Lame Heron has released a wonderful board game — embarrassingly simple albeit tremendously rich in strategies. This is an ancient game played by some indigenous tribes of Siberia isolated from the rest of the world for millennia. This marvelous game remained undiscovered until recently. Being invented and developed in nearly complete cultural isolation this game employs mechanisms very alien to a player of «western» origin. Although the mathematical and physical substance of the game is not from the parallel universe — it is still cubical dice and a hexagonal board well known to everybody — the dice are used in a very unorthodox manner, they are randomizers and the moving pieces at the same time. The goal of the game is also surprising, it does not fall in any usual category, it is not a «capture» goal, nor a «advance to» goal, neither is it a «connect» goal, not even a «dominate», yet it is a very simple condition clearly followed from the rules and easily readable on the board.
Read more →

Do you really, i mean really, believe that computers are afraid of capital letters? and punctuation? Don't tell me that you want to scare off people, not computers, it would be even more ridiculous, given a second thought.

How would you feel if a service provider asks you: «please include at least three capital letters, seven underscores, and a number thirteen in your password»? — weird? You better adjust your attitude. The first ingredient is already required by some, more to follow soon.

Seriously, have you ever tried to think why all those «password choosing» policies are so ridiculous and stupid, are they as beneficial as people believe?

The serious answer to the question is given in my new paper on the password authentication: arxiv.org/abs/1505.05090 and its summary is as follows: «The password policies are futile, because they have no formal mathematical foundation at all, and this is why they are all as ridiculous as homeopathy».

Here i want to present some fun aspects of the problem.

The two most prominent protagonists of computer security MS and Google directly contradict each other:

DO NOT USE:
Common letter-to-symbol conversions, such as changing «o» to «0».
USE:
similar looking substitutions, such as the number zero for the letter 'O'
No one notice. These both password creation policies are equally respected. Who are we to doubt the Wisdom of the Titans!?

Also, the Titans teach us that there is an inherent contradiction between security and memorability. Of course the Titans do not condescend to proving their claims. We are supposed to make a leap of faith. I don't have faith, i need a proof, or at least some evidence supporting the claim. Here is the claim:

Human memory is limited and therefore users cannot remember secure passwords.
Call me when you find any evidence of that.

RTB (Real Time Bidding) the mechanism of monetization of traffic by more highest price or selling the traffic which the ad network can’t monetize itself. It could be compared with the big auction where one ad network is the auctioneer all other is participants. The auctioneer to announced the lot, some participants make a bid, and the bid with the highest price wins the lot.




Read more →

I am failing to understand four simple things:
why do people always fail to know the limits of their individual reach?
why do people always believe everything authorities say?
why do people always think «it won't happen to us»?
why do people always prefer to lose everything in order to save a part?

All these four shine and glitter as they intricately weave into the topic of «cash vs plastic» (keep them in mind while reading).

It has become a popular fad to use «plastic» instead of cash… as usual people are completely unaware of the dangers of this fad. And for some reason they think that «plastic» is somewhat equivalent to cash — NOT EVEN REMOTELY!

The most important issue is (as usual) the simplest one and (as usual) the most ignored one — WHO COMMITS A TRANSACTION? You come to a store for a loaf of bread, you pay for it and take it away. Are you sure it was you who payed for it? I am sure, because I always use cash. When I give a banknote to a cashier I physically commit the transaction — this is MY FINAL SAY. When you type your PIN, you MERELY ASK a bank to commit the transaction for you. In the end of the day it is the bank's decision whether you gonna have this loaf of bread or not. Think about it for once! The bread you are having now is not a result of a free trade between you and a backer, it is a free will of an (undoubtedly honest) 3rd-party. The bank decided on their own volition to allow you to have this bread, and they can as easily decide to starve you at any time.

And when I am speaking about bread, I literally mean bread. It is a common practice in Ukraine and Russia to arrest bank accounts of family members of political dissidents, thus rendering them incapable of engaging in any trade, i.e. buying bread. When you are under a police investigation for political reasons, you are offered a choice: your family will starve unless you confess that you were digging a tunnel under Kremlin with a premeditated goal to assassinate the dear comrade Stalin. The most famous implementation of this tactics is the Ruslan Kotsaba case, his wife and kids have only survived thanks to the public campaign (launched by the defence attorney) encouraging people to trade with the wife for cash (she is a pastry chief).

But, of course! It can not happen to you! No way! (Ask The Lighthouse Project what methods do courts and prosecutors employ in USA and Canada to exert pressure on falsely accused.)

The banks do not bother with breaching your security, they took away your agency altogether.

(to be continued)

Dear mr. Kelly,
do you realize that you lose the ability to attribute a suspect's social media account to the said suspect immediately after obtaining a password to the said account?
Once you own the password, the account is attributed to YOU, shithead, thus rendering all your claims about the suspect's alleged activity associated with the account completely inconsiderable.

Resign immediately! You know _NOTHING_ about security nor elementary logic, you are utterly unqualified for the Homeland Security Secretary position.

First was Brexit, then Trump, now The Italian referendum has happened… and Jean-Claude Junker is calling for EU leaders to infringe on the peoples' right to vote. This is the first manifestation of Internet working as an information system for the people.

LADIES AND GENTLEMEN, INTERNET WORKS! (wikileaks be upon him)

The simplest and most important fact about computers — COMPUTERS ARE TURING COMPLETE

Because of that, we can not know what program runs on a given computer (without disassembling this computer to atoms).

The only possible source of an answer to this question is the computer itself, which in turn can be programmed to give ANY ANSWERS (due to its Turing completeness). A system program+computer can present itself to an observer as anything arbitrarily far from the real internal state of the system.

That's enough for any amount of fraud to be completely undetectable. NO AMOUNT OF REGULATIONS CAN CHANGE IT!!! A program can always be invisibly replaced/altered.

The law defines the elections as a particular process. Computers arbitrarily change this process — this is not legal (in a very literal sense of «legal»). Computers make the regulations inapplicable and the entire electoral process unregulated — lawless!

The computers should be banned from the vote counting process regardless of the actual fraudulent activity of any parties.

Synopsis: There are no elections in USA.

It is not a hyperbole and it is not a political nor ethical statement. I am talking specifically about the procedure of elections as an information process. By using a «voting» machine you do not give your vote to any of candidates, you give your vote to whomever controls the machine. Giving your vote away is NOT electing.

In case you are concerned about data security or voter fraud issues: those concerns are irrelevant, the computerized procedure in use does not endanger the elections, it ELIMINATES them from existence. From the InfoSec perspective the information process that has taken place of the elections (be it hacked or not) is NOT the elections — not even a surrogate! — it is something else, that, most importantly, has nothing to do with your vote.
Read more →

For a million years you are being trained to reason about the physical world as perceived by your sensors. You evolved to search for patterns and assume animal agency by default (simply because the cost of the mistake is lower with this assumption). Then came computer programs… they are invisible for your sensors, they do not follow any patterns, they can make computers appear animate, they can disguise as a reasonable actor, or fool your senses otherwise. And on top of it all they do not obey the laws of physic, the laws that your brain perceive as unbreakable for any agent in the visible world. This is a disaster for your neolithic brain.
Read more →

I have a strong conviction that 99% of «security experts» do not know the definition of the entropy. This conviction does certainly seem wildly deranged for you, unless you know the definition in question. So, let's begin with the definition, by the book.
Read more →