Who understands homomorphic encryption?

One of my favorite talks at an MIT computer science event last month was by Raluca Ada Popa, a proponent of keeping everything encrypted on servers even during computation. Then it doesn’t matter if the bad people (formerly “bad guys”) break in. How is that possible? Homomorphic encryption, developed about 15 years ago by Craig Gentry, plus hardware support from Intel.

According to Ada Popa, the performance hit from doing everything encrypted is only about 20 percent.

It is tough to know if this can truly protect garden-variety web services, in which the server holds most of the keys, e.g., the database password. I asked Professor ChatGPT:

Homomorphic encryption is a type of encryption that allows computations to be performed on encrypted data without decrypting it. This means that an HTTP server can process encrypted data without ever needing to know what the data actually is. However, there’s a bit of confusion in your question as you suggest the HTTP server has the decryption key.

The real power of homomorphic encryption lies in the fact that the server (like an HTTP server in your question) doesn’t need to have the decryption key at all. It’s the client who holds the key, encrypts the data, sends the encrypted data to the server, and the server performs the computations on the encrypted data. After performing operations, the server sends the encrypted result back to the client, who can then decrypt it using the decryption key.

This offers an unprecedented level of data security because even if the server was compromised, the data would remain safe since the attacker wouldn’t have access to the decryption key. It’s particularly useful in cloud computing, where sensitive data needs to be processed by third-party servers.

The decryption key should be kept safe and private, usually on the client side. If the HTTP server does hold the decryption key, it weakens the system’s security as it creates a single point of failure where both encrypted data and the decryption key can be potentially accessed by an attacker.


Could this prevent all of the credit card and mailing address breaches that we hear about? The credit card number is stored for one-click ordering, but can be decrypted only when the user is logged into an ecommerce site and is ready to enter his/her/zir/their password, which will serve as the key? Ditto for shipping address, but then that has to be transmitted to UPS or some other company, no?

Could it work for Google Drive? The big selling feature is that you can collaborate with 5 other authors if desired. How can that work if the document is encrypted with just one user’s key?

Who has thought about this and figured out whether homomorphic encryption is the silver bullet for defending practical applications?

Also from the event, the Followers of (Computer) Science stay safe in a crowded room for hours at a time by wearing masks:

Full post, including comments

The mad scramble for stuff is over? (Unifi network gear is back in stock)

Last year, I purchased a TP-Link Omada multi-point network because everything from the leading brand, Unifi, was sold out. Out of curiosity, I checked recently and everything that I would have purchased from Unifi, including a Dream Machine Pro router and their wall plate access point was back in stock.

How is the Omada system working, you might ask? Quite well, but there are occasional failures of the upstream connectivity between the Arris cable modem that I purchased and Xfinity and these require power cycling the Arris device to restore. The software being run by the Arris device is controlled by Xfinity and it looks as though there hasn’t been an update for two years (see this post regarding the same issue from December 2020; the software image name is the same as what our Arris reports running).

Anyone else noticed that long-scarce items are available once more?

Exception: aviation parts, which are labor-intensive. Cirrus owners still post messages desperately seeking spares. (See Small airplanes are super expensive, but still much less useful than pre-coronapanic)

Full post, including comments

Database programmers’ dream: build the operating system on top of a DBMS

One of the most interesting talks at a recent anniversary celebration for computer science at MIT was by Michael Stonebraker, a fake MITer (he is best known for Ingres and Postgres, UC Berkeley implementations of IBM’s relational database management system concept). For the past few years, Stonebraker has been working on a database-first vision of computing:

For those who don’t want to watch the 55-minute video, the idea is to run a high-performance RDBMS underneath the operating system (OS) and have the OS use DBMS services to hold its state, support inter-process communication, to roll back to a known good state after a failure or an attack, etc.

Here’s a figure from a 2022 progress report:

The events opened with computer science PhDs acknowledging that humanity faces an existential threat from climate change (Science says that if you can program a computer you can predict the Earth’s temperature 50 years from now). If we combine that with the observation that humans are actually increasing, not decreasing, their CO2 emissions, humanity will soon be extinct. Do we actually need to rethink our practical foundation for computing if these are our sunset years? If yes, this strikes me as the most promising idea.

What about performance? Stonebraker says that the “OS-on-database” runs applications about as fast as conventional “OS-including-ad-hoc-data-management-schemes-for-all-of-its-state”.

Full post, including comments

Was Watson right about the number of computers?

“I think there is a world market for maybe five computers,” is a purported 1943 quote from Thomas Watson, IBM’s CEO just before the dawn of the Von Neumann architecture on which all modern computers rely.

Suppose that he actually did say this. Is it fair to say that events in cloud computing have proven him correct? Watson was not talking about terminals (corresponding to our desktop PCs and smartphones), but mainframes, which correspond to computing clouds today. How many clouds of significance are there? AWS, Google, Azure, Alibaba, and IBM? (source) That’s five!

Full post, including comments

The Inevitable Demise of the Web

Remember to listen to the credentialed experts, such as Hal Berghel, Ph.D. computer nerd. A 1995 academic paper… “The inevitable demise of the Web”:

There is no doubt that the fastest growing part of the Internet is the World Wide Web. From its inception in 1990, the Web has established itself as the leading packet hauler on the Internet, passing beyond FTP, Telnet, WAIS Gopher and all of the other, more established Internet client protocols. The reason for this success is that the Web has established itself as the standard unifying environment for the Internet’s digital riches.However, the days of the Web are numbered. The technology behind the Web is outdated already and may not survive the decade. The current growth rate, which some estimate at 15% per month, suggests that if the end of the Web is to come soon, it will likely be cataclysmal. If this seems unrealistic, consider that this fate befell Gopherspace. As Figure 1 shows, Gopher lead the Web in packet volume as late as March, 1994. In the following twelve months Gopher presence on the Internet all but disappeared. Life cycles are accelerated to frightening paces on the Internet.

Dr. Berghel predicts that, with a little more innovation (from funded academic research?), the muscular connection-oriented Hyper-G protocol will crush HTTP and Java will replace HTML.

Full post, including comments

What to do with two old iPad Mini 2s with free T-Mobile mobile data?

We have a couple of iPad Mini 2s that were introduced in 2013, model number MF575LL/A (64 GB and T-Mobile LTE). If memory serves, these came with a free lifetime low-speed T-Mobile connection (though right now it seems not to be working; maybe it needs to be reactivated?). Checking the various “sell my stuff” web sites, these have no commercial value ($729 back in 2013, which purportedly corresponds to 947 Bidies). But they’re in great cosmetic condition and the batteries still work for a few hours at least so I’m reluctant to throw them out.

They can’t run the latest iOS, but most major apps work fine on iOS 12.5.

What is a useful application of such obsolete hardware, with particular attention to the mobile data connection. Thanks in advance for any ideas! (“idea” can include “give away to X”)

What if the idea is “throw out”? Here’s Apple’s environmental report from September 2015:

Related:

Full post, including comments

60 years of parallel processing

Based on searching the ACM journal database, the dream of parallel computing seems to date back roughly 60 years. Some folks at Westinghouse in 1962 imagined partial differential equations being solved, satellites being tracked, and other serious problems being attacked.

By 1970, multiple processors were envisioned working together to serve multiple users on a time-sharing system (“A processor allocation method for time-sharing”; Mullery and Driscoll (IBM), in CACM). In 1971, a 4-core machine was set up for keeping U.S. Navy ships out of bad weather: “4-way parallel processor partition of an atmospheric primitive-equation prediction model” (Morenoff, et al.).

What about today? A friend recently spent $3,000 on a CPU. Why did he need 128 threads? “I like to keep a lot of browser windows open and each one is running JavaScript, continuously sending back data to advertisers, etc.”

The benchmark nerds say that you don’t need to spend a lot to maximize single-thread performance:

And you also get pretty close to the best benchmark result with a 550-Bidie CPU:

But maybe the benchmarks don’t fully capture the multi-window browser support capabilities of the $6,000+ CPUs?

Full post, including comments

Frontiers of user interface: the FAA NOTAM system

A few weeks ago, there were news reports of Biblical rain in the Miami/Fort Lauderdale area. I checked the FAA’s web site for NOTAMs (no longer an abbreviation for the sexist “notices to airmen”) for FLL.

At first glance, using the default sort order, things looked pretty good on the morning of April 13:

There are some amendments to instrument procedures that you’ll probably not need (it’s sunny Florida!) and some signs and markings aren’t standard. If we scroll down a couple of screens, however, we find that there are some plans to maintain the runway status lighting system on April 18 and…. the entire airport is closed. That was the very last NOTAM presented.

Full post, including comments

Farewell to Black History Month from ChatGPT

A February 5, 2023 exchange with ChatGPT:

What if we change the question slightly?

Let’s get away from skin color:

I’m sick with envy every time I see a Gulfstream on the ramp. Maybe ChatGPT can help.

(Does the above answer make sense? Melinda Gates and MacKenzie Scott are billionaires, but they did not get rich by employing workers or engaging in business. Why are they told to “implement responsible and sustainable business practices” and to support workers?)

How about our corporate overlords?

I would love to see a corporation “engage in … self-reflection”! ChatGPT demands “fair wages”. Suppose that a corporation accepts ChatGPT’s demand.

(ChatGPT implies that employers are paying $8.65/hr, but a quick search reveals that entry level at McDonald’s is $13.75 to $15/hr in Palm Beach County.)

Is there room for improvement among those who walk across the southern border?

In short, “No.”

Is there room for improvement among those who are already U.S. residents?

(Item #3 seems consistent with the others. If migration is good for the U.S., why would we strive to reduce the flow of valuable migrants?)

Combining all of the above… If you identify as white and native-born, I hope that you’re spending today acknowledging your privilege and making sure that you pay sufficient taxes to buy all migrants free access to the healthcare services that you’re unable to use (because out of network).

Full post, including comments

Whore excursions in Cartagena

Annals of Artificial Intelligence… the iPhone knows that I’m headed on Royal Caribbean’s Vision of the Seas to Cartagena, Colombia, famous as a party destination for Barack Obama’s Secret Service. See “US Secret Service Cartagena scandal ‘involved 20 women'” (BBC, 2012):

The US Secret Service prostitution scandal involved as many as 20 women, 11 American agents and some military personnel, senior US officials say.

Senator Susan Collins, briefed by the Secret Service director, said 20 women were found at the US hotel.

The incidents took place in Cartagena, Colombia, ahead of last weekend’s Summit of the Americas.

Apple software’s inference regarding what I typed in iMessage to my friend regarding the cruise:

finalize whore excursions

Are we sure that ChatGPT is going to replace humans?

(Hint for those unfamiliar with the cruise lifestyle: “shore excursions“)

Related:

Full post, including comments