Re: It's just a little trivial
What if I don't really want to have a laser focussed on me?
2174 posts • joined 14 Nov 2007
What if I don't really want to have a laser focussed on me?
"The only exception being Rouge Squadron ..." --- Bladeforce
"If I had a spare few grand" ... ah yes. But we can always use MAME :-)
"Why is nobody commenting on the significance of quantum computing as a real threat to encryption" -- Jerth
It isn't insignificant but it isn't the end-of-life for classical encryption. Firstly, quantum prime factorisation is faster than classical but the speed up is not so vast that it cannot be impeded by using much longer keys. Secondly, there are already quantum-resistant algorithms.
" it's now some 35 years I keep seeing intelligent, educated professionals being totally confused by a box of, well wires and stuff, acting like they have been zapped by a 1950ies B-movie MoronRay or something"
Precisely --- they are operating so far out of their comfort zone that they regress intellectually. People who would never dream of phoning up their garage and saying "my car doesn't work" routinely tell me "my computer doesn't work" and I have to play 20 questions, getting only "yes", "no" and "i don't know" answers to each question.
Even when people are specific "I've got a ghost post on Facebook I can't delete" you have to play the game: question 1) "is it the app or in a browser?" (usually answered by "I don't know" or, worse "how should I know?")
So the problem isn't idiots, it's intelligent people behaving like it. However, even that is forgiveable --- the real issue begins when they start to treat *you* like an idiot when you're trying to help them.
"This essay by Vinay Gupta explains the context..." -- Francis Irving
Your source appears to explain a specific and clever solution that can be used by people who want to cooperate (e.g. to share encrypted video to avoid liability for copyright infringement whilst still providing a decryption path for e.g. identifying the source of banned content). We wouldn't need a big project to work out how to do this as the article you quote already contains a solution!
The people that the powers-that-be are constantly pointing to as the threat which justifies mass surveillance are both able to use non-compliant cryptography and to hide the fact that they are doing so with steganography and other counter measures. It doesn't matter if you invent a new system that keeps all the good guys happy --- because the bad guys will ignore it.
"but the first good quantum computers *will* pwn all classical algorithms" -- DavCrav
I thought that (a) there already exist quantum-computing resistant algorithms and (b) that the speed-up offered by, e.g. Shor's Algorithm is not so vast that it cannot be realistically kept at bay for a while by using (maybe much) bigger key sizes with classical encryption.
The Manhattan Project (like the Apollo Project) was about engineering a way to realise the theoretically possible. Only idiots think a sufficiently big project can manage the not theoretically possible (let alone the theoretically not possible) and only liars would suggest it could if they suspected otherwise.
The political elite seem to be, almost to a person, fools or frauds.
It's a win-win: (1) it forms a scientific trial; if after a few years of promoting it, the incidence of homosexuality stays roughly constant (within statistical bounds) we will at least confirm that all these people are talking rubbish but (2) if it causes a massive increase in homosexuality, we can reap the consequent benefits of population reduction.
If we superimposed that Welsh dragon on the flag would at least stop idiots hanging / flying it upside down.
"So, when the IT guy says 'there's only a 99% chance of success', what he's saying is 'this is ten million times more risky than our uptime SLA allows for, do not do this under any circumstances'" --- Naselus
That's what he is saying to a fellow techie. What the same sentence says to management is "yeah, it's definitely going to work" Remember, many of these people not only think that ninety nine point nine recurring is not exactly equal to a hundred (a little bit stupid) but are prepared to argue it with someone who does know (a little bit more stupid) and to not even change their mind when it's proved to them (unbelievably stupid).
My answer would have been "It's not a risk I would be happy to take: I think the chances of anything going wrong are small but the consequences, especially if we don't plan a mitigation strategy, would be fairly disastrous"
Between 2001 and 2013, about 3,400 USA citizens died from terror attacks (10% of which were outside the USA). In the same period there were over 400,000 deaths by gun violence inside the USA. [CDC figures, CNN report]. Measures which reduced USA gun crime by even 0.1% would save more lives than a 100% effective counter-terrorism system.
Before we can engaging in a discussion about "balancing" safety and privacy, the people asking us to discuss it need to explain what they feel is so uniquely awful about terror-related deaths and injuries that it requires such disproportionate resource expenditure and rights restrictions. In my experience, despite their insistence on being rational people who understand money, the 'stop-terror-at-any-cost' proponents are rarely in favour of any other 'big state' activities which would have a higher expected health payoff: increased health and safety provisions; supporting mental health; improving road safety; promoting changes in diet and lifestyle; increased research and treatment of major diseases.
Donald Trump: "[parts of London are] so radicalised the police are afraid for their lives"
Boris Johnson: "As a city where more than 300 languages are spoken, London has a proud history of tolerance and diversity and to suggest there are areas where police officers cannot go because of radicalisation is simply ridiculous ... Crime has been falling steadily both in London and in New York - the only reason I wouldn't go to some parts of New York is the real risk of meeting Donald Trump"
How about a small, rechargeable Bluetooth device that serves no purpose other than to keep your smartphone, tablet or laptop unlocked when said device is within range? You could even use it in 'pub' mode where when the device goes out of range you get an audible warning. Maybe the device could have its own buzzer to alert you when the connected devices drop out of range?
"PANTS for short" --- AndyS
Handy umbrella term. I have been using the term e-pocrisy to refer to the practice of using social media to diss social media (all those FB posts saying one, or one's kids, should put down their smartphones and experience real life). I think we could probably apply a similar classification for comments on a news site telling everybody what you think of Facebook, when it is not the central point of the article.
"He and the rest of the political elite never ask Toyota to come up with technological means to make it harder for terrorists to use the Hilux, do they?" --PassiveSmoking.
But they could prevent the vast majority of Hilux related deaths by limiting their speed to 20mph, though. I bet that would be super popular!
"The technology exists to regulate encryption and prosecute those who choose to violate the new laws."
I agree that technology exists "to regulate encryption" but, as we know, shorn of headers, decent ciphertext is indistinguishable from random numbers; these are easy to smuggle in media files. Furthermore, there is no practical detection of, or defence against, idiot code.
I'm pretty sure we are in agreement here --- they can regulate and criminalize but it wont stop the people it is "really supposed to stop"
"It should be well-known that something as cryptographically sensitive as key generation *must* use /dev/random"
Cause of weirdest "bug" (actually a feature) I've ever seen. Using a Linux Citrix client, connection to server timed out. Unless I got impatient and wiggled the mouse like crazy --- then it worked. Took me a while to figure out what was happening ... :-)
yeah, anyone care to apply the method of steepest descents?
Yes: prohibit impennetrable networks!
We need a high-profile absolutely* spy-proof communication system: strong encryption and no** usable metadata. We know there are such things, but they don't have enough public exposure for the majority people to realize "Well, terrorists could always use System X" so what's the point of allowing governments to spy on everybody all the time?"
* for highish values of absolutely
** for smallish values of no
"it's Fukushima that has left me with doubts about the sector." -- Six?
Why? It had a radioactivity death toll of zero despite a huge natural disaster that killed 20,000. It should be known as the Fukushima Nuclear Success.
... is objects that magically appear, prongs up, in the path of anyone who isn't wearing shoes
"Is that even possible, considering Gödel's theorems?"
It is and it isn't :-) You hit (for instance) the halting problem if you use a sufficiently expressive  language; then you cannot prove whether a program will halt or not. The key is to use a different type of language that is more amenable to mathematical proofs -- I'm inclined believe this is why they are starting fresh and not working on an existing library, but I'm no expert.
 Most modern programming languages meet the criteria: if you have a language where you can (a) test the return result of a function and (b) deliberately create an infinite loop, you'll hit the halting problem. Imagine a program (P) which takes a piece of code and calls a function (F) which returns whether that piece of code will complete or just hang (e.g. in an infinite loop). So P invokes F on some code and (bear with me) if the return result of F indicates that the said code will complete (i.e. will not halt), P then goes (deliberately) into an infinite loop. Now, what happens if you run P on itself? Suddenly you have a paradox: the only conclusion is that it is not possible to create the function F in any language in which, given F, you could create P.
Plusnet has stated that it "goes to great lengths to ensure we protect and secure our customer data"
This is simply a lie. You just cannot claim that you go to 'great lengths' to ensure xyz if you do not adhere to well known and widely accepted practices. Surely, in a case such as this when the organisation has actually been advised of the deficiencies of their approach (so even hard-to defend ignorance is no longer and excuse) and instead of saying "oops, we'll fix that ASAP, thanks for bringing it to our attention." they prefer to justify their original poor choices, making the statement "we go to great lengths" is actually fraudulently misrepresenting the services they sell?
"So, come on, how will we do it easily and cheaply?"
If I were a betting man, I'd guess on the materials science guys making a space elevator possible before the quantum science guys perfect either (a) the teleport or (b) the antigrav module.
... we can so effectively legislate against strong encryption because the corollary is, once such cat re-bagging and bolted horse re-stabling statutes have been perfected, we'll be able to neutralize the threat of nuclear weapons by forbidding knowledge of fission; furthermore, banning all understanding of highly exothermic chemical reactions will put an end to the explosive ambitions of terrorists!
"So only people with advanced tech knowledge are allowed to write about technology? Even though it's pretty important these days?" -- Clare Foges
Interesting that you interpret criticism as prohibition. Your focus on being "allowed" to do things is both revealing (it reveals you as an authoritarian by nature) -- and self-defeating, as your complaint appears to be that people are "allowed" to criticise you for being wrong.
And you aren't just whacky, creationist, homeopathically, moon-hoax wrong but actually mathematically, provably "pi is really rational, point nine recurring isn't equal to one," wrong.
... for some law student to demonstrate whether there is a potential for prosecution in cases like these. As far as I am concerned, a ready-trojanned machine is not 'fit for purpose' given the fairly well understood purposes of consumer computers.
As for "privacy is a top concern" it should be criminal offence to make this statement when it is clearly false, certainly when that is through incompetence in failure to protect (Talk Talk etc) but most definitely when it is due to a deliberate weakening of security for purposes that are of no benefit whatsoever to the user.
"No, it's just worthless. Usually I see a ton of "targeted" ads for things I've already bought" --- User McUser
Top Tip -- browse for under, beach and nightwear --- even better, leave some items 'saved for later' in various shopping carts to cheer up your browsing experience for a few days.
"I see you've had some kind of lessons in this "logic" subject. Very good!" -- Big John
You said: "That's a lot of killing by a smallish world minority. So let's not hear any more guff about "everyone does it." By and large, it's Muslims who do it to themselves and the rest of us."
You either (a) intended people to form a conclusion from this or (b) you didn't.
In the latter case (b) it is a correction of previous statements. I have nothing against pedantry --- I am probably one of its foremost proponents! Perhaps it is harsh to call such a correction pedantry, but that is a subjective assessment I made concerning the relative import of the statement to the current argument.
In the former case (a) there is a problem. Given that there are 1.5e9 Muslims in the world, the numbers of both victims and perpetrators of terrorism are proportionally so small that no conclusions can be made from this statement without affirming the consequent.
If you were encouraging the simple-minded to form a conclusion by affirming the consequent, despite your own knowledge of it being a logical fallacy, that would make you worse than simple minded -- it would make you a person using your superior intellect, or at least logical ability, to exploit those with less impressive capabilities.
So, I'm going to apologise for calling you a pedant and thank you for supplying the information, whilst considering the same to not advance us materially in the matter of dealing with terrorism.
"By and large, it's Muslims who do it to themselves and the rest of us." -- Big John
True but only valid as pedantry.
Those who didn't grow past the fallacy of "affirming the consequent" (e.g. All the terrorists in the world are fat, bald, middle-aged men from the West Midlands THEREFORE all fat, bald, middle-aged men from the West Midlands are terrorists) before adulthood should stick to the Daily Mail and Guardian forums where, as apparently in all popular politics, coherent phrasing is almost universally mistaken for coherent thinking.
Thanks for that useful explanation. I can see that it is certainly true if the path has high walls either side, but what about a wiggly footpath across an open field? Isn't it possible that the drunk will actually take a shortcut in these circumstances?
But then, with the 10 metre box described in the article, I'm pretty sure that time intervals between samples would sometimes cause the corners to appear to have been cut, and the overestimate still appears.
My other concern is whether this applies where maps are used --- an earlier reg article 'tested' GPS units against each other and tried to compare their accuracy. I was surprised how close they were to each other, and wonder if that is caused by snapping the route to a path on the map?
"The reliable, high quality of the beans these people secure" -- Some Starbucks employee
Well, if only you guys would turn the damn roasters off a bit sooner, we might be able to tell if that's true.
"If the NSA / GCHQ really want to waste their time keeping tabs on anything I've ever said or done then they must have money to burn" --- LucreLout.
They do. But it's ours.
"You have zero privacy anyway. Get over it."
Provably false. Do you know everything about Scott McNeally? Can you even find out everything about him? No. Privacy is a matter of degree: nearly no-one has absolute privacy and nearly no-one has no privacy at all. Blanket statements like this are just attractive soundbites --- any more than superficial analysis shows them to be fundamentally unhelpful in any mature debate about how much privacy we can reasonably expect in various circumstances.
" This is why the whole certificate concept is flawed" -- AC
There are some problems with certificates, but expiry isn't really one of them. It's nothing like DRM orphans; certificate expiry is virtually a cryptographic necessity.
There's a lot of dates companies need to remember: tax returns, profit filings, public holidays, audit points, backup schedules, etc. etc. --- it's really not too onerous to track certificate expiry dates.
If all that was needed was Timestamp (you forgot that) and another 8 bytes to store two IP4 addresses, you might indeed get to no more than a dozen bytes per record. But there's a hell of a lot more going on than one connection per site, just have a look at your own connection log. (And remember all that DNS activity, as well as DHCP, as well as all the other various network activity your computer is doing even when you are not browsing.)
But the thing is, 2 IP4s and a Timestamp would be worthless for the purposes of the IPB. It's a lose-lose --- either the data collection is indeed this small or it includes quite a lot more information. In the former case, the legislation is of much less utility than claimed, and in the latter it is of much greater intrusiveness than claimed.
... do your duty as a UK citizen.
I intend to. If this bill gets passed, all internet connections from this household will be summarised by a single Internet Connection Record per year.
2016-01-01 00:00:00 connection to xyz.vpn.ch:443
... approx 200TB data transferred
2017-01-01 00:00:00 connection to xyz.vpn.ch:443
Is it nanny-statism? irrational fear of ultra-low-death-toll mainland terrorism? What is wrong with so many UK politicians (and citizens) that they cannot see that this is completely unacceptable?
"Worse this puts a pressure on the criminals to improve what they are doing" -- AC
But it does relieve pressure on the poor terrorists; after all, the security services were already too busy to prevent people on their watch lists from committing terrorist acts, so once there are very many more leads the terrorists can shelter in a very much lower signal-to-noise environment.
A 99.99% effective terrorist spotting algorithm is going to give you at least 10,000 UK suspects. It's going to require about 90,000 field agents and at least 10,000 support staff to watch them 24x7; the salary costs alone would be around five billion pounds sterling per year.
"that particular colour blindness is male chromosome linked" -- AC
Doesn't mean it doesn't affect females, just that the proportion of affected females in the population is the (smaller) square of the proportion of the affected males: e.g. if 10% of males are X-linked R/G colourblind, 1% of females are (because 0.1 * 0.1 = 0.01).
@Graham I think his handle actually refers to his footwear...
"Except that councils will also have access, And other bodies too" -- Vimes
Yep: the Department for Work and Pensions; the Department for Transport;the Health and Safety Executive; NHS Trusts; the Department of Health; the Gambling Commission ... etc.
Now, if it's to stop terrorism, only a small list is required: secret services; home office; etc. If it's to stop crime, only the police forces need to be added. Why the hell are all these other bodies on the list? If they have a need for the information to resolve crimes, why can't they go through the police?