Forgot your password?
typodupeerror

Comment: Re:Is this technically impossible - no. (Score 1) 186

by Tuidjy (#47923267) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

the worst is its reliance on criminals to be loyal and diligent, any one of whom could compromise your entire organization's communication.

No argument there.

And then you want them doing steganography, and by hand? They'll be raising every red flag there is

How exactly is the e-mail with a picture going to raise any red flags? Sure, it they are already tailed everywhere they go, and someone is monitoring how long they spend composing their e-mails, they will be in trouble. But just from the sent e-mail, when neither the sender or the receiver are monitored? Unlikely.

Each person has their own set of keys, and the key itself is encrypted with a decent password.

Sure. And their e-mails contain obviously encrypted content, which makes them a person of interest, and they own the key for the next e-mail, and the program to decrypt it, so that it can be taken from them, and used by the adversary. Are you sure your way is better?

Comment: Re:Is this technically impossible - no. (Score 1) 186

by Tuidjy (#47923185) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

What you're describing is a random number generator with a key to initialize it. Some of the good ones might be good enough (or might not). Anything you can keep in your head is going to be crap and fairly easily breakable.

Hell no. Using a not-all-that random-book page, and obfuscating its structure by applying a simple algorithm on will still give you an one time pad that is suboptimal, but nowhere all that breakable, especially if you do not know the simple algorithm, and that it is being applied on book pages.

Lets assume that you have somehow completely broken through some of the steps (In the real world, you could not break through the whole thing step by step)

1) So, through some magic you have managed to extract the exact bits from the picture that have been modified. (Which is far from easy, if you have ran out of magic)

2) Lets even assume that you somehow know that the one time pad is generated from book pages, through some keep-it-in-your-head method. (Through the same magic as before)

So now you have the encrypted message. What do you do? How do you use your knowledge of the weakness of the one time pad?

All you will get is the ability, once you have come up with every possible message, to assign a probability of the sort "This message is more likely to have been the original, if the one time pad was crappy in the way we assume it was".

Comment: Re:Is this technically impossible - no. (Score 1) 186

by Tuidjy (#47922629) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

You didn't say so, but I'm assuming you're encrypting your message using the book page as a one time pad,

Yes, I missed describing part of the mechanism. You use the page to generate the one time pad, once again via simple rules that you only keep in your head. You certainly do not use the ASCII code of each letter/space/punctuation sign as one byte in the pad. This will not make it anywhere close to random - it will be way worse than counting decay particles, but I think that it will be good enough. I am not trying to improve on something that we know works, here. I am trying to avoid incriminating keys that the characters have to keep secure, and that can be seized to compromise the communications.

Steganography isn't much protection when someone knows there might be hidden messages.

Once again, I am going for good enough. Sure, the attacker may know that a few bites in the picture 'may' have been changed. (The characters won't be dumb enough to exchange pictures only when they want to exchange a message.) If the message is short enough, and the picture large enough, it will be very hard to tell there's something amiss, and much much harder to prove it in a court of law... Not that it really matters.

Remember, by picking other bites, and picking a different one-time pad, you would get different messages, just as meaningful.

Comment: Re:Is this technically impossible - no. (Score 3, Interesting) 186

by Tuidjy (#47921349) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

One time pads are not worthless in practice, at all.

Whether you are a criminal, or a government agent, at some point you will be in a secure location, and you will be able to exchange the pads. The USB stick in my pocket can hold more data than I expect to exchange with any of my friends in the course my lifetime. How long to you think encrypted messages need to be?

But even that is less secure than what you could do.

Hell, if I was writing a novel about smart criminals, and wanted them to be capable of secure communication, this is what I have them do:

They would meet in the big boss's hacienda, and they would agree to use one of the 50000 books available on project Gutenberg. The page to use as an one time pad would be selected via a function of the day the message is sent. The function would be simple enough to memorize.

When one of the party wants to send a message, they would take a picture they have a plausible reason to send, and would use a hex editor, on a PC physically disconnected from the Internet, to manually change a subset of low-significance color bits. Again, the subset will be determined by a rule that is easily memorized.

Yes, the process is laborious, and I would have them do it twice, and then compare the two resulting pictures. If they do not match, they will have to do it again. Once the pictures match, wipe (properly) the originals (from everywhere: camera, usb, secure computer) and send the modified picture, accompanied with an innocuous and appropriate message.

Obviously, the encrypted messages would need to be short, but this process will not attract any attention, and will rely on memorized rules, publicly available data, and programs that would not draw anyone's attention.

What is the NSA doing to do? Suspect anyone sending pictures to his friends? Try, as a one time pad, every page on every book available on Gutenberg, or the myriads of pirated book libraries in China, Russia, Ukraine, etc?

I cannot think of any weakness of this system. Can you? And even if it is completely stupid, I bet you two things: there are plenty of people who can come up with a better one, and plenty of people who are getting away with using a worse one.

Comment: Re:Is this technically impossible - no. (Score 1) 186

by Tuidjy (#47921043) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

Anyone with a solid Computer Science background, extensive programming experience, and access to google can make something that is secure enough that it cannot be cracked in resonable time. It may be sluggish, it may be extremely inefficient, it will require a secure exchange of data at some point (before it is secure itself) and will draw a lot of attention when used. But it is perfectly possible. I certainly could do it.

Oh, of course, I would be infringing on a bunch of patents, but I bet it would be the last of my problems, once my encrypted communications attract the attention of 'the proper authorities'.

Comment: Re:Is this technically impossible - no. (Score 4, Interesting) 186

by Tuidjy (#47920013) Attached to: Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked

I personally don't believe that the NSA can't crack strong encryption.

I'm not quite sure what you are saying. It sounds to me as if you think that there is no encryption strong enough that the NSA cannot crack it. This is completely false.

A simple example is using one time pad encryption. Without the pad, you you cannot even theoretically crack it. Try every possible pad, and you will get every possible message of the proper length - some of them will make perfect sense, so you will not be able to find the right one.

Taking it a bit further, there are encryptions that would take too long to crack, if they are properly executed, and the NSA does not have a backdoor. And by too long, I mean that there is not enough time before the heat death of the Universe.

Hell, I am perfectly sure that I could establish communication with some of my friends from college that could not be cracked, even theoretically. I would have to exchange some information with them in a secure manner before hand, of course. But I would never take the risk of doing something like this. It would attract the wrong kind of attention.

Comment: Re:LOL (Score 1) 213

by Tuidjy (#47896015) Attached to: Congress Can't Make Asteroid Mining Legal (But It's Trying, Anyway)

I cannot decide whether you lack comprehension of your own native language, or whether you are deliberately obtuse. Or maybe you believe that North America's civilization, which I do not dispute, means that your property is magically safe because the people around you are a different breed from the ones populating the rest of the world.

Let me recap.

You said: I don't see how that is different from what happens on earth (aside from the space fairy dust). Whoever digs the hole generally owns the minerals extracted.

This is completely incorrect everywhere I have been, and that certainly includes the United States, where I currently work. (BTW, the countries you call 'tiny' include six of the eight largest economies in the world)

In general, oil, gas and minerals in the US belong not to whoever digs the hole, but to whoever owns the land directly above them. That is different from most other countries in the world, where they belong to the State, period. Even in the US, the resource rights can be separated from surface ownership by an explicit deed, and there are provisions according to which land owners can be forced to sell their rights, even if they are already exploiting the resources, or even if the extraction of the resources will detrimentally affect their use of their property.

Familiarize yourself with the laws of your own country! They vary from state to state, but they have a few things in common. The most important thing, of which you are clearly unaware, is that you own fuck all. The deeds, titles, etc. which allow you to use land or resources are granted by the State, and the State can unilaterally break the contract if it deems it necessary. People living on lands needed for malls, people farming above oil deposits, people raising livestock on 'frackable' terrain... those have all learned exactly how much their deeds and titles are worth. Because the US is civilized, they will be reimbursed by their losses... exactly as much as those who matter think that they should be paid.

I explicitly said: the one holding a contract with the entity able to use violence to overwhelm anyone else. Who the hell do you think I was referring to? Who do you think has its monopoly on using violence enshrined in law?

Space will be no different. Resources will belong to whoever has come to an agreement with the entity that can enforce its will (project force, has monopoly on violence, blah blah blah) Right now, there is no entity that can do this in space, which means that if you could extract the resources, you could pretend you own them as long as you stay away from Earth. Once you enter the sphere of influence of various States, things will be different.

Comment: Re:LOL (Score 1) 213

by Tuidjy (#47894441) Attached to: Congress Can't Make Asteroid Mining Legal (But It's Trying, Anyway)

I don't see how that is different from what happens on earth (aside from the space fairy dust). Whoever digs the hole generally owns the minerals extracted.

Where are you from? Because I have lived in a dozen countries, on three continents, and the minerals have either belonged to the one being able to use violence to overwhelm anyone else who wants them, or to the one holding a contract an the entity able to use violence to overwhelm anyone else. (Also know as the State. The contract often has a name like deed, title, etc...)

There is no property, and I doubt there has ever been property, without the means to protect it. In the past, and in some shitty places in the present, that means the owner being able to protect it himself. But we, as a society, have decided that it is more efficient (for those who matter) to actually have a mechanism that allows property to be protected by a larger group than the owner.

I doubt space will be any different. When it is in the interest of those who matter, they will get together and come up with a mechanism that will allow people who matter to exploit space resources. By definition, if a group can keep other groups out, that's the only group that matters.

Now, everyone has his own opinion on who matters... I will not bother arguing about that.

Comment: Re:Defund (Score 1) 142

by Tuidjy (#47867249) Attached to: Private Police Intelligence Network Shares Data and Targets Cash

Even if everything was the same economically, culturally between the two, you'd expect about six times more police shootings overall.

Yes, you'd expect six times fewer total shootings, if you expect the same shootings per capita. Instead, they have more that 500 times fewer shootings (over the last 18 years) or about 100 times fewer per capita.

I recognize that doesn't make up for the balance, but there are other factors involved.

Yes, there are, and yes, many of the ones you listed are very relevant. But my point was that the examples I was replying to weren't damning at all. The British do a good job at policing, and if they have an easier job of it, isn't it at least possible that it is due to them doing something else also right?

Comment: Re:Defund (Score 1) 142

by Tuidjy (#47867161) Attached to: Private Police Intelligence Network Shares Data and Targets Cash

I must be missing something.

1. The original poster praises the British police, and compares it favorably to ours.

2. The next poster lists four examples of the British police killing people, arguably due to the incompetence of the policemen.

3. I point out that his examples are relevant, but spread over the span of eight years, that the British police has shot exactly zero people to death in 2012 and 2013, and that their police killings are a lot less frequent than ours, per capita.

4. You bring up a friend of a friend who was stabbed to death, and speculate about his afterlife!?

I admit I am having trouble following your chain of thought, but I will attempt to answer you. Lets see...

You are wrong because the crocodile is longer than it's green, being long in both directions but only green on top.

Comment: Re:Defund (Score 3, Informative) 142

by Tuidjy (#47857681) Attached to: Private Police Intelligence Network Shares Data and Targets Cash

Those are very relevant examples of the British police incompetence resulting in dead citizens. The thing is... there are four of them, and they occurred in a period of twice as many years. Even if you add up all of the fatal British police shootings since 2000, including ones that were 100% justified, in self-defense, and recorded by the ubiquitous cameras, you will still come to about one tenth of the lowest estimate of police shootings in the US for one year.

The Brits can go years without any fatal police shootings, and the total times service weapons are discharged is usually in the dozens per year. For comparison, last year, there were four fatal police shootings in the US county (no 'r') in which I work. Two in the one where I live, plus a possible bloodbath, in the town were I live, which was avoided because some brave policemen decided to disregard procedure, by rushing and disarming a suspect instead of opening fire on him and his friends.

If anything, I have been amazed at the videos in which British cops subdue maniacs who are waving various weapons around. Make a Google search. You will find videos of literally dozens of cops spending a good portions of an hour in ultimately successful attempts not to kill people who in the US would be getting a bellyful of lead within seconds.

I'm not even going to argue whether it's a good thing that these policemen and policewomen are risking their lives to capture those people. I'm not going to say that I would want the cops in my town to act like British cops. But it is a fact that British style policing results in a lot fewer lethal shootings that ours, per capita.

Comment: Re:Is Coding Computer Science? Of Course! (Score 1) 546

by Tuidjy (#47819789) Attached to: Does Learning To Code Outweigh a Degree In Computer Science?

OTOH, I've interviewed quite a few people with degrees but only very shallow coding skills (no real understanding of pointers or debugging), and who still didn't have strong fundamentals in computer science.

It's not that I doubt you, but how do you catch that? I am actually asking, not being facetious.

By the time I invite someone for an interview, I have looked at their resume, and I have had them answer a few questions that are supposed to tell me of their CS grounding OR of their command of google and their ability to wade through bullshit.

At the interview, I mostly talk about their projects and give them short task that tell me about their programming tasks. I certainly expect to notice if an applicant isn't comfortable with pointer arithmetics, or has never wondered about character set representation, for example.

But their understanding of CS fundamentals? Sure, I try to see whether they come up with the test answers on their own, or looked them up, but for the rest... Unless you are counting basic algorithms and complexity, you need time to see how well grounded they are. And if they lack the programming skills, I will let someone else investigate their CS credentials.

Comment: Re:Is Coding Computer Science? Of Course! (Score 1) 546

by Tuidjy (#47819421) Attached to: Does Learning To Code Outweigh a Degree In Computer Science?

Of course, a CS graduate who does not know how to program is a worse candidate for a programming job than someone with a few projects under his belt.

But I have to say, I have very little experience with CS graduates who do not know how to program. Every single Course VI (EE&CS) person whom I knew in college had serious programming chops.

No, I never took a programming class (I TA'd two) but it was because I felt I was a hot-shot programmer going in. Every summer I would take a project that would pay in the 15-30K range, and mostly, it would be finished before the first day of classes. Most of my friends had internships, and those were programming jobs. I very much doubt they were learning the basics on the job, either.

Many of my classes (computer vision, distributed computing, etc...) assumed that we had working knowledge of C (maybe C++) They all had final projects that could not be approached, let alone completed without serious programming skills.

As for those who felt that they needed to learn a language, they were classes for that, as well. I am not saying that there aren't people who graduate with a CS degree without having even basic programming skills, but they seem to be the exception to me, not the rule. Hell, every category has its fuckups. But in my experience, it isn't CS graduate without programming experience vs high school graduates with programming experience. It's programmers with or without a college degree. And frankly, for programming jobs, I tend to hire both. I also happen to spend hours explaining some basics to the ones without a CS degree. In the long run, they may become just as good as the ones with a degree, but they sure do not command the same salary. And it is fair: in general, they take more training.

Actually, in August, I had to recommend a book to one of my guys, and answer his questions about it. He had tried to implement a commit/roll back mechanism without any theoretical background, and had made a mess out of it. No big deal. He was smart enough to learn.

Comment: Re:All my circuits (Score 1) 31

by Tuidjy (#47819041) Attached to: Robot Dramas: Autonomous Machines In the Limelight On Stage and In Society

I do not know about actors, but as far back as a dozen of years ago, one of my friends from college was composing music for her robot musicians. Look up Christine Southworth, one of the co-founders of Ensemble Robot... ... or just google it: https://www.google.com/search?q=emsemble+robot+christine+southworth

Yeah, it's a plug, but it's not for myself, and anyway, it's another nail of that persistent meme that MIT girls are ugly.

Help! I'm trapped in a PDP 11/70!

Working...