You have an odd notion of trust. And of security, for that matter.
Blindly trust nothing except the laws of physics. Everything else is subject to investigation and verification. Just because verification is difficult or may fail is not excuse for not trying. By being vigilant, you can approach security, although you will never fully get there.
When I walk down the sidewalk, for example, I pay attention to the surroundings. How much attention is based on prior experience and knowledge of how likely drivers (bicyclists, say) are to be using the sidewalk, my observations of the current situation, and just how full that part of the world is with crazy drivers. This is informed by an implicit or explicit threat model (for example, is there a reason to expect someone would want to harm me). The threat model is, for example, different for me and the US President, which implies that we should have different ideas of the level of diligence required to walk down the same street, and indeed we do.
It's no different for a new computer, software, or anything else. I have found "phone home" malware on machines, by looking at network traffic. And, looking at the source code may not help, but, then again, it may, so that doesn't mean it is useless to look at it, any more than the success of previous assassination attempts means that the President's security is worthless and should go home.
Normal book publishers have been doing this for decades, inserting the occasional misspelling here or there. Later, they inserted correct spellings, but of the wrong word, to get around auto-correction in scanner software.
So...no, they can't patent it.
I think that map makers have been doing this for a century or more.
"Who's Who" and the like do it as well, inserting fictitious people. This is also because true maps and lists may not be copyrightable, while fictitious ones certainly are.
"...they take that phone number... they plug it into this big pile, if you will, of just phone numbers — it's like a phonebook without any names and any addresses with it — to see if there's a connection, a foreign terrorist connection to the United States."
This explanation seems lame to me. Terrorist suspect X in Afghanistan calls number N, and they have to snarf down the metadata for every phone call Verizon makes to tell that N is a Verizon number? Note that the number blocks assigned to different phone companies are a matter of public record, so you could quickly look up which provider a number "belongs" to. Likewise, Verizon has an internal reverse number directory database, which the NSA could simply request access to, to find out who is assigned that number. No metadata is thus required even to get a name, much less the provider. If that's all that's going on, Congressman Rogers should hold hearings on this obvious waste of Government resources.
If we had heard that the NSA had requested access to every major phone provider's reverse number directory system, I don't think anyone would have been overly concerned. They don't need the data they collect to do this, which of course suggests that this is not what they do with it (or, at least, not the only thing they do with it).
I just heard the other day about a coalition of Hawaiian natives buying back as much land as they can for the locals. This drama is not nearly over yet...
Yes, it's called the State of Hawaii. They have their own seal and flag and all sorts of cool stuff.
You seriously do not understand how Hawaiian politics work.
Japanese experience in Hawaiian real estate has been almost exclusively "buy high sell low," with billions lost. I wonder if the Chinese will fare any better.
My experience in business is that decisions to buy Oracle tend to follow exactly the same logic (and are typically done by the same people) as decisions to mandate Microsoft Windows for all desktops.
Anyone wonder how all of this land came to be for sale ? And, how good his title is?
In the old Hawaiian monarchy set up by Kamehameha, the King owned all of the land. In the "Great Mahele" (division) of 1850, private land ownership was introduced, with 1/3 of the land going to the crown, 1/3 to the commoners, and 1/3 to the chiefs (the "ahupua" land, really a type of shared commons). Due to failure to follow through with paperwork, only about 1% of the "commoners" land was actually allocated to commoners. (I believe that there are only 4 acres on Lanai, out of 40,000 or so, that are actually available for fee simple purchase by the likes of us - that would be the old commoner land.) This old map shows the division into Crown and chief lands after the Mahele. This article describes how Claus Spreckels (a sugar baron) got fee simple for the entire island (minus the 4 acres, and some state land). Of course this was corrupt, but note the corruption appears to have occurred before the 1893 coup d'etat that destroyed the old Hawaiian monarchy and delivered the country over to the USA as a territory.
Does he have good title? I am not a lawyer, this is not legal advice, etc., but my guess would be no, not to all of it. The courts and political system in Hawaii tend to look very favorably to claims from Hawaiian natives about land ownership. There is an entire state bureaucracy, the Department of Hawaii Homelands, dedicated to returning crown lands (and other state lands) to Hawaiians. The DHHL has a land use plan for Lanai, which is full of more facts and maps about Lanai land history and ownership for those who are interested.
Here is my guess how this will proceed. Ellison will develop this and that and eventually do something that will seriously piss off Lanai locals, and then will be enveloped in clouds of lawsuits and political agitation until he sells the land. Having heard stories of the way he runs business meetings, and having had some dealing in Hawaii real estate at the Federal level, I think that predicting a collision is a good bet, and it would be highly unlikely to end favorably for Mr. Ellision.
> A mission to an asteroid seems like it would be much cheaper and quicker to accomplish.
Can you elaborate? It's farther. It's more dangerous (less is measured/known/visible, I believe). There's a lot more chance of well, getting his by micro meteorites up to big ones. Sample collection is going to have to be via new method(s)...I'm just trying to figure out what's the easier part. I agree it would give better return value. But if it was done quicker and cheaper, I'd be very pessimistic about anyone coming back.
OK, energetically, there are asteroids that we could could reach for roughly the same delta-V as going to the Moon, and coming back. (To put it another way, that Apollo could have reached with the Saturn V.) So, energetically, it's a wash, at least for the NEO we would be going to first.
In terms of technology, we are more or less there for an asteroid - we have demonstrated long duration flights on the ISS, and you don't land on a small asteroid, you dock with one, and that we have technology for. We just need a launch vehicle. For the Moon, we HAD the technology (the Lunar Module), but lost it, and estimates to get it back are in the billions of dollars. Advantage, asteroids. Plus, it turns out landing on the Moon and on Mars are rather difficult, so there is no synergy advantage in terms of going to Mars if we develop a Lunar Module first. Again, advantage, asteroids.
(I believe that avoiding that LM cost/development time was the "cheaper and quicker" the OP was referring to.)
Sample collection is well in hand, and not really a problem for either Moon or asteroid. That's a wash.
Now, going to an asteroid for 9 months is indeed more dangerous than going to the Moon for 9 days. No doubt. However
- if we are ever going to get to Mars, we have to develop the capability to do long duration deep space missions. Going to an asteroid is no more dangerous (or not much more dangerous) than just going out there and coming back, with much more return.
- When we do go back to the Moon, we are likely to go to stay. It is by no means clear that going to an asteroid for 9 months is more dangerous than going to the Moon for 9 months.
So, for the danger aspect, I regard as a wash, except that the asteroid mission would have real synergies.
So, IMHO, the advantages for the Moon are week and iffy, while the advantages / synergies for an asteroid are real and solid.
Also, there is a LONG history of commercial development riding the back of initial government investment. NASA going to an asteroid would jump-start commercial asteroid mining.
And it shouldn't. Going back to the moon is sexier and great for the ego, but working on capturing asteroids is more useful. But most Americans prefer things very simple. They think the moon is a planet and full of resources while an asteroid is a ball of sand like you see at the beach. It doesn't matter that that sentence contains many wrong things; it's simple and aligns with an ignorant masses level of common sense. The bottom line is people will say Republicans want to go back to the moon and reap the great benefits while Obama wants to visit a stupid rock. Never mind that "stupid rock" could contains trillions of dollars worth of resources and even some unknown/unavailable/rare materials.
We can achieve fusion without too much trouble. The elusive white whale so far has been a sustainable fusion reaction that puts out more energy than you have to put into it.
The Farnsworth–Hirsch fusor is decades old, relatively easy to build (I know someone who built one in his garage), available commercially (as a neutron source) and is generally considered to be not a candidate for fusion power.
Given that the name of the student is Conrad Farnsworth, I have to wonder if there is a family connection, but the article does not go into that.
I have heard of some that try to utilize some sort of seemingly random event that is naturally occurring. However even these can be modeled over time.
A good post, but I'm not sure you understand hardware based random number generation. At least one way to do it is have a small amount of radiactive material. Although it decays predictably in the long term (half life) it is random in the short term. By measuring the radioactive decay truly random numbers can be obtained.
The decay may be random, but the implementation may not be. I have heard of two issues with actual radioactive random number generators.
1.) The geiger tube (or solid state chip) used for detecting the decays will have imperfections (for example, a dead time so that it will miss a decay occurring too soon after another one), and these can introduce non-randomness into the output.
2.) The early ones were simple accumulators (count for an interval delta-T, and if you get > Y decays, that is a 1, otherwise a zero), and that can be hacked if you can control the radioactive environment at the detector. I believe that to prevent that now--a-days the algorithm is simething like "count for an interval, and if you get an even number of decays, output a 1," but that might have radioactive hacks as well. (I don't know of any, but I don't have a large staff trying to break this, either.)
The entropy per character of human languages is so low that it doesn't take much non-randomness before you can get into deep trouble.
I don't think that is correct. If you reuse the key, you reveal the key. Worse, it can be easily caught by simply cross-correlating every message pair. (No key reuse = no correlations - key reuse = lots of correlations.) It can be almost trivial to decode a OTP message pair with the same key.
Of course, compressing before you encrypt is fine, as long as you don't reuse the key.
I consider these sorts of immediate reactions as the worst kind of political deceit. (The Patriot Act was another, similar, case.) It would be one thing if some commission examined the circumstances, and came out in 6 months or so with a considered argument as to why this or that measure might have made a difference. That at least could be debated. But, no, instead it is "here are these pre-canned ideas that have been shot down before, but now you need to adopt them immediately just because."
I would suggest sending the proposers to the Tower, but I understand that is passe now-a-days.
There were plenty of cases of Germans attacking the Third Reich, more obviously there were several attempts by Germans to assassinate Hitler. That didn't make WWII a civil war. Just an international war with some within the country opposed to it.
For sure the Third Reich would have called it terrorism.
The Germans in World War II routinely referred to the resistance in the various occupied countries as terrorists.
I am not a cryptographer, but I *think* it would not harm the strength of the encryption if you compress then encrypt.
In theory, it should actually make it stronger, by removing redundancy. In practice, I bet it would mean that you could then predict the first few bytes of each message sent (i.e., some sort header info, followed maybe by something guessable if you know the language being used) and it can be a bad idea to begin each message with something predictable.
Creating true randomness is a tricky proposition, and I don't see why its safe to believe that "shining a light through a diffusive glass plate" will generate true randomness.
They claim it passes statistcal analysis tests for true randomness.
That is meaningless (there is no test for true randomness, just tests of whether or not various forms of non-randomness are present), and if they truly believe that passing various tests for randomness is sufficient then there may be no hope for them.
Hell, just transmitting large blocks of 100% mathematically random data is a red flag. "One-time pad in use! Something very interesting going on here!"
I have heard that certain locations send megabits / sec of random data continuously, at all times, just so that certain other locations can't tell when encrypted traffic is being sent. Certainly that technique is being used (at a lower bit rate) by the various "number stations" out there.
Who would have thought that the f... article addresses this devilishly ingenious workaround?
"And even if Eve steals the glass, they estimate that it would take her at least 24 hours to extract any relevant information about its structure.
This extraction can only be done by passing light through the glass at a rate that is limited by the amount of heat this creates (since any heating changes the microstructure of the material). And the time this takes should give the owners enough time to realise what has happened and take the necessary mitigating actions."
Right. Note that this implies that this technique should only be used for messages that have an effective lifetime of 1 day.
Slashdot Mirror
You have an odd notion of trust. And of security, for that matter.
Blindly trust nothing except the laws of physics. Everything else is subject to investigation and verification. Just because verification is difficult or may fail is not excuse for not trying. By being vigilant, you can approach security, although you will never fully get there.
When I walk down the sidewalk, for example, I pay attention to the surroundings. How much attention is based on prior experience and knowledge of how likely drivers (bicyclists, say) are to be using the sidewalk, my observations of the current situation, and just how full that part of the world is with crazy drivers. This is informed by an implicit or explicit threat model (for example, is there a reason to expect someone would want to harm me). The threat model is, for example, different for me and the US President, which implies that we should have different ideas of the level of diligence required to walk down the same street, and indeed we do.
It's no different for a new computer, software, or anything else. I have found "phone home" malware on machines, by looking at network traffic. And, looking at the source code may not help, but, then again, it may, so that doesn't mean it is useless to look at it, any more than the success of previous assassination attempts means that the President's security is worthless and should go home.
Normal book publishers have been doing this for decades, inserting the occasional misspelling here or there. Later, they inserted correct spellings, but of the wrong word, to get around auto-correction in scanner software.
So...no, they can't patent it.
I think that map makers have been doing this for a century or more.
"Who's Who" and the like do it as well, inserting fictitious people. This is also because true maps and lists may not be copyrightable, while fictitious ones certainly are.
Want to bet Google tries to use this to do indoor mapping ?
I don't think that the House GOP leadership is selected on the basis of intelligence...
This explanation seems lame to me. Terrorist suspect X in Afghanistan calls number N, and they have to snarf down the metadata for every phone call Verizon makes to tell that N is a Verizon number? Note that the number blocks assigned to different phone companies are a matter of public record, so you could quickly look up which provider a number "belongs" to. Likewise, Verizon has an internal reverse number directory database, which the NSA could simply request access to, to find out who is assigned that number. No metadata is thus required even to get a name, much less the provider. If that's all that's going on, Congressman Rogers should hold hearings on this obvious waste of Government resources.
If we had heard that the NSA had requested access to every major phone provider's reverse number directory system, I don't think anyone would have been overly concerned. They don't need the data they collect to do this, which of course suggests that this is not what they do with it (or, at least, not the only thing they do with it).
I just heard the other day about a coalition of Hawaiian natives buying back as much land as they can for the locals.
This drama is not nearly over yet...
Yes, it's called the State of Hawaii. They have their own seal and flag and all sorts of cool stuff.
You seriously do not understand how Hawaiian politics work.
Japanese experience in Hawaiian real estate has been almost exclusively "buy high sell low," with billions lost. I wonder if the Chinese will fare any better.
My experience in business is that decisions to buy Oracle tend to follow exactly the same logic (and are typically done by the same people) as decisions to mandate Microsoft Windows for all desktops.
You write as if this would be a good thing.
Anyone wonder how all of this land came to be for sale ? And, how good his title is?
In the old Hawaiian monarchy set up by Kamehameha, the King owned all of the land. In the "Great Mahele" (division) of 1850, private land ownership was introduced, with 1/3 of the land going to the crown, 1/3 to the commoners, and 1/3 to the chiefs (the "ahupua" land, really a type of shared commons). Due to failure to follow through with paperwork, only about 1% of the "commoners" land was actually allocated to commoners. (I believe that there are only 4 acres on Lanai, out of 40,000 or so, that are actually available for fee simple purchase by the likes of us - that would be the old commoner land.) This old map shows the division into Crown and chief lands after the Mahele. This article describes how Claus Spreckels (a sugar baron) got fee simple for the entire island (minus the 4 acres, and some state land). Of course this was corrupt, but note the corruption appears to have occurred before the 1893 coup d'etat that destroyed the old Hawaiian monarchy and delivered the country over to the USA as a territory.
Does he have good title? I am not a lawyer, this is not legal advice, etc., but my guess would be no, not to all of it. The courts and political system in Hawaii tend to look very favorably to claims from Hawaiian natives about land ownership. There is an entire state bureaucracy, the Department of Hawaii Homelands, dedicated to returning crown lands (and other state lands) to Hawaiians. The DHHL has a land use plan for Lanai, which is full of more facts and maps about Lanai land history and ownership for those who are interested.
Here is my guess how this will proceed. Ellison will develop this and that and eventually do something that will seriously piss off Lanai locals, and then will be enveloped in clouds of lawsuits and political agitation until he sells the land. Having heard stories of the way he runs business meetings, and having had some dealing in Hawaii real estate at the Federal level, I think that predicting a collision is a good bet, and it would be highly unlikely to end favorably for Mr. Ellision.
> A mission to an asteroid seems like it would be much cheaper and quicker to accomplish.
Can you elaborate? It's farther. It's more dangerous (less is measured/known/visible, I believe). There's a lot more chance of well, getting his by micro meteorites up to big ones. Sample collection is going to have to be via new method(s)...I'm just trying to figure out what's the easier part. I agree it would give better return value. But if it was done quicker and cheaper, I'd be very pessimistic about anyone coming back.
OK, energetically, there are asteroids that we could could reach for roughly the same delta-V as going to the Moon, and coming back. (To put it another way, that Apollo could have reached with the Saturn V.) So, energetically, it's a wash, at least for the NEO we would be going to first.
In terms of technology, we are more or less there for an asteroid - we have demonstrated long duration flights on the ISS, and you don't land on a small asteroid, you dock with one, and that we have technology for. We just need a launch vehicle. For the Moon, we HAD the technology (the Lunar Module), but lost it, and estimates to get it back are in the billions of dollars. Advantage, asteroids. Plus, it turns out landing on the Moon and on Mars are rather difficult, so there is no synergy advantage in terms of going to Mars if we develop a Lunar Module first. Again, advantage, asteroids.
(I believe that avoiding that LM cost/development time was the "cheaper and quicker" the OP was referring to.)
Sample collection is well in hand, and not really a problem for either Moon or asteroid. That's a wash.
Now, going to an asteroid for 9 months is indeed more dangerous than going to the Moon for 9 days. No doubt. However
- if we are ever going to get to Mars, we have to develop the capability to do long duration deep space missions. Going to an asteroid is no more dangerous (or not much more dangerous) than just going out there and coming back, with much more return.
- When we do go back to the Moon, we are likely to go to stay. It is by no means clear that going to an asteroid for 9 months is more dangerous than going to the Moon for 9 months.
So, for the danger aspect, I regard as a wash, except that the asteroid mission would have real synergies.
So, IMHO, the advantages for the Moon are week and iffy, while the advantages / synergies for an asteroid are real and solid.
Also, there is a LONG history of commercial development riding the back of initial government investment. NASA going to an asteroid would jump-start commercial asteroid mining.
And it shouldn't. Going back to the moon is sexier and great for the ego, but working on capturing asteroids is more useful. But most Americans prefer things very simple. They think the moon is a planet and full of resources while an asteroid is a ball of sand like you see at the beach. It doesn't matter that that sentence contains many wrong things; it's simple and aligns with an ignorant masses level of common sense. The bottom line is people will say Republicans want to go back to the moon and reap the great benefits while Obama wants to visit a stupid rock. Never mind that "stupid rock" could contains trillions of dollars worth of resources and even some unknown/unavailable/rare materials.
+1
Mod this AC up.
.
This will not get through the Senate.
We can achieve fusion without too much trouble. The elusive white whale so far has been a sustainable fusion reaction that puts out more energy than you have to put into it.
Details, details...
The Farnsworth–Hirsch fusor is decades old, relatively easy to build (I know someone who built one in his garage), available commercially (as a neutron source) and is generally considered to be not a candidate for fusion power.
Given that the name of the student is Conrad Farnsworth, I have to wonder if there is a family connection, but the article does not go into that.
Or at least they could have chucked the cold war and gone into the scriptwriting business.
I have heard of some that try to utilize some sort of seemingly random event that is naturally occurring. However even these can be modeled over time.
A good post, but I'm not sure you understand hardware based random number generation. At least one way to do it is have a small amount of radiactive material. Although it decays predictably in the long term (half life) it is random in the short term. By measuring the radioactive decay truly random numbers can be obtained.
The decay may be random, but the implementation may not be. I have heard of two issues with actual radioactive random number generators.
1.) The geiger tube (or solid state chip) used for detecting the decays will have imperfections (for example, a dead time so that it will miss a decay occurring too soon after another one), and these can introduce non-randomness into the output.
2.) The early ones were simple accumulators (count for an interval delta-T, and if you get > Y decays, that is a 1, otherwise a zero), and that can be hacked if you
can control the radioactive environment at the detector. I believe that to prevent that now--a-days the algorithm is simething like "count for an interval, and if you get an even number of decays, output a 1," but that might have radioactive hacks as well. (I don't know of any, but I don't have a large staff trying to break this, either.)
The entropy per character of human languages is so low that it doesn't take much non-randomness before you can get into deep trouble.
I don't think that is correct. If you reuse the key, you reveal the key. Worse, it can be easily caught by simply cross-correlating every message pair. (No key reuse = no correlations - key reuse = lots of correlations.) It can be almost trivial to decode a OTP message pair with the same key.
Of course, compressing before you encrypt is fine, as long as you don't reuse the key.
A perfect OTP, you are correct.
An imperfect OTP, or one imperfectly used, it could make a difference.
I consider these sorts of immediate reactions as the worst kind of political deceit. (The Patriot Act was another, similar, case.) It would be one thing if some commission examined the circumstances, and came out in 6 months or so with a considered argument as to why this or that measure might have made a difference. That at least could be debated. But, no, instead it is "here are these pre-canned ideas that have been shot down before, but now you need to adopt them immediately just because."
I would suggest sending the proposers to the Tower, but I understand that is passe now-a-days.
There were plenty of cases of Germans attacking the Third Reich, more obviously there were several attempts by Germans to assassinate Hitler. That didn't make WWII a civil war. Just an international war with some within the country opposed to it.
For sure the Third Reich would have called it terrorism.
The Germans in World War II routinely referred to the resistance in the various occupied countries as terrorists.
I am not a cryptographer, but I *think* it would not harm the strength of the encryption if you compress then encrypt.
In theory, it should actually make it stronger, by removing redundancy. In practice, I bet it would mean that you could then predict the first few bytes of each message sent (i.e., some sort header info, followed maybe by something guessable if you know the language being used) and it can be a bad idea to begin each message with something predictable.
They claim it passes statistcal analysis tests for true randomness.
That is meaningless (there is no test for true randomness, just tests of whether or not various forms of non-randomness are present), and if they truly believe that passing various tests for randomness is sufficient then there may be no hope for them.
Hell, just transmitting large blocks of 100% mathematically random data is a red flag. "One-time pad in use! Something very interesting going on here!"
I have heard that certain locations send megabits / sec of random data continuously, at all times, just so that certain other locations can't tell when encrypted traffic is being sent. Certainly that technique is being used (at a lower bit rate) by the various "number stations" out there.
Who would have thought that the f... article addresses this devilishly ingenious workaround?
"And even if Eve steals the glass, they estimate that it would take her at least 24 hours to extract any relevant information about its structure.
This extraction can only be done by passing light through the glass at a rate that is limited by the amount of heat this creates (since any heating changes the microstructure of the material). And the time this takes should give the owners enough time to realise what has happened and take the necessary mitigating actions."
Right. Note that this implies that this technique should only be used for messages that have an effective lifetime of 1 day.
"Attack at dawn" - yes
"Attack on Sunday" - not so much
Of course, if it's possible to make a copy of a plate, it's no better than trying to securely send thumb drives.
The simple fact that there are two serves as an existence proof of the possibility of making a copy.