Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Police Using Dogs To Sniff Out Computer Memory

fgrieu Police post plausible statement (415 comments)

Apparently the Rhode Island State Police posted a photo and plausible statement:

https://www.facebook.com/Rhode...

The post says the canine is "trained to detect electronic devices".

That does not look as bogus a claim as training specifically for storage media: the chemicals used in the soldering, cleaning, and IC packaging conceivably could have a detectable smell.

about 2 months ago
top

Math Advance Suggest RSA Encryption Could Fall Within 5 Years

fgrieu The whole thing is unsubstantiated FUD (282 comments)

The whole thing is unsubstantiated FUD. I base my judgment on the slides at
https://media.blackhat.com/us-13/us-13-Stamos-The-Factoring-Dead.pdf

The whole argument boils down to:
a) there has recently been huge progress [*] in solving the Discrete Log Problem over fields of small characteristic;
b) progress in solving the DLP have historically implied progress in factorization, and vice versa;
c) factorization breaks RSA, and solving the DLP breaks DSA;
d) thus RSA and DSA are dead, move to ECDSA.

The fallacy of it is that in b) and c), the DLP is exclusively over fields of huge characteristics (thousands of bits), making the algorithms in a) powerless. The slides do not hint at the faintest research lead towards moving to huge characteristics. Best argument is that "renewed interest could result in further improvements".

One the positive side, the author is honest: "I’m not a mathematician, I just play one on stage".

    François Grieu

[*] See e.g. this recent paper and its references
Razvan Barbulescu, Pierrick Gaudry, Antoine Joux, Emmanuel Thomé: A quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic
http://hal.inria.fr/docs/00/83/54/46/PDF/quasi.pdf

about a year ago
top

New Thermocell Could Turn 'Waste Heat' Into Electricity

fgrieu Very low output power (181 comments)

From the article: "The top performing redox electrolyte (..) yielded output powers of 522 mW per square meter."

Seems that to get the 1 GW power of a nuclear reactor, one would need the active surface of a square of 43 kilometer side coated with that Cobalt stuff.

about a year ago
top

Backdoor Discovered In Atlassian Crowd

fgrieu The report's author are pretty convincing (133 comments)

The original report says about the last vulnerability discussed (but not disclosed)

Indicators such as covert positioning, the use of special parameters, absence of log messages, facilitation of persistence, and apparent lack of legitimate purpose suggest that this vulnerability could be classified as a symmetric backdoor if malicious intent were to be established (which it has not).

I like the tone: they stop short of stating this is a deliberate backdoor of the worst kind, but give extremely convincing argument that it is one.

about a year ago
top

CipherCloud Invokes DMCA To Block Discussions of Its Crypto System

fgrieu Do not judge us from what we show! (85 comments)

The taken-down images, and the promotional video around 2:53
http://pages.ciphercloud.com/AnyAppfiveminutesdemo.html?aliId=1
make it clear that in these promotional materials, identical plaintext leads to identical ciphertext.

Ciphercould's DMCA takedown notice
http://meta.crypto.stackexchange.com/a/258/555
rebuts that as wrong ("Ciphercloud's product is not deterministic"), with a key point at the beginning of page 3:
"[detractor] implies that what was perceived from a public demo is Ciphercould's product offering".

Ciphercould's position is: you misjudged us from what we have shown, which is not the real thing.

about a year ago
top

Intrade Shutdown Hurts Academics

fgrieu There's Foresight Exchange (131 comments)

If trading funny money and a bare-bones web interface is OK, there is Foresight Exchange (aka Ideosphere) which has worked almost flawlessly since 1994.
http://www.ideosphere.com/

about a year and a half ago
top

The World's Oldest Original Digital Computer Springs Back Into Action At TNMOC

fgrieu "will rebooted": it is self-aware! (65 comments)

If this computer can decide to reboot itself, it must have now reached self-awareness!

about a year ago
top

Ask Steve Wozniak Anything

fgrieu Which of your design tricks are you proudest of? (612 comments)

My favorite is the Apple ][ disk controller, most notably the read synchronization and decoding achieving 5, then ultimately 6 useful data bits per raw 8 bits, using little discrete logic and a small (P)ROM.

about 2 years ago
top

Ask Slashdot: How Do I De-Dupe a System With 4.2 Million Files?

fgrieu Try "SearchMyFiles" (440 comments)

Recently had this situation.

Nirsoft's free "SearchMyFiles" http://www.nirsoft.net/utils/search_my_files.html has a straightforward Find Duplicates mode which helped a lot. It is easy (the most "complex" is designating the base locations for searches as e.g. K:\;L:\;P:\;Q:\), fast, never crashed on me, and had only cosmetic issues ("del" key not working). I recommend running it with administrative privileges so that it does not miss files.

about 2 years ago
top

AMD Downgrades Bulldozer Transistor Count By 800 Million

fgrieu Re:There's a new update (149 comments)

AMD just clarified that Bulldozer does have 2 billion transistors after all, but only 1.2 billion work.

Link please?

more than 2 years ago
top

XML Encryption Broken, Need To Fix W3C Standard

fgrieu The abstract of the article is here (80 comments)

http://dl.acm.org/citation.cfm?id=2046756

"..we describe a practical attack on XML Encryption, which allows to decrypt a ciphertext by sending related ciphertexts to a Web Service and evaluating the server response. We show that an adversary can decrypt a ciphertext by performing only 14 requests per plaintext byte on average."

Impressive!

more than 2 years ago
top

Another CA Issues False Certificates To Iran

fgrieu Re:lovely (229 comments)

I now see your point: a CAs does not guarantee against MITM in the same way a safe does not guarantee against robbery.

about 3 years ago
top

Another CA Issues False Certificates To Iran

fgrieu Re:lovely (229 comments)

CA does not guarantee that there is no MITM either

Can you please explain, preferably with a link to a reference?
Common wisdom is that good CA + SSL should protect against MITM, including if the DNS service is comprimized.

about 3 years ago
top

FreeBSD Running On PS3

fgrieu *NOT* related to the recent crypto break (127 comments)

This is *NOT* related to the recent crypto break, as demonstrated by the release note stating

Supported hardware:Sony Playstation 3 Fat, firmware version 3.21

Francois Grieu

more than 3 years ago
top

Virtualizing Workstations For Common Hardware?

fgrieu Re:Slipstream the drivers + update the .iso (349 comments)

It's easy enough to slipstream (lots of) extra drivers and periodically update a master install .iso using tools such as nlite.

Any pointer to (or hint) for some "Slipstream for novices?" Explaining in particular how do you deal with
- disparate versions of serial-number protected things (MSO and Windows XP Pro/Home, or worse vendor-customized Vistas/7)
- machines where XP needs extra drivers to boot a SATA device
- drivers that seem to only come as an interractive installer (ATI)
- patch tuesday routine

more than 4 years ago
top

Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking

fgrieu Re:Honestly (157 comments)

> What options do you have to protect your self from Van eck phreaking?

One option to consider seriously is: paper ballot inserted, in a voting booth protected by opaque curtain, into an opaque paper envelope, which is then publicly dropped into a transparent urn, which is left under public view during the voting, and publicly shaked before the counting process.

That's how 90% of the votes are cast in France for decades [the "transparent" bit was added some 45 years ago]. Not only is it secure against Van Eck phreaking before its invention, it has great resilience against many kinds of fraud, and most voters are able to understand and check the process.

You still have to guard against quite a few things, including
* unsuitably opaque envelopes;
* bulletins printed on paper of different color/size/material [even if the envelope is opaque, it is usually not sealed, and sometime some portion of the bulletin (hopefully the back side, if the bulletin is folded) may be glanced at thru the opening; also the weight/stiffness of the bulletin may be revealing]
* hidden cameras in the voting booth; including those built into cellphones held by the voter [because the voter could be trying to prove what (s)he voted [in order to sell her/his vote or avoid retaliation if s/he did not vote as instructed].

Actually, in some locations much closer to you than half the circumference of planet earth, it may happen that voters are threatened to be beaten/killed is they do not vote as instructed; and maybe, on election day, a few of those who voted could be beaten publicly (often: regardless of what they actually voted, or based on their perceived opinion), in order to make the threat credible to those who did not vote yet. In these circumstances, the voters must be able to really trust the secrecy of their vote.

François Grieu

more than 4 years ago
top

AIDS Vaccine Is Partially Successful

fgrieu Result is NOT statistically significant (317 comments)

According to numerous online sources, raw numbers are:
51 out of 8187 found infected in the vaccinated group;
74 out of 8198 found infected in the control group.

The most basic course of statistics tells how to proceed from here: test if the null hypothesis (vaccine has no effect) remains plausible despite this evidence. Conditions are ideal for the chi-squared test.
We get Observed values 51, 74, 8147, 8123; Expected values 62.504, 62.496, 8135.5, 8134.5; then sum((O-E)^2/E) = 4.267, with two degrees of freedom.
Conclusion: the null hypohesis is rejected with only 88% confidence level.

This is not enough to confortably say that the vaccine has any benefit. Odds of the contrary are about 1/17.

This is much less reason to trust that the vaccine reduce infection rate by 31.1%, as reported in some press articles. Odds are 1/2 that it is less efficient than this.

    Francois Grieu

more than 4 years ago
top

Alex, The Brainy Parrot Who Knows About Zero

fgrieu none != 0 (435 comments)

Reconizing "none" is NOT an indication of grasping the concept of "zero", which is about "zero" sharing proterties similar to other numbers (i.e can be meaningfully added).

more than 9 years ago

Submissions

fgrieu hasn't submitted any stories.

Journals

fgrieu has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>