No, it is not. First, there is no sane reason to do it, as it is not needed for anything. You are not that important and what you do on your computer is not either. Second, the more hardware backdoors you deploy, the higher the risk somebody finds them. And third, actually using a backdoor always comes with a significant detection risk as well. And last, NOBUS backdoors are very, very hard to get right and anything else can be found and used by other attackers. That would be an extreme catastrophe and is just one more reason to only do small-volume, targeted backdoor deployment.
Which is interesting. Other buried bodies they want to keep hidden or is there actually some truth to the story? Technologically, the attack would be possible. I could do this myself, except for the miniaturization and hiding in a signal-filter. (A signal-filter has no business being in an SPI-connection, BTW.)
The only thing that did not make sense to me was the claim that the attack-devices in later cases were hidden inside the PCB. That makes no sense at all as it is easier to detect (X-Rays, maybe even simple light), and is immediately hugely suspicious if found. It is also very difficult as it would need to be done before PCB lamination, a time where the process does expect that no components are present. At the same time, if somebody checks whether what comes out the FLASH arrives the same at the CPU (again, not difficult to do), it does not matter where the manipulation device is hidden, the changes would be extremely obvious.
I'm no expert on quantum computing, but I can see problems already based on the summary.
At nodes, keys are decrypted into classical bits and then returned to a quantum state for onward transmission. In theory, a hacker could steal them while they are briefly vulnerable.
Believe me, bad people will certainly do this. One of the ways Blu Ray encryption got cracked is that the players stored the keys unprotected in memory and smart people figured out how to dump the memory to get the keys. National actors who really want access to your data will have no problems trying to attack this weak point in the chain.
That part of the story is so utterly pathetic, it is staggering. Of course you attack the nodes, not the cables. It is far easier.
Yeas. And then, when you have done it, you just continue with normal encryption, because this quantum stuff is slow. It is also insecure, because the physical implementations have been attacked successfully time and again. And the theory behind it is known to be flawed (there is still not quantum-gravity).
First, Quantum Modulation (no, it is _not_ encryption) has been broken time and again by simply attacking the implementation instead of the theory. Anybody that thinks this stuff must be absolutely secure is utterly naive with regards to technological reality. Second, the theory used to claim "absolute security" is known to be flawed (still no quantum gravity). And third, conventional encryption is far superior in handling, reliability, cost, etc. and gets the job done just as securely, even if in 50 years or so we may have to go to post-quantum encryption (or not).
If you supply tech that makes it easier to got to war, you become complicit. This requires a bit of thinking to understand it (not a lot), but these are all very smart people can can see the the chain of causality. These are also people that do not want to contribute to making the world a worse place, and that is what wars do. Again requires a bit of actually thinking about it, instead of just regurgitating "patriotic" propaganda and being an useful idiot. And no, nobody is about to invade the US, not even the Chinese. They have really no interest in that.
Indeed. Morals, the future of the race, etc. all irrelevant. Of course, not all Americans are like that, but most of those with money and power are. Even some of those with a lot of money (e.g. Buffet, Soros, Cook) seem to be uncomfortable with this.
... is that with that much money on the table, MS will give everything in data and access to its other customers (i.e. basically everybody) to the NSA when they even only hint. Remember that the NSA is military intelligence and belongs to the Pentagon. That is the real problem I see here.
I dislike Discovery to the point I have stopped watching. The Orville is great though. Looks like CBS is just a tad envious of the success of The Orville.
Oh, and because I think you missed that somehow: Of course SQLite is making a political statement here. It does actually not matter what would work for them, they are making a statement about what they do and do not want.
A slow, inflexible database, no. Something that is pretty good and does innovate and try out new and better things, yes. Database systems are anything but simple.
If you want long-term stability and do not care what it costs, then they are doing something right. However, long-term stability, and keeping everything boring and slow is about the last thing you want in a tech project.
Wikipedia says about Chapter 4 "These are essentially the duties of every Christian and are mainly Scriptural either in letter or in spirit." This nicely points out that a CoC has nothing to do with the actual work being done and is all about some people wanting to control the forms of interaction allowed, impose the duty to follow some meaningless rituals, universally to the detriment of the project.
Indeed. Windows is and has always been a toy. For a toy, the quality would be reasonable, bit for something you need to be able to depend on, it is a bad joke.
You must be a "manager", as you have completely omitted all cost for the tool installation, the review of what it gives and the cost when it screws up.
Only small people get punished. If you are rich and powerful, you can nearly destroy the world and nothing is going to happen to you. Laws are just a means to control the masses, they are not for restricting anybody powerful.
My understanding was that grover's search and schorr's alg both dont have such bad constants. Thats why people have already been able to run toy examples to even though we've only built QCs with very limited number of qubits so far.
They have constants in real life that allows you to run toy examples in a matter of weeks or worse. Sure, the one good run was much faster, but do the researchers list how many bad ones they had and how much time that took? Also, you may get additional complexity from the real-world set-up. That would not show up in the toy examples or the theory, but it may well show up in practice. A practical example is that when you run out of memory for a hash-table, you suddenly have to put it in SSD, then disk, then tape. That gives you a pretty bad additional factor and the last step is often prohibitive. The same thing could well be happening here, for example if the whole thing has to be made successively colder to support larger computations. It does not help you much if you get a result in seconds, but have to cool the whole thing for a few months after programming it to get that one result and have to repeat the process every time for a new computation.
Now, I am not saying this particular problem is going to manifest here, but after 40 years of research doing even toy quantum computations is excessively hard. So chances are there will be massive hurdles to scale this in reality, even if the theory works out for larger examples. As larger examples need the theory to be much, much more precisely describing reality, it may well turn out that instead we find another more complicated theory and that one does not support large quantum calculations.
In any case, nothing threatening to real-world crypto will be happening in the next few decades and that is much longer than current asymmetric keys are expected to be secure against conventional attacks. For really long-term stuff, use one-time-pads or excessive key-lenght, like 100'000 bit RSA. As a QC cannot subdivide problems (unlike a classical computer) that makes you pretty secure.
Also while symmetric crypto will only have its security halved most crypto applications end up usong both assymetric and symmetric in combination (TLS, PGP, many VPNs, Blockchains, Secure Messaging, etc.) and breaking the assymrteic compnents is enough to completely destroy to securoty of the entire protocol (even if the symmetric stuff were to saty untouched!)
Only if you can actually break the asymmetric part in reasonable time and at mass-scale. If it turns out that, say, the NSA can break one 1024 bit RSA key per year investing 100M into that and the process is already optimized to the limits of what is possible, then this is not a threat.
Hahahahaha, nice! This basically shows that automation is actually incapable of tackling this problem. It probably wasted more human time with the 10 bad patches than it saved by producing the 5 that got accepted (but are not necessarily good).
Slashdot Mirror
No, it is not. First, there is no sane reason to do it, as it is not needed for anything. You are not that important and what you do on your computer is not either. Second, the more hardware backdoors you deploy, the higher the risk somebody finds them. And third, actually using a backdoor always comes with a significant detection risk as well. And last, NOBUS backdoors are very, very hard to get right and anything else can be found and used by other attackers. That would be an extreme catastrophe and is just one more reason to only do small-volume, targeted backdoor deployment.
Which is interesting. Other buried bodies they want to keep hidden or is there actually some truth to the story? Technologically, the attack would be possible. I could do this myself, except for the miniaturization and hiding in a signal-filter. (A signal-filter has no business being in an SPI-connection, BTW.)
The only thing that did not make sense to me was the claim that the attack-devices in later cases were hidden inside the PCB. That makes no sense at all as it is easier to detect (X-Rays, maybe even simple light), and is immediately hugely suspicious if found. It is also very difficult as it would need to be done before PCB lamination, a time where the process does expect that no components are present. At the same time, if somebody checks whether what comes out the FLASH arrives the same at the CPU (again, not difficult to do), it does not matter where the manipulation device is hidden, the changes would be extremely obvious.
I'm no expert on quantum computing, but I can see problems already based on the summary.
At nodes, keys are decrypted into classical bits and then returned to a quantum state for onward transmission. In theory, a hacker could steal them while they are briefly vulnerable.
Believe me, bad people will certainly do this. One of the ways Blu Ray encryption got cracked is that the players stored the keys unprotected in memory and smart people figured out how to dump the memory to get the keys. National actors who really want access to your data will have no problems trying to attack this weak point in the chain.
That part of the story is so utterly pathetic, it is staggering. Of course you attack the nodes, not the cables. It is far easier.
Yeas. And then, when you have done it, you just continue with normal encryption, because this quantum stuff is slow. It is also insecure, because the physical implementations have been attacked successfully time and again. And the theory behind it is known to be flawed (there is still not quantum-gravity).
First, Quantum Modulation (no, it is _not_ encryption) has been broken time and again by simply attacking the implementation instead of the theory. Anybody that thinks this stuff must be absolutely secure is utterly naive with regards to technological reality. Second, the theory used to claim "absolute security" is known to be flawed (still no quantum gravity). And third, conventional encryption is far superior in handling, reliability, cost, etc. and gets the job done just as securely, even if in 50 years or so we may have to go to post-quantum encryption (or not).
You think anything of "MS quality" is going to be an asset? Have you been asleep the last 30 years?
If you supply tech that makes it easier to got to war, you become complicit. This requires a bit of thinking to understand it (not a lot), but these are all very smart people can can see the the chain of causality. These are also people that do not want to contribute to making the world a worse place, and that is what wars do. Again requires a bit of actually thinking about it, instead of just regurgitating "patriotic" propaganda and being an useful idiot. And no, nobody is about to invade the US, not even the Chinese. They have really no interest in that.
Indeed. Morals, the future of the race, etc. all irrelevant. Of course, not all Americans are like that, but most of those with money and power are. Even some of those with a lot of money (e.g. Buffet, Soros, Cook) seem to be uncomfortable with this.
... is that with that much money on the table, MS will give everything in data and access to its other customers (i.e. basically everybody) to the NSA when they even only hint. Remember that the NSA is military intelligence and belongs to the Pentagon. That is the real problem I see here.
I dislike Discovery to the point I have stopped watching. The Orville is great though. Looks like CBS is just a tad envious of the success of The Orville.
Via trade-agreements it can also apply in other places, since this is anti-competitive behavior by Google.
If you are "pro-everybody", the term becomes meaningless. If you are not pro-everybody, it does discriminate and is bad.
What are you talking about?
Because that is something these people have to be told.
I really love teaching in contrast. There I can just fail the failures. No, no backlash, as here academic education does not serve to make a profit.
Oh, and because I think you missed that somehow: Of course SQLite is making a political statement here. It does actually not matter what would work for them, they are making a statement about what they do and do not want.
A slow, inflexible database, no. Something that is pretty good and does innovate and try out new and better things, yes. Database systems are anything but simple.
If you want long-term stability and do not care what it costs, then they are doing something right. However, long-term stability, and keeping everything boring and slow is about the last thing you want in a tech project.
Wikipedia says about Chapter 4 "These are essentially the duties of every Christian and are mainly Scriptural either in letter or in spirit." This nicely points out that a CoC has nothing to do with the actual work being done and is all about some people wanting to control the forms of interaction allowed, impose the duty to follow some meaningless rituals, universally to the detriment of the project.
Indeed. Windows is and has always been a toy. For a toy, the quality would be reasonable, bit for something you need to be able to depend on, it is a bad joke.
They never had it and they will never get it.
That thing does seem to delete files whenever it feels like.
You must be a "manager", as you have completely omitted all cost for the tool installation, the review of what it gives and the cost when it screws up.
Only small people get punished. If you are rich and powerful, you can nearly destroy the world and nothing is going to happen to you. Laws are just a means to control the masses, they are not for restricting anybody powerful.
My understanding was that grover's search and schorr's alg both dont have such bad constants. Thats why people have already been able to run toy examples to even though we've only built QCs with very limited number of qubits so far.
They have constants in real life that allows you to run toy examples in a matter of weeks or worse. Sure, the one good run was much faster, but do the researchers list how many bad ones they had and how much time that took? Also, you may get additional complexity from the real-world set-up. That would not show up in the toy examples or the theory, but it may well show up in practice.
A practical example is that when you run out of memory for a hash-table, you suddenly have to put it in SSD, then disk, then tape. That gives you a pretty bad additional factor and the last step is often prohibitive. The same thing could well be happening here, for example if the whole thing has to be made successively colder to support larger computations. It does not help you much if you get a result in seconds, but have to cool the whole thing for a few months after programming it to get that one result and have to repeat the process every time for a new computation.
Now, I am not saying this particular problem is going to manifest here, but after 40 years of research doing even toy quantum computations is excessively hard. So chances are there will be massive hurdles to scale this in reality, even if the theory works out for larger examples. As larger examples need the theory to be much, much more precisely describing reality, it may well turn out that instead we find another more complicated theory and that one does not support large quantum calculations.
In any case, nothing threatening to real-world crypto will be happening in the next few decades and that is much longer than current asymmetric keys are expected to be secure against conventional attacks. For really long-term stuff, use one-time-pads or excessive key-lenght, like 100'000 bit RSA. As a QC cannot subdivide problems (unlike a classical computer) that makes you pretty secure.
Also while symmetric crypto will only have its security halved most crypto applications end up usong both assymetric and symmetric in combination (TLS, PGP, many VPNs, Blockchains, Secure Messaging, etc.) and breaking the assymrteic compnents is enough to completely destroy to securoty of the entire protocol (even if the symmetric stuff were to saty untouched!)
Only if you can actually break the asymmetric part in reasonable time and at mass-scale. If it turns out that, say, the NSA can break one 1024 bit RSA key per year investing 100M into that and the process is already optimized to the limits of what is possible, then this is not a threat.
Hahahahaha, nice! This basically shows that automation is actually incapable of tackling this problem. It probably wasted more human time with the 10 bad patches than it saved by producing the 5 that got accepted (but are not necessarily good).