Blogger blogs are not indexed by search engines, to protect the privacy of the amateur suburban blogger.
Despite apprehensions, 65535sec is moving to www.65535sec,wordpress.com, so that the content will be indexed by the various search engines.
Tuesday, April 9, 2013
Usage based billing increases lock-in.
In Cloud-type data assurance, it can be vital it can be to maintain an offline processing capabilitiy, for general purpose computing. To facilitate this, Operating System providers make redistributable updates available. We can still get service pack redistributables for Win 7, and offline Java etc. But with the advent of Windows 8, Microsoft can saddle you with a computer that won't boot, if you do not have online access.
I fact, with updatable EULA's, the Windows 8 OS could be changed to require payment of a (nominal) monthly subscription fee.
I fact, with updatable EULA's, the Windows 8 OS could be changed to require payment of a (nominal) monthly subscription fee.
Meanwhile, the mad rush to the Cloud is leading laymen to forget that they can also be charged by the bit for internet access. As an end user, one might neither be able to access his work product data, nor back it up, without fee based bandwidth services.
Linux makes package managers, but offline installers would be a significant addition, so "maverick installs" are not the only choice, for offline applications.
Would a virtual router have advantages over a hardware router?
In 2010, I used a Cisco EA2700 router behind an AT&T gateway, with the remote update turned off, and MAC address filtering for only three devices, two general purpose computing "towers," and an iPod.
While using this implementation, I began to theorize a Virtual environment, where a virtual router controls access to other (possibly even "virtual") machines. I speculated that this would make penetration harder, by specifying the (updatable) MAC address of the virtual router as the only device authorized to pass traffic to the WAN, at the hardware router. Admins could still telnet in, to manage the virtual router, using the IP address and password, (such as managing whitelists and blacklists.) One could also specify MAC address filtering within the virtual environment. It's obligatory to suggest that the virtual router is a different firmware model than the physical router.
This might compare or contrast to a Bluetooth type pairing and bonding protocol.
I think it actually improves things.
While using this implementation, I began to theorize a Virtual environment, where a virtual router controls access to other (possibly even "virtual") machines. I speculated that this would make penetration harder, by specifying the (updatable) MAC address of the virtual router as the only device authorized to pass traffic to the WAN, at the hardware router. Admins could still telnet in, to manage the virtual router, using the IP address and password, (such as managing whitelists and blacklists.) One could also specify MAC address filtering within the virtual environment. It's obligatory to suggest that the virtual router is a different firmware model than the physical router.
This might compare or contrast to a Bluetooth type pairing and bonding protocol.
I think it actually improves things.
RSA certificates need not auto-authorize
We are all familiar with the message-box "Always trust s/w from NVIDIA/Microsoft/Big Name." We click on these with confidence, because DNSsec (officially required since June 2010,) is remarkably secure in employing RSA certificates in ways that are difficult to counterfeit.
However, large corporations are not the only entities empowered to install "trusted" code. In fact browsers, such as Firefox, Chrome, and Internet Explorer, maintain a list of trusted certificates, any one of which will suffice to install certified code on any windows PC, unattended. The pop-up box is obligatory, not intrinsically required.
Conscientious programmers have noted that whenever a browser is updated, manually entered exclusions, (such as "No Malaysian RSA authorized software at all,") are clobbered, or over-written.
One solution to this, for security obligated employers, is to employ Open Source's freedom to modify, to insert a pop-up alert, or "nag," EVERY time any RSA cert is invoked.
The purpose of such an alert, would be to denote that ANY software was installing unattended. Every virus writer drools over the idea, and nation-states that promote A.P.T.'s or turn a blind eye to abuse, are very capable of compromising their own RSA certificate(s,) for nefarious purposes. As with Hitchcock's classic "Strangers on a Train," the bad actors need not incriminate themselves, if they are appropriately sophisticated.
Despite the allure of this solution, it requires some understanding of Certificates, on the part of the end user. It used to be commonplace, for a legitimate Certificate to be flagged for error, due to date/time stamp inaccuracies in the BIOS of the end user's machine.
How many decimal digits are there in 2^(d)?
log x = y, such that 10^(y) = x.
By algebra, 2^d = 10 ^ (d * log(2)) or (d * log(2)) digits.
By experimentation, 2^d = (d * log(2)) + 1 digits.
By algebra, 2^d = 10 ^ (d * log(2)) or (d * log(2)) digits.
By experimentation, 2^d = (d * log(2)) + 1 digits.
Sunday, March 31, 2013
A simple model to explain the Diffie-Hellman Key Exchange
The Diffie-Hellman key exchange was a revolutionary application of integer arithmetic, to exchange encryption keys, in real time, without pre-arrangment.
Since the mathematics is a little esoteric, it's sometimes easier to employ the following illustration.
Bob and Alice have a wooden chest with a large hasp to lock it. Bob has a red combination lock. Alice has a green combination lock.
In the study, Bob writes the password on a small note, and locks it in the chest, with his red combination lock. He then asks or allows Eve, to transport the chest to Alice.
Alice cannot open Bob's lock, but by request, she locks to hasp in a second way, using her own green combination lock. She then duly asks Eve to tote the chest back to Bob.
Bob in his turn unlocks his RED lock, and Eve makes one final trip, back to Alice with only one lock on the chest: Alice's GREEN lock.
Since Alice knows the combination of her own lock, she is a liberty to request privacy from Eve, and in seclusion open the chest to reveal the newly agreed password.
When done in mathematics, the password is not decided by either party, but results from changes made during the process. Nonetheless, the exchange is analogous to the illustration above, and almost anyone can see that it is possible.
RSA public key encryption is analogous to Bob handing Alice his open, red lock. Alice never knows how to open it, and she cannot accept random red locks - she must ensure that it is Bob's lock she receives.
Since the mathematics is a little esoteric, it's sometimes easier to employ the following illustration.
Bob and Alice have a wooden chest with a large hasp to lock it. Bob has a red combination lock. Alice has a green combination lock.
In the study, Bob writes the password on a small note, and locks it in the chest, with his red combination lock. He then asks or allows Eve, to transport the chest to Alice.
Alice cannot open Bob's lock, but by request, she locks to hasp in a second way, using her own green combination lock. She then duly asks Eve to tote the chest back to Bob.
Bob in his turn unlocks his RED lock, and Eve makes one final trip, back to Alice with only one lock on the chest: Alice's GREEN lock.
Since Alice knows the combination of her own lock, she is a liberty to request privacy from Eve, and in seclusion open the chest to reveal the newly agreed password.
When done in mathematics, the password is not decided by either party, but results from changes made during the process. Nonetheless, the exchange is analogous to the illustration above, and almost anyone can see that it is possible.
RSA public key encryption is analogous to Bob handing Alice his open, red lock. Alice never knows how to open it, and she cannot accept random red locks - she must ensure that it is Bob's lock she receives.
Subscribe to:
Posts (Atom)