Friday Squid Blogging: Planctotuethis Squid

Neat video, and an impressive-looking squid. I can't figure out how long it is.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on November 15, 2019 at 4:13 PM • 95 Comments

Comments

Mr. CNovember 15, 2019 6:21 PM

@ Rolf: Google translate isn't cutting it here. Does the article provide any detail on what sort of backdoor Tutanota actually implemented in the end?

SpaceLifeFormNovember 15, 2019 6:51 PM

PJ, you still around? I hope you are.


hxxps[:]//arstechnica.com/tech-policy/2019/11/supreme-court-will-review-high-stakes-google-v-oracle-ruling/


The Supreme Court has agreed to review one of the decade's most significant software copyright decisions: last year's ruling by an appeals court that Google infringed Oracle's copyrights when Google created an independent implementation of the Java programming language.

SpaceLifeFormNovember 15, 2019 7:59 PM

@Nick P

Interesting

I guess you are not going to mention the server you pulled that key from.

maqpNovember 15, 2019 9:13 PM

@Nick P, @Clive Robinson, @Thoth, @Sancho_P, @figureitout, @all

TFC 1.19.11 has now been released.

The update log is rather short

  • Master password change now requires the user to enter the current master password. This fixes a security issue where a physical attacker could bypass password input to view log files by setting the password into something they know.
  • Databases now have atomic transactions. For log files, the encrypted assembly packet blobs are stored in an sqlite3-database to ensure ACID properties. As for the rest, the system now forces write of temp file to disk, and the file is atomically replaced once integrity of temp file is verified. This happens either while the program is running, or after a crash. The integrity of encrypted databases is checked with the Poly1305 tag, and integrity of login data (Argon2 salt, password hash, KDF settings) is verified with a concatenated BLAKE2b digest.
  • Master password change re-encrypts databases with a new key. This action is now also atomic, in that the master password is only updated once every database has a replacing temp file the integrity of which has been checked. To the best of my knowledge, both actions should have ACID properties.

That being said, I've been looking into upcoming features.


Blocked due to lack of funds
* Audit
Blocked due to missing implementation/library
* VoIP
* Faster, C-based Reed-Solomon with python bindings
* Ed448 signatures (PGP lacks it, minisign too and
doesn't come preinstalled)
* Post-quantum key exchange with reasonably short keys
* Balloon hashing function
* Post-quantum E2EE between Relay Computers
(Outer layer, no key size requirements)
* Basic/stealth authorization for v3 Onion Services
(allows preventing people who know the Onion
Address from checking if the user is online)
Major updates that would take too long
* Low-level language implementation to
ensure constant time traffic masking
* GUI
* Encrypted container for received files (requires GUI)
* New whitepaper
* Packet replay command to allow replaying ciphertexts
that drop when sent over data diode (very complex issue)
* Qubes-based version where unidirectionality between
VM-isolated programs is enforced by the hypervisor
Work in progress updates that will take a long time
* Refactoring code and all tests
* Reducing APT-dependencies (as they don't have pinned hashes)
* More extensive Linux/BSD support (many per-distro issues)
* Any-free mypy type checking
(also, Python3.8 will bring along Final etc)
Mostly unnecessary updates
* Production grade WSGI server
(Flask should scale at least to Dunbar's number)
Maintenance
* Updating dependencies
* Maintaining platform support
* Fixing security issues
* Scanning the code for bugs

That being said, the system now has almost everything I can think of, and that I can deliver. New features will be added once possible and once I have more time. I'll be sure to keep you updated.

Sherman JayNovember 15, 2019 10:34 PM

Last week, at one of the clinics I hold, one of my fellow techs was reinstalling window$10 on a laptop and it wouldn't let him create a local login. It demanded that he create an online Micro$oft account and login through that (I'm sure Micro$oft maintains the resaon is to 'enhance the user experience' and not to hoover up more user personal info - LOL). The problem is that if the owner of the laptop takes it to a campground or other location where there is no internet access, he can't login and the laptop is about as usefull as a handful of gravel. (He worked around that by creating a 'fanciful' account, logging into the computer and then was able to change to a local login on the laptop.)

1&1~=UmmNovember 16, 2019 5:41 AM

Something for the weekend?

How about a nice little video that gives a few things to think about on that steady march nightmare to total surveillance,

https://m.youtube.com/watch?v=d7VwlyyTrgQ

It all appears fairly acurate, and much has been discussed on this blog. But having it in a video makes it easier fpr others to understand.

Rj BrownNovember 16, 2019 7:32 AM

I was an expert in Batemann vs Mnemonics 1992. This case was originaly lost by my client, Mnemonics, but won on appeal. It established the precedent that the user interface was not protectable by copyright, only the implementation. Mnemonics wrote an OS that had a user interface compatible with an OS written by Batemann et al. Batemann sued. This case was referenced as precedent in the Lotus vs Boreland case where Lotus was saying that Boreland copied the user interface to Lotus 123. Boreland won it.

So is not the programming language, not the implementation, but the language itself, the user interface between the user (programmer) and the compiler? How did this case even make it to the supreme court?

Sed Contra November 16, 2019 8:10 AM

@ 1&1~=Umm

total surveillance

Gives a whole new meaning to “No matter where you go, there you are.”

1&1~=UmmNovember 16, 2019 8:58 AM

Se Contra:

"Gives a whole new meaning..."

Yes indeed, jokes about 'Go too solutions..." and similar keep poping into my head.

However so does the thought that the toilet probably uses a camera, somewhere and that once on the Internet it's going to get "owned" by someone... A thought that just makes me feel creeped out.

SpaceLifeFormNovember 16, 2019 1:46 PM

@Sherman Jay

When [re-]installing any windows, always make sure that you have *NO* internet.

Way less headaches.

Go, thru the process, uninstall as much bundled crapware as possible, run whatever tools you have to cleanup more (you need to have your cleanup tools on usbkey), do a clonezilla, and then get on internet.

Get updates. Get offline.

Clean up again. Clonezilla again.

Lather, rinse, repeat.

Note: Restore Points are useless on 10.

The OS will remove them after 90 days.

I learned this horrible lesson not long ago.

Had to start from scratch via recovery partition.

It took over 2 days just for the Windows Update patches to apply to a 2 year old box. Fast box, 8GB Ram.

Box was totally unusable that entire time.

But, I knew it was updating, just no screen.

Must be patient. Do not hard power off.

Clonezilla is a good tool. Recovery time is much faster, way less headache.

Sherman JayNovember 16, 2019 2:25 PM

@SpaceLifeForm,

Thanks for all the good info. Trying to install/reinstall Window$ is a huge nightmare for everyone. Clonezilla is very good, but requires a large bare HDD.

In order to recover all the 'user data' on a crashed win10 laptop, I used a version of puppy linux on a usb flashdrive to create a fully functioning O/S that looked into and transferred all the user info onto an external usb HDD. Puppy took about 50 seconds to create that fully functioning O/S (with working word proc., spreadsheet, tons of utilities, browser, media player, etc.) and we just mounted the laptop HDD and copied the files.

Rj BrownNovember 16, 2019 2:36 PM

@Sherman Jay -- I have a better solution: I carry a few usb sticks on my keychain (along with the house keys and the car keys) from which I can run various hardware diagnostice, and also install either gentoo or ubuntu linux. The ubuntu install is nice if you want a true stand-alone, as it does not require an internet connection, although fo most of my own work, I do prefer gentoo.

Bonus question: What does ubuntu mean?

Answer: It is an ancient african word meaning "I am not geek enough to install gentoo." ;-)

Sherman JayNovember 16, 2019 2:45 PM

@SpaceLifeForm,

Yes, our clinic has noted that the restore points we set on 'victims' computers' 'disappear' after a couple of months. And, a few days ago one of our techs downloaded a 'fresh' win10 iso from the M$ site and it had most of the updates incorporated, which reduced the 'wait for all the updates' hassle during.re-installation.

I try to warn people "it's not 'if', it's 'when' the computer will brick." But, most people who come to me for help after a crash haven't listened and so they don't know about proactive precautions to create a win restore disk or disk image. So, they are in a complete panic when it crashes.

In spite of the M$ 'reputation' for security, we see setting up a M$ online account as just another in many locations which are a potential security breach to expose personal info.

as @Sed Contra and @ 1&1~=Umm pointed out: total surveillance

we see disasters like: ExXperian, ASScension health, the list is endless. People's privacy and security are now jeopardized/compromised by corporations that they never wanted anything to do with.

Sherman JayNovember 16, 2019 2:55 PM

@Rj Brown,
Thanks, Good Ideas. Gentoo is quite venerable, stable and useful.

However, most people who are not 'power-users' want their window$ back and aren't even interested in seeing anything Linux, no matter how easy it is to use.

Most versions of puppy have great firmware and will recognize and use almost any hardware, including wi-fi adapters. They also have system info programs that help identify components, like video cards, sound cards network, etc.

And, I have been installing Lubuntu on the laptops I refurbish and donate to non-profit shelters and low-income people. It is a simple desktop with firefox and has a full office suite.

Great explanation of the term 'ubuntu' :-)

SpaceLifeFormNovember 16, 2019 2:58 PM

@Rj Brown

"So is not the programming language, not the implementation, but the language itself, the user interface between the user (programmer) and the compiler? How did this case even make it to the supreme court?"

Your two questions are sound.

Looking at your first question, let's go back in history a bit.

Oracle took over Java from Sun Microsystems.

Java is an *interpreted* language.

(normally, but I do not want to distract)

Oracle argued that the APIs were copyrighted, even though they were originally developed by SUN.

Oracle thought they bought some magic secret sauce (header files), that they thought they could monetize.

The API is the definition of a function.

It tells a user, this is the name of the function, and in order to call the function, this is what the function name is, what parameters it takes, and what the possible return value may be.


Dicumentation about the function tells the user what the function is intended to provide.

The *IMPLEMENTATION* of the function can be copyrighted. But not the API, the *DEFINITION* of the function.

Google bought a clean room *IMPLEMENTATION* of Java. Except for some trivial parts, the *IMPLEMENTATION* was not SUN written.

Note: sometimes, independent developers may actually write the exact same code, because of two reasons. It is trivial, or there is only one way to write it.

So, lets step back a bit in history.

Oracle has argued that the API (the header files) are their precious.

Long ago, did you ever play with BASIC?

An interpreted *LANGUAGE*.

Back in the days, BASIC had no header files. Just DOCUMENTATION.
Anyone could write their own BASIC interpreter.

The DOCUMENTATION told the user about the API.

DIM, LET, etc.

Header files are DOCUMEMTATION.

Best I can recall, FORTH has no header files either. Just DOCUMENTATION.

So, I have to say a resounding yes to your first question.

Your second question:

How did this case even make it to the supreme court?

Rhetorical I hope.


Big money wants to kill off independent software development.

Must monetize. Must control.

Bad, non-tech judges, CAFC.

SpaceLifeFormNovember 16, 2019 3:41 PM

@Rj Brown, @All

Some old links. Rj, I do not recall you at these links.

Note: you can parse out the YYYYMMDD from the links.

http[:]//www.groklaw.net/articlebasic.php?story=20031231092027900

Bateman v. Mnemonics, Inc mentioned New Years eve, almost 17 years ago. Good article about copyright and FOSS.

Article by Mark Webbink, Senior Vice President and General Counsel of Red Hat, Inc.

http[:]//www.groklaw.net/articlebasic.php?story=2011091011343331

That link will get most caught up on the mess that is Oracle vs Google.

http[:]//www.groklaw.net/articlebasic.php?story=20130706091033171

Judge Alsup taught himself Java.

SpaceLifeFormNovember 16, 2019 4:05 PM

@Rj Brown, @All

Here is what I think will happen if SCOTUS rules for Oracle on the copyrightable API issue.

Will not know until next year.

Those that want to attempt to extract money from users, will find the users will move away from their platform.

Smart decision by SCOTUS: API DOCUMENTATION is NOT Copyrightable.

Stupid decision by SCOTUS: JAVA becomes dead faster than you can imagine.

Not that JAVA is not basically dead now.

But other companies that try to extort, may find that their foot may meet their gun.

MKNovember 16, 2019 4:46 PM

A couple of ancient things come to mind:
Intel copyrighted it's instruction set mnemonics for the 80xx. When Motorola invented its instruction set for the 68xx the order of operands (e.g. src, dst) on the right was reversed from Intel.

I consulted on a case of trade-secret theft, where the program was a "clean-room" implementation, but some of the implementors were implementors of the original system.

SpaceLifeFormNovember 16, 2019 5:33 PM

@Sherman Jay

"Clonezilla is very good, but requires a large bare HDD."

It may. Hopefully, the workstations are not using over 32GB. Then you do the clone to usbkey, preferably 2 or 3.

I do not trust usbkey over 32GB, as far as I can throw them.

SpaceLifeFormNovember 16, 2019 6:21 PM

@MK

Are you at liberty to disclose the case?

You do not have to. In my posts above, I left out some history.

Tell me I am completely wrong.

Seriously, tell me you are referring to something other than:

SCO vs Novell

Or

SCO vs IBM

SCO, now SCO Group vs IBM, is still a live case, after 16 years.

Bankruptcy court is allowing the case to hang around indefinitely, until everyone forgets or dies.

It is all about control. And killing FOSS.

Rj BrownNovember 16, 2019 6:27 PM

@SpaceLifeForm:

I should give some credit where it is most definetly due. Richard Stallmann of the FSF referred me to an FSF lawyer who gladly and most helpfully wrote an excellent amicus curarae for the Batemann vs Mnemonics case. I wish I could remember her name right now.

BTW Thanks for the links you sent!

Clive RobinsonNovember 17, 2019 12:02 AM

@ RJ Brown,

Bonus question: What does ubuntu mean?

Yes "officially" it is a word from the south of Africa from around Swaziland, and Zimbabwe, which comes from the Nguni Bantu language. Unfortunatly the word has many meanings that do not readily translate into English. Many asume the word is a philosophical doctrine or approach to life that emphasizes social unity and generosity of spirit, especially at the end of Apartheid.

Some also say it means "is correct behavior" with respect to your fellow humans. Which is ironic because of the telemetry that Mark shuttleworth has added to spy on the users, which many find to not be even remotely "correct behavior"...

MKNovember 17, 2019 1:55 AM

I'm not able to name the case, but it is not one of those you mentioned. Much smaller company, BASIC variant language. I think all the players are indisposed, now.

CuriousNovember 17, 2019 7:30 AM

I stumbled on a particular tweet among my 200+ twitter tabs yesterday, something about "new math" re. quantum computing and I thought maybe this could be relevant to cryptograpy.

Something about a supposedly newly discoverd relationship between eigenvectors and eigenvalues using math and matricies.

I've always naively thought (anyone remembering me, I don't know much about crypto or math) that any computer security relying on 0's and 1's in a matrix, seems somehow relatable to the world of quantum physics when working with matricies.

https://twitter.com/riemannzeta/status/1194856825067167744
https://twitter.com/daniel_bilar/status/1194926410504327168

Article: https://www.quantamagazine.org/neutrinos-lead-to-unexpected-discovery-in-basic-math-20191113/

I looked up S-box on wikipedia today and looking at this other wikipedia article about 'bent function' (don't know much about s-boxes or bent function myself), and seeing how there is sort of a recognizable pattern in the image on the upper right illustration, I can't help but wonder if maybe something like s-boxes could be subject to hidden patterns, as if, countless permutation of bits in an S-box could perhaps be restored somehow, if being able to link a previous state to a future state in an S-box as I imagine it. I have no practical problem solving task to make sense of this notion of mine, but I thought perhaps all of this would make some sense to those of you that know how crypto with s-boxes work.

https://en.wikipedia.org/wiki/S-box
https://en.wikipedia.org/wiki/Bent_function

CuriousNovember 17, 2019 7:40 AM

To add to what I wrote above:

I vaguely remember this one visual fx plug-in for winamp (mp3 player), I think there was a glitch at some point or something, because as I remember it, the visual patterns showing up with different colors, patterns and movements, somehow this visual spectacle had this outer frame that probably wasn't supposed to be shown (it didn't a year before iirc), and it sort of revealed how the center part of the graphis was made as I remember this. I thought that was both annoying but also facinating, as it made sense of some of the stuff shown on screen.

So, one could perhaps imagine, if relying on matricies, being quares or boxes, for every square matrix you make, you could presumably extend one or many matricies any other way outside the stated matrix as a kind of reminder, or extended permutation, or complex clock work even if I can get fancy with an attempt at making a metaphorical connection between analog clock work and computing. Then maybe, somewhere outside the original matrix, some kind of pattern could be recognizable that somehow revealed the original content of a matrix, or s-box.

HashNovember 17, 2019 7:58 AM

Heads Up for Good Security

Good security requires a high level of analytical, sharp focus.

Adelphi University students broke the powerful addiction of smartphones by using handwritten notes, an actual wristwatch and alarm clocks. Students were still allowed to use a desktop computer or laptop during the experiment [1].

“I think it’s really refreshing and relaxing… I was able to fall asleep a lot easier,” student Adrianna Cigliano.
They managed to find their way, even without GPS for a week. “I just had to take the same route everywhere,” one student joked.
They were also more productive. “Doing homework was 100 percent easier. I got it done faster, I was in the zone,” Cigliano said.
Prof. Freitas says it’s important for everyone to assess their addiction. “Are the conveniences worth it because the drawback are pretty significant,” Freitas said.
“The face that no one can focus, that my students can’t sleep… They feel bad about themselves because of social media, the list goes on and on.”
“I want to keep that balance and figure out the healthy relationship that we deserve to have with our phones. My screen time is definitely going to go down and I’m going start to appreciate my surroundings more because usually I’m looking at my screen all the time,” Ashley Castillero said.
Students told CBS2 they look forward to living more in the moment, with their heads up more often, notifications off, and the “do not disturb” on.
https://newyork.cbslocal.com/2019/11/14/students-ditch-phone-changed-lives/
---
The addiction is just a prevalent among adults including teachers. In America its remarkable that only one educator out of several million offers a smart-phone addiction class[2].

The prudent use of technology, security and privacy curriculum should be required starting at age 8 as both your body AND your data are private

Instead we allow a scheme[3] against our own children: addicted school district leadership have already surrendered teaching to Google Classroom. Then at 13 our wise, mature students give Google their entire academic record to be used for profiling and targeted advertising. All without parental knowledge or consent.

Shouldn't every country follow American corporate and Chinese Communist Party leadership[4]?

[1] eliminating the data-mining of malware infested advertising is also just as important

[2] in contrast smart-phones are banned at schools in France

[3] for long-term integration into the Chinese Social Credit Surveillance system

[4] the health-care records of 50 million American are being transferred to trustworthy Google. American lawmakers are useless, being both addicted and paralyzed

MarkHNovember 17, 2019 10:28 AM

@Curious:

Thanks for your posts!

I rarely check out Quanta magazine, but when I do the articles I find are fascinating.

I'm not at all versed in the math described there, but I definitely get how startling it is, when a new very elementary result is found in a part of mathematics which has been intensively pursued for many generations.

How many other pearls lie unseen beneath our feet, perhaps some with far-reaching implications?

WaelNovember 17, 2019 11:48 AM

@Curious,

Thank you, nice link.

quantum computing and I thought maybe this could be relevant to cryptograpy.

Interesting to see how it progresses.

Something about a supposedly newly discoverd relationship between eigenvectors and eigenvalues using math and matricies.

"Supposedly" is apparently correct. At the bottom of the linked paper, you read:

neurostatistician Manjari Narayan noted on Twitter that the identity found by Parke, Zhang and Denton also appeared in an unpublished 2014 manuscript by Piet Van Mieghem. In a comment on his blog, Tao confirmed that it does seem to be the same identity.

A description of eigenvalues and eigenvectors by Gilbert Strang (whom I referenced a few times in the past.) And why they're important.

(anyone remembering me, I don't know much about crypto or math)

Someone remembers you from a Homomorphic Cryptography previous discussion ;) Don't feel bad - most people know didly about anything, including 'yours, truly'. I used to know something but becuase of the Zipf's phenomenon (18:55 - end), "Most of what we do and see and say and think and feel, is forgotten, at a rate quite similar to Zipf's Law". I used to know something about eigenvectors and eigenvalues years ago. I hardly remember any of it now.

@MarkH,

How many other pearls lie unseen beneath our feet, perhaps some with far-reaching implications?

Infinitely many. Our knowledge is like a drop in the ocean.

curiousNovember 17, 2019 3:04 PM

@Weal In all honesty, the reason I used "supposedly" in my comment was just me trying to avoid sounding too sensationalist, and also that I simply cynically assumed that some intelligence agency knew about this all along. :) Presumably intelligence agencies employ a lot of good mathematicians.

SpaceLifeFormNovember 17, 2019 4:28 PM

@MK

The list of BASIC players, is *very* long.

But, I think you are referring to Borland.

Pascal. Dead Language.

Gates discovered that dumpster diving can be profitable.


https[:]//www.technologizer.com/2010/03/08/the-secret-origin-of-windows/

SpaceLifeFormNovember 17, 2019 4:45 PM

@Rj Brown

I can not find her name. I should know her name, but one can not recall everything forever. And I know how to search.

I spent an hour.

That particular case has been deep-sixed pretty much, except sites that want to collect.

Not going there.

CuriousNovember 18, 2019 3:59 AM

@Wael Oops, I wrote your nick wrong. Such a weird name/nick, not something I really recognize with anything re. words. Sort of reads like 'whale', but I guess my mind thought it was more like 'wail'. :|

Btw, the article I linked above have a link at the bottom to a blog of Terence Tao, which seem to have multiple comments discussing various aspects re. eigenvectors and eigenvalues. Apparently, something similar with the math might go back to 1968, but I won't pretend to understand the math. Presumably, they have pointed out some kind of shortcut to simpily computations, but I don't yet understand it myself.

https://terrytao.wordpress.com/2019/08/13/eigenvectors-from-eigenvalues/

Heh, the math there is more advanced (or weird) than anything I've learned. I had an advanced math course when I was young, but the math teacher, who was also our English teacher, didn't know it all. I vaguely recall learning to work with integrals and deriving stuff, but ah I guess we never learned enough. I do remember this one girl in class one day asking the teacher, "Will we ever get to use this?" (business school). :)

MarkHNovember 18, 2019 5:03 AM

@Curious:

My impression is that that's his actual name :) It's unfamiliar to us, but I believe a not uncommon name where Arabic is spoken.

@Wael:

For a system that was formalized by the mid 19th century, a five year old result is actually pretty new :) Anyway, the key phrase in describing the known prior is "unpublished manuscript" ... it's new to most of the mathematical world, even though it's been around for a while.

Who knows, maybe somebody worked this out in the 1960s but never bothered to communicate it to anyone!

AndersNovember 18, 2019 6:38 AM

@SpaceLifeForm

Read this how MS really got lucky (unfortunately)...

arstechnica.com/gadgets/2017/06/ibm-pc-history-part-1/

AndresNovember 18, 2019 6:49 AM

@SpaceLifeForm

And don't forget the second part with all the betrayal and everything!

arstechnica.co.uk/gadgets/2017/07/ibm-pc-history-part-2/

Clive RobinsonNovember 18, 2019 7:13 AM

@ MarkH, Curious,

My impression is that that's his actual name :)

He has confirmed it in a number of ways, accidently on one occasion as no doubt he still remembers due to his embarrassment at the time, where if memory serves correctly @NickP chided him a little ;-)

Clive RobinsonNovember 18, 2019 7:38 AM

@ Bruce and the usuall susprcts,

https://www.reuters.com/article/us-interpol-encryption-exclusive/exclusive-interpol-plans-to-condemn-encryption-spread-citing-predators-sources-say-idUSKBN1XR0S7

It appears that the FBI has told Interpol to bring out a statement favourable to thr FBI view point, without it going through the normal expected voting process,

    At the [Interpol] group’s conference in Lyon, France on Friday, an Interpol official said a version of the resolution introduced by the U.S. Federal Bureau of Investigation would be released without a formal vote by representatives of the roughly 60 countries in attendance, the sources said.

Unfortunately it's the same old "think of the children" corner case designed like that of a "Health and safety" argument, to stop people raising objections to it as it would make them look sympethetic / evil etc.

    the larger [Interpol] group will cite difficulties in catching child sexual predators as grounds for companies opening up user communications to authorities wielding court warrants.

Whilst it might be called "exceptional access" today, if history shows us anything, if it is given the access will be "mundane" tommorow and "required" the day after.

There are aproximately 5billion people who access the Internet quite a few via the likes of mobile phones or mobile computers, most of which are "walled gardens" where the user has no choice but to run applications that the likes of Google or the hardware manufacturers force on them via the faux "user safety" mantra. Which as we know has been often used for malware or worse.

It's not just many individual users who will be put at risk by this, it actually has the potential to destroy many economic sectors, and as it's the likes of the US and other Western First World Nations that are most dependent on strong security that will be hit the hardest by job losses etc in such sectors.

If I was designing a realy harmful "Cyber-weapon" to destroy countries economically, then it would be this sort of access I would be looking to exploit...

WaelNovember 18, 2019 8:04 AM

@MarkH,

Who knows, maybe somebody worked this out in the 1960s but never bothered to communicate it to anyone!

There are precedents to that.

This fascinating work of Gauss was neglected and was rediscovered by Cooley and Tukey in an important paper in 1965.

And from a linked paper:

In a recently published history of numerical analysis [9], H. H. Goldstine attributes to Carl Friedrich Gauss, the emi- nent German mathematician, an algorithm similar to the FFT for the computation of the coefficients of a finite Fou- rier series.

I believe I commented on this in the distant part.

gordoNovember 18, 2019 8:37 AM

@ Clive Robinson,

If I was designing a realy harmful "Cyber-weapon" to destroy countries economically, then it would be this sort of access I would be looking to exploit...

So are we talking useful idiots, unwitting assets, both or something else?

Clive RobinsonNovember 18, 2019 12:19 PM

@ gordo,

So are we talking useful idiots, unwitting assets, both or something else?

It depends on who you are talking about. In the case of the FBI and for that matter the DoJ, they are led by small minded self intetested empire building persons. Who could be regarded as morons with an agenda.

If you are talking about the UK, Australia and a number of other Governments, their desire to have 100% surveillance on the population Orwellian style, makes what the Chinese are being accused of look democratic in comparison. Remember the UK was and probably still is the most surveillence per hed of population. In it's capital city London arguably the largest city in the world, you would be lucky to go more than a mile on the roads and walkways without being seen by a CCTV camera. And as has recently been "outed" facial recognirion is being used by large landlords etc in what would most would consider "public areas". It's said that the database being used contains photos and other details passed across by the Met Police taken at public peaceful protests...

Then there is Interpol, what can we say, they need money, it would not be the first time the US turned around and refused to pay it's dues when it was not getting it's way (look at the UN as an example).

SpaceLifeFormNovember 18, 2019 2:42 PM

Trying to disappear backdoors?

"Intel recommends that users of BIOS Update [BLH6710H.86A] 0163 uninstall and/or discontinue use as soon as possible,"

Nice trick. As if it were possible.

https[:]//www.zdnet.com/article/intel-to-remove-old-drivers-and-bios-updates-from-its-site-by-the-end-of-the-week/

SpaceLifeFormNovember 18, 2019 3:19 PM

The cleanup may be happening sooner than Friday. May depend upon the value of 22.

It could be that 200 files were already disappeared. The file was disappeared, but not the webpage link.

https[:]//www.reddit.com/r/DataHoarder/comments/d6dkoi/intel_removing_unknown_amount_of_drivers_and/

WaelNovember 19, 2019 1:18 AM

@Curious, @Clive Robinson, @MarkH,

but I guess my mind thought it was more like 'wail'. :|

Yes! Click the link on my name to hear a proper pronunciation (click the non-English sound symbol.) It has several meanings, one of them is 'Sanctuary'.

My impression is that that's his actual name :) It's unfamiliar to us, but I believe a not uncommon name where Arabic is spoken.

True. If it's so "unfamiliar to us", why does TSA treat me like a king, huh? Free massage, and all ;)

He has confirmed it in a number of ways

I did.

accidently on one occasion as no doubt he still remembers due to his embarrassment at the time

I remember I stuck my email address in the URL box by mistake. stupid autofill!

where if memory serves correctly @NickP chided him a little ;-)

I remember it was @Figureitout

Terence Tao

I listened to a couple of his lectures a while back to see how he thinks. I found him by chance when I was looking at math puzzles on YouTube, and his name was mentioned as the winner of one of those competitions. I remember the puzzle but forgot the name of the episode. I believe it was from 3Blue1Brown series, but I'm not sure now. Anyway, the kind of math he did wasn't interesting to me. Good channel to watch, btw.

Heh, the math there is more advanced (or weird) than anything I've learned

I learned that the hard way.

I vaguely recall learning to work with integrals […] I do remember this one girl in class one day asking the teacher,

Can't be that waitress in footnote [1] ;)

JG4November 19, 2019 8:39 AM

I incorrectly listed my political affiliation as compassionate nihilist. It is compassionate fatalist. I hope that the humans can solve their problems without going extinct, although that would cleanly resolve the Buddhist paradox.

Ghost ships is today's must read. File under "signal integrity."

https://www.nakedcapitalism.com/2019/11/links-11-19-19.html
...

Ghost ships, crop circles, and soft gold: A GPS mystery in Shanghai MIT Technology Review
...

A Spy Complex Revealed The Intercept (WB).
...

Embarrassing mistake: Chinese magazine ‘accidentally’ reveals new top secret weapon NY Herald
...

Pentagon Procurement and the Laws of Physics POGO

A massive scandal: how Assange, his doctors, lawyers and visitors were all spied on for the U.S. La Repubblica (Bugs Bunny). Very good, well worth a read.

Our Famously Free Press

‘No One Believes Anything’: Voters Worn Out by a Fog of Political News NYT. Two words: “Judy Miller.” Everybody know who Judy Miller was?

Boeing

Boeing 787 Dreamliner: “Hundreds of Defective Parts” Ralph Nader Radio Hour
...

The Dark Psychology of Social Networks The Atlantic (DL). Come on, man. What’s “dark” about “moral grandstanding”?
...

vas pupNovember 19, 2019 11:25 AM

Spain starts tracking mobiles but denies spying
https://www.bbc.com/news/world-europe-50473442

"Millions of Spanish mobile phone users are being tracked this week as part of the government's census, in a move that critics fear is a step closer towards spying on the population.

Statistics agency INE insists the eight-day project is anonymous and aimed at getting a better idea of where Spaniards go during the day and night.

The statistics agency wants to track the movement of Spaniards over eight days, first to their places of work or study from 18-21 November and later on days off and holidays. The second part of the experiment will be done on Sunday 24 November, Christmas Day and two days next summer.

The three companies - Movistar, Vodafone and Orange - cover 78.7% of Spain's mobile phone users and are to be paid a total of €500,000 (£430,000; $550,000) for taking part in the study.

The country will be divided up into 3,200 cells with more than 5,000 residents, and the operators will work out how many phones are within each cell at various times of day. They will analyze phones between midnight and 06:00 to find out where people live and then later between 09:00 and 18:00.

"We will know for example how many mobiles there are at 17:00 on a particular street in any city of more than 15,000 people, but no more than that," INE told the El Confidencial website."

AndersNovember 19, 2019 12:10 PM

Besides SG-41 (www.cryptomuseum.com/crypto/sg41/index.htm)

this was interesting

www.cryptomuseum.com/crypto/philips/spendex50/index.htm

Clive RobinsonNovember 19, 2019 12:54 PM

@ JG4,

Ghost ships is today's must read

Yes the link was interesting with regards to the on going "wireless war" of navigation systems but needs more technical meat to chew on.

This however struck me as quite funny,

https://www.news.com.au/technology/innovation/military/embarrassing-mistake-chinese-magazine-accidentally-reveals-new-top-secret-weapon/news-story/99967f182da868ba6321d559cde96e62

As you probably remember, I've been saying for quite some time "carrier groups" had their 15minutes of fame during WWII and are now just very very expensive "sitting ducks". My guess would be this is possibly the least interesting of the Chinese stand off anti-carrier-group weapons. I suspect the already have sub surface nuclear mine capability, and puting something up into space would certainly be well within the Chinese Military Weapons design capabilities (they are atleast as good if not better than US at this). The down side of this airborn weapons system is, as the article points out, that it is far from stealthy and would be detected within a hundred miles at most of China's coast.

Which suggests there are other "Anti-Radiation Missile" (xARM) systems to be deployed. An effective Hypersonic missile would easily take out SigInt aircraft such as the RC-135 "Rivet Joint" and it's successors, also the likes of "Side-Looking Airborne Radar" (SLAR) and "Airborne Early Warning and Control"(AEW&C) systems --many of which are Boeing products-- would likewise be sitting ducks to hypersonic missiles with Anti-Radiation capabilities. With a six thousand NM range it far exceeds the range of anything current US carrier groups have to protect themselves with. Which leaves open the "sub" problem. Put simply submarines especially those that sit on the bottom are extraordinarily difficult to detect at the best of times, as such they are the real "Projections of power" for any super power as are some space based weapons systems which might account for why both China and India publically demonstrated their anti-satellite missile systems. One stratagem come an actual shooting war would be to blow up every satellite you can reach, thus filling orbits with debris to create a chain reaction that would go on to destroy other much smaller space based vehicles such as "cube-sats" and likewise "close space" to further launches in the resulting ablation cascade named the Kessler Syndrome.

But moving on, there is the goings on of the Spanish "UC Global" company and the documents that are coming out about how they with US assistance over came quite modern anti-surveillance systems,

https://www.repubblica.it/esteri/2019/11/18/news/a_massive_scandal_how_assange_his_doctors_lawyers_and_visitors_were_all_spied_on_for_the_u_s_-241314527/

The "big take away" from it is not only do you need good anti-surveillance, you also need to be "dynamic and random" in the way you use them. Sitting in the same place twice alowed more sensitive high dynamic range sensors to be put close to the surveillance target thus getting a 1/(r^2) advantage over the anti-surveillance systems.

However one question the article does not answer is what Tech the US Gov gave UC Global to get around the anti-surveillance working on the "laser mics".

Clive RobinsonNovember 19, 2019 1:14 PM

@ Anders,

Did you spot the "night fighter" high VHF / low UHF radar that was in some of the photographs?

The displays are not just crypto kit, some are even more interesting such as radio navigation ;-)

Sed Contra November 19, 2019 1:16 PM

@ Wael

Re: waitress math link

The constant is at least +17.5%. :)

Ibidem, supra - The only thing we learn from the Monty Hall problem is that we learn nothing from the Monty Hall problem.

But question - is there a corresponding Monty Python problem, and if not, why not ?

AndersNovember 19, 2019 1:19 PM

Nothing new under this sun.

How NSA weakened PX-1000 crypto.

www.cryptomuseum.com/crypto/philips/px1000/nsa.htm

This pocket telex machine was third interesting item on this exhibition.

www.cryptomuseum.com/crypto/philips/px1000/

But overall, i have never been in one room that has so many Enigmas
there at the same time :)

WeatherNovember 19, 2019 1:50 PM

@Clive
Most laser mics can be detected with black and white cameras, the old school was running water for the white noise, but a speaker that does something that only mics suffer from, with still been able to have a conversion, or a high random source for a speaker can be used.

The ten picture paper had a 25% encryption, like Rc5 look for the one char instead of two hex, now days the flip it to 75% but 0,100% is easy 50% hard.

The Vhf I'm guessing is the values in the left side of the picture.

WaelNovember 19, 2019 4:27 PM

@Sid Contra,

The constant is at least +17.5%

I must have slept through the indefinite integral class. +17.5% of what? :)

The only thing we learn from the Monty Hall problem is that we learn nothing from the Monty Hall problem.

I learned not to trust "intuition" to solve trivial-looking questions!

But question - is there a corresponding Monty Python problem, and if not, why not ?

Now that's a profound question! The kind of question I like -- you came to the right place, chief! Of course there is! Just keep changing doors :)

Why? Because there are no Monty C++ problems?

(You didn't ask for the "why", but I gave it anyway)

Sed Contra November 19, 2019 5:31 PM

@Wael

the indefinite integral class

It’s specified in the “Calculus Handbuch for Wait-staff”, in the section “Tips for indefinite integrals”.

I learned

I salute you, and I stand corrected. I should have said “The only thing most people learn ...”

there are no Monty C++

I believe that is vos Savant’s Corollary: It is unknown what the language Monty will use in 2030 will look like, but it will be called Fortran.

WaelNovember 19, 2019 5:59 PM

@Sed Contra,

I believe that is vos Savant’s Corollary: It is unknown what the language Monty will use in 2030 will look like, but it will be called Fortran.

There're no FORTRAN compilers in in graves... I believe this is Monty Hall's Coronary!

WaelNovember 19, 2019 6:22 PM

@Sed Contra,

I forgot...

It’s specified in the “Calculus Handbuch for Wait-staff”, in the section “Tips for indefinite integrals”.

+1 :)

Das "Buch", eh?
Nobody tips 17.5% in Europe :)

Clive RobinsonNovember 21, 2019 1:28 PM

Toys for Terrorist Tots

I noticed this on "Boing Boing"

https://boingboing.net/2019/11/21/teach-stem-through-space-comba.html

And you can by it through their store,

https://store.boingboing.net/brands/force-flyers

Or you can see further info on,

https://9to5toys.com/2017/11/06/lego-force-flyers-diy-drone/

Not only will it teach tots to fly drones, that six axis controler can be used with "servo amps" to fly a much bigger drone...

The hard part of building a drone these days is not the airframe or the propulsion system, but the control system to ensure the drone will fly.

Whilst those with a graduate level education in variouus engineering and other hard sciences can with information available on the Internet build a control system from scratch and write the necessary code, they are very unlikely to do so, or do so for others.

This means that those who spurn formal education as part of their belief systems as many terrorists do would need to find another route to making weapons beyond "bike shop mechanics" who can also maintain AK47's.

Such a toy being very inexpensive and probably untracable unlike off the shelf proffessional drones could provide them with the needed control system. And by using artisanal techniques practiced up untill the end of the Victorian era when engineering science took over. They could using the "bodge a bit that breaks" style craftmanship that gave us coach wheels, leaf springs right through to steam engines, get their skills up to 5kg payload drone building.

AndersNovember 21, 2019 5:21 PM

This is funny.

www.hackread.com/police-confiscate-surveillance-van-with-hacking-tools/

MarcNovember 22, 2019 9:59 AM

I'm either early or late with this (your choice).

The Planctotuethis Squid is fascinating in how ephemeral it looks. I couldn't have guessed it was a squid - would have guessed, at best, that it was rather a rare sea horse.

The Planctotuethis reminds me greatly of the Eurasian Deciduous Octopus - not related to the Pacific Northwest tree octopus (Octopus paxarbolis). The Deciduous Octopus, while rare, is not considered endangered, as with the Paxabolis ( https://zapatopi.net/treeoctopus/ ).

vas pupNovember 22, 2019 12:34 PM

Artificial eyes: How robots will see in the future:
https://www.bbc.com/news/business-50151545

"Lidar emits laser beams and measures how long they take to bounce back from objects, and this provides so-called point-clouds to draw 3D maps of the surroundings.

These can be analyzed by computers to recognize objects as small as a football or as big as a football field and can measure distances very accurately.

Lidar (light detection and ranging) technology is not new - the Apollo 15 mission used it in 1971 to map the Moon. But its breakthrough came in the mid-2000s when Darpa, the research division of the US military, started its annual Grand Challenge, a race for autonomous vehicles.

David Hall who took part in the first race in 2004, soon realized Lidar's potential. He used the manufacturing capacity of his company Velodyne to build them for other participants.

By 2007 five of the six teams to finish the race employed Velodyne's system. These rotating lasers, so-called spinners, were mounted on car-roofs to provide 360-degree vision.

Autonomous vehicles have other ways of sensing what's around them, but they all have weaknesses.
◾Cameras: Mr Musk's choice of sensor are cheap and can identify signs and road markings, but they struggle in fog and are not good for measuring distance
◾Ultrasonic sensors: Originally developed during World War One for submarine warfare these use sound waves with a high frequency inaudible to humans. but their range is limited and hence are mainly employed for parking
◾Radar: This is good for measuring the distance and speed of moving objects, but is not much good at detail - it would struggle to differentiate between a human and a small tree.

One of the start-ups hoping to do just that is Blickfeld launched in Munich in 2017. "We entered the market late, but the advantage was that we could assess it," says co-founder Florian Petit.

"So we opted against the revolutionary approaches of many Silicon Valley firms," and instead wondered "how low can we push the price for a mass-produced system?" he says.

Blickfeld uses off-the-shelf lasers and sensors. Its main improvement has been to design an unusually large mirror, directing more light onto the photo-detector and thus increasing the range of Lidar to 250m (800ft) even with a relatively cheap laser.

Its Lidar is small enough to fit into the rear mirror of a car and Blickfeld's new assembly line will produce a few thousand units a year. It claims this could be scaled up to an annual capacity of 200,000 - with a possible price tag of just $275 (£210).

===>Blickfeld already sells Lidars to various firms. They are used to survey cars for parking facilities and traffic control, to run so-called sense-and-avoid systems preventing drone collisions and to monitor fences at labs, banks or airports"


vas pupNovember 22, 2019 12:48 PM

Phages: Bacterial eaters from Georgia* to fight antibiotic resistance:
https://www.dw.com/en/phages-bacterial-eaters-from-georgia-to-fight-antibiotic-resistance/a-51350421

*That is not US State of Georgia, but independent country.
My humble guess is that AI has huge potential to develop particular phages. I doubt Georgia has such tools available, but if resources of US (HARPA)and Georgia combined, it could provide breakthrough for health securty.

Read the whole article: Belgium and France are on the way already.

SpaceLifeFormNovember 22, 2019 5:18 PM

@Clive

horse,battery...

My thinking is eight words with at least a nine digit number.

All words must be minimum 5 characters.

Case sensitive.

Total bits, 49*6ish. So maybe at around 128 bits of entropy. Maybe.

But, certainly, attackable.

Unfortunately, hard for the user to remember.

Clive RobinsonNovember 23, 2019 6:25 AM

@ SpaceLifeForm,

My thinking is eight words with at least a nine digit number.

In part it depends on your dictionary size you select yoir words from. But 2^10 or 1024 words would be not unusual. So assum Hex digits gives you 2^4 bits and with eight words you get,

2^84 = 2^16 x (2^10)^8

At 84 bit's equivalent it sounds kind of just about acceptable.

But...,

Unfortunately, hard for the user to remember.

Yup, watch the entropy tumble when users get their "diceware word list" and rearange the word order to make a more memorable pass phrase. They might also get a couple of lists to see if one is more to there liking.

You lose bits fast doing things like that.

As a rough rule of thumb in a human generated passphrase you say 2^4 for the first letter then 2^2 for the next couple of letters and then 2^1.4 from then out...

So 2^8 for first three letters of a word rather than 26^3 ~= 2^14.1 for three random letters. Then each letter there after in a sentance giving around 2^1.4 --rather than the random ~=2^4.7-- means to get 84bit equivalent is a natural language sentance with ~57 letters in it rather than 18 for a random letter string.

Again the entropy drops like crazy if the sentance is well known from a, "public body of work" like a poem, quote or from a book or song.

58 letters being the length of the first part of the above sentance, to the comma, is something that can be fairly easily seen, is NOT something the average human is going to be able to easily remember. Each attempt to make it more memorable (or less turgid ;-) is going to knock bits of the entropy count like "pins flying in a bowling alley on competition night".

Thus a combination of techniques needs to be used. Adding random numbers takes it up around ~2^3 for each which is a quick gain[1]. Likewise random or semi random capitalisation of letters adds bits of entropy. But there is also deliberate "misspellings" even if it's using "y" instead of "i" or "Q" instead of "u" racks up the brut force trys quite quickly, taking the 2^1.4 back up towards 2^4.7 of each random letter.

But the honest answer to the problem is,

    Something you know authentication

Is broken when it comes to humans and machine adversaries.

It's why I've thought about other systems for a number of years. The first part of which is to "rethink the why, the how and the what".

Passwords come from an age of mechanical teletypes on the end of serial lines and later dial up lines and even VDU's to some mainframe in an air conditioned room you like as not had no idea where it was. We just don't roll that way any more. The serial lines have either gone with "local devices" or been replaced with semi-secure TLS over a radio or wired network connection if more than arms length away to fully remote.

Local devices are where we can apply a second layer of authentication "something we have" which is why a lot of people have gone down the "Password manager on a phone" route. The problem is such devices are "hackable" and "grabable" and worse as is seen with LEO behaviour "something you are" is nolonger an authentication factor under your control.

So are there other authentication factors to replace it. The simple answer is yes, we have "location" and "time" we can consider.

The problem with them is that they are not just "restricting in use" they quickly become "obvious in use" if used regularly. Thus we need to add in another asspect which is a "hierarchy of authentication". That is we have authentication based on their frequency of use and usage.

Thus a swipe of a finger on the screen is fine for making 911 calls but not answering a phone or making a call or text. For that it would be a swipe of the finger against the fingerprint reader, but not for seeing previous texts or listening to previous recordings. For that the entry of a short PIN would be added. The use of timeouts as well with longer PINs for doing other day to day activities. But you also need a "deadman's switch" which could be anything like swiping your finger in the wrong direction or not far enough. At which point the phone is returned to timed out fully locked for say 30 seconds with a count down timer, if you don't enter the long pin then it goes into security locked. This is where being at a "time" and "place" as well as using a different long PIN/PASSWORD comes into play.

In essence you build up security layers that need more entropy, but where ever possible it's of the "something you know" variety, which currently LEO's etc can not grab[2], which is also the reason for timeouts bumping up security. They can be set so you only have to resist duress for a short time thus the XKCD "$5 wrench" attack nolonger works.

[1] It's less than you would think because way to many people think "733t speak is n34t"

[2] Various people believe that in the near future "brain wave analysis" techniques will with AI, be able to "read projected thoughts", sufficiently well to enable people to control machines like wheelchairs. Obviously that would also enable control of a "phantom keyboard" to be used as an input device. Whist this may be possible in the near term and some work suggests it is, it still leaves the rather vexed question of "reading peoples minds". Some people have postulated that fast imaging of a brain combined with AI technology will alow private thoughts or information to be read out of a persons mind, thus rendering "something you know" available to LEO's. Whilst personally I'm skeptical, the laws of physics does not prevent it...

MarkHNovember 23, 2019 12:39 PM

@Wael et al.,

It was fun to be reminded of the Monty Hall problem (I was one of the many who, back in 1990, completely failed to recognize the correct answer as such). I suppose it remains one of the simplest reasoning problems which highly educated people get wrong a considerable majority of the time ... I wonder to what extent the scornful dismissals written by trained mathematicians would have been different, had the correct answer been published by a man.

Looking at Wael's links to a past discussion introduced me to the sum-and-product "impossible" puzzle, on which I burned up an inexcusable number of hours in the last few days. [An impossible puzzle is one whose problem statement seems to provide too little information to find a solution.]

In my first attack, I failed to apply the "sum not greater than 100" constraint at a certain stage, and didn't get a unique solution. Now I can nap a little :)

WaelNovember 23, 2019 1:17 PM

@MarkH et al.,

sum-and-product "impossible" puzzle, on which I burned up an inexcusable number of hours

It took me four years to solve. On and off. A protocol analyst / Cryptographer (now teaching at a university in the UK) whom I worked with, solved it on a cross Atlantic plane trip.

I may have commented about it in the past.

Moral of the story: saying "I don't know" is saying too much. That's why spooks say: "I cannot confirm or deny" or "no comments".

Clive RobinsonNovember 23, 2019 3:36 PM

@ MarkH, Wael, et al,

I wonder to what extent the scornful dismissals written by trained mathematicians would have been different, had the correct answer been published by a man.

Or instead of using their intuition and "superior knowledge" had actually "graphed it out" on a bit of paper with a pencil which is what I did, and came up with the right answer in a few minutes (most of that time was spent scratching my head trying to work out what they saw that I didn't).

Sometimes it's best just to get back to basics using the simplest of tools to sanity check your thinking...

It's a lesson we should teach all children when they are around eight as it will serve them well for the rest of their lives.

Even today simple tools help you get your head around a problem.

Take the integration or differentiation of a sin wave it causes problems for lots of adolescents. I've found a bit of clear perspex/plexiglass and a soft drinks can with a red and blue dot at 90degrees works well (and you get to drink it afterwards ;-)

I was reminded a month or so back by a friend that "graphical proofs" work better than "logical proofs" for most people as for "mathmatical proofs" don't go there ;-)

SpaceLifeFormNovember 23, 2019 4:15 PM

@Wael

4 years?

It took me 23 years on FLT.

I beat Wiles by 2 years.

My proof is pure Algebra.

Ok, not pure. Lots of Modular too.

It's in a box of Greenbar.

Have not cracked Beal yet, but I'm sure it is true.

Short hint:

Minimal possible solution is

5^3 + 6^3 = 7^3

341 vs 343

Misses by 2

The proof is indirect.

Alyer Babtu November 23, 2019 5:47 PM

Re: FLT

Apparently Gauss did not work much on Fermat’s Last Theorem, remarking that if true it would be a particular instance of a general theory. That is pretty much how it turned out.

It happens a lot in mathematics, in fact is usual, that the fact of something is established, but the scientific proof comes much later, once the real nature and context of the fact is understood.

For example the integral theorems, Green’s, Stokes’s, Divergence, Gauss’s, are true statements but not really theorems, since the commensurate scientific middle is not made use of. The real theorem (we think!) is a result about the missing more general object, and which is very simple to establish and includes the classical results as special cases. This not a case of generaization for generalization’s sake, but deepened understanding of the true scientific question.

See Spivak’s book on calculus of several variables.

WaelNovember 23, 2019 10:17 PM

@Clive Robinson, @MarkH et al.,

Or instead of using their intuition and "superior knowledge" had actually "graphed it out"

If I remember, that's how Marlyn Vos Savant said she did. It's also what Richard Feynman did with his diagrams. As they say: a picture is worth a thousand words. Perhaps we should learn something applicable to security from that.

had the correct answer been published by a man.

Hard to say.

For example the integral theorems, Green’s...

That's the difference between "knowing" and "understanding" ;)

@SpaceLifeForm,

4 years?

Approximately. Always gave up, until one day, I sat down and finished it.

Misses by 2

That's not how the game is played :)

WaelNovember 23, 2019 10:43 PM

@Alyer Babtu,

Strange! I wrongly attributed this:

For example the integral theorems, Green’s...

I've been on the road for some time. Attribution shouldn't be that hard, but I'm tired. Still about 300 miles to go. The final segment of this "tour"!

PS: probably because @Clive Robinson talks about electromagnetism often...

MarkHNovember 24, 2019 4:49 AM

@Clive:

I had seen in the older discussion, that you used a "width graph" to quickly verify the correct answer to "Monty Hall." To me, graphic representation is the way to go wherever feasible.

I'm sure that cognitive styles are an important factor in how best to present information, or to represent a problem as an aid to reasoning about it.

I consider myself to be not only a visual thinker, but more specifically geometric, so representation by visual shapes and topologies is a big help for my understanding.

I can manage the manipulation of abstract symbols at some very modest level, but I've never been fluent at it.
___________________________________________

One of my favorite math books ever was written in what I call "comic book" form. Every page -- from start to finish -- had two large illustrations (in the great majority of cases, plots of functions) with two or three sentences of text beneath each figure.

I had been struggling to wrap my head around an area of applied math, and when I found this book the light shone for me very quickly!
___________________________________________

Another book which covered a very specific (but essential) subset of this material, which was in more conventional math textbook form, had a very clear presentation on the topic, just a few paragraphs long.

But I needed to work my way through those paragraphs very slowly and methodically about five times (over a period of perhaps two days) before I felt that I had a secure handle on the idea.
___________________________________________

It's fascinating to me, that the most distinguished "Monty Hall" nay-sayer was Paul Erdős, one of the 20th century's star mathematicians.

Probability problems are often surprising or counterintuitive, and I could imagine a mathematician specializing in other areas making this kind of elementary mistake ... but Erdős did significant work related to probability.

To think that he might have avoided this error, using a simple diagram ...

MarkHNovember 24, 2019 5:42 AM

@Alyer Babtu:

As I recall the story, someone sent Gauss the Fermat conjecture (it's only been a theorem for about 25 years) in a letter, and Gauss replied not long afterward, writing something like "one could lay down any number of such propositions, which one could neither prove nor disprove."

My interpretation of this has always been that Gauss probably looked into the matter, and concluded that (a) settling the problem would be very deep and difficult, and (b) it was much more a curiosity or puzzle, than a problem of great significance. Great questions (like the Riemann Hypothesis) bear on other mathematical questions; until the Modularity Conjecture in the 20th century, the Fermat conjecture didn't promise to shed light on anything else.

However Gauss came to his decision not to pursue the question, he possibly spared himself embarrassments such as those suffered by later mathematicians (including French savants Lamé and Cauchy) when they confronted this formidable challenge.

Nobody knows whether Fermat actually had a valid proof ... but I'd happily bet all the money I could raise that his "proof" was mistaken.

SpaceLifeFormNovember 24, 2019 2:14 PM

@MarkH

"Nobody knows whether Fermat actually had a valid proof ... but I'd happily bet all the money I could raise that his "proof" was mistaken."

A lot of people came to that conclusion.

I decided that Fermat purposely did not give the proof, to leave as a puzzle.

I also considered that the comment about the margin being too small, wzs a hint about the number 2.

Then I considered Fermat's little theorem.

And binomial coefficents. In particular, the case of the power being an odd prime.

So, proving that no solutions to
x^N + y^N = z^N

Splits into two cases:

N is a power of 2 greater than 2

Or

N is an odd prime p.

Fermat already had covered the first case (N being 4, 8, 16, etc).

And Fermat certainly would have used his little theorem for N being an odd prime p.

Those were the hints I followed.

And, via a lot of huge binomial expansions on Greenbar...

Years later, I got to the following forms for the bases, x, y, and z:

x = pdef + e^p
y = pdef + f^p
z = pdef + e^p + f^p

p,d,e,f all coprime.

(still not done at that point)

Fermat either had another theorem he never revealed, or he just could do seriously long equations in his mind.

But, I suspect he had another theorem that he knew about, but never mentioned.

And, he could combine the little theorem with the unknown theorem, and easily conclude that he was correct without paper.

Somehow. I do not believe that he made a mistake in his logic.

MarkHNovember 24, 2019 5:22 PM

@Alyer Babtu:

When the Paris Academy offered a prize for solution of the Fermat conjecture, astronomer Heinrich Olbers wrote to Gauss to tell him of the prize, and to encourage him to pursue it.

Two weeks later, Gauss replied "... I confess that Fermat's Last Theorem as an isolated proposition has very little interest for me, for I could easily lay down a multitude of such propositions, which one could neither prove nor disprove."

It seems logical to me to interpret his phrase (in English translation, of course) "as an isolated proposition" to mean that Gauss thought that FLT "would be a particular instance of a general theory."

My interpretation has always been that Gauss didn't have a vision of what general theory (or greater problem) FLT might be a component of. Which interpretation is more appropriate, I don't know.
_________________________________________

In the latter part of the 20th century, the Taniyama-Shimura conjecture (1957) became one of the most important open questions in mathematics.

Between 1986 and 1990, work started by Gerhard Frey and completed by Jean-Pierre Serre and Ken Ribet established that if the Taniyama-Shimura conjecture is true, then so must the Fermat conjecture be true.

So, roughly 175 years would pass between Gauss's statement, and FLT being linked to an important mathematical theory.

Alyer Babtu November 24, 2019 9:04 PM

@MarkH

Thanks for mentioning Olbers. It led to his link [1] with an extended quotation of Gauss’s reply

“ I confess that Fermat's Theorem as an isolated proposition has very little interest for me, for a multitude of such theorems can easily be set up, which one could neither prove nor disprove. But I have been stimulated by it to bring our again several old ideas for a great extension of the theory of numbers. Of course, this theory belongs to the things where one cannot predict to what extent one will succeed in reaching obscurely hovering distant goals. A happy star must also rule, and my situation and so manifold distracting affairs of course do not permit me to pursue such meditations as in the happy years 1796-1798 when I created the principal topics of my Disquisitiones arithmeticae. But I am convinced that if good fortune should do more than I expect, and make me successful in some advances in that theory, even the Fermat theorem will appear in it only as one of the least interesting corollaries.

{In reply to Olbers' attempt in 1816 to entice him to work on Fermat's Theorem. The hope Gauss expressed for his success was never realised.}”

Gauss seems to be thinking of what the right theory would be, in which the nature if Fermat’s theorem will be understood.

As you say, not realized until 175 years later :)

[1] https://www.goodreads.com/quotes/952960-i-confess-that-author-fermat-380281-s-theorem-as-an-isolated-proposition-has

Alyer Babtu November 24, 2019 10:38 PM

@MarkH

Another remark of Gauss, which illustrates his idea of the character of mathematics

“ A great part of its higher arithmetic theories derives an additional charm from the peculiarity that important propositions, with the impress of simplicity on them, are often easily discovered by induction, and yet are of so profound a character that we cannot find the demonstrations till after many vain attempts and even then, when we do succeed, it is often by some tedious and artificial process, while the simple methods may long remain concealed.”

The simple methods become available when the right objects and the proper definitions have been understood at last. The profound theorems, those with important consequences, are proved then almost trivially. Fermat’s theorem may not be so profound in what is states as in what it touches on. In working to provide a proof many results with broad applicability were uncovered.

MarkHNovember 24, 2019 10:45 PM

@Alyer Babtu:

Thank you for sharing that longer excerpt, which I have not seen before.

Obviously, the interpretation you put forward is the correct one!

As Gauss observed there, "one cannot predict to what extent one will succeed" ... progress in mathematics is notoriously uneven and non-linear. There are enough examples of problems in which progress was stalled for decades, or even centuries, before new discoveries or perspectives led to some major advance.

Even if his "old ideas for a great extension" wouldn't have been fruitful, it would be fascinating for the history of mathematics to know what lines of investigation he had in mind. I wonder whether his notebooks or correspondence left enough clues, to learn what those old ideas were?

MarkHNovember 24, 2019 11:20 PM

PS to Alyer Babtu:

I see you added another comment, while I was typing :)

Probably you know that Andrew Wiles' famous 1995 partial proof of the was motivated almost entirely by his boyhood dream of proving "Fermat's Last Theorem."

Because FLT had long resisted all efforts to crack it, and had (for centuries) no visible connection to any important or general problem, no professional mathematician could devote a major effort to proving (or disproving) FLT without destroying his/her reputation: FLT was a territory strictly reserved for amateurs and crackpots.

It was seeing Gerhard Frey draw his connection between Taniyama-Shimura-Weill (as the conjecture became when it was made more precise) that "closed the circuit" for Wiles: he knew that he could work on FLT, because it was now a Very Important Problem. [If I recall correctly, Wiles was in the audience when Frey gave a talk presenting his derivation.]

The part of this that proves the truth of the observation you made in your closing paragraph, is that nobody else in the world made such an intensive attack on the Taniyama-Shimura-Weill conjecture, because of a widely shared belief that finding such a proof was simply beyond current mathematical knowledge.

It was Wiles's "Don Quixote" determination to solve FLT, that propelled him to do (through about nine years of grueling effort, mostly in secret) what his colleagues believed to be unattainable.
_______________________________________

When Gauss wrote those words, he perhaps had in mind the Goldbach conjecture as a salient example. It's so simple that any child with a few years' math education can understand it; it seems almost certain to be true; and it has resisted all efforts toward solution.

Gauss was born less than 35 years after the conjecture arrived in mathematical history. At age 277, the conjecture remains a fortress no one has conquered.

MarkHNovember 25, 2019 12:10 AM

Errata:

The second sentence was meant to begin "Probably you know that Andrew Wiles' famous 1995 partial proof of the Taniyama-Shimura-Weil conjecture was motivated almost entirely ..."

I also misspelled Weil later on -- it has only one 'l'

SpaceLifeFormNovember 26, 2019 2:03 PM

@ MarkH

Forgot to mention.

I do believe that the unknown theorem could be related to Quadratic Reciprocity.

Where Quadratic Reciprocity is a subset of a larger theorem.

In theory, if if, then then, Quadratic Reciprocity would not, in theory, help in the odd prime exponent case of FLT.

But, there are interesting patterns in the odd primes.

I have zero reason to believe that Fermat did not find something.

But, I can believe he never wrote about it.


Wait_CODER/DECODERNovember 26, 2019 6:48 PM

There are many specific reasons why I am sometimes self-described as and actually "slow": (Here are hardly any at all)

0) "umbilical stem cell therapy"

1) https://nakedsecurity.sophos.com/2019/09/19/air-force-to-offer-up-a-satellite-to-hackers-at-defcon-2020/

2) I'm not in any hurry to jump off of the nearest high altitude cliff nor chasm.

3) https://everipedia.org/wiki/lang_en/Mogwai_(Chinese_culture)

Sincerely,

R2D2 knew exactly what he was doing; C3PO was wrong.

Les MousquetairesNovember 29, 2019 11:10 PM

@Wael @MarkH

We have successfully invested in the S&P 100 using a variant of our usual strategy, viz.,

One all for all, and
All one for one

Athos, Porthos, Aramis and I developed it playing cards while waiting for the next skirmish with the Cardinal.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.