If the userbase wants to use floppies, it's up to us to educate and assist them in this process, not prevent them from doing it.
What if they wanted to use 5 1/4" disks? At some point, you draw a line between somewhat inconvenient requests and outright ridiculousness.
I haven't used a floppy disk in nearly four years. At least to me, the idea of using such a fragile, obsolete medium to store information is ridiculous. Yes, you exist to serve the userbase, but in this age of USB keychain storage, CD-RW, and network shares, are you really doing them a service by perpetuating the use of floppy disks?
The zero-G condition occurs when the aircraft is moving ballistically. Whether the plane is ascending or descending is irrelevant. All that matters is that it is moving in a parabolic trajectory consistent with the acceleration of gravity.
The reason the occupants of the plane experience this as a zero-G condition is because they are in freefall. They are moving precisely as they would be moving if they were falling toward the earth without air resistance. You need a plane to accomplish this, because in reality you cannot neglect the air resistance.
You can experience the same condition briefly, simply by jumping in the air. During the time you are in the air, you are in a weighless condition.
[...] it was no harder than using a disk. But most people just ignored us.
Why not simply remove the floppy drives from the workstations in the labs? If you don't want them using floppies, make it impossible for them to do so.
If they really, really want something on disk, you could have a special workstation with a floppy drive for that purpose.
The only way your files get bonked is if you use a pirated number.
What if you entered one by accident, by making a typo? What if a bug in the program caused it to believe that the number was a pirated code when in fact it wasn't?
As far as the "presumption of innocence goes, think of it as getting a traffic ticket by a photo-red camera....:)
What if the camera was malfunctioning? What if another driver triggered it and moved out of the way and you got photographed instead of the offender? What if somebody hacked the camera to issue tickets to random drivers?
As soon as you remove "due process" from the justice system we fall back to something resembling a witch-hunt.
It's kind of funny to me when people who know absolutely nothing about the state of physics are so willing to criticize physicists.
I didn't intend it as a criticism of physicists. I do know more than "absolutely nothing" about physics, albeit in fields of physics other than relativity. It appears I remembered the equation correctly but got the name of the variable wrong. Sorry.
That the gamma factor is imaginary is completely fine.
I don't see why you can just ignore it. An imaginary gamma would imply an imaginary length, as well as imaginary energy and momentum. I'm hard-pressed to define the physical implications of that, and thus continue to believe that FTL motion is impossible from both physical and mathematical standpoints. Please correct me if you have other information...
The expectation really is "works as advertised when used properly", and I don't count cracking as using a piece of software properly.
Sure, but there's a big difference between a piece of software/material object which simply does not operate when used incorrectly, and something which was intentionally designed to be malicious when used incorrectly.
Imagine if Intel started making processors which exploded when they were overclocked, destroying everything in your computer. That's the closest physical analogy I can imagine right now. I think it's pretty obvious that such a thing would be wrong.
Of course, all the witnesses involved in a conviction would be providing evidence against themselves for a more serious crime, software piracy
Are you sure that simply typing in an unauthorized serial code is "piracy?" The program is freely downloadable. The fact that the user has possession of the software is not, in and of itself, a copyright violation, since the author has explicitly designed his business model this way.
I know of no instance where a person was convicted of copyright violation merely because they entered an incorrect code into a computer program. IMHO, it would be absurd.
As for software piracy being more "serious" than the malicious destruction of data, I must ask: are you kidding?
Not to mention that the copyright violation would certainly fall into the civil category, not the criminal. OTOH, what this author did is something like a criminal misuse of computer resources with nameable damages. Thus, the case against the author could be prosecuted without a plaintiff, but in order for the author to sue the pirates he would need a lawyer. That would be difficult, considering he'd be in a jail cell.
A bunch of people coming forward with sworn statements to the effect that the software they stole did bad things to their computer could change that, I suppose...
I'd still like you to explain how typing an unauthorized serial code into a dialog box is even remotely like theft. I'm not even sure that it's equivalent to copyright violation.
You STOLE a peice of property that you're supposed to be buying a license for and you decided to use it without paying. Therefore, you're a thief and should be punished!
So, you are advocating vigilante justice without the presumption of innocence?
I suppose you also think that if somebody steals your wallet, you have the right to chase them down and shoot them? No indictment, no trial, no judge nor jury, no conviction, no sentencing hearing... Straight to execution!
If its in the EULA they can do anything they want and have the arse covered.
Not necessarily true. You can put anything you want into a contract, but not everything is enforceable. Suppose you leased a car, and the lease agreement had a clause saying "If you drive this car more than 15,000 miles per year, we reserve the right to take custody of your children." Such a clause is not legally enforceable.
Whether or not a "bomb clause" in an EULA is enforceable is not clear, but it's important to note that just because something is written in an agreement does not necessarily make it legally binding.
I cannot see any reason why this shouldn't be classified as a trojan. The program does something vastly different than its expected purpose. The fact that the user was attempting to use the program without a valid serial number is immaterial.
The author wrote and distributed a program with malicious intent and should be convicted of whichever computer-related offenses are most appropriate. Perhaps probation would be preferable to jail time, but I see no way to excuse this person's behavior.
Any software developer with even a remote sense of reality realized long, long ago that preventing piracy is impossible. Make a product that people are willing to pay for, and they will pay for it. That's the best you can do.
Bear in mind that FTL also means time travel; the two are equivalent.
No they aren't, and I don't know where people get this idea.
In special relativity, there is a factor called "beta" which is used to calculate time dilation, spacial contraction, relativistic momentum, etc. It's defined like this:
beta = 1 / sqrt(1 - v^2/c^2)
Where v is your velocity as measured w.r.t. some chosen reference frame.
Now, think about time travel. This would be equivalent to a negative time dilation factor (time moving "backwards"). In other words, a negative beta. People seem to just assume that, if v > c, then beta is negative. But it isn't.
If v > c, then the term (1 - v^2/c^2) is negative. What's the square root of a negative number? It's imaginary. So, if you move faster than light, the beta factor becomes imaginary. You aren't moving backward in time -- you are moving in imaginary time.
To sum up, traveling faster than light doesn't make you go backward in time. It's a meaningless concept. Unless, of course, you are willing to accept the existence of "imaginary time."
If you can't describe the environment in which an experiment can be reproduced reliably, you don't understand the phenominon properly enough to be calling press conferences.
Correct, but why should we abandon research on the topic just because a couple of bozos jumped the gun and didn't do the science the appropriate way? Seems childish, to me.
Well, you see... The synchromorphic exogenesis of the tertiary modulation components fell well outside acceptable parameters. This wasn't caught early on because they only examined the secondary modulation components.
Basically, it was just a magma displacement. Or maybe whales humping. Take your pick.
Yes, it COULD just be a case of "Oh wow!... Oh no, wait, nothing". Or it could be an outright coverup. I suspect it's something in between
It's a "coverup" in the sense of covering up their own embarrassment at getting so excited over something which turned out to be nothing at all.
I can envision the scene in my mind right now... An intern or maybe a younger, less experienced scientist sees this signal, gets excited, and everybody starts buzzing about it. Someone eagerly leaks some information to the press, but sooner or later, cooler heads prevail. Now, with a little egg on their faces, they just want everyone to cool it and go away.
I don't think there's anything particularly suspicious here at all. People jump the gun all the time.
From what I have read, it's a "marginally regular" white noise. That is, it has a shape that's somewhat unusual to find in noise, but not really impossible, just low probability.
Consider than an efficiently modulated signal (full use of the available spectrum and SNR) will be indistinguishable from noise. The very fact that your signal looks different from noise means you need a better modulation scheme.
Now, consider that we're talking about supposedly advanced alien civilizations, here. If they are communicating with EM, it seems likely that their modulation schemes are much more advanced than ours. Thus, alien communications should be indistinguishable from noise.
So, the fact that the signal appears to have some orderly behavior seems to imply, at least for me, that it was not produced by intelligent beings -- at least, not by beings greatly more intelligent than we are. I think it's far more likely that the signal is generated by some chaotic process which rides the borderline between orderly behavior and total randomness.
My first guess would be hot electrons emitting synchrotron radiation as they move through a magnetically complex region of space.
Only the ACLU would try to pretend that posting a bunch of personal information is the same as making a political statement against the government. No wonder they're looked upon as extremist idiots.
I see. If insisting that our governmental process be carried out in public without secrets makes me an extremist, then I'll gladly wear that label.
Sorry, but I'll have no "secret delegates" in MY system of government.
What you'll end up doing is cause the government to pass laws mandating the recording of all client IP addresses. Then, if we ever lose those records, even for technical reasons (like disks failing), we could be subject to prosecution.
Please, please please... The last thing we need is more regulation on the Internet, and your suggestion just makes that regulation much more likely.
Not to mention the extreme idiocy (on a technical level) of having no logs of who your web users are. Someone cracks your website, and you're going to track them how, again?
All you're suggesting is to ignore the issue until it becomes an issue or not.
No, what he's saying is don't blow all your resources trying to "fix" a problem and then have it turn out that your "fix" didn't even work. Now there's a huge problem and no money left to fix it, because you got anxious and blew all your resources before you understood what the hell you were doing.
When there are collisions in the algorithm, the checksum cannot prove, beyond a reasonable doubt, that the data has not been tampered with.
It could never prove it in the first place. Prove it beyond a reasonable doubt maybe, but never really prove it.
However, if the MD5 sum is different, then you certainly have proven that the data DID change. The MD5 can prove the data changed. It cannot prove it did not change.
Similarly, DNA evidence is able to rule out suspects, but it cannot prove that a person committed a crime. This is why DNA expert witnesses say something like, "The probability that the defendent did not commit this crime is two hundred million to one." However, if your DNA doesn't match that found at the crime scene, you are instantly exonerated.
Just to give you back a little bit of a warm-fuzzy feeling about RSA strength, realize that every bit added doubles the brute-force keyspace.
Not true for RSA. Remember that an RSA key is constructed from an extremely large number with exactly two prime factors. Not just any number is a valid RSA key. There are actually much, much fewer than 2^1024 possible 1024-bit RSA keys.
For symmetric key cryptosystems where all possible values are valid keys, then it is true that each extra key bit doubles the average brute force effort. But definitely not for RSA.
In this case, wouldn't it be easy for anyone with access to the passwd file to generate passwords that match the hashes (collisions) allowing them to login to accounts which were previously thought secure?
No. The new technique allows you to construct two pieces of data which have the same hash. It doesn't allow you to construct a piece of data which matches a given hash. This was explicitly spelled out in the Q&A document.
Also, MD5 password hashes are salted. This means that, although you could potentially find a collision with the hash in the password file, the colliding data almost certainly would not have the same salt, and therefore would not be accepted as a valid password.
Furthermore, think about it. If you had access to the password hashes, you would be root, and could just 'su' to the user account in question anyway.
Now, suppose that your goal was to guess the password and hope that the user uses the same password on other machines -- i.e., you want to boost yourself to other hosts. But you're still SOL, because the MD5 password hashes are salted. Therefore, you must recompute the equivalent password on the other hosts, even if the user used the same password on those hosts.
As the Q&A document explained, the ability to produce colliding hashes makes MD5 unsuitable for some tasks. Protecting UNIX logins is not one of the ways in which its use has been compromised.
I would prefer google to find this information so that I can type in a simple query and see where my information is being wrongly published then not knowing at all.
You mean you'd type your credit card number into Google? Are you insane? Now you've sent your CC number in the clear over the Internet. To Google, which has a big scrolling display of searches in its corporate headquarters. I think I'll head over to the Google lobby and wait to see your CC number scroll past.
Hasn't anyone heard of using a robots.txt to block web spiders? If people are stupid enough not to, then their hidden data is just asking to be found by anyone.
I can't tell if you're being ironic or just stupid.
You're suggesting that you "secure" you sensitive information by listing where it is in robots.txt? I think I want to have a look in your robots.txt, now.
The purpose of robots.txt is not to secure your information, it is to avoid getting eaten alive by bandwidth-hogging search spiders, and to prevent spiders from indexing irrelevant or out of date information.
If you want your information to be secure, here's a hint: don't put it on a fricking web server.
What if they wanted to use 5 1/4" disks? At some point, you draw a line between somewhat inconvenient requests and outright ridiculousness.
I haven't used a floppy disk in nearly four years. At least to me, the idea of using such a fragile, obsolete medium to store information is ridiculous. Yes, you exist to serve the userbase, but in this age of USB keychain storage, CD-RW, and network shares, are you really doing them a service by perpetuating the use of floppy disks?
The plane has engines and can overcome the air resistance. It is not "free falling," it is actively maneuvering so as to maintain the parabolic path.
The reason the occupants of the plane experience this as a zero-G condition is because they are in freefall. They are moving precisely as they would be moving if they were falling toward the earth without air resistance. You need a plane to accomplish this, because in reality you cannot neglect the air resistance.
You can experience the same condition briefly, simply by jumping in the air. During the time you are in the air, you are in a weighless condition.
Why not simply remove the floppy drives from the workstations in the labs? If you don't want them using floppies, make it impossible for them to do so.
If they really, really want something on disk, you could have a special workstation with a floppy drive for that purpose.
How would multiple backups have saved her? She'd be backing up an infected file.
Of course, she could export to RTF to cleanse the virus, but how do you convince somebody to do that regularly? It's ridiculously inconvenient.
What if you entered one by accident, by making a typo? What if a bug in the program caused it to believe that the number was a pirated code when in fact it wasn't?
As far as the "presumption of innocence goes, think of it as getting a traffic ticket by a photo-red camera....:)
What if the camera was malfunctioning? What if another driver triggered it and moved out of the way and you got photographed instead of the offender? What if somebody hacked the camera to issue tickets to random drivers?
As soon as you remove "due process" from the justice system we fall back to something resembling a witch-hunt.
I didn't intend it as a criticism of physicists. I do know more than "absolutely nothing" about physics, albeit in fields of physics other than relativity. It appears I remembered the equation correctly but got the name of the variable wrong. Sorry.
That the gamma factor is imaginary is completely fine.
I don't see why you can just ignore it. An imaginary gamma would imply an imaginary length, as well as imaginary energy and momentum. I'm hard-pressed to define the physical implications of that, and thus continue to believe that FTL motion is impossible from both physical and mathematical standpoints. Please correct me if you have other information...
Sure, but there's a big difference between a piece of software/material object which simply does not operate when used incorrectly, and something which was intentionally designed to be malicious when used incorrectly.
Imagine if Intel started making processors which exploded when they were overclocked, destroying everything in your computer. That's the closest physical analogy I can imagine right now. I think it's pretty obvious that such a thing would be wrong.
Are you sure that simply typing in an unauthorized serial code is "piracy?" The program is freely downloadable. The fact that the user has possession of the software is not, in and of itself, a copyright violation, since the author has explicitly designed his business model this way.
I know of no instance where a person was convicted of copyright violation merely because they entered an incorrect code into a computer program. IMHO, it would be absurd.
As for software piracy being more "serious" than the malicious destruction of data, I must ask: are you kidding?
Not to mention that the copyright violation would certainly fall into the civil category, not the criminal. OTOH, what this author did is something like a criminal misuse of computer resources with nameable damages. Thus, the case against the author could be prosecuted without a plaintiff, but in order for the author to sue the pirates he would need a lawyer. That would be difficult, considering he'd be in a jail cell.
A bunch of people coming forward with sworn statements to the effect that the software they stole did bad things to their computer could change that, I suppose...
I'd still like you to explain how typing an unauthorized serial code into a dialog box is even remotely like theft. I'm not even sure that it's equivalent to copyright violation.
So, you are advocating vigilante justice without the presumption of innocence?
I suppose you also think that if somebody steals your wallet, you have the right to chase them down and shoot them? No indictment, no trial, no judge nor jury, no conviction, no sentencing hearing... Straight to execution!
Not necessarily true. You can put anything you want into a contract, but not everything is enforceable. Suppose you leased a car, and the lease agreement had a clause saying "If you drive this car more than 15,000 miles per year, we reserve the right to take custody of your children." Such a clause is not legally enforceable.
Whether or not a "bomb clause" in an EULA is enforceable is not clear, but it's important to note that just because something is written in an agreement does not necessarily make it legally binding.
The author wrote and distributed a program with malicious intent and should be convicted of whichever computer-related offenses are most appropriate. Perhaps probation would be preferable to jail time, but I see no way to excuse this person's behavior.
Any software developer with even a remote sense of reality realized long, long ago that preventing piracy is impossible. Make a product that people are willing to pay for, and they will pay for it. That's the best you can do.
No they aren't, and I don't know where people get this idea.
In special relativity, there is a factor called "beta" which is used to calculate time dilation, spacial contraction, relativistic momentum, etc. It's defined like this:
beta = 1 / sqrt(1 - v^2/c^2)
Where v is your velocity as measured w.r.t. some chosen reference frame.
Now, think about time travel. This would be equivalent to a negative time dilation factor (time moving "backwards"). In other words, a negative beta. People seem to just assume that, if v > c, then beta is negative. But it isn't.
If v > c, then the term (1 - v^2/c^2) is negative. What's the square root of a negative number? It's imaginary. So, if you move faster than light, the beta factor becomes imaginary. You aren't moving backward in time -- you are moving in imaginary time.
To sum up, traveling faster than light doesn't make you go backward in time. It's a meaningless concept. Unless, of course, you are willing to accept the existence of "imaginary time."
Correct, but why should we abandon research on the topic just because a couple of bozos jumped the gun and didn't do the science the appropriate way? Seems childish, to me.
Basically, it was just a magma displacement. Or maybe whales humping. Take your pick.
It's a "coverup" in the sense of covering up their own embarrassment at getting so excited over something which turned out to be nothing at all.
I can envision the scene in my mind right now... An intern or maybe a younger, less experienced scientist sees this signal, gets excited, and everybody starts buzzing about it. Someone eagerly leaks some information to the press, but sooner or later, cooler heads prevail. Now, with a little egg on their faces, they just want everyone to cool it and go away.
I don't think there's anything particularly suspicious here at all. People jump the gun all the time.
Consider than an efficiently modulated signal (full use of the available spectrum and SNR) will be indistinguishable from noise. The very fact that your signal looks different from noise means you need a better modulation scheme.
Now, consider that we're talking about supposedly advanced alien civilizations, here. If they are communicating with EM, it seems likely that their modulation schemes are much more advanced than ours. Thus, alien communications should be indistinguishable from noise.
So, the fact that the signal appears to have some orderly behavior seems to imply, at least for me, that it was not produced by intelligent beings -- at least, not by beings greatly more intelligent than we are. I think it's far more likely that the signal is generated by some chaotic process which rides the borderline between orderly behavior and total randomness.
My first guess would be hot electrons emitting synchrotron radiation as they move through a magnetically complex region of space.
I see. If insisting that our governmental process be carried out in public without secrets makes me an extremist, then I'll gladly wear that label.
Sorry, but I'll have no "secret delegates" in MY system of government.
What you'll end up doing is cause the government to pass laws mandating the recording of all client IP addresses. Then, if we ever lose those records, even for technical reasons (like disks failing), we could be subject to prosecution.
Please, please please... The last thing we need is more regulation on the Internet, and your suggestion just makes that regulation much more likely.
Not to mention the extreme idiocy (on a technical level) of having no logs of who your web users are. Someone cracks your website, and you're going to track them how, again?
No, what he's saying is don't blow all your resources trying to "fix" a problem and then have it turn out that your "fix" didn't even work. Now there's a huge problem and no money left to fix it, because you got anxious and blew all your resources before you understood what the hell you were doing.
It could never prove it in the first place. Prove it beyond a reasonable doubt maybe, but never really prove it.
However, if the MD5 sum is different, then you certainly have proven that the data DID change. The MD5 can prove the data changed. It cannot prove it did not change.
Similarly, DNA evidence is able to rule out suspects, but it cannot prove that a person committed a crime. This is why DNA expert witnesses say something like, "The probability that the defendent did not commit this crime is two hundred million to one." However, if your DNA doesn't match that found at the crime scene, you are instantly exonerated.
Not true for RSA. Remember that an RSA key is constructed from an extremely large number with exactly two prime factors. Not just any number is a valid RSA key. There are actually much, much fewer than 2^1024 possible 1024-bit RSA keys.
For symmetric key cryptosystems where all possible values are valid keys, then it is true that each extra key bit doubles the average brute force effort. But definitely not for RSA.
No. The new technique allows you to construct two pieces of data which have the same hash. It doesn't allow you to construct a piece of data which matches a given hash. This was explicitly spelled out in the Q&A document.
Also, MD5 password hashes are salted. This means that, although you could potentially find a collision with the hash in the password file, the colliding data almost certainly would not have the same salt, and therefore would not be accepted as a valid password.
Furthermore, think about it. If you had access to the password hashes, you would be root, and could just 'su' to the user account in question anyway.
Now, suppose that your goal was to guess the password and hope that the user uses the same password on other machines -- i.e., you want to boost yourself to other hosts. But you're still SOL, because the MD5 password hashes are salted. Therefore, you must recompute the equivalent password on the other hosts, even if the user used the same password on those hosts.
As the Q&A document explained, the ability to produce colliding hashes makes MD5 unsuitable for some tasks. Protecting UNIX logins is not one of the ways in which its use has been compromised.
You mean you'd type your credit card number into Google? Are you insane? Now you've sent your CC number in the clear over the Internet. To Google, which has a big scrolling display of searches in its corporate headquarters. I think I'll head over to the Google lobby and wait to see your CC number scroll past.
I can't tell if you're being ironic or just stupid.
You're suggesting that you "secure" you sensitive information by listing where it is in robots.txt? I think I want to have a look in your robots.txt, now.
The purpose of robots.txt is not to secure your information, it is to avoid getting eaten alive by bandwidth-hogging search spiders, and to prevent spiders from indexing irrelevant or out of date information.
If you want your information to be secure, here's a hint: don't put it on a fricking web server.