As the Universe Cools Down

If a civilization wants to maximize computation it appears rational to aestivate until the far future in order to exploit the low temperature en-vironment: this can produce a 1030 multiplier of achievable computation. We hence suggest the “aestivation hypothesis”: the reason we are not observing manifestations of alien civilizations is that they are currently (mostly) inactive, patiently waiting for future cosmic eras. This paper analyzes the assumptions going into the hypothesis and how physical law and observational evidence constrain the motivations of aliens compatible with the hypothesis…

As the universe cools down, one Joule of energy is worth proportionally more. This can be a substantial (1030) gain. Hence a civilization desiring to maximize the amount of computation will want to use its energy endowment as late as possible: using it now means far less total computation can be done. Hence an early civilization, after expanding to gain access to enough raw materials, will settle down and wait until it becomes rational to use the resources. We are not observing any aliens since the initial expansion phase is brief and intermittent and the aestivating civilization and its infrastructure is also largely passive and compact…

As noted by Gershenfeld, optimal computation needs to make sure all internal states are close to the most probable state of the system, since otherwise there will be extra dissipation. Hence there is a good reason to perform operations slowly. Fortunately, time is an abundant resource in the far future. In addition, a civilization whose subjective time is proportional to the computation rate will not internally experience the slowdown.

Heh heh heh: “In the long run, we are all dead…” 1 2 3

As the Universe Cools Down

Show 3 footnotes

  1. A far more likely scenario is “they” are working on some soft of post-graduate project regarding our “arts and culture.” This is consistent with the spy game Fermi paradox resolution, which has orders of magnitude more reliable sourcing than the next best sourced UFO phenomenon, the O’Hare sighting.
  2. Snerk.
  3. Okay, that is to say that all the above is not any more or less plausible than American Gods. Though, frankly, their paper could use a lot more cow-bell. And that funky clarinet that insinuates itself into each AG episode when you least expect it.

Tech Rodeo

Google kick-started it and Mozilla has smoothly implemented it:

An algorithm we’ve depended on for most of the life of the Internet — SHA-1 — is aging, due to both mathematical and technological advances. Digital signatures incorporating the SHA-1 algorithm may soon be forgeable by sufficiently-motivated and resourceful entities.

Via our and others’ work in the CA/Browser Forum, following our deprecation plan announced last year and per recommendations by NIST, issuance of SHA-1 certificates mostly halted for the web last January, with new certificates moving to more secure algorithms. Since May 2016, the use of SHA-1 on the web fell from 3.5% to 0.8% as measured by Firefox Telemetry.

In early 2017, Firefox will show an overridable “Untrusted Connection” error whenever a SHA-1 certificate is encountered that chains up to a root certificate included in Mozilla’s CA Certificate Program. SHA-1 certificates that chain up to a manually-imported root certificate, as specified by the user, will continue to be supported by default; this will continue allowing certain enterprise root use cases, though we strongly encourage everyone to migrate away from SHA-1 as quickly as possible.

Tech Rodeo

Related notes: WordPress now supports Let’s Encrypt (free ssl certs for your blog), as well as Squarespace; Danish government entities using email servers now have to implement STARTTLS and DANE for their SMTP servers. 1 An unprecedented look at SSL implementation in North Korea. Reversing direction,  neverssl.com pledges to stay available over HTTP in order to provide a default URL for Wi-Fi captive portals. And finally in our SSL/TLS round-up, draft 17 and draft 18 of TLS 1.3 have been published.

Tech Rodeo
Oh those fun Germans!

When they crash, self-driving Mercedes will be programmed to save the driver, and not the person or people they hit. That’s the design decision behind the Mercedes Benz’s future Level 4 and Level 5 autonomous cars, according to the company’s manager of driverless car safety, Christoph von Hugo. Instead of worrying about troublesome details like ethics, Mercedes will just program its cars to save the driver and the car’s occupants, in every situation.

One of the biggest debates about driverless cars concerns the moral choices made when programming a car’s algorithms. Say the car is spinning out of control, and on course to hit a crowd queuing at a bus stop. It can correct its course, but in doing so, it’ll kill a cyclist for sure. What does it do? Mercedes’s answer to this take on the classic Trolley Problem is to hit whichever one is least likely to hurt the people inside its cars. If that means taking out a crowd of kids waiting for the bus, then so be it

Tech Rodeo
A reminder; it’s always about the money…

DDoS — distributed denial of service — is an unsophisticated form of attack that overwhelms sites with spam traffic so legitimate users can’t get through. DDoS is a war of economics: whoever has the most computing power, defender or attacker, usually wins.

This makes DDoS a useful tool for censorship of small and mid-level publishers, but major sites usually have defenses in place and aren’t susceptible to these attacks. However, Friday wasn’t business as usual. The series of attacks that took out Dyn, the DNS service that provides the backbone of many major sites, were powered in part by a botnet of hacked DVRs and webcams known as Mirai. Mirai first emerged several weeks ago during a DDoS against Brian Krebs, a cybersecurity journalist who runs his own publication KrebsOnSecurity.com.

The DDoS attack on Krebs, the scramble for protection that followed, and Friday’s massive attack mark a new chapter in DDoS. More and more websites are being forced to seek shelter behind a shrinking number of powerful DDoS protection providers. But that centralization means that, as potent botnets like Mirai become stronger, larger sections of the internet can be knocked offline during attacks.

Mirai is irritating for the American internet users who couldn’t access their favorite websites Friday, and a thorn in the side of companies that are now forced to recall their easily hacked IoT devices — but the botnet is also influencing the market for DDoS protection.

Tech Rodeo

Show 1 footnote

  1. Though unless you read Danish, you’ll just have to take our word for it.