How strange. Hayek claims that a decentralized algorithm can do things a centralized algorithm can't. With all other computers or systems, the opposite is true. P outranks NC in complexity theory (unless P == NC, which is an open question like P == NP, but one suspects both are inequalities ). Mises goes further and claims that not even God could simulate the market. That is, it's not an issue of information. Curiouser and curiouser!
(And if it's impossible for an ordinary algorithm to find the optimum, but the market finds the optimum, how can we know that that is the true optimum? We have no simulation that will work, after all.)
So, turn the electronic machine into an Expensive Pencil (i.e. touchscreen plus printer). The printout is the ballot, and the voter can manually inspect it before putting it in the ballot box.
Why not go further? There's no reason why a voting machine should even be Turing complete. For plain old Plurality voting, simply have a machine that reads input (buttons or touchscreen, whatever), then blows an antifuse for the selected candidate and fuses for all the other candidates, on a PROM. Connect the PROMs to a central counter which tabulates the ballots, and there you are. (If you want Condorcet, each "ballot" needs log n bits per candidate, not just one).
What I'm saying is: design the computer out of least privilege in terms of hardware. If the computer doesn't need to modify its own code (and why would a voting machine need to do that?) then just make that impossible. They can't hack what isn't there.
Corporations are made of and run by PEOPLE. People like you and me. They are not entities that are parasites because in reality they don't exist.
I prefer the following point of view (from Wikipedia):
A corporation can be considered as an artificial intelligence that makes use of replaceable human components to function. People at all ranks can be considered replaceable agents of their functionally intelligent government institutions, whether such a view is desirable or not.
Corporations exist the way that society, government, and other organizations exist on the substrate that is people; and the way that networked software exist on the substrate that is a computer. The greater the extent of the substrate involved, the more emergent effects you will see, and the more tightly connected, ditto.
Amen to that. A minmax algorithm with alpha-beta pruning doesn't have any motivation (it just is), yet it's intelligent enough to beat most chess players (you need exotic tricks to beat the rest).
The root problem is a grand confusion between Intelligence and Consciousness. An algorithm solving NP-complete problems in quadratic time would be extremely intelligent, but probably not conscious. Intelligence is effective planning, consciousness is... well, something else.
2. Change the content in a way that's not perceptible to the user. The problem here is that these tend to be removed by lossy compression - the lossy compressor uses a model of human perception to remove information that's not perceptible, and your watermark's no exception. 3. Change the content in a way that is perceptible to the user. While this works, it's also very annoying.
The usual watermarking countermeasure to this is to make use of some effect that's "barely perceptible". In other words, they try to change something that if you change less than some fraction f of the total data, it won't degrade data too much, but if you change significantly more than f (by trying to add noise to everything), the quality degrades. It's called spread spectrum from an analogy to radio transmission: use spread spectrum with a key to send your message, and the adversary will have to jam the entire bandwidth because he doesn't know what frequency subset you're using.
A good example of this kind of watermarking is the Cox FFT picture watermark scheme, which modulates a subset of the n greatest FFT coefficients. It's not a practical watermark scheme because the FFT data can be altered by simply rescaling or warping the picture, but it does show the concept. Lossy compressors compress the altered pictures less than the originals.
For such watermarks, two problems remain, though. The first is, as hinted before: there may be global transforms that alter the picture in ways that human perception doesn't notice, yet alters the watermark basis, like FFT data, enough to make it impossible to detect. There's plenty of research going on in making transforms that are invariant to such modifications (log polar Fourier is well known, but not very practical because of severe aliasing). The second is the collusion attack: take a thousand pictures and average them all into one. In the "best" case, there will be a thousand watermarks; in the worst, they cancel each other out (partially or entirely).
My hunch is that the former can be got around with enough work, but the latter, not so much. Still, watermarks seem much more practical than traditional DRM, simply because watermarks don't try to make water not wet (bits uncopyable). Also, even if watermarks end up broken, one could use them for benign purposes: imagine metadata that stays in the picture no matter if it's PNG or JPG, and can be read even after printing out and scanning back in.
With proportional representation the party leaders choose who represent you and you have no way to say no to a scummy person. Also independents effectively cannot be elected.
For STV (like BC-STV, the BC method that was unfortunately defeated), that's absolutely not true. A voter can rank the candidates in his desired order. If a party fields a scummy person, you could choose to just not rank that person (effectively ranking him last), and if enough voters do that, then that person won't be elected, no matter the wishes of the party. The same thing goes for independents: they can run as independents, and voters may rank an independent like any other candidate.
Let's consider two cases here. The first is where you transmit the photons over a secure channel so nobody can tamper with them. In that case, delaying versus not delaying doesn't grant any advantage, and you could just as well transmit the OTP classically (in that case, the secure channel being a courier or something).
That leaves the case where the channel is insecure. Doing the quantum transmission in one go falls to the man-in-the-middle attack I've detailed: I establish a computer in between, receive A's photons and send my own photons in its stead. I can't clone the photons, but I don't need to: I simply establish one OTP with A (A thinks he's sending that OTP to B), and another OTP with B (B thinks this is A's OTP), and transparently decrypt/encrypt what comes later.
Your countermeasure is to break the protocol into two steps. As far as I understand, you're saying that because the photons are sent ahead of time, you can't tinker with them because entanglement happens without a connection. But this too falls to the MITM attack. Say A sends a bunch of entangled photons to B, then waits a week, then sets their states according to the QC protocol. What I do, as a man in the middle, is to accept A's photons, send my own to B, and wait a week. When the second stage commences, I read off the states, just like B would do with A's photons, then set the states (using entanglement) of the photons I sent to B.
In order to know that I'm not B, you have to send something in advance, securely. The key doesn't have to be very long - password-authenticated key agreement methods work very well for this purpose, as they can't be cracked offline (usual caveats regarding quantum computers applying). The same holds for quantum crypto: you have to send at least some photons to B in such a way that you know they reach B and not myself. Quantum crypto detects if I'm fiddling with the photons themselves, but in the man-in-the-middle attack I've shown above, I'm not doing that. The photons that A sends to me, thinking I'm B, are never tinkered with except by the recipient (me). The photons I send to B, making B think I'm A, are never tinkered with except by the recipient (B) either.
I do understand quantum crypto, and I know that it is theoretically secure (that is, if the lasers only generate a single photon at a time, etc).
But say you have two black boxes. The first uses Diffie-Hellman to exchange a key for subsequent AES encryption; the second exchanges a one time pad using quantum cryptography. What's the advantage of the second? In a passive attack (snooping alone), the snooper can't break Diffie-Hellman. In an active attack (man-in-the-middle), quantum crypto fails as well: I just put a machine in the middle that acts as A to B and B to A, receive one pad from A and send a completely different one to B, and go on my merry way, transparently reencrypting anything passing through.
Hence, the only reason not to use Diffie-Hellman (or some other kind of exchange) is if public key encryption is rendered insecure, or if the symmetric crypto used after the hybrid stage is weak to the level that it can be guessed. Quantum computers can do the former, but we don't have them yet (serious decoherence problems), and in any event, it seems like it would be much cheaper to invent a public key crypto/key exchange algorithm that cannot be inverted in BQP, instead of making an entirely different network. As for the latter, good luck using academic breaks to guess AES keys.
If the quantum crypto black box exchanges AES keys instead of one-time pads, then the second reason disappears. All you're left with is that it's worth it to use quantum crypto if adversaries can break any key exchange algorithm you might otherwise use. To use a lot of money to build a network on the remote chance that someone somewhere might have a kilo-qubit quantum computer (or Janek's chip) seems... out of proportion to the actual risk.
As opposed to AES-128 or AES-192, both of which are permitted by the AES standard. Either of these are probably secure enough, but why not go for the full 256 bits?
... what's the point of this network? The weakness of current crypto isn't that someone will break it to decrypt in feasible time, but rather what happens outside of the crypto itself. No perfectly secure quantum network can stop worms or social engineering attacks, and as far as cryptographic algorithms themselves go, AES-256 and RSA-3072 is strong enough.
Now, if suddenly everybody had a quantum computer that could break RSA in polytime, there might be a point to this, but they don't, so there isn't - not that I can see.
As the Ukrainian behind Conficker, I think this is a really good idea. Go ahead! Make online voting, then I can sell votes on the black market in blocks of a thousand. Sure, the voter may think he votes for party X, but that's just a man in the middle - since I control the sucker's computer, I control what it shows on-screen, too.
As a partisan manager, I think this is a really good idea, too. Move voting online and I'll subtly hint to my employees to vote online, and from their work computers. Of course, I'll never blatantly threaten my workers, but the message I imply is clear: vote my way or you may find yourself passed up for promotion... or the next to go in a recession.
As an abusive husband or a mafia boss, I think this is even better of an idea. The wussies in paragraphs one and two can't use brute force. Well, I can! Vote my way, bitch!
As a black hat hacker, I enjoy the potential opportunities for employment^Wexploration. By its very nature, the online voting computers must be open to the internet. A zero-day later, and Vladimir Lenin wins the election... if I want to make a point. Otherwise, I'll just sell my "expertise" to the highest bidder. If nobody wants to buy, I'll crash the election for fun with a massive DDoS (note to self: contact the person in paragraph one).
IP blocking (with loads and loads of IPs) is much more resource intensive than simple DNS spoofing -- that's why they didn't go straight to IP blocking in the first place. If DNSSEC forces them to go the more expensive route, that makes censorship even less appealing to the ISPs, and there are always proxies... if they try to put proxies on the IP list, welcome to the cat and mouse game.
Then they can merely manufacture their own keys. Granted, it requires knowledge of the private keys of a number of devices, but once that's done, game over. The paper also shows how to impersonate another device by only using its public key.
"The Abyss" in Episode 1. There's an alcove shooting shrink beam shots at you. If you cheat and fly to where the shots are coming from, then look at the wall, there's the message.
Why not just render the customizable icon in a single color - red, for instance? Then there's no way the malware authors can impersonate the folder icon accurately enough; they could only impersonate another autorun program, but never the built-in options (whose icons aren't subject to the color limitation).
doesn't that just mean a computer can also feed the correct data in, defeating it?
Unless P == NP, checking a solution can some times be a lot easier than actually generating a solution. Consider, for instance, a hash like SHA-1. The whole point of a secure cryptographic hash is that checking if a certain hash matches that corresponding to a document is very easy, but crafting a document that matches an already specified hash is very hard.
How about this: in the perfect world, music stores automatically use album Replay Gain on the tracks they sell. Now the loudness war is pointless because compressing only gets pushed back down by the external normalization process (yet since it's external - like Replay Gain - there's no double compression loss of quality).
Of course, this would require music stores to actually give a damn. Perhaps it would be better to mandate Replay Gain type information in MP3 v3, OGG v2, whatever.
Slashdot Mirror
Breeder. Reactors.
If that fails, Energy Amplifier (it uses Thorium, and you can even burn waste with it).
How strange. Hayek claims that a decentralized algorithm can do things a centralized algorithm can't. With all other computers or systems, the opposite is true. P outranks NC in complexity theory (unless P == NC, which is an open question like P == NP, but one suspects both are inequalities ). Mises goes further and claims that not even God could simulate the market. That is, it's not an issue of information. Curiouser and curiouser!
See also this: Is Economic Planning Hypercomputational?
(And if it's impossible for an ordinary algorithm to find the optimum, but the market finds the optimum, how can we know that that is the true optimum? We have no simulation that will work, after all.)
So, turn the electronic machine into an Expensive Pencil (i.e. touchscreen plus printer). The printout is the ballot, and the voter can manually inspect it before putting it in the ballot box.
Why not go further? There's no reason why a voting machine should even be Turing complete. For plain old Plurality voting, simply have a machine that reads input (buttons or touchscreen, whatever), then blows an antifuse for the selected candidate and fuses for all the other candidates, on a PROM. Connect the PROMs to a central counter which tabulates the ballots, and there you are. (If you want Condorcet, each "ballot" needs log n bits per candidate, not just one).
What I'm saying is: design the computer out of least privilege in terms of hardware. If the computer doesn't need to modify its own code (and why would a voting machine need to do that?) then just make that impossible. They can't hack what isn't there.
That's because it is (to all who value privacy).
You think the ads will last long? Bring it on.
Corporations are made of and run by PEOPLE. People like you and me. They are not entities that are parasites because in reality they don't exist.
I prefer the following point of view (from Wikipedia):
A corporation can be considered as an artificial intelligence that makes use of replaceable human components to function. People at all ranks can be considered replaceable agents of their functionally intelligent government institutions, whether such a view is desirable or not.
Corporations exist the way that society, government, and other organizations exist on the substrate that is people; and the way that networked software exist on the substrate that is a computer. The greater the extent of the substrate involved, the more emergent effects you will see, and the more tightly connected, ditto.
Amen to that. A minmax algorithm with alpha-beta pruning doesn't have any motivation (it just is), yet it's intelligent enough to beat most chess players (you need exotic tricks to beat the rest).
The root problem is a grand confusion between Intelligence and Consciousness. An algorithm solving NP-complete problems in quadratic time would be extremely intelligent, but probably not conscious. Intelligence is effective planning, consciousness is... well, something else.
2. Change the content in a way that's not perceptible to the user. The problem here is that these tend to be removed by lossy compression - the lossy compressor uses a model of human perception to remove information that's not perceptible, and your watermark's no exception.
3. Change the content in a way that is perceptible to the user. While this works, it's also very annoying.
The usual watermarking countermeasure to this is to make use of some effect that's "barely perceptible". In other words, they try to change something that if you change less than some fraction f of the total data, it won't degrade data too much, but if you change significantly more than f (by trying to add noise to everything), the quality degrades. It's called spread spectrum from an analogy to radio transmission: use spread spectrum with a key to send your message, and the adversary will have to jam the entire bandwidth because he doesn't know what frequency subset you're using.
A good example of this kind of watermarking is the Cox FFT picture watermark scheme, which modulates a subset of the n greatest FFT coefficients. It's not a practical watermark scheme because the FFT data can be altered by simply rescaling or warping the picture, but it does show the concept. Lossy compressors compress the altered pictures less than the originals.
For such watermarks, two problems remain, though. The first is, as hinted before: there may be global transforms that alter the picture in ways that human perception doesn't notice, yet alters the watermark basis, like FFT data, enough to make it impossible to detect. There's plenty of research going on in making transforms that are invariant to such modifications (log polar Fourier is well known, but not very practical because of severe aliasing). The second is the collusion attack: take a thousand pictures and average them all into one. In the "best" case, there will be a thousand watermarks; in the worst, they cancel each other out (partially or entirely).
My hunch is that the former can be got around with enough work, but the latter, not so much. Still, watermarks seem much more practical than traditional DRM, simply because watermarks don't try to make water not wet (bits uncopyable). Also, even if watermarks end up broken, one could use them for benign purposes: imagine metadata that stays in the picture no matter if it's PNG or JPG, and can be read even after printing out and scanning back in.
They'll just count the number of times a disembodied voice says "Weather control device activated!".
With proportional representation the party leaders choose who represent you and you have no way to say no to a scummy person. Also independents effectively cannot be elected.
For STV (like BC-STV, the BC method that was unfortunately defeated), that's absolutely not true. A voter can rank the candidates in his desired order. If a party fields a scummy person, you could choose to just not rank that person (effectively ranking him last), and if enough voters do that, then that person won't be elected, no matter the wishes of the party. The same thing goes for independents: they can run as independents, and voters may rank an independent like any other candidate.
Let's consider two cases here. The first is where you transmit the photons over a secure channel so nobody can tamper with them. In that case, delaying versus not delaying doesn't grant any advantage, and you could just as well transmit the OTP classically (in that case, the secure channel being a courier or something).
That leaves the case where the channel is insecure. Doing the quantum transmission in one go falls to the man-in-the-middle attack I've detailed: I establish a computer in between, receive A's photons and send my own photons in its stead. I can't clone the photons, but I don't need to: I simply establish one OTP with A (A thinks he's sending that OTP to B), and another OTP with B (B thinks this is A's OTP), and transparently decrypt/encrypt what comes later.
Your countermeasure is to break the protocol into two steps. As far as I understand, you're saying that because the photons are sent ahead of time, you can't tinker with them because entanglement happens without a connection. But this too falls to the MITM attack. Say A sends a bunch of entangled photons to B, then waits a week, then sets their states according to the QC protocol. What I do, as a man in the middle, is to accept A's photons, send my own to B, and wait a week. When the second stage commences, I read off the states, just like B would do with A's photons, then set the states (using entanglement) of the photons I sent to B.
In order to know that I'm not B, you have to send something in advance, securely. The key doesn't have to be very long - password-authenticated key agreement methods work very well for this purpose, as they can't be cracked offline (usual caveats regarding quantum computers applying). The same holds for quantum crypto: you have to send at least some photons to B in such a way that you know they reach B and not myself. Quantum crypto detects if I'm fiddling with the photons themselves, but in the man-in-the-middle attack I've shown above, I'm not doing that. The photons that A sends to me, thinking I'm B, are never tinkered with except by the recipient (me). The photons I send to B, making B think I'm A, are never tinkered with except by the recipient (B) either.
I do understand quantum crypto, and I know that it is theoretically secure (that is, if the lasers only generate a single photon at a time, etc).
But say you have two black boxes. The first uses Diffie-Hellman to exchange a key for subsequent AES encryption; the second exchanges a one time pad using quantum cryptography. What's the advantage of the second? In a passive attack (snooping alone), the snooper can't break Diffie-Hellman. In an active attack (man-in-the-middle), quantum crypto fails as well: I just put a machine in the middle that acts as A to B and B to A, receive one pad from A and send a completely different one to B, and go on my merry way, transparently reencrypting anything passing through.
Hence, the only reason not to use Diffie-Hellman (or some other kind of exchange) is if public key encryption is rendered insecure, or if the symmetric crypto used after the hybrid stage is weak to the level that it can be guessed. Quantum computers can do the former, but we don't have them yet (serious decoherence problems), and in any event, it seems like it would be much cheaper to invent a public key crypto/key exchange algorithm that cannot be inverted in BQP, instead of making an entirely different network. As for the latter, good luck using academic breaks to guess AES keys.
If the quantum crypto black box exchanges AES keys instead of one-time pads, then the second reason disappears. All you're left with is that it's worth it to use quantum crypto if adversaries can break any key exchange algorithm you might otherwise use. To use a lot of money to build a network on the remote chance that someone somewhere might have a kilo-qubit quantum computer (or Janek's chip) seems... out of proportion to the actual risk.
As opposed to AES-128 or AES-192, both of which are permitted by the AES standard. Either of these are probably secure enough, but why not go for the full 256 bits?
... what's the point of this network? The weakness of current crypto isn't that someone will break it to decrypt in feasible time, but rather what happens outside of the crypto itself. No perfectly secure quantum network can stop worms or social engineering attacks, and as far as cryptographic algorithms themselves go, AES-256 and RSA-3072 is strong enough.
Now, if suddenly everybody had a quantum computer that could break RSA in polytime, there might be a point to this, but they don't, so there isn't - not that I can see.
As the Ukrainian behind Conficker, I think this is a really good idea. Go ahead! Make online voting, then I can sell votes on the black market in blocks of a thousand. Sure, the voter may think he votes for party X, but that's just a man in the middle - since I control the sucker's computer, I control what it shows on-screen, too.
As a partisan manager, I think this is a really good idea, too. Move voting online and I'll subtly hint to my employees to vote online, and from their work computers. Of course, I'll never blatantly threaten my workers, but the message I imply is clear: vote my way or you may find yourself passed up for promotion... or the next to go in a recession.
As an abusive husband or a mafia boss, I think this is even better of an idea. The wussies in paragraphs one and two can't use brute force. Well, I can! Vote my way, bitch!
As a black hat hacker, I enjoy the potential opportunities for employment^Wexploration. By its very nature, the online voting computers must be open to the internet. A zero-day later, and Vladimir Lenin wins the election... if I want to make a point. Otherwise, I'll just sell my "expertise" to the highest bidder. If nobody wants to buy, I'll crash the election for fun with a massive DDoS (note to self: contact the person in paragraph one).
(I'm sure you get the point by now.)
IP blocking (with loads and loads of IPs) is much more resource intensive than simple DNS spoofing -- that's why they didn't go straight to IP blocking in the first place. If DNSSEC forces them to go the more expensive route, that makes censorship even less appealing to the ISPs, and there are always proxies... if they try to put proxies on the IP list, welcome to the cat and mouse game.
Then they can merely manufacture their own keys. Granted, it requires knowledge of the private keys of a number of devices, but once that's done, game over. The paper also shows how to impersonate another device by only using its public key.
"The Abyss" in Episode 1. There's an alcove shooting shrink beam shots at you. If you cheat and fly to where the shots are coming from, then look at the wall, there's the message.
Some players disregard the UOP (User Operation Prohibition) flags, while others can be patched to do so.
It's too bad that DVD player companies collude against the user, but at least there's something that can be done!
Quick! Make a Redneck Ubuntu!
Why not just render the customizable icon in a single color - red, for instance? Then there's no way the malware authors can impersonate the folder icon accurately enough; they could only impersonate another autorun program, but never the built-in options (whose icons aren't subject to the color limitation).
doesn't that just mean a computer can also feed the correct data in, defeating it?
Unless P == NP, checking a solution can some times be a lot easier than actually generating a solution. Consider, for instance, a hash like SHA-1. The whole point of a secure cryptographic hash is that checking if a certain hash matches that corresponding to a document is very easy, but crafting a document that matches an already specified hash is very hard.
I'm pretty much perfetc.
Quod erat demonstrandum.
How about this: in the perfect world, music stores automatically use album Replay Gain on the tracks they sell. Now the loudness war is pointless because compressing only gets pushed back down by the external normalization process (yet since it's external - like Replay Gain - there's no double compression loss of quality).
Of course, this would require music stores to actually give a damn. Perhaps it would be better to mandate Replay Gain type information in MP3 v3, OGG v2, whatever.