If you ignore all the weird DRM-ish uses (which are basically unsupported for now anyway [1]), the TPM makes a nice cryptographic token. Unfortunately, TPM v1.1 hard-coded the OAEP label to "TPM", which made it incompatible with everything. TPM v2.0 fixes this -- the label is now user-specified. That means that you can use it for modern hardware crypto (sadly, using SHA-1, which should be phased out).

[1] For meaningful DRM, you need an endorsed TPM, which most vendors don't provide. See http://www.privacyca.com/ekcred.html

I don't think this is a good fit for 802.11n. From the paper:

802.11n aggregates frames. This means that (at least for throughput-limited flows) multiple packets will be transmitted at once, and they're likely to all be lost together. This won't help. In any case, it makes sense for inherently lossy links to do their own FEC -- the end-to-end principle is not a good way to maximize capacity. But hacking around TCP like this seems silly -- just fix the problem at the link layer.

TFA does a good job of using units that are incomprehensible to anyone who isn't an expert in thermoelectrics. But we can convert them...

For a hot-side temperature of 950 K and a cold-side temperature of 350 K, the Carnot efficiency (i.e. the maximum possible efficiency of any device) is ~63%. So this is somewhere between 1/4 and 1/3 as efficient as it could possibly be. Large generators, such as combined cycle gas turbines are considerably more efficient, but these devices are small and silent. In other words: not bad.

It seems like the big vulneraibilites in mobile platforms these days involve apps doing things they shouldn't. Android is, for the most part, way ahead of Apple in terms of technical mitigations. Android sandboxes apps with explicit permission grants. Apple just vets them, incompletely. iOS also seems vulnerable to odd things, like this. Apparently executing unsigned code on iOS, if you can pull it off, sidesteps part of the sandbox. Android is based on the assumption that any app can execute unsigned code and it still tries to be secure.

I think it's a bit ridiculous, but not for these reasons.

(1) They suggest using very high temperatures, presumably to avoid exactly this issue.
(2) Not sure what you mean. She subtracts what from what? But see below.
(3) The authors propose adding low-pass filters for exactly this reason. They'll filter out high-frequency signals, leaving low-frequency components that have no effective time delay.

My attack would be for Eve to add a small probe signal -- she would insert a voltage source in the line, with a time-dependent (or even constant) voltage of her choice. She would then measure the correlation between the voltage she injects and the current in the wire. Alice and Bob are supposed to check for this by comparing the conditions on their ends of the wire with their expectation, but this assumes that they have measuring devices as good as Eve's.

The idea that the security is based on the second law of thermodynamics is, IMO, absurd. The second law says that a bunch of things that would decrease entropy are impossible. But Eve can do whatever she wants as long as she sinks enough entropy somewhere else -- Alice + Bob + the wire is not a closed system.

This is endorsed by Audi, BMW, Chrysler, Daimler, Ford, GM, Porsche and Volkswagen. Tesla is conspicuously missing. The Tesla Roadster and the Tesla Model S are the only electric cars in or near production that are close to road-trip worthy, so the omission is unfortunate.

There are several asymmetric protocols with very nice security properties, even against adversaries with quantum computers. My personal favorite is based on the Learning With Errors problem, which is in turn based on some lattice results. Wikipedia has a decent summary, and the original paper is here. The old McEliece cryptosystem might be secure against quantum attack. NTRU is commercialized but its security bounds make me very nervous. There also systems based on elliptic curve isogenies, but a new quantum algorithm comes somewhat close to breaking them. The main problem with these cryptosystems is that the resulting ciphertexts and signatures tend to be fairly long. RSA produces ciphertexts that are about the same length as the original messages and DSA produces nice, short signatures. ECC protocols are even better, but Shor's algorithm breaks them just as easily as RSA and DSA. The fancy post-quantum protocols, on the other hand, tend to produce large messages that are slow to work with.

What is this thing supposed to be? TFA is rather clear on the point that it's "a new type of laser". But it also says (as though it's obvious) that "the more power one puts into a laser accelerator, the more powerful and precise the light beam that comes out on the other end". I don't know exactly what a "laser accelerator" is, so I don't really know whether pumping more power in makes the other end more precise.

Of course, even if FoxNews.com can't explain how it works, it was a dramatic "supercharged electron beam that can burn through 20 feet of steel per second". Well, FoxNews.com, WTF is it? A laser or an electron beam? (Hint: a laser shoots light not electrons.)

I think it's really a Free-electron laser, in which you inject electrons into a tube and laser light comes out the other end. So TFA has it completely backwards.

I know that slashdotters automatically love anything involving making information more free, but...

I liked Wikileaks, too, until they published all the reports from the ground in Afghanistan. Up until then, at least the high-profile stuff revealed actual coverups of things that could be damaging because the fact that it happened was embarrassing or wrong. But the latest stuff? It's pretty much mundane, but it reveals important sources of information to American troops. Revealing that the troops have sources of information would be fine if completely unsurprising. But who benefits (other than the Taliban) from revealing their names?

C'mon, Wikileaks. Step up and act like real journalists. Think before you post. And if you fsck up, don't be surprised when people get pissed off.

PSI is a unit of pressure to common folk and to physics nerds as well.

Unfortunately for common folk, PSI doesn't stand for "pounds;" it stands for "pounds per square inch." Kind of like your gas guzzler doesn't get 13 miles; it gets 13 miles per gallon or 3.4 miles per liter. But if you said your car was very efficient and got 55 miles, I would tell you that your statement made no sense, not that your number was wrong.

Um, why energy? Assuming that the solar sail is nonrelativistic, then (energy) = 1/2 (momentum) * (velocity), which means that the energy imparted by a photon depends rather strongly on how fast you're going.

A photon is (more or less) a single thing. There are lots of them flying at the sail from the sun, and each one supplies some impulse to the sail.

Imagine you're trying to walk forward through an oncoming swarm of flies. You feel resistance -- that's the force from the flies -- but each fly is just knocking you a little bit back.

If each fly you hit pushed you back with 0.01 pounds of force, then the farther you walked, the more force you'd accumulate (because you've hit more flies), and it would get harder and harder to walk.

> Each photon of light exerts 0.0002 pounds of pressure on the 3,000-square-foot sail

C'mon people, can't you even check if what you're saying makes the slightest sense before posting it? There are two impressive errors in that sentence. First, each photon [1] applies some impulse to the sail. Impulse is what you feel pushing you back when someone punches you. It's a one-time effect and is neither a force (impulse per unit time) nor a pressure. Second, a pound might be a unit of force or of mass, depending who you ask, what you're talking about, and how pedantic you are, but it is never a unit of pressure. (If it were, you might say that the Earth's atmosphere weights 14 pounds, a statement that makes no sense at all.)

[1] For the physically inclined, there's a more subtle error, too. The impulse supplied by a photon is related to its momentum, which is a function of wavelength. So, unless something weird's happening in the sail, blue photons supply a larger impulse than red photons.

Even if you turn off instant personalization, facebook still knows every time you visit one of those partner sites. But NoScript (I leave scripts enabled globally) has a cute feature called Application Boundary Enforcer. Here's (some of) my config:

Site .facebook.com
Accept from .facebook.com
Deny

Site .fbcdn.net
Accept from .facebook.com
Accept from .fbcdn.net
Deny

Enjoy!

While suing Sony sounds great, it involves finding a lawyer (ideally a class action lawyer) to handle it. But here in the US, we have another mechanism: the FTC.

If enough of us file FTC complaints online, they might take note. I wrote something like the text at the bottom of this post.

The company in question is:
Sony Computer Entertainment America
919 East Hillsdale Boulevard
Foster City, CA 94404

---BEGIN FTC COMPLAINT---

Sony (as Sony Consumer Entertainment America, Inc.) sells, and has sold for several years, a popular device called the Playstation 3. Up until now, this device has two features of note:

1. It supports a feature called "Install Other OS." This allows users to install operating systems such as Linux on their Playstation 3, which many users use for scientific and other purposes.

2. It supports something called the PlayStation Network. This is an online network of gaming users and is critical to obtaining the full gaming experience advertised by Sony.

Yesterday, Sony announced (http://blog.us.playstation.com/2010/03/28/ps3-firmware-v3-21-update/) that they were going to disable the "Install Other OS" feature on all PlayStation 3 units, even those already sold. Users can opt out of this disablement, but that will in turn disable PlayStation Network.

Sony claims that this is due to "security concerns." These security concerns are probably that Sony realized that "Install Other OS" might allow PS3 owners to bypass digital rights management restrictions. In other words, Sony is crippling an existing product to aid in preventing users from doing something that may hurt Sony's relationship with content developers. (Users attacking the Playstation 3 may or may not be legal, but that shouldn't matter here.)

I am not an expert in the relevant law, but it seems to me that a company should not be permitted to disable functionality of products already sold, especially when the reason that they disable that functionality is to prevent their users from doing something.

There a "fix" that should help a lot: have browsers cache all certificates that they've accepted. Then, whenever a site *changes* its certificate, give a bit fat warning and optionally send the new certificate to some repository of questionable certificates.

If that repository starts to see bogus certificates signed by a CA, revoke that CA's root certificate.

To really make it work, HTTPS should have a mechanism to indicate that a certificate may not be changed until such-and-such a time, and there should be a way to (later, when using a different internet connection) tell a website what certificates you've seen that claim to identify it. That way the web site operator can go after bad CAs itself.