If it's something that needs to last for more than the next five years, give strong consideration to hardcopy. For instance, I keep ASCII dumps of my PGP public and private keys stored in a bank safe deposit box. I keep one key, and my attorney has the other. That way, in the event that a fire sweeps through my house and destroys all my media (even my backup media), I'll still have copies of the important stuff.
I've got a six-month-old copy of a codebase I'm working on printed out and stored in that safe deposit box as well, so that if a disaster happens I don't lose six months of my coding lifetime.
For the record, I laserprinted all of it onto 25%-cotton acid-free paper. It'll still be around and legible for decades, even centuries, to come.
Look at the facts: if it went up X distance and then came down, that means it didn't have enough energy to hit Earth's escape velocity. So how, praytell, did it get enough energy from skidding off the atmosphere to go into deep space?
Secondly, there are hundreds of thousands of amateur astronomers worldwide who scan the skies every night with telescopes. If such a capsule did exist, why didn't the worldwide amateur astronomical community spot it?
Someone was yanking your chain.
There are no marooned space capsules in orbit. If there were, there'd be Web sites devoted to "Enter your latitude and longitude and receive the time of day when the Russian Graveyard flies overhead!"
Not quite. A generalized break against the discrete-logarithm problem will break RSA, yes, but breaking a specific subset of the discrete-logarithm problem will not.
My point still stands: there are lots of cryptographic methods available, and breaking one is very unlikely to bring the whole house of cards down.
To give a very simple example, consider the Soviet dissidents. They were, most certainly, committing crimes -- they were breaking Russian laws, which were quite legally adopted
To the American judicial mind, the Soviet dissidents lacked mens rea, or the specific criminal intent. Also remember that the United States considers the Bill of Rights to be politically absolutist: what the Bill of Rights recognizes, no legitimate government (in the eyes of classical US legal thought) can deny its citizens.
For instance, to the US legal mind, freedom of speech and religion are inherent human rights, and any government which seeks to deny this right is violating human rights and, thus, those laws are invalid.
So for dissidents such as Alexander Solzhenitsyn (whose name I'm grossly misspelling), according to American legal thought, he didn't commit a crime because the law he was accused of breaking was enacted in violation of his human rights, and thus, null and void.
The versions of GNAT that are shipped with Red Hat 7.0 don't work with Red Hat's GCC snapshot[*]. And since you can't recompile GNAT from sources without having a version of GNAT installed to bootstrap itself, that means GNAT is fundamentally and profoundly broken.
This was extremely displeasing to me when I first came across it, because I'm an Ada95 hacker.
[*] No offense meant, guys, but I don't like calling it GCC-2.96; it's not a sanctioned release, so I just feel more comfortable calling it a snapshot. That's not to say I think you guys made the wrong decision; as a C++ hacker, I'm far more pleased with your snapshot than with GCC-2.95.
In a democracy, is it not true that the people are always right?
Was it right for seven million Jews, gypsies, political dissidents, homosexuals and the like to be sent to the furnaces? After all, the people decided they wanted a leader who would decisively stand against the Jewish menace, who would eradicate the Jewish faith from Europe.
Short answer: of course it's not true.
The people are not always right. If they were right, Hitler wouldn't have been elected, nor would have Neville Chamberlain, nor would Korematsu v US have been decided the way it was.
As was pointed out in the movie Men in Black, a person is intelligent, compassionate, open-minded and often brilliant. But put ten of these persons together and what you get is people--a panicky, irrational, closed-minded animal.
Democracy is not built on the principle that "the people are always right". Democracy is build on the principle that "what the people want, they ought to get--and they ought get it good and hard!"
Can someone please explain to me why the hell I should care?
Sure. Read on.
First of all, if the goverment ever went bad (ie became undemocratic) then I don't think it would take them more than a week to set up whatever surveillance they wanted, no matter what their starting point.
Yep. This is why it is absolutely essential that the citizenry watch the government like hawks, to ensure the government doesn't go bad.
But that doesn't always work, either. Read on.
Maybe I'm being naive and ignoring history
You are.
but I find it hard to even consider this possibility because I just can't see how, in this time, in this part of the world, our goverment could be displaced or changed to something undemocratic
Check out recent history--very recent, actually. A lot of people forget this, or choose to ignore it, but the Weimar Republic of Germany had a well-educated public and a vigorous democratic tradition. However, in the 1930s this educated, literate public elected, by an overwhelming margin, Adolf Hitler to the position of Chancellor on a platform of racial hatred.
People knew he was going to turn Germany into a dictatorship. They didn't care. They liked what he was promising, and they liked having the Jews to blame for their current problems.
If you think that it can't happen in England, think again--it can happen anywhere. Even the United States, which in World War Two casually violated many of the most important precepts of our own Constitution in order to appease a citizenry which was panicking and demanding action. General DeWitt decided that sending all Japanese-Americans to detention centers would reassure the public, so he issued the order. Despite the fact that General DeWitt's order was blatantly, flagrantly unconstitutional, the Supreme Court of the United States declared this to be legal in Korematsu v US.
Do you think the United States, the self-described bastion of liberty and freedom, actually gave a damn that we were violating our most sacrosanct principles?
We didn't.
In fact, we didn't give it a second thought.
If Weimar Germany can throw everything away and walk headlong into oblivion after an insane dictator bent on destroying his nation as he attempts world domination...
... If the United States can piss on its own highest law, merely to appease a panicking populace...
No, he's shown your case to have more holes than a North Korean submarine. Whether or not they should be legalized is irrelevant; they are illegal, it is legal for them to be illegal (in that the courts have not overturned those statutes as unconstitutional), and that means if you break those laws without damn good cause, you're committing a crime.
You can talk about "should" all you like, but brother, if you think that selling crack isn't a crime, I know a few district attorneys who'd just love to have a word with you. Exceptionally strong words, backed up with force of law, if you've happened to have ever sold crack to someone.
If that's your moral definition of a criminal, great--I'm sure Charlie Manson doesn't consider himself to be a criminal, because according to him he didn't cause anyone any harm at all.
From a legal perspective, you're quite wrong. All that is required to be convicted in criminal court is for, (a), a law be broken, (b) it be established beyond a reasonable doubt that you were the one who broke this law, and (c) that you possessed mens rea ("criminal intent") in your action.
For instance, if I go barrelling down the highway at thirty miles an hour over the limit and run a few red lights, I've committed a criminal offense of, at the very least, reckless driving, endangerment of others, and so on. But if I'm barrelling down the highway at thirty miles an hour over the limit and run a few red lights in order to get to the hospital before my wife bleeds to death in the passenger seat, I haven't committed any crime at all--because I possessed no criminal intent, only the reasonable intent of a concerned husband.
After World War Two, the biggest threat to the United States (as perceived by the government) was found in the Soviet Bloc. The National Security Agency was born in large part to eavesdrop on Soviet traffic, in order that the US could enjoy a strategic advantage. If we knew what they were doing, we were in a better position to prevail against them.
The NSA pursued this mandate with zeal that bordered on the unholy. They conspired with long-distance carriers, with manufacturers of cryptographic equipment, with anyone who had a line of communication that a shred of Soviet traffic could likely be found on. They applied pressure, they bribed, they twisted the knife, they cut all kinds of sweetheart deals.
But today, the number one threat (in the eyes of the government) is no longer the Soviet Union. I don't know what Public Enemy Number One is nowadays, but you can be pretty sure the War on Drugs is getting close to top billing.
Why is it so surprising that the agency tasked with combatting the "nation's greatest menace" is acting exactly the same as every other government agency which, in the past, has been tasked with combatting "great menaces"?
If this took you by surprise, you need to wake up and smell the coffee. I don't find it at all surprising this is happening. I think it's probably likely that the DEA has sweetheart deals with airlines that do a lot of travel to South America, so the DEA can keep track of frequent travelers and try and use that information for better interception and seizure of contraband.
The only thing that would surprise me at this point is if they weren't.
The nature of a login password is security through obscurity.
Nope. I can get all the source for the login code of any Linux distro. There's no security afforded to it by means of obscurity. The nature of a login password is security through secrecy, which is a different beast from security through obscurity.
If logins were secure through obscurity, then having source code for the login would permit me to root anything I wanted. It doesn't.
Open access to the methodology behind a OTP doesn't help anyone out in breaking it. Not even quantum computation can nail a OTP; it is provably secure against quantum computing, which is a really cool thing and is used in some quantum cryptographic schemes.
But you're confusing the algorithm with the secret key.
In a conventional cipher, you protect a big secret (megabytes of market research data, whatever) with a much smaller secret--say, 128 bits of a Blowfish key, or 2048 bytes of an RSA key, or whatever. The entire security of your market research data rests in the secrecy of the key. If the key gets publicized, it's all over.
With a one-time pad, you perfectly protect a big secret (megabytes of market research data) with a secret of equivalent size. The entire security of your market research data rests in the secrecy of the one-time pad. If the one-time pad material gets publicized, it's all over.
A one-time pad is not hurt, in any way, by being one of the open techniques of cryptography. You're confusing the fact that the pad material must be kept secret with the algorithm for using the pad material being kept secret. That's not the case at all.
A OTP is conceptually no different from a block cipher running in output-feedback mode. A OTP is more secure, absolutely, but from a conceptual standpoint an OFB cipher is absolutely identical; it generates a long stream of apparently-random values with which the original data is XORed. If a OTP has its Achilles' heel in its openness, then so does any block cipher running in OFB mode.
C++ is, like Perl, such a mess because the problem set is such a mess. That means it's pretty easy to shoot yourself in the foot--and given C++'s power, shots to the foot often take off everything below your waist.
If crossplatform, portable code is a necessity, then be very careful when using newer features such as templates. I've had the devil's own time taking code that works perfectly fine in GCC-2.96 (the Red Hat snapshot, which is a very fine C++ compiler), but breaks horribly under GCC-2.91. Code that compiles cleanly under MSVC++ will oftentimes break horribly in GCC-2.96, etc.
The fewer C++ features you use, the less chance you'll run into these gotchas. That's why the Mozilla team uses a restricted set of C++ functions, I think, far more than to enhance readability or whatnot--the simple fact is, the more C++ features you use, the harder it is to get it to compile under Foo compiler, because Foo doesn't properly implement such-and-such chapters of the Standard; and code written for the Foo compiler breaks on the Bar compiler, because Bar demands strict adherence to the spec, which Foo doesn't provide.
That being said: give consideration to at least using the inheritance features of C++'s class system. Inheritance is, if anything, the most useful feature of C++, and is well-supported by every compiler. Don't treat C++ like Ada83, where classes existed only to protect data as private and to create interfaces to other bits of functionality; let your C++ classes be hierarchial, let them inherit from base classes, and use that to your advantage.
After that, I don't have any recommendations. I'm personally a big fan of generic programming (templatized programming) and the STL. The STL is fearsomely efficient and fast. It's got a learning curve like the Matterhorn, but once you climb it, it's wonderful.
BTW, if anyone tells you to ignore templates on grounds that they cause bloat, please check out the home page of Amit Patel, a Doctoral student at Stanford (who, I believe, often reads Slashdot--if so, hi, Amit, drop me a line sometime) and friend of mine. According to benchmarks he provides on his page (click here), templatized code that makes use of the STL is often, if not almost always, of comparable executable size to an equivalent C program, and substantially faster.
Some compilers, such as Sun's, are absolutely awful with templates--that's probably how the nasty myth of templatized code being bloated and slow came to be. As a rule, though, there's no general truth to this myth; some compilers produce bloated code when using foo, bar and baz parts of the language, but it's not a characteristic of the language--just a characteristic of a crappy compiler.
How would that effect the much heralded 'new economy' and how quickly would the encryption industry be able to reestablish a standard?
Nobody has any clue. That's an economics question, not a CompSci question. Ask ten economics professors that question and you'll get at least twenty different contradicting answers, no two alike. Repeat: nobody has any clue.
About three seconds. "A fast method of factoring large composites has been developed? Fuck, man. Time to switch to El Gamal." Or, alternately, "A fast method of computing discrete logarithms in a finite field has been developed? Fuck, man. Time to switch to Rabin." Or, alternately, "A fast method of computing square roots modulo n has been developed? Fuck, man. Time to switch to elliptical-curve systems." Or, alternately... you get the idea. There are lots of perfectly good cryptosystems out there for the using. It would take far, far, far longer for computer manufacturers to ship updated SSL plugins and whatnot than it would for the cryptographic community to find a good replacement.
How long it would take the market to field replacements is an economic question, not a computer science one. See point 1.
...This really, really, really oughtta be in a FAQ somewhere.
For those cryptographers in the audience, yes, I did handwave a little bit. Computing square roots modulo n is provably equivalent to the integer-factorization problem, so any break against RSA would also break Rabin. The general point still holds, though.
This question comes up so frequently that there oughtta be a frickin' Ask Slashdot FAQ... as in, "moderators, don't put these questions up, they've been too frequently asked."
Put simply: if your system depends on the secrecy of the algorithm, it is pretty much guaranteed to be weaker than one which depends solely on the secrecy of the key. The reason is that attacks against cryptosystems rise to an exponential power of the weaknesses. If you have a system with two exploitable weaknesses, it's not half as secure as one with only one exploitable weakness--the progression is geometric, not linear.
Think of it this way: RSA is designed to be secure when properly used, even if your opponent is a genius in number theory. Why? Because geniuses designed and reviewed RSA, and still do so this day, searching for any exploitable weakness. It has survived hundreds of thousands of hours of concerted, directed, extremely skilled cryptanalysis and come out on top.
Now look at a system like CSS, which was designed by some very bright folks but was never put out there for peer review. The cryptanalytic weaknesses of CSS are profound, and it seems like a new weakness is reported every other week. Had CSS been introduced in a scholarly journal, the DCDCCA would have had thousands of hours of cryptanalysis for free, and they'd have discovered that their cryptanalytic scheme was weak, had an exhaustible keyspace, and had so many keys that the already-too-short keyspace was reduced to absolute triviality.
Now, it's true that the vast majority of new ciphers are broken soon after they're released. Hell, even someone as illustrious as Rabin isn't immune--I've seen some very good cryptanalysis of Rabin's latest "provably secure" algorithm, and Rabin really stepped in it. Yes, anyone who rushes out to implement a new cipher is most probably smoking crack, because it's overwhelmingly likely that it will be broken within six months of its release.
It's just in the last year that I've begun to put a substantial amount of faith in Bruce Schneier's Blowfish algorithm, for instance, even though it's been out almost ten years now. After ten years of constant cryptanalysis, Blowfish is still surviving pretty damn well.
The alternative, using a closed-source, proprietary, non-peer-reviewed cipher, is absolutely absurd.
Even the NSA is learning this lesson the hard way. After they published the SKIPJACK [*] algorithm, a few Israeli cryptanalysts presented some theoretical attacks against it... and then, it seemed as if every single week the attacks got better and better and better as the crypto community invented totally new branches of cryptanalysis (impossible-differential cryptanalysis, mostly) with which to attack SKIPJACK.
Today, SKIPJACK is regarded as an utter failure. Of the original 32 rounds specified in the algorithm, there exist better-than-brute-force attacks against 31 rounds. That means SKIPJACK currently has no margin of safety, which means it's an absolute, utter, wretched failure.
And this is the National Security Agency we're talking about.
Short version: peer review is essential to getting good ciphers. Sure, you can posit that by having ciphers be open for peer-review it also makes attacks against them possible. That's true. But what you're overlooking, and what the crypto community keeps on shouting at the top of our lungs to anyone who'll listen, is that ALL OTHER METHODS ARE EVEN WORSE.
I'm sorry for shouting so much in this message, but really, guys. People keep on asking this question over and over again. And the answer is always the same, no matter how much you ask it.
[*] SKIPJACK, by the way, was the "ultra-secure" cipher at the heart of the Clipper Chip, if memory serves me right. Makes me feel all warm and fuzzy to think that the NSA was asking us to trust our encryption keys to government-controlled escrow, and give us a cipher that was so subtly and fatally flawed. Some people think these flaws were intentional on the NSA's part; I'm not one of them, since SKIPJACK was also supposed to be used by our own troops as part of a Defense Department initiative.
1: Building a nuclear device isn't as simple as most people would assume. You really can't get your plans off of the Internet and build it in your basement, Hollywood notwithstanding. The levels of precision needed for the parts is high enough that small terrorist groups likely won't be up to the task.
Well, kind of. Provided you don't mind creating a terribly crude and inefficient bomb that wastes most of its reaction mass, a nuke is reasonably straightforward to make. But if you want to move up into the city-killer range, yes, then it takes some very sophisticated engineering.
Note that it requires sophisticated engineering, not research. Any PhD physicist worth his or her salt has the scientific knowledge required to build The Bomb; what they don't have in their heads is readily available in the open literature and peer-reviewed journals. If you can get a good physicist and a few good engineers from a variety of disciplines, all with real-world experience, making a city-killer is quite feasible provided you have the fissile materials.
It won't be cheap and it'll be time-consuming, but it's absolutely within the realm of possibility for a technically sophisticated, well-funded terrorist organization.
Assuming you're dealing with a rogue government or other such entity capable of building a precision device, getting the reactive material for such a bomb is doggedly difficult.
Not hardly. Uranium isn't exactly uncommon in the Earth's crust; hell, uranium can be refined out of granite. The explosively fissile material is easy to get hold of. Separating the explosively fissile material from the fissile and nonfissile materials (i.e., the refinement process) is what's hard.
Getting said device anywhere near the U.S. is also doggedly difficult
I'd just hide it in a bale of marijuana, myself. The stoners I know never seem to have any trouble getting south-of-the-border weed. This point of yours is absolutely wrong; it's not just easy, it's positively trivial.
Assuming they manage the above three problems, most crude nuclear devices fail to detonate
Hmm. How many "crude nuclear devices" have failed to detonate in recent memory? I can't recall anyone even trying to set off a crude nuclear device. Saying that most crude nuclear devices fail to go supercritical is at best an extreme overgeneralization; you simply don't have enough data points to come to that sort of conclusion with any certainty.
Assuming functionality, the atomic reaction at one foot above sea level will do significantly less damage than most people assume. It's going to cause a huge incident, but not the end of the island (or the city) that most people assume
Depends on the yield. A 10kt fizzle would leave most of New York City intact, yes. A 1Mt citykiller would leave the city as radioactive ash.
All told, the threat of stolen plans for building nukes is really not a big one
On the contrary. While any collection of physicists and engineers can build a nuke, most countries want to mount a nuke in a gravity bomb or a warhead. Gravity bombs and warheads have very stringent weight and volume requirements. There have been very few major developments in nuclear-weapon technology since the 1950s; almost all of the US effort has been in shrinking the size of the package so as to pack more of them into an ICBM. This is why the US military community was wetting their pants over China getting plans for the W-88; it's not that we didn't think China knew how to build 1Mt citykillers (they do and did), but up until the time they had the W-88 plans, we thought it was pretty likely they couldn't put their citykillers on their ICBMs in clusters, like we do with our MIRVs.
That means in a nuclear exchange with China, we'd be launching dozens of citykillers with each launch, while they'd be limited to one citykiller per launch. Given that we have hundreds of missiles available on a moment's notice, that's a very terrible and tremendous thing to be on the other side of. Given how many missiles China has available on a moment's notice, and that each of their missiles carries only a fraction as many warheads... well. That's an unequal relationship that the US military really kind of liked.
To put that in comparison, that's like the US and China facing off... them armed with a Saturday Night Special, us armed with a flamethrower. That's a tremendously unequal balance of power. The US military loved that balance of power; it meant we were so strong China would never be able to use their nukes in a credible threat against us.
But now that China has the W-88 plans, they get the same strategic position as the Soviet Union did in the height of the Cold War. Now China has the capability to tip their ICBMs with multiple citykillers, just like us, flamethrower against flamethrower.
That frightens people an awful lot. It especially frightens me, since I was kind of getting used to everybody taking their finger off the nuclear trigger since the Soviet Union collapsed.
Apology accepted.:) But hey, you never know--some people probably do think photons just carry light, or that it travels infinitely fast.
At any rate, the best way to handle people yanking your chain, I've found, is to just let them do it and not blow your stack. Let's face it; it's no fun to troll someone who doesn't get angry over it.:)
The photon is the carrier particle of light,, not electromagnetism.
James Clerk Maxwell disagrees with you, as well as Einstein. Light is nothing more nor less than a waveparticle which varies in both electric field strength and magnetic field strength. Radio waves are carried by photons; so is visible light; so is hard gamma and X-rays. All these are located at different frequencies along the electromagnetic spectrum.
Electromagnetism is one of the four fundamental forces (three if, like me, you're a pedant who says electromagnetism is just a low-temperature case of the electroweak force). Look it up. It's interesting.:)
Photons have infinite velocity.
We've known better than this for a few hundred years.:) The first measurements of the speed of light were done by measuring differences between expected occultations of Jupiter and the experimental times; it turned out that they could only be reconciled if light had a finite, although large, velocity. Currently, we've found that light travels 299,792,458 m/s, or just about three hundred thousand kilometers per hour--or roughly 186,000mph.
It takes sunlight a few million years to get from the Sun's stellar core to the surface; but once it escapes, it's got a short trip to Earth of some eight-and-change minutes.
Next time you go about casting aspersions on people, please take the time to get your own facts straight first. Thanks.:)
Wrong from both a theoretical and a practical perspective. In theory, any magnetic field stretches potentially to infinity. But the carrier particle of electromagnetism, the photon, has a finite velocity and, as such, takes an infinite amount of time to travel an infinite distance.
From a practical perspective it's wrong because there are a lot of other magnetic fields out there in the cosmos, and at some point an object's magnetic field is always overwhelmed by the presence of another's.
And how exactly do people know all this stuff? No-one has been inside Jupiter, so in fact all that is pure speculation.
Very good question! Let's take a look at how we know the Earth has a metallic core; after all, we've never been there, either, have we?
Well, let's see. How did we first measure the Earth's size, and how did we learn it was round? A Greek mathematician (Eratosthenes?) looked down a well at noon on a particular day and discovered the sun cast no shadow in the well; i.e., it was directly overhead. The next year, he did the same experiment in a different city; lo and behold, the sun cast a shadow in the well. Eratosthenes had a good idea (based on other evidence I won't go into) that all rays from the sun were parallel; so, if the sun cast no shadow in the well of one city, but did in another, that meant the Earth had to be curved.
And thus, Eratosthenes measured the size of the Earth, with remarkable accuracy, by watching rays from the sun, paying attention, and knowing basic geometry.
Then, Sir Isaac Newton invented Newtonian physics a few thousand years later. (Newton didn't invent physics; Eratosthenes, for instance, was one hell of an experimental physicist!) With Newton came the Newtonian Theory of Gravity, which correlated mass to gravitational force.
Then a lot of other physicists began figuring out what that gravitational force was. The numeric term, as it turns out, is 6.67*10^-11, if I remember correctly--so weak that it was hell to measure. But they did measure it, and before long they measured it accurately.
Now that they knew how strong the Earth's gravitational field was (Galileo demonstrated this by rolling balls down an inclined plane), and how much gravitational energy was present per unit mass/distance-squared, and how large the Earth was, they were able to compute the mass of the Earth.
(Do the math for yourself. The force of gravity is 9.8033m/s^2. The gravitational constant's numerical term is 6.67 * 10^-11. The radius of the Earth is 6.378 * 10^6 meters. The equasion is
Gf = (Gc * M1 * M2) / (d^2),
... where Gf is the gravitational force, Gc is the gravitational constant, M1 and M2 are the masses being attracted to each other, and d is the distance between them. The algebra involved is left as an exercise for the reader.)
... Doing this equasion by hand takes about five minutes. Less if you're handy with exponentials. When all is said and done, you have the Earth's mass: 5.98 * 10^24 kilograms.
Now, assuming the Earth is a sphere (it's not, but close enough), it has a volume given by pi multiplied by the cube of the radius. Do the math, and divide the mass by the volume to get the density of the Earth.
You get about 7.3 metric tons per cubic meter.
Now go out and get yourself a box a cubic meter on a side. Pick up a shovel and start digging, throwing everything you find into the box until it's full. Now weigh it. You get much, much less than 7.3 metric tons per cubic meter.
Conclusion: what's deep inside the Earth must be much,/much/ denser than what's on the surface of the Earth. And if you then check with the chemists and see what could give you that much density, they'd tell you... "well, metals, probably."
And then you share your results with the chemists.
And soon, after a few more back-of-the-paper-napkin calculations, you're able to show that the center of the earth possesses a metallic core--either that, or else something else extremely exotic which would provide the mass you need. And since the simple explanations tend to be the correct ones (Occam's Razor), the vast majority of scientists today believe the earth has a metal core.
Now, what did you need to do all this, to come to all these conclusions in which you have so much confidence?
Geometry had to be invented.
Eratosthenes had to look down a well.
Newton had to invent calculus.
Newton had to invent the theory of gravity.
Somebody had to measure the gravitational constant.
... That's it.
That's the beauty of science. Just by thinking logically, by searching and striving for the simplest answer, you can come to absolutely breathtaking discoveries about the world using nothing more than your brain and a couple of discoveries from other people.
There are notible exceptions such as main battle field rifle were the soviet AKs are better because of their renowned durability.
Not quite. The AK's effective range is only around 300m, whereas US Marines must qualify with their service rifle on 500m courses. An AK can, in fact, jam, although you've got to give it lots of abuse. The advantage of the AK for the Soviet economy, and for the Third World, was that it was an extremely cheap rifle to produce and required very little technical skill to maintain.
The US M-16A2 is as reliable as the AK is, surprisingly enough. The abysmal track record of the original M-16 in Vietnam stemmed from the fact that (a) the Army didn't follow the designer's recommendations on ammunition, and (b) the Army didn't procure anywhere near enough cleaning kits. The first led to greatly increased powder fouling, and the second led to the troops believing the M-16 was a self-cleaning rifle, "because otherwise we'd have been issued cleaning kits, right?"
Ranger LRRPs in Vietnam which were issued cleaning kits and took proper care of their weapons reported no significant reliability problems, although there was a lot of grousing about excessive fouling.
Insofar as whichever one is "better"... whichever one you happen to have in your hands when you need it is automatically the best weapon on Earth, because every other weapon is not in your hands, and thus totally worthless.
Remember, all biometrics do is read your fingerprint, retina, whatever, and boil that down into a string of digital 1s and 0s. A number, in other words. That's all. This number is then used to unlock other things, like keys and whatnot. In the end, it's still just "one more number". Except it isn't just a number you know, it's a number that's got its representation tattooed on your body.
Imagine the havoc a trojan fingerprint scanner could cause. Suddenly, a cracker would have thousands of fingerprints. Now Charlie Cracker tries to access a porn site, using the credit-card number of one of these people. The site asks him to "Please press your thumb into the reader for authentication." Instead of pressing his thumb into the reader, though, Charlie Cracker just sends the same 1s and 0s which represent the real person's thumbprint.
Presto! Instant authentication.
Now, this is not anything different from passphrases. A keylogger can do the exact same thing for a passphrase that Charlie Cracker is doing with his biometric hardware. There is one major, significant difference, though.
Encryption is only part of a security solution; it's not a solution by itself. Anyone who expects their communications to be secure just because they use PGP is living in a dreamworld.
In the real world, when very serious people (embassies, intelligence officers, etc.) want to communicate securely, one of the first things they do is a threat analysis. What sort of attacks am I expecting? What sort of attacks am I certain I won't be hit with? Then, the hardest to assess, what sort of attacks am I unaware of?
Once you have this sort of threat assessment, you tailor your security practice to it. Do you really have a well-founded concern that someone's going to use a browser vulnerability to steal your keyring? Okay, then, the answer is simple: don't keep your keyring on the same machine as the web browser. Are you concerned about people Van Ecking your monitor and grabbing your passphrase? Then buy TEMPEST-shielded equipment.
There is no, nor has there ever been, a one-size-fits-all answer in the security arena. We have a great many tools, each of which is meant to protect against one specific type of attacks--or for the really good tools, one specific category of attacks. You mix-and-match these tools to create your own security solution, tailored to your needs.
It's a common affliction of the truly paranoid and the cryptologically naieve to want to be shielded against every method of getting passphrases. I hate to break the news to you guys, but you're nuts. A black-bag job can recover your secret keyring, and give my friend Guido five minutes to talk to your kneecaps and the rest of you will be singing your passphrase to the tune of the Hallelujah Chorus if that's what Guido wants.
On the other hand, most of us don't need to worry about black-bag jobs and Guido.
Assess your threats, people, and make your decisions accordingly.
The Pet Shop Boys song you're quoting is, if anything, about economic disparity and social classes in England. The line is, "In a West End town, a dead end world / The East End boys and West End girls..."
Also, Shogun, while a great read and written by someone who really loved Japanese culture, was still written by... an Englishman. It's not exactly a reference work on Japanese culture.
Slashdot Mirror
If it's something that needs to last for more than the next five years, give strong consideration to hardcopy. For instance, I keep ASCII dumps of my PGP public and private keys stored in a bank safe deposit box. I keep one key, and my attorney has the other. That way, in the event that a fire sweeps through my house and destroys all my media (even my backup media), I'll still have copies of the important stuff.
I've got a six-month-old copy of a codebase I'm working on printed out and stored in that safe deposit box as well, so that if a disaster happens I don't lose six months of my coding lifetime.
For the record, I laserprinted all of it onto 25%-cotton acid-free paper. It'll still be around and legible for decades, even centuries, to come.
Look at the facts: if it went up X distance and then came down, that means it didn't have enough energy to hit Earth's escape velocity. So how, praytell, did it get enough energy from skidding off the atmosphere to go into deep space?
Secondly, there are hundreds of thousands of amateur astronomers worldwide who scan the skies every night with telescopes. If such a capsule did exist, why didn't the worldwide amateur astronomical community spot it?
Someone was yanking your chain.
There are no marooned space capsules in orbit. If there were, there'd be Web sites devoted to "Enter your latitude and longitude and receive the time of day when the Russian Graveyard flies overhead!"
Not quite. A generalized break against the discrete-logarithm problem will break RSA, yes, but breaking a specific subset of the discrete-logarithm problem will not.
My point still stands: there are lots of cryptographic methods available, and breaking one is very unlikely to bring the whole house of cards down.
To give a very simple example, consider the Soviet dissidents. They were, most certainly, committing crimes -- they were breaking Russian laws, which were quite legally adopted
To the American judicial mind, the Soviet dissidents lacked mens rea, or the specific criminal intent. Also remember that the United States considers the Bill of Rights to be politically absolutist: what the Bill of Rights recognizes, no legitimate government (in the eyes of classical US legal thought) can deny its citizens.
For instance, to the US legal mind, freedom of speech and religion are inherent human rights, and any government which seeks to deny this right is violating human rights and, thus, those laws are invalid.
So for dissidents such as Alexander Solzhenitsyn (whose name I'm grossly misspelling), according to American legal thought, he didn't commit a crime because the law he was accused of breaking was enacted in violation of his human rights, and thus, null and void.
So there's some absolute notion of what is right and the people sometimes get it wrong?
At this point, you're just trolling. Stupidly, too, might I add.
The majority does not decide right and wrong. They decide what to do, and the right or wrong is decided by history.
Grow up.
The versions of GNAT that are shipped with Red Hat 7.0 don't work with Red Hat's GCC snapshot[*]. And since you can't recompile GNAT from sources without having a version of GNAT installed to bootstrap itself, that means GNAT is fundamentally and profoundly broken.
This was extremely displeasing to me when I first came across it, because I'm an Ada95 hacker.
[*] No offense meant, guys, but I don't like calling it GCC-2.96; it's not a sanctioned release, so I just feel more comfortable calling it a snapshot. That's not to say I think you guys made the wrong decision; as a C++ hacker, I'm far more pleased with your snapshot than with GCC-2.95.
In a democracy, is it not true that the people are always right?
Was it right for seven million Jews, gypsies, political dissidents, homosexuals and the like to be sent to the furnaces? After all, the people decided they wanted a leader who would decisively stand against the Jewish menace, who would eradicate the Jewish faith from Europe.
Short answer: of course it's not true.
The people are not always right. If they were right, Hitler wouldn't have been elected, nor would have Neville Chamberlain, nor would Korematsu v US have been decided the way it was.
As was pointed out in the movie Men in Black, a person is intelligent, compassionate, open-minded and often brilliant. But put ten of these persons together and what you get is people--a panicky, irrational, closed-minded animal.
Democracy is not built on the principle that "the people are always right". Democracy is build on the principle that "what the people want, they ought to get--and they ought get it good and hard!"
Can someone please explain to me why the hell I should care?
Sure. Read on.
First of all, if the goverment ever went bad (ie became undemocratic) then I don't think it would take them more than a week to set up whatever surveillance they wanted, no matter what their starting point.
Yep. This is why it is absolutely essential that the citizenry watch the government like hawks, to ensure the government doesn't go bad.
But that doesn't always work, either. Read on.
Maybe I'm being naive and ignoring history
You are.
but I find it hard to even consider this possibility because I just can't see how, in this time, in this part of the world, our goverment could be displaced or changed to something undemocratic
Check out recent history--very recent, actually. A lot of people forget this, or choose to ignore it, but the Weimar Republic of Germany had a well-educated public and a vigorous democratic tradition. However, in the 1930s this educated, literate public elected, by an overwhelming margin, Adolf Hitler to the position of Chancellor on a platform of racial hatred.
People knew he was going to turn Germany into a dictatorship. They didn't care. They liked what he was promising, and they liked having the Jews to blame for their current problems.
If you think that it can't happen in England, think again--it can happen anywhere. Even the United States, which in World War Two casually violated many of the most important precepts of our own Constitution in order to appease a citizenry which was panicking and demanding action. General DeWitt decided that sending all Japanese-Americans to detention centers would reassure the public, so he issued the order. Despite the fact that General DeWitt's order was blatantly, flagrantly unconstitutional, the Supreme Court of the United States declared this to be legal in Korematsu v US.
Do you think the United States, the self-described bastion of liberty and freedom, actually gave a damn that we were violating our most sacrosanct principles?
We didn't.
In fact, we didn't give it a second thought.
If Weimar Germany can throw everything away and walk headlong into oblivion after an insane dictator bent on destroying his nation as he attempts world domination...
... If the United States can piss on its own highest law, merely to appease a panicking populace...
... then it can happen in England, too.
You've made my case.
No, he's shown your case to have more holes than a North Korean submarine. Whether or not they should be legalized is irrelevant; they are illegal, it is legal for them to be illegal (in that the courts have not overturned those statutes as unconstitutional), and that means if you break those laws without damn good cause, you're committing a crime.
You can talk about "should" all you like, but brother, if you think that selling crack isn't a crime, I know a few district attorneys who'd just love to have a word with you. Exceptionally strong words, backed up with force of law, if you've happened to have ever sold crack to someone.
Get the picture?
If that's your moral definition of a criminal, great--I'm sure Charlie Manson doesn't consider himself to be a criminal, because according to him he didn't cause anyone any harm at all.
From a legal perspective, you're quite wrong. All that is required to be convicted in criminal court is for, (a), a law be broken, (b) it be established beyond a reasonable doubt that you were the one who broke this law, and (c) that you possessed mens rea ("criminal intent") in your action.
For instance, if I go barrelling down the highway at thirty miles an hour over the limit and run a few red lights, I've committed a criminal offense of, at the very least, reckless driving, endangerment of others, and so on. But if I'm barrelling down the highway at thirty miles an hour over the limit and run a few red lights in order to get to the hospital before my wife bleeds to death in the passenger seat, I haven't committed any crime at all--because I possessed no criminal intent, only the reasonable intent of a concerned husband.
After World War Two, the biggest threat to the United States (as perceived by the government) was found in the Soviet Bloc. The National Security Agency was born in large part to eavesdrop on Soviet traffic, in order that the US could enjoy a strategic advantage. If we knew what they were doing, we were in a better position to prevail against them.
The NSA pursued this mandate with zeal that bordered on the unholy. They conspired with long-distance carriers, with manufacturers of cryptographic equipment, with anyone who had a line of communication that a shred of Soviet traffic could likely be found on. They applied pressure, they bribed, they twisted the knife, they cut all kinds of sweetheart deals.
But today, the number one threat (in the eyes of the government) is no longer the Soviet Union. I don't know what Public Enemy Number One is nowadays, but you can be pretty sure the War on Drugs is getting close to top billing.
Why is it so surprising that the agency tasked with combatting the "nation's greatest menace" is acting exactly the same as every other government agency which, in the past, has been tasked with combatting "great menaces"?
If this took you by surprise, you need to wake up and smell the coffee. I don't find it at all surprising this is happening. I think it's probably likely that the DEA has sweetheart deals with airlines that do a lot of travel to South America, so the DEA can keep track of frequent travelers and try and use that information for better interception and seizure of contraband.
The only thing that would surprise me at this point is if they weren't.
The nature of a login password is security through obscurity.
Nope. I can get all the source for the login code of any Linux distro. There's no security afforded to it by means of obscurity. The nature of a login password is security through secrecy, which is a different beast from security through obscurity.
If logins were secure through obscurity, then having source code for the login would permit me to root anything I wanted. It doesn't.
Open access to the methodology behind a OTP doesn't help anyone out in breaking it. Not even quantum computation can nail a OTP; it is provably secure against quantum computing, which is a really cool thing and is used in some quantum cryptographic schemes.
But you're confusing the algorithm with the secret key.
In a conventional cipher, you protect a big secret (megabytes of market research data, whatever) with a much smaller secret--say, 128 bits of a Blowfish key, or 2048 bytes of an RSA key, or whatever. The entire security of your market research data rests in the secrecy of the key. If the key gets publicized, it's all over.
With a one-time pad, you perfectly protect a big secret (megabytes of market research data) with a secret of equivalent size. The entire security of your market research data rests in the secrecy of the one-time pad. If the one-time pad material gets publicized, it's all over.
A one-time pad is not hurt, in any way, by being one of the open techniques of cryptography. You're confusing the fact that the pad material must be kept secret with the algorithm for using the pad material being kept secret. That's not the case at all.
A OTP is conceptually no different from a block cipher running in output-feedback mode. A OTP is more secure, absolutely, but from a conceptual standpoint an OFB cipher is absolutely identical; it generates a long stream of apparently-random values with which the original data is XORed. If a OTP has its Achilles' heel in its openness, then so does any block cipher running in OFB mode.
C++ is, like Perl, such a mess because the problem set is such a mess. That means it's pretty easy to shoot yourself in the foot--and given C++'s power, shots to the foot often take off everything below your waist.
If crossplatform, portable code is a necessity, then be very careful when using newer features such as templates. I've had the devil's own time taking code that works perfectly fine in GCC-2.96 (the Red Hat snapshot, which is a very fine C++ compiler), but breaks horribly under GCC-2.91. Code that compiles cleanly under MSVC++ will oftentimes break horribly in GCC-2.96, etc.
The fewer C++ features you use, the less chance you'll run into these gotchas. That's why the Mozilla team uses a restricted set of C++ functions, I think, far more than to enhance readability or whatnot--the simple fact is, the more C++ features you use, the harder it is to get it to compile under Foo compiler, because Foo doesn't properly implement such-and-such chapters of the Standard; and code written for the Foo compiler breaks on the Bar compiler, because Bar demands strict adherence to the spec, which Foo doesn't provide.
That being said: give consideration to at least using the inheritance features of C++'s class system. Inheritance is, if anything, the most useful feature of C++, and is well-supported by every compiler. Don't treat C++ like Ada83, where classes existed only to protect data as private and to create interfaces to other bits of functionality; let your C++ classes be hierarchial, let them inherit from base classes, and use that to your advantage.
After that, I don't have any recommendations. I'm personally a big fan of generic programming (templatized programming) and the STL. The STL is fearsomely efficient and fast. It's got a learning curve like the Matterhorn, but once you climb it, it's wonderful.
BTW, if anyone tells you to ignore templates on grounds that they cause bloat, please check out the home page of Amit Patel, a Doctoral student at Stanford (who, I believe, often reads Slashdot--if so, hi, Amit, drop me a line sometime) and friend of mine. According to benchmarks he provides on his page (click here), templatized code that makes use of the STL is often, if not almost always, of comparable executable size to an equivalent C program, and substantially faster.
Some compilers, such as Sun's, are absolutely awful with templates--that's probably how the nasty myth of templatized code being bloated and slow came to be. As a rule, though, there's no general truth to this myth; some compilers produce bloated code when using foo, bar and baz parts of the language, but it's not a characteristic of the language--just a characteristic of a crappy compiler.
- Nobody has any clue. That's an economics question, not a CompSci question. Ask ten economics professors that question and you'll get at least twenty different contradicting answers, no two alike. Repeat: nobody has any clue.
- About three seconds. "A fast method of factoring large composites has been developed? Fuck, man. Time to switch to El Gamal." Or, alternately, "A fast method of computing discrete logarithms in a finite field has been developed? Fuck, man. Time to switch to Rabin." Or, alternately, "A fast method of computing square roots modulo n has been developed? Fuck, man. Time to switch to elliptical-curve systems." Or, alternately... you get the idea. There are lots of perfectly good cryptosystems out there for the using. It would take far, far, far longer for computer manufacturers to ship updated SSL plugins and whatnot than it would for the cryptographic community to find a good replacement.
- How long it would take the market to field replacements is an economic question, not a computer science one. See point 1.
...This really, really, really oughtta be in a FAQ somewhere.For those cryptographers in the audience, yes, I did handwave a little bit. Computing square roots modulo n is provably equivalent to the integer-factorization problem, so any break against RSA would also break Rabin. The general point still holds, though.
This question comes up so frequently that there oughtta be a frickin' Ask Slashdot FAQ... as in, "moderators, don't put these questions up, they've been too frequently asked."
Put simply: if your system depends on the secrecy of the algorithm, it is pretty much guaranteed to be weaker than one which depends solely on the secrecy of the key. The reason is that attacks against cryptosystems rise to an exponential power of the weaknesses. If you have a system with two exploitable weaknesses, it's not half as secure as one with only one exploitable weakness--the progression is geometric, not linear.
Think of it this way: RSA is designed to be secure when properly used, even if your opponent is a genius in number theory. Why? Because geniuses designed and reviewed RSA, and still do so this day, searching for any exploitable weakness. It has survived hundreds of thousands of hours of concerted, directed, extremely skilled cryptanalysis and come out on top.
Now look at a system like CSS, which was designed by some very bright folks but was never put out there for peer review. The cryptanalytic weaknesses of CSS are profound, and it seems like a new weakness is reported every other week. Had CSS been introduced in a scholarly journal, the DCDCCA would have had thousands of hours of cryptanalysis for free, and they'd have discovered that their cryptanalytic scheme was weak, had an exhaustible keyspace, and had so many keys that the already-too-short keyspace was reduced to absolute triviality.
Now, it's true that the vast majority of new ciphers are broken soon after they're released. Hell, even someone as illustrious as Rabin isn't immune--I've seen some very good cryptanalysis of Rabin's latest "provably secure" algorithm, and Rabin really stepped in it. Yes, anyone who rushes out to implement a new cipher is most probably smoking crack, because it's overwhelmingly likely that it will be broken within six months of its release.
It's just in the last year that I've begun to put a substantial amount of faith in Bruce Schneier's Blowfish algorithm, for instance, even though it's been out almost ten years now. After ten years of constant cryptanalysis, Blowfish is still surviving pretty damn well.
The alternative, using a closed-source, proprietary, non-peer-reviewed cipher, is absolutely absurd.
Even the NSA is learning this lesson the hard way. After they published the SKIPJACK [*] algorithm, a few Israeli cryptanalysts presented some theoretical attacks against it... and then, it seemed as if every single week the attacks got better and better and better as the crypto community invented totally new branches of cryptanalysis (impossible-differential cryptanalysis, mostly) with which to attack SKIPJACK.
Today, SKIPJACK is regarded as an utter failure. Of the original 32 rounds specified in the algorithm, there exist better-than-brute-force attacks against 31 rounds. That means SKIPJACK currently has no margin of safety, which means it's an absolute, utter, wretched failure.
And this is the National Security Agency we're talking about.
Short version: peer review is essential to getting good ciphers. Sure, you can posit that by having ciphers be open for peer-review it also makes attacks against them possible. That's true. But what you're overlooking, and what the crypto community keeps on shouting at the top of our lungs to anyone who'll listen, is that ALL OTHER METHODS ARE EVEN WORSE.
I'm sorry for shouting so much in this message, but really, guys. People keep on asking this question over and over again. And the answer is always the same, no matter how much you ask it.
[*] SKIPJACK, by the way, was the "ultra-secure" cipher at the heart of the Clipper Chip, if memory serves me right. Makes me feel all warm and fuzzy to think that the NSA was asking us to trust our encryption keys to government-controlled escrow, and give us a cipher that was so subtly and fatally flawed. Some people think these flaws were intentional on the NSA's part; I'm not one of them, since SKIPJACK was also supposed to be used by our own troops as part of a Defense Department initiative.
1: Building a nuclear device isn't as simple as most people would assume. You really can't get your plans off of the Internet and build it in your basement, Hollywood notwithstanding. The levels of precision needed for the parts is high enough that small terrorist groups likely won't be up to the task.
Well, kind of. Provided you don't mind creating a terribly crude and inefficient bomb that wastes most of its reaction mass, a nuke is reasonably straightforward to make. But if you want to move up into the city-killer range, yes, then it takes some very sophisticated engineering.
Note that it requires sophisticated engineering, not research. Any PhD physicist worth his or her salt has the scientific knowledge required to build The Bomb; what they don't have in their heads is readily available in the open literature and peer-reviewed journals. If you can get a good physicist and a few good engineers from a variety of disciplines, all with real-world experience, making a city-killer is quite feasible provided you have the fissile materials.
It won't be cheap and it'll be time-consuming, but it's absolutely within the realm of possibility for a technically sophisticated, well-funded terrorist organization.
Assuming you're dealing with a rogue government or other such entity capable of building a precision device, getting the reactive material for such a bomb is doggedly difficult.
Not hardly. Uranium isn't exactly uncommon in the Earth's crust; hell, uranium can be refined out of granite. The explosively fissile material is easy to get hold of. Separating the explosively fissile material from the fissile and nonfissile materials (i.e., the refinement process) is what's hard.
Getting said device anywhere near the U.S. is also doggedly difficult
I'd just hide it in a bale of marijuana, myself. The stoners I know never seem to have any trouble getting south-of-the-border weed. This point of yours is absolutely wrong; it's not just easy, it's positively trivial.
Assuming they manage the above three problems, most crude nuclear devices fail to detonate
Hmm. How many "crude nuclear devices" have failed to detonate in recent memory? I can't recall anyone even trying to set off a crude nuclear device. Saying that most crude nuclear devices fail to go supercritical is at best an extreme overgeneralization; you simply don't have enough data points to come to that sort of conclusion with any certainty.
Assuming functionality, the atomic reaction at one foot above sea level will do significantly less damage than most people assume. It's going to cause a huge incident, but not the end of the island (or the city) that most people assume
Depends on the yield. A 10kt fizzle would leave most of New York City intact, yes. A 1Mt citykiller would leave the city as radioactive ash.
All told, the threat of stolen plans for building nukes is really not a big one
On the contrary. While any collection of physicists and engineers can build a nuke, most countries want to mount a nuke in a gravity bomb or a warhead. Gravity bombs and warheads have very stringent weight and volume requirements. There have been very few major developments in nuclear-weapon technology since the 1950s; almost all of the US effort has been in shrinking the size of the package so as to pack more of them into an ICBM. This is why the US military community was wetting their pants over China getting plans for the W-88; it's not that we didn't think China knew how to build 1Mt citykillers (they do and did), but up until the time they had the W-88 plans, we thought it was pretty likely they couldn't put their citykillers on their ICBMs in clusters, like we do with our MIRVs.
That means in a nuclear exchange with China, we'd be launching dozens of citykillers with each launch, while they'd be limited to one citykiller per launch. Given that we have hundreds of missiles available on a moment's notice, that's a very terrible and tremendous thing to be on the other side of. Given how many missiles China has available on a moment's notice, and that each of their missiles carries only a fraction as many warheads... well. That's an unequal relationship that the US military really kind of liked.
To put that in comparison, that's like the US and China facing off... them armed with a Saturday Night Special, us armed with a flamethrower. That's a tremendously unequal balance of power. The US military loved that balance of power; it meant we were so strong China would never be able to use their nukes in a credible threat against us.
But now that China has the W-88 plans, they get the same strategic position as the Soviet Union did in the height of the Cold War. Now China has the capability to tip their ICBMs with multiple citykillers, just like us, flamethrower against flamethrower.
That frightens people an awful lot. It especially frightens me, since I was kind of getting used to everybody taking their finger off the nuclear trigger since the Soviet Union collapsed.
Apology accepted. :) But hey, you never know--some people probably do think photons just carry light, or that it travels infinitely fast.
:)
At any rate, the best way to handle people yanking your chain, I've found, is to just let them do it and not blow your stack. Let's face it; it's no fun to troll someone who doesn't get angry over it.
The photon is the carrier particle of light,, not electromagnetism.
:)
:) The first measurements of the speed of light were done by measuring differences between expected occultations of Jupiter and the experimental times; it turned out that they could only be reconciled if light had a finite, although large, velocity. Currently, we've found that light travels 299,792,458 m/s, or just about three hundred thousand kilometers per hour--or roughly 186,000mph.
:)
James Clerk Maxwell disagrees with you, as well as Einstein. Light is nothing more nor less than a waveparticle which varies in both electric field strength and magnetic field strength. Radio waves are carried by photons; so is visible light; so is hard gamma and X-rays. All these are located at different frequencies along the electromagnetic spectrum.
Electromagnetism is one of the four fundamental forces (three if, like me, you're a pedant who says electromagnetism is just a low-temperature case of the electroweak force). Look it up. It's interesting.
Photons have infinite velocity.
We've known better than this for a few hundred years.
It takes sunlight a few million years to get from the Sun's stellar core to the surface; but once it escapes, it's got a short trip to Earth of some eight-and-change minutes.
Next time you go about casting aspersions on people, please take the time to get your own facts straight first. Thanks.
Wrong from both a theoretical and a practical perspective. In theory, any magnetic field stretches potentially to infinity. But the carrier particle of electromagnetism, the photon, has a finite velocity and, as such, takes an infinite amount of time to travel an infinite distance.
From a practical perspective it's wrong because there are a lot of other magnetic fields out there in the cosmos, and at some point an object's magnetic field is always overwhelmed by the presence of another's.
Very good question! Let's take a look at how we know the Earth has a metallic core; after all, we've never been there, either, have we?
Well, let's see. How did we first measure the Earth's size, and how did we learn it was round? A Greek mathematician (Eratosthenes?) looked down a well at noon on a particular day and discovered the sun cast no shadow in the well; i.e., it was directly overhead. The next year, he did the same experiment in a different city; lo and behold, the sun cast a shadow in the well. Eratosthenes had a good idea (based on other evidence I won't go into) that all rays from the sun were parallel; so, if the sun cast no shadow in the well of one city, but did in another, that meant the Earth had to be curved.
And thus, Eratosthenes measured the size of the Earth, with remarkable accuracy, by watching rays from the sun, paying attention, and knowing basic geometry.
Then, Sir Isaac Newton invented Newtonian physics a few thousand years later. (Newton didn't invent physics; Eratosthenes, for instance, was one hell of an experimental physicist!) With Newton came the Newtonian Theory of Gravity, which correlated mass to gravitational force.
Then a lot of other physicists began figuring out what that gravitational force was. The numeric term, as it turns out, is 6.67*10^-11, if I remember correctly--so weak that it was hell to measure. But they did measure it, and before long they measured it accurately.
Now that they knew how strong the Earth's gravitational field was (Galileo demonstrated this by rolling balls down an inclined plane), and how much gravitational energy was present per unit mass/distance-squared, and how large the Earth was, they were able to compute the mass of the Earth.
(Do the math for yourself. The force of gravity is 9.8033m/s^2. The gravitational constant's numerical term is 6.67 * 10^-11. The radius of the Earth is 6.378 * 10^6 meters. The equasion is
- Gf = (Gc * M1 * M2) / (d^2),
... where Gf is the gravitational force, Gc is the gravitational constant, M1 and M2 are the masses being attracted to each other, and d is the distance between them. The algebra involved is left as an exercise for the reader.)... Doing this equasion by hand takes about five minutes. Less if you're handy with exponentials. When all is said and done, you have the Earth's mass: 5.98 * 10^24 kilograms.
Now, assuming the Earth is a sphere (it's not, but close enough), it has a volume given by pi multiplied by the cube of the radius. Do the math, and divide the mass by the volume to get the density of the Earth.
You get about 7.3 metric tons per cubic meter.
Now go out and get yourself a box a cubic meter on a side. Pick up a shovel and start digging, throwing everything you find into the box until it's full. Now weigh it. You get much, much less than 7.3 metric tons per cubic meter.
Conclusion: what's deep inside the Earth must be much,
And then you share your results with the chemists.
And soon, after a few more back-of-the-paper-napkin calculations, you're able to show that the center of the earth possesses a metallic core--either that, or else something else extremely exotic which would provide the mass you need. And since the simple explanations tend to be the correct ones (Occam's Razor), the vast majority of scientists today believe the earth has a metal core.
Now, what did you need to do all this, to come to all these conclusions in which you have so much confidence?
- Geometry had to be invented.
- Eratosthenes had to look down a well.
- Newton had to invent calculus.
- Newton had to invent the theory of gravity.
- Somebody had to measure the gravitational constant.
... That's it.That's the beauty of science. Just by thinking logically, by searching and striving for the simplest answer, you can come to absolutely breathtaking discoveries about the world using nothing more than your brain and a couple of discoveries from other people.
Free your mind... and the Cosmos will follow.
There are notible exceptions such as main battle field rifle were the soviet AKs are better because of their renowned durability.
Not quite. The AK's effective range is only around 300m, whereas US Marines must qualify with their service rifle on 500m courses. An AK can, in fact, jam, although you've got to give it lots of abuse. The advantage of the AK for the Soviet economy, and for the Third World, was that it was an extremely cheap rifle to produce and required very little technical skill to maintain.
The US M-16A2 is as reliable as the AK is, surprisingly enough. The abysmal track record of the original M-16 in Vietnam stemmed from the fact that (a) the Army didn't follow the designer's recommendations on ammunition, and (b) the Army didn't procure anywhere near enough cleaning kits. The first led to greatly increased powder fouling, and the second led to the troops believing the M-16 was a self-cleaning rifle, "because otherwise we'd have been issued cleaning kits, right?"
Ranger LRRPs in Vietnam which were issued cleaning kits and took proper care of their weapons reported no significant reliability problems, although there was a lot of grousing about excessive fouling.
Insofar as whichever one is "better"... whichever one you happen to have in your hands when you need it is automatically the best weapon on Earth, because every other weapon is not in your hands, and thus totally worthless.
Remember, all biometrics do is read your fingerprint, retina, whatever, and boil that down into a string of digital 1s and 0s. A number, in other words. That's all. This number is then used to unlock other things, like keys and whatnot. In the end, it's still just "one more number". Except it isn't just a number you know, it's a number that's got its representation tattooed on your body.
Imagine the havoc a trojan fingerprint scanner could cause. Suddenly, a cracker would have thousands of fingerprints. Now Charlie Cracker tries to access a porn site, using the credit-card number of one of these people. The site asks him to "Please press your thumb into the reader for authentication." Instead of pressing his thumb into the reader, though, Charlie Cracker just sends the same 1s and 0s which represent the real person's thumbprint.
Presto! Instant authentication.
Now, this is not anything different from passphrases. A keylogger can do the exact same thing for a passphrase that Charlie Cracker is doing with his biometric hardware. There is one major, significant difference, though.
You can revoke a passphrase-controlled key.
Good luck trying to revoke your thumb, man.
Encryption is only part of a security solution; it's not a solution by itself. Anyone who expects their communications to be secure just because they use PGP is living in a dreamworld.
In the real world, when very serious people (embassies, intelligence officers, etc.) want to communicate securely, one of the first things they do is a threat analysis. What sort of attacks am I expecting? What sort of attacks am I certain I won't be hit with? Then, the hardest to assess, what sort of attacks am I unaware of?
Once you have this sort of threat assessment, you tailor your security practice to it. Do you really have a well-founded concern that someone's going to use a browser vulnerability to steal your keyring? Okay, then, the answer is simple: don't keep your keyring on the same machine as the web browser. Are you concerned about people Van Ecking your monitor and grabbing your passphrase? Then buy TEMPEST-shielded equipment.
There is no, nor has there ever been, a one-size-fits-all answer in the security arena. We have a great many tools, each of which is meant to protect against one specific type of attacks--or for the really good tools, one specific category of attacks. You mix-and-match these tools to create your own security solution, tailored to your needs.
It's a common affliction of the truly paranoid and the cryptologically naieve to want to be shielded against every method of getting passphrases. I hate to break the news to you guys, but you're nuts. A black-bag job can recover your secret keyring, and give my friend Guido five minutes to talk to your kneecaps and the rest of you will be singing your passphrase to the tune of the Hallelujah Chorus if that's what Guido wants.
On the other hand, most of us don't need to worry about black-bag jobs and Guido.
Assess your threats, people, and make your decisions accordingly.
The Pet Shop Boys song you're quoting is, if anything, about economic disparity and social classes in England. The line is, "In a West End town, a dead end world / The East End boys and West End girls..."
Also, Shogun, while a great read and written by someone who really loved Japanese culture, was still written by... an Englishman. It's not exactly a reference work on Japanese culture.