Slashdot Mirror
Slashback: Flashmob, Currency, Verification
Reminder of your scheduled spontaneous appointment. Zero_K writes "As previously posted on Slashdot and the NY Times, the University of San Francisco's, Computer Science department is building a 'flash mob' supercomputer on April 3rd. On their newly updated official web-site (Main Site, ISO's) the team has now posted the ISO image of their custom morphix that will be used to boot all the computers into the cluster, documentation is on the website (under 'downloads') and on the CD (index.html). I personally plan on downloading and testing this ISO tonight. And after the cluster is taken off line, there will be a massive LAN PARTY (Possibly one of the biggest in San Francisco...) On a 10-Gigabit LAN...Oh sweetness ... So if you are in or around the SF Bay Area on April 3rd, be sure to sign up and bring your laptop or desktop to campus and help make history."
Whaddya mean, "no pun intended"? Rudiger writes "After the dust (no pun intended) has settled around the whole Operation Dust Bunny thing, McAfee updates their signature database classifying Dust Bunny as an application. To be more specific: 'This program is detected as a "potentially unwanted application."' They also say 'This is not a virus or trojan.' Should we leave it to the experts this time?"
Would you read Atlas Shrugged on this screen? An anonymous reader writes "The so-called 'electronic paper,' being a high-clarity monochrome display to become a foundation for comfortable and inexpensive 'electronic papers,' has finally shown its face. The new electronic paper, which looks a bit like an iPod, has 10MB memory, keyboard, Memory Stick PRO slot, voice recorder, speaker, and headphones output, and USB2.0 interface."
(We mentioned the device yesterday, but this link provides better images of it.)
Now they're Pragmatic Publishers as well -- much success! AndyHunt writes "As you may have heard, the Pragmatic Programmers have started their own publishing company (see Slashdot reviews here and here). We've just signed our first outside author: Mike Clark, editor of the JUnit FAQ and developer of JUnitPerf and JDepend. He'll be writing the eagerly-anticipated Pragmatic Project Automation book, the third volume in our Jolt Productivity award-winning series."
Exactly how many bits, Ma'am? And in what order, did you say? jlcooke writes "Two months (almost to the day) after getting slashdotted for an innocent post to sci.crypt - the MD5CRK project has launched. The aim is to get the thousands of applications and websites to drop MD5 for SHA-1 or SHA-256 by finding a counter-example of a security requirement in MD5. Press Release is here."
How to take criticism, by example. slashdot_commentator writes "Eric S. Raymond has recently written a wonderful piece explaining to the Linux zealot why it may not be the operating system of choice of all users. (Or what user aspects open source developers need to focus on to further Linux World Domination.) The op-ed specifically focuses on the CUPS printing system. (But it would be a mistake to dismiss it as a screed against CUPS.) The CUPS authors surprisingly acknowledged ESR's points, and he wrote a followup to the article."
Hitting them where it figuratively hurts. Ian Wilson writes with a followup to the Slashdot post earlier this month on "website thieves stealing content and designs from others, taken from silicon.com. Well, now silicon.com is reporting that it has contacted the offending site's advertisers and forced them to stop paying ad revenues - thus effectively crippling the illegal site - after all, no revenue, no reason to the run the site."
Express your appreciation with PizzaPal. Chuck writes "After you guys published the article on $20 bills exploding when microwaved, a co-worker of mine went to put his soup in the microwave and found a $20 bill in it. Too bad it was an older one, but someone around the office must have left it in there after reading your article. The co-worker then took me out to lunch. Thanks, Slashdot!"
The other day, there was a bitTorrent link in the article, and I realized that I didn't have Bit Torrent installed. So when I went to download it, McAfee told me it was Spyware.
Bit Torrent is spyware?
Yet another reason for me to hate McAfee.
If they can do that, make notes using handwriting easy (no recognition required), I'd love that...
But I bet the main opponents to this would be book publishers who charge exhorbiant amounts for "new editions" where hardly anything was changed. oh well.
ESR just jumped A LOT of points in my book. I haven't read anything so dead on in the community in ages. But add to that his level of tact and his *gasp* sympathy for the user. Wow. Definitely worth the read.
Quack, quack.
Thats strange -- are you feeding it the same data?
.NET -- never used it yet. Hell, I use it to pass off authentication between these languages when I can't get away with using the same language through out. All work exactly the same...and I'm not even that great of a programmer...
I have a few implementations of MD5 that I use for various apps that ALL give the same results. Sometimes you have to make sure that character sets and otherwise are being processed that same way, and it all comes out the same way.
Lets see -- I have the PHP builtin function, a perl implementation (for systems that don't have it built into the OS), a Javascript one and one that was for just plain ASP (not the
Not a flame or anything, but did you check the source for the Bittorrent client you downloaded? SpywareInfo shows there is a Bittorent client floating away with an infection of spyware.
Just for grins, I checked my machine and McAfee ( Virusscan Enterprise 7.0.0, virus defs 4341) didn't complain about ABC [Yet Another Bittorrent Client] 2.6.5 being on my machine. (Nor did AdAware 6.0.) So McAfee doesn't go after all Bittorrent clients.
There are so many little things that cripple non-expert users in Linux. Just off the top of my head, on RH9/GNOME, inserting a CD-ROM brings up a dialog that reads
Or something like that. I mean, c'mon. If I wanted that I'd be running fwwm or something. Do I want to "mount" "/dev/cdrom"? How the hell should I know?? Or even better, try installing a TrueType font on Linux. Oh my god.If more effort was directed towards these things rather than to making yet-another-theme-for-KDE Linux would be vastly more user-friendly and maybe it would be actually giving Windows a run for its money on the desktop.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
By my calculations, at the current rate they'll take over 500 years to produce a collision. They need about a hundred times as many people on board to get anywhere.
1 9.78646399116343804161
The sum I did is
sqrt(-l(0.5)*2*2^128)/(1.325*10^9*86400*365)
5
N=2^128 is the space they're looking for a collision in. The expected number of collisions found after k items have been produced is very close to k^2/2N, so the probability zero have been found is exp(-k^2/2N) by the Poisson distribution. Assume exp(-k^2/2N) = 0.5 and solve for k, then divide by their declared rate of 1.325 gigaMD5s a second.
I don't know whether this inclines me to give the whole thing up or to climb on board. The latter is probably more fun.
Incidentally, the algorithm they're using to do the search efficiently is pretty cool. Paul C van Oorschot and Michael J Wiener, Parallel Collision Search with Cryptanalytic Applications (pdf)
Xenu loves you!
For all those interested in the MD5 signing of a message and how "impossible" it is - take a look at www.cryptool.org and the demonstration under "Individ. Procedures" -> "Attack on the hash value of a signature". You may be (unpleasently) surprised about how easy it is to match two completely different documents to have the same MD5.
Two wrongs may not make a right, but three
Setting up a printer in Linux was one of the first things I did after I figured out how to install it, and surprise surprise all i had to do to get it working was, wait for it, READ THE MANUAL.
And in the Windows, installing a network printer goes like this: Select 'add new printer', click next, check 'network printer', click next, click next, select the printer from the list, click next, click finish, admire the test page printed out on the remote printer. Windows user is done before Linux user read the first page of the manual.
Do you for a second believe that Linux way is better in this respect?
Is it really so much to ask that people learn how to use the tool they choose to use properly? Is it so much to ask that people know how to read?
Joe Q. User (you know, the one Linux needs to win over in order to establish world domination) answers: Yes, and yes. I want to install a printer, not read something. If I wanted to read something, I'd go to the library.
It depends on how you were doing it 'easily'... if you simply had a great deal of brute force to apply, then you could apply the same brute force to SHA-1 or any other message digest function. Only if you have some way of finding collisions which is better than brute force would this be a weakness in the digest function. (Of course, one can imagine a trivially weak message digest that has only 'A' and 'B' as possible outputs; for that algorithm even a brute force attack is easy enough to worry about, but this isn't the case for MD5 as far as I can tell.)
Looking at the method MD5CRK will be using, it seems they'll just be brute-forcing MD5 by running it in a feedback loop to find a cycle (which must exist). As they say, this could be applied to any function which has finite range and domain (assuming that there is some reasonable mapping from domain back to range: in this case, they can both be treated as strings). Exactly the same technique could be applied to SHA-1. Do they simply mean that SHA-1 has a larger range of output values, so its cycles are probably longer and harder to find?
-- Ed Avis ed@membled.com
There have been some solutions in the past. Balloon help did a really good job of explaining WHY a particular menu item was grayed out. It's too bad it worked so poorly and looked so stupid. I've seen Microsoft apps put the info in the status bar when you hover over a menu item. This is good too. But, please, never gray something out if the reason is not immediately obvious.
Wizards aren't MS-specific. Heck, OSX uses them a lot. It's a way of taking the user by the hand and guiding him or her through a complex process. It's true that MS has given Wizards a bad name by using them all over the fricken place, but that doesn't mean they're all bad.
Here's how my proposed wizard would work. My apolgies for the ugliness of the following. I made some really nice ascii art but the lameness filter rejected it.
1. Entry screen:
All local printers would be displayed. The first unconfigured local printers will be preselected. Clicking the Select Network button takes to to step 2, Next takes you to step 4.
2. Select Network Printer Type:
3. Browse Network Printers
4. Configure selected printer...
(insert rest of wizard here).
I can't think of an easier or more capable way of solving this problem. If you can, I'd love to hear it.
I know this will sound trite, but look at Apple's Human Interface Guidelines for some very sound principles in UI design.
I was a Mac developer for 4 years... I can quote those guidelines backwards and forwards. I think I still have a copy in my garage. The problem is, they are definitely showing their age. As you noted, even Apple doesn't strictly ahdere to them anymore. The world is a more complex place now.