Let's say you have 2^20 (1048576) machines. Let's say each can do 2^20 hashes per second (this is optimistic). Then it will take you 2^29 seconds to find a hash collision-- this is about 17 years.
This doesn't even let you collide with an arbitrary thing-- rather, you can provide something to someone to sign, and have another message that hashes to the same thing.
It is worrisome, though, because perhaps attacks will improve and it'll continue to get cheaper.
Actually, you would still need to perform 2^159 operations to match with an arbitrary disk image. Only if you can pick both what the person is going to hash and your desired collision do you currently have an attack of order 2^69.
This would represent 36% and 28% respectively, using your number for the number of Gulf War veterans.
I looked at a few of the papers on your web site, and did chi^2 testing on the figures; for instance, from the "Effects of War in Iraq" paper by Dr. Al-Ali, there is only a 15% chance of there being a relation between exposure and cancer rates. That is, if the figures can be believed.
The paper says there was a rate of 11 cancers per 100,000 in 1988 and 123 per 100,000 in 2002. The United States cancer incidence rate is about 550 per 100,000, and the death rate is about 250 per 100,000. While other countries have lower cancer rates, none have rates below 250 per 100,000; therefore, it's pretty hard for me to believe that Basra had a rate of 11 per 100,000 in 1988.
It's pretty easy to show a connection when you just make up numbers and don't test for statistical significance;P.
So basically, you're completely failed to substatiate 89% or its connection to DU. (Your own number above is 56%; again, I think it is inaccurate, but you appear to be coming off the 89% number..) Anyways, whether 56% is true or not, 56%!=89%, also.
Incidentally, 12-18% of people 18-64 have some form of disability according to the 2000 US census. 29% is really not that much more than 18%, especially when mental/anxiety/PTSD effects are considered.
Re:And they scoffed at my continued reliance on MD
on
SHA-1 Broken
·
· Score: 0, Offtopic
BTW:
Disabled US vets 10 yrs after Viet Nam: 10% 12 yrs after Gulf War: 89% Stop uranium inhalation poisoning!
Of the 504,047 eligible for VA benefits, 149,094 (29%) are now considered disabled by the VA eleven years since the start of the Gulf War; and...
29% is a big number, but 29% != 89% last time I checked. Also, there are many other explanations other than uranium dust, like chemical weapons in theatre. But I don't think facts probably matter very much to you.
Re:And they scoffed at my continued reliance on MD
on
SHA-1 Broken
·
· Score: 1
2^69 hashes would constitute a 'huge search' in my book. I guess it doesn't in yours; or you didn't RTFA:)
A mechanism to find collisions does not affect SHA-1's strength as a password hashing algorithm or its use in a hashed message authentication code. So you'll be just fine.
Ah, but that doesn't really work well from an economic angle.
I mean, if I rob a bank and net $100,000; and the punishment of me getting caught costs me the equivalent of $150,000; and I have a 50% chance of getting caught, I technically would come out ahead repeatedly robbing banks.
Likewise, the odds of getting caught for shoplifing once are low; no one who is predisposed to shoplift if, when caught shoplifting, they were just charged with something commensurate to the amount they were caught stealing.
So yes, as a matter of developing law, we do factor probability of getting caught, reward experienced by the offender from the illegal behavior, and damage done into penalties. A balance has to be struck, though-- it is unjust for the penalty to be too high in relation to the harm, and when the probability of getting caught is low enough or the reward high enough, it is often ineffective to increase penalties.
Yes, if you have the geography and weather patterns to permit it. In North America, most of the low hanging fruit for hydroelectric are exploited. In my state (California), about 25% of power generation is hydroelectric. However, there's not much of an opportunity for building additional large hydroelectric plants left, so it's hard to see how it can increase to be a much bigger piece of the energy pie here.
My point was that having a diversified energy infrastructure depending on energy sources that are not in imminent danger of depletion that also have low environmental impact (nuclear, hydro, wind) is a good thing. Nuclear and hydro complement each other extraordinarily well.
Solar, wind, hydroelectric, biodiesel and geothermal are great supplementary power sources, but they're generally not suitable as a primary source of energy. We would do well to use them in greater amounts. For instance, solar and wind are more expensive per unit of energy generated than nuclear or fossil fuel; both wind or solar are generally not suitable to provide more than 10-15% of a grid's power due to variations in power over time of day and weather conditions.
However, solar and wind tend to complement nuclear power very well; most nuclear plant designs can't ramp up or down power very quickly, and peak generation from wind/solar designs tends to correspond well with peak usage. Likewise, hydroelectric can be used to produce power whenever you feel like it to fill in for bursts in demand.
We would do well to have an energy infrastructure that is diverse. I am looking at installing solar panels and selling power back to the utilities; even with tax credits and subsidies I won't make the money back within 15 years. Still, I'm in favor of it/interested in the idea as a matter of social responsibility. I do realize though that it is not a panacea for our energy problems.
I would much rather live within a short distance of a nuclear power plant than a coal power plant or petroleum refinery.
I'm not saying there is no danger associated with nuclear power plants; but rather, the danger is a bounded, quantifiable one, and the rate of civilian deaths per year from nuclear plants per gigawatt/hour generated is almost certainly lower than the corresponding rate for many forms of energy that our society uses.
The EVAP system in your car is to prevent release of gasoline fumes from the fuel venting system. A faulty gas cap, or a gas cap not turned tightly onto the tank can indeed cause it to fail diagnostics (because several of the diagnostics involve very slightly pressurizing the fuel tank and then checking for leaks). Also, there can be problems with the actual charcoal cylinder or solenoids that open and close the vent lines. It is not expensive to actually diagnose those vent lines/solenoids. Anyways, the EVAP system is usually close to the fuel tanks and not under the hood.
EVAP is just an emissions issue; it won't actually cause any problems driving around in almost all cases.
I have heard that the reliability of some EVAP systems have been improved by firmware changes that loosen up the diagnostic criteria a bit, because the original diagnostic criteria is a little strict and causes things to fail early.
I agree on the half the EM spectrum part-- building general purpose anti-laser goggles for use in aircraft is not really feasible at this point.
Hitting the small target isn't so hard though, because lasers aren't really so coherent. A beam spread of at least.1 degrees is common even on relatively good industrial lasers; this means you need to only be able to aim within.1 degrees of your target, which is of lesser difficulty than say, aiming a rifle accurately at 100yds.
This really sucks. Pointing lasers at aircraft is easy to do, distracting to the pilot at laser pointer power levels and gravely injuring at common industrial laser power levels, and nearly impossible to defend against.
He was saying that this device was slick because it maintains a USB root hub/stack, whereas a typical USB disk doesn't-- hence the typical USB disk cannot be plugged directly into a camera and requires intervention from a host. This device has its own USB stack, root hub, and drivers to act as a USB host when it is plugged into a camera, and can also act as a USB device when plugged into a PC.
$100,000 year salary is like $100/hour, even though the gross revenue from that would be $200,000
Plugging in $100 into your formulat gets 100 dollars/work hour *2000 work hours/year= $200,000 dollars/year. Or in other words, charging $100/hour gets you a gross revenue of $200,000/yr, to use your formula.
If he worked 16 hrs/day, every day, he'd get $584,000. So you are somewhat on crack.
His point was, if you would expect a $100k/yr salary for a job, you should charge about $100/hour as a contractor. This is a somewhat sane rule of thumb to account for the additional tax burden (FICA), overhead, loss of benefits, etc, but probably not quite sufficient.
I think abortion in the first few weeks, when we are basically only talking about a lump of cells in liquid, is ok, and certainly the 24 hour pill is ok.
The "morning after pill" (which is pretty effective up to 72 hours, or perhaps more), is not an abortificant. It works by inhibiting an (unfertilized) egg from being released, and by changing the environment inside the uterus to prevent fertilization. Only in a very small number of cases does it prevent a fertilized egg from implanting. It's just a very high dose version of the typical oral contraceptive.
So really, no one ought to have a problem with the morning after pill except those of the 'every sperm is sacred' (*cough* Catholics) type.
100W is plenty for a couple hundred kilobits from Mars with a 1.3m dish (as evidenced by Mars Odyssey). This corresponds to about 2 degrees of beamwidth.
A cheap industrial CO2 laser has a beam divergence of about 2 miliradians; this is about.12 degrees. Assuming you do this on only one side of the connection, you get about 24dB of additional gain. In other words, putting a 100W output power laser on a Mars orbiter gives you a EIRP equivalent of 24kW into a 1.3m dish, while saving a bunch of mass and volume occupied by the dish.
Not only have you completely failed to understand my argument, you went ad hominem and called my argument stupid; this is in spite of the fact that half of your post is spelled incorrectly. Brilliant.
The Catholic church has believed all kinds of stuff which is poorly supported or not supported at all by a careful reading of biblical texts. I asked for documentation of actual support for geocentrism in the bible and you have repeatedly failed to offer it. I did not question that geocentrism was the doctrine of the Catholic church up until the 18th century.
I said I did believe in a heliocentric solar system... Helios meaning SUN as in the sun in the center.
I didn't argue with this either; I said the bible does not support geocentrism. Please back away from the crack pipe, sir.
You asked for a reference in the Bible that would have meant the Earth was in the center, I gave you one. I did not say that the interpretation of that verse correct, however it had been historically inturpreted in that fasion - for which I provided an example.
OK, so basically you're saying that some kooks, several hundred years ago, thought Joshua talked about geocentrism; good job. I don't think that's an instance of support for geocentrism in the bible. Likewise, I guess you're one of those people who feel Nietzsche supported fascism (because some people misinterpreted his flavor of romanticism). Guilt by association (especially the posthumous kind) is cool.
I guess I support geocentrism when I talk about the sun rising in the east, too. After all, I said it's the SUN RISING. If I believed in heliocentrism, I would say the earth is rotating to expose the sun in the eastern sky. Everyone who says the "sun rises" is clearly a proponent of a long discredited cosmological theory.
You come back with so much fury that I wonder if you have some kind of A-theist (hyphen for emphasis) agenda.
I'm not quite sure what you're saying here-- are you accusing me of advancing an atheist agenda by arguing that the bible doesn't advocate a long discredited cosmological theory? That really doesn't make sense. Of course, I don't even know if that's what you really mean, because the vast majority of sentences in your post exhibit terrible grammar.
My whole point of bringing it up is it is in the Bible and relevant and is the argument used to condemn Galileo. The argument was that the Bible said the Sun stoped not the Earth, therefor the Earth is unmoving, and everything else revolves around it. and therefore the center of the universe.
You're failing to stay coherent here.
How strong of an argument do you want from a book that isn't a scientific treatise?
Bingo. This passage no more shows the bible advocates geocentrism than my matter of speaking about the location of the Sun in the sky does the same. shemesh (the sun) damam (stood still) yareach (the moon) amad (did stay).
And the problem with your literal interpretation of a translation is that these words do not exactly correspond to English meaning-- ie:
amad: 1) to stand, remain, endure, take one's stand
a) (Qal)
1) to stand, take one's stand, be in a standing attitude, stand forth, take a stand, present oneself, attend upon, be or become servant of
2) to stand still, stop (moving or doing), cease
3) to tarry, delay, remain, continue, abide, endure, persist, be steadfast
4) to make a stand, hold one's ground
5) to stand upright, remain standing, stand up, rise, be erect, be upright
6) to arise, appear, come on the scene, stand forth, appear, rise up or against
7) to stand with, take one's stand, be appointed, grow flat, grow insipid
b) (Hiphil)
1) to station, set
2) to cause to stand firm, maintain
3) to cause to stand up, cause to set up, erect
4) to present (one) before (king)
5) to appoint, ordain, establish
c) (Hophal) to be presented, be caused to stand, be stood before
As you can see, the meaning of the words does not map directly to English, and in my reading does not literally mean the sun was stopped from moving.
Slashdot Mirror
OK, and then let's do some math.
Let's say you have 2^20 (1048576) machines. Let's say each can do 2^20 hashes per second (this is optimistic). Then it will take you 2^29 seconds to find a hash collision-- this is about 17 years.
This doesn't even let you collide with an arbitrary thing-- rather, you can provide something to someone to sign, and have another message that hashes to the same thing.
It is worrisome, though, because perhaps attacks will improve and it'll continue to get cheaper.
Actually, you would still need to perform 2^159 operations to match with an arbitrary disk image. Only if you can pick both what the person is going to hash and your desired collision do you currently have an attack of order 2^69.
Gulf era veterans != gulf war veterans.
;P.
Apples & apples, please, mmkay?
As of 2003:
About 209,000 Gulf War veterans have filed claims with the Veterans Administration, and 161,000 of them are receiving disability payments.
From CNN, January, 2003.
This would represent 36% and 28% respectively, using your number for the number of Gulf War veterans.
I looked at a few of the papers on your web site, and did chi^2 testing on the figures; for instance, from the "Effects of War in Iraq" paper by Dr. Al-Ali, there is only a 15% chance of there being a relation between exposure and cancer rates. That is, if the figures can be believed.
The paper says there was a rate of 11 cancers per 100,000 in 1988 and 123 per 100,000 in 2002. The United States cancer incidence rate is about 550 per 100,000, and the death rate is about 250 per 100,000. While other countries have lower cancer rates, none have rates below 250 per 100,000; therefore, it's pretty hard for me to believe that Basra had a rate of 11 per 100,000 in 1988.
It's pretty easy to show a connection when you just make up numbers and don't test for statistical significance
So basically, you're completely failed to substatiate 89% or its connection to DU. (Your own number above is 56%; again, I think it is inaccurate, but you appear to be coming off the 89% number..) Anyways, whether 56% is true or not, 56%!=89%, also.
Incidentally, 12-18% of people 18-64 have some form of disability according to the 2000 US census. 29% is really not that much more than 18%, especially when mental/anxiety/PTSD effects are considered.
BTW:
Disabled US vets 10 yrs after Viet Nam: 10%
12 yrs after Gulf War: 89%
Stop uranium inhalation poisoning!
What exactly is your source on this? According to an anti-military news source quoting the DoVA:
Of the 504,047 eligible for VA benefits, 149,094 (29%) are now considered disabled by the VA eleven years since the start of the Gulf War; and...
29% is a big number, but 29% != 89% last time I checked. Also, there are many other explanations other than uranium dust, like chemical weapons in theatre. But I don't think facts probably matter very much to you.
2^69 hashes would constitute a 'huge search' in my book. I guess it doesn't in yours; or you didn't RTFA :)
A mechanism to find collisions does not affect SHA-1's strength as a password hashing algorithm or its use in a hashed message authentication code. So you'll be just fine.
Ah, but that doesn't really work well from an economic angle.
I mean, if I rob a bank and net $100,000; and the punishment of me getting caught costs me the equivalent of $150,000; and I have a 50% chance of getting caught, I technically would come out ahead repeatedly robbing banks.
Likewise, the odds of getting caught for shoplifing once are low; no one who is predisposed to shoplift if, when caught shoplifting, they were just charged with something commensurate to the amount they were caught stealing.
So yes, as a matter of developing law, we do factor probability of getting caught, reward experienced by the offender from the illegal behavior, and damage done into penalties. A balance has to be struck, though-- it is unjust for the penalty to be too high in relation to the harm, and when the probability of getting caught is low enough or the reward high enough, it is often ineffective to increase penalties.
Yes, if you have the geography and weather patterns to permit it. In North America, most of the low hanging fruit for hydroelectric are exploited. In my state (California), about 25% of power generation is hydroelectric. However, there's not much of an opportunity for building additional large hydroelectric plants left, so it's hard to see how it can increase to be a much bigger piece of the energy pie here.
My point was that having a diversified energy infrastructure depending on energy sources that are not in imminent danger of depletion that also have low environmental impact (nuclear, hydro, wind) is a good thing. Nuclear and hydro complement each other extraordinarily well.
Solar, wind, hydroelectric, biodiesel and geothermal are great supplementary power sources, but they're generally not suitable as a primary source of energy. We would do well to use them in greater amounts. For instance, solar and wind are more expensive per unit of energy generated than nuclear or fossil fuel; both wind or solar are generally not suitable to provide more than 10-15% of a grid's power due to variations in power over time of day and weather conditions.
However, solar and wind tend to complement nuclear power very well; most nuclear plant designs can't ramp up or down power very quickly, and peak generation from wind/solar designs tends to correspond well with peak usage. Likewise, hydroelectric can be used to produce power whenever you feel like it to fill in for bursts in demand.
We would do well to have an energy infrastructure that is diverse. I am looking at installing solar panels and selling power back to the utilities; even with tax credits and subsidies I won't make the money back within 15 years. Still, I'm in favor of it/interested in the idea as a matter of social responsibility. I do realize though that it is not a panacea for our energy problems.
yes, I know that. I'm having a bad day, OK? ;)
watts are power, watts * time is energy.
I meant: rate of civilian deaths per gigawatt/hr generated.
;P
I should really preview.
I would much rather live within a short distance of a nuclear power plant than a coal power plant or petroleum refinery.
I'm not saying there is no danger associated with nuclear power plants; but rather, the danger is a bounded, quantifiable one, and the rate of civilian deaths per year from nuclear plants per gigawatt/hour generated is almost certainly lower than the corresponding rate for many forms of energy that our society uses.
You forgot Sparc64. You also forgot m68010-- Sun2 and its method of protection is really pretty unique, and thus distinct from the m68k branch.
Finally, both Mips and SH3 run in NetBSD in either big or little endian mode; these qualify as unique architectures, IMO.
The EVAP system in your car is to prevent release of gasoline fumes from the fuel venting system. A faulty gas cap, or a gas cap not turned tightly onto the tank can indeed cause it to fail diagnostics (because several of the diagnostics involve very slightly pressurizing the fuel tank and then checking for leaks). Also, there can be problems with the actual charcoal cylinder or solenoids that open and close the vent lines. It is not expensive to actually diagnose those vent lines/solenoids. Anyways, the EVAP system is usually close to the fuel tanks and not under the hood.
EVAP is just an emissions issue; it won't actually cause any problems driving around in almost all cases.
I have heard that the reliability of some EVAP systems have been improved by firmware changes that loosen up the diagnostic criteria a bit, because the original diagnostic criteria is a little strict and causes things to fail early.
I agree on the half the EM spectrum part-- building general purpose anti-laser goggles for use in aircraft is not really feasible at this point.
.1 degrees is common even on relatively good industrial lasers; this means you need to only be able to aim within .1 degrees of your target, which is of lesser difficulty than say, aiming a rifle accurately at 100yds.
Hitting the small target isn't so hard though, because lasers aren't really so coherent. A beam spread of at least
This really sucks. Pointing lasers at aircraft is easy to do, distracting to the pilot at laser pointer power levels and gravely injuring at common industrial laser power levels, and nearly impossible to defend against.
JPL's 2004MN4 page has been updated, and now there's no prediction for a near pass at all in 2029, and the cumulative impact odds are now 1 in 56,000.
Looks like they found a much older observation of the asteroid that allowed the orbit to be determined very precisely.
I think you missed his point, FYI.
He was saying that this device was slick because it maintains a USB root hub/stack, whereas a typical USB disk doesn't-- hence the typical USB disk cannot be plugged directly into a camera and requires intervention from a host. This device has its own USB stack, root hub, and drivers to act as a USB host when it is plugged into a camera, and can also act as a USB device when plugged into a PC.
Errors have been found in your post. Your post will not be approved until they're corrected:
would be useful for is people further from this sanskrit we're calling: awkward
...distinctions," I'm pointing out some facts which aren't likely to change any time soon whether we like them or not.: dangling participle detected
He said:
$100,000 year salary is like $100/hour, even though the gross revenue from that would be $200,000
Plugging in $100 into your formulat gets 100 dollars/work hour *2000 work hours/year= $200,000 dollars/year. Or in other words, charging $100/hour gets you a gross revenue of $200,000/yr, to use your formula.
If he worked 16 hrs/day, every day, he'd get $584,000. So you are somewhat on crack.
His point was, if you would expect a $100k/yr salary for a job, you should charge about $100/hour as a contractor. This is a somewhat sane rule of thumb to account for the additional tax burden (FICA), overhead, loss of benefits, etc, but probably not quite sufficient.
Just to clarify here:
I think abortion in the first few weeks, when we are basically only talking about a lump of cells in liquid, is ok, and certainly the 24 hour pill is ok.
The "morning after pill" (which is pretty effective up to 72 hours, or perhaps more), is not an abortificant. It works by inhibiting an (unfertilized) egg from being released, and by changing the environment inside the uterus to prevent fertilization. Only in a very small number of cases does it prevent a fertilized egg from implanting. It's just a very high dose version of the typical oral contraceptive.
So really, no one ought to have a problem with the morning after pill except those of the 'every sperm is sacred' (*cough* Catholics) type.
tiny correction: I meant to say 27kW into a 1.3m dish. My apologies.
100W is plenty for a couple hundred kilobits from Mars with a 1.3m dish (as evidenced by Mars Odyssey). This corresponds to about 2 degrees of beamwidth.
.12 degrees. Assuming you do this on only one side of the connection, you get about 24dB of additional gain. In other words, putting a 100W output power laser on a Mars orbiter gives you a EIRP equivalent of 24kW into a 1.3m dish, while saving a bunch of mass and volume occupied by the dish.
A cheap industrial CO2 laser has a beam divergence of about 2 miliradians; this is about
Not only have you completely failed to understand my argument, you went ad hominem and called my argument stupid; this is in spite of the fact that half of your post is spelled incorrectly. Brilliant.
The Catholic church has believed all kinds of stuff which is poorly supported or not supported at all by a careful reading of biblical texts. I asked for documentation of actual support for geocentrism in the bible and you have repeatedly failed to offer it. I did not question that geocentrism was the doctrine of the Catholic church up until the 18th century.
I said I did believe in a heliocentric solar system... Helios meaning SUN as in the sun in the center.
I didn't argue with this either; I said the bible does not support geocentrism. Please back away from the crack pipe, sir.
You asked for a reference in the Bible that would have meant the Earth was in the center, I gave you one. I did not say that the interpretation of that verse correct, however it had been historically inturpreted in that fasion - for which I provided an example.
OK, so basically you're saying that some kooks, several hundred years ago, thought Joshua talked about geocentrism; good job. I don't think that's an instance of support for geocentrism in the bible. Likewise, I guess you're one of those people who feel Nietzsche supported fascism (because some people misinterpreted his flavor of romanticism). Guilt by association (especially the posthumous kind) is cool.
I guess I support geocentrism when I talk about the sun rising in the east, too. After all, I said it's the SUN RISING. If I believed in heliocentrism, I would say the earth is rotating to expose the sun in the eastern sky. Everyone who says the "sun rises" is clearly a proponent of a long discredited cosmological theory.
You come back with so much fury that I wonder if you have some kind of A-theist (hyphen for emphasis) agenda.
I'm not quite sure what you're saying here-- are you accusing me of advancing an atheist agenda by arguing that the bible doesn't advocate a long discredited cosmological theory? That really doesn't make sense. Of course, I don't even know if that's what you really mean, because the vast majority of sentences in your post exhibit terrible grammar.
My whole point of bringing it up is it is in the Bible and relevant and is the argument used to condemn Galileo. The argument was that the Bible said the Sun stoped not the Earth, therefor the Earth is unmoving, and everything else revolves around it. and therefore the center of the universe.
You're failing to stay coherent here.
How strong of an argument do you want from a book that isn't a scientific treatise?
Bingo. This passage no more shows the bible advocates geocentrism than my matter of speaking about the location of the Sun in the sky does the same. shemesh (the sun) damam (stood still) yareach (the moon) amad (did stay).
And the problem with your literal interpretation of a translation is that these words do not exactly correspond to English meaning-- ie:
amad: 1) to stand, remain, endure, take one's stand
a) (Qal)
1) to stand, take one's stand, be in a standing attitude, stand forth, take a stand, present oneself, attend upon, be or become servant of
2) to stand still, stop (moving or doing), cease
3) to tarry, delay, remain, continue, abide, endure, persist, be steadfast
4) to make a stand, hold one's ground
5) to stand upright, remain standing, stand up, rise, be erect, be upright
6) to arise, appear, come on the scene, stand forth, appear, rise up or against
7) to stand with, take one's stand, be appointed, grow flat, grow insipid
b) (Hiphil)
1) to station, set
2) to cause to stand firm, maintain
3) to cause to stand up, cause to set up, erect
4) to present (one) before (king)
5) to appoint, ordain, establish
c) (Hophal) to be presented, be caused to stand, be stood before
As you can see, the meaning of the words does not map directly to English, and in my reading does not literally mean the sun was stopped from moving.