I totally agree. I think I might have sounded negative in my original post, but basically bike lock security is great when you compare it to the alternatives of a fixed PIN or an expensive smart card.
I think of it as "the Club", like the automobile lock. it works mainly because it really does present a formidable obstacle to most (dumb) theives and even the clever ones who could bust it won't be bothered because the next car over does not have one and is just as tasty.
Watching the video a few times now I see that they are doing some sort of multiplexing on the patterns so that digits can fall either on odd or even place boundaries. (i.e so that a given column of segments might be the left column of a gigit or the right column). I'm not quite sure what that does to the odds but I'd assume they do this because it makes it harder to crack.
This is sort of like one of Chaum's voting system reciepts. those are provably secure for single use.
however having watched the video, it's obvious this one is weakly secure for a single use and rapidly insecure for multiple uses.
given a series of challenges one should be able to apply a process of elimination to determine the missing elements.
the alternative would seem to be to choose the challenge from a restricted pallet of challenges that assures some ambiguity. in this case intercepting a bunch of challenges will simply reduce the number of possible choices.
for example, if the ambiguity could be maintained at 3 choices per digit then 7 digits provides 2187 possiblilites.
that's actually not hideous. it's comparable to a bicycle lock. thus the key to making that low number useful is to prevent someone from rapidly trying the challenges exhaustively.
e.g. if you are only allowed 2 challenges per 30 minutes, or more deviously, if the challenger denies access with say 10% probability even when you type in the right pass code.
this will make such 2- factor while not government grade probably not worth the attackers time.
Well you of course have to use an error correcting code. people who don't do that then blame the manufacturer's got what they deserved. For example, personally I get 120 years out of my CDs by encoding 699Megabytes of errorcorretion. this leaves me with 1 byte of data. but it last 120 years.
One should of course take such breaking news reports with a grain of salt till confirmed, one could imagine this being some sort of misinterpretation of the observations (e.g. maybe those were early voting ballots??), Moreover this is hondouras.....as I'm sure other posters will talk about.
IN any case assuming the report is correct, it's critical contextual significance is thus:
One of the big strawmen often raised by folks in favor of electronic voting is that there is this supposed panacea called "parallel testing" that is touted as being an invincible process of detecting rigged machines. The idea is that at random a machine will be chosen before the elections begin and pulled out of service, then the election workers will cast pretend votes on it all day long. then it's output checked for accuracy. This is called "parallel" testing because it's done in a time period parallel to a real election, supposedly to "fool" any date dependent software. It's not an awful idea and would indeed detect some kinds of naive electronic fraud. But the idea that this is remotely a solution is even more naive.
Moreover, said proponents don't actually ever do this--- it's just a thought experiment. The real reason for that strawman argument is not that people would actually would do it, it's that since you could in principle do it, this keeps that bad guys at bay. Ha Ha Ha.
So it's such a terrible irony then that the very first time in history that, effectively a different kind of parallel test did occur, that yep massive machine rigging is found!
the parallel test in this case is: call an election. cancel it unexpectedly at the last possible second and impound the machines, test them for rigging.
you need the server to run the apps inhouse rather than out of your control. The same is true of things like google docs and other cloud apps. either you run it on their servers and gove third parties access to your data or you pay to run it on your servers. this is not a surprise or even unreasonable.
Big Amazon. for those of you old enough to have seen the schlock sci-fi "rollerball" it's central theme was that big brotherism actually is more likely to be durable under corporate control rather than government control. A kind of facism where the role of the state is secondary.
I think it was big oil in rollerball. but it could have been big amazon.
plus the idea of a big Amazon woman is somewhat scarier than a big brother.
I'd love to see flash go away since I don't like having to run executables just to present content.
But I'm wondering here if fonts contain executables. I know emprically, that putting in some font packages in my computer also puts in some DLLs or runs some executables. I've never been quite clear if fonts necessarily are always simply data that describes the font face or if the specification of the font can optionally contain executable in how it gets rendered.
One of the concepts behind CSS is to abstract content from how it is presented. But one of the objectives behind this is to make presentations more self consistent. You change one css rule and all the logical kinds of content it applies to all change. this facilitiates accessibility and comprehension of a documents logical layout by the reader.
presumably the latter desiderata is the real goal, not pretty looking documents.
given that, there is a large benefit to users if web pages look a lot alike. it puts less burden on the end user to decipher the page and access it's content if qualtiatively different authors web pages dont differ from each other in too many ways.
I know some css nerds will tell me if I feel that way I should use my own css. first off I don't have time for that. second, it's likely if I mess with CSS on an overly tuned web page i;ll make it less readable not more.
SO the problem with this is not that it's a perfectly awful idea but that like blink, if you include this as an easy to use feature it will get abused to death and in aggregate crapify the web.
well don't forget to include a description in plain text so it's search able. You could however post that in another comment with a link back to the hex torrent comment.
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
This actually suggests that perhaps we should start transmitting into space or on space crafts the genome of all the genes ever sequence, even the ones hauled out of the ocean that we don't know what organism they belong too. you send that, plus the molecular composition of DNA, and the molecular structure of the ribosome and T-rna
while there's more to a cell than just that, it's well known that in virto you can get transciption of the DNA from just that. It won't be too long I suspect before you could come up with some way to bootstrap a primordial cell out of those expressed proteins. Once you have such a cell, bootstrapping to higher level organisms is not such a long leap.
You would be effectively preserving an approximation of the earth's ecosystem. maybe someone will find it.
I suppose it's worth noting that the intermediate (raw) data sets can get pretty large. they are actually getting larger as the trend goes towards shorter less informative "reads" that require more of them to recover the connective information and to recover from errors and duplications. However that's a tend that has a stopping point. While more reads is better at some point there is almost no added value from more reads. So at that point that's the maximum amount of data you need to collect. it's won't increase ever. meanwhile hard drive and network speeds will go up factors of ten.
thus the storage issues here are well tolerated at present and soon will become trivial.
I agree, except to improve upon this, you can just use the first few letters of each word, or even just the first letter.
this keeps the passwords reasonably short which is good both for typing quickly (and from just finger muscle memory) as well as being better in cases where passwords are truncated by the system inuse.
moreover, beyond the first few letters the entropy added by the remaining letters is dropping swiftly so they add less protection if someone know you are using whole words.
Additionally if you write the sentence on the wall, but are using only the first few letters of each word, it adds enough obfuscation that someone present at your desk and seeing the sentence probably won't have time to work out your cleverness.
It's sort of ironic that of all the people complaining the one here is the Rosetta Stone inc.
it's ironic on several levels. first, they are pilfering their very name from the public domain. (now they think the concept can apply to no others?) Second, it's a very very commonly used name. I know of many many companies using it, many of them in the same domain of study (e.g. biotech).
but perhaps most of all is that original Rosetta Stone itself's place in history was inference process of transitive association: "this well known thing, is the same as this lesser known thing". which is exactly what google is selling. you search for one thing and it, esepcially ad sense, returns other related things that might be substitutable but with a different origin and previously unknown to you.
they should reflect on why they called themselves rosetta stone.
Not sure where you see that. As far as I know Diebold, Wincor, and NCR only put out drivers for Win XP for their ATMs. This is a Win CE bug, it's probably a white-label machine.
no Diebold CHose to use WinCE as a cheap platofrm. Prior to that they had another platform that was not windows based. they chose Wince and its cause multiple problems precisely because they willing delegated the security.
I am pertpetually frustrated by my comcast connect, particularly in regards to netflix. I't very hard for me to sort out if the problem is a comcast issue, a netflix issue or and DNS issue.
basically what happens is I find my 12Mb/sec comcast link drops to 600Kb/sec in the evenings around 7 -10pm, just when I want to watch a movie. Now on some nights I am lucky and I see by speed tests I'm getting 2 or 3Mb/sec. Often the ping latencies however are 400 to 500 msec.
still that flux rate is overkill to watch a netflix movie. Yet I can't do it without constant rebuffering and quailty/resolution downgrades from netlfix as the movie proceeds.
i've tried using open DNS but that does not seem to help either
I've noticed that when I traceroute the netflix server I'll see about 9 jumps, in all sorts of strange geographic headings inside comcast, and then about 5 inside limewire before I reach a place where traceroute stops jumping. (I assume it's blocked). when the connection is especially bad I often see the trace route timeout inside the comcast side of the network.
So how should I be faulting here? I can think of two things. One is that basically the whole internet is slow between 7 and 10 pm and I'm never going to be able to watch netflix. or that netflix sucks between 7 and 10. or that I'm dealing with a last mile issue in comcast on the shared cable line. maybe between 7 and 10 pm all my neighbors are doing the same things and comcast has oversubscribed the cable.
Slashdot Mirror
I totally agree. I think I might have sounded negative in my original post, but basically bike lock security is great when you compare it to the alternatives of a fixed PIN or an expensive smart card.
I think of it as "the Club", like the automobile lock. it works mainly because it really does present a formidable obstacle to most (dumb) theives and even the clever ones who could bust it won't be bothered because the next car over does not have one and is just as tasty.
Watching the video a few times now I see that they are doing some sort of multiplexing on the patterns so that digits can fall either on odd or even place boundaries. (i.e so that a given column of segments might be the left column of a gigit or the right column). I'm not quite sure what that does to the odds but I'd assume they do this because it makes it harder to crack.
This is sort of like one of Chaum's voting system reciepts. those are provably secure for single use.
however having watched the video, it's obvious this one is weakly secure for a single use and rapidly insecure for multiple uses.
given a series of challenges one should be able to apply a process of elimination to determine the missing elements.
the alternative would seem to be to choose the challenge from a restricted pallet of challenges that assures some ambiguity. in this case intercepting a bunch of challenges will simply reduce the number of possible choices.
for example, if the ambiguity could be maintained at 3 choices per digit then 7 digits provides 2187 possiblilites.
that's actually not hideous. it's comparable to a bicycle lock. thus the key to making that low number useful is to prevent someone from rapidly trying the challenges exhaustively.
e.g. if you are only allowed 2 challenges per 30 minutes, or more deviously, if the challenger denies access with say 10% probability even when you type in the right pass code.
this will make such 2- factor while not government grade probably not worth the attackers time.
Well you of course have to use an error correcting code. people who don't do that then blame the manufacturer's got what they deserved. For example, personally I get 120 years out of my CDs by encoding 699Megabytes of errorcorretion. this leaves me with 1 byte of data. but it last 120 years.
One should of course take such breaking news reports with a grain of salt till confirmed, one could imagine this being some sort of misinterpretation of the observations (e.g. maybe those were early voting ballots??), Moreover this is hondouras.....as I'm sure other posters will talk about.
IN any case assuming the report is correct, it's critical contextual significance is thus:
One of the big strawmen often raised by folks in favor of electronic voting is that there is this supposed panacea called "parallel testing" that is touted as being an invincible process of detecting rigged machines. The idea is that at random a machine will be chosen before the elections begin and pulled out of service, then the election workers will cast pretend votes on it all day long. then it's output checked for accuracy. This is called "parallel" testing because it's done in a time period parallel to a real election, supposedly to "fool" any date dependent software. It's not an awful idea and would indeed detect some kinds of naive electronic fraud. But the idea that this is remotely a solution is even more naive.
Moreover, said proponents don't actually ever do this--- it's just a thought experiment. The real reason for that strawman argument is not that people would actually would do it, it's that since you could in principle do it, this keeps that bad guys at bay. Ha Ha Ha.
So it's such a terrible irony then that the very first time in history that, effectively a different kind of parallel test did occur, that yep massive machine rigging is found!
the parallel test in this case is: call an election. cancel it unexpectedly at the last possible second and impound the machines, test them for rigging.
you need the server to run the apps inhouse rather than out of your control. The same is true of things like google docs and other cloud apps. either you run it on their servers and gove third parties access to your data or you pay to run it on your servers. this is not a surprise or even unreasonable.
Big Amazon.
for those of you old enough to have seen the schlock sci-fi "rollerball" it's central theme was that big brotherism actually is more likely to be durable under corporate control rather than government control. A kind of facism where the role of the state is secondary.
I think it was big oil in rollerball. but it could have been big amazon.
plus the idea of a big Amazon woman is somewhat scarier than a big brother.
I'd love to see flash go away since I don't like having to run executables just to present content.
But I'm wondering here if fonts contain executables. I know emprically, that putting in some font packages in my computer also puts in some DLLs or runs some executables. I've never been quite clear if fonts necessarily are always simply data that describes the font face or if the specification of the font can optionally contain executable in how it gets rendered.
if so then will that be the case here as well?
One of the concepts behind CSS is to abstract content from how it is presented. But one of the objectives behind this is to make presentations more self consistent. You change one css rule and all the logical kinds of content it applies to all change. this facilitiates accessibility and comprehension of a documents logical layout by the reader.
presumably the latter desiderata is the real goal, not pretty looking documents.
given that, there is a large benefit to users if web pages look a lot alike. it puts less burden on the end user to decipher the page and access it's content if qualtiatively different authors web pages dont differ from each other in too many ways.
I know some css nerds will tell me if I feel that way I should use my own css. first off I don't have time for that. second, it's likely if I mess with CSS on an overly tuned web page i;ll make it less readable not more.
SO the problem with this is not that it's a perfectly awful idea but that like blink, if you include this as an easy to use feature it will get abused to death and in aggregate crapify the web.
get off my lawn.
sorry dude. My wrist and thumb are in a cast. (really) I'm not used to making this many typos yet. gotta improve my proof reading I guess.
This is probably what uuencode is for.
which is probably what the slashdot lameness filter is for.
also for all those people who are 1 in a million there are a thousand identical biometric cards.
well don't forget to include a description in plain text so it's search able. You could however post that in another comment with a link back to the hex torrent comment.
It won't work as intended but not for the reason you say. Regardless of whether it's steganongrphyically encoded or not, this is just amtter of detectability to the eye.
let's work through the logic:
If a firefox plugin and retreive the torrent then so can any image hosting site. all reputable ones will decline to host those images. the torrents might be legal ones, but the image hosting sites will not see it valuable to their bussiness model to offer a service which might be hosting links to tainted goods.
if the encoding is done is some way that while a firefox plugin can easily recover a code that represents a torrent but you can't tell from the code if it is a torrent (without say actually trying it out) then you will have to have some other signifier that the image contains a valid torrent and the identity of what the torrent contains (so you can search for what you want). ANd again the image sites will decline to host those.
so you might as well just post hex encoded torrents and their plain language desciptions right to slashdot in the comments or in your journal. Anyone can then use slashdot's search feature or for that matter google with a site:slashdot.org search term to find them.
so it seems like this has no value as a means of hosting torrents.
Now it does have two uses one legitimate and one not. it could be just a conveinet way to pass around a torrent assoiciated with an image all in one handy container (kind of like a bussiness card printed on a mini-cd). nd it could be a way for someone to establish plausible deniability that they were posting a torrent. e.g. a blog post deploring the loss of revenue for Metalica with a picture of the band's latest almbum that happens to hide a torrent for that albumn. ("oh the irony, I just grabbed that image off google images and little did I know that particular one held a torrent. wink wink")
I'm curious how you figure 200GB of data. A solexa 1G only produces tens of millions reads per run, each read being about 36 bases.
This actually suggests that perhaps we should start transmitting into space or on space crafts the genome of all the genes ever sequence, even the ones hauled out of the ocean that we don't know what organism they belong too. you send that, plus the molecular composition of DNA, and the molecular structure of the ribosome and T-rna
while there's more to a cell than just that, it's well known that in virto you can get transciption of the DNA from just that. It won't be too long I suspect before you could come up with some way to bootstrap a primordial cell out of those expressed proteins. Once you have such a cell, bootstrapping to higher level organisms is not such a long leap.
You would be effectively preserving an approximation of the earth's ecosystem. maybe someone will find it.
I suppose it's worth noting that the intermediate (raw) data sets can get pretty large. they are actually getting larger as the trend goes towards shorter less informative "reads" that require more of them to recover the connective information and to recover from errors and duplications. However that's a tend that has a stopping point. While more reads is better at some point there is almost no added value from more reads. So at that point that's the maximum amount of data you need to collect. it's won't increase ever. meanwhile hard drive and network speeds will go up factors of ten.
thus the storage issues here are well tolerated at present and soon will become trivial.
a whole human genome will fit on a CD.
if you just transmit the diffs from the generic human you could put it in an e-mail
I agree, except to improve upon this, you can just use the first few letters of each word, or even just the first letter.
this keeps the passwords reasonably short which is good both for typing quickly (and from just finger muscle memory) as well as being better in cases where passwords are truncated by the system inuse.
moreover, beyond the first few letters the entropy added by the remaining letters is dropping swiftly so they add less protection if someone know you are using whole words.
Additionally if you write the sentence on the wall, but are using only the first few letters of each word, it adds enough obfuscation that someone present at your desk and seeing the sentence probably won't have time to work out your cleverness.
It's sort of ironic that of all the people complaining the one here is the Rosetta Stone inc.
it's ironic on several levels. first, they are pilfering their very name from the public domain. (now they think the concept can apply to no others?) Second, it's a very very commonly used name. I know of many many companies using it, many of them in the same domain of study (e.g. biotech).
but perhaps most of all is that original Rosetta Stone itself's place in history was inference process of transitive association: "this well known thing, is the same as this lesser known thing". which is exactly what google is selling. you search for one thing and it, esepcially ad sense, returns other related things that might be substitutable but with a different origin and previously unknown to you.
they should reflect on why they called themselves rosetta stone.
Moreover, the thing just kept circling the Data centers where all the thermals were. If you hide in a cool valley you are safe I guess.
Not sure where you see that. As far as I know Diebold, Wincor, and NCR only put out drivers for Win XP for their ATMs. This is a Win CE bug, it's probably a white-label machine.
no Diebold CHose to use WinCE as a cheap platofrm. Prior to that they had another platform that was not windows based. they chose Wince and its cause multiple problems precisely because they willing delegated the security.
I am pertpetually frustrated by my comcast connect, particularly in regards to netflix. I't very hard for me to sort out if the problem is a comcast issue, a netflix issue or and DNS issue.
basically what happens is I find my 12Mb/sec comcast link drops to 600Kb/sec in the evenings around 7 -10pm, just when I want to watch a movie. Now on some nights I am lucky and I see by speed tests I'm getting 2 or 3Mb/sec. Often the ping latencies however are 400 to 500 msec.
still that flux rate is overkill to watch a netflix movie. Yet I can't do it without constant rebuffering and quailty/resolution downgrades from netlfix as the movie proceeds.
i've tried using open DNS but that does not seem to help either
I've noticed that when I traceroute the netflix server I'll see about 9 jumps, in all sorts of strange geographic headings inside comcast, and then about 5 inside limewire before I reach a place where traceroute stops jumping. (I assume it's blocked). when the connection is especially bad I often see the trace route timeout inside the comcast side of the network.
So how should I be faulting here? I can think of two things. One is that basically the whole internet is slow between 7 and 10 pm and I'm never going to be able to watch netflix. or that netflix sucks between 7 and 10. or that I'm dealing with a last mile issue in comcast on the shared cable line. maybe between 7 and 10 pm all my neighbors are doing the same things and comcast has oversubscribed the cable.
what can I do to try to sort these factors out?
the fuel will be called urinine, because after a lot of beer, I'm way way past urin8
so? all cars are in the turbulent regime.