Re: Wir haben Möglichkeiten, die Sie schwanger
"Not proper German.... try harder" -- petur
Hey, if we're being really pedantic, that's not a proper ellipsis!
2137 posts • joined 14 Nov 2007
"Not proper German.... try harder" -- petur
Hey, if we're being really pedantic, that's not a proper ellipsis!
"You also can't monitor a subject without their knowledge" -- Paul Hovnanian.
I disagree: sure, using 'hand-over-the-key-or-else' legislation does have that consequence. But keyloggers, key stealing, shoulder-surfing, bugging devices, etc. can all be used to monitor a subject who is using strong encryption without having to either attack the crypto or let the subject know that they are being watched. Endpoint compromise is effective against everything, even quantum crypto.
We need an audited, open-source, secure, traffic-analysis resistant system, impervious to blocking and denial of service.
This is problematic, because it would be of use to terrorists, but any remotely competent terrorist can do this stuff anyway and, as we have seen, they don't even have to: it seems they can be on everybody's watchlist, pretty much announce their intent publicly and still commit atrocities before being intercepted.
Such a system would kill, once and for all, the technically ignorant idea that all communication can be policed, as we would just say --- look, what's the point? Bad actors can always use System X.
"Is there a system in the wings?" -- T. occipitalis
Doesn't matter - the bad actors won't use it. If I can post random thoughts on Facebook I can communicate in code with any system of my choice without anyone apart from the recipient being aware of the hidden content. If I am allowed to post photographs I have taken, that content can be of quite significant size.
"Given that the UK authorities, at least, can demand keys from suspects why bother with SBDC"
Because you can't dragnet; That is the whole motivation here. Even with unbreakable encryption they can hit known targets through a variety of old school and technological measures; what they want to do is monitor everyone, all the time, just in case.
@asdf - apologies, I deleted my earlier comment because I thought I was being unnecessarily pedantic and I actually agreed with you. Unfortunately that then 'orphaned' your reply, apologies :-)
Brilliant idea, although might I suggest HSL rather than RGB --- it's a bit more sympathetic for conveying gradients
"Leaving choice aside, some people really don't have a distinguishing body part and it does seem unreasonable to assign them to an arbitrary category for administrative convenience." -- absolutely
There are 4 standard values for gender: male, female, unknown, unspecified and you've got to be able to support AT LEAST these 4. "experienced healthcare software designers" who are using Booleans should be taken out the back and shot --- IEC 5218 is forty years old this year FFS.
I think the seminal hit is sometime before the insertion of the babypod
My eldest son had a difficult birth. Some time after he was born, we received a baby gift of "relaxing womb sounds." The normally placid little chap reacted with considerable distress when the disc started to play, and settled only when it stopped.
Being a scientist, I had to try another couple of times to see if it happened again --- it did. Being a father, I wasn't going to do it more than thrice --- I didn't.
Now, I wouldn't normally want to infer something from a sample of three. However, might it be possible that some ill-timed music during foetal distress could result in a baby who would be distressed by such music?
On a related note, I'm now wondering whether my parents travelled back in time with some Kanye West tracks?
"Wouldn't it be much simpler to follow one from station to home after work?"
That would give you 1 address and would involve both more time and more risk. It's the same with a sexual predator following a young woman home, or an investment scammer following an older person home to see if they are likely to be asset-rich and income-poor (and a good target for an equity release scam). You'd still have more work to get a name and phone number (handy for "household surveys" where you can usually find out if someone lives alone --- especially if you have a handy conversation starter like registered political affiliation) but it's not going to be impossible.
What IS going to be impossible, though, is finding thousands of targets this way. Finding a wallet with someone's name, address and phone number is completely different to finding a DB with millions of addresses and phone numbers. Sometimes the scale of a quantitative difference is so large it is more effectively interpreted as a qualitative difference: my engineering inclinations would ordinarily, depending on the context, put that "switch" between about 3 and 6 orders of magnitude.
I presume the concern is that the voters did not necessarily give permission for this information to be given to anyone, without restriction -- or audit.
Privacy is not one dimensional: I really don't mind the UK secret services knowing what I use my VPN for, but it doesn't mean I want the council's parking control officer to know; I don't mind the latter knowing my address, but I don't want him to know my date of birth; etc.
There is also the issue of aggregation. Sometimes secrets that aren't even in the data can be given away by the data (e.g. a geographic clustering of security cleared people in a rural town). Databases which contain gender and D.o.B. information can be used to identify the locations of thousands of young women, for instance.
However, the key flaw in your argument is to assume that everyone else should be comfortable with your own personal privacy levels. I post here using my full name, but I don't expect everyone else to, and I'd be highly unimpressed with someone "outing" a fellow commentard who had used a handle or posted AC.
According to Reuters:
"The draft law, which could require technology firms to install "back doors" in products or hand over sensitive information such as encryption keys to the government, has also been criticised by some Western business groups.
U.S. President Barack Obama has said that he had raised concern about the law directly with Chinese President Xi Jinping."
I hope Mr President will be calling David CamJongUn to express his concerns about draft legislation proposed by Treasonous May.
What if I don't really want to have a laser focussed on me?
"The only exception being Rouge Squadron ..." --- Bladeforce
"If I had a spare few grand" ... ah yes. But we can always use MAME :-)
"Why is nobody commenting on the significance of quantum computing as a real threat to encryption" -- Jerth
It isn't insignificant but it isn't the end-of-life for classical encryption. Firstly, quantum prime factorisation is faster than classical but the speed up is not so vast that it cannot be impeded by using much longer keys. Secondly, there are already quantum-resistant algorithms.
" it's now some 35 years I keep seeing intelligent, educated professionals being totally confused by a box of, well wires and stuff, acting like they have been zapped by a 1950ies B-movie MoronRay or something"
Precisely --- they are operating so far out of their comfort zone that they regress intellectually. People who would never dream of phoning up their garage and saying "my car doesn't work" routinely tell me "my computer doesn't work" and I have to play 20 questions, getting only "yes", "no" and "i don't know" answers to each question.
Even when people are specific "I've got a ghost post on Facebook I can't delete" you have to play the game: question 1) "is it the app or in a browser?" (usually answered by "I don't know" or, worse "how should I know?")
So the problem isn't idiots, it's intelligent people behaving like it. However, even that is forgiveable --- the real issue begins when they start to treat *you* like an idiot when you're trying to help them.
"This essay by Vinay Gupta explains the context..." -- Francis Irving
Your source appears to explain a specific and clever solution that can be used by people who want to cooperate (e.g. to share encrypted video to avoid liability for copyright infringement whilst still providing a decryption path for e.g. identifying the source of banned content). We wouldn't need a big project to work out how to do this as the article you quote already contains a solution!
The people that the powers-that-be are constantly pointing to as the threat which justifies mass surveillance are both able to use non-compliant cryptography and to hide the fact that they are doing so with steganography and other counter measures. It doesn't matter if you invent a new system that keeps all the good guys happy --- because the bad guys will ignore it.
"but the first good quantum computers *will* pwn all classical algorithms" -- DavCrav
I thought that (a) there already exist quantum-computing resistant algorithms and (b) that the speed-up offered by, e.g. Shor's Algorithm is not so vast that it cannot be realistically kept at bay for a while by using (maybe much) bigger key sizes with classical encryption.
The Manhattan Project (like the Apollo Project) was about engineering a way to realise the theoretically possible. Only idiots think a sufficiently big project can manage the not theoretically possible (let alone the theoretically not possible) and only liars would suggest it could if they suspected otherwise.
The political elite seem to be, almost to a person, fools or frauds.
It's a win-win: (1) it forms a scientific trial; if after a few years of promoting it, the incidence of homosexuality stays roughly constant (within statistical bounds) we will at least confirm that all these people are talking rubbish but (2) if it causes a massive increase in homosexuality, we can reap the consequent benefits of population reduction.
If we superimposed that Welsh dragon on the flag would at least stop idiots hanging / flying it upside down.
"So, when the IT guy says 'there's only a 99% chance of success', what he's saying is 'this is ten million times more risky than our uptime SLA allows for, do not do this under any circumstances'" --- Naselus
That's what he is saying to a fellow techie. What the same sentence says to management is "yeah, it's definitely going to work" Remember, many of these people not only think that ninety nine point nine recurring is not exactly equal to a hundred (a little bit stupid) but are prepared to argue it with someone who does know (a little bit more stupid) and to not even change their mind when it's proved to them (unbelievably stupid).
My answer would have been "It's not a risk I would be happy to take: I think the chances of anything going wrong are small but the consequences, especially if we don't plan a mitigation strategy, would be fairly disastrous"
Between 2001 and 2013, about 3,400 USA citizens died from terror attacks (10% of which were outside the USA). In the same period there were over 400,000 deaths by gun violence inside the USA. [CDC figures, CNN report]. Measures which reduced USA gun crime by even 0.1% would save more lives than a 100% effective counter-terrorism system.
Before we can engaging in a discussion about "balancing" safety and privacy, the people asking us to discuss it need to explain what they feel is so uniquely awful about terror-related deaths and injuries that it requires such disproportionate resource expenditure and rights restrictions. In my experience, despite their insistence on being rational people who understand money, the 'stop-terror-at-any-cost' proponents are rarely in favour of any other 'big state' activities which would have a higher expected health payoff: increased health and safety provisions; supporting mental health; improving road safety; promoting changes in diet and lifestyle; increased research and treatment of major diseases.
Donald Trump: "[parts of London are] so radicalised the police are afraid for their lives"
Boris Johnson: "As a city where more than 300 languages are spoken, London has a proud history of tolerance and diversity and to suggest there are areas where police officers cannot go because of radicalisation is simply ridiculous ... Crime has been falling steadily both in London and in New York - the only reason I wouldn't go to some parts of New York is the real risk of meeting Donald Trump"
How about a small, rechargeable Bluetooth device that serves no purpose other than to keep your smartphone, tablet or laptop unlocked when said device is within range? You could even use it in 'pub' mode where when the device goes out of range you get an audible warning. Maybe the device could have its own buzzer to alert you when the connected devices drop out of range?
"PANTS for short" --- AndyS
Handy umbrella term. I have been using the term e-pocrisy to refer to the practice of using social media to diss social media (all those FB posts saying one, or one's kids, should put down their smartphones and experience real life). I think we could probably apply a similar classification for comments on a news site telling everybody what you think of Facebook, when it is not the central point of the article.
"He and the rest of the political elite never ask Toyota to come up with technological means to make it harder for terrorists to use the Hilux, do they?" --PassiveSmoking.
But they could prevent the vast majority of Hilux related deaths by limiting their speed to 20mph, though. I bet that would be super popular!
"The technology exists to regulate encryption and prosecute those who choose to violate the new laws."
I agree that technology exists "to regulate encryption" but, as we know, shorn of headers, decent ciphertext is indistinguishable from random numbers; these are easy to smuggle in media files. Furthermore, there is no practical detection of, or defence against, idiot code.
I'm pretty sure we are in agreement here --- they can regulate and criminalize but it wont stop the people it is "really supposed to stop"
"It should be well-known that something as cryptographically sensitive as key generation *must* use /dev/random"
Cause of weirdest "bug" (actually a feature) I've ever seen. Using a Linux Citrix client, connection to server timed out. Unless I got impatient and wiggled the mouse like crazy --- then it worked. Took me a while to figure out what was happening ... :-)
yeah, anyone care to apply the method of steepest descents?
Yes: prohibit impennetrable networks!
We need a high-profile absolutely* spy-proof communication system: strong encryption and no** usable metadata. We know there are such things, but they don't have enough public exposure for the majority people to realize "Well, terrorists could always use System X" so what's the point of allowing governments to spy on everybody all the time?"
* for highish values of absolutely
** for smallish values of no
"it's Fukushima that has left me with doubts about the sector." -- Six?
Why? It had a radioactivity death toll of zero despite a huge natural disaster that killed 20,000. It should be known as the Fukushima Nuclear Success.
... is objects that magically appear, prongs up, in the path of anyone who isn't wearing shoes
"Is that even possible, considering Gödel's theorems?"
It is and it isn't :-) You hit (for instance) the halting problem if you use a sufficiently expressive  language; then you cannot prove whether a program will halt or not. The key is to use a different type of language that is more amenable to mathematical proofs -- I'm inclined believe this is why they are starting fresh and not working on an existing library, but I'm no expert.
 Most modern programming languages meet the criteria: if you have a language where you can (a) test the return result of a function and (b) deliberately create an infinite loop, you'll hit the halting problem. Imagine a program (P) which takes a piece of code and calls a function (F) which returns whether that piece of code will complete or just hang (e.g. in an infinite loop). So P invokes F on some code and (bear with me) if the return result of F indicates that the said code will complete (i.e. will not halt), P then goes (deliberately) into an infinite loop. Now, what happens if you run P on itself? Suddenly you have a paradox: the only conclusion is that it is not possible to create the function F in any language in which, given F, you could create P.
Plusnet has stated that it "goes to great lengths to ensure we protect and secure our customer data"
This is simply a lie. You just cannot claim that you go to 'great lengths' to ensure xyz if you do not adhere to well known and widely accepted practices. Surely, in a case such as this when the organisation has actually been advised of the deficiencies of their approach (so even hard-to defend ignorance is no longer and excuse) and instead of saying "oops, we'll fix that ASAP, thanks for bringing it to our attention." they prefer to justify their original poor choices, making the statement "we go to great lengths" is actually fraudulently misrepresenting the services they sell?
"So, come on, how will we do it easily and cheaply?"
If I were a betting man, I'd guess on the materials science guys making a space elevator possible before the quantum science guys perfect either (a) the teleport or (b) the antigrav module.
... we can so effectively legislate against strong encryption because the corollary is, once such cat re-bagging and bolted horse re-stabling statutes have been perfected, we'll be able to neutralize the threat of nuclear weapons by forbidding knowledge of fission; furthermore, banning all understanding of highly exothermic chemical reactions will put an end to the explosive ambitions of terrorists!
"So only people with advanced tech knowledge are allowed to write about technology? Even though it's pretty important these days?" -- Clare Foges
Interesting that you interpret criticism as prohibition. Your focus on being "allowed" to do things is both revealing (it reveals you as an authoritarian by nature) -- and self-defeating, as your complaint appears to be that people are "allowed" to criticise you for being wrong.
And you aren't just whacky, creationist, homeopathically, moon-hoax wrong but actually mathematically, provably "pi is really rational, point nine recurring isn't equal to one," wrong.
... for some law student to demonstrate whether there is a potential for prosecution in cases like these. As far as I am concerned, a ready-trojanned machine is not 'fit for purpose' given the fairly well understood purposes of consumer computers.
As for "privacy is a top concern" it should be criminal offence to make this statement when it is clearly false, certainly when that is through incompetence in failure to protect (Talk Talk etc) but most definitely when it is due to a deliberate weakening of security for purposes that are of no benefit whatsoever to the user.
"No, it's just worthless. Usually I see a ton of "targeted" ads for things I've already bought" --- User McUser
Top Tip -- browse for under, beach and nightwear --- even better, leave some items 'saved for later' in various shopping carts to cheer up your browsing experience for a few days.
"I see you've had some kind of lessons in this "logic" subject. Very good!" -- Big John
You said: "That's a lot of killing by a smallish world minority. So let's not hear any more guff about "everyone does it." By and large, it's Muslims who do it to themselves and the rest of us."
You either (a) intended people to form a conclusion from this or (b) you didn't.
In the latter case (b) it is a correction of previous statements. I have nothing against pedantry --- I am probably one of its foremost proponents! Perhaps it is harsh to call such a correction pedantry, but that is a subjective assessment I made concerning the relative import of the statement to the current argument.
In the former case (a) there is a problem. Given that there are 1.5e9 Muslims in the world, the numbers of both victims and perpetrators of terrorism are proportionally so small that no conclusions can be made from this statement without affirming the consequent.
If you were encouraging the simple-minded to form a conclusion by affirming the consequent, despite your own knowledge of it being a logical fallacy, that would make you worse than simple minded -- it would make you a person using your superior intellect, or at least logical ability, to exploit those with less impressive capabilities.
So, I'm going to apologise for calling you a pedant and thank you for supplying the information, whilst considering the same to not advance us materially in the matter of dealing with terrorism.
"By and large, it's Muslims who do it to themselves and the rest of us." -- Big John
True but only valid as pedantry.
Those who didn't grow past the fallacy of "affirming the consequent" (e.g. All the terrorists in the world are fat, bald, middle-aged men from the West Midlands THEREFORE all fat, bald, middle-aged men from the West Midlands are terrorists) before adulthood should stick to the Daily Mail and Guardian forums where, as apparently in all popular politics, coherent phrasing is almost universally mistaken for coherent thinking.
Thanks for that useful explanation. I can see that it is certainly true if the path has high walls either side, but what about a wiggly footpath across an open field? Isn't it possible that the drunk will actually take a shortcut in these circumstances?
But then, with the 10 metre box described in the article, I'm pretty sure that time intervals between samples would sometimes cause the corners to appear to have been cut, and the overestimate still appears.
My other concern is whether this applies where maps are used --- an earlier reg article 'tested' GPS units against each other and tried to compare their accuracy. I was surprised how close they were to each other, and wonder if that is caused by snapping the route to a path on the map?