Going by the article I linked on Blom's scheme, the identifiers are deliberately chosen to be linearly independent. If they are not, if, say, Charlie's key is the sum of Alice and Bob's, then if Eve cracks Alice's and Bob's key, she gets Charlie's for free.
So in order to protect the system against small-scale partial compromise, you have to make it as easy as possible to totally compromise. And vice versa.
I was using shorthand: by "40 different players" I meant 40 different keys.
It's not clear from what I've read whether these keys are distributed 1 per manufacturer, 1 per device model, or god forbid one per device. It is clear that revoked / deleted keys can still be used to help decipher the master key.
1) is clearly a problem, but I don't think you have to worry about 2) losing the master key.
From a mathematical standpoint, if I understand the linear algebra right, the key-generating authority could ask each manufacturer to send back a copy of their individual key: it would be easy to construct a new master key matrix which is compatible with all the manufacturers' keys. It might not be exactly the same as the original, but it wouldn't matter.
From a practical standpoint, bureaucracies are pretty good at not losing important pieces of paper. Keeping them *secret*, on the other hand, is more difficult.
... but since the source matrix is 40x40, if you know 40 linearly independent identifier/key pairs, you can deduce the entire matrix.
As I understand it, the only way to avoid disclosure of the entire matrix is to avoid releasing more than 40 keys... so of those 147,846,528,820 possible keys, only 40 are useable. So it really is a complex way to publish 40 keys.
As far as I can tell, yes. Which is almost mind-bogglingly stupid. Keep in mind that it's not enough to just have 40 HDCP devices, you also have to crack them all, which involves either some really clever known-plaintext attacks or disassembling the firmware on each device. But if you can do it once, you can do it 40 times, so the only way to avoid having the master key leak is to never release that 40th manufacturer's key.
Some key (heh) facts: * This key is not stored in high-def devices themselves, nor does any manufacturer possess it. This is the key used to *make* individual manufacturers' keys. * The generated manufacturers' keys are set up in a way that device A and B can communicate secretly without knowing each others' keys. * Because of the way this system works, if enough individual manufacturers' keys are known, one can figure out the master key. In this case, "enough" is 40.
Important point: it's not like some random tech at Sony got fired and decided to blow the whole thing wide open. If it's a leak, it's a leak from just one or two specific keyholders at Intel, who developed the system. But it doesn't have to be: any random person with 40 different Blu-Ray players and a whole lot of cleverness could potentially figure this out.
By way of introduction: I teach intro physics in a similar environment. To add to the difficulty, our campus's honor code requires professors to give unproctored exams, so I can't watch them, but that doesn't stop them from trying to cheat.
Anyone who says "design better tests" isn't paying attention to the possibilities of mobile technology. It's easy with a modern smartphone to photograph each page of the exam sheet, send it to a paid test-taker, and have them send you back an image of their solution, in enough time and in enough detail to ace the test, and in a way which is undetectable unless you're literally right over the student's shoulder.
The only solution is an outright ban on uncontrolled technology. Your idea of buying 30 simple 4-function calculators is a good one, but any good intro physics class will require trigonometry, square roots, etc.
I say, have your department buy thirty cheap *scientific* calculators -- for example, the TI-30xa costs like $10 each. Tell your students they're welcome to familiarize themselves with this type of calculator before the test: they may choose to use them for homework problems as well: that way lack of adaptability will be no excuse.
As for dictionaries: they still make those on paper. So long as you warn students about these rules at the start of term, rather than surprising them a day before the exam, they should be willing to adjust.
I (the snarky Mac-loving OP) actually like Windows 7: its UAC behavior, like so many other things, is just like a Mac. My snide comments were directed less at Microsoft in general and more at XP fanatics who were so traumatized by Vista that they'll never touch another OS ever again.
I know this has been said before, but if your operating system is asking for an admin password often enough that replacing it with a mouseclick significantly improves the user experience, you're solving the wrong problem.
The Boss Is Robotic, and Rolling Up Behind You By JOHN MARKOFF
Mobile robots have been used for years by the military and law enforcement, but with falling costs, the next frontiers are the office, the hospital and the home.
"... if the plug fits in the jack, it should work." I'm guessing you work at "Chester's 'puter 'pair", just over there, turn left on the dirt road...
As I said, "didn't used to be like this". Computer engineers have learned a lot about idiot-proofing since idiots started buying computers.
And medical equipment designers are going to have to learn a lot now that idiots are becoming nurses. Seriously, have you *seen* some of the people going to nursing school these days?
Anyway, find me a modern case where the plug fits in the jack but the result is catastrophic failure, and we'll talk.
Yeah, I thought about that. Same is true in the computer world: I'm sure someone, somewhere, will sell you a perfectly reasonable set of adapters that will let you send 120 volts AC into an Ethernet jack.
Adapters are a necessary evil: they allow people to mix old crap with new and better stuff, but without them, we'd be stuck with the old crap forever.
Asking whether a problem is caused by design error or human error is a false distinction. If the design *permits* human error, it's not a good design.
Gas stations don't rely on "personal responsibility" to keep you from filling your car with diesel: they make the diesel filler tube incompatible with a gasoline fuel tank so it's *impossible* to screw up.
Another car example: the Toyota "unintended acceleration" thing. Was it driver error, hitting the wrong pedal? Or is there a design flaw in the car? Even if every case was caused by people hitting the wrong pedal, there's still a design flaw, shared by all cars: the frickin' gas pedal is right next to the frickin' brake pedal, making human error inevitable.
Now, for complex tasks, like flying a plane, it may be impossible to make design good enough to eliminate human error. But for plugging a tube into another tube, there's no excuse for error-permitting design.
In my opinion, "over-engineering" isn't a problem where medical devices are concerned. With a price of $5-10 dollars for a couple of grams of plastic, manufactured by the millions, the profit margin on these makes aftermarket USB cable vendors look like chumps.
You can afford to spend a little extra money making a square or hexagonal fitting, a threaded connector with a particular diameter and thread gauge, etc.
If your IV tubing ends up costing a little more than your competitors, no problem. Just ask your customers how the money they save going with your competitor compares with the price of a malpractice settlement.
Looks like the medical community should take a page from the computing industry. Or gas stations.
In recent years, computer cables work on one basic principle: if the plug fits in the jack, it should work. Or worst case, it shouldn't blow up. Didn't used to be like this -- remember ps/2 mouse/keyboard ports?
Gas stations work the same way: it's pretty much impossible to accidentally fill a gasoline car with diesel fuel, because the diesel filler tube is too large to fit in an unleaded tank's opening. (Doesn't work the other way around, of course, but diesel users are in the minority, and can be assumed to be paying attention.
Easy enough to do this with medical tubing. Make oxygen tubing always a specific diameter, tinted a specific color, and with a special fitting on the end that only plugs into oxygen-specific devices. Same with IV tubing, different diameter, different color, different fitting.
You don't even need the FDA to take charge to make this happen. It's not like the government regulated the USB spec, after all. All you need is a consortium of major medical equipment manufacturers to get together to agree on a standard. What incentive do they have to do this? Well, once they set a standard, EVERY HOSPITAL IN THE COUNTRY needs to buy all-new tubing, plus all the devices designed to connect to that tubing. Small manufacturers can make a fortune just selling backwards compatibility adapters.
Mercury: big round parachute. Gemini: big round parachute. Apollo: 3 big round parachutes. Soyuz: big round parachute. Viking, Pathfinder, Spirit/Opportunity: big round parachutes.
Self-deploying Rogallo wing: a couple of grainy Apollo-era NASA development photos, a few small-scale models built by enthusiasts, never actually used in a mission-critical application.
Given that SpaceX's goal is to get into space reliably and cheaply, not to spend billions reinventing the parachute, which would you pick?
Parasails are more feasible, but 3 big round parachutes have one clear advantage: if one fails, you can land on the other two. You can't deploy multiple parasails from the same vehicle.
This ties in with the overall design of the Dragon capsule, which is designed to re-enter with a non-perpendicular angle of attack: presumably to provide some lift to allow some cross-range maneuvering, though it might also help the ergonomics inside the capsule. The heat shield and everything else is designed asymmetrically: presumably the parachutes are set up the same way.
I could think of many better games for discussing existentialist philosophy. But as a physics professor, I've toyed with the idea of using Portal to discuss conservation laws in Intro Physics. For instance:
Which of the following physical quantities are conserved by an object passing through a portal?
Speed
Momentum
Kinetic Energy
Total Energy
Slashdot Mirror
Somewhere, right now, in a corporate office somewhere, the wrong heads are rolling.
Going by the article I linked on Blom's scheme, the identifiers are deliberately chosen to be linearly independent. If they are not, if, say, Charlie's key is the sum of Alice and Bob's, then if Eve cracks Alice's and Bob's key, she gets Charlie's for free.
So in order to protect the system against small-scale partial compromise, you have to make it as easy as possible to totally compromise. And vice versa.
I was using shorthand: by "40 different players" I meant 40 different keys.
It's not clear from what I've read whether these keys are distributed 1 per manufacturer, 1 per device model, or god forbid one per device. It is clear that revoked / deleted keys can still be used to help decipher the master key.
1) is clearly a problem, but I don't think you have to worry about 2) losing the master key.
From a mathematical standpoint, if I understand the linear algebra right, the key-generating authority could ask each manufacturer to send back a copy of their individual key: it would be easy to construct a new master key matrix which is compatible with all the manufacturers' keys. It might not be exactly the same as the original, but it wouldn't matter.
From a practical standpoint, bureaucracies are pretty good at not losing important pieces of paper. Keeping them *secret*, on the other hand, is more difficult.
... but since the source matrix is 40x40, if you know 40 linearly independent identifier/key pairs, you can deduce the entire matrix.
As I understand it, the only way to avoid disclosure of the entire matrix is to avoid releasing more than 40 keys ... so of those 147,846,528,820 possible keys, only 40 are useable. So it really is a complex way to publish 40 keys.
As far as I can tell, yes. Which is almost mind-bogglingly stupid. Keep in mind that it's not enough to just have 40 HDCP devices, you also have to crack them all, which involves either some really clever known-plaintext attacks or disassembling the firmware on each device. But if you can do it once, you can do it 40 times, so the only way to avoid having the master key leak is to never release that 40th manufacturer's key.
In particular, read
http://en.wikipedia.org/wiki/High-bandwidth_Digital_Content_Protection
and
http://en.wikipedia.org/wiki/Blom's_scheme
Some key (heh) facts:
* This key is not stored in high-def devices themselves, nor does any manufacturer possess it. This is the key used to *make* individual manufacturers' keys.
* The generated manufacturers' keys are set up in a way that device A and B can communicate secretly without knowing each others' keys.
* Because of the way this system works, if enough individual manufacturers' keys are known, one can figure out the master key. In this case, "enough" is 40.
Important point: it's not like some random tech at Sony got fired and decided to blow the whole thing wide open. If it's a leak, it's a leak from just one or two specific keyholders at Intel, who developed the system. But it doesn't have to be: any random person with 40 different Blu-Ray players and a whole lot of cleverness could potentially figure this out.
By way of introduction: I teach intro physics in a similar environment. To add to the difficulty, our campus's honor code requires professors to give unproctored exams, so I can't watch them, but that doesn't stop them from trying to cheat.
Anyone who says "design better tests" isn't paying attention to the possibilities of mobile technology. It's easy with a modern smartphone to photograph each page of the exam sheet, send it to a paid test-taker, and have them send you back an image of their solution, in enough time and in enough detail to ace the test, and in a way which is undetectable unless you're literally right over the student's shoulder.
The only solution is an outright ban on uncontrolled technology. Your idea of buying 30 simple 4-function calculators is a good one, but any good intro physics class will require trigonometry, square roots, etc.
I say, have your department buy thirty cheap *scientific* calculators -- for example, the TI-30xa costs like $10 each. Tell your students they're welcome to familiarize themselves with this type of calculator before the test: they may choose to use them for homework problems as well: that way lack of adaptability will be no excuse.
As for dictionaries: they still make those on paper. So long as you warn students about these rules at the start of term, rather than surprising them a day before the exam, they should be willing to adjust.
I (the snarky Mac-loving OP) actually like Windows 7: its UAC behavior, like so many other things, is just like a Mac. My snide comments were directed less at Microsoft in general and more at XP fanatics who were so traumatized by Vista that they'll never touch another OS ever again.
I know this has been said before, but if your operating system is asking for an admin password often enough that replacing it with a mouseclick significantly improves the user experience, you're solving the wrong problem.
Point taken, but unless I'm mistaken you can't do any shenanigans by creating new files in /.
If you could *edit* existing files in / or create files in a path directory, you'd be in business, but you can't: they're all owned by root.
Stupid question from a Linux / Mac user:
Are there really operating systems in use in 2010 that let you write files to a system directory without entering an administrator password?
And now, every time someone rightly says that 4chan is nothing but a batch of juvenile asshats, they'll trot out this one story as a counterexample.
http://www.nytimes.com/2010/09/05/science/05robots.html?hp
The Boss Is Robotic, and Rolling Up Behind You
By JOHN MARKOFF
Mobile robots have been used for years by the military and law enforcement, but with falling costs, the next frontiers are the office, the hospital and the home.
A system with (multiple) full-time judges avoid some of those errors, but opens another can of worms.
*shudder*. Yeah, thanks but no thanks.
http://en.wikipedia.org/wiki/Star_Chamber
"... if the plug fits in the jack, it should work." I'm guessing you work at "Chester's 'puter 'pair", just over there, turn left on the dirt road...
As I said, "didn't used to be like this". Computer engineers have learned a lot about idiot-proofing since idiots started buying computers.
And medical equipment designers are going to have to learn a lot now that idiots are becoming nurses. Seriously, have you *seen* some of the people going to nursing school these days?
Anyway, find me a modern case where the plug fits in the jack but the result is catastrophic failure, and we'll talk.
Yeah, I thought about that. Same is true in the computer world: I'm sure someone, somewhere, will sell you a perfectly reasonable set of adapters that will let you send 120 volts AC into an Ethernet jack.
Adapters are a necessary evil: they allow people to mix old crap with new and better stuff, but without them, we'd be stuck with the old crap forever.
Asking whether a problem is caused by design error or human error is a false distinction. If the design *permits* human error, it's not a good design.
Gas stations don't rely on "personal responsibility" to keep you from filling your car with diesel: they make the diesel filler tube incompatible with a gasoline fuel tank so it's *impossible* to screw up.
Another car example: the Toyota "unintended acceleration" thing. Was it driver error, hitting the wrong pedal? Or is there a design flaw in the car? Even if every case was caused by people hitting the wrong pedal, there's still a design flaw, shared by all cars: the frickin' gas pedal is right next to the frickin' brake pedal, making human error inevitable.
Now, for complex tasks, like flying a plane, it may be impossible to make design good enough to eliminate human error. But for plugging a tube into another tube, there's no excuse for error-permitting design.
OK, I take that back. It *is* possible to over-engineer medical devices. See this post.
Okay, so I said in an earlier comment that there's no such thing as over-engineering things when medical devices are concerned.
You just proved me wrong.
In my opinion, "over-engineering" isn't a problem where medical devices are concerned. With a price of $5-10 dollars for a couple of grams of plastic, manufactured by the millions, the profit margin on these makes aftermarket USB cable vendors look like chumps.
You can afford to spend a little extra money making a square or hexagonal fitting, a threaded connector with a particular diameter and thread gauge, etc.
If your IV tubing ends up costing a little more than your competitors, no problem. Just ask your customers how the money they save going with your competitor compares with the price of a malpractice settlement.
Looks like the medical community should take a page from the computing industry. Or gas stations.
In recent years, computer cables work on one basic principle: if the plug fits in the jack, it should work. Or worst case, it shouldn't blow up. Didn't used to be like this -- remember ps/2 mouse/keyboard ports?
Gas stations work the same way: it's pretty much impossible to accidentally fill a gasoline car with diesel fuel, because the diesel filler tube is too large to fit in an unleaded tank's opening. (Doesn't work the other way around, of course, but diesel users are in the minority, and can be assumed to be paying attention.
Easy enough to do this with medical tubing. Make oxygen tubing always a specific diameter, tinted a specific color, and with a special fitting on the end that only plugs into oxygen-specific devices. Same with IV tubing, different diameter, different color, different fitting.
You don't even need the FDA to take charge to make this happen. It's not like the government regulated the USB spec, after all. All you need is a consortium of major medical equipment manufacturers to get together to agree on a standard. What incentive do they have to do this? Well, once they set a standard, EVERY HOSPITAL IN THE COUNTRY needs to buy all-new tubing, plus all the devices designed to connect to that tubing. Small manufacturers can make a fortune just selling backwards compatibility adapters.
The Connector Conspiracy. It's a beautiful thing.
Mercury: big round parachute. Gemini: big round parachute. Apollo: 3 big round parachutes. Soyuz: big round parachute. Viking, Pathfinder, Spirit/Opportunity: big round parachutes.
Self-deploying Rogallo wing: a couple of grainy Apollo-era NASA development photos, a few small-scale models built by enthusiasts, never actually used in a mission-critical application.
Given that SpaceX's goal is to get into space reliably and cheaply, not to spend billions reinventing the parachute, which would you pick?
Parasails are more feasible, but 3 big round parachutes have one clear advantage: if one fails, you can land on the other two. You can't deploy multiple parasails from the same vehicle.
This ties in with the overall design of the Dragon capsule, which is designed to re-enter with a non-perpendicular angle of attack: presumably to provide some lift to allow some cross-range maneuvering, though it might also help the ergonomics inside the capsule. The heat shield and everything else is designed asymmetrically: presumably the parachutes are set up the same way.
http://www.spacex.com/00Graphics/Images/Dec07%20Web%20Update/17.jpg
http://www.spacex.com/00Graphics/Images/Dec07%20Web%20Update/19.jpg
I could think of many better games for discussing existentialist philosophy. But as a physics professor, I've toyed with the idea of using Portal to discuss conservation laws in Intro Physics. For instance:
Which of the following physical quantities are conserved by an object passing through a portal?
Speed
Momentum
Kinetic Energy
Total Energy