCA Issues

thue Re:Huh? (243 comments)

> And what if there is a hash collision?

Cryptographical hashes are designed to make that ridiculously unlikely. Go play buy a single ticket to the national lottery instead - you are far more likely to win the biggest price there than to every find a hash collision.

about 9 months ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On the record (99 comments)

I freely admit that I assume they are guilty because of 1) all the damning evidence 2) their refusal to defend themselves.

And I submit that all reasonable persons should assume they are guilty for the same reasons. Assuming they are not guilty would be incredibly stupid.

about 10 months ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On the record (99 comments)

For starters, they can come clean. All their press releases have been exercises in trying to say as little as possible, and be as misleading as possible whiile still not literally lying. For example, their non-denial of the $10,000,000 deal with NSA had half the press falsely reporting that RSA claimed there never any $10,000,000 deal.

Dual_EC_DRBG has been documented since 2006/2007 to be an insecure CSPRNG, even without the backdoor. I knew about it for example, and I do not even work in that field. The only way nobody at RSA Security (a huge company specializing in security) could not have heard about it is by putting their hands over their ears and yelling LALALA. And they didn't put 2 and 2 together about why NSA paid them $10,000,000 when the possible backdoor was discussed in the media and the cryptographic community?

I can accept that RSA Security might have been fooled in 2004. But they have not even tried to explain why they kept using Dual_EC_DRBG after 2006/2007. They have been caught with the hand in the cookie jar, and refuse to even try to defend themselves. Why should I try to invent explanations for their innocence for them?

> what evidence could RSA show us that would reinstate our trust

The point is that the circumstantial evidence is so hugely strong. This is not unfair - this is reality.

It is like finding you standing over a corpse in a pool of blood and a knife in your hand, with a $10 million payment to your account from the victims worst enemy. And you refusing to talk about how you got there, or why the victim's worst enemy sent you the $10 million. Do you think I have no right to make assumptions in that case?

about 10 months ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:What did you expect? (99 comments)

> What RSA Security has specifically said is that they knew about the backdoor when they made the $10,000,000 deal.

That should of course have been:

> What RSA Security has specifically said is that they didn't know about the backdoor when they made the $10,000,000 deal.

about 10 months ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:On the record (99 comments)

Are you referring to this RSA's CTO Sam Curry's "defense", which Mathew Green and Matt Blaze has had so much fun ridiculing? http://blog.cryptographyengine...

RSA Security really haven't made anything close to a coherent defense.

about 10 months ago
top

'Obnoxious' RSA Protests, RSA Remains Mum

thue Re:What did you expect? (99 comments)

> And the RSA did go on record. They said it wasn't true.

What RSA Security has specifically said is that they knew about the backdoor when they made the $10,000,000 deal. RSA Security has not denied that it turned out there was a backdoor, or that there was a $10,000,000 deal to make Dual_EC_DRBG the default in the BSAFE library.

If you read the keynote from the current RSA Conference, RSA's defense is that they stopped independently creating and verifying the cryptographical algorithms, instead just getting them straight from NIST and ANSI. And they knew or should have known that Dual_EC_DRBG was written by NSA.

> "Recognizing that [after year 2000, open source, non-patented encryption was widely available], and encryption's inevitable shrinking contribution to out business, we worked to establish an approch to standards setting that was based on the input of the larger community rather than the intellectual property of any one vendor. We put our weight and trust behind a number of standards bodies - ANSI X9 and yes, the National Institute of Standards and technology (NIST). We saw our new role, not as the driver, but as a contributor to and beneficiary of open standards that would be stronger due to the input of the larger community."

Meanwhile RSA Security ignored all the independent research showing that Dual_EC_DRBG was radioactive. So RSA Security's defense is that they stopped doing any due diligence, and instead just copied everything straight from NSA. And because they stopped even trying to do independent cryptography, they were not aware of the possible backdoor. And you think RSA Security's statements in their defense are not laughable, and that people protesting this is just "a$$holes"?

about 10 months ago

Submissions

top

Climate Science: Scepticism's limits

thue thue writes  |  about 5 years ago

thue (121682) writes "There is a good article over at The Economist where they pick apart a specific claim that climate change is all a hoax manufactured by scientists. The Economist then goes on to note that "So, after hours of research, I can dismiss Mr Eschenbach. But what am I supposed to do the next time I wake up and someone whose name I don't know has produced another plausible-seeming account of bias in the climate-change science? [...] So for the time being, my response to any and all further "smoking gun" claims begins with: show me the peer-reviewed journal article demonstrating the error here. Otherwise, you're a crank and this is not a story." Which is an excellent point in the current everything-goes debate."
Link to Original Source

Journals

thue has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?