The BIOS itself is going to have its own file system in part of the hard disk that the regular OS can't see??? Boy, who needs Windows keystroke loggers when the BIOS itself can do that invisibly? I just want to find a nice one-floppy DOS laptop at a flea market and lock it in a safe for when it becomes impossible to know what more modern computers are doing.
First of all you should never write sufficiently sensitive data to a hard drive in cleartext form. But if you have 10,000 encrypted files and you want to delete one securely, the question then becomes, how do you get rid of the decryption key for that file?
It turns out you can do that if you have some securely deletable way to store just one key (e.g. 16 bytes for an AES key). See
here for further description and a link to sample code.
VMware is technically extremely cool--it's an awesome hack involving binary translation, emulation, and other neat tricks to get around the x86's unfortunate inability to self-virtualize the way that 1970's mainframes like the IBM 370 could.
Of course, the really obvious way to fix the problem is to add the capability to the CPU. That would make all the workarounds and tricks unnecessary and there would be no need for VMware. VMware-like capability could be built into ordinary BIOS's or mini-OS's. All Intel or AMD would have to do would be add a self-virtualization mode to the P4 or Athlon, that handled those problematic instructions and registers correctly. They may not have seen the market for this earlier, but it's definitely out there now.
Is it just the tinfoil hat wearer in me that really doesn't want Wifi built into my laptop? I'll take it as a plug-in card (mini-PCI or PCMCIA or whatever) just fine, thank you. Or at least as something I can turn off with a mechanical switch. But the latest thing I want is for John Ashcroft to have complete access to the internal state of my PC from the comfort of his black helicopter hundreds of meters away, courtesy of a non-removable wireless broadcasting device whose tentacles reach into the lowest levels of the hardware on the laptop motherboard. Even just broadcasting the keyboard interrupt data would compromise any email or passwords that I typed into the machine.
Navy ships should have polling places on board.
Similarly, overseas embassies and consulates should have polling places available where you can bring your absentee ballot and cast it. It's not that complicated.
in situations like those. There should of course be safeguards against abuse. As it stands, absentee ballots are about the favorite method of election fraud, just because of stuff like this. Use of absentee ballots should also be curtailed, especially the mailed-in kind. Absentee ballots that you actually bring to a certified polling place (any polling place, not necessarily the one where you live) and cast at the polling place would help with that problem a lot. Of course there would still have to be a few exceptions, but the numbers could pretty small.
which means the vote swapping is enforceable--if a congressmember reneges on a swap agreement, the other person can retaliate in the future. Vote swapping in Congress is a bad consequence of non-secrecy, that we accept because we need the non-secrecy since Congressmembers are supposed to be accountable to the public that elects them. So we need to be able to check up on how they vote.
Members of the public, on the other hand, are
accountable to nobody but themselves. So they can and should have a secret ballot with nobody checking up on them. If that neutralizes vote swapping, that's a good thing. People should vote for what they actually want, not what someone else traded them for.
You didn't read the post. Of course you have the right to tell people who you voted for. You don't, and shouldn't, have the right to let them check up that you told them the truth. Otherwise, if Sheriff Bubba can demand to see your ballot, he can indeed lynch you for voting for Bob. A secret ballot means you can vote for Bob and there's no way for Sheriff Bubba to beat that information out of you in a way that he can check it.
Vote swapping in many instances in 2000 was done by trading marked absentee ballots. They did to make sure that the "Nader" vote they were swapping for didn't end up as a Bush vote. But absentee ballot trading is and should be illegal, since it gives another person a direct way to see how a particular ballot was cast. That undermines the secret ballot, which is an essential feature of democracy.
To elaborate: the secret ballot--not letting another person watch you vote--has to be mandatory to be fully effective.
It's not enough to give you the option of voting secretly in a voting booth with the curtain drawn.
Allowing another person into the booth with you to watch you vote has to be prohibited. Otherwise you can be coerced into voting a certain way and "voluntarily" inviting a verifier (your boss, your abusive spouse, the local Mafia don, etc) to make sure you followed your orders. Of course your boss can ask you how you secretly voted, but without direct verification, you can lie to him. That's correct, an intentional and desirable characteristic of the secret balloting system is it makes a way for you to lie your way out of a bad situation. But that means "vote swapping" with total strangers on the basis of mere pledges is a pretty dumb idea. You don't and can't have any way to know how they really voted.
Type "receipt-free voting" to see how designers of computerized cryptographic voting protocols try to deal with this problem. It's a hard theoretical problem, quite difficult to do securely and keep all the nice attributes of paper ballots.
I'd say computers play openings exactly as well as the people who program them, since they're playing out a book and the book is simply entered into the program by the programmer. Well, Kasparov is the strongest player in the world partly because he's better at openings than anyone else. As much as 50 Elo points of his strength (out of his ~2800) has been credited to his opening preparation. He is possibly the world's best opening theorist in his own right, and he also pays a team of players to constantly sit around analyzing openings for him and feed him new tricks that they find. So it's no surprise that he beat the computer in the opening.
You're completely correct about endings--computers play a limited class of endings perfectly, those they have databases for (5 piece and some 6 piece endings). If you look at a Rubinstein type of strategic ending with knight+bishop+2 pawns vs 2 knights and 3 pawns or something like that, computers aren't especially better off.
F-H Hsu (designer of Deep Blue) claims there are still tactical positions where humans do better than computers, because humans sometimes know to keep searching when a computer might think a position had run out of possibilities. Hsu's invention of "singular extensions" was designed to combat that effect.
Finally there's a famous chess cliche that sums up what we're all saying here: a great player plays the opening like a book, the middlegame like a magician, and the ending like a machine. Computers are good at playing both like books and like machines; they still have to work on "magician".
Look at how cheap preformatted floppies are at the store. Every floppy at formatting time has to undergo basically the same thing as a duplication process.
As for USB flash gizmos, I'll say they've caught on as well as floppies when AOL starts sending them out for free in the mail. I went for a long time without having to actually buy any blank floppies, because I just reformatted the AOL free ones instead.
Here's a Sony press release about a "giga vault" handheld 40Gb hard drive gizmo, with USB2 and Firewire but no 802.11. They do seem to be getting into the portable storage biz.
In other news, HP will follow Dell's lead--it wants to stop including printers in its product line, and will start this practice later this quarter, as reported in this Yahoo article. Says HP's product marketing: We would like to see customers migrate away from paper as quickly as possible, because there are better alternative technologies out there... it's an antique technology. At some point, you've got to draw the line. You wouldn't think of using a table or chair from 15 years ago." They plan to educate their customers about DRM-equipped e-books with floating licenses as replacements.
There seems to be some industry rule, that anything that works must be improved til it doesn't work any more!
is probably enough to get a fusion bomb lit. It took a comparatively long time for the US and USSR to make fusion bombs because it wasn't clear at first that it was even possible. But China and apparently Pakistan got fusion bombs working pretty quickly.
to separating uranium isotopes from each other. Getting the U235 out of natural uranium is so difficult because U235 and U238 are the same chemical element; any separation process has to distinguish the isotopes based on the small difference in atomic weight. That means centrifuges, gaseous diffusion, lasers, and other cumbersome means.
Separating plutonium from U238 in spent reactor fuel is much easier. Plutonium and uranium are different chemical elements and can be separated by chemical processes. It's not something you can do in your kitchen, but
atom bomb designer Ted Taylor, in John McPhee's excellent book The Curve of Binding Energy, compares its difficulty to that of building, say, a large scale drug lab.
We know perfectly well that criminal organizations manage enough chemical engineering to produce refined heroin and cocaine by tens of tons even without any governments supporting or protecting them. Separating Pu from U in quantities of only a few kilograms, as an official project of the local rogue government, appears quite achievable in the face of that knowledge.
That Spock pic and several others were done by Sam Harbison at the Princeton University computer center in the early 70's. He scanned the photos with a digital densitometer (a big deal back then), did some clever image processing (another big deal back then) to convert the greyscale into patterns of light and dark dots, and finally did more cleverness to map the light and dark dots into overstrike patterns. I don't know if he ever published anything detailed about it or whether he released any of the tools. However, the actual printer files were available and many people printed out the pictures for their walls.
Get yourself a mini-DV or digital-8 camcorder and start shooting some interesting video. Each 60 minute tape is around 11 gigabytes. You'll fill up 137 GB in no time.
Re:Ramblings on overpriced labor & ecology
on
Giant Sucking Noise
·
· Score: 3, Insightful
If there is an exec candidate from Bulgaria that will work for a third of what some American then guess which is a better business choice? All things being equal aside from salary demands makes the choice pretty simple.
Um, CEO candidate from Bulgaria? Do you have any idea what CEO's do for a living? CEO's are not hired for their brains or vision or technical ability. They're hired for their ability to make deals, which means using their political and business connections which they didn't get in Bulgaria. Do you really think Dick Cheney would have become CEO of Halliburton if he hadn't first been Secretary of Defense so he could sell Halliburton services to the military? That George W. Bush would have been on the board of Harken without first being the son of a Congressman? Of course there are exceptions, but for the most part these connections come from the boardrooms and the golf courses, and get started by being born into the right families and getting "legacy" admissions to the right universities so they can connect up with other such scions (think of GWB at Andover and Yale). The CEO business is not a meritocracy. It's much closer to a hereditary nobility. Our society is much closer to feudalism than we like to imagine. See the article
How to become as rich as Bill Gates to learn how you can join in. Having connected parents is the one thing that can't be outsourced.
Remember that a metro area has a diameter of miles. How many 100 mbit ethernets do you think are operating in the downtown area of any big city? Probably thousands. Don't you think a lot of them will want to extend their reach to the whole metro area? Just think of the big web sites trying to deliver pr0n: who wants to pay $2/GB to some ISP when you can get bandwidth for nothing, at least within that city?
Also, with some gain antennas you should be able to get quite a bit better range than with 802.11, which is already miles. So maybe with some bridges we'll start getting medium and long haul networks bypassing telecoms. I can't see that happening without the transmitters clobbering each other, but even if it was possible, regulators would go nuts.
when you're talking about a city-wide network. Imagine a city phone switch which could only handle 8 conversations at a time. Plenty of spectrum in this situation means tens of thousands of channels.
How are all those bits going to fit in the air? What will the transmitter power requirements be?
I seriously doubt if this is going to use unlicensed spectrum like 802.11. You just can't move that amount of data over that much distance with those little 15 milliwatt(?) transmitters that 802.11 uses. And you can't have thousands of the things active in a city at the same time without clobbering each other.
So expect yet more monopolies given to whichever corporate greedheads have the best political connections, just like in radio and TV broadcasting. Sigh.
A 59 cent DVD-R blank holds 4.7 GB, or about 80 hours of MP3's at 128 kbits. That's equal to about 66 compressed CD's at 74 minutes each. If each CD is $15.99 retail, you go over that $1000 limit just by burning a 4.7 GB chunk of your MP3 collection from your hard drive to a DVD-R and giving it to a friend in your bedroom. Broadband and P2P don't have to come into the picture. DVD-R burners are getting to be as common as CD burners were a few years ago; they're even being built into laptops now. Soon every college kid will have one. The entrapment and blackmail potential is scary to even try to imagine.
The instinct to share with your friends is natural and healthy, and trying to destroy it with scary laws cannot possibly be good for society.
Why is this causing such an "outrage"? Stealing copyrighted material IS wrong.
The wrongness is not that relevant--the punishment is completely disproportionate to the offense. Letting your parking meter expire is also wrong, but when we catch someone doing it, we write them a ticket. We don't send them to prison for years.
In the P2P situation, there's no demonstration that the copyright holder actually lost the "value" of the copied works. So it's ridiculous to treat it as if that amount was actually lost, rather than (realistically) a few percent of the amount, tops. So if uploading $1000 of CD's is "theft", it's theft comparable to shoplifting a pair of blue jeans, and should be prosecuted about the same way. Also, the stuff defining downloading more stuff as "financial gain" is positively Orwellian. What we're seeing is War On Drugs Part II.
Slashdot Mirror
The BIOS itself is going to have its own file system in part of the hard disk that the regular OS can't see??? Boy, who needs Windows keystroke loggers when the BIOS itself can do that invisibly? I just want to find a nice one-floppy DOS laptop at a flea market and lock it in a safe for when it becomes impossible to know what more modern computers are doing.
It turns out you can do that if you have some securely deletable way to store just one key (e.g. 16 bytes for an AES key). See here for further description and a link to sample code.
In the attack being discussed, the MITM is supposed to induce errors, and see how the other end reacts. The certificate doesn't prevent that.
Of course, the really obvious way to fix the problem is to add the capability to the CPU. That would make all the workarounds and tricks unnecessary and there would be no need for VMware. VMware-like capability could be built into ordinary BIOS's or mini-OS's. All Intel or AMD would have to do would be add a self-virtualization mode to the P4 or Athlon, that handled those problematic instructions and registers correctly. They may not have seen the market for this earlier, but it's definitely out there now.
Anyone know if 4.0.2 or 4.1.2 are affected by this bug? Do those versions have serious security probs of their own?
So, thanks, but no thanks.
Navy ships should have polling places on board. Similarly, overseas embassies and consulates should have polling places available where you can bring your absentee ballot and cast it. It's not that complicated.
in situations like those. There should of course be safeguards against abuse. As it stands, absentee ballots are about the favorite method of election fraud, just because of stuff like this. Use of absentee ballots should also be curtailed, especially the mailed-in kind. Absentee ballots that you actually bring to a certified polling place (any polling place, not necessarily the one where you live) and cast at the polling place would help with that problem a lot. Of course there would still have to be a few exceptions, but the numbers could pretty small.
Members of the public, on the other hand, are accountable to nobody but themselves. So they can and should have a secret ballot with nobody checking up on them. If that neutralizes vote swapping, that's a good thing. People should vote for what they actually want, not what someone else traded them for.
You didn't read the post. Of course you have the right to tell people who you voted for. You don't, and shouldn't, have the right to let them check up that you told them the truth. Otherwise, if Sheriff Bubba can demand to see your ballot, he can indeed lynch you for voting for Bob. A secret ballot means you can vote for Bob and there's no way for Sheriff Bubba to beat that information out of you in a way that he can check it.
To elaborate: the secret ballot--not letting another person watch you vote--has to be mandatory to be fully effective. It's not enough to give you the option of voting secretly in a voting booth with the curtain drawn. Allowing another person into the booth with you to watch you vote has to be prohibited. Otherwise you can be coerced into voting a certain way and "voluntarily" inviting a verifier (your boss, your abusive spouse, the local Mafia don, etc) to make sure you followed your orders. Of course your boss can ask you how you secretly voted, but without direct verification, you can lie to him. That's correct, an intentional and desirable characteristic of the secret balloting system is it makes a way for you to lie your way out of a bad situation. But that means "vote swapping" with total strangers on the basis of mere pledges is a pretty dumb idea. You don't and can't have any way to know how they really voted.
Type "receipt-free voting" to see how designers of computerized cryptographic voting protocols try to deal with this problem. It's a hard theoretical problem, quite difficult to do securely and keep all the nice attributes of paper ballots.
You're completely correct about endings--computers play a limited class of endings perfectly, those they have databases for (5 piece and some 6 piece endings). If you look at a Rubinstein type of strategic ending with knight+bishop+2 pawns vs 2 knights and 3 pawns or something like that, computers aren't especially better off.
F-H Hsu (designer of Deep Blue) claims there are still tactical positions where humans do better than computers, because humans sometimes know to keep searching when a computer might think a position had run out of possibilities. Hsu's invention of "singular extensions" was designed to combat that effect.
Finally there's a famous chess cliche that sums up what we're all saying here: a great player plays the opening like a book, the middlegame like a magician, and the ending like a machine. Computers are good at playing both like books and like machines; they still have to work on "magician".
As for USB flash gizmos, I'll say they've caught on as well as floppies when AOL starts sending them out for free in the mail. I went for a long time without having to actually buy any blank floppies, because I just reformatted the AOL free ones instead.
Here's a Sony press release about a "giga vault" handheld 40Gb hard drive gizmo, with USB2 and Firewire but no 802.11. They do seem to be getting into the portable storage biz.
There seems to be some industry rule, that anything that works must be improved til it doesn't work any more!
is probably enough to get a fusion bomb lit. It took a comparatively long time for the US and USSR to make fusion bombs because it wasn't clear at first that it was even possible. But China and apparently Pakistan got fusion bombs working pretty quickly.
Separating plutonium from U238 in spent reactor fuel is much easier. Plutonium and uranium are different chemical elements and can be separated by chemical processes. It's not something you can do in your kitchen, but atom bomb designer Ted Taylor, in John McPhee's excellent book The Curve of Binding Energy, compares its difficulty to that of building, say, a large scale drug lab.
We know perfectly well that criminal organizations manage enough chemical engineering to produce refined heroin and cocaine by tens of tons even without any governments supporting or protecting them. Separating Pu from U in quantities of only a few kilograms, as an official project of the local rogue government, appears quite achievable in the face of that knowledge.
That Spock pic and several others were done by Sam Harbison at the Princeton University computer center in the early 70's. He scanned the photos with a digital densitometer (a big deal back then), did some clever image processing (another big deal back then) to convert the greyscale into patterns of light and dark dots, and finally did more cleverness to map the light and dark dots into overstrike patterns. I don't know if he ever published anything detailed about it or whether he released any of the tools. However, the actual printer files were available and many people printed out the pictures for their walls.
Get yourself a mini-DV or digital-8 camcorder and start shooting some interesting video. Each 60 minute tape is around 11 gigabytes. You'll fill up 137 GB in no time.
Um, CEO candidate from Bulgaria? Do you have any idea what CEO's do for a living? CEO's are not hired for their brains or vision or technical ability. They're hired for their ability to make deals, which means using their political and business connections which they didn't get in Bulgaria. Do you really think Dick Cheney would have become CEO of Halliburton if he hadn't first been Secretary of Defense so he could sell Halliburton services to the military? That George W. Bush would have been on the board of Harken without first being the son of a Congressman? Of course there are exceptions, but for the most part these connections come from the boardrooms and the golf courses, and get started by being born into the right families and getting "legacy" admissions to the right universities so they can connect up with other such scions (think of GWB at Andover and Yale). The CEO business is not a meritocracy. It's much closer to a hereditary nobility. Our society is much closer to feudalism than we like to imagine. See the article How to become as rich as Bill Gates to learn how you can join in. Having connected parents is the one thing that can't be outsourced.
Also, with some gain antennas you should be able to get quite a bit better range than with 802.11, which is already miles. So maybe with some bridges we'll start getting medium and long haul networks bypassing telecoms. I can't see that happening without the transmitters clobbering each other, but even if it was possible, regulators would go nuts.
when you're talking about a city-wide network. Imagine a city phone switch which could only handle 8 conversations at a time. Plenty of spectrum in this situation means tens of thousands of channels.
I seriously doubt if this is going to use unlicensed spectrum like 802.11. You just can't move that amount of data over that much distance with those little 15 milliwatt(?) transmitters that 802.11 uses. And you can't have thousands of the things active in a city at the same time without clobbering each other.
So expect yet more monopolies given to whichever corporate greedheads have the best political connections, just like in radio and TV broadcasting. Sigh.
The instinct to share with your friends is natural and healthy, and trying to destroy it with scary laws cannot possibly be good for society.
The wrongness is not that relevant--the punishment is completely disproportionate to the offense. Letting your parking meter expire is also wrong, but when we catch someone doing it, we write them a ticket. We don't send them to prison for years.
In the P2P situation, there's no demonstration that the copyright holder actually lost the "value" of the copied works. So it's ridiculous to treat it as if that amount was actually lost, rather than (realistically) a few percent of the amount, tops. So if uploading $1000 of CD's is "theft", it's theft comparable to shoplifting a pair of blue jeans, and should be prosecuted about the same way. Also, the stuff defining downloading more stuff as "financial gain" is positively Orwellian. What we're seeing is War On Drugs Part II.
ObLink: The Right To Read.