Slashdot Mirror
Slashback: Flashmob, Currency, Verification
Reminder of your scheduled spontaneous appointment. Zero_K writes "As previously posted on Slashdot and the NY Times, the University of San Francisco's, Computer Science department is building a 'flash mob' supercomputer on April 3rd. On their newly updated official web-site (Main Site, ISO's) the team has now posted the ISO image of their custom morphix that will be used to boot all the computers into the cluster, documentation is on the website (under 'downloads') and on the CD (index.html). I personally plan on downloading and testing this ISO tonight. And after the cluster is taken off line, there will be a massive LAN PARTY (Possibly one of the biggest in San Francisco...) On a 10-Gigabit LAN...Oh sweetness ... So if you are in or around the SF Bay Area on April 3rd, be sure to sign up and bring your laptop or desktop to campus and help make history."
Whaddya mean, "no pun intended"? Rudiger writes "After the dust (no pun intended) has settled around the whole Operation Dust Bunny thing, McAfee updates their signature database classifying Dust Bunny as an application. To be more specific: 'This program is detected as a "potentially unwanted application."' They also say 'This is not a virus or trojan.' Should we leave it to the experts this time?"
Would you read Atlas Shrugged on this screen? An anonymous reader writes "The so-called 'electronic paper,' being a high-clarity monochrome display to become a foundation for comfortable and inexpensive 'electronic papers,' has finally shown its face. The new electronic paper, which looks a bit like an iPod, has 10MB memory, keyboard, Memory Stick PRO slot, voice recorder, speaker, and headphones output, and USB2.0 interface."
(We mentioned the device yesterday, but this link provides better images of it.)
Now they're Pragmatic Publishers as well -- much success! AndyHunt writes "As you may have heard, the Pragmatic Programmers have started their own publishing company (see Slashdot reviews here and here). We've just signed our first outside author: Mike Clark, editor of the JUnit FAQ and developer of JUnitPerf and JDepend. He'll be writing the eagerly-anticipated Pragmatic Project Automation book, the third volume in our Jolt Productivity award-winning series."
Exactly how many bits, Ma'am? And in what order, did you say? jlcooke writes "Two months (almost to the day) after getting slashdotted for an innocent post to sci.crypt - the MD5CRK project has launched. The aim is to get the thousands of applications and websites to drop MD5 for SHA-1 or SHA-256 by finding a counter-example of a security requirement in MD5. Press Release is here."
How to take criticism, by example. slashdot_commentator writes "Eric S. Raymond has recently written a wonderful piece explaining to the Linux zealot why it may not be the operating system of choice of all users. (Or what user aspects open source developers need to focus on to further Linux World Domination.) The op-ed specifically focuses on the CUPS printing system. (But it would be a mistake to dismiss it as a screed against CUPS.) The CUPS authors surprisingly acknowledged ESR's points, and he wrote a followup to the article."
Hitting them where it figuratively hurts. Ian Wilson writes with a followup to the Slashdot post earlier this month on "website thieves stealing content and designs from others, taken from silicon.com. Well, now silicon.com is reporting that it has contacted the offending site's advertisers and forced them to stop paying ad revenues - thus effectively crippling the illegal site - after all, no revenue, no reason to the run the site."
Express your appreciation with PizzaPal. Chuck writes "After you guys published the article on $20 bills exploding when microwaved, a co-worker of mine went to put his soup in the microwave and found a $20 bill in it. Too bad it was an older one, but someone around the office must have left it in there after reading your article. The co-worker then took me out to lunch. Thanks, Slashdot!"
I've seen that before... it's when I get modded -1 Flamebait within 30 seconds of posting!
Hmm, just went upstairs and checked my own microwave for cash. Nothing. Maybe I should get my dimwitted roomates to start reading Slashdot.
Kip Hawley is an idiot.
The other day, there was a bitTorrent link in the article, and I realized that I didn't have Bit Torrent installed. So when I went to download it, McAfee told me it was Spyware.
Bit Torrent is spyware?
Yet another reason for me to hate McAfee.
Hmm... put an 802.11b interface on this thing, and it won't matter that it has a trivially small amount of memory...
"Freedom means freedom for everybody" -- Dick Cheney
a co-worker of mine went to put his soup in the microwave and found a $20 bill in it.
He found a $20 bill in his soup?
This saddens me. I just finished implementing an md5 password hashing routine for a web application.
At least it's not production yet, so I can switch it over.
See? This is why my bosses should let me read Slashdot at work.
I had 10,000 assholes on my screen and so many being launched I couldn't stop them.
Welcome to Slashdot.
Opinions on the Twiddler2 hand-held keyboard?
Anyone wanna outsource the infrastructure and SW for the Lan party to us indians? ;-)
Jokes apart, i'd really like to fly down to USA top be a part of the lan party and see how those guys manage things.Its one thing to have a lan party with 100 ppl but using up complete subnets is one different league!
Lord of the Binges.
I see this every single day. The open source community (as it were) is full of people who want to use and like operating systems like Linux and BSD but are just too fucking afraid of even uttering anything that might reveal their ignorance (and I don't use that word in a negative sense) of whatever it it they're trying to accomplish with their computers.
Slashdot and USENET are full of endless threads about how easy it is to do this-or-that and if you haven't figured it out you must be supremely stupid and lazy. "What, you want it in a fucking silver plate?". Normal people (the ones not buying into open source right now) are petrified at this. They eventually either figure out how to do it ($deity bless Google) or just give up.
Without gross generalizations of course, I can't claim that everyone is this way. But there seems to be a troubling majority of zealots who are just so fantastically out there in their claims that [insert technology here] is so easy to use that even a "brain dead Windoze luser" must be able to figure it out, so they just cannot figure out why everyone hasn't dumped "M$". I mean, it's all so easy and efortless.
Maybe this will indeed be a wake up call for everyone.
If you wrote code to generate the checksum(s) and it's not working then you have a problem between the keyboard and chair, not with the algorithm. That's a standard that is not OS, platform or language specific.
SHA1, which you can use via the sha1sum command in the GNU core utilities, probably already installed on most Linux systems.
I frequently use MD5 in my code, for verifying a file's integrity. I do not use SHA-1 or SHA256, because they run a lot slower than MD5, without providing a realistically better guarantee that a file contains what it did at the time of its creation (if 128 bits leaves a significant chance of collision, you have bigger problems than choice of hashing algorithms... Such as how to store over a trillion yottabytes, which corresponds to one bit per 10 picograms assuming you used the entire Earth as a storage device).
Now, cryptographically, MD5 does not have the same "strength" as the SHA256. If you want to prevent tampering, you should most certainly switch to an SHA. But to just check the validity of a large block of data (such that a mere CRC doesn't suffice), MD5 works beautifully.
Additionally, I would point out to those who seem to believe finding a single MD5 collision would invalidate the whole algorithm - BS. For SHA256, going though every possible 257 bit block, you can guarantee a collision. For any hashing algorithm, that will hold true. I don't care if someone came up with a quantum hash (pulled from my posterior, since quantum-blah seems like the word of the day for magical guarantees of computational perfection), you'll still have at least one collision in N+1 bits, where the hash generates N bits.
So can we drop the SHA elitism that seems to have infected people lately? If you want to waste time in your code, go right ahead. But don't fault those of us who actually understand that, outside the realm of hard cryptography, MD5 more than suffices as an all around good hashing algorithm.
Are the MD5CRK folks trolling, smoking crack, or just not explaining themselves very well?
They "aim to disprove one of the fundamental requirements of a secure message digest: No two inputs can be found which produce the same digest - this is also known as a collision."
MD5 gives a 128-bit digest. There are more than 2^128 possible messages. Of course there are collisions. What MD5 claims is that the difficulty of coming up with two messages having the same message digest is on the order of 2^64 operations, and that the difficulty of coming up with any message having a given message digest is on the order of 2^128 operations.
No digest algorithm can claim to be free of collisions; they are many-to-one mappings.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood