Sorry... damn Slashdot has decided to start completely hiding some posts, with no indication they exist. My reply should have been to the poster you replied to.
I don't see the word "truth" anywhere in the post you replied to. Rather he says: "Occam's razor suggests we should indeed consider our home to be a 27D manifold."
If you're looking for Truth in science you're going to be sorely disappointed. Science is about finding what works best.
It's more like you want to sum a convergent series. You can add a bunch of terms together, as far out as you'd like to go, and get an approximation, or you can use an analytic formula if someone has discovered it. For example, for the geomtric series you can go adding and dividing until you get tired, or just give the result: 2.
I had the exact same experience. Girlintraining seems to have almost completely taken over the Slashdot ecological niche of making bold, completely wrong, statements about physics and engineering, preferably with a smattering of technobabble to get the plus 5 from the masses she displaced.
Yes, we HAVE been down this road before. See "the periodic table of the elements," "Lyman/Balmer/Paschen series" and "the eightfold way" (not Buddhism). To help you out, those are patterns people found in data that preceded our current theories about atomic structure, electron shells and quarks.
Consistent patterns in physics are very often (almost always?) the result of some underlying relationship, and the recognition of those patterns has on many occasions preceded breakthroughs. This is not to be conflated with well known mathematical tricks involving using higher dimensions to simplify problems, or popular reactions to still open (and tantalizing) questions in physics.
No, actually. What you think of as your "fingerprint" is a pattern in the layer of dead skin, the epidermis. That pattern is created by patterns in the dermis, the living cells underneath the epidermis. That's why if you wear away your fingerprints, unless you do serious damage to your finger pads, they'll grow back the same as they were.
The sensor in the 5s uses a low frequency RF signal to read the fingerprint from the dermis, not the surface. That kind of sensor is much more reliable and easier to use than older ones, and can't be fooled by masks or dead fingers. Fujitsu has some notebooks in Asia that already have them, and Microsoft has demonstrated them as well.
Why bother with the key server? Just send him the key. Or post it on my web page at i.am.me.mud.com. The keyserver doesn't add anything.
A key server can do two things (IF you trust the server) that you might not be able to. It can verify the age of the key it's serving and the company running it can do things like check that I have a valid credit card number (I hear you can get someone else's for a few bucks these days).
Every step of the process is subject to man in the middle attacks plus strong-arming of the keyserver owners. If you're not worried about MITM a better solution is to just exchange a key pair every messaging session. That's more or less what https, WPA, and this app do, and it has the advantage that if the NSA gets hold of a private key somehow they can only decrypt one session, not all of them. If you ARE worried about MITM, or verifying someone's identity for other reasons, you need to exchange keys with them by some means that satisfies you. If that's a keyserver, great, but it's usually not really any better from a security standpoint than just downloading their key off their web page.
Interestingly, some of the messaging protocols do use encryption and transparent-to-the-user key exchanges. BBM, iMessage, probably others. I don't know if they use session keys or per-user keys, or how those keys are exchanged, but there are existing, popular messaging systems that don't even need a button to set things up.
Photometry is pretty trivial. GOOD photometry is less so, and good, easy to use photometry even less so. Photometry applied to planet hunting (longitudinal differential photometry with statistical analysis), which is what I assume OSCAAR does (the web page is a little unclear just how far it goes), is another couple of levels on top. OSCAAR's contribution might well be the planet hunting bit, not the photometry bit.
Telescopes and CCDs are cheap. Learning stats and signal processing is not.
Personally, I'd rather roll my own, but then stats and signal processing is what I do.
You take a grammar course. "Opens up" has been used for a long time in this exact context: the European sea explorers opened up North and South America for colonization; land explorers opened up the west for settlement; it was hoped the Cape to Cairo road would open up the African continent.
Your usage is moderately weird, even today, and is certainly limited to the last ten or fifteen years. Claiming it's exclusive is simply wrong.
I said modern incarnation. The modern incarnation of everything involves a bigger screen and shorter battery life. Your point about insulting calculator watches is well taken.
Sure, you need to follow standard procedures for avoiding man in the middle. So you can exchange keys using a pre-exchanged symmetric key, or a trusted public key. Or I could send you a key signature (or a key) out of band. Or any other method you like.
Avoiding MITM is orthogonal to the technique described in the article.
Hight-tech computer forensics applications can't retrieve a copy of a message that was deleted long ago, along with it's decryption key. That's the point.
That's not a one-time pad. A one-time pad is random and shared securely. A link to a YouTube video is a form of encryption using a key generator. It's not random and, in this case, relies on obscurity.
That fact that we've adhered so closely to Moore's law makes encryption more secure. Someone in the early 80's, at the invention of RSA, could have accurately predicted how much it would cost today to break a message encrypted with a given key size. You could have picked your key size accordingly, including one that would make your message essentially impossible to decrypt at any time in your lifetime (or the lifetime of the Earth) using all the theoretical computing resources of the solar system.
In fact, more available computing power makes digital encryption MORE secure. Encryption is designed to be easier than decryption. However, in 1985, with limited computing power, I might choose to encrypt a message with a short key, offering low security, because encryption was not a trivial operation. Today I have much more computing power and I can use a much longer key without inconvenience. That longer key means it takes much, MUCH longer to decrypt my message using present day technology (or present day + X years technology) than it took to decrypt the 1985 message with 1985(+X) technology.
The danger to competent encryption comes from breakthroughs, either in hardware, such as quantum computing, or in algorithms. Not from just piling up more transistors. No, every Slashdotter's favourite solution (OMG, GPU!11!) doesn't count.
The point is not to force the recipient to delete messages, it's to delete messages for the recipient. It's a convenience feature. You and I could send each other e-mail, exchanging one-time use public keys each time and dutifully deleting both the plain text and private keys as soon as we'd read the messages. OR, we could use this app, that does all that work for us.
Yes, if the person you're sending messages to is compromised you're screwed. But if he's merely imperfect, a timed auto-destruct prevents the bad guys from getting any old messages he forgot to burn after he's captured (i.e. stopped at a border or pulled over by a cop for not stopping long enough at a stop sign).
Because I can grab you and torture you until you give me your private key. Then I've got all the messages you've sent or received.
With this system, each message gets it's own private key that's deleted after a specified time period. If that time period is short enough I won't have time to grab and torture you. Even if I do, I'll only get the most recent messages.
This system is less convenient than a persistent key pair because you can't keep an archive of messages. On the other hand, it's much more secure, because you can't keep an archive of messages.
In lots of places in the world you can be arrested for saying or writing things that most of us would consider perfectly harmless, never mind saying things that are unflattering to a government that would do things like that to it's citizens. In those places unsnoopable communications are extremely valuable.
In places that currently aren't in such a situation, the existence of secure communications are essential to keeping it that way. Assuming you're American, your constitution has an amendment that makes it a right to own a firearm. The usual justification for that is that free ownership of firearms makes it more difficult for oppressive regimes to gain or hold power. Secure communications are MUCH more important to that goal than a bunch of yahoos with rifles. There's nothing so dangerous as a man with a radio.
It IS funny. It's not quite as funny as saying "who says?" to an anarchist wearing a question authority t-shirt, but it's not horrible. It says something about the average Slashdotter that it's modded insightful though.
Which is why you create a private key for the message exchange, then delete it. If your OS is compromised you're hooped regardless, but it avoids the "sir, I pulled you over because you have a broken tail light. Now, let me see your license, registration and cell phone" situation.
This kind of system should be integrated into messaging systems. It would wipe out spam as well as keeping away snoops. The overhead for this would be fairly small - essentially it would require doing similar negotiation to what WPA does when you make a connection. People switch messaging networks all the time, and the timed-destruction feature is something that's in demand. My teenage cousin is all over Snapchat.
I want to send you a message so I ask you for a key. You generate a public/private key pair and send me the public one. NSA gets it. I then encrypt my message with the public key and send it to you. NSA gets it. You then receive the message and read it. The NSA is SOL because they've got the public key, not the private one. They COULD still impersonate me though, so to avoid that we do a key exchange in the opposite direction and I sign my message with my private key, which you check using my public key. Which tells the NSA only that I sent the message (which they knew already).
The current weakness, and the one that's exploited, is that the NSA can snatch you off the street, apply rubber hoses, and get you to give them the decyrpted message and/or your private keys. With a time-limited system both the message and the keys get wiped, hopefully before the NSA has time to get their snatch squad on site. Without your one-time use private key, the encrypted message cannot be decrypted by anyone.
The auto-deleting is no protection if I don't trust you, but it's not meant to be. It's a convenience feature so you don't need to remember to delete the private key. Plus the app presumably takes care of generating the keys and exchanging them for each message, which would be a huge pain in the ass if you had to do it manually, which explains why nobody ever does.
Sorry... damn Slashdot has decided to start completely hiding some posts, with no indication they exist. My reply should have been to the poster you replied to.
I don't see the word "truth" anywhere in the post you replied to. Rather he says: "Occam's razor suggests we should indeed consider our home to be a 27D manifold."
If you're looking for Truth in science you're going to be sorely disappointed. Science is about finding what works best.
It's more like you want to sum a convergent series. You can add a bunch of terms together, as far out as you'd like to go, and get an approximation, or you can use an analytic formula if someone has discovered it. For example, for the geomtric series you can go adding and dividing until you get tired, or just give the result: 2.
I had the exact same experience. Girlintraining seems to have almost completely taken over the Slashdot ecological niche of making bold, completely wrong, statements about physics and engineering, preferably with a smattering of technobabble to get the plus 5 from the masses she displaced.
Holy conflation batman.
Yes, we HAVE been down this road before. See "the periodic table of the elements," "Lyman/Balmer/Paschen series" and "the eightfold way" (not Buddhism). To help you out, those are patterns people found in data that preceded our current theories about atomic structure, electron shells and quarks.
Consistent patterns in physics are very often (almost always?) the result of some underlying relationship, and the recognition of those patterns has on many occasions preceded breakthroughs. This is not to be conflated with well known mathematical tricks involving using higher dimensions to simplify problems, or popular reactions to still open (and tantalizing) questions in physics.
I'm not aware of a cell phone that has a completely open OS, including the baseband.
You're wrong.
http://360biometrics.com/faq/fingerprint_scanners.php
http://link.springer.com/chapter/10.1007%2F0-387-21685-5_2#page-1
http://www.hanscan.com/en/radio-frequency-sensors
No, actually. What you think of as your "fingerprint" is a pattern in the layer of dead skin, the epidermis. That pattern is created by patterns in the dermis, the living cells underneath the epidermis. That's why if you wear away your fingerprints, unless you do serious damage to your finger pads, they'll grow back the same as they were.
The sensor in the 5s uses a low frequency RF signal to read the fingerprint from the dermis, not the surface. That kind of sensor is much more reliable and easier to use than older ones, and can't be fooled by masks or dead fingers. Fujitsu has some notebooks in Asia that already have them, and Microsoft has demonstrated them as well.
Why bother with the key server? Just send him the key. Or post it on my web page at i.am.me.mud.com. The keyserver doesn't add anything.
A key server can do two things (IF you trust the server) that you might not be able to. It can verify the age of the key it's serving and the company running it can do things like check that I have a valid credit card number (I hear you can get someone else's for a few bucks these days).
Every step of the process is subject to man in the middle attacks plus strong-arming of the keyserver owners. If you're not worried about MITM a better solution is to just exchange a key pair every messaging session. That's more or less what https, WPA, and this app do, and it has the advantage that if the NSA gets hold of a private key somehow they can only decrypt one session, not all of them. If you ARE worried about MITM, or verifying someone's identity for other reasons, you need to exchange keys with them by some means that satisfies you. If that's a keyserver, great, but it's usually not really any better from a security standpoint than just downloading their key off their web page.
Interestingly, some of the messaging protocols do use encryption and transparent-to-the-user key exchanges. BBM, iMessage, probably others. I don't know if they use session keys or per-user keys, or how those keys are exchanged, but there are existing, popular messaging systems that don't even need a button to set things up.
Photometry is pretty trivial. GOOD photometry is less so, and good, easy to use photometry even less so. Photometry applied to planet hunting (longitudinal differential photometry with statistical analysis), which is what I assume OSCAAR does (the web page is a little unclear just how far it goes), is another couple of levels on top. OSCAAR's contribution might well be the planet hunting bit, not the photometry bit.
Telescopes and CCDs are cheap. Learning stats and signal processing is not.
Personally, I'd rather roll my own, but then stats and signal processing is what I do.
You take a grammar course. "Opens up" has been used for a long time in this exact context: the European sea explorers opened up North and South America for colonization; land explorers opened up the west for settlement; it was hoped the Cape to Cairo road would open up the African continent.
Your usage is moderately weird, even today, and is certainly limited to the last ten or fifteen years. Claiming it's exclusive is simply wrong.
I said modern incarnation. The modern incarnation of everything involves a bigger screen and shorter battery life. Your point about insulting calculator watches is well taken.
Why would you trust a key server anyway? Last time I made keys and uploaded them to a key server it just believed I was who I said I was.
Sure, you need to follow standard procedures for avoiding man in the middle. So you can exchange keys using a pre-exchanged symmetric key, or a trusted public key. Or I could send you a key signature (or a key) out of band. Or any other method you like.
Avoiding MITM is orthogonal to the technique described in the article.
Hight-tech computer forensics applications can't retrieve a copy of a message that was deleted long ago, along with it's decryption key. That's the point.
That's not a one-time pad. A one-time pad is random and shared securely. A link to a YouTube video is a form of encryption using a key generator. It's not random and, in this case, relies on obscurity.
That fact that we've adhered so closely to Moore's law makes encryption more secure. Someone in the early 80's, at the invention of RSA, could have accurately predicted how much it would cost today to break a message encrypted with a given key size. You could have picked your key size accordingly, including one that would make your message essentially impossible to decrypt at any time in your lifetime (or the lifetime of the Earth) using all the theoretical computing resources of the solar system.
In fact, more available computing power makes digital encryption MORE secure. Encryption is designed to be easier than decryption. However, in 1985, with limited computing power, I might choose to encrypt a message with a short key, offering low security, because encryption was not a trivial operation. Today I have much more computing power and I can use a much longer key without inconvenience. That longer key means it takes much, MUCH longer to decrypt my message using present day technology (or present day + X years technology) than it took to decrypt the 1985 message with 1985(+X) technology.
The danger to competent encryption comes from breakthroughs, either in hardware, such as quantum computing, or in algorithms. Not from just piling up more transistors. No, every Slashdotter's favourite solution (OMG, GPU!11!) doesn't count.
The point is not to force the recipient to delete messages, it's to delete messages for the recipient. It's a convenience feature. You and I could send each other e-mail, exchanging one-time use public keys each time and dutifully deleting both the plain text and private keys as soon as we'd read the messages. OR, we could use this app, that does all that work for us.
Yes, if the person you're sending messages to is compromised you're screwed. But if he's merely imperfect, a timed auto-destruct prevents the bad guys from getting any old messages he forgot to burn after he's captured (i.e. stopped at a border or pulled over by a cop for not stopping long enough at a stop sign).
You can't reveal a key that deleted itself five minutes after you received the message. That's kind of the point.
Because I can grab you and torture you until you give me your private key. Then I've got all the messages you've sent or received.
With this system, each message gets it's own private key that's deleted after a specified time period. If that time period is short enough I won't have time to grab and torture you. Even if I do, I'll only get the most recent messages.
This system is less convenient than a persistent key pair because you can't keep an archive of messages. On the other hand, it's much more secure, because you can't keep an archive of messages.
In lots of places in the world you can be arrested for saying or writing things that most of us would consider perfectly harmless, never mind saying things that are unflattering to a government that would do things like that to it's citizens. In those places unsnoopable communications are extremely valuable.
In places that currently aren't in such a situation, the existence of secure communications are essential to keeping it that way. Assuming you're American, your constitution has an amendment that makes it a right to own a firearm. The usual justification for that is that free ownership of firearms makes it more difficult for oppressive regimes to gain or hold power. Secure communications are MUCH more important to that goal than a bunch of yahoos with rifles. There's nothing so dangerous as a man with a radio.
It IS funny. It's not quite as funny as saying "who says?" to an anarchist wearing a question authority t-shirt, but it's not horrible. It says something about the average Slashdotter that it's modded insightful though.
Which is why you create a private key for the message exchange, then delete it. If your OS is compromised you're hooped regardless, but it avoids the "sir, I pulled you over because you have a broken tail light. Now, let me see your license, registration and cell phone" situation.
This kind of system should be integrated into messaging systems. It would wipe out spam as well as keeping away snoops. The overhead for this would be fairly small - essentially it would require doing similar negotiation to what WPA does when you make a connection. People switch messaging networks all the time, and the timed-destruction feature is something that's in demand. My teenage cousin is all over Snapchat.
Who cares if the NSA gets the public key?
I want to send you a message so I ask you for a key. You generate a public/private key pair and send me the public one. NSA gets it. I then encrypt my message with the public key and send it to you. NSA gets it. You then receive the message and read it. The NSA is SOL because they've got the public key, not the private one. They COULD still impersonate me though, so to avoid that we do a key exchange in the opposite direction and I sign my message with my private key, which you check using my public key. Which tells the NSA only that I sent the message (which they knew already).
The current weakness, and the one that's exploited, is that the NSA can snatch you off the street, apply rubber hoses, and get you to give them the decyrpted message and/or your private keys. With a time-limited system both the message and the keys get wiped, hopefully before the NSA has time to get their snatch squad on site. Without your one-time use private key, the encrypted message cannot be decrypted by anyone.
The auto-deleting is no protection if I don't trust you, but it's not meant to be. It's a convenience feature so you don't need to remember to delete the private key. Plus the app presumably takes care of generating the keys and exchanging them for each message, which would be a huge pain in the ass if you had to do it manually, which explains why nobody ever does.