Hmm I installed it via Windows update and haven't even been able to find out what it does yet.
I suspect the one on WU is an earlier beta than you have... I have no error.log file.
It's true it doesn't find much... I've even tried deliberately infecting myself. Missed it completely... maybe I have to log in as administrator first:)
Re:So the concern is.....
on
SHA-1 Broken
·
· Score: 2, Informative
That's not what's been broken. It's impossible to get the cleartext from a hash - that's why it's called one way (there are an infinite number of cleartexts which can generate that hash, so in theory you can get it, but you've got a 1/infinity probability of picking the right one...)
SHA1 is not 'broken' in any real sense. Someone claims to have reduced the collission rate to 1 in 2**69. That's still bloody small. It'd take your PC a couple of thousand years to check the hashes to generate a collission.
Of course if you had a big enough cluster you could get that down to a year or two I guess.
Man in the middle attacks are *not* what this is about.
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 1
Following on from my own message... some of the comments in TFA have calculations.
They reckon about 2000 years for a 4Ghz processor.
That's not going to keep me awake at nights, TBH.
Re:Time to dust off your XBox
on
SHA-1 Broken
·
· Score: 1
Sure, you only have to generate 2**69 combinations now..
From TFA:
Regarding how long it should take to break... Let's assume that a single CPU can tackle 2**32 ops/sec. (About 4 billion, so assuming each op is one cycle, about 4 GHz... Gross oversimplification, but it makes the math pretty easy.) So, how long would it take to do 2**69 ops?
2**37 seconds of CPU time. About 4000 years.
So, if you have a 4000 node cluster, it ought to take about a year, which would be well within the statute of limitations, for most crimes and jurisdictions...:)
Brute forcing, using the same hypothetical cluster, would have taken over 2000 years. So, I guess today's lesson is that it isn't completely broken, but it certainly ain't secure.
Re:Broken, but not for everything...
on
SHA-1 Broken
·
· Score: 1
The slashdot article makes it sounds like you can modify any document to look like any other... the FA is more sane.
2**69 operations is still a bigger number than I can get my head around right now, and a hell of a lot bigger than I can solve in a week or two of computing with common hardware.
Sure, the NSA could maybe do it in a week. woop.
There are already an infinite number of collisions to all hash algorythims, so the probability of collission is 1. What's at stake is the time to get the collission... if it's more than a few days I don't really care. My ssh communications are safe.
Not to mention the enormously greater speed of a good newsfeed. No clicking on links and waiting and waiting- the whole thread is there to browse instantly.
You're forgetting that your newsreader probably took 15 minutes to download those threads, plus another 2000 others you're not interested in.
no ads.
Have you *used* Usenet in the last 10 years??? Many forums are completely overrun with ads.
I've had lots of conversations over google groups. It works really well - even better than my ISP (that has something like a 10 minute delay on messages).
Of course if you're talking about the old google groups of 6-12 months ago that would have taken a while to have a conversation with.
There is a perfectly good quoting system but for some bizarre reason they hid it.
Instead of hitting the reply link at the bottom, which opens a blank window, click the link at the top that gives you more options, then hit reply there. It takes you to a nice page with the quoting done properly.
Yes. And they all, without exception have beards and are of a terrorist nature.
This is Iraq. Everyone has a mustache and bears a striking resemblance to their ex leader.:)
(Joking aside there is some truth to this... if you've ever seen archived footage of old gatherings you'd get hundreds of lookalikes all together. Even today when they interview someone on TV there's an even chance they'll have the little mustache).
IIRC Jitter is the difference in speed that packets take to arrive.
If jitter gets bad you might get half a second of speech, a gap, maybe a couple of seconds, another gap, etc... Really kills the conversation.
You can combat it to an extent with buffering - all VOIP has at least some... once you get to satellite latencies though you might be talking about the difference between a packet taking 5 seconds or 6 seconds, which is hard to buffer for without a *big* buffer (the side-effect being even more latency!).
I work for a company on the other side of the globe.. couldn't do that without email. I also support an opensource project with 10,000 downloads a week... that generates 'a few' support queries:) Heck, without email I don't even think I could do that by phone without hiring a call center.
In theory it could be argued in the UK under the computer misuse act. You'd have to have some kind of click-through I expect - a straight website would be treated as public. However if you've made an effort to stop them they're illegally using resources they're not entitled to (ie. your computer, your bandwidth) so can be prosecuted.
Reading that back though you could apply that to spam itself, at a pinch... you'd need a good lawyer though.
Most of the people I know aren't geeks so don't have DSL or even internet access... I have a landline purely for DSL purposes - never gets used for anything else.
To get DSL you need a voice line... that said, voice lines are relatively cheap (about £11 a month now that they've forced everyone onto option 1...). The last mile is owned exclusively by BT but there are ways of reducing the costs by eg. routing through call18866 for analogue calls.
Cable though is available in many areas but it's patchy (eg. NTL are available on the opposite side of the road to me but not this side.. there's even an NTL green box outside my window but they say there's no planned date for connection within the mext 5 years).
(a) most lecturers didn't even use the books, and those that did gave out photocopied notes. (b) for homework purposes the library had several copies (c) half the books were written or co-written by the lecturers an they were getting a cut.
So for the second year I bought no books at all. Didn't miss them.
debian X development is glacial - often releasing packages 6-9 months after the xfree releases (it's so bad that when I found a bug in DRI in a newly installed X package last year, I reported it and immediately got back a 'why are you using an obsolete version' response!).
The xorg fork hasn't been in existence long enough for debian to notice it uet...
Where do I get this google toolbar? It's not in the default install (at least in 1.0... maybe my version is too old), not on google.com that I can find either.
3) Student walks into class. As they enter, scanner in entrance reads RFID tag and 3 others they're holding for absent friends. Computer in office down the hall has completely innacurate attendance list. Parents do not get called.
4) Student walks into class. RFID tag fails. Computer in office down the hall updates the attendance list. Parents are notified that their child is not in school even though they are.
5) Students start swapping RFID tags. Attendence list becomes a complete work of fiction.
Hmm I installed it via Windows update and haven't even been able to find out what it does yet.
:)
I suspect the one on WU is an earlier beta than you have... I have no error.log file.
It's true it doesn't find much... I've even tried deliberately infecting myself. Missed it completely... maybe I have to log in as administrator first
That's not what's been broken. It's impossible to get the cleartext from a hash - that's why it's called one way (there are an infinite number of cleartexts which can generate that hash, so in theory you can get it, but you've got a 1/infinity probability of picking the right one...)
SHA1 is not 'broken' in any real sense. Someone claims to have reduced the collission rate to 1 in 2**69. That's still bloody small. It'd take your PC a couple of thousand years to check the hashes to generate a collission.
Of course if you had a big enough cluster you could get that down to a year or two I guess.
Man in the middle attacks are *not* what this is about.
Following on from my own message... some of the comments in TFA have calculations.
They reckon about 2000 years for a 4Ghz processor.
That's not going to keep me awake at nights, TBH.
Sure, you only have to generate 2**69 combinations now..
:)
From TFA:
Regarding how long it should take to break... Let's assume that a single CPU can tackle 2**32 ops/sec. (About 4 billion, so assuming each op is one cycle, about 4 GHz... Gross oversimplification, but it makes the math pretty easy.) So, how long would it take to do 2**69 ops?
2**37 seconds of CPU time. About 4000 years.
So, if you have a 4000 node cluster, it ought to take about a year, which would be well within the statute of limitations, for most crimes and jurisdictions...
Brute forcing, using the same hypothetical cluster, would have taken over 2000 years. So, I guess today's lesson is that it isn't completely broken, but it certainly ain't secure.
The slashdot article makes it sounds like you can modify any document to look like any other... the FA is more sane.
2**69 operations is still a bigger number than I can get my head around right now, and a hell of a lot bigger than I can solve in a week or two of computing with common hardware.
Sure, the NSA could maybe do it in a week. woop.
There are already an infinite number of collisions to all hash algorythims, so the probability of collission is 1. What's at stake is the time to get the collission... if it's more than a few days I don't really care. My ssh communications are safe.
Not to mention the enormously greater speed of a good newsfeed. No clicking on links and waiting and waiting- the whole thread is there to browse instantly.
You're forgetting that your newsreader probably took 15 minutes to download those threads, plus another 2000 others you're not interested in.
no ads.
Have you *used* Usenet in the last 10 years??? Many forums are completely overrun with ads.
Just pure text love.
Whatever turns you on I guess..
I've had lots of conversations over google groups. It works really well - even better than my ISP (that has something like a 10 minute delay on messages).
Of course if you're talking about the old google groups of 6-12 months ago that would have taken a while to have a conversation with.
If they'd add reply quoted, I'd probably stick with it
It's there already... has been from the start.
Use 'show options' -> 'reply'.
There is a perfectly good quoting system but for some bizarre reason they hid it.
Instead of hitting the reply link at the bottom, which opens a blank window, click the link at the top that gives you more options, then hit reply there. It takes you to a nice page with the quoting done properly.
Yes. And they all, without exception have beards and are of a terrorist nature.
:)
This is Iraq. Everyone has a mustache and bears a striking resemblance to their ex leader.
(Joking aside there is some truth to this... if you've ever seen archived footage of old gatherings you'd get hundreds of lookalikes all together. Even today when they interview someone on TV there's an even chance they'll have the little mustache).
IIRC Jitter is the difference in speed that packets take to arrive.
If jitter gets bad you might get half a second of speech, a gap, maybe a couple of seconds, another gap, etc... Really kills the conversation.
You can combat it to an extent with buffering - all VOIP has at least some... once you get to satellite latencies though you might be talking about the difference between a packet taking 5 seconds or 6 seconds, which is hard to buffer for without a *big* buffer (the side-effect being even more latency!).
It depends on what you use it for.
:) Heck, without email I don't even think I could do that by phone without hiring a call center.
I work for a company on the other side of the globe.. couldn't do that without email. I also support an opensource project with 10,000 downloads a week... that generates 'a few' support queries
In theory it could be argued in the UK under the computer misuse act. You'd have to have some kind of click-through I expect - a straight website would be treated as public. However if you've made an effort to stop them they're illegally using resources they're not entitled to (ie. your computer, your bandwidth) so can be prosecuted.
Reading that back though you could apply that to spam itself, at a pinch... you'd need a good lawyer though.
I didn't say *I* didn't.
Most of the people I know aren't geeks so don't have DSL or even internet access... I have a landline purely for DSL purposes - never gets used for anything else.
That's kinda true in the UK.
To get DSL you need a voice line... that said, voice lines are relatively cheap (about £11 a month now that they've forced everyone onto option 1...). The last mile is owned exclusively by BT but there are ways of reducing the costs by eg. routing through call18866 for analogue calls.
Cable though is available in many areas but it's patchy (eg. NTL are available on the opposite side of the road to me but not this side.. there's even an NTL green box outside my window but they say there's no planned date for connection within the mext 5 years).
I spent a fortune in books in my first year.
By the second year I'd wised up that:
(a) most lecturers didn't even use the books, and those that did gave out photocopied notes.
(b) for homework purposes the library had several copies
(c) half the books were written or co-written by the lecturers an they were getting a cut.
So for the second year I bought no books at all. Didn't miss them.
Heck, it's so old that many people have since graduated and still don't have a landline.
Of the people I know, maybe 20% have a land line of some form. Everyone else uses mobile exclusively now.
Works absolutely fine on Firefox 1.0/Win32.
This isn't exactly a fast box either...
debian X development is glacial - often releasing packages 6-9 months after the xfree releases (it's so bad that when I found a bug in DRI in a newly installed X package last year, I reported it and immediately got back a 'why are you using an obsolete version' response!).
The xorg fork hasn't been in existence long enough for debian to notice it uet...
This article has really got me interested now.
Where do I get this google toolbar? It's not in the default install (at least in 1.0... maybe my version is too old), not on google.com that I can find either.
TBH I thought that was hardwired to mozilla.org... there doesn't seem to be a pref to change it.
I have google as my homepage anyway so I don't need that button.... search is just home/click/type.
Firefox has a search bar by default?
Where??? I can't find it on mine.
No problem if the parents did the microwaving... they know their child wasn't really absent so they can have a good laugh at the schools' expense.
:)
Me, I'd walk around with an RFID zapper nuking other peoples' cards
3) Student walks into class. As they enter, scanner in entrance reads RFID tag and 3 others they're holding for absent friends. Computer in office down the hall has completely innacurate attendance list. Parents do not get called.
4) Student walks into class. RFID tag fails. Computer in office down the hall updates the attendance list. Parents are notified that their child is not in school even though they are.
5) Students start swapping RFID tags. Attendence list becomes a complete work of fiction.
I have it installed and it has caught *nothing* since being installed... luckily AVG is up to scratch.
.bat files and it has never fired on one of those... why would it? Whoever heard of a .bat virus?
I routinely run