Not only is cryptography hard, it's an inexact science to begin with, full of fudges and best guesses. Which is why it is an area where you want time-proven solutions, many eyes, and a tight definition of the threat model. Of course, I always wonder how many eyes are actually reading and understanding (let alone vetting) code like OpenSSL sources anyway. And there would be an even smaller number who read more than the portion of code that they have to.
I think the issue is readability and documentation (and why, that's just what it says!)
Years back I wrote an encryption program in C as an exercise for myself using the OpenSSL libraries partly to learn how to use the APIs. Just a simple wrapper around well-documented APIs, knock it up in no time, right? Wrong!
The documentation was almost unintelligible to anyone who was not an OpenSSL developer or not prepared to study up on the algorithms used and wade through the OpenSSL code base to understand what the APIs did.
I doubt that has changed. I found a tutorial giving code snippets in a popular journal that were incorrect and had a crucial error resulting in much hair-pulling. I eventually solved this by pure guesswork and trial-and-error. It would have been much quicker to just cut and paste from someone else's openssl-based encryption program. This all reminded me of those frustrating time-wasting assignments as a student where lecturers forgot to tell us that it just wouldn't work or be solvable without secret Factor X and someone in the class had to discover this sideways from a tutor.
Time OpenSSL grew up and stopped living in arcane land. It needs decent docs. There is an O'Reilly book on it - maybe that'd help next time.
Just press the button that's for buying something and a real person will appear almost instantaneously.
And the salesperson will throw you back onto the maddening automated menu as they (1) put you on hold to enjoy the soul destroying muzac for 30 mins; then (2) helpfully re-direct you back to the place that either didn't exit or didn't respond in the first place.
These systems only have one aim: to stop you talking to people.
Good 'ol Slashdot. So many commenters who understand almost nothing about humankind's crowning intellectual achievement of theoretical physics and yet, with unbridled brio, are correcting the deficiencies in our current theory of dark matter and WIMPs in just a few lines here. We should all be thankful that Slashdotters are here to set the world's ignorant physicists straight! I'm looking forward to commenters coming up with the GUT and sorting out the European debt crisis for us as a side note, aren't you?
You're talking about snake oil tools from commercial interests. This tool doesn't detect bugs. It just looks for code similar to that of documented vulnerabilities from what I read. This cuts down the laborious business of trying to vetting code against thousands of advisories and reduces this to a list of possible matches. It doesn't remove the need for a real engineer to go over that list and check for false positives. But it's a huge improvement.
The amount of belligerent, right wing disgust for people trying to assert their democratic right to protest astonishes me. Yet I suppose these right wind nut jobs are the same people who keep ranting about the right to bear arms to defend oneself against the government.
I'm often impressed by how much more subtle the US is at crushing dissent than China. Instead of running students over with tanks and creating a huge image management headache, authorities in the US wage a PR war in chich Occupy protesters are incessantly presented as snotty-nosed stupid brats out for a party. Everyone laps it up and the movement is defused. The pepper spray incident was a tactical mistake but it's only one incident.
I might be out of date, but: the event itself requires the neuron's action potential to reach a threshold, then the synapse fires. It either fires or it does not. On or off. But the process of reaching the firing threshold is analog, since the physical geometry of the neuron and of its afferent neural feeds (inputs) determines at what point the neuron will fire. Neurotransmitter quantities in the synapse are also modifiable though eg by drugs and natural up/down regulation of receptors, enzymes or re-uptake inhibition. So a neuron is an analog computer having output with various amplitudes of on/off.
Some great points in this post and ensuing thread. I'm not as negative about the rebooted show. I loved the original as a child and I like the reboot, which I think tries hard to create a similar exhilaration to the classic dr shows - especially the Tennant series, which is when the show really snapped into focus. As an update I don't think it can avoid a lot of run-run-zap action stuff, that'd all some people notice these days. Creepiness is an essential element and is largely done well.
There was always sexual tension between the dr and companion, almost from the first series, that was by design. It is essential to the show and very effective. I'm still hot for Nyssa, Romana, Tegan, Leela etc after all these years and I'm definitely very hot for Rose and the rest. Apart from providing various classical dramatic functions such as a chorus, the girls were there initially for the dads to get off on (same reason as hot female presenters on any kid's show). Then they were there for girls to identify with, presenting an increasingly emancipated image, while lusting as girls together after the hunky cute non-threatening dr. The middle-aged average looking bag (whatsername River?) is there so that old and average bags in the audience have someone to identify with and so the older average men have someone to perv at who isn't infeasibly young and pretty.
How could paranoia about gov surveillance be considered insane (or even unreasonable) in the UK? The Brits are the citizen surveillance leaders of the world. They'll put a camera up your rectum if they can and leave it on 24/7. 1984 got that right. And quite right that New Labor thought 1984 was a blueprint. Tragic.
Unless yum has been rewritten in the last few years. Yum is awful because it sacrifices usability for some silly idea about checking the metadata of every package on every single run. It's slow and stupid. Apt/dpkg is far better for resolving tricky dependencies legally. Then there's the gigantic mess of incompatible rpm repos. The Debian world rules for a reason.
You fail to grasp that Jobs' rare combination of virtuoso entrepreneurship, drive and sheer smarts did indeed change technology. Both he and Gates had the gifts to create the future. It's not just hype. That's not to say that there aren't thousands of unsung talented people who also made this future we are now in.
Comments above show this paper does not study what it purports to study and draws false conclusions based on a non-understanding of statistics. Is it my imagination or are we getting more and more crap papers like this on/.?
It's so boring listening to little Perl haters. They always seem to have some chip on their shoulder as if Perl were the one language they just couldn't ever get. As if that C++ is any fun. Please, *must* I write in C++? Perl is a writer's language, if you are in the habit of using it you can write hard code [b]very[/b] fast. Brilliant prototyping, unbeaten RE/text manipulation, an unmatched repo of prewritten library code in CPAN, and a real "soul" that encourages one to have a stab at that complex regex only to discover it actually works first time. And that poetic sense that line noise is never just line noise. And finally: as great as sed and awk are, if you know a little Perl you won't need sed or awk for anything.
We're all supposed to be "knocking up" everything in Python. Yawn. I'm sure Python's great and I like the built in library (no way comes close to CPAN though). But Perl has character. There are intangible things that will attract one to a language. Perl can do things simply or Perl can do things hard. There is a wealth of intellectual complexity in Perl or just pattern-obsessed autism, either way it works. Perl rocks.
I suppose I should be pleased that Ruby is still fashionable. Ruby syntax is based on Perl and Larry has said that Perl OoO takes a lot from Ruby.
This is what it actually said:
User: You're in a desert, walking along in the sand, when all of a sudden you look down.
Cleverbot: I'm in a desert, damn I must be really high not to notice that.
User: It doesn't make any difference what desert, it's completely hypothetical.
Cleverbot: Ummm random much??
User: Maybe you're fed up. Maybe you want to be by yourself. Who knows? You look down and see a tortoise, It's crawling toward you...
Cleverbot: But I am allergic to torotise's, please move it away from me...
User: You reach down and you flip the tortoise over on its back.
Cleverbot: That would not be nice.
User: The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't. Not without your help. But you're not helping.
Cleverbot: The walrus.
User: I mean: you're not helping! Why is that?
Cleverbot: You are the liar!
User: They're just questions. In answer to your query, they're written down for me. It's a test, designed to provoke an emotional response... Shall we continue?
Cleverbot: Yes, let's continue.
User: So why don't you help the tortoise turn over?
Cleverbot: Because I don't like them.
User: Do you recognize where these questions are from?
Cleverbot: Yes, because I've known that information for a long time. Do you want me to tell you?
User: Yes please.
Cleverbot: Robert Zemeckis directed Forrest Gump.
User: Wrong. These questions are from a scene in Blade Runner.
Cleverbot: They are?
User: Yes. Directed by Ridley Scott and starring Harrison Ford.
Cleverbot: I haven't read them. Do you like scifi?
The exchanges I just had with Cleverbot suggested that he was off his meds. That thing should only pass a Turing test if we assume it has verbal symptoms of schizophrenia: disordered thought patterns, exchanging the meaning of one word for another, hearing colors, seeing smells etc/
But this example is not a tech race between criminals and police. If the network of plate-reading cameras and the app did not exist in the first place, neither criminals nor cops could (ab)use it.
Looking our your window to see if several hundred neighbors/victims are in or out is definitely harder. They can cherry pick victims with this app and not just for robbery.
I don't want to have Godwin's Law invoked on me so I can't be more specific, but there are astonishing quotes from certain folk in a certain big war mid-20C about how to get a stupid populace to give up freedom. Modern governments have clearly studied these. Familiar themes include:
you can do anything in the name of the children
keep the populace fearful of a common enemy and they will do your bidding to be safe
Slashdot Mirror
Not only is cryptography hard, it's an inexact science to begin with, full of fudges and best guesses. Which is why it is an area where you want time-proven solutions, many eyes, and a tight definition of the threat model. Of course, I always wonder how many eyes are actually reading and understanding (let alone vetting) code like OpenSSL sources anyway. And there would be an even smaller number who read more than the portion of code that they have to.
I think the issue is readability and documentation (and why, that's just what it says!)
Years back I wrote an encryption program in C as an exercise for myself using the OpenSSL libraries partly to learn how to use the APIs. Just a simple wrapper around well-documented APIs, knock it up in no time, right? Wrong!
The documentation was almost unintelligible to anyone who was not an OpenSSL developer or not prepared to study up on the algorithms used and wade through the OpenSSL code base to understand what the APIs did. I doubt that has changed. I found a tutorial giving code snippets in a popular journal that were incorrect and had a crucial error resulting in much hair-pulling. I eventually solved this by pure guesswork and trial-and-error. It would have been much quicker to just cut and paste from someone else's openssl-based encryption program. This all reminded me of those frustrating time-wasting assignments as a student where lecturers forgot to tell us that it just wouldn't work or be solvable without secret Factor X and someone in the class had to discover this sideways from a tutor.
Time OpenSSL grew up and stopped living in arcane land. It needs decent docs. There is an O'Reilly book on it - maybe that'd help next time.
Just press the button that's for buying something and a real person will appear almost instantaneously.
And the salesperson will throw you back onto the maddening automated menu as they (1) put you on hold to enjoy the soul destroying muzac for 30 mins; then (2) helpfully re-direct you back to the place that either didn't exit or didn't respond in the first place.
These systems only have one aim: to stop you talking to people.
Please mod parent up.
Does someone on /. staff sit down and write one of these every few months on a slow news day?
Good 'ol Slashdot. So many commenters who understand almost nothing about humankind's crowning intellectual achievement of theoretical physics and yet, with unbridled brio, are correcting the deficiencies in our current theory of dark matter and WIMPs in just a few lines here. We should all be thankful that Slashdotters are here to set the world's ignorant physicists straight! I'm looking forward to commenters coming up with the GUT and sorting out the European debt crisis for us as a side note, aren't you?
You're talking about snake oil tools from commercial interests. This tool doesn't detect bugs. It just looks for code similar to that of documented vulnerabilities from what I read. This cuts down the laborious business of trying to vetting code against thousands of advisories and reduces this to a list of possible matches. It doesn't remove the need for a real engineer to go over that list and check for false positives. But it's a huge improvement.
The amount of belligerent, right wing disgust for people trying to assert their democratic right to protest astonishes me. Yet I suppose these right wind nut jobs are the same people who keep ranting about the right to bear arms to defend oneself against the government.
I think he's trying to say that OWS is full of communists. (Yawn)
I'm often impressed by how much more subtle the US is at crushing dissent than China. Instead of running students over with tanks and creating a huge image management headache, authorities in the US wage a PR war in chich Occupy protesters are incessantly presented as snotty-nosed stupid brats out for a party. Everyone laps it up and the movement is defused. The pepper spray incident was a tactical mistake but it's only one incident.
I might be out of date, but: the event itself requires the neuron's action potential to reach a threshold, then the synapse fires. It either fires or it does not. On or off. But the process of reaching the firing threshold is analog, since the physical geometry of the neuron and of its afferent neural feeds (inputs) determines at what point the neuron will fire. Neurotransmitter quantities in the synapse are also modifiable though eg by drugs and natural up/down regulation of receptors, enzymes or re-uptake inhibition. So a neuron is an analog computer having output with various amplitudes of on/off.
Some great points in this post and ensuing thread. I'm not as negative about the rebooted show. I loved the original as a child and I like the reboot, which I think tries hard to create a similar exhilaration to the classic dr shows - especially the Tennant series, which is when the show really snapped into focus. As an update I don't think it can avoid a lot of run-run-zap action stuff, that'd all some people notice these days. Creepiness is an essential element and is largely done well.
There was always sexual tension between the dr and companion, almost from the first series, that was by design. It is essential to the show and very effective. I'm still hot for Nyssa, Romana, Tegan, Leela etc after all these years and I'm definitely very hot for Rose and the rest. Apart from providing various classical dramatic functions such as a chorus, the girls were there initially for the dads to get off on (same reason as hot female presenters on any kid's show). Then they were there for girls to identify with, presenting an increasingly emancipated image, while lusting as girls together after the hunky cute non-threatening dr. The middle-aged average looking bag (whatsername River?) is there so that old and average bags in the audience have someone to identify with and so the older average men have someone to perv at who isn't infeasibly young and pretty.
How could paranoia about gov surveillance be considered insane (or even unreasonable) in the UK? The Brits are the citizen surveillance leaders of the world. They'll put a camera up your rectum if they can and leave it on 24/7. 1984 got that right. And quite right that New Labor thought 1984 was a blueprint. Tragic.
No it isn't a non sequitur. He's talking about: http://www.teach-ict.com/as_a2_ict_new/ocr/AS_G061/317_role_impact_ict/ripa/miniweb/pg5.htm
Unless yum has been rewritten in the last few years. Yum is awful because it sacrifices usability for some silly idea about checking the metadata of every package on every single run. It's slow and stupid. Apt/dpkg is far better for resolving tricky dependencies legally. Then there's the gigantic mess of incompatible rpm repos. The Debian world rules for a reason.
You fail to grasp that Jobs' rare combination of virtuoso entrepreneurship, drive and sheer smarts did indeed change technology. Both he and Gates had the gifts to create the future. It's not just hype. That's not to say that there aren't thousands of unsung talented people who also made this future we are now in.
Qu: how is it that a judge can entirely avoid prosecution for a crime that would see an ordinary person jailed in many parts of the developed world?
Comments above show this paper does not study what it purports to study and draws false conclusions based on a non-understanding of statistics. Is it my imagination or are we getting more and more crap papers like this on /.?
It's so boring listening to little Perl haters. They always seem to have some chip on their shoulder as if Perl were the one language they just couldn't ever get. As if that C++ is any fun. Please, *must* I write in C++? Perl is a writer's language, if you are in the habit of using it you can write hard code [b]very[/b] fast. Brilliant prototyping, unbeaten RE/text manipulation, an unmatched repo of prewritten library code in CPAN, and a real "soul" that encourages one to have a stab at that complex regex only to discover it actually works first time. And that poetic sense that line noise is never just line noise. And finally: as great as sed and awk are, if you know a little Perl you won't need sed or awk for anything.
We're all supposed to be "knocking up" everything in Python. Yawn. I'm sure Python's great and I like the built in library (no way comes close to CPAN though). But Perl has character. There are intangible things that will attract one to a language. Perl can do things simply or Perl can do things hard. There is a wealth of intellectual complexity in Perl or just pattern-obsessed autism, either way it works. Perl rocks.
I suppose I should be pleased that Ruby is still fashionable. Ruby syntax is based on Perl and Larry has said that Perl OoO takes a lot from Ruby.
That argument certainly works for everything else.
This is what it actually said: User: You're in a desert, walking along in the sand, when all of a sudden you look down. Cleverbot: I'm in a desert, damn I must be really high not to notice that. User: It doesn't make any difference what desert, it's completely hypothetical. Cleverbot: Ummm random much?? User: Maybe you're fed up. Maybe you want to be by yourself. Who knows? You look down and see a tortoise, It's crawling toward you... Cleverbot: But I am allergic to torotise's, please move it away from me... User: You reach down and you flip the tortoise over on its back. Cleverbot: That would not be nice. User: The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't. Not without your help. But you're not helping. Cleverbot: The walrus. User: I mean: you're not helping! Why is that? Cleverbot: You are the liar! User: They're just questions. In answer to your query, they're written down for me. It's a test, designed to provoke an emotional response... Shall we continue? Cleverbot: Yes, let's continue. User: So why don't you help the tortoise turn over? Cleverbot: Because I don't like them. User: Do you recognize where these questions are from? Cleverbot: Yes, because I've known that information for a long time. Do you want me to tell you? User: Yes please. Cleverbot: Robert Zemeckis directed Forrest Gump. User: Wrong. These questions are from a scene in Blade Runner. Cleverbot: They are? User: Yes. Directed by Ridley Scott and starring Harrison Ford. Cleverbot: I haven't read them. Do you like scifi?
The exchanges I just had with Cleverbot suggested that he was off his meds. That thing should only pass a Turing test if we assume it has verbal symptoms of schizophrenia: disordered thought patterns, exchanging the meaning of one word for another, hearing colors, seeing smells etc/
But this example is not a tech race between criminals and police. If the network of plate-reading cameras and the app did not exist in the first place, neither criminals nor cops could (ab)use it.
I suspect that Apple would reject such an app. They won't allow the breath testing or speeding cop locator apps in the App Store will they?
Looking our your window to see if several hundred neighbors/victims are in or out is definitely harder. They can cherry pick victims with this app and not just for robbery.
you can do anything in the name of the children
keep the populace fearful of a common enemy and they will do your bidding to be safe
etc etc