I think that that's all quite correct; however, the real issue is that no government is at all likely to attempt an attack on the U.S.. Deterrents don't work because there is nobody to retaliate against if you're not attacked by a country but by a group operating out of different countries. The safety of the U.S. doesn't lie in protecting against missiles because the group that would try to attack don't have the resources to launch them. The real strategy for safety is to reduce the arsenals of former Soviet nations that have a habit of misplacing warheads and to keep a close eye on container ships. The trouble with anti-missile systems is that the only threats that they protect against are the former Soviet Union and perhaps China; which simply aren't going to go to war with the U.S..
Slashdot needs a dedicated forum where the same old debates can be rehashed at length. Especially ones that fall into the category of false dichotomies. I propose a forum with threads for each common point of contention. They would be deleted once every two days to allow the same old arguments to be rehashed by the same people until the end of time.
I was basing my description on the BB84 cryptographic protocol. That protocol does not use an entangling source, rather it sends single q-bits along a quantum channel to be detected by Bob. I interpreted a man-in-the-middle attack to be an intercept-resend attack in that channel. So:
Ideal: Alice --------> Bob
MITM: Alice ------> detect - read - resend ------> Bob
If the channel is noise-free, the detectors are ideal and the states are prepared perfectly, this is theoretically secure against if error rates are lower than 20%. The article exploits imperfectly prepared states in a first-generation commercial system to gain full access to information using an elaborate intercept resend attack.
A system that uses entangled sources is employed to boost transmission distances by sending entangled pairs to Alice and Bob from a central source, thus reducing distances:
Alice ------- Pair Source -------> Bob
In simple schemes, the source has to be trusted because it is vulnerable to MITM attacks; however, the scheme can be secured using more elaborate techniques. For example, if Alice and Bob each generate an entangled pair and send one side of those pairs to a central location, then no party at that location can break into the information. This is called entanglement swapping.
The system developed by Id Quantique is a very simplistic implementation of the BB84 protocol using time-bin encoded q-bits. It uses no entangled pairs, just a source at Alice and a detector at Bob. It uses imperfect sources, detectors and channels and is in no way theoretically secure against all attacks.
I once attended a presentation made by an Id Quantique representative to a room of experts (among them was Brassard, one of the "B"s of the BB84 protocol). The representative made a list of what was needed to build a quantum cryptography system. It included: books on TCP/IP protocols, Linux driver manuals and fiber optic cable. Absent was a source of quantum light (they use weak lasers, not true quantum sources), or a text on quantum optics.
The point was that the commercial systems are not attempting to implement the elaborate privacy-increasing techniques that are being thought out by the academics in quantum information. They are simple, first-generation devices that aren't trying to keep up with attacks devised by the academic community.
Quantum cryptography absolutely can be theoretically secure if proper sources and detectors are used. Such sources are difficult to build and are very expensive at the moment but much effort is being directed towards that goal. The other side of the coin is that much effort is going into determining exactly what attacks can be leveled against particular imperfections in equipment and how those attacks can be countered.
Quantum cryptography really isn't being proposed as a practical solution right now (hush, don't tell Id Quantique) but what's fun about it is that it's theoretically secure. If the person whose wrist your briefcase of disks is handcuffed to is bought out, you'd never know it and your enemies just gained access to all your secure communications. Two to four decades from now quantum cryptography might be practically competitive with carrying disks around, but for now, it's just for fun.
True hope is that those millions will turn to adults and vote for change. Reality is that as they turn to adults, they will have different issues than free music or movies.
Most voters want better roads, better health care, a cleaner environment, cheaper cars and lower taxes. Demanding legal file-sharing and better quality content seems right in line with that.
Ah, 75% accuracy I suppose. 50% of the data is would be retransmitted correctly, 50% would be random so 75% of the bits would end up appearing correct.
It's not the questioning of conclusions that I disagree with. Scientists love informed debate, but don't appreciate being called "morons." Anyone with the insight about the discipline to make a shrewd observation about the correctness of the work would recognize that the people involved are not morons.
It's important to keep an open mind, but the vast, vast majority of "OMG, how can you sheeple be so stupid?" posts about quantum physics can be safely ignored without any loss to the body of knowledge.
I happen to have have read a number of such papers because it is related to the field that I work in and I have some idea of what is involved in determining bounds on error rates. They are absolutely proofs in the very strictest sense of the word. They state up-front what the assumptions are and derive rigorous proofs within the conditions that were laid out.
The mathematical premises are completely sound. The only question is what physical system the assumptions used to arrive at those premises apply to. The idealized system is clearly laid out in the paper and can be assessed for how applicable it is to a given physical system. To say that the premises are unsound because the simplifying assumptions may not apply to real systems is to reject any mathematical analysis of the physical world.
You are confusing the ideas of a premise in mathematics and an assumption in physics. What has been done is the different between a correct analysis of an idealized system. What you claim is that an incorrect analysis of a realistic model has occurred, which is incorrect.
Those "morons" have doctorates in math and physics. What do you have?
The idea is that if you can account for all known systemic noise sources then anything left will be from the attacker. The proofs set bounds for what error thresholds rule out the possibility of an attacker under given, known sources of noise in the system. The proofs are not wrong, they were simply done using particular sets of assumptions. If those assumptions are not applicable to a particular system, then obviously those calculations wouldn't be used.
It astounds me that people think they know better than an entire discipline and even more so that they get modded up for doing it. But then again...it is the internet.
No it isn't. It's impossible to do it with better than 50% accuracy, which will make the man-in-the-middle very, very detectable. None of the useful information is ever sent using quantum bits, it's only one-time-pad style key. If a man-in-the-middle is detected, the key is not used and no secure information is breached. I mentioned it in an above post, but the best that a "hacker" could ever do is get a few random bits of information out of every hundred, even with this attack. That isn't enough information about the key to extract any information about the message.
Alice and Bob compare measurement results before send the message. There is theoretically no way to intercept and resend bits or eavesdrop without introducing errors.
It's hardly fundamentally flawed. Even if the eavesdropper knows the error threshold and can intercept a few bits without detection thanks to errors in the system, the information gain is very minimal. You might be able to get a few percent of the transmitted bits in a key. Three out of every hundred bits in a one-time pad isn't going to break the encryption. The parties can always XOR some bits until the information that an eavesdropper could extract is negligible.
If I have an idea I can choose whether or not I share it. If I choose to share it with another individual, we can form an agreement that the other individual will not share it further. If we accept that legally binding agreements can exist, such an arrangement can exist and be legally binding. I see no reason to exclude ideas from such agreements. Unless the law explicitly forbids contractual agreements with respect to ideas, then the ownership of ideas exists by default due to the freedom of choice of person who had the idea. The right to expect contracts to be fulfilled guarantees ownership of ideas.
Copyright generalizes these agreements to avoid explicit contracts for each copy but the fundamental principle remains the same. I believe that the law should provide a reasonable expectation that contracts be fulfilled and otherwise be as permissive as possible. Explicitly prohibiting contracts on intellectual property is more restrictive than necessary and is not constructive.
An opinion that seems very prolific on Slashdot is that consumers have a right to consume anything that has been created. They don't. The right to consume is not recognized by law, nor should it be. If a company doesn't want to sell you something under reasonable terms, tough shit. It's their loss as much as it is yours but it doesn't change the legal or moral standing of the interaction.
A justification that I see fairly often is that if someone couldn't possibly buy a product then piracy of that product is ethically neutral because you can't be causing a loss of sales. I disagree with that because it is still a violation of the right that the copyright owner has to control the distribution of copies; however, I think that that argument is much less central to the issue of piracy than the perceived "right to consume" that does not exist.
I know that much of Slashdot thinks that such a right should exist and I ask of you: why should such a right exist? Why should a right to consume trump a right to control the distribution of your ideas. Personally, I respect the right of creators to own their ideas more than I respect the right to consume because I respect creators more than consumers. It takes ingenuity to create but none to consume and I think that the "right to consume" culture is a by-product of having too few creators in our culture.
One of the most important aspects of friendship is trust. A friend is not defined by by clicking the "friend" button on a website, a friend is someone that you share a bond of mutual understanding and respect with. Friends have always had privileged access to embarrassing information, stories and photos because they're the people that you trust information like that with and sharing it strengthens those bonds.
Facebook doesn't change the nature of friendship, it just provides new ways of communicating. Providing people that you don't trust with information about your personal life is a poor idea, as it has always been. "Friending" someone changes the access that that person has to your personal information and such access should be granted on the basis of trust and respect. People need to be aware of the access privileges that they provide to different groups of peers. Facebook is a useful tool and can be almost a necessity for remaining in touch, but nobody is forcing you to change who you trust your information with.
One thing that I think would be a good idea for Facebook to implement would be rule-based access privileges for different groups that you can define. The groups shouldn't be visible to anyone other than yourself, of course; the last thing you'd need would be for "friends" to see that they weren't "good friends."
I think the attack relied on an attack computer being connected to the diagnostic port of the car's computer during the drive. Even if it was small, it would be trivial to detect in an inspection. I don't think the issue of re-programming the cars software was discussed in the article.
You could sell the patent or license it. Both cases produce a clear path from the patent to a product and reward the inventor. The only thing that would be ruled out is doing nothing for five years then popping up and demanding payment when a company produces something that tangentially relates to your patent.
Obviously licensing use of the patent would be considered using it. Patent sales would be fine, the purchaser of the patent would simply have to produce something with it or license it to a third party. As I said, there would have to be clear path from the patent to a product that employs it but the path doesn't have to be a single link.
As for the first concern, I think it would be easy to discriminate between cases where a company was selling token products to try to validate the patent artificially and a company that incorporated selling those products into its business model. That would be a matter for litigation, but wouldn't be any more gray than prior art, originality or utility. The clause would apply to companies that tried to use litigation as the primary revenue source and not production.
As for the second concern, the patent would remain valid as long as either the holder or a licensee was producing a product using the patent.
As for your comment "When was the last time you heard a positive patent story?," my answer would be: every time I use a product that incorporates clever engineering into its design. The brilliant engineers of the world are paid because they have good, unique ideas that can produce useful things. The patent stories that come up on/. are the cases where the current patent laws are inappropriate to the spirit of upholding intellectual property. All the time I marvel at innovative things that I see around me and I think "damn that's clever, I never would have thought of doing that way." Every time I do that I gain a tremendous respect for the person that came up with it and I appreciate that the product that I'm using is the fruit of their ingenuity. The argument has been hashed out too many times on/. and I'm not interested in an argument, but I wanted to point out that I see positive patent stories all around me because I respect the thought that went into building the things that I use. ("One-Click Purchasing" is not one of those things.)
It seems to me that a requirement for maintaining a valid patent should be that you must be producing something that uses it or actively developing something that uses it. It's a simple notion, in following with the principles of patents, that would neatly eliminate patent trolling and patenting just to block competitors. It would likely lighten the work load of the patent office as well, since broad patents for that purpose would be useless. I'm a strong supporter of patents and intellectual property but I think that there needs to be a clear path from initial innovation to a specific product or set of products in order for a patent to be considered enforceable.
Slashdot Mirror
[citation needed]
I think that that's all quite correct; however, the real issue is that no government is at all likely to attempt an attack on the U.S.. Deterrents don't work because there is nobody to retaliate against if you're not attacked by a country but by a group operating out of different countries. The safety of the U.S. doesn't lie in protecting against missiles because the group that would try to attack don't have the resources to launch them. The real strategy for safety is to reduce the arsenals of former Soviet nations that have a habit of misplacing warheads and to keep a close eye on container ships. The trouble with anti-missile systems is that the only threats that they protect against are the former Soviet Union and perhaps China; which simply aren't going to go to war with the U.S..
Slashdot needs a dedicated forum where the same old debates can be rehashed at length. Especially ones that fall into the category of false dichotomies. I propose a forum with threads for each common point of contention. They would be deleted once every two days to allow the same old arguments to be rehashed by the same people until the end of time.
Here's the great thing about open-source software: you can fix the bugs yourself.
I was basing my description on the BB84 cryptographic protocol. That protocol does not use an entangling source, rather it sends single q-bits along a quantum channel to be detected by Bob. I interpreted a man-in-the-middle attack to be an intercept-resend attack in that channel. So:
Ideal: Alice --------> Bob
MITM: Alice ------> detect - read - resend ------> Bob
If the channel is noise-free, the detectors are ideal and the states are prepared perfectly, this is theoretically secure against if error rates are lower than 20%. The article exploits imperfectly prepared states in a first-generation commercial system to gain full access to information using an elaborate intercept resend attack.
A system that uses entangled sources is employed to boost transmission distances by sending entangled pairs to Alice and Bob from a central source, thus reducing distances:
Alice ------- Pair Source -------> Bob
In simple schemes, the source has to be trusted because it is vulnerable to MITM attacks; however, the scheme can be secured using more elaborate techniques. For example, if Alice and Bob each generate an entangled pair and send one side of those pairs to a central location, then no party at that location can break into the information. This is called entanglement swapping.
The system developed by Id Quantique is a very simplistic implementation of the BB84 protocol using time-bin encoded q-bits. It uses no entangled pairs, just a source at Alice and a detector at Bob. It uses imperfect sources, detectors and channels and is in no way theoretically secure against all attacks.
I once attended a presentation made by an Id Quantique representative to a room of experts (among them was Brassard, one of the "B"s of the BB84 protocol). The representative made a list of what was needed to build a quantum cryptography system. It included: books on TCP/IP protocols, Linux driver manuals and fiber optic cable. Absent was a source of quantum light (they use weak lasers, not true quantum sources), or a text on quantum optics.
The point was that the commercial systems are not attempting to implement the elaborate privacy-increasing techniques that are being thought out by the academics in quantum information. They are simple, first-generation devices that aren't trying to keep up with attacks devised by the academic community.
Quantum cryptography absolutely can be theoretically secure if proper sources and detectors are used. Such sources are difficult to build and are very expensive at the moment but much effort is being directed towards that goal. The other side of the coin is that much effort is going into determining exactly what attacks can be leveled against particular imperfections in equipment and how those attacks can be countered.
Quantum cryptography really isn't being proposed as a practical solution right now (hush, don't tell Id Quantique) but what's fun about it is that it's theoretically secure. If the person whose wrist your briefcase of disks is handcuffed to is bought out, you'd never know it and your enemies just gained access to all your secure communications. Two to four decades from now quantum cryptography might be practically competitive with carrying disks around, but for now, it's just for fun.
True hope is that those millions will turn to adults and vote for change. Reality is that as they turn to adults, they will have different issues than free music or movies.
Most voters want better roads, better health care, a cleaner environment, cheaper cars and lower taxes. Demanding legal file-sharing and better quality content seems right in line with that.
Ah, 75% accuracy I suppose. 50% of the data is would be retransmitted correctly, 50% would be random so 75% of the bits would end up appearing correct.
It's not the questioning of conclusions that I disagree with. Scientists love informed debate, but don't appreciate being called "morons." Anyone with the insight about the discipline to make a shrewd observation about the correctness of the work would recognize that the people involved are not morons.
It's important to keep an open mind, but the vast, vast majority of "OMG, how can you sheeple be so stupid?" posts about quantum physics can be safely ignored without any loss to the body of knowledge.
I happen to have have read a number of such papers because it is related to the field that I work in and I have some idea of what is involved in determining bounds on error rates. They are absolutely proofs in the very strictest sense of the word. They state up-front what the assumptions are and derive rigorous proofs within the conditions that were laid out.
The mathematical premises are completely sound. The only question is what physical system the assumptions used to arrive at those premises apply to. The idealized system is clearly laid out in the paper and can be assessed for how applicable it is to a given physical system. To say that the premises are unsound because the simplifying assumptions may not apply to real systems is to reject any mathematical analysis of the physical world.
You are confusing the ideas of a premise in mathematics and an assumption in physics. What has been done is the different between a correct analysis of an idealized system. What you claim is that an incorrect analysis of a realistic model has occurred, which is incorrect.
Oh wow, I'll have to grab a hold of the publication. That is impressive.
But at what dark-count rate? There are always trade-offs.
Those "morons" have doctorates in math and physics. What do you have?
The idea is that if you can account for all known systemic noise sources then anything left will be from the attacker. The proofs set bounds for what error thresholds rule out the possibility of an attacker under given, known sources of noise in the system. The proofs are not wrong, they were simply done using particular sets of assumptions. If those assumptions are not applicable to a particular system, then obviously those calculations wouldn't be used.
It astounds me that people think they know better than an entire discipline and even more so that they get modded up for doing it. But then again...it is the internet.
Sending out the spoofed message is trivial.
No it isn't. It's impossible to do it with better than 50% accuracy, which will make the man-in-the-middle very, very detectable. None of the useful information is ever sent using quantum bits, it's only one-time-pad style key. If a man-in-the-middle is detected, the key is not used and no secure information is breached. I mentioned it in an above post, but the best that a "hacker" could ever do is get a few random bits of information out of every hundred, even with this attack. That isn't enough information about the key to extract any information about the message.
Alice and Bob compare measurement results before send the message. There is theoretically no way to intercept and resend bits or eavesdrop without introducing errors.
It's hardly fundamentally flawed. Even if the eavesdropper knows the error threshold and can intercept a few bits without detection thanks to errors in the system, the information gain is very minimal. You might be able to get a few percent of the transmitted bits in a key. Three out of every hundred bits in a one-time pad isn't going to break the encryption. The parties can always XOR some bits until the information that an eavesdropper could extract is negligible.
If I have an idea I can choose whether or not I share it. If I choose to share it with another individual, we can form an agreement that the other individual will not share it further. If we accept that legally binding agreements can exist, such an arrangement can exist and be legally binding. I see no reason to exclude ideas from such agreements. Unless the law explicitly forbids contractual agreements with respect to ideas, then the ownership of ideas exists by default due to the freedom of choice of person who had the idea. The right to expect contracts to be fulfilled guarantees ownership of ideas.
Copyright generalizes these agreements to avoid explicit contracts for each copy but the fundamental principle remains the same. I believe that the law should provide a reasonable expectation that contracts be fulfilled and otherwise be as permissive as possible. Explicitly prohibiting contracts on intellectual property is more restrictive than necessary and is not constructive.
An opinion that seems very prolific on Slashdot is that consumers have a right to consume anything that has been created. They don't. The right to consume is not recognized by law, nor should it be. If a company doesn't want to sell you something under reasonable terms, tough shit. It's their loss as much as it is yours but it doesn't change the legal or moral standing of the interaction.
A justification that I see fairly often is that if someone couldn't possibly buy a product then piracy of that product is ethically neutral because you can't be causing a loss of sales. I disagree with that because it is still a violation of the right that the copyright owner has to control the distribution of copies; however, I think that that argument is much less central to the issue of piracy than the perceived "right to consume" that does not exist.
I know that much of Slashdot thinks that such a right should exist and I ask of you: why should such a right exist? Why should a right to consume trump a right to control the distribution of your ideas. Personally, I respect the right of creators to own their ideas more than I respect the right to consume because I respect creators more than consumers. It takes ingenuity to create but none to consume and I think that the "right to consume" culture is a by-product of having too few creators in our culture.
You're a good friend and I wish you all the best for the future.
One of the most important aspects of friendship is trust. A friend is not defined by by clicking the "friend" button on a website, a friend is someone that you share a bond of mutual understanding and respect with. Friends have always had privileged access to embarrassing information, stories and photos because they're the people that you trust information like that with and sharing it strengthens those bonds.
Facebook doesn't change the nature of friendship, it just provides new ways of communicating. Providing people that you don't trust with information about your personal life is a poor idea, as it has always been. "Friending" someone changes the access that that person has to your personal information and such access should be granted on the basis of trust and respect. People need to be aware of the access privileges that they provide to different groups of peers. Facebook is a useful tool and can be almost a necessity for remaining in touch, but nobody is forcing you to change who you trust your information with.
One thing that I think would be a good idea for Facebook to implement would be rule-based access privileges for different groups that you can define. The groups shouldn't be visible to anyone other than yourself, of course; the last thing you'd need would be for "friends" to see that they weren't "good friends."
I think the attack relied on an attack computer being connected to the diagnostic port of the car's computer during the drive. Even if it was small, it would be trivial to detect in an inspection. I don't think the issue of re-programming the cars software was discussed in the article.
You could sell the patent or license it. Both cases produce a clear path from the patent to a product and reward the inventor. The only thing that would be ruled out is doing nothing for five years then popping up and demanding payment when a company produces something that tangentially relates to your patent.
Right. It would only come up if a patent troll decided to litigate, in which case the validity of the patent would be assessed.
Obviously licensing use of the patent would be considered using it. Patent sales would be fine, the purchaser of the patent would simply have to produce something with it or license it to a third party. As I said, there would have to be clear path from the patent to a product that employs it but the path doesn't have to be a single link.
As for the first concern, I think it would be easy to discriminate between cases where a company was selling token products to try to validate the patent artificially and a company that incorporated selling those products into its business model. That would be a matter for litigation, but wouldn't be any more gray than prior art, originality or utility. The clause would apply to companies that tried to use litigation as the primary revenue source and not production.
As for the second concern, the patent would remain valid as long as either the holder or a licensee was producing a product using the patent.
As for your comment "When was the last time you heard a positive patent story?," my answer would be: every time I use a product that incorporates clever engineering into its design. The brilliant engineers of the world are paid because they have good, unique ideas that can produce useful things. The patent stories that come up on /. are the cases where the current patent laws are inappropriate to the spirit of upholding intellectual property. All the time I marvel at innovative things that I see around me and I think "damn that's clever, I never would have thought of doing that way." Every time I do that I gain a tremendous respect for the person that came up with it and I appreciate that the product that I'm using is the fruit of their ingenuity. The argument has been hashed out too many times on /. and I'm not interested in an argument, but I wanted to point out that I see positive patent stories all around me because I respect the thought that went into building the things that I use. ("One-Click Purchasing" is not one of those things.)
It seems to me that a requirement for maintaining a valid patent should be that you must be producing something that uses it or actively developing something that uses it. It's a simple notion, in following with the principles of patents, that would neatly eliminate patent trolling and patenting just to block competitors. It would likely lighten the work load of the patent office as well, since broad patents for that purpose would be useless. I'm a strong supporter of patents and intellectual property but I think that there needs to be a clear path from initial innovation to a specific product or set of products in order for a patent to be considered enforceable.