Seriously? Why the hell should people in Canada be able to release nearly 21 tons of GHG/person while you criticize India at 2.28 or China at 8. I live in Ottawa Canada, we might have the worst urban planning anywhere. The city almost entirely white collar jobs, young and educated. 95% the new housing in the last 20 years has been sprawling urban car dependent neighbourhoods. You have to have a car here. Half my neighbours have never walked to a store, hair cut or recreational facility in the entire time they have lived here. It's just not possible. People use their front yards for piling snow and the back yards for dogs to shit in. Kids can't walk to school because we don't have sidewalks and the snow banks and parked cars would mean walking in the middle of the road. Buses don't work because the streets aren't on a grid so there are no good places to put a stop. We have tens of thousands of office jobs in my neighbourhood and no one can walk to work. The offices are surrounded by seas of parking so wide everyone has to drive to go for lunch. It's actually terrible for our physical and mental health. Having kids in the suburbs should qualify as child abuse.
You want to fix climate change, bulldoze the suburbs with your politicians still there.
It means I can pay taxes without having to use the US banks. The US banking system is horrible at the best of times. If you happen to be black or live in an undesirable part of the USA it is out right abusive. Crypto currencies don't make a lot of sense in most countries but in Venezuela, Zimbabwe or the USA they do. So thank you Ohio.
The driver I had a few weeks ago had an electric car, he only drives a peak price times and knows which parts of the city to hang out in. He tracks everything on his lap top in Google docs and shares it with his group of friends. He works a little more than 35 hours a week but that work starts the moment he leaves his home. He starts slightly earlier than most commuters and ends later but has two long breaks in the day and is home when his kids finish school. As a new immigrant to Canada his profit was over 5k/month.
The banks in the USA are terrible. They are far worse than any other industrialized country and often banking is easier in third world countries. American's also tend to use cash and checks more than everyone else. My kids don't even carry wallets anymore, I doubt you could do that in the USA. The banks just aren't motivated to be convenient like that.
Also I'm a white male which makes using financial services much easier. There is a certain class and race rigidity in the USA and the financial system is a big part of it.
Thank you for finding the project. The link euanmearns.com was questionable. The author lists two compressed air energy storage systems but failed to grasp that the Fraunhofer Institute project wasn't actually a compressed air storage system.
My exasperation with Ontario policies is because spot price for electricity in Ontario varies between -$0.02 and $3 or $4. A storage system doesn't need to be very efficient with those price swings. It does however need to be cheap and have low maintenance costs. Our government messes with the market price so much though that the investment risk is just to high.
My ISP's upstream provider (Rogers) is blocking my SFTP so I know they are doing deep packet inspection. Is SFTP the only traffic they are messing with? I would like to know.
*It is quite possible that SFTP is an exception. To a deep packet inspection appliance a new encrypted TCP stream is created on a port the appliance knows nothing about. Almost every other TCP stream can be classified by the server port or by the initial handshake.
Pumped water isn't profitable today even if you get the facility for free, your electricity at 2 cents and can sell it for 15. The systems aren't efficient enough and they require too much maintenance. The ones we have on the US East coast are only profitable as insurance for when there is a sudden increase in demand or the unreliable renewables suddenly drop off. Basically utilities pay for the right to buy emergency power. As batteries become less expensive pumped water will soon disappear.
Someone proposed putting a large bag of air under lake Ontario and filling that. I can't find the study. Best places are either next to a large city (Toronto), nuclear plant (Pickering or Darlington) or wind generation. The sealed bag meant they could use clean, low humidity air. Not sure how they solved the heat problem (compressing the air makes it hot, if you lose the heat then you lose a high percentage of your energy. Ontario doesn't have the political competence to make this viable though. Maybe it would work on the US East coast?
Not quite. There is no such thing as lossless energy usage. The best you can do is Landauer's principle which states you need Boltzmann constant times the temperature to flip a single bit. Given a temperature of 3 Kelvin (any colder and you need energy to bring the temperature down) the best you can do is 5x10^-23J per bit flip. Now we can do some assumptions and hand waving and say we only need to flip on average, from an external viewers perspective, 2 bits per key we try so 10^-22J per key. Also assume we guess the key in the first half of the ones we try means trying 2^255 keys. 2^255~10^80. So we need 10^68J. The Sun's output is 3.8x10^26W. So we need 10^68J/ 3.8x10^26W = 2.6x10^41 seconds. A year is 3x10^7 seconds. A sun like ours can burn 10^10 years so we need 10^24 suns. There are 10^21 stars in the observable universe. So we need 10^3 universes of suns to crack a 256 bit key.
However the above post completely missed the point of the QKE. The point is to exchange a key securely. You could have 1024 bit symmetric encryption if you want, it won't help you exchange the key.
Alice and Bob want to agree on a key. Alice can send photons polarized at 0, 45, 90 or 135 degrees. Bob will have a detector for 0 or 45 degrees. If Alice sends a photon at 90 degrees and Bob uses the 0 degree receiver then Bob gets nothing but if he uses the 45 degree one he gets a photon 1/2 the time. So when Alice sends at 90 or 0 degrees Bob only knows for sure what the polarization was if he used 0 degrees. Alice will send 1000 photons this way. Bob will create a list of 1s and 0s depending on whether he detected the photon. Bob will then send back a list of how he had his receiver set up and then Alice will send a list of the times Bob was correct (i.e. he used a receiver that was the same or 90 degrees off). Alice and Bob now both know the list of 1s and 0s that Bob created when his detector was correct.
Now Eve, who is in the middle and trying to intercept the photons, must set up her detector to guess the polarity but the best she can do is guess like Bob did. She has no idea when she guesses correct and she must send a new photon on to Bob. If Eve's detector is at 45 degrees and she detects a photon then either the photon was sent at 45 degrees or it was sent at 90 or 0 and this is the 1/2 chance it was detected. The probabilities for each polarity {0, 45, 90, 135} are {1/4, 1/2, 1/4, 0}. She could then send a photon at 45 degrees. But she has a 1/2 chance that Bob will have the correct orientation, a 1/2 that she had it wrong and change the photon and a 1/2 chance that Bob got the wrong result (her new photon is 45 degree off the original). So Alice and Bob can detect Eve 1/8 of the time.
Now if Alice sends bursts of polarized photons, say 8 or 16 at a time, then Eve's probability of figuring out the true polarity becomes much greater and her chance of being caught drops significantly unless Alice and Bob send tens of thousands of photon bursts.
Alice sends the polarized ones first. Say she sends 1000 of them. Bob then sends back the list of 1000 polarization orientations his receiver had. Alice then sends a list of the times Bob had it right, which should be about 500 times. So now they both know the polarization of 500 of the photons and use that as their key. They do a key verification step to prove they both arrived at the same key. If Eve did a MITM attack and altered any of the 500 photons then Alice and Bob have a 1/4 chance of detecting it (it's not 1/2 because Eve had a 1/2 chance of learning something).
The Quantum Key exchange is interesting but not really practical. The equipment is expensive and hard to set up. Further, if you are using photons you can only send one per quantum state. If you send more than one an attacker can intercept them and figure out their state.
In the easiest example Alice sends photons either polarized (up/down / side-2-side), or diagonally. Bob will then tell Alice which way his detector was set up for each received photon. For the photons his receiver was correct he know the polarity of Alice's photon. Alice and Bob then have a shared secret to use as a key. If Eve intercepts the photons she has to both read the photons and pass them on to Bob. If her detector is set up on the diagonal and Alice sends an up/down polarized photo Eve won't know the polarization and can't send the correct photon on to Bob. However if there are multiple photons, Eve can split them up and test them individually. With 8 photons Eve has a 63 in 64 chance of knowing the photons polarity and 255 out of 256 chance of fooling Bob well enough for her attack to go undetected.
For the entire thing to work either you have to send multiple photons and have them boosted or you send one and the repeaters know Alice's pattern of polarization. In the second case this pattern becomes a key that must be kept secret across every repeater. You may as well just give Bob this key.
Contractor vs Employee is about the level of control and independence. Control is: Who sets the hours, who owns the work place and the tools, who decides how a task will be solved, can you work for more than one person.
Uber driver, picking his own hours, driving his own car and even to some extent choosing the route to drive - contractor.
Cube dweller payed $150/hr, working 9 to 5, using a company computer - employee.
Most western governments use degree of control/independence as the measure for employee vs contractor and they can't enforce it because they are often the worst offenders for breaking it.
And that is why we need to call companies that do this stuff out and punish them. We need to reward companies that don't and also we need to appreciate companies like UL Benchmarks and Tech2.
If I have 10 well above engineers working 80+ hours on a well defined, well segmented project how many average programmers would I need to do the same job? My guess is, for many projects, you just can't do it. Some things just don't scale. Now imagine a project that has a two year deadline. If you slip the deadline hardware or the market will have moved and you will be forever trying to catch a moving target. For games or some hardware dependent products it's the only way a company will complete the project
I've sent my family away on vacation and had my dog live with me in my cubical. You get in the mindset that "I started this, I'm going to finish it". Often your moral and self worth is so beaten down you actually can't look for another job even if you had the time. I've noticed that companies that have 4+ months of crunch time often have a huge employee turn over after the project completes.
My advice, do it once. Learn as much as you can. Don't trust a work your managers say and then quit. Walk away. Don't worry about the promise of time off for the over time you worked or a share in the profit of the product. It will never happen. Quit, take what you learned, keep the friends you made at the time and find another job.
We can sign things with just a hashing function. For key agreement and other fun things there are other problems that it appears a quantum computer can't solve. https://en.wikipedia.org/wiki/...
However, there are a number of problems:
1 - If the NSA records the handshake of your conversation today, they will be able to read your messages in the future when/if they build a quantum computer. I find this point very frustrating. So many people think they are safe as long as they adopt something before a quantum computer is built.
2 - Adoption is going to be very slow. Other than Supersingular elliptic curve isogeny, none of the other proposals are drop in replacements for what we do today. So the protocols will have to change.
3 - Performance and bandwidth - some of the new algorithms have similar computation requirements but many are more expensive, some require significantly more RAM and almost all require huge message sizes. Most of my work is with ZigBee and 21 byte ECC point representations are fine. 1K messages are going to be really hard. 30K will be impossible. The bandwidth will take nearly an hour, many $1 systems won't even have that much memory. Hell the power consumption to be awake to receive the message will kill some devices.
For RSA you don't actually have to factor the large composite number, you need to just know the period of the messages, which is what Shor's algorithm does.
In RSA you choose two large prime numbers p and q, and then publish n=(p*q) and e. e is a smallish usually prime number. Your private key is a number d such that e*d is congruent to 1 module (p-1)(q-1). (p-1)(q-1) is the number of coprime numbers to (p*q). Given a number M less than n that is coprime to n, if you raise that number to every different power less than (p-1)(q-1) and take the modulus n, you will get every coprime number of n. When you raise M to (p-1)(q-1) and take the modulus you will get 1 and when you raise it to (p-1)(q-1)+1 you will get M again.
(p-1)(q-1) is the number of coprimes to n and also the period of any M being raised to a power modulo n. In classical computing you would likely find p and q by factoring n and then calculate (p-1)(q-1). However, Shor's algorithm actually gives you the period. (You could then find p and q though)
A finite state machine is a two dimensional array. You have your states and you have your events. Depending on your state you react to the events differently. If you write out your state machine on paper it should be obvious which {state, event} you have missed or implemented incorrectly. Yet I see so many state machines that:
don't have a variable stating what state they are in
have variables called previous state and current state
have state names that are the action they intend to perform (usually you do something (transition) and then wait for something, hint your state name should probably be what you are waiting for)
but the worst offenders are the ones that try and infer the state they are in based on only the event. javascript coders who try and make everything restful are the worst offenders here but it looks like the libssh authors are also guilty. How the fuck do you get your server into a client state? The only possible way is if you didn't actually define different states for client and server.
Most of these devices are running ZigBee. ZigBee is a suite of "layers". The MAC layer is 802.15.4, network is ZigBee Pro, the application is a binary format call ZigBee Cluster Library. (Google is pushing Thread which is 802.15.4, Thread network layer, ZigBee cluster library for the application). ZigBee Smart Energy is the variant in your electric meter on the side of your house. It uses certificates, a long unique joining code, and a key agreement and certificate authentication scheme call EC-MQV to provide security. Thread has pretty good security, they use a Password Authenticated Key agreement and strong security at every level of communication. Unfortunately, in most other versions of ZigBee security is trumped by convenience.
These are running on sub $1 processors only doing very simple things like turning a light on or off. Even something as complicated as your dishwasher doesn't need an OS. I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
Usually any extra security you add is going to hurt legitimate people who forgot their password/login. These people out number the crooks and a large army of them will be very upset if they can't reset their account with minimal effort. It's a balancing act for customer support but better to lose one account and restore 100 users who have are having trouble. Those support calls cost a lot and there is limited profit potential from them. Don't expect this problem to be fixed or even improve anytime soon.
If you don't like the current system of certificate authorities and certificate transparency (which google championed), please tell me a better way for me to trust a site on the internet?
CAs are now audited and the auditing is getting much better. With certificate transparency I can check, near real time, every EV cert a CA issues. If they issue one in secret there is a high probability they will be caught.
Symantic should have been dropped a while ago, as they proved to be untrusted. They were just too big to drop immediately. (disclaimer. I worked for Entrust)
If I say "Hitler said "All Jews are evil"", and you quote me as saying "All Jews are evil". Then you are technically correct, I did say it, but that isn't a defense against slander, in almost every country excluding the USA. You stated the truth but did so in a way that was intentionally misleading and intentionally done to hurt me. This is the same thing here. In the presentation (and you only have the slides), he was contrasting the two statements. He could have said one of these statements is true: 1 + 1 = 3 or 2 + 2 = 4. If you call him an sexist for saying 1 + 1 = 3 then I'm pretty sure you are committing slander.
The engineering team likes those extra options because it helps us debug things. Manufacturing likely doesn't understand it so they leave it enabled because it makes the diagnostics easier. The people who do understand it have told manufacturing at least once a month that they will have to disable it when "real production" for external customers begins but every new product launch it gets forgotten.
Slashdot Mirror
Seriously? Why the hell should people in Canada be able to release nearly 21 tons of GHG/person while you criticize India at 2.28 or China at 8. I live in Ottawa Canada, we might have the worst urban planning anywhere. The city almost entirely white collar jobs, young and educated. 95% the new housing in the last 20 years has been sprawling urban car dependent neighbourhoods. You have to have a car here. Half my neighbours have never walked to a store, hair cut or recreational facility in the entire time they have lived here. It's just not possible. People use their front yards for piling snow and the back yards for dogs to shit in. Kids can't walk to school because we don't have sidewalks and the snow banks and parked cars would mean walking in the middle of the road. Buses don't work because the streets aren't on a grid so there are no good places to put a stop. We have tens of thousands of office jobs in my neighbourhood and no one can walk to work. The offices are surrounded by seas of parking so wide everyone has to drive to go for lunch. It's actually terrible for our physical and mental health. Having kids in the suburbs should qualify as child abuse.
You want to fix climate change, bulldoze the suburbs with your politicians still there.
It means I can pay taxes without having to use the US banks. The US banking system is horrible at the best of times. If you happen to be black or live in an undesirable part of the USA it is out right abusive. Crypto currencies don't make a lot of sense in most countries but in Venezuela, Zimbabwe or the USA they do. So thank you Ohio.
The driver I had a few weeks ago had an electric car, he only drives a peak price times and knows which parts of the city to hang out in. He tracks everything on his lap top in Google docs and shares it with his group of friends. He works a little more than 35 hours a week but that work starts the moment he leaves his home. He starts slightly earlier than most commuters and ends later but has two long breaks in the day and is home when his kids finish school. As a new immigrant to Canada his profit was over 5k/month.
The banks in the USA are terrible. They are far worse than any other industrialized country and often banking is easier in third world countries. American's also tend to use cash and checks more than everyone else. My kids don't even carry wallets anymore, I doubt you could do that in the USA. The banks just aren't motivated to be convenient like that.
Also I'm a white male which makes using financial services much easier. There is a certain class and race rigidity in the USA and the financial system is a big part of it.
By neutron activation of lithium-6. There are a number of proposed ways to do this.
Thank you for finding the project. The link euanmearns.com was questionable. The author lists two compressed air energy storage systems but failed to grasp that the Fraunhofer Institute project wasn't actually a compressed air storage system.
My exasperation with Ontario policies is because spot price for electricity in Ontario varies between -$0.02 and $3 or $4. A storage system doesn't need to be very efficient with those price swings. It does however need to be cheap and have low maintenance costs. Our government messes with the market price so much though that the investment risk is just to high.
My ISP's upstream provider (Rogers) is blocking my SFTP so I know they are doing deep packet inspection. Is SFTP the only traffic they are messing with? I would like to know.
*It is quite possible that SFTP is an exception. To a deep packet inspection appliance a new encrypted TCP stream is created on a port the appliance knows nothing about. Almost every other TCP stream can be classified by the server port or by the initial handshake.
Pumped water isn't profitable today even if you get the facility for free, your electricity at 2 cents and can sell it for 15. The systems aren't efficient enough and they require too much maintenance. The ones we have on the US East coast are only profitable as insurance for when there is a sudden increase in demand or the unreliable renewables suddenly drop off. Basically utilities pay for the right to buy emergency power. As batteries become less expensive pumped water will soon disappear.
Someone proposed putting a large bag of air under lake Ontario and filling that. I can't find the study. Best places are either next to a large city (Toronto), nuclear plant (Pickering or Darlington) or wind generation. The sealed bag meant they could use clean, low humidity air. Not sure how they solved the heat problem (compressing the air makes it hot, if you lose the heat then you lose a high percentage of your energy. Ontario doesn't have the political competence to make this viable though. Maybe it would work on the US East coast?
Not quite. There is no such thing as lossless energy usage. The best you can do is Landauer's principle which states you need Boltzmann constant times the temperature to flip a single bit. Given a temperature of 3 Kelvin (any colder and you need energy to bring the temperature down) the best you can do is 5x10^-23J per bit flip. Now we can do some assumptions and hand waving and say we only need to flip on average, from an external viewers perspective, 2 bits per key we try so 10^-22J per key. Also assume we guess the key in the first half of the ones we try means trying 2^255 keys. 2^255~10^80. So we need 10^68J. The Sun's output is 3.8x10^26W. So we need 10^68J/ 3.8x10^26W = 2.6x10^41 seconds. A year is 3x10^7 seconds. A sun like ours can burn 10^10 years so we need 10^24 suns. There are 10^21 stars in the observable universe. So we need 10^3 universes of suns to crack a 256 bit key.
However the above post completely missed the point of the QKE. The point is to exchange a key securely. You could have 1024 bit symmetric encryption if you want, it won't help you exchange the key.
Alice and Bob want to agree on a key. Alice can send photons polarized at 0, 45, 90 or 135 degrees. Bob will have a detector for 0 or 45 degrees. If Alice sends a photon at 90 degrees and Bob uses the 0 degree receiver then Bob gets nothing but if he uses the 45 degree one he gets a photon 1/2 the time. So when Alice sends at 90 or 0 degrees Bob only knows for sure what the polarization was if he used 0 degrees. Alice will send 1000 photons this way. Bob will create a list of 1s and 0s depending on whether he detected the photon. Bob will then send back a list of how he had his receiver set up and then Alice will send a list of the times Bob was correct (i.e. he used a receiver that was the same or 90 degrees off). Alice and Bob now both know the list of 1s and 0s that Bob created when his detector was correct.
Now Eve, who is in the middle and trying to intercept the photons, must set up her detector to guess the polarity but the best she can do is guess like Bob did. She has no idea when she guesses correct and she must send a new photon on to Bob. If Eve's detector is at 45 degrees and she detects a photon then either the photon was sent at 45 degrees or it was sent at 90 or 0 and this is the 1/2 chance it was detected. The probabilities for each polarity {0, 45, 90, 135} are {1/4, 1/2, 1/4, 0}. She could then send a photon at 45 degrees. But she has a 1/2 chance that Bob will have the correct orientation, a 1/2 that she had it wrong and change the photon and a 1/2 chance that Bob got the wrong result (her new photon is 45 degree off the original). So Alice and Bob can detect Eve 1/8 of the time.
Now if Alice sends bursts of polarized photons, say 8 or 16 at a time, then Eve's probability of figuring out the true polarity becomes much greater and her chance of being caught drops significantly unless Alice and Bob send tens of thousands of photon bursts.
Alice sends the polarized ones first. Say she sends 1000 of them. Bob then sends back the list of 1000 polarization orientations his receiver had. Alice then sends a list of the times Bob had it right, which should be about 500 times. So now they both know the polarization of 500 of the photons and use that as their key. They do a key verification step to prove they both arrived at the same key. If Eve did a MITM attack and altered any of the 500 photons then Alice and Bob have a 1/4 chance of detecting it (it's not 1/2 because Eve had a 1/2 chance of learning something).
The Quantum Key exchange is interesting but not really practical. The equipment is expensive and hard to set up. Further, if you are using photons you can only send one per quantum state. If you send more than one an attacker can intercept them and figure out their state.
In the easiest example Alice sends photons either polarized (up/down / side-2-side), or diagonally. Bob will then tell Alice which way his detector was set up for each received photon. For the photons his receiver was correct he know the polarity of Alice's photon. Alice and Bob then have a shared secret to use as a key. If Eve intercepts the photons she has to both read the photons and pass them on to Bob. If her detector is set up on the diagonal and Alice sends an up/down polarized photo Eve won't know the polarization and can't send the correct photon on to Bob. However if there are multiple photons, Eve can split them up and test them individually. With 8 photons Eve has a 63 in 64 chance of knowing the photons polarity and 255 out of 256 chance of fooling Bob well enough for her attack to go undetected.
For the entire thing to work either you have to send multiple photons and have them boosted or you send one and the repeaters know Alice's pattern of polarization. In the second case this pattern becomes a key that must be kept secret across every repeater. You may as well just give Bob this key.
Contractor vs Employee is about the level of control and independence. Control is: Who sets the hours, who owns the work place and the tools, who decides how a task will be solved, can you work for more than one person.
Uber driver, picking his own hours, driving his own car and even to some extent choosing the route to drive - contractor.
Cube dweller payed $150/hr, working 9 to 5, using a company computer - employee.
Most western governments use degree of control/independence as the measure for employee vs contractor and they can't enforce it because they are often the worst offenders for breaking it.
And that is why we need to call companies that do this stuff out and punish them. We need to reward companies that don't and also we need to appreciate companies like UL Benchmarks and Tech2.
If I have 10 well above engineers working 80+ hours on a well defined, well segmented project how many average programmers would I need to do the same job? My guess is, for many projects, you just can't do it. Some things just don't scale. Now imagine a project that has a two year deadline. If you slip the deadline hardware or the market will have moved and you will be forever trying to catch a moving target. For games or some hardware dependent products it's the only way a company will complete the project
I've sent my family away on vacation and had my dog live with me in my cubical. You get in the mindset that "I started this, I'm going to finish it". Often your moral and self worth is so beaten down you actually can't look for another job even if you had the time. I've noticed that companies that have 4+ months of crunch time often have a huge employee turn over after the project completes.
My advice, do it once. Learn as much as you can. Don't trust a work your managers say and then quit. Walk away. Don't worry about the promise of time off for the over time you worked or a share in the profit of the product. It will never happen. Quit, take what you learned, keep the friends you made at the time and find another job.
**Ross Video survivor 2000
We can sign things with just a hashing function. For key agreement and other fun things there are other problems that it appears a quantum computer can't solve. https://en.wikipedia.org/wiki/...
However, there are a number of problems:
1 - If the NSA records the handshake of your conversation today, they will be able to read your messages in the future when/if they build a quantum computer. I find this point very frustrating. So many people think they are safe as long as they adopt something before a quantum computer is built.
2 - Adoption is going to be very slow. Other than Supersingular elliptic curve isogeny, none of the other proposals are drop in replacements for what we do today. So the protocols will have to change.
3 - Performance and bandwidth - some of the new algorithms have similar computation requirements but many are more expensive, some require significantly more RAM and almost all require huge message sizes. Most of my work is with ZigBee and 21 byte ECC point representations are fine. 1K messages are going to be really hard. 30K will be impossible. The bandwidth will take nearly an hour, many $1 systems won't even have that much memory. Hell the power consumption to be awake to receive the message will kill some devices.
For RSA you don't actually have to factor the large composite number, you need to just know the period of the messages, which is what Shor's algorithm does.
In RSA you choose two large prime numbers p and q, and then publish n=(p*q) and e. e is a smallish usually prime number. Your private key is a number d such that e*d is congruent to 1 module (p-1)(q-1). (p-1)(q-1) is the number of coprime numbers to (p*q). Given a number M less than n that is coprime to n, if you raise that number to every different power less than (p-1)(q-1) and take the modulus n, you will get every coprime number of n. When you raise M to (p-1)(q-1) and take the modulus you will get 1 and when you raise it to (p-1)(q-1)+1 you will get M again.
(p-1)(q-1) is the number of coprimes to n and also the period of any M being raised to a power modulo n. In classical computing you would likely find p and q by factoring n and then calculate (p-1)(q-1). However, Shor's algorithm actually gives you the period. (You could then find p and q though)
A finite state machine is a two dimensional array. You have your states and you have your events. Depending on your state you react to the events differently. If you write out your state machine on paper it should be obvious which {state, event} you have missed or implemented incorrectly. Yet I see so many state machines that:
don't have a variable stating what state they are in
have variables called previous state and current state
have state names that are the action they intend to perform (usually you do something (transition) and then wait for something, hint your state name should probably be what you are waiting for)
but the worst offenders are the ones that try and infer the state they are in based on only the event. javascript coders who try and make everything restful are the worst offenders here but it looks like the libssh authors are also guilty. How the fuck do you get your server into a client state? The only possible way is if you didn't actually define different states for client and server.
Most of these devices are running ZigBee. ZigBee is a suite of "layers". The MAC layer is 802.15.4, network is ZigBee Pro, the application is a binary format call ZigBee Cluster Library. (Google is pushing Thread which is 802.15.4, Thread network layer, ZigBee cluster library for the application). ZigBee Smart Energy is the variant in your electric meter on the side of your house. It uses certificates, a long unique joining code, and a key agreement and certificate authentication scheme call EC-MQV to provide security. Thread has pretty good security, they use a Password Authenticated Key agreement and strong security at every level of communication. Unfortunately, in most other versions of ZigBee security is trumped by convenience.
These are running on sub $1 processors only doing very simple things like turning a light on or off. Even something as complicated as your dishwasher doesn't need an OS. I know this will horrify some programmers but you can actually schedule multiple things to happen in a single program and create something that is simpler, easier to debug and easier to get to 99% working without an OS.
Usually any extra security you add is going to hurt legitimate people who forgot their password/login. These people out number the crooks and a large army of them will be very upset if they can't reset their account with minimal effort. It's a balancing act for customer support but better to lose one account and restore 100 users who have are having trouble. Those support calls cost a lot and there is limited profit potential from them. Don't expect this problem to be fixed or even improve anytime soon.
If you don't like the current system of certificate authorities and certificate transparency (which google championed), please tell me a better way for me to trust a site on the internet?
CAs are now audited and the auditing is getting much better. With certificate transparency I can check, near real time, every EV cert a CA issues. If they issue one in secret there is a high probability they will be caught.
Symantic should have been dropped a while ago, as they proved to be untrusted. They were just too big to drop immediately. (disclaimer. I worked for Entrust)
If I say "Hitler said "All Jews are evil"", and you quote me as saying "All Jews are evil". Then you are technically correct, I did say it, but that isn't a defense against slander, in almost every country excluding the USA. You stated the truth but did so in a way that was intentionally misleading and intentionally done to hurt me. This is the same thing here. In the presentation (and you only have the slides), he was contrasting the two statements. He could have said one of these statements is true: 1 + 1 = 3 or 2 + 2 = 4. If you call him an sexist for saying 1 + 1 = 3 then I'm pretty sure you are committing slander.
The engineering team likes those extra options because it helps us debug things. Manufacturing likely doesn't understand it so they leave it enabled because it makes the diagnostics easier. The people who do understand it have told manufacturing at least once a month that they will have to disable it when "real production" for external customers begins but every new product launch it gets forgotten.