3600 posts • joined 10 Jun 2009
There is research into alternate sources of entropy from other parts of the CPU. Given a sufficient workload, the registers and other internal workings of the CPU are volatile enough to create a source of entropy (this is the theory behind HAVEGE). Perhaps more research into other independent sources of entropy could be found (I can't think of any, though, off the top of my head that couldn't be subverted in some way).
Re: I really don't understand this move@Doug S
And what if your data goes into the cloud ALREADY encrypted by an open-source and well-vetted algorithm? Remember, while the US itself may not publish codes they can't crack, last I checked they didin't restrict the IMPORT of outside algorithms, and there are plenty of sharp minds outside the US.
Re: The sky is falling?
Wiki covers the subject pretty well.
And relax, it's full of citations where you can get further information.
In a nutshell, RC4 has flaws that reveal key information about the plaintext in the cyphertext. Using that, one could reconstruct the plaintext with some patience (or access to a cloud because RC4 usually doesn't have a lot of bits). Klein's attack, for example, could analyze the cyphertext from a bunch of WEP-encrypted frames and use them to recover the WEP key. Since it could be done over the air and in a short amount of time, WEP was essentially no good anymore.
Re: Really ..
So why haven't they done anything about quantum encryption, which if performed properly is provably secure by science (the flaws in it have come from implementation flaws, not in the fundamental theory)? Unless you're saying the NSA has defied international science (including science outside US control) and created a way to break Quantum Key Distribution undetectably.
Re: OMG, the laziness!
But then again, how can Alice be certain she's meeting Bob and not Eve posing as Bob (and before you bring it up, Eve's a tomboy and an expert male crossdresser)?
The most difficult part of a secure conversation is STARTING it, because that requires a level of trust. Thing is, how do you do that in a DTA environment: one where anyone you meet could be the enemy?
Re: Has RC4 been broken? Probably
But now you run into some "hard" problems.
b) Without Trent, how can Alice and Bob be sure they're talking to each other? For all they know (even in a face-to-face encounter), Eve is posing as one of them. It's such a problem that even Quantum Encryption says you need Trent. So how do you do trust without Trent?
c) And you notice how clunky TOR is? That's because mail can't run properly without an address. Similarly, IP packets require a destination, and that's in the header. So how do you mail an envelope when the addressee is INSIDE the envelope?
How does that make sense? If you can repeat the process, you can make it such that two tags return the same signal. As long as you can do that, you can forge the tag, full stop. It has to be a process that doesn't allow for control: like fingerprints, which are made by a chaotic biological process not under the person's control. Otherwise, one could control the process to make a duplicate. Thus the term "snowflake" (snowflakes form by a chaotic process, thus like this tag can't readily produce two identical ones).
More like a bad imitation of the Lens. It wasn't meant as much a masquerade as it was a means to replicate some of the other functions of the Lens like telepathy and increased mental ability: a way to combat the L2's. Thing was, they were too late as L3's had already emerged and would become the most advanced thinkers in the universe.
PS. You're right about Children of the Lens being the coda of the series.
By that reasoning, you're talking about a "snowflake" manufacture process: one that produces (by design) random patterns in the electrical medium. The process as such doesn't allow for duplicates because that part is outside the control of the manufacturer, but that's not to say someone couldn't contrive a different process that allows for control of that step.
Trying to build a forgeproof ID has been the subject of sci-fi for decades. Even the Lensman series ran its early books on the idea.
But isn't the first step to going after a bad guy IDENTIFYING them? And in a world full of splinter cells and lone wolves, how else are you going to identify the bad guys, particularly the ones within your midst? And since the threat they pose can be potentially existential, it's kinda "no holds barred": you either go Big Brother or let the bad guy at your neck.
I think it's more than cost that blocks their use. IIRC those high-frequency devices are very simple in nature compared to, say, a CPU. Plus note you used the word "extreme". That implies a bit of risk-taking that may not be desirable in a mass-market setting.
Re: New architechture and improved coding
You're asking for something with the performance of DRAM but nonvolatile.
They've been working on that stuff for...about three decades at least. Tech up to now like Bubble Memory and Flash have always had strings attached. Bubble memory was slow and had to be heated up to work, while Flash is known to be slow to write and prone to lifecycle issues.
There are several candidates for the position: MRAM, RRAM, Racetrack memory (inspired by bubble memory), PCM, and so on. Thing is, none of them have reached wide-scale commercial release at this point. And while some are getting close, achieving the same size and scale as current DRAM tech is still going to take time, plus the tech has to survive the transition process AND be economical. Then the memory has to undergo a paradigm shift as it becomes more affordable, first replacing the RAM and THEN replacing the mass storage (which has its own level of economy of scale and will be more difficult to reach).
Re: MTP vs UMS
Well, as I understand it, one BIG reason for the switch to MTP is the fact that MSD require DISMOUNTING the device on Android so the other OS can mount it (it's a limitation of the spec's definition because USB assumes a master-slave relationship--multiple masters breaks the spec). Since many more apps are calling up the MSD, even in the background, this can be potentially destabilizing. MTP at least has the benefit of being usable on a live-mounted system.
That said, Google realized this isn't perfect. They've been trying to extend the spec to account for this, but I think they would appreciate a different specification to be adopted by the general computing world. It's just that no such alternative is forthcoming.
That's assuming your phone has the oomph needed for Android 4.0+. I tried it once on a Desire Z (T-Mobile branded G2) and found it was too limited in RAM to work properly (it kept FCing apps), so I settled on a Gingerbread ROM before selling it off to help pay for my new phone.
Re: Ah well!!!
The thing is, how can you communicate very precise information in plain english without having first met the other party (which can itself be a tipoff)? And what if the plan changes and you have to send new coordinates or whatever and are unable to meet your second party again?
Plain english codewords like "birthday party" are only good for very limited scenarios. Once you get to a broader vocabulary, you're going to need something rather more sophisticated.
Re: Such a surprise?
But that's the big problem. That you basically NEED a third party to vouch Alice to Bob and vice versa. Not even Quantum Encryption can seem to escape from that dilemma. Thing is, in this environment, if Alice can't trust Bob, what reason could they have to trust Trent, whom to Alice is just another stranger? Especially if Alice is in a hostile environment where DTA is the rule of thumb.
Re: This kind of governmental cheating
"What should be passed are new acts that say any governmental agency that gets caught breaking or abusing the rules are subject to decimation (as in 1/10th of the employees get fired, even split between top and bottom post), plus at least a 20% reduction in budget for the next 5 years. With real penalties should come improvements."
Ever heard of "Screw the rules, I MAKE them"? That's the problem here. Like it or not, when it's the lawMAKERS (in concert) working against you, you lose.
Re: Disinformation is their secret weapon
"My biggest concern is when they do this without a warrant, I am a firm believer that NO wire taps, traces, decryption or even a request for encryption keys, should be done without a warrant issued by a judge with good reason as its due to a serious suspected crime (i.e. murder, drugs, people trafficking, firearms, terrorism)..."
Even if the mere issuance of the warrant gives the game away (due to moles and the like) and makes the terrorist(s) go to ground?
Re: I wonder
1) "The Code is vetted!"... ~By who? Who watches the Watchmen?~
By people OUTSIDE the US, who can't be influenced by the US.
2) "Do these People know what every "bit" does?" I mean are those People able to find such cleverly hidden Code?
You'd be surprised at the thoroughness of some bug hunters, especially if money or prestige are involved.
Re: Ah well...
"Threats of death to loved ones can also unmask the most fiendish codes too..."
And suppose you're a masochist (torture gets you off) with no friends or family (no other ways to get to you)?
You do realize that by making it a LInux instead of say a BSD the code must be open-sourced (GPL license requires it) and able to be analyzed. And the links of the chain needed to produce the kernel from source (like the compiler) could be obtained from places outside US control. SELinux was something they put in for their OWN benefit, to cover their OWN butts, because as the article notes, anything used here could be turned against them. Thing is, SELinux is a rather complicated way of doing things (no root user), so it's not for everyone.
Re: Disinformation is their secret weapon
Even open-sourced ones where the code can be analyzed?
Also, there's also reason to believe not all algorithms are vulnerable. There's a high-profile case of the FBI trying to obtain evidence off a drug dealer's hard drive, but it was TrueCrypted, and despite a year of brute-forcing, they couldn't get at the data.
As for web of trust systems, it seems all of them are necessarily complicated and difficult to implement. Freenet has a WoT system using CAPTCHAs, and it's clunky as anything.
Re: Such a surprise?
There is reason to believe that there may be NO solution to the problem of Alice and Bob establishing trust with each other without help from a third paty (whose trust cannot be guaranteeed). Wasn't there a recent article that noted they had a similar trust problem with quantum encryption (which in turn prevented it from being provably secure)? And it may not be possible (or wise) for Alice and Bob to meet face to face.
Re: It is not a music player
Can't. You need some length, and the watch isn't long enough for an antenna with good-enough range. Not to mention phones can house multiple antennae. Only way you could improve that is the put the antennae on the strap, which has its own hazards.
Re: "...should work with any Android handset."
"And constant bluetooth? That's going to suck battery."
Thus the emphasis on Bluetooth 4.0, which if you'll recall was specced with low power in mind.
Re: It is not a music player
I believe that was the intention. The phone does the heavy lifting and the network negoriation. The watch piggybacks off the phone and gathers its data from that.
"And if you go on to the surveillance sites, you will find currently available devices that pose as pens, buttons, ties and even watches."
What? No shoes? Voyeurs would be snapping those up.
Re: Qualcomm Toq
The Toq sounds interesting. The biggest interest for me in this case is the Mirasol display, as it would be the first color quick-refresh nonvolatile display to market. Been waiting on one for years, and if successful could mean some good business for Qualcomm in future phones and tablets.
The watch lasting a week should only be an issue if people sleep with their watches on. But I hear nothing about Qi charging, which (or a similar wireless charging standard) should be standard on a smartwatch so you can just throw the watch on it at night and pick it up in the morning (or after the shower) topped off.
Oh? And suppose the smartwatch takes off as a companion to the smartphone, Samsung and the like cash in, and Apple find themselves late to the train? Remember, they're not the "absolutely must have it NOW" that they once were. If they were to release an iWatch AFTER the craze takes off...
Re: I remember watches
That said, there are places where external sources of time are unavailable. Casinos, for example, never show clocks on the floor because they WANT you to lose track of time. That and the big room might mean you lose your signal, so the phone won't help, and laptops would smack of cheating, so when all else fails, it falls back to a cheap quartz wristwatch.
Also handy for when you're out in the sticks, away from civilization and a cell phone signal. The wristwatch can keep chugging on its own for a couple years on a button battery or two. Don't know about anything else.
Re: Combating global cyber crooks
The trick will be to make things BOTH secure AND easy to use. You need both because without the latter, people get fed up and go around. Trouble is, the two tend to work against each other, as secrity tends to require some complexity (to combat brute forcing) to be useable. And no matter which angle you take, there are complications (anything internal to the user like biometrics can't be replaced if cloned, and anything external to the user like dongles can be lost or stolen).
Plus the anonymous nature of the Internet means there's a ponit when Mallory can mimic Alice to the point of gaining trust, stymiing forensic analysis. Some malcontents are patient enough to fall below the noise floor, such that trying to detect them (realtime or not) results in too many false positives, making the system impractical. Then there's the matter of establishing trust in the first place, and there's hints two parties who can't meet face-to-face can't properly establish it without help from a third party (who really can't be trusted), taking the whole e-commerce system back to DTA mode.
Re: Why is my prime meridian wobbling?
"It's most likely Colon didn't know about the Americas, but he was far from the first European to discover them."
Plus IIRC Vikings had taken some sojourns to the west but didn't make much of it.
What Columbus did was tip off a country (Spain) that just happened to be itching for exploration. Asia was pretty much closed to them as the Turks controlled the Red Sea route and the Portuguese had the Horn of Africa covered. When Columbus came back and told them this new land to the west was full of novel (and valuable) goodies, Spain suddenly realized, "Who needs Asia?"
So, not so much the first to find the place but the one to make the place famous.
Re: Why is my prime meridian wobbling?
Actually, it was well known the world was round. After all, if it were flat, the horizon would move and you wouldn't see significantly further from atop a tower or upon a crow's nest.
Now, the interior of Africa and anything west of Portugal was basically Terra incognita, and that was what kept down the idea of circumnavigation: not knowing what lay in the way.
Those depends on radio transmissions, correct, which as electromagnetic waves do not travel at a uniform speed. That's why there's some inherent inaccuracy in GPS systems (atmospheric interference). That and the low power means it has trouble penetrating solid objects. I don't localizers could overcome those physical limitations, especially if it's using time-of-flight to measure distances in a medium where the speed of electromagnetic waves can vary (GPS doesn't strictly rely on time-of-flight so is less vulnerable).
Re: What about security?
The problem is the the sensor is an originator of information. If it doesn't want the information tampered, it needs to encrypt the data from the point it enters the system. That puts the onus on the sensor to encrypt before transmitting. There's just one issue. Good encryption is resource- and power-intensive. It's a physical limitation; otherwise the encryption is too easy to break. So you end up with the issue of having to encrypt in a resource-constrained environment.
The best bet right now looks like TEA-based algorithms. They're designed for their simplicity, but they've been shown to have chinks.
What about security?
Security is one thing that really needs to be baked in to get it right, since it's more of a way of thinking than a way of doing.
Sensor swapping and sensor spoofing came to mind when I looked at this new sensor network. There would need to be a way for the sensor to positively identify itself, such as with an asymmetric key. But encryption takes time, resources, and (most critically) power. And now we run into some of the tradeoffs systems like POS terminals faced. Although in their case, it wasn't electical power limitations but CPU power limitations mostly.
In other words, the next problem I see for them is making the network secure while STILL low-powered.
Re: Lack of insight is depcressing? Wise crowds?
Nah, touch is here to stay because of one neat thing: no additional accessories required to use. Stylii get lost, and mice and the like need batteries. That's why the trend has been and stuck with just your finger (and if you don't have fingers or the like, you can't grip the device in the first place, rendering the device useless for you anyway). If something better could be devised since the iPhone, we'd have probably seen it by now, but not even the Galaxy Note is making a difference.
What's going to happen is that apps will dispense with the need for precision. There are few applications out there that require pixel-perfect precision. Most that do probably need other things (like raw compute power) that will make them more suitable for true PCs. If a little more precision is needed, there are ways to accommodate like pinch-to-zoom and borders you an adjust after the fact.
The primary issue Dell fell afoul of is that robocalls and cell phones didn't mix when the Act was made and still don't mix so well today because some people still pay for their airtime—calling AND receiving, so robocalls eat into their allowance. It just means Dell will have to assign an actual person to make the calls. Also doesn't prevent them from using a dialing machine to do the dialing and turn it over to the person when it's picked up, but given mobile phone tech today, such an attempt will likely be blocked.
I'm surprised no government has taken the step of banning ALL encryption outside of state use. And then only vetting the ones for state use such that they're always with a random overseer.
Re: Stand near this puddle for 50 hours, die.
Not that hard, given a comatose human can drown if he ends up face-down in just TWO inches of water (enough to cover the mouth and nose, and if you're comatose, even the gag reflex may be down).
Re: Re. fracking
Have you looking into how thoroughly Gen IV reactors use their fuel?
Beam solar from space planetside? Disaster waiting to happen. Beam gets redirected and you've got an orbital beam of mass destruction on your hands. Not to mention, who's going to OWN the blasted thing? You're not going to get the nations of the world to cooperate on this one: energy means power means leverage in the world conflict (and many countries could care less about not surviving to the next day—they're ALREADY under existential threat for other reasons).
Re: There will be many, many radiation deaths
Not to mention the potential problems when tailings dams burst. Ask Stava, Italy, Buffalo Creek, West Virginia, and Aberfan, Wales.
Re: Nuclear power will be a terrible loss
How about a LFTR? Molten-salt reactor and uses Thorium.
If you're willing to stick with uranium there's work being done on failsafe reactors: even naturally-self-regulating ones (recall one based on uranium hydride being worked on—there are also the TRIGA research reactors: so safe they don't even need shielding).
I could see a potential use for this in retail. I know some stores that rely on electronic price displays on their shelves. Right now, they employ LCD numeric displays and button batteries, but a changeover to a programmable e-Ink display could simplify things, increase versatility (now you can change the description as well as the price) and reduce maintenance costs (no more button batteries).
Re: What About Deep Packet Inspection?
"What is to stop them (you know, THEM) from coercing all ISPs and backbone providers into letting them monitor the packets going through every single router, in particular the ones at the edge of the Internet?"
How about some of the IPs belonging to countries antagonistic to the west but lack the resources to crack the stuff themselves? They'll tweak the US just because they're the US, and once they lose track of the chain, it's hard to pick it up again in the noise, especially if the endpoint is outside their control. Another possibility is something like a dead-drop where the information is posted to some random location and the message of its location conveyed by some other means. There's more to the darknet than just TOR. Freenet may be too conspicuous due to its traffic usage, but perhaps a chan board or a stego'd image elsewhere.
"With the massive precautionary data collection, the authorities are taking the easy way out, to be sure, and it is being abused. So can be just back up the Patriot Act and its ilk a bit and go back to the days of having real judges issue real warrants?"
No, they won't be cause they're afraid the terrorists have subverted the judges or have placed moles within, such that the very ACT of obtaining the warrant tips them off and makes them scatter and hide or switch to an alternate line of communication they haven't traced. Then the warrant's meaningless because there's nothing to seize and no one to arrest anymore. IOW, the government has the EXACT SAME problem on THEIR end: keeping their raids secret until they actually go down, as any leak can give the game away.
Re: "doesn't spy on you for the NSA or GCHQ"
Oh? How about snagging your traffic OUTSIDE any encryption chain? The browser must display the results so would be the weakest link.
Re: Microsoft arithmetic?
Then what happens when you find an essential piece of software is Windows-ONLY? And they exist A LOT in both the gaming and business world. Sometimes (like a companion to some hardware), not even VMing a Windows session helps much.
Re: MS is getting desperate on Windows 8x
"Yabut - you'll be non-compliant with the terms of an OEM license if you install that software on anything other than a brand new machine."
Yabut - Can they tell the difference between an upgraded prebuilt and a homebuilt? How much of a computer must be upgraded with new parts before it can be declared a new computer? And so on...
Re: Since they are going to be trying to tax mostly drug income...
"I challenge you to find a drug dealer that will accept virtual currency."
I can name two: The Silk Road and Atlantis, both TOR Onion sites. Both rely on Bitcoin and the related Litecoin as the medium of exchange.
- Analysis iPhone 6: The final straw for Android makers eaten alive by the data parasite?
- First Crack Man buys iPHONE 6 and DROPS IT to SMASH on PURPOSE
- First Fondle Reg journo battles Sydney iPHONE queue, FONDLES BIG 'UN
- TOR users become FBI's No.1 hacking target after legal power grab
- Vid Reg bloke zips through an iPHONE 6 queue from ZERO to 60 SECONDS