Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Slashdot Deals: Cyber Monday Sale Extended! Courses ranging from coding to project management - all eLearning deals 20% off with coupon code "CYBERMONDAY20". ×

Comment NSL = for things that DO NOT require a warrant (Score 0) 60

Note what this (or any) NSL does not request, for good or ill given the explosion in digital communications since Smith v Maryland in 1979 and subsequent case law (which effectively says that metadata, as "business records" provided to a third party, do not have an expectation of privacy and are not covered by the Fourth Amendment): CONTENT of communications.

Note what is also missing here: the target. People assume it's an innocent US Person. The fact is, if a NSL is used, the person is almost certainly a foreign intelligence target under active investigation, and the reason why requests are "dropped" is because IF a NSL was used in the first place, we don't want to reveal any further sources, methods, or what we know.

Unless and until the Supreme Court of the United States speaks on this matter again -- and it very well may, and it very well may rule differently given how the communications landscape has changed in 35+ years -- that is the law of the land. Not peoples' opinions, not tech commentator know-it-alls, not self-proclaimed security experts.

If something doesn't legally require a warrant, it amounts to a formal request. I'm not saying it's always perfect execution, but the whole purpose of a NSL is so that it runs through its own legal process -- which, again, is for information that does NOT require a warrant. I know people think it has no oversight, but either something requires judicial oversight, or it doesn't. And NSLs DO have massive amounts of LEGAL oversight, just not a warrant signed by a judge -- repeating myself here -- because one isn't required for information sought by a NSL.

And like information that we seek under Intelligence Community authorities, we don't want the target of the collection or surveillance knowing we are targeting them, or where, or how. Yeah, it sucks, and it's imperfect, and all that, but even in a democratic society, you can't just say every single national security or intelligence issue has to be in the open. That's not how even democratic societies work, or can work, or should work, when it comes to national security matters. Some things tilt too far in one direction based on national events, or politics, etc. Then they tilt back. It's never fast enough for proponents or critics.

The main issue is that people say that something like a NSL is "bad" because it doesn't have judicial oversight in the form of a warrant. If the information sought doesn't legally require a warrant, I don't know what to tell them. Then when we do actual court orders and warrants when required for foreign intelligence collection, issued by the very court whose sole purpose is to protect the rights of Americans under the law and Constitution in the context of foreign intelligence collection, they complain because the evidence is heard and rulings are issued in secret.

A NSL at its core is nothing more than a formal process and notification, with a lot of other legal considerations surrounding it, that is the equivalent of someone saying, "Hey, can you help us out...and oh, by the way, here's a bunch of other legal crap which justifies this. And don't tell anyone, because this is a national security issue." I understand why people make an issue of it, because they'll say, ok, even if it's used for all "bad guys" it still "could be abused". Uh, and? Any government power at all "can be abused". Secret ones "can be abused" in secret.

And yet, the government still has to have powers, and some of them on the national security and intelligence side are necessarily cloaked in secrecy. And in the conduct of war, diplomacy, law enforcement, and counterterrorism as the United States, with our myriad interests at home and abroad, we do all of these things for a reason. No, it's never perfect, and it never will be. People act surprised when the use of something like NSLs skyrockets since the late 90s...well, guess what else skyrocketed since the late 90s? The goddamned internet, which we invented, and our enemies are literally using it against us. No, not bullshit like tweets and Facebook pages; adversaries using the internet for no-shit coordination, collaboration, and C2. AND intentionally using US systems and services because they know that it's a legal rat's nest for us to get to them there, even if they're non-US Persons outside the US.

So anyway, yeah, it sucks, but the general attitude most people in the national security and intelligence communities are operating under is we had better be using the full extent of the capabilities afforded to us under the law, and we don't make the law.

The other issue, speaking broadly, is that sometimes the target itself is not subject to Constitutional protections at all, because the target is a non-US Person outside the US, and it is absurd to argue that if said target's communications touches the US in any way, suddenly it should be subject to Constitutional and warrant protections, because warrantless efforts to obtain it otherwise "could be abused".

SCOTUS can either speak to it, or Congress can pass a law. My own PERSONAL opinion, in a vacuum, and absent everything else I know, is that metadata should be protected -- because of 1.) the explosion in digital communication and the internet in the ensuing decades, combined with 2.) government's ability to exploit large amounts of collected data because of advancements in technology.

I would point out that even though portions of the statute with regard to NSLs have been found unconstitutional, it has only been about the gag order and length of time, not the use of a NSL, which is essentially a formal letter.

The issue of who the Constitution protects and where has many different arguments, but in a traditional law enforcement/intelligence/national security context, generally we see it as protecting either 1.) US Persons (be they citizens, permanent residents, lawful visitors, groups of the above, etc.) or 2.) people IN the US, no matter who they are.

The FISA Amendments Act shifted this a bit due to the reality that over 70% of international internet traffic touches the US somehow, by design or incidentally, and we had an absurd situation where both ends of a conversation would be AQAP members outside the US, who are not US citizens, and have never been in the US, who we suddenly can't collect on, even with capabilities outside the US, because one of them is using Hotmail.

If Constitutional protections applied to everyone, everywhere, my view is that the concept of borders and nation-states is meaningless, and it also destroys foreign intelligence collection -- and I mean Destroys. That said, we can certainly argue that we want to follow Constitutional *principles*, and aside from things people want to cherry pick that they don't like, I would say that, generally speaking, we do that.

Comment Re:Is this really as typical as it seems? (Score 2) 116

New technology market deployments go in stages, including the following:
  1) The underlying technology becomes available and financially viable. The window opens.
  2) An explosion of companies introduce competing products and try to capture market share. They are in a race to jump through the window.
  3) There is a shakeout: A handful become the dominant producers and the rest die off or move on to other things. The window has closed.

We've seen this over and over. (Two examples from a few decades back were the explosions of Unix boxes and PC graphics accelerator chips)

IoT applications recently passed stage 1), with the introduction of $1-ish priced, ultra-low-power (batteries last for years), systems-on-a-chip (computer, radio peripheral, miscellaneous sensor and other device interfaces) from TI, Nordic, Dialog, and others. It's in stage 2) now.

In stage 2) there's a race to get to market. Wait too long and your competitors eat your lunch and you die before deploying at all. So PBHs do things like deploy proof-of-concept lab prototypes as products, as soon as they work at all (or even BEFORE they do. B-b ) They figure that implementing a good security architecture up front will make them miss the window, and (if they think that far ahead at all) that they can fix it with upgrades later, after they're established, have financing, adequate staffing, and time to do it right - or at least well enough.

So right now you're seeing the IoT producucts that came out first - which means mostly the ones that either ignored security entirely or haven't gotten it set up right yet. Give it some time and you'll see better security - either from improvements among the early movers or new entrants who took the time to do it right and managed to survive long enough to get to market. Then you'll see a shakeout, as those who got SOMETHING wrong fail in competition with those who got it right.

If we're lucky, one of the "somethings" will be security. But Microsoft's example shows that's not necessarily a given.

In this case, though, the POINT of the product is security, so getting it wrong - visibly - may be a company killer. (I see that, in the wake of the exposure, the company is promising a field upgrade with this issue fixed in about a month. If it does happen, and comes out before the crooks develop and use an exploit, perhaps this company will become another example for the PHBs to point at when they push the engineers for fast schlock rather than slow solid-as-rocks.)

Comment Re:The HELL they can't! (Score 1) 74

Being in the industry, the reason I was given was (1) the electrolyte is very expensive right now

Vanadium pentoxide (98% pure was about $6/lb and falling as of early Oct and hasn't been above $14 in years) and sulphuric acid?

and (2) investors need a demonstration of return.

Always the bottom line. B-)

Comment Re:Source Code (Score 1) 48

The ransomware gets its name from the fact that the "DecryptorMax" string is found in multiple places inside its source code.

They distributed the source code with the ransomware?

Or the strings in the source code ended up generating strings in the object code and something like the "strings" tool found them.

Comment Re: Because backups are important (Score 1) 48

We can only assume they are too cheap, lazy or distracted with other things to keep frequent backups.

Or they think they ARE keeping backups, because they ARE - on a different part of the same disk, using automated processes provided and touted by the vendor - but the ransomware disables the tools and deletes the backups. Oops!

There's a difference between "backups" and "adequate, off-machine, backups".

Comment Looks to me like an oversight. (Score 1) 48

Why would you need a random .png from the Internet? Can't they just keep whatever part they need (header?) as part of the binary?

I'd guess:
  - The authors wrote the tool to use enough of the start of an encrypted/clear file pair to generate / sieve the key and deployed that.
  - Some used discovered, after the tool was deployed, that the invariant header of a .png file was long enough that any .png file could function as the "clear" for any encrypted .png (or at least that many unrelated pairs could do that.)

I'd bet that, if the authors had thought there was a nearly-universally-present file type the ransomware would chose to encrypt, with a large enough header to pull off this trick, they'd have included a canned header and the option to use it in the tool.

Comment The HELL they can't! (Score 3, Interesting) 74

That's something conventional flow batteries can't do.hat's something conventional flow batteries can't do.

The hell they can't. Industrial-scale Vanadium Redox flow batteries are doing that right now, in utility companies, and have been for a couple years. (In New Zeeland, if I recall correctly.)

I think the reason they're not more widely used already is that they're under patent protection, the company is small, and its owners don't want to license the technology or dilute their equity, so the supply is limited to their ramp-up and funding sources.

Comment Re:battery vs capacitor (Score 4, Insightful) 74

When does the battery become capacitor?

When the voltage across it is directly proportional to percentage of charge.

And they already did, many years ago. That's what "supercapacitors" are: Electrochemical cells where the charge is stored by migrating, but not ionization-state-changing, ions in a solution (rather than by migrating electrons within two conductors (one metal, the other metal or conductive liquid) separated by an insulator, as in a conventional or electrolytic capacitor, or ionization-state-changing ions in the cells of a conventional battery,where the voltage only changes slightly with state of charge until nearly full discharge.

Comment Re:Can't Carbon be nuclear? (Score 1) 351

Details matter. You are looking to build a fusion reactor, and this reaction is far more difficult than the DT reaction that the fusion community is focusing on.

They're also working on the substantially harder p-B reaction (which only has a trace of neutron output due to impurities/side reactions). That's substantially harder (and worth it!) but still not in the ballpark.

Comment A field full of two layers of firefighters. (Score 1) 108

As mentioned previously, my mental model of semiconductors and the like is a fireman's water brigade, were either the majority of the line has buckets or empty hands.

It helps if, instead of a line, you think of a LOT them standing in a two-D array (like in the yard of the burning building, or a section of a parade that's stopped to do a little demo). It's really three-D, but we'll want to use up/down for something else in a bit...

For metallic electron conduction everybody has TWO buckets, one for each hand, and when a guy by the fire throws a buck of water on it (bucket and all) on the fire, a guy farther back immediately tosses him a bucket, the guy behind him essentially instantly throws HIM a bucket, andso on. Hands are effectively never empty.

For semiconductors, imagine two layers of these guys, the second standing on the firsts' shoulders or on a scaffold right above them, and about enough buckets for each of the guys on the ground to have two and the guys on the scaffold to have none. (There's actually many layers of scaffold, but the rest are so far up that it's hard to get a bucket to them, so they mostly just stand around.)

Usually nothing useful is happening. Everybody on the bottom layer has both hands full of buckets, and it's hard to hand a bucket up to the guys on the top.
  - Electron-hole pair creation: Somebody comes up with the energy to heave a bucket up to the guys on the upper layer, leaving a guy with one hand empty in the lower layer. (Maybe somebody (a photon, for instance) comes along with a lacrosse stick and whacks a bucket up to a guy in the top row - dying or becoming exhausted and much weaker from the effort.) Now you've got one guy with a free hand in the lower layer (a hole) and one bucket on the top layer (a free electron).
  - Electron conduction in a semiconductor is that bucket on the upper layer. The guys there can hand it around easily, or toss it along a diagonal until it would hit a guy - who catches it. They're all standing on accurately-spaced platforms so the bucket can go quite a way before somebody has to catch it. Suppose there's a slope to the yard, with the fire at the bottom. Then, if tossed too far, the bucket might pick up substantial speed and knock the guy who catches it out of place (electromigration), or fall down to the lower layer and knock another bucket out of somebody's hand and bounce, ending up with TWO buckets on the upper layer and an empty hand below (avalanche electron-hole creation).
  - Hole conduction is when you've got an empty hand on the bottom layer: Now it's easy for a guy with two buckets to hand a bucket to a guy with only one, exchanging a bucket for an empty hand. But now the guy whose hand had been empty has two buckets and nobody in the downhill/toward-fire direction to hand a bucket to, while the guy who handed it off has an empty hand and can grab a bucket from somebody farther uphill / closer to the water source - or beside him, or diagonally. So "empty-handedness" (a hole) can move around as a persistent entity while the individual buckets gradually work their way in the general direction of the fire, only making a bit of progress "when a hole comes by". Though the water makes progress toward the fire, the action is all where the holes are making progress away from the fire.
  - Electron-hole annihilation: Somebody has a bucket on the upper layer when a guy below him has an empty hand. So he drops the bucket. CLANG! Ouch! Now there's no "free bucket" on the upper layer, no free hand on the lower layer, and the energy of their separation went somewhere else (knocking the guy sideways so he bumps into his neighbor and generally making the guys vibrate, "creating a guy with a lacrosse stick who runs off to whack at buckets", etc.)
  - P-type doping: A guy in the bottom layer had a sore hand and only brought one bucket to the fire, thus having a free hand from the start. He can take a bucket when a neighbor pushes it at him (the hole moves away). But he'd like to hand it off and have his sore hand free again (so holes tend to stick around at his site). It's lots easier to "make a free hole" by convincing him to hold a bucket in his sore hand than by tossing a bucket up to the guys on the scaffold, but does take a little effort.
  - N-type doping: One of the guys on the upper level really likes to hold a bucket, so he brought one with him. The guy next to him can grab it from him, but if another comes along he'll try to hold on to it a bit until somebody shames him into letting go again or wrestles it from him. It's lots easier to get him to let you use his bucket for a while than to pull one up from the guys on the ground, but it does take a little effort.
  - Tunneling through a potential barrier: There's a ridge across the field. It's hard to hand buckets up to the guys on the ridge, so they don't flow across it very well (unless someone at the side of the field is pushing the buckets really hard...) Occasionally the guys on one side of the ridge hand a bucket through the legs of the guys standing on the ridge to the guys on the other side.
And so on. B-)

I'm keenly interested in finding more material to read up on the observed Hall effect measurements. Thanks again for your contribution to the discussion.

The wikipedia article on the hall effect has a section on the hall effect in semiconductors, but both it and the reference it uses start from treating the hole as a charge carrier with a fixed charge and a mobility different from a free electron, and just computes formulai from there.

If the hall effect on hole currents were fallout from the hall effect on the individual electron bucket-transfers, rather than the hole acting like a positive charge carrier in its own right, you'd think it would go the other way

Comment Another useful vacuum tube: Thermionic converter. (Score 1) 108

Another vacuum tube technology with current applications and substantial advantages over semiconductor approaches to the same problems is the Thermionic Converter. This is a vacuum-tube technology heat engine that turns temperature differences into electric power - by boiling electrons off a hot electrode and collecting them, at a somewhat more negative voltage (like 0.5 to 1 volt), at a cooler electrode.

Semiconductor approaches such as the Peltier Cell tend to be limited in operating temperature due to the materials involved, and lose a major fraction of the available power to non-power-producing heat conduction from the hot to the cold side of the device. Thermionic converters, by contrast are vacuum devices, and inherently insulating (with the heat conducted almost entirely by the working electrons, where it is doing the generation, or parasitic infrared radiation, which can be reflected rater than absorbed at the cold side.) They work very well at temperatures of a couple thousand degrees, a good match to combustion, point-focused solar, and nuclear thermal sources.

Thermionic converters have been the subject to recent improvements, such as graphine electrodes. The power density limitation of space charge has been solved, by using a "control grid" to encourage to charge to move along from the emitter to the collector and magnetic fields to guide it (so it doesn't discharge the control grid and waste the power used to charge it).

Current thermionic technology can convert better than 30% of the available thermal energy to electrical power and achieves power densities in the ballpark of a kilowatt per 100 square cm (i.e. a disk about 4 1/2 inches in diameter). That's a reasonably respectable carnot engine. This makes it very useful for things like topping cycles in steam plants: You run it with the flame against the hot side so it is at the combustion temperature, and the "cold" side at the temperature of the superheated steam for your steam cycle. Rather than wasting the energy of that temperature drop (as you would with a pure steam cycle) you collect about a third of it as electricity.

It also beats the efficiency of currently available solar cell technology (and the 33.4% Shockleyâ"Queisser theoretical limit for single-junction cells), if you don't mind mounting it on a sun-tracker. Not only that, but you can capture the "waste heat" at a useful temperature without substantial impairment to the electrical generation or heat collection, and thus use the same surface area for both generation and solar heating. (Doing this with semiconductor solar cells doesn't work well, because they become far less efficient when running a couple tens of degrees above room temparature.)

Anything cut to length will be too short.