Thanks to quantum computing, public-key encryption will be breakable in a matter of years, a decade or two on the outside.

One-time pads are inherently secure, but they are a pain since the pad itself has to be transferred securely.

A solution is to take a common, everyday data source, slice-and-dice and compress it, and use the result as the one-time pad. Transmit the instructions using public-key cryptography or using a different one-time pad.

Examples of everyday data sources include meteorological data, newspapers, literature, government publications, software releases, etc.

Decryption instructions can be as simple as:

Take the SuSE Linux 10.0 English CD set, append the ISO files in numerical order, strip off the first 100 bytes, compress it, and swap every 10th byte with the next-higher byte.

Transmit this instruction - which is less than a few hundred bytes - using any available secure channel.

December 17, 2009: No man is so evil that he cannot turn around and receive God's embrace. Note: I think I just made that up earlier today, but it could be based on some famous quote. September 5, 2009: CmdrTaco, your mother is calling you up from the basement for dinner. June 21, 2009: Make Money Fast the legal way! April 16, 2009: Is it moral to take tax breaks you don't need? Discuss. November 17, 2008: Diet: Die with a T on the end -Garfield Note: href="http://tinyurl.com/wiki-AdiposeDrWho is http://en.wikipedia.org/wiki/List_of_Doctor_Who_monsters_and_aliens#Adipose November 3, 2008: Idle is: 1) Pants 2) Shirt 3) Socks 4) Coat 5) Tie 6) Cufflinks 7) Vest 8) CowboyNealBoots September 12, 2008: Don't like Ike? Donate. September 9, 2008: What do you think of idle.slashdot.com? September 3, 2008: Do you prefer the old Slashdot? Disable JavaScript. May 25, 2008: /. poll: I think life on Mars... April 1, 2008: Slashdot April Fools joke poll March 24, 2008: Happy Easter! March 23, 2008: Happy Easter! March 13, 2008: Poll: What are you giving up for Lent? February 27, 2008: Poll: What are you giving up for Lent? February 2, 2008: Poll: What are you giving up for Lent? November 8, 2007: This Holiday season, please give to those less fortunate. November 1, 2007: "He's our first meta-president!" - J. Stewart on President George W. Bush, 9-Oct-2007 [Note: Taken from The Daily Show, October 9, 2007] [Note: His name is Jon not John. But just the initials seems so much more formal and therefore so much funnier.] October 10, 2007: "He's our first meta-president!" - John Stewart on President George W. Bush, 9-Oct-2007 [Note: Taken from The Daily Show, October 9, 2007] July 20, 2007: Part of being a good system administrator is recognizing your own ignorance. June 19, 2007: I am on a quest for the elusive Great Slashdot Signature. May 27, 2007: Please Help me find a 3.5" bay for 4x2.5" drives. May 3, 2007: do you Digg these Very popular Digits? CfkRAp1041vYQVbFY1aIwA== April 19, 2007: Say no to bloatware. April 9, 2007: How would you solve tariff arbitrage? April 7, 2007: My thoughts on immigration. What are yours? April 6, 2007: if (post.isFunny()) laugh(); Tuesday November 28, 2006: Fake Slashdot Story Generator Friday October 13, 2006: Help me complete my Slashdotism Collection September 8, 2006: Banking login improvements - will they work? August 10, 2006: Future Terrorism journal, input requested. May 28, 2006: What is your vision for a $100 PC? Jan 30, 2006: Of water: "An ounce is an ounce and a pint is a pound" / not exactly but around. Jan 12, 2006: ACM Technews - news for academic nerds Nov 2, 2005: Give Karma to latecomers: Moderate yesterday's news today. Nov 1, 2005: New sig coming soon. To see sigs early send $10 to .... October 27, 2005: Central America "Beta"-tests for hurricane preparedness: http://tinyurl.com/ash4m [note: tinyurl is http://www.nhc.noaa.gov/archive/2005/refresh/BETA+shtml/] October 6, 2005: World's worst bug September 21, 2005: Rita explained: Bush must have friends in high places, because after Katrina, FEMA wanted a do-over. August 30, 2005: "We were expecting the worst, and I think itÂ's meeting those expectations" -Dan Packer, 8/29/2005, on Katrina July 8, 2005: ???Software is tangible after all??? June 8, 2005: --
Vote is the human detector too easy or too hard? May 23, 2005: -- Make Money Fast! No Spamming Required! January 14, 2005: --
6 years of MS World Domination January 3, 2005: --
Please help tsunami victims December 2004: --
Java Slide Rule

POLL: What's the best reason to limit or outlaw anonymity online?

1) Protect Children/Kiddie Porn
2) Fight terrorism
3) Fight financial fraud
4) Fight illegal drug trade
5) Other
6) None - there is no good reason
7) Unmask CowboyNeal

Nothing [for you] to see here. Move along.

Only Old North Koreans need NOUN.

In Soviet Russia, NOUN VERBS YOU!.

Imagine a Beowulf cluster of NOUNs.

All your base are belong to us.

Think of the children!
--
Did I miss any? Please reply so I can collect them all.

Please comment.

Ballot ideas 9/6/06

Goal:
1) voting by handicapped voters with minimal assistance
2) voter-verified audit trail
3) cost-reduced versions available where needed
4) quick count available to the press within minutes

4 machines handle ballots, only 1 of which is needed if goas 1, 2, and 4 are not required.

Machine 1 is a master vote counter at county headquarters. This machine makes the official count and is required. In large counties more than one machine can work together. Machines do not have to be co-located.

Machine 2 is a printed-ballot scanner. At least one of these should be present at each voting location. This machine accepts the printed, marked ballots, tabulates them, and faxes the results to county headquarters as soon as the poll closes. More than one of these is allowed per precinct. If none are allowed, "instant results" will not be available and the opportunity to catch tampering of ballots en route to county headquarters is diminished.

Machine 3 is a ballot-marking machine. This is similar to an "e-ballot" machine but it is NOT an official voting machine. It is simply a machine that takes the voter's on-screen selection and prints it to a ballot, which the voter then drops into the printed-ballot scanner or into a traditional ballot box for later counting.
If this machine does not exist, the voter can mark the ballot by hand using a pen.
At least one machine should be at each precinct to meet the requirements of the Help America Vote Act.

Machine 4 is a ballot-verification machine. This machine is purely for the convenience of the voter and plays no role in the actual voting. A voter puts a marked ballot in this machine and it prints a report of what votes were cast. This can help a voter verify his hand-marked ballot was marked correctly and ask for a new ballot if it was not. This machine should use identical technology as the master vote counter for best results.

At any time before the voter puts the marked ballot in the printed-ballot scanner or traditional ballot box, he can "spoil" the ballot and vote again.

Counties with low budgets need only purchase a master vote counter and ballots and marking pens that are compatible with this hardware, something many counties have done for decades.

Counties with extremely small populations can and probably should continue to use hand-counted paper ballots, possibly with the assistance of a machine similar to machine 3 to comply with the Help America Voters Act law.

Fraud and error detection:

If available, the quick-count is compared to the master-count for that ballot box. Discrepancies that affect the outcome of any election are investigated.
A small random sample of precincts is machine-counted on a machine with different technology and vendor, OR is hand-counted.
A larger random sample of precincts, preferably over 25%, is statistically sampled. A statistical sample of ballots is counted by hand or using a machine with different technology and vendor than the master counter. If the actual counts and statistical sample are significantly different, the entire precinct is recounted. Any complete-count discrepancies that affect the outcome of any election are investigated.
Discrepancies that do not affect the outcome of an election should be investigated if fraud, equipment failure, correctable human error, or another failure is suspected. Minor variations such as seemingly-random +/- 1 vote discrepancies need not be investigated unless they affect an outcome, fraud is suspected, or fixing the underlying problem could avoid real problems in the future.

My bank is adding a "security picture" to its login. You enter your username, then the bank shows you a picture you previously selected. If it's wrong, you call the bank fraud hotline. If it's right, you enter your password.

A man-in-the-middle attack can easily defeat this. Even a bot running on a zombie PC can defeat this:
Bot sends spam directing people to a properly-registered similar-spelling secure web site run by the bad guys. The bad guys get your userid, and pass it on to one of a thousand other zombie-bots who give it to your bank and gets the picture. The zombie-bot and fake web site act together for a man-in-the-middle attack.

The reason the zombie-bots are needed is so the bank won't notice a bunch of different account accesses from the IP address of the bogus web site.

The bottom line:
This won't work. What will work better:
* Smarter people who won't fall for spelling/lookalike sites
* Train customer to either type in the address by hand or use a pre-typed shortcut or Favorite, NOT links sent to them in email
* Provide customers with an application that, independent of the web browser, gets a password and/or one-time passcode, connects to the server, and does a preliminary login. At that point, anyone from your IP address will have 15 minutes to do a regular login. A spoofed-url-based man-in-the-middle attack will immediately set off alarms.

Please tell me the FBI is doing this every week.

Let's play a game. Pretend Osama bin Laden hired us to brainstorm ways to get explosives aboard an airplane.

PLEASE: If you have any serious, non-obvious method, don't post it here. Contact law enforcement instead. England just busted a bunch of would-be plane bombers and I'm doing this to burn off some stress. Post just the obvious and the outlandish please.

OK, here goes.

body cavity bomb.

Surgically implanted bombs.

Secretly replace air marshall with genetically programmed clone to do your bidding.

Hack NORAD and use SDI to take out a plane. BONUS: Take out the White House while you are at it.

Free Gatorade and digital cameras for everyone!

Please link this and post your replies.

We've all heard of the "$100 laptop" destined for third-world countries. But what about poor people in America and other industrialized countries that don't need a laptop?

What belongs in a $100, consumer-oriented computer?

Here is my vision. What is yours?

Typical consumer usage: Web-surfing, printing, composing resumes, educational programs/schoolwork, small-scale spreadsheet/database/small-business applications, Probably nothing more intensive than OpenOffice 2.0. Non-compute-intensive gaming.
Alternative/out-of-the-box uses: firewall, print server, file server, web server, or other dedicated use.

OS: Whatever it is it's got to be $0. Think Linux, BSD, or another popular open-source platform. System should come preloaded. However it must run Windows XP nicely and better if it runs Vista without the eye candy at a reasonable speed.

CPU: 1GHz minimum, 1.5GHz better.

RAM:256MB to keep the Windows users happy.

Internal hard disk/internal storage: 4GB minimum, 10GB better.

Video: As cheap as possible, support reasonable resolutions at reasonable refresh rates. Standard VGA connector.

Modem: 56K with voice and fax, soft-modem to save cost if OS supports it

Sound: Cheap sound with audio in and headphone/speaker-out.

USB: 2 ports minimum. 4 if it adds almost zero cost. User can buy a splitter if necessary.

External, extra-cost items, USB required: keyboard, mouse, printer, optical drives, removable flash media, floppy drive, wired or wireless networking, scanner, serial port, parallel port, fancy audio, and any other external device besides video.

Power supply: Lower-wattage, average quality

Noise: Low, single- or no-fan.

Internal expansion: Limited to replacing HD and adding RAM.

Boot: From internal disk or USB media, including via LAN from bootable USB LAN devices.

Form factor: As compact as reasonable, preferably the size of a modern consumer router.

Power consumption: Shoot for under 100W when system is fully utilized, less when disk or other systems are powered down.

Cost: Under $100 for just the computer. Keyboard, mouse, video, printer, optical drives, and other external devices extra. Cost for usable system: $140 with used monitor, keyboard, and mouse. Add $50 for printer.

Jr. High/High School math teachers:
Want to teach your students to be able to generate a trig table with a 4-function-plus-square-root calculator?

Have them memorize:
sin 0=0 (exactly)
sin 10=0.174
sin 20=0.342
sin 30=0.5 (exactly)
sin 37=0.602
sin 45=0.707 (sqrt(2) exactly)

From these, they can interpolate the rest of the sin table from 0 to 45 degrees.

They can generate a cosine table for 0-45 degrees using the formula:
1 = cos^2 + sin^2
or
cos = sqrt(1 - sin^2)

For 46-90 degrees use the formula:
sin(x) = cos(90-x)
and for 0-90 degrees which is what we care about:
cos(x) = sin(90-x)

Tangents are simply sin/cos.

Once you know these, cotangents, and the inverse functions fall into place.

The resulting table is good to within 0.5%, or 2 significant digits.

As a science-tie-in bonus, sin37 is approximately 0.602, which "looks like" Avogadro's number, 6.02 x 10^23, the number of atoms or molecule in a mol of a substance.

Additional observations for students:
1) interpolations are frequently good enough
2) the sin curve is relatively flat in 0-30 degrees so we can have our interpolation points spaces further apart. Using 10,20,30, 40, and 45 as interpolation points leads to inaccuracies greater than 0.5% between 30 and 40.

For advanced students:
What two points between 0 and 30 generate the table with the best worst-case error for 0-30 and 60-90 degrees for sin? for cosine? for tangent? [answer: I didn't calculate this yet.]
Why were 10 and 20 chosen? [answer: it's easy to divide by 10 which makes interpolation easy.]

What point between 30 and 45 generates the best worst-case error for 30-60 degees for sin? for cosine? for tangent? [hint: 37 is better than 38].

(c) 2005 davidwr of slashdot

iso/tar/zip/whatever builder:
 
Purpose:
Allow web sites to "store" many slightly-different customized archives or CD-images
without storing the actual images on the server.
 
Patent potential:
This is patently obvious and took less than an hour to cook up a blueprint.
Besides, this or something very similar has almost certainly already been done.
No patent potential.
 
Commercial applications:
No reason commercial environments cannot benefit from these ideas.
 
Variations:
Variations are endless.
 
Input:
Type of output file
Source files and instructions to get/unpack source files
List of files to package
Location of destination file
block-level post-compression command and blocksize
 
Output:
Output file broken down into pieces, with instructions on how to get each piece OR contents
 
of the piece.
 
Example output:
 
controlfile.txt:
#===============
DATA:
#startoffset-endoffset - action which sends output to stdout
000000-00ffff - include directory.header
010000-012345 - interpret file1.txt.instructions
012346-02468a - interpret file2.txt.instructions
02468b-02468f - bytefill 00
024690-0246a0 - include checksum.txt
POSTPROCESSING:
compression command '%1 | blocklevelcompressor' # %1 is a block of data
compression index compressionindex.txt
 
compressionindex.txt:
========================
#If the user starts any part of a compressed block,
#rebuild the entire compressed block on hte fly and send only
#the parts that are needed.
#
#uncompressed block start-uncompressed block end - compressedfilestart-compressedfileend
000000-00ffff - 000000-007352
010000-01ffff - 007353-00f8ab
020000-0246a0 - 00f8ac-012fa0
 
directory.header:
================
[binary data representing the header to the file]
 
file1.txt.instructions:
======================
#!/bin/sh
##shows file-by-file compression
#tar -xf archive.tar file1.txt | gzip {gzip output to stdout}
## do not use ... |gzip {output to anything but stdout}
 
file2.txt.instructions
======================
#!/bin/sh
#cat file2.txt
 
checksum.txt:
============
[checksum goes here]
 
****end example output****
 
End-user action:
User goes to web site, runs a configuration program to get only
certain files, then is given the url to his tarball, iso, or what-have-you.
 
When the user asks for {ftp, http}://somesite/hiscustomfile the
  file is generated on the fly using the controlfile.txt file.
It can even be retrieved "in the middle" a la ftp-resume using the
offsets in compressionindex.txt first then those in controlfile.txt
 
NOT SUITABLE FOR:
 
This is not suitable for compressed files that rely on the entire file being compressed in a
 
non-block fashion, i.e. where the previous parts of the file affect the next part of the
 
file.
 
Improvements:
Instead of a bunch of loose text files, controlfile.txt,
compressionindex.txt, and the other files can themselves
be part of an organized file. The old-style Microsoft
file with [section headers] seems obvious, as does a .tar, .zip,
or .tgz file. XML also seems obvious and very "webbish."

That's because transfer of "intangible" goods, like information, is exempt from the regulations, but goods considered tangible, such as software, are not.

Since when is software tangible? Um, that's why it's called SOFTWARE.

link
Feds blacklist 'illegal' Cuban Web sites
Published: July 8, 2005, 2:42 PM PDT
By Anne Broache
Staff Writer, CNET News.com
TrackBack Print E-mail TalkBack

Americans should think twice before booking a Cuban holiday through scores of travel Web sites that the U.S. government has deemed to be off-limits.

The U.S. Treasury Department has blacklisted more than 60 Cuba-centric sites, many maintained by a travel company called Tour & Marketing International. The last update to the list was published by the department's Office of Foreign Assets Control on June 30.

Certain travel-oriented Web sites made it to the verboten list because they provide easy access to Cuba for Americans who choose to break the law, the OFAC says. While visiting the sites may be permitted, downloading software from them probably isn't.

The reason lies in a section of federal law prohibiting people living under U.S. jurisdiction from doing business with those on the OFAC's list of "specially designated nationals," a category that also includes known terrorists, narcotics traffickers and rogue regimes, such as Iran, Iraq and Syria. (Many of the Cuba sites have been on the list since a December update.)

It's already illegal to go to Cuba without a special Treasury Department-issued license, typically granted based on educational or professional purposes. Tourism, according to federal guidelines, is not allowed. Once licensed, travelers must make travel arrangements with an organization chosen from a list of OFAC-approved agencies.

But if booking travel with an unauthorized dealer is already illegal, then is booking travel through a company also on OFAC's verboten list an even greater offense? Lawyers aren't sure.

"I don't know what penalties OFAC would propose in connection with the use of these sites," said Daniel Waltz, a Washington, D.C., lawyer who specializes in U.S. embargoes. "They might take the view that because they're listed (with OFAC), the penalties should be higher. They might take the view that we'll penalize you once for travel and impose a second penalty for use of the listed site."

"The problem, really, with the OFAC regulations and export controls generally is they weren't designed for the Internet," said Douglas Jacobson, a sanctions lawyer in Washington, D.C.

Several of Tour & Marketing's sites--with gocubaplus.com as the flagship--allow customers to make online reservations for flights, hotels, rental cars and tour packages in Cuba by traveling via a "third country." The site mandates that customers pay online and claims to be "not only Cuba's number one agency for American travelers, but also...able to serve all travelers--regardless of whether they have a Treasury-issued license," according to a Treasury Department press release.

The bulk of the sites under the company's ownership provide information about the geography, history and tourist attractions in a host of Cuban locales, from Baracoa to Varadero Beach. Ads--also operated by the company--rim each page and point to the e-commerce sites.

It doesn't seem to be a crime to check Cuban weather or read up on Ernest Hemingway's ties to the island at the sites. Signing up for free e-mail lists would also be permissible, said Treasury spokeswoman Molly Millerwise, provided that they did not include "interactive software." That's because transfer of "intangible" goods, like information, is exempt from the regulations, but goods considered tangible, such as software, are not.

When robots meet RFID
Energy-conscious wireless tech
Quake watch turns to tech
Toeing the line on back-to-school PCs
Wi-Fi mooching and the law
Previous Next
Using the sites to get money to Cuban companies would clearly be illegal, but lawyers suggested that enforcement may be a little fuzzier.

"Theoretically, yes, a person can be prosecuted and subject to civil or criminal penalties by OFAC for purchasing a ticket or doing any businesses with any of these Web sites," Jacobson said. "The reality is, the chances of them actually being caught is relatively slim, because there's really no way to track that information. The only way they would do it is to raid their offices, take the server, get e-mail addresses...But I don't think they would go that far."

Owned by Stephen Marshall, a British entrepreneur, Tour & Marketing takes a strong stance on Cuban trade relations, defending the country's sovereignty and calling on the U.S. and British governments to cease their embargoes. According to an online statement by the company, "The United States' aim in stepping up the blockade is to isolate Cuba, strangle it economically and create the conditions for external intervention." Attempts to reach Marshall on Friday were unsuccessful.

The current OFAC list also contains Sercuba.com, a PayPal-esque electronic money transfer service, and Cimex, a corporation that runs travel agencies but does not appear to engage in e-commerce. Another site, Cuba-shop.net, which OFAC added to the list in February 2004, furnishes a 403 Forbidden screen when called up.

Vote here:
The /. Human-Detector is:
1) WAY TOO HARD: I can't make them out at all
2) TOO HARD: They are very hard to read even when I squint
3) JUST HARD ENOUGH: Any reasonably intelligent person with good eyesight can read them
4) TOO EASY: Any reasonably intelligent computer program can read them
5) TRIVIAL: Any $50 OCR package can read them

David's Hall Of Mirrors

Too often Slashdot links are "temporarily unavailable" due to the Slashdot effect.

Here's some of my favorite Slashdot-effect-insulators:

MirrorDot - mirrors links in recent Slashdot articles.

The Coral Cache mechanism
http://YOUR.DOMAIN.HERE.nyud.net:8090/REST.OF.YOUR.URL.HERE

The Google Cache:
Go to http://www.google.com and search for some text in your web page, and click on the "Cached" link. Honors robots.txt.

The Internet Archive:
Provides snapshots in time for many web sites. Pretty useless for current events but great for long-static pages on famous sites. Honors robots.txt.

1) Please add your favorites to this journal.
2) Please spread the word, I cribbed these from those who came before me, no reason why you can't too.