Somebody explain that "sovereignty" thing to me again, please.
First, DES is 56 bit (near enough 60). Triple DES as per first mode (the authorised standard) is 168 bits. The article fails to distinguish, implying the authors are just a little bit naff. 3DES seems to be quite safe, as long as not used in DES emulation mode. And who the hell emulates a mode that was broken in the 80s?
Second, Blowfish was replaced by TwoFish, ThreeFish and Speck. Skein, an entrant to the DES3 challenge, makes use of ThreeFish.
Third, the Wikipedia page states it has been known for a long time that weak keys are bad. This particular attack, though, is a birthday attack. You can find all the ciphers vulnerable or free that you should be using. Anything not on the list is something you are solely responsible for.
In other words, this information is about as useful as telling up that Model T Fords weren't good at cornering at highway speeds. Below are some links, I can't be buggered to HTML-ify them.
I do not trust most encryption software these days, but that's because programmers these days are sloppy and arrogant.
Why must you record my phone calls?
Are you planning a bootleg LP?
Said you've been threatened by gangsters
Now it's you that's threatening me
Can't fight corruption with con tricks
They use the law to commit crime
And I dread, dread to think what the future will bring
When we're living in gangster time
...you want something akin to Mondo cards, only with all the knowledge that has been developed since on contactless payments and strong access security. Once you have cards that require no network, no central bank and no other external dependencies beyond the communications protocol, there is nothing that rogue officials can do to confiscate your money.
For those not aware of the history of cashless societies, Mondo had tamper-proof strongly encrypted cards that could act like cash. You could transfer money between cards. There was no risk of anyone setting the card to a prior state as any attempt to break into the device destroyed it. This did mean only one vendor made the cards, but we've come a ways since then. The Orange Book and EAL standards cover tamper-proofing and unauthorised writes to memory. Other standards cover application software design and protocol design. All you need is for card vendors to get certified against the general standards, financial transaction standards and the standards specific to some open specification. Vendors can then get encryption keys signed by such a standards verification body. So it would be a procedure similar to the old Level 3 SSL certificates but with all the extra verification layers you'd expect from the FAA or DoD.
You now have cashless, bankless, networkless anonymous financial activity on par with the Shadowrun fictional series, only a good deal more secure still and without having to physically transfer objects. Contactless transfers using unlicensed spectrum at very low power would require the sender to be in range of the intended receiver and to press some keys. That's it. Same sort of range as a key fob. Communication would be by encrypted link, using an authenticating + validating mode to prevent MitM attacks or other attempts at altering transactions.
What could the cops do? Well, they could confiscate any device they didn't recognise. That might not go down too well, though. They could confiscate the card, but as you can do wireless card-to-card transfers with this scheme, there's no guarantee they'd have confiscated any actual money by doing so. They can't determine if you did or didn't, except with the access code. It's not a computer, per se, as it doesn't need to be Turing Complete, and it's not an account, so there's no law on the books that requires that access be given.
Because the device complies with international banking laws and the PCI processing regulations, it would be legal to use such a card. It would be an authorized, licensed financial transaction processor between brick-and-mortar financial institutions, it's merely using the older networking method of store-and-forward with packet fragmentation and fragment reassembly. All perfectly legit operations. Because PCI governs logging, the device is compliant with all tax evasion and money laundering laws. There aren't any laws saying anyone has to actually access that information, the only laws that currently exist merely require that they can if authorized for a lawful need. Let the Feds figure out how to deal with that without making impossible demands of traveller's cheques and cashier's cheques, which can also be used as money equivalents.
The SKA interferometer will be able to directly see a planet's atmosphere at a range of 100 light-years. If two or more gasses are present where they react in each other's presence AND the ratio of those gasses is stable over time, you have concrete proof of life. This cannot be achieved by known (or unknown) natural processes, a dynamically maintained equilibrium that would cease to exist through any process other than direct action requires a biological process.
Actually, it requires at least two. Any organism that tries to make things favourable for itself must necessarily alter some second dynamic to be unfavourable to itself. You cannot do more work without producing more byproducts (conservation of matter) that are in a lower energy state (conservation of energy, since energy has been taken out) where some of these are toxic to the organism (if it wasn't, it would be processed for energy and matter until it was toxic).
So, one organism always produces an instability. Two is the minimum. The more you have, the more stable the dynamic becomes as there are increasingly better solutions to the set of equations. If an organism develops that tries to exploit the equilibrium (which is inevitable), the equilibrium is lost and the new organism is put at a deficit. A new equilibrium will emerge as a result.
This, by the way, falsifies Nash's argument against his equilibrium. The equilibrium is an emergent phenomenon, so if the dynamic changes, the equilibrium changes. Nash made an error by assuming a dynamic equilibrium has to itself be around a static point. No. The dynamic equilibrium has one Strange Attractor per class of actor in the system. That really should have been obvious and I'm honestly shocked Professor Nash did not see this in his original work or his later appraisal.
Now we get onto communication. Could, in principle, a SKA-class array or the half kilometre single dish in China, be used to communicate at a distance of 100 LY to a civilization of like ability?
Much more difficult. The so-called waterhole is the obvious line to use, as there is virtually nothing natural emitting there. Incredibly quiet. Long baseline interferometry can be used to cancel out much of the random noise from individual telescopes, terrestrial sources, etc, as can long timebase interferometry. So you're essentially taking a lot of radio-frequency photos that are, themselves, taken with a very long exposure time. Stuff in common accumulates, stuff that's different cancels out.
A sufficiently slow, pulse-modulated, message at that frequency will be extremely obvious above the noise, even if it's well below noise level any given instant. You're relying on the fact that noise is random, so that the average can be set to zero. The objective is to guarantee that the signal, after sensitivity, loss of strength and less-than-ideal capture time, strictly exceeds zero at the desired distance.
Once the law of big numbers kicks in, noise is not an issue. The average of any number of zeroes is zero. What matters is signal. If the pulse, transmitted for a second, would be 3,600 times too weak, transmitting for an hour would mean that someone capturing for an hour would detect the pulse.
Interferometry means you can also use constructive interference. Even Linux supports nanosecond accuracy and data from nanosecond-accurate PPS sources, and there are atomic clocks now that are millions of times more accurate than the official definition of the second. With that kind of gear, getting the phase such that the waves constructively interfere wherever we want is not going to be difficult. We know the phase difference already, because powerful natural radio sources must be visible from all telescopes and that same accuracy tells us how out of phase they are relative to said source.
Is that enough to go 100 LY, though? Even if both planets were ringed with telescopes, you're limited to less than the shortest year of the two per pulse and one pulse is not enough to say hello. To be unambiguous, you need a prime number of prime numbers signalled by pulses. Preferably pulses short enough that someone will notice there are some to notice.
Probably not 100. 50 would quadruple the chances of detection by any life but would butcher the chances of there being life to detect it. I don't think you can go below 25, just not enough candidate worlds, and the probability of detection only quadruples again.
A pulse of an hour duration is probably acceptable, short enough for someone to detect something strange but long enough to have enough power to stand a chance of, again, someone detecting something strange. After that, it's just a case of proper summation.
Signal power, itself, is the least important part as it falls off with the square of the distance. The challenge is to make it irrelevant, just as you make each emitter very low power in a gamma knife but very powerful at the point of interest.
Even so, you need enough bits for the sum to matter. SKA might not quite be up to the task.
Ok, it's probably not possible to transmit yet. Receive, yes, but it might take another 50 years for transmission to a reasonable number of stars to be possible.
Anyone could post anything, it was Rational Anarchism in the mould of Heinlein's philosophies, and I found most of the content ended up being drivel as a consequence. Still, diaries were a lot more successful than the Slashdot journals ever were, so it had something going for it.
The source, Scoop, was maintained for a long time and that probably contributed to its demise. However, there were some interesting ideas in the code and I hope someone uploads a copy somewhere. I far prefer the cleaner interface to the one Slashdot uses, heavy interfaces aren't portable and the decreasing support for web standards by the major browsers isn't helping. A major reversion to lighter footprint pages will be necessary at some point.
Going back to the philosophy of Rational Anarchism, K5's failure to survive shows that said philosophy has limits. It has been out-competed. Slashdot is closer to the Benign Dictator philosophy that has served Open Source so well. Slashdot suffered heavily from an excessive of business involvement and loss of focus, but has partially recovered. As long as Slashdot works hard to rebuild the number of active users (even passive users), the trolls will fade to black and Slashdot will survive into the future.
Slashdot, at one point, had a couple of thousand active users and over a hundred thousand passive readers - figures that national newspapers would struggle to compete with. It's a total comparable to the best The Guardian ever managed. That proves the impact these sorts of sites can have. The heaviest threads here have had more warranted +5 content than a BBC Horizon documentary, Question Time and "I'm Sorry, I haven't a clue" combined.
But precisely because these sorts of site have such a large potential market, they should not go extinct. Rusty gave up, for whatever reason, and the lack of maintenance is likely a major factor. Slashdot isn't exactly thriving, but it is surviving.
The two attempts by Bruce Perens to run a Technocrat website shows that maintenance alone is also not a factor. A site has to have good quality content, adequate security, adequate bandwidth and a feel of involvement. There were some... problems with some of the stories posted, almost certainly not intended, but the underlying Zope had problems and the Technocrat software wasn't brilliant at checking input for errors.
But, yes, this is a sad day.
Talking of sites that are dead, I would dearly love to revive Freshmeat/Freecode. I have no objection to writing my own software, I know that the maintainers were concerned about the underlying software entering circulation and I want to reassure the current owners that if they were willing to let me take over, I would be willing to write my own versions of anything considered proprietary.
I think the site was shut down in error, but I would not ask others to invest time and effort simply because I think something. I expect to be expected to show that I'm right, on my own dime, on my own time. And, should I do so, if whoever currently owns it wants it back then I'd respect that wish. That's the whole point of this "community" thing, in my opinion. Nobody else has to believe that, how can you possibly lose by me believing it?
The same would be true for Kuro5hin. If Rusty wants to let me have a go at getting Scoop up to scratch and running Kuro5hin, on the understanding that if they want it back if I succeed then I'd not be predatory about it. I'd rather have the community functioning and to hell with who runs it.
It should not be paid for by corporate giants that censor it. That's neither for the nation nor public. It should be paid for by everyone, because even those not actually using NPR are still utilizing NPR and should damn well pay for what they utilize.
NPR and PBS should be banned from taking any private donations and should be funded entirely through the federal tax system. They should be funded at levels comparable to Britain's BBC, after considering that they are addressing four times the population, with a guarantee of an annual increase in funding equal to 1.1x the average of the rate of inflation and the average national raise in pay of those considered fully employed (as opposed to under-employed, part-time, seasonal, zero-hour contract, etc, as employers always take advantage of such people).
They should be freed from all restrictions (political or economic) other than a charter that dictates that material be of a generally educational/informative nature (this would include music and short dramatizations from other cultures, but would not include soap operas or cartoons as knowing that K'xlx hates Z'mrp but is marrying P'fnang, Z'mrp's sister, is not really informative, just annoying). The charter should also guarantee absolute non-interference by the government, including budgetary controls or political pressure, with an automatic recall vote imposed on any politician who does this. A charter/contract only works if there are penalties in both directions.
They should be placed in their own department under the Department of Education to make it harder for the corporations to retake control, but their budget should be independent and should be wholly independent of the usual use-or-lose system. They should keep 100% of what they don't spend and get every last cent of what they're owed the next year as well.
As with the BBC, they should be entirely authorized to sell merchandise, copies of already-broadcast material, etc.
Finally, the charter should dictate an exit clause. Either side can terminate the charter on payment to the other of 15x the annual funding level at that time. That way, the stations can operate for some time without any financial support.
I want nationally-funded, nationally-run education of high standard, even though I won't personally use any of those schools, because I'm tired of living in a nation of idiots. I want my public broadcasting to the same high standard I expect of education, whether I tune in or not, for the same reason. Idiots are expensive. The nation can't afford them, I am sick of subsidizing them. Educated, intelligent, rational people are cheap - often self-supporting - and frequently give far more to the community than it costs the community to obtain them. Negative costs are the kind of costs I like. I can accept those. The morons, though, I despise utterly.
I'd use conventional classes, but have about seven for speed (up to +/- 3 standard deviations from normal speed of learning) by seven for style of learning, producing 49 classes per subject at any given level. I'd abandon the notion of years entirely and allow people to slip between classes freely. The reason for slippage is not just so that a person can throttle up/down their learning, but it's also because some people are excellent support for others that aren't necessarily in the same stream. You have to allow individuals to do what is best for the group, should they wish to do so, even if it sacrifices some of their own understanding.
I'd use nutritional theory to supplement this - three smaller meals over the school day, for easier digestion, tuned to provide the best nutrition for mind and body as understood at the time, without being so exotic that kids won't eat. Fast food of any kind, and anything containing HFCS or other nutritionally dubious substances should be banned outright from campus. High sugar just high enough to mask excess bitterness (say, in tea or coffee) is tolerable as long as consumption is limited to three cups of each a day, but it's best if nothing with added sugar is present. Complex carbohydrates produce a much more evenly sustained level of energy.
Psychology is also important. Classes should be time-tabled for an individual according to their attention span and recovery rate. There's no point in overloading someone with information they can't absorb, but there's also no point in letting kids get excessively bored as it's hard to recover the pace if you lose momentum.
That's as personalized as you need. Computers may assist in that process, but computer-based learning will always be inferior to group learning that includes computer assistance.
Chemical and biological agents are plausible, certainly, I could see such an attack being planned.
However, I stand by my claim that psychological attacks are cheaper, easier and almost impossible to cure. False news, conspiracy theories, destabilizing whispers, SWATting - there's nothing you can do to stop them from any of this and you know yourself that such rumours can last 50 years plus. No risks, no possibility of being identified, just the same old PsyOps the US has authorized against them turned back on its point of origin.
The two combined would, of course, be much worse. ISIS could DDoS the emergency services, then attack somewhere else. Or ISIS could bring the emergency services to a confined region where exposing many of them to a biological weapon would be easy. Those I could easily see. However, that risks exposure of the culprits. Not that ISIS cares too much about people being caught, but if you want something to be successful, the obvious path is to not send anyone at all. The rumour mill has been adequate for many domestic terrorists for centuries, sooner or later the foreign wannabes like ISIS will figure it out.
If you want to really make a mess of the US economy, pump up the value of gold, wait for the hedgefunds to panic buy into it (because gold never goes up if there isn't an emergency and the computers doing high-speed trading will be programmed to look for that) then dump the gold all at once. It's long been feared as a tactic for economic terrorism, because high speed trading operates in much the same way, it just uses a much lower volume per slice of time and many thousands more slices of time per second than a regular trader can. The only way to secure the system against deliberate crashing is to cap (total volume x frequency) at a sensible level, but stockbrokers and hedge funds would prefer the economy occasionally go belly up. More money to be made, if the prices all drop to well below real worth.
An attack via the markets would find the markets actively cooperating - at least as long as there's money to be made in it.
...zero. There is absolutely no possibility of such an attack, on US soil or anywhere else.
A dirty bomb? Those have bugger all effectiveness, except against the emotions of the weak. The amount of radioactive material required to build a dirty bomb that actually did something would exceed the amount needed to build a real bomb. It would be utterly stupid.
By far the most effective weapon is the human imagination. Tell enough people that a dirty bomb, or a biological weapon, has been released, in some location where there is strong mistrust of any kind of official source, and you wouldn't even need a bomb or to go there. The viral nature of the message, the paranoia of the citizens and the psychology of mass hysteria will guarantee that symptoms will be felt. If those people believe firmly enough that they will die, then - as is well known from studies in shamanism - those people will will themselves to die. There needn't be a single thing wrong with any of them, aside from their own credulity.
The US is reasonably well guarded. Certainly, it's enough to stop any serious physical weapon from getting through. A psychological bomb, where the "explosive" is the insanity demonstrated on a daily basis, that you can't stop, you can't trace and you can't respond. There is only one way to stop a psychological bomb and that's to have a rational, sane, well-educated nation. And nobody wants one of those.
Linux uses AT&T-defined interfaces. I do NOT want that court case revived.
Let's say DARPA gets their brain implant to work, or that those who have experimented with implants devise one that allows such information to be conveyed. Even a medical expert won't be able to categorize such systems.
The only viable method is to examine understanding and not memorization. If understanding is examined, all the notes in the world won't help.
"Right now I feel that I've got my feet on the ground as far as my head is concerned." -- Baseball pitcher Bo Belinsky