Probably what we should have done years ago. Start making DNS the PKI system that it always seemed aimed to become. Keeping PKI seperated from DNS, in seperate infrastructures like LDAP has never really made a lot of sense. Sure it works, but the value add of combining them should be worth enough to link them.
Some of us have been using DNS to get through some really draconian firewalls for ages. It was just a matter of time before we saw someone distribute files this way. What is unique is that they will be cached. This in and of itself is an amazing idea. DNS is well designed to cache for well defined amounts of time.
The load on large DNS servers can grow quickly. I wouldn't be surprised if we see a set of patches coming out for DNS servers to combat this. the question is can we find a TTL that reduces the abuse and still makes it useful.
My grandfather bought a number of punch card cabinets at garage sales a number of years ago. They are long wide drawers, two to a row. Great for throwing cards, hard drives, heatsinks, tubes full of old chips (I'm showing my age now).
They were desinged for offices and look rather nice. The newer ones (70's) have a funky handle. The older ones (30's and 40's) have an elegant antique look to them. The fact that they were used for Holorith cards is an added plus:-).
I voted in the State/county election in question Fairafx Virginia and I can tell you these things really troubled me.
We have been using a combination computer mechanical system for years which I felt very comfortable with. Yesterday we walked in to find the new "WinVote" machines. They offered no privacy and were actually slowing down peoples vote entry by quite a bit (I saw most people take over 10 minutes to vote compared to one or two I would normally see).
The officials were telling me about how one machine stopped working and couldn't be revived. The others they had apparently been able to reboot multiple times to keep going. They of course didn't know how the vote count was protected in these cases. I have a guess though.
Before each person votes, an official inserts a smart card. The application restarts, displays some statistics and proceeds to allow me to vote. My guess is that the results are copied to the smart cards. In that case the state of the machine isn't really in question so long as the tally increases as the voter voted.
What worries me is the use of smart cards. Now these tend to hold a handful of memory (8K to 64K in general), and can run some code internally. My question is, if a machine crashes then could it alter the contents of the smart card? A write only smart card would not have enough room for a busy polling location. A card where a count is updated would be vulnerable to coding or transfer errors.
Like the user who asks for a database when they need a filing cabinet, I think this may be an idea to early for its time.
I don't really understand what people are complaining about myself. I have been using one (Motion M1200 now M1300) for 10 months and love it. When I'm sitting at my desk it is using the keyboard mouse. Pick it up and use the pen. The pen takes a little getting used to but it really works for everything other then programming and command line (but you can use it for both of those with a little effort).
Once I combined mine with a small portable scanner I found the amount of paper clutter in my offices to go down to a bare minimum (almost made me look like a type A person:-).
I think people don't give it a fair try. It may be expectations, price or a combination of both. Any way you cut it though, this style unit does work for a number of people much better then a laptop.
From my experience, you may be the only one, or limited set, that leaves. It may be akward at the company for a little bit, but most bussinesses can survive lossing a service for a short while or having to route around it. The people that remain will get more stressed, and have to do more work.
For those that leave, you will be able to look for a better job. How successful you are at reaching this goal depends on you and the economy.
Overall, in most cases this is just an annoying form of bridge burning. Just look for the new job while keeping the old one and leave on good terms. There are people who some companies can not do with out, but that is the companies own fault for relying on "heroic effort" and they deserve to be punished.
Cursive serves little to no purpose. It increases the error rates of handwritten notes, and is slower then block lettering once you get good at the later. When people use cursive in a work setting it is unprofessional.
I've been using the Motion computing one (M1200) for almost six months now and for windows work it does everything I need (mail, documentation, some programming, some SysAdmin tasks). I still keep a linux workstation, but have been relying more and more on cygwin and a linux instance running in VMware on the tablet.
There are some points though that I would like to make in response to a whole lot of messages above.
1) The screen is 12" and 1024x768, but I regularly use the VGA port when at my desk to run dual desktops on a monitor running 1280x1024. With the tablet in portrait mode next to it it works very well.
2) The pen interface is more natural then a keyboard. You just start marking up documents, or jotting down notes. This doesn't replace the keyboard (not by a long shot for some tasks), but more accuratly it replaces paper.
3) These boxes have more then enough umpf for everything except your high end games. With the 1GHz Centrinos coming out I expect that even the games will be OK, but is that really a buying criteria for an office/work machine?
4) Having searching of handwritten notes is invaluable, and makes paper replacement not only viable but desirable.
Alright, given the price and specs they aren't for everyone, but neither is any other machine available. This product fits a large niche, and as the upgrade cycles occur in companies and governments I expect them to be adopted about at the rate PCs were in the mid 80's. That is nothing to sneeze at.
Pulse compression is a great technology, but it requires some circumstances that we don't have here. First, the spread codes for CDMA have a large number of bits compared to most systems used in radar. Second, the synchronization would be non trivial in this case, partly due to the wide spread. Third, the power is variable to enhance overall system performance.
If someone could tackle the sync problems with making a CDMA signal into a usable bistatic emitter, then there might be a low update (when you get a strong output signal), or short range application that works well.
To be very specific, it makes every mast into a Bistatic radar emitter. The tower emits the pulse thanks to GSM older design, and one or more reciever arrayed around receive the original signal and the bounces. So rather then allocate bandwidth, setup seperate emitters, and field it all over they are killing two bird with an existing stone.
This will see through some things, but not the way you think of it normally. You will get information indicating a "Large signal bounce", not the housewife at home. Although the low cost security, vehicle tracking, suspect finding (guns have a great cross section at these frequencies) applications are enormous.
Now the question is if they can make it work with CDMA. Possible, but probably not practical.
When I studied satellite communications in grad school, the comment was always that the life span was to long on most communications satellites, not to short. We were shown graph after graph that illustrated that by the time the damn things were half way through their life cycle, a better model was available that handled a lot more traffic, better quality, half the size/price, or whatever. So you had a precious GEO slot taken up by a bird that was obsolete, while your competitor has a new one about to launch.
These things probably only have two useful applicaitons, orbital repair (not repair in orbit, but of the orbit), and de orbiting something to salvage the GEO slot. Not to say that the technology isn't great on its own merits.
Re:Ok, but once I have the key...
on
CD Copy Stopper
·
· Score: 2
If these folks are at all competent, you won't be able to just keep a copy of the key, since most modern cryptosystems require the key to be hashed with a current timestamp, which means a visible instance of the key is only useful for a short time (like a second).
If the data was controlled somewhere other then on write once optical media I would agree. Mixing in a timestamp to decode this data is impossible, as the data is static with respect to time. Encrypting the data to give to Alice only prevents her from looking at the data when she doesn't have the key. Since this key can't change, she always has access to the data.
Now you could use this to prevent people from accessing data until a said point (like a release date for add on features, or an extra game level unless you have some token).
Re:Ok, but once I have the key...
on
CD Copy Stopper
·
· Score: 2
It would be a real neat trick to make a rolling session key for data encoded on an optical disk. They could persumably have multiple keys for any chunk of data, but once you have a working key, there is no way of revoking it in this case.
It boils down to, if you give someone read only media, and a way to access it, then all the encryption in the world can not prevent them from accessing the same data into the future. You must control one of the aspects of the data or access methodology to retain this level of control.
Ok, but once I have the key...
on
CD Copy Stopper
·
· Score: 2
Ok, they encrypt the data on the CD. Ok, I have to get the key from the smart card with the optical interface (really a cool bit of technology if you think about it). Ok, then I can unencrypt the CD. Now explain to me why I can't just keep this key, or even the unencrypted data around?
If you are trying to protect an application (say a game), then I could see it require the use of the smart card, but it doesn't seem like it would be to hard to write a device driver wrapper around the CD-ROM driver that exists that will emulate this.
Overall, very cool technology. In this instance it seems like it will do little more then keep honest people honest. Is that really of value to any publisher?
I'm quite aware of that page. I work about 20' from the author:-).
I'd argue that there is no effective commercial one-time pad, only products that approach it. There have been a number of companies releasing similiar press releases about OTPs for some time, but each time the generation method has resulted in it not being an OTP. Most of the time it has also been substantially worse then most existing algorithms.
I hate to admit to it, but I think you are probably far more accurate on that then I was. Especially the way the press eats up the actions outlined in your last paragraph. I guess you really can't go broke underestimating the American public.
There seems to be a company claiming to exceed, go around, obliterate Shannon every few years. In the early 90's there was a company called Web (before the WWW was really around by a year or so). They made claims of compressing any data, even data that had already been compressed. It is a sad story that you should be able to find in either the sci.compression FAQ or the renewed deja archives. It basically boils down to as they got closer to market, they found some problems... you can guess the rest.
This isn't limited to the field of compression of course. There are people that come up with "unbreakable" encryption, infinite gain amplifier (is that gain in V and I?), and all sorts of perpetual motion machines. The sad fact is that compression and encryption are not well understood enough for these ideas to be killed before a company is started or stacked on the claims.
of a CS degree, congratulations. As anyone will tell you though, a veneer needs a solid backing to stand on it own. What the backing consists of is the liberal arts (well roundedness), fundamental mathematics (Calculs, Matrix, Discrete, and stat), and exposure to the science and engineering side of the business (logic circuit design, followed by computer architecture).
Even if you have read through many of the senior level texts, you probably didn't fully absorb the subject material without the fundamentals. It is amazing to re address a subject when you have a better grasp of the fundamentals. The subject looks so much clearer.
Now that doesn't mean you can't have a rewarding career as a programmer. Many of your co workers will not have fully grasped the subject material on their degrees, thus putting you on a equal footing. When it comes time for promotions, or finding a new job though you will be much better off with the degree.
I think you are correct, but the complexity of NP-complete problems I believe set the upper bound of complexity for PK algorithms based on factoring and discrete logs.
No we wouldn't see the whole crypto world come smashing down around us, but a large portion of it. All of the Public Key crypto would be reduced from an assumed set of hard problems to a set of simple ones. No more digital signatures, or communications without pre shared secrets. Although any system using just symmetric ciphers would be immune from this reduction in work effort.
Even if a timly NP complete solution is not found, PK based on factoring or discrete logarithms might get broken by other discoveries. For that reason I'm always watching the emergence of new PK systems such as FAPKC and some of the lattice based codes.
Most of these wireless solutions bandy about large bandwidth numbers, but never give break downs of actual usage scenarios. I imagine that this is the bandwidth in a cell or for optimal loading scenarios. If so, then I can see only getting old modem speeds in the average cell in a metropolitian area.
Shared bandwidth maybe effecient for the carrier, but it can really bite for the user.
Only public key algorithms suffer from that level of security degradation due to QC. Factoring of a number on the order of 2^n, becomes about n operations on n qubits. Symmetric ciphers (such as blowfish, DES, Twofish, RC5, AES, etc...) only have a reduction in the keyspace needed to search. So if you have a 2^n key, you will have to search 2^(n/2) keys. While there may be a way of QC reducing this further, no current theory lends it's self to this.
Of course what will it matter when there is a backdoor, and the only security is an Oracle agent smart card issued by the government?
I was also thinking a replicated database may be a partial answer, but not at airports. Think about it. You would need all possible records there, otherwise you would be going back to some central repository. While a local PD would have a fairly high cache hit by a partial replication, an airport will not.
So how much data will a replication need? Well, a fingerprint characteristic is at minimum 4K, but to make it more accurate across varying conditions it will probably have to be bigger. Throw in a photo, and we are well into 10K+/person. With 300 Million we are probably talking around 3 TBytes.
While I've worked with larger datasets, but I don't think this is something you can just plop into any old IT shop in the near term. I also feel this about where Oracle really starts to stop scaling linearly.
No one has even discussed the bandwidth or DB horsepower to support real time identity checks yet either. Certain data will need to be real time. Warrant's for arrest is one thing. Also queries will need to be real time, otherwise the DB serves no purpose to the people in the field.
To be perfectly honest, Oracle does not scale well into that range of database. We are talking about 300 million people now, and it will grow to 500 million soon enough. That's the minimum number of records (it'll be much higher when other tables and relations are formed). So there are billions of records (maybe trillions within a few years of use as we would need audit trails on something like this), and the number of transactions it would need to support per second would be astounding. How many people are pulled over for just traffic offenses every second? Let us not forget reports, data mining (why else would you use a database rather than just a set of cards?), and other quesries.
Sorry, I don't think Oracle is upto the task of being Big Brother's best clerk.
Slashdot Mirror
Probably what we should have done years ago. Start making DNS the PKI system that it always seemed aimed to become. Keeping PKI seperated from DNS, in seperate infrastructures like LDAP has never really made a lot of sense. Sure it works, but the value add of combining them should be worth enough to link them.
Some of us have been using DNS to get through some really draconian firewalls for ages. It was just a matter of time before we saw someone distribute files this way. What is unique is that they will be cached. This in and of itself is an amazing idea. DNS is well designed to cache for well defined amounts of time.
The load on large DNS servers can grow quickly. I wouldn't be surprised if we see a set of patches coming out for DNS servers to combat this. the question is can we find a TTL that reduces the abuse and still makes it useful.
My grandfather bought a number of punch card cabinets at garage sales a number of years ago. They are long wide drawers, two to a row. Great for throwing cards, hard drives, heatsinks, tubes full of old chips (I'm showing my age now). :-).
They were desinged for offices and look rather nice. The newer ones (70's) have a funky handle. The older ones (30's and 40's) have an elegant antique look to them. The fact that they were used for Holorith cards is an added plus
I voted in the State/county election in question Fairafx Virginia and I can tell you these things really troubled me.
We have been using a combination computer mechanical system for years which I felt very comfortable with. Yesterday we walked in to find the new "WinVote" machines. They offered no privacy and were actually slowing down peoples vote entry by quite a bit (I saw most people take over 10 minutes to vote compared to one or two I would normally see).
The officials were telling me about how one machine stopped working and couldn't be revived. The others they had apparently been able to reboot multiple times to keep going. They of course didn't know how the vote count was protected in these cases. I have a guess though.
Before each person votes, an official inserts a smart card. The application restarts, displays some statistics and proceeds to allow me to vote. My guess is that the results are copied to the smart cards. In that case the state of the machine isn't really in question so long as the tally increases as the voter voted.
What worries me is the use of smart cards. Now these tend to hold a handful of memory (8K to 64K in general), and can run some code internally. My question is, if a machine crashes then could it alter the contents of the smart card? A write only smart card would not have enough room for a busy polling location. A card where a count is updated would be vulnerable to coding or transfer errors.
Like the user who asks for a database when they need a filing cabinet, I think this may be an idea to early for its time.
I don't really understand what people are complaining about myself. I have been using one (Motion M1200 now M1300) for 10 months and love it. When I'm sitting at my desk it is using the keyboard mouse. Pick it up and use the pen. The pen takes a little getting used to but it really works for everything other then programming and command line (but you can use it for both of those with a little effort).
:-).
Once I combined mine with a small portable scanner I found the amount of paper clutter in my offices to go down to a bare minimum (almost made me look like a type A person
I think people don't give it a fair try. It may be expectations, price or a combination of both. Any way you cut it though, this style unit does work for a number of people much better then a laptop.
From my experience, you may be the only one, or limited set, that leaves. It may be akward at the company for a little bit, but most bussinesses can survive lossing a service for a short while or having to route around it. The people that remain will get more stressed, and have to do more work.
For those that leave, you will be able to look for a better job. How successful you are at reaching this goal depends on you and the economy.
Overall, in most cases this is just an annoying form of bridge burning. Just look for the new job while keeping the old one and leave on good terms. There are people who some companies can not do with out, but that is the companies own fault for relying on "heroic effort" and they deserve to be punished.
Cursive serves little to no purpose. It increases the error rates of handwritten notes, and is slower then block lettering once you get good at the later.
When people use cursive in a work setting it is unprofessional.
I've been using the Motion computing one (M1200) for almost six months now and for windows work it does everything I need (mail, documentation, some programming, some SysAdmin tasks). I still keep a linux workstation, but have been relying more and more on cygwin and a linux instance running in VMware on the tablet.
There are some points though that I would like to make in response to a whole lot of messages above.
1) The screen is 12" and 1024x768, but I regularly use the VGA port when at my desk to run dual desktops on a monitor running 1280x1024. With the tablet in portrait mode next to it it works very well.
2) The pen interface is more natural then a keyboard. You just start marking up documents, or jotting down notes. This doesn't replace the keyboard (not by a long shot for some tasks), but more accuratly it replaces paper.
3) These boxes have more then enough umpf for everything except your high end games. With the 1GHz Centrinos coming out I expect that even the games will be OK, but is that really a buying criteria for an office/work machine?
4) Having searching of handwritten notes is invaluable, and makes paper replacement not only viable but desirable.
Alright, given the price and specs they aren't for everyone, but neither is any other machine available. This product fits a large niche, and as the upgrade cycles occur in companies and governments I expect them to be adopted about at the rate PCs were in the mid 80's. That is nothing to sneeze at.
Pulse compression is a great technology, but it requires some circumstances that we don't have here. First, the spread codes for CDMA have a large number of bits compared to most systems used in radar. Second, the synchronization would be non trivial in this case, partly due to the wide spread. Third, the power is variable to enhance overall system performance.
If someone could tackle the sync problems with making a CDMA signal into a usable bistatic emitter, then there might be a low update (when you get a strong output signal), or short range application that works well.
To be very specific, it makes every mast into a Bistatic radar emitter. The tower emits the pulse thanks to GSM older design, and one or more reciever arrayed around receive the original signal and the bounces. So rather then allocate bandwidth, setup seperate emitters, and field it all over they are killing two bird with an existing stone.
This will see through some things, but not the way you think of it normally. You will get information indicating a "Large signal bounce", not the housewife at home. Although the low cost security, vehicle tracking, suspect finding (guns have a great cross section at these frequencies) applications are enormous.
Now the question is if they can make it work with CDMA. Possible, but probably not practical.
When I studied satellite communications in grad school, the comment was always that the life span was to long on most communications satellites, not to short. We were shown graph after graph that illustrated that by the time the damn things were half way through their life cycle, a better model was available that handled a lot more traffic, better quality, half the size/price, or whatever. So you had a precious GEO slot taken up by a bird that was obsolete, while your competitor has a new one about to launch.
These things probably only have two useful applicaitons, orbital repair (not repair in orbit, but of the orbit), and de orbiting something to salvage the GEO slot. Not to say that the technology isn't great on its own merits.
If these folks are at all competent, you won't be able to just keep a copy of the key, since most modern cryptosystems require the key to be hashed with a current timestamp, which means a visible instance of the key is only useful for a short time (like a second).
If the data was controlled somewhere other then on write once optical media I would agree. Mixing in a timestamp to decode this data is impossible, as the data is static with respect to time. Encrypting the data to give to Alice only prevents her from looking at the data when she doesn't have the key. Since this key can't change, she always has access to the data.
Now you could use this to prevent people from accessing data until a said point (like a release date for add on features, or an extra game level unless you have some token).
It would be a real neat trick to make a rolling session key for data encoded on an optical disk. They could persumably have multiple keys for any chunk of data, but once you have a working key, there is no way of revoking it in this case.
It boils down to, if you give someone read only media, and a way to access it, then all the encryption in the world can not prevent them from accessing the same data into the future. You must control one of the aspects of the data or access methodology to retain this level of control.
Ok, they encrypt the data on the CD. Ok, I have to get the key from the smart card with the optical interface (really a cool bit of technology if you think about it). Ok, then I can unencrypt the CD. Now explain to me why I can't just keep this key, or even the unencrypted data around?
If you are trying to protect an application (say a game), then I could see it require the use of the smart card, but it doesn't seem like it would be to hard to write a device driver wrapper around the CD-ROM driver that exists that will emulate this.
Overall, very cool technology. In this instance it seems like it will do little more then keep honest people honest. Is that really of value to any publisher?
I'm quite aware of that page. I work about 20' from the author :-).
I'd argue that there is no effective commercial one-time pad, only products that approach it. There have been a number of companies releasing similiar press releases about OTPs for some time, but each time the generation method has resulted in it not being an OTP. Most of the time it has also been substantially worse then most existing algorithms.
I hate to admit to it, but I think you are probably far more accurate on that then I was. Especially the way the press eats up the actions outlined in your last paragraph. I guess you really can't go broke underestimating the American public.
There seems to be a company claiming to exceed, go around, obliterate Shannon every few years. In the early 90's there was a company called Web (before the WWW was really around by a year or so). They made claims of compressing any data, even data that had already been compressed. It is a sad story that you should be able to find in either the sci.compression FAQ or the renewed deja archives. It basically boils down to as they got closer to market, they found some problems... you can guess the rest.
This isn't limited to the field of compression of course. There are people that come up with "unbreakable" encryption, infinite gain amplifier (is that gain in V and I?), and all sorts of perpetual motion machines. The sad fact is that compression and encryption are not well understood enough for these ideas to be killed before a company is started or stacked on the claims.
of a CS degree, congratulations. As anyone will tell you though, a veneer needs a solid backing to stand on it own. What the backing consists of is the liberal arts (well roundedness), fundamental mathematics (Calculs, Matrix, Discrete, and stat), and exposure to the science and engineering side of the business (logic circuit design, followed by computer architecture).
Even if you have read through many of the senior level texts, you probably didn't fully absorb the subject material without the fundamentals. It is amazing to re address a subject when you have a better grasp of the fundamentals. The subject looks so much clearer.
Now that doesn't mean you can't have a rewarding career as a programmer. Many of your co workers will not have fully grasped the subject material on their degrees, thus putting you on a equal footing. When it comes time for promotions, or finding a new job though you will be much better off with the degree.
I think you are correct, but the complexity of NP-complete problems I believe set the upper bound of complexity for PK algorithms based on factoring and discrete logs.
No we wouldn't see the whole crypto world come smashing down around us, but a large portion of it. All of the Public Key crypto would be reduced from an assumed set of hard problems to a set of simple ones. No more digital signatures, or communications without pre shared secrets. Although any system using just symmetric ciphers would be immune from this reduction in work effort.
Even if a timly NP complete solution is not found, PK based on factoring or discrete logarithms might get broken by other discoveries. For that reason I'm always watching the emergence of new PK systems such as FAPKC and some of the lattice based codes.
Most of these wireless solutions bandy about large bandwidth numbers, but never give break downs of actual usage scenarios. I imagine that this is the bandwidth in a cell or for optimal loading scenarios. If so, then I can see only getting old modem speeds in the average cell in a metropolitian area.
Shared bandwidth maybe effecient for the carrier, but it can really bite for the user.
Only public key algorithms suffer from that level of security degradation due to QC. Factoring of a number on the order of 2^n, becomes about n operations on n qubits. Symmetric ciphers (such as blowfish, DES, Twofish, RC5, AES, etc...) only have a reduction in the keyspace needed to search. So if you have a 2^n key, you will have to search 2^(n/2) keys. While there may be a way of QC reducing this further, no current theory lends it's self to this.
Of course what will it matter when there is a backdoor, and the only security is an Oracle agent smart card issued by the government?
I was also thinking a replicated database may be a partial answer, but not at airports. Think about it. You would need all possible records there, otherwise you would be going back to some central repository. While a local PD would have a fairly high cache hit by a partial replication, an airport will not.
So how much data will a replication need? Well, a fingerprint characteristic is at minimum 4K, but to make it more accurate across varying conditions it will probably have to be bigger. Throw in a photo, and we are well into 10K+/person. With 300 Million we are probably talking around 3 TBytes.
While I've worked with larger datasets, but I don't think this is something you can just plop into any old IT shop in the near term. I also feel this about where Oracle really starts to stop scaling linearly.
No one has even discussed the bandwidth or DB horsepower to support real time identity checks yet either. Certain data will need to be real time. Warrant's for arrest is one thing. Also queries will need to be real time, otherwise the DB serves no purpose to the people in the field.
You must seriously want this to fail :-).
To be perfectly honest, Oracle does not scale well into that range of database. We are talking about 300 million people now, and it will grow to 500 million soon enough. That's the minimum number of records (it'll be much higher when other tables and relations are formed). So there are billions of records (maybe trillions within a few years of use as we would need audit trails on something like this), and the number of transactions it would need to support per second would be astounding. How many people are pulled over for just traffic offenses every second? Let us not forget reports, data mining (why else would you use a database rather than just a set of cards?), and other quesries.
Sorry, I don't think Oracle is upto the task of being Big Brother's best clerk.