If a MitM doesn't relay the communication to the intended recipient at all, as you suggest, then the intended recipient would notice immediately that they aren't receiving expected data...
Assuming this even matters why would they know that? Is malice incapable of transmitting false data to Alice? If so why? Because it's secret? Because there is some trust relationship / coordination between the peers?
and if the latency on the data is wrong, perhaps synced to an atomic clock feed on an unencrypted OOB radio channel, then they would know that the transmission was being intercepted.
Why would the latency be wrong? You didn't answer the question of how the two coordinate... how does Alice know when the transmission started in order to measure latency in the first place? Simply having a common clocking source does not communicate anything about timing of data transmission itself. You can send this over an unencrypted communications link but that would be A. really stupid and B. link itself would be subject to trivial compromise. This is simply punting the same set of problems of trust from one link to another. It solves nothing.
By virtue of being OTA, the side channel communication is immune to any MitM interception
Yea right because RF can't be blocked and there is just one transmitter on the planet. Not that any of this matters at all being predicated on invalid assumptions enumerated above.
and if the transmission of the OOB data itself is delayed by no less than the expected latency of the fibre, it cannot be utilized to fake the expected latency by the MitM attacker, because by the time they receive it, too much time has gone by to accurately fake the latency period on the fibre.
Addressed why this is incorrect in the previous message. You can replace a section of fiber with free space optics and gain 1 ns of latency per yard. Not that it matters.
Lambda switching works the same way in reverse. Rolls of fiber are used to delay signal so that FIB has enough time to switch to the appropriate destination but whether your catching up or slowing down the principal is the same.
If your having trouble coming up with a new scheme have you considered using a focused neutrino source (e.g. linear accelerator) for low bitrate communications?
What this all reminds me of is an inventor trying to find a way to implement a permanent magnet free energy generator. No matter how clever you are or how much you think you can outsmart GOD it never quite works out. There are certain principals underlying the fruitless journey you are on that that can't be bent by imagination. Your choices are to trust the wire or guard secrets. There is no third way.
Not true... you can verify latency along the line and the other side. You know exactly how long the fiber is, and the propogation velocity of light in the fiber is well known, so it would be impacted significantly by any MitM attack.
So now we are moving away from quantum crypto and on to measuring propagation delay... Ok I'll bite.
How is that coordinated? What does it matter if Alice ever sees a copy of the message? Is there some kind of secret handshake involved requiring Alice keeping secrets? To verify timing? You seem to imply one exists by verifying latency comment. How does a peer know when to expect data? Is there a secondary or secret OOB communications channel involved?
Not that it matters any but speed of light thru an optical cable is ~2/3 C. If you need margins you can get them with free space optics.
Obviously, but if only the endpoints are trustworthy (which can easily be the case, especially if the distance is more than a km or so.), and you cannot vouch for who else might be listening in. quantum crypto provides the assurance that nobody else is eavesdropping while you exchange data.
Yes your absolutely correct. However your missing a key fact.
This "assurance" is completely worthless in the face of an active MITM attack.
If you don't control the wire you can't know whether Malice is sitting in the middle of it acting as a proxy between you and Alice. For all you know when you send a message to Alice your really talking to Malice who proxies the message along to Alice after intercepting it.
You are certainly correct in that nobody else is eavesdropping on the data exchange between you and Malice... but umm... your now owned and all of your super secret secrets are compromised anyway because you were talking to the WRONG PERSON and you had NO WAY of knowing it. God does not hand out quantum MAC addresses. You need to figure out WHO it is your communicating with on your own.
Why do you think the world bothers deploying PKI when they could just use anonymous DH to secure the worlds Internet traffic? It provides the same flavor of assurance as quantum crypto. No known practical attack for either system... all without keeping secrets. Both systems secure against passive observers.... and yes both systems FAIL miserably in the face of Active MITM.
The only way to prevent being crushed by the fail whale is pre-arranged trust relationships which at it's core demands keeping secrets. As I said before and will continue to say believe me or not... there is no possible way around it. Establishing trust without guarding secrets is not a physically possible concept.
Quantum crypto only requires secrets to be kept if you need to authenticate... Which is not inherently necessary for cryptography... for example, in a secured point to point fiber connection, which in the case of quantum crypto is impossible to eavesdrop on without alerting the parties involved.
If you draw a box big enough to encompass the full length of the wire and declare everything within the box to be physically secure and trustworthy there is no point in deploying quantum crypto or any crypto of any kind to protect the information transmitted over said wire. It is by definition secure and impossible to eavesdrop on because you say so.
If on the other hand you are not willing to trust the wire (really smart idea) you deploy cryptography with or without quantum. This cryptography requires keeping secrets as a basis of operation necessary to protect information. There is no way around the requirement to keep secrets with regard to quantum crypto or normal crypto no matter what. Failure to keep secrets means you are left with no assurance of who it is you are communicating with rendering cryptographic component of security meaningless / worthless / unusable / dangerous / unfit for purpose. You can't separate the two in the real world. Trust is not optional. Cryptography without trust is an oxymoron.
What you also can't do is have it both ways. You can't say on one hand a cable is physically secure therefore since it is secure quantum crypto performed over said cable is also secure. This is just playing with words as you can replace quantum crypto with plaintext and replay the same argument and it will have been no more or less valid.
It amounts to a word game as ridiculous as worthless as the original word game that started this thread. It has no purchase on reality. All deployment of crypto requires keeping secrets. There is not some magical way around it. It doesn't exist and never will.
I still think not granting ddl to the account in use solves the 'drop table' problem nicely which is what I was responding to in the first place. You seem to be side tracked into other problems.
If the problem is we need to keep people from deleteing all of our data.
The answer disallowing DROP TABLE does not solve this problem.
It does not prevent the execution of DELETE FROM. Simple as that.
Saying that DROP TABLE is solved by disallowing drop table is a trivial word game with no practical real world value.
I was under the impression we were talking about security, not authentication.
I'm really sorry I don't read in threaded mode and going back it looks like the entire thread amounts to a childish word game as to whether the word "obscurity" applies to intentionally kept secrets.
All I read was your post and pointed out correctly it is factually incorrect. I have no interest in the underlying question. Quantum crypto requires classical secrets to be kept end of story.
I don't read that comic so your post makes little sense. I suppose in general I
It is not necessary as relevant context is provided separately. You can ignore the comic references if you'd like.
agree no one design any software around something they read in a web comic but I'm not clear on why it's painful to suggest an account that needs to only do dml not have ddl grants. Are you saying it should?
The original remark "The real flaw is giving out ddl grants to a service account that's supposed to be doing dml".
The problem with this remark it treats a very specific instantiation of a symptom that does nothing to:
1. Resolve the underlying issue 2. Address problems caused by continued existence of underlying issue. In simplest of terms disallowing DDL prevents DROP TABLE... but not DELETE FROM... it does nothing to address the problem.
Therefore this solution cannot live up to its billing "the real flaw is..."
While irrelevant my personal opinion database level object based access controls are seldom useful. They are either to be written off entirely and punted to application tier or all access restricted to procedure calls and or views. Object level access simply isn't granular enough to apply the necessary constraints. It isn't that it isn't worth locking things like that are not necessary down it's simply insufficient in nontrivial systems as a measure to effectively protect systems from users.
Also, it's a little odd that you rant about how wrong the comic is yet have episode numbers memorized.
I generally think highly of xkcd. In this case while amusing it happens to be wrong. The same "wrong" is fairly widespread appearing in security literature and minds of many I have had to deal with on a daily basis over the years. It is in my view a dangerous misconception because it leads people to focus on judging the content of data when they should be judging the integrity of interfaces to ensure separation of context.
Had to look up 327. 1200 remembered since it is a round number and the general theme comes up too often. What I see a lot of is people who work systems all day confusing what matters to them with what is important to the customer. Users don't give a rip about our system. They care about their data and how it affects their mission.
The security of quantum cryptography does not depend on obscured information, but from the property of unreproducibility
It entirely depends entirely on classical sources of trust. In the simplest of terms Quantum crypto is all about refreshing keys amongst communicating peers. You still need trust in the form of hidden secrets to start otherwise there is no way of having any assurance who is on the other end.
The anti-eavesdropping properties of quantum don't mean squat when your spilling the beans to Malice instead of Alice.
The real flaw is giving out ddl grants to a service account that's supposed to be doing dml.
Listening to this shit is painful. You should ALL know better.
xkcd 327 is WRONG.
Everyone who thinks SQLi is about cleaning / sanitizing / scrubbing / bathing data is fundamentally wrong and entirely missing the point of what SQLi actually is and how to address it.
SQLi has NOTHING to do with the content of data. "Scrubbing" is entirely irrelevant. You all need to "internalize" this basic fact and stop propagating bullshit.
As for the "real flaw" being handing out DDL grants this reminds me of xkcd 1200. What people actually give a crap about is what's in the box not the flimsy piece of cardboard holding the goods. More beyond worthless advice in a beyond worthless thread.
The existence of the memo was rude to say the least, because it was intended to promote a certain unfounded world view which is harmful to others.
This is what makes the SJW phenomenon so ridiculous. Every idea they don't like is characterized as "harmful" to the extent they become "harmed" or "physically ill" (term of art) just by the act of listening to say nothing of the debilitating "fear" of it spreading on to others who may be influenced by "wrong thinking".
Every bit of "wrong thinking" is to be framed in terms of harm. Harm is then leveraged as basis for shutting down dissenting opinion by any and all means necessary. It is the very mechanism which bankrolls a laughably hypocritical reality where those who profess to worship tolerance the most demonstrate the extreme opposite by their words and deeds.
In short those who "transmit" "harmful" ideas MUST BE STOPPED. It is a "moral imperative".
It's a fact that James Damore drew unfounded conclusions and shared them in his paper, and it's a fact that you're attempting to deny this. It's therefore a fact that you're spreading disinformation. It is my opinion that you are the same kind of asshole as James Damore, so you are defending him because it is a way of defending yourself.
There is a certain amount of consistency in your conclusions as ridiculous as they are.
Those who believe Damore was genetically engineering a social meme designed to doom all women into a life of sandwich making are relieved his evil plans were thwarted by his firing. Anyone who defends his evil plans must themselves be evil. No other interpretation is permissible or possible.
In a world where everyone has high blood pressure I suspect we will soon be seeing an uptick of nobody taking such diagnosis seriously amid general growing mistrust of the medical industrial complex for grievances real and imagined.
Ultimately even if you ignore studies showing half of all academic papers are bullshit and work under the assumption there is technical merit to the conclusions it still might be prudent to consider real world implications and take a different tact than California did when declaring everything causes cancer.
channels. Six of the eight local broadcasters simply can't deliver enough signal for even an amplified indoor antenna. So Sunday, I'm going to tackle the job of reinstalling the amplifiers and wiring for our abandonded whole house TV network and outdoor antenna.
Amplifiers are less than worthless when it comes to digital transmission. Just another source of loss and noise that will only make your signal problems worse.
Much better to pick up a $60 ATSC to Ethernet converter box from your local best buy and plug it in as close as you can to your antenna to keep losses down.
Non-sequitor. If you don't watch broadcast TV, then your "smart TV" isn't going to be hearing anything from broadcast TV and won't be able to collect data about what OTA TV you are watching. If you want the fact that you watch movies on your TV to be secret, don't tell us
Has already been demonstrated source of content is irrelevant.
The only point of relevance is whether TV can find a communication channel such as open WiFi, ISP hotspots, Bluetooth, Ethernet over HDMI or directly integrated LTE / DRC.
We have already seen television vendors behave unethically and unlawfully going through extraordinary technical lengths to spy on their customers. It is approaching impossible to purchase a TV without a WiFi transceiver built in.
As it is it doesn't look like the atsc 3.0 switchover will even happen as when they switched to digital they were allowed to run both analog and digital at the same time.
However with atsc 3.0 it's to be all or nothing.
"For five years, require the programming aired on the ATSC 1.0 simulcast channel to be âoesubstantially similarâ to the programming aired on the ATSC 3.0 channel. This means that the programming must be the same, except for programming features that are based on the enhanced capabilities of ATSC 3.0, advertisements, and promotions for upcoming programs."
ATSC 3.0 offers better reception and uses modern codecs.
Broadcasters can easily double number of channels and do so with much higher quality with less user effort (installing and positioning antennas) needed for reliable reception.
ATSC 3.0 does not require Internet connectivity to work. At least it is not required by the specification.
There is all kinds of crap ATSC 3.0 is capable of doing that would in my view be really bad:
Worst possible and perhaps most likely scenario is inclusion of "return channel" (DRC) transmitters into television sets turning them into two way bugs.
Followed by encrypted content and related plays at turning OTA into a subscription service or somehow forcing Internet access to get encryption key for data collection/stalking purposes. I personally think the likelihood of this occurring is slim.
Suspect features to push ads over a logically separate channel from the mpeg stream won't ever be used for the simple fact it will be too easy to configure receivers to ignore.
I just wish we could all grow up and behave like the advanced species we claim to be.
Advanced species? Are you on drugs?
One aspect of this story particularly interests me - and it might be a subtle, legal point - which is: what is/are the responsibilities of "Tesla the Company", with respect to tackling and preventing racism in the workplace?
Tesla is a daycare facility.
I am not for one moment suggesting that the claims of this plaintiff are anything less than genuine.
In what way if any is this non suggestion different from the following: I am not for one moment suggesting that the claims of this plaintiff have merit.
What interests me is: as an employer, where do Tesla's responsibilities stop?
Depends on how good lawyers are at capturing the legal system. Ultimately the right answer: liability is infinite and responsibilities never end.
Do they have to have an anonymous whistleblowing program?
That's hot.
Are there other things that an employer needs to demonstrate in order to avoid accusations of institutional racism?
Accusations + clickbait media + social media = utopian paradise
The reason I ask the original question is that it seems to me that we need to understand the difference between "Tesla the Company" and "Tesla's Other Employees"
Corporations are people, my friend.
But does the presence of one or more racist employees at any company mean that the company itself is racist?
If not, how do we make the differentiation? Is it when 10% of employees are racist? 20%? Is it if the company fails to handle accusations of racism appropriately - and, if so, what does "appropriate handling" need to include?
What percentage of Chinese have to be involved in hax0r1ng before it is safe to declare all of China hax0rz?
But much as I'm concerned by these claims and would want to see some solid evidence of a reasonable response to them, I'm struggling to make the leap from "a number of employees at Company X demonstrated racist behaviour" as being equal to "Company X is racist".
Failure to take the leap is a strong indicator you condone and actively support racist behavior. Now if you'll excuse me I have to go geo-ban all Chinese datagrams from China.
Is this reasonable skepticism, or is this splitting hairs that an unethical company would hide behind? Is it fair to make the distinction? What would be the indicators you would look for, in a case like this, before you would conclude that a company was racist?
Good luck walking friends and family through installing a private CA's root certificate onto each phone, tablet, laptop, or handheld video game console that they have brought to your home in order to play the videos stored on your NAS. There were plans at some time to make even the Fullscreen API secure-only, meaning any video played from a NAS over cleartext HTTP would have distracting always-on borders around it.
There seems to be a certain amount of ambiguity in the assumptions.
TFA implied time limited network outage in which case TLS does not have to be affected in the first place rendering parents comments irrelevant. Certs with three year validity periods can easily be purchased for something on the order of $10/year. Those depending on LE might be affected with the 3 month validity period depending on the particulars of outage yet this is a deficiency of LE not TLS. Alternatives to LE are readily available and technology itself (TLS) does not stop working without Internet connectivity. The reality is if you have already purchased a domain for your internal network and run your own DNS that $30 for 3 year DV cert isn't a big deal.
My assumption with respect to parents remarks as I interpreted them were intended for long term alternate reality where Internet does not exist for years or forever. In that case managing PKI manually if you really care to bother with it at all entails a certain management overhead in my view would not be unrealistic given the circumstances. There is software and documentation readily available for managing trusted certificates on most platforms. This is done routinely in corporate environments and isn't that big a deal.
With regards to NAS video on mobiles and consoles the hypothetical with regards to full screen display of videos is not actually valid. Nobody obtains certs or bothers with TLS just to play videos from home file servers. The few that care are probably capable of loading a cert.
When you find a secure computer, you let us all know okay?
This isn't going to be any more or any less secure than what currently exists.
Increasing attack surface of web browsers by implementing web assembly makes them less secure.
Webassembly seeks to correct the problem of only having one craptastic language for developing on the web by essentially providing a common language runtime/VM that other compilers can translate code to.
Browsers are document viewers not operating systems.
The problem is allowing random goons on the Internet to load and execute software. The solution is not piling on more features to enable more of the same.
How do you obtain TLS certificates for the HTTPS servers on your internal network without an Internet connection? Cleartext HTTP doesn't work for a lot
In the absence of the Internet there would no longer be much if any incentive to do so.
of things nowadays because of the Secure Contexts requirement that browsers have implemented. Even if you use an ACME client elsewhere to get a certificate from Let's Encrypt and sneakernet it to your internal network, you still have to buy a domain for your internal network in order to have a name for the certificate, and you have to keep paying to renew it.
Common for corporations to create their own CAs for managing trust across their Internal networks. Anyone can do it for free with a few lines of OpenSSL commands. Just requires an extra step of installing your CA cert into each systems trusted certificate database.
No can do. Only two companies sell the CPU, Intel and AMD that runs your windows, linux, osx apps. Don't like their terms? Don't buy their products.
No big deal. The way things are going we're all going to be running ARM on desktop before too long anyway. Intel and AMD should do everyone a favor and go back to sleep.
You have no choice but to adopt whatever they sell, or go back to the stone age and use pen and paper or some old CPU.
We looked at the percentage of cancelable touch events that were sent to a root target (window, document, or body) and determined that about 80% of these listeners are conceptually passive but were not registered as such. Given the scale of this problem we noticed a great opportunity to improve scrolling without any developer action by making these events automatically "passive".
What usually happens "We" is one person or small group with both power and a very particular interest. Then shockingly it turns out data collection and analysis reflects this same narrow view.
In the absence of "We" bothering to expend effort on a credible survey or offering up externally reviewable supporting evidence such proclamations in my view are best ignored in their entirety.
The data collection source was the set of Chrome users who hadn't opted out of the performance data reporting, i.e. the vast majority of users of the world's dominant web browser. That's hardly a "narrow" data set.
I talk in terms of narrow views and you talk in terms of narrow data sets. I hope you can appreciate the difference between these two very different concepts.
Not even original - Microsoft did this for IE talking to IIS. I don't remember the exact details, but they were skipping part of the standard TCP handshake to reduce latency, so pages loaded faster with IE, but only if served from a Windows IIS machine
No they didn't. This was nothing more than a bunch of chattering fools not understanding what they were looking at or understanding basics of TCP state machine.
There is no possible way to bypass burning a round trip (TCP FO excluded) on TCP setup because you need to wait for information only destination peer can provide in order to stand any practical chance of transmitting data that won't be summarily ignored.
There is NO WAY around it. You can get lucky and guess the right sequence yet chance of this happening is beyond worthless. Or you can have both client and server collude in some manner that allows sequence to be guessable. In the absence of a mechanism like TCP-FO implementing such a ridiculous feature would have resulted in catastrophic susceptibility to DOS attack.
That said there are certainly parameters people can and do screw with to more aggressively attempt to reduce latency... Screwing with ICW on servers you control is a common example.
This is not a falsifiable statement and therefore meaningless, Mom! GOD!!!!
Stating you like/love/hate something conveys what you think to others. It isn't meaningless.
All the waffles in my toaster disappeared, GOD ate them. Although probably incorrect is not meaningless.
I hate my new toaster because it's new and I don't like change. Although this is incorrect... I hate my new toaster because Belgian waffles won't fit in it... at least this is a statement that can be tested.
What makes parents statement different is it sets out a premise "It is fluid, needs to change, has to change. If the new breaks the old, too bad for the old, it should of kept up!" that cannot possibly be evaluated as false regardless of what the particulars of a change being evaluated against the statement happen to be. No matter how absurd or outlandish. It could be that WWW is now WAIS or Lynx only or an ABACUS updated by carrier pigeon and parents comment of too bad keep up would be no more or less valid.
Simply stating an opinion about specific issue at hand would have at least conveyed the authors opinion and would not be meaningless.
We looked at the percentage of cancelable touch events that were sent to a root target (window, document, or body) and determined that about 80% of these listeners are conceptually passive but were not registered as such. Given the scale of this problem we noticed a great opportunity to improve scrolling without any developer action by making these events automatically "passive".
What usually happens "We" is one person or small group with both power and a very particular interest. Then shockingly it turns out data collection and analysis reflects this same narrow view.
In the absence of "We" bothering to expend effort on a credible survey or offering up externally reviewable supporting evidence such proclamations in my view are best ignored in their entirety.
Slashdot Mirror
Just in case anyone has not yet received the memo. Carrier pigeons tend to be particularly unreliable this time of year.
If a MitM doesn't relay the communication to the intended recipient at all, as you suggest, then the intended recipient would notice immediately that they aren't receiving expected data...
Assuming this even matters why would they know that? Is malice incapable of transmitting false data to Alice? If so why? Because it's secret? Because there is some trust relationship / coordination between the peers?
and if the latency on the data is wrong, perhaps synced to an atomic clock feed on an unencrypted OOB radio channel, then they would know that the transmission was being intercepted.
Why would the latency be wrong? You didn't answer the question of how the two coordinate... how does Alice know when the transmission started in order to measure latency in the first place? Simply having a common clocking source does not communicate anything about timing of data transmission itself. You can send this over an unencrypted communications link but that would be A. really stupid and B. link itself would be subject to trivial compromise. This is simply punting the same set of problems of trust from one link to another. It solves nothing.
By virtue of being OTA, the side channel communication is immune to any MitM interception
Yea right because RF can't be blocked and there is just one transmitter on the planet. Not that any of this matters at all being predicated on invalid assumptions enumerated above.
and if the transmission of the OOB data itself is delayed by no less than the expected latency of the fibre, it cannot be utilized to fake the expected latency by the MitM attacker, because by the time they receive it, too much time has gone by to accurately fake the latency period on the fibre.
Addressed why this is incorrect in the previous message. You can replace a section of fiber with free space optics and gain 1 ns of latency per yard. Not that it matters.
Lambda switching works the same way in reverse. Rolls of fiber are used to delay signal so that FIB has enough time to switch to the appropriate destination but whether your catching up or slowing down the principal is the same.
If your having trouble coming up with a new scheme have you considered using a focused neutrino source (e.g. linear accelerator) for low bitrate communications?
What this all reminds me of is an inventor trying to find a way to implement a permanent magnet free energy generator. No matter how clever you are or how much you think you can outsmart GOD it never quite works out. There are certain principals underlying the fruitless journey you are on that that can't be bent by imagination. Your choices are to trust the wire or guard secrets. There is no third way.
Not true... you can verify latency along the line and the other side. You know exactly how long the fiber is, and the propogation velocity of light in the fiber is well known, so it would be impacted significantly by any MitM attack.
So now we are moving away from quantum crypto and on to measuring propagation delay... Ok I'll bite.
How is that coordinated? What does it matter if Alice ever sees a copy of the message? Is there some kind of secret handshake involved requiring Alice keeping secrets? To verify timing? You seem to imply one exists by verifying latency comment. How does a peer know when to expect data? Is there a secondary or secret OOB communications channel involved?
Not that it matters any but speed of light thru an optical cable is ~2/3 C. If you need margins you can get them with free space optics.
Obviously, but if only the endpoints are trustworthy (which can easily be the case, especially if the distance is more than a km or so.), and you cannot vouch for who else might be listening in. quantum crypto provides the assurance that nobody else is eavesdropping while you exchange data.
Yes your absolutely correct. However your missing a key fact.
This "assurance" is completely worthless in the face of an active MITM attack.
If you don't control the wire you can't know whether Malice is sitting in the middle of it acting as a proxy between you and Alice. For all you know when you send a message to Alice your really talking to Malice who proxies the message along to Alice after intercepting it.
You are certainly correct in that nobody else is eavesdropping on the data exchange between you and Malice... but umm... your now owned and all of your super secret secrets are compromised anyway because you were talking to the WRONG PERSON and you had NO WAY of knowing it. God does not hand out quantum MAC addresses. You need to figure out WHO it is your communicating with on your own.
Why do you think the world bothers deploying PKI when they could just use anonymous DH to secure the worlds Internet traffic? It provides the same flavor of assurance as quantum crypto. No known practical attack for either system... all without keeping secrets. Both systems secure against passive observers.... and yes both systems FAIL miserably in the face of Active MITM.
The only way to prevent being crushed by the fail whale is pre-arranged trust relationships which at it's core demands keeping secrets. As I said before and will continue to say believe me or not... there is no possible way around it. Establishing trust without guarding secrets is not a physically possible concept.
Quantum crypto only requires secrets to be kept if you need to authenticate...
Which is not inherently necessary for cryptography...
for example, in a secured point to point fiber connection, which in the case of quantum crypto is impossible to eavesdrop on without alerting the parties involved.
If you draw a box big enough to encompass the full length of the wire and declare everything within the box to be physically secure and trustworthy there is no point in deploying quantum crypto or any crypto of any kind to protect the information transmitted over said wire. It is by definition secure and impossible to eavesdrop on because you say so.
If on the other hand you are not willing to trust the wire (really smart idea) you deploy cryptography with or without quantum. This cryptography requires keeping secrets as a basis of operation necessary to protect information. There is no way around the requirement to keep secrets with regard to quantum crypto or normal crypto no matter what. Failure to keep secrets means you are left with no assurance of who it is you are communicating with rendering cryptographic component of security meaningless / worthless / unusable / dangerous / unfit for purpose. You can't separate the two in the real world. Trust is not optional. Cryptography without trust is an oxymoron.
What you also can't do is have it both ways. You can't say on one hand a cable is physically secure therefore since it is secure quantum crypto performed over said cable is also secure. This is just playing with words as you can replace quantum crypto with plaintext and replay the same argument and it will have been no more or less valid.
It amounts to a word game as ridiculous as worthless as the original word game that started this thread. It has no purchase on reality. All deployment of crypto requires keeping secrets. There is not some magical way around it. It doesn't exist and never will.
I still think not granting ddl to the account in use solves the 'drop table' problem nicely which is what I was responding to in the first place. You seem to be side tracked into other problems.
If the problem is we need to keep people from deleteing all of our data.
The answer disallowing DROP TABLE does not solve this problem.
It does not prevent the execution of DELETE FROM. Simple as that.
Saying that DROP TABLE is solved by disallowing drop table is a trivial word game with no practical real world value.
I was under the impression we were talking about security, not authentication.
I'm really sorry I don't read in threaded mode and going back it looks like the entire thread amounts to a childish word game as to whether the word "obscurity" applies to intentionally kept secrets.
All I read was your post and pointed out correctly it is factually incorrect. I have no interest in the underlying question. Quantum crypto requires classical secrets to be kept end of story.
I don't read that comic so your post makes little sense. I suppose in general I
It is not necessary as relevant context is provided separately. You can ignore the comic references if you'd like.
agree no one design any software around something they read in a web comic but I'm not clear on why it's painful to suggest an account that needs to only do dml not have ddl grants. Are you saying it should?
The original remark "The real flaw is giving out ddl grants to a service account that's supposed to be doing dml".
The problem with this remark it treats a very specific instantiation of a symptom that does nothing to:
1. Resolve the underlying issue ... but not DELETE FROM ... it does nothing to address the problem.
2. Address problems caused by continued existence of underlying issue. In simplest of terms disallowing DDL prevents DROP TABLE
Therefore this solution cannot live up to its billing "the real flaw is..."
While irrelevant my personal opinion database level object based access controls are seldom useful. They are either to be written off entirely and punted to application tier or all access restricted to procedure calls and or views. Object level access simply isn't granular enough to apply the necessary constraints. It isn't that it isn't worth locking things like that are not necessary down it's simply insufficient in nontrivial systems as a measure to effectively protect systems from users.
Also, it's a little odd that you rant about how wrong the comic is yet have episode numbers memorized.
I generally think highly of xkcd. In this case while amusing it happens to be wrong. The same "wrong" is fairly widespread appearing in security literature and minds of many I have had to deal with on a daily basis over the years. It is in my view a dangerous misconception because it leads people to focus on judging the content of data when they should be judging the integrity of interfaces to ensure separation of context.
Had to look up 327. 1200 remembered since it is a round number and the general theme comes up too often. What I see a lot of is people who work systems all day confusing what matters to them with what is important to the customer. Users don't give a rip about our system. They care about their data and how it affects their mission.
The security of quantum cryptography does not depend on obscured information, but from the property of unreproducibility
It entirely depends entirely on classical sources of trust. In the simplest of terms Quantum crypto is all about refreshing keys amongst communicating peers. You still need trust in the form of hidden secrets to start otherwise there is no way of having any assurance who is on the other end.
The anti-eavesdropping properties of quantum don't mean squat when your spilling the beans to Malice instead of Alice.
The real flaw is giving out ddl grants to a service account that's supposed to be doing dml.
Listening to this shit is painful. You should ALL know better.
xkcd 327 is WRONG.
Everyone who thinks SQLi is about cleaning / sanitizing / scrubbing / bathing data is fundamentally wrong and entirely missing the point of what SQLi actually is and how to address it.
SQLi has NOTHING to do with the content of data. "Scrubbing" is entirely irrelevant. You all need to "internalize" this basic fact and stop propagating bullshit.
As for the "real flaw" being handing out DDL grants this reminds me of xkcd 1200. What people actually give a crap about is what's in the box not the flimsy piece of cardboard holding the goods. More beyond worthless advice in a beyond worthless thread.
The existence of the memo was rude to say the least, because it was intended to promote a certain unfounded world view which is harmful to others.
This is what makes the SJW phenomenon so ridiculous. Every idea they don't like is characterized as "harmful" to the extent they become "harmed" or "physically ill" (term of art) just by the act of listening to say nothing of the debilitating "fear" of it spreading on to others who may be influenced by "wrong thinking".
Every bit of "wrong thinking" is to be framed in terms of harm. Harm is then leveraged as basis for shutting down dissenting opinion by any and all means necessary. It is the very mechanism which bankrolls a laughably hypocritical reality where those who profess to worship tolerance the most demonstrate the extreme opposite by their words and deeds.
In short those who "transmit" "harmful" ideas MUST BE STOPPED. It is a "moral imperative".
It's a fact that James Damore drew unfounded conclusions and shared them in his paper, and it's a fact that you're attempting to deny this. It's therefore a fact that you're spreading disinformation. It is my opinion that you are the same kind of asshole as James Damore, so you are defending him because it is a way of defending yourself.
There is a certain amount of consistency in your conclusions as ridiculous as they are.
Those who believe Damore was genetically engineering a social meme designed to doom all women into a life of sandwich making are relieved his evil plans were thwarted by his firing. Anyone who defends his evil plans must themselves be evil. No other interpretation is permissible or possible.
In a world where everyone has high blood pressure I suspect we will soon be seeing an uptick of nobody taking such diagnosis seriously amid general growing mistrust of the medical industrial complex for grievances real and imagined.
Ultimately even if you ignore studies showing half of all academic papers are bullshit and work under the assumption there is technical merit to the conclusions it still might be prudent to consider real world implications and take a different tact than California did when declaring everything causes cancer.
channels. Six of the eight local broadcasters simply can't deliver enough signal for even an amplified indoor antenna. So Sunday, I'm going to tackle the job of reinstalling the amplifiers and wiring for our abandonded whole house TV network and outdoor antenna.
Amplifiers are less than worthless when it comes to digital transmission. Just another source of loss and noise that will only make your signal problems worse.
Much better to pick up a $60 ATSC to Ethernet converter box from your local best buy and plug it in as close as you can to your antenna to keep losses down.
Non-sequitor. If you don't watch broadcast TV, then your "smart TV" isn't going to be hearing anything from broadcast TV and won't be able to collect data about what OTA TV you are watching. If you want the fact that you watch movies on your TV to be secret, don't tell us
Has already been demonstrated source of content is irrelevant.
https://www.ftc.gov/news-event...
The only point of relevance is whether TV can find a communication channel such as open WiFi, ISP hotspots, Bluetooth, Ethernet over HDMI or directly integrated LTE / DRC.
We have already seen television vendors behave unethically and unlawfully going through extraordinary technical lengths to spy on their customers. It is approaching impossible to purchase a TV without a WiFi transceiver built in.
As it is it doesn't look like the atsc 3.0 switchover will even happen as when they switched to digital they were allowed to run both analog and digital at the same time.
However with atsc 3.0 it's to be all or nothing.
"For five years, require the programming aired on the ATSC 1.0 simulcast channel to be âoesubstantially similarâ to the programming aired on the ATSC 3.0 channel. This means that the programming must be the same, except for programming features that are based on the enhanced capabilities of ATSC 3.0, advertisements, and promotions for upcoming programs."
ATSC 3.0 offers better reception and uses modern codecs.
Broadcasters can easily double number of channels and do so with much higher quality with less user effort (installing and positioning antennas) needed for reliable reception.
ATSC 3.0 does not require Internet connectivity to work. At least it is not required by the specification.
There is all kinds of crap ATSC 3.0 is capable of doing that would in my view be really bad:
Worst possible and perhaps most likely scenario is inclusion of "return channel" (DRC) transmitters into television sets turning them into two way bugs.
Followed by encrypted content and related plays at turning OTA into a subscription service or somehow forcing Internet access to get encryption key for data collection/stalking purposes. I personally think the likelihood of this occurring is slim.
Suspect features to push ads over a logically separate channel from the mpeg stream won't ever be used for the simple fact it will be too easy to configure receivers to ignore.
I just wish we could all grow up and behave like the advanced species we claim to be.
Advanced species? Are you on drugs?
One aspect of this story particularly interests me - and it might be a subtle, legal point - which is: what is/are the responsibilities of "Tesla the Company", with respect to tackling and preventing racism in the workplace?
Tesla is a daycare facility.
I am not for one moment suggesting that the claims of this plaintiff are anything less than genuine.
In what way if any is this non suggestion different from the following:
I am not for one moment suggesting that the claims of this plaintiff have merit.
What interests me is: as an employer, where do Tesla's responsibilities stop?
Depends on how good lawyers are at capturing the legal system. Ultimately the right answer: liability is infinite and responsibilities never end.
Do they have to have an anonymous whistleblowing program?
That's hot.
Are there other things that an employer needs to demonstrate in order to avoid accusations of institutional racism?
Accusations + clickbait media + social media = utopian paradise
The reason I ask the original question is that it seems to me that we need to understand the difference between "Tesla the Company" and "Tesla's Other Employees"
Corporations are people, my friend.
But does the presence of one or more racist employees at any company mean that the company itself is racist?
If not, how do we make the differentiation? Is it when 10% of employees are racist? 20%? Is it if the company fails to handle accusations of racism appropriately - and, if so, what does "appropriate handling" need to include?
What percentage of Chinese have to be involved in hax0r1ng before it is safe to declare all of China hax0rz?
But much as I'm concerned by these claims and would want to see some solid evidence of a reasonable response to them, I'm struggling to make the leap from "a number of employees at Company X demonstrated racist behaviour" as being equal to "Company X is racist".
Failure to take the leap is a strong indicator you condone and actively support racist behavior. Now if you'll excuse me I have to go geo-ban all Chinese datagrams from China.
Is this reasonable skepticism, or is this splitting hairs that an unethical company would hide behind? Is it fair to make the distinction? What would be the indicators you would look for, in a case like this, before you would conclude that a company was racist?
+++
ATH
Good luck walking friends and family through installing a private CA's root certificate onto each phone, tablet, laptop, or handheld video game console that they have brought to your home in order to play the videos stored on your NAS. There were plans at some time to make even the Fullscreen API secure-only, meaning any video played from a NAS over cleartext HTTP would have distracting always-on borders around it.
There seems to be a certain amount of ambiguity in the assumptions.
TFA implied time limited network outage in which case TLS does not have to be affected in the first place rendering parents comments irrelevant. Certs with three year validity periods can easily be purchased for something on the order of $10/year. Those depending on LE might be affected with the 3 month validity period depending on the particulars of outage yet this is a deficiency of LE not TLS. Alternatives to LE are readily available and technology itself (TLS) does not stop working without Internet connectivity. The reality is if you have already purchased a domain for your internal network and run your own DNS that $30 for 3 year DV cert isn't a big deal.
My assumption with respect to parents remarks as I interpreted them were intended for long term alternate reality where Internet does not exist for years or forever. In that case managing PKI manually if you really care to bother with it at all entails a certain management overhead in my view would not be unrealistic given the circumstances. There is software and documentation readily available for managing trusted certificates on most platforms. This is done routinely in corporate environments and isn't that big a deal.
With regards to NAS video on mobiles and consoles the hypothetical with regards to full screen display of videos is not actually valid. Nobody obtains certs or bothers with TLS just to play videos from home file servers. The few that care are probably capable of loading a cert.
When you find a secure computer, you let us all know okay?
This isn't going to be any more or any less secure than what currently exists.
Increasing attack surface of web browsers by implementing web assembly makes them less secure.
Webassembly seeks to correct the problem of only having one craptastic language for developing on the web by essentially providing a common language runtime/VM that other compilers can translate code to.
Browsers are document viewers not operating systems.
The problem is allowing random goons on the Internet to load and execute software. The solution is not piling on more features to enable more of the same.
How do you obtain TLS certificates for the HTTPS servers on your internal network without an Internet connection? Cleartext HTTP doesn't work for a lot
In the absence of the Internet there would no longer be much if any incentive to do so.
of things nowadays because of the Secure Contexts requirement that browsers have implemented. Even if you use an ACME client elsewhere to get a certificate from Let's Encrypt and sneakernet it to your internal network, you still have to buy a domain for your internal network in order to have a name for the certificate, and you have to keep paying to renew it.
Common for corporations to create their own CAs for managing trust across their Internal networks. Anyone can do it for free with a few lines of OpenSSL commands. Just requires an extra step of installing your CA cert into each systems trusted certificate database.
No can do. Only two companies sell the CPU, Intel and AMD that runs your windows, linux, osx apps. Don't like their terms? Don't buy their products.
No big deal. The way things are going we're all going to be running ARM on desktop before too long anyway. Intel and AMD should do everyone a favor and go back to sleep.
You have no choice but to adopt whatever they sell, or go back to the stone age and use pen and paper or some old CPU.
The customer has all the power in the world.
We looked at the percentage of cancelable touch events that were sent to a root target (window, document, or body) and determined that about 80% of these listeners are conceptually passive but were not registered as such. Given the scale of this problem we noticed a great opportunity to improve scrolling without any developer action by making these events automatically "passive".
What usually happens "We" is one person or small group with both power and a very particular interest. Then shockingly it turns out data collection and analysis reflects this same narrow view.
In the absence of "We" bothering to expend effort on a credible survey or offering up externally reviewable supporting evidence such proclamations in my view are best ignored in their entirety.
The data collection source was the set of Chrome users who hadn't opted out of the performance data reporting, i.e. the vast majority of users of the world's dominant web browser. That's hardly a "narrow" data set.
I talk in terms of narrow views and you talk in terms of narrow data sets. I hope you can appreciate the difference between these two very different concepts.
Not even original - Microsoft did this for IE talking to IIS. I don't remember the exact details, but they were skipping part of the standard TCP handshake to reduce latency, so pages loaded faster with IE, but only if served from a Windows IIS machine
No they didn't. This was nothing more than a bunch of chattering fools not understanding what they were looking at or understanding basics of TCP state machine.
There is no possible way to bypass burning a round trip (TCP FO excluded) on TCP setup because you need to wait for information only destination peer can provide in order to stand any practical chance of transmitting data that won't be summarily ignored.
There is NO WAY around it. You can get lucky and guess the right sequence yet chance of this happening is beyond worthless. Or you can have both client and server collude in some manner that allows sequence to be guessable. In the absence of a mechanism like TCP-FO implementing such a ridiculous feature would have resulted in catastrophic susceptibility to DOS attack.
That said there are certainly parameters people can and do screw with to more aggressively attempt to reduce latency... Screwing with ICW on servers you control is a common example.
I love you, WaffleMonster
This is not a falsifiable statement and therefore meaningless, Mom! GOD!!!!
Stating you like/love/hate something conveys what you think to others. It isn't meaningless.
All the waffles in my toaster disappeared, GOD ate them. Although probably incorrect is not meaningless.
I hate my new toaster because it's new and I don't like change. Although this is incorrect... I hate my new toaster because Belgian waffles won't fit in it... at least this is a statement that can be tested.
What makes parents statement different is it sets out a premise "It is fluid, needs to change, has to change. If the new breaks the old, too bad for the old, it should of kept up!" that cannot possibly be evaluated as false regardless of what the particulars of a change being evaluated against the statement happen to be. No matter how absurd or outlandish. It could be that WWW is now WAIS or Lynx only or an ABACUS updated by carrier pigeon and parents comment of too bad keep up would be no more or less valid.
Simply stating an opinion about specific issue at hand would have at least conveyed the authors opinion and would not be meaningless.
We looked at the percentage of cancelable touch events that were sent to a root target (window, document, or body) and determined that about 80% of these listeners are conceptually passive but were not registered as such. Given the scale of this problem we noticed a great opportunity to improve scrolling without any developer action by making these events automatically "passive".
What usually happens "We" is one person or small group with both power and a very particular interest. Then shockingly it turns out data collection and analysis reflects this same narrow view.
In the absence of "We" bothering to expend effort on a credible survey or offering up externally reviewable supporting evidence such proclamations in my view are best ignored in their entirety.