Thursday, October 15, 2015

Couldn't this just be a generic headline - "Obama is wrong" Also How the NSA breaks all that unbreakable crypto - What I am reading 10/15/2015

The Register - Top boffin Freeman Dyson on climate change, interstellar travel, fusion, and more -
An Obama supporter who describes himself as "100 per cent Democrat," Dyson says he is disappointed that the President "chose the wrong side." Increasing CO2 in the atmosphere does more good than harm, he argues, but it is not an insurmountable crisis. Climate change, he tells us, "is not a scientific mystery but a human mystery. How does it happen that a whole generation of scientific experts is blind to obvious facts?"
...
Are climate models getting better? You wrote how they have the most awful fudges, and they only really impress people who don't know about them.
I would say the opposite. What has happened in the past 10 years is that the discrepancies between what's observed and what's predicted have become much stronger. It's clear now the models are wrong, but it wasn't so clear 10 years ago. I can't say if they'll always be wrong, but the observations are improving and so the models are becoming more verifiable.

Even more important than Obama being wrong is that fact that, according to Dyson, I am right - Even if climate change is real it won't necessarily be the horrible disaster that people are predicting as we can use SCIENCE and ENGINEERING to mitigate the effects.

On the topic of Obama is wrong:

US-China cyber espionage treaty 'will do nothing': FireEye boss -
Mandia, a former Pentagon man and founder of forensics giant Mandiant, says the treaty will do little to curb the hacking.
"This agreement with China … healthcare is fair game, universities are fair game, and you keep going down the list, and bottom line is it doesn't end," Mandia told the Cyber Defence Summit (formerly Mircon) in Washington DC today.
"Nothing really changes. The intrusions will still stay the same.

Why am I not surprised?

The XX Committee - The Painful Truth About Snowden
Since the saga of Edward Snowden went public just over two years ago, I’ve had a lot to say in the media about this sensational case. That’s gotten me loads of push-back, not to mention trolling, but my take on the case — particularly that it’s a planned foreign intelligence operation that operates behind the cover of “freedom” and “civil liberties” — has increasingly become accepted by normals.
I have no idea who this guy is, but he has a blog and he, at least in general, agrees with me so he must be a genius.  I have pointed out some of my reservations about Snowden before.  I don't think his story or his timelines hold together.  I think his credentials are over-inflated.  I think he sought out journalists with an ax to grind against the US and preyed on that.  Finally it bothers me that we have never seen a complete accounting of what he took and we never see documents in full and in context.  Also any time a new situation which can prove embarrassing to the US or a close ally develops suddenly a new Snowden document appears.  Yeah this is a foreign intelligence operation.

Ars TechnicaObama administration won’t seek encryption-backdoor legislation -
FBI Director James Comey told a congressional panel that the Obama administration won't ask Congress for legislation requiring the tech sector to install backdoors into their products so the authorities can access encrypted data.
Comey said the administration for now will continue lobbying private industry to create backdoors to allow the authorities to open up locked devices to investigate criminal cases and terrorism.
So they know they can't get it through Congress, so they will try and bully companies.  Next will be an Executive Order requiring backdoors in data and programs used by federal contractors.  I am not big on Constitutional Amendments but this is one I could support "The people having a right to be secure in their data, the use of encryption shall not be infringed"

Boing Boing - The NSA sure breaks a lot of "unbreakable" crypto. This is probably how they do it. -
The paper describes how in Diffie-Hellman key exchange -- a common means of exchanging cryptographic keys over untrusted channels -- it's possible to save a lot of computation and programmer time by using one of a few, widely agreed-upon large prime numbers. The theoreticians who first proposed this described it as secure against anyone who didn't want to spend a nearly unimaginable amount of money attacking it.

Lost in transition between the theoreticians and practicioners was the distinction between "secure against anyone who doesn't have a titanic amount of money to blow" and "secure against anyone," and so many of our cryptographic tools use hard-coded and/or standardized large primes for Diffie-Hellman.  
 My position has always been a) Crypto implementations are never as strong as they are in theory, b) With enough money and computing power anything can be broken, and c) The NSA has all the money and computing power in the world.  Q.E.D crypto is going to fail.  




Post a Comment

What I am reading (or maybe watching) 10/18/2017

DefCon - ICS Village: Grid Insecurity and How to Really Fix This Shit - I tried to see this talk while at DefCon, but the room they ...