I've actually distrusted 3DES since the first Bush administration...
I've actually distrusted 3DES since the first Bush administration...
That's possible, true.
But it is hard to see that someone would "fix" that problem using the approach given in the code sample. Basically their "fix" only produced 64 bits of entropy for a 128 bit key, which is a 101-level cryptography mistake. It also took more time and was much more complex than a straightforward implementation, which kind of kills the argument about the authors having to work quickly. This is one of those screwups that required thought and effort. I'm left with two possibilities:
(1) The NSA is hiring complete amateurs to write their exploit tools, and they aren't giving any adult supervision (or code reviews) to the products of those amateurs.
(2) The NSA/Equation Group didn't write this code at all.
Firstly, anybody that could have wanted those emails already has them.
Secondly "Cybercrime"... is no crime at all if no one is harmed and the information that is put in the hands of those that should have had it to begin with. I mean who would the victim be!? If anyone was ever going to have harm come to them from those emails... it's already happened, the guilty party is Hillary for breaking federal law regarding the security of government communications.. not to mention basic common sense security measures.
Well, maybe we can start with the people who had their names, addresses, social security numbers, and credit card numbers inadvertently released. Maybe they are "collateral damage?"
I find it humorous and a little bizarre that in many people's minds the DNC emails and the emails on Hillary Clinton's private server seem to be one and the same.
... except for the fact that I have had similar experiences in Canada, the UK, and Switzerland. With both laptops and smartphones.
So now I travel with a burner phone and an old netbook. No big loss if they are confiscated.
I think the whole idea misses a couple of other important points, as well:
Being in Silicon Valley makes sense if your goal is to obtain VC money. If your goal is to make a successful tech business, though, Silicon Valley hasn't been the place to be for a very long time.
... except that a lot of the infrastructure a startup needs (office furniture, law firms, accounting firms, pr companies, &c) is in the valley and is used to dealing with startups. In a lot of cases your VC can steer you to a pr firm or a leasing firm that will rent you office space -- and you often can pay at least partially with warrants. You can't get that same level of support elsewhere. Yet.
The other point is that most of the top-tier VC firms are in the valley. If you are just down the road from Kleiner Perkins they are a lot more likely to drop by and check you out as opposed to being in Kansas City or Omaha. Keep in mind that the top tier VC firms get literally thousands of business plans per month. They cannot possibly make money and fly all over the country to check out promising startups. But if you are in the Bay Area it is a lot more likely you will get a call back. Same thing goes with acquisitions.
I tought myself BASIC on a little home computer many years ago. Is there not a modern equivalent of doing that? Something that maybe runs on a cellphone so more than rich white kids can have access to it. (I bet there are dozens)
It isn't actually the programming language (although I would love a version of BASIC that ran on a cell phone, just for the novelty value). The big issue is with toolkits and infrastructure.
Consider writing a web page that lets you enter two numbers and displays the product of the two numbers when you hit the 'submit' button. The code behind that very simple web page is a lot more complex than the two-line BASIC equivalent. If you for some reason add persistence to your web page it gets uglier very quickly.
The sad fact is that in our modern world you need to be fluent in not just a couple of programming languages, but also a whole body of other tools and toolkits in order to write interesting applications. That is a formidable barrier to entry that we aren't doing a very good job of solving.
Back in the elder days, before Unix came on the scene and became commonplace, writing code to open a file and read or write to it was ugly and complicated. You quickly got into weird messy stuff about logical and physical record types, weird operating system commands that would create and allocate space for the files in question, and code that looked completely different than code that wrote the same information to standard output. The big awesome insight in Unix was that if you treated a file as an array of bytes you could bypass all of that.
We desperately need a similar set of breakthroughs on how we write software in this fallen world.
The first amendment begins "Congress shall make no law..."
Neither buzzfeed nor Facebook are Congress, obviously. Private businesses are free to publish or not publish whatever they wish. And readers are presumably free to read or not read material from said private businesses.
I suspect that the exact signature of the coil whine is extremely system-dependent. Given that manufacturers often change parts even within a given model (especially of parts like capacitors) even "identical" models might have different coil whines. Coil whine is probably also very temperature sensitive, both to ambient temperature and how hard your PC is working.
One other thought is that TFA says that RSA keys can be extracted "within one hour". Does that mean you need to listen to coil whine for an hour to build up a big enough sample set? In which case this is a non-problem because no one ever spends a whole hour doing RSA encryption. Or does the "within one hour" refer to analyzing a much shorter sample? The article is ambiguous.
Finally, if the system jiffy time is small enough and the time to do an RSA encrypt/decrypt long enough one could probably blind this attack by running several cpu-intensive processes at the same time. Or at least make the attack much, much more expensive.
I suggested a similar idea to that in a face-to-face meeting with a United States Senator in May of 2000 after the MafiaBoy DDOS attacks. He thought that sounded like a great idea.
You'll notice that nothing has been done on that front.
My own suspicion is that this survey greatly overestimates the growth rate of electrical power generation and greatly underestimates the deployment rate of renewables.
The economics of renewables are extremely compelling. A wind farm or utility-scale PV array can go from a proposal to actually generating electricity and revenue in six months. Coal plants take more like five years, and even NG plants take about two years. Couple that with the fact that you can partially finish a wind farm and still generate revenue, partially finish a coal plant and you have a big empty building. If you are a bank the risk is much, much lower and that translates to a lower interest rate to finance your project. Given how close the cost of electricity between NG and wind power is right now, even a 1 percent difference in interest rates makes the difference between wind power being profitable and an NG plant not being profitable. And the spread between them is likely a lot more than 1 percent.
Yes, you can explain to the bank that your power plant is dispatchable and will generate electricity even at night or when the wind doesn't blow. They will agree with you and still stick you with a higher interest rate.
That doesn't even begin to take into account that we are still bending the cost curve on wind and solar, while coal plants and NG turbines are a more mature technology that isn't likely to have dramatic cost reductions or efficiency improvements.
When they solve this
Second, when they can work in poor weather.
Third, when they "work" when you aren't exactly using your car to go from point "A" to point "B". E.G. When you can tell the car to go pick up some hookers for you.
If "better" means warmer, sunnier days, then you won't get enough rainfall and that will make it difficult to grow food. Unless your "better" weather is perfectly balanced in the 20 percent of counties where there would presumably be more rainfall and you could grow all of your groceries there.
And also, warmer, sunnier weather means drier weather, and drier weather means wildfires. While "fires" aren't weather, they certainly are not pleasant and do not contribute positively to ones quality of life in the short term.
He's right that teaching every kid coding is a waste of time. Not because coders will become obsolete (who will write the code that writes code for everyone else?), but because not everyone has interest in or the proclivity for coding.
In the sense that learning to code teaches a bunch of other important skills I disagree. Learning to code is an excellent way to learn general problem-solving skills, and also how to coherently communicate complex ideas.
Although probably the most important life skill that can be taught by learning to code is that all programs have bugs. And that you shouldn't trust software any more than you absolutely have to, and if your navigation software tells you that dirt road through the Mojave Desert is a great shortcut you might want to reconsider.
Are we running light with overbyte?