Forgot your password?

+ - European patent for "Shannon-secure" encryption algorithm without one-time pad

Submitted by tucuxi
tucuxi (1146347) writes "Multiple reports in Spain of a new encryption method which, according to its author, provides "double Shannon secure symmetrical encryption" (google translation of one of the news items). The patent application is available online (everything but the abstract is in Spanish). In the application, the inventor claims that Shannon's one-time pad was not really necessary for perfect security, completely disregarding that, were he right, his scheme would allow unlimited, lossless compression. As a Spaniard, I am dumbfounded at so many newspapers taking this snake-oil for granted, and at the European Patent Office for not seeing through the gibberish."

Comment: Depends heavily on user type (Score 5, Insightful) 228

by tucuxi (#40865367) Attached to: IT Support Pro Tells Why He Hates Live Chat

A technically-savvy (eg.: Bob McHacker) user should be a lot easier to communicate with via chat than a non-technical user (eg.: Joe Sixpack).

To start with, expert users typically type almost as fast as they speak (seriously: if any of you out there work in IT for a living and cannot touch-type, it is an investment well worth it). As others have pointed out above, both user and helper can multitask; and many computer tasks end up involving huge amounts of staring at a progress bar. You can copy&paste error messages and links back and forth. You can actually think your answers through while you type them, and not waste anyone's time with errr, uhh, yeah, and other "are you alive/i am alive" on-the-phone protocol overhead.

In TFA, there is no coherent explanation of the type of support / users that this "Pro" is addressing. The article is less than a screenful of general ranting against not having the undivided attention of a user. Nothing to see here, move along.

Comment: Possible badges for good code (Score 4, Interesting) 353

by tucuxi (#38747880) Attached to: Visual Studio Gets Achievements, Badges, Leaderboards

I for one would find these badges nice:

  • compiled without warnings (cumulative for "N times in a row")
  • doxygen-compliant comment coverage (percentage-wise cumulative)
  • safe programming practices (always compares constant == lvalue, initializes all values, ...)

On the other hand, IDEs like Netbeans and Eclipse are getting better and better at nagging users about such issues (and auto-generating code to fix many of them). Do we really need the badges?


+ - Science Magazine: Disgraced Researcher Gives up Ph->

Submitted by
Stirling Newberry
Stirling Newberry writes "Science Magazine reports that Diederik Stapel, who falsified data on virtually all of his papers has given up his PhD. The university released a statement, which Google Translate renders as:

Diederik Stapel on November 9, 2011 voluntarily surrendered his doctorate at the University of Amsterdam. The certificate he received in 1997 after his promotion is now back in possession of the university.

Stack has declared in writing to waive his Ph.D. because he believes that his behavior in recent years does not fit with the duties associated with the doctorate. Stack graduated in 1997 from the University of Amsterdam. He worked there from 1993 to 1999. He then worked in Groningen and Tilburg. On October 31 the Committee recommended Levelt, who investigated the scientific integrity of the work of Stack, the University of Amsterdam to investigate a Ph.D. may be withdrawn.


Link to Original Source

Comment: Why optional? Peer review should be required! (Score 4, Insightful) 132

by tucuxi (#38013402) Attached to: Teaching Programming Now Emphasizes Sharing

If your students are motivated by "building cool stuff", sharing is great - they are trying to add the elements they find into their own designs. However, if your students are motivated buy "getting the passing grade", then sharing may become copy-pasting, and they will not retain any knowledge of the process. In real life, students are motivated, to a different degree, by building cool stuff, grades, and a host of other factors. My policy up to date has been "ideas sharing is fine, peering at screens and finding out how others did things is fine, but if I find evindence of significant copy-pasting, you will get a stern warning and/or a some sort of discipline". Works fine with undergrads learning compsci, especially once they learn that our in-house copy-pasting detection system is quite accurate at finding cases of badly-disguised cut&paste.

I am even going one step further, and *making* my students review each other's code (they get good grades for writing good reviews, not for receiving them, and reviews are anonymous, so there should be little incentive to 'cheat'). I find that far too many students are not exposed to a) the potential beauty and simplicity of good code vs. b) the horror that bad coding is to the unwary mind.

Does anyone know good systems to automate this peer-review for undergrad coding exercises?

Comment: The big question: oversight (Score 3, Informative) 103

by tucuxi (#37892704) Attached to: UK Police Buy Covert Cellphone Surveillance System

This seems like a law-enforcement version of the WASP drone featured at last summer's Black Hat / Defcon

The big question is, since the technology has been available for a while, and is obviously useful for its stated purpose, that of oversight. Privacy-invading technologies will always exist, will always be useful for law-enforcement, and are due to increase the more we mesh our lives with technology. How will authorities deal with data filtering, retention, probable cause, and the opportunity for discovering wrongdoers vs. the invasion of people's privacy? That is the big question.

A somewhat-rosy scenario is detailed in Charlie Stross' Halting State series. The ugly scenario looks like 1984. Which one we choose depends on an educated public steering their politicians, instead of letting their politicians be steered by ??? and profit.

Comment: Re:He should have politely requested a lawyer (Score 1) 193

by tucuxi (#37892540) Attached to: Helping the FBI Track You

You mean, the US police are nothing like the police in any of the twenty-ish countries that make up loosely-defined Europe - you are right. Most citizens in most countries of Europe are not frightened of their own police.

This isn't Europe where police investigations start with a beating: you just have to ask, politely, for a lawyer, and you hold all the cards.

This may have to do with the police not being as afraid of the citizens' carrying a gun, and thus not treating citizens as criminals-until-proven-innocent. Having been stopped by traffic police while visiting the US, my experience of being treated as a criminal was not nice at all; in my native European country, stepping out of the car and politely asking what is wrong is exactly what someone does when/if stopped...

Comment: Re:LOL! "Iran's rigged election broke over Twitter (Score 1) 233

by tucuxi (#33293166) Attached to: From Slaying Dragons To Dictators

You make my point for me. Europe took centuries of warfare to WEAKEN religion into to social club it is today.

So you think that all countries are doomed to repeat the same mistakes for themselves, and that no-one can learn from their neighbors? Interesting point.

As for a "reformation of Islam requiring massive violence" and "casualties don't matter in religionist war", I object to both statements. Many muslims lead productive and integrated lives in western societies. Hell, some mostly muslim countries are not all that bad. Human nature is pretty much the same the world over, regardless of culture. Ignorance and desperation drive people to do stupid things, and religion is not an overarching cause for all the evils in the world. Even if it does share some of the blame.

One thing is believing in God, which most Iranians admittedly do, and another one is Iranians believing their current leaders try to put a spin on the latest rigged elections. Pacific transitions from highly devout authoritarian governments to democracies can happen -- witness the case in Spain after the fall of Franco.

Comment: Re:I guess I'll come out and say it... (Score 1) 233

by tucuxi (#33287668) Attached to: From Slaying Dragons To Dictators

Ok, security through obscurity is false security -- but it can delay efforts long enough to make it worthwhile anyway. If it is hard enough to detect, then it may have a positive influence in making censorship harder. The technical problem is not so much in making the "censorable" content seem innocent (as you say, steganography+encryption can go a long way). The main problem is in establishing the connections to the "censorable" websites without getting caught. Doing so requires the use of proxies, and since anyone accessing the proxies may be doing something illegal, the censors will blacklist any proxies they find (and do bad things to people caught using them). Therefore, most of the effort will probably be concentrated on making proxy access seem legit, and minimizing the risk of the entire list of available proxies being discovered.

The first thing the censors will do is to try to grab a copy of the software, install it locally, and audit all network connections in and out. They can automate this, and anything outside of expected behavior will be a candidate for blacklisting. If they manage to find a reliable pattern, they will be able to stop the use of the program entirely (assuming they have the necessary sort of high-throughput deep-packet inspection firewalls in place).

The only real differences between censors and censored is that (a) hopefully, there are many more potential censored (although drowned in a sea of otherwise innocent chatter) than censors and (b), some would-be good guys are presumably known to the developers. Any solution will have to play on these strengths to make the proxy list really hard to compromise. For instance, bootstrapping a copy of Haystack may require submitting the nonce of an un-compromised user; this would make blacklisting the whole operation a lot harder, and would make breaches by censors easily self-healing. Just pray there is no easy pattern to identify Haystack users.

Incidentally, an Iranian friend of mine says that authorities there use a very low-tech, but very effective way to keep people off the bad stuff. Keep bandwith very low. That way, additional layers can make things slow down to a crawl, and finding needles in the logs becomes a much easier task.

Comment: Re:US Funding And Interference (Score 1) 233

by tucuxi (#33287114) Attached to: From Slaying Dragons To Dictators

Hilarious! Yep, it was 'word of mouth' and not US funding and agents working inside of Iran.

So the fact that the US is indeed willing to fund agents in Iran means that there cannot be any Iranis that are genuinely pissed about having their election stolen? Great logic there, Anonymous.

No matter what you think, many 20-year old Iranians are pretty fed up with the regime telling them all those things that they cannot do, and find that being blatantly lied to and manhandled by authorities that preach morality and restraint is insulting.

Comment: Re:Proxy Ban? (Score 1) 233

by tucuxi (#33287002) Attached to: From Slaying Dragons To Dictators

Vote this guy up. He actually seems to have a clue on the problem.

If Haystack works as advertised, the Iranian censors will surely be eager to run a copy and run all possible traces on it to see what is going on. Somehow, Haystack-running computer must be able to place encrypted payloads into seemingly harmless requests, get them to servers that can reroute them to their adequate destinations, and convert the replies from those servers into encrypted messages inside seemingly harmless page requests. Making this undetectable is a truly tall order.

Finally, even though I also like the idea of OSS (and am also genuinely curious about their approach), I understand that if their method will not work if authorities know the exact workings, obscurity is marginally better than nothing.

Comment: Re:LOL! "Iran's rigged election broke over Twitter (Score 1) 233

by tucuxi (#33286656) Attached to: From Slaying Dragons To Dictators

NONE of the revolutionary examples you cite were revolts against _religious_fanatic_ masters.

Pretty much all European monarchies were theocracies, in the sense that the monarch claimed to be chosen by God, and received strong legitimization from the Church (when not actively leading it). Many other regimes have had close ties with their local faiths and fallen. Ok, no big upheavals in Islamic countries -- but they do not have such a long span of post-colonialism and post-cold war history.

The Iranians aren't going anywhere, because Iran is far too comfortable for revolt. Revolutions don't usually happen when there is no freedom, they happen when there isn't enough food. Nothing to see here.

I question your knowledge of Irani life. I happen to know a few Iranians, and the feelings after the last rigged elections were pretty high. Even if sudden revolt is very unlikely (unless the regime really goofs up), erosion is steadily under way. Without an "outer enemy" to blame everything on and with higher levels of education, a huge mass of 20-somethings is feeling cheated by their current leaders.

I don't care if Iran revolts or not. Democracy would just make them a more efficient enemy of non-Islamic nations. They don't "want to become Europe", they just want a piece of the current pie.

I don't confuse these people with secular humans. They were chanting "God is Great" during their protests. Invoking superstition isn't progress.

Ah, another devout follower of The Clash of Civilizations. Either with us or against us, attaboy. Two things I find amusing about your post. First, the idea that no understanding is possible with others of a different religion. 100-year wars were fought between Catholics and Protestants, but we got over it, and now we can speak of Europe, and are more prosperous than ever. Why can't Islamic-majority societies function alongside other nations? In fact, many of them already do - today's Indonesia is mostly Islamic, but does not seem to threaten your sensibilities. Second, the idea that Western society is completely secular. Just look at the ties between conservative parties (say, Republicans in the US) and local religious zealots.

Finally, according to Kapuciski's book on the Iranian Revolution, the cry of "Allahu Akbar" was traditionally chanted during those protests, as defiance of the Shah's authority and against the (US backed) Shah's brutal regime of oppression and terror, which seemed to exceed the worse Latin-American standards . In this sense, it may reflect less religions fanaticism and more of an official protest slogan against much of the same phenomenon. Something like "give us back our Revolution".

Comment: Re:PZ Myers does not understand computers ... (Score 3, Insightful) 830

by tucuxi (#33278638) Attached to: Ray Kurzweil Does Not Understand the Brain

you don't need to simulate electrons in a semi-conductive material at specific temperatures in order to build a complete working emulator for an old computer

You do, if you have no idea what the higher levels are all about. Our knowledge of how the brain works (hell, even of the biochemistry of a single cell) is so poor that we cannot yet discard "lower details" if we want to get a working system. So finding upper bounds by looking at the lower level of the picture is not such a bad idea.

Myers does not raise any objections to code or data "quantity" -- the big hurdle is that vital part of the system is outside the DNA, and we are only beginning to explore it. Read up on epigenetics.

Comment: Re:A biologist doesn't understand programming (Score 1) 830

by tucuxi (#33278120) Attached to: Ray Kurzweil Does Not Understand the Brain

Following your example, even if 50 Mbits of compressed VHDL can encode a processor's architecture, that is nowhere near getting you a computer. Not without a host of environmental factors, such as how the VHDL gets translated into actual hardware, the minute characteristics of the substrate that you will use to create that hardware, and the surrounding machinery to power it and keep it happy. And, if you solve these problems and get a CPU that is technically capable of running programs, you still haven't got much further - without inputs, outputs, and some sort of basic startup code, all you have is a complex brick.

Up to now, I have played on the analogies. Now for the differences. We designed VHDL, and we designed our computers, so that they would be comprehensible to us. But DNA is not a "human-friendly" language. It is an ugly biochemical mess of spaghetti code, with genes having multiple functions and toggling each other on and off all over the place. Modularity in programs is necessary to keep the program's flow in our limited memories, so that we can work with them. Nature has no such limitations -- anything that pops up and happens to work (or simply has a knack to mess other things if it goes missing) will stay.

And, the main point of TFA, VHDL is mostly self-contained -- but evolved DNA is shaped by, and responds to, all sorts of environmental triggers. Think about it -- if the blind process of evolution, which tends to follow the easiest favorable path available, finds that it can rely on a somewhat predictable environment to provide many of the key inputs for building something, why not do so?. Yes, it may not be modular, but Nature gives not a fig about elegant coding. If it works, ship it (or rather, it will ship itself successfully). Even worse, there are no comments in this code. So, to recap TFA and raddan's comments: DNA is both code and data, and very incomplete code and data at that. The VHDL analogy is not that bad -- if it could take into account all sorts of downloaded firmware at random intervals. I fully aggree with the article. Kurzweil has no feet to stand on. I am fairly optimistic that great advances will be made, but I really doubt I will live to see "uploads". And I'm in my early thirties.

The meat is rotten, but the booze is holding out. Computer translation of "The spirit is willing, but the flesh is weak."