The universe is full of randomness that's hard to predict. The triumph of digital electronics is that they eliminate the randomness almost completely when abstracted up from electron/hole pairs in semiconductors to the realm of bits and bytes. That means you can't get randomness out of it, no matter how theoretically secure your algorithm--you need to go back to the messiness of physical space for that. Well done.
That's what metastability is for. It's how the entropy source in your CPU works and it's a heck of a lot more efficient and fast than a bunch of lava lamps.
The most productive team I've ever worked in had a simple policy.
1. You wrote your code. 2. You documented the developer's to your left's code. 3. You tested the developer to your right's code.
Harsh, but it worked really well.
But the developer to my left is an analog circuit designer and the developer to my right is a design automation expert. I do cryptography in the middle. I don't see this working out.
Consider the plight of us semiconductor designers. You've got 10 billion transistors, all hooked up in designs by thousands of people and it all has to work together and if you get it wrong, you can't fix it. It has to be right. So hell yes, you test your own stuff before letting others see it. Then other people test it. Then you test their stuff with your stuff. Meanwhile there are teams of people putting it all together in lots of ways to try and break it.
The value in a design is not the design. It's the level of trust that the thing will work when you put it in a chip.
What makes you think your data aren't being decrypted for sports and data collection?
My file encryption is better than the standard encryption algorithms. It's a mix of multiple encryption algorithms from multiple countries. Also I modified the algorithms to make them more secure. Mostly by running more rounds. The random numbers used for keys were generated using quantum resistant algorithms and the symmetric keying is large enough to resist Grover's algorithm.
Such is the life of a cryptographer with some spare time.
To be honest, that's not how most people think about their data. For the most part they think that some entities are acting within the law like Google, Apple etc. and the law will protect them. And then there's the entities that operate outside the law and they'll hack their way in whether it's local or in the cloud. Look at all the people who get viruses and malware, they don't feel particularly much safer just because it's physically on-premise. At least with the cloud they got backups so it's done half right, often they don't have anything.
For a business, it's pretty much the same except how much do you really trust your employees to be better than the cloud providers? Maybe a few that focus very hard on IT security do, but for most businesses it's like my network, their network... it's not exactly risk free either way. If you got real secrets I'd keep them on an air-gapped computer.
In my case, the business is a Yarn store and it's my wife's. That she's married to a cryptographic security expert means the yarn store in question is somewhat better provided for in terms of security than the average yarn store.
I've developed air gapped systems for CAs before, but in the final analysis. they're less secure than a non air-gapped system because air-gapping means delegating various tasks to humans that are normally automated. So it's easy for the humans to conspire and undermine the security. When it's automated, it's easy to put a lot of checking on the communication path into the secure area.
When I put unencrypted data on a cloud drive, it doesn't matter what the legal agreement is. The underlying truth is that the data can be read. Act accordingly. Don't put unencrypted data on a cloud service drive that you don't want to be read by someone else, whether the service provider or some other entity (government, hacker, malcontent employee etc.).
When you are running a business, this is a tradeoff. The costs of hosting it yourself and making sure it's backed up, available and secure are significant. Do you care more about Google reading your stock report than you care about putting in time and money to host it yourself. In many cases it's a slam dunk and the data gets hosted on Google for a reasonable fee. In some cases, the data goes in a secure place in a secure manner, but it's a small fraction of the data.
Sitting one distance from the TV is simple enough. Sitting 3 and 6 feet and all distances in between away from the TV at the same time is a trick that requires a mastery of time and space that humans do not posses.
Several billion 2 input NOR gates refute your statement.
FTFY. As any computer scientist should know, although it is possible to construct arbitrary logic out of NOR gates, it's really hard to construct most logic simply out of OR gates (even if you have several billion of them).
Be careful. You might get mugged by a roving band of NAND gates.
>They wouldn't have to invest in their own vehicles, which makes them vulnerable to recessions by putting their savings in the same sector as their labor
Owning their own vehicles means they can enjoy reduced income during a recession, rather than losing their job entirely.
Can somebody please explain the TLA (Three Letter Abbreviation) when they post an article about it?
In my world, amp is generally used as a contraction of amplifier. I don't know what TFS is babbling on about. Wikipedia lists 40 alternatives. https://en.wikipedia.org/wiki/...
>The move would be a win for newspapers and broadcasters that have pushed for the change for decades,
No, the product will become even more shit and the viewership will continue to decline, undermining their investments in buying up all the local players.
That's interesting. There's a clear delta between what comes in the box and what the specs say. There's fame for a grad student in needling through that swamp of card swipers.
FBI confirmed for whiny crybabies who want to be spoonfed everything instead of doing the jobs they were hired to do.
Let's face the facts. There can only be two choices when it comes to encryption: Ban ALL encryption for consumer devices (which would be a gigantic leap backwards and create a massive security issue for everyone) or leave encryption alone. Compromising encryption algorithms IS A NON-STARTER.
Of course if they banned encrytion, then of course the rich, and politicians would still manage to have it, as would EVERY SINGLE CRIMINAL AND TERRORIST with the means and wherewithal to find and use it, so banning encryption is also a NON-STARTER. The Djinn is already out of the bottle, we do not have time travel machines, you can't go back in time and prevent encryption from being invented, fucking DEAL WITH IT, LAW ENFORCEMENT!
Do you use bold and all-caps because you only want me to read those bits, or is it because you want me to read those bits more intensely than the non-bold-or-all-caps bits?
Slashdot Mirror
The universe is full of randomness that's hard to predict. The triumph of digital electronics is that they eliminate the randomness almost completely when abstracted up from electron/hole pairs in semiconductors to the realm of bits and bytes. That means you can't get randomness out of it, no matter how theoretically secure your algorithm--you need to go back to the messiness of physical space for that. Well done.
That's what metastability is for. It's how the entropy source in your CPU works and it's a heck of a lot more efficient and fast than a bunch of lava lamps.
I've never met a metal ECO I liked.
The most productive team I've ever worked in had a simple policy.
1. You wrote your code.
2. You documented the developer's to your left's code.
3. You tested the developer to your right's code.
Harsh, but it worked really well.
But the developer to my left is an analog circuit designer and the developer to my right is a design automation expert. I do cryptography in the middle. I don't see this working out.
Consider the plight of us semiconductor designers. You've got 10 billion transistors, all hooked up in designs by thousands of people and it all has to work together and if you get it wrong, you can't fix it. It has to be right. So hell yes, you test your own stuff before letting others see it. Then other people test it. Then you test their stuff with your stuff. Meanwhile there are teams of people putting it all together in lots of ways to try and break it.
The value in a design is not the design. It's the level of trust that the thing will work when you put it in a chip.
What makes you think your data aren't being decrypted for sports and data collection?
My file encryption is better than the standard encryption algorithms. It's a mix of multiple encryption algorithms from multiple countries. Also I modified the algorithms to make them more secure. Mostly by running more rounds. The random numbers used for keys were generated using quantum resistant algorithms and the symmetric keying is large enough to resist Grover's algorithm.
Such is the life of a cryptographer with some spare time.
To be honest, that's not how most people think about their data. For the most part they think that some entities are acting within the law like Google, Apple etc. and the law will protect them. And then there's the entities that operate outside the law and they'll hack their way in whether it's local or in the cloud. Look at all the people who get viruses and malware, they don't feel particularly much safer just because it's physically on-premise. At least with the cloud they got backups so it's done half right, often they don't have anything.
For a business, it's pretty much the same except how much do you really trust your employees to be better than the cloud providers? Maybe a few that focus very hard on IT security do, but for most businesses it's like my network, their network... it's not exactly risk free either way. If you got real secrets I'd keep them on an air-gapped computer.
In my case, the business is a Yarn store and it's my wife's. That she's married to a cryptographic security expert means the yarn store in question is somewhat better provided for in terms of security than the average yarn store.
I've developed air gapped systems for CAs before, but in the final analysis. they're less secure than a non air-gapped system because air-gapping means delegating various tasks to humans that are normally automated. So it's easy for the humans to conspire and undermine the security. When it's automated, it's easy to put a lot of checking on the communication path into the secure area.
When I put unencrypted data on a cloud drive, it doesn't matter what the legal agreement is. The underlying truth is that the data can be read. Act accordingly. Don't put unencrypted data on a cloud service drive that you don't want to be read by someone else, whether the service provider or some other entity (government, hacker, malcontent employee etc.).
When you are running a business, this is a tradeoff. The costs of hosting it yourself and making sure it's backed up, available and secure are significant. Do you care more about Google reading your stock report than you care about putting in time and money to host it yourself. In many cases it's a slam dunk and the data gets hosted on Google for a reasonable fee. In some cases, the data goes in a secure place in a secure manner, but it's a small fraction of the data.
Sitting one distance from the TV is simple enough. Sitting 3 and 6 feet and all distances in between away from the TV at the same time is a trick that requires a mastery of time and space that humans do not posses.
How do you sit 3-6 feet from your TV? Are you only 3 feet long?
OR It isn't a binary statement.
Several billion 2 input NOR gates refute your statement.
FTFY. As any computer scientist should know, although it is possible to construct arbitrary logic out of NOR gates, it's really hard to construct most logic simply out of OR gates (even if you have several billion of them).
Be careful. You might get mugged by a roving band of NAND gates.
OR It isn't a binary statement.
Several billion 2 input OR gates refute your statement.
If ppl would just put the cell phone down
All this driver-assist stuff wouldn't be necessary.
Because nobody crashed cars before we had cell phones.
Idiot.
>As is often the case your doing it wrong.
As is often the case you're doing 'your' wrong.
>They wouldn't have to invest in their own vehicles, which makes them vulnerable to recessions by putting their savings in the same sector as their labor
Owning their own vehicles means they can enjoy reduced income during a recession, rather than losing their job entirely.
I usually agree with this comment-- I hate TLAs!!!!-- but in this case, the definition is on the first line of the summary.
It wasn't when the story first posted. They added it after the collected pernickety hoards of slashdot started pointing it out.
I assure you that Whitney Houston does not sing songs.
Can somebody please explain the TLA (Three Letter Abbreviation) when they post an article about it?
In my world, amp is generally used as a contraction of amplifier. I don't know what TFS is babbling on about.
Wikipedia lists 40 alternatives. https://en.wikipedia.org/wiki/...
My stuff gets more deeply technical, mathematical and non-managementy as I approach 50. I never had to write Java either.
I don't expect people to not want what I do any time soon.
>The move would be a win for newspapers and broadcasters that have pushed for the change for decades,
No, the product will become even more shit and the viewership will continue to decline, undermining their investments in buying up all the local players.
Who knew that cleanliness was a resource and you could use it up and run out?
I might delete or open them on my phone, but if I have to reply, I do it on a computer with a keyboard.
That's interesting. There's a clear delta between what comes in the box and what the specs say. There's fame for a grad student in needling through that swamp of card swipers.
It is not allowed.
Have you tried buying a PoS terminal recently? 1024 RSA, DES. The whole parade of 1990s bad crypto with a certified PCI sticker.
FBI confirmed for whiny crybabies who want to be spoonfed everything instead of doing the jobs they were hired to do.
Let's face the facts. There can only be two choices when it comes to encryption: Ban ALL encryption for consumer devices (which would be a gigantic leap backwards and create a massive security issue for everyone) or leave encryption alone. Compromising encryption algorithms IS A NON-STARTER.
Of course if they banned encrytion, then of course the rich, and politicians would still manage to have it, as would EVERY SINGLE CRIMINAL AND TERRORIST with the means and wherewithal to find and use it, so banning encryption is also a NON-STARTER. The Djinn is already out of the bottle, we do not have time travel machines, you can't go back in time and prevent encryption from being invented, fucking DEAL WITH IT, LAW ENFORCEMENT!
Do you use bold and all-caps because you only want me to read those bits, or is it because you want me to read those bits more intensely than the non-bold-or-all-caps bits?
I don't think you understand how jokes work....
Slashdot is the place where jokes go to whoosh.