Recent Comments
Note: new comments may take a few minutes to appear on this page.
May 8, 2016 4:10 AM
Clive Robinson on Friday Squid Blogging: My Little Cephalopod:
@ Figureitout,
I don't really expect to get into ads-b that much...
Possibly not, it is a nich hobby area.
However a thought does occure, others have already embarrassed certain agencies for their crap backstory/legend for these surveillance flights, and thus what the agencies regard as strictly need to know has been blown out of the water and clasiffied operational details leaked about unwarranted spying on civilians.
Thus even slightly savey criminals are aware of what these agencies are upto. Whilst the slightly smarter ones will get their own ADS-B receivers etc and change their plans accordingly. So another variation on the theme of "going dark" pops up...
So the obvious solution is at some point ADS-B in these aircraft will get turned off to preserve operational security etc. Only it can not, because it would then endanger other aircraft etc, and require specialised proceadures which in turn would leak out...
So the recent calls by the FCC with regards SDR might not be unrelated to this and a number of other radio based OpSec leaks.
But that won't work either now the cat is out the bag and there is way to much invested in ADS-B to make changes to give more secure transmissions etc. Further ADS-B equipment is not realy that expensive, so getting a transeceiver and disabling the transmit section could be done by quite a few electronic hobbyists with little difficulty.
But now it's known there are such aircraft around and their flight behaviours categorised, it brings in another asspect which is radar. Marine 3cm radar can spot aircraft just as easily as it can ships etc. The big difference is in the "air-interface" which is the antenna used. Without going into details a moderatly knowledgable mechanic can make the changes required.
But in many areas they don't need to...
Objects can be detected by a source of radiative energy by their charecteristics due to transmission, absorbtion and reflection at different frequencies. We see using all three effects to some degree. Most radar however generaly works by the very limited squint of "red eye" or 180degree reflection, using either a surface "normal" to the direction of the radiation or via a tri-corner reflector or similar.
The important point to note is that when the radiation hits the object, just as a flashlight/torch in a dark room, the reflected energy goes off in all directions...
Thus you can have "Offset Radar" where the transmitter and receiver are seperated by a distance, and there can be more than one receiver. Which gives rise to the notion of "parasitic radar receivers". At their simplist they are an omnidirectional antenna with a receiver optimised to receive the reflected radar transmission. You can actually convert one of those X-Band doplar radar units used in traffic or modify a satellite TV head end by connecting them to a length of X-Band waveguide that has been machined --had slots cut into it-- as a medium gain omnidirectional antenna. You then feed the baseband signal into a high speed A to D converter connected to a PC to produce a radar display. The closer you are to the transmitter the less maths you have to do to resolve the position of the aircraft.
Thus having your own parasitic offset radar as well as an ADS-B receiver, tied together by a chunk of python code etc alows you to identify aircraft without an operational ADS-B, which immediately makes them suspicious...
All forms of "active surveillance" have similar technical OpSec issues, which is why real serious attention needs to be given to not just current activity and cover but backstories/ legends as well. It's the inability of LEO's to get backstories and legends of any diversity that results in their undercover officers getting outed, likewise parallel construction.
It's one of the reasons Israel for instance encorages those emigrating there to not hand their documents etc back to the original issuing government as they provide solid backstories. Likewise the criminal "ID Shopping" where passports and other documents are stolen to order.
May 8, 2016 3:15 AM
Federal Bureau of Peeping Toms on Friday Squid Blogging: Firefly Squid in the News:
@Snoopy the Dog
Google (ironically) outlines some implications fairly well of changes to Rule 41:
http://securityaffairs.co/wordpress/33964/cyber-crime/rule-41-fbi-hacking.html
Google explained that currently under Rule 41, “federal prosecutors must generally seek a warrant in the judicial district to search for and seize a person or property located within the district. This territorial limitation is subject to limited exceptions”.Whereas, the requested amendment generalizes broad situations in which warrants could be issued to locations outside their district given that it was purposely concealed, or where technology has been damaged and also located in more than five districts in violation of the Computer Fraud and Abuse Act (CFAA).
“Remote searches of media or information that have been ‘concealed through technological means’ may take place anywhere in the world. This concern is not theoretical”.
...
Another point made by Google was the violation of the Rules Enabling Act, as well as alteration of US constitutional rights. The Rules Enabling Act allowed for adaptation of practical, procedural an evidentiary rules, as long as the updates did not interfere with any substantive right. Contrary to government claims, Google suggested, “it invariably expands the scope of law enforcement searches, weakens the Fourth Amendment‘s particularity and notice requirements, opens the door to potentially unreasonable searches and seizures, and expands the practice of covert entry warrants”.
The specifications of what may be searched and how it may be obtained are not clear in the amendment. Remote access is mentioned in the means of searching, seizing or copying digitally stored data, however, this term can be interpreted in many ways. Google declared that remote access could be used to expose a target device’s IP address through the installation of software used to report pertinent information back to law enforcement. Another example of a remote access investigation technique is redirecting user information that is entered into specific websites of interest so that law enforcement can collect data from a target. Google mentioned the large potential for innocent parties’ information to be taken through an investigative technique such as this, as well as the increased exposure to possible malware. The proposed amendment also puts those who use Virtual Private Networks (VPNs) at higher risk to be searched because it would seem that their intentional use of encryption meant they were concealing their location.
The broad statement of damage to a computer in violation of the CFAA would encompass millions of American computers alone. Google reported that in order for the government to search more than five districts at a time, the use of botnets would be needed. These botnet searches, by default, would infiltrate the computers of law abiding Americans by the definition of their damaged computer. Google explained that around thirty percent of American computers contain malware and would be considered damaged.
In summary, this is a free-for-all for government hacking on flimsy pretexts using judge-shopping to get a general warrant where required. The NSA has been doing this forever in secret, and the FBI want to play with the big boys (short dick man syndrome).
Solution: Doing something illegal that could put you away for years? Don't use computers or electronic peripherals. Ever.
Looking at something that is subject to government censorship? Then use VPNs and Tor as usual running off your suitably secure (VM compartmentalized) Linux system, but swap out your ISP for public wi-fi, by using a dbi antenna (&/or parabolic dish and 600mW radio) that can reach several miles or more.
Or run TAILS from USB from the 'right' computer........ 8-))
May 8, 2016 2:47 AM
Thoth on Friday Squid Blogging: Firefly Squid in the News:
@Nick P
Hopefully the Dover design can resist all the opposing forces that prevents it from being a mature project and product and finally bring to market an open source tamper resistant secure chip that can be verifiable without needing NDAs nor needing to be weakened by absurd US Govt impending anti-crypto laws to rival the closed sourced and NDA locked variants of those of Intel, Infineon, NXP, Thales, Gemalto, ST et. al. and that would be considered a success. And yes, I know who taught me about these :) .
Tamper resistant of higher assurances like HSMs goes beyond SOC chips as you mentioned. It is unlikely to protect the entire product unless it's small enough like a tiny crypto token with very small surface areas to pot and tamper mesh and sprinkle those external sensors and a tamper capacitor. Generally the tamper resistant for a large machine would be temperature, motion and cover sensors for the parameter protection of the casing and the rest of the mesh, epoxy, RTC clock and so forth would be done on a very small chipset mounted with all the sensitive component. It is much easier to tamper resist a smaller chipset mount the size of a small tea cup than to tamper resist a 1 or 2U server size machine but overall the tricks are rather repetitive. I have rarely seen innovation in this area of tamper resisting tricks for some time now.
Regarding NSA protocols and implementations, it takes more time to reinvent the wheel than to take an existing product and modify it for higher assurance applications. I wouldn't say they wouldn't reinvent the wheel but the chance of spending all those tax dollars on something like that when the market already have capable products and all it needs is modifications done to suit their needs would not yield the best bang for the bucks.
If they manage to get Dover done for a smartcard form factor and create an accompanying fully open source high assurance Card OS and framework, that would be very interesting as the smartcard form factor is by far the most cost effective and also delivers moderate security assurance levels for a single chip environment which I am looking forward to if you compare them to more costly dedicated HSMs or other secure elements that are not programmable at all.
I am still waiting for the Ledger Blue to push out a production copy and do up their open source documents and codes before I am going to make my steps into committing my designs for it and other open source hardware security platforms.
May 8, 2016 2:05 AM
Petter on Friday Squid Blogging: Firefly Squid in the News:
Passenger misinterpret diff equation for terrorism...
She got scared when see saw his math and the way he was focused on them.
Called the cabin crew, plane return and he got escorted off the a/c.
After a couple of hours the decorated Ivy League economist, Guido Menzio was allowed back on the plane.
The woman did not. Reasons unknown.
Menzio for his part says he was “treated respectfully throughout,” though he remains baffled and frustrated by a “broken system that does not collect information efficiently.” He is troubled by the ignorance of his fellow passenger, as well as “A security protocol that is too rigid–in the sense that once the whistle is blown everything stops without checks–and relies on the input of people who may be completely clueless. ”
“What might prevent an epidemic of paranoia? It is hard not to recognize in this incident, the ethos of [Donald] Trump’s voting base,” he wrote.
May 8, 2016 1:35 AM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Clive Robinson, @Nick P,
Another article you can poo poo at,
Sounds like an intricate system! Oh, deer! Must be the theme of this weekend's Squid.
May 8, 2016 1:32 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ Tyr,
Moslems might gain a foothold in the highest of political offices. Can you imagine the Capital of a western country with a moslem at the helm.
Err, your about 24hours late...
Go have a look at the results of the London Mayoral Elections.
May 8, 2016 12:55 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ Nick P, Wael,
Another article you can poo poo at,
May 8, 2016 12:44 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ Bruce,
One for your "social studies" folder.
It's a report by ARS trchnica on a paper about bad behaviour --air rage-- incidents on aircraft and showing a possible link to "status gap" caused by a first class cabin that economy passangers have to walk through. Interestingly it appears that having the "riff raff" march through is way more likely to cause 'status rage' in first class passengers than in economy passengers...
I guess it's the "roll reversal" of wanabee firsties sitting there having the riff raff march past and look down on them, kind of upsets their view on their natural entitlement and thus their "delicate sensibilities". Or it might be it remineds them they are not realy first class citizens as they sensibly fly by private jet to avoid 'all the unwashed' ;-)
Next time I fly economy --which is unlikely-- and do a walk through I shall take some smug satisfaction from the fact the wanabee firsties feel irritated by my overwhelming presence, and the grin might last for a good long while. B-)
May 7, 2016 10:47 PM
Nick P on Friday Squid Blogging: Firefly Squid in the News:
@ Thoth
"I wouldn't be very hopeful about open source secure chips because as I have pointed out a number of times in the past"
Remember who taught you about that. I'm aware of the subversives. ;) There are many players in the game with a number wanting to make real stuff or open-source it. Doesn't even threaten NSA et al because prototypes aren't SoC's in widespread use. They can be turned into them. DARPA and NSF fund a lot of stuff that's definitely strong design. I've posted many. CHERI was one I preferred since they already ported FreeBSD but SAFE is my favorite for clean-slate. I can't speak for what Dover will actually do but an OSS CPU is possible given CHERI already did it. Many RISC-V designs are as well. They can actually do that without affecting their ability to make money or NSA's ability to hit them. So, we should keep an eye on it as a potential baseline to build on.
"Also, the inclusion of Microsemi as a trusted fab is highly doubtful. "
Who knows. The fab problem is huge with many angles. I won't say any are trustworthy but many don't seem to be subverting anything unless ChipWorks is in on it. If there's subversion, it's *very* targeted given the blowback of obvious backdoor being found at fab level. It helps that the crypto is usually simple for attack and chips for verification purposes have little backdoors all over them a la "Design for Testing" (eg scan circuits or whatever). I said I have some solutions for this but it's not simple or guaranteed. This is an open problem if it's a straight-forward SOC.
"Tamper resistant mechanisms are very predictable and are a requirement to be kept closed source to attempt to delay attacks "
Sure.
"Tamper resistant features are rsther limited"
There's more than you think. They are limited but true tamper-resistance has to happen outside chip. It has to be at cage, box, or board level. I don't put much stock into SOC-level tamper-resistance either.
"I guess the end goal is still back to the Prison design on the drawing board."
That's Clives. I posted an analysis showing it has the same problems if we're talking the fab level as they can just cancel out critical features. Both he and I relied on diversified redundancy with checks and voters to deal with it. RobertT had most interesting stuff doing mixed-signal (analog + digital) work whose complexity reduced analysis and increased odds a change broke something. My constant forays into analog tech are partly inspired by that. He also recommended developing on cutting edge nodes. I don't have $2+mil per iteration, though.
So, back to SAFE, CHERI, or Hardbound-like chips (add Argus error-detection to that) with optional, multi-chip configuration with stuff from different suppliers. Preferrably mutally-suspicious. On top of my scheme to reduce/counter subversion but that's going to be a bigger implementation if at all. :)
"If FIREFLY or Public Key crypto were deemed insecure, it would have been long dropped from Suite A "
Now, here you beat me to the though. I told everyone to watch what they did in Type 1, Suit A, whatever crypto as it's what *they* trusted. They're worried about quantum for sure given recent activities. Yet, they still trust Type 1 devices with Firefly protocol. So, it's immune to whatever they think exists right now unless it's a NOBUS thing where they have the attack but think others don't. I knew and taught to copy their best stuff but didn't make the connection that keeping Firefly means there's no multi-party, quantum attack that they know of. Great thinking on that. :)
Btw, in case I forgot to tell you, Firefly is the Photoris protocol with secret modifications. Mainstream chose against it but NSA chose a version of it. I always wondered why but couldn't know. Anyway, knowing it will get you close to knowing what Firefly is like. Also, SCIP that they depended on is published online with detailed specs. Remember that it's outdated crypto, inferior in some ways, given it's old. Also designed as a do-it-all protocol with significant constraints. Some choices aren't necessary but others could be hidden wisdom. I also know that HAIPE's crypto parts are IPsec for the most part at least for encryption and sessions but with different configuration, some modifications, and I think multicast. It's mostly IPsec's core from my reading, though. So, we have a bit of their stuff.
Most important lessons are careful key generation, key distribution with simple protocols (or manually), and on devices with strong endpoint security & implementations. In a nutshell.
May 7, 2016 8:51 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@tyr,
without the alert spotting the use of suspicious "arabic numerals
Yea! Might as well ban Algebra, Chemistry, Agorithms, Magazines, ...
Can you imagine the Capital of a western country with a moslem at the helm.
Why imagine? Obama is a "closet Moslem" ;)
We need to return to using Roman numerals before it is too late.
No, but no, thank you!
May 7, 2016 8:26 PM
tyr on Friday Squid Blogging: Firefly Squid in the News:
@the usual suspects
The ensidious encroachment is everywhere, without
the alert spotting the use of suspicious "arabic
numerals" on a plane we might have overlooked the
spread of these dangerous ideas into out schools
at the lowest levels. If we don't ban these the
Moslems might gain a foothold in the highest of
political offices. Can you imagine the Capital
of a western country with a moslem at the helm.
He'll have them all under Shariah law instantly.
We need to return to using Roman numerals before
it is too late.
May 7, 2016 8:24 PM
Rich Taggard on Friday Squid Blogging: My Little Cephalopod:
@Figureitout
Eh? You already have that stuff, then wtf, heh.
Yeah, love fm on a good scanner w nice waterfall graph. Sounds like u have an android. Then, sdrtouch, rfanalyzer r good. avare adsb.
May 7, 2016 7:46 PM
Thoth on Friday Squid Blogging: Firefly Squid in the News:
@Grauhut
Precisely there is so much uncertainty around that's why the better choice would be the instinctive reaction to become better at protecting against Shor's algorithm.
If you look at the suite of Suite A, there is a particularly interesting algorithm the NSA uses called FIREFLY which is described as a modified version of Public Key algorithm and used in secure comms by the NSA et. al. to provision crypto keys from their EKMS system and many of the secure phones (STE and STU types of crypto telephones) are still using FIREFLY for key distribution and key exchange schemes.
If FIREFLY or Public Key crypto were deemed insecure, it would have been long dropped from Suite A knowing that China, Russia, Japan, South Korea, Israel, France, Germany, Canada and many other high tech countries are as well capable as the US.
Just for the added security, it is better to find a way to do PQC algos properly before they even have a chance to exist.
Link: https://en.wikipedia.org/wiki/NSA_Suite_A_Cryptography
May 7, 2016 7:32 PM
Grauhut on Friday Squid Blogging: Firefly Squid in the News:
@ Jacob: Addendum on the SGX ./. malware dilemma, nice vbtn article:
"Unfortunately, SGX is also a prime weapon for use in malware. For better or worse, it currently looks like Intel will not be giving the option for ‘trusted anti-malware vendors’ to access the contents of enclaves to make sure they are safe. Thus, malware can, in principle, freely create enclaves to prevent the operating system/hypervisor/anti malware from knowing what it is executing."
virusbulletin.com/virusbulletin/2014/01/sgx-good-bad-and-downright-ugly
May 7, 2016 7:23 PM
Grauhut on Friday Squid Blogging: Firefly Squid in the News:
@Thoth: Remember the "upcoming transition to quantum resistant algorithms" (NSA)
Does .gov start to invest in quantum resistant algorithms if there is "a ton of unknowns about quantum computing and they are still stumbling around"?
Bribing those "vendors, and standards bodies" again in such a suite B NG standardization process now should be a lot more expensive than before Snowden, if market economy rules still work! More attention after ECCgate means higher risc = higher insurance fees... :)
I think they wouldn't invest now without technical need.
May 7, 2016 7:04 PM
Thoth on Friday Squid Blogging: Firefly Squid in the News:
@Nick P
re: Risc-V + SAFE
It wouldn't be open source pretty soon by looking at the roadmap. I wouldn't be very hopeful about open source secure chips because as I have pointed out a number of times in the past, the NSA controlled institution of NIST and subseqeuntly the standards like FIPS 140 and CC EAL are against open sourcing designs of security processors and if this design wishes to obtain a certification, everything must be hush hush as per requirements of certification criteria.
Also, the inclusion of Microsemi as a trusted fab is highly doubtful. Microsemi have not been known by any reputation to be a clean and trusted fab of any sorts neither are those of IBM or others.
The problem is once you add security and crypto features, you start to trod into the territory of national security and the intel agencies. Tamper resistant mechanisms are very predictable and are a requirement to be kept closed source to attempt to delay attacks due to the limited designs on tamper resistance and hence part of why the ceritification criteria requires secrecy of design. Most crypto circuits in smartcards, TPMs and HSMs may use a static whitebox crypto which if published would allow formulation of circumvention around the static whitebox crypto. Deploying dynamic whitebox would be considered a waste of computational resource and a hassle so the easier why of slapping hush hush NDAs and trade secrets are far more easier and enticing with security chip makers than the extra mile of creating secure dynamic whitebox engine.
Tamper resistant features are rsther limited from eletrical PUFs for self checking of integrity to outer metal layer tamper mesh, internal clocks, glitch logic detection, UV sensors to wipe EPROM bits, UV shields, so-called encrypted CPU calculations more like XOR encrypt and also Infineons dual self-checking and encrypted CPUs. Not a whole lot of tamper resistant tricks to say they can use and most of these tricks can be broken with sufficient time, resource and willingness. Secrecy are required to make it harder to know which tricks are used so to ensure attackers would trip over the internal traps more frequently and make life harder for attackers.
As we know we have to factor politics and profits in and the security industry in my opinion have rotted badly due to profits and politics. I have pretty much given up hope on these fancy ideas because experience have shown that reality and dream are vastly different. Profits and power might get in the way of well meaning people and thus they become corrupt and contempt sooner or later as a nature of instinct and desire.
We will see how well Dover protects itself to remain open and also gain trust and respect if it succeeds. The concerns will come when features like TPM and tamper resistant comes in according to the roadmap and we will see if they can hold up to the onslaught of both the corrupted industry and the corrupted states and it's rotten organs.
I guess the end goal is still back to the Prison design on the drawing board. The problem is how to split symmetric and asymmetric key across multiple 8 bit CPUs and split the input and merge the output which would be interesting if @Clive Robinson can chirp in some hints which I can try creating a quick demo on smartcards.
May 7, 2016 6:40 PM
The Abyss on White House Report on Big Data Discrimination:
@Slime ... Mustard
In the US, and I am told, the UK, young men of African ancestry face peer pressure against both education and meaningful employment. There are, of course exceptions. When I have to do hiring and or training, I often notice among young American black men an expectation of failure . I do not see this in many African American women, and almost never see it in those born in Africa.
A couple things this brings to mind- First, one can certainly understand the expectation of failure in the context of-
'We knew we couldn’t make it illegal to be either against the war or black, but by getting the public to associate the hippies with marijuana and blacks with heroin, and then criminalizing both heavily, we could disrupt those communities.'
Second, I've had a hypothesis for awhile that Obama's lack(?) of direct U.S. slave ancestry, i.e. closer to 'born in africa' (lol), is responsible for his political viabiity. I.e. that perhaps there are enough voters that share your sentiment, and have less sense of threat from, or prejudice against that type of darker skinned person.
May 7, 2016 6:26 PM
Thoth on Friday Squid Blogging: Firefly Squid in the News:
@albert
You fill a CD-R with random data after including the Live CD image so that nothing else can fill the remaining space (i.e. special executables ... if you know what I mean).
@Grauhut
IBM coming out with their QC may have many intentions. Maybe they need to attract some attention for fundings to continue their research ? There is still a ton of unknowns about quantum computing and they are still stumbling around.
May 7, 2016 6:09 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@ianf,
And I speak Arabic on the phone on planes all the time. No one bothers me, except for one time on a long trip from Tokyo to Seattle where I almost got in trouble, but the plane was half way to its destination :)
May 7, 2016 6:07 PM
Figureitout on Friday Squid Blogging: My Little Cephalopod:
Clive Robinson
--I don't really expect to get into ads-b that much, just some night in june or july sitting on my deck having a beer lol. So I was planning either a basic dipole (guess it has to be mounted "vertically" b/c of its polarization) or coaxial collinear. rtl-sdr has a great page for that. But then I'd have to sacrifice my one antenna for my dongle or get another one of those tiny adapters w/ wire attached.
Bet we'd get flack from our lovely homeowners association too to take down any permanently mounted antenna, and we'd have to drill a hole in the house to get it inside for my "shack".
There's other things that sound more fun (computers mostly). Building an antenna...? Meh, professionally manufactured ones are better, unless it's a really exotic one that'd be fun to make, I'll take the manufactured one.
Rick Taggard
--Last I checked it wasn't possible to charge and transfer data at same time (maybe this varies from phone to phone, I didn't want to experiment much w/ it). I've got the usb-otg cable and all, I've received just FM on my phone, got much more on my PC even w/ that tiny antenna (best for me was the lock/unlock signal for my car keys (and the signal that rolls your windows down), which was interesting...).
The psych stuff is mildly important (frame of mind committing certain acts then maybe predicting something), but the facts of what a person has/has not done more so. Intel world works more on psych stuff pseudoscience, not science and legit info based on my tests (which I'm not repeating, hell no, done). It takes a lot of resources to get the facts, so they have to choose wisely, not get taken on a ride of bullsh*t.
May 7, 2016 5:58 PM
L. W. Smiley on Friday Squid Blogging: Firefly Squid in the News:
Passenger Fears Professor Doing Math Is A Terrorist, Delays Flight 2 Hours
May 7, 2016 5:35 PM
DrakeK on Friday Squid Blogging: Firefly Squid in the News:
I don't get why people insisting on cryptographic proof that Craig Wright is the main part of Satoshi Nakamoto. I mean the emails in which Craig is mentioned. His understanding, motivations and reactions are convincing enough, even without cryptographically signing anything!
"The social evidence, including his unique personality, early emails that I received, and early drafts of the Bitcoin white paper, points to Craig as the creator. I also received satisfactory explanations to my questions about registering the bitcoin.org domain and the various time-of-day postings to the BitcoinTalk forum. Additionally, Craig's technical working knowledge of public key cryptography, Bitcoin's addressing system, and proof-of-work consensus in a distributed peer-to-peer environment is very strong. " - Jon Matonis (Founding Director at Bitcoin Foundation).
"During our meeting, I saw the brilliant, opinionated, focused, generous – and privacy-seeking – person that matches the Satoshi I worked with six years ago. And he cleared up a lot of mysteries, including why he disappeared when he did and what he’s been busy with since 2011. But I’m going to respect Dr. Wright’s privacy, and let him decide how much of that story he shares with the world." - Gavin Andresen (chief scientist at the Bitcoin Foundation)
When asked about Satoshi Nakamoto:
Q:Why did you feel the had to come out or why do you feel you have to keep it secret for so long?
A:"I would prefer to be secret now. I don't think I have to be out there. There's nothing owed to the world where I have to come out and say I'm X, I'm Y. I mean, no one needs to do that. It is my right not to say something. If I release a paper that benefits people, why do I have to take credit for it. Why do I? I don't have to bounce around TV cameras. I wanna work, I wanna keep doing what I'm doing. I don't work and invent and write papers and code by coming in front of TVs. I don't want money, I don't want fame, I don't want adoration. I just want to be left alone." - Craig Wright
Q:Why have you decided to identify yourself as Satoshi Nakamoto?
A:"I didn't decide. I had people decide this matter for me. And they are making live difficult. Not for me, but my friends, my family, my staff. They want to be private. They don't want all of this affect them. I don't want any of them to be impacted by this. There are a lot of stories out there that have been made up. I don't like it hurting those people I care about. I'm going to do this once and once only. I'm going to come in front of that camera once and I will never ever be in front of the camera ever again for any TV station or any media, ever." - Craig Wright
May 7, 2016 5:23 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@ianf,
quest to decipher me cypher… unless I'm insidiously feeding you disintel which I wouldn't dare to.
You've been reading too many 7kb parables - take a break ;)
May 7, 2016 5:21 PM
Bumble Bee on Friday Squid Blogging: Firefly Squid in the News:
@albert
Note to dark-skinned, bearded men: Don't write or read anything but English on US flights.
See, this is the direction in which we have been progressing. Blacks, to some degree men, and especially black men, aren't supposed to read or write at all.
The Catholic Church has decided we as a society are "backsliding" and they have decided to do everything they can to aid and abet that process. I've heard it preached before in places they've infiltrated, "sin must become exceedingly sinful."
Hence overcharging misdemeanors as felonies, look at a woman (if you are a man) you may as well rape her as well.
Which stems from the worship ("veneration") of the eternal Virgin Mary, never mind her husband Joseph, whose patriarchal lineage is carefully traced all the way to Adam in the Gospel, which only goes so far as to say that she was a virgin at the time Joseph took her to be his wife and that he "knew her not till she had brought forth her firstborn son," namely Jesus. The canonical gospels also mention that Jesus had brothers.
Now I would not deny Mary her eternal virginity, but that is because she believed on her son Jesus that all her sins, even her original sin inherited from Adam and Eve, were forgiven, not because she eternally jilted her husband Joseph. Mary's eternal virginity is an example of God's ability to return the penitent sinner to the state of innocence, and let it not be out of reach of any believing woman.
May 7, 2016 5:19 PM
Derek on Friday Squid Blogging: Firefly Squid in the News:
@David
If you want a high security cloud which is easy to use and supports lots of operating systems then take a look at Tresorit.
It runs on Wimdows, Mac and Linux computers and Windows, iOS and Android smartphones.
They do a free version and offer a zero-knowledge service like SpiderOak but unlike SpiderOak their apps are great to use.
Their security is more than enough for most peoples needs but if you have a few really sensitive files there's nothing stopping you from manually encrypting them prior to upload.
Tresorit encrypts your data on your computer so there's no chance of information being transmitted unencrypted. They also support versioning and encrypted links for sharing information with third parties. They do not deduplicate.
https://tresorit.com/pricing/basic
https://tresorit.com/security
Their whitepapers are at the bottom of the second link.
May 7, 2016 5:06 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Clive Robinson, @Nick P,
The D-Wave system apparently has no error detection or error correction mechanisms which makes it's full unreliability a factor in it's computations.
They acknowledged that! Since the calculation isn't deterministic in nature, they can live with errors. Time will show...
May 7, 2016 5:02 PM
Grauhut on Friday Squid Blogging: Firefly Squid in the News:
@Jacob on SGX: How do we know theres no hidden ring -4 beyond SMM and AMT that can read SGX enclaves? Would data.big.gov buy stuff that is intransparent for them?
Imagine some Bin Binaryladen implanting some crap into a new power saving server gen for the NSAs Utah biz... ;)
And how would we get rid of a tree letter agency SGX enclave hidden for instance in the flash of a persistent memory DIMM, "preinstalled" on shipping?
We are now using Broadwell EP Servers if we are on track with Intels marketing.
Skylake EP Servers with memristor DIMMs are just one tick away, lets say "HPE Gen10".
You can already buy the persistent memory modules...
www8.hp.com/us/en/products/server-memory/product-detail.html?oid=1008830324
Mix these with some funny SGX code implanted on them (flash controller "upgrade") on delivery and you can throw away your new servers on arrival! (Or at least the memory modules) :)
May 7, 2016 4:59 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Clive Robinson, @Andrew,
As for using patient records for research, if it was a "fair playingfield" I would agree.
Good application for homomorphic encryption
May 7, 2016 4:52 PM
Wael on Dilbert on Electronic Voting Machines:
@albert,
That Bridges dude is funny.
Correction! Was :(
May 7, 2016 4:41 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Nick P,
So, a magnet could mess up both types of systems...
Unless you are using a ball-effect device or magnetic media, a typical computer is immune to magnetic fields. Magnets should affect only the quantum components.
May 7, 2016 4:27 PM
Jacob on Friday Squid Blogging: Firefly Squid in the News:
@ Nick P
The Dover architecture may or may not see the light of day, but Intel has been spending some meaningful time on hardening their processors, with results that you can use today (on some Skylake processors) - the SGX extensions.
https://software.intel.com/en-us/blogs/2013/09/26/protecting-application-secrets-with-intel-sgx
Note that contrary to any other processor that I know of, your secrets are protected even if the OS/BIOS is compromised, and even if someone has physical control over your machine.
You might not consider Intel as a trusted source, but possibly neither the fab that would crank out the Dover chips.
May 7, 2016 4:02 PM
anon on Dilbert on Electronic Voting Machines:
And some election official in the Carolina's ? or Virgina just ran the data from the voting machines thru his home server.
Never prosecuted as i recall...
There is a VERY detailed site on voting machine mayhem out there.
May 7, 2016 3:47 PM
anon on Friday Squid Blogging: Firefly Squid in the News:
Is this phone exploit actually a backdoor introduced by Qualcomm, to hack into hardware after it had been released ?
https://www.fireeye.com/blog/threat-research/2016/05/exploiting_cve-2016-.html
May 7, 2016 3:46 PM
Grauhut on Friday Squid Blogging: Firefly Squid in the News:
@Nick P: "It meant they either had one working for generous leasing fees from NSA or they were full of crap about their progress as usual for this field."
Right.
They came out of a decade long nowhere with a "Here you are, test it!" program.
Does that sound like "we are making some progress we want to show you" or more like "we have thrown together some ready to use spare parts and a stripped down existing and tested API, here you are, hack on"...?
Imho there ain't no one step evolution from a paper plane to a stealth fighter jet.
May 7, 2016 3:42 PM
Nick P on Friday Squid Blogging: Firefly Squid in the News:
@ All
Re Clean Slate security
Great news! Dover has merged SAFE architecture with RISC-V into a system they plan to open-source. They also have a road map with extra features, red-team testing, a SOC, tamper-resistance... all sorts of stuff. Quick read on mobile implies they're getting 3rd parties onboard for an ecosysyem too. One built on "inherently secure" chips. :)
Link here .
May 7, 2016 3:33 PM
albert on Friday Squid Blogging: Firefly Squid in the News:
@ianf,
(In the US)
Libel has to be in print. Slander is spoken. IANAL, but I don't see anything actionable here.*
Note to dark-skinned, bearded men: Don't write or read anything but English on US flights.
I would have said, publicly: "I don't know who she is, but that woman's obviously a f_____g idiot!"**
----------
* Unfortunately, the facts don't stop lawsuits.
**that's an opinion. It's protected speech.
. .. . .. --- ....
May 7, 2016 3:28 PM
A Nonny Bunny on $7 Million Social Media Privacy Mistake:
SoWhatDidYouExpect
Further, from the alleged video, there is no proof that he was behind the mask.Aside from the fact he took the mask off.
I honestly couldn't care less, but they showed it on The Daily Show.
May 7, 2016 3:26 PM
albert on Dilbert on Electronic Voting Machines:
@Wael,
:)
That Bridges dude is funny, and dead on. Too bad he identified himself. Judging from some of the comments, the neural-connection impaired might have thought he was Dubya himself.
And it's EIEIO. No lower case in Morse. This is my last warning!
May 7, 2016 3:00 PM
Nick P on Friday Squid Blogging: Firefly Squid in the News:
@ Wael
I don't know. It's a black box that they feed data into then get data out of. The main measures they're looking at are timing and errors. Both might be faked given benchmarks. Far as a magnet, quantum computers usually have numerous electronics they depend on. So, a magnet could mess up both types of systems.
@ Grauhut
It meant they either had one working for generous leasing fees from NSA or they were full of crap about their progress as usual for this field.
May 7, 2016 2:57 PM
ianf on Friday Squid Blogging: Firefly Squid in the News:
@ Jacob, this has been reported as an instance and outcome of "see something say something" stupidity (pace potential alt.definition by Curious), but, as it sounded way too meek for a case of terror scare, it needn't have been that.
- Instead, e.g. that "eagle-eyed observer" might have forgotten to bring some crappola, and figured out a way to be let go off the flight without incurring costs for disrupting the plane already on the tarmac (the additional delay might well have been due to the flight losing its time slot in the meantime). Or some such, don't ask me. If there were no more connections by that airline that day, she'd have gotten an additional day there, and free transfer to another flight.
In any event, the guy should sue the airline for branding him a terrorist on the flimsiest of reasons, for the time lost, AND petition the court to release the name of that "reporter," so he personally could sue her for libel – because, if it was deemed that serious, then there should be some accountability for it. Noseybonks like that need to be taught lessons, not thanked for vigilance with pats on the back. But of course, the airline would prefer to forget the whole thing, since "nothing happened, nobody died."
ADMINISTRIVIA @ Wael: there are embedded clues above that ought to help you in your quest to decipher me cypher… unless I'm insidiously feeding you disintel which I wouldn't dare to.
May 7, 2016 2:48 PM
Grauhut on Friday Squid Blogging: Firefly Squid in the News:
@r, Toth I was wondering a long time why IBM was so quiet about qc.
https://www.google.com/trends/explore#q=ibm+quantum
10 years near darkness.
Maybe the new openness means: Its not NOBUS anymore, now we need defense coders, dear IBM could you pls. make some for us quick? POTUS will play some golf with your CEO and write a cheque... ;)
May 7, 2016 2:16 PM
Rick Taggard on Friday Squid Blogging: My Little Cephalopod:
@Figureitout
Ok, some summer night I may have a beer and see what's flying over head. Do you have a "Y-cable" so you can have the dongle plugged in the phone and charge at the same time? This is why those android tablets were nice, they had one more USB port. But suppose having an extra battery and one of those USB batteries would be useful for remote use.
Right, you can do that, of course. I have an old usb juncture box I use with some of my small systems sometimes. Have not used it with my phone. Usually I use it to work out a design where I have a 10K mah - 20K mah battery for the pi. Then, I have a prototyping box I got just from radio shack. But, those systems I make are just prototypes, so far.
I put them together, to be able to more visualize what I might want, but then end up breaking them apart again.
I might point out: as cool as the airplane tracking software is - there is a good variety - I do not actually use it much.
It really takes about ten seconds once you have the usb dongle and the rtl. Just search on the mobile store for ads-b, and there is a number of software you can immediately get into. Plug in and go.
Not much difference with the variety of linux software out there.
I do not play around with ads-b software much more then just showing people who come over 'what can be done with radio receivers and miniature systems'.
Even the worst of them shows plot points on google maps, live, with movement and identifying data.
My friends who are pilots are way most into that.
Some of them have had ads-b receivers of varying types since the 90s.
On antenna, and what Clive said, I do believe Clive is much more of an expert on radio technology, then I am. But, of course, the wave length is different then for the tv signals the stock antenna is for. However, the signal is coming from above, so it is good signal even with a less then perfect cut antenna. But, of course, always best to have the appropriate cut antenna...
It's assumed using a smartphone in the first place, privacy is compromised, basically like an "anti-security" device that has 1 long range constant silent upgrade threat, and 2 short range wireless threats (BT and wifi, now NFC for shorter range), our kryptonite lol. This in addition to all the usual internet threats, and you can't really dig in the device physically easily. Any app you install, even a flashlight app, needs access to your call logs for some reason. But yes OPSEC wise, just using a public wifi isn't enough; device needs to be sanitized and you need a new personality and a safe way to reach the access point (all loaded terms, very loaded). I generally have no use for such OPSEC anymore though (the "untouchable" kind, too stressful. Had my fill lol, I'm just going to use electronics regularly now.), there is generally no one (normal lol) to communicate w/ in that way anyway and it's not really worth it IMO.
It is a weird subject to discuss, because you even assume the discussion is compromised.
What I outlined assumed everything was compromised. Worst case scenario, where, despite what I said about how low risk I thought you were, I was actually presenting a scenario you would only find worthwhile to use if you were high risk.
High risk is being a foreign spy on US shore, where specifically, you are already compromised. And so, under very heavy, but covert surveillance.
So, there are actually very few things which can be said in front of them, which also can still be worthwhile to use while also being said.
Accurate risk assessment, I believe, is most important. Do you proverbially need to build a plane which can make it many times across the atlantic? Or can a simple paper airplane suffice?
What I outlined would be useful in a variety of circumstances where you believed your domestic nation state had you under surveillance. Not just "if you are believed to be a spy".
What it is all about is realizing that surveillance is always looking for: That One Time.
That one time you meet an agent. That one time you pick up material dropped for you. That one time you drop off material. That one time you meet your coworkers. That one time you show your methods of operations and communication strategies. That one time where you show who you really are.
Theoretically, they could start writing software to screw up your phone to prevent this. But, you know how that can be expensive for them.
Anyway, the basic tactic is like making a bunch of rights or lefts, you just try and make whatever gps/cell tower reception go down for a bit. Then, come out with this. In city, but especially out of city. Rinse and repeat, to try and find where aerial surveillance is forced.
It really just puts them on the defensive, is all. An elaborate distraction on top of layers of distraction.
Reality is, if you are cold, you are cold. That is all you can do. Distract them away from other coworkers.
Keep them as busy as possible, and keep your own nose clean.
I did consider you may just be suffering anxiety. It is common. Nothing to be ashamed of. I have myself experienced extreme forms of anxiety, often. Because I have experienced very stressful situations.
If this were the case, then this would have you building a plane that can make it reliably across the atlantic. When you really just need a box car to make it down the inclined street. You would see the level of effort required, and it would reduce the anxiety.
But, that was just a minor possibility, despite how I evaluated. Again. Online. Compromised. I don't give a f what you are doing. You could be doing something I hate, not the point. I will never meet you, I will never know you. I try and be as efficient as possible.
If that were the case, I suggest ecstasy. Video games. TV. Pot. Exercise. Stuff that reinforces, "you are OK, you are ALIVE". Pot, ecstasy, help people deal with painful things (such as those which cause anxiety). Alcohol, can, but... alcohol. It removes the right and wrong prefrontal cortex, lol. So usually not very worthwhile for also dealing with difficult to deal with matters.
This stuff IS technical. Just of a different sort. Related.
The psych stuff is the most important. And knowing practices.
You don't go and do shit, over and over and over again, without learning how to deal with anxiety. (Real way, is more related to self-hypnosis, but you can't teach that in ten seconds.)
And this is a thing inside a thing. I never say nor write this stuff, anywhere, except for here, and on timed occasions.
So, I am doing this very thing, by different means, for different reasons, while glibly advising you on it.
If I have a problem, the mind fuck of that being implied is only reinforced by actually pointing it out. People can only keep track of so much at any one time.
Human minds overload just as systems do. It is strange. We make them from our own selves.
Look at the handshake induction, for instance.
May 7, 2016 2:02 PM
Wael on Dilbert on Electronic Voting Machines:
The proper way to vote is to use blockchains. Enough said ;)
May 7, 2016 2:01 PM
albert on Friday Squid Blogging: Firefly Squid in the News:
@Thoth,
"...using a Linux Live CD written onto a CD-R and then fill the remaining blank CD-R space with as much random junk from a /dev/random output and remember to out the Live CD hashed checksum in your wallet in a piece of paper to check the contents of the CD-R every week...."
Would you please explain the rationale for this procedure?
. .. . .. --- ....
May 7, 2016 1:59 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Grauhut,
This imho means the bigger ones behind clodes three letter doors are long enough up and running. ;)
Wouldn't surprise me the least. I see QC could be used in two different modes:
1. Probabilistic computations where the set of outputs is the best "probable" solution. The effect is a reduction of search space. A 4096 bit key maybe reduced in strength to, say, 64bits. A second round (single QC instruction) can do the verification step and produce the right private key.
2. I forgot! Lost my train of thought! Multi-tasking is b*tch.
PS: Already registered at the IBM link after @Nick P shared it.
May 7, 2016 1:46 PM
Bill W. on Dilbert on Electronic Voting Machines:
Yes, having a dual paper and computerized voting method would be safer. My state uses mark-sense paper ballots that are read into a scanner; the voter takes their ballot, goes to a booth and bubbles in their votes with a black ink pen, then gets to "verify" their vote was properly taken by watching the scanner's number increment. Then they have to trust that some hidden algorithm didn't filter their votes afterwards.
However, the voter doesn't get a back-up copy of their paper voting ballot. Which I think would go a long way toward ensuring no after-the-fact shenanigans. Masses of voters could assemble and conduct their own, ad hoc, vote recounts, to at least statistically verify their results jive with the official results. For example, if the official results from some precinct were for some candidate who would otherwise have little hope to win, a statistical sampling of voter's ballots from that district could serve to verify whether further investigation was needed. Yes, the local counties do hold the paper ballots as a back-up counting method, in case of a required recount; but there's little verification method in place to ensure the county officials aren't in on some scheme to bias the vote.
I also like the way some countries do voting with paper ballots and physical, locked ballot boxes, with ink marks on voter's fingers to preclude double-voting. However, it's during the post-vote counting process where things can get squirrelly with these kinds of systems. Physical security of the ballot boxes becomes tantamount to ensuring the security of a one-time-pad key.
May 7, 2016 1:42 PM
albert on Friday Squid Blogging: Firefly Squid in the News:
@Clive, @tyr, @Anyone,
I don't understand the details of the case. Surely Apple allows users to upload music to their servers (iCloud?). How is it that they allow users to upload music to their subscription service, when the assumption is that music comes from Apple to begin with?
I assume that Apple must use copyright info in the songs metadata. If it's say 'copyright', then it gets a pass, else it's deleted. This would seem to indicate that Apple is playing IP cop. Since songs are copyright the moment they're created, this would seem to be a serious overreach. If they simply compare song titles to their database, then it's also a problem.
Since the act of copying a song without the holders permission is a copyright violation, is Apple protecting itself by allowing only songs for which it has rights?
Exactly what -are- Apples criteria?
. .. . .. --- ....
May 7, 2016 1:37 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@r,
elliptic curve cryptography is QC vulnerable
Elliptic curve cryptography + QC attack = Epileptic Curse Crapography©
May 7, 2016 1:34 PM
Jacob on Friday Squid Blogging: Firefly Squid in the News:
"See Something - Say Something" - even if you don't understand what you are looking at.
The system works. I feel much safer. Thank you, DHS!
May 7, 2016 1:27 PM
Wael on Dilbert on Electronic Voting Machines:
@albert,
For your eyes only, e-i-e-i-o! Take a shower, hippie :)
Even if a candidate loses a vote count, he may still win! 6:26 - 6:47
May 7, 2016 1:12 PM
r on Friday Squid Blogging: Firefly Squid in the News:
@All,
Something else, slightly hidden by the rug of 'ECC'...
elliptic curve cryptography is QC vulnerable but... Encryption based on the other 'white meat'/ECC(error correction codes/goppa) I believe is thought to be QC resistant.
Just to put a light to a dual usage.
May 7, 2016 12:49 PM
r on Friday Squid Blogging: Firefly Squid in the News:
@grauhut,
On QC && IBM: The assertion you're making is exactly why I think the statement was made about moving to pq by the NSA. I certainly took it as such when it comes to nation States, I think the public access ideal is to allow grabbing any early novel ideas/optimizations or technology the public may have or develop.
May 7, 2016 12:34 PM
Anura on Dilbert on Electronic Voting Machines:
@Tatütata
I can think of three good reasons.
1) Accessibility for the blind
2) Fewer spoiled ballots
3) Faster Counting
FWIW, most ballots are machine counted anyway.
May 7, 2016 12:30 PM
Grauhut on Friday Squid Blogging: Firefly Squid in the News:
@Nick P, Wael et. al. re. Quantum Computing: Forget D-Wave, it's a specialiced system
After 10 Years going dark qc IBM came back to light with a public accessible 5 qbit system.
http://www.research.ibm.com/quantum/
This imho means the bigger ones behind clodes three letter doors are long enough up and running. ;)
May 7, 2016 12:26 PM
albert on Friday Squid Blogging: Firefly Squid in the News:
@Clive,
Rupert the "the bear faced lier"?
That's better than the original 'bare faced', but here in the Colonies, 'bold faced' and 'bald faced' are common.
Thanks for that, unintentional though it may be:)
. .. . .. --- ....
May 7, 2016 12:10 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Nick P,
I'm dismissing them until they show evidence their system works quantumly.
I still have some doubts. Hard to imagine NASA and Google were "duped"! If I were a customer, I'd try to sneak a tiny little magnet into the Q-CPU chamber and measure the difference in output ;)
Btw, if you like quantum computers, IBM just put a site up ...
Signed up for an invitation...
May 7, 2016 12:09 PM
CallMeLateForSupper on Friday Squid Blogging: Firefly Squid in the News:
In my previous post:
"Should be opt in by default" should have read "Should be opt out by default".
May 7, 2016 12:05 PM
CallMeLateForSupper on Friday Squid Blogging: Firefly Squid in the News:
@Clive Re: shared UK patient data
arsTechnica carried the story several days ago (I only just learned). I found the following, near the end, to be most interesting:
"... 1.2 million people had opted out of the so-called Care.data plan. Put another way, 2.2 percent of the 56 million patients in England said they didn't want their data to be shared."
http://arstechnica.co.uk/business/2016/05/google-deepmind-ai-nhs-data-sharing-controversy/
Sounds like another case of a program designed such that "everyone is 'in' by default, except those who opt out". Never a good design for this type of thng. Should be opt in by default, and not opting out should *not* be effectively opting in. I bet dollars to herring that ssome portion of the 97.2 persent who did not opt out either *did*not*know* they could opt out or simply forgot or otherwise failed to do so.
Factoid: DDG-ing "patient records Google" showed no U.S. newspapers covering this story in the first four pages of hits.
May 7, 2016 12:03 PM
Tatütata on Dilbert on Electronic Voting Machines:
I don't understand why some want voting machines in the first place.
Technological fad?
The resources summoned for an election in a large country may look large, but they should scale well in a hierarchical system, something like N log N personnel, where N is the number of voters. A basic poll unit will require so many staff to handle a few hundred citizens, but tallying the results requires less and less people as you go up the pyramid leading to the national returning officer.
The exception might be for US style elections where a great number of public offices ranging from the county's deputy dog catcher to POTUS are often decided decided during the same ballot, together with some propositions.
This problem isn't technical, but rather political. How can you decently debate of the orientation the country should take in that cacophony? How can the voter not feel alienated, or feel that his choices are limited to the candidate's hairdo, or throw-the-rascal-out, or anybody-but-X?
May 7, 2016 11:55 AM
Rick Taggard on Friday Squid Blogging: Firefly Squid in the News:
@Bumble Bee
What? So you work at the NSA, and what? You illegally spy on your coworkers? Obviously, not, I don't think that is possible, but just trying to understand what you are stating.
I do not believe anyone watches abuses at the NSA.
The loveint stories are perfect evidence of that. They came out after Snowden. Some politician demanded they know about accountability work being performed there, so the NSA hobbled together this bleak, 10 cases, they had claimed to be the work of the past ten years.
It was clearly a case where this was utter bs.
Only thing security looks for in any of these agencies is moles, and they are horrible at that. They also look for basic leaks and behavior that does not stand to the rigors of their job.
But they do not look for abuses.
Everything is compartmentalized, so group a does not even know what group b is doing.
That is all across the board.
Nobody knows what the full range of secret operations are, and they never will. There are just so many. (*see "Top Secret America", for instance.)
Really the only thing which has held back a rogue group taking things over is simply the skill required to do something like that.
For all anyone knows, could have happened already, though, fifty years ago, even.
May 7, 2016 11:48 AM
Rick Taggard on Friday Squid Blogging: Firefly Squid in the News:
The Revolution Will Be Digitized?
So, I read the latest Guardian last night, on the author of the hack of the Panama Papers, where "John Doe" states "the revolution will be digitized":
I found it interesting, but having grown up near the sixties, I have seen these calls and claims come and go again and again. The original version of the above line was "the revolution will be televised". And attempting to re-find the article "the revolution will be digitized" took me awhile, because that phrase has been being used and re-used very often over the years.
I decided to ask a young friend last night, if they had even heard of either Snowden or the Panama Papers and they had not.
I tried to explain what happened, in both instances, and it simply did not go through.
This does not mean I am not for "the world changing". I certainly do believe it will change, drastically. But, I just do not see that as happening as a social thing. I think when people get together to try and do good like that, where they believe they would be better running things? It always turns to crap.
I have a similar opinion of many in religions who believe these things.
This is not to say what "John Doe" did was bad. It was good. Same with Snowden. Though, Snowden is more along my ways, where he does not present himself as a revolutionary, but simply as he is. Someone trying against very difficult odds.
For me, I embrace more of the Jim Morrison concept, that revolution can never happen like that, there 'has to be a personal revolution first'. Kind of. (For me, I think that personal evidence just requires a little evidence from up above.)
But, it is a thing. People are constantly doing it. You even see it hear, sometimes, where people evangelize and persuade, and try and get more to their cause.
Anyway, opinions on that welcome.
May 7, 2016 11:43 AM
Clive Robinson on Friday Squid Blogging: My Little Cephalopod:
@ Figureitout,
ADS-B antennas, need to be like those for space craft such as satellites, omnidirectional and having a dome shaped vertical radiation pattern.
There are several that can do this and for 1090MHz you can bend most of them up yourself from thickish copper wire.
You will find much in the way of myths and lore about antenna thickness on the internet. Put overly simply the thicker the radiator the wider the bandwidth up to a point. You will see some broadband monopoles that are cylinders about 10% of their length wide. When it comes to dipoles this goes up to around 30% wide but in a "fat cigar" shape, at HF these are often called "cage dipoles".
There are a few basic designs you can look at. The first is the "Turnstile" or "Crossed dipoles" these are,a workaday solution in space work, unfortunately you need a 90degree phasing harness which can be a pain in the backside to make at 1GHz.
The next which is a more ibteresting design is the three or four loop "cloverleaf" antenna, there is an awful lot of "trash talk" about these on the Internet due to drone hobbyists using them for their CCTV back feed. If you are going to build one have a look in an RSGB or ARRL VHF/UHF or AMSAT book.
The next up is the helical and bihelical antennas that are one turn or less they can have a high impedence feed point which requires a balan to match to your feed line.
There is a variation of the helical and cross dipole that looks like a cylinder where the tip of one cross dipole reflector, is connected to the radiator above but moved round through 90 degrees, unless you can get good engineering drawings I'd give these a miss.
Finally there is the Direct Driven Ring Radiator or DDRR antenna that was invented by Dr. Boyer from Northrop. It's vertical radiation pattern is like a squashed dome, which is advantageous, because you have less gain overhead where the distance to the aircraft is less and more gain out to the sides where the distance is greater, therefore it gives a more uniform reception performance. The antenna is very very low profile as it's essentialy a ring over a ground plane and at 1GHz would be about 3cm above the ground plane. It has the disadvantage of being quite high Q giving you around 15MHz of bandwidth at 1GHz.
A note about balans for the more traditional dipole antennas, look up the design of a sleeved dipole above a quaterwave sleeve balan, such sleeves if properly thought about can give not just very good antenna feed line isolation which is essential for good RF performance but also very good mechanical support.
Any way which ever way you go have fun, though my prefrence would be the DDRR on a PCB ground mounted directly on the bottom of a die cast meyal box inside of which you mount you Raspberry Pi or beaglebone board and RTL SDR dongle and an PoE ethernet unit/psu. You can then put this up out of sight on a roof with a tupperware box over the top to keep the moisture ubder control.
May 7, 2016 11:15 AM
albert on Dilbert on Electronic Voting Machines:
Sorry, I mistyped the /b
Only the first line should be bold type.
Honest!
It's 2016, and we're still typing raw html....
. .. . .. --- ....
May 7, 2016 11:07 AM
JG4 on Friday Squid Blogging: Firefly Squid in the News:
a rehash of old news, but nothing has been done to address the vulnerability
http://securityaffairs.co/wordpress/47027/cyber-crime/car-thief-electronic-device.html
May 7, 2016 10:50 AM
Slime Mold with Mustard on White House Report on Big Data Discrimination:
@Clive Robinson
You certainly hit my sore points. As I wrote on the Squid thread two weeks ago, science is very broken . Regrettably, the articles start with the "soft" sciences, where one would expect them. They do go on to medical research and even physics. But they barely scratch the surface.
The most popular manipulation nowadays is to selects data sets that support the (orthodox) conclusion, and ignore those that do not, even when the data sets have been discredited (although their discredit was not widely advertised - too many careers on the line).
A good example of this is Graybill's stripbark Bristlecone Pine series. A dendrochronology frequently cited as a "proxy" in climate studies. The idea being that; warm years should yield wider rings, cooler years, narrower. In 2007
Linah Ababneh published results contradicting this assumption. Since she had weather data available for more recent years, she was able to determine that ring width was determined exclusively by rainfall. But the Graybill series continues to be cited by researchers prominent, even famous, in the climate studies community (Michael Mann). There are other sheninanigans and especially "adjustment" fraud. I am trying to keep this short.
I have to fire people: Sometimes from firms they have worked for in excess of 20 years. (OK, I write the reports, conduct the interviews, use forensic methods or hire experts for physical evidence: It has been many years since anyone - administrative judges included - have questioned my conclusions). I start with the negative hypothesis . That is: What I suspect is not true . I take this to heart rather than as a silly opening paragraph. I am not merely open to other ideas. I actively search for alternate explanations.
RE: Discrimination
In the US, and I am told, the UK, young men of African ancestry face peer pressure against both education and meaningful employment. There are, of course exceptions. When I have to do hiring and or training, I often notice among young American black men an expectation of failure . I do not see this in many African American women, and almost never see it in those born in Africa. If you walk through the offices of America's cities, you will see three times as many black women as men. Some scholars have claimed that this is because the dominant white culture feels less threatened by women. I say we will never know unless we close this gapping cultural chasm. My firm employs black men in senior positions. With a single exception, they are all from Africa. I doubt their friends see their efforts at work as them "trying a be a white mother f***er".
The government's new tool, despite their protestation, will first be used as a basis of lawsuits, either bought by NGOs, the Department of Justice, Equal Employment Opportunity Commission, or Housing and Urban Development, and then eventually legislation. I have had to prepare the response to discrimination suits (always filed in bad faith). It never takes less than 200 hours of my time, and a similar amount from the company attorney. We have never paid a penny. The process is the punishment .
May 7, 2016 10:49 AM
albert on Dilbert on Electronic Voting Machines:
@Nick P,
Thanks. It -is- a good article, but I wasn't reading Bruces blog back then!
@All,
I will restate my point in a different manner:
You can't fix technology with more technology!
How many examples does anyone need?
How many examples have been discussed here?
Computerized devices are insecure by design. So any system that relies on computers is going to be hackable. Printed receipts will -always- parrot your input. It's the -output- that gets hacked. Of course, they'll be networked (with Windows systems).
Do a little research on exit polls. Of course paper ballot systems are subject to fraud, but the referees are spread over thousands of people across the country, as opposed to a few in central locations.
As long as computers are in control, -no- election can be certified.
. .. . .. --- ....
May 7, 2016 10:27 AM
Bumble Bee on Friday Squid Blogging: Firefly Squid in the News:
"Who watches the watchers?" many have asked about NSA. Some of us do. It has come to our attention that certain employees of that agency have too much clearance. Way above TS/SCI, in fact.
It is our opinion that employees of NSA do not need to know or access any information that is classified above the TS/SCI level in order to do their jobs.
The most egregious examples of excessive clearance (i.e. want vs. need to know) are in the LOVEINT department. It's not just looking at porn. The targets of this LOVEINT are real human beings that are being manipulated maliciously out of a prurient interest on the part of some intelligence analysts.
And who watches them? Some of us do, and we do have the necessary clearance to put them on the sex offender list.
And we're just plain old ordinary people.
May 7, 2016 10:02 AM
Bumble Bee on Two Good Readings on the Encryption "Going Dark" Debate:
@Clive Robinson, Anon10, and other legal pickpockets
!!! NEWS FLASH !!!
(for the couch potatoes)
Here in the USA, "legal" means conforming first to our highest and most basic law, the U.S. Constitution, and thereunder in the appropriate jurisdiction to U.S. Code and military or other federal regulations that have been established in accordance with the Constitution, then to the constitutions of the individual states, and lastly to state and local legislation of appropriate constitutionality and jurisdiction.
Care to offer an opinion here?
Take a quiz. What is a "serious crime" vs. a "felony" vs. a "crime involving moral turpitude" vs. a "capital, or otherwise infamous crime" here in the Unites States?
Can a crime be all four of these or just one or two or three and not the others?
May 7, 2016 9:50 AM
NIck P on Friday Squid Blogging: Firefly Squid in the News:
@ Wael
"The same approach can be used to factor large primes or break ECC."
Uh, maybe. From what I've read, quantum annealing is separate from regular, quantum computation. This is going to be used on the kinds of optimization problems you see simulated annealing used on. Anything like that.
"I wasn't endorsing D-Wave Systems, by the way -- nor am I dissing them!"
I'm dismissing them until they show evidence their system works quantumly. The best evidence they posted was on Hacker News with some of its users there debating with us. It came down to one comparison showing a million fold speed up with D-Wave. That sounded really impressive until I found the benchmark: million fold for custom hardware compared to an *emulator* on a *single-core CPU*.
I speculated they might just have custom, massively-parallel hardware. Now, those ASIC's are usually several hundred times faster than a single chip rather than a million. Yet, that box is the size of 2-4 computer racks. I could squeeze a cluster of annealing ASIC's in there for a few tens of thousands of dollars in unit costs. That *might* give the speed-up they mentioned.
So, I want to see them do it the traditional way: patent the shit then show how it works publicly for peer review. If they're not frauds... if... then they're worried they won't solve remaining difficulties fast enough and someone else will use public data to steal the market.
Btw, if you like quantum computers, IBM just put a site up for people to try them out. I don't know if it's simulated or a real machine.
May 7, 2016 9:27 AM
Last Days of the Turd Reich on Friday Squid Blogging: Firefly Squid in the News:
Writing algebra will now get you pulled from a plane:
The stupid. It buuuuuurrrrnnnns.
May 7, 2016 8:24 AM
Daniel Ortoleva on Friday Squid Blogging: Firefly Squid in the News:
About to open a can of worms and speculation with politics.
Several news outlets are noting that presidential nominees get security briefings.
Although some reports state they are general in content, what punishments are there if top secret intel is leaked or used in business deals?
And what if both major party nominees are forced to drop out due to legal proceedings?
My guess is going down the line of succession, of which the speaker has stated he's not interested in running for the Executive Office.
May 7, 2016 7:28 AM
mike~acker on Friday Squid Blogging: Firefly Squid in the News:
"Those who vote determine nothing.
Those who count the votes determine everything"
-- Uncle Joe Stalin
May 7, 2016 7:19 AM
Figureitout on Friday Squid Blogging: My Little Cephalopod:
Rick Taggard
--Ok, some summer night I may have a beer and see what's flying over head. Do you have a "Y-cable" so you can have the dongle plugged in the phone and charge at the same time? This is why those android tablets were nice, they had one more USB port. But suppose having an extra battery and one of those USB batteries would be useful for remote use.
It's assumed using a smartphone in the first place, privacy is compromised, basically like an "anti-security" device that has 1 long range constant silent upgrade threat, and 2 short range wireless threats (BT and wifi, now NFC for shorter range), our kryptonite lol. This in addition to all the usual internet threats, and you can't really dig in the device physically easily. Any app you install, even a flashlight app, needs access to your call logs for some reason. But yes OPSEC wise, just using a public wifi isn't enough; device needs to be sanitized and you need a new personality and a safe way to reach the access point (all loaded terms, very loaded). I generally have no use for such OPSEC anymore though (the "untouchable" kind, too stressful. Had my fill lol, I'm just going to use electronics regularly now.), there is generally no one (normal lol) to communicate w/ in that way anyway and it's not really worth it IMO.
May 7, 2016 5:59 AM
Snoopy the Dog on Friday Squid Blogging: Firefly Squid in the News:
Bruce,
Can you do a column analyzing the implications of the changes to rule 41 if Congress doesn't stop it? Will the FBI be able to hack your computer just because you use a commercial VPN provider while surfing? Would that be considered sufficient provocation to get your computer actively targeted? Is it proposing that it's open season for hackiong and backdorring all computers issuing from a VPN's network anywhere in the world just because one person using that network to download a copyrighted movie?
I am having a hard time understanding what the implications are. Is it a warranting process which is nevertheless confined to specific to a single specific machine albeit located anywhere, or will it also permit them defacto to backdoor and otherwise hack into everyone's computer en masse who happens to be using the the same IP on the same VPN, or even the same VPN, or even just encrypting their traffic through a public VPN.
May 7, 2016 5:40 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ Andrew, Wael,
Yep, they "ecrypted" patient names too... (which, of course, are useless from analytic point of view).
That depends on how things are encrypted...
I used to work fairly closely with the ICT side of the UK's NHS, and they managed to lose three (auditors) laptops that had my full confidential medical records on...
They are congenitaly incapable of using encryption rationaly even when it comes to encrypting a container such as a zip or tar file, without doing something stupid with the key...
Thus I realy do not belive they are using individual record or file keys. Further even if they do use seperate keys on PII fields, such records contain many "free form text" fields in the diganostic, clinical and test result sections, that clinicians etc frequently put things like "Mr Smith responded to vancomycin and declofenic treatment..." or "Mr Smith needs to be seen by physio prior to release due to his living on the tenth floor of council accomidation where the lifts are not maintained".
Oh and I've met the Royal Free ICT staff on a number of occasions --I deployed and supported a research DB there and then later applied for a job there once-- and I was very far from impressed with either them or the HR time servers...
So I realy thing the "encryption" line realy is nothing but spin.
As for using patient records for research, if it was a "fair playingfield" I would agree. But it's so slanted into the gapping maw of Big Phama that block many research avenues by others in favour of their profit, that I find myself both philosophicaly and practicaly against the idea. It is they for instance that have put us into the "antibiotic trap" which we currently have no way out of, and just like the "too big to fail" banks, they see only very short term profit over a stable market, and use the same if not worse lobbying techniques the banks used.
May 7, 2016 5:24 AM
Mr Peabody on I'm Writing a Book on Security:
Don't listen to the people telling you "war" is the wrong metaphor. Is this an attack via political correctness or something? What does your gut tell you? What gets YOUR point across? To me, yeah, it's a war. A zero-sum game possibly with the fate of the Republic in the balance if the wrong people get into power in the future.
Don't tone it down, the connotations are exactly what you want. How long have you been an English speaker? How refined has your understanding of the English language become over your lifetime? Are you going to be talked into abandoning your well developed spidey-senses?
The War on Christmas is not a thing. The War for the Internet, yeah, that is very much a thing. Just consider who the players are.
May 7, 2016 5:15 AM
Mr Peabody on I'm Writing a Book on Security:
How about this one- the danger of algorithm-identified and algorithm-driven-exclusion of, for want of a better phrase, "personality types" from the pool of people who are permitted into the TLAs (and elsewhere of course).
This has to be a real danger. A sort of recursive, supercharged, super-strained homogeneity of personality types resulting in a rapid shift of anchoring perspective towards authoritarianism.
We may already be seeing this and it has to counted as hugely destructive in its own right.
If the perspectives of TLAs seem paranoiac to the rest of us and the real (or perceived) naïveté of the average citizen seems hopeless to TLAs then any rapprochement or reconciliation between the two world views could become impossible.
May 7, 2016 5:12 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ Wael, Nick P,
I don't see why the same techniques can't be applied on "Classical Computers"...
When it comes to "random" algorithms like MC / Annealing which you would use on real world problems like the Travaling Salesman etc, no I would not expect any speed improvment by the way the D-Wave is supposed to work.
Especially when you consider the "scaling issue". After many decades humans have managed to tame an inherantly chaotic analog system sufficient that digital logic can be made. Part of that is the "hidden error correction" mechanisms that push out the expected 1 in 10^9 meta stability issues in latches to 1 in 10^22. Which even with modern clock speeds up in the Ghz makes them rare enough to "ignore" currently, but not in massively parallel systems.
There is a real problem with QC systems which is the chaotic or random (peeps are not sure which) decoherence of the "state storage" elements of the Qbits.
The D-Wave system apparently has no error detection or error correction mechanisms which makes it's full unreliability a factor in it's computations.
Which brings us to a an interesting question of what errors are acceptable. If you consider the traveling salesman issue, in the real world equivalent getting the absolute shortest path does not actually matter within 90% of it's value with a half dozen options is actually of more practical use.
Similar logic applies to other algorithms but by no means all, you have half way house cases in "searching" in certain types of abalytics for trends etc where you don't need --or sometimes want-- exact matches, but within a certain range percentage with the very occasional random error does not actually matter due to the "inverse law of small numbers".
The same however is not true for the end case where an exact match is required as there is usually "no acceptable range" (though rare errors can be removed by other post QC processes). Cryptanalysis is one such case as one of the crypto algorithm designers primary goals is to remove "similar key" issues.
Thus the question of "Where" the error correction is placed. The QC community have in the past expressed the desire to have it as part of the quantum processing. D-Wave have gone to the other extream and ignored the issue, which alows others to use clasical computing to check for errors post quantum computation. Personaly I suspect that ultimately both methods of error correction will be needed, but the last time I spent a little time searching, nobody appeared to be considering it as an option.
So... based on how long it took to tane the chaotic behaviour of classical gates (~5 decades) I would not expect QC to become as effective in less than double that time for the same level of applied resources. Thus QC would be eighty years away, however the level of resources applied is actually significantly more, but you would still be looking at something like twenty five years give or take ten.
And in essence that is what the D-Wave fuss is all about, the hype is turning D-Wave into a Golden Goose Egg, with an increasing investor bubble forming around it. At the moment nobody has "made the omelet" as the D-Wave won't alow the egg to be broken, so we don't know if it holds gold or the stench of H2S. What scares other QC researchers is it's H2S or similar and the resukting stench will drive investors away from the slow and steady progress path.
We actually saw this with the Space Race, the object was not to make space a usable resource but a political p1551ng contest. If the slow and steady path had been adopted and kept with we would have had the systems only just comming into development fifteen to twenty years ago, which gives us a lost generation of political football.
May 7, 2016 5:02 AM
Wael on Friday Squid Blogging: Firefly Squid in the News:
"factor large primes" should be "factor products of large primes"...
May 7, 2016 4:21 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ tyr,
Here's a peachy marvel tale of modern technology with your best interests at heart.
I read that the other day from a link on HN, and it's interesting from two respects.
Firstly is the obvious theft of IP and ownership rights by Apple. The second the nonsense of online self appointed experts spout in effect "blaiming the victim".
Of the two I'm not sure which is worse, Apple using an ambiguous EULA to hide behind blatent criminality and racketeering as exhibited by their conversion of your free title ownership into a rent seeking lease. Or the effective trolling by the supposed experts who in effect are complicit with with Apples theft and extortion.
I also wonder what would happen if you sold Apple a product that effectivly did the same with say all their code and hardware design repositories which are their core IP?
Let's put it this way, I'm reasonably certain they would put you in a world of leagle hurt under their "might is right" doctrine which is but a subset of their "devine right" entitlement that their "King Scam" that sovereigns have pulled on citizens for centuries.
As Bruce and others have noted it's the new digital serfdom where "you get the raised digit", because you don't have the status of equity of arms to assert your rights so you systematical have them stripped.
On a similar note, the bad behaviour by Google / Alphabet of scanning student accounts and applications building troves of information and profiles. In the legal case against them they have somehow persuaded the court that it should not be alowed to become a "Class Action"...
Oh and if you read Googles blurb, they have actually only promised to stop the advert side of the scanning, not the other rather more creepy asspects... What upsets me is that it's not as though the students have any choice or their parents any recourse. The academic organisation gets the resourse for next tonothing providing they use a flaw in US legislation that effectivly makes Google an integral part of the academic organisations staff/managment...
May 7, 2016 4:20 AM
ianf on Friday Squid Blogging: Firefly Squid in the News:
OT Speaking of wishful thinking writ large, this just off the presses:
THE BESERE VELT TIMES
1 May 2036
News From The Better World To Come
Posthumous Indictments For Hoover, Kissinger and Cheney
Truth and Reconciliation Panel Continues To Unearth U.S. Crimes, Domestic and ForeignWashington, D.C. USA – The U.S. Supreme Court's Truth and Reconciliation Panel issued its latest round of posthumous indictments today bringing charges against… [more…]
May 7, 2016 4:08 AM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Andrew,
Yep, they "ecrypted" patient names too
New word definitions...
Ecrypt:
A) Verb: the act of forecasting an impending death of a patient, followed by the preparation of a crypt for him/her.
B) Verb: disguised form of encryption; steganograhized encryption.
May 7, 2016 3:53 AM
Andrew on Friday Squid Blogging: Firefly Squid in the News:
@Clive Robinson
"I forgot to add a couple of links to the 1.6million "Full Patient" records given to Google story, with the "encryption" spin in them"
Yep, they "ecrypted" patient names too... (which, of course, are useless from analytic point of view).
Otherwise someone has to try to get something out of the world health data. Machine learning assisted diagnosis could change everything...
@David
No matter what you're using, very unlikely someone will brute force your encrypted data. Watch your passwords, in case of Truecrypt/Veracrypt add a large keyfile, preferable on some external storage. That's about so much you can do...
May 7, 2016 3:45 AM
ianf on Friday Squid Blogging: Firefly Squid in the News:
OT, but maybe not: here's to putting a friendly US/UK face on sky-robotic assaults by way of Hollywood:
“The new drone-kill film Eye in the Sky mobilizes major star power and technical virtuosity to persuade its viewers of a number of unlikely things:
- that the Western war machine has the intelligence and technology to efficiently prosecute its war on terror (if only democratic sensibilities didn’t get in the way);
- that intelligence is freely shared by the U.S. and its allies; and, most persistently,
- that the West has a heart ❤ (and tear ducts) as large as Texas.” […] (embellishments mine)
Read the rest of the review (by post-GWB election American expats to Canada), and make use of your tear ducts… then rejoice, because I just saved you the bother of ever having to see it (Helen Mirren notwithstanding).
May 7, 2016 3:39 AM
Wael on Friday Squid Blogging: Firefly Squid in the News:
@Nick P,
Here's one that doesn't inspire confidence:
Very long rant! I got the gist of it after 10 minutes of reading...
Next, the group fed the same instances to Quantum Monte Carlo: a standard classical algorithm that uses Wick rotation to find the ground states of “stoquastic Hamiltonians,” the particular type of quantum evolution that the D-Wave machine is claimed to implement.
Exactly my thoughts. It sounds like an interesting approach to solve problems that are intractable with current algorithms! The same approach can be used to factor large primes or break ECC. I wasn't endorsing D-Wave Systems, by the way -- nor am I dissing them! Some of the short videos did an excellent job to explain a complex subject in a simple short format.
I suspect we can use a spread sheet with each two cells and a coupler representing a QBit (read the short primer first -- don't just "skim it". Understand how a Hamiltonian can be utilized along with an "Energy Program", couplers and biases!) I don't see why the same techniques can't be applied on "Classical Computers"...
May 7, 2016 3:20 AM
Wael on Dilbert on Electronic Voting Machines:
@Anura,
There's a very good argument for using sortition to elect your representatives.
Definitely! I'm saying practice isn't aligned with the theory.
Of course, then you have the question of who gives these randomly chosen people the bills to introduce.
True! Do we get to vote that banning encryption or adding backdoors and eroding privacy (that we used to have, RIP) isn't a good idea?
May 7, 2016 2:43 AM
Drone on Dilbert on Electronic Voting Machines:
@Evan Þ, Your concern is invalid. There is no way for a voter to prove a verification ID is in-fact associated with that voter. This renders the verification ID useless as proof to a vote buyer how a particular voter voted.
May 7, 2016 1:24 AM
Anura on Dilbert on Electronic Voting Machines:
@Wael
There's a very good argument for using sortition to elect your representatives. Or, at the very least, your lower house. They would be a lot more representative of the population, would not have to care about things like reelection, and they would not be beholden to any campaign donors. Of course, then you have the question of who gives these randomly chosen people the bills to introduce.
May 7, 2016 12:15 AM
tyr on Friday Squid Blogging: Firefly Squid in the News:
Here's a peachy marvel tale of modern technology
with your best interests at heart.
https://blog.vellumatlanta.com/2016/05/04/apple-stole-my-music-no-seriously/
You don't want any of your homemade crap, we'll make
much nicer MP3s for you. There isn't that better now.
Allowing autmated systems to rework your comp remotely
is a horribly bad idea that makes other security holes
pale by comparison.
Right after ianf predicted the automatic artist of the
future.
May 7, 2016 12:07 AM
k15 on Friday Squid Blogging: Firefly Squid in the News:
Also, how would you assure yourself that your internet connection was valid?
May 7, 2016 12:05 AM
k15 on Friday Squid Blogging: Firefly Squid in the News:
Bruce. Is there really an outfit called CitizenLab in Toronto, and if you send an email to them ( [email protected] ), does anyone respond?
May 6, 2016 11:55 PM
Nick P on Friday Squid Blogging: Firefly Squid in the News:
@ Wael
Let me just say that everytime the D-Wave machine comes up on Hacker News people start referencing Scott Aaronson in their counterpoints. Here's one that doesn't inspire confidence:
May 6, 2016 11:24 PM
Wael on Dilbert on Electronic Voting Machines:
But if I were Dilbert, I would respond as follows:
Voting? Why vote? People are random with different motives and intelligence levels... Might as well have the machine generate a random winner! Better yet, let the candidates play Rock, Paper, Scissors. I mean, I heard the guy and read his lips, but lo and behold, he still increased taxes! What gives? At the end of the day it's all random anyways. The only constant is the face!
May 6, 2016 11:12 PM
all caps troll on White House Report on Big Data Discrimination:
@Eh
Sorry, but you clearly had gone beyond emphatically pointing out, into way stupid land. Which is how one drones a more correct argument to bits in a free speech forum when their own position is fatally logically flawed.
May 6, 2016 11:02 PM
Wael on Dilbert on Electronic Voting Machines:
@Earl Killian,
This is what it would take for me to feel comfortable with the technology.
In addition to what you listed, the only way I would trust voting machines is if the machine displayed the vote results real time, one at a time. I don't care if others know who I vote for. What's the big deal? Some will vote for the lesser of two evils and others will vote for the other idiot.
I also want to be able to verify the initial state. Who knows, maybe the idiot was given a head vote start...
May 6, 2016 11:01 PM
Lazarus on Dilbert on Electronic Voting Machines:
@Ken "And yet no one has produced evidence that the machines are inaccurate or fraudulent.". Well, errr, yet many sources have proven that the machines can be easily tampered with. Try googling "diebold hacking". Of course with an actual vote we are not supposed to know what the result is supposed to be. So anything that these infallible machines tell us must be the correct answer, right? With no way to verify.. Just read the Dilbert strip again. It describes the situation accurately.
May 6, 2016 10:44 PM
Eh on White House Report on Big Data Discrimination:
Oh, sorry... I should have said "Emphatically pointing out that we're doing FAR FAR WORSE things..." There, fixed it for ya :)
May 6, 2016 10:39 PM
Eh on White House Report on Big Data Discrimination:
@all caps troll
Emphatically pointing out that we're doing far far worse things than discrimination and nobody cares, is trolling? Then let the trolling continue!
May 6, 2016 10:35 PM
Wael on Friday Squid Blogging: Firefly Squid in the News:
Spent some time today watching most of these videos. The topic of QC came up many times on this blog, and I was skeptical. D-wave systems was referenced here several times as well. These set of videos are excellent, imho...
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.
May 8, 2016 4:30 AM
Clive Robinson on Friday Squid Blogging: Firefly Squid in the News:
@ Wael, Nick P,
As I pointed out for some applications the errors are of little or no consequence, others they can be filltered out by a post QC classical computing process etc.
The thing is that many QC researchers want to do it all in the quantum arena, and this may well be holding the whole research field back by decades. Whilst I'm suspect of the D-Wave approach and system, I think the best way forward is a hybrid model that leverages the best of both technologies.