Re:Pigeon-hole principle
on
SHA-1 Broken
·
· Score: 1
As you say, it is of course possible (without knowing the details of the specific hash algorithm) that there is a certain hash value (or more than one) which has no collisions.
What I should have said was simply that the pidgeon hole principle shows us that there must be an infinite number of collisions (given an inifinite number of source strings) however it of course doesn't tell us where in the set of all possible hashes the collisions are likely to occur.
Wow, cook for once in your life man, not only will you be healthier but it will be cheaper too!
Re:Info on what exactly SHA-1 is ...
on
SHA-1 Broken
·
· Score: 4, Informative
The concept is not the same.
Encryption is not in any way hashing, and hashing is not in any way encryption.
A one way hash cannot in any way be decrypted, thats why it's called one way. It's physically not possible.
A hash is not used to "protect" the data you are hashing, it's used to identify the data you are hashing. You can take an unhashed value, hash it and compare it with another hashed value to identify that the two original values were very likely the same value
The strength of a hash is simply how likely it is that the two values were the same value, or conversly, how likely it is that they were not the same value.
When two distinct values have the same resultant hash, we call that a "collision". It should be obvious that there are an infinite number of collisions for a fixed-length hash value - pidgeon hole principle shows you that.
And SHA1 is not "broken", not yet, to be "broken" we would have to have a feasible way to generate a string of data that when hashed produces the same hash as an *already known* hash.
If we could generate collisions for KNOWN hashes, in a reasonable time, then we could use those collisions to falsly identify to systems that use a hash of the original (still unknown) value.
Why do we need another embedded browser language? Javascript is just fine, it's a powerful (prototype based) dynamic object oriented language, with some pretty nice features.
Unfortnately it has a bad reputation, but that's only because people equate browser incompatabilities to Javascript, but Javascript (ECMAScript to be proper) as a language is quite fine indeed.
Thats going back a ways now:) But seriously, I don't think many people (me included) remember back past FS4, even fewer past FS3, and by then MS was already producing it (with subLogic, and later BAO).
I'd say we're entering phase 3 now, as demonstrated by SpaceShipOne. It's simple, cheap, and reliable technology.
And it has very little to actually getting to space. High altitude aircraft, yes, it was a good step (was, it won't be flown again), and it has some interesting design features, but it falls short of even LEO by a very long way, which is fine, it wasn't intended for getting anywhere close to orbit.
I think what is more interesting now is inflatable habitats, THEY are basic, cheap and reliable, or should be in the reasonably near future. Combine with space elevators (also basic, reliable and probably cheap in the reasonable future), and we have a really interesting platform.
Meigs was a small airport in Chicago. However it was very popular due to it's position, and known world wide as it was the default airport in MS Flightsim for as long as I can remember.
The Mayor didn't like Meigs much, and wanted to get rid of it. But there was, understandably, large opposition to that.
So, he decided that the only way to get what he wanted was to literally go in to Meigs in the middle of the night with bulldozers and destroy the runway.
Many aircraft were stranded at Meigs most (or maybe all) departed using the main Taxiway as a runway.
The FAA wasn't notified of the closure. Presumadly aircraft turning up expecting to land at Meigs were somewhat surprised to find it was no longer servicable.
I found out the outlets in my room are not grounded (the voltage regulators Ground Fault Indicator came on, so I plugged in a cheap AC circuit tester, it indicated OPEN GROUND, so I used a multimeter to confirm it, yep not grounded.. argh!)
Just a couple of weeks ago a PC nearly burned down the house. I was out the front and heard frantic calls, came round the back to find smoke pouring out one of the windows, I mean thick acrid black smoke. Neighbours had already called the fire brigade.
Anyway they arrived in a couple of minutes and went inside and put it out. Luckily there were two windows open and a good breeze blowing in one and our the other so the damage was minimal (all smoke went straight out the window).
The PC was completetly incinerated though, I've never seena anything like it, the hard drive was actually warped from the heat generated in that steel case. The plastic fascia was gone, just, not there any more, the motherboard, well what loosly resembled one was pretty much ash. The solder holding the ICs obviously melted and they had popped off etc. Luckily, it wasn't my PC, and it was only an old P200 or something, or I'd be up shit creek.
It burned right through the carpet immediatly under the case, and burnt a good impression into the wooden floor beneath. Burnt a chunk out of a couch next to it, but it was caught early enough that there wasn't really any other damage.
I can't see what caused it, the heat generated inside the case was incredibly intense, basically anything inside it that could vaporise, did.
Let it be a warning - install smoke alarms near your PC if you leave it running unattended.
It might be better to do it as a streaming service, with commercials that can be dynamically stripped in. So even if you're watching last week's episodes, you're seeing today's ADs.
No it would be better to do it with a custom player which downloads and inserts current ads into the already downloaded file - when a network connection is available (otherwise uses some already downloaded ones).
It has the capability to be a *much* better advertising medium than television - highly targetted, and with click-to-open-website it would generate real and immediate results (actually, "click to open after I'm done watching" would be even better).
The problem however is ensuring that the users just don't rip the (assumedly custom) codec into a player that doesn't display the ads, or hack the player to bypass ads.
That said, if the ads were unobtrusive, I don't think it'd be a problem, say one 30 second ad at the start of the video, if you are interested click to register your interest and when the video the player opens the website of the advertiser.
I don't think people would go to a lot of trouble to remove that - I'd much rather just go download from the production company seeded BT and watch the 30 second, targetted to my interests and location - theres a pretty good chance I'd find the ads interesting too.
Actually, it's a link to pypal.com (which would be encoded however domains encode unicode using ascii, I can't remember now) it just so happens that the cyrillic "a" and typical latin "a" are identical, at least in the font I'm looking at.
You should try for a job at The Warehouse they pay better than your hourly rates for PHP you know.
Yea, and I'm sure they'd love to have me choose when I want to work, what I want to wear (if anything), if I want to go have a bit of a kip for half an hour, and pick and choose from the jobs.
If you want variables, use a language designed to work with variables to dynamically generate CSS. You have plenty of choices: PHP, ASP, Perl, Parrot, etc. ad nauseum.
Why introduce a whole new language into the mix if all you want to do is set some constants that can be used in your CSS.
obviously that is trivial, but there are a number of occasions I have come across where it would be useful, mainly with colors which you wish to remain consistent but use in different areas (you might want to use it as a background somewhere, and a border somewhere else, currently the only way to do that with plain-old-css is to hard code the color information in several different rules).
It almost sounds like you actually LIKED <FONT> etc.
Why, on earth, would anybody put themselves through the pain of having a tatoo, of C CODE?! This just seems completely absurd.
I mean, tattoos in and of themselves can be beautiful works of art. Or a badge of recognition. Or a tradition handed down for millenia.
But C CODE?! I can just imagine conversations this guy might have.
"Hey dude, I got me a tattoo last week. It's sooo cool, wanna see." "Oh yea, lets have a look."
[rolls up his sleeve]
"Umm, so, it's what, an homage to Nazi death camps? Thats not cool man, why would you do that." "NO no, look can't you see, it's C CODE, more than that it's OBFUSCATED, so cool man." "Oh, right, yes, of course, how silly of me."
[quickly moving away from the looney]
I guess his only saving grace is that tatoo removal is now more or less (painfully I believe) possible. So it's not necessarily a permanant marker of being an absolute idiot.
Except that by local user exploit they mean that it requires a user account, not that you have to be phsyically at the machine.
There are many ways to get access to a user account through for example holes in a dynamic web site (PHP etc), once you'v got that you're half way to root.
Yes, this is a serious bug, but it will be fixed in a relativly short time. I imagine that would be true if this had been Microsoft as well, although thier definition of "short time" may be somewhat longer than we would want.
So the crap they're brodcasting into the USA is deliberately dumbed down.
Networks will only broadcast what the public want.
When it comes to news, from what the outside world sees, the American public (the majority thereof, which I suspect (nay, hope) does not include yourself, or many/.ers) happens to want dumbed down news.
They want flag waving sound bites, heaven knows they don't want to be made to think about stuff, or told stuff about "some foreigners who don't live here", just force fed the top stories of the day before their limited attention span has expired.
First it looks huge, I'm sure they could make it much smaller if they tried. When I'm going anywhere I can easily through my Esprit into a pocket (it's about the size of a pack of cigarettes (not that I smoke)), I don't think I could do that with this.
Second, no lancer built in, this renders it much less useful as without a lancer built in I'm much less likely to test.
Third, the screen looks vulnerable (admittedly, no more so than a cell phone's or PDA's), the Esprit has a slding cover that both protects the screen and presents the test strip.
And third, it seems it can only be used with Novo Nordisk vials, I'd want a version that could take both Novo Nordisk and Eli Lilly vials and maybe even have blank vials available you can self-fill from 10ml bottles with a syringe for maximum future-proofing.
mark the man funny for his subtle self deprecating humor:)
Second, I think blogs are simply taking the place of diaries ("journals" to the yanks I believe), that they are public is merely an adaptation, I don't think the typical "blogger" expects (m)any people to read them, it's more an outlet for thier own conciousness.
Of course this raises the question of what IS happening to the age-old art of diary/journal keeping, do teenage girls still keep diaries for thier most inane...err..intimate thoughts, do scientists keep journals of thier thought processes on paper or are they too moving to electronic means, even "scientific blogs"?
I imagine there are many worthwhile "blogs" beeing kept at places such as livejournal which may not be of interest now but would be in 50 years, will they still be around in 50 years, how can we, or even, should we preserve these somehow?
And, being the voyeuristic, and inquisitive species that we are, humans do tend to like to read about other peoples lives, even if they aren't really all that interesting. Often times I've found myself reading about somebodies day at work, or trip to the shops, or family argument, or some other mundane detail of thier life at some blog I've stumbled across.
It's almost addictive.
PS: I don't keep a blog, I'm neither disciplined, nor interesting enough to do so.
T1 for, um, a decade or so. I use an Esprit Glucometer (now sold as an Ascencia I think), lispro (Humalog) with a pen, and currently glargine (Lantus) with a syringe.
I don't mind testing at all, it's no problem, but y'see I still don't do it. The reason is I'm lazy, and forgetful. What I really need is an insulin delivery device combined with a glucose measuring device and a lancing ("finger prick") device.
They don't have to interact with each other, just as long as when I have the insulin pen in my hand, I also have the glucose meter and lancer in my hand.
That way, when i go to take some insulin, I can't help but pick up the meter at the same time and if I do that I am much more likely to test, right at the time I should be testing (before meals).
The meter should of course be cartrige (multi-strip) capable, the Esprit takes ten strips at a time and is near a perfect meter for me.
Slashdot Mirror
As you say, it is of course possible (without knowing the details of the specific hash algorithm) that there is a certain hash value (or more than one) which has no collisions.
What I should have said was simply that the pidgeon hole principle shows us that there must be an infinite number of collisions (given an inifinite number of source strings) however it of course doesn't tell us where in the set of all possible hashes the collisions are likely to occur.
...even with a dozen or so orders a month.
Wow, cook for once in your life man, not only will you be healthier but it will be cheaper too!
The concept is not the same.
Encryption is not in any way hashing, and hashing is not in any way encryption.
A one way hash cannot in any way be decrypted, thats why it's called one way. It's physically not possible.
A hash is not used to "protect" the data you are hashing, it's used to identify the data you are hashing. You can take an unhashed value, hash it and compare it with another hashed value to identify that the two original values were very likely the same value
The strength of a hash is simply how likely it is that the two values were the same value, or conversly, how likely it is that they were not the same value.
When two distinct values have the same resultant hash, we call that a "collision". It should be obvious that there are an infinite number of collisions for a fixed-length hash value - pidgeon hole principle shows you that.
And SHA1 is not "broken", not yet, to be "broken" we would have to have a feasible way to generate a string of data that when hashed produces the same hash as an *already known* hash.
If we could generate collisions for KNOWN hashes, in a reasonable time, then we could use those collisions to falsly identify to systems that use a hash of the original (still unknown) value.
Why do we need another embedded browser language? Javascript is just fine, it's a powerful (prototype based) dynamic object oriented language, with some pretty nice features.
Unfortnately it has a bad reputation, but that's only because people equate browser incompatabilities to Javascript, but Javascript (ECMAScript to be proper) as a language is quite fine indeed.
Thats going back a ways now :) But seriously, I don't think many people (me included) remember back past FS4, even fewer past FS3, and by then MS was already producing it (with subLogic, and later BAO).
I'd say we're entering phase 3 now, as demonstrated by SpaceShipOne. It's simple, cheap, and reliable technology.
And it has very little to actually getting to space. High altitude aircraft, yes, it was a good step (was, it won't be flown again), and it has some interesting design features, but it falls short of even LEO by a very long way, which is fine, it wasn't intended for getting anywhere close to orbit.
I think what is more interesting now is inflatable habitats, THEY are basic, cheap and reliable, or should be in the reasonably near future. Combine with space elevators (also basic, reliable and probably cheap in the reasonable future), and we have a really interesting platform.
Meigs was a small airport in Chicago. However it was very popular due to it's position, and known world wide as it was the default airport in MS Flightsim for as long as I can remember.
The Mayor didn't like Meigs much, and wanted to get rid of it. But there was, understandably, large opposition to that.
So, he decided that the only way to get what he wanted was to literally go in to Meigs in the middle of the night with bulldozers and destroy the runway.
Many aircraft were stranded at Meigs most (or maybe all) departed using the main Taxiway as a runway.
The FAA wasn't notified of the closure. Presumadly aircraft turning up expecting to land at Meigs were somewhat surprised to find it was no longer servicable.
javascript might be a toy
Javascript is no toy. It's a really flexible and powerful language which I find very well suited to event-driven systems.
As you say though, the runtime environment is more important and unfortunatly JS is for the most part (but not always) limited to running in browsers.
I found out the outlets in my room are not grounded (the voltage regulators Ground Fault Indicator came on, so I plugged in a cheap AC circuit tester, it indicated OPEN GROUND, so I used a multimeter to confirm it, yep not grounded.. argh!)
Jeeez, surely that's not legal?!
Just a couple of weeks ago a PC nearly burned down the house. I was out the front and heard frantic calls, came round the back to find smoke pouring out one of the windows, I mean thick acrid black smoke. Neighbours had already called the fire brigade.
Anyway they arrived in a couple of minutes and went inside and put it out. Luckily there were two windows open and a good breeze blowing in one and our the other so the damage was minimal (all smoke went straight out the window).
The PC was completetly incinerated though, I've never seena anything like it, the hard drive was actually warped from the heat generated in that steel case. The plastic fascia was gone, just, not there any more, the motherboard, well what loosly resembled one was pretty much ash. The solder holding the ICs obviously melted and they had popped off etc. Luckily, it wasn't my PC, and it was only an old P200 or something, or I'd be up shit creek.
It burned right through the carpet immediatly under the case, and burnt a good impression into the wooden floor beneath. Burnt a chunk out of a couch next to it, but it was caught early enough that there wasn't really any other damage.
I can't see what caused it, the heat generated inside the case was incredibly intense, basically anything inside it that could vaporise, did.
Let it be a warning - install smoke alarms near your PC if you leave it running unattended.
It might be better to do it as a streaming service, with commercials that can be dynamically stripped in. So even if you're watching last week's episodes, you're seeing today's ADs.
No it would be better to do it with a custom player which downloads and inserts current ads into the already downloaded file - when a network connection is available (otherwise uses some already downloaded ones).
It has the capability to be a *much* better advertising medium than television - highly targetted, and with click-to-open-website it would generate real and immediate results (actually, "click to open after I'm done watching" would be even better).
The problem however is ensuring that the users just don't rip the (assumedly custom) codec into a player that doesn't display the ads, or hack the player to bypass ads.
That said, if the ads were unobtrusive, I don't think it'd be a problem, say one 30 second ad at the start of the video, if you are interested click to register your interest and when the video the player opens the website of the advertiser.
I don't think people would go to a lot of trouble to remove that - I'd much rather just go download from the production company seeded BT and watch the 30 second, targetted to my interests and location - theres a pretty good chance I'd find the ads interesting too.
pypal.com
Actually, it's a link to pypal.com (which would be encoded however domains encode unicode using ascii, I can't remember now) it just so happens that the cyrillic "a" and typical latin "a" are identical, at least in the font I'm looking at.
Dunno about you, but my car doesn't blow itself to smithereens every 100 outings or so.
You should try for a job at The Warehouse they pay better than your hourly rates for PHP you know.
Yea, and I'm sure they'd love to have me choose when I want to work, what I want to wear (if anything), if I want to go have a bit of a kip for half an hour, and pick and choose from the jobs.
I do well enough thank you very much.
Silly me, I should have got some PHP code, then I would have been all l33t like you!
I'm not the one who had an insanely stupid pigment inserted into thier skin.
christchurch as soon as I could walk
And Christchurch breathed a collective sigh of relief.
But you were probably too busy with your "back end" eh. BTW, "University" is spelt like that. Most people who have been to one know that.
Not only does your branding remind one of Nazi death camps, but it appears you are also a spelling nazi, quelle coincidence.
Little hint for you -- nobody gives a crap. "Correct Spelling" is a relativly new concept in the scheme of things.
Yes, the procedure for creating the shroud as being a photographic image has been duplicated successfully.
Near the bottom http://www.petech.ac.za/shroud/isthe.htm
Why introduce a whole new language into the mix if all you want to do is set some constants that can be used in your CSS.
Things likeso you can doobviously that is trivial, but there are a number of occasions I have come across where it would be useful, mainly with colors which you wish to remain consistent but use in different areas (you might want to use it as a background somewhere, and a border somewhere else, currently the only way to do that with plain-old-css is to hard code the color information in several different rules).
It almost sounds like you actually LIKED <FONT> etc.
Why, on earth, would anybody put themselves through the pain of having a tatoo, of C CODE?! This just seems completely absurd.
I mean, tattoos in and of themselves can be beautiful works of art. Or a badge of recognition. Or a tradition handed down for millenia.
But C CODE?! I can just imagine conversations this guy might have.
"Hey dude, I got me a tattoo last week. It's sooo cool, wanna see."
"Oh yea, lets have a look."
[rolls up his sleeve]
"Umm, so, it's what, an homage to Nazi death camps? Thats not cool man, why would you do that."
"NO no, look can't you see, it's C CODE, more than that it's OBFUSCATED, so cool man."
"Oh, right, yes, of course, how silly of me."
[quickly moving away from the looney]
I guess his only saving grace is that tatoo removal is now more or less (painfully I believe) possible. So it's not necessarily a permanant marker of being an absolute idiot.
apt-get install package
Except that by local user exploit they mean that it requires a user account, not that you have to be phsyically at the machine.
There are many ways to get access to a user account through for example holes in a dynamic web site (PHP etc), once you'v got that you're half way to root.
Yes, this is a serious bug, but it will be fixed in a relativly short time. I imagine that would be true if this had been Microsoft as well, although thier definition of "short time" may be somewhat longer than we would want.
So the crap they're brodcasting into the USA is deliberately dumbed down.
/.ers) happens to want dumbed down news.
Networks will only broadcast what the public want.
When it comes to news, from what the outside world sees, the American public (the majority thereof, which I suspect (nay, hope) does not include yourself, or many
They want flag waving sound bites, heaven knows they don't want to be made to think about stuff, or told stuff about "some foreigners who don't live here", just force fed the top stories of the day before their limited attention span has expired.
Mod me flamebait if you like, but it's the truth.
Interesting, but I see a few problems
First it looks huge, I'm sure they could make it much smaller if they tried. When I'm going anywhere I can easily through my Esprit into a pocket (it's about the size of a pack of cigarettes (not that I smoke)), I don't think I could do that with this.
Second, no lancer built in, this renders it much less useful as without a lancer built in I'm much less likely to test.
Third, the screen looks vulnerable (admittedly, no more so than a cell phone's or PDA's), the Esprit has a slding cover that both protects the screen and presents the test strip.
And third, it seems it can only be used with Novo Nordisk vials, I'd want a version that could take both Novo Nordisk and Eli Lilly vials and maybe even have blank vials available you can self-fill from 10ml bottles with a syringe for maximum future-proofing.
First, mods
:)
Check me out on http://www.livejournal.com
mark the man funny for his subtle self deprecating humor
Second, I think blogs are simply taking the place of diaries ("journals" to the yanks I believe), that they are public is merely an adaptation, I don't think the typical "blogger" expects (m)any people to read them, it's more an outlet for thier own conciousness.
Of course this raises the question of what IS happening to the age-old art of diary/journal keeping, do teenage girls still keep diaries for thier most inane...err..intimate thoughts, do scientists keep journals of thier thought processes on paper or are they too moving to electronic means, even "scientific blogs"?
I imagine there are many worthwhile "blogs" beeing kept at places such as livejournal which may not be of interest now but would be in 50 years, will they still be around in 50 years, how can we, or even, should we preserve these somehow?
And, being the voyeuristic, and inquisitive species that we are, humans do tend to like to read about other peoples lives, even if they aren't really all that interesting. Often times I've found myself reading about somebodies day at work, or trip to the shops, or family argument, or some other mundane detail of thier life at some blog I've stumbled across.
It's almost addictive.
PS: I don't keep a blog, I'm neither disciplined, nor interesting enough to do so.
T1 for, um, a decade or so. I use an Esprit Glucometer (now sold as an Ascencia I think), lispro (Humalog) with a pen, and currently glargine (Lantus) with a syringe. I don't mind testing at all, it's no problem, but y'see I still don't do it. The reason is I'm lazy, and forgetful. What I really need is an insulin delivery device combined with a glucose measuring device and a lancing ("finger prick") device. They don't have to interact with each other, just as long as when I have the insulin pen in my hand, I also have the glucose meter and lancer in my hand. That way, when i go to take some insulin, I can't help but pick up the meter at the same time and if I do that I am much more likely to test, right at the time I should be testing (before meals). The meter should of course be cartrige (multi-strip) capable, the Esprit takes ten strips at a time and is near a perfect meter for me.
I don't see it would be difficult to parse, infact it's a pretty simple markup in all, certainly not difficult to write.