Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

NSA Trying To Build Quantum Computer

FrangoAssado Re:Some background facts (221 comments)

This isn't quite correct- factoring isn't known to be NP-Hard (and so proving it's in P wouldn't necessarily prove P=NP).

I never said it was. What I said is that factoring is in NP (not NP-hard), so if it's not in P, then it must be the case that P!=NP.

On the other hand, as you said, if it turns out that factoring is in P, then it's still possible that P!=NP (i.e., there may be another problem that is in NP but not in P).

about 9 months ago
top

NSA Trying To Build Quantum Computer

FrangoAssado Re:Some background facts (221 comments)

I'd be interested in a reference, if you find one.

As far as I know, this is an open question (see this for a lot of references) -- so maybe I should have said:

It may be that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, it's not known that you need fast factoring to break RSA".

Still, the other point stands -- proving that breaking RSA is not in P (or that factoring is not in P) implies proving P!=NP.

about 9 months ago
top

NSA Trying To Build Quantum Computer

FrangoAssado Re:Some background facts (221 comments)

There is no mathematical proof that any cipher (other than the one-time pad) is resistant to all as-yet-unknown quantum algorithms.

That doesn't mean anything; the same is true for classical algorithms.

That's hardly surprising if you understand what proving anything like that would entail. Hell, to prove you can't break ECC or RSA with a classical computer you'd have to prove P!=NP, since discrete log and factoring are in NP. (To see why, just note that fast factoring would break RSA, so to prove you can't break RSA you have to prove that fast factoring is impossible, which means that you have to prove that factoring is not in P -- but since factoring is in NP, you'd also be proving P!=NP).

Note, however, that proving that ECC or RSA are breakable does not require a proof of P=NP or P!=NP -- for example, you don't need fast factoring to break RSA.

about 9 months ago
top

Linux RNG May Be Insecure After All

FrangoAssado Re:Incorrect and irresponsible headline (240 comments)

Their analysis that the linux rng is insecure under this (rather contrived) model rests on an _incorrect_ assumption that Linux stops adding to the entropy pool when the estimator concludes that the entropy pool is full.

Exactly. The maintainer of the /dev/random driver explained this and a lot more about this paper here.

about a year ago
top

Google Admits Bitcoin Thieves Exploited Android Crypto PRNG Flaw

FrangoAssado Re:How does this get fixed? (183 comments)

SecureRandom has the benefit of being the standard way of generating random numbers for use in cryptography in Java. Why do it differently when you can do it the standard way (where you can re-use the code later, if opportunity arises)?

On the other hand, "use /dev/random instead" is not good advice for people who already have working code (possibly in libraries) that uses SecureRandom. The solution given in that blog post is very simple: "Add this class to your android project and stick PRNGFixes.apply(); on your main acvitity's onCreate()." That's a guaranteed fix regardless of whether you're starting a new project or already have working code, and will fix code in libraries you might not even realize are using SecureRandom.

about a year ago
top

Google Admits Bitcoin Thieves Exploited Android Crypto PRNG Flaw

FrangoAssado Re:How does this get fixed? (183 comments)

It's much easier and foolproof to fix SecureRandom than to find and change every piece of code (including libraries which many people have no control over) that uses SecureRandom.

about a year ago
top

Creator of xkcd Reveals Secret Back-story of His Epic, 3,099-Panel 'Time' Comic

FrangoAssado Re:xkcd is overrated (187 comments)

Chill out, man. The original point is not that it's "unlikely" that humans will sustain a civilization for 10,000 years more, only that that's "optimistic". The (admittedly pessimistic) idea that the current civilization will collapse was used to write a story about the hypothetical civilization that will come after this one. That's all.

(By the way, "civilization" usually implies "having a writing system", so it's weird to say "civilization that writes". In the same vein, you should understand "every civilization with written records" in the author's quote to mean "every civilization that we know about because we have records about them", not "every civilization that had writing").

about a year ago
top

Muon Neutrino To Electron Neutrino Oscillation Conclusively Shown

FrangoAssado Re:Speed of light violation implication? (46 comments)

This explanation is insufficient. If neutrinos were indeed massive particles we'd see a wide distribution of their velocities, just like we can observe slow and fast protons, slow and fast electrons, slow and fast everything that moves slower than c.

That's completely mistaken. We don't find a wide distribution of neutrino velocities because it takes very little energy to make a neutrino go very close to the speed of light (this happens because neutrinos have *very* little mass). This means that there's a very small probability for a neutrino to have a small velocity relative to anything else -- you just have to sneeze at it (that is, interact with it in almost any way) to send it flying away at close the speed of light. So it's *expected* that you'll never actually see a slow neutrino.

There is already too much evidence against Relativity Theory as it presently is.

That's just bullshit. It's true that General Relativity doesn't fit at all with Quantum Mechanics, but there's *no* compelling evidence at all against Relativity (either General or Special). There's *no* known experiment that gives a conclusive result that's different from what Relativity predicts. People are working on other theories because General Relativity doesn't fit with Quantum Mechanics, not because there's evidence against Relativity.

about a year ago
top

PlayStation 4 Will Be Running Modified FreeBSD

FrangoAssado Re:A great win for FreeBSD (457 comments)

You forgot this:

You don't receive some software derived from software previously licensed under BSD. Let B be the set of all things you can do with/to the software.

You do receive some software derived from software previously licensed under GPL. Let G be the set of all things you can do with/to the software.

B is the null set, therefore B is a strict subset of G.

Hence, G has a more liberal license than B.

In the end, the discussion of "which license is more liberal" is silly. Each license yields different freedoms to different groups of people. Use whatever works for you, don't use what you don't like. Advocate licenses you'd like other people to use. Just don't oversimplify the discussion with simplistic logical fallacies.

about a year ago
top

Hackers Steal Opera-Signed Certificate Through Infrastructure Attack

FrangoAssado Re:My SSH warns me if the fingerprint changes (104 comments)

There's nothing wrong with tracking prior public keys. That's a good option for knowledgeable users, but it's a no-starter for people who know nothing about cryptography.

See for example what would happen when a key is compromised or just lost. In this case you have to warn everyone that your key will change. Now think of how often will people receive the message "hey, my email key has changed, so the warning you'll get is not a MITM attack", and how soon will people start clicking "accept" without bothering to check whether it's legitimate?

The idea of certificates is that the end user only has ONE job: to decide which CAs he or she will trust. Even that has proven to be too much for the end user: almost no one even knows you can choose which CAs they want to trust, everyone trusts the browsers or the OSs to make this choice for them. Any solution that requires MORE decisions from the user is a step back.

about a year ago
top

Hackers Steal Opera-Signed Certificate Through Infrastructure Attack

FrangoAssado Re:Certificates prevent encrypt email (104 comments)

SSH currently will do a key exchange using the first-time approach without a certification authority and we should use the same system for end to end email encryption.

When connecting for the first time, SSH shows the public key fingerprint of the host you're connecting to. If you don't bother to check it, you're leaving yourself wide open to a MITM attack (and in this case, the attacker doesn't even need access to any certificate authorities).

Your proposed email system that blindly accepts every public key upon first connection is even worse than using CAs -- with certificates, you can at least choose which authorities you want to trust.

about a year ago
top

Brazilian Government To Monitor Social Media To Counter Recent Riots

FrangoAssado Re:a local look (126 comments)

You're delusional. Alckmin is right-wing for Brazilian standards, but his social programs would be considered borderline socialist in the USA.

Just look at how Obama is accused of being socialist for Obamacare, which is not even universal healthcare.

about a year ago
top

KWin Maintainer: Fanboys and Trolls Are the Cancer Killing Free Software

FrangoAssado Re:Wow, just wow. (406 comments)

That's a nice view, but I don't see how it's ultimately defensible. You seem to be arguing that anything that prevents anyone from expressing their ideas any way he or she wants is against the "abstract principles" of free speech.

How do you reconcile your position with the idea that people shouldn't be allowed to talk during movies? As far as I can see, banning a troll from a website is like removing a loud person from a theater -- people are in the site to discuss site-related stuff, and the troll is disrupting that.

about a year ago
top

Microsoft Reputation Manager's Guide To Xbox One

FrangoAssado Re:Beware Internet Echo Chambers (611 comments)

Don't try to trivialize Sony's rootkit fiasco, it was not just a matter of a company releasing an unpopular product and then recanting.

What Sony did was possibly illegal. "Possibly" only because they were never convicted -- they settled all the lawsuits -- but in many states there are specific laws against covertly installing spyware (a lot of states have a very similar piece of legislation called "Consumer Protection Against Computer Spyware Act", here are the ones for Texas and California, for example).

Not to mention that the rootkit opened vulnerabilities in the systems where it was installed (more details on Wikipedia). The federal government didn't sue, but the Department of Homeland Security made very clear that what Sony did was unacceptable.

about a year ago
top

Spikes Detected In Autorun Malware

FrangoAssado Re:Windows Right? (140 comments)

The terms "closed platform" and "walled garden" have a very specific meaning, and it doesn't apply to Windows. From Wikipedia (my emphasis):

A closed platform, walled garden or closed ecosystem is a software system where the carrier or service provider has control over applications, content, and media and restricts convenient access to non-approved applications or content. This is in contrast to an open platform, where consumers have unrestricted access to applications and content.

It's obvious that Microsoft has absolutely no control over what software can be run on Windows. Compare that to Apple's iPad, where you can't install anything that's not approved by Apple (unless you jailbreak it first). That makes iOS a "walled garden".

Now, maybe we agree that it was foolish for Microsoft to enable any kind of "autorun" feature. The point is that in an "open platform" (that is, one where the user has complete control over what can be run on it), the user must also have enough power to do dumb things like running an unknown program from a pendrive that was just plugged in. How easy it should be for the user to do that is another discussion.

about a year ago
top

Fear of Death Makes People Into Believers (of Science)

FrangoAssado Re:Science works (434 comments)

To believe in science (and to disbelieve in religion), one needs to believe that the elements needed to create the big bang came into existence of their own accord and that the laws of physics decided to invent themselves.

Actually, to "believe" in science, the only thing that's strictly required is that you believe that the universe is knowable. Even the ways you use to know more stuff (the "scientific method") are not "a priori", that is, if you can think of a better way to discover stuff about the universe, then it will become part of the scientific method.

Science doesn't a priori reject the possibility of a creator (God), just as it doesn't a priori require that the universe came into existence of its own accord. The Big Bang theory is just the best answer we have so far when asking questions about the start of the universe. Science doesn't give definitive answers, since it's always possible that you'll find out later that you didn't know everything there was to know about something.

about a year ago
top

Compared to its non-Super version, I most prefer ...

FrangoAssado Re:Nintendo (288 comments)

Nah, the SNES version had a better translation

I have to agree with this one. "Son of a submariner!" is the best line I've ever seen in a videogame.

about a year ago
top

Higgs Data Could Spell Trouble For Leading Big Bang Theory

FrangoAssado Re:GOOD! (259 comments)

I sincerely doubt you are an atheist because you capitalize god [...]

That's very silly. It's a convention to write "God" when you're talking about the the supreme being (like the Christian God, as opposed to other gods like Zeus, where "god" is usually not capitalized), even if you don't believe in it.

See for instance Wikipedia: in "God"

In theism, God is the creator and sustainer of the universe. In deism, God is the creator (but not the sustainer) of the universe.

But in "Zeus"

He is the god of sky and thunder in Greek mythology.

about a year and a half ago
top

Steve Forbes: Bitcoin Not Money

FrangoAssado Re:Fiat Currency (692 comments)

You certainly can. In my case, I bought an ipad mini when the price spiked.

That pretty much confirms the point he was making; clearly the iPad had a price set in dollars, not bitcoins. Just because you didn't have to convert your bitcoins to dollars, it doesn't mean the conversion didn't happen.

People here are stuck at the (inflammatory) headline and are missing the point entirely. Of course prices (i.e., the value of money) vary, but when the "currency" you're using fluctuates wildly -- to the point where it's possible to make or lose a lot of money just investing in it, and not using it, like a lot of people have been doing with bitcoin -- that's not a healthy currency.

Now, clearly the article is a bit (a lot, actually) on the FUD side ("We don’t really know how this coin is created. [...] Thankfully its plunge will be a salutary caution to most folks."), but it's good to least try to understand and respond to it, and not some imaginary argument you think he's making based on the headline.

about a year and a half ago
top

Mozilla Is Considering Revoking TeliaSonera Trust For Sales To Dictators

FrangoAssado Re:There are many others. (123 comments)

That's a nice idea, but it doesn't really solve the underlying problem. Imagine that you're convinced that TeliaSonera is friendly to governments in Central Asia (as the story seems to imply). So it would make sense to trust them (a lot) to attest government-friendly identities in that region. But it would be silly to trust them (at all) for anything else.

In the end, trust in a CA has context. It's not enough to simply assign a number to convey how much you trust a particular CA; what you're really interested is how much you trust a particular CA to attest a particular identity.

about a year and a half ago

Submissions

FrangoAssado hasn't submitted any stories.

Journals

FrangoAssado has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>