Using AES256 in Python is about three lines of simple, readable code that will do the same damnable thing every time. This takes two lines of magical code that may wake up one day and decide to not even be the same class of cipher. Does this make sense to anybody? Can you explain why?
An actual virtualization layer is actually much more powerful than that. The goal is probably to deny the OS the power to circumvent the TPM and other Trusted Computing measures.
Just go get stegdetect and go to mozaiq.org, then go to http://www.paulschou.com/tools/xlate/ to demonstrate alternate expansions (can't find base phi, but I'm sure you can figure that out), and there was a presentation recently (not sure if I saw it here or on hackaday...) that talks about valid jar/gif's containing arbitrary code. Look it up, this isn't hard stuff.
You seem to be missing the point: your test is stupidly easy to meet even if you add the condition that every element be an operational construct. If you remove that, you are essentially running headfirst into steganography, polymorphic viruses, and executable ZIPs.
Just to be annoyingly literal, *any* integer of *any* size can be expressed by an infinite number of functions on the set of integers, which is a handy way of saying that your challenge can be completed trivially. It is also worth saying that any binary integer can be interpreted as a valid number in any higher base or base phi.
I was under the impression that attempts to enforce copyright between derivative works containing elements of the same original were not allowed- am I mistaken?
It is probable that within the lifetime of a given crypto implementation, it will be shown to have flaws. It is possible that within that same time period, a given cryptographic algorithm will be weakened past usefulness. It is *very* remotely possible that a non-NP restatement of a currently NP attack or distinguisher will be found in the near future. Do you care to lay odds on placing the NP-complete problems in the set of P in the near future?
Ok, lets take this a step further: lets say that the NP-complete problems are broken. Does it seem to you that very much modern software would survive a P restatement of the subset sum problem? Or that network aware applications would endure much beyond a P solution to the traveling salesman problem? I wouldn't want to bet my bottom dollar on that.
Now, to complete the chain and *finally* merit your unreasonable fear of these technologies, e need to assume that by the time that NP-completeness is broken, there are no remaining problems which are not subject to the P restatement or which are not weakened past usefulness, *and* that the attack generated is practical. Only now, at the end of an a huge chain of unbelievably long odds, stands your right to freak out about the use of crypto in modern applications. Call it irresponsible if you like, but these are useful, practical applications, without which most modern communication technologies simply cannot be allowed to operate.
So, it seems to me that in practical terms this doesn't merit the kind of vitriol you're flinging at it. There is no plausible replacement for these technologies. There is no plausible evidence that your doomsday scenario is close to materializing. There is no plausible evidence that even if it should materialize, that it will be a greater threat to the safety of extant problems than extant attacks. The bottom line is, yes- I think your doomsday scenario is roughly as likely as cashing in your dragon insurance.
At any given point in time, we may well wake up in a world where someone has proven P=NP
Do you also take out dragon raid insurance policies? Dragons haven't been proven not to exist, and it would be the height of irresponsibility not to protect your home against so grave a menace as a dragon if it should turn out to be real.
That's what paid support is for, and that's why Microsoft makes so much money selling Windows, even though we all know how much cheaper it is to run Linux/BSD.
I wonder how many end users actually wind up calling Microsoft tech support. I never hear a person say "No, don't worry about fixing my computer, I called Microsoft and it's all better now".
There's a bit of a difference between running a remote terminal session and running a grahical desktop in a web browser, but yeah, basically, this appears to be the latest reinvention of the thin client. Having said that, as I mention, there are other alternative interpretations of the limited data provided here: 1) that rather than being a true thin client, Midori merely represents a mechanism for pushing Windows into a subscription model, 2) that the goal is more to exert a greater degree of control over the end users than it is to provide improved performance, or 3) that this is aimed at the embedded and UMPC markets, with an emphasis on prefetching and cache performance rather than processing power.
Well, the traditional emphasis of services like this has been migrating the computational burden away from the client, but if their emphasis is purely on pushing a subscription model, Midori might be closer to PXE than VNC. The performance of a system like that is pretty much undisputed, but it cuts the usefulness of it too, since you need a beefier client.
In the alternative, since lag has been the big problem, they may have come up with some prefetching mechanism to ensure that a system with a good deal of RAM (easy to fit on small devices) but a sucky processor (common on small devices) connected to your service could approach the performance of systems with a faster CPU/GPU.
Another possibility is that they have simply come up with a great way to lock the hell out of a machine- remotely checksum all the elements of the system, run it all as managed code, and keep it connected so Trusted Computing works, it's pretty much a DRM wet dream.
A very close parallel to what you're talking about already exists- several of them, in fact. Ulteo, for instance, provides a web-based Linux desktop that runs OpenOffice.
If you really want to push the Office-as-a-service idea though, it would be simple enough to do it by taking something like splashtop and put in a VNC, NX, or SSH client, then connect to a grid of application publishing servers. Very simple, pretty clean, and dead cheap to develop. No need for a new OS. The connectivity requirements would be pretty steep, but they always are for systems like this, which (IMHO) is why most people don't use them.
I'm not insulting you- popularity and quality are not the same thing- but you're blaming their commercial failure on piracy when theres millions of potential customers who have never even heard of your product. The tiny number who have and have pirated it don't really cost you anything- they don't eat up your bandwidth, they don't call you for support, they don't use your media- but the millions who have never heard of it are costing you a fortune, and that's a factor well within your control.
Lets be clear here: the problem isn't that people are downloading your stuff, the problem is that nobody is paying for it. The fact that 50 people on earth have heard of any of your games has more to do with your commercial failure than the fact that 2 of them got it off of TPB.
Can't make a profit? Blame the pirates. I've heard this song before, and I still don't buy it- if enough people want what you're selling, some of them will buy it.
I have no doubt that you're a highly experienced WAMP admin, and that you know IIS on a first name basis, but if you're having trouble with chmod, its probably time to walk out of the server room.
You are correct that both software and mathematics are models for computer behaviour, but the fact that they can model (more or less) the same thing does not make them the same thing. It would be torturous (and perhaps impossible) to represent the behaviour of a nontrivial program in terms of mathematics. It would be similarly difficult (and perhaps impossible) to represent any number of relatively simple functions in terms of software. I'm not sure who to attribute it to, but there's a saying that theories can only be right or wrong, but models can be right, wrong, or irrelevant. For most of software, the mathematical model is at least irrelevant.
Now, obviously we aren't going to see eye to eye on this one, but I think we can both agree that what we're arguing over is a more or less semantic difference. Your argument is that as many of the fundamental operations of a CPU are modelled on mathematical primitives, all software is mathematical. My argument is that math was only ever a model of behaviour, and that the actual behaviour of those systems has outgrown that model. We both have points, and none of those points are of more than symbolic significance. If you want to hack it out further, I'm willing to do that, but honestly I think both of our time could be better spent. Agree to disagree?
This is an awful lot like the arguments that mathemeticians have with physicists- you probably side with the mathemeticians, saying that we live in a mathematical universe because we can model it mathematically, and I side with the physicists who say that math is useful for looking at the universe, but when the math and the universe don't line up, it isn't the universe that's wrong.
Similarly, mathematics is a *model* for computation. It isn't the computation itself. It will always be a useful tool in many areas of programming, but nontrivial code has mostly grown past the point where math is a useful model for its analysis. Like any other model, you use it when appropriate, and abandon it when it isn't.
Well, so far all you've done is to claim that software is math. I've demonstrated that there are failings in the state machine and lambda calculus models that are common in modern systems- aka that the math and the code are not lining up. If you want to provide more than an dogmatic belief as evidence, I am listening.
And yet we have excellent ways of modelling the behaivour of differential equations. I am unaware of any nontrivial program that has been successfully mathematically modelled, although I would love to be proven wrong.
Lets get some semantics out of the way: I would say that programming is mathematical if a function or set of functions can be defined in advance that will accurately model the behaviour of any program.
I argue that this condition is false as a result of, as lambda calculus calls them, side effects- interactions with a user, with the OS, with the network, and with hardware. The behaviour of those systems is effectively chaotic, rendering the machine state of even a pretty trivial program effectively indeterminable reletively few cycles into execution. While this does not inevitably preculude the possibility of modelling such software, it reduces the feasability of doing so, and, in some cases will forbid a solution in less than n functions, where n is the number of possible state transformations. In practice, I have yet to see a mathematical definition or model of any useful, nontrival program.
Lets be realistic here: there are mathematically valid ways of modeling some software, but there are innumerable behaviors in software that simply have no clean mathematical representation.
Slashdot Mirror
Using AES256 in Python is about three lines of simple, readable code that will do the same damnable thing every time. This takes two lines of magical code that may wake up one day and decide to not even be the same class of cipher. Does this make sense to anybody? Can you explain why?
An actual virtualization layer is actually much more powerful than that. The goal is probably to deny the OS the power to circumvent the TPM and other Trusted Computing measures.
Just go get stegdetect and go to mozaiq.org, then go to http://www.paulschou.com/tools/xlate/ to demonstrate alternate expansions (can't find base phi, but I'm sure you can figure that out), and there was a presentation recently (not sure if I saw it here or on hackaday...) that talks about valid jar/gif's containing arbitrary code. Look it up, this isn't hard stuff.
You seem to be missing the point: your test is stupidly easy to meet even if you add the condition that every element be an operational construct. If you remove that, you are essentially running headfirst into steganography, polymorphic viruses, and executable ZIPs.
Just to be annoyingly literal, *any* integer of *any* size can be expressed by an infinite number of functions on the set of integers, which is a handy way of saying that your challenge can be completed trivially. It is also worth saying that any binary integer can be interpreted as a valid number in any higher base or base phi.
I was under the impression that attempts to enforce copyright between derivative works containing elements of the same original were not allowed- am I mistaken?
My point was that the poster was improperly evaluating the risk of such a scenario, and making improper conclusions based on that risk. That's all.
It is probable that within the lifetime of a given crypto implementation, it will be shown to have flaws. It is possible that within that same time period, a given cryptographic algorithm will be weakened past usefulness. It is *very* remotely possible that a non-NP restatement of a currently NP attack or distinguisher will be found in the near future. Do you care to lay odds on placing the NP-complete problems in the set of P in the near future?
Ok, lets take this a step further: lets say that the NP-complete problems are broken. Does it seem to you that very much modern software would survive a P restatement of the subset sum problem? Or that network aware applications would endure much beyond a P solution to the traveling salesman problem? I wouldn't want to bet my bottom dollar on that.
Now, to complete the chain and *finally* merit your unreasonable fear of these technologies, e need to assume that by the time that NP-completeness is broken, there are no remaining problems which are not subject to the P restatement or which are not weakened past usefulness, *and* that the attack generated is practical. Only now, at the end of an a huge chain of unbelievably long odds, stands your right to freak out about the use of crypto in modern applications. Call it irresponsible if you like, but these are useful, practical applications, without which most modern communication technologies simply cannot be allowed to operate.
So, it seems to me that in practical terms this doesn't merit the kind of vitriol you're flinging at it. There is no plausible replacement for these technologies. There is no plausible evidence that your doomsday scenario is close to materializing. There is no plausible evidence that even if it should materialize, that it will be a greater threat to the safety of extant problems than extant attacks. The bottom line is, yes- I think your doomsday scenario is roughly as likely as cashing in your dragon insurance.
At any given point in time, we may well wake up in a world where someone has proven P=NP
Do you also take out dragon raid insurance policies? Dragons haven't been proven not to exist, and it would be the height of irresponsibility not to protect your home against so grave a menace as a dragon if it should turn out to be real.
That's what paid support is for, and that's why Microsoft makes so much money selling Windows, even though we all know how much cheaper it is to run Linux/BSD.
I wonder how many end users actually wind up calling Microsoft tech support. I never hear a person say "No, don't worry about fixing my computer, I called Microsoft and it's all better now".
There's a bit of a difference between running a remote terminal session and running a grahical desktop in a web browser, but yeah, basically, this appears to be the latest reinvention of the thin client. Having said that, as I mention, there are other alternative interpretations of the limited data provided here: 1) that rather than being a true thin client, Midori merely represents a mechanism for pushing Windows into a subscription model, 2) that the goal is more to exert a greater degree of control over the end users than it is to provide improved performance, or 3) that this is aimed at the embedded and UMPC markets, with an emphasis on prefetching and cache performance rather than processing power.
Don't worry, it would still be enlightened even if it disagreed with yours.
Well, the traditional emphasis of services like this has been migrating the computational burden away from the client, but if their emphasis is purely on pushing a subscription model, Midori might be closer to PXE than VNC. The performance of a system like that is pretty much undisputed, but it cuts the usefulness of it too, since you need a beefier client.
In the alternative, since lag has been the big problem, they may have come up with some prefetching mechanism to ensure that a system with a good deal of RAM (easy to fit on small devices) but a sucky processor (common on small devices) connected to your service could approach the performance of systems with a faster CPU/GPU.
Another possibility is that they have simply come up with a great way to lock the hell out of a machine- remotely checksum all the elements of the system, run it all as managed code, and keep it connected so Trusted Computing works, it's pretty much a DRM wet dream.
A very close parallel to what you're talking about already exists- several of them, in fact. Ulteo, for instance, provides a web-based Linux desktop that runs OpenOffice.
If you really want to push the Office-as-a-service idea though, it would be simple enough to do it by taking something like splashtop and put in a VNC, NX, or SSH client, then connect to a grid of application publishing servers. Very simple, pretty clean, and dead cheap to develop. No need for a new OS. The connectivity requirements would be pretty steep, but they always are for systems like this, which (IMHO) is why most people don't use them.
I came here to say this. Here's to hoping we get an explanation from the submitter.
I'm not insulting you- popularity and quality are not the same thing- but you're blaming their commercial failure on piracy when theres millions of potential customers who have never even heard of your product. The tiny number who have and have pirated it don't really cost you anything- they don't eat up your bandwidth, they don't call you for support, they don't use your media- but the millions who have never heard of it are costing you a fortune, and that's a factor well within your control.
Lets be clear here: the problem isn't that people are downloading your stuff, the problem is that nobody is paying for it. The fact that 50 people on earth have heard of any of your games has more to do with your commercial failure than the fact that 2 of them got it off of TPB.
Can't make a profit? Blame the pirates. I've heard this song before, and I still don't buy it- if enough people want what you're selling, some of them will buy it.
I have no doubt that you're a highly experienced WAMP admin, and that you know IIS on a first name basis, but if you're having trouble with chmod, its probably time to walk out of the server room.
You are correct that both software and mathematics are models for computer behaviour, but the fact that they can model (more or less) the same thing does not make them the same thing. It would be torturous (and perhaps impossible) to represent the behaviour of a nontrivial program in terms of mathematics. It would be similarly difficult (and perhaps impossible) to represent any number of relatively simple functions in terms of software. I'm not sure who to attribute it to, but there's a saying that theories can only be right or wrong, but models can be right, wrong, or irrelevant. For most of software, the mathematical model is at least irrelevant.
Now, obviously we aren't going to see eye to eye on this one, but I think we can both agree that what we're arguing over is a more or less semantic difference. Your argument is that as many of the fundamental operations of a CPU are modelled on mathematical primitives, all software is mathematical. My argument is that math was only ever a model of behaviour, and that the actual behaviour of those systems has outgrown that model. We both have points, and none of those points are of more than symbolic significance. If you want to hack it out further, I'm willing to do that, but honestly I think both of our time could be better spent. Agree to disagree?
This is an awful lot like the arguments that mathemeticians have with physicists- you probably side with the mathemeticians, saying that we live in a mathematical universe because we can model it mathematically, and I side with the physicists who say that math is useful for looking at the universe, but when the math and the universe don't line up, it isn't the universe that's wrong.
Similarly, mathematics is a *model* for computation. It isn't the computation itself. It will always be a useful tool in many areas of programming, but nontrivial code has mostly grown past the point where math is a useful model for its analysis. Like any other model, you use it when appropriate, and abandon it when it isn't.
Well, so far all you've done is to claim that software is math. I've demonstrated that there are failings in the state machine and lambda calculus models that are common in modern systems- aka that the math and the code are not lining up. If you want to provide more than an dogmatic belief as evidence, I am listening.
And yet we have excellent ways of modelling the behaivour of differential equations. I am unaware of any nontrivial program that has been successfully mathematically modelled, although I would love to be proven wrong.
Lets get some semantics out of the way: I would say that programming is mathematical if a function or set of functions can be defined in advance that will accurately model the behaviour of any program.
I argue that this condition is false as a result of, as lambda calculus calls them, side effects- interactions with a user, with the OS, with the network, and with hardware. The behaviour of those systems is effectively chaotic, rendering the machine state of even a pretty trivial program effectively indeterminable reletively few cycles into execution. While this does not inevitably preculude the possibility of modelling such software, it reduces the feasability of doing so, and, in some cases will forbid a solution in less than n functions, where n is the number of possible state transformations. In practice, I have yet to see a mathematical definition or model of any useful, nontrival program.
Lets be realistic here: there are mathematically valid ways of modeling some software, but there are innumerable behaviors in software that simply have no clean mathematical representation.