5766 posts • joined 21 Dec 2007
- Next →
Re: Worn out road to the bank
So you want to become the next POTUS?
Frankly, it would be something of a relief to have one who looked and sounded good again. At least that would be something.
If we must have evil, couldn't it be quality evil?
Funnily enough, China fuming, senator cheering after Huawei CFO cuffed by Canadian cops at Uncle Sam's request
Re: "Americans are grateful..."
Sasse's an ass, even by Nebraskan and Congressional standards. Sadly, he learned political rhetoric at Harvard, St John's, and Yale, with a brief stopover at Oxford. He's just not very good at it.
In any case, Sasse is very much a participant in US right-wing circles of power. Prior to pontificating in the Senate, he had stints at Boston Consulting Group, the DHS, and private academia. There's more info available in Wikipedia and elsewhere, but it's a depressing read.
He was one of the feebly-anti-Trump members of Congress, but never to any actual effect.
don't bother asking D-Wave
D-Wave, which sells quantum computing hardware
D-Wave sell adiabatic quantum computing hardware (assuming they're not just selling snake oil). That's very little like general quantum computing hardware.
Adiabatic QC is fine if you can represent your problem as annealing a spin glass. (Fine, but maybe not useful; last I checked, it wasn't clear that there were many real-world problems for which AQC provided any real-world advantage.) It doesn't solve problems in BQP in better-than-deterministic-computing time.
Asking D-Wave to comment on this report is like asking a manufacturer of roller skates to comment on the automobile industry.
Re: Don't miss the point
The data has to be resistant to quantum attack n years before a QC attack is feasible, where n is the time value of the data.
That's a naive threat model. Data has to be resistant to attack by GQC machines until that attack's cost drops below the value of the data - just as with any other attack vector.
Even if the NSA has a unicorn-powered large-scale GQC machine now (vanishingly improbable), it is orders of magnitude less likely that using it to using it to crack a large number of keys is possible, much less cheap enough to be worth doing. Given the vast number of qubits required for QEC for decent-sized problems, even a big-enough-to-be-useful GQC machine will almost certainly be applied to only a handful of extremely valuable problems.
I think research into post-quantum crypto is swell. It's nice that RLWE and similar algorithm families are becoming feasible for everyday use. But the data-lifespan arguments for PQC are mostly based on some highly unlikely assumptions.
Re: The proof is in the pudding
Quantum annealing appears to work to some degree, that indicates that quantum computing might be possible
Why do you think quantum annealing says anything about the practicality of large-scale general QC?
Tunnel-effect transistors work great. They don't demonstrate anything about the practicality of general QC either.
Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time
The threats are myriad
"Yes, encryption enables us all to live safer online lives. But its ubiquity brings anonymity to bugbears, hobgoblins, and bogey-men gangs, who live under our beds and in our closets."
Thought I'd fix that for J. Fleming, or Ol' Phlegm-head, as his friends call him. (Or so I've heard.)
Re: WhatsApp snooping
They will leave that up to Facebook to figure out, but it seems you could modify the software to ALWAYS produce a BCC key, so you wouldn't be able to tell when they are listening and when they aren't.
The sender and recipient are both running an app that has the messages in plaintext. There's nothing to stop Facebook from modifying that app to relay the plaintext to the SIGINT service of choice. No need to tamper with the Signal protocol itself, or how the app uses it, if you're only required to subvert that one particular app that uses Signal. And, AFAIK, that's what the law1 requires.
Vendors who comply with this law will do it by putting backdoors in applications. Some knowledgeable users will build their own applications, or get untainted ones from safe sources. The spooks are assuming that the vast majority of users won't, and they're very likely right about that.
1Which I like to refer to as Australia Rejects Secure Encryption.
the congress notes from the mid 90's key escrow laws, not to mention munitions
In the US, key escrow and cryptography-as-munitions were both moves by the executive branch, not the legislative. Congress didn't have anything directly to do with them. (Key escrow, particularly the Clipper Chip, came from the NSA and was pushed by the Clinton administration; including cryptography as munitions was done by the State Department.)
Not that it matters much - in the Foolishness Sweepstakes, the executive and the legislative both have plenty of awards.
Just sent a load of old hash irregularly thru any of your usual messaging apps, make it look like some encrypted messaging
Or use a variant of Rivest's chaff-and-winnow protocol: send a bunch of noise, with the actual signal mixed in, where the recipient has a mechanism for filtering, such as validating a signature on the signal fragments.
Encrypt all the fragments, and let the spooks decrypt them all. Only the recipient knows which are valid.
Re: It's 2018, And...
You don't have to give the real answer
Then your "I forgot my password" responses become another set of passwords, and you've defeated the mechanism that protects you from that failure mode.
And that may be fine. Maybe you never experience that failure mode; maybe you have your own protection mechanism (e.g. you write those false answers down somewhere). But it does demonstrate just how feeble the entire password-reset process is. Either it turns one failure mode (forgotten password) into a worse one (password subversion by an attacker); or it turns that former failure mode into another version of itself.
Re: You can read my SMSs but you can take my WhatsApps from my cold dead hands
1. Are we ok with lawful intercept?
Not under the current regime (in the US), with its secrecy, lack of due process, and widespread abuse.
2a. If not, why is nobody saying this in these discussions?
In which discussions? It comes up pretty frequently in my experience.
2b. If yes, why should one messaging format be privileged and another not (ie why should we accept interception on one and not the other)?
Because you fight the battle you're in today, not yesterday's or tomorrow's.
Re: Australian Privacy
Australia doesnt have the same commercial weight as say Korea or USA.
No, but passing this in Australia helps normalize the idea so that South Korea and the USA and other industrialized democracies can push equivalent legislation through. SIGINT agencies around the world have been begging for this sort of regulation for decades. "Australia did it, and the sky didn't fall" is a useful argument for them.
That it's tremendously foolish and profoundly vile holds no water with those types.
2/10 seems high to me.
Re: hurr durr
Viruses are rare for modern OSes, partly because executable images on filesystems often aren't writable by the victim, but more because it's just not an interesting or particularly useful exploit mechanism anymore. There are much better things for an attacker to do, notably downloading more complex payloads and either planting them elsewhere in the filesystem or leaving them memory-resident.
Saying there are no viruses for MacOS is a bit like saying few people these days break their wrists turning the starting cranks for their cars, or get kicked by their horses when harnessing a team to their carriages.
Also, if we're including the classic MacOS (and why wouldn't we be?), some sources disagree with your claim.
Re: CAPTCHAs can FOAD.
Image and audio CAPTCHAs also have usability issues, and require enabling those media types.
Also, of course, sometimes there are perfectly valid reasons for automating resource access.
"Crosswalk" ought to refer to the pilgrimage of the Penitentes to Santuario de Chimayo, but sadly does not. In the US, a "crosswalk" is a section of a roadway marked for pedestrian crossing, so more or less what's called a "zebra crossing" in the UK.
In the US, a "zebra crossing" is a section of roadway where zebras are likely to attempt to cross. They're similar to, but less common than, deer crossings.
surely American streets don't have that many signs all over them
What's "that many"? I've seen plenty of signposts with half a dozen or more signs hung on it. You can find plenty of genuine examples in Google Images, if you're willing to browse for a while.
Re: American imperialism
we have to recognise AMERICAN cars
Pfft. How hard can that be? They're just like regular cars, except worse.
Re: CAPTCHAs can FOAD.
Tests designed to weed the Humans from the computers are often difficult if not impossible for the Humans to solve, yet obscenely easy for the Computers to thwart.
They're also solving the wrong problem, since even a perfect human-detection test would still stuff from human-based attacks, such as Mechanical-Turk-style paid attackers, and other incentives. I've seen reports of spammers reflecting CAPTCHAs to porn sites, so consumers of the latter solve the CAPTCHA in exchange for product. That sort of thing is trivial to engineer and costs the attackers almost nothing.
What's needed is a test to see whether the user is both sincere and aware of what resource the test is unlocking. Good luck with that.
Re: GAN see through
You need to update your model to recognize puns.
Yeah, and car seatbelts require producing more non-biodegradable nylon. If that thought doesn't keep you up at night ... well, you're probably at least marginally capable of critical thinking.
Re: This is why calls should have end to end encryption
End-to-end encryption of calls doesn't help with this class of attack, which is tracking a phone from station to station and observing traffic such as call establishment. It's not breaking the confidentiality of calls or other messages; it's breaking infrastructure confidentiality.
Re: I don't really agree with you...
I have to admit I was amused you quoted the JP wiki for this, and not, say, the actual source material. I hope some day someone links to your post in a discussion of the character.
"Oh, I don't read novels. I prefer good literary criticism. That way I get both the author's ideas and the critic's." (Stillman, Metropolitan)
Re: I don't really agree with you...
with the prevailing sentiment of Jobs
What sentiment would that be? It seems to me that, in my experience, opinions of Jobs are pretty evenly split between "OMG visionary genius" and "good lord, what an utter bastard".
With a small but vocal minority asking "can't it be both?". (Yes, but in this case I'm not persuaded of the former, frankly.)
Re: Very good of you
I hate to burst the dreams of unimaginable wealth, but cheques are only valid for up to six months after signing
And this is true in all jurisdictions, is it?
I've cashed checks that were more than six months after their claimed signing date. Indeed, I've never seen a bank reject a check because of the date. I dare say I could date a check "Late Industrial Revolution" and any of my banks would still happily cash it.
In the US, check cashing is covered by the Universal Commercial Code, which gives banks considerable latitude in these matters. Per one source:
Banking laws in every state are based on the Uniform Commercial Code. According to the code, a personal check becomes "stale dated" six months after you write it. Banks don't have to dishonor stale dated checks, but the Uniform Commercial Code gives a bank the option of refusing these checks.
Banks have "the option of refusing" stale checks, but of course doing so costs them money, because they have to actually look at the date. It's cheaper for them to simply cash the check and, if it's drawn on another bank, pass it on for clearing.
Re: Hmm... Uh huh, oh of course, yep, Obviously....
I'm not sure how this is a replacement for CMOS logic and not just a non-volatile storage mechanism?
Do these things act as Diodes?
Yes, and you can build transistors from them too. See my post upthread for some links, or search for "spintronic transistor". Short version: You can build junctions where the spin-state of one material affects current transfer across the junction. At least that's as I understand it - this is Not My Area.
Nobody is talking switching speed yet. I wonder why not.
Because research is a process, and not instantaneous?
That's OK. Someone has to ask the stupid questions, or we'd be left wondering why no one had.
Re: Amazing stuff
How can the state of one of these atoms be used to direct current flow one way or another in a logic gate?
Not my area by any means, but AIUI:
- We're not talking about "the state of one of these atoms". We're talking about the state of a lattice of several atoms, per the illustration in the article. That's an important distinction, I think; there's a junction of different materials in play.
- MESO is one type of spintronics. The Wikipedia article on spintronics discusses one way of building a transistor. The base scatters current to an extent dependent on its spin, so the spin can turn it "on" or "off" for appropriate current levels. It appears there's at least one patent on this sort of "magnetic tunnel transistor", which probably has more information if you want to dig.
I prefer to write efficient code, though it's also important to write code fairly efficiently.
Re: Even the supposedly "Progressive" corporations are a bunch of Puritans in the USA
I think that one can be easily traced back to the first settlers to America
Jeez, what did they ever do to you? Did you find a clovis point in your soup or something?
Maybe you're thinking of the first European settlers in what's now the US, but the Vikings weren't noted for their sexual repression. Nor were the Spanish, particularly.
The Puritans were latecomers. They mostly started arriving around 1630, some 65 years after the Spanish established St Augustine and Española.
The Puritans also weren't anti-sex. They may have demanded a certain level of public modesty (which, sure, I think was unnecessary, but in the greater scheme of things was pretty minor); but they liked their sexual congress within their framework of mores. We have plenty of evidence of that in their journals and poetry and other writings; see for example Hughes, "Meat Out of the Eater: Panic and Desire in American Puritan Poetry".
Public repression of sexual content in the US is motivated by a combination of acculturated neuroses with a long and complex history (not just "it was the damn Puritans") and a cynical calculus of sociopolitical control. While some of the anti-porn zealots (e.g. Dworkin and MacKinnon) are or were, I believe, genuinely motivated by a belief in an inherent social danger,1 most of them are of the other variety, loudly condemning in public what they fetishize in private. It's useful in US politics because enough of the polis supports it, and they're encouraged to continue supporting it because it's useful.
Like any industrial democracy, the US has a long history of using one form of social difference to distract from other categories, and thus discourage the formation of alliances against the group in power. In the late 19th century US politicians and other influential people did a great job of burying class differences behind race and ethnicity; that's why class politics are nearly absent in the US (unlike in, say, the UK), while race remains a raw wound.
(Ethnicity has largely been defused by the "becoming white" social-mobility mechanism, which proved too hard to stem because of the demand for skilled labor, and by the growth of mass media, which expanded people's social circles and so interfered with their ability to easily classify and stereotype people based on ethnicity. Race is tied to a simpler and more-apparent set of bodily markers and so is easier to trigger.)
In other words, complex problems are complex.
1I saw Dworkin at Miami University in the early '90s. I was not persuaded of her thesis, but she certainly seemed sincere.
Saying a good breast is a censored (or amputated) breast is not helping the fundamental problem.
I'm trying to figure out if Katyanna's "It may sound like a good idea at first" was intended to be sarcastic. I can't imagine what sensible person would think banning "female-presenting nipples" could be a good idea.
(And that's a rather bizarre phrase. The nipples are presenting a female? "Look at my person! Woo!" Whoever came up with it has a tenuous grasp of English; I suspect they're not very good with logic or critical thinking, either.)
I never use Tumblr, so it doesn't bother me personally if this move guts it, but it's a regrettable sign of the calculated, unethical leap to censorship that social-media firms are making when their profits are threatened.
Re: Let the Prisoners go Free!
I never understood the fear of the feminine nipple myself
Well, they're vaguely cylindrical, and generally significantly larger than the male variety. I can see how that might be threatening to certain people who are greatly invested in comparing the sizes of cylindrical body parts.
SEAL up your data just like Microsoft: Redmond open-sources 'simple' homomorphic encryption blueprints
Re: "99 per cent accuracy"
1,000,000 operations, 10,000 errors ... how is that useful?
If only it were possible to detect and correct errors...
Re: Surely the point of encryption...
But the whole point of this seems to be to allow operations to be carried out on the encryoted data without that data ever being seen. Whenever you do this the hash will change
Not if it's a read operation. Some databases aren't write-only.
That said, there are use cases for a blind update mechanism. The simple ones can generally be done trivially without using something like homomorphic encryption, given a typical threat model. (For example, letting a partner increment a customer's number-of-items-purchased without seeing the original value; that can be trivially done with a stored procedure.) But for example it may be useful to let an authorized party bulk-read encrypted data, perform computations for a report (still encrypted, because homomorphism), and write that report back to the database. That gives you a way to offload things like report generation without compromising privacy.
but there is no way of knowing [directly?] what has been changed
I have no idea what you mean by this. Any entity with the decryption key can see the new value, and it's entirely possible to do all the usual auditing and so forth if you need a log of changes. An entity which is authorized to make blind updates - i.e. can update data but not decrypt it - shouldn't be able to tell what was changed, at least in terms of the decrypted values. So what's the problem?
Re: Surely the point of encryption...
If you want to prevent tampering, you need to use signatures.
You need to provide data integrity against active attacks. Signatures are one primitive for that, but they're generally not appropriate for this use case. HMAC and similar constructs, using cryptographic digests but not asymmetric cryptography, are more plausible.
Homomorphic encryption has seen massive performance improvements over the past years
Yes. I agree that we're now at the point where it looks practical for certain niche application domains.
I'm looking forward to seeing similar improvements in verifiable computation, which would address some similar problems for distributed computation for some application domains. The "nearly practical" Pinocchio system was introduced, what, three years ago? Haven't looked into what's been happening in this area since.
Core is a long way from replacing Framework
There's still no sign of server-side WCF in Core, for example, and indeed some opinion that there never will be any. That makes Core a non-starter for the .NET product I work on (which, admittedly, is not the typical .NET product). We could certainly rearchitect away from WCF, but there's no compelling advantage to using Core for us.
Re: Depending on MS plaftorms is always a mistake
Heaped together with GTK1?
And Apache Struts 1, and Dojo, and Java IFC, and DBase II, and SYSTEM 2000, and so forth.
Some technologies have very long lifespans. Some have shorter ones. For some applications, it's a good idea to try to make an informed guess about how long the technologies you're considering will stick around; for others, not so much. Estimated longevity shouldn't be the only criterion. (If it is, shouldn't you be developing in Fortran?)
See, the thing is, I *like* ANSI C/C99.
Specced in 1988. Minor update in 2000 - ooh 64bit!
After C90, C is really ANSI + ISO C, with the specification initially published by ISO, as ISO 9899. At least for C94 and C99, there were both ANSI and ISO working groups (I don't offhand remember if this was still true for C11) - INCITS J11 and SC22 WG14, respectively - so calling it "ANSI C" is inaccurate.
It was updated in 1994,1 1999, and 2011. The '94 update was minor; I wouldn't call C99 a minor update, though it went to considerable length to avoid breaking backward compatibility, so many people didn't notice. But if you read through, say, the C99 Rationale, you'll see that the changes are substantial and the deliberations behind them even more so. Many new types. The restrict type-qualifier. Unicode character escapes. Declarations can appear anywhere in a block. The __func__ predefined identifier. Compound literals and designated initializers. Tighter rules for declarations. Variadic macros. A bunch of subtle changes regarding blocks and scopes. And so on.
WHat the fuck do I get with .net?Well, for one, we are at major version3, after just 10 years of exitense.
Major version 3 of .NET Core. The .NET Framework is at 4.7. CLR is at version 4. Your argument might be a bit more persuasive had you taken a minute to learn something about your subject.
Someone else might point out that different problem domains might be best addressed with different tools, but I have a feeling in your case that observation would fall on deaf ears.
1Or 1995, depending on whom you ask. This version of C is often called "C94", but the C99 Rationale calls it "C95". And it actually wasn't a single update - there were two Technical Corrigenda and an Amendment. They were bundled up with C90 into the C94 / C95 standard.
I have always disliked Venomous Studio, since I started using it (occasionally) for developing one product that requires it1 a decade ago. I've never much liked IDEs anyway - they're never as capable as a good shell (on Windows I use Cygwin bash) plus a wide range of the tools I prefer.
But VS2017 is particularly execrable. Crashes all the time. Microsoft keeps publishing huge updates for it (which of course mostly end up requiring a reboot - why? it's a fucking IDE) which fix some things and break others. Debugging is woeful, with all sorts of random failures.
And why, why, why can I not tell VS to start a process and attach the debugger without trying to rebuild every goddamned thing? Usually I launch the appropriate process(es) manually and then attach the VS debugger, to save time and aggravation, but sometimes you have to debug startup. A million options and they miss out on the useful ones - that is, the "stop doing things automatically, you stupid piece of shit" ones.
1Because there aren't any other decent debuggers for CLR code, as far as I know. That, and adding projects to solution files, is essentially all I use VS for.
Network protocol fuzzing
There have been some projects to use the AFL engine to do network-protocol fuzzing, in addition to file-format fuzzing. I haven't looked into them in a while. It'd be interesting to see how much work it would take to adapt AFLSmart to that sort of use.
Of course, you can always create client and server drivers that use an input file to generate the network traffic, and fuzz that. Or stub out your networking logic with equivalent file I/O. But having builtin network capability would be useful.
I remember when Zalewski first made afl-fuzz (the original American Fuzzy Lop command-line fuzzer) public - I think I have the email archived somewhere in one of those "take a look at this" collections. It's hard to believe that (according to the CHANGES file) it's only been five years. Lots of bugs have been found by it in that time.
Re: Happened before
Hit them in the pocketbook.
Unfortunately any settlement is likely to be paid by the controlling government's liability insurance policy. It's not like the sheriff's department, much less anyone who actually made any decision involved in this case, will pay anything.
Probably the best we can hope for is that a large settlement puts some political pressure on the sheriff and some of that rolls downhill onto the deputies involved in the first place. Where I live, we've seen some sheriff elections come under pressure, if not actually turn, due to fuck-ups by the department. (Arguably nothing as bad as this one, though I'm reluctant to try ranking these things. The department in my neck of the woods let a lot of evidence get contaminated, for example, which may have eventually caused grief for who knows how many people.)
if the police thought that a $1M bond was required for this charge
My understanding is that bail is set by a judge. Maybe things are different in Georgia (or more precisely, maybe this is one of the many things that are different in Georgia), but in the states I've lived in, the police don't set bail.
That said, I agree the bail was ridiculously high, and every other facet of this case stinks. Unfortunately, thanks to qualified immunity, there's no reason to believe anyone involved on the law-enforcement side will suffer any significant consequences from this. Policing in much of the US has largely become an extortion racket (see for example civil forfeiture) and sop to paranoid "law and order" voters, with the enthusiastic support of federal, state, and local governments.
Re: A more relevant book comes to mind...
Aren't all successful fiction writers really propagandists themselves?
Sure, if you're a sophomoric thinker with no understanding of rhetoric.
Noting that fiction, or any other use of language, is inherently an attempt at persuasion is nothing new. The best known modern, sustained explorations of that thesis are probably the work of Toulmin and of various rhetoric scholars of the Constructivist school; but the basic idea goes back to antiquity.
Reducing it all to "propaganda", however, discards any useful distinction among applications of rhetoric and intentions of rhetors.
Re: Have you ever put something apparently useless to good use?
There was never a good reason to completely ban split infinitives.
Or prepositions at the end of a clause. Both prohibitions are folk prescriptivism and false elevation, and serve only to demonstrate that their proponents have little understanding of English usage, pragmatics, or sociolinguistics.
I think I heard that the origin of this "rule" came about because Latin didn't have split infinitives
Yes, courtesy of various Neoclassical pompous asses and generations of small-minded, ill-informed teachers who slavishly followed their dictates. The same is true of the prohibition on prepositions at the end of clauses, the reasoning there being that a preposition must come before an object, because that's what its name means ("in front").
As English shibboleths go, those are mightily weak ones. Pedants should really pick something better, like the misuse of "jejune".
Re: Rather it wasn't destroyed.
They seldom are
It happens often enough in the US for illegal imports - cars imported in violation of the "Chicken Tax" (a protectionist scheme to keep newer foreign cars out of the US market). You can find articles and videos on various car-enthusiast websites such as Jalopnik.
And it is a waste. If they have to seize the cars (regardless of how stupid the governing statute is), fine. They're nearly always vehicles of interest to enthusiasts, so auction them off to enthusiasts outside the US. They'll probably sell at very low prices (as we see with police vehicle auctions now), but as long as the buyer pays for shipping, who cares?
Re: Off topic but on headline
Its Cal or NorCal.
But thanks for playing.
an intense firestorm can kill by taking all available oxygen out of the air
Not to mention simply cooking people with its heat, or searing their lungs. Fireproof houses would just make it easier to find the bodies.
As for the rest of your post: agree on all points. Fire risks in the US Southwest are a complex problem. Mistakes have certainly been made (including, as you pointed out, not just forestry but the importation of eucalyptus1), but those are contributors, not the entire cause.
Complicated problems are complicated.
1Some of that eucalyptus was imported in an attempt to quickly grow lumber for railroad ties. Jack London was a member of one such investor group. It turns out eucalyptus isn't suitable for the job, but it's great for fueling wildfires. Tenner discusses the subject a bit in When Things Bite Back.
Kildall and IBM
I know it's late enough that probably no one will read this comment, but when I read this:
It is believed Kildall was actually flying with Godbout when IBM called Kildall's home
All I could think was "Thomson vs Orlowski: Fight!".
(Personally, I find the "Kildall was at the meeting" version of the story, as you describe it above, better supported by the evidence I've seen.)
- Next →