Shouldn't that be "billions and billions"?

I've only heard of long transmission lines being affected, miles long or even hundreds of miles. A house should be fine. The only thing I'd worry about is a spike coming in from the grid itself, if all their insulators and transformers fail. I have no idea how big that might be by the time it got to you.

I know people have trouble accepting it, but I want to offer once again the philosophical principle that true freedom implies the right and ability to commit yourself and to constrain your future actions. This principle should be very acceptable to the FSF, because it is the basis for their argument that the GPL is more free than BSD style licenses. Superficially, the BSD is more free, because it let's you do whatever you want. But the FSF argues that the GPL is actually freer, because it let's you do whatever you want only as long as you let others do whatever they want with the result. Imposing this limitation on freedom, paradoxically, increases freedom.

And really, this should not seem paradoxical, because we see the same principle all the time in everyday life. Every time someone signs a contract, he commits to performing certain actions and thereby limits his own freedom. The same thing happens when two lovers promise to be faithful. The point is that the essence of true freedom requires the ability to voluntarily limit your own freedom.

This is where the FSF, along with much of the network community, has gotten off on the wrong foot with some of these hardware technologies, in particular Trusted Computing. These technologies allow you to make credible commitments to limit your own freedom. You can promise to run only certain software to handle certain data, and failure to honor your promise can be detected.

It should be clear that, as with contract, marriage, and other areas where we make binding commitments, as long as these kinds of promises are voluntary, allowing them actually enhances freedom. Yet the FSf doesn't see it that way. They are so angry and upset at the notion that people may make promises only to run certain code that they are doing all they can to make such promises impossible to make credibly.

I can understand the concerns that these technologies could be made mandatory. That would obviously be an unacceptable infringement on freedom. But we don't eliminate marriage just because some people are unfairly forced into marriage in certain cultures. We don't eliminate contract just because some are coercive. We fight the unjust arrangements while recognizing the value of a system which allows people to make binding commitments.

The same approach should be applied to Trusted Computing. We should support voluntary adoption of the technology, while vigorously opposing efforts to make it mandatory.

Unfortunately I don't see much prospect of the FSF changing its position on this issue; Stallman is not notoriously amenable to reasonable persuasion. But I hope the larger community can start to look at these matters with open eyes, and not feel obligated to follow the FSF in lockstep.

I'd say something did go wrong. While a $4 billion sell order is not overwhelmingly large in some markets, in the e-Mini market, those 75,000 contracts will overwhelm the standing bids if dumped on the market too fast. And that's what happened, due to the retarded algorithm that targeted 9% of trading volume *without regard to price*. In today's environment, that algorithm is broken because high frequency traders swarm as soon as the market starts to move. HFT is not a problem per se, they mostly just buy and sell with each other without much net effect, but it drives up volume. So this firm is dumping shares on the e-Mini, overwhelming the market, and it falls like a rock. That gets everybody else panicky and the market breaks down for a few minutes.

IMO the fundamental problem was this big trader who dumped shares on the market too fast. That firm should be held responsible and penalized. They used a broken algorithm that resulted in a massive order imbalance.

First, it wasn't last summer, it was this summer (it's still summer); or more precisely, last month.

http://yro.slashdot.org/story/10/08/17/1953211/From-Slaying-Dragons-To-Dictators

Slashdot at least didn't join the hype. Although the discussion got sidetracked into whether Iran should be called a dictatorship, and whether America is evil, the technical comments were generally quite skeptical. Haystack was accused of relying on security through obscurity, and in the end that proved to be the case.

...and using a drill and jigsaw, cut through and remove the window in the front. This will allow the microwaves to escape and jam electronic communication. For extra fun, mount the microwave on a "Lazy Susan" spinning platter. You can sit behind it and turn it from side to side, to sweep the room and aim it at anyone who's acting suspiciously.

On the iPad (which always capitalizes it's own name that way (also it always puts an apostrophe in "it's" even when it's wrong)) you can type two spaces INSTEAD of a period at the end of a sentence, and it turns it into a period and a single space. Best of both.

Amusing comments but the reality is that this is still the same old P300. You concentrate on a letter, they flash different letters on the screen for about 30 seconds, and it makes a guess at what letter you were thinking of. Then if it's right you go on to the next letter. Super super slow. Eye blink signals are probably just as fast. And if you can't use your eyes you probably can't use P300. I think there have been some studies trying to extract P300 signals from audio cues but they have not been too successful.

If it is true that '"I don't think there is a limit, that there will be a certain size where quantum mechanics starts to break down," Dr Aspelmeyer said,' then that means that even larger objects also go into superpositions of quantum states. That would go all the way up to human sized and larger. This is the fundamental principle of the Many-Worlds Interpretation (MWI), that when quantum measurements occur, even though we only see one outcome, actually we go into a superposition of multiple states, each of which sees a different outcome. Each state evolves independently. It is as though the world splits into parallel universes, where every possible outcome occurs in a different universe.

This follows strictly from the principle that QM applies at all sizes. And this new experiment certainly pushes us in that direction.

Some scientists, notably Roger Penrose, had speculated that QM would break down at macroscopic sizes. He specifically proposed that once sizes were large enough for gravitational forces to exceed some threshold, QM would break down. Wikipedia has this: "Tiny superpositions, e.g. an electron separated from itself, if isolated from environment, would require 10 million years to reach OR threshold. An isolated one kilogram object (e.g. Schrödinger's cat) would reach OR threshold in only 10^-37 seconds." Now here we have a trilliion atom object. That is about 10^13 amu, which is 10^-14 kg. Dividing 10^-37 seconds by 10^-14 we get 10^-23 seconds, which is far shorter than this experiment lasted. This means basically that this experiment disproves Penrose's theory! This is the first time this has happened, and I am (AFAIK) the first person to notice this.

In short it is becoming harder and harder to avoid accepting the reality of parallel worlds. What this should mean for our actions is up to the philosophers, but we should not bury our heads and pretend it isn't true.

According to the article, Stoll's excuse is that he was trying to play the contrarian:

At the time, I was trying to speak against the tide of futuristic commentary on how The Internet Will Solve Our Problems.

Contrarianism helps sell magazines (and garners pageviews) but let us not forget that it is usually WRONG. Yes, humbling as it may be to admit, the great unwashed masses, the "sheeple", are usually right in their collective opinions. Contrarians often escape punishment for their folly because no one cares, but in this case Stoll got properly burned.

I'm a programmer and I've studied the 332 page TCPA Main TCG Architecture v1_1b.pdf design specification. It explicitly refers to the owner as an attacker and it specifically mandates the chip to be secure against the owner himself.

Pics or it didn't happen.

The closest I can find is pages 313-314: "The basic design point for the attack tree is that the TPM should be resistant to all software attacks and somewhat resistant to hardware attacks."

A prescription that the chip be "somewhat [!!!] resistant to hardware attacks" is a pretty thin basis for asserting Orwellian control and domination.

He cracked the SLB9635TT12 as seen on the Wiki page image.

Thanks, that is helpful, but where is this Wiki page? I looked at the BlackHat session links and right now there are just some slides that are very generic and don't mention any parts. The video and audio is not up yet.

I have no doubt he could tell us this EK you mention but this might violate the DMCA if he did.

I wouldn't think so, but even so he could instead sign a message with the EK and get the same effect, as suggested above.

If it all sounds TinfoilHat-ish, that's because the system really is that Orwellian.

Let me make a couple of arguments against this:

1. The TPM can also be used for non-Orwellian purposes. For example playing an online game and making sure nobody has cheat mods loaded. This could even be a P2P game if anybody was interested in that any more. Or how about online poker or blackjack. How do you know the dealer's not cheating? He could use a TPM protected system and other players could verify that his software is fair. Another example, imagine a P2P Ebay. The seller could run the auction and everybody could send in their maximum bid. But the seller uses TPM so bidders know he can't see what their max bids are, and cheat them. No third party, no commissions.

I know it's hard to believe, but there are actually many situations in life where it is to your advantage to be able to commit yourself not to break the rules. That is really what a contract is, if you think about it. Contracts are a way to get the other guy to believe you will keep your word (and vice versa). It is to your advantage to be able to commit yourself in this way.

Trusted Computing delivers the same capability in the realm of software and data. You can convince the other side that you will follow certain rules, the rules embodied in the software. Believe it or not, this can actually be to your advantage. And if it's not, you can tell the other guy to take off.

2. TCPA didn't have to do it like this. If all they wanted was DRM, they could have gone ahead and made a centralized system that works the way (almost) everybody thinks Trusted Computing and TPM works: "it will only run signed code". How many times have I heard that over the years. Hundreds. And it's wrong every time. But they could have done it like that, made a system that lets Big Business trust your computer because it controls it. They could have made it so you couldn't run a hacked movie player or logging video driver. This would have accomplished the DRM goals.

But they didn't. They came up with a general purpose system for Trusted Computing that provides just that: a way for people to trust EACH OTHER'S computing. Anyone can use it, for any purpose. Any code can run. It's just that you can't lie about what is running.

Ironically of course the one system that does provide all the horror of what everyone was afraid of is the iPhone, which also happens to be enormously more successful than TPM. For all the fear about it, TPM has never been used in any single application for DRM. All it has been used for is protecting your own crypto keys. But for years everyone has been "Oh teh Orwell" about TPM, while meanwhile Apple is fat and happy signing every iPhone app before it lets it go out.

Why don't you have him just sign something with that public key signature rather than divulging the private key to the world?

You're right, that's a better idea. He can sign something with the EK rather than publishing the private key. It accomplishes the same thing but maybe causes less disruption to the TPM world.

I've been reading about this hack for days, but something seems fishy. Some of the earlier reports had him hacking the SLE 66 CL processor chip which is embedded in the TPM, not the TPM itself. This article also describes him as having to work with many copies of the chip to discover its secrets, but it has the chips being inexpensive ones from China. Problem is that Infineon is a German company and I don't think you can get Infineon TPMs cheaply from China. Putting this together, it's not clear to me that he has truly hacked an Infineon TPM. He may have hacked a similar chip and he assumes that the same attack would work on TPM.

However, there is a way for him to easily prove that he has done what he said. Every Infineon TPM comes with an RSA secret key embedded in it, called the Endorsement Key or EK. This key is designed to be kept secret and never revealed off-chip, not to the computer owner or anyone. And Infineon TPMs also come with an X.509 certificate on the public part of the EK (PUBEK), issued by Infineon. If Tarnovsky has really hacked an Infineon TPM and is able to extract keys, he should be able to extract and publish the private part of the EK (PRIVEK), along with the certificate by Infineon on that key. The mere publication of these two pieces of data (PRIVEK and Infineon-signed X.509 cert on PUBEK) will prove that his claim is true.