Slashdot Mirror


User: swillden

swillden's activity in the archive.

Stories
0
Comments
18,006
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 18,006

  1. Re: Time to go back on Cryptographers Brace For Quantum Revolution · · Score: 1

    You should read the second sentence of the paragraph you quoted :)

  2. Re:Clarification on Cryptographers Brace For Quantum Revolution · · Score: 1

    Things like Elliptic curve Diffie Helman are secure.

    No they're not. Assuming arbitrarily-large quantum computers, nothing based on the discrete logarithm problem or its elliptic curve variant is secure. Shor's algorithm has been modified to attack DLP.

  3. Re:Time to go back on Cryptographers Brace For Quantum Revolution · · Score: 3, Interesting

    Isn't single pad encryption still safe, though less convenient?

    One-Time Pads, implemented and used correctly, are provably secure. That can never change, not even given infinitely-fast computers (which Quantum Computers aren't), because the proof demonstrates that the ciphertext gives you NO information about the plaintext. No amount of computation can extract information from an empty set.

    However, one-time pads are also pointless. Oh, there are some very isolated contexts in which they can be usefully applied, but they're useless for nearly everything we use cryptography for today. The one-time pad scheme requires securely distributing the pad, which must be as large as the message to be sent. If you have some channel you can use to distribute the pad securely, why not just use that channel to send the message?

    Symmetric cryptography (e.g. AES) improves on the one-time pad by reducing the size of the key material from as large as the message (possibly many gigabytes) to something very small. Say, 16 bytes. So you give up provable perfect secrecy in exchange for only needing a way to securely distribute 16 bytes.

    Asymmetric cryptography (e.g. RSA) improves on symmetric cryptography by eliminating the need for every pair of potential communications endpoints to securely exchange symmetric keys. Instead, every potential recipient can publish a its "public" key to every potential sender. This distribution of public keys does need to be secure, but the security requirement is weaker. Symmetric keys need to be kept secret, public keys do not; instead we only need to ensure their integrity, that the potential sender got the actual public key of the potential recipient.

    Asymmetric cryptography can be used to further reduce the scope of this problem by using its ability to digitally sign certificates, proving the legitimacy of a given public key assuming (a) the recipient of the certificate has securely received the public signing key and (b) the private signing key is not compromised and is only used to sign legitimate public keys. Thus, the key distribution problem is reduced to a "bootstrapping" problem; we just have to get Certificate Authority key(s) securely. In practice we do this by distributing the bootstrapping keys in system software.

    However, asymmetric cryptography has a lot of issues compared to symmetric cryptography. One of the largest is that the public/private key pairs must have some particular mathematical relationship with each other and with every message encrypted or signed. Thus, asymmetric cryptography is deeply dependent on the existence of "one-way" mathematical operations: operations that can be efficiently computed in the forward direction but are intractable in the reverse direction. We don't actually know that any such operations exist, though we have a bunch that we know how to compute efficiently in one direction but not the other. These one-way operations tend to be touchy, though; small errors in constructing messages and performing computations can compromise the security (for example, consider the critical importance of correct padding of RSA plaintexts before encryption; do it wrong and you can potentially hand the adversary your private key).

    There are also lots of practical issues with asymmetric cryptography. It's relatively slow and expensive (some techniques more than others), and that opens it up to more side channel attacks and other practical attacks. Then there are issues with the CA system; it's awesome that we can reduce the key distribution problem from one that requires secure pairwise exchanges between billions of devices to broad distribution of a few hundred bootstrapping keys... but that means those bootstrapping keys are incredibly important and every link in the bootstrapping chain becomes an extraordinarily tempting target for extra-cryptographic compromise (e.g. "rubber hose cryptanalysis").

    Another issue is quantum computing.

    Symmetric ciphers are theoret

  4. Re:Let them write it on paper on Ask Slashdot: Cheapest Functional Computer For Students? · · Score: 1

    I would argue that computers should not be intruded into this classroom.

    Okay, so argue it. You didn't, you merely stated that you were going to but didn't offer any rationale, other than a sideways hint that perhaps it's worse for inner-city kids because it might be an obstacle -- but no explanation of how watching video lectures at home is more of an obstacle than reading assigned texts or writing essays or other homework. Clearly it's an obstacle if the kids don't have devices on which to watch the lectures... but that's precisely the problem the questioner is looking to solve.

    However, this has to be a school wide initiative, not a classroom one.

    Why?

  5. Re:Let them write it on paper on Ask Slashdot: Cheapest Functional Computer For Students? · · Score: 1

    Why would you try to impose more "work" outside of school hours.

    The idea isn't to add more work, but to keep the work load the same, merely swap what parts are done where, to make better use of the teacher.

  6. Re:Let them write it on paper on Ask Slashdot: Cheapest Functional Computer For Students? · · Score: 2

    Sending students to a bunch of online videos and texts may be trendy, but it is likely not actually helping your students.

    I disagree.

    I think there's a lot of potential in "flipping the classroom", where lectures are watched at home and class time is used for interactive discussions and the work normally done at home. Upper level English courses don't really benefit as much because those tend to have very little lecture component to them anyway, but standard high school English courses which cover a lot of material like parts of speech, sentence diagramming, essay and poetry structure, etc., do include plenty of lectures which could be more efficiently watched outside of class.

    On the other hand, there are certainly lots of ways you could misuse computers in an English class, making them less effective than pencil and paper. But I don't get the sense that the poster is doing that.

  7. Re:Laugh at those fixed battery folks on WSJ: We Need the Right To Repair Our Gadgets · · Score: 1

    Hmm, yeah, well the battery thing is fine on phones that allow it. My wife dropped her Nexus 6 in the toilet the other day. No removable battery. Power it off, shake the water out of the ports (USB and headphone) - shake very well for a long period, then place in a ziplock with either a desiccant or rice if you don't have a desiccant (we didn't). It came out fine two days later. Not screwed at all. Works fine.

    Note that the Nexus 6 doesn't have a formal IP water resistance rating, but it is sold as being water resistant and in practice N6s do seem to survive brief dunkings or splashing with no harm, even without using a dessicant. http://www.phonearena.com/news...

  8. Re:Good example on WSJ: We Need the Right To Repair Our Gadgets · · Score: 1

    denied you access to the smartphone battery, preventing a hard reset.

    There are other reasons to care about a removable battery, but lack of a hard reset option isn't one of them. All mobile devices I'm familiar with that have non-removable batteries provide a different option for hard reset. This is a really good thing because engineers (like me) working on low-level OS and even firmware components regularly screw up our devices, and need a way to recover them.

    Nexus devices -- and AFAIK all Android devices -- provide reset options with the power and volume buttons. Holding the power and volume down button is a semi-hard reset; it's implemented in low-level firmware and will restart the device no matter how hard the regular OS is locked up, and it will get you into fastboot where you can reflash anything.

    Holding power, volume up and volume down is a real hard reset. It gets you to a state where you can use low-level (OEM-specific, AFAICT) utilities to re-flash broken firmware.

    On iPhones, hard reset is done by holding the home button and the sleep/wake button.

    All devices have to have a hard reset mechanism. Otherwise engineers building them would be throwing bricked devices away on a daily basis.

  9. Re:Get a bear to guard your honey on Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance · · Score: 1

    Well, it's assumptions either way. At least one of them is credible.

    One of them is "assume that the company with a lot to lose if it lies is telling the truth". The other is "assume that the company is lying, and risking a serious PR and possibly regulatory backlash". Yes, one of those is credible. Buttressing its credibility is the fact that the system is being built completely in the open, and security experts the world over are being invited to scrutinize it for any flaws, including any that could permit Google to get at the data.

    Barring heavy confirmation bias, I see only two realistic explanations. First, that it's completely legitimate and that Google thinks its more important to enable private communications than to be able to advertise based on the contents of those communications (which I suspect wouldn't be a huge hit to Google's revenue, and might result in a net goodwill benefit). Second, that Google doesn't expect to ever actually deploy the thing.

    I happen to know that the guys who came up with the idea and are building it strongly believe the first interpretation, and so far management is encouraging them, not telling them to stop. But given a sufficiently-powerful dose of confirmation bias, it's easy to just assume I'm in on the scam, so that doesn't mean much.

  10. Re:Get a bear to guard your honey on Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance · · Score: 1

    No, an assumption is not enough.

  11. Re:Get a bear to guard your honey on Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance · · Score: 1

    I'm also annoyed that this isn't a genuine attempt to make securely encrypted email mainstream

    What makes you think it's not, other than your assumption that Google wouldn't do something to harm their business model?

  12. Re:Public Service Experience on John McAfee Pondering Presidential Bid · · Score: 1

    You have to learn how to compromise and persuade, not just order around underlings to carry out your vision your way.

    You have a very skewed vision of how business leadership works. It's definitely different from politics, but it's impossible to be a successful executive without being good at compromise and persuasion. At the CEO level this is perhaps a little less important with respect to your own company, but it's still relevant to relationships with shareholders, partners, suppliers, and even large customers. And as executives rise through the ranks, or start companies, those skills are essential as well.

  13. Re:Get a bear to guard your honey on Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance · · Score: 1

    Depending on how far you're willing to go to assume bad faith, there's no way for them to really prove they don't have some way to sneak access to your data. But, they're making it all open source and calling for extensive public review. Also, if they were to be caught lying about this it would cause a huge PR shitstorm. Also, keep in mind that Google is under ongoing scrutiny from the FTC related to its privacy practices, since it signed a consent decree.

    I'm neither a PR flack nor an attorney, but it seems to me that building a secret backdoor in to be able to read your e-mail while telling you that it's secure would be a fantastically risky proposition, and one without much upside for companies that have the all-your-data-are-belong-to-us attitude that you ascribe.

    It's much more plausible to believe that Google and Yahoo actually believe people should be able to have privacy when they want it -- and that people should be able to trade privacy for services when they want that.

  14. Re:Get a bear to guard your honey on Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance · · Score: 1

    >"Law Professor: Tech Companies Are Our Best Hope At Resisting Surveillance"

    Except they (tech companies) are just as guilty for surveillance. Plus, all the data they do gather is still information that the government can obtain legally through warrants and "illegally" through other means (which WILL continue).

    OTOH, the end-to-end encrypted e-mail solutions Google and Yahoo are building will keep them from seeing your email as well.

  15. Re:I don't understand something on Apple's Privacy Policies Are Keeping Data Scientists Away · · Score: 3, Informative

    There is basically 3 levels. Do nothing. Which is fairly wide grained. Basically city level. Opt in which is about every 15-30 mins it signals in (more if you use something like google maps). Opt out. Where like you said you can go in and delete it. But you have to specifically turn it off. You have to go out of your way to make all the other apps not do it as well. The default is basically grab it when you open up something.

    No, what you say is incorrect in several ways. Just to verify I grabbed a device and factory-reset it, then walked through the process. During setup, here's what I'm asked (with respect to location):

    Let Google's location services help apps find your location quickly and accurately, which can reduce battery consumption. Anonymous location data will be sent to Google, even when no apps are running.

    Improve location accuracy by allowing apps and services to scan for Wi-Fi networks and Bluetooth devices, even when Wi-Fi and Bluetooth are off.

    I don't know whether you want to call that "opt in" or "opt out"... it's a forced decision.

    Later in the setup process comes the Google Now prompt. If you sign up for Google now, it will turn on a lot of history, including, search and browsing activity, calendars, apps, music, battery life, sensor readings, location history and voice searches and commands. Again, it's a forced decision.

    Having refused all of that, now if I go look at my location settings I see that I'm in mode "device only". If I tap on that, there are three levels: "High accuracy", which uses GPS, Wi-Fi, Bluetooth and cellular networks, "Battery saving" which uses Wi-Fi, Bluetooth and cellular only (no GPS), and "Device only", which uses only GPS. So you're right that there are three levels, but wrong about what they are. "Device only" isn't city-level, it's GPS-precise... but because GPS is a battery killer it's only on when apps specifically request it. "Battery saving" is the mode you called the lowest, which is coarse-grained but energy-efficient because it doesn't use GPS. "High accuracy" uses all of the efficient signals, plus kicks on the GPS when you need it.

    None of that has anything to do with location history though. It's defines the precision of location data available to apps. It may also be sent to Google, but anonymized and not stored with your account.

    Also in the location settings is "Google Location History". That is what controls whether location information is uploaded to Google, associated with your account and stored. It's completely separate from the location accuracy settings; you can turn it on while accuracy is set to "Device only" and it will upload your position whenever it actually knows it. That will be when you're using Maps or similar. Or you can turn it on with accuracy set to "Battery saving" and it will upload your location regularly, but not very precisely. Or you can use it with "High accuracy" and give Google highly-accurate history (which you can then use whenever you want, too).

  16. Re:Vehicles interfering with each other? on Researcher Hacks Self-Driving Car Sensors · · Score: 2

    Well, early RADAR didn't measure range, it just gave a bearing. Then later generations used multiple receivers to triangulate to get ranging. Then they started measuring pulse return times, but at much larger distances than are practical with light, so timing didn't have to be as precise.

    But, yes, if you were measuring the same sorts of distances that LIDAR does for self-driving cars, RADAR would have precisely the same timing requirements.

    (Note that speed measurement RADAR guns don't actually need precise timing requirements because they don't measure distances. They measure the doppler shift by adding the return signal to the generated signal and looking for the peaks of the constructive interference, the "beats". That's a much easier measurement problem.)

  17. Re:I don't understand something on Apple's Privacy Policies Are Keeping Data Scientists Away · · Score: 1

    Apple's bet seems to be paying off:

    https://twitter.com/dtellom/st...

    Not sure I buy that graph... but ignoring that it really has no impact on my point. Predictive services aren't yet important enough to drive smartphone buying decisions. They're past the gimmick stage, into the "useful in narrow ways" stage, but a lot more is coming.

  18. Re:I don't understand something on Apple's Privacy Policies Are Keeping Data Scientists Away · · Score: 2

    No, it's strictly opt-in. If it's on, it's because you turned it on.

    BULL

    FUCKING

    SHIT

    You're a liar and you should feel bad.

    I can support my assertion, can you?

    http://www.androidcentral.com/understanding-googles-android-location-tracking

  19. Re:I don't understand something on Apple's Privacy Policies Are Keeping Data Scientists Away · · Score: 0

    Why is this written as if it was a negative thing?

    It's a negative thing if you want predictive services.

    Apple seems to be betting that the vast majority of their users will prefer privacy over convenience. I think that's a bad bet. Time will tell.

  20. Re:I don't understand something on Apple's Privacy Policies Are Keeping Data Scientists Away · · Score: 1

    https://maps.google.com/locationhistory/b/0

    There is stuff in there I did *years* ago.

    If you don't like that, delete it. Cick on the settings icon (the little gear wheel) and click "Delete all location history." If you'd like you can download a copy of it first. That's in the same settings menu.

    You can turn it off. But you have to deliberately disable it in the phone and inside of the google settings. It is strictly opt-out.

    No, it's strictly opt-in. If it's on, it's because you turned it on.

  21. Re:people pay attention to likes on youtube? on DDoS-Style YouTube Dislikes For Sale · · Score: 1

    Likes and dislikes alter youtube's video sorting algorithms.

    Cite?

  22. Re:Vehicles interfering with each other? on Researcher Hacks Self-Driving Car Sensors · · Score: 2

    I assume at least they're looking for brightness rather than timing (distance travelled is very short and light is very fast) to determine the distance of an object.

    They're not. It wouldn't work since the amplitude of reflections depends too much on the material, which the system doesn't know. As maeka mentioned, they use either direct time measurement or phase detection.

    The timing really isn't a problem. Most off-the-shelf CPUs are easily capable of nanosecond-level time measurement and given that light travels about one foot in a nanosecond, they could give you roughly six-inch ranging accuracy. So it's not hard to create purpose-built timing circuits that can measure in the 10-100 picosecond range. For example this timer released in 2006 can measure time intervals up to 40sec in duration with a 10 psec resolution, which provides laser ranging accuracies of +-1 mm out to a distance of 1500m. I don't think there are yet any off-the-shelf femtosecond-precision timers, but I'm sure there will be within a few years, providing laser rangers with micrometer-level measurement.

    We're accustomed to thinking of light as moving so fast that it's instantaneous across "human" distances. But that's only true at human timescales.

  23. Re:The AltaVista Page Sucked on Why AltaVista Lost Ground To Google Sooner Than Expected · · Score: 1

    That's why I switched after Google got good enough that they were comparable, NOT better. It was just less annoying.

    My experience was completely different. Google gave me much better results, pretty much every time. I never really saw the crap-laden Altavista because by then I'd completely switched.

  24. 72% of all Netflix usage is on videogame consoles and smart TVs. The remaining 28% is split up among Roku, Chromecast, and all tablets. For Netflix, what matters is getting Sony and Microsoft on board -- and Microsoft is a founding member. Smart TV makers will do whatever Netflix tells them to do (and it's not unlikely that many future Smart TVs will be Android TVs).

    If we generously assume that half of all of that non-console, non-smart TV Netflix usage is on tablets, that's 14% of Netflix usage. Apple has 26% of the tablet market share (and falling). If you assume all tablets are used for Netflix equally, that means Apple tablets drive 3.6% of Netflix use. I'll grant it's probably higher than that... but it's still not going to be very much.

    Apple is a bit player here. Further, it really doesn't matter that much if they don't get on board. Netflix can still use other codecs for streaming to Apple devices, if they want. It's a small enough percentage of the market that Netflix can still get substantial benefit from using a better codec everywhere else.

  25. Re:Somebody had to sell Hitler the ovens on Report: Google Will Return To China · · Score: 1

    I guess it's too much to expect any company, even the "do no evil" one, to stand up for principle when there's so much money at stake.

    Especially when it's doing absolutely no good. It made sense for Google to stand up to China when it appeared that there was a good chance they could win. But China won. The absence of Google's services did not cause the Chinese people to demand it, and the Great Firewall was successful at blocking and degrading Google's services enough that people largely don't bother. VPN services exist, but the Firewall makes them unreliable and short-lived solutions, so the Chinese just don't use Google much. And those who are doing all of the work to get around the Firewall are those who will do that work to get to uncensored search services anyway.

    So, money aside (not that Google is ignoring the money), there's really nothing to be achieved by staying out of China, and at least some possibility of achieving something by being in China.