Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re: GPG is another TrueCrypt? (Score 1) 303

by garyebickford (#49148451) Attached to: Moxie Marlinspike: GPG Has Run Its Course

Well put. I work for a company that provides a secure "Proof of Knowledge" support for web logins. (Proofs of knowledge include text passwords, picture passwords, Captcha, etc. - things that require personal knowledge or cognitive self-tests.) The security model for this SAAS is highly motivated by user privacy and security concerns. The actual proof - the password, or whatever - is encrypted into a hash in the browser, and stored as a doubly-encrypted hash in the server. The SAAS never knows the user's identity, only an encrypted code that identifies the user to the requesting website. So connecting the user, the website's user ID, and the proof requires hacking or compromise of all three pieces of the puzzle.

It is even possible (though we haven't rolled out this capability to production yet) for the actual challenge to be encoded by the user in such a way that it's impossible for anyone but the user to even know what the test to be performed is. I won't say how this is done, as the patent is pending.

Comment: Re: GPG is another TrueCrypt? (Score 1) 303

by garyebickford (#49134249) Attached to: Moxie Marlinspike: GPG Has Run Its Course

So then you're saying that it's not a matter of actually implementing secure communications, but adjusting expectations so that whatever we have is seen as secure by the people using it.

No, I'm saying that it is possible to make a system that is, at least for most purposes, both secure and not dependent on geekly knowledge. Using the cell network as an example, while the encryption actually used and the security model is not great for most cell networks, from what I've read the Blackberry's model seems to be pretty good, and some version of the Blackberry is, AFAIK, still in use by the politician in the White House, who "couldn't live without his Blackberry" and is certainly by no means a geek or significantly knowledgeable about how to implement or maintain a secure channel. Of course, we don't know how much or what kind of work was necessary to vet and maintain the system in that case - but it's significant that governments including the government of India were at least talking about blocking all Blackberry traffic unless the company allowed them access to the keys, or put the servers inside the country.

There are also other systems that, _once set up_ for a company, for instance, seem to be pretty transparent and easy to use for the employees. I suspect that in those cases as well as the Blackberry, there is a significant effort for the support and IT people to set up and maintain such a system, but that's OK. I just don't think it's right to tell some poor slob with a bad excuse for a high school diploma to become an expert in how to maintain the security on their phones. It's worth noting that historically (back in the paper mill days) janitors needed to have the highest security clearances in government installations, for pretty obvious reasons.

Comment: Re: GPG is another TrueCrypt? (Score 2) 303

by garyebickford (#49130193) Attached to: Moxie Marlinspike: GPG Has Run Its Course

You want the impossible. You want communications you can trust without having to understand how they happen.

See, there's the rub. Perhaps 10% of the geek community even _think_ they know how this stuff works, of which perhaps another 10% of that group have a reasonably up-to-date knowledge. Which would probably work out to 0.1% of the PC/phone/iThing/tablet-using public.

OTOH, we see people of all intellectual persuasions, most of whom haven't a clue how their cell phone works. But they are successfully using a device which has built-in encryption (which could probably be better, but that's aside the point) for their phone calls, without any significant setup other than buying the phone and providing certain details about themselves. So some level of trusted communications _can_ be provided without everyone becoming a geek, but (as you imply) it does require some kind of industry agreement - and government acceptance - to provide an uncompromised solution. And I think that is essentially impossible as long as we have even a few "bad guys" (for any definition of "bad guy") out there.

Comment: Re: Bring on the lausuits (Score 1) 593

by garyebickford (#49129987) Attached to: Republicans Back Down, FCC To Enforce Net Neutrality Rules

I also still have hope that the Republicans will return to their Main Street, egalitarian roots (the party started as the anti-slavery party). At present both parties are too strongly tied to Big Money, Big Labor, Big Legal, and Big Government. Almost all of the controversies between them are contrived PR to scare their "constituencies". As Boss Tweed said (see Tammany Hall), "I'm all for free elections, as long as I get to decide who's nominated."

In the last 100+ years, both parties have oscillated between positions on the size of government, fiscal policy, and almost everything else. I think the only real constant has been that the Democrats have promoted setting ethnic groups against each other since before the Civil War. And today the extremists seem to have taken over both parties, while the vast middle has abdicated from party politics.

Case in point: Democrat JFK originally ran on a small government, balancing the budget ticket against big (or at least bigger) government advocate Richard Nixon. He successfully pushed through reductions in both government expenditures and taxes. Revenue from decreased taxes did in fact increase sufficiently to balance the budget.

Comment: Re:I seek clarity (Score 1) 319

by garyebickford (#49129695) Attached to: Use Astrology To Save Britain's Health System, Says MP


Astrology advocates often point to the Moon's effects on biological systems, but though the effects of the lunar cycle is well known, that is almost certainly embedded into biological systems due to its indirect effects, mainly the tides and the light, rather than any gravitational or other effects of the Moon itself. And of course the effect of the Sun is quite strong. For example, the variance of the shoreline with tides. These macro lunar effects made for a convenient phase-matching mechanism for biology. Once any small cohort of a species started coming onto shore during a brightly moonlit shore, those critters would have had a slight survival advantage due to what we might call the Network Effect, so reproduced more babies. This might have started with a single individual's children. So the indirect effects of the Moon are sufficient to explain the behavior of all the biological systems. No other body but the Sun has any observable effect on any biological system.

It's worth noting that while modern 'Western' astrologers emphasize the effects of the Sun, Moon, and "rising sign", ancient astrologers and Chinese astrologers have different, often conflicting, interpretations. IIRC Egyptian astrologers considered the Rising Sign as most important, and ignored the Sun. To add to the confusion, due to precession the present signs are approximately two complete 'houses' (signs) different from what they were back then. E.g. if your Sun sign is marked as 'Pisces' today, you're really a Taurus or Sagittarius (I forget which way it's off.) If the effects of these planetary alignments had any validity, then they would be the same for all cultures and epochs. Since they are not, that is good evidence against any validity.

Of course as planets were discovered since the invention of the telescope, the effects of these new planets were 'magically' discovered by astrologers. These effects were unknown and unpredicted prior to the discoveries, making for the weakest science possible.

Comment: Funny thing - NHS data was used to disprove (Score 1) 319

by garyebickford (#49129415) Attached to: Use Astrology To Save Britain's Health System, Says MP

I recall an article a couple of years ago, about the results of a scientific survey of all NHS data since World War II - essentially all the medical data about every UK citizen since WWII, which is about as comprehensive a data set (presumably anonymized of course) as could possibly be found, including the required birth date and time information. They found zero correlation between these medical histories and any astrological profiles.

Comment: Re:If only the UK navy could follow suit (Score 1) 517

by garyebickford (#49001055) Attached to: The US Navy Wants More Railguns and Lasers, Less Gunpowder

I don't know the details, but big expensive high tech stuff costs money, especially when made under government contract. This is not just banditry - working with government agencies requires a company to structure itself to make a report every time someone goes to the john.

Beyond that, since at least the early 1970s the cost of most defense systems has not been the hulls, wings, and wheels. Case in point - some years ago I learned that more than 1/2 the cost of the then-hot-new fighters the F-18 was software. The plane had over 1000 VME circuit boards. Of course the more they make, the lower the unit price goes - but budgetary overruns (like you've never run late on a project?) often cause a reduction in total units, which means that huge upfront development cost gets amortised over fewer units.

Comment: Re:Have you tried diplomacy with the Jihadists? (Score 1) 517

by garyebickford (#49000951) Attached to: The US Navy Wants More Railguns and Lasers, Less Gunpowder

I read a story once, about the Britsh Mandate period in the Middle East. This was in the early 1900s IIRC. They were having trouble with terrorists back then. They let it be known that henceforth they would be greasing their guns and bullets with pig fat. End of terrorism. I don't know if it's true, of course.

Comment: Re:Or you could try more Diplomacy? (Score 1) 517

by garyebickford (#49000845) Attached to: The US Navy Wants More Railguns and Lasers, Less Gunpowder

There has been at least one war, usually dozens, in progress every year since people started recording such things - in Europe alone it's been some six hundred years at least, or a thousand depending on how you count. Most of that time it had nothing to do with the US. In fact the Cold War, in many ways, was the most peaceful time in modern history.

Comment: Re:TNSTAAFL! (Score 1) 517

by garyebickford (#49000813) Attached to: The US Navy Wants More Railguns and Lasers, Less Gunpowder

The total energy per shot isn't that high. 30 MJ is equivalent to 8.3 kwh, which is about what an American home uses in a couple of hours. A gallon of diesel contains 148,488 BTUs, which is about 135MJ. So it appears that (disregarding efficiencies, back-of-the-envelope, etc.) they can get about four shots per gallon of fuel.

Comment: Re:Beating physics (Score 2) 517

by garyebickford (#49000727) Attached to: The US Navy Wants More Railguns and Lasers, Less Gunpowder

There are two other, very large factors - the cost (energy, fuel, time, human and other resources) of getting the ammunition and the propellant to the battle, and the safety. The fuel to drive the ammo supply ships has to be taken into account. A given ship is expected to be able to carry four times as many rounds of railgun ammunition vs. standard ammunition, eliminating two or three supply runs, and possibly dangerous deliveries between ships in the middle of the ocean. Ammo ships are notoriously bad duty in real wars, and if you look through WWII naval battles it is quite common for the killing blow to a ship having been penetration and detonation of one or more magazines.

From a _systems_ point of view (which is the Navy's POV on this), the cost of railguns will be much less. While at present manufacturing cost of the projectiles is high, it's already competitive with equivalent damage-producing shells. And passive solid tungsten projectiles could become quite cheap once the high precision high volume manufacturing gets in gear.

"It's when they say 2 + 2 = 5 that I begin to argue." -- Eric Pepke