The reference designs from when this was a new idea had a microwave beam power density about a quarter that of sunlight. With the beam on for 24 hours and near 100% conversion efficiency, the receiving station could be smaller than an equally powerful solar photovoltaic system, and cheaper because it would consist of antennas and diodes as opposed to acres of refined silicon. Figure a few square miles of low-value land for an antenna farm.
If you need a lower-powered beam, spread out the antenna farm into some more desert and spread out the beam to match.
>Don't tell me that an in-browser password manager stops people from using the same password everywhere.
That depends on the password manager. Firefox's password manager doesn't automatically create different passwords per site, but the pwdhash extension does. It hashes the site name with a master password to create a strong and site-specific password. There are several extensions that do this but pwdhash is my favorite.
The Tamil separatists have made heavy use of suicide bombers. Google won't turn up a cite, but I've seen a report that they do more than any other group around. The mystery to explain is why any suicide bombers come from a religion that condemns suicide.
Robert Morris Sr. gave a talk long ago about the two major rules of crypto. First, never underestimate how far someone will go to read your data (for example, hiring Alan Turing and inventing digital computers). Second, look for plaintext, which will pop up in unexpected places while you perfect the algorithm that create the ciphertext.
If you typed a passphrase into a Windows machine, would you bet your freedom that the passphrase wouldn't show up in "strings/dev/hda", in a swap file, in an MRU list, or in the files of whatever spyware happened to infect that machine? Or that potentially incriminating file names wouldn't be tucked in the registry someplace?
Hiding things on a general purpose computer is still hard, despite the availability of little-known but powerful techniques like the ATA commands to create an unreadable Host Protected Area, or simply to misreport available disk space (I'm waiting for the hack that takes advantage of the fact that a disk drive has tens of megs reserved for its own use, several megs of RAM, and a 32-bit processor: a 1990s desktop worth of machinery that nobody thinks of as a computer).
Fearless prediction: technology will lose on both offense and defense. Successful police will flip accomplices, successful criminals will move to jurisdictions where they can form an under$tanding with the police, and anyone who tries to win a technological arms race will lose in the end.
You're right, and this is one of the confusing things about the writeup, especially since they call it a metal poor star near the beginning and say it's rich in radioactives later.
The Big Bang stopped more or less at helium, and things like uranium have to cook in non-equilibrium processes like supernovas.
500 million years is enough time for that to happen, since a supergiant star can race through its entire lifetime in a few million years. This could have formed from the remnants of one of the earliest supernovas, or it could be several generations old.
There hasn't been "dead silence" about Mars. I've heard about it a lot. A whole lot.
We don't have to rely on Mars to get data about solar energy flux over the last >25 years. We have direct satellite measurements of solar output. Check it out.
If we didn't have satellite data, we would want to check our natural satellite for solar-induced temperature changes. Unlike Mars, the moon doesn't have abedo changes like Mars does.
>the predictions of the climate models have been very, very poor
They've underestimated the amount of rise in sea level, true.
>CO2 rises lag warm periods
It's a positive feedback system, warmth brings out more CO2. The effect of CO2 and other "greenhouse" gases is simple physics, not climatology. Apply thermodynamics to the earth without the effect of a warming atmosphere and you would get a global average temperature about 30 Celsius lower than we've actually got. CO2, methane, and (here's where things get so complicated you need supercomputers) water vapor are the reasons the oceans aren't frozen over.
There are still big uncertainties about a system with multiple coupled feedback loops on different time scales, but the remaining uncertainties are how much, how fast, and how serious the effects will be.
From the article you quoted, >>the global cooling hysteria of the 1970s. This claim is like a Terminator, it just keeps coming back no matter how many times someone posts the bibliography of climate articles from the 1970s.
Let's say that routers search out and destroy "ping pong" routes, in their copious free time.
Malicious traffic could still route itself through every IP in your load balancing farm, so a DDoS could hit you N times with one packet. If you detect that, it could still route itself through all 13 DNS root server addresses.
I wonder how this decision got made. "Source routing" should have said "security issue" to everybody on the committee.
If buildings were fireproof we wouldn't need sprinklers. But people like to use paper and to have affordable buildings, so we have sprinklers.
Where Schneier's point comes in, as I see it, is that sprinklers are taken for granted as part of a building. Nobody expects to buy a building and then pay a separate sprinkler industry to install a fire supression system. Instead it's one payment to one contractor. He expects to see security incorporated into the infrastructure analogously to sprinkler systems.
And after you investigate and find a reliable plumber, you don't want to have an impostor show up with a big wrench and an invoice pad.
This isn't much of an issue in meatspace, but on the Internet the work you did to determine whether a business is acceptably safe is wasted if you end up at a typo squatter's site.
The value of a third-party certificate, limited by the relatively weak checking and the fact that virtually no customers understand it, is that although anyone could register bofa.com and be impossible to catch, if you see a cert then you can look at the DN and know where to send a process server if something goes wrong. In principle, certs from CAs provide the mapping from a public key to meatspace identity that allows you to transfer your offline knowledge to online transactions.
The other thing that limits the value is that CAs aren't offering nice fat sums of money to reimburse anyone who gets fooled by https://www.paipal.com./
This should all have been connected to trademarks in the first place. Trademark law has been sorting out impersonation and confusion for centuries. Certs should attest to a trademarked logo, CAs should check the trademark registry or other documentation.
There are two kinds of collision to worry about, the kind where you control both files, and the kind where you try to match the hash of a file created outside your control.
MD5 is known to be vulnerable to the first of those. Now that it's begun falling apart, it's imprudent to expect it to resist the second sort for the foreseeable future, but last I heard it wasn't known to be vulnerable to those.
The algorithm to create two colliding files doesn't lend itself to creating meaningful files.
So it still meets the needs of forensics, though I'd use SHA-1 to save time explaining to non-technical people the difference between a first preimage and a second preimage attack.
Preferably with a live CD that always mounts things read-only. Helix from e-fense.com is a well known one.
Be aware that some file systems have counts of how often they've been mounted that increment even when you mount read-only, which is all it takes to make a hash change. Hardware write blockers are not strictly necessary but are handy. Make sure the one you use has been through real testing, preferably your own.
The female geek who for some reason married me insists that any future jewelry be something other than a mined diamond. Preferably something created with human skill and science.
The lemon problem is just another manifestation of my worst competitor, apathy. If customers cared about good security they'd demand independent testing labs.
This is black box testing with dubious motivation for the attackers.
The right way to do this is to publish everything and pay people like Adi Shamir and Ross Anderson for blocks (big blocks) of consulting time. Even that's futile without the will and the budget to fix problems -=>WHEN<=- the security people find them.
What they're doing is a good way to get headlines and to impress the impressionable. It's not a good way to make sure a system is secure.
I have yet to investigate a machine used by somebody smart.
Of course the smart ones may never come to my attention.
Also I haven't been looking at criminal cases, so the motivation level might be lower -- but don't overestimate the level of computer knowledge in the general population.
I want to live in a world where people's first reaction is compassion for the victims, for those who died quickly, for those who are crippled, and for those who had loved ones torn away for even less reason than death usually offers (Jeff MacNelly cartoon: "You may as well get used to it, Skyler. Life isn't fair. (new frame)But then death doesn't have a very good track record either").
Here's something from police training that too few people know. Being shot does not cause you to fly across the room and turn into a rag doll. It means you have a hole in your body that requires first aid within minutes and surgery within hours. Even a fatal wound may leave you a few seconds of consciousness. Meantime you and the other hundred people in the area can pile on the gunman. Police training materials are full of horror stories about criminals who continued lethal attacks on police after being shot repeatedly. Good guys can do the same.
If the guy's on a killing spree then you have nothing to lose, except that maybe you'll got shot a few seconds earlier.
If, god forbid, anyone here is in a situation like that one, turn off every safety catch in your mind and go for the gun hand. Go berserk. Optionally shout "There's a hundred of us and one of him!" first.
You may raise your chance of getting killed. Slightly. So what?
Here's a favorite brainteaser of mine. How many commercial power sources can you think of that aren't ultimately derived from sunlight? I've come up with three.
Slashdot Mirror
The reference designs from when this was a new idea had a microwave beam power density about a quarter that of sunlight. With the beam on for 24 hours and near 100% conversion efficiency, the receiving station could be smaller than an equally powerful solar photovoltaic system, and cheaper because it would consist of antennas and diodes as opposed to acres of refined silicon. Figure a few square miles of low-value land for an antenna farm.
If you need a lower-powered beam, spread out the antenna farm into some more desert and spread out the beam to match.
>Don't tell me that an in-browser password manager stops people from using the same password everywhere.
That depends on the password manager. Firefox's password manager doesn't automatically create different passwords per site, but the pwdhash extension does. It hashes the site name with a master password to create a strong and site-specific password. There are several extensions that do this but pwdhash is my favorite.
The Tamil separatists have made heavy use of suicide bombers. Google won't turn up a cite, but I've seen a report that they do more than any other group around. The mystery to explain is why any suicide bombers come from a religion that condemns suicide.
The 80-column limit comes from the size of an IBM punched card.
Robert Morris Sr. gave a talk long ago about the two major rules of crypto. First, never underestimate how far someone will go to read your data (for example, hiring Alan Turing and inventing digital computers). Second, look for plaintext, which will pop up in unexpected places while you perfect the algorithm that create the ciphertext.
/dev/hda", in a swap file, in an MRU list, or in the files of whatever spyware happened to infect that machine? Or that potentially incriminating file names wouldn't be tucked in the registry someplace?
If you typed a passphrase into a Windows machine, would you bet your freedom that the passphrase wouldn't show up in "strings
Hiding things on a general purpose computer is still hard, despite the availability of little-known but powerful techniques like the ATA commands to create an unreadable Host Protected Area, or simply to misreport available disk space (I'm waiting for the hack that takes advantage of the fact that a disk drive has tens of megs reserved for its own use, several megs of RAM, and a 32-bit processor: a 1990s desktop worth of machinery that nobody thinks of as a computer).
Fearless prediction: technology will lose on both offense and defense. Successful police will flip accomplices, successful criminals will move to jurisdictions where they can form an under$tanding with the police, and anyone who tries to win a technological arms race will lose in the end.
Ten thousand times lower frequency than wi-fi, five thousand times higher than power lines. Below the AM radio band.
Not to mention that the kayak travels through time.
>Solving potential problems is rarely a good idea.
It worked for OpenBSD, though conceivably they could have gotten the same results with less labor.
Their policy was to audit code looking for problems, and then fixing every problem they found without even checking whether it was exploitable.
Interestingly, one result was that OpenBSD became unusually difficult to crash.
Not many projects are willing to set up their priorities the way the OpenBSD team has, and there are reasons.
You're right, and this is one of the confusing things about the writeup, especially since they call it a metal poor star near the beginning and say it's rich in radioactives later.
The Big Bang stopped more or less at helium, and things like uranium have to cook in non-equilibrium processes like supernovas.
500 million years is enough time for that to happen, since a supergiant star can race through its entire lifetime in a few million years. This could have formed from the remnants of one of the earliest supernovas, or it could be several generations old.
There hasn't been "dead silence" about Mars. I've heard about it a lot. A whole lot.
We don't have to rely on Mars to get data about solar energy flux over the last >25 years. We have direct satellite measurements of solar output. Check it out.
If we didn't have satellite data, we would want to check our natural satellite for solar-induced temperature changes. Unlike Mars, the moon doesn't have abedo changes like Mars does.
>the predictions of the climate models have been very, very poor
They've underestimated the amount of rise in sea level, true.
>CO2 rises lag warm periods
It's a positive feedback system, warmth brings out more CO2. The effect of CO2 and other "greenhouse" gases is simple physics, not climatology. Apply thermodynamics to the earth without the effect of a warming atmosphere and you would get a global average temperature about 30 Celsius lower than we've actually got. CO2, methane, and (here's where things get so complicated you need supercomputers) water vapor are the reasons the oceans aren't frozen over.
There are still big uncertainties about a system with multiple coupled feedback loops on different time scales, but the remaining uncertainties are how much, how fast, and how serious the effects will be.
From the article you quoted,
>>the global cooling hysteria of the 1970s.
This claim is like a Terminator, it just keeps coming back no matter how many times someone posts the bibliography of climate articles from the 1970s.
Not enough.
Let's say that routers search out and destroy "ping pong" routes, in their copious free time.
Malicious traffic could still route itself through every IP in your load balancing farm, so a DDoS could hit you N times with one packet. If you detect that, it could still route itself through all 13 DNS root server addresses.
I wonder how this decision got made. "Source routing" should have said "security issue" to everybody on the committee.
>Never memorize what you can look up.
With due respect to the man who said that, there's a lot to be said for caching. He probably had more memorized than he was fully aware of.
If buildings were fireproof we wouldn't need sprinklers. But people like to use paper and to have affordable buildings, so we have sprinklers.
Where Schneier's point comes in, as I see it, is that sprinklers are taken for granted as part of a building. Nobody expects to buy a building and then pay a separate sprinkler industry to install a fire supression system. Instead it's one payment to one contractor. He expects to see security incorporated into the infrastructure analogously to sprinkler systems.
Related work, but without the standardized templates that are the real value in your proposal:
Retrofitting sandboxes into Windows
And after you investigate and find a reliable plumber, you don't want to have an impostor show up with a big wrench and an invoice pad.
This isn't much of an issue in meatspace, but on the Internet the work you did to determine whether a business is acceptably safe is wasted if you end up at a typo squatter's site.
The value of a third-party certificate, limited by the relatively weak checking and the fact that virtually no customers understand it, is that although anyone could register bofa.com and be impossible to catch, if you see a cert then you can look at the DN and know where to send a process server if something goes wrong. In principle, certs from CAs provide the mapping from a public key to meatspace identity that allows you to transfer your offline knowledge to online transactions.
The other thing that limits the value is that CAs aren't offering nice fat sums of money to reimburse anyone who gets fooled by https://www.paipal.com./
This should all have been connected to trademarks in the first place. Trademark law has been sorting out impersonation and confusion for centuries. Certs should attest to a trademarked logo, CAs should check the trademark registry or other documentation.
There are two kinds of collision to worry about, the kind where you control both files, and the kind where you try to match the hash of a file created outside your control.
MD5 is known to be vulnerable to the first of those. Now that it's begun falling apart, it's imprudent to expect it to resist the second sort for the foreseeable future, but last I heard it wasn't known to be vulnerable to those.
The algorithm to create two colliding files doesn't lend itself to creating meaningful files.
So it still meets the needs of forensics, though I'd use SHA-1 to save time explaining to non-technical people the difference between a first preimage and a second preimage attack.
Preferably with a live CD that always mounts things read-only. Helix from e-fense.com is a well known one.
Be aware that some file systems have counts of how often they've been mounted that increment even when you mount read-only, which is all it takes to make a hash change. Hardware write blockers are not strictly necessary but are handy. Make sure the one you use has been through real testing, preferably your own.
The female geek who for some reason married me insists that any future jewelry be something other than a mined diamond. Preferably something created with human skill and science.
Abstaining from all sex for the next 50-100 years would reduce the number of cases of many other diseases.
My security commentary on the Evil Overlord's Handbook points out how evil overlords get duped by salespeople into buying shiny things that don't contribute to solid security.
The lemon problem is just another manifestation of my worst competitor, apathy. If customers cared about good security they'd demand independent testing labs.
This is black box testing with dubious motivation for the attackers.
The right way to do this is to publish everything and pay people like Adi Shamir and Ross Anderson for blocks (big blocks) of consulting time. Even that's futile without the will and the budget to fix problems -=>WHEN<=- the security people find them.
What they're doing is a good way to get headlines and to impress the impressionable. It's not a good way to make sure a system is secure.
I have yet to investigate a machine used by somebody smart.
Of course the smart ones may never come to my attention.
Also I haven't been looking at criminal cases, so the motivation level might be lower -- but don't overestimate the level of computer knowledge in the general population.
>I want to be able to defend myself
I want to live in a world where people's first reaction is compassion for the victims, for those who died quickly, for those who are crippled, and for those who had loved ones torn away for even less reason than death usually offers (Jeff MacNelly cartoon: "You may as well get used to it, Skyler. Life isn't fair. (new frame)But then death doesn't have a very good track record either").
Here's something from police training that too few people know. Being shot does not cause you to fly across the room and turn into a rag doll. It means you have a hole in your body that requires first aid within minutes and surgery within hours. Even a fatal wound may leave you a few seconds of consciousness. Meantime you and the other hundred people in the area can pile on the gunman. Police training materials are full of horror stories about criminals who continued lethal attacks on police after being shot repeatedly. Good guys can do the same.
If the guy's on a killing spree then you have nothing to lose, except that maybe you'll got shot a few seconds earlier.
If, god forbid, anyone here is in a situation like that one, turn off every safety catch in your mind and go for the gun hand. Go berserk. Optionally shout "There's a hundred of us and one of him!" first.
You may raise your chance of getting killed. Slightly. So what?
A full-wave rectifier works like a frequency doubler, and the article makes it sound like they've extended that to get a frequency quadrupler.
One significant point here is that the FCC only claims jurisdiction up to 300 GHz.
Here's a favorite brainteaser of mine. How many commercial power sources can you think of that aren't ultimately derived from sunlight? I've come up with three.