Correct, (nearly) all the secrets get published. But at any point in time, there is still one secret which has not been revealed: the secret which, when hashed, matches the value in the last published message. Because the attacker doesn't know this, they have to intercept the next message sent and modify it... and because that message will have an unrevealed secret, they will also have to intercept and modify the message after that (and so on).
If that last not-yet-revealed secret is lost/destroyed, then the chain cannot continue any further. In this eventuality an attacker could go back and try tampering with the audit trail as all secrets up to that point have been revealed.
Perhaps an approach might be to use GF to build a "signed" log-file, and then after say a day, take the last secret in that chain and commit it to some sort of cryptoprocessor/tamperproof hardware, or maybe N-of-M secret share it and send it to some "trusted" third parties (the last message in the log could be the "forward authentication" of the first entry of the next log file). In the event the logfile's authenticity being questioned, the "last secret" could be reassembled and the last message then validated. By making this an "offline" process, one into which the attacker has presumably not inserted themselves, any cheating will be detected. Now all secrets have indeed become known, and tampering with the past can take place. But I guess if things are at this stage, there must be a hardcopy of the logfile in question, bagged up in an evidence locker somewhere, ready to be united with the documented and witnessed process of its authentication and taken to court.:)
You're right that creating a hash chain like this can be used to establish a sequence of time, or rather a sequence of chronology -- "this happened before this, which happened before this...". They could be used as secret keys for some private-key cryptosystem (similar to PFS in IPsec), but it won't deliver the nonrepudiation required of an unalterable log.
The problem is that for an unalterable log being stored on disk, you can't just store ( x1, audit1 ), ( h(x1), audit2 ), ( h(h(h1)), audit3 ),... Nothing is protecting the data items audit1-audit3. If you can get "root" on the log server, you could change audit2 to whatever you like, and the tampering would be undetectable.
Guy Fawkes protects the hash-chain and the audit message, and that means if you want to tamper with one message then you have to intercept and modify the hash chain and future messages... forever.
It is a well known problem that an intruder can often acquire root status by using well known operating system weaknesses, and then alter the audit and log information to remove the evidence of the intrusion. In order to prevent this, some Unix systems require that operations on log and audit data other than reads and appends be carried out from the system console. Others do not, and it could be of value to arrange alternative tamper-evidence mechanisms.
A first idea might be to simply sign and timestamp the audit trail at regular intervals, but this is not sufficient as a root intruder will be able to obtain the private signing key and retrospectively forge audit records. In addition, the intervals would have to be small (of the order of a second, or even less) and the computation of RSA or DSA signatures at this frequency could impose a noticeable system overhead.
In this application, the Guy Fawkes protocol appears well suited because of the low computational overhead (two hash function computations per signature) and the fact that all secrets are transient; this second's secret codeword is no use in forging a signature of a second ago.
It's been suggested that the Lib Dem MP for somewhere in the Sheffield region would be a good start: Richard Allan MP.
I sent him an email yesterday asking him whether he would be willing to further explain the issues to my MP, and will update my site if he's willing to extend this advice to other MPs. I feel it's probably better that the issues be explained to an MP by one of his peers.
(and it's my organistion's experience is that it's a better fit with the needs, on budget and on schedule... or maybe software developed by and for the public sector wins awards and gets touted as a national standard of best practice -- like we did last week:)
We already have patents for computer-implemented inventions in the UK.
20% of patents are for the above.
Here's a few sentences on open source, even though your letter doesn't mention it. That's because we're sending you a boilerplate letter.
The UK supports the EU Directive on software patents.
We think UK innovators and users, especially small firms want software patents.
There's no evidence that software patents will harm the industry. Not even in America.
The EU Directive will only clarify the current law, not change it.
UK Government did a consultation exercise in autumn 2000, which concluded that the status quo of having software patents is the best position. I'd never heard of this consultation.
DTI is about the private sector. Nowhere in the letter does it reference my concern: the public sector.
But then again, with my huge Beowulf Cluster in the basement, I've managed to determine that the One Time Pad used to encrypt one of these messages resulted in the plain-text:
I claim my five pounds for breaking one of these messages. If anyone actually wants the One Time Pad I discovered to retrieve the message, you can mail me (or work it out for yourselves [the rest of the message was padded with blanks]).
Maz -- Giving up before even starting, suspecting it to be OTP.
Ok. I'm a phone company who's struck a big big deal with a marketing/advertising company. Or maybe I'm a tel'co', and I just bought a radio/internet/other advertising co'. I'm also evil. Here's what I'd do:
Make an ASIC chip which has both GPS and Mobile Phone/Pager functionality built into it. This makes it hard for you to remove one function from the unit selectively.
Use encryption on my digital phone link (it's a sensible precaution). In fact, I'll do all my customers a favour and use public key cryptography to make it all the more secure.
I'll go read Matt Blaze's paper entitled "Oblivious Key Escrow", or any other paper which details subliminal channels.
I'll encrypt your GPS current location with my public key (also stored in this single monolithic phone/advertising chip).
I'll leak your GPS location as part of the key-setup procedure for your phone conversations and the general "ping-pong" that phones send to their nearby stations.
I'll check that your GPS information isn't completely forged by making each station check that you are actually within its range (so blatantly stuffing junk in as your GPS information in this complicated protocol won't work). I'll deny service to anyone I can't locate reasonably.
I'll tell customers that I don't give out your information to third parties. After all, I want to keep that secret so that third parties pay me to do the targetted advertising.
I'll also tell customers that I reserve the right to display whatever messages I like on the top 30 pixels of their LCD screen on their phone.
I might even let customers use these phones for free (who could resists free phone calls all day, anywhere?) because the system is almost paying for itself with all the money made from advertising.
Better yet, I'll give the customers discounts on their phone charges based on how well they respond to adverts (that way covering up the top half of the LCD is actually less beneficial).
Should I carry on...?
Maz -- All ideas presented in this post are copyright the EvilLilBlackKittie Company. Anyone wishing to implement these ideas should contact me for licensing details. Terms and conditions apply. Ask for written details.
Cambridge teaches us "EDSAC was first coz Baby was just a device to test the memory tubes."
However, I've also heard Manchester's side of the story (having worked in the CS Dept. one summer) and nyaaaaaaaaah to Cambridge - I think Manchester has it.
Maz -- not daring to walk on the streets for the next few days...
I believe that the way manufacturers (back in the good old days, and to an extent, still today) could tell if someone had reverse engineered or copied bits of code was to "fingerprint" them. This was done by rearranging various bits of code so that (for example) where there were two bits of code that did the same thing, the order of instructions was different, or occasionally a "MOV AX,0" would be used where most people would use "XOR AX,AX", or similar. By making subtle alterations to your (machine) code, you could fingerprint it well enough that people who just blatantly copied it would (fairly easily) be spotted.
Applying this to source-code would be something harder, as high-level languages abstract a long way away. However, it is possible that there is some mileage in being able to spot your code by doing this. When you code you have a "style of writing", which, to an extent, is your own and fairly difficult to copy. Filtering out this "coding style" from a binary would be hard, yes, but could it be possible?
Some constructs might be easy to spot (you used a crazy number of "if" statements when a "case" would have been more sensible - but it depends how the compiler optimises). The structure of your functions/procedures (not everyone would choose to sub-divide problems up in the same way you do) might be another way. Your choice of bounds in for loops (do I use i=1;imay optimise your style out, so filtering out this sort of "fingerprint" from machinecode might be tricky (to say the least).
-- Maz Wondering if there's a research project embedded in that lot...
Re:You leave trails everywhere...
on
The Eroded Self
·
· Score: 3
You register a domain-name, and your billing address (for some databases at least - things are beginning to change now) go into the searchable WHOIS database.
Anything that you leave traces of your IP address will (if a static IP) be traceable to you directly through another WHOIS lookup. If dynamic then you know what country, what ISP and (depending on the ISP's policy/naming system/size) what region the person lives in.
You post anything to any of thousands of newsgroups (even FidoNet EchoMail groups, as I found when I did a search for my name and came across posts from '95 in WinNT Virus Scanner groups) and you leave a fingerprint of your style of writing.
You or your parents writes a book, and suddenly your surname appears in dozens of places, and a pretty good idea of what you (or your parents) do is available to anyone who goes looking.
You publish a paper to do with anything in the computing field, and your name will be mentioned on dozens of computing research/teaching sites around the world.
I've managed to (by simply typing my [rather rare] surname) find out my parents' occupations, that I used to run a BBS on FidoNet, that I used to be a technical admin for a chat site, countless photographs of myself (after searching for the nick I used on that chat site) from "meetups" that some of the people from the chat site would go to. I've found myself on a good deal of University websites through various societies that I am in (so you can tell what University I am in, what interests I have outside my subject, who I am associated with). You can finger our University mail server (from inside the University) to find out when I last checked for mail there (and if I used telnet, where I last logged in from). I'm probably mentioned in other people's websites (which I have no control over, but they feel the need to talk about me because I'm a "friend" or "associate"), have probably posted to a few guestbooks (under one of a number of aliases, but it would be possible to trace them down to me, if you were to try hard enough).
It's very difficult to not leave a trail of documents that are all linked in some way. And if somehow one of those documents can be traced back to you, they all can be. Eeks!
Very good question - where do you go? A good site to look at regarding crypto laws is Bert-Jaap Koops Homepage which has a crypto-law-survey of most countries. However, I wouldn't use it as the be-all-and-end-all of your decision making... Things to bear in mind:
Laws keep changing anyway
Precedents in other areas keep getting set (I thought Germany had fairly sane laws until some quibble about Demon Internet there, IIRC)
Where's a nice place to live, generally?
Cost of moving
Cost of living, taxation, others
All in all, it's not an easy choice to move. It is one that I am thinking about, but as to where I would go, I'm not sure yet. I've got at least another year at University in which time all sorts of stuff could happen - who knows - maybe the UK will sane up its laws (though I won't hold my breath!) and people will want to move here! Then there's the problem of moving again if the country you move to suddenly goes all stupid again...
Reading the 27x512's is easy as pie. Just need a 24-bit IO card (an 8255 on a board does this nicely). Maplin sell one of these cards which you can build yourself for under 30ukp. They're dead easy to interface to aswell.
In terms of writing to one, I'm currently in the process of investigating how. The biggest problem is the 50us (I think it's microseconds, not sure off-hand though) pulse to the PGM (I'm working from memory here) line. This is the "timing critical" part of programming. One way to do it would be to use a monostable, or other timing circuit to provide just one pulse. Using that in conjunction with the 24 bit IO card to set the address/data lines, programming should be easy.
Caveats: 24 IO lines are all used up for address (16 bits) and data (8 bits). You'd have to use another IO thingummy to get it to work (I'm going to try using the serial port). Then I just set the data/address lines, pulse the appropriate serial line and a 50us pulse will be sent to the chip. I can wait a millisecond (say) before programming the next byte. Ok, it'd take a minute to program a chip fully - how often are you programming chips though, given it takes 20 minutes to erase one?
-- Maz Varying the mileage you get in direct proportion to the number of MP3 related posts on freshmeat.net
It should be about 10^7 times longer than the age of the Universe so far, because me (like a dolt) thought the Universe was only 15 billion seconds old (not years old =).
So happy birthday to the Universe, 15,123,642,124 years old today.
Sure, people didn't think we could do CGI movies back then. But that's only because we thought it would take hundreds or thousands of years to make one of those movies. What I'm talking about here is quite how much bigger 10^100 (or that order) is compared to anything imaginable... THz isn't even close to the speed you'd need...
Let's imagine we have a computer chip that clocks an impressive 1,000,000,000,000,000,000,000,000 Hz (10^24, or 10^12THz), which is a LOT of noughts faster than anything around today (and given Moore's Law, it'd be a long time before we see anything like this). Now let's assume that each person on the planet (population of the Earth is, say, 1,000,000,000,000 (10^12), which is about 200 times what it is today), owns a planet which has 1,000,000,000,000,000,000,000,000 (10^24) computers, each with 1,000,000,000,000,000,000,000,000 (10^24) of those nippy chips in it as part of an SMP sort of array... And let's assume each instruction cycle evaluates 1,000,000,000,000 (10^12) nodes in the chess game graph (they're custom chips with crazy super-scalar-oojimaflipsit pipelining and parallelism, ok?)...
It's still going to take about 100,000,000,000,000 (10^14) times longer than the age of the Universe so far (and that's before you factor in all the communications overhead, the fact that these computers would take more energy than there is in this Universe, the amount of silicon or other semiconductors we used, the fact that most of the planets just collapsed into black holes, yada yada).
-- Maz Holding out some hope for running Quake 666 on that lil' cluster...
The UK is all in favour of strong cryptography (see the PDF file I linked to earlier). The government wants the UK to be very e-business friendly - only sensible way to do that is allow strong crypto.
What the UK government is against, however, is complete privacy and anonymity, which I believe is the EU's stance aswell. If you're anonymous, you have (in many respects) got most of the privacy you asked for - if you encrypt your messages, no-one can tell who sent them to whom, let alone prove you have the key(s) to decrypt them or even know what the plaintext originally was. I believe it sort of gets around the RIP bill (thoughts anyone?).
On the other hand, you are "meant" to trust the government and the police in your country to be just and fair and act in the best interests of the law. Would I be happy handing over my decryption key(s) to the police? Would I be happy letting them into my house? It's pretty much the same question, but I somehow feel that although I'd allow a search warrant, I wouldn't divulge my keys...
10^120 is big. Remember that most people believe 128-bit crypto to be "secure" (Bruce Schneier comments that a 200 square mile algae slick of IDEA cracking algae would still take 100 years to get the key)... and 128 bits is only 10^40... No Beowulf cluster is going to crack this, so stop thinking it could: distributed.net is managing a problem of order 10^20.
That said, quantum and DNA computing bring an interesting light to it. Quantum would allow all the possibilities to be evaluated at once! All of a sudden, our exponential-time problem becomes solvable in polynomial time! DNA (I believe) cannot guarantee us the correct solution (excuse the pun), because in many ways it is "probabilistic" - you can set the probabilities as low as you like though, by using enough of the "reagents", but you cannot guarantee you have the perfect answer. [flame me if I'm wrong here! =]
So yeah, it's more likely that people will be able to forge my PGP signature before they can solve chess.
I'm a student in the UK, studying Computer Science. My interests over the last few years have grown to include cryptography. However, I've been disgusted by all the new legislation that is coming into the UK which threatens cryptography (both the research and use of it).
The RIP Bill is certainly one of the most controversial bills I've noticed in my time. For those who can be bothered reading them:
What is scary to notice is this particular set of bills, all called to the Houses of Commons (and Lords) by Mr Jack Straw (the man who seems to be getting the blame for the RIP bill):
Regulation of Investigatory Powers [RIP]
Terrorism Bill [T]
Freedom of Information Act [FoI]
Electronic Communications Bill [EC]
Copyright and Trademarks Bill [CaT]
The [T] bill grants full powers to the police, without warrant, without "Innocent Until Proven Guilty" if they suspect you of terrorism. Terrorism now can include environmental and anti-capitalist demonstrations.
The [CaT] bill makes owning software which removes copy-protection illegal (I have no idea what this would mean to anyone with a copy of the source for DeCSS, which could be seen as a form of copy-protection).
[RIP] bill has enough people ranting about it to be ridiculous. Some people think that the government can't afford to enforce this bill (estimates of tens of millions for a year), and that the bill won't be passed. That said, the bill is already at the stage where it needs a lawyer to write a formal document to get changes made to it. I guess we'll know the truth around 4th October (unless the date has changed) which is when the bill is to come into action.
Given that list of bills that are being changed, and the changes that have come to light, it seems as though the UK government is heading towards a semi-police-state sort of arrangement? Check out this site for their latest ideas on censorship:
What I think has to be borne in mind is that most countries (all of them that I've come across) do not give you "Privacy" as a right. All legal systems seem to rely on the fact that the citizens will be open about certain things - namely they will give the police access to their homes when presented with a warrant. In many ways, the RIP bill is fair in asking for you to hand over your keys. However, what are not fair, or well thought through, are the consequences for not doing so.
Stand's website already mentions one major problem with the "Give us your keys or go to jail" mentality - any hard-core terrorist group would rather go to jail for 2 years for obstruction of justice than face life imprisonment because their encrypted mails had their keys given out. This applies to paedophilia (another of the crimes that the government is trying to tighten up on), where the Department of Trade and Industry provided a "brochure" on cryptography/legislation in the UK:
To me, that brochure summarises the way the government believes it can (and actually manages to) control its people - for the most part, the general population in this country is willing to believe that paedophilia == bad, paedophiles use crypto, terrorists use crypto, ergo: crypto == bad and we must do everything in our power to make sure that the Finally, I see two or three ways around these problems (which seem to be caused by men-in-suits who have no idea about what they are legislating):
Ignore it - it doesn't bother me, I'll just bury my head in the sand and wonder why I'm in jail for two years when I lose a key.
Emigrate - question is, where to? How many other countries have laws which could be construed as "backwards" in other respects? Canada seems to have sane crypto laws, but is going crazy about MP3 and copyright legislations. America seems to be following suit. Germany allows ISP's to be sued for content that isn't there own (old slashdot story - don't quote me on it!). France used to deny existance of RSA...
Fight fire with fire - this is the solution that I believe I shall adopt. As part of my final year in University, I have to do a project. As my project I've chosen to do something a bit like the Eternity service, but with a twist: anonymity. For the first time, freedom of speech can only be stopped by a government if they cut off the internet. And if they do that, businesses will leave straight away. Granted, it doesn't get around [RIP], unless you only use session keys and destroy them after the session, but it does finally give us something that few governments are willing to: freedom of speech and privacy (in the sense that no matter who snoops our connections, they still can't prove we sent a message, let alone prove we have the key).
Clue up - this is for anyone who has an interest in law. Clue the government up, and the best way to do that is to become the government. This is meant to be a democracy, after all, so should your views be supported, you will be able to get into power and make our voices heard. If the tide of opinion is against you (as it may well be, especially in the UK), then the only thing you can do is to accept that this is how democracy works, and maybe this is the wrong type of government system for you.
Slashdot Mirror
apt-get install libopenssl :-P
Yesterday I had mod-points... damn!
Top artists
Lala's most listened to Metal artists
1. Elton John
Refund, plz!
A thousand big-oil execs anticipating the possibilities just shuddered and moaned in climax.
Correct, (nearly) all the secrets get published. But at any point in time, there is still one secret which has not been revealed: the secret which, when hashed, matches the value in the last published message. Because the attacker doesn't know this, they have to intercept the next message sent and modify it ... and because that message will have an unrevealed secret, they will also have to intercept and modify the message after that (and so on).
:)
If that last not-yet-revealed secret is lost/destroyed, then the chain cannot continue any further. In this eventuality an attacker could go back and try tampering with the audit trail as all secrets up to that point have been revealed.
Perhaps an approach might be to use GF to build a "signed" log-file, and then after say a day, take the last secret in that chain and commit it to some sort of cryptoprocessor/tamperproof hardware, or maybe N-of-M secret share it and send it to some "trusted" third parties (the last message in the log could be the "forward authentication" of the first entry of the next log file). In the event the logfile's authenticity being questioned, the "last secret" could be reassembled and the last message then validated. By making this an "offline" process, one into which the attacker has presumably not inserted themselves, any cheating will be detected. Now all secrets have indeed become known, and tampering with the past can take place. But I guess if things are at this stage, there must be a hardcopy of the logfile in question, bagged up in an evidence locker somewhere, ready to be united with the documented and witnessed process of its authentication and taken to court.
You're right that creating a hash chain like this can be used to establish a sequence of time, or rather a sequence of chronology -- "this happened before this, which happened before this...". They could be used as secret keys for some private-key cryptosystem (similar to PFS in IPsec), but it won't deliver the nonrepudiation required of an unalterable log.
... Nothing is protecting the data items audit1-audit3. If you can get "root" on the log server, you could change audit2 to whatever you like, and the tampering would be undetectable.
The problem is that for an unalterable log being stored on disk, you can't just store ( x1, audit1 ), ( h(x1), audit2 ), ( h(h(h1)), audit3 ),
Guy Fawkes protects the hash-chain and the audit message, and that means if you want to tamper with one message then you have to intercept and modify the hash chain and future messages... forever.
Some of the work I do may require something like this, so I'm considering implementing Guy Fawkes over syslog.
http://www.cl.cam.ac.uk/~rja14/Papers/fawkes.pdf
From the paper:
6.2 Tamper-evident audit trails
It is a well known problem that an intruder can often acquire root status by using well known operating system weaknesses, and then alter the audit and log information to remove the evidence of the intrusion. In order to prevent this, some Unix systems require that operations on log and audit data other than reads and appends be carried out from the system console. Others do not, and it could be of value to arrange alternative tamper-evidence mechanisms.
A first idea might be to simply sign and timestamp the audit trail at regular intervals, but this is not sufficient as a root intruder will be able to obtain the private signing key and retrospectively forge audit records. In addition, the intervals would have to be small (of the order of a second, or even less) and the computation of RSA or DSA signatures at this frequency could impose a noticeable system overhead.
In this application, the Guy Fawkes protocol appears well suited because of the low computational overhead (two hash function computations per signature) and the fact that all secrets are transient; this second's secret codeword is no use in forging a signature of a second ago.
Yep, we're about to move from a pretty reliable Novell/Linux network to an all-M$ one.
I won't bore you with why: it's the usual commodity of software/commodity of staff with skills/standardisation/etc.
It's been suggested that the Lib Dem MP for somewhere in the Sheffield region would be a good start: Richard Allan MP.
I sent him an email yesterday asking him whether he would be willing to further explain the issues to my MP, and will update my site if he's willing to extend this advice to other MPs. I feel it's probably better that the issues be explained to an MP by one of his peers.
(Richard Allan runs Debian on his laptop)
As expected: no public sector involvement.
:)
We do make software in the public sector!
(and it's my organistion's experience is that it's a better fit with the needs, on budget and on schedule... or maybe software developed by and for the public sector wins awards and gets touted as a national standard of best practice -- like we did last week
We already have patents for computer-implemented inventions in the UK. 20% of patents are for the above. Here's a few sentences on open source, even though your letter doesn't mention it. That's because we're sending you a boilerplate letter. The UK supports the EU Directive on software patents. We think UK innovators and users, especially small firms want software patents. There's no evidence that software patents will harm the industry. Not even in America. The EU Directive will only clarify the current law, not change it. UK Government did a consultation exercise in autumn 2000, which concluded that the status quo of having software patents is the best position. I'd never heard of this consultation. DTI is about the private sector. Nowhere in the letter does it reference my concern: the public sector.
Maz
-- Giving up before even starting, suspecting it to be OTP.
- Make an ASIC chip which has both GPS and Mobile Phone/Pager functionality built into it. This makes it hard for you to remove one function from the unit selectively.
- Use encryption on my digital phone link (it's a sensible precaution). In fact, I'll do all my customers a favour and use public key cryptography to make it all the more secure.
- I'll go read Matt Blaze's paper entitled "Oblivious Key Escrow", or any other paper which details subliminal channels.
- I'll encrypt your GPS current location with my public key (also stored in this single monolithic phone/advertising chip).
- I'll leak your GPS location as part of the key-setup procedure for your phone conversations and the general "ping-pong" that phones send to their nearby stations.
- I'll check that your GPS information isn't completely forged by making each station check that you are actually within its range (so blatantly stuffing junk in as your GPS information in this complicated protocol won't work). I'll deny service to anyone I can't locate reasonably.
- I'll tell customers that I don't give out your information to third parties. After all, I want to keep that secret so that third parties pay me to do the targetted advertising.
- I'll also tell customers that I reserve the right to display whatever messages I like on the top 30 pixels of their LCD screen on their phone.
- I might even let customers use these phones for free (who could resists free phone calls all day, anywhere?) because the system is almost paying for itself with all the money made from advertising.
- Better yet, I'll give the customers discounts on their phone charges based on how well they respond to adverts (that way covering up the top half of the LCD is actually less beneficial).
Should I carry on...?Maz
-- All ideas presented in this post are copyright the EvilLilBlackKittie Company. Anyone wishing to implement these ideas should contact me for licensing details. Terms and conditions apply. Ask for written details.
Cambridge teaches us "EDSAC was first coz Baby was just a device to test the memory tubes."
However, I've also heard Manchester's side of the story (having worked in the CS Dept. one summer) and nyaaaaaaaaah to Cambridge - I think Manchester has it.
Maz
-- not daring to walk on the streets for the next few days...
Applying this to source-code would be something harder, as high-level languages abstract a long way away. However, it is possible that there is some mileage in being able to spot your code by doing this. When you code you have a "style of writing", which, to an extent, is your own and fairly difficult to copy. Filtering out this "coding style" from a binary would be hard, yes, but could it be possible?
Some constructs might be easy to spot (you used a crazy number of "if" statements when a "case" would have been more sensible - but it depends how the compiler optimises). The structure of your functions/procedures (not everyone would choose to sub-divide problems up in the same way you do) might be another way. Your choice of bounds in for loops (do I use i=1;imay optimise your style out, so filtering out this sort of "fingerprint" from machinecode might be tricky (to say the least).
-- Maz
Wondering if there's a research project embedded in that lot...
Anything that you leave traces of your IP address will (if a static IP) be traceable to you directly through another WHOIS lookup. If dynamic then you know what country, what ISP and (depending on the ISP's policy/naming system/size) what region the person lives in.
You post anything to any of thousands of newsgroups (even FidoNet EchoMail groups, as I found when I did a search for my name and came across posts from '95 in WinNT Virus Scanner groups) and you leave a fingerprint of your style of writing.
You or your parents writes a book, and suddenly your surname appears in dozens of places, and a pretty good idea of what you (or your parents) do is available to anyone who goes looking.
You publish a paper to do with anything in the computing field, and your name will be mentioned on dozens of computing research/teaching sites around the world.
I've managed to (by simply typing my [rather rare] surname) find out my parents' occupations, that I used to run a BBS on FidoNet, that I used to be a technical admin for a chat site, countless photographs of myself (after searching for the nick I used on that chat site) from "meetups" that some of the people from the chat site would go to. I've found myself on a good deal of University websites through various societies that I am in (so you can tell what University I am in, what interests I have outside my subject, who I am associated with). You can finger our University mail server (from inside the University) to find out when I last checked for mail there (and if I used telnet, where I last logged in from). I'm probably mentioned in other people's websites (which I have no control over, but they feel the need to talk about me because I'm a "friend" or "associate"), have probably posted to a few guestbooks (under one of a number of aliases, but it would be possible to trace them down to me, if you were to try hard enough).
It's very difficult to not leave a trail of documents that are all linked in some way. And if somehow one of those documents can be traced back to you, they all can be. Eeks!
-- Maz
Scared...
- Laws keep changing anyway
- Precedents in other areas keep getting set (I thought Germany had fairly sane laws until some quibble about Demon Internet there, IIRC)
- Where's a nice place to live, generally?
- Cost of moving
- Cost of living, taxation, others
All in all, it's not an easy choice to move. It is one that I am thinking about, but as to where I would go, I'm not sure yet. I've got at least another year at University in which time all sorts of stuff could happen - who knows - maybe the UK will sane up its laws (though I won't hold my breath!) and people will want to move here! Then there's the problem of moving again if the country you move to suddenly goes all stupid again...-- Maz
Living a nomadic lifestyle with a laptop
In terms of writing to one, I'm currently in the process of investigating how. The biggest problem is the 50us (I think it's microseconds, not sure off-hand though) pulse to the PGM (I'm working from memory here) line. This is the "timing critical" part of programming. One way to do it would be to use a monostable, or other timing circuit to provide just one pulse. Using that in conjunction with the 24 bit IO card to set the address/data lines, programming should be easy.
Caveats:
24 IO lines are all used up for address (16 bits) and data (8 bits). You'd have to use another IO thingummy to get it to work (I'm going to try using the serial port). Then I just set the data/address lines, pulse the appropriate serial line and a 50us pulse will be sent to the chip. I can wait a millisecond (say) before programming the next byte. Ok, it'd take a minute to program a chip fully - how often are you programming chips though, given it takes 20 minutes to erase one?
-- Maz
Varying the mileage you get in direct proportion to the number of MP3 related posts on freshmeat.net
It should be about 10^7 times longer than the age of the Universe so far, because me (like a dolt) thought the Universe was only 15 billion seconds old (not years old =).
So happy birthday to the Universe, 15,123,642,124 years old today.
-- Maz
Revising maths...
Let's imagine we have a computer chip that clocks an impressive 1,000,000,000,000,000,000,000,000 Hz (10^24, or 10^12THz), which is a LOT of noughts faster than anything around today (and given Moore's Law, it'd be a long time before we see anything like this). Now let's assume that each person on the planet (population of the Earth is, say, 1,000,000,000,000 (10^12), which is about 200 times what it is today), owns a planet which has 1,000,000,000,000,000,000,000,000 (10^24) computers, each with 1,000,000,000,000,000,000,000,000 (10^24) of those nippy chips in it as part of an SMP sort of array... And let's assume each instruction cycle evaluates 1,000,000,000,000 (10^12) nodes in the chess game graph (they're custom chips with crazy super-scalar-oojimaflipsit pipelining and parallelism, ok?)...
It's still going to take about 100,000,000,000,000 (10^14) times longer than the age of the Universe so far (and that's before you factor in all the communications overhead, the fact that these computers would take more energy than there is in this Universe, the amount of silicon or other semiconductors we used, the fact that most of the planets just collapsed into black holes, yada yada).
-- Maz
Holding out some hope for running Quake 666 on that lil' cluster...
What the UK government is against, however, is complete privacy and anonymity, which I believe is the EU's stance aswell. If you're anonymous, you have (in many respects) got most of the privacy you asked for - if you encrypt your messages, no-one can tell who sent them to whom, let alone prove you have the key(s) to decrypt them or even know what the plaintext originally was. I believe it sort of gets around the RIP bill (thoughts anyone?).
On the other hand, you are "meant" to trust the government and the police in your country to be just and fair and act in the best interests of the law. Would I be happy handing over my decryption key(s) to the police? Would I be happy letting them into my house? It's pretty much the same question, but I somehow feel that although I'd allow a search warrant, I wouldn't divulge my keys...
-- Maz
"The Art of Computer Programming"
-- D. Knuth
Whatever happened to this approach?!
-- Maz
That said, quantum and DNA computing bring an interesting light to it. Quantum would allow all the possibilities to be evaluated at once! All of a sudden, our exponential-time problem becomes solvable in polynomial time! DNA (I believe) cannot guarantee us the correct solution (excuse the pun), because in many ways it is "probabilistic" - you can set the probabilities as low as you like though, by using enough of the "reagents", but you cannot guarantee you have the perfect answer. [flame me if I'm wrong here! =]
So yeah, it's more likely that people will be able to forge my PGP signature before they can solve chess.
-- Maz
The RIP Bill is certainly one of the most controversial bills I've noticed in my time. For those who can be bothered reading them:
Stand.org.uk
Bills before Parliament currently
What is scary to notice is this particular set of bills, all called to the Houses of Commons (and Lords) by Mr Jack Straw (the man who seems to be getting the blame for the RIP bill):
The [T] bill grants full powers to the police, without warrant, without "Innocent Until Proven Guilty" if they suspect you of terrorism. Terrorism now can include environmental and anti-capitalist demonstrations.
The [CaT] bill makes owning software which removes copy-protection illegal (I have no idea what this would mean to anyone with a copy of the source for DeCSS, which could be seen as a form of copy-protection).
[RIP] bill has enough people ranting about it to be ridiculous. Some people think that the government can't afford to enforce this bill (estimates of tens of millions for a year), and that the bill won't be passed. That said, the bill is already at the stage where it needs a lawyer to write a formal document to get changes made to it. I guess we'll know the truth around 4th October (unless the date has changed) which is when the bill is to come into action.
Given that list of bills that are being changed, and the changes that have come to light, it seems as though the UK government is heading towards a semi-police-state sort of arrangement? Check out this site for their latest ideas on censorship:
School Internet Access
What I think has to be borne in mind is that most countries (all of them that I've come across) do not give you "Privacy" as a right. All legal systems seem to rely on the fact that the citizens will be open about certain things - namely they will give the police access to their homes when presented with a warrant. In many ways, the RIP bill is fair in asking for you to hand over your keys. However, what are not fair, or well thought through, are the consequences for not doing so.
Stand's website already mentions one major problem with the "Give us your keys or go to jail" mentality - any hard-core terrorist group would rather go to jail for 2 years for obstruction of justice than face life imprisonment because their encrypted mails had their keys given out. This applies to paedophilia (another of the crimes that the government is trying to tighten up on), where the Department of Trade and Industry provided a "brochure" on cryptography/legislation in the UK:
Encryption and Law Enforcement
To me, that brochure summarises the way the government believes it can (and actually manages to) control its people - for the most part, the general population in this country is willing to believe that paedophilia == bad, paedophiles use crypto, terrorists use crypto, ergo: crypto == bad and we must do everything in our power to make sure that the Finally, I see two or three ways around these problems (which seem to be caused by men-in-suits who have no idea about what they are legislating):
Well, that's my four-quid's worth.
-- Maz