Posts by Michael Wojcik

Re: Struck off?

What non-trivial group of human beings does this description not apply to?

Re: Struck off?

Is someone with a Ph.D. in quantum physics or English literature a doctor?

Yes. Those are doctoral degrees.

The fact that a bunch of mostly-clueless sawbones in the nineteenth century felt the need to ursurp the title "doctor" (which means "scholar") to gain a bit of respectability does not mean our modern body-plumbers have the sole right to use it.

That said, as I noted above, previous posters in this thread are completely wrong about people who hold the D.O. degree.

Re: Struck off?

Osteopaths are not doctors

This is not true in the US. The Doctor of Osteopath degree is a medical degree with requirements essentially equivalent to the MD.

Re: Strike out!

There's a field in pedagogy called "assessment" which investigates the question of how to determine what people have learned. Over the past half-century or so it has increasingly incorporated various methodologically-sound techniques (controls, statistical methods, etc.) and a wealth of anthropological techniques (such as ethnography) to analyze what actually happens with students and how we might measure it.

Across all academic disciplines, from the humanities to the hard sciences, the conclusion seems to be that it's really difficult to create examinations that achieve that purpose. On the other hand, many people can be trained to outperform similarly-educated peers on most types of examinations, with no other demonstrable better understanding of the subject material. In other words, it's easier to teach people how to take tests than it is to actually test what they know.

So you can console yourself with the knowledge that experts largely agree that exams are pretty much rubbish.

Re: Struck off?

I've had osteopaths as my GP, because one of the medical schools at Michigan State has an osteopath program and I used the local teaching clinic as my source for primary physicians. They were fine. (And one of the nice things about the teaching clinic was their case loads were lighter than with many more-established GPs, so consultations could last longer and we could talk at greater length about any issues.)

In the US, the D.O. degree now has requirements essentially equivalent to the M.D. The fact is you can get quacks and charlatans with either degree. As is often the case, the individual matters much more than the title.

Re: Strike out!

IQ is a metric of how well someone does on IQ tests. Aside from that it's largely meaningless.

(And in case you're wondering, I do very well on IQ tests.)

Re: Struck off?

The Puritans contributed significantly to US history and culture, but they were only one of numerous immigrant groups. Overestimating their influence is a common error in understanding the cultural history and history of ideas in the US and the European colonies that preceded and were incorporated into it.

That said, it's true that both the authentic Puritan-derived culture that was established in the Massachusetts Bay area, and the odd nineteenth-century faux-Puritanism which was popular among the Northeastern US upper and middle classes in the first half of the nineteenth century, had influence in excess of its share of the national population, thanks to its extensive embedding in academic and political institutions and in industry.

But cultural contests in the US have been very complex, and calling the US "Puritan" is a sophomoric reduction with almost no explanatory power.

Re: Just ban all crypto currencies.

There's a huge amount of money tied up in Ethereum smart contracts, and much of it appears to come from corporations. I think it's rather daft, myself, but it does appear to be an actual functioning market, not just speculation.

There are any number of academic studies that analyze the Ethereum economy, if someone wants confirmation of that.

Re: Just ban all crypto currencies.

And "blockchain" is just a degenerate Nagle tree, where some consensus mechanism adorns one branch as "truth" and forgets all the others (until you get a fork, which is just a split among the consensus participants).

There are other applications of Nagle trees and other Nagle graphs. Some industries are even moving toward enshrining more complex Nagle DAGs¹ into interoperable business processes and even published standard.

Of course, as any number of people (including cryptocurrency/blockchain skeptics such as Bruce Schneier) have pointed out, we have other distributed-ledger mechanisms too. Nagle graphs are very useful in particular applications, just as, say, Bloom filters or Paxos are. But there's definitely a lot of square-peg-in-round-hole bullshit coming from the blockchain enthusiasts.

¹Nagle graphs are always DAGs, because the definition requires direction, and the construction mechanism excludes cycles (though it could be extended to allow them by carrying multiple hashes in a node, if you're clever about it). They don't have to be connected, though.

Re: Oh dear

Looks rather ugly and annoying to me. Perhaps a bit more so than the Win10 look. Rounded corners don't give me anything useful.

Like some other folks posting here, I already turn off all the crap they've removed.

Re: Was

I'm trying to figure out what you're eliding in "Nu'ff". That's a head-scratcher.

Re: re: no safe level

The research I've seen does seem to support that.

Unfortunately, I can't stand the stuff, personally, so I'll have to continue to eat properly and get moderate exercise to prolong my lifespan.

Swearing a great deal and drinking vast quantities of coffee also seem to help. I mean, I may not live any longer, but I'll enjoy it more.

Re: Oh no, it's a battery story

Still solid progress.

Re: Why not use appropriate technology?

60-70mph will likely get you killed on a US Interstate. Most of the Interstate network has a nominal speed limit higher than 60mph, a good portion is higher than 70mph, and most people are exceeding the limit anyway.

A couple of years back I was on a stretch of Interstate in Oklahoma which was prominently signed as "80 MPH, zero tolerance" or words to that effect. I was sticking to 80 and everyone else was blasting by me at 90 or higher.

Now that ordinary passenger cars are ridiculously overpowered, it's simply not safe to take a vehicle on US highways unless it's very large or can easily sustain at least 70mph. And I wouldn't be comfortable in a small car that couldn't get up to that speed by the end of the on-ramp, and for many parts of the network I'd want it to sustain 75mph at a minimum.

And remember this is only something that is likely on v long journeys (i.e. at a time when you need a break to relieve yourself, rent more coffee and have some food).

I frequently make "v long journeys", and when I stop it's for no more than 15 minutes or so. I'm not keen on adding hour-long stops to a 14-to-18 hour trip, thanks.

I don't particularly see the need for 800 mile batteries.

You misread (or there was a correction after you read), as the article currently says 800km, not miles: "ten minutes of charge for a range of 800km".

That would actually meet my use case, if there were ample charging stations along the various routes I might be taking. Which will not happen soon. And I'd be concerned about battery lifetime and degradation over that lifetime, and the replacement cost. And, honestly, I don't see anyone creating an EV that doesn't have horrible features I don't want, like touchscreens, so I probably will never buy one.

I still think swappable batteries makes more sense. But then I also think dual-powertrain hybrids are idiotic, and onboard ICE electric generation with an electric drivetrain makes a hell of a lot more sense, so what do I know?

Why bother? It's not like the rule of law is particularly important there. (Or here.) A wink and a nod would suffice.

Re: "A public G7 communique"

I doubt Putin's particularly bothered. But I'm also sure he recognizes that the Biden administration has different foreign-policy goals than the Trump administration does, and that Biden will not be as easily distracted as the golfing megalomaniac (whatever his other faults). So Putin may be willing to spend a little political capital here – at negligible cost to Russia or himself – for a future quid pro quo.

Or he may feint in that direction and then refuse, which can also be a useful diplomatic maneuver.

Putin's in this for the long haul, and has had little difficulty in maintaining his position thus far. He understands the game very well and has no qualms about playing it. He'll throw the occasional bone to the G7 just to keep them sniffing at his hands.

Re: Obvious solution

Not so much the "wrong end" as the wrong aspect. Key exchange does not imply authentication; there's nothing to tie an ADH exchange, say, or an RSA private key to an entity.

There are protocols for identity-based key generation which are quite interesting in theory and might be workable in practice. Matt Green has a blog post about some of them. Of course what they're doing is deriving key entropy from evidence of identity, so you're shifting trust from some other authentication protocol to that set of evidence; whether that helps depends on your threat model.

Signal uses a combination of a phone number and something-you-know token (a "PIN", ugh) for authentication. The authentication proposition there is the assumptions that the account was created by the rightful owner of that phone number, and the phone number corresponds to the entity you want to communicate with. Those are decent assumptions under some reasonable threat models. They don't work for all use cases, obviously.

The PGP Web of Trust is an attempt to use non-mechanical channels for offline authentication that could subsequently be used for online authentication. In most use cases it doesn't scale, though it could have been employed more widely. For example, banks and other businesses could offer in-person WoT key exchanges for customers willing to stop by a retail branch office. But PGP was never deployed widely enough to make that useful.

Re: Another Obvious Solution

Of course it's possible. Secret key exchange happens billions of times every day, just for HTTPS.

Key exchange tells you nothing about who the participants are. Authentication is the really hard problem.

Key exchange is still a hard problem, just not as hard as authentication. The algorithms, such as RSA Kx, discrete and ECC ADH, etc, are pretty simple. Getting the protocols and implementations right is hard, as we've seen time and time and time again. Some of the primitives, such as crypto-strong pseudorandom numbers and constant-time arithmetic, are hard. Cryptosystems often incorporate some simple primitives, but on the whole they either aren't easy or aren't strong. That's why we have a large and complex body of theory and formal analysis around them, with things like the Random Oracle Model.

Re: The argument is a bit beyond Priti Patel

Moving the Moon into the Earth would certainly reduce AGW. Unfortunately LGW would rise sharply.

Stephenson's Seveneves has an analysis of the problem.

Re: But of course, demonising people fleeing wars

And the US is arguably worse, because 1) we're a nation founded on and profiting enormously from immigration (voluntary and forced, and to the detriment of the native population); and 2) we have a ton of space. You could drop a million refugees in the middle of Kansas without encroaching on any existing buildings, much less urban areas.

Of course you wouldn't do that – just deposit people in the middle of Nowhere, US – because they need infrastructure and services, and you want to give people a path to integration, not establish permanent cultural enclaves. (Ethnic neighborhoods in urbanized areas with fluid borders are a plus; ghettos and reservations are not.) But those are just a matter of fungible resources, and the US has a lot of those. Habitable real estate is not fungible, but even with the West's ongoing and permanent water crisis we still have a whole freakin' bunch of that.

Turkey took in, what, 3.5 million Syrian refugees? That would be small potatoes for the US. Sure, transportation logistics would pose some costs, and the infrastructure/services/integration stuff is not trivial. But it could be done.

And meanwhile half the country is spitting mad about a relative handful of brave souls trying to cross the border from Mexico, as if that's some sort of national existential threat. Maybe they're worried the newcomers will be less xenophobic.

Re: One Time Pads.

It's a perfectly good question; I don't know why it was downvoted.

The OTP protocol, if done perfectly (truly random pad with a perfectly random distribution, secure key exchange, blah blah blah), produces a ciphertext for which all possible plaintexts of the same length are equally probable. Combine it with some plaintext splitting and padding to add noise to the length signal, or use a protocol such as chaffing to interfere with traffic analysis, and you have as close to a perfectly secure communications channel as possible.¹

Perfect Forward Security (PFS) doesn't affect the strength of the protocol, algorithm, or key used to affect the message. It's a feature of the key-exchange protocol. So it's an apples-and-oranges comparison; where OTP is a protocol for encrypting a message, PFS is part of a key-exchange protocol.

PFS simply says "use a unique set of parameters for anonymous key-agreement each time you do key exchange". As an example, look at the evolution of SSL/TLS:

Prior to TLSv1.3, it was very common to use RSA, or Diffie-Hellman (discrete or ECC) with a fixed key, to do key exchange. That is, one side would create a random session key for symmetric encryption of messages, then encrypt it with the peer's public RSA key, and send it to the peer, who would decrypt it using their private key. Or they'd do DH agreement but using a fixed set of parameters.

The problem with this is a well-resourced adversary can save encrypted messages and work on getting that RSA private key (by cracking, or by subverting a machine that has a copy of it, or various other means), or breaking the fixed DH parameters (this was the "WeakDH" part of the Logjam/WeakDH vulnerability a few years ago). Then they could go back through that archive of saved messages and decrypt them.

With PFS, the peers do anonymous DH key agreement to generate a different key each time. If an adversary breaks the key agreement for one session and gets that session key, they only get that one session; they don't get all the others they might have saved.

PFS is such a useful property that all the TLSv1.3 suites use it.

But after key exchange, those suites are doing conventional symmetric encryption (nearly always with AES, though there's also a ChaCha20-Poly1305 suite, and experimental post-quantum ones). They're not using OTPs, and so the entropy in the key is always (in practice) much smaller than the size of the message.

¹This is a gloss. "Secure" doesn't mean anything outside the context of a threat model, and there are certainly plausible models where, for example, using a steganographic channel in addition to the other factors would reduce the threat further.

Re: Crims now know what not to trust, and how to stymie future infiltrations

Historically, most policing techniques continue to work even after criminals become familiar with them. The economics weigh strongly against the kind of vigilance criminals would need to observe to obstruct those techniques. I don't see any reason why the AN0M exploit wouldn't work again with trivial changes.

The historical evidence shows that the criminal population is no better than the general population at learning from their mistakes. I'm not sure why so many people posting here think otherwise.

IT folks haven't, generally speaking, learned from our mistakes, have we? How many SQL injections and BoFs have we seen this year? (A whole bunch, that's how many.) Why do y'all think criminals are more disciplined?

Re: So, a backdoored encrypted chat, eh ?

The problem with that is that in the US, at least, and presumably in most other jurisdictions, essentially everyone is already a de jure criminal, or at least in violation of some laws and regulations. The body of law is sufficiently broad and vague to capture all sorts of ordinary daily activities.

See for example Chase, How to Become a Federal Criminal.

In the AN0M case, I'm not bothered, because it was effectively opt-in – assuming the reports are accurate, the devices were only available through "underground" channels and so were only acquired by people already involved in the criminal network – and because it has a benefit to citizen privacy in demonstrating calls for backdoors in commodity encryption are unfounded.

But in general, if criminals adopt commodity encryption for communications, that's too fucking bad for the LEOs. They'll have to go back to HUMINT rather than relying on SIGINT. Them's the breaks. I am in no way going to accept the proposition that "encryption, wherever it is used by criminals", is fair game. That way lies ubiquitous surveillance.

Re: Criminality

Every time you build a better mousetrap, the mice get smarter & learn to avoid it.

Evidence, please.

We still see criminals at all levels being caught by the same techniques that were being used a century ago. Suspects still waive their rights and self-incriminate in police interviews. Organizations still fall for undercover plants and confidential informants. The statistics I've seen show there's still a vast amount of criminal activity discussed by SMS, despite the widespread availability of more-secure (a very low bar) text-message applications; and there's still a huge amount of posting about criminal activity on social media.

When criminals do employ technological countermeasures, they typically screw up OPSEC or make other procedural mistakes.

Re: One Time Pads.

I think OP meant he'd encrypt War and Peace with an OTP to give the attackers something to chew on.

But, of course, the appropriate number of bytes from /dev/urandom is already an OTP encryption of War and Peace. So is the same number of bytes from /dev/zero. You just have to compute the corresponding pad. (Hint: Try XOR.)

Re: One Time Pads.

And now we're requiring three channels. Let's see if we can convolute this protocol into requiring four.

OTPs don't scale, full stop. They are useful in a very small subset of use cases for cryptography. Folks need to stop hunting unicorns and get real.

Re: One Time Pads.

As with everything in security, it comes down to economics. Strong OPSEC is extremely expensive. It's expensive in resources; it's expensive in opportunity costs; it's expensive in several ways in cognitive load, from planning and threat modeling to vigilance.

Most people simply cannot devote enough resources to OPSEC to prevent targeted attacks.

People who practice strong OPSEC and good spycraft generally are not very neurotypical; they have cognitive conditions that make it easier for them to obsess about the details of security vigilance.

It's true that psychological studies suggest career criminals are particularly prone to overconfidence, which opposes strong OPSEC, and so they may be even more vulnerable than the populace in general to this sort of attack. But the reality is the vast majority of human beings are simply incapable of or unwilling to defend against attacks which target channels they value highly.

Re: One Time Pads.

One-time pads suffer from the same costs and failure modes as they always have. Key distribution is a problem: you need a secure channel to distribute the pad in the first place. Synchronization is a problem. Key storage and disaster recovery are problems. Ensuring they're truly random is a problem.

People don't use OTPs for most use cases because they're infeasible for most use cases.

And even where they are feasible, most data isn't valuable enough to justify the cost of OTPs.

Re: re: How about wanting everyone to know the truth

Both of these statements are meaningless without a definition of "truth".

There are strong, sophisticated arguments that "truth" in a technical sense can only accurately refer to formal truths – that is, tautologies under a formal system (a logic) that express sentences reducible to the axioms of the system under its production rules. Even there, of course, it's extremely easy to accidentally introduce a contradiction, rendering the entire set of statements inconsistent and therefore useless. (See Gödel, Chaitin, Kolmogorov, Löb, etc.)

Theories of "truth" which attempt to extend it out of the formal realm, even the ones that may people think are obvious such as naïve realism, quickly run into problems.

Charlie's proposition is supportable under various arguments, such as solipsism and Descarte's Evil Genius. In short, any human perception of truth has to begin with an assumption of trust in the individual's cognitive processes – that what you think is logically consistent in fact is, and you're not being deceived by mental defect or manipulation. Any realism has to begin with an assumption of trust in the evidence of the senses; even with technological instruments at some point the human reasoner has to perceive and interpret some report of the evidentiary data. Those are both subjective assumptions.

Realists posit that natural "truth" exists in the universe independent of human perception and cognition. That's a position you can hold and defend, but ultimately it's an act of faith, as is the belief that the universe is anything other than a construct of your own mind.

How about wanting everyone to know the truth ?

We don't have a protocol for achieving that. But, hey, rhetoricians have only been studying the problem for a few millennia. We're likely to crack it in the next ten years.