Well, since the air conditioner is trying to push heat with the gradient (from a hot room to a cool outdoors) instead of vice versa, it should have great efficiency!
An inappropriate analogy, though one you already used elsewhere. The article is so kind as to provide an appropriate analogy, even going so far as to explain it.
First, he doesn't want the law changed to enable anything -- not that I read. Did you just toss that in?
Providing tools to do a preliminary, lesser version of a skilled job to be done by less-skilled individuals is quite common. Breathalyzers, home pregnancy tests, home blood-glucose meters, portable cardiac defibrillators. Even things like CO monitors are essentially laboratory tests made automatic and user-friendly, albeit incomparable to the real thing. These have their own uses, independent of the applications of the trained professionals.
The fact of the matter is that an untrained person could not provide court-usable forensic evidence. They can, however, reduce the number of items the experts have to look at and can get inaccurate preliminary results to assist in investigation.
In our state, most of them are police investigators that were interested in forensics and are fairly technically inclined. The main hiring problem here is that non-police people who would make good forensic specialists can earn better money in almost any job -- including computer forensics for companies.
That's correct. They don't have to provide a report of what exactly they looked at, what exactly they did, etc. (although it needs to be documented to be usable in court) -- but the search warrant does need to specify what they're searching and what they're looking for.
You don't get the point. Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number. So, say you are investigating Joe Smith, who has 3 computers, a PDA, and a cell phone. You deliver all these to the forensic analysts. At least half a year passes before you get any information from them. At that point, the information is only really useful in a trial, but not in the investigation.
They want something where cheaper people in greater supply (i.e., regular officers) can, in a forensically-valid manner, look for preliminary information so that they can take advantage of it in the investigation and so they can limit the evidence they send for forensic analysis (e.g., the one device out of those five that was used in the crime).
Spying is the surreptitious gathering of data. If you're doing it openly, it's investigation.
You're apparently defending someone out of boredom. They clearly didn't bother reading the summary very well, since they miss both the approach (it's not spyware) and the point (it doesn't matter that people will have to look at the data).
"Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?"
To my knowledge, they're not required to if they're conducting a search under a warrant.
"Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?"
That's certainly not the motivation for the creation of the tool. If they wanted to monitor you surreptitiously, it's not that easy, and requires trained personnel -- who can already do such things without the creation of such a tool.
"Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?"
It's actually a requirement of forensic software, if evidence gathered by it is to be used in court, that it modify the machine it's used on as little as possible and that these changes are well-documented both in general and on a per-investigation basis. A software tool that leaves traces on your system is worthless.
Yes, you managed to mention TrueCrypt, which comes up in essentially every Slashdot article about forensics.
The vast majority of criminals don't use TrueCrypt. Even those that do use encryption screw it up -- communicate over insecure channels, communicate with people who they can't verify aren't police agents, use encrypted files on an unencrypted system so trace evidence is left behind, etc.
The major objective is to make investigating the 95% of criminals that take no counterforensic measures faster and cheaper.
Conducting a search due to a crime in progress or evidence in plain sight is significantly more difficult -- at least in the US -- than you make it out to be. Never mind that copyright infringement is, except in a few cases, a civil matter and not criminal (meaning the police cannot investigate it, and could not possibly claim there was open evidence of a crime).
The problem with the original post is that it called the desired tool spyware. Spyware has a particular meaning: it is software that is installed surreptitiously (or installed intentionally under the auspices of legitimate software) that actively monitors or alters the computer's actions and/or your interactions with it. What they want is actually a first-response forensic tool, where when they serve a warrant for the seizure of computers, they can run first run this tool to quickly scan for obvious evidence of interest, rather than simply conveying the seized computers to a forensic lab.
In other words, it's very much like a breathalyzer, whereas spyware is somewhat more akin to a network of cameras with automated behavioral monitoring software in a mall.
They might be able to, too, if they were willing to fund development of a significant part of this tool. ("Please contact the RIAA if the illegally-shared-music filter matches so we can prosecute the individual.") Their network-based approach is more effective for the cases they're interested in, though, and they're failing pretty hard at that.
Just because you don't have the answers doesn't mean there aren't answers.
NCMEC, who publishes the US hash database, has the original material as well. However, this original material is not simply readily available to forensic investigators, only the hash list is. However, if an image matches a NCMEC hash, the potentially-illicit data is examined and, if necessary, is compared to the original offending image.
It's already well-known that CP traffickers can make trivial manipulations to images to render the hashes entirely different, defeating hashlist comparison. That's why a full investigation involving sorting and viewing all images on the machine is done. The big value of the NCMEC database is enabling you to connect a particular image to known data relevant to the case -- the identity of the pictured individual, legal investigations that determined the image was of an underage individual, related cases, et cetera.
My only experience is with US law enforcement, and they don't give two shits about copyright violation (which is almost exclusively civil, and not criminal).
Actually, that's not the problem they're trying to solve. I don't know about in the UK, but in the US, any kind of searching (including hash comparisons and automated tools like this) require a search warrant that covers the computer.
What they're really interested in is not conducting fishing expeditions, but trying to find some useful information -- even just narrowing down which machine they actually need to fully analyze -- within the machines covered by a search warrant. Generally the procedure is to box these things up, hand them over to computer forensic experts, and wait 6-12 months for them to perform a full analysis. Cutting down the amount of work they have to do by giving them only the one computer out of ten that is actually interesting, or being able to pull some small amount of useful information to use in the investigation immediately, is of great value.
This is at least a big concern in the US -- computer forensic investigations are slow and costly, and there's a huge backlog.
Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity -- but the majority of computer criminals are dumb as bricks and could probably be caught by doing a full-disk grep for files containing more than a couple of strings that look like credit card numbers.
You're right -- we're a little closer to theoretical speed limits, if the signal needs to traverse a substantial fraction of the chip in a single clock cycle.
One of the newer P4s uses a 146 mm^2 chip, which means it's about 1.2 cm on a side (like you said, about half an inch). Light propagation time across 1.2 cm limits you to 25 GHz in a vacuum -- not sure what the index of refraction in a microchip is.
You mean photon? We know a hell of a lot more about photons than "it's not an electron".
Don't confuse you not knowing what a photon is with physicists not knowing what a photon is. Don't confuse not knowing what something "is" with the inability to make working devices with them.
There's a practical (and theoretical) limit to how fast this force propagates, too. Fortunately, that's quite high. I don't think electric propagation time is or will be the practical limit on transistor speed.
To rephrase the other response, log vs. polynomial is the same as polynomial vs. exponential. Moving from polynomial time to logarithmic time is an exponential speedup (just as is moving from exponential time to polynomial time is).
You have your word semantics wrong. Shor's algorithm has enormous practical application. However, as there are no computers to run it, it's impractical to actually put it to use.
In practice, CS seems to be a popular and easy degree -- I wouldn't say that having a CS degree is predictive of anything in particular. Lots of people I know that ended up with degrees couldn't CS their way out of a paper bag.
It may surprise you to discover that the first actual computers were built by people who were trained in neither practical nor theoretical computer science. (They were, for the most part, physicists and electrical engineers.)
In fact, practical computer science ("programming") is almost useless if you want to build an actual computer. It's also useless if you want to deal with a theoretical computer.
So no, I'd say that if all we taught in CS was theory, we'd still have actual computers.
In fact, there is a single degree for Electrical Science and Mechanical Science. Usually it's referred to as "Physics". If that's too applied for you, you can go into Mathematics.
As far as I know, most schools that offer CS degrees also offer a degree in software engineering (however it may be referred to).
If kids with degrees don't know how to do multithreading, their school failed or they weren't paying attention. (I'd bet the latter.) It's a fairly standard part of CS. I'd even say that people with degrees are better prepared to do multithreading, in the fantasy world where they deserve their degrees and paid attention, since they should actually know how to apply different exclusion mechanisms and know how to identify potential race conditions and deadlocks.
Note the "per year". Looks like the article isn't the only one with unit trouble.
$3000/yr for 15 min/day equates to the ballpark of $50/hr. Don't worry, though. You're only off by a few orders of magnitude.
Well, since the air conditioner is trying to push heat with the gradient (from a hot room to a cool outdoors) instead of vice versa, it should have great efficiency!
An inappropriate analogy, though one you already used elsewhere. The article is so kind as to provide an appropriate analogy, even going so far as to explain it.
First, he doesn't want the law changed to enable anything -- not that I read. Did you just toss that in?
Providing tools to do a preliminary, lesser version of a skilled job to be done by less-skilled individuals is quite common. Breathalyzers, home pregnancy tests, home blood-glucose meters, portable cardiac defibrillators. Even things like CO monitors are essentially laboratory tests made automatic and user-friendly, albeit incomparable to the real thing. These have their own uses, independent of the applications of the trained professionals.
The fact of the matter is that an untrained person could not provide court-usable forensic evidence. They can, however, reduce the number of items the experts have to look at and can get inaccurate preliminary results to assist in investigation.
In our state, most of them are police investigators that were interested in forensics and are fairly technically inclined. The main hiring problem here is that non-police people who would make good forensic specialists can earn better money in almost any job -- including computer forensics for companies.
That's correct. They don't have to provide a report of what exactly they looked at, what exactly they did, etc. (although it needs to be documented to be usable in court) -- but the search warrant does need to specify what they're searching and what they're looking for.
You don't get the point. Currently all analysis of computers must be done by computer forensic specialists, who are relatively expensive and limited in number. So, say you are investigating Joe Smith, who has 3 computers, a PDA, and a cell phone. You deliver all these to the forensic analysts. At least half a year passes before you get any information from them. At that point, the information is only really useful in a trial, but not in the investigation.
They want something where cheaper people in greater supply (i.e., regular officers) can, in a forensically-valid manner, look for preliminary information so that they can take advantage of it in the investigation and so they can limit the evidence they send for forensic analysis (e.g., the one device out of those five that was used in the crime).
Spying is the surreptitious gathering of data. If you're doing it openly, it's investigation.
You're apparently defending someone out of boredom. They clearly didn't bother reading the summary very well, since they miss both the approach (it's not spyware) and the point (it doesn't matter that people will have to look at the data).
"Do you honestly believe that, if such a tool were created, the police would have you a report of what information was obtained, and what information was looked for?"
To my knowledge, they're not required to if they're conducting a search under a warrant.
"Do you believe that there won't be cases where they use the tool on your computers and simply don't tell you?"
That's certainly not the motivation for the creation of the tool. If they wanted to monitor you surreptitiously, it's not that easy, and requires trained personnel -- who can already do such things without the creation of such a tool.
"Do you believe that such a tool, if implemented, would respect your rights and remove all traces of itself from your machine?"
It's actually a requirement of forensic software, if evidence gathered by it is to be used in court, that it modify the machine it's used on as little as possible and that these changes are well-documented both in general and on a per-investigation basis. A software tool that leaves traces on your system is worthless.
Yes, you managed to mention TrueCrypt, which comes up in essentially every Slashdot article about forensics.
The vast majority of criminals don't use TrueCrypt. Even those that do use encryption screw it up -- communicate over insecure channels, communicate with people who they can't verify aren't police agents, use encrypted files on an unencrypted system so trace evidence is left behind, etc.
The major objective is to make investigating the 95% of criminals that take no counterforensic measures faster and cheaper.
Conducting a search due to a crime in progress or evidence in plain sight is significantly more difficult -- at least in the US -- than you make it out to be. Never mind that copyright infringement is, except in a few cases, a civil matter and not criminal (meaning the police cannot investigate it, and could not possibly claim there was open evidence of a crime).
The problem with the original post is that it called the desired tool spyware. Spyware has a particular meaning: it is software that is installed surreptitiously (or installed intentionally under the auspices of legitimate software) that actively monitors or alters the computer's actions and/or your interactions with it. What they want is actually a first-response forensic tool, where when they serve a warrant for the seizure of computers, they can run first run this tool to quickly scan for obvious evidence of interest, rather than simply conveying the seized computers to a forensic lab.
In other words, it's very much like a breathalyzer, whereas spyware is somewhat more akin to a network of cameras with automated behavioral monitoring software in a mall.
They might be able to, too, if they were willing to fund development of a significant part of this tool. ("Please contact the RIAA if the illegally-shared-music filter matches so we can prosecute the individual.") Their network-based approach is more effective for the cases they're interested in, though, and they're failing pretty hard at that.
Just because you don't have the answers doesn't mean there aren't answers.
NCMEC, who publishes the US hash database, has the original material as well. However, this original material is not simply readily available to forensic investigators, only the hash list is. However, if an image matches a NCMEC hash, the potentially-illicit data is examined and, if necessary, is compared to the original offending image.
It's already well-known that CP traffickers can make trivial manipulations to images to render the hashes entirely different, defeating hashlist comparison. That's why a full investigation involving sorting and viewing all images on the machine is done. The big value of the NCMEC database is enabling you to connect a particular image to known data relevant to the case -- the identity of the pictured individual, legal investigations that determined the image was of an underage individual, related cases, et cetera.
What statements? They're not going to be able to lie about whether or not they had a warrant.
In the US, in order for them to use such a device, they would need a search warrant covering the computer being searched.
My only experience is with US law enforcement, and they don't give two shits about copyright violation (which is almost exclusively civil, and not criminal).
Actually, that's not the problem they're trying to solve. I don't know about in the UK, but in the US, any kind of searching (including hash comparisons and automated tools like this) require a search warrant that covers the computer.
What they're really interested in is not conducting fishing expeditions, but trying to find some useful information -- even just narrowing down which machine they actually need to fully analyze -- within the machines covered by a search warrant. Generally the procedure is to box these things up, hand them over to computer forensic experts, and wait 6-12 months for them to perform a full analysis. Cutting down the amount of work they have to do by giving them only the one computer out of ten that is actually interesting, or being able to pull some small amount of useful information to use in the investigation immediately, is of great value.
This is at least a big concern in the US -- computer forensic investigations are slow and costly, and there's a huge backlog.
Not that I think they'll be able to make software that magically tells them if a computer was involved in illegal activity -- but the majority of computer criminals are dumb as bricks and could probably be caught by doing a full-disk grep for files containing more than a couple of strings that look like credit card numbers.
Good job managing to misread the summary.
You're right -- we're a little closer to theoretical speed limits, if the signal needs to traverse a substantial fraction of the chip in a single clock cycle.
One of the newer P4s uses a 146 mm^2 chip, which means it's about 1.2 cm on a side (like you said, about half an inch). Light propagation time across 1.2 cm limits you to 25 GHz in a vacuum -- not sure what the index of refraction in a microchip is.
You mean photon? We know a hell of a lot more about photons than "it's not an electron".
Don't confuse you not knowing what a photon is with physicists not knowing what a photon is. Don't confuse not knowing what something "is" with the inability to make working devices with them.
There's a practical (and theoretical) limit to how fast this force propagates, too. Fortunately, that's quite high. I don't think electric propagation time is or will be the practical limit on transistor speed.
To rephrase the other response, log vs. polynomial is the same as polynomial vs. exponential. Moving from polynomial time to logarithmic time is an exponential speedup (just as is moving from exponential time to polynomial time is).
O(n^3) vs. O(log n)
->
O(exp(n^3)) vs. O(n)
You have your word semantics wrong. Shor's algorithm has enormous practical application. However, as there are no computers to run it, it's impractical to actually put it to use.
The government forces you to use either Vista or Linux with SELinux enabled?
You must work for the government, then. I don't think that's exactly what parent poster had in mind.
In practice, CS seems to be a popular and easy degree -- I wouldn't say that having a CS degree is predictive of anything in particular. Lots of people I know that ended up with degrees couldn't CS their way out of a paper bag.
It may surprise you to discover that the first actual computers were built by people who were trained in neither practical nor theoretical computer science. (They were, for the most part, physicists and electrical engineers.)
In fact, practical computer science ("programming") is almost useless if you want to build an actual computer. It's also useless if you want to deal with a theoretical computer.
So no, I'd say that if all we taught in CS was theory, we'd still have actual computers.
In fact, there is a single degree for Electrical Science and Mechanical Science. Usually it's referred to as "Physics". If that's too applied for you, you can go into Mathematics.
As far as I know, most schools that offer CS degrees also offer a degree in software engineering (however it may be referred to).
If kids with degrees don't know how to do multithreading, their school failed or they weren't paying attention. (I'd bet the latter.) It's a fairly standard part of CS. I'd even say that people with degrees are better prepared to do multithreading, in the fantasy world where they deserve their degrees and paid attention, since they should actually know how to apply different exclusion mechanisms and know how to identify potential race conditions and deadlocks.