We will have to rethink how our economy works. Present consumer spending-driven 9-5 5 days a week until 65 system won't work when there is no need for that much human labor. History showed us that at around 20% unemployment systemic societal unrest starts, and at around 30% unemployment radicalization and regime changes happen.
Maybe unwanted labor will establish new markets for creative process. I see this as very unlikely scenario, since average person isn't that creative. Plus whole 'starving artist' does not scale up to population levels. Alternatively, we can go down to 4 days a week or 10-4 days or all have 3 month per year vacations.
I own few of these, and you are look at this with rose-colored glasses. First, carburetors and early mechanical injection systems sucked. Second, no safety features whatsoever, not even ABS, means that you really have to take it easy in all but perfect road conditions. Third, with 40+ years of use, even well-cared mechanical systems start falling apart in unexpected way. Fourth, even when everything works most sports car from that era couldn't keep up with modern-day Corolla.
Having daily-driver classic car is a rare distinction, this means you are ether loaded or exceptionally good DIY or often both.
This is response to security researchers showing how vulnerable cars are. Automakers decided that the best way to stop malicious attackers from exploiting numerous vulnerabilities is to go after white hats with paid-for legislation.
What do men need education for? Everyone knows than man's place is in the kitchen! Everyone knows men attend higher education only to find an eligible wife to care for them.
I didn't know Columbia University had such a strong community of voyeurism fetishists in the engineering department. Otherwise, why would anyone want low-quality, discrete, remotely accessible and insecure (IoT) cameras that don't require maintenance? Everyone already has smartphone cameras that are readily available and can be connected.
I don't think you are fully considering the possibility of maliciousness. RdRand, because of on-chip whitening is completely opaque, there is no way to audit its functionality. How can we trust something like that with such crucial cryptographic functionality? If your seed your RNGs with predictable seed, then all of your crypto can be easily broken.
Sure, if CPU is backdoored, then your system is compromised no matter what you do, and it can leak all secrets in whichever way. Most of that can be detected post hoc or even heuristically. What is insidious about potential RdRand-based backdoor is the leak would take form of normal functionality, so there is no payload or suspicious communications to intercept and reverse-engineer.
I am not saying that RdRand should not be used, I am saying that RdRand should not be used in a way that makes system that easy to compromise. Why, for example, Ts'o did not use mixing function for this? Whole implementation reads like an entry into underhanded crypto competition.
RdRand could be non-random without negative impact, but what if it is maliciously non-random? For example, manipulating RdRand to consistently pump duplicate of the output buffer will result in a very compromised seeding (0x0000..).
This won't work nearly as well as the authors expect. The moment such system gains adoption, the rules will change and anti-detection and algorithm poisoning techniques will be adopted. For example, proposed approach would likely be completely defeated by first making 10 "constructive" FAQ copy-paste postings. Also, spam is much easier to detect than trolling, since spam is not unique. Still it took years and complicated spam-detecting analytical algorithms to reduce it to manageable levels.
Web of trust cannot survive politics, if we tolerate any bad behavior from any trusted parties, then nobody could be trusted and whole construct falls apart.
I have some bad news, your brick have been leaking cryptographic keys via heat signature side channel for months now. I should have your root any year now.
Not only that, but "ethical" is all too often is synonymous with "what won't ever lead us to getting sued" and has nothing to do with greater good or even doing the right things for a group of individuals.
Natural evolution takes millions of years and doesn't select for traits we would find useful. It is time to take matter into our own hands. Start hacking genome. Sure, there will be numerous failed experiments and disasters along the way, but self-programming is the only way we can get better. Do-nothing alternative eventually leads to resource exhaustion and collapse of our civilization.
Ethics? Who cares about some rigid individualist standards that are based on logically bankrupt bearded-man-in-the-sky concepts, ones still subscribing to such dated notions will be left on the heap of history. There is no ethical problems with species struggling for improvement, but there is imperative to do so.
I have dark confession, I own gold-plated HDMI cable. Now before you judge me...
... you judged me anyways! But I got it on Going Out of Business Sale! For 5$ out of a bin! I had to! You too would buy one for $5. They sell them for hundreds to fools!
What a great idea, they should branch out Untrusted Computing to add to FedCoin. This will be a welcome addition to custom disk firmware, specialized random number generators, data duplication and retention services and so on.
These are two different assumptions. What if FTL-using civilizations exists, and What if these civilizations also moved to world-constructing stage of technology.
What I'd ask you in turn - what a civilization that can construct and move planetoids hundred miles across would want with our dirtball?
First, there is no such thing as perfectly secure information system. The best we could do is mitigate identified risks. The best any standard could do is specify how to mitigate specific risks.
In case of NIST CAVP (part of FIPS testing most people are familiar with), the risk they are mitigating is that cryptographic algorithm you are using is flawed in some way. This certification program is hugely successful, there are robust standards and specs, and hardly anyone these days end up with bad algorithms because free certified reference implementations and free testing vectors were made available.
Second, different aspects of FIPS program focus on different risks. For example, at higher certification levels (e.g. CMVP FIPS 140-2 Level 3 or 4) the program provides very robust and comprehensive assurance that both algorithm and methods of use of these algorithms within cryptographic module is secure. I am too lazy to dig through the specs, but I am positive that at level 3 it explicitly examines key storage. The flaw with FIPS is actually opposite of what you state - the level of scrutiny ramps up so rapidly that it is impossible to satisfy it only with a software implementation at above level 2. As a result, overwhelming majority of certifications are against lowest tiers that are limited in scope.
Now, people look at CAVP certification (algorithm testing for software product) and make ignorant statement that the ENTIRE FIPS PROGRAM is ineffective. Even when it is very evident that it accomplishes exactly what it promised to do. To leave you with an example - PCI (payment transactions) requirements cap at FIPS 140-2 level 3. This is stuff that touches MONEY! FIPS 140-2 level 4 is spook-level robust, they even have a requirement to trip zeroization if you attempt to freeze or x-ray the chip.
Cryptography knowledge in software development is very shallow. Most only know to integrate OpenSSL (without FIPS module). Ask them about entropy, and they start talking about the heat death of the universe. Even Linux kernel guys, who otherwise tend to be knowledgeable, would tell you that/dev/urandom is a desirable and secure choice.
There are already programs in place. One example, NIST certifies private security testing laboratories to test according to FIPS standards. It just nobody asking for certified products outside of the government procurement.
Slashdot Mirror
We will have to rethink how our economy works. Present consumer spending-driven 9-5 5 days a week until 65 system won't work when there is no need for that much human labor. History showed us that at around 20% unemployment systemic societal unrest starts, and at around 30% unemployment radicalization and regime changes happen.
Maybe unwanted labor will establish new markets for creative process. I see this as very unlikely scenario, since average person isn't that creative. Plus whole 'starving artist' does not scale up to population levels. Alternatively, we can go down to 4 days a week or 10-4 days or all have 3 month per year vacations.
I own few of these, and you are look at this with rose-colored glasses. First, carburetors and early mechanical injection systems sucked. Second, no safety features whatsoever, not even ABS, means that you really have to take it easy in all but perfect road conditions. Third, with 40+ years of use, even well-cared mechanical systems start falling apart in unexpected way. Fourth, even when everything works most sports car from that era couldn't keep up with modern-day Corolla.
Having daily-driver classic car is a rare distinction, this means you are ether loaded or exceptionally good DIY or often both.
This is response to security researchers showing how vulnerable cars are. Automakers decided that the best way to stop malicious attackers from exploiting numerous vulnerabilities is to go after white hats with paid-for legislation.
Idiots.
What do men need education for? Everyone knows than man's place is in the kitchen! Everyone knows men attend higher education only to find an eligible wife to care for them.
Time to start masculanism movement, because anti-male gender discrimination hit mainstream.
I didn't know Columbia University had such a strong community of voyeurism fetishists in the engineering department. Otherwise, why would anyone want low-quality, discrete, remotely accessible and insecure (IoT) cameras that don't require maintenance? Everyone already has smartphone cameras that are readily available and can be connected.
I don't think you are fully considering the possibility of maliciousness. RdRand, because of on-chip whitening is completely opaque, there is no way to audit its functionality. How can we trust something like that with such crucial cryptographic functionality? If your seed your RNGs with predictable seed, then all of your crypto can be easily broken.
Sure, if CPU is backdoored, then your system is compromised no matter what you do, and it can leak all secrets in whichever way. Most of that can be detected post hoc or even heuristically. What is insidious about potential RdRand-based backdoor is the leak would take form of normal functionality, so there is no payload or suspicious communications to intercept and reverse-engineer.
I am not saying that RdRand should not be used, I am saying that RdRand should not be used in a way that makes system that easy to compromise. Why, for example, Ts'o did not use mixing function for this? Whole implementation reads like an entry into underhanded crypto competition.
RdRand could be non-random without negative impact, but what if it is maliciously non-random? For example, manipulating RdRand to consistently pump duplicate of the output buffer will result in a very compromised seeding (0x0000..).
This won't work nearly as well as the authors expect. The moment such system gains adoption, the rules will change and anti-detection and algorithm poisoning techniques will be adopted. For example, proposed approach would likely be completely defeated by first making 10 "constructive" FAQ copy-paste postings. Also, spam is much easier to detect than trolling, since spam is not unique. Still it took years and complicated spam-detecting analytical algorithms to reduce it to manageable levels.
Are they planning to adjust how RdRand is used in random.c ?
I keep mine on. While it could be annoying, if you don't expect it to show up and it does, it is huge red flag for you to start paying attention.
Web of trust cannot survive politics, if we tolerate any bad behavior from any trusted parties, then nobody could be trusted and whole construct falls apart.
I have some bad news, your brick have been leaking cryptographic keys via heat signature side channel for months now. I should have your root any year now.
Nonsense, "a friend" is role-neutral name for group member or dungeon master. We had all kinds of friends - mages, rogues, clerics...
Yep.
Not only that, but "ethical" is all too often is synonymous with "what won't ever lead us to getting sued" and has nothing to do with greater good or even doing the right things for a group of individuals.
You have to start somewhere, even if it is "blind hacking". If we keep waiting for perfect solution, it will never happen.
Natural evolution takes millions of years and doesn't select for traits we would find useful. It is time to take matter into our own hands. Start hacking genome. Sure, there will be numerous failed experiments and disasters along the way, but self-programming is the only way we can get better. Do-nothing alternative eventually leads to resource exhaustion and collapse of our civilization.
Ethics? Who cares about some rigid individualist standards that are based on logically bankrupt bearded-man-in-the-sky concepts, ones still subscribing to such dated notions will be left on the heap of history. There is no ethical problems with species struggling for improvement, but there is imperative to do so.
They should let owners lend their private chargers for a fee, handled by Tesla. Something like Uber but for charging your car.
With kinds of information (e.g. hookups) Uber collects, data breach is very serious.
I have dark confession, I own gold-plated HDMI cable. Now before you judge me...
... you judged me anyways! But I got it on Going Out of Business Sale! For 5$ out of a bin! I had to! You too would buy one for $5. They sell them for hundreds to fools!
What a great idea, they should branch out Untrusted Computing to add to FedCoin. This will be a welcome addition to custom disk firmware, specialized random number generators, data duplication and retention services and so on.
These are two different assumptions. What if FTL-using civilizations exists, and What if these civilizations also moved to world-constructing stage of technology.
What I'd ask you in turn - what a civilization that can construct and move planetoids hundred miles across would want with our dirtball?
First, there is no such thing as perfectly secure information system. The best we could do is mitigate identified risks. The best any standard could do is specify how to mitigate specific risks.
In case of NIST CAVP (part of FIPS testing most people are familiar with), the risk they are mitigating is that cryptographic algorithm you are using is flawed in some way. This certification program is hugely successful, there are robust standards and specs, and hardly anyone these days end up with bad algorithms because free certified reference implementations and free testing vectors were made available.
Second, different aspects of FIPS program focus on different risks. For example, at higher certification levels (e.g. CMVP FIPS 140-2 Level 3 or 4) the program provides very robust and comprehensive assurance that both algorithm and methods of use of these algorithms within cryptographic module is secure. I am too lazy to dig through the specs, but I am positive that at level 3 it explicitly examines key storage. The flaw with FIPS is actually opposite of what you state - the level of scrutiny ramps up so rapidly that it is impossible to satisfy it only with a software implementation at above level 2. As a result, overwhelming majority of certifications are against lowest tiers that are limited in scope.
Now, people look at CAVP certification (algorithm testing for software product) and make ignorant statement that the ENTIRE FIPS PROGRAM is ineffective. Even when it is very evident that it accomplishes exactly what it promised to do. To leave you with an example - PCI (payment transactions) requirements cap at FIPS 140-2 level 3. This is stuff that touches MONEY! FIPS 140-2 level 4 is spook-level robust, they even have a requirement to trip zeroization if you attempt to freeze or x-ray the chip.
Cryptography knowledge in software development is very shallow. Most only know to integrate OpenSSL (without FIPS module). Ask them about entropy, and they start talking about the heat death of the universe. Even Linux kernel guys, who otherwise tend to be knowledgeable, would tell you that /dev/urandom is a desirable and secure choice.
/rant
There are already programs in place. One example, NIST certifies private security testing laboratories to test according to FIPS standards. It just nobody asking for certified products outside of the government procurement.