There have been plenty of crappy laws through the years with we would have been better off without.
Segregation for example.
"Why are my tax dollars being spent giving me a speeding ticket when there are real crime organizations out there killing people?"
To generate revenue for the gov't. Speed limits in this country are set deliberately and ridiculously low. There are plenty of examples of this. Should a 55MPH on a road that was provably designed by a traffic engineer to be a 65 zone be enforced?
While it is important for both major and minor laws to be enforced, not all laws should necessarily be enforced. Some are misguided and some and just plain bad.
We don't have the right to distributed pirated works online. How does this story fit in this category?
Because not everyone agrees with our current set of laws.
....imagine that: disagreement about what the law should be.... in a democracy even!
If you want to see blind cheerleading for law enforcement go watch some crappy TV show.
Here on/. a lot of us believe that we (the public) should have more rights and copyright holders less (even though many of us rely on copyright too).
Yes, the problem IS the private sector. Efficiency, quality, and reliability DOES NOT automatically follow when profit is the motivation.
It sure does when you say:
"Your product must meet these efficiency, quality, and reliability requirements or you're not getting paid."
The government did demand it, they were promised it, and Diebold lied about it.
AND THE GOV'T KNOWS THAT DIEBOLD LIED! The gov't should have cancelled to cotract immediately and demanded their money back. The contract should have been written in such a way that they can do this.
What's happening here is all the people with the anti-government, pro-privatization bias are scrambling to make it look like somehow it wasn't the private sector's fault.
I'm not "anti-government, pro-privatization". I actually work at a company who's single biggest customer is the government.
Someone within the government is NOT DOING THEIR JOB. There should be a contract, a set of requirements, and a set of tests to verify these requirements. It would be absolutely stupid to buy something like an e-voting machine "as-is". Someone is not doing their job WRT keeping tack of taxpayer money.
The simple fact is that, while Diebold does indeed care about producing accurate voting results, they are more concerned with making money. If Diebold is forced to choose between increasing their profit and making the system better, they'll choose profit.
If you put voting machines in the hands of the private sector, the private sector will try to maximize profit. Corners will be cut.
As someone who actually works on contracts for the government, I see a lot of these "where to place the blame" comments and can't believe how off base they are. There are two parties that should be sharing the blame:
Diebold
The Gov't organization is charge of overseeing the contract.
Diebold is being grossly negligent. They should get sued and possibly have a few people go to jail. I don't care if profit is you motivator, you do not build a car that you know will explode in 10% of all collisions. If you do, you're being grossly negligent and deserve to be punished. Sure profit is your motivator, but that doesn't mean you have no responsibility for your work.
On the other side of things, WHY HASN'T THIS CONTRACT BEEN CANCELLED AND THE MACHINES THROWN OUT!?.
Someone in the Gov't is NOT doing their job. By this point the gov't should have said, "We can't trust these guy and they're doing shit work. It would not be wise to continue any sort of business relationship with them. We also shouldn't pay them for their crappy, useless machines."
The fact that this hasn't happened makes me suspect a payoff or a conflict of interest.
Just to give you guys a frame of reference:
The project I'm working on has about 1000 requirements. These must all be formally tested and some of these tests government witnessed.
It's a big PITA to do that much testing and I imagine it's one of the ways you can end up with a $100 hammer, but at least you're sure you've got the right hammer. In that case of something like a voting system, there should be a set of formal tests taking place to verify that the system actually works and the gov't is getting what it paid for.
The current situation indicates that someone is being negligent with taxpayer money.
Tallying could be done mechanically, as a barcode could accompany the printed text.
Just a nitpick here. There is nothing to be gained by putting barcodes on the ballots because humans can't verifiy them. The person can only verify the text accompanying the barcode.
In the end you'd still have to verify that the barcode actuallys matches the text above it, but if you're going to do that you may as weel just skip reading the barcode altogether and verify that the text matches the electronic count.
The proper way to do it is to have an encoding that is both human and machine readable (like an OCR font, punched out hole, filled in bubble, etc).
Put simply, the French suffered, while the US grandstanded, and picked over the spoils of victory.
That's not "putting it simply" that's deliberately distorting the truth.
The French were attacked and surrendered. WTF were we supposed to do, drop everything at right that second and fight for a country that wouldn't even fight for itself?
When the time came and we were attacked, we stood up and fought. That's what you should do, not cave in and be at the enemy's mercy. Having a lot of your people get killed does not mean you made good decisions and did the right thing.
The French surrender will always be a black mark on their history, the same way the internment camps are on ours.
First of all, there is no "alarm" of any sort. Qubits are transmitted; on average, half of them will be wasted (because the receiver has to guess at which basis to read them in). It'll be a little bit more or less than half, but about half.
Which is my point. The odds that it is exactly half are tiny, so you are going to be willing to tolerate a range of values.
As long as I can get something of value without notcibly throwing off your average I'm all set.
Ya this is really an implementation issue. The algorithm works provided we have working hardware.
The "perfect implementation" may turn out to be fundamentally impossible.
Even if you can read half of our key without us knowing, it's not a huge deal
If I can read half your key it's a HUGE deal. That would mean that quantum crypto just plain sucks. Sure you can apply other security measures on top of quantum crypto to try and fix the problem, but I could apply a lot of those same measures to IP via avain carrier
All you've done is sidestep my argument.
Think about it this way:
You and I are gambling on a coin toss. I do all the tossing and picking so I have the ability to rig a round with my double-headed coin. You want to be able to catch me if I rig a round. You tell me that you will be keeping a running average of the results and if things get too skewed, you're quitting. You give me the specfic number of rounds you will be averaging and how far away from the mean it can get before you'll cry foul. Using this information I can calculate the risk I'm taking by rigging any number of rounds. I can then choose to rig a number of rounds that leaves it likely that I can do my rigging, play the rest fair and still most likely fall withing you established limit.
That's my point about quantum crypto being reliant on statistics. You can accept only a single possible result for, you need to allow a range of results. This leads to a vulnerability:
You want to detect eavsdropping, that's kinda the whole point of quantum crypto. You want your probability of false alarm to be low (significantly less than 50%), so you need to accept a wide range of likely results. This means that there's going to be some amount of listenting in I can do where it will still be less than 50% likely that your alarm goes off.
To me this appears to be a weak point in the concept.
There are ways to combat this, but it seems that with QC, you're going to be forced to assume that you're handing over a certain number of your bits to the enemy.
In order to ensure a good probability of detection for a "significant" amount of eavesdropping, you're you going be forced to assume that X number of bits are always being intercepted, since it will not be until X+1 bits are intercepted that you will hit your desired probability of detection.
This then requires the design of a protocol where X bits can be intercepted, but it is still to hard to guess the message, so you start employing privacy amplification. While I'm not all that familiar with privacy amplification, I expect there are fundamental limits to it's effectiveness, just the same as in the fields of compression and error correction.
But again, even if you read 50% of our key (or 90% or 95% or....), we can make it arbitrarily secure by increasing the key length.
Same thing with carrier pigeons......which is why I'm getting the impression that QC is overrated.
I didn't read everything there, but it appears that the only specifically damning part from Frankenlies is on point 17 about the GAO. This one I got zapped with personally while arguing about the amount of damage done by the Clinton staff before they left the Whitehouse. Then I checked the actual PDF from the GAO. D'oh!
I decided to do a little more searching on this one and found an actual response from Franken on the subject. LINK
Also, there's a good website which debates the claims of Frakenlies here. I didn't read everything there, but it appears that the only specifically damning part from Frankenlies is on point 17 about the GAO.
Wow, thanks.
I could smell the obvious bullshit surrounding most of the claims on the website, but it's nice to see a point by point rebuttal.
You will not be convicted of anything based on ONLY the black box data.
Sure you might. Here's an example:
You're driving along. Your brakes go out, including the brake sensor for the black box.
You go right into an intersection and t-bone someone. Both cars are totaled.
In this case it's easy for prosecuters to claim:
"Look he never pushed the brakes!"
Any evidence that your brakes were damaged BEFORE the crash might well be obliterated during the crash.
As a result you just might be found guilty of causing the crash. It wouldn't be the first time an innocent man has been convicted or something, ya know.
It's very prudent to worry about black boxes. THEY WERE NOT DESIGNED TO BE USED IN COURT. These boxes were designed to record data about accidents so that manufactures could evaulate their own airbag systems.
If the message is intercepted and then re-transmitted, the message has now been sent through the attenuation cycle twice. This means that instead of the signal being modified by the original attenuation function, it's modified by the attenuation function squared, which is easy to distinguish.
So it sounds like my assessment that you just CAN'T reliably send out single photons is right and quantum crypto is relying very heavily on statistics, whereas tradditional crypto relies on factoring, etc.
This means that quantum crypto has some problems, although they are not necessarily insurmountable.
Here's an example:
Say you're trying to detect eavsedroppers via statistics, and I know you're doing this and I know what algorithm you're using. Say in this case, you're comparing the PDF of your recieved data to your expected result. You have to make a choice about how much data to use (the more samples you use, the longer I can intercept your stream before alarm bells go off) and what deviation from your expected PDF you'll accept (the smaller the window, the higher the likelihood of a false alarm). As a result I can try to beat your statistics.
For instance, I could calulate that by intercepting your message for only N bits out of every M bits, I will have an X% chance of setting off your alarm.
This is interesting because I've always heard quantum crypto described as "provably secure". This would not be the truth because there's no way for you to 100% know that a bit you're not getting is being recieved by me instead. And, there's a small chance that for every bit in the message, two photons are emitted, and you never found out about it because I recieved half of them.
I'm asking this question again because it came a bit to late to the last discussion
I posted it in
Is quantum crypto provably flawed?
I've seen tons of blurbs stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)
What strikes me about all this is the following section:
"each pulse should be attenuated to an average of about.1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."
What that says to me is that there is not way to 100% know you're transmitting just one photon.
It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.
In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.
If this is the case, a lot of the noise surrounding QC could turn out to be hype. (The big plus for quantum crypto is that it's supposedly immune to this.) Is there a quantum physicist in the house?
Interesting stuff. While a far cry from desertion, it's an interesting inconsistency. Thanks for the substantive reply.
I appreciate your willingness to check into things.
If we rather claim the President was knowingly lying about what he did while serving, we have to prove something about the thoughts of GW at the time that he said it.
It think it's fairly safe to assume that Bush should know whether or not he was flying missions in aircraft.
Regarding Hannity, most folks I've heard, when speaking extemperaneously, draw some erroneous conclusions or claim something totally fictitious. I can't recall the specific incidents but I do rememeber thinking "you made that up" while listening to Hannity, Franken, O'Reilly and others or "you really can't draw that conclusion for sure."
I'll agree with you that I've heard all 3 make conclusions that make me go "You can't get there from here!" but I have yet to catch Franken just making shit up on the spot. By that I mean lying about something like: "12% of widgets come from Guam." when you know that he knows the real number is 3%. Those are the type of lies that drive me nuts.
If you're going to make faulty conclusions about the effects of gun control policies (for example), that's not a lie, you're just stating your opinion.
To be fair, here's a site about a few of Hannity's lies and one about Franken's. While the franken site appears to show more lies, a close reading will show that while the numbers go up to 17, there aren't actually 17 lies to be found on the site. Lying about the lies of a man who wrote: "Lies and the Lying Liars Who Tell Them".......I think my head is going to explode! (or maybe I'm lying:)
Nobody is ever 100% right all the time, but what distrubs me is when people just make shit up. To me, that shows a lack of integrity.
If you tell me the movie's at six and it turns out to be at 7, I'll believe you've made an honest mistake. If you tell me you own a Porsche and it turns out you don't, you're a liar.
The government would have a record should have a record of the title transfer for your supposed Porsche, and the Gov'r should have things like GWB's flight log's. Neither exist.
(Unless of course you're lucky enought to own a Porsche and I just picked a bad example.)
Could you post a link to the facts that prove this? It was debunked weeks ago... unless you are a mouthpiece of Kerry, who voted for the war and then refused to fund it putting himself under condemnation of his own previous statements.
Ok - so despite anyone's feelings on the war in Iraq, let's face it - the military has to use SOMETHING in it's systems. Shouldn't our brave men and women at least have something reliable like linux? You'd think the linux community would be proud that linux is so reliable that the military uses it.
Would you rather they use windows?
Yep, guy this article is about has about as much common sense as Jane Fonda.
It is stupid to blame the tool or the soldier rather than the person who actually made the decision.
This is like quitting carpentry because hammers are sometimes used in murders. It's just plain stupid.
Blame the fuckwit politicos who got control of the country (and the voters^w justices who handed it to them). AFAICT, the top military brass doesn't like what's been going on any more than some of us 'liberals' do.
I couldn't agree with you more and am amazed that your post is currently marked "troll".
Members of the US military do not get to pick and choose their assignments.
The don't get a letter in the mail that says:
"Gee guys, we're going to war. Anyone who wants to help can, but feel free not to show up if you don't like it."
(Or at least everyone but Bush doesn't. For some reason no one cares that he deserted. You or I would go to jail.)
My point is: Don't blame some poor marine for the war they're fighting.
Unfortunately many people don't get it. Back when I was going to college in Ithaca, NY there were a number of protests in front of local military offices. One of the officers wrote a letter to the editor expressing pretty much this sentiment:
We (the military) did not choose to fight this war, your elected representatives did. You should be protesting in front of their offices, not mine. Why work at demoralizing people who've signed on to protect your life with theirs and have no choice, when you could protest those who actually made the decision?
First of all, speaking as a professional software developer, forking is bad.
See this is the problem, you're thinking about it as a professional software developer. You imagine a development team and a product, it's not like that.
Forking inevitably involves extra work integrating changes from branch to branch, and can be justified only by some technical or business need.
And what if I want to do something to satisfy my own intellectual curiousity? Is someone supposed to stop me from doing it "for the good of Linux"?
Certain ways of thinking just don't apply to the want Linux is done. A lot of the work is done by hobbiests who CHOOSE to work on what they are interested in.
If I decide to backport USB support to some ancient kernel, it doesn't mean that I'm taking away man-hours that would have otherwise gone towards the development of the 2.6 kernel.
Linux has become a software marketplace of ideas. If people like Redhat's idea, they'll use it. If they don't they won't. If their approach starts causing significant software compatibility problems, then I expect they'll notice and act accordingly to fix the problem, or people will switch distros.
In the end, the best choice will most likely win and choice will not have been arbitrarily limited.
Working hard and learning are two different things.
Right, but they're not mutually exclusive. Often, they go hand-in-hand.
I know some students at Caltech that are working very hard, but at the same time learn very little.
So what are you trying to say with this statement? That Caltech doesn't teach students anything?
I knew plenty of students at my school who didn't learn much or do much work. They failed out of the program.
In the end, just knowing someone has a college degree does not mean too much.
Sure it does. It means plenty. It's absolutely stupid to think it doesn't.
I just amazed. Would you suggest we just say "fuck it" and leave all our education off our resumes?
"Sure you have a doctorate in radar engineering, but you only have two years work experience. I'm going to hire this guy who's been doing stereo installs for Best Buy for the last five years to design my multi-million radar system."
Sure a degree isn't everything but it fucking matters. That's my point.
The post I was replying to said the "in the real world" degrees are meaningless. That's a crock of shit, plain and simple.
Work experience is important, but so is education. Sure you can find examples of people with degrees who don't know what the hell they're doing, but you can find people with twenty years of work experience in a particular field who are also blatantly incompetent. Does this means we should dispense with resumes altogether?
Of course not.
They are a valid, useful method for looking at a person's accomplishments. A degree is one of those accomplisments. The logic I'm seeing from you and the original post I was replying to would allow someone to say that pretty much ANY accomplisment is meaningless.
Actually, there is absolutely nothing wrong with the ipod battery other than its low milliamp hour rating.
There's nothing wrong with the CURRENT ipod batteries. Note that I referred to the "original" ipod batteries.
Actually, there is absolutely nothing wrong with the ipod battery other than its low milliamp hour rating.
Do you honestly believe that no one is researching battery technologies?
I expect companies like Panasonic spend quite a bit on research. I'd do some checking before saying that.
The problem is, you just aren't going to see batteries keep up with Moore's law. There's a limited number of chemicals they can play with.
It's like expecting the horsepower you can get from your car to double every 18 months: it just won't happen.
As far as using an Ipod battery, I doubt it..unless the voltage is the same, dimentions compatible, milliamp hour ratings where you want them to be, etc.
This gives me a clue just how little you know about batteries. The iriver and the ipod both use the same battery chemistry, therefore the cell voltage is the same. The only way the battery wouldn't work is if:
-they used a different number of cells (no good reason to use more than one cell in either device)
-the battery didn't fit (since the ipod is smaller and contains very similar hardware, i expect the battery coudl be made to fit.)
I wouldn't worry about the charging circuitry, as li-ion battery chargers are quite smart.
And no, '4 years of college' doesnt prove you are worth anything. It proves you can learn, but not much more.
What an ignorant attitude!
If you manage to get two bachelor's degrees and a master's from a top-ten school in those four years it most defintely says something. (People acutally do it, but not me.)
I hate to break it to you but college IS work. Not all colleges are the same amount of work, but those kids at the top schools in their fields work HARD.
I wasn't handed my degree, I EARNED IT. I spent 4 years both competing with and working with students from all over the world and I worked HARD.
Getting a degree from a GOOD college shows not just that you're intelligent and can learn, but that you know how to work and stick with things.
Sure there are institutions out there who demand less of their students, but trivializing the importance of college is just plain foolish.
Do you think that faculty at any College is trying to turn out students who can learn and nothing else? Do you actually think your workplace is somehow a more rigorous environment than say, MIT or Caltech?
This attack is based on TCP accepting a RANGE of numbers. This range can be artifically widened using forged messages. As a result, it does not matter how good you RNG is, this exploit is about making it easy to search the entire space of possible numbers.
Even if your RNG (Random Number Generator) was perfect, you could still be vulnerable to this attack.
This issue erupted on the freebsd irc chat, and I had to kill it by posting this linkage: http://lcamtuf.coredump.cx/newtcp/
If you really killed a discussion by posting that link it's a shame because that link isn't discussing the issue at hand.
The link you posted is about the randomness of actual sequence numbers. The exploit at hand is about the ability to the TCP protocol to accept a RANGE of sequence numbers and the ability to increase this range via forged packets. When this exploit is working it doesn't matter how random your sequence numbers are. The exploit allows the entire range of acceptible windows to be searched in short order.
The feasability of overcoming realtime 32 sequence guessing is insane, however non-zero. just my.02c
Please save your two cents and read some of the better informed posts here by people who understand the issue much better than I.
Slashdot Mirror
Because ALL laws should be enforced.
No they shouldn't.
There have been plenty of crappy laws through the years with we would have been better off without.
Segregation for example.
"Why are my tax dollars being spent giving me a speeding ticket when there are real crime organizations out there killing people?"
To generate revenue for the gov't. Speed limits in this country are set deliberately and ridiculously low. There are plenty of examples of this. Should a 55MPH on a road that was provably designed by a traffic engineer to be a 65 zone be enforced?
While it is important for both major and minor laws to be enforced, not all laws should necessarily be enforced. Some are misguided and some and just plain bad.
We don't have the right to distributed pirated works online. How does this story fit in this category?
....imagine that: disagreement about what the law should be.... in a democracy even!
/. a lot of us believe that we (the public) should have more rights and copyright holders less (even though many of us rely on copyright too).
Because not everyone agrees with our current set of laws.
If you want to see blind cheerleading for law enforcement go watch some crappy TV show.
Here on
Yes, the problem IS the private sector. Efficiency, quality, and reliability DOES NOT automatically follow when profit is the motivation.
It sure does when you say:
"Your product must meet these efficiency, quality, and reliability requirements or you're not getting paid."
The government did demand it, they were promised it, and Diebold lied about it.
AND THE GOV'T KNOWS THAT DIEBOLD LIED! The gov't should have cancelled to cotract immediately and demanded their money back. The contract should have been written in such a way that they can do this.
What's happening here is all the people with the anti-government, pro-privatization bias are scrambling to make it look like somehow it wasn't the private sector's fault.
I'm not "anti-government, pro-privatization". I actually work at a company who's single biggest customer is the government.
Someone within the government is NOT DOING THEIR JOB. There should be a contract, a set of requirements, and a set of tests to verify these requirements. It would be absolutely stupid to buy something like an e-voting machine "as-is".
Someone is not doing their job WRT keeping tack of taxpayer money.
If you put voting machines in the hands of the private sector, the private sector will try to maximize profit. Corners will be cut.
As someone who actually works on contracts for the government, I see a lot of these "where to place the blame" comments and can't believe how off base they are.
There are two parties that should be sharing the blame:
Diebold is being grossly negligent. They should get sued and possibly have a few people go to jail. I don't care if profit is you motivator, you do not build a car that you know will explode in 10% of all collisions. If you do, you're being grossly negligent and deserve to be punished. Sure profit is your motivator, but that doesn't mean you have no responsibility for your work.
On the other side of things, WHY HASN'T THIS CONTRACT BEEN CANCELLED AND THE MACHINES THROWN OUT!?.
Someone in the Gov't is NOT doing their job. By this point the gov't should have said, "We can't trust these guy and they're doing shit work. It would not be wise to continue any sort of business relationship with them. We also shouldn't pay them for their crappy, useless machines."
The fact that this hasn't happened makes me suspect a payoff or a conflict of interest.
Just to give you guys a frame of reference:
The project I'm working on has about 1000 requirements. These must all be formally tested and some of these tests government witnessed.
It's a big PITA to do that much testing and I imagine it's one of the ways you can end up with a $100 hammer, but at least you're sure you've got the right hammer. In that case of something like a voting system, there should be a set of formal tests taking place to verify that the system actually works and the gov't is getting what it paid for.
The current situation indicates that someone is being negligent with taxpayer money.
Tallying could be done mechanically, as a barcode could accompany the printed text.
Just a nitpick here. There is nothing to be gained by putting barcodes on the ballots because humans can't verifiy them. The person can only verify the text accompanying the barcode.
In the end you'd still have to verify that the barcode actuallys matches the text above it, but if you're going to do that you may as weel just skip reading the barcode altogether and verify that the text matches the electronic count.
The proper way to do it is to have an encoding that is both human and machine readable (like an OCR font, punched out hole, filled in bubble, etc).
Put simply, the French suffered, while the US grandstanded, and picked over the spoils of victory.
That's not "putting it simply" that's deliberately distorting the truth.
The French were attacked and surrendered. WTF were we supposed to do, drop everything at right that second and fight for a country that wouldn't even fight for itself?
When the time came and we were attacked, we stood up and fought. That's what you should do, not cave in and be at the enemy's mercy. Having a lot of your people get killed does not mean you made good decisions and did the right thing.
The French surrender will always be a black mark on their history, the same way the internment camps are on ours.
First of all, there is no "alarm" of any sort. Qubits are transmitted; on average, half of them will be wasted (because the receiver has to guess at which basis to read them in). It'll be a little bit more or less than half, but about half.
....), we can make it arbitrarily secure by increasing the key length.
Which is my point. The odds that it is exactly half are tiny, so you are going to be willing to tolerate a range of values.
As long as I can get something of value without notcibly throwing off your average I'm all set.
Ya this is really an implementation issue. The algorithm works provided we have working hardware.
The "perfect implementation" may turn out to be fundamentally impossible.
Even if you can read half of our key without us knowing, it's not a huge deal
If I can read half your key it's a HUGE deal. That would mean that quantum crypto just plain sucks. Sure you can apply other security measures on top of quantum crypto to try and fix the problem, but I could apply a lot of those same measures to IP via avain carrier
All you've done is sidestep my argument.
Think about it this way:
You and I are gambling on a coin toss. I do all the tossing and picking so I have the ability to rig a round with my double-headed coin. You want to be able to catch me if I rig a round. You tell me that you will be keeping a running average of the results and if things get too skewed, you're quitting. You give me the specfic number of rounds you will be averaging and how far away from the mean it can get before you'll cry foul.
Using this information I can calculate the risk I'm taking by rigging any number of rounds. I can then choose to rig a number of rounds that leaves it likely that I can do my rigging, play the rest fair and still most likely fall withing you established limit.
That's my point about quantum crypto being reliant on statistics. You can accept only a single possible result for, you need to allow a range of results. This leads to a vulnerability: You want to detect eavsdropping, that's kinda the whole point of quantum crypto. You want your probability of false alarm to be low (significantly less than 50%), so you need to accept a wide range of likely results. This means that there's going to be some amount of listenting in I can do where it will still be less than 50% likely that your alarm goes off.
To me this appears to be a weak point in the concept.
There are ways to combat this, but it seems that with QC, you're going to be forced to assume that you're handing over a certain number of your bits to the enemy.
In order to ensure a good probability of detection for a "significant" amount of eavesdropping, you're you going be forced to assume that X number of bits are always being intercepted, since it will not be until X+1 bits are intercepted that you will hit your desired probability of detection.
This then requires the design of a protocol where X bits can be intercepted, but it is still to hard to guess the message, so you start employing privacy amplification. While I'm not all that familiar with privacy amplification, I expect there are fundamental limits to it's effectiveness, just the same as in the fields of compression and error correction.
But again, even if you read 50% of our key (or 90% or 95% or
Same thing with carrier pigeons......which is why I'm getting the impression that QC is overrated.
I didn't read everything there, but it appears that the only specifically damning part from Frankenlies is on point 17 about the GAO. This one I got zapped with personally while arguing about the amount of damage done by the Clinton staff before they left the Whitehouse. Then I checked the actual PDF from the GAO. D'oh!
I decided to do a little more searching on this one and found an actual response from Franken on the subject. LINK
Also, there's a good website which debates the claims of Frakenlies here. I didn't read everything there, but it appears that the only specifically damning part from Frankenlies is on point 17 about the GAO.
Wow, thanks.
I could smell the obvious bullshit surrounding most of the claims on the website, but it's nice to see a point by point rebuttal.
I assume that, after being rounded up by the police, they are locked in jail cells?
Nope.
They actually provide their own cages out in front of the Willard Straight Hall.
You will not be convicted of anything based on ONLY the black box data.
Sure you might. Here's an example:
You're driving along. Your brakes go out, including the brake sensor for the black box.
You go right into an intersection and t-bone someone. Both cars are totaled.
In this case it's easy for prosecuters to claim:
"Look he never pushed the brakes!"
Any evidence that your brakes were damaged BEFORE the crash might well be obliterated during the crash.
As a result you just might be found guilty of causing the crash. It wouldn't be the first time an innocent man has been convicted or something, ya know.
It's very prudent to worry about black boxes. THEY WERE NOT DESIGNED TO BE USED IN COURT. These boxes were designed to record data about accidents so that manufactures could evaulate their own airbag systems.
If the message is intercepted and then re-transmitted, the message has now been sent through the attenuation cycle twice. This means that instead of the signal being modified by the original attenuation function, it's modified by the attenuation function squared, which is easy to distinguish.
So it sounds like my assessment that you just CAN'T reliably send out single photons is right and quantum crypto is relying very heavily on statistics, whereas tradditional crypto relies on factoring, etc.
This means that quantum crypto has some problems, although they are not necessarily insurmountable.
Here's an example:
Say you're trying to detect eavsedroppers via statistics, and I know you're doing this and I know what algorithm you're using. Say in this case, you're comparing the PDF of your recieved data to your expected result. You have to make a choice about how much data to use (the more samples you use, the longer I can intercept your stream before alarm bells go off) and what deviation from your expected PDF you'll accept (the smaller the window, the higher the likelihood of a false alarm). As a result I can try to beat your statistics.
For instance, I could calulate that by intercepting your message for only N bits out of every M bits, I will have an X% chance of setting off your alarm.
This is interesting because I've always heard quantum crypto described as "provably secure". This would not be the truth because there's no way for you to 100% know that a bit you're not getting is being recieved by me instead. And, there's a small chance that for every bit in the message, two photons are emitted, and you never found out about it because I recieved half of them.
I'm asking this question again because it came a bit to late to the last discussion I posted it in
.1 photon to reduce the probability of generating a two-photon pulse that could be split and eavesdropped undetectably."
Is quantum crypto provably flawed?
I've seen tons of blurbs stating the the link is "absolutely" secure, but it seems that isn't really the case. (see the bottom of the page.)
What strikes me about all this is the following section:
"each pulse should be attenuated to an average of about
What that says to me is that there is not way to 100% know you're transmitting just one photon.
It sounds like there's no device that is capable of transmitting one and only one photon with 100% reliability. If this is the case, a lot of the arguments about how secure this is are vastly overstated.
In the end QC would be vulnerable to a man-in-the-middle attack by watching for multi-photon emissions.
If this is the case, a lot of the noise surrounding QC could turn out to be hype. (The big plus for quantum crypto is that it's supposedly immune to this.) Is there a quantum physicist in the house?
Interesting stuff. While a far cry from desertion, it's an interesting inconsistency. Thanks for the substantive reply.
:)
I appreciate your willingness to check into things.
If we rather claim the President was knowingly lying about what he did while serving, we have to prove something about the thoughts of GW at the time that he said it.
It think it's fairly safe to assume that Bush should know whether or not he was flying missions in aircraft.
Regarding Hannity, most folks I've heard, when speaking extemperaneously, draw some erroneous conclusions or claim something totally fictitious. I can't recall the specific incidents but I do rememeber thinking "you made that up" while listening to Hannity, Franken, O'Reilly and others or "you really can't draw that conclusion for sure."
I'll agree with you that I've heard all 3 make conclusions that make me go "You can't get there from here!" but I have yet to catch Franken just making shit up on the spot. By that I mean lying about something like: "12% of widgets come from Guam." when you know that he knows the real number is 3%. Those are the type of lies that drive me nuts.
If you're going to make faulty conclusions about the effects of gun control policies (for example), that's not a lie, you're just stating your opinion.
To be fair, here's a site about a few of Hannity's lies and one about Franken's. While the franken site appears to show more lies, a close reading will show that while the numbers go up to 17, there aren't actually 17 lies to be found on the site. Lying about the lies of a man who wrote: "Lies and the Lying Liars Who Tell Them".......I think my head is going to explode! (or maybe I'm lying
Nobody is ever 100% right all the time, but what distrubs me is when people just make shit up. To me, that shows a lack of integrity.
If you tell me the movie's at six and it turns out to be at 7, I'll believe you've made an honest mistake. If you tell me you own a Porsche and it turns out you don't, you're a liar.
The government would have a record should have a record of the title transfer for your supposed Porsche, and the Gov'r should have things like GWB's flight log's. Neither exist.
(Unless of course you're lucky enought to own a Porsche and I just picked a bad example.)
My favorites were when the animal-rights students locked themselves in cages every year.
Yeah that one is always pretty funny.
ECE, CU '03 myself. I wouldn't be suprised if I met you sometime.
Could you post a link to the facts that prove this? It was debunked weeks ago... unless you are a mouthpiece of Kerry, who voted for the war and then refused to fund it putting himself under condemnation of his own previous statements.
Here is a link to a site which hosts the relevant military documents. (You'll need to scroll down a bit to get to them.) You make not agree with the specfic opinions offered on that website, but the facts and the authenticity of those documents are hard to dispute.
I'd like to know how you think this was "debunked weeks ago."
Bush is far from perfect, but can we at least criticize things he really did?
He really did not fly with his unit, although he has publicly claimed that he did. I consider this a serious charge.
I do largly agree with your post above, but the cheap shot at Bush is totally out of place.
I think it was related, and I included it mostly because I believe that most Americans don't know about this.
Folks like Hannity have been shown repreatedly to make up "facts" on the spot. (I can give you evidence on this too.)
Ok - so despite anyone's feelings on the war in Iraq, let's face it - the military has to use SOMETHING in it's systems. Shouldn't our brave men and women at least have something reliable like linux? You'd think the linux community would be proud that linux is so reliable that the military uses it. Would you rather they use windows?
Yep, guy this article is about has about as much common sense as Jane Fonda.
It is stupid to blame the tool or the soldier rather than the person who actually made the decision.
This is like quitting carpentry because hammers are sometimes used in murders. It's just plain stupid.
Blame the fuckwit politicos who got control of the country (and the voters^w justices who handed it to them). AFAICT, the top military brass doesn't like what's been going on any more than some of us 'liberals' do.
I couldn't agree with you more and am amazed that your post is currently marked "troll".
Members of the US military do not get to pick and choose their assignments.
The don't get a letter in the mail that says:
"Gee guys, we're going to war. Anyone who wants to help can, but feel free not to show up if you don't like it."
(Or at least everyone but Bush doesn't. For some reason no one cares that he deserted. You or I would go to jail.)
My point is: Don't blame some poor marine for the war they're fighting.
Unfortunately many people don't get it. Back when I was going to college in Ithaca, NY there were a number of protests in front of local military offices. One of the officers wrote a letter to the editor expressing pretty much this sentiment:
We (the military) did not choose to fight this war, your elected representatives did. You should be protesting in front of their offices, not mine. Why work at demoralizing people who've signed on to protect your life with theirs and have no choice, when you could protest those who actually made the decision?
First of all, speaking as a professional software developer, forking is bad.
See this is the problem, you're thinking about it as a professional software developer. You imagine a development team and a product, it's not like that.
Forking inevitably involves extra work integrating changes from branch to branch, and can be justified only by some technical or business need.
And what if I want to do something to satisfy my own intellectual curiousity? Is someone supposed to stop me from doing it "for the good of Linux"?
Certain ways of thinking just don't apply to the want Linux is done. A lot of the work is done by hobbiests who CHOOSE to work on what they are interested in.
If I decide to backport USB support to some ancient kernel, it doesn't mean that I'm taking away man-hours that would have otherwise gone towards the development of the 2.6 kernel.
Linux has become a software marketplace of ideas. If people like Redhat's idea, they'll use it. If they don't they won't. If their approach starts causing significant software compatibility problems, then I expect they'll notice and act accordingly to fix the problem, or people will switch distros.
In the end, the best choice will most likely win and choice will not have been arbitrarily limited.
Working hard and learning are two different things.
Right, but they're not mutually exclusive. Often, they go hand-in-hand.
I know some students at Caltech that are working very hard, but at the same time learn very little.
So what are you trying to say with this statement? That Caltech doesn't teach students anything?
I knew plenty of students at my school who didn't learn much or do much work. They failed out of the program.
In the end, just knowing someone has a college degree does not mean too much.
Sure it does. It means plenty. It's absolutely stupid to think it doesn't.
I just amazed. Would you suggest we just say "fuck it" and leave all our education off our resumes?
"Sure you have a doctorate in radar engineering, but you only have two years work experience. I'm going to hire this guy who's been doing stereo installs for Best Buy for the last five years to design my multi-million radar system."
Sure a degree isn't everything but it fucking matters. That's my point.
The post I was replying to said the "in the real world" degrees are meaningless. That's a crock of shit, plain and simple.
Work experience is important, but so is education. Sure you can find examples of people with degrees who don't know what the hell they're doing, but you can find people with twenty years of work experience in a particular field who are also blatantly incompetent. Does this means we should dispense with resumes altogether?
Of course not.
They are a valid, useful method for looking at a person's accomplishments. A degree is one of those accomplisments.
The logic I'm seeing from you and the original post I was replying to would allow someone to say that pretty much ANY accomplisment is meaningless.
Actually, there is absolutely nothing wrong with the ipod battery other than its low milliamp hour rating.
There's nothing wrong with the CURRENT ipod batteries. Note that I referred to the "original" ipod batteries.
Actually, there is absolutely nothing wrong with the ipod battery other than its low milliamp hour rating.
Do you honestly believe that no one is researching battery technologies?
I expect companies like Panasonic spend quite a bit on research. I'd do some checking before saying that.
The problem is, you just aren't going to see batteries keep up with Moore's law. There's a limited number of chemicals they can play with.
It's like expecting the horsepower you can get from your car to double every 18 months: it just won't happen.
As far as using an Ipod battery, I doubt it..unless the voltage is the same, dimentions compatible, milliamp hour ratings where you want them to be, etc.
This gives me a clue just how little you know about batteries. The iriver and the ipod both use the same battery chemistry, therefore the cell voltage is the same. The only way the battery wouldn't work is if:
-they used a different number of cells (no good reason to use more than one cell in either device)
-the battery didn't fit (since the ipod is smaller and contains very similar hardware, i expect the battery coudl be made to fit.)
I wouldn't worry about the charging circuitry, as li-ion battery chargers are quite smart.
And no, '4 years of college' doesnt prove you are worth anything. It proves you can learn, but not much more.
What an ignorant attitude!
If you manage to get two bachelor's degrees and a master's from a top-ten school in those four years it most defintely says something. (People acutally do it, but not me.)
I hate to break it to you but college IS work. Not all colleges are the same amount of work, but those kids at the top schools in their fields work HARD.
I wasn't handed my degree, I EARNED IT. I spent 4 years both competing with and working with students from all over the world and I worked HARD.
Getting a degree from a GOOD college shows not just that you're intelligent and can learn, but that you know how to work and stick with things.
Sure there are institutions out there who demand less of their students, but trivializing the importance of college is just plain foolish.
Do you think that faculty at any College is trying to turn out students who can learn and nothing else?
Do you actually think your workplace is somehow a more rigorous environment than say, MIT or Caltech?
(see subject)
This attack is based on TCP accepting a RANGE of numbers. This range can be artifically widened using forged messages. As a result, it does not matter how good you RNG is, this exploit is about making it easy to search the entire space of possible numbers.
Even if your RNG (Random Number Generator) was perfect, you could still be vulnerable to this attack.
This issue erupted on the freebsd irc chat, and I had to kill it by posting this linkage: http://lcamtuf.coredump.cx/newtcp/
.02c
If you really killed a discussion by posting that link it's a shame because that link isn't discussing the issue at hand.
The link you posted is about the randomness of actual sequence numbers. The exploit at hand is about the ability to the TCP protocol to accept a RANGE of sequence numbers and the ability to increase this range via forged packets.
When this exploit is working it doesn't matter how random your sequence numbers are. The exploit allows the entire range of acceptible windows to be searched in short order.
The feasability of overcoming realtime 32 sequence guessing is insane, however non-zero. just my
Please save your two cents and read some of the better informed posts here by people who understand the issue much better than I.
I would say iRiver is about 75% there. Hopefully they can address all the recording shortcomings through firmware upgrades.
.WAV recording time limited
....oh yeah, and it would be nice if you could record from the radio.
- No input level metering
-
- Rare glitches but even one is too much
I don't expect they'll be able to completely do away with the recording limit due to FAT32 file size limits.
One more problem: It needs a standby mode. The delay between pressing the button and actually recording is too large.
Overall, I'm very pleased with mine and my gf plans to use it instead of her portable MD recorder when recording events.