Slashdot Mirror


User: jd

jd's activity in the archive.

Stories
0
Comments
13,841
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 13,841

  1. Re:too bad on Dell Loses Bid To Trademark "Cloud Computing" · · Score: 1

    1. Players of buzzword bingo. 2. It avoids confusion with their real work.

  2. Re:too bad on Dell Loses Bid To Trademark "Cloud Computing" · · Score: 3, Funny

    Admit it, you're just clouding the issue. :) Incidentally, a cloud is just a crowd run on LISP.

  3. Y'see... on Anti-Net Neutrality Astroturfer Exposed · · Score: 2, Insightful

    It isn't how much they know, or how much they receive, or even how many people listen to them, it's who they can bribe (and with the current interest in American corn, that's probably quite a number) and who they play golf with (see point 1). Someone else mentioned conspiracy theories - oh, "good old boy's clubs" have conspired to ensure all sorts of things happen or don't happen since time immemorial, which is why social networking in the right circles is quite effective. What you know is unimportant compared to who you know. The only reason such theories usually lack credibility is that they usually end up blaming someone who not only knows nothing but also knows nobody for stuff that nobody would give a damn about anyway. But companies like Microsoft can certainly be expected to conspire with others to protect their empire. I wouldn't expect them to change their spots now, their old behaviours have worked so well.

  4. Re:The Boston system is really dumb on Gag Order Fuels Responsible Disclosure Debate · · Score: 1

    Congratulations, you're the first person to have actually given a sensible counter-example. I'm genuinely impressed. You are correct, and what you are saying reduces to The Byzantine General's Problem. If there are only two members of a group, it is not possible to establish that one member is not a traitor to that group. In order to establish that all members of a group are trustworthy, 1/2 of that group plus one MUST be trustworthy. This does not require any central member of that group to do the assigning, and indeed such a central member is an inherent weakness. You are far better off solving the BGP in a distributed fashion. The mathematics behind trust are interesting and well worth reading.

    In this case, if you only have the card and the read/write system, you have two parties and trust is impossible. If, however, you have N read/write systems and M cards, then you can achieve trust IFF (if and only if, to non-mathematicians) 1+((N+M)/2) of those are trustworthy participants. The system will fail if a minimum of 50% are not trustworthy.

    This minimum trust level can be trivially ensured on any system you have complete control over manufacturing, ergo trust can be ensured, and no central management is required.

  5. Re:The Boston system is really dumb on Gag Order Fuels Responsible Disclosure Debate · · Score: 1

    Repeating a claim is not proof of a claim. Security kernels can be proven mathematically to be correct, ergo distributed security kernels that include a card as part of the distribution can also be mathematically proven correct. Lousy coders and inferior management is not a problem with the fundamental concept, it is a problem of delinquent implementors. Reverse-engineer away all you like on a solid PKI system, see if I care. If the system is designed correctly, it should be 100% impervious to such attacks. The lack of such a design is not a problem of technology or computability, but a failure of substandard minds seeking to do things on the cheap.

  6. Re:Free Will != Unpredictability on Do Subatomic Particles Have Free Will? · · Score: 2, Interesting

    Chaos theory is entirely deterministic (the outcome for a given set of initial conditions is entirely pre-determined) but unpredictable (you cannot know the initial conditions well enough to know the results beforehand). Quantum mechanics is, as far as I know, chaotic. Thus, there is no experiment you can perform that can determine if particles have free will. (The classic example is that if you fire a snooker ball across a table, you cannot know its trajectory after a mere seven deflections. By such a short space of time and such a short sequence of events, you'd have to know the distribution of mass around Alpha Centauri to unimaginable precision to make such a calculation with any certainty.)

    It gets worse at the quantum level, where you must do battle with the forces of the Heisenberg Uncertainty Principle and information theory's strict limits on what you can know about interdependent variables. But the problems don't end there. Tunneling, quantum foam, entanglement, etc, create entirely new forms of interdependence and information flows that simplistic models can't capture.

    As a result of all this, you can never know if the system is truly deterministic or not, even if you apply the logic of chaotic systems, because you can not only not know the initial conditions, you can't even know what the system is that you're examining. It has no definable, quantifiable structure. It's extremely ghost-like at that level.

    It gets worse still. When you examine far enough, all you have is raw energy that is highly entangled, coupled with some sort of informational matrix. Mass isn't just equivalent to energy, it IS energy, and energy alone isn't known for sitting in one place, painting its face blue. There is no such thing as a particle. It is all just energy. As QM describes everything as particles, it is clearly not the lowest level of theory, and the much-prized Grand Unified Theory (which will tie relativity to QM) will merely give you pointers how the QM particles come to exist in the first place.

    How does this relate? Because if human free will is tied to particle free will, and particles are defined in terms of energy and information, then particle free will is tied to energy/information free will. Since we are expressly precluded from knowing if particle free will exists by direct observation, it is clear you must examine energy/information free will, which is not subject to QM restrictions (although is likely subject to a whole bunch of others).

  7. Re:The Boston system is really dumb on Gag Order Fuels Responsible Disclosure Debate · · Score: 2, Insightful

    Not if all transactions are validated. If you're using PKI, then the holder of the card cannot determine in advance what the new value on the card is supposed to be, so all the software has to do is ensure that the decrypted value when re-encrypted is equal to the value that should have been written to the card, and that the digital signature placed on the card matches up with that machine's "personal" public key. Then you know that the value that you think has been written to the card is indeed the value written to the card.

    As for writing the correct value - well, not my fault if coders are so incompetent they can't be bothered doing basic top-down design and bottom-up testing. Nor is it my fault they're so frail and scared when anyone suggests formal methods or even something as puny as checking invariants and QAing the corner cases. Frankly, it's pathetic. If you want good software, you've got to put in effort, same as if you want good anything. A top-notch Olympic-quality athlete is going to cost more to train and prepare than a third-grader for their school sports day. It is also going to take a lot more time to get them up to that standard. Software is no different.

    If you want software that's 99.999% bug-free, you can do it, but it's not going to be pretty and it's not going to be cheap. If you want cast-iron guarantees that the remaining 0.001% cannot have bugs that significantly impact operations in terms of money, quality of service or reliability, you can do it, but don't expect it to appear effortlessly.

    NB: When I say it's not "cheap", I mean exactly what I say. It's going to cost developers in blood, sweat and tears. It's going to cost them in time, it's going to cost them in pain, it's going to cost them in stress. It might well cost them their sanity. If it's in the corporate sector, it's certainly going to cost someone a great deal of money. But don't tell me it can't be done. Given enough time and some suitable rope to hang themselves with afterwards, any programmer can do it. It's that they or their paymasters aren't interested. Lack of interest is a WHOLE 'nother game. Nothing to do with impossibilities, it's all psychological bullshit.

    (Linux is a good example. It has a low percentage of bugginess because the coders think they can do it. Windows does not because their coders don't think they can. OpenBSD has superb security because their coders think that that's what they're great at. There are carrier-grade and DO-178B level A Linux variants because those coders thought that was possible too. I've mentioned before general-purpose OS' that use security kernels to achieve mathematically-provable Orange Book A1 security - yet I still hear people insist it cannot be done. Too bad, it already has. Get used to it.)

    If people wanted a high-reliability IT system that was secure, bullet-proof and made life easier - really wanted it - then that is what they would have. IT disaster stories aren't because IT is difficult, it's because a difficult attitude is difficult.

  8. Re:Cooler heads prevailed on ISO Rejects OOXML Protest Appeals · · Score: 3, Interesting

    That is entirely true, which is why Plato argued that people should have superior education. Now, in the modern world, what constitutes superior eduction? Superior to what Plato knew of? Superior to what they have now? Or superior to the standard required to understand the basics of contemporary life, the technologies and societies within it, and the interactions between them? I would argue that that last option should define the minimum standard acceptable for anyone, that better should be encouraged but that since all people have some input to geopolitics, major business decisions, community policies that are likely to have a wider impact, and so on, we should never tolerate a standard of ignorance that perpetuates ignorance and harm.

    Arguably, what I'm asking for is not going to be easy or cheap, but if you optimize the quality of the population, you must also optimize their ability to function together, their ability to make good decisions, and their ability to reduce unnecessary damage. At some point, the additional value brought will equal the additional cost to improve standards. That is the "ideal" point, as any more investment is burning money with no benefits and could be put elsewhere for better gain.

    A "utopian" society is not a stress-free society by this standard, and there'll still be plenty of bigotry and abuse. Rather, a "utopian" society by this standard is the greatest ability and greatest freedom to choose a different path, with the least possible negative consequences for not being selfish and harmful, because people will have the understanding and tools to make genuine choices, not choices they have copied from someone else without really knowing why, or choices out of fear. To me, "utopia" isn't about perfection, it's about balance. Better understanding with no means of using that understanding isn't more "perfect" than a balance between the two. Nor is superior technology than our ability to understand what it does, why, and whether there are longer-term effects that need to be considered.

    Technology should not be held back in fear, nor should understanding. By my definition of "utopia", if one is racing ahead, you should develop the counterpart until it catches up. (As a completely pointless exercise, I came up with six variables you'd need to push hard on, to keep them as close together as possible, to produce the most stable and most enlightened civilization that can be achieved at that time. I believe firmly that allowing any of those six variables to backslide will invariably destabilize society and corrupt understanding, and that all civilizations that have ever declined have done so with that being the core reason, the actual mechanics being a mere secondary effect resulting from this primary cause.)

    I believe that the ignorance shown by the ISO board is a direct consequence of that board being unbalanced by my definition. It has poor understanding of the engineering and an even poorer understanding of the social consequences, simply so that it can play with shiny new toys. If there's such a thing as reincarnation, we now know what happens to cats when they die - they become board directors.

    I fully accept that there'll be plenty of people who disagree with my notion of "utopia" being a state of optimized relative dynamic equilibrium, where the absolute states are always increasing, and it'd probably be a lot of people's idea of a dystopia, as it is inherently restless and requires active intervention rather than allowing the different markets to independently determine their relative pace. I also agree that a regulated balancing act of this kind may in fact not be achievable in practice, but I've yet to hear any convincing argument as to why not, only the usual stuff about big governments, which doesn't even apply to this.

  9. Re:No Microsoft on What Will Linux Be Capable Of, 3 Years Down the Road? · · Score: 1

    I would concur with most of your nitpick. Development tends to happen in fixed intervals, but acceptance might be of anything that does the job. Being developed is no guarantee of being accepted. Thought I'd put that in, but maybe wasn't clear enough. It is an excellent point though, and thanks for emphasizing that. Yes, we do not know that some given OS will be the new Microsoft Windows in ten years time, but we DO know that only products that have reached or exceeded the necessary precursor phase of development and acceptance now can possibly be on the shortlist, Microsoft's offerings included. This viewpoint cannot tell you who will succeed, it can only tell you who is in the race and who is just spectating.

    In terms of desktops for Linux, well, there aren't any alternative metaphors within range of the 10 year cycle that can be described as initial public acceptance. Ergo, mainstream users will use a desktop metaphor on Linux in 10 years time. There are plenty of underlying systems that have reached the required level of maturity and usage, so in all probability one of those will be the one that is most widely used on Linux. I can't tell you which it'll be, but I can tell you that it'll be one that has been firmly established and has developed a good pedigree and a respectable forward momentum. That limits it to about a couple of dozen, at this point.

    Alan Prost once said that the first rule of winning in Formula 1 was to finish. The 10 year cycle theory is about the same level. In the same way that not finishing makes it impossible to win, not meeting the prerequisite level makes it impossible to achieve the level after in that cycle. My theory, therefore, does not predict the winner but defines a characteristic that the winner will always have, and that those who do not have the necessary characteristic cannot be the winner that time around. It filters out that one segment of the impossible, but nothing else. It makes guesses marginally more informed, but no better.

    There is one, and only one, really useful way you can use this model. By looking at each of the really really new technologies that have not "matured" yet, you can use the 10 year rule to determine which of those technologies will even be ready for Linux inclusion in 10 years time. Doesn't mean that particular implementation will be there, but technologies are more generic and describe in general terms some new capability. This will let you guess which new technology (in the abstract) will most likely be ready for the kernel and will make it easier to speculate which of those will get into the vanilla kernel within that time, in some form or other.

  10. Re:No Microsoft on What Will Linux Be Capable Of, 3 Years Down the Road? · · Score: 3, Informative

    Some aspects of innovation are very predictable. There is a crude 10 year cycle for each stage of development (from blue-sky to usable prototype, from early garage to first home users, etc). This is repeated, over and over, until you finally get something that is an integral part of domestic life. Linux has shown much the same pattern, minus the initial blue-sky phase, as the concepts were already well-known.

    Four years is a little soon for seeing significant pick-up in the home, but it's near enough the next boundary for me to say that carrier-grade Linux will have made dramatic inroads in the embedded market, and that Linux will EITHER kill off Windows Cluster Edition in the extreme-end market, OR be killed by it. The two cannot coexist, the market is simply too small.

    So, anything that is experimental (in both concept and code) now and has been introduced within the last 3 years will not be close enough to the 10 year boundary in the next 3-4 years to move to the next stage of acceptance.

    Anything that is experimental in only code, but is already widely adopted in concept, even if the code was introduced recently, may well hit the next level, but you can't really depend on it. Code, however, does mature faster than the conceptual and the underlying technology, so it's reasonable to expect some/all of it to have matured.

    Anything that is stable but under-utilized now, but already widely adopted in concept, WILL be widely adopted as implemented within 3-4 years.

    Anything that has been blue-sky for at least 6-7 years, but looks like it is making progress, AND out-of-mainstream work is being tried out, will likely become adopted by a significant group within 3-4 years AND make it into the mainstream kernel, but there is never a firm guarantee of things like that. The variable tends to be more of whose version goes in and whose vision is adopted. eg: Although there is now support for CAN buses, it was not the COMEDI code that got integrated. I expect the network code to improve in performance and tuning, but that doesn't mean it'll be Web100 that'll be added. There will be a parallel filesystem available, but there's no guarantee that that'll be Lustre. Polyserve's filesystem was - by all accounts - much better, and HP (who now own Polyserve) may use it as leverage to get into the Linux market, an area they've worked at for some time.

    I expect distributed shared memory to appear in some form or other in 3-4 years - Infiniband is getting close to being fast enough, tipc is evolving nicely, and implementations of reliable multicast have existed long enough to push the concept onto the next ten year cycle. If it fails to make the transition, it will never appear at all.

  11. Re:i just posted this link 3 days ago on Digitizing Rare Vinyl · · Score: 4, Interesting

    Thanks for that. When the Universal studio went up in smoke this year, it did not destroy films but it DID destroy the only known copies of any of their music from the 50s and earlier. How much money do you think they'll make from the ash? "Not a whole lot" is my guess. They also lost a lot of remastered early movies, where the originals are too artsy to be worth remastering again, going by $ value alone. Again, how much do you think they'll get from the smouldering remnants?

    Now, if those works had been generally available under public domain, those artists would be better known and maybe, if any works are still under honest copyright, have greater market value. But, no, they wanted their hard cash up-front and in big quantities, even if that meant risking losing everything. They don't care about what society has lost, they only care about what they can take for themselves.

    It might be better if there was staggered copyright whereby rights automatically revert from whoever owns the rights to the creator of the work after 40 years, and they (and their estate) get to hold the rights for a further 10 or 20 years. It wouldn't stop the corporate abuses, but it would restrict them, and it would lessen the need any actual artist might have for a longer copyright, because they'd be earning five to ten times as much per sale towards the end of the copyright lifetime.

  12. Re:Responsibility? on EFF To Appeal Court Order Vs. Subway Hack Demo · · Score: 2, Insightful

    I wouldn't agree to it being right to present how to break the system (except under special circumstances such as those you outlined), but I think it could be rather fun to make it illegal for either a government body or quango to set up or maintain a system in such a state that it poses undue burden on users, taxpayers, security, etc. Illegal as in prison illegal, not slap-on-the-wrist-see-you-at-golf-tomorrow illegal.

    Governments are like all other organizations in that they will do the least possible to survive at a level comfortable to them. In the case of a democracy, this means buying off the other branches of government and the media. (This differs from a theocracy, where instead they buy off the media and the other branches of government. Dictatorships, on the other hand, only need to buy off CowboyNeil.)

    The sovereign immunity enjoyed by the Government in America is probably one of the largest factors behind its corruption. I can understand the need to not have distractions, though I suspect Olmert can understand it better, but there are other ways of achieving that goal that still provide adequate accountability. The ballot box doesn't provide accountability for wrongdoing, it only provides accountability for unpopular doings, right or wrong, and frankly I doubt enough people care about mass transit computer systems to make gross negligence punishable via an election, regardless of any potential consequences. (Joe Bubba is very unlikely to think too far ahead, and there are simply more Joe Bubba voters in America than any other single group.)

  13. Re:My experience on IT Internship In the US For a Foreigner? · · Score: 1

    I got paid more as an intern during the sandwich year of my BSc from a British science laboratory twenty years ago than interns are paid by US companies these days. That's without factoring in inflation, taxes, the enormous burden of health insurance in the US, the negative impact of American workaholism, etc.

    America is a decent place to work - which is one reason I joined the brain drain fron the UK to the US - but not for interns. There are plenty of full-time mid-career jobs in the US where you don't get vacation in the first year and accumulate only dribs and drabs thereafter. Interns? You'd be lucky to see daylight. In comparison, my internship at (what was then) SERC Daresbury Laboratory had 22 paid days off.

    Also bear in mind that the US economy (and, for that matter, the British economy) are busy going south. This means there'll be a real crunch on who organizations will hire, and how trustworthy that process will be. There is no job protection in the US and employment in many States is "by will" (ie: they can dismiss you without cause and without notice). An overseas intern is unlikely to be able to afford to complain, or be able to remain in the country long enough after such a dismissal to even make a complaint. Assuming anyone is going to listen to a foreigner during an election year, when jobs for the locals = votes.

    I would not trust Britain, because the economy there is tanking and there just aren't that many IT jobs there. Ireland is a maybe - they seem to be doing ok with getting IT businesses in. CERN is getting ready to put the collider online and I imagine they'd want slaves - err, interns. You might also want to look in the southern hemisphere - Australia and New Zealand are no longer agricultural-only economies. Look around. Don't be blind to something worth doing, simply to chase a dream.

  14. Re:This happened to the guy I replaced on Who Owns Your Online Networking Contacts? · · Score: 1

    Isn't California abolishing/banning non-compete clauses? That's going to make such actions fun, as most corporations exist in multiple States and therefore you've no real way of knowing which State the e-mail server is in.

  15. Re:what email address did he register? on Who Owns Your Online Networking Contacts? · · Score: 3, Informative

    You are correct only insofar as the employee is concerned. Both British and EU law protects all personally identifying information on behalf of the person identified, NOT the holder of that information, which means that the employee has no legal right to forward that information to anyone, even if that information is obtained in the course of his work duties. The information doesn't belong to him, it belongs to the people it is about.

    (That is what makes the EU - in principle - far superior to other regions when it comes to privacy. You own all data about you, no matter who has it. You do not rescind ownership, simply by handing it to someone. They are merely licensed to hold that information. You are entitled to demand that they reveal what information they have, and are entitled to demand mistakes are corrected or that the information is destroyed.)

    If the employee has no legal ownership of the information, the court cannot order him to forward it. Courts can't order people to commit offenses! That would be absurd. And since he is merely the licensee of that information, not its owner, the court had no business regarding him as a concerned party.

    I want to see privacy laws increased in Europe - there isn't nearly enough, which is why Britain has so many CCTV systems, mostly used for the purpose of selling footage to the media - they are barely ever used in criminal cases and aren't even that usable when they are. Further, only computer-stored data is protected, which is stupid - privacy breeches are about the privacy not the method.

  16. Re:Who owns your contacts? on Who Owns Your Online Networking Contacts? · · Score: 1

    I'm curious as to the reasoning of the court. In Britain, personal information identifying an individual is protected under the data protection act. Information cannot be stored on an individual without consent by that individual, so unless each and every contact gave permission, their relationship to the person in question is protected. The individual does not have the lawful right to pass such protected information without that express consent. European data protection laws also apply in this. This is a gross violation of their privacy under accepted EU human rights legislation. EU law also provides for the barring of all computerized trade with nations that fail to provide privacy. (The US gets special exemption.) There are provisions for handling matters of national security, criminal investigations, etc. There are NO provisions for nosey ex-bosses. I hope the contacts concerned file for an injunction blocking the transfer. This is exactly the sort of privacy concern that resulted in such protections in the first place. If an injunction is denied, I hope they take the matter right the way through to the European Courts if necessary. By then, the information probably will be transferred, but the legal right to privacy needs to be defended and protected in case law, or judges will take this as precedent to ignore the DPA as and when it happens to suit them.

  17. Re:Simple solution on Using My PC For Plain Old Telephone Service? · · Score: 1

    Depending on the modem and the driver, all you need is something that pauses the movie or lowers the volume on that input to the mixer when the ring line is raised. As almost all softphone systems that support serial port or modem usage track the ring line, this should be pretty straightforward. In the event of telemarketers calling during business hours, I also suggest finding a good ring oscillator or some other really jarring sound distortion filter.

  18. Re:Entropy on Researchers Pave Way For Compressor-Free Refrigeration · · Score: 1

    I disagree. Slashdot has random BS, yes, but it's constant. Entropy is an increase in disorder. 100% disorder that isn't changing has no entropy, no matter what you might think of it - or of CowboyNeil.

  19. Re:Entropy on Researchers Pave Way For Compressor-Free Refrigeration · · Score: 1

    Oh, I dunno. Sounds fairly routine to me. I've worked in plenty of places that were highly disorganized and gave off lots of hot air.

  20. Re:Yes, we know. on Moving Beyond Passwords For Security · · Score: 5, Interesting

    The US Government uses this method, except via smart cards. This started with the NMCI initiative. I was not keen on NMCI, as it used Citrix and centralized application serving. This creates a single point of failure (which quite often failed at the beginning) and a single, all-powerful account on a system (there's no other way of having a central system responsible for all privileges otherwise) on an operating system that probably isn't going to be in the Trusted class (ie: it ran Windows - and I am using the Trusted class in the Orange Book sense, not in any "popular" sense of whether people actually trust it).

    PKI is a very sensible approach, but should not be used in isolation. This was discussed only a short time ago on Slashdot regarding "secure locks" - there should always be multiple layers of security, a reliance on a single layer is always going to be a disaster waiting to happen.

    Passwords as a "bootstrapping" mechanism to enable the rest of the security sounds fine. It's something we already do with regards GnuPG/PGP keys, Kerberos, etc. They're weak, but bootstraps don't need to be that strong if you're using them in a multi-layer system. They're supposed to make it hard for anyone to tell if they've broken the other layers. That is sufficient.

    There is, however, almost nothing else you can use. Biometrics are not safe (Slashdot has covered the breaking of many such systems) and not guaranteed to work (Slashdot has covered chimeras and other biological weirdness in the past). Two physical electronic keys won't give you significantly more security than one with twice the quality of encryption and just give you more you can lose. Call-back mechanisms are vulnerable to social engineering (if involving people) or replay attacks (if automated) since such methods have to use extremely primitive security as they are prior to authentication.

  21. Re:So let's get this straight on Defcon "Warballoon" Finds 1/3 of Wireless Networks Unsecured · · Score: 4, Insightful

    You make a good point, however I guess I would ask why any rational society would expect just those two modes of operation. Neither seems that useful. Wouldn't it be more logical to expect either the police to come over and say hi, or to take a note of the registration and car details (not necessarily visibly)? A standard social engineering technique used time immemorial has been to look as though you should be somewhere. Only an idiot looks suspicious, and it's not the idiots who should concern the police the most.

    In the first case, it's basic community policing 101. You don't prevent crime by looking intimidating, you prevent crime by being aware of what's happening and understanding why. The second option also works on the premise of being aware, but looks for standard social engineering practices and patterns, rather than cause-and-effect.

    In neither case is flipping out a productive or useful method. It doesn't help you recognize where or when problems are likely to occur, and only helps you catch the more dysfunctional criminals who are likely causing the least of the social headaches. However, it is by far the most common method used, because it's easy. Catching competent criminals is much harder, much more expensive, and gives a police department a worse score on offenses dealt with.

  22. Re:Scientific community? on The Flat Earthers Are Still With Us · · Score: 4, Funny

    The current land-speed record is a fraction over mach 1. Admittedly, this involved a bus only insofar as said bus provided a means for journalists and mechanics to reach the site, but it does mean that the tire argument alone is insufficient. The current land-speed record for a television journalist is over 300 mph, but he did indeed suffer a tire blowout. His survival and continued career, despite massive head injuries, does however prove that you don't need brains to be a TV celebrity.

  23. Re:Is this surprising? on Shrinky Dinks As a Threat To National Security · · Score: 2, Informative

    Medieval thief-proof locks could not have been beaten by simply copying the key, because you needed to know the specifics of how to use the key. (It deadlocked itself if you used the key in a "normal" fashion.) It is easy to imagine that a modern lock could be made vastly superior to a medieval one. (Doctor Who fans may be familiar with the boast that there are 600 ways to use the TARDIS key and 599 ways to cause the lock to fuse solid, a somewhat dramatic reference to the idea that you can make locks that contain multiple lines of defenses, of which the key itself is merely one.)

    Modern car keys use a different multi-stage approach, whereby the key contains either an RFID tag or some other form of readable chip. Copying the mere physical layout gets you past the first line, but does nothing for the second.

    It would be trivial to extend the car key method by adding encryption to the information (which is probably done already), adding a capacitor whose value must be matched, and so on. Some cars also use thumb-prints, but there have been cases of car-jackers stealing the driver's thumb, making this security measure dubious.

  24. Re:The Russians hit the truth. on Evidence of Russian Cyberwarfare Against Georgia · · Score: 4, Insightful

    The Daily Mail is not known for being terribly honest. It's a tabloid. If the news isn't in at least two serious broadsheets from independent sources, or one broadsheet and either the BBC or ITN, then it should not be regarded as credible. (As for American news sources, I trust virtually nothing from any source. Most of it is reprinted from Reuters or some other news agency pool, probably misquoted, and then censored by the advertisers. If it's Fox, it's just really bad fiction.)

  25. Re:oh good... let's all bury our heads... on Massachusetts Sues to Halt Defcon Subway Hacking Talk · · Score: 1

    Many smartcards use strong RSA or Elliptic Curve encryption. (Another PKI system in use, Quartz, is not regarded as particularly good and I don't know of any card that uses it, although I believe it is deployed.) The benefit of public key is that you can't modify the value because you don't have the right key for it. You can read, but you can't write. Secret key systems are the only ones even potentially vulnerable to the attack you mentioned, and even then you can prevent attacks by using an advanced encryption mode, a good cipher and a non-trivial data structure.

    If you're really paranoid, regardless of encryption method, compress the data structure storing the value before encrypting it, so as to randomize what is present and make any sort of attack based on inspection worthless.

    Yes, using public keys means that you lose a little of the privacy factor - there is a verifiable lookup of the key for an account - but it's not the same as providing information on amount or even which direction the money was transferred in. That's a hell of a privacy improvement over existing credit or debit card systems.