>Or they don't want to break everything by removing support for ASN.1.
Clean sheet specs for security systems. There's nothing to break. Adopting ASN.1 based technologies is a poor compromise because is undermined the purpose of the spec. See TFA for an example of how this works.
I've done my bit to try to eradicate ASN.1 from standards I work on. But there's always 2 or 3 vocal people going to great lengths to keep it in there. It's become more clear over time that they don't only work for their stated employers.
That's an old study, and the evidence from the China study directly contradicts it....
The conclusions drawn from the China Study data were in fact contradicted by the data. E.G. The highest univariate association was between wheat and cancer. But the author ignored that. The author chained together confounded univariate associations in a statistically incorrect way. Try looking here for an analysis by someone who actually understands statistics.
"Yet chipping away at bad laws a bit at a time has proven much more effective in the long term. Having people in office who understand this will be better than having blowhards who get blocked by the opposition constantly."
The president has the power to take a substance off the Controlled Substances list simply by executive order. He/she could, if desired, put an end to the DEA on the first day of office by just clearing the list.
Well that was new to me, so I engaged in a little googling and came up with this. Which goes into a bit more detail on this. The screwy bit probably being the treaties and the fact that these decisions have so far been left to the DEA, which is currently run by an idiot. A better route that doesn't have the president running roughshod over the departments that are supposed to handle these things is that the president fires the idiot and replaces her with a competent person who will schedule drugs appropriately.
My original point was made more generally than drug policy.
Yes. Moderates like Obama have very little opposition.
But he got a 'half way to universal healthcare measure' through congress, where a universal healthcare measure would not get through. With luck the next administration will get though the 'single payer' option, which will in the style of Zeno's paradox get 50% of the remaining way to universal healthcare.
In time an incremental approach works. The all-in-one approach rarely succeeds.
I'll take an pragmatic incrementer over someone calling for a revolution that will never happen.
Bernie called for the immediate removal of pot from the Controlled Substances Act, which would effectively legalize pot at a federal level.
The DNC platform language calls for a "pathway toward legalization", which is, of course, vague enough to be fairly meaningless and unenforceable against HRC once in office. And it barely passed, 81-80.
Yet chipping away at bad laws a bit at a time has proven much more effective in the long term. Having people in office who understand this will be better than having blowhards who get blocked by the opposition constantly.
I have set up several servers serving random data. My job is making random data and making things that make random data. If the government seized my computer and assumed the large random binary files on my disk were encrypted, they would be wrong. They are large random bit strings only.
I know what an OTP is. An OTP uses XOR. 'XOR' OTP is just a redundant way of saying OTP. The context was TFA talking about undermining the integrity of evidence.
Encryption through an OTP or ECB, or CTR or CBC or any other privacy mode does not ensure integrity. There never was a question about that. Stating that you can undermine integrity of a non-integrity mode is tautological.
What is appropriate to require is second preimage resistance. The article really has someone arguing that the process of evidence doesn't have second preimage resistance. So the prosecutor can substitute an alternative plaintext and no one can tell.
Something wrong with using source control automated build events in your environment?
Yep, so very, very wrong.
In my case it's RTL, not software. So there's build for simulation, build for emulation, build for FPV, build for FPGA synthesis and build for silicon synthesis. The trick is to make it fail on the latter but not on the first four.
A prime example.. Chips are made of digital circuits and analog circuits. When you have an analog circuit in a chip, you can't simulate it in a logic simulator and it makes no sense in FPV but you need the BMOD to work in FPGA, emulation and simulation, so you design a synthesizable circuit to emulate the analog circuit sufficiently for the whole thing to work. This is called a BMOD (Behavioral Model). It would be really bad if someone took the BMOD and synthesized it to silicon, rather than going and getting the analog circuit from whoever makes it an plugging it in in place of the BMOD. So making the BMOD fail in synth for silicon and not in the other domains is exactly the right thing to do. It debugs the build process of the customer and let's me know who needs help.
I have a habit of leaving comments in code of the basic form "Call me before you touch this code". I have also deliberately inserted a compilation error that happens unless you set the right value in a header, along with a comment with the above "call me" message.
Then when the code is incorporated into a product, someone ends up hitting the problem, finding the comment and calling me. So I get the chance to make sure they aren't messing up the security critical code. Otherwise finding this person would be difficult and we would find the errors caused by people meddling with my code after the product is released.
Can we please stop using 'encryption' when we mean 'integrity'. They are not the same thing. TFS is arguing that integrity has been compromised by removing encryption. BS.
Deciding what the specs are before they are internationally standardized is the most effective way of ending up out of step with the rest of the world. The US has proved very, very effective at that over the years.
That sounds like he wasn't given sufficient engineering resources at the start to engineer a clean solution. So the single non programmer was left to hack it together and couldn't possibly produce a solution engineered with the kind of validation and documentation characteristic of well engineered, robust solutions.
Slashdot Mirror
>Or they don't want to break everything by removing support for ASN.1.
Clean sheet specs for security systems. There's nothing to break. Adopting ASN.1 based technologies is a poor compromise because is undermined the purpose of the spec. See TFA for an example of how this works.
I've done my bit to try to eradicate ASN.1 from standards I work on. But there's always 2 or 3 vocal people going to great lengths to keep it in there. It's become more clear over time that they don't only work for their stated employers.
In time an incremental approach works. The all-in-one approach rarely succeeds.
In America.
Of course in other countries it only tends to succeed just after global wars, so...
This may or may not be true, but I neither stated nor implied the contrapositive.
Why not try an all meat diet? Smarter people than you do: http://www.jbc.org/content/87/...
That's an old study, and the evidence from the China study directly contradicts it....
The conclusions drawn from the China Study data were in fact contradicted by the data. E.G. The highest univariate association was between wheat and cancer. But the author ignored that. The author chained together confounded univariate associations in a statistically incorrect way. Try looking here for an analysis by someone who actually understands statistics.
The Softbank CEO walk in and asks "So where are your factories?"
anonymous coward has been here since before there where ID's
AC for the win!
"there where" rhymes with "hair bear".
Automatic disqualification.
You are apparently ignorant of Hillary's activities.
As are you, unless you hang with her in her office.
"Yet chipping away at bad laws a bit at a time has proven much more effective in the long term. Having people in office who understand this will be better than having blowhards who get blocked by the opposition constantly."
The president has the power to take a substance off the Controlled Substances list simply by executive order. He/she could, if desired, put an end to the DEA on the first day of office by just clearing the list.
Well that was new to me, so I engaged in a little googling and came up with this. Which goes into a bit more detail on this. The screwy bit probably being the treaties and the fact that these decisions have so far been left to the DEA, which is currently run by an idiot. A better route that doesn't have the president running roughshod over the departments that are supposed to handle these things is that the president fires the idiot and replaces her with a competent person who will schedule drugs appropriately.
My original point was made more generally than drug policy.
Yes. Moderates like Obama have very little opposition.
But he got a 'half way to universal healthcare measure' through congress, where a universal healthcare measure would not get through.
With luck the next administration will get though the 'single payer' option, which will in the style of Zeno's paradox get 50% of the remaining way to universal healthcare.
In time an incremental approach works. The all-in-one approach rarely succeeds.
I'll take an pragmatic incrementer over someone calling for a revolution that will never happen.
by "here" he meant America
go back to where you belong sand nigger !
Oh look! A trump supporter.
Bernie called for the immediate removal of pot from the Controlled Substances Act, which would effectively legalize pot at a federal level.
The DNC platform language calls for a "pathway toward legalization", which is, of course, vague enough to be fairly meaningless and unenforceable against HRC once in office. And it barely passed, 81-80.
Yet chipping away at bad laws a bit at a time has proven much more effective in the long term. Having people in office who understand this will be better than having blowhards who get blocked by the opposition constantly.
Age is judged by one's Slashdot ID.
Do grammar standards apply to headlines?
Yes
Thank you for filling my server's disk.
I've limited the amount to 16 Mbytes so you can't do that.
I have set up several servers serving random data. My job is making random data and making things that make random data.
If the government seized my computer and assumed the large random binary files on my disk were encrypted, they would be wrong. They are large random bit strings only.
Like this!"
I know what an OTP is. An OTP uses XOR. 'XOR' OTP is just a redundant way of saying OTP.
The context was TFA talking about undermining the integrity of evidence.
Encryption through an OTP or ECB, or CTR or CBC or any other privacy mode does not ensure integrity. There never was a question about that. Stating that you can undermine integrity of a non-integrity mode is tautological.
What is appropriate to require is second preimage resistance. The article really has someone arguing that the process of evidence doesn't have second preimage resistance. So the prosecutor can substitute an alternative plaintext and no one can tell.
>Given an xor one-time pad algorithm
You don't use OTPs for signing.
You don't use OTPs at all, they don't solve the key management problem.
Please keep up.
Something wrong with using source control automated build events in your environment?
Yep, so very, very wrong.
In my case it's RTL, not software. So there's build for simulation, build for emulation, build for FPV, build for FPGA synthesis and build for silicon synthesis. The trick is to make it fail on the latter but not on the first four.
A prime example.. Chips are made of digital circuits and analog circuits. When you have an analog circuit in a chip, you can't simulate it in a logic simulator and it makes no sense in FPV but you need the BMOD to work in FPGA, emulation and simulation, so you design a synthesizable circuit to emulate the analog circuit sufficiently for the whole thing to work. This is called a BMOD (Behavioral Model). It would be really bad if someone took the BMOD and synthesized it to silicon, rather than going and getting the analog circuit from whoever makes it an plugging it in in place of the BMOD. So making the BMOD fail in synth for silicon and not in the other domains is exactly the right thing to do. It debugs the build process of the customer and let's me know who needs help.
If it was software, I wouldn't do that.
I have a habit of leaving comments in code of the basic form "Call me before you touch this code".
I have also deliberately inserted a compilation error that happens unless you set the right value in a header, along with a comment with the above "call me" message.
Then when the code is incorporated into a product, someone ends up hitting the problem, finding the comment and calling me. So I get the chance to make sure they aren't messing up the security critical code. Otherwise finding this person would be difficult and we would find the errors caused by people meddling with my code after the product is released.
Can we please stop using 'encryption' when we mean 'integrity'. They are not the same thing.
TFS is arguing that integrity has been compromised by removing encryption. BS.
The quickest way to find these people is to stop putting the data there, and replace it with a file saying "call me".
Fair enough. When I'm using C it's usually as a wrapper to hold assembly. C++ would not solve my problems.
>I'm not sure what the "agenda for global standard" stuff is about.
Global spectrum harmonization. Well actually not. This will do nothing to promote global spectrum harmonization.
Deciding what the specs are before they are internationally standardized is the most effective way of ending up out of step with the rest of the world. The US has proved very, very effective at that over the years.
That sounds like he wasn't given sufficient engineering resources at the start to engineer a clean solution. So the single non programmer was left to hack it together and couldn't possibly produce a solution engineered with the kind of validation and documentation characteristic of well engineered, robust solutions.