Not entirely useless. Unlike the occasional jaunt abroad, I probably sampled that statistical space 900 or so times. So statistically you could get some reasonably low P value claims for bounds on the risk of being a subject of crime while in the area.
LOL, if you thinks parts of London and Paris are not orders of magnitude more dangerous than any place in the US at night you are delusional.
I spent my college years in the UK walking to and from college every day, through the 'worst' slum in the country, widely acknowledged to have the highest rate of drug crime, gun crime, poverty and anything else they might try to measure to show how bad it was.
I spent the second half of my life in the US, where I have visited many US cities.
Strangely, despite all the alarming talk of how dangerous it might be, I was shot, mugged, hit and assaulted precisely zero times. It never happened. I never saw it happen.
People like to overstate the dangers. I assume that this is mere grandstanding. Saying any old shit because there's an audience.
I can't believe this hasn't even been addressed on Slashdot. The site was completely down for two days and they're trying to pretend like nothing happened.
But putting the servers back to work hosting slashdot seems to have borked the airline booking service.
Other large semiconductor companies seem to be able to implement a secure enclave structure with dynamic voltage wobbling and managed to take fault injection seriously and they don't have these problems. It's heavy lifting to do a proper job, but in the case of RSA, it really isn't. Just sprinkle in some TMR and integrity testing with maybe a rail monitor and you will be good. I wonder why that isn't a part of TrustZone as standard. It should be.
You are right. Management can't see security problems when you're building it and unless they've had some bitter experience, they don't know how to cost it.
Perhaps they are good. And the NSA doesn't want them adopted. But playing upon the suspicions of the rest of the world that they are a bunch of lying scum, they promoted them. Knowing that this would call the algorithms' security into question and get them rejected.
>That said, banning the runt versions smells like prudence to me,
This part is sound. At the NIST lightweight crypto workshop, there was a clear consensus among cryptographers that we didn't want weak algorithms with small block sizes and small keys. We wanted strong algorithms that were more efficient than current standardized algorithms like AES.
So Simon and Speck were reasonable examples of such algorithms, provided you stuck with 128+ key sizes and block sizes.
However my primary criticism is the lack of a 256 bit block size. I have the same criticism of AES. In Simon, it's clear how to set the parameters for a 256 bit block size and I did some work to find out the appropriate number of rounds for 256 bit blocks. The key schedule has three lfsr generated sequences u, v an w. These are doubled by xoring with a 010101 sequence to we have six sequences in total. These are used in the different configurations. But those configurations only use 5 of the 6 sequences. So there is a clear hole in the spec where the 256 bit block size should sit and a clear hole in the key schedule where the right sequence for use with the 256 bit block size sits.
>Sure, for a cellular phone to work the phone must announce it's location to the carrier.
No. The cell tower announces its location to the phone. The phone announces its desire to connect to the tower. If there's an ongoing session, a number of towers may already be informed of your phone and your phone has a session reference it can use so the new tower can grab the session from the previous tower as handover occurs.
The business of a tower inferring your phone's location came later and was all to do with selling 'location services', which of course, GPS undermined. Who would pay for that?
>Let everyone study them for a few years to reduce the need to trust the NSA.
How many more years would you like? It's been 4 and a half so far and it's been very well studied.
I don't think the number of years of study is actually something you care about or you would know how much is enough. If you don't know how much is enough, then asking for more years is just a way of trying to make it go away by delaying it.
Who else other than the people who have published all the papers in IACR journals would you have study them? Are there more qualified people about?
When you dispense with the technical arguments, all you have left are arguments about parentage, which don't really help with understanding the worth of algorithms.
>The dispute, which has played out in a series of closed-door meetings around the world over the past three years and has not been previously reported, turns on whether the International Organization of Standards should approve two NSA data encryption techniques, known as Simon and Speck.
I was in a couple of those meetings in ISO/IES SG27/WG2.
Indeed, the NSA were there and were pushing Simon and Speck. Indeed a handful of other countries were arguing against Simon and Speck, but not on the merits of the algorithm, but on the history of the USA in crypto standards and SP800-90A in particular.
They couldn't muster any real criticism of Simon and Speck, and that's because they are excellent algorithms. They are 3X more efficient that AES in whatever metric you choose (size, performance, area, power). They are easily extended to 256 bit block sizes (although NIST and the NSA have declined to do that while leaving obvious holes in the spec where the larger block sizes go. The security analysis is aided by the simplicity of the algorithms - a simple round function iterated many more times than for AES.
ISO is a political organization and the arguments are political. Don't let technical considerations muddy the waters.
The Boeing 787 and Airbus A350 supposedly feature improvements in cabin air pressure, with pressurization to 6000 feet equivalent, as well as increases in humidity.
Unfortunately, they still aren't that common.
I'll find out in November, while crossing the Pacific ocean.
Older people tend to go to the bank and get cash from a teller-- and get more than $100 at a time.
And then expect some cashier in a shop to to give them change for a 50 cent purchase with a $100 bill. That, screwing up social security and keeping Buick in business, old people have a lot to answer for.
Well I just checked amazon and heading their ads were polarized film and a TO-220 LDO. Both things I purchased today on different websites (banggood and Mouser respectively).
My wife has a yarn store. The customer base has a very, very well defined demographic and they tend to buy yarn and related stuff many times. The single best advertising we can buy is through Facebook. They target at the people within a certain distance in the knitting and crochet groups on Facebook with our ads, which essentially say "There's a yarn store over there". This has a measurable effect on increasing customers. Advertising through Google. the papers and other places has achieved nothing. Google maps helps people discover us, but that happens without paying them anything. When we ask new customers how they found us, it's usually Facebook.
We never found it hard to work out how to not be objectionable with ads. Make the ad pertinent and useful and don't spam it. It's simple.
Slashdot Mirror
whats a cray-cray?
It's two Crays. Twice the performance. Emitter Coupled Logic for the future.
Not entirely useless. Unlike the occasional jaunt abroad, I probably sampled that statistical space 900 or so times. So statistically you could get some reasonably low P value claims for bounds on the risk of being a subject of crime while in the area.
I'll be impressed when someone builds a working LIGO with LEGO.
>The fact of the mater
The fact of the mater is that she's your mother.
LOL, if you thinks parts of London and Paris are not orders of magnitude more dangerous than any place in the US at night you are delusional.
I spent my college years in the UK walking to and from college every day, through the 'worst' slum in the country, widely acknowledged to have the highest rate of drug crime, gun crime, poverty and anything else they might try to measure to show how bad it was.
I spent the second half of my life in the US, where I have visited many US cities.
Strangely, despite all the alarming talk of how dangerous it might be, I was shot, mugged, hit and assaulted precisely zero times. It never happened. I never saw it happen.
People like to overstate the dangers. I assume that this is mere grandstanding. Saying any old shit because there's an audience.
I can't believe this hasn't even been addressed on Slashdot. The site was completely down for two days and they're trying to pretend like nothing happened.
But putting the servers back to work hosting slashdot seems to have borked the airline booking service.
a database... what could ever be more complex? pity the endlessly undone digitarian hired goons..
If it's complex, you're doing it wrong. However it seems like the whole IT industry has been doing it wrong for a long time.
Other large semiconductor companies seem to be able to implement a secure enclave structure with dynamic voltage wobbling and managed to take fault injection seriously and they don't have these problems. It's heavy lifting to do a proper job, but in the case of RSA, it really isn't. Just sprinkle in some TMR and integrity testing with maybe a rail monitor and you will be good. I wonder why that isn't a part of TrustZone as standard. It should be.
You are right. Management can't see security problems when you're building it and unless they've had some bitter experience, they don't know how to cost it.
that's because they are excellent algorithms.
Says you and the NSA.
Perhaps they are good. And the NSA doesn't want them adopted. But playing upon the suspicions of the rest of the world that they are a bunch of lying scum, they promoted them. Knowing that this would call the algorithms' security into question and get them rejected.
Do you have an interest in turtles?
>That said, banning the runt versions smells like prudence to me,
This part is sound. At the NIST lightweight crypto workshop, there was a clear consensus among cryptographers that we didn't want weak algorithms with small block sizes and small keys. We wanted strong algorithms that were more efficient than current standardized algorithms like AES.
So Simon and Speck were reasonable examples of such algorithms, provided you stuck with 128+ key sizes and block sizes.
However my primary criticism is the lack of a 256 bit block size. I have the same criticism of AES. In Simon, it's clear how to set the parameters for a 256 bit block size and I did some work to find out the appropriate number of rounds for 256 bit blocks. The key schedule has three lfsr generated sequences u, v an w. These are doubled by xoring with a 010101 sequence to we have six sequences in total. These are used in the different configurations. But those configurations only use 5 of the 6 sequences. So there is a clear hole in the spec where the 256 bit block size should sit and a clear hole in the key schedule where the right sequence for use with the 256 bit block size sits.
>Sure, for a cellular phone to work the phone must announce it's location to the carrier.
No.
The cell tower announces its location to the phone.
The phone announces its desire to connect to the tower.
If there's an ongoing session, a number of towers may already be informed of your phone and your phone has a session reference it can use so the new tower can grab the session from the previous tower as handover occurs.
The business of a tower inferring your phone's location came later and was all to do with selling 'location services', which of course, GPS undermined. Who would pay for that?
>Let everyone study them for a few years to reduce the need to trust the NSA.
How many more years would you like? It's been 4 and a half so far and it's been very well studied.
I don't think the number of years of study is actually something you care about or you would know how much is enough. If you don't know how much is enough, then asking for more years is just a way of trying to make it go away by delaying it.
Who else other than the people who have published all the papers in IACR journals would you have study them? Are there more qualified people about?
When you dispense with the technical arguments, all you have left are arguments about parentage, which don't really help with understanding the worth of algorithms.
SIMON and SPECK are simple block cipher designs. You don't need an ISO for that. What's next? An ISO for HTML header tags?
You need ISO for getting WTO protection for selling your implementation internationally.
>The dispute, which has played out in a series of closed-door meetings around the world over the past three years and has not been previously reported, turns on whether the International Organization of Standards should approve two NSA data encryption techniques, known as Simon and Speck.
I was in a couple of those meetings in ISO/IES SG27/WG2.
Indeed, the NSA were there and were pushing Simon and Speck.
Indeed a handful of other countries were arguing against Simon and Speck, but not on the merits of the algorithm, but on the history of the USA in crypto standards and SP800-90A in particular.
They couldn't muster any real criticism of Simon and Speck, and that's because they are excellent algorithms. They are 3X more efficient that AES in whatever metric you choose (size, performance, area, power). They are easily extended to 256 bit block sizes (although NIST and the NSA have declined to do that while leaving obvious holes in the spec where the larger block sizes go. The security analysis is aided by the simplicity of the algorithms - a simple round function iterated many more times than for AES.
ISO is a political organization and the arguments are political. Don't let technical considerations muddy the waters.
>American was ordering planes with a brushed aluminum finish because they didn't want the weight of the paint on the aircraft.
I suspected that was the reason for years. I was right!
The Boeing 787 and Airbus A350 supposedly feature improvements in cabin air pressure, with pressurization to 6000 feet equivalent, as well as increases in humidity.
Unfortunately, they still aren't that common.
I'll find out in November, while crossing the Pacific ocean.
Yes, Mr 598059
Best regards,
Mr 175943.
I constantly overestimate the ability of people to distinguish a serious comment from a joke.
Older people tend to go to the bank and get cash from a teller-- and get more than $100 at a time.
And then expect some cashier in a shop to to give them change for a 50 cent purchase with a $100 bill.
That, screwing up social security and keeping Buick in business, old people have a lot to answer for.
We often see $100 bills used in our store.
My personal observation is that the people using them are always old, as in clearly past retirement age. I have no clue why this is the case.
Yes. Facebook is better. Presumably because they know a lot more about the interests of its users and so can target effectively.
Well I just checked amazon and heading their ads were polarized film and a TO-220 LDO. Both things I purchased today on different websites (banggood and Mouser respectively).
Yup. I typed it too quickly then face-palmed myself.
> your fleece jacket or other synthetic clothing,
Fleece's come from sheep.
My wife has a yarn store. The customer base has a very, very well defined demographic and they tend to buy yarn and related stuff many times.
The single best advertising we can buy is through Facebook. They target at the people within a certain distance in the knitting and crochet groups on Facebook with our ads, which essentially say "There's a yarn store over there". This has a measurable effect on increasing customers. Advertising through Google. the papers and other places has achieved nothing. Google maps helps people discover us, but that happens without paying them anything. When we ask new customers how they found us, it's usually Facebook.
We never found it hard to work out how to not be objectionable with ads. Make the ad pertinent and useful and don't spam it. It's simple.