Been there done that
on
Bastardi's Wager
·
· Score: 3, Interesting
Take a look at http://theclimatebet.com/ to see an earlier example. A similarly (un)qualified guy offered to bet that temperatures would be unchanged over ten years. He tried to get Al Gore to bet, of course without success. So he started this website to track who would have won. At first it looked good for him and he updated regularly, crowing about his success. But then things changed and started warming up. Now the website is abandoned. He didn't have the guts to document his failure. I imagine much the same will result from this new bet.
I've only heard of long transmission lines being affected, miles long or even hundreds of miles. A house should be fine. The only thing I'd worry about is a spike coming in from the grid itself, if all their insulators and transformers fail. I have no idea how big that might be by the time it got to you.
I know people have trouble accepting it, but I want to offer once again the philosophical principle that true freedom implies the right and ability to commit yourself and to constrain your future actions. This principle should be very acceptable to the FSF, because it is the basis for their argument that the GPL is more free than BSD style licenses. Superficially, the BSD is more free, because it let's you do whatever you want. But the FSF argues that the GPL is actually freer, because it let's you do whatever you want only as long as you let others do whatever they want with the result. Imposing this limitation on freedom, paradoxically, increases freedom.
And really, this should not seem paradoxical, because we see the same principle all the time in everyday life. Every time someone signs a contract, he commits to performing certain actions and thereby limits his own freedom. The same thing happens when two lovers promise to be faithful. The point is that the essence of true freedom requires the ability to voluntarily limit your own freedom.
This is where the FSF, along with much of the network community, has gotten off on the wrong foot with some of these hardware technologies, in particular Trusted Computing. These technologies allow you to make credible commitments to limit your own freedom. You can promise to run only certain software to handle certain data, and failure to honor your promise can be detected.
It should be clear that, as with contract, marriage, and other areas where we make binding commitments, as long as these kinds of promises are voluntary, allowing them actually enhances freedom. Yet the FSf doesn't see it that way. They are so angry and upset at the notion that people may make promises only to run certain code that they are doing all they can to make such promises impossible to make credibly.
I can understand the concerns that these technologies could be made mandatory. That would obviously be an unacceptable infringement on freedom. But we don't eliminate marriage just because some people are unfairly forced into marriage in certain cultures. We don't eliminate contract just because some are coercive. We fight the unjust arrangements while recognizing the value of a system which allows people to make binding commitments.
The same approach should be applied to Trusted Computing. We should support voluntary adoption of the technology, while vigorously opposing efforts to make it mandatory.
Unfortunately I don't see much prospect of the FSF changing its position on this issue; Stallman is not notoriously amenable to reasonable persuasion. But I hope the larger community can start to look at these matters with open eyes, and not feel obligated to follow the FSF in lockstep.
I'd say something did go wrong. While a $4 billion sell order is not overwhelmingly large in some markets, in the e-Mini market, those 75,000 contracts will overwhelm the standing bids if dumped on the market too fast. And that's what happened, due to the retarded algorithm that targeted 9% of trading volume *without regard to price*. In today's environment, that algorithm is broken because high frequency traders swarm as soon as the market starts to move. HFT is not a problem per se, they mostly just buy and sell with each other without much net effect, but it drives up volume. So this firm is dumping shares on the e-Mini, overwhelming the market, and it falls like a rock. That gets everybody else panicky and the market breaks down for a few minutes.
IMO the fundamental problem was this big trader who dumped shares on the market too fast. That firm should be held responsible and penalized. They used a broken algorithm that resulted in a massive order imbalance.
Slashdot at least didn't join the hype. Although the discussion got sidetracked into whether Iran should be called a dictatorship, and whether America is evil, the technical comments were generally quite skeptical. Haystack was accused of relying on security through obscurity, and in the end that proved to be the case.
...and using a drill and jigsaw, cut through and remove the window in the front. This will allow the microwaves to escape and jam electronic communication. For extra fun, mount the microwave on a "Lazy Susan" spinning platter. You can sit behind it and turn it from side to side, to sweep the room and aim it at anyone who's acting suspiciously.
On the iPad (which always capitalizes it's own name that way (also it always puts an apostrophe in "it's" even when it's wrong)) you can type two spaces INSTEAD of a period at the end of a sentence, and it turns it into a period and a single space. Best of both.
Amusing comments but the reality is that this is still the same old P300. You concentrate on a letter, they flash different letters on the screen for about 30 seconds, and it makes a guess at what letter you were thinking of. Then if it's right you go on to the next letter. Super super slow. Eye blink signals are probably just as fast. And if you can't use your eyes you probably can't use P300. I think there have been some studies trying to extract P300 signals from audio cues but they have not been too successful.
If it is true that '"I don't think there is a limit, that there will be a certain size where quantum mechanics starts to break down," Dr Aspelmeyer said,' then that means that even larger objects also go into superpositions of quantum states. That would go all the way up to human sized and larger. This is the fundamental principle of the Many-Worlds Interpretation (MWI), that when quantum measurements occur, even though we only see one outcome, actually we go into a superposition of multiple states, each of which sees a different outcome. Each state evolves independently. It is as though the world splits into parallel universes, where every possible outcome occurs in a different universe.
This follows strictly from the principle that QM applies at all sizes. And this new experiment certainly pushes us in that direction.
Some scientists, notably Roger Penrose, had speculated that QM would break down at macroscopic sizes. He specifically proposed that once sizes were large enough for gravitational forces to exceed some threshold, QM would break down. Wikipedia has this: "Tiny superpositions, e.g. an electron separated from itself, if isolated from environment, would require 10 million years to reach OR threshold. An isolated one kilogram object (e.g. Schrödinger's cat) would reach OR threshold in only 10^-37 seconds." Now here we have a trilliion atom object. That is about 10^13 amu, which is 10^-14 kg. Dividing 10^-37 seconds by 10^-14 we get 10^-23 seconds, which is far shorter than this experiment lasted. This means basically that this experiment disproves Penrose's theory! This is the first time this has happened, and I am (AFAIK) the first person to notice this.
In short it is becoming harder and harder to avoid accepting the reality of parallel worlds. What this should mean for our actions is up to the philosophers, but we should not bury our heads and pretend it isn't true.
According to the article, Stoll's excuse is that he was trying to play the contrarian:
At the time, I was trying to speak against the tide of futuristic commentary on how The Internet Will Solve Our Problems.
Contrarianism helps sell magazines (and garners pageviews) but let us not forget that it is usually WRONG. Yes, humbling as it may be to admit, the great unwashed masses, the "sheeple", are usually right in their collective opinions. Contrarians often escape punishment for their folly because no one cares, but in this case Stoll got properly burned.
I'm a programmer and I've studied the 332 page TCPA Main TCG Architecture v1_1b.pdf design specification. It explicitly refers to the owner as an attacker and it specifically mandates the chip to be secure against the owner himself.
Pics or it didn't happen.
The closest I can find is pages 313-314: "The basic design point for the attack tree is that the TPM should be resistant to all software attacks and somewhat resistant to hardware attacks."
A prescription that the chip be "somewhat [!!!] resistant to hardware attacks" is a pretty thin basis for asserting Orwellian control and domination.
He cracked the SLB9635TT12 as seen on the Wiki page image.
Thanks, that is helpful, but where is this Wiki page? I looked at the BlackHat session links and right now there are just some slides that are very generic and don't mention any parts. The video and audio is not up yet.
I have no doubt he could tell us this EK you mention but this might violate the DMCA if he did.
I wouldn't think so, but even so he could instead sign a message with the EK and get the same effect, as suggested above.
If it all sounds TinfoilHat-ish, that's because the system really is that Orwellian.
Let me make a couple of arguments against this:
1. The TPM can also be used for non-Orwellian purposes. For example playing an online game and making sure nobody has cheat mods loaded. This could even be a P2P game if anybody was interested in that any more. Or how about online poker or blackjack. How do you know the dealer's not cheating? He could use a TPM protected system and other players could verify that his software is fair. Another example, imagine a P2P Ebay. The seller could run the auction and everybody could send in their maximum bid. But the seller uses TPM so bidders know he can't see what their max bids are, and cheat them. No third party, no commissions.
I know it's hard to believe, but there are actually many situations in life where it is to your advantage to be able to commit yourself not to break the rules. That is really what a contract is, if you think about it. Contracts are a way to get the other guy to believe you will keep your word (and vice versa). It is to your advantage to be able to commit yourself in this way.
Trusted Computing delivers the same capability in the realm of software and data. You can convince the other side that you will follow certain rules, the rules embodied in the software. Believe it or not, this can actually be to your advantage. And if it's not, you can tell the other guy to take off.
2. TCPA didn't have to do it like this. If all they wanted was DRM, they could have gone ahead and made a centralized system that works the way (almost) everybody thinks Trusted Computing and TPM works: "it will only run signed code". How many times have I heard that over the years. Hundreds. And it's wrong every time. But they could have done it like that, made a system that lets Big Business trust your computer because it controls it. They could have made it so you couldn't run a hacked movie player or logging video driver. This would have accomplished the DRM goals.
But they didn't. They came up with a general purpose system for Trusted Computing that provides just that: a way for people to trust EACH OTHER'S computing. Anyone can use it, for any purpose. Any code can run. It's just that you can't lie about what is running.
Ironically of course the one system that does provide all the horror of what everyone was afraid of is the iPhone, which also happens to be enormously more successful than TPM. For all the fear about it, TPM has never been used in any single application for DRM. All it has been used for is protecting your own crypto keys. But for years everyone has been "Oh teh Orwell" about TPM, while meanwhile Apple is fat and happy signing every iPhone app before it lets it go out.
Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?
You're right, that's a better idea. He can sign something with the EK rather than publishing the private key. It accomplishes the same thing but maybe causes less disruption to the TPM world.
I've been reading about this hack for days, but something seems fishy. Some of the earlier reports had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.
However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.
Wouldn't it be great if somebody created a cam capture of Avatar 3D with one camera looking through the left lens of the glasses, and the other camera looking through the right lens? Then they could package them together in some format and people can watch them on existing 3D monitors that use glasses. I looked at some movie sites and they have Avatar "telesyncs" but no 3D versions, too bad. I wonder if any of the 3D TVs at CES will be showing Avatar, that would be good too.
Actually although ALS kills neurons in the spinal cord, these cells extend from there to the muscles. And as the nerves begin to fail, they first withdraw from the muscles. They die from the muscle end back to the central location in the spinal cord. Once the nerves die, muscles atrophy in ALS and eventually shrink away to almost nothing. However I believe that electrical stimulation still works to make the muscles contract. E-stim can maintain muscles in ALS, but normally there is no point since there will be no more nerves connecting to them. However with this new technology it may be possible to make muscles contract electrically, controlled by sensors in the brain.
Keep in mind that Hawking lives in England, not the United States. The FDA has no jurisdiction over him. Now it may be in practice that the British health service does follow FDA recommendations in large part, so it's not likely that the treatment would be available any too soon there. But it is certainly possible for him to travel to Europe or even to Asia in order to get treatment if he wants it. There are clinics in Germany, Mexico and China at least that are doing experimental stem cell treatments for ALS and similar diseases, many with rather extravagant claims of improvement but none with patients who are walking around cured.
How can you trust that the operating system image that you are running, is what you want to be running? Suppose you generate a CentOS image with your applications on it and give it to a cloud provider. You save a SHA-1 hash of the image to detect tampering. When the image is booted by the cloud, is there anyway for the virtualized operating system to verify that it is running from an image that matches the original hash value? I don't think there is a way to do that now. This means a cloud provider could tamper with your images in ways that are undetectable to you. How much can you trust the calculations of your image now?
Great question, to which there is an answer, but it is an active area of research. The answer is Trusted Computing. TC provides exactly this ability, to know the hash of software running on a remote machine. The TPM chip validates the hash as the software loads, and produces cryptographic signatures of that data. Software that implements this kind of functionality includes Oslo, Trusted Grub, TBoot, and patches for Xen and Linux to make them use the TPM. Using these tools, someone could put together a cloud storage provider that would not only provide TPM signatures on OS images, the design could be such that even system operators cannot inspect OS encrypted data, and the TPM could validate that as well.
Unfortunately, Richard Stallman and the FSF have demonized this technology to the point that hardly anyone is working on it for fear of being tarred with the "Treacherous Computing" brush. They refuse to recognize the value of being able to prove to others what software you are running. Apparently they are afraid that people will choose to run software that RMS does not approve of. They want to keep people from having the ability to make these kinds of attestations "for their own good". Of course, taking away choice under the guise of making people freer is the standard modus operandi for the FSF, as in their promotion of the GPL over less restrictive licenses like BSD. So we should not be surprised at their ideological desire to suppress research on a technology that would give people entirely new kinds of choices and abilities in the software they run, to be able for the first time to make credible commitments to third parties about how software will behave.
For study subjects: "Flavonoid compounds from cocoa (including epicatechin) and soy to be consumed for 365days in the experimental intervention (versus placebo consumption). 27g chocolate bar the vehicle for flavonoid enrichment."
For controls: "27g placebo chocolate bar to be consumed for 365 days."
27g is about 1 oz. Typical commercial chocolate bars are maybe 1.5 oz.
I was hoping to see some logic in this thread, but too bad. I've often seen this supposed failure of the EU carbon markets cited, without anyone ever pointing out the obvious implications.
So carbon emission permit prices were very low. What does that mean? It means there was little demand for carbon permits, right? Too much supply, too little demand. And why is that? It means that emitters were already able to meet their emission targets without using the permits much. It means there were plenty of permits available, more than were needed to meet the targets.
It all points to the same thing: the caps were high, so that it was easy to meet them.
That's not necessarily bad! You're phasing in the system, you don't want it to be too disruptive at first. So you will begin by setting caps generally easy to meet, and gradually tightening up. That's how government always does these things.
Then one thing that happened was that the world economy slowed. This caused production to decline, and therefore carbon output declined. This also reduced demand for the permits. Again, that's not bad! It means that the carbon emission targets were met without a great deal of pain, or at least, without adding extra pain to what was already going on due to the recession. It's a good thing that a cap and trade system has this kind of flexibility, that when the economy slows down, its bite decreases, and then if the economy overheats and starts growing rapidly, the permits will become much more expensive. It will tend to smooth out economic fluctuations.
The bottom line is that a cap and trade system allows the government to set the desired carbon emission level. How that level is met is up to the market. Markets are good at finding the least painful and expensive ways to meet resource constraints, and that is exactly what they have done. It often turns out that initial reductions in resources (whether oil inputs or carbon outputs) can be met surprisingly cheaply, because of the economic notion of marginal production. This is the least efficient and most expensive production which still barely makes economic sense to operate. As costs rise, it is the marginal production which is cut first, not the average production. It means that the production which is taken off-line is the production you cared about the least, the most inefficient and wasteful. It means you can reduce your costs without reducing your profits much. This probably goes a long way towards explaining why carbon prices ended up much lower than people predicted.
Keep in mind too that political opponents of these measures will have exaggerated the likely consequences and how painful the caps would be to deal with. They would have been the last people to explain the points I have made here about how much easier than expected it might turn out to be to meet the caps. This too can have led to unrealistic expectations for carbon market prices.
In the end, low carbon market prices are a great sign. It means that the carbon caps are holding, reductions in carbon are happening, without much negative impact on the economy. We should all hope that our U.S. markets encounter the same fortuitous outcome.
In all the thousands of words of discussion I have read on this issue, I haven't seen one mention of the question of whether gasoline use will be affected by the carbon caps. That seems strange.
A few misconceptions continue to circulate here; let me try to shed some light.
First, the encryption system is apparently not practical in its current form. Maybe improvements will occur some day to make it practical, maybe not. It is still a major theoretical breakthrough because fully homomorphic encryption had often been thought to be impossible in the past. It has been a long sought goal in cryptography and it is remarkable to see it finally achieved. So in practice nobody is going to be doing spam filtering, income tax returns, or anonymous google searches any time soon.
Second, several people have gotten tripped up over an apparent weakness: if you can calculate E(X-Y) you can get an encryption of 0; if you can calculate E(X/Y) you can get an encryption of 1; and from these you could get other encryptions and potentially break the system. This idea fails for two reasons: first, it is a public-key system, so you don't need to go through all this rigamarole to get encryptions of 0, 1, or anything. In public key cryptography, anyone can encrypt data under a given key, without knowing any secrets. So it is already possible to get encryptions of known values, even without the special homomorphic properties. Second, in order for public key systems to be secure, they need to have a randomization property. In randomized encryption, there are multiple ciphertext values that encrypt the same plaintext. Basically, the encryption algorithm takes both the plaintext and a random value, and produces the ciphertext. Each different possible random value causes the same plaintext to go to a different ciphertext. The decryption algorithm nevertheless can take any of these different ciphertext values and produce the same plaintext.
This may be confusing because the most well known public key encryption system, RSA is not randomized. At the time it was invented, this aspect was not well understood. Shortly afterwards it became clear how important randomization is. Other encryption systems like ElGamal do use randomization, and RSA was adapted to allow randomization via what is called a "random padding" layer, known by the technical name PKCS-1. This adds the randomness which allows RSA to be used securely.
One other point is that people are getting hung up about what "fully" homomorphic encryption covers. Exactly what operations can you do? I think the best way to think of it is to go down to the binary level. We know that in our computers, at the lowest level everything is 1's and 0's. These get combined with elementary logical operations like AND, OR, NOT, XOR, and so on. Using these primitive operations, all the complexity of modern programs can be built up.
In the case of the homomorphic encryption, it is probably best to think of the values being encrypted in binary form, as encryptions of 1's and 0's. Keep in mind the point above about randomized encryption: all the encryptions of 1 look different, as do all the encryptions of 0. You can't tell whether a given value encrypts a 1 or a 0. Given these encrypted values, you can compute AND, OR, XOR, NOT and so on with these values, and get new encrypted values as the answers. You don't know the value of the outputs, they are encrypted. Only the holder of the private key, who originally encrypted the data, could decrypt the output. But you can continue to work with these output values, do more calculations with them, and so on.
Let me give an example of how you could do an equality comparison. Suppose you have two encrypted values and want to determine if they are the same. Recall that we are working in binary, so you actually have two sequences of encrypted bits; some are encrypted 1's and some are encrypted 0's, but you can't tell which. So the first thing you compute is the XOR of corresponding bits in the two values: XOR the 1st bits of each value; XOR the 2nd bits of each value, and so on. Now if the values are equal, the results are all encryptions of 0's. If the values are different, some of the results will be encryptions of 1's. But aga
Slashdot Mirror
Take a look at http://theclimatebet.com/ to see an earlier example. A similarly (un)qualified guy offered to bet that temperatures would be unchanged over ten years. He tried to get Al Gore to bet, of course without success. So he started this website to track who would have won. At first it looked good for him and he updated regularly, crowing about his success. But then things changed and started warming up. Now the website is abandoned. He didn't have the guts to document his failure. I imagine much the same will result from this new bet.
Shouldn't that be "billions and billions"?
I've only heard of long transmission lines being affected, miles long or even hundreds of miles. A house should be fine. The only thing I'd worry about is a spike coming in from the grid itself, if all their insulators and transformers fail. I have no idea how big that might be by the time it got to you.
I know people have trouble accepting it, but I want to offer once again the philosophical principle that true freedom implies the right and ability to commit yourself and to constrain your future actions. This principle should be very acceptable to the FSF, because it is the basis for their argument that the GPL is more free than BSD style licenses. Superficially, the BSD is more free, because it let's you do whatever you want. But the FSF argues that the GPL is actually freer, because it let's you do whatever you want only as long as you let others do whatever they want with the result. Imposing this limitation on freedom, paradoxically, increases freedom.
And really, this should not seem paradoxical, because we see the same principle all the time in everyday life. Every time someone signs a contract, he commits to performing certain actions and thereby limits his own freedom. The same thing happens when two lovers promise to be faithful. The point is that the essence of true freedom requires the ability to voluntarily limit your own freedom.
This is where the FSF, along with much of the network community, has gotten off on the wrong foot with some of these hardware technologies, in particular Trusted Computing. These technologies allow you to make credible commitments to limit your own freedom. You can promise to run only certain software to handle certain data, and failure to honor your promise can be detected.
It should be clear that, as with contract, marriage, and other areas where we make binding commitments, as long as these kinds of promises are voluntary, allowing them actually enhances freedom. Yet the FSf doesn't see it that way. They are so angry and upset at the notion that people may make promises only to run certain code that they are doing all they can to make such promises impossible to make credibly.
I can understand the concerns that these technologies could be made mandatory. That would obviously be an unacceptable infringement on freedom. But we don't eliminate marriage just because some people are unfairly forced into marriage in certain cultures. We don't eliminate contract just because some are coercive. We fight the unjust arrangements while recognizing the value of a system which allows people to make binding commitments.
The same approach should be applied to Trusted Computing. We should support voluntary adoption of the technology, while vigorously opposing efforts to make it mandatory.
Unfortunately I don't see much prospect of the FSF changing its position on this issue; Stallman is not notoriously amenable to reasonable persuasion. But I hope the larger community can start to look at these matters with open eyes, and not feel obligated to follow the FSF in lockstep.
I'd say something did go wrong. While a $4 billion sell order is not overwhelmingly large in some markets, in the e-Mini market, those 75,000 contracts will overwhelm the standing bids if dumped on the market too fast. And that's what happened, due to the retarded algorithm that targeted 9% of trading volume *without regard to price*. In today's environment, that algorithm is broken because high frequency traders swarm as soon as the market starts to move. HFT is not a problem per se, they mostly just buy and sell with each other without much net effect, but it drives up volume. So this firm is dumping shares on the e-Mini, overwhelming the market, and it falls like a rock. That gets everybody else panicky and the market breaks down for a few minutes.
IMO the fundamental problem was this big trader who dumped shares on the market too fast. That firm should be held responsible and penalized. They used a broken algorithm that resulted in a massive order imbalance.
First, it wasn't last summer, it was this summer (it's still summer); or more precisely, last month.
http://yro.slashdot.org/story/10/08/17/1953211/From-Slaying-Dragons-To-Dictators
Slashdot at least didn't join the hype. Although the discussion got sidetracked into whether Iran should be called a dictatorship, and whether America is evil, the technical comments were generally quite skeptical. Haystack was accused of relying on security through obscurity, and in the end that proved to be the case.
...and using a drill and jigsaw, cut through and remove the window in the front. This will allow the microwaves to escape and jam electronic communication. For extra fun, mount the microwave on a "Lazy Susan" spinning platter. You can sit behind it and turn it from side to side, to sweep the room and aim it at anyone who's acting suspiciously.
On the iPad (which always capitalizes it's own name that way (also it always puts an apostrophe in "it's" even when it's wrong)) you can type two spaces INSTEAD of a period at the end of a sentence, and it turns it into a period and a single space. Best of both.
Amusing comments but the reality is that this is still the same old P300. You concentrate on a letter, they flash different letters on the screen for about 30 seconds, and it makes a guess at what letter you were thinking of. Then if it's right you go on to the next letter. Super super slow. Eye blink signals are probably just as fast. And if you can't use your eyes you probably can't use P300. I think there have been some studies trying to extract P300 signals from audio cues but they have not been too successful.
If it is true that '"I don't think there is a limit, that there will be a certain size where quantum mechanics starts to break down," Dr Aspelmeyer said,' then that means that even larger objects also go into superpositions of quantum states. That would go all the way up to human sized and larger. This is the fundamental principle of the Many-Worlds Interpretation (MWI), that when quantum measurements occur, even though we only see one outcome, actually we go into a superposition of multiple states, each of which sees a different outcome. Each state evolves independently. It is as though the world splits into parallel universes, where every possible outcome occurs in a different universe.
This follows strictly from the principle that QM applies at all sizes. And this new experiment certainly pushes us in that direction.
Some scientists, notably Roger Penrose, had speculated that QM would break down at macroscopic sizes. He specifically proposed that once sizes were large enough for gravitational forces to exceed some threshold, QM would break down. Wikipedia has this: "Tiny superpositions, e.g. an electron separated from itself, if isolated from environment, would require 10 million years to reach OR threshold. An isolated one kilogram object (e.g. Schrödinger's cat) would reach OR threshold in only 10^-37 seconds." Now here we have a trilliion atom object. That is about 10^13 amu, which is 10^-14 kg. Dividing 10^-37 seconds by 10^-14 we get 10^-23 seconds, which is far shorter than this experiment lasted. This means basically that this experiment disproves Penrose's theory! This is the first time this has happened, and I am (AFAIK) the first person to notice this.
In short it is becoming harder and harder to avoid accepting the reality of parallel worlds. What this should mean for our actions is up to the philosophers, but we should not bury our heads and pretend it isn't true.
According to the article, Stoll's excuse is that he was trying to play the contrarian:
Contrarianism helps sell magazines (and garners pageviews) but let us not forget that it is usually WRONG. Yes, humbling as it may be to admit, the great unwashed masses, the "sheeple", are usually right in their collective opinions. Contrarians often escape punishment for their folly because no one cares, but in this case Stoll got properly burned.
I'm a programmer and I've studied the 332 page TCPA Main TCG Architecture v1_1b.pdf design specification. It explicitly refers to the owner as an attacker and it specifically mandates the chip to be secure against the owner himself.
Pics or it didn't happen.
The closest I can find is pages 313-314: "The basic design point for the attack tree is that the TPM should be resistant to all software attacks and somewhat resistant to hardware attacks."
A prescription that the chip be "somewhat [!!!] resistant to hardware attacks" is a pretty thin basis for asserting Orwellian control and domination.
He cracked the SLB9635TT12 as seen on the Wiki page image.
Thanks, that is helpful, but where is this Wiki page? I looked at the BlackHat session links and right now there are just some slides that are very generic and don't mention any parts. The video and audio is not up yet.
I have no doubt he could tell us this EK you mention but this might violate the DMCA if he did.
I wouldn't think so, but even so he could instead sign a message with the EK and get the same effect, as suggested above.
If it all sounds TinfoilHat-ish, that's because the system really is that Orwellian.
Let me make a couple of arguments against this:
1. The TPM can also be used for non-Orwellian purposes. For example playing an online game and making sure nobody has cheat mods loaded. This could even be a P2P game if anybody was interested in that any more. Or how about online poker or blackjack. How do you know the dealer's not cheating? He could use a TPM protected system and other players could verify that his software is fair. Another example, imagine a P2P Ebay. The seller could run the auction and everybody could send in their maximum bid. But the seller uses TPM so bidders know he can't see what their max bids are, and cheat them. No third party, no commissions.
I know it's hard to believe, but there are actually many situations in life where it is to your advantage to be able to commit yourself not to break the rules. That is really what a contract is, if you think about it. Contracts are a way to get the other guy to believe you will keep your word (and vice versa). It is to your advantage to be able to commit yourself in this way.
Trusted Computing delivers the same capability in the realm of software and data. You can convince the other side that you will follow certain rules, the rules embodied in the software. Believe it or not, this can actually be to your advantage. And if it's not, you can tell the other guy to take off.
2. TCPA didn't have to do it like this. If all they wanted was DRM, they could have gone ahead and made a centralized system that works the way (almost) everybody thinks Trusted Computing and TPM works: "it will only run signed code". How many times have I heard that over the years. Hundreds. And it's wrong every time. But they could have done it like that, made a system that lets Big Business trust your computer because it controls it. They could have made it so you couldn't run a hacked movie player or logging video driver. This would have accomplished the DRM goals.
But they didn't. They came up with a general purpose system for Trusted Computing that provides just that: a way for people to trust EACH OTHER'S computing. Anyone can use it, for any purpose. Any code can run. It's just that you can't lie about what is running.
Ironically of course the one system that does provide all the horror of what everyone was afraid of is the iPhone, which also happens to be enormously more successful than TPM. For all the fear about it, TPM has never been used in any single application for DRM. All it has been used for is protecting your own crypto keys. But for years everyone has been "Oh teh Orwell" about TPM, while meanwhile Apple is fat and happy signing every iPhone app before it lets it go out.
Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?
You're right, that's a better idea. He can sign something with the EK rather than publishing the private key. It accomplishes the same thing but maybe causes less disruption to the TPM world.
I've been reading about this hack for days, but something seems fishy. Some of the earlier reports had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.
However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.
Wouldn't it be great if somebody created a cam capture of Avatar 3D with one camera looking through the left lens of the glasses, and the other camera looking through the right lens? Then they could package them together in some format and people can watch them on existing 3D monitors that use glasses. I looked at some movie sites and they have Avatar "telesyncs" but no 3D versions, too bad. I wonder if any of the 3D TVs at CES will be showing Avatar, that would be good too.
http://discovery.csc.ncsu.edu/pubs/ccs09-HookSafe.pdf
[Via Schneier]
Actually although ALS kills neurons in the spinal cord, these cells extend from there to the muscles. And as the nerves begin to fail, they first withdraw from the muscles. They die from the muscle end back to the central location in the spinal cord. Once the nerves die, muscles atrophy in ALS and eventually shrink away to almost nothing. However I believe that electrical stimulation still works to make the muscles contract. E-stim can maintain muscles in ALS, but normally there is no point since there will be no more nerves connecting to them. However with this new technology it may be possible to make muscles contract electrically, controlled by sensors in the brain.
Keep in mind that Hawking lives in England, not the United States. The FDA has no jurisdiction over him. Now it may be in practice that the British health service does follow FDA recommendations in large part, so it's not likely that the treatment would be available any too soon there. But it is certainly possible for him to travel to Europe or even to Asia in order to get treatment if he wants it. There are clinics in Germany, Mexico and China at least that are doing experimental stem cell treatments for ALS and similar diseases, many with rather extravagant claims of improvement but none with patients who are walking around cured.
Great question, to which there is an answer, but it is an active area of research. The answer is Trusted Computing. TC provides exactly this ability, to know the hash of software running on a remote machine. The TPM chip validates the hash as the software loads, and produces cryptographic signatures of that data. Software that implements this kind of functionality includes Oslo, Trusted Grub, TBoot, and patches for Xen and Linux to make them use the TPM. Using these tools, someone could put together a cloud storage provider that would not only provide TPM signatures on OS images, the design could be such that even system operators cannot inspect OS encrypted data, and the TPM could validate that as well.
Unfortunately, Richard Stallman and the FSF have demonized this technology to the point that hardly anyone is working on it for fear of being tarred with the "Treacherous Computing" brush. They refuse to recognize the value of being able to prove to others what software you are running. Apparently they are afraid that people will choose to run software that RMS does not approve of. They want to keep people from having the ability to make these kinds of attestations "for their own good". Of course, taking away choice under the guise of making people freer is the standard modus operandi for the FSF, as in their promotion of the GPL over less restrictive licenses like BSD. So we should not be surprised at their ideological desire to suppress research on a technology that would give people entirely new kinds of choices and abilities in the software they run, to be able for the first time to make credible commitments to third parties about how software will behave.
For chocolate lovers who don't fit the demographics, peruse this list of ongoing clinical trials, you might get lucky:
http://clinicaltrials.gov/ct2/results?term=chocolate
I think the article descirbes this one, FLAVO, which compares flavonoid-enhanced chocolate with unenhanced:
http://clinicaltrials.gov/ct2/show/NCT00677599?term=chocolate&rank=18
For study subjects: "Flavonoid compounds from cocoa (including epicatechin) and soy to be consumed for 365days in the experimental intervention (versus placebo consumption). 27g chocolate bar the vehicle for flavonoid enrichment."
For controls: "27g placebo chocolate bar to be consumed for 365 days."
27g is about 1 oz. Typical commercial chocolate bars are maybe 1.5 oz.
I was hoping to see some logic in this thread, but too bad. I've often seen this supposed failure of the EU carbon markets cited, without anyone ever pointing out the obvious implications.
So carbon emission permit prices were very low. What does that mean? It means there was little demand for carbon permits, right? Too much supply, too little demand. And why is that? It means that emitters were already able to meet their emission targets without using the permits much. It means there were plenty of permits available, more than were needed to meet the targets.
It all points to the same thing: the caps were high, so that it was easy to meet them.
That's not necessarily bad! You're phasing in the system, you don't want it to be too disruptive at first. So you will begin by setting caps generally easy to meet, and gradually tightening up. That's how government always does these things.
Then one thing that happened was that the world economy slowed. This caused production to decline, and therefore carbon output declined. This also reduced demand for the permits. Again, that's not bad! It means that the carbon emission targets were met without a great deal of pain, or at least, without adding extra pain to what was already going on due to the recession. It's a good thing that a cap and trade system has this kind of flexibility, that when the economy slows down, its bite decreases, and then if the economy overheats and starts growing rapidly, the permits will become much more expensive. It will tend to smooth out economic fluctuations.
The bottom line is that a cap and trade system allows the government to set the desired carbon emission level. How that level is met is up to the market. Markets are good at finding the least painful and expensive ways to meet resource constraints, and that is exactly what they have done. It often turns out that initial reductions in resources (whether oil inputs or carbon outputs) can be met surprisingly cheaply, because of the economic notion of marginal production. This is the least efficient and most expensive production which still barely makes economic sense to operate. As costs rise, it is the marginal production which is cut first, not the average production. It means that the production which is taken off-line is the production you cared about the least, the most inefficient and wasteful. It means you can reduce your costs without reducing your profits much. This probably goes a long way towards explaining why carbon prices ended up much lower than people predicted.
Keep in mind too that political opponents of these measures will have exaggerated the likely consequences and how painful the caps would be to deal with. They would have been the last people to explain the points I have made here about how much easier than expected it might turn out to be to meet the caps. This too can have led to unrealistic expectations for carbon market prices.
In the end, low carbon market prices are a great sign. It means that the carbon caps are holding, reductions in carbon are happening, without much negative impact on the economy. We should all hope that our U.S. markets encounter the same fortuitous outcome.
In all the thousands of words of discussion I have read on this issue, I haven't seen one mention of the question of whether gasoline use will be affected by the carbon caps. That seems strange.
"Motor vehicles are responsible for almost a quarter of annual US emissions of carbon dioxide"
A few misconceptions continue to circulate here; let me try to shed some light.
First, the encryption system is apparently not practical in its current form. Maybe improvements will occur some day to make it practical, maybe not. It is still a major theoretical breakthrough because fully homomorphic encryption had often been thought to be impossible in the past. It has been a long sought goal in cryptography and it is remarkable to see it finally achieved. So in practice nobody is going to be doing spam filtering, income tax returns, or anonymous google searches any time soon.
Second, several people have gotten tripped up over an apparent weakness: if you can calculate E(X-Y) you can get an encryption of 0; if you can calculate E(X/Y) you can get an encryption of 1; and from these you could get other encryptions and potentially break the system. This idea fails for two reasons: first, it is a public-key system, so you don't need to go through all this rigamarole to get encryptions of 0, 1, or anything. In public key cryptography, anyone can encrypt data under a given key, without knowing any secrets. So it is already possible to get encryptions of known values, even without the special homomorphic properties. Second, in order for public key systems to be secure, they need to have a randomization property. In randomized encryption, there are multiple ciphertext values that encrypt the same plaintext. Basically, the encryption algorithm takes both the plaintext and a random value, and produces the ciphertext. Each different possible random value causes the same plaintext to go to a different ciphertext. The decryption algorithm nevertheless can take any of these different ciphertext values and produce the same plaintext.
This may be confusing because the most well known public key encryption system, RSA is not randomized. At the time it was invented, this aspect was not well understood. Shortly afterwards it became clear how important randomization is. Other encryption systems like ElGamal do use randomization, and RSA was adapted to allow randomization via what is called a "random padding" layer, known by the technical name PKCS-1. This adds the randomness which allows RSA to be used securely.
One other point is that people are getting hung up about what "fully" homomorphic encryption covers. Exactly what operations can you do? I think the best way to think of it is to go down to the binary level. We know that in our computers, at the lowest level everything is 1's and 0's. These get combined with elementary logical operations like AND, OR, NOT, XOR, and so on. Using these primitive operations, all the complexity of modern programs can be built up.
In the case of the homomorphic encryption, it is probably best to think of the values being encrypted in binary form, as encryptions of 1's and 0's. Keep in mind the point above about randomized encryption: all the encryptions of 1 look different, as do all the encryptions of 0. You can't tell whether a given value encrypts a 1 or a 0. Given these encrypted values, you can compute AND, OR, XOR, NOT and so on with these values, and get new encrypted values as the answers. You don't know the value of the outputs, they are encrypted. Only the holder of the private key, who originally encrypted the data, could decrypt the output. But you can continue to work with these output values, do more calculations with them, and so on.
Let me give an example of how you could do an equality comparison. Suppose you have two encrypted values and want to determine if they are the same. Recall that we are working in binary, so you actually have two sequences of encrypted bits; some are encrypted 1's and some are encrypted 0's, but you can't tell which. So the first thing you compute is the XOR of corresponding bits in the two values: XOR the 1st bits of each value; XOR the 2nd bits of each value, and so on. Now if the values are equal, the results are all encryptions of 0's. If the values are different, some of the results will be encryptions of 1's. But aga