Slashdot Mirror


User: raymorris

raymorris's activity in the archive.

Stories
0
Comments
10,114
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,114

  1. so many types optical transistors on Light-Based Memory Chip Is First To Permanently Store Data · · Score: 1

    There have been so many types of optical transistors which have demonstrated POC, I'm sure some designs will have low consumption. Certainly there will be other problems .

  2. releasing classified info illegal since before USA on Government Finds New Emails Clinton Did Not Hand Over · · Score: 0

    > it was not illegal at the time

    Releasing classified information has been illegal since before laws were written down. Caesar would have executed her. At one time Hilary tried the defense that she didn't MARK the emails "classified". Failure to mark the document properly doesn't make releasing the information legal. Never did.

  3. essentially the same way you do so electronically on Light-Based Memory Chip Is First To Permanently Store Data · · Score: 1

    You can do so the same way you address electronic memory, or come up with better ways. Computers are basically lots and lots of transistors. A dozen different types of optical transistors have been demonstrated.

    After essentially duplicating current designs, but replacing electrons with photons, you can then eleminate some bottlenecks which are there due to the properties of electricity which don't apply to photons. That gives you a Oarm - an ARM-type design optimized for optical. Then you start revisiting some of the design assumptions in order to take full advantage of the benefits of optical logic.

  4. whose email box? Who all did she send confidential on Government Finds New Emails Clinton Did Not Hand Over · · Score: 1

    Whose boxes should they look in? Who all did she send confidential information to? Should they look at my email and yours to see if she sent us information which was classified? Her powerful friends over in Saudi Arabia , should investigators look in there computers to see what she sent them?

  5. No on Light-Based Memory Chip Is First To Permanently Store Data · · Score: 1

    >. How many bits does their chip store? Three? Five?

    Eight bits per cell (as opposed to one bit for current ram). So neither three nor five.

    > How many optical components / lasers are we talking here

    The light-supply replaces the electrical power-supply. So at least the same number of LEDs as current systems have power supplies - one.

  6. Oops. Duh. Ignore the first line of my post. on Chrome For Android's Incognito Mode Saves Some of the Sites You Visit · · Score: 1

    Oops, I said "it took Google 16 months to fix." No, that was a Firefox bug. It took the Firefox team about 16 months. So that's an example where OSS wasn't super-fast, though it was much faster than the 5-10 years it sometimes takes to fix known problems in IE.

  7. 16 months until fixed. If Chrome dev were open ... on Chrome For Android's Incognito Mode Saves Some of the Sites You Visit · · Score: 1

    The bug you refer to took Google 16 months to fix. That's the measurement being discussed in the famous ESR quote. If Chrome were developed b an open community, Adblock Plus (or anyone else) could have fixed it sooner, rather than waiting for Google to do it.

    How many bugs exist is an entirely different question, how soon bugs are noticed is a third question. My experience (20 as a professional developer) suggests that bugs are noticed right away when you have a good automated test suite, and the code is written to be testable.

    Bugs are avoided by peer review and highly competent developers, along with a culture of doing it right the first time, rather than doing it sloppy and thinking "we'll fix it later." That culture is can be promoted in several ways. One of the most effective things to motivate me to do excellent work has been knowing that my code would undergo thorough peer review - I don't want to look like an idiot by submitting poor code. Rather, I want to be proud of what I wrote when other people look at it. That's why I instituted peer review at my last two jobs. I learned about the power of peer review, even for veteran programmers, from open source projects where at least two or three other programmers would review my commits before they were integrated. I submitted good code, peer review made it better. So my experience supports an extension of ESR's statement- given enough eyeballs, fewer bugs will make it to release. Dumping closed code an slapping a FOSS license on it won't magically fix it. A open, collaborative development model as used by the Linux kernel, Apache, or Moodle does improve quality.

    There is an interesting side note. I said that a culture of doing it right the first time improves quality. A huge mess that's nearly impossible to maintain and debug is created with a culture of "Do whatever seems to kind of work, we'll fix it later" . The latter statement is Agile. Quality code, doing it right the first time is almost the exact opposite of Agile.

  8. the assertion is bugs are shallow. This fixed on Chrome For Android's Incognito Mode Saves Some of the Sites You Visit · · Score: 2

    The assertion that ESR makes is that when many people look at a bug, for one of them it will be an "easy" bug, someone will see the issue quickly, and it can therefore be fixed quickly. This bug is already fixed, so it supports his assertion.

    Compare IE. The bugs in IE handling of "Vary" were well known and documented for FIVE YEARS before it was partially fixed. As another example, for over a decade, servers had to speak http 1.0 to IE and http 1.1 to every other browser because IE's handling of http was so broken. So 5-10 years to fix serious documented a bug in IE, several hours to several days for Chrome.

  9. Pauley's ruling was overturned on appeal on Police Program Aims to Pinpoint Those Most Likely to Commit Crimes · · Score: 1

    You've cited three cases, none of which support your claim.

    One ruling that those specific plaintiffs hadn't shown standing to sue. That case didn't reach the legality of the program- the discussion didn't that far.

    Another citation you provided was what I mentioned- the court declined a motion for an order of the court ordering changes to the program because Congress was voting on those details. The court didn't say it was okay, the court said the judge didn't need to determine the details of how to fix because Congress was busy doing that already.

    Lastly, Pauley was overruled by the appeals court after his 2013 decision in trial court. That case didn't end up ruling that it was legal, in the end.

    You're right that SCOTUS will probably end up ruling on the new program.

  10. Only three banks. Interesting on Curbing the For-Profit Cybercrime Food Chain · · Score: 4, Informative

    The paper references an interesting conclusion from another paper:
    -----
            Levchenko et al. found that only three banks were responsible for accepting payments for 95% of the spam URLs .
            Brand holders impacted by fraud and trademark
    abuse can alert the credit card networks involved, resulting in
    merchant banks severing relationships with known criminals.
    McCoy et al. found that persistent brand holder intervention
    from 2011â"2012 disrupted payment processing for criminals
    for months at a time

    ----

    Those three banks certainly would be good targets, to --persuade- them to stop providing payment processing to spammers. The only US bank on the list is Wells Fargo.

  11. Actually the Court ruled it was ILLEGAL on Police Program Aims to Pinpoint Those Most Likely to Commit Crimes · · Score: 1

    > As what was done was deemed legal
    Actually it was ruled ILLEGAL.
    http://www.cnn.com/2015/05/07/...

    The ruling came a month before the Patriot Act was set to expire anyway, so the court chose to delay enforcement of the ruling while Congress decided what, if any, surveillance to authorize in some new law. In other words, the court could have said:

    "That's illegal. You must stop, and here are the details of what you must do and what you must not do ... You have 30 days to comply."

    Instead, the court ruled:
    "That's illegal. You must stop. Congress is busy working out the details right now, and that'll be done within 30 days anyway."

    The snooping which the court ruled was not authorized under the Patriot Act ended for a few hours when P. Act expired on a Tuesday morning. Later that day, Obama signed the USA Freedom Act, which said the NSA can't store the records, the phone companies must store them and respond to specific queries from the NSA.

  12. Re:cert isn't required for secrecy, only authentic on Obama Administration Explored Ways To Bypass Smartphone Encryption · · Score: 1

    > Without authentication, how do you know it's *me* doing the DH negotiation on the other end?

    Because your user name is right at the top of your post. And we've never shared a secret. What I don't know is your birth name. Even better, we can use DH in a crowded room. We can shout secrets to each other*, and without any pre-arranged key we can exchange secret messages, impenetrable to everyone else in the room. I know it's you I'm talking to because I can see you.

    If a man-in-the-middle has the ability to CHANGE our communications, not just read them, than yes as far I'm concerned that MITM _is_ N. Criss. DH protects against _eavesdropping_, it does not provide authentication. Signed certs provide authentication.

    * Shouting secrets in a crowded room such that anyone overhearing them can't decipher them may seem contrived. Yet that's exactly what wifi is. Although anyone within wifi range can pick up the signal, they can't decrypt it. Which is neat in the case where you've never been on the network before, so you never privately shared a key with the access point.

  13. RAID6 The House on Obama Administration Explored Ways To Bypass Smartphone Encryption · · Score: 1

    Let me state one more time, as a policy matter we should assume that anything that allows the good guys in can also allow the bad guys in. That's a foundational assumption and why I don't install a control panel like CPanel on my servers.

    As a mathematical puzzle, it's interesting to note that's an assumption. It's not NECESSARILY true.

    Here's a very rough draft of one approach, just for fun. At the end I'll show how it can be made more secure by combining it with other approaches.

    Consider, it is possible using RAID6-like techniques to split up a chunk of data into different places such that in order to recover the whole, you have to acquire 6 pieces out of 8. (Ie your data is still there even if two drives fail, but you must have at least 6 drives). With XOR across the drives, if you have fewer than the required number of drives, you can learn NOTHING about the data other than it's maximum size. That's trivially provable. So we have a system in which to retrieve the key, you must possess n of the m masks, and fewer than n masks does you no good at all.

    If those m masks are held by m different people, you have to get masks from n of them in order to reconstruct the key. You can chooee m and n. So maybe you decide you want 435 masks, and and 400 of those can be combined to compute the key. You send each mask to a different person, so reconstructing your key requires that 420 of those people cooperate (or 420 of them get hacked) . This is known and time-tested, it's just RAID reworded.

    So IF you can find 435 people such that you can trust that SOME of them would refuse to cooperate with an illegal and unjust action, you have a mathematically sound method to store your secrets. Your key can only be revealed if 420 of the people you trusted collude - and probably if there were something untoward going on, at least one of them would snitch, revealing the plot. (Modulo physical-world concerns like having all of the mask-holders share a trojaned model of hard drive).

    Now we just need to pick 435 people such that they won't all agree to do the same crime together, without anyone spilling the beans. Members of the house of representatives are elected every two years and they RARELY all agree on anything. So some might say that if all the reps agree that a certain phone should be decrypted, it's probably okay to do so. You can probably come up with better ways to pick people who can slightly trusted. Again, you don't have to trust any one of them, you only have to trust that if they ALL agree, ot can be decrypted.

    We might note here that if the entire US House is out to get you, you're fucked anyway.

    Now we can combine that with other techniques for better security. Perhaps you don't make a key available this way, only the first 1024 bits of a 2048-bit key. So if all members of the house agree, they can give the DOJ PART of your key. With the first half of the key, the DOJ only has to use a million computers for 24 hours to break the second half. I suspect that wouldn't be abused to often.

    Again, I wouldn't want to actually implement this. The US government has been really bad at implementing anything. It's an interesting puzzle to think about how to improve upon the general idea I laid out above, though.

  14. You just used the method in your example! on Police Program Aims to Pinpoint Those Most Likely to Commit Crimes · · Score: 1

    In the article one of the critics describes the general approach as:

    âoeBecause you live in a certain neighborhood or hang out with certain people, we are now going to be suspicious of you"

    So it's suspicion based on who you associate with. If you hang out with gang members, you might act like a gang member.

    Notice you called it "NSA, CIA, and FBI violations of the Constitution ". You didn't ascribe those crimes to isolated individuals. Instead, you're suggesting that many people involved the NSA have done wrong, THEREFORE other people involved with NSA are likely to do the same kinds of things. That's exactly the same approach they are using.

    Because we know that some NSA leadership has violated our rights, we should keep a close eye on any new NSA leadership, because they might also violate our rights. It works. And it's common sense.

  15. yep. Tracking guns is similar, but simpler on Obama Administration Explored Ways To Bypass Smartphone Encryption · · Score: 1

    The use of paper and manually doing work in your scenario reminds me of how guns can be tracked to people, but not vice versa, in Texas and other states without registration.

    Given the serial number of a gun found at a crime scene, the cops can ask the manufacturer which wholesaler they sold the gun to. They then ask the wholesaler which store they sold it to. They then ask the store which individual they sold it to. So they can answer the question "who bought this gun?", but can't answer "does raymorris own a gun?"

  16. cert isn't required for secrecy, only authenticati on Obama Administration Explored Ways To Bypass Smartphone Encryption · · Score: 2

    No trusted root certificate is required in order to have a secret, encrypted conversation over a public medium. We could post secret messages to each other using Diffie-Hellman right here on Slashdot.

    Root certificates are for authentication- knowing my real name rather than just my Slashdot userid raymorris.

  17. fair use considers 4 points. Is it commercial? on Court Rules Batmobile Is Entitled To Copyright Protection · · Score: 2

    In the US, at least, courts must consider at least four points when considering fair use. One of those is whether or not the use is commercial in nature - whether it's being sold.

    That's not the sole deciding factor, but it is one of four factors which the court is required to consider.

  18. practically true. Interesting theory $10 million b on Obama Administration Explored Ways To Bypass Smartphone Encryption · · Score: 4, Interesting

    For purposes of making policy, we should absolutely assume that if the government can get in, so can the bad guys. (Ignoring the fact that sometimes the government IS the bad guys).

    Having said that, it's an interesting intellectual exercise to consider that's not NECESSARILY true. For example, each year the encryption could be increased with a longer key, such that at any given time it costs about $1 million in computer time to decrypt a phone. The government could easily spend a million, or ten million, to decrypt Bin Laden's laptop, but nobody is going to spend a million or ten million to decrypt yours or mine.

    I'm not suggesting that's actually a good idea in terms of policy , just an interesting puzzle to think about.

    Also, years ago we thought it was impossible for you and, who have never met before, to publicly post messages to each other in such a way that nobody else could decrypt them - without ever talking privately to share an encryption key. Now, we use Diffie-Hellman every day to do exactly that, as part of https. We thought it was impossible to share a secret on a public forum (or network) without everyone else on the forum being able to read the secret, but we were wrong. Diffie and Hellman invented a way. Theoretically, it's entirely possible to invent something that allows access only to authorized individuals, with a public audit trail. We haven't invented it yet. Block chains like Bitcoin uses suggest that encryption can be tied to a publicly accessible log, so we know whose data they decrypted, or at least how many they did.

  19. real questions? on Misusing Ethernet To Kill Computer Infrastructure Dead · · Score: 1

    > Do those ethernet filters in surge protectors provide sufficient protection against lightning strikes?

    How close is the lightning strike? Very few things will protect against a direct strike to the antenna. If lightning actually hits a nearby tree, it will induce a powerful current in the antenna. That's what you can protect against. More protection is effective for closer strikes. A lightning rod can reduce the risk of a direct strike to the antenna.

      > What's the best way to isolate the antenna from the rest of the network? Air-gap it with a wireless transmitter and receiver in the same box?

    You could air gap at a convenient point. A different type of air gap is normally added to the coax. This is a tiny gap to a thick ground connector. Lightning jumps the gap.

  20. so you knew better and INTENTIONALLY misled? on Michigan Sues HP Over Decade Long, $49 Million Incomplete Project · · Score: 1

    So you KNEW that what you implied was false, and made the implication anyway? Yep, sounds like a liberal.

  21. yeah doing it in my head, I moved the decim on Bitcoin Ponzi Scheme Operator Pleads Guilty To $150M Fraud · · Score: 1

    You're right. Doing the math in my head, I put the decimal point in the wrong place.

    I intended to be helpful, not be a jerk. If an adult doesn't see the power of compounding, either the monthly compounding they're paying on a credit card or the compound returns they could be earning, there is a opportunity for them to benefit considerably by gaining an understanding of how it works.

    Certainly you, understanding the math, wouldn't say you'd want people to be blind to the true cost of their Capital One card?

  22. stupidity is popular, but not required on Bitcoin Ponzi Scheme Operator Pleads Guilty To $150M Fraud · · Score: 1

    > ALL the people doing the real work and producing all of the real goods and services in the economy struggle under a debt burden

    If you don't have extra money to throw away, wasting your money on debt service is stupid.* Many people do that, but certainly not ALL. Some of us were taught how to make a budget. Personally, I was taught in a Dave Ramsey class, after I spent half my life doing stupid.

    * Because houses generally INCREASE in value over time, borrowing to help buy the house you need anyway may not be stupid. The equity increase each year should more than offset the interest.

  23. It's insignificant and makes banks $150 billion on Bitcoin Ponzi Scheme Operator Pleads Guilty To $150M Fraud · · Score: 1

    > Especially now we have an interest rate at nearly zero percent and inflation higher than that,

    So interest is an insignificant amount of money.

    > "compound interest" is just an easy way to support those poor starving bankers.

    Which covers the $150 billion profit that banks make each year, along with all of their expenses.

    Pick one.

  24. compounding. 3000% on Bitcoin Ponzi Scheme Operator Pleads Guilty To $150M Fraud · · Score: 1

    If the interest is paid every three days, on day 4 you're getting interest on your interest. On day 8, you're getting paid interest on the interest on the interest. At the end of a year, you've made thousands of percent. Compound interest is very powerful and it's how the vast majority of millionaires become millionaires.

    You put in a little bit of money and over time your money makes money, and that money makes more money, which in turn makes even more money. If you don't "get" the power of compounding, PLEASE look it up. It's one of the most powerful forces which affects your financial security.

  25. Actually no. 3 years AFTER Carly, HP bought EDS on Michigan Sues HP Over Decade Long, $49 Million Incomplete Project · · Score: 2

    Actually , no. HP wasn't involved this deal until three years after Carly left. In 2005, EDS made the contract with the state. The same year, Carly left HP. Three years after that HP bought EDS in 2008.

    So trying to put this on Carly is a lot like blaming George Bush for Obamacare.