But at the same time I'm sure most people would rather see the books go to those that will enjoy reading/owning them rather than some guy who is vulturing thru the tables looking for something he can resell.
The book will inevitably go to someone who will enjoy reading it; it just won't be the person who bought it at the sale.
I mean, a library is all about being free for everyone. And to have someone come in and try to profit from their operations is distasteful.
If the library wants to ensure the book is available to everyone, not just people who are wealthy enough to buy used books online, the obvious solution is to keep it in their circulating collection.
Remember, people with six figure incomes pay less then the rest of us because they get taxed at capital gains rates, which can be as low as 15%. Real working people pay around %30 or more.
Six figures? What is this, the 1970s? Of course, the bulk of income earned by people making six figures is taxed at ordinary income tax rates: wages, self-employment income, etc. Intuitively, you have far, far more people with six figure incomes from employment than retired and drawing six figures from investments, or young people drawing six figures from trust funds; and also six figures is way below point of things like hedge fund managers arranging things such that most of their income is in the form of capital gains.
Here is data from the IRS on sources of income classified by AGI. I selected 2006 so you can't say that capital gains are low due to the recession, which started in 2007. As you can see, for the 12 million returns with AGI from $100K to $200K, 3.6% of the income was from qualified dividends and net long-term capital gains. For the 3 million returns from $200K to $500K, it was 8.1%, for the 600 thousand from $500K to $1M, it was 12.0%. A large majority of "six figure income" people hardly have any income taxed at the special 15% rate. Obviously you are correct that someone making a large portion of their income in capital gains and dividends will pay a lower tax rate than many people making their money from wages, but overall it is not until well into the seven figures that the average effective tax rate starts going down.
Table sugar is pure sucrose, for all intent and purpose.
And sucrose is a disaccharide composed of fructose and glucose--i.e., 50% fructose. It's broken down by sucrase in the small intestine. Sucrose may well be substantially healthier than HFCS, but it's perfectly valid for a somewhat knowledgable person to want to know what the reason for the difference is. You haven't helped in that regard.
I'm not convinced that you understand how credit cards work, or for that matter, how money works.
And I think you're being willfully obtuse.
Doesn't matter if it's your bank or your credit card company, it's YOUR money that's gone. With a debit card the money comes out of your bank, with a credit card the money initially comes from the credit company, who sends you a bill, and you send them money from your bank. In either case you can file paperwork claiming fraud, and in both cases a valid claim of fraud will result in your money being returned. (specific policies vary by company and bank)
When you receive a bill, there is no force of nature causing you to send payment. Here's how it works with a debit card:
Money is stolen via your card, coming immediately from your bank account.
You notice the discrepancy (perhaps because you want to withdraw money you expected to have but don't, in which case it sucks to be you).
You ask the bank to return or restore the money, claiming fraud.
(a) The bank returns the money, or (b) the bank denies the claim.
In case 4(a), you have no access to the money in the time between 3 and 4(a), which could be 10 business days (two weeks). In 4(b), it is up to you to pursue legal action against the bank.
Here's how it works with a credit card:
Money is stolen via your card, being paid from the card company's accounts.
You receive a bill including the fraudulent charge (note: the company is asking you for money, rather than vice versa).
You make a claim for fraud.
You send a payment only for the non-fraudulent amounts.
(a) The company accepts your claim, and that's the end of it, or (b) they deny your claim, so you keep getting bills and other collection action.
In 5(b), it's up to the company to pursue legal action against you, rather than vice versa. In all cases, the money remains in your control at least until the company wins in court. (Of course, you would lose the money with the debit card as well if you lost against the bank in court, but the money would have remained out of your control immediately.)
The point is clear: your money is gone with a debit card in that you lose actual control of it, and have to ask for it back. The card company's money is gone with a credit card because they have to ask you for it back (perhaps not entirely, if they haven't paid the merchant yet, but that's not your concern).
So, let me see if I have this straight. Suppose it is a crime to fail to disclose the existence of asbestos when selling a property (completely separate from cleanup). In that case, the authorities should charge the CURRENT OWNER, Jafafa Hots, with failing to disclose the existence of asbestos when the property was sold, since the OWNER took on ALL the liabilities when they purchase the property.
Similarly, if I create a bogus company, for the sole purpose of scamming investors, and con a total of 5 investors, A, B, C, D, and E, into buying shares, they should be fined for defrauding investors A, B, C, D, and E.
Should the SEC continue to exist? It wastes a lot of time "protecting" investors, even though you have proven that it is categorically impossible for an investor to be a victim of the company's actions.
Way to completely ignore the point. Your parent post was pointing out that in this particular story, where Dell is paying a fine for defrauding people who bought their stock, it is perverse to claim that the current stockholders should be treated as personally liable. You brought up an unrelated example where the victims were not the stockholders. To be clear, you are claiming that when a company is fined for using a secret slush fund to smooth out its earnings, thereby defrauding people who newly bought its stock, the penalty should fall on the current stockholders. I think quite the opposite. No publicly traded company should pay a dime in any sort of investment fraud case--any penalties should be paid by management.
That was how it was used by both Bruce Schneier and RSA themselves in articles about the subject. I'll go with their usage. I realize that in a way that is "appeal to authority", but in this case there is little doubt that they are greater authorities on the subject than you or I.
Argggh. However, I think I'm right at least as to symmetric ciphers. I've never heard brute force refer to anything that doesn't treat the algorithm as a black box in that case.
No, it isn't. I know what a theory is, and so do you. The difference is in the phrase "currently known". It is "currently known" that in theory (real theory, you have yourself written about it) quantum quantum computing could be quite useful in brute-forcing some systems. In that respect the sentence I quoted is just plain incorrect. If it was meant in a different way, it should have been written in a different way. I will concede that it may not be "currently known" to be useful against AES-256 and the like, but the sentence clearly says "any algorithm", which is just as clearly (ref: sources we have already discussed) incorrect.
It is true that there is a sweet spot in key length where brute force by a classical computer is infeasible but by a quantum computer it is feasible in theory. What people usually mean by quantum computers not being useful for brute force is that, for any algorithm with adequate choices of key length, where the time is linear in key length or close to it, if key length N is infeasible for classical computers to brute force and you're worried about quantum computers, you can simply choose 2*N. (I have no reason to think you disagree with these statements, I'm just saying what people probably mean.)
And that's all fine, but that isn't the way I was using the word. At least I never meant to use it that way. If I have, please refresh my memory. [...]
So wherever the "blame" lies, if such there be, we do not disagree so much after all. It was more of a communication problem than anything else.
I sure as hell do not plan on reading through again to figure out the blame and/or argue about it.
There is no sound basis today for saying we "know" how to do the most efficient quantum computing, even in theory. We don't even know how many different types of particles there are, or their properties!
The problem is the way physical laws are updated with new knowledge. Nineteenth century physics was correct in normal human situations. We know at least it was wrong at the samll scale, high speeds, or high gravity. It was the small scale issues that were technologically revolutionary (e.g., semiconductors and probably quantum computers at some point), because there are no inherent resource problems with building small things. Currently, QM really looks correct at normal small scale situations. Where things break down is high engergies and also high gravity is still not solidly understood. So, this is all very exciting for physics, but we won't end up with a Tevatron on everyone's desk. It's pretty clear I consider new computing due to new physics more science fictional than you (although it's clearly possible). Thus, I'm not inclined to say it has to be related to QM as opposed to small black holes or wormholes or the like.
It is true that I was writing under the assumption that when brute-forcing, the encryption algorithm (assuming it can be implemented at all) is pretty much irrelevant (black box). But it is not. A encryption with a 512-bit key has indeed been brute-forced (about 7 years ago), but I wasn't accounting for the fact that it was RSA and weaknesses in its keyspace were exploited.
Well, I have to admit that people use "brute force" that way, but that's only because people use "brute force" loosely. They didn't try all 2^512 private keys: they factored the public key, and they didn't even use a brute force factorization like trial division! Nothing about that is brute force--it's just an instance of people using "brute force" to mean "best known attack".
This statement is pretty much irrelevant, because regardless of what THEY were saying, I clearly stated that I was referring to theory, not "current" capabilities. And really, even in any possible context being dealt with here, that is an asinine thing to state, because if we are really discussing our capabilities now, TODAY, then we are capable of very damned little, and almost nothing that has been discussed in this thread is even feasible. There would be little point in having a discussion at all.
I said I'm not talking about what's possible with current engineering limitations, which would indeed be pointless. It's pretty obvious that we're talking about different things by "theory". I tried to clarify that in response to the Arthur C. Clarke quote. I'll do so more fully. One sense of "theory" in the future unknown, where everything is possible except traveling faster than light, and maybe even that is possible. I consider this equally pointless. Sure, we might feasibly brute force AES using a quantum phenomenom uknown to current physics, but we might also break it with something unknown to physics that has nothing to do with quantum mechanics.
My sense of "theory" uses the fact that we have a mathematically well-defined theory of quantum computing at this point, in addition to actual physics research about building the things. For example, there's a complexity class BQP, and it doesn't change anything about the class if we discover that a new type of computation is physically possible (although it creates a naming problem if this also involves quantum mechanics), just as harnessing a physical phenonmenon to solve NP-complete problems in polynomial physical time would not prove that P=NP. This provides a useful basis for discussion. We can think about what might happen if decoherence problems are solved, and systems with hundreds, or thousands, or that matter billions of qubits are built. And, to continue with our current example, we can say that overcoming practical problems like decoherence is not itself enough to brute force AES. This talk about theoretical limits is thus useful, just as speculation can be. The only disagreement I continue to have is what I identified above: there's no reason to say that newly discovered physical possiblities allowing faster computation will be quantum in nature.
assemblerex started the thread: "The universe would suffer thermal death before they break 256-bit aes."
An Anonymous Coward responded, in relevant part:
Stop citing things inaccurately enough to be a myth.
The universe would suffer heat death. Before someone cracked the encryption. Using brute force. Via exhaustive search of keyspace. Utilizing techniques currently understood by science and the present beliefs of the laws of thermodynamics. FULL STOP. Hi, Quantum Computing....you ready yet?
Another AC responded to that (emphasis mine):
Your comparison to quantum computing is dead wrong. Quantum computers are not currently known to be useful for brute forcing any algorithm.
The only reason they are useful for breaking things like RSA, is that we have large number factoring algorithms that work on quantum computers (Shor's algorithm). RSA was known to be vulnerable to large number factoring from the moment it was designed. In fact, as a one way encryption function, that's part of it's design. We assume that problem to be "hard", but with large enough quantum computers we can make it "easy". Brute forcing RSA was never considered as factoring the modulus is already more than an order of magnitude easier.
AES does not rely on a one way mathematical function for security, so talking about quantum computers breaking it is just silly. Weaknesses in the algorithm itself are the biggest threat to it. Your points about entropy per character are also rather silly as that's an implementation issue and has nothing to do with the AES algorithm. Also for the record, the character set of all keyboard enterable keys is about 6.6 bits of entropy with a random distribution. No idea where you got 4.24 bits from, but even random lowercase letters alone have more entropy per character than that.
assemblerex's point remains valid. Until computers are build from something other than matter, or occupy something other than space, it is unlikely that we will be "brute forcing" 256-bit keys.
It's certainly up for debate what the first AC meant, but it's quite clear what the second AC meant: quantum computers do not usefully improve our ability to use brute force to break AES or anything else. Further, it's clear that the AC is claiming this lack of usefulness for brute force alone, using the example where factoring, a non-brute-force approach, is usefully improved by quantum computers. The AC is not saying that factoring is the only such possibility. I don't think I'm reading anything into this, but let me know if I am.
This is relevant because it was to post to which you initially responded, writing:
You seem to be assuming that brute-forcing is somehow a difficult computational task for quantum computers, as opposed to some factoring algorithm. On the contrary, it is trivially easy: all it requires is the incrementing of a counter.
But of course AES itself would actually have to be implemented in the quantum computer, or you lose any advantage that quantum computing might give. That would be the hard part. But as it's a straightforward and known algorithm, I don't see any particular difficulty.
Quantum computing is Turing-complete, so there is no theoretical reason that it could not be done.
Particularly in the context of the post you're replying to, it is reasonable to assume that you meant that brute forcing AES on a quantum computer would be usefully faster, maybe to the point of being feasible, not merely the trivial point that it's possible given unlimited running time.
I responded, linking to Grover's algorithm:
Um, no. The speed-up is quadratic, so it's no easier than classically brute-forcing half the key length.
The point is that Grover's algorithm is the optimal way to find a brute force match on
I'll just respond to all your posts at once. There is a section "Optimality" in the Grover's algorithm article. You should read it. (And please don't bother bringing up the point that it that article says that it is not proven that NP is not contained in BQP. Lots of things aren't proven, but if P=NP there is no encryption anyway.) In the field that people refer to as quantum computing, there is not, and almost certainly cannot be, any generic procedure to get exponential speed up.
In response to points you brought up: (1) This whole notion that quantum computing is the same as classical computing with extremely massive parallelism is grossly incorrect, whatever lay magazine article you read notwithstanding. (2) Specifically, uantum computing does not change the fact that you cannot have 2^256, let alone (2^256)^2, processors in the physical universe (you do not get a number of generic "processors" that is exponential in the amount of matter you have). (2) Some algorithms may be exponentially faster with quantum computing, but you were obviously claiming that every encryption algorithm can be brute forced, presumably subexponentially, by a quantum computer, which is a completely different claim.
It is a common fallacy to believe that there is rational expectation that quantum computing can brute force everything. Regarding Arthur C. Clarke, don't be a jerk. The frame of discussion has clearly been the current scientific field of quantum computing. When you said that "brute-forcing" is "trivially easy" for quantum computers, the assumption is that you have some actual reason to believe that is true, not that you're speculating about technology in the future that goes beyond current theory. Telling you that you are wrong is simply stating a correct fact about the field of quantum computing--it is not a claim that technology beyond this is a priori impossible.
You seem to be assuming that brute-forcing is somehow a difficult computational task for quantum computers, as opposed to some factoring algorithm. On the contrary, it is trivially easy: all it requires is the incrementing of a counter.
Um, no. The speed-up is quadratic, so it's no easier than classically brute-forcing half the key length.
Take a look at the Dow Jones average over the past 30 years. Take note of how in the past 12 it has huge fluctuations. The current system of trading stocks is broken. The market moves so fast it is all in the hands of computers. It needs to slow down.
This is an artifact of using a linear scale, so that a 10% fluctation when the index is 10,000 is much larger than when it is 2,000, and the fact that the market has, in retrospect, stagnated for the past decade.
Here is linear plot of the DJIA for the past 30 years: 1980 to 2010 linear
Here is a linear plot of the DJIA for 1949 to 1979: 1949 to 1979 linear
I don't think that algo trading started in the 1970s, ceased from 1980 to 2000, and then resumed. Of course, there is still more contrast between the 2000s and the previous two decades than between the 1970s and the previous two decades. This is because in the latter case the market increased about 4 or 5 times to get to the level where it stagnated, while in the former it increased 10 times, so the effect of earlier years being muted in a linear scale is stronger. In particular see the market lose and regain 40% of its value from 1973 to 1976. The past decade is not unprecedented.
The correct way to look at this is with a logarithmic scale. Unfortunately, the graphs I have are vertically compressed in a log scale, but you can still compare the fluctuations in the last ten years of the graph to the fluctuations in the first twenty years of the same graph. Coincidentally, in each graph there is a large dip at or near the end, due to actual recessions.
Here is a log plot of the DJIA for the past 30 years: 1980 to 2010 log
Here is a log plot of the DJIA for 1949 to 1979: 1949 to 1979 log
You seem to be under the impression that every fully saturated color is a spectral color, but this is false. If "hue" only includes the pure visible spectrum, then HSB will not include magenta (or, actually, the whole triangle defined by white, red, and violet, on CIE chromaticity diagram). Look in particular at the color wheel and the visible spectrum on the magenta page. People do use HSB, but the range of the hue must include a non-spectral "line of purples" to wrap around.
Assuming this is even legal (as you're not only requiring employees to bring their own tools, but to spend their time maintaining said tools for free), this works great until potential employees wise up and you have to pay higher base wages to compensate for the inevitable docked pay (or spare computers or parts to avoid it). Since it's obviously much cheaper on average to keep a handful of spare computers or spare parts for the whole company, for use while dealing with the manufacturer for warranty repair or replacement, etc., than to keep one spare computer for every employee, this probably saves money mostly if you dupe your employees into eating the loss.
You are right of course; but how about this, then: Instead of making noises, why not require mobile operators to not accept calls other than to the emergency services on the motorway. They can do that, since they can already tell you position fairly accurately from the signal strengths on the local receivers.
First off, you have passengers, including passengers of buses and so forth. I want policies that encourage multiple people to a vehicle.
Second, there is just no way that we have maps that are accurate enough. I gather that motorway is a British term corresponding to the American term freeway, a road that has no stops and is limited to motor vehicle traffic, so you don't have the problem of sidewalks (aka pavement, I believe). Even so, there are apartment buildings in my city that I can clearly see on Google maps to be less than 40 feet from the edge of the freeway, and so I doubt the map data is accurate enough.
The solution is to receive payment via ACH debit. This means you initiate (with their written permission, make sure you have the signed docs for this) the withdrawal of funds from their account. Once you get the funds, you're in the clear... they cannot be recalled by the other party, and you did not need to give them your account details.
Are you serious???! An ACH transaction can be reversed up to 60 days after the next bank statement, if the customer reports it as an unauthorized electronic transfer. This is as it should be, since an account number is not a proof of identity. In theory, if you can show that the actual account holder did authorize the transaction, you're fine, but even in the best possible case the verification is all on you. Of course, in a case like the check case in the article where the business was transacted by mail, anyone can send you a bunch of phony authorization paperwork that isn't going to mean jack.
Visa's implementation is marginally better becuase it echoes a "secret phrase" to you on the screen before you input your pin, thereby allowing you to verify that it's them, and not some random phisher.
It lets you verify that it's either Visa or a man-in-the-middle attack...
Jesus fucking Christ. Why not just pass a law that, "It shall be an offense against the United States to bind oxygen to hemoglobin, punishable by imprisonment for up to ten years," and rely on prosecutorial discretion to only punish those who deserve it for some actual reason?
Solar, for as long as we really need to care about, is going to be around forever. [...] Gravititic potential energy is another largely untapped resource. While some forms of this like dams and tidal generators have been developed, there is literally an unlimited amount of energy in the form of space-time bending due to gravity.
Gravitational potential energy on Earth is limited in roughly the same sense as solar energy. The universe of course has limited total energy resources...
This is exactly correct. Not only are individuals not their customers, lenders actively profit when credit reports are worse than they should be, and these profits support the reporting agencies directly.
It is the exact same scam as the ratings agencies passing off sub-prime mortgages as AAA. And it is completely due to the fact that the entire industry is supported by taxpayer money; financial institutions that fail to assess risk correctly are prevented from failing.
Actually, it's extremely different. In the mortgage case, risk was assessed as lower than it actually is when making loans. The normal market mechanism for correction is that such lenders lose money and eventually go bankrupt, so it's perfectly coherent to claim that being backstopped by the taxpayers distorts the correction. Note that this correction doesn't rely on the lenders having competition -- if the entire industry is making loans below the cost of risk it will still lose money. Also note that the loss of money was absolute. They loans were not merely less profitable than they could be, they lost money on net.
In contrast, if you assess risk as higher than it actually is, you still make profit, albeit perhaps less than otherwise. The normal market mechanism for correction is not bankruptcy, but competition. There are no losses for taxpayers to backstop. Of course, in theory lenders could eventually lose all their customers to other lenders using a more accurate model of consumers, but that isn't happening; and if it is due to government distortion it's not the same mechanism at all as propping up failing institutions.
I suspect the real situation is this:
Credit reporting agencies provide mostly accurate information. If I'm a lender, I want accurate information. If agency A offers "lender-friendly" bad credit reports and agency B offers accurate reports, I can steal from lenders using agency A all the customers who have have falsely bad reports from agency A. Your claim that providing bad credit reports helps lenders is only true if the interest rate for any given credit rating is fixed by law or something.
Nevertheless, "mostly accurate" could easily allow for a lot of anecdotes of inaccuracy. The natural barriers to entry for a CRA are extremely high, so a tiny fraction of consumers with inaccurate accounts will not cause a competitor to spring up, but a tiny fraction could still be a large absolute number of consumers.
Dude, 90% of the humor is the fact that this overused quote actually applies (or comes as close to applying as it ever will) with its original referent, rather than "I, for one, welcome our new hamster overlords" or whatever. Hell, the BBC headline was "Ant mega-colony takes over world." If some religious cult built a computer to determine the answer to a philosophical question, HHGTTG jokes would be kind of funny in reference to such a story (although that's not the best example on my part because more applicable and less overused would be a reference to the stars, one by one, winking out).
Slashdot Mirror
But at the same time I'm sure most people would rather see the books go to those that will enjoy reading/owning them rather than some guy who is vulturing thru the tables looking for something he can resell.
The book will inevitably go to someone who will enjoy reading it; it just won't be the person who bought it at the sale.
I mean, a library is all about being free for everyone. And to have someone come in and try to profit from their operations is distasteful.
If the library wants to ensure the book is available to everyone, not just people who are wealthy enough to buy used books online, the obvious solution is to keep it in their circulating collection.
No, the pond is on the 49-acre property that the couple bought with the proceeds of the sale, not the 1-acre property that they sold.
In this house we obey the laws of thermodynamics!
Remember, people with six figure incomes pay less then the rest of us because they get taxed at capital gains rates, which can be as low as 15%. Real working people pay around %30 or more.
Six figures? What is this, the 1970s? Of course, the bulk of income earned by people making six figures is taxed at ordinary income tax rates: wages, self-employment income, etc. Intuitively, you have far, far more people with six figure incomes from employment than retired and drawing six figures from investments, or young people drawing six figures from trust funds; and also six figures is way below point of things like hedge fund managers arranging things such that most of their income is in the form of capital gains.
Here is data from the IRS on sources of income classified by AGI. I selected 2006 so you can't say that capital gains are low due to the recession, which started in 2007. As you can see, for the 12 million returns with AGI from $100K to $200K, 3.6% of the income was from qualified dividends and net long-term capital gains. For the 3 million returns from $200K to $500K, it was 8.1%, for the 600 thousand from $500K to $1M, it was 12.0%. A large majority of "six figure income" people hardly have any income taxed at the special 15% rate. Obviously you are correct that someone making a large portion of their income in capital gains and dividends will pay a lower tax rate than many people making their money from wages, but overall it is not until well into the seven figures that the average effective tax rate starts going down.
Table sugar is pure sucrose, for all intent and purpose.
And sucrose is a disaccharide composed of fructose and glucose--i.e., 50% fructose. It's broken down by sucrase in the small intestine. Sucrose may well be substantially healthier than HFCS, but it's perfectly valid for a somewhat knowledgable person to want to know what the reason for the difference is. You haven't helped in that regard.
I'm not convinced that you understand how credit cards work, or for that matter, how money works.
And I think you're being willfully obtuse.
Doesn't matter if it's your bank or your credit card company, it's YOUR money that's gone. With a debit card the money comes out of your bank, with a credit card the money initially comes from the credit company, who sends you a bill, and you send them money from your bank. In either case you can file paperwork claiming fraud, and in both cases a valid claim of fraud will result in your money being returned. (specific policies vary by company and bank)
When you receive a bill, there is no force of nature causing you to send payment. Here's how it works with a debit card:
In case 4(a), you have no access to the money in the time between 3 and 4(a), which could be 10 business days (two weeks). In 4(b), it is up to you to pursue legal action against the bank.
Here's how it works with a credit card:
In 5(b), it's up to the company to pursue legal action against you, rather than vice versa. In all cases, the money remains in your control at least until the company wins in court. (Of course, you would lose the money with the debit card as well if you lost against the bank in court, but the money would have remained out of your control immediately.)
The point is clear: your money is gone with a debit card in that you lose actual control of it, and have to ask for it back. The card company's money is gone with a credit card because they have to ask you for it back (perhaps not entirely, if they haven't paid the merchant yet, but that's not your concern).
So, let me see if I have this straight. Suppose it is a crime to fail to disclose the existence of asbestos when selling a property (completely separate from cleanup). In that case, the authorities should charge the CURRENT OWNER, Jafafa Hots, with failing to disclose the existence of asbestos when the property was sold, since the OWNER took on ALL the liabilities when they purchase the property. Similarly, if I create a bogus company, for the sole purpose of scamming investors, and con a total of 5 investors, A, B, C, D, and E, into buying shares, they should be fined for defrauding investors A, B, C, D, and E. Should the SEC continue to exist? It wastes a lot of time "protecting" investors, even though you have proven that it is categorically impossible for an investor to be a victim of the company's actions.
Way to completely ignore the point. Your parent post was pointing out that in this particular story, where Dell is paying a fine for defrauding people who bought their stock, it is perverse to claim that the current stockholders should be treated as personally liable. You brought up an unrelated example where the victims were not the stockholders. To be clear, you are claiming that when a company is fined for using a secret slush fund to smooth out its earnings, thereby defrauding people who newly bought its stock, the penalty should fall on the current stockholders. I think quite the opposite. No publicly traded company should pay a dime in any sort of investment fraud case--any penalties should be paid by management.
That was how it was used by both Bruce Schneier and RSA themselves in articles about the subject. I'll go with their usage. I realize that in a way that is "appeal to authority", but in this case there is little doubt that they are greater authorities on the subject than you or I.
Argggh. However, I think I'm right at least as to symmetric ciphers. I've never heard brute force refer to anything that doesn't treat the algorithm as a black box in that case.
No, it isn't. I know what a theory is, and so do you. The difference is in the phrase "currently known". It is "currently known" that in theory (real theory, you have yourself written about it) quantum quantum computing could be quite useful in brute-forcing some systems. In that respect the sentence I quoted is just plain incorrect. If it was meant in a different way, it should have been written in a different way. I will concede that it may not be "currently known" to be useful against AES-256 and the like, but the sentence clearly says "any algorithm", which is just as clearly (ref: sources we have already discussed) incorrect.
It is true that there is a sweet spot in key length where brute force by a classical computer is infeasible but by a quantum computer it is feasible in theory. What people usually mean by quantum computers not being useful for brute force is that, for any algorithm with adequate choices of key length, where the time is linear in key length or close to it, if key length N is infeasible for classical computers to brute force and you're worried about quantum computers, you can simply choose 2*N. (I have no reason to think you disagree with these statements, I'm just saying what people probably mean.)
And that's all fine, but that isn't the way I was using the word. At least I never meant to use it that way. If I have, please refresh my memory. [...] So wherever the "blame" lies, if such there be, we do not disagree so much after all. It was more of a communication problem than anything else.
I sure as hell do not plan on reading through again to figure out the blame and/or argue about it.
There is no sound basis today for saying we "know" how to do the most efficient quantum computing, even in theory. We don't even know how many different types of particles there are, or their properties!
The problem is the way physical laws are updated with new knowledge. Nineteenth century physics was correct in normal human situations. We know at least it was wrong at the samll scale, high speeds, or high gravity. It was the small scale issues that were technologically revolutionary (e.g., semiconductors and probably quantum computers at some point), because there are no inherent resource problems with building small things. Currently, QM really looks correct at normal small scale situations. Where things break down is high engergies and also high gravity is still not solidly understood. So, this is all very exciting for physics, but we won't end up with a Tevatron on everyone's desk. It's pretty clear I consider new computing due to new physics more science fictional than you (although it's clearly possible). Thus, I'm not inclined to say it has to be related to QM as opposed to small black holes or wormholes or the like.
It is true that I was writing under the assumption that when brute-forcing, the encryption algorithm (assuming it can be implemented at all) is pretty much irrelevant (black box). But it is not. A encryption with a 512-bit key has indeed been brute-forced (about 7 years ago), but I wasn't accounting for the fact that it was RSA and weaknesses in its keyspace were exploited.
Well, I have to admit that people use "brute force" that way, but that's only because people use "brute force" loosely. They didn't try all 2^512 private keys: they factored the public key, and they didn't even use a brute force factorization like trial division! Nothing about that is brute force--it's just an instance of people using "brute force" to mean "best known attack".
This statement is pretty much irrelevant, because regardless of what THEY were saying, I clearly stated that I was referring to theory, not "current" capabilities. And really, even in any possible context being dealt with here, that is an asinine thing to state, because if we are really discussing our capabilities now, TODAY, then we are capable of very damned little, and almost nothing that has been discussed in this thread is even feasible. There would be little point in having a discussion at all.
I said I'm not talking about what's possible with current engineering limitations, which would indeed be pointless. It's pretty obvious that we're talking about different things by "theory". I tried to clarify that in response to the Arthur C. Clarke quote. I'll do so more fully. One sense of "theory" in the future unknown, where everything is possible except traveling faster than light, and maybe even that is possible. I consider this equally pointless. Sure, we might feasibly brute force AES using a quantum phenomenom uknown to current physics, but we might also break it with something unknown to physics that has nothing to do with quantum mechanics.
My sense of "theory" uses the fact that we have a mathematically well-defined theory of quantum computing at this point, in addition to actual physics research about building the things. For example, there's a complexity class BQP, and it doesn't change anything about the class if we discover that a new type of computation is physically possible (although it creates a naming problem if this also involves quantum mechanics), just as harnessing a physical phenonmenon to solve NP-complete problems in polynomial physical time would not prove that P=NP. This provides a useful basis for discussion. We can think about what might happen if decoherence problems are solved, and systems with hundreds, or thousands, or that matter billions of qubits are built. And, to continue with our current example, we can say that overcoming practical problems like decoherence is not itself enough to brute force AES. This talk about theoretical limits is thus useful, just as speculation can be. The only disagreement I continue to have is what I identified above: there's no reason to say that newly discovered physical possiblities allowing faster computation will be quantum in nature.
Let's follow the discussion.
assemblerex started the thread: "The universe would suffer thermal death before they break 256-bit aes."
An Anonymous Coward responded, in relevant part:
Stop citing things inaccurately enough to be a myth.
The universe would suffer heat death. Before someone cracked the encryption. Using brute force. Via exhaustive search of keyspace. Utilizing techniques currently understood by science and the present beliefs of the laws of thermodynamics. FULL STOP. Hi, Quantum Computing....you ready yet?
Another AC responded to that (emphasis mine):
Your comparison to quantum computing is dead wrong. Quantum computers are not currently known to be useful for brute forcing any algorithm.
The only reason they are useful for breaking things like RSA, is that we have large number factoring algorithms that work on quantum computers (Shor's algorithm). RSA was known to be vulnerable to large number factoring from the moment it was designed. In fact, as a one way encryption function, that's part of it's design. We assume that problem to be "hard", but with large enough quantum computers we can make it "easy". Brute forcing RSA was never considered as factoring the modulus is already more than an order of magnitude easier.
AES does not rely on a one way mathematical function for security, so talking about quantum computers breaking it is just silly. Weaknesses in the algorithm itself are the biggest threat to it. Your points about entropy per character are also rather silly as that's an implementation issue and has nothing to do with the AES algorithm. Also for the record, the character set of all keyboard enterable keys is about 6.6 bits of entropy with a random distribution. No idea where you got 4.24 bits from, but even random lowercase letters alone have more entropy per character than that.
assemblerex's point remains valid. Until computers are build from something other than matter, or occupy something other than space, it is unlikely that we will be "brute forcing" 256-bit keys.
It's certainly up for debate what the first AC meant, but it's quite clear what the second AC meant: quantum computers do not usefully improve our ability to use brute force to break AES or anything else. Further, it's clear that the AC is claiming this lack of usefulness for brute force alone, using the example where factoring, a non-brute-force approach, is usefully improved by quantum computers. The AC is not saying that factoring is the only such possibility. I don't think I'm reading anything into this, but let me know if I am.
This is relevant because it was to post to which you initially responded, writing:
You seem to be assuming that brute-forcing is somehow a difficult computational task for quantum computers, as opposed to some factoring algorithm. On the contrary, it is trivially easy: all it requires is the incrementing of a counter.
But of course AES itself would actually have to be implemented in the quantum computer, or you lose any advantage that quantum computing might give. That would be the hard part. But as it's a straightforward and known algorithm, I don't see any particular difficulty.
Quantum computing is Turing-complete, so there is no theoretical reason that it could not be done.
Particularly in the context of the post you're replying to, it is reasonable to assume that you meant that brute forcing AES on a quantum computer would be usefully faster, maybe to the point of being feasible, not merely the trivial point that it's possible given unlimited running time.
I responded, linking to Grover's algorithm:
Um, no. The speed-up is quadratic, so it's no easier than classically brute-forcing half the key length.
The point is that Grover's algorithm is the optimal way to find a brute force match on
I'll just respond to all your posts at once. There is a section "Optimality" in the Grover's algorithm article. You should read it. (And please don't bother bringing up the point that it that article says that it is not proven that NP is not contained in BQP. Lots of things aren't proven, but if P=NP there is no encryption anyway.) In the field that people refer to as quantum computing, there is not, and almost certainly cannot be, any generic procedure to get exponential speed up.
In response to points you brought up: (1) This whole notion that quantum computing is the same as classical computing with extremely massive parallelism is grossly incorrect, whatever lay magazine article you read notwithstanding. (2) Specifically, uantum computing does not change the fact that you cannot have 2^256, let alone (2^256)^2, processors in the physical universe (you do not get a number of generic "processors" that is exponential in the amount of matter you have). (2) Some algorithms may be exponentially faster with quantum computing, but you were obviously claiming that every encryption algorithm can be brute forced, presumably subexponentially, by a quantum computer, which is a completely different claim.
It is a common fallacy to believe that there is rational expectation that quantum computing can brute force everything. Regarding Arthur C. Clarke, don't be a jerk. The frame of discussion has clearly been the current scientific field of quantum computing. When you said that "brute-forcing" is "trivially easy" for quantum computers, the assumption is that you have some actual reason to believe that is true, not that you're speculating about technology in the future that goes beyond current theory. Telling you that you are wrong is simply stating a correct fact about the field of quantum computing--it is not a claim that technology beyond this is a priori impossible.
You seem to be assuming that brute-forcing is somehow a difficult computational task for quantum computers, as opposed to some factoring algorithm. On the contrary, it is trivially easy: all it requires is the incrementing of a counter.
Um, no. The speed-up is quadratic, so it's no easier than classically brute-forcing half the key length.
How about quantum computers advance to a usable level, and that 2^256 complexity is solvable in 256^6 time?
Grover's alogrithm would allow the search in sqrt(N)=sqrt(2^256)=2^128 time. I don't know where 256^6 is coming from.
Take a look at the Dow Jones average over the past 30 years. Take note of how in the past 12 it has huge fluctuations. The current system of trading stocks is broken. The market moves so fast it is all in the hands of computers. It needs to slow down.
This is an artifact of using a linear scale, so that a 10% fluctation when the index is 10,000 is much larger than when it is 2,000, and the fact that the market has, in retrospect, stagnated for the past decade.
Here is linear plot of the DJIA for the past 30 years: 1980 to 2010 linear
Here is a linear plot of the DJIA for 1949 to 1979: 1949 to 1979 linear
I don't think that algo trading started in the 1970s, ceased from 1980 to 2000, and then resumed. Of course, there is still more contrast between the 2000s and the previous two decades than between the 1970s and the previous two decades. This is because in the latter case the market increased about 4 or 5 times to get to the level where it stagnated, while in the former it increased 10 times, so the effect of earlier years being muted in a linear scale is stronger. In particular see the market lose and regain 40% of its value from 1973 to 1976. The past decade is not unprecedented.
The correct way to look at this is with a logarithmic scale. Unfortunately, the graphs I have are vertically compressed in a log scale, but you can still compare the fluctuations in the last ten years of the graph to the fluctuations in the first twenty years of the same graph. Coincidentally, in each graph there is a large dip at or near the end, due to actual recessions.
Here is a log plot of the DJIA for the past 30 years: 1980 to 2010 log
Here is a log plot of the DJIA for 1949 to 1979: 1949 to 1979 log
You seem to be under the impression that every fully saturated color is a spectral color, but this is false. If "hue" only includes the pure visible spectrum, then HSB will not include magenta (or, actually, the whole triangle defined by white, red, and violet, on CIE chromaticity diagram). Look in particular at the color wheel and the visible spectrum on the magenta page. People do use HSB, but the range of the hue must include a non-spectral "line of purples" to wrap around.
Assuming this is even legal (as you're not only requiring employees to bring their own tools, but to spend their time maintaining said tools for free), this works great until potential employees wise up and you have to pay higher base wages to compensate for the inevitable docked pay (or spare computers or parts to avoid it). Since it's obviously much cheaper on average to keep a handful of spare computers or spare parts for the whole company, for use while dealing with the manufacturer for warranty repair or replacement, etc., than to keep one spare computer for every employee, this probably saves money mostly if you dupe your employees into eating the loss.
You are right of course; but how about this, then: Instead of making noises, why not require mobile operators to not accept calls other than to the emergency services on the motorway. They can do that, since they can already tell you position fairly accurately from the signal strengths on the local receivers.
First off, you have passengers, including passengers of buses and so forth. I want policies that encourage multiple people to a vehicle.
Second, there is just no way that we have maps that are accurate enough. I gather that motorway is a British term corresponding to the American term freeway, a road that has no stops and is limited to motor vehicle traffic, so you don't have the problem of sidewalks (aka pavement, I believe). Even so, there are apartment buildings in my city that I can clearly see on Google maps to be less than 40 feet from the edge of the freeway, and so I doubt the map data is accurate enough.
Yes, I was referring to debits from the personal accounts of human beings.
The solution is to receive payment via ACH debit. This means you initiate (with their written permission, make sure you have the signed docs for this) the withdrawal of funds from their account. Once you get the funds, you're in the clear... they cannot be recalled by the other party, and you did not need to give them your account details.
Are you serious???! An ACH transaction can be reversed up to 60 days after the next bank statement, if the customer reports it as an unauthorized electronic transfer. This is as it should be, since an account number is not a proof of identity. In theory, if you can show that the actual account holder did authorize the transaction, you're fine, but even in the best possible case the verification is all on you. Of course, in a case like the check case in the article where the business was transacted by mail, anyone can send you a bunch of phony authorization paperwork that isn't going to mean jack.
Visa's implementation is marginally better becuase it echoes a "secret phrase" to you on the screen before you input your pin, thereby allowing you to verify that it's them, and not some random phisher.
It lets you verify that it's either Visa or a man-in-the-middle attack...
Jesus fucking Christ. Why not just pass a law that, "It shall be an offense against the United States to bind oxygen to hemoglobin, punishable by imprisonment for up to ten years," and rely on prosecutorial discretion to only punish those who deserve it for some actual reason?
Solar, for as long as we really need to care about, is going to be around forever. [...] Gravititic potential energy is another largely untapped resource. While some forms of this like dams and tidal generators have been developed, there is literally an unlimited amount of energy in the form of space-time bending due to gravity.
Gravitational potential energy on Earth is limited in roughly the same sense as solar energy. The universe of course has limited total energy resources...
This is exactly correct. Not only are individuals not their customers, lenders actively profit when credit reports are worse than they should be, and these profits support the reporting agencies directly.
It is the exact same scam as the ratings agencies passing off sub-prime mortgages as AAA. And it is completely due to the fact that the entire industry is supported by taxpayer money; financial institutions that fail to assess risk correctly are prevented from failing.
Actually, it's extremely different. In the mortgage case, risk was assessed as lower than it actually is when making loans. The normal market mechanism for correction is that such lenders lose money and eventually go bankrupt, so it's perfectly coherent to claim that being backstopped by the taxpayers distorts the correction. Note that this correction doesn't rely on the lenders having competition -- if the entire industry is making loans below the cost of risk it will still lose money. Also note that the loss of money was absolute. They loans were not merely less profitable than they could be, they lost money on net.
In contrast, if you assess risk as higher than it actually is, you still make profit, albeit perhaps less than otherwise. The normal market mechanism for correction is not bankruptcy, but competition. There are no losses for taxpayers to backstop. Of course, in theory lenders could eventually lose all their customers to other lenders using a more accurate model of consumers, but that isn't happening; and if it is due to government distortion it's not the same mechanism at all as propping up failing institutions.
I suspect the real situation is this:
Credit reporting agencies provide mostly accurate information. If I'm a lender, I want accurate information. If agency A offers "lender-friendly" bad credit reports and agency B offers accurate reports, I can steal from lenders using agency A all the customers who have have falsely bad reports from agency A. Your claim that providing bad credit reports helps lenders is only true if the interest rate for any given credit rating is fixed by law or something.
Nevertheless, "mostly accurate" could easily allow for a lot of anecdotes of inaccuracy. The natural barriers to entry for a CRA are extremely high, so a tiny fraction of consumers with inaccurate accounts will not cause a competitor to spring up, but a tiny fraction could still be a large absolute number of consumers.
Dude, 90% of the humor is the fact that this overused quote actually applies (or comes as close to applying as it ever will) with its original referent, rather than "I, for one, welcome our new hamster overlords" or whatever. Hell, the BBC headline was "Ant mega-colony takes over world." If some religious cult built a computer to determine the answer to a philosophical question, HHGTTG jokes would be kind of funny in reference to such a story (although that's not the best example on my part because more applicable and less overused would be a reference to the stars, one by one, winking out).