It's a bit like saying the people who build and mend roads aren't responsible for blocking sales of dodgy goods off the backs of white vans.
577 posts • joined 11 Jul 2011
It's a bit like saying the people who build and mend roads aren't responsible for blocking sales of dodgy goods off the backs of white vans.
If Albert Einstein was wrong on this quote, maybe the universe is a truly random number generator. If he was right, maybe the universe can be used as a pseudo random generator e.g. in the manner the article describes. I read an article in New Scientist a few years ago which claimed it to be inherently unprovable as to whether randomness is an emergent property of fundamentally deterministic physical processes (as in a very good pseudo-random generator whose algorithm is sufficiently obscure and whose cycles are sufficiently long as to be undetectable as such) or an inherent property of various physical processes. Current scientific opinion seems to regard Heisenberg's principle as suggesting the universe to be genuinely random, but I very much doubt there's any proof either way.
It doesn't offer any protection against the proposed snoopers charter directly. However, once sufficiently widely adopted, it enables developing more widely used cryptography (e.g. for email contents and addresses) based on a better chain of trust than the current CA system. Under the CA COT, any one bad CA out of several hundred can compromise any domain. Under the DNSSEC COT, those in a position to compromise your chain of trust is likely to be exposed (by signing collectable and provably false statements about any lower-level key they compromise), and held to account in connection with this proof resulting in massive reputation damage. Another advantage of the DNSSEC COT is you can choose whichever top level domain or registrar you do trust to verify your identity and keys, by establishing your identity within their namespace.
Obviously anyone concerned about this should manage their own private keys themselves - the DNSSEC or CA COT are concerned about how other parties verify the identity associated with these keys. Those without the technical capacity to do so are likely to pick a trusted provider to do this for them.
"Fair enough. Now tell us how we can wrest the power back from them? What cards can the community still play?"
Setup and use an alternate DNS root zone. It wouldn't be that hard to do technically in collaboration between the existing top level domain authoritative nameserver operators. There would be 2 harder problems:
1. Get those configuring DNS resolvers to point to it in preference to the ICANN root.
2. Decide who manages it and how.
Once enough people are using DNSSEC, a revolutionary consensus would also need include operating system vendors to patch operating systems to accept the new root zone signing key.
There would also be quite a financial stream available for such from the domain registrars, who would clearly have to be part of any revolutionary consensus if they are not to have to pay cuts from domain fees to 2 root zone operators during a protracted competition between 2 root providers.
If parts of GCHQ and the NSA need to use Tor to carry out their own investigations, which seems likely, they have the same kind of motivation to fix it as the US Navy had to fund its development in the first place. Doesn't mean other parts of GCHQ or the NSA can't have operations compromised by this development, but who expects the left and right hands in any secretive organisation to know what each other are doing anyway ? It's not as if everyone in GCHQ will know about any particular zero day vulnerabilities involved in any particular investigation, as knowledge will have to be restricted on a "need to know" basis in any such environment. Don't forget it was the NSA who developed SELinux - and open sourced their patch which provided this.
Maybe they are trying to convince Tor users in Russia that they haven't got a clue how to trace them. Well, they would, wouldn't they ?
"Your data is only as safe as your CA's security." Under the current CA system, it's much worse than that, given that hacking the weakest CA in the target's OS or browser can result in issuance of a bad certificate capable of compromising any domain, regardless of whether or not the domain owner obtained a certificate from the hacked CA.
At least under DNSSEC, your security can be as good as that of your choice of TLD and registrar, and a compromise of the .com registrar doesn't compromise anything in .bank or .uk .
Rotating fossil fuel generators tend to need electricity to generate a magnetic field to generate electricity. Hydro is often designated for this purpose in grid black start planning.
Demonstrating the viability of such survivable "seeds" based on bouyancy and wind energy harvesting comes first. Then the 2nd generation needs the capacity to make more in their own likeness, with the 3rd generation able to communicate more intelligently, mutate and evolve. If so what's to stop the 4th generation launching space war on their creators ?
His offence seems to be being a small guy doing what the larger guys whose HFT algorithms make the rules are doing and bragging about it. His choice of name for his offshore company seems to give the game away a bit too much for their liking: "Nav Sarao Milking Markets Limited."
I don't see problems with international level telephony codes managed by the ITU being sold off to the highest bidder. I guess we'd have a different set of problems in relation to bureaucracy and slowness of process, but I don't see the fact that member states of the ITU are not all shining democracies to be it's main problem. Slowness of process, to the extent this achieves political consensus, would probably be a relatively good thing in connection with the ICANN TLD sell off which shouldn't be occurring at all.
There would be an initial issue of technical competence, probably best solved by passing the managment of ICANN as it stands over to an ITU process to be defined.
The LXDE Lubuntu desktop runs extremely well on low RAM hardware such as my old netbook. I tend to prefer Xubuntu on better provisioned desktops. Haven't looked at Gnome or KDE for a few years since their developers seemed to lose the plot, though that may have changed since. The great thing about having choice in this environment is that all the Gnome/KDE whatever oriented applications seem to install and run fine on all the desktop manager options, so changing desktop managers doesn't require you to change your applications.
Rumour has it that the escaping nuclear waste got mixed up with some genetically modified maize which was reused in commercial pig feed, and the pigkeeper is now breeding a new strain of mutant pigs which are sprouting wings and getting ready for take off. On somewhat better authority, Jeremy Clarkson is considering reducing his carbon footprint.
Because the different product and technology divisions within Microsoft don't want to be bound together into an ultimate gamble where either all have to succeed together, or none will succeed at all. It's the same reason Microsoft want to sell Office on platforms they don't control. If they can get their technology working as well on Linux and Apple platforms this increases the market for services and support, even if they sell fewer licenses on Windows. If the .Net platform is sold based on support as opposed to product licensing they have no reason not to do this.
.Net also competes against Oracle Java, CPython and the GNU toolchain also, but it can't compete as well if it's limited to Windows platforms given these competitors are not so limited. Python runs on .Net (IronPython) and Java (Jython) platforms for the same kind of reason.
The main problem with wind energy is storage, due to wind variability. Putting big reservoirs on the top of hills is expensive and unsightly. One option being looked at is storing excess wind energy in the gas grid, using C02 captured from residual fossil fuel plant in the medium term, and I guess from biofuel in the longer term. Again, all of this is feasible given acceptance of higher energy costs, but not a perfect totally "carbon free" solution during several decades of transition.
The alternative is much higher energy costs externalised into costs of sea level rise, more frequent storms and flooding etc.
Well, it provides for the possibility of a somewhat better PKI than the broken one we use for HTTPS, where any of over 500 CAs can forge a certificate for any domain on the net. DNSSEC would not be a perfect PKI by any means, and there's no particular reason to trust ICANN as the holder of the keys to this kingdom either. But signatories of bogus NS records pointed to at managed zones can at least be held accountable. Such a bogus signed NS record for any next level down is observable and recordable, and once recorded and publicised, such would provide signed proof of bad intentions and actions wherever in the DNSSEC hierarchy registrar reputation needs to be protected.
DNSSEC also provides a fairly obvious place for certificated public key storage. For example, if you want to develop a networked application called foo, storing the public key for example.com at _foo.example.com seems fairly obvious. And given domain registrants already got the hassle of having to renew domains every year or 2, now's good time to move our business to DNSSEC domain friendly registrars in preference to those which are not. This could also save the cost of those stupid, expensive and near useless CA HTTPS certificates.
And I'm very glad he's now able to use his skills to make an honest living. Should have been given a hundred hours community service by the local magistrate and the chance to get on with life much, much sooner. Instead he spent what should have been the best years of his life awaiting extradition and is still confined to the UK until the US legal system and politicians stop behaving like drooling idiots.
That's probably why the code got into a mess. Having a good testsuite will certainly help in refactoring. Problems this library has to deal with include doing integer arithmetic securely on 4096 bit numbers and larger and at high performance on different CPUs. And you can't afford to leave any clues in memory which might be reallocated to a different process afterwards. So you've got all this non-standard stuff done in many different ways, and need to avoid integer overflow and stack and heap smashing bugs as well, none of which you can develop automated tests for until you know about them.
Talking of conflicts of interest, can any beneficiary of strong IP protection be trusted to present an unbiased view ? Surely the conflict of interest present in the behaviour of WIPO is dwarfed by the conflict of interest inherent in the simple existence of this organisation.
Unless the cypto protocols are broken and the system branches wildly without consensus about which branch is "authentic", I expect Bitcoins might be traded in 100 years, just as Penny Blacks are after they ceased to be carried by anyone's need to have letters delivered, amongst a historically inclined and nerdy trainspotterish sect. They probably won't generate many press articles though once they stop carrying some other historical baggage with them such as payment for blackmail demands, other than in the cryptocurrency equivalents of stamp-collector's magazines.
Of course this is all predicated on continuing interest in the "my CPU/GPU/Hashing farm is bigger than yours" electricity-wasting competition continuing.
If you're interested in non-state currencies which have been proven to have operated at scale with a stable value standard for decades (since the 1930ies) have a look at Wirbank in Switzerland. If you are a Swiss SME with a good trading reputation, then you'll be able to get the cheapest mortgage finance in the world using this community currency, which is very widely used and accepted by and between Swiss SMEs. It's just like a LETS, in relation to how the accounting is done, except it's done as a professional and not as a voluntary operation, and credit control is done managerially rather than by providers of goods and services within the currency.
I'm a member of a LETS group which has operated for 21 years. Money earned that long ago is still spendable at par with conventional UK sterling at our trading events. You don't have to waste electricity to do double entry accounting within a closed group. And if you dislike conventional currencies as value standards, do the same kind of accounting using hours or minimum wage hours as your value standard at the cost of making it marginally more difficult for account-holders doing tax returns.
Bitcoin doesn't circumvent any legitimate businesses. The idea that it reduces money transfer fees can only operate for those willing to enter into risks (which carry costs of their own) much greater than those undergone by those using conventional markets. An argument could be made comparing Bitcoins against gambling tokens issued and redeemed at casino cages, but I don't think any casinos consider their business models to be threatened by Bitcoin.
It's a bubble speculation which has proved of some ongoing value to some cyber-criminals, drug dealers, botnet operators and digital blackmailers. The exchange value of a Bitcoin is predicated on a similar basis to the value of rare postage stamps, but is much less stable. These are man-made artefacts in deliberately limited editions of interest to collectors of such, and of no intrinsic interest to anyone else, unless your computer delivers you a notice telling you one is required as a fee to a blackmailer to recover the encryption key from a server operated by criminals or your data will be deleted.
Because many things can be currencies in different contexts. E.G. air miles, my supermarket's points, the balance I have with my local LETS, prepaid credits I have with Oyster or on my PAYG phone. And if physical cash is insecure, having to manage many physical kinds of cash in my wallet is worse. Pushing the idea that the whole world transacts using a single currency suits those interested in preventing competition so the usual suspects can get their rake offs.
SSH can be setup either to use a shared secret password, or to use public/private keypairs, where only the public key would have needed embedding, and clearly the latter approach is safer if slightly harder to setup. I've installed it using both approaches. Cisco had wanted to leave a way in for themselves and/or their spook friends without it becoming so easily exploitable and had thought a bit more carefully about this, they wouldn't have used the shared secret password approach.
You can't achieve security without trust at some level. That's looking at it from the point of view of risk management which is possible, and not full risk elimination which isn't possible.
You can make whatever conclusions you like of the fact Phil Zimmerman is their CEO. He was the author of PGP and faced a grand jury trial many years ago which was eventually thrown out, based on the allegation his authorship and release of PGP contravened export regulations which classified crypto software as equivalent to munitions at the time. You can form whatever opinion you like of Phil's motivations in doing this, and of his ability effectively to select and manage whichever professional engineers he has chosen to collaborate with him on this.
If it's PAYG, get a friend or agency to buy and register it for you. Illegal in some countries, but effectively unenforceable.
Bit like the law which required London cabbies to have a bale of straw in the boot repealed in the 1960ies, long after anyone was worried about starving cab horses. Ultimately that kind of law would prevent any kind of exchange or contract from being legal unless one side paid legal tender currency to the other.
Robert Morris didn't do too badly. But computer crims didn't have to waste 10 years of their life awaiting threatened extradition then. https://en.wikipedia.org/wiki/Morris_worm
Me too, in the early eighties. I didn't even know then the name of the problem. Ended up optimising 3 variables, 1. The time on the CNC drilling tool used to drill a stack of PCBs, 2. The machine time on the much more expensive mainframe computer, and 3. the number of days programming effort.
I seem to remember I did it by dividing up the rectangular area into a number of smaller squares with suitable start and end nodes within each square to minimise movement of the drill head between squares, optimised the route within each square and moved between adjacent squares.
"The user id doesn't work on your demo app."
Fixed it for now.
If the people providing the goods and services being sold decide the credit rating of people doing the buying, within a group of people who trade with each other and keep score , you don't entirely need the BofE issued stuff, you can create, circulate and destruct some of your own as part of the process. I've even coded a webapp to keep score , it's all just double entry accounting.
If you were a known Al Quada operative organising training in Waziristan with a known face, would you trust the drone overhead not to be making targeting and missile launch decisions itself based upon facial recognition ?
What proportion of newly mined bitcoins (and increasingly transaction charges) are using stolen CPU capacity (botnets) and unauthorised use of electricity.
"Pity that the most crumpled places in the UK, i.e. those best suited to hydro-storage, are those bits most likely to devolve and claim independence."
Matters from one point of view, but not this one given suitable market incentives. Eire has been considering using their western mountain ranges for pumped storage. Not so much for their own needs, but to sell more reliable renewable electricity to the UK. Same applies to increasing interconnector capacity across the North Sea (as well as the Irish Sea), enabling access to Norweigan hydro and pumped storage on a commercial basis.
When this all depends upon previously amateur stuff like OpenSSL where they found gaping holes due to the guy who maintains it having to do something else for a living ? Actually that was the case until last month, when organisations realised they were sufficiently dependent upon it that they started paying to have it maintained. http://opensslfoundation.com/freesupport.html
Block structure based on typographical convention has the interesting effect of encouraging you to use the main roads more because of these minor speed bumps, rather than trying to construct very long journeys using seemingly more familiar and understandable but minor and tangled roads and lanes.
For projects requiring more than a couple of hundred lines of code, you should generally be focussed on the source files, packages, modules, classes and objects concepts relating to the problem and solution, not on how you get to do function, loop and branch control done in order to patch together something that just about works but is neither scalable nor maintainable.
"How do you decide that?"
Look up the IP address of the SMTP client sending to your SMTP server, or the last SMTP server in the Received: header chain you trust. If the reverse DNS PTR record indicates it's a dynamic host, reject it. If you're its ISP providing a smarthost for it, rate limit it. If its address is in zen.spamhaus.org reject it. That will get rid of about 95% of spam.
You can then get rid of another 4% or so using more complex measures such as maintaining your own DNSBL, using Spamassassin, ClamAV, SPF, URLBLs.
One side used to make fantastic innovative and high quality electronic consumer goods. Which were excellent at copying things. Sounds onto tape. Tape into sound. TV signals into pictures.
The other side tried to make a business out of media and copyright and wanted to stop the other side of the business making it easy to copy content easily or perfectly.
The solution - split Sony into 2 companies where one side isn't trying to sabotage the other.
The level of security audit and testing feasible on hardware and software is proportional to its age.
So if you really want a secure system, you don't want the latest shiny. You do want something that's been around for a while and has been very heavily used by many curious people willing to publish what they have discovered.
If the mining is done on pwned hardware anyway ? The beneficiary doesn't pay for the electricity used to run pwned hardware. It's an externality.
Given the amount of pwned hardware on the planet, it seems economically improbable that anyone paying for their own rigs will be competitive in this murky world against pwned botnet mining.
We were developing CAD/CAM programs in this environment starting in the early eighties, because it's what was available then, based on use of this system for stock control in a large electronics manufacturing environment. We fairly soon moved this Fortran code onto smaller machines, DEC/VAX minicomputers and early Apollo workstations. We even had an early IBM-PC in the development lab, but this was more a curiosity than something we could do much real work on initially. The Unix based Apollo and early Sun workstations were much closer to later PCs once these acquired similar amounts of memory, X-Windows like GUIs and more respectable graphics and storage capabilities, and multi-user operating systems.
If it is closed and curved, and you could see the same object more than once, you wouldn't see exactly the same object, more a much younger and older version of the same object. Chances are you can't see all the way around in time to see anything more than once in that way, because the big bang occurred more recently than would make that possible. It's possible to see the same object through more than one tiny variations in direction, due to gravitational lensing. But it would be a very major cosmological discovery if we started to observe a provably same, distant and early galaxy in more than one very different direction.
What is even more weird is that the further you look in any direction, the closer you get to the same big bang singularity which existed in a much smaller region. That's a bit like the idea of a universe being like an expanding balloon but with an extra dimension - we can look in any direction on the surface of a balloon and you get back to the same point when the much smaller balloon hadn't been inflated.
There already is a European data network, and no particular reason for messages not to be most efficiently routed within it, as I'm sure very many are. But that doesn't stop a free citizen or business operating within an EU or Shengen country locating data and servers wherever personal preference, business or legal issues require.
I'm free to locate my server wherever it suits me and commerce offers suitable facilities, and having some crat or politician telling me I can't locate it where I want to reduces the reasons for me to want to locate it closer to home.
Richer people are probably less likely to smoke or have other risk factors associated with poor environment, and less likely to have suffered poor health in the past which causes poverty. Also richer people who are likely to live older, so have a greater risk exposure to cancers associated with being around for longer. I'd guess these factors will probably dominate over the factors looked at in the study, in the sense whatever differences are more likely to be correlations than causations.
"And what does "control of ICANN" mean?"
If whoever controls ICANN does something really stupid, people (mostly ISP technicians) get their DNS resolvers to point to emergency root zone copies provided by a more reputable party, e.g. some organisation formed for this purpose by the various TLD DNS content server operators. It'll be a little more difficult when lots of barely computer literate end users will be running DNSSEC end to end down to client level, as that would then also require automated OS patches to change the DNSSEC root of trust key. But that's likely to be a long way off.
Not sure if flogging off top level domains to the highest bidder, as ICANN are now doing, qualifies as really stupid as I guess it will make their directors and execs personally a lot more wealthy in the short term. But it's certainly going to increase breakage for everyone else.
Using more than one system at the same time is the worst as this results in rocket fuel strength or weak beer. On an international brewing forum I try to discourage exchanges of recipes using gallons as often no-one knows which kind of gallon others are using unless they know which side of the pond they're based. Pounds and ounces are the same both sides, but gallons are smaller in North America, also having the effect of us Brits making us think Yank gas guzzlers drink even more gas than they do.
To accommodate all the random books in the Library of Babel postulated by Jorge Luis Borges, needed to include the works of Shakespeare should it be assumed such volumes arose entirely from chance.
If the fine tuned universe problem is genuine, cosmologists have a similar problem, but solving it using the assumption of an infinite energy singularity alone creating all possible universes doesn't seem any more plausible to me without much better evidence than the evidence we have .
"There are no clues to whether reality is real or fake."
I guess that's what Plato figured out with his cave analogy. To this we nowadays add the problems of perception and consciousness, in the sense our perception is bound up in our theories about optical and sound wave radiations impacting upon our eyes and ears, so we don't experience things entirely objectively at all - to do that would require our ability to perceive independently of the mental models we need to use to make sense of our perceptions.
The fact ICANN is technically a non profit doesn't mean it hasn't been given a license to print money for the benefit of it's executives and directors. How much are TLDs sold for advertising purposes worth, and to what extent does ICANN bringing these into existence indicate any kind of global consensus other than a self-interested one ?
I see controversy ahead.