Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment Re:Just use RSA (Score 1) 105

Luckily, it's not too difficult to build a CPU which performs fully homomorphic operations. The math isn't even beyond high-school level (it's about on par with RSA). The primary issue right now is speed.

The primary issue with homomorphic encryption is speed, in the same way that the primary issue with running Quake 4 on EDSAC is speed. No one has come up with a general-purpose homomorphic encryption scheme that doesn't also come with a slowdown that is so many orders of magnitude that you would get faster results doing the work on your mobile phone than in Amazon's cloud with homomorphic encryption. There are some special-purpose schemes for simple database queries, but each primitive operation you need (at least) doubles the total dataset size (and insertion / deletion times).

Comment Re:Waitaminit... (Score 5, Insightful) 233

No, the argument is that it can happen if someone decides that it's worth doing. Just making the code open doesn't mean that anyone will read it. It does, however, mean that:
  • You can build it yourself, so you know that the code that is audited is the code that is built (modulo toolchain trojans)
  • You can audit the code, or pay someone else to do it, without permission from the original authors beyond their original license
  • You can fix any security holes that such an audit turns up (or pay someone else to do it, again without requiring permission from the original authors beyond their original license

Comment Re:My favorite (Score 1) 211

I would not expect that loop to have any impact on performance. Once the code is in SSA form, it's obvious that it's a fixed-length loop and that it's side-effect free, so constant propagation will eliminate it. If you want to write a slowdown loop, your best bet would be to make counter volatile, so that the compiler is not allowed to elide the reads. In Java, you can make it a static public volatile field and that will have the added bonus of making everyone who reads it wonder where it's modified and what the effects are...

Comment Re: We don't bother with sidearms, we use BIG GUNS (Score 1) 292

It's been about 15 years since I fired or stripped one one, but doing so made me very glad that I was never in a position where my life depended on its correct functioning. Lots of moving pieces, all manufactured at too low a tolerance, any one of which could cause the weapon to jam (or worse). I'm glad they finally got the kinks worked out, although possibly if your navy chum has been using them all this time it's a case of stockholm syndrome finally getting to him...

Comment Re:Bullshit (Score 1) 299

A webmail provider (like Google) has to be able to see what your email is, even if only because they are sending you the HTML containing your emails

They have to store it. They have to provide a mechanism by which you can index it. They don't have to provide a mechanism to search all email on their servers, because that's not something email users want (or have access to), it's only something that they need for advertising. And it's difficult to implement. Email on Google servers is stored spread over a huge number of machines, in a number of datacentres. Implementing a search function that (quickly and efficiently and without impacting performance of email access and delivery) that lets you run arbitrary complex queries on this data is far from trivial (Google people have given some interesting talks over the years about how it works).

Everything Ive seen suggests that the Google et al taps were done via tapping at the ISP level or else sending NSLs, neither of which a company can really do much about so long as they are based in the US.

They send NSLs, and what do you think they say? The NSA says 'give us access to the search infrastructure that you've built for your emails'. Now they can run queries like 'who sent an email containing these keywords in the last year' or 'what is the transitive closure of correspondents with this email address'. If Google didn't already have the infrastructure for running these queries, they'd be able to reply 'we don't have the ability to do that and it will cost several million dollars to implement', but they'd already built it.

While Im not happy with that, I fail to see how the use or lack thereof of XMPP somehow presents an obstacle to the NSA.

If a GTalk user comes under suspicion as a terrorist, then the NSA will request their entire social graph to a certain depth. If all of they are communicating solely with other GTalk users, then just searching the information Google has gives you everyone that has talked to anyone who has talked to the person under suspicion, and so on. If they've talked to other users on federated XMPP servers, then the NSA can't do anything passively. They get the single-hop information, but because XMPP traffic is encrypted by default they probably can't get anything from the remote server by passive interception. So they have to either compromise the remote server (risky if they're discovered) or send another NSL. Both are within their capabilities, but now it becomes a matter of actively investigating someone, rather than passively scooping up all of the available data.

Comment Bullshit (Score 5, Insightful) 299

You know why the NSA was able to search social graphs and emails so easily? Because all of those pro-freedom Silicon Valley companies (Google, Facebook, Yahoo, Microsoft, and so on) had already built infrastructure for doing so for the purpose of selling adverts. The NSA just piggybacked on existing system to look for other information. If Silicon Valley had really cared about individual freedom, Google would have been pushing federated, decentralised services with no single point where you can insert a tap. Instead, what has happened since we've learned about the NSA's involvement? Google has replaced federated XMPP in GTalk with non-federated XMPP in Google Hangouts.

Comment Re:Summary says it all (Score 2) 634

You realise, I trust, that one of the reasons why people moved away from metal-backed currencies is that they were too volatile? A new large deposit is found, the currency inflates. A new high-demand use is found, the currency deflates. A more efficient material replacing it for a large industrial uses, the currency inflates.

Comment Re:Too cool for NASA (Score 1) 205

There is no such thing as stealth in space. Anything coming from the moon to the Earth would either need a huge amount of thrust to go straight down (which would be easy to detect), or would cross into daylight and reflect a lot of heat even if it were black. And you can bet that anyone who had a launch capability on the moon would be under close scrutiny.

They'd also better have a first-rate missile defence shield, because in the two days it would take their projectile to reach Earth, their target would launch a lot of ballistic missiles (which take a maximum of about 40 minutes to arrive, anywhere in the world) and render their cities smouldering ruins.

And if they're relying on a large mass, not a warhead, then they won't have much delta-V for dodging, so they'll be easy to intercept. If they've painted it black, then it will be very vulnerable to heating by laser weapons and whatever colour it is it will be easy to fragment. The kind of mass that you'd need to survive reentry would either need to be huge or covered in (very fragile and vulnerable to attack) ceramic tiles to dissipate the heat. If you fragment it, the atmospheric friction will cause the entire thing to evaporate.

If attacking from space were easy, then Earth would have had a lot more extinction events in its past. The atmosphere alone does a pretty good job as a meteor shield.

Comment Re:Getting me started, man! (Score 1) 205

You don't even need to cut the military that much. Cutting back 1/3 would cover the US debt interest payments.

For reference, cutting 1/3 of US military spending would move the US from second place (behind Saudi Arabia) to third (also behind Russia) in terms of defence spending as a percentage of GDP, and still leave them top in absolute terms (spending three times as much as the PRC, in second place) and top in per-capita spending.

It's not entirely clear, however, that reducing military spending would help the US economy. A lot of R&D is subsidised from the military budget, which helps drive US high tech exports, and you can bet that if you cur the military budget by a third then this would be the first place that congress would want reductions...

Comment Re:Oh, I totally agree... (Score 1) 791

The phone might be, but all of the charging infrastructure won't be. People don't want to have to replace docks and so on with something new in 2-3 years. A TV that docks a mobile phone and allows it to function as a computer with a big screen may last 10 years, even if the phone is replaced after 18 months. That's likely to be a pretty common use case in a few years, so if you design a standard now that doesn't support it then it's a failure. And, no, USB3 is not fast enough for HD video.

Slashdot Top Deals

At these prices, I lose money -- but I make it up in volume. -- Peter G. Alaquon

Working...