The only case I know of where an algorithm was actually backdoored was one of the random number generation schemes... The algorithm in question happens to be (IIRC) quite fast.
The random number generator, Dual_EC_DRBG is actually very very slow. If it wasn't pushed so hard, nobody would willingly use it.
In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.
In addition to fixing the S-boxes as you described, they also recommended reducing the key size, which made the algorithm weaker and shorter lived.
Dual_EC_DRBG was required for FIPS 140-2 certification, which is required for software that is used to protect sensitive-but-unclassfied information by the US government. So there is some conflict between the two goals above.
Which DANE and CT both solve. DANE, by simply putting an RR in DNS. CT, by watching every certificate ever made and contracting someone/some-system to look for certs issued to your domain. DANE can be rolled out domain by domain, but CT only fully works when every CA in the world is onboard.
I only brought Google into this because the GP mention that DANE was being promoted at the expense of sovereign keys. Their refusal to include their already written DANE code (and Mozilla's refusal to ever add any actually useful features) leaves the whole world trusting every CA due to politics.
DANE isn't being promoted, either, because Google's all excited about Certificate Transparency and is pushing it hard. CT is nice, but it (like hardcoded certificate pinning in Chrome) is foremost a solution for Google's specific needs. They solve subtly different problems and shouldn't need to be exclusive.
HPKP is nice, but it takes place in-channel and is very subject to MitM on first contact.
Until we come up with a better fix for the whole CA system, browser support for DANE would be a huge step in the right direction. Especially, the type 2 (Trust anchor assertion) records would be helpful. So Google could say that only certificates issued by their own CA are legitimate. Or any site owner could publicly restrict trust to the CA that they actually get their certs from (or just specify a particular cert).
There will have to be a driverless car only lane, not simply HOV, or it will suffer from the same fate as HOV lanes and passing lanes today: 90% of traffic are willing and able to travel smoothly at a fast rate and a few cars are camped out in the left lane, driving well below the flow of traffic and refusing to yield.
Driverless cars will be great for people not wanting to spend their waking time operating a vehicle, but smooth traffic won't happen unless the traffic is segregated or all cars are driverless.
Building there was a zoning violation anyway. Think of it as random and overwhelming enforcement of municipal ordinances!
On a serious note, simply having the transmitting electronics powered by a coaxial beam from the receiver (that is itself initially powered by a low power pilot beam from the satellite) seems like it would be an effective interlock to prevent a wandering beam.
From what I've seen, though, it's difficult to make a very tightly focused beam that doesn't lose much of its power to the atmosphere. It's more efficient to use a diffuse downlink beam and a large collection array at the ground, so a wandering beam wouldn't really do much damage.
Unfortunately, most people (including geeks) still have an alarming lack of curiosity and will be perfectly content to say "WTF?" and never even attempt to discover what an unfamiliar term refers to.
It's a $6000-12000 tent that sleeps four and needs to be towed by a truck. For that cost, you could fill a similar sized trailer up with (non-rigid) tents and sleep hundreds of people.
Too bad the response isn't to just be a bit more reserved with the home invasions. The number of people who would shoot at a cop knocking on the door must be smaller than the number of people who would shoot at masked, often unannounced assailants storming their house.
Do the police in Europe regularly raid houses without any prior investigation?
Keep in mind that it's purely a monetary win, though. Even though you own the modem, they completely control it and can (and do) reflash its firmware. You should still treat it as a potentially hostile device on your network.
There are other limitations, too, like Comcast's refusal to sell you static IP addresses unless you rent a modem from them.
At least in the US, we'll see rioting and the very imminent threat of mass scale starvation before anything like UBI comes into play. I think Luddite-style robot smashing and a descent from an automated technological society will happen before our 'betters' part with a shiny penny of their hoard. (In typical idiot revolution fashion, the robots that could provide for us all will be targeted before the robot's masters who are keeping the productivity to themselves.)
Even that argument is pretty lame, though. They specifically wrote Portal into the Half-Life universe, so the new gimmicky physics thing for Episode 3 could have just been the portal gun. It was practically all laid out for them. They could still cash in on that today.
Even the ending (or the segue into HL3) doesn't have to be that great. The story behind HL has always been a bit cobbled together.
I wonder if Gabe is somehow misremembering HL as much more than it ever was and only wants to follow it with a masterpiece.
That they don't do this makes me think they have something planned.
This failure to continue the series is pretty much the only source of hype surrounding Half-Life. The expectations are so low, it seems like the only reason to not make HL3 or HL2 ep3 is that they must be planning something amazing.
Episode 3 could have easily just been a continuation of episode 2 with the portal gun or HDR. Hell, they could release that right now and it would be very successful. The actual story in HL has always been pretty tepid anyway... so does the Combine take over Earth or not? No big deal either way. This isn't like Mass Effect, where the story was actually epic and central to the series. They could just lead up to another cliffhanger and they'd be fine. There are almost no expectations for a mind-blowing Episode 3.
SD card write switches don't physically interrupt the write circuit. They only provide an instruction to the card reader to not write (if that contact in the card slot is even present, which isn't always so). The implementation of write-protect is usually in software, too.
The SD card write switch is a bit like the write protect tabs on old cassette tapes: a polite request to a well behaved reader.
That's a fucked up way of amending a constitution anyway. A ballot to amend a constitution should contain the actual text that will be amended to the constitution. If the purported reasoning for the amendment (eg, to make Georgia more economically competitive) is going to be on the ballot, then different interpretations should be included from opposing groups.
That may be true, simplistic game theory wise, but there are secondary effects caused by voting for a candidate whose platform you disagree with. Voting for "lesser evil A" because you don't like "greater evil B" makes A think that he has popular support for his platform (and tacit support for the more nefarious parts of his platform). You've now given an "evil" candidate a mandate.
You're better off voting for "wingnut C" (who takes votes away from "greater evil B") than "lesser evil A". Voting for C deprives B of votes while still disapproving of A.
I've always been a little astounded at the general acceptance of marketing campaigns that are directed toward children. It's hard to see how the existence of teams of highly educated and extremely well funded adults who's job is to most effectively manipulate the minds of young children for profit is anything other than profoundly unethical and malevolent.
Targeting adults with marketing is pretty sleazy, but targeting little kids seems more than a little fucked up.
Some tribes are better run than others, with better results to show for it. Adapt or die.
I'm in the same boat, heritage-wise. My nick here was supposed to be a jab at my tribe's early assimilation into European culture (it seemed way more clever when I was a kid), but ultimately it was assimilation that led my tribe to be much better off than many others, even if we are much more "white".
Efforts like the one in the article are less about preserving failing tribes and cultures and more about assimilating their individuals into our own. Hopefully, they bring the good aspects of their culture with them and we are all richer from the process. Part of the reason that they're still stuck in a failing culture is because their lack of education limits their mobility and independent growth.
That's the purpose of "two-factor authentication", but not the purpose of any single factor. Yahoo is replacing the single factor "something you know" with "something you have", which is possibly an upgrade in security.
The factors themselves aren't equivalent in terms of security. "Something you have" is much easier for a normal person to secure than "something you know". That's why houses and cars use keys and office buildings use keycards and not codes. People (on average) are pretty decent at holding onto their phone and horrible at keeping their password safe (even if they pick a good password, which they wont).
One of my professors said that he wanted a bracelet with all of his pre-med students' names on it and instructions to never let any of them treat him. After a few semesters of TAing them, I have to agree!
If you're interested in reading papers outside of your area of expertise, this is what I'd recommend. Firstly, don't read the paper from front to back. Contemporary journal articles are way too dry for that and you likely don't care about all of the sections (eg, the experimental methods).
Read the abstract to determine if you are actually interested in what the paper is going to discuss. The abstract will also give you a decent idea of who the writer considers to be their audience; if the abstract is completely and totally over your head, you're not likely to understand most of the paper.
After that, you can skim the introduction to get a grasp of the context (and read any introductory subsections that you aren't familiar with or are fascinated by).
In my field (and many/most others?), the story is generally told through figures of data and their captions. Generally, you can inspect the figures and captions and get a very good idea of what the paper is saying and what they're basing their conclusions on. You can jump to parts of the discussion section if you want more information than the captions are providing.
The conclusions section ties it all together, but too often that section is just a wordier restatement of the abstract. The conclusions are also where you're most likely to find the speculative crap that excites journalists and potential sources of funding.
If you're really into the topic, or it's in your field, you can dive in and read the sections that interest you, but a well crafted scientific paper should be able to tell the whole story through the figures and captions.
How about we all unite to hold our representatives accountable for their actions, regardless of their party affiliation or whether we consider them to be on "our team"? Using party politics to excuse a lack of integrity is completely fucked up thinking. When everybody is happy to let their team off the hook for bad behavior, we (obviously and predictably) get bad behavior across the board.
To be fair, all of the negative comments relate to the the claim that, "Even though it is made up almost entirely of plastic, he says that it could function as a replacement for the real thing."
Had the article writer not said that (he must have misinterpreted the builder, a mechanical engineer who seems to know how transmissions work), and the submitter here not misrepresented it even further, the comments would likely be much different. It's all in the presentation. ErnieKey chose to present it as a drop-in transmission, which is not the way the article portrays it.
Slashdot Mirror
The only case I know of where an algorithm was actually backdoored was one of the random number generation schemes... The algorithm in question happens to be (IIRC) quite fast.
The random number generator, Dual_EC_DRBG is actually very very slow. If it wasn't pushed so hard, nobody would willingly use it.
In other cases (DES I think??? I could be wrong.) the NSA recommended some oddball changes. No one could find a negative consequence of them so they went in - a decade or so later, it turns out that the original implementation of DES DID have a cryptographic flaw and the NSA recommendations fixed that.
In addition to fixing the S-boxes as you described, they also recommended reducing the key size, which made the algorithm weaker and shorter lived.
Dual_EC_DRBG was required for FIPS 140-2 certification, which is required for software that is used to protect sensitive-but-unclassfied information by the US government. So there is some conflict between the two goals above.
Which DANE and CT both solve. DANE, by simply putting an RR in DNS. CT, by watching every certificate ever made and contracting someone/some-system to look for certs issued to your domain. DANE can be rolled out domain by domain, but CT only fully works when every CA in the world is onboard.
I only brought Google into this because the GP mention that DANE was being promoted at the expense of sovereign keys. Their refusal to include their already written DANE code (and Mozilla's refusal to ever add any actually useful features) leaves the whole world trusting every CA due to politics.
This looks interesting. Thanks.
DANE isn't being promoted, either, because Google's all excited about Certificate Transparency and is pushing it hard. CT is nice, but it (like hardcoded certificate pinning in Chrome) is foremost a solution for Google's specific needs. They solve subtly different problems and shouldn't need to be exclusive.
HPKP is nice, but it takes place in-channel and is very subject to MitM on first contact.
Until we come up with a better fix for the whole CA system, browser support for DANE would be a huge step in the right direction. Especially, the type 2 (Trust anchor assertion) records would be helpful. So Google could say that only certificates issued by their own CA are legitimate. Or any site owner could publicly restrict trust to the CA that they actually get their certs from (or just specify a particular cert).
There will have to be a driverless car only lane, not simply HOV, or it will suffer from the same fate as HOV lanes and passing lanes today: 90% of traffic are willing and able to travel smoothly at a fast rate and a few cars are camped out in the left lane, driving well below the flow of traffic and refusing to yield.
Driverless cars will be great for people not wanting to spend their waking time operating a vehicle, but smooth traffic won't happen unless the traffic is segregated or all cars are driverless.
Yes, and the drone that delivers it will never make it back to base.
Building there was a zoning violation anyway. Think of it as random and overwhelming enforcement of municipal ordinances!
On a serious note, simply having the transmitting electronics powered by a coaxial beam from the receiver (that is itself initially powered by a low power pilot beam from the satellite) seems like it would be an effective interlock to prevent a wandering beam.
From what I've seen, though, it's difficult to make a very tightly focused beam that doesn't lose much of its power to the atmosphere. It's more efficient to use a diffuse downlink beam and a large collection array at the ground, so a wandering beam wouldn't really do much damage.
Unfortunately, most people (including geeks) still have an alarming lack of curiosity and will be perfectly content to say "WTF?" and never even attempt to discover what an unfamiliar term refers to.
It's a $6000-12000 tent that sleeps four and needs to be towed by a truck. For that cost, you could fill a similar sized trailer up with (non-rigid) tents and sleep hundreds of people.
Too bad the response isn't to just be a bit more reserved with the home invasions. The number of people who would shoot at a cop knocking on the door must be smaller than the number of people who would shoot at masked, often unannounced assailants storming their house.
Do the police in Europe regularly raid houses without any prior investigation?
Keep in mind that it's purely a monetary win, though. Even though you own the modem, they completely control it and can (and do) reflash its firmware. You should still treat it as a potentially hostile device on your network.
There are other limitations, too, like Comcast's refusal to sell you static IP addresses unless you rent a modem from them.
At least in the US, we'll see rioting and the very imminent threat of mass scale starvation before anything like UBI comes into play. I think Luddite-style robot smashing and a descent from an automated technological society will happen before our 'betters' part with a shiny penny of their hoard. (In typical idiot revolution fashion, the robots that could provide for us all will be targeted before the robot's masters who are keeping the productivity to themselves.)
Even that argument is pretty lame, though. They specifically wrote Portal into the Half-Life universe, so the new gimmicky physics thing for Episode 3 could have just been the portal gun. It was practically all laid out for them. They could still cash in on that today.
Even the ending (or the segue into HL3) doesn't have to be that great. The story behind HL has always been a bit cobbled together.
I wonder if Gabe is somehow misremembering HL as much more than it ever was and only wants to follow it with a masterpiece.
That they don't do this makes me think they have something planned.
This failure to continue the series is pretty much the only source of hype surrounding Half-Life. The expectations are so low, it seems like the only reason to not make HL3 or HL2 ep3 is that they must be planning something amazing.
Episode 3 could have easily just been a continuation of episode 2 with the portal gun or HDR. Hell, they could release that right now and it would be very successful. The actual story in HL has always been pretty tepid anyway... so does the Combine take over Earth or not? No big deal either way. This isn't like Mass Effect, where the story was actually epic and central to the series. They could just lead up to another cliffhanger and they'd be fine. There are almost no expectations for a mind-blowing Episode 3.
SD card write switches don't physically interrupt the write circuit. They only provide an instruction to the card reader to not write (if that contact in the card slot is even present, which isn't always so). The implementation of write-protect is usually in software, too.
The SD card write switch is a bit like the write protect tabs on old cassette tapes: a polite request to a well behaved reader.
That's a fucked up way of amending a constitution anyway. A ballot to amend a constitution should contain the actual text that will be amended to the constitution. If the purported reasoning for the amendment (eg, to make Georgia more economically competitive) is going to be on the ballot, then different interpretations should be included from opposing groups.
That may be true, simplistic game theory wise, but there are secondary effects caused by voting for a candidate whose platform you disagree with. Voting for "lesser evil A" because you don't like "greater evil B" makes A think that he has popular support for his platform (and tacit support for the more nefarious parts of his platform). You've now given an "evil" candidate a mandate.
You're better off voting for "wingnut C" (who takes votes away from "greater evil B") than "lesser evil A". Voting for C deprives B of votes while still disapproving of A.
I'll just go ahead and blame my poor grammar above on old GI Joe commercials.
I've always been a little astounded at the general acceptance of marketing campaigns that are directed toward children. It's hard to see how the existence of teams of highly educated and extremely well funded adults who's job is to most effectively manipulate the minds of young children for profit is anything other than profoundly unethical and malevolent.
Targeting adults with marketing is pretty sleazy, but targeting little kids seems more than a little fucked up.
Some tribes are better run than others, with better results to show for it. Adapt or die.
I'm in the same boat, heritage-wise. My nick here was supposed to be a jab at my tribe's early assimilation into European culture (it seemed way more clever when I was a kid), but ultimately it was assimilation that led my tribe to be much better off than many others, even if we are much more "white".
Efforts like the one in the article are less about preserving failing tribes and cultures and more about assimilating their individuals into our own. Hopefully, they bring the good aspects of their culture with them and we are all richer from the process. Part of the reason that they're still stuck in a failing culture is because their lack of education limits their mobility and independent growth.
That's the purpose of "two-factor authentication", but not the purpose of any single factor. Yahoo is replacing the single factor "something you know" with "something you have", which is possibly an upgrade in security.
The factors themselves aren't equivalent in terms of security. "Something you have" is much easier for a normal person to secure than "something you know". That's why houses and cars use keys and office buildings use keycards and not codes. People (on average) are pretty decent at holding onto their phone and horrible at keeping their password safe (even if they pick a good password, which they wont).
One of my professors said that he wanted a bracelet with all of his pre-med students' names on it and instructions to never let any of them treat him. After a few semesters of TAing them, I have to agree!
If you're interested in reading papers outside of your area of expertise, this is what I'd recommend. Firstly, don't read the paper from front to back. Contemporary journal articles are way too dry for that and you likely don't care about all of the sections (eg, the experimental methods).
Read the abstract to determine if you are actually interested in what the paper is going to discuss. The abstract will also give you a decent idea of who the writer considers to be their audience; if the abstract is completely and totally over your head, you're not likely to understand most of the paper.
After that, you can skim the introduction to get a grasp of the context (and read any introductory subsections that you aren't familiar with or are fascinated by).
In my field (and many/most others?), the story is generally told through figures of data and their captions. Generally, you can inspect the figures and captions and get a very good idea of what the paper is saying and what they're basing their conclusions on. You can jump to parts of the discussion section if you want more information than the captions are providing.
The conclusions section ties it all together, but too often that section is just a wordier restatement of the abstract. The conclusions are also where you're most likely to find the speculative crap that excites journalists and potential sources of funding.
If you're really into the topic, or it's in your field, you can dive in and read the sections that interest you, but a well crafted scientific paper should be able to tell the whole story through the figures and captions.
How about we all unite to hold our representatives accountable for their actions, regardless of their party affiliation or whether we consider them to be on "our team"? Using party politics to excuse a lack of integrity is completely fucked up thinking. When everybody is happy to let their team off the hook for bad behavior, we (obviously and predictably) get bad behavior across the board.
To be fair, all of the negative comments relate to the the claim that, "Even though it is made up almost entirely of plastic, he says that it could function as a replacement for the real thing."
Had the article writer not said that (he must have misinterpreted the builder, a mechanical engineer who seems to know how transmissions work), and the submitter here not misrepresented it even further, the comments would likely be much different. It's all in the presentation. ErnieKey chose to present it as a drop-in transmission, which is not the way the article portrays it.