You know what's even worse? I have a brother multi-function laser. It insists on powering up the printer section and forcing you to wait just to scan something. Just a stupid waste of power...
Fortunately we stopped with MFDs a few years ago after concluding such a massive single point of frequent failure wasn't in our best interests.
I presumed the extra lead came from all the bullets entering everyone's bodies because they lived in a redneck town
Rednecks? Flint is mostly black and they're the 10th most liberal city in the US.
I was neither providing correct insights nor expecting positive mod points. It looks like I'm already down one. I've never been their either. I hope they fix their water before I do.
I presumed the extra lead came from all the bullets entering everyone's bodies because they lived in a redneck town where guns are common and the gun owners are cognitively challenged when it comes to understanding the consequences of widespread gun ownership.
Oh, okay one more: I can't tell it not to shut itself off
Ditto an expensive office Brother laser printer we have in our store. I can set the timeout to max, and it stays on, but if there's a 2-3 day break (E.G. Christmas, Thanksgiving) when it's not used, it will just turn off and have to be manually prodded to start up again. This really annoys the POS that's expecting a printer to be there.
In most cases, nobody needs to know the identity anyway. It would be far more important to know that it is the same website I looked at before
That's called "key continuity management" (KCM) or "trust on first use" (TOFU). SSH uses it but recommends that you verify the key fingerprint out of band. It could be used with HTTPS or email as well, but without a way to verify the fingerprint out of band, it's vulnerable if your connection is compromised by a man in the middle from day one. Bug 460374 relates the story of how such an MITM in the wild was discovered.
The benefit comes when everyone does it all the time. All traffic is encrypted and integrity checked thusly. Yes it is vulnerable to MITM on initial use, but it raises the bar for intelligence agencies because they now have to MITM everything, all the time to have a hope of pulling off a targeted attack later. Their bulk data browsing becomes fairly pointless. Instead they have to perform bulk MITMing.
Part of the dynamic here is that the PKI is so fragile that TOFU simply works better. It fails less often than TLS, which fails completely when a single CA misbehaves. TOFU isn't by any means perfect, but it's better than TLS and X.509 PKIs. It would be nice to have a PKI that works, but we don't.
The middle ground I would like to get to is 1) Everything establishes session keys on first use and key continuity, all the time. If there's identity authentication as well, then great, but don't make it requirement that gets in the way of running a link cipher.
2) Identity authentication can happen before, at the time of or after first use.
This way hardware and software can be built that encrypts by default without user involvement or understanding. Identity verification can be post-hoc applied if necessary and applied beforehand when it matters or people care enough.
The technical details are endlessly fascinating and hard work.
...is probably cranking in the neighborhood of 250 peak horsepower.
How often? American buys over-specced model because all the ads tell him he's not a real man unless he does. Movie at eleven.
I got my 350z because I like convertibles with high power/weight ratios. It can't have been the ads, because I don't remember watching car ads since cutting the cord a few years ago.
Cows eat grass if they are raised properly. They are carbon neutral. I don't know why people don't eat lamb much in the USA. It's a far far superior meat.
Yep, we really need to rewrite our entire infrastructure in your favorite language platform flavor of the month.
Just to be secure. Think of the children.
Improved languages might help a little, but the deep cleaning required is that we get rid of X.509 and TLS and replace it with an auth model that works and crypto protocols that are simple enough that they can be understood and implemented well.
>can we really consider the entire system to be secure?
It goes far deeper than the coding. It is insecure on many levels. I have deployed real world CAs. I know people embroiled in the day to day problems. While I'm not going to go into details, suffice to say the whole edifice is fragile and subject to many single points of failure and in general, the majority of single points of failure are humans.
The twisting isn't relevant to the coupling. The wires could just be side by side. The twisting in a twisted pair achieves two things.. 1. It's a cheap way to hold the wires together without glue and 2. it allows the wire to bend without differential stress on the wires.
You might want to read the article (or even the summary). Google is saying that their results suggest that these computers are NOT just doing simulated annealing, but rather true quantum annealing.
I can do real annealing with complexity class O(1), with a metal rod, a blow torch, a hammer and a bucket of water.
The problem is that some people think total nonsense is really deep. They are easily duped when they hear Brits with hereditary titles interspersing Latin with statistics. I wonder if they would be able to square the fact that the data does not support the notion that warming has slowed over the last 18 years, 9 months? - https://tamino.wordpress.com/2...
You twist words. "does not support" --> "Neither supports nor refutes". "Warming has slowed" Relative to what?
Instead of simply looking down on and being mean to those people, wouldn't it be better to give them a "test for WiFi allergy", wherein wifi is randomly enabled or shut off and they have to indicate how they're feeling? When it's done you show them that they did no better than random and thus aren't allergic. Then they feel they're not being treated as an idiot, yet also feel that they've been tested for it and shown not to have it - even if they choose to believe that such an allergy can exist. Even if this only gets a fraction of these people to stop complaining, it's a win, right?
It's been done in controlled experiments. There was no sensitivity to WiFi in evidence.
>Then there's a small group of very vocal atheists who might be better described as "anti-theist" -
I'm anti-theist, but I'm not very vocal about it. There's not much to gain by being annoying to misguided theists by challenging their core beliefs that they don't want challenged.
Theism is a problem. It's dangerous. It leads people to do stupid things. It promotes gullibility. It's also not my problem.
First, most atheists I know are quite undogmatic. They just don't have a religion, and they don't miss it. They've grown up without every being challenged about their (non-)religiousness.
Here let's test that;
RSS data has shown that there has been no statistically significant Global Warming for 18 years, 9 months.
now watch the dogma fly!
I'm an atheist and yes, all the temperature data we have gathered in recent decades has not produced a statistically significant result predicting global warming on longer time scale. This is simple statistics. Understand statistics and you will understand the difference between contrary data and insufficient data.
Sorry. I wasn't up to writing a book. But here's a summary of the top of my head..
There are simple statistics. Chi-Square, Mean, Serial Correlation etc. These are good to understand the effects of a physical system on reducing output data quality. E.G. feedback in an electrical entropy source circuit generally introduces serial correlation. P-N Transistor mismatch generally introduces bias. You want to know how much.
The are distinguishability tests (think NIST SP800-22 or dieharder). They test if data is statistically distinguishable from random. They give a yes/no answer with a P value for confidence which gets better with the amount of data. These are tests of algorithms. Not much use for testing the entropic quality of some system.
There are IID entropy metric tests. They give a quality result (usually in percent, or bits per bit of entropy). SP800-90B describes some of these tests. These tests are useless because there are no IID processes in this universe that are accessible to a computer.
There are non-IID min-entropy metrics. SP800-90 describes some of these. The Markov-Renye min-entropy test is the only useful one. It describes a lower bound for the min-entropy of the unprocessed output of an entropy source, assuming you aren't cheating by say running it though a DRBG. SP800-90B is still in draft, there will be a new class of tests in the next revision called predictor tests. I developed such a test years ago for our RNG called the j-tracker based on an optimal attack model. The new tests follow on from this basic idea. I'm sure everyone is waiting with baited breath to see how NIST formulate their predictor tests. These min-entropy tests are essential to tell you if you are meeting the input requirements of your entropy extractor algorithm.
In general, you don't test for randomness, you test to understand the entropic quality of your entropy source output data and show it meets the input requirements of the extractor. Rolling dice is analogous to a biased entropy source. It's likely to have a undetectable level of SCC and clealry has detectable bias. It's an easy source to extract cryptographically strong random numbers from. In fact I know of situations where root keys are created using dice in a closed room. It's a practical solution to keep raw keys off computers where they can be compromised.
I see. So alcohol is related to the issue of whether or not 3 colors in quantum chromodynamics is enough to be considered "infinite"? Or are you trying to say that alcohol is normal. If the latter, I'm willing to believe it, because a D1 (as I understand the "n" in Dn) is a one sided die, which is sort of like flipping a mobius strip as a one-sided coin, and if I try to visualize that I'm gonna need a drink to soften the headache. But the resulting distribution isn't very bi. Or normal.
Of course. Just find a shop selling monopoles and they probably also sell D1s.
My thought was to put in dice of different colors, so the computer could quickly keep track of which was which by color. Although the most I've done this evening is play a game of Mitosis and eat an egg, so I can hardly complain.
Slashdot Mirror
You know what's even worse? I have a brother multi-function laser. It insists on powering up the printer section and forcing you to wait just to scan something. Just a stupid waste of power...
Fortunately we stopped with MFDs a few years ago after concluding such a massive single point of frequent failure wasn't in our best interests.
I'd really rather not, thank you.
The bronies will be furious.
I presumed the extra lead came from all the bullets entering everyone's bodies because they lived in a redneck town
Rednecks? Flint is mostly black and they're the 10th most liberal city in the US.
I was neither providing correct insights nor expecting positive mod points. It looks like I'm already down one.
I've never been their either. I hope they fix their water before I do.
Wow, you're smart!
No, just a little friendly trolling.
I presumed the extra lead came from all the bullets entering everyone's bodies because they lived in a redneck town where guns are common and the gun owners are cognitively challenged when it comes to understanding the consequences of widespread gun ownership.
So trace the calls and arrest all the violent, clueless bastards who were calling in threats.
Oh, okay one more: I can't tell it not to shut itself off
Ditto an expensive office Brother laser printer we have in our store. I can set the timeout to max, and it stays on, but if there's a 2-3 day break (E.G. Christmas, Thanksgiving) when it's not used, it will just turn off and have to be manually prodded to start up again. This really annoys the POS that's expecting a printer to be there.
WTFFF?
Superior to what? Rat meat?
Superior to Beef, Buffalo, Chicken, Pork, Veal, Venison and Moose.
It's not superior to snails though.
I haven't tried rat meat. I doesn't sound appetizing.
In most cases, nobody needs to know the identity anyway. It would be far more important to know that it is the same website I looked at before
That's called "key continuity management" (KCM) or "trust on first use" (TOFU). SSH uses it but recommends that you verify the key fingerprint out of band. It could be used with HTTPS or email as well, but without a way to verify the fingerprint out of band, it's vulnerable if your connection is compromised by a man in the middle from day one. Bug 460374 relates the story of how such an MITM in the wild was discovered.
The benefit comes when everyone does it all the time. All traffic is encrypted and integrity checked thusly. Yes it is vulnerable to MITM on initial use, but it raises the bar for intelligence agencies because they now have to MITM everything, all the time to have a hope of pulling off a targeted attack later. Their bulk data browsing becomes fairly pointless. Instead they have to perform bulk MITMing.
Part of the dynamic here is that the PKI is so fragile that TOFU simply works better. It fails less often than TLS, which fails completely when a single CA misbehaves. TOFU isn't by any means perfect, but it's better than TLS and X.509 PKIs. It would be nice to have a PKI that works, but we don't.
The middle ground I would like to get to is
1) Everything establishes session keys on first use and key continuity, all the time. If there's identity authentication as well, then great, but don't make it requirement that gets in the way of running a link cipher.
2) Identity authentication can happen before, at the time of or after first use.
This way hardware and software can be built that encrypts by default without user involvement or understanding. Identity verification can be post-hoc applied if necessary and applied beforehand when it matters or people care enough.
The technical details are endlessly fascinating and hard work.
...is probably cranking in the neighborhood of 250 peak horsepower.
How often?
American buys over-specced model because all the ads tell him he's not a real man unless he does. Movie at eleven.
I got my 350z because I like convertibles with high power/weight ratios. It can't have been the ads, because I don't remember watching car ads since cutting the cord a few years ago.
Cows eat grass if they are raised properly. They are carbon neutral.
I don't know why people don't eat lamb much in the USA. It's a far far superior meat.
The summary tried as hard as possible to imply that this was some acrimonious thing, but it is not.
Symantec asked Google to distrust a specific CA root, end of story. Nobody affected in any way, except maybe people who do not install updates.
Having spoken with some of the people involved, it certainly was an acrimonious thing.
You would be pissed too if a big CA was signing forged certs of your web site's identity to someone else.
Yep, we really need to rewrite our entire infrastructure in your favorite language platform flavor of the month.
Just to be secure. Think of the children.
Improved languages might help a little, but the deep cleaning required is that we get rid of X.509 and TLS and replace it with an auth model that works and crypto protocols that are simple enough that they can be understood and implemented well.
>can we really consider the entire system to be secure?
It goes far deeper than the coding. It is insecure on many levels. I have deployed real world CAs. I know people embroiled in the day to day problems. While I'm not going to go into details, suffice to say the whole edifice is fragile and subject to many single points of failure and in general, the majority of single points of failure are humans.
The twisting isn't relevant to the coupling. The wires could just be side by side. The twisting in a twisted pair achieves two things.. 1. It's a cheap way to hold the wires together without glue and 2. it allows the wire to bend without differential stress on the wires.
You might want to read the article (or even the summary). Google is saying that their results suggest that these computers are NOT just doing simulated annealing, but rather true quantum annealing.
I can do real annealing with complexity class O(1), with a metal rod, a blow torch, a hammer and a bucket of water.
"Long guns."
How weirdly vague.
Not pistols. It's pretty clear.
The problem is that some people think total nonsense is really deep. They are easily duped when they hear Brits with hereditary titles interspersing Latin with statistics. I wonder if they would be able to square the fact that the data does not support the notion that warming has slowed over the last 18 years, 9 months? - https://tamino.wordpress.com/2...
You twist words. "does not support" --> "Neither supports nor refutes".
"Warming has slowed" Relative to what?
Instead of simply looking down on and being mean to those people, wouldn't it be better to give them a "test for WiFi allergy", wherein wifi is randomly enabled or shut off and they have to indicate how they're feeling? When it's done you show them that they did no better than random and thus aren't allergic. Then they feel they're not being treated as an idiot, yet also feel that they've been tested for it and shown not to have it - even if they choose to believe that such an allergy can exist. Even if this only gets a fraction of these people to stop complaining, it's a win, right?
It's been done in controlled experiments. There was no sensitivity to WiFi in evidence.
>Then there's a small group of very vocal atheists who might be better described as "anti-theist" -
I'm anti-theist, but I'm not very vocal about it. There's not much to gain by being annoying to misguided theists by challenging their core beliefs that they don't want challenged.
Theism is a problem. It's dangerous. It leads people to do stupid things. It promotes gullibility. It's also not my problem.
First, most atheists I know are quite undogmatic. They just don't have a religion, and they don't miss it. They've grown up without every being challenged about their (non-)religiousness.
Here let's test that;
now watch the dogma fly!
I'm an atheist and yes, all the temperature data we have gathered in recent decades has not produced a statistically significant result predicting global warming on longer time scale. This is simple statistics. Understand statistics and you will understand the difference between contrary data and insufficient data.
Fallacious reasoning there.
Just because it was generated randomly doesn't mean that it isn't in fact profound (and in fact may be).
For example 1 = 1/2 + 1/4 + 1/8 ... and can replace it.
That whole quiets an infinite sum.
s/quiets/equals/
There, fixed that for you.
Sorry. I wasn't up to writing a book. But here's a summary of the top of my head..
There are simple statistics. Chi-Square, Mean, Serial Correlation etc. These are good to understand the effects of a physical system on reducing output data quality. E.G. feedback in an electrical entropy source circuit generally introduces serial correlation. P-N Transistor mismatch generally introduces bias. You want to know how much.
The are distinguishability tests (think NIST SP800-22 or dieharder). They test if data is statistically distinguishable from random. They give a yes/no answer with a P value for confidence which gets better with the amount of data. These are tests of algorithms. Not much use for testing the entropic quality of some system.
There are IID entropy metric tests. They give a quality result (usually in percent, or bits per bit of entropy). SP800-90B describes some of these tests. These tests are useless because there are no IID processes in this universe that are accessible to a computer.
There are non-IID min-entropy metrics. SP800-90 describes some of these. The Markov-Renye min-entropy test is the only useful one. It describes a lower bound for the min-entropy of the unprocessed output of an entropy source, assuming you aren't cheating by say running it though a DRBG. SP800-90B is still in draft, there will be a new class of tests in the next revision called predictor tests. I developed such a test years ago for our RNG called the j-tracker based on an optimal attack model. The new tests follow on from this basic idea. I'm sure everyone is waiting with baited breath to see how NIST formulate their predictor tests. These min-entropy tests are essential to tell you if you are meeting the input requirements of your entropy extractor algorithm.
In general, you don't test for randomness, you test to understand the entropic quality of your entropy source output data and show it meets the input requirements of the extractor. Rolling dice is analogous to a biased entropy source. It's likely to have a undetectable level of SCC and clealry has detectable bias. It's an easy source to extract cryptographically strong random numbers from. In fact I know of situations where root keys are created using dice in a closed room. It's a practical solution to keep raw keys off computers where they can be compromised.
I see. So alcohol is related to the issue of whether or not 3 colors in quantum chromodynamics is enough to be considered "infinite"? Or are you trying to say that alcohol is normal. If the latter, I'm willing to believe it, because a D1 (as I understand the "n" in Dn) is a one sided die, which is sort of like flipping a mobius strip as a one-sided coin, and if I try to visualize that I'm gonna need a drink to soften the headache. But the resulting distribution isn't very bi. Or normal.
Of course. Just find a shop selling monopoles and they probably also sell D1s.
Makes sense.
My thought was to put in dice of different colors, so the computer could quickly keep track of which was which by color. Although the most I've done this evening is play a game of Mitosis and eat an egg, so I can hardly complain.