A one-time pad, properly implemented, is by definition unbreakable.
Why? Because any given encrypted text, say, DUOvi3daf6234%#GVYdasf
can be created from any arbitrary same-length input given a specifically crafted key.
In other words, if I'm a prosecutor trying to convince a naive jury that the message above is "KillPresident..." I can come up with a key that will "prove" my point. Likewise, the defense can come up with a key that makes the same encrypted message say "PrezIsGreat!..."
If encryption is breakable with a large amount of effort, then it does several useful things:
* It prevents people without the resources from accessing your mail. * It may provide short-term security, which may be sufficient. * It makes those who do have the resources be selective in whose encryption they break.
For example, if it takes a minimum of a week to break the encryption on an encrypted web connection that discusses an embargoed news item that will be published in 6 days, that's good enough.
Another example: If a government wants to crack down on encrypted communications among drug traffickers, but it costs them $10,000,000 for each decryption effort, they will need to pick and choose who they go after.
There are encryption systems that are provably unbreakable without a key, such as a one-time pad. Unfortunately, they are usually not practical to implement correctly.
It's a bona fide low-power computer that is suited for some computing tasks but is not a replacement for a laptop or desktop PC.
There is a difference.
Comparing a PC to a Pi is like comparing a professional-grade bicycle with a $50 kid's bike. Both get the job done and both are built to last for years, but one has a lot more features than the other.
It is NOT comparing a professional-grade bicycle with a toy bicycle that Ken and Barbie dolls can ride around on.
Cryptocurrencies may succeed, but Bitcoin has too many limitations in it that newer cryptocurrencies don't have. In the long run, this will doom BC unless it makes significant changes.
In the short run, political forces like in South Korea and the high transaction costs will push it down. I don't see it crashing below January 2017 levels any time soon, but it will be below $5000 by the end of the decade.
The one thing it does have is market dominance and relatively wide acceptance.
The future of cryptocurrencies will be in: 1) Bank/government/other-big-corporation-backed currencies 2) A cryptocurrency that is what Bitcoin was in the beginning - a hard-to-track, very-low-transaction-cost currency that doesn't give people with special equipment a significant advantage.
The one thing that may hamper 2) is if mining is concentrated in one part of the world due to cheap energy. That can lead to cartels and loss of trust as a "nearly anonymous" medium of exchange.
Besides government works and works whose copyrights are challenged in court ("Happy Birthday to You" etc.), works not "for hire" published after 1923 and whose only author died 70 years ago have entered into the public domain when the 70th anniversary arrives, if they weren't already in the public domain.
In almost all cases, they would have already entered due to non-renewal or other reasons.
It's not much, I know. I can't think of any specific examples off the top of my head.
This is important though in that it removes any UNCERTAINTY about a work's copyright status. For example, if a book was published in 1924-1947 and the author died in 1947 and there isn't some reason the (c) last longer than "70 years after the death of the author," we know it's now in the public domain. A week ago, unless we did a diligent search for renewals, we did not know.
If the idea is inherently un-testable, it's not science.
That's not to say it's right or wrong, just that you shouldn't be discussing it as if it were science. After all, the world may very well have been created by an outside-this-universe entity 1 second ago with all of our brain cells wired to think we've been alive for years or decades, but that's not a testable hypothesis and it has no place in science.
Now, if an idea is un-testable now but it might be someday, well, that might be within the realm of science.
However, the very words "indistinguishable from" seems to put this squarely in the realm of non-science.
I can't speak for other countries, but in most of the USA the determining factor would be "was it really a final document, or just a draft/in-progress document?" and "was it altered/faked?"
With a paper will, it's fairly easy to test: was it signed, and was it altered after signing?
With a text or email that is sent it's a bit harder but sometimes you can still prove it is "final" if you show that the purported sender is the actual sender, that it hasn't been altered, and that the context indicates it was a final document.
With a draft, the default presumption would be that it was a work-in-progress. Context, such as a suicide, a lack of any other will, etc. can overturn this presumption but it would be an uphill battle. Of course, proving it hadn't been tampered with may be impossible if there wasn't a copy that can be proven to be "not tampered with" to compare against.
My guess is that if something like this happened in the USA and there was nobody contesting, the courts would allow it "for lack of any objection." If it was contested, well, those wanting to prove their case would have a big uphill battle.
I'll admit, I fell for it. Between the rare-but-not-unheard-of cases of previously-rational people "going off the rails" and corporate-types being too polite to shut down a meeting once someone drops the f-bomb, it had just enough plausibility to get past my "this has to be a joke" filter.
All in all though, I'd much rather fall for this joke than have it be real.
You are telling me that the staff member who was running the meeting or the senior staff member in the room didn't intervene as soon as he started acting unprofessionally?
Being anti-RUST or whatever I can see. Being closed-minded to the point of being useless as a consultant I can see. But an invited outsider who gets unprofessional in a meeting should be reminded to be professional and/or removed before things get out of hand.
I'm not sure there is such a thing as a completely isolated environment anymore. There are too many air-gap bridging attacks. (See also Stuxnet).
In practical terms, an isolated environment is one where the only way anything gets into the system is by a human being manually entering it, and the only way anything gets out by what a human being carries away with him either in his head or in his pocket/breifcase/other.
I would count a system that has a keyboard or mouse for input, a video screen, printer, and maybe a "write only" media-writing tool (see below) that is in a room where electronic- or even look-at-the-screen-through-the-window eavesdropping or jamming is either impractical or not a concern to to meet these requirements.
More common would be "one way isolation" where the system was closed to input except from a human, but it's output was no secret. For example, my microwave oven's firmware cannot be changed without replacing hardware. But I can provide input to it through the keyboard and I can change its "state" by putting different kinds of food or other objects inside it or by varying the electrical input on the 120V line input. If I pretend it's plugged into an isolated off-the-grid power supply and the whole thing is in an access-controlled building, it's now a closed system as far as input is concerned, but the output - energy to the food and a small but detectable leakage of microwave energy into the environment, as well as detectable changes in the power supply system - is not closed.
I expect that such embedded systems which are, in practical terms, isolated as far as input is concerned, are much more common than you might think.
An email format which is well-defined, simple enough for most experts to understand completely, and which has no homoglyphs or other situations that can fool the eye, can be safe.
Well-defined means the is no undefined behavior in the specification. Well-defined also pretty much guarantees that the email cannot result in "open ended" behavior beyond the bare necessities, such as saving a file or printing it, or possibly launching a sandboxed application that is in a separate sandbox from the web browser.
Simple enough for most experts to understand means it's less likely that an email client will have bugs exploitable by a poisoned email.
Not having situations that can fool the eye rules out using colors that are visually similar, fonts that are visually similar, and fonts with very similar characters, and the like. However, it does not prohibit using simple markup languages which have features such as "bold" as long as those behaviors are well-defined in the specification. It does not restrict you to "ASCII" or "UTF-8" or to specific fonts, but it would prohibit fonts or combinations of fonts that show characters similarly. For example, in ASCII, some fonts display 0 and O as nearly identical, or l and 1 as nearly identical. Those fonts should be prohibited in any "safe" email specification, as they make social engineering much easier: "Hey Joe, copy and paste into your web browser to go to 'http://www.notevi1site.example.com' where the font makes it look like 'http://www.notevilsite.example.com'" might fool someone into thinking it was not evil when it is.
A safe email specification can even provide for "safe" pictures. It can allow pictures in certain formats provided the picture format is itself a "safe" format and client clearly indicates to the user they are pictures rather than text.
Out of necessity, any practical email standard should provide for "somewhat safe" method of handling file attachments. One way is to require the client only save the files in a "containerized" file format (e.g. mime/.eml, uuencode, zip, etc.), ready to be scrubbed by security software, which will be responsible for declaring it "safe" before saving the file in its final form. This is a compromise of course, as no security software is perfect and "one size does not fit all" for security. Malware researchers may NEED to exchange samples of live malware, but everyone else should have such files flagged and deleted before they can gain a foothold.
Slashdot Mirror
Where can I buy one??
Where can I download the designs so I can build one from raw materials if I am so inclined?
Raw materials meaning oil, rock/surface minerals, etc, not pre-existing chips or ready-to-use silicon wafers.
Pigeons can transfer terabytes of information short distances way faster than any network so far
Other animals, bazookas, and even potato-guns are probably faster.
What is the TB-meter-per-second and maximum effective distance of a trebuchet-launched container filled with high-density SSD devices?
There was a programming contest at the campus one guy, who won, came up with just 231 bytes implementation of One-Time-Pad.
231 bytes sounds about right for what amounts to loop with a handful of instructions in it.
I assume it was either in assembler or he had a very space-efficient compiler/linker and I/O instruction calls were negligible in size.
There is no such thing as unbreakable encryption.
A one-time pad, properly implemented, is by definition unbreakable.
Why? Because any given encrypted text, say,
DUOvi3daf6234%#GVYdasf
can be created from any arbitrary same-length input given a specifically crafted key.
In other words, if I'm a prosecutor trying to convince a naive jury that the message above is "KillPresident..." I can come up with a key that will "prove" my point. Likewise, the defense can come up with a key that makes the same encrypted message say "PrezIsGreat!..."
If encryption is breakable with a large amount of effort, then it does several useful things:
* It prevents people without the resources from accessing your mail.
* It may provide short-term security, which may be sufficient.
* It makes those who do have the resources be selective in whose encryption they break.
For example, if it takes a minimum of a week to break the encryption on an encrypted web connection that discusses an embargoed news item that will be published in 6 days, that's good enough.
Another example: If a government wants to crack down on encrypted communications among drug traffickers, but it costs them $10,000,000 for each decryption effort, they will need to pick and choose who they go after.
There are encryption systems that are provably unbreakable without a key, such as a one-time pad. Unfortunately, they are usually not practical to implement correctly.
It's a bona fide low-power computer that is suited for some computing tasks but is not a replacement for a laptop or desktop PC.
There is a difference.
Comparing a PC to a Pi is like comparing a professional-grade bicycle with a $50 kid's bike. Both get the job done and both are built to last for years, but one has a lot more features than the other.
It is NOT comparing a professional-grade bicycle with a toy bicycle that Ken and Barbie dolls can ride around on.
... is smart enough to not give me ads.
Well, not counting ads that everyone else listening to the same radio station is getting.
Cryptocurrencies may succeed, but Bitcoin has too many limitations in it that newer cryptocurrencies don't have. In the long run, this will doom BC unless it makes significant changes.
In the short run, political forces like in South Korea and the high transaction costs will push it down. I don't see it crashing below January 2017 levels any time soon, but it will be below $5000 by the end of the decade.
The one thing it does have is market dominance and relatively wide acceptance.
The future of cryptocurrencies will be in:
1) Bank/government/other-big-corporation-backed currencies
2) A cryptocurrency that is what Bitcoin was in the beginning - a hard-to-track, very-low-transaction-cost currency that doesn't give people with special equipment a significant advantage.
The one thing that may hamper 2) is if mining is concentrated in one part of the world due to cheap energy. That can lead to cartels and loss of trust as a "nearly anonymous" medium of exchange.
Besides government works and works whose copyrights are challenged in court ("Happy Birthday to You" etc.), works not "for hire" published after 1923 and whose only author died 70 years ago have entered into the public domain when the 70th anniversary arrives, if they weren't already in the public domain.
In almost all cases, they would have already entered due to non-renewal or other reasons.
It's not much, I know. I can't think of any specific examples off the top of my head.
This is important though in that it removes any UNCERTAINTY about a work's copyright status. For example, if a book was published in 1924-1947 and the author died in 1947 and there isn't some reason the (c) last longer than "70 years after the death of the author," we know it's now in the public domain. A week ago, unless we did a diligent search for renewals, we did not know.
with multiple marriages for all, where a man can have multiple wives and his wives can have multiple husbands, and so on and so on.
For good measure, let people marry animals and inanimate objects. Hello Alexa....
--
100% satire from concentrate
Polygamy exists everywhere but nobody calls it that.
It's not polygamy if it's not a person married to multiple people at the same time.
It's just cheating/fooling around/open relationship/mistress/man-on-the-side/sleeping around/other term goes here. But it's not polygamy.
There, fix^H^H^Hgeneralized that for you.
Time to get some of those mega-batteries on the grid.
All Apple has to do is make it a setting people can turn on and off.
Just let people know that if they turn it off, the system may overheat and their phone may shut down.
Many coastal cities are largely well above sea level. They may lose a few hundred feet to the ocean but they would not be submerged.
In addition some coastal cities were raised or had seawalls and other protection put in place after earlier flooding or storms.
Money.
If the idea is inherently un-testable, it's not science.
That's not to say it's right or wrong, just that you shouldn't be discussing it as if it were science. After all, the world may very well have been created by an outside-this-universe entity 1 second ago with all of our brain cells wired to think we've been alive for years or decades, but that's not a testable hypothesis and it has no place in science.
Now, if an idea is un-testable now but it might be someday, well, that might be within the realm of science.
However, the very words "indistinguishable from" seems to put this squarely in the realm of non-science.
Store your data behind a "skinny pipe" to the outside world.
Make "skinny" just big enough for "normal" traffic for any given time of day plus a fudge-factor to allow for busy days.
This way if someone wants to steal your data they will have to "sip it slowly" to avoid causing a noticeable slowdown.
It won't stop wholesale data theft but it will reduce the amount of information they can steal in any given period of time.
It also won't stop "selective" data theft..
I can't speak for other countries, but in most of the USA the determining factor would be "was it really a final document, or just a draft/in-progress document?" and "was it altered/faked?"
With a paper will, it's fairly easy to test: was it signed, and was it altered after signing?
With a text or email that is sent it's a bit harder but sometimes you can still prove it is "final" if you show that the purported sender is the actual sender, that it hasn't been altered, and that the context indicates it was a final document.
With a draft, the default presumption would be that it was a work-in-progress. Context, such as a suicide, a lack of any other will, etc. can overturn this presumption but it would be an uphill battle. Of course, proving it hadn't been tampered with may be impossible if there wasn't a copy that can be proven to be "not tampered with" to compare against.
My guess is that if something like this happened in the USA and there was nobody contesting, the courts would allow it "for lack of any objection." If it was contested, well, those wanting to prove their case would have a big uphill battle.
I'll admit, I fell for it. Between the rare-but-not-unheard-of cases of previously-rational people "going off the rails" and corporate-types being too polite to shut down a meeting once someone drops the f-bomb, it had just enough plausibility to get past my "this has to be a joke" filter.
All in all though, I'd much rather fall for this joke than have it be real.
We get a keyboard, mouse, and monitor.
BWUHAHAHAHA says the disgruntled soon-to-be-ex-employee who happens to have a photographic memory.
You are telling me that the staff member who was running the meeting or the senior staff member in the room didn't intervene as soon as he started acting unprofessionally?
Being anti-RUST or whatever I can see. Being closed-minded to the point of being useless as a consultant I can see. But an invited outsider who gets unprofessional in a meeting should be reminded to be professional and/or removed before things get out of hand.
I'm not sure there is such a thing as a completely isolated environment anymore. There are too many air-gap bridging attacks. (See also Stuxnet).
In practical terms, an isolated environment is one where the only way anything gets into the system is by a human being manually entering it, and the only way anything gets out by what a human being carries away with him either in his head or in his pocket/breifcase/other.
I would count a system that has a keyboard or mouse for input, a video screen, printer, and maybe a "write only" media-writing tool (see below) that is in a room where electronic- or even look-at-the-screen-through-the-window eavesdropping or jamming is either impractical or not a concern to to meet these requirements.
More common would be "one way isolation" where the system was closed to input except from a human, but it's output was no secret. For example, my microwave oven's firmware cannot be changed without replacing hardware. But I can provide input to it through the keyboard and I can change its "state" by putting different kinds of food or other objects inside it or by varying the electrical input on the 120V line input. If I pretend it's plugged into an isolated off-the-grid power supply and the whole thing is in an access-controlled building, it's now a closed system as far as input is concerned, but the output - energy to the food and a small but detectable leakage of microwave energy into the environment, as well as detectable changes in the power supply system - is not closed.
I expect that such embedded systems which are, in practical terms, isolated as far as input is concerned, are much more common than you might think.
I can see a company delaying patching serious bugs long enough to test it and make sure the fix isn't worse than the bug.
I can see a company treating bugs that aren't reported as being serious as non-serious.
I can see a company assessing a "serious" but and determining it's not serious in their environment and not treating it with urgency.
But that's not what happened here.
Heads deserved to roll and at least two did.
An email format which is well-defined, simple enough for most experts to understand completely, and which has no homoglyphs or other situations that can fool the eye, can be safe.
Well-defined means the is no undefined behavior in the specification. Well-defined also pretty much guarantees that the email cannot result in "open ended" behavior beyond the bare necessities, such as saving a file or printing it, or possibly launching a sandboxed application that is in a separate sandbox from the web browser.
Simple enough for most experts to understand means it's less likely that an email client will have bugs exploitable by a poisoned email.
Not having situations that can fool the eye rules out using colors that are visually similar, fonts that are visually similar, and fonts with very similar characters, and the like. However, it does not prohibit using simple markup languages which have features such as "bold" as long as those behaviors are well-defined in the specification. It does not restrict you to "ASCII" or "UTF-8" or to specific fonts, but it would prohibit fonts or combinations of fonts that show characters similarly. For example, in ASCII, some fonts display 0 and O as nearly identical, or l and 1 as nearly identical. Those fonts should be prohibited in any "safe" email specification, as they make social engineering much easier: "Hey Joe, copy and paste into your web browser to go to 'http://www.notevi1site.example.com' where the font makes it look like 'http://www.notevilsite.example.com'" might fool someone into thinking it was not evil when it is.
A safe email specification can even provide for "safe" pictures. It can allow pictures in certain formats provided the picture format is itself a "safe" format and client clearly indicates to the user they are pictures rather than text.
Out of necessity, any practical email standard should provide for "somewhat safe" method of handling file attachments. One way is to require the client only save the files in a "containerized" file format (e.g. mime/.eml, uuencode, zip, etc.), ready to be scrubbed by security software, which will be responsible for declaring it "safe" before saving the file in its final form. This is a compromise of course, as no security software is perfect and "one size does not fit all" for security. Malware researchers may NEED to exchange samples of live malware, but everyone else should have such files flagged and deleted before they can gain a foothold.