Good post! I very much enjoyed reading it. Yes, IPv6 has serious adoption issues, and even though it clearly resolves the address space size problem, there are other reasons ISPs wont want to offer fixed addresses. I'm an optimist in general, and hope they'll do it anyway. I think the attack methods for a P2P phone call can be very limited. They can record who you call and when, but the commonly used encryption schemes rule out man-in-the-middle attacks, and it's pretty hard to hack. Of course, if your machine is compromised, all bets are off, and most stupid Windows machines have plenty of spy-ware, and most Linux machines simply trust the open-source community (which I trust a lot more than the spy-ware guys). Relaying keys through hostile machines can be done securely. It's the people on either end that are the weak link.
Sorry, I stand corrected. Muon-catalyzed fusion has been feasible for a long time. To bad I don't own a good mine for digging up muons:-) I assume the Navy research is talking about cold fusion between regular deuterium atoms, which if I understand correctly, is mathematically very unlikely assuming normal states of matter, due to the heavy electric repulsion between the nuclei, which muons get around by reducing the size of a neutrally charged atom to small enough to allow strong forces to kick in. If the result is repeatable it points to something very strange going on.
I actually bought an SPA-3102 (and a couple others) and considered the open-WRT setup you've suggested. The SPA-3102 is hands-down the best VoIP gateway in it's class, but still had enough problems (I never did get flash to pass from our analog phones through it to the phone company), and occasional bad echo, that my wife made me take it out of our home system. The open-WRT systems you mentioned don't have (from what I've read) the horsepower to do echo-cancellation in the Asterisk core, making it even poorer for high-end use. However, if you just what to communicate on-the-cheap, you're setup can't be beat. IMO, this class of device will only enter main-stream usage when high-quality versions come out, kinda like what happened with the iPod.
True, if you call a known terrorist using encrypted P2P VoIP, they can still report that you made the call. I personally consider this fall less invasive than having someone actually listening to what might be a private matter. However, I'm afraid that collaboration between the US government and AT&T will very likely stifle VoIP development in the US. Australia already seems to have a commanding lead, with Asterisk PBX appliances already for sale. The is a classic case of our government stupidly crushing any technology lead we might have had.
Yes, the network will still need to route IP packets. The pain to AT&T and others will only be due to the transition to the new technology, and away from their old business model. We'll need to pay more for broadband, but it will carry voice and TV, as well as traditional services. But with IPv6, we can all have fixed addresses, so no third party is required to act as a server to connect two parties, and all phone calls could in theory come with no extra charge (just like Skype). With simple encrypted voice streams, I see no way for AT&T or any government to do wire tapping. Unfortunately for consumers, the government and AT&T have aligned interest in keeping the next generation Internet (capable of real-time peer-to-peer voice/video communication) away from us.
"Cold" fusion means cold relative to the temperature of the Sun (hot enough to fuse hydrogen). "Cold" fusion in theory could potentially boil water, and drive the turbines. However, a basic quantum physics result is that there is basically no way in heck that cold fusion will ever work, unless there is some new unknown physics taking place. While possible, it's unlikely, which is why most respected journals shy away from it, in addition to the large number of quacks the field has attracted. I put more hope in the Polywell stuff: http://en.wikipedia.org/wiki/Polywell
BTW... one reason Congress goes along with such nonsense is that they love being able to wire-tap your call. Even Skype provides them that capability. With users calling each other directly over the net with NO third party in the middle, it will be far harder to wire-tap. Any call could be encrypted as easily as any ssh session.
VoIP is going to be a VERY interesting space to watch over the next few years. With an old PC, I wired two small companies with PBX's, and connect them with multi-line capability through Sipphone.com for $0.01/minute, and no monthy fee or setup charge (sorry to sound like an add... here's another equivalent service: Vitelety.com). Further, in less than a year, you wont even need an old PC. Check out http://www.rowetel.com/ucasterisk/ip04. David Rowe is giving the world Asterisk capable hardware designs for free! My own feeling is that these things can be used as a bridge between the old analog days and the future (VoIP). A similar piece of hardware could act as an answering machine, and also determine if the number your calling even needs to route through for-fee services (using http://e164.org/). If the other end is listed in the free directory, your call will be FREE (in both senses - beer and speech). Look to AT&T to launch a major public smear campaign, push more insane laws, try to kill net neutrality (to kill VoIP), and file law-suits galore against VoIP providers. One downside... I'm not sure if I like the idea of Mom being able to call for free:-)
All in all, I'd say we're pretty amazing creatures. I worry (just a little) that someday our own creations might become intelligent and take over the world, like in so many sci-fi novels. However, two people can take nothing but plants and water and use them to create more people. As our computers become exponentially more powerful, the fabs needed to make them become exponentially more expensive. Survival for a machine race would be far more fragile than for humans (blow up a few fabs, terminate the race). However, we seem to be making far better progress towards building machines complex enough to think than we are at interplanetary colonization. Our basic space craft has not really improved much in 40 years, and if our machines can continue advancing for another 40 years at this rate, they will hands down out-compute us. If our space craft continue to improve at this rate, we'll have... nothing special.
I agree. People aren't cut out for inter-planetary colonization. We evolved here, with Earth's life all around us, and other environments either poison us, starve us of resources available here (like air and water), freeze us, bake us, or crush us. We'll have colonized much of the sea floor long before we terraform Mars. I suspect that robots we create will colonize space and/or other planets long before we do, and that's pretty darned unlikely. If interstellar travel takes 1,000 years, that's a big problem for humans, but not so much for a robot.
On Linux, I've been using OO for years. The single biggest problem I have converting MS documents is copyrighted fonts. By default, Microsoft seems to encourage you to use fonts that they own, and no one else can duplicate them legally. The substituted fonts all work fine, but pagination and such change. I think it's Windows users who will have to change long-term... to using open fonts.
Not only that, but Apple doesn't consume enough chips to make it's business very interesting for AMD. IBM barely seemed to care when they lost Apple's business, and certainly they didn't care enough to bother making the low-power laptop CPUs that Apple desperately needed. Further, AMD barely survives at all through their intense focus on chasing Intel. Apple would trash that focus, and likely cause AMD to go under. Steve Jobs may be a severe a-hole, but I doubt he's dumb enough to fall for a buyout of AMD. Maybe Larry Ellison would like to buy them:-)
Yes, which is why the cryptography guys stopped calling it RC4, and started calling their algorithm ARC4, for "alleged RC4". There's no proof that they are equivalent, but of course they are. However, the company that invented WEP didn't have a user-manual for RC4... they just ripped off ARC4, and they messed up. The guys at RSA say they never would have let WEP fail the way it did. They already knew the key had to be munged up much better than what WEP does, and they may have known that the first few bytes should be discarded.
The failure of WEP discouraged the use of ARC4 in any further applications. However, from what I've been able to read on the net, ARC4-DROP(N), which means drop the first N bytes before using the output, is not anywhere close to cracked for N > about 10. There are people who can detect the output of ARC4-DROP is non-random, given a gigabyte of output, but no one knows how that could be used to extract either the key or encrypted data. A paper I read suggested that 512 seemed to be the limit that any additional security was gained, so of course, they recommend using 768.
After reading for several hours (which makes me a total noob), I have been unable to find any stream cypher anywhere near as simple as ARC4-DROP, which has been well tested, which is why I used it.
I can't find any mention of models either. I'm sure Dell considers it highly confidential information they would rather not leak early. However, if I can get a Core Duo 2 running 64-bit Feisty Fawn on a an Insprion 9400, it's a done deal for me. My 9300 running Feisty Fawn (with which I'm making this post) rocks. I've owned Dell laptops since the early 90's, and the 9300 is the best I've ever owned by far. Too bad Dell's support and service tanked so badly... they use to be the best. After fighting with some seriously dumb guy in India for weeks to get Dell to replace a bad motherboard, I gave up. Now our company never buys extended support or warranties, and never bothers to call Dell. We just get new machines if the things ever hiccup. Our sister company went even further, and dropped Dell and now only buys HP. I hope Dell can continue listening, and go back to offering great support and service, as well as offering Ubuntu. This is a good step.
Correct me if I'm wrong, but doesn't the article talk about end-to-end encryption, not just phone to mast? The leaks due to government wire-tapping likely occur at the phone company with their permission, rather than by random air-wave sniffing (at least here in the US).
Basically, for the well proven schemes, this is of little help. The algorithms that have stood the test of time and public scrutiny generally are resistant to both man-in-the-middle attacks (though there are still LOTs of security issues, like trusting you are talking to who you think you are) and chosen-plaintext attacks. Knowing that there is echo has to be of less use to a cryptanalyst than the ability to choose the plaintext and view the encrypted results. Also, knowing the public key doesn't combine with echo, because all you use the public key for is to exchange keys for shared-key encryption (an echo-free operation). The main reason for using shared key encryption is to allow both sender and receiver to dramatically reduce the computational effort to encrypt the stream. Cell-phone based algorithms would likely do this.
Software or hardware encryption of streams using ARC-DROP(768) seems plenty secure for real world applications, and the inner loop is only about 10 lines of code to process 1 byte. At voice speeds, your average $0.25 microcontroller should have plenty of horsepower, so long as it's got 256 bytes of RAM. I've built a simple file encryptor at tinycrypt.sf.net based on it. Let me know if you find any bugs!
Any creature lighter than magma would float like a balloon up to the hard-crust. If it had an inner-ear, it might know that gravity points down, but just rewire the neural connections, and it would think up is down:-0
Thanks for the reference, I just read up on it. Very cool. However, whether our "fossil fuels" come from deep microbes or fossils, production is at one rate, and consumption is at a higher rate. We'll find oil more and more difficult to find, and there will be a "peak oil" point. I'm not worried about it, and even welcome it, since we have so many viable affordable alternatives. I just hope we can manage our planet wisely, and not over-populate it, strip it of all it's natural resources, over-heat it, or blow it up.
Well, I didn't say they wouldn't pass a seriously flawed bill, just not a pro-telcom anti-consumer one:-) This bill is clearly a pro-consumer bill in spirit. Here's the initial text on this bill from the FCC web site:
"The Telecommunications Act of 1996 is the first major overhaul of telecommunications law in almost 62 years. The goal of this new law is to let anyone enter any communications business -- to let any communications business compete in any market against any other."
I was just stating the obvious: with Democrats in control of at least one house (or the Executive), no seriously flawed pro-telcom anti-consumer law would pass. Telcoms overwhelmingly contribute to Repbulicans. I'm not bashing, just stating a fact. It's one of those things they forgot to mention in the Contract with America. The net totally backs me up here. Just google "Time Warner political contributions" for example. Here's the top link: http://mpetrelis.blogspot.com/2004/10/chief-execut ive-officer-of-time-warner.html
Seems to me that it would not promote innovation to legally demand equal packet treatment
Virtually everyone agrees with your statement, neither basic net neutrality nor current law, or even prevailing ISP practice treat packets equally. Only the telcoms are promoting the FUD you have now stated twice. Basic net neutrality means not discriminating against a packet based who sent it, and nothing more. The example stated here many times is a good one: Time Warner should not be able to accept payments from Microsoft to block your browser from accessing Google. Such discrimination would make it very difficult to innovate. Net neutrality (what we have now, and have had for the entire history of the Net) is what the telcoms want to take away, not a new right anyone is demanding.
I agree. I sometimes wonder if there could even be upside-down life under us, at the interface of liquid vs solid rock. What would such life forms think the universe was like? Too bad there's no such evidence in lava-rock:-)
In it's simplest form, net neutrality simply prohibits discrimination against packets based on their sender. That promotes innovation in every case. The telcoms want you to believe this debate is really about other issues, but Time Warner and others are already putting infrastructure in place to enable such discrimination, once it's legal, in order to force their customers to user their own services such as VoIP, and to tax content providers, such as Google. With Democrats in control of either house, such corporate rip-offs wont be allowed. Oddly enough, a very smart relative of mine (who also thinks Bush is a really great president) actually thinks the telcoms should be free to do anything they want with their network, and that taxing Google and blocking Vonage would be a good thing. I figured mostly only stupid people would support such a concept, but I have at least one counter example. There are probably lots more over at conservapedia.com.
Also - the suggestion to tier the network would be called a violation of net neutrality to some.
I'm sure you already know this, as do almost all/.-ers out there, but just to clarify: the original meaning of "network neutrality" was simply not to discriminate against content providers based on their IP address. In other words, don't block Google and allow Microsoft web sites (because Microsoft pays the ISP, and Google doesn't). Only the new definition pushed by the phone companies in order to vilify the term "network neutrality" would make it illegal to charge different prices for different access plans. It's complete and total BS, and it's working.
Slashdot Mirror
Good post! I very much enjoyed reading it. Yes, IPv6 has serious adoption issues, and even though it clearly resolves the address space size problem, there are other reasons ISPs wont want to offer fixed addresses. I'm an optimist in general, and hope they'll do it anyway. I think the attack methods for a P2P phone call can be very limited. They can record who you call and when, but the commonly used encryption schemes rule out man-in-the-middle attacks, and it's pretty hard to hack. Of course, if your machine is compromised, all bets are off, and most stupid Windows machines have plenty of spy-ware, and most Linux machines simply trust the open-source community (which I trust a lot more than the spy-ware guys). Relaying keys through hostile machines can be done securely. It's the people on either end that are the weak link.
Sorry, I stand corrected. Muon-catalyzed fusion has been feasible for a long time. To bad I don't own a good mine for digging up muons :-) I assume the Navy research is talking about cold fusion between regular deuterium atoms, which if I understand correctly, is mathematically very unlikely assuming normal states of matter, due to the heavy electric repulsion between the nuclei, which muons get around by reducing the size of a neutrally charged atom to small enough to allow strong forces to kick in. If the result is repeatable it points to something very strange going on.
I actually bought an SPA-3102 (and a couple others) and considered the open-WRT setup you've suggested. The SPA-3102 is hands-down the best VoIP gateway in it's class, but still had enough problems (I never did get flash to pass from our analog phones through it to the phone company), and occasional bad echo, that my wife made me take it out of our home system. The open-WRT systems you mentioned don't have (from what I've read) the horsepower to do echo-cancellation in the Asterisk core, making it even poorer for high-end use. However, if you just what to communicate on-the-cheap, you're setup can't be beat. IMO, this class of device will only enter main-stream usage when high-quality versions come out, kinda like what happened with the iPod.
True, if you call a known terrorist using encrypted P2P VoIP, they can still report that you made the call. I personally consider this fall less invasive than having someone actually listening to what might be a private matter. However, I'm afraid that collaboration between the US government and AT&T will very likely stifle VoIP development in the US. Australia already seems to have a commanding lead, with Asterisk PBX appliances already for sale. The is a classic case of our government stupidly crushing any technology lead we might have had.
Yes, the network will still need to route IP packets. The pain to AT&T and others will only be due to the transition to the new technology, and away from their old business model. We'll need to pay more for broadband, but it will carry voice and TV, as well as traditional services. But with IPv6, we can all have fixed addresses, so no third party is required to act as a server to connect two parties, and all phone calls could in theory come with no extra charge (just like Skype). With simple encrypted voice streams, I see no way for AT&T or any government to do wire tapping. Unfortunately for consumers, the government and AT&T have aligned interest in keeping the next generation Internet (capable of real-time peer-to-peer voice/video communication) away from us.
"Cold" fusion means cold relative to the temperature of the Sun (hot enough to fuse hydrogen). "Cold" fusion in theory could potentially boil water, and drive the turbines. However, a basic quantum physics result is that there is basically no way in heck that cold fusion will ever work, unless there is some new unknown physics taking place. While possible, it's unlikely, which is why most respected journals shy away from it, in addition to the large number of quacks the field has attracted. I put more hope in the Polywell stuff: http://en.wikipedia.org/wiki/Polywell
BTW... one reason Congress goes along with such nonsense is that they love being able to wire-tap your call. Even Skype provides them that capability. With users calling each other directly over the net with NO third party in the middle, it will be far harder to wire-tap. Any call could be encrypted as easily as any ssh session.
VoIP is going to be a VERY interesting space to watch over the next few years. With an old PC, I wired two small companies with PBX's, and connect them with multi-line capability through Sipphone.com for $0.01/minute, and no monthy fee or setup charge (sorry to sound like an add... here's another equivalent service: Vitelety.com). Further, in less than a year, you wont even need an old PC. Check out http://www.rowetel.com/ucasterisk/ip04. David Rowe is giving the world Asterisk capable hardware designs for free! My own feeling is that these things can be used as a bridge between the old analog days and the future (VoIP). A similar piece of hardware could act as an answering machine, and also determine if the number your calling even needs to route through for-fee services (using http://e164.org/). If the other end is listed in the free directory, your call will be FREE (in both senses - beer and speech). Look to AT&T to launch a major public smear campaign, push more insane laws, try to kill net neutrality (to kill VoIP), and file law-suits galore against VoIP providers. One downside... I'm not sure if I like the idea of Mom being able to call for free :-)
All in all, I'd say we're pretty amazing creatures. I worry (just a little) that someday our own creations might become intelligent and take over the world, like in so many sci-fi novels. However, two people can take nothing but plants and water and use them to create more people. As our computers become exponentially more powerful, the fabs needed to make them become exponentially more expensive. Survival for a machine race would be far more fragile than for humans (blow up a few fabs, terminate the race). However, we seem to be making far better progress towards building machines complex enough to think than we are at interplanetary colonization. Our basic space craft has not really improved much in 40 years, and if our machines can continue advancing for another 40 years at this rate, they will hands down out-compute us. If our space craft continue to improve at this rate, we'll have... nothing special.
I agree. People aren't cut out for inter-planetary colonization. We evolved here, with Earth's life all around us, and other environments either poison us, starve us of resources available here (like air and water), freeze us, bake us, or crush us. We'll have colonized much of the sea floor long before we terraform Mars. I suspect that robots we create will colonize space and/or other planets long before we do, and that's pretty darned unlikely. If interstellar travel takes 1,000 years, that's a big problem for humans, but not so much for a robot.
On Linux, I've been using OO for years. The single biggest problem I have converting MS documents is copyrighted fonts. By default, Microsoft seems to encourage you to use fonts that they own, and no one else can duplicate them legally. The substituted fonts all work fine, but pagination and such change. I think it's Windows users who will have to change long-term... to using open fonts.
Not only that, but Apple doesn't consume enough chips to make it's business very interesting for AMD. IBM barely seemed to care when they lost Apple's business, and certainly they didn't care enough to bother making the low-power laptop CPUs that Apple desperately needed. Further, AMD barely survives at all through their intense focus on chasing Intel. Apple would trash that focus, and likely cause AMD to go under. Steve Jobs may be a severe a-hole, but I doubt he's dumb enough to fall for a buyout of AMD. Maybe Larry Ellison would like to buy them :-)
Yes, which is why the cryptography guys stopped calling it RC4, and started calling their algorithm ARC4, for "alleged RC4". There's no proof that they are equivalent, but of course they are. However, the company that invented WEP didn't have a user-manual for RC4... they just ripped off ARC4, and they messed up. The guys at RSA say they never would have let WEP fail the way it did. They already knew the key had to be munged up much better than what WEP does, and they may have known that the first few bytes should be discarded.
The failure of WEP discouraged the use of ARC4 in any further applications. However, from what I've been able to read on the net, ARC4-DROP(N), which means drop the first N bytes before using the output, is not anywhere close to cracked for N > about 10. There are people who can detect the output of ARC4-DROP is non-random, given a gigabyte of output, but no one knows how that could be used to extract either the key or encrypted data. A paper I read suggested that 512 seemed to be the limit that any additional security was gained, so of course, they recommend using 768.
After reading for several hours (which makes me a total noob), I have been unable to find any stream cypher anywhere near as simple as ARC4-DROP, which has been well tested, which is why I used it.
I can't find any mention of models either. I'm sure Dell considers it highly confidential information they would rather not leak early. However, if I can get a Core Duo 2 running 64-bit Feisty Fawn on a an Insprion 9400, it's a done deal for me. My 9300 running Feisty Fawn (with which I'm making this post) rocks. I've owned Dell laptops since the early 90's, and the 9300 is the best I've ever owned by far. Too bad Dell's support and service tanked so badly... they use to be the best. After fighting with some seriously dumb guy in India for weeks to get Dell to replace a bad motherboard, I gave up. Now our company never buys extended support or warranties, and never bothers to call Dell. We just get new machines if the things ever hiccup. Our sister company went even further, and dropped Dell and now only buys HP. I hope Dell can continue listening, and go back to offering great support and service, as well as offering Ubuntu. This is a good step.
Correct me if I'm wrong, but doesn't the article talk about end-to-end encryption, not just phone to mast? The leaks due to government wire-tapping likely occur at the phone company with their permission, rather than by random air-wave sniffing (at least here in the US).
Basically, for the well proven schemes, this is of little help. The algorithms that have stood the test of time and public scrutiny generally are resistant to both man-in-the-middle attacks (though there are still LOTs of security issues, like trusting you are talking to who you think you are) and chosen-plaintext attacks. Knowing that there is echo has to be of less use to a cryptanalyst than the ability to choose the plaintext and view the encrypted results. Also, knowing the public key doesn't combine with echo, because all you use the public key for is to exchange keys for shared-key encryption (an echo-free operation). The main reason for using shared key encryption is to allow both sender and receiver to dramatically reduce the computational effort to encrypt the stream. Cell-phone based algorithms would likely do this.
Software or hardware encryption of streams using ARC-DROP(768) seems plenty secure for real world applications, and the inner loop is only about 10 lines of code to process 1 byte. At voice speeds, your average $0.25 microcontroller should have plenty of horsepower, so long as it's got 256 bytes of RAM. I've built a simple file encryptor at tinycrypt.sf.net based on it. Let me know if you find any bugs!
Any creature lighter than magma would float like a balloon up to the hard-crust. If it had an inner-ear, it might know that gravity points down, but just rewire the neural connections, and it would think up is down :-0
Thanks for the reference, I just read up on it. Very cool. However, whether our "fossil fuels" come from deep microbes or fossils, production is at one rate, and consumption is at a higher rate. We'll find oil more and more difficult to find, and there will be a "peak oil" point. I'm not worried about it, and even welcome it, since we have so many viable affordable alternatives. I just hope we can manage our planet wisely, and not over-populate it, strip it of all it's natural resources, over-heat it, or blow it up.
Well, I didn't say they wouldn't pass a seriously flawed bill, just not a pro-telcom anti-consumer one :-) This bill is clearly a pro-consumer bill in spirit. Here's the initial text on this bill from the FCC web site:
"The Telecommunications Act of 1996 is the first major overhaul of telecommunications law in almost 62 years. The goal of this new law is to let anyone enter any communications business -- to let any communications business compete in any market against any other."
I was just stating the obvious: with Democrats in control of at least one house (or the Executive), no seriously flawed pro-telcom anti-consumer law would pass. Telcoms overwhelmingly contribute to Repbulicans. I'm not bashing, just stating a fact. It's one of those things they forgot to mention in the Contract with America. The net totally backs me up here. Just google "Time Warner political contributions" for example. Here's the top link: http://mpetrelis.blogspot.com/2004/10/chief-execut ive-officer-of-time-warner.html
Virtually everyone agrees with your statement, neither basic net neutrality nor current law, or even prevailing ISP practice treat packets equally. Only the telcoms are promoting the FUD you have now stated twice. Basic net neutrality means not discriminating against a packet based who sent it, and nothing more. The example stated here many times is a good one: Time Warner should not be able to accept payments from Microsoft to block your browser from accessing Google. Such discrimination would make it very difficult to innovate. Net neutrality (what we have now, and have had for the entire history of the Net) is what the telcoms want to take away, not a new right anyone is demanding.
I agree. I sometimes wonder if there could even be upside-down life under us, at the interface of liquid vs solid rock. What would such life forms think the universe was like? Too bad there's no such evidence in lava-rock :-)
In it's simplest form, net neutrality simply prohibits discrimination against packets based on their sender. That promotes innovation in every case. The telcoms want you to believe this debate is really about other issues, but Time Warner and others are already putting infrastructure in place to enable such discrimination, once it's legal, in order to force their customers to user their own services such as VoIP, and to tax content providers, such as Google. With Democrats in control of either house, such corporate rip-offs wont be allowed. Oddly enough, a very smart relative of mine (who also thinks Bush is a really great president) actually thinks the telcoms should be free to do anything they want with their network, and that taxing Google and blocking Vonage would be a good thing. I figured mostly only stupid people would support such a concept, but I have at least one counter example. There are probably lots more over at conservapedia.com.