Parallel park with a car you've never been in before or with a trailer for a change. That's what I'm talking about, humans have much difficulties adjusting to new perceptions. I can parallel park very well but a new car often gives me issues and I get out and see that I had plenty of space left, once I get used to a car, I can get it down to a few cm. But even then, sometimes I don't see a pole or other obstacle and block my passengers in. Computers can actually see how much is actually left at all times including any obstacles.
But in all cases the fanatics go unchecked because the argument goes that "they're Christian/Muslims too" so God must approve their cause.
There are very few Muslim religious leaders that outright condemn extremist Muslims because their holy books support them, to say anything against them would put them on the chopping block as 'unbelievers'.
There are much more but still few Christian leaders that go against their own churches or even the ones leaning a bit further to extremism than themselves. The Mormons are a group that have some visibility in their inner workings; there are plenty of Mormons that do not agree with their main tenets but there are very few that actually stand up against the anti-LGBT extremism that goes on within the church simply because it 'doesn't affect them' or 'I don't want to lose my family'.
There is a lot you can do beyond just audio. Put a low freq wave in a horizontally oriented speaker cone and see how it interacts with eg slimes/liquids. Or a high powered speaker with glass or other solids to see how/when it breaks. Noise cancellation techniques etc are also great and useful to explore at every level of the system. Compounding waves, masking and the idea of when tones become 'information'. Visualizing electric wave forms or even making a lung system in speakers is really cool too.
Failure to comply with the fifth amendment? You can't force someone to decrypt yet in the US unless you're labeled a terrorist. In the UK you can regardless of your label.
You haven't studied history, particularly regarding the Cold War or even the more recent NSA+Russia+Germany+UK+China intelligence exchanges. The governments do not need to agree on anything yet they come to an awful lot of agreements. Captured spies were continuously interchanged as did communication between the administrations. All the public ever saw was a "Cold War" where governments didn't talk or agree yet in the background they collaborated quite often to their mutual benefit. If governments control this system, a "scratch my back" situation would instantaneously render the entire system useless.
Do you have any proof otherwise? Catholics had the power in the Middle Ages - Inquisition, Holy Wars Protestants came to (some) power after that - Puritans exterminated Native Americans, Europe is divided in war between Protestants and Catholics After that came a string of baptist and millennial churches at the turn of the last century. You got Baptists, Mormons, Jehovah's Witnesses, Christian Scientists... all of them require you to sacrifice your life savings, any free time and with some even your children (through lack of healthcare) to their respective ideology.
Up until about a half a century ago your local pastor/priest (especially in Europe but also in small towns in the US) had the power over the village. If you didn't go to church, you didn't have a job and wouldn't integrate well with the rest of the village.
Fast forward to our times, Muslim neighborhoods operate much the same way. They don't integrate with the rest of the world, the local imam has the power over everything and the religion at a whole is at war with the rest of the world.
Most humans have a big problem with depth perception, projecting before-seen portions of a scene and mirrors. That's why parallel parking is such a problem for most people, they have no idea that there is really another 2-3 meter between two objects, most people think you've already hit the object when you can often still fit another car.
However computers have no problem with that. They can accurately measure the amount of space left.
Muslims who are moderate is like saying the US Christians who are moderate. If your faith matters to you, you're no longer a moderate. There are several sects of Islam as there are of Christianity, taking the side of the Kurds over the Syrians because of their faith is 'more advanced' is like taking the side of the Jehovah's Witnesses over the Westboro Baptist Church. Both are relatively harmless in their "small delusional group" positions but give them the political power and their internal delusions would become enforced law pretty quickly.
Since Oracle now owns Java and Solaris as well as MySQL and various brands of Linux, I wonder how they qualified between an Oracle-branded database and an Oracle Database.
The first question is why Cisco is even doing this. Cisco has no business in what their equipment is used for and shouldn't be telling or shutting down their customers. They should talk to Interpol and Russian law enforcement and IF it is illegal, they should do the shutting down.
But how does military equipment like a missile get on a civilian plane in the first place? Did it drop off the truck at the military airport and get mixed up with someone's luggage at the nearby civilian airport or did they just use UPS?
Why does it need to have a battery? A cap charged by active movement would give you enough power to run a small camera (which is what a fingerprint reader is) and a coil that unlocks the safety. You could have the coil movement available so it only acts as a secondary safety in case the tech doesn't work.
The only reason batteries would be necessary is to have wireless control and that's what the ultimate goal is. Once the tech has been established in the market, have a capacity mandated by the government for a disabling signal, at first around schools and then government holdings and then mobile ones carried around by the governments enforcement agents.
Fission bombs detonate most of their material and don't have much long term effects. Neither Nagasaki nor Hiroshima are or ever were 'dead zones' like Tsjernobyl is (Tsjernobyl's dead zone is not caused by the explosion either but rather the unburnt fuel still in the sarcophagus).
But for that you need 14 warheads + a sub or other delivery vehicle + another dozen or so to test with. That was my point, they're making 1 bomb, they haven't gotten anywhere near close with mass production, obtaining the tools, expertise or materials to put it all together and neither do they have a delivery vehicle nor long range missiles; they can perhaps only reach their immediate neighbors but that's too risky, maybe they could clear their own country and hit parts of Russia/India/China if they're lucky and don't get shot out of the air.
Besides that it's also about will and market share. Who really wants to spend time on cracking the yearly iteration of a sportsball game or shooter? You can get almost any EA game with the same game experience at the same quality on a PS3 with its 2010-2014 iterations. The PS4 and its games are way less popular than its predecessors and thus it will take longer to crack them because there are less interested parties.
Building an atomic bomb is easy, the US did it with minimal use of computers from the 40's onwards. The problem is getting the materials required and so far neither Iran nor North Korea has been able to (legally) acquire the required material. Also, one bomb/missile is not a threat, they shoot one, you shoot back a hundred. IF the target hits you have some casualties ranging between 100 and 500k (nuclear bombs are scary but not movie-style, nation-wiping scary) but again, you kill them. What is scary is if after about a dozen tests they start building up an unchecked US/China/Russia arsenal, but for that they need LOTS of material, material that won't go unnoticed if they require stuff at that scale.
This issue has been known to anyone using SSD's. The CPU's are still fast enough but the bandwidth between clients and servers (10Gbps is the average these days within a datacenter) no longer uses the full capacity of the disk subsystem (which is now connected at >10Gbps to each drive). Even having multiple disks in a single subsystem you can no longer use the capacity, not because of CPU issues but because of bandwidth issues between the CPU and the PCIe bus. That's why we're going away from large disk arrays and using 1 or 2U servers with 4-12 SSD drives and hooking them together with 'object storage' or other distributed storage mechanisms. That way you don't have a single point of failure and resource contention slowing you down.
But that's not the point, the point the article is making is that CPU's are getting too slow and that's not true. The CPU's are plenty fast and using any sort of off-loading mechanism would result in RAID controllers with CPU's that have to be just as powerful because if they aren't, you get the issues you have with current RAID controllers: they are slow and expensive (a single link to a 12Gbps chip is a bottleneck to an entire array of 12Gbps drives). Also you lose the scheduling, checksumming, hardware monitoring and all the other fancy things software-based solutions do these days.
Using CPU's as glorified RAID controllers is just fine and I don't foresee another solution as long as your software is fast and concise (eg. ZFS). If you start handing off anything to dedicated CPU's then you're just losing the control and customization a software based solution allows you to have.
They already do confirm you have control over the domain. The only difference is that it's (as good as) fully automated through the ACME protocol. You can verify it by hosting a website on that domain, you can verify it by sending an e-mail to the domain. Any other CA (even VeriSign) does the same thing unless it's StartSSL or an EV domain for which you have to actually submit paperwork that you are the business owner.
The only reason a CA would revoke a cert on it's own is if it were assigned to someone who didn't have the rights to request it. Eg. if they sign a cert for google.com to someone who doesn't control google.com at the time of signing.
This is different, these criminals had control over a subdomain and used it to forward it to their own domain which was in turn encrypted with SSL. The criminals had control over their domain and used an SSL certificate on their domain. The idiots at the bank or whatever allowed their domain and subdomain to be controlled and forwarded to a third party, that's the main issue.
A CA should not be in the business of censoring, they are in the business of signing certificates. All criminals use encryption and this kerfuffle is just a call for governments to be allowed to interfere in encrypted traffic.
But the predictable stream length attack has been known about since the introduction of stream ciphers. That's why you don't use stream ciphers (or shouldn't at least) to secure predictable content like chunks of websites. You use block ciphers that ALWAYS has the same block size regardless of it's contents.
AES-GCM seems to be fast-tracked by US governmental agencies with at least one someone trying to (inadvertently?) sneak in an exploit in the OpenSSL implementation. Don't trust new ciphers too quickly, if it's too good to be true...
Not sure how he would get the results with block ciphers but the paper only describes stream ciphers. That's the reason we don't use stream ciphers for HTTPS but rather block ciphers. Stream ciphers should simply never be used where keys repeat.
Parallel park with a car you've never been in before or with a trailer for a change. That's what I'm talking about, humans have much difficulties adjusting to new perceptions. I can parallel park very well but a new car often gives me issues and I get out and see that I had plenty of space left, once I get used to a car, I can get it down to a few cm. But even then, sometimes I don't see a pole or other obstacle and block my passengers in. Computers can actually see how much is actually left at all times including any obstacles.
But in all cases the fanatics go unchecked because the argument goes that "they're Christian/Muslims too" so God must approve their cause.
There are very few Muslim religious leaders that outright condemn extremist Muslims because their holy books support them, to say anything against them would put them on the chopping block as 'unbelievers'.
There are much more but still few Christian leaders that go against their own churches or even the ones leaning a bit further to extremism than themselves. The Mormons are a group that have some visibility in their inner workings; there are plenty of Mormons that do not agree with their main tenets but there are very few that actually stand up against the anti-LGBT extremism that goes on within the church simply because it 'doesn't affect them' or 'I don't want to lose my family'.
Publicly perhaps. In 2010 they did a really large spy swap and more recently did Russia and Estonia (a close US ally).
There is a lot you can do beyond just audio. Put a low freq wave in a horizontally oriented speaker cone and see how it interacts with eg slimes/liquids. Or a high powered speaker with glass or other solids to see how/when it breaks. Noise cancellation techniques etc are also great and useful to explore at every level of the system. Compounding waves, masking and the idea of when tones become 'information'. Visualizing electric wave forms or even making a lung system in speakers is really cool too.
Failure to comply with the fifth amendment? You can't force someone to decrypt yet in the US unless you're labeled a terrorist. In the UK you can regardless of your label.
You haven't studied history, particularly regarding the Cold War or even the more recent NSA+Russia+Germany+UK+China intelligence exchanges. The governments do not need to agree on anything yet they come to an awful lot of agreements. Captured spies were continuously interchanged as did communication between the administrations. All the public ever saw was a "Cold War" where governments didn't talk or agree yet in the background they collaborated quite often to their mutual benefit. If governments control this system, a "scratch my back" situation would instantaneously render the entire system useless.
So you're saying that standing up to your government and overthrowing it is never possible? The government is always right even when it isn't?
Do you have any proof otherwise?
Catholics had the power in the Middle Ages - Inquisition, Holy Wars
Protestants came to (some) power after that - Puritans exterminated Native Americans, Europe is divided in war between Protestants and Catholics
After that came a string of baptist and millennial churches at the turn of the last century. You got Baptists, Mormons, Jehovah's Witnesses, Christian Scientists... all of them require you to sacrifice your life savings, any free time and with some even your children (through lack of healthcare) to their respective ideology.
Up until about a half a century ago your local pastor/priest (especially in Europe but also in small towns in the US) had the power over the village. If you didn't go to church, you didn't have a job and wouldn't integrate well with the rest of the village.
Fast forward to our times, Muslim neighborhoods operate much the same way. They don't integrate with the rest of the world, the local imam has the power over everything and the religion at a whole is at war with the rest of the world.
Most humans have a big problem with depth perception, projecting before-seen portions of a scene and mirrors. That's why parallel parking is such a problem for most people, they have no idea that there is really another 2-3 meter between two objects, most people think you've already hit the object when you can often still fit another car.
However computers have no problem with that. They can accurately measure the amount of space left.
Can we do the same for Christians? The same criteria applied to Christians would put the entire government in prison including our President.
Muslims who are moderate is like saying the US Christians who are moderate. If your faith matters to you, you're no longer a moderate. There are several sects of Islam as there are of Christianity, taking the side of the Kurds over the Syrians because of their faith is 'more advanced' is like taking the side of the Jehovah's Witnesses over the Westboro Baptist Church. Both are relatively harmless in their "small delusional group" positions but give them the political power and their internal delusions would become enforced law pretty quickly.
Since Oracle now owns Java and Solaris as well as MySQL and various brands of Linux, I wonder how they qualified between an Oracle-branded database and an Oracle Database.
The first question is why Cisco is even doing this. Cisco has no business in what their equipment is used for and shouldn't be telling or shutting down their customers. They should talk to Interpol and Russian law enforcement and IF it is illegal, they should do the shutting down.
But how does military equipment like a missile get on a civilian plane in the first place? Did it drop off the truck at the military airport and get mixed up with someone's luggage at the nearby civilian airport or did they just use UPS?
Why does it need to have a battery? A cap charged by active movement would give you enough power to run a small camera (which is what a fingerprint reader is) and a coil that unlocks the safety. You could have the coil movement available so it only acts as a secondary safety in case the tech doesn't work.
The only reason batteries would be necessary is to have wireless control and that's what the ultimate goal is. Once the tech has been established in the market, have a capacity mandated by the government for a disabling signal, at first around schools and then government holdings and then mobile ones carried around by the governments enforcement agents.
Fission bombs detonate most of their material and don't have much long term effects. Neither Nagasaki nor Hiroshima are or ever were 'dead zones' like Tsjernobyl is (Tsjernobyl's dead zone is not caused by the explosion either but rather the unburnt fuel still in the sarcophagus).
But for that you need 14 warheads + a sub or other delivery vehicle + another dozen or so to test with. That was my point, they're making 1 bomb, they haven't gotten anywhere near close with mass production, obtaining the tools, expertise or materials to put it all together and neither do they have a delivery vehicle nor long range missiles; they can perhaps only reach their immediate neighbors but that's too risky, maybe they could clear their own country and hit parts of Russia/India/China if they're lucky and don't get shot out of the air.
Besides that it's also about will and market share. Who really wants to spend time on cracking the yearly iteration of a sportsball game or shooter? You can get almost any EA game with the same game experience at the same quality on a PS3 with its 2010-2014 iterations. The PS4 and its games are way less popular than its predecessors and thus it will take longer to crack them because there are less interested parties.
Building an atomic bomb is easy, the US did it with minimal use of computers from the 40's onwards. The problem is getting the materials required and so far neither Iran nor North Korea has been able to (legally) acquire the required material. Also, one bomb/missile is not a threat, they shoot one, you shoot back a hundred. IF the target hits you have some casualties ranging between 100 and 500k (nuclear bombs are scary but not movie-style, nation-wiping scary) but again, you kill them. What is scary is if after about a dozen tests they start building up an unchecked US/China/Russia arsenal, but for that they need LOTS of material, material that won't go unnoticed if they require stuff at that scale.
The 'free' SSL certificates, yes, but I don't think you can use them for business. Their 'verified' SSL certificates require paperwork.
This issue has been known to anyone using SSD's. The CPU's are still fast enough but the bandwidth between clients and servers (10Gbps is the average these days within a datacenter) no longer uses the full capacity of the disk subsystem (which is now connected at >10Gbps to each drive). Even having multiple disks in a single subsystem you can no longer use the capacity, not because of CPU issues but because of bandwidth issues between the CPU and the PCIe bus. That's why we're going away from large disk arrays and using 1 or 2U servers with 4-12 SSD drives and hooking them together with 'object storage' or other distributed storage mechanisms. That way you don't have a single point of failure and resource contention slowing you down.
But that's not the point, the point the article is making is that CPU's are getting too slow and that's not true. The CPU's are plenty fast and using any sort of off-loading mechanism would result in RAID controllers with CPU's that have to be just as powerful because if they aren't, you get the issues you have with current RAID controllers: they are slow and expensive (a single link to a 12Gbps chip is a bottleneck to an entire array of 12Gbps drives). Also you lose the scheduling, checksumming, hardware monitoring and all the other fancy things software-based solutions do these days.
Using CPU's as glorified RAID controllers is just fine and I don't foresee another solution as long as your software is fast and concise (eg. ZFS). If you start handing off anything to dedicated CPU's then you're just losing the control and customization a software based solution allows you to have.
They already do confirm you have control over the domain. The only difference is that it's (as good as) fully automated through the ACME protocol. You can verify it by hosting a website on that domain, you can verify it by sending an e-mail to the domain. Any other CA (even VeriSign) does the same thing unless it's StartSSL or an EV domain for which you have to actually submit paperwork that you are the business owner.
The only reason a CA would revoke a cert on it's own is if it were assigned to someone who didn't have the rights to request it. Eg. if they sign a cert for google.com to someone who doesn't control google.com at the time of signing.
This is different, these criminals had control over a subdomain and used it to forward it to their own domain which was in turn encrypted with SSL. The criminals had control over their domain and used an SSL certificate on their domain. The idiots at the bank or whatever allowed their domain and subdomain to be controlled and forwarded to a third party, that's the main issue.
A CA should not be in the business of censoring, they are in the business of signing certificates. All criminals use encryption and this kerfuffle is just a call for governments to be allowed to interfere in encrypted traffic.
But the predictable stream length attack has been known about since the introduction of stream ciphers. That's why you don't use stream ciphers (or shouldn't at least) to secure predictable content like chunks of websites. You use block ciphers that ALWAYS has the same block size regardless of it's contents.
AES-GCM seems to be fast-tracked by US governmental agencies with at least one someone trying to (inadvertently?) sneak in an exploit in the OpenSSL implementation. Don't trust new ciphers too quickly, if it's too good to be true...
Not sure how he would get the results with block ciphers but the paper only describes stream ciphers. That's the reason we don't use stream ciphers for HTTPS but rather block ciphers. Stream ciphers should simply never be used where keys repeat.