Not an expression I've ever heard, and Google lists nothing. Hypochlorite is regular chlorine bleach, anyway.
Peroxide blond, yes. However, you won't find peroxide sold as generic bleach. It's also even less kind to natural fabrics than chlorine. There are several other chemicals used as bleaching agents (iodine is the other common one, normally used for food containers), but only chlorine is referred to as "bleach" without qualification.
Proving programs correct is possible in theory (not counting the Halting Problem for now), but the tools aren't really there yet. Unit testing helps, but can only work to test small parts of the program. It can't detect errors in the way units are fitted together.
One of the advantages of formal semantics is that it gives a system that's more suited to proving properties about programs. Again, though, the tools simply don't exist to do this with large programs (just about everyone who's taken a semantics course has done it with factorials).
It might be possible to do the bulk of the program design and construction in a series of custom-written languages, each with an appropriate semantics, and only rewrite as a "real" language at the lowest level, once everything has been proved correct, and unit test that. On the other hand, I have no idea whether it would work in practice, and it's so different to current methods that I doubt anyone outside of language research would want to try it.
It isn't really a necessary check, it's just a check. If you could remove world hunger, the population would be able to expand until it hit some other check. If no other check existed, then there would be no problem in the population continuing to expand.
If you look at development of nations, the birth rate tends to follow the death rate (particularly infant mortality), but lags by a generation or two. So all these countries that we've given clean water and improved health care are going to have a population explosion until the birth rate settles - which it should do naturally.
Much of world hunger is a result of this explosion in population, which in turn is a result of introducing modern health care to the developing world (I don't want to get into a debate over whether that was a good idea).
Anyway, getting back to the point, there's nothing special about world hunger, it just happens to be the smallest upper bound on the population at the moment. Remove it, and the next will probably be disease caused by overcrowding.
Really? That seems to lead to an obvious loophole:
Take GPL3 web application, incorporate code into non-web application, distribute under GPL3. Download code not needed since it's not a web application.
Take non-web application, incorporate code into new web application. Since the non-web application has no download code, no need to incorporate download code.
For best results, have the two steps performed by two groups with no obvious ties.
So it isn't quite as general as the headline suggests. That still doesn't make it a good thing.
In the trivial case where someone just removes the ability to download source code, it makes sense to prevent this. But if there are major, non-trivial modifications to the code, the company currently has the right not to distribute the changes (since it's only running on their own machines).
The article is quite clear in saying that the modified server must continue to distribute the source for the running version, including the changes. If authors are encouraged to include this download command in the unmodified code, the result will be exactly what others have claimed: if you modify the code and run it on your own servers, you must distribute the source for the modified code.
Security through obfuscation of algorithms is not security. Obfuscation of keys is security. The whole point of a key is that it's obfuscated (hidden, kept secret).
A good security system has an algorithm, and a key. It should be possible to reveal the algorithm in detail, without compromising security. If the key is revealed, then obviously you're screwed.
The table is part of the key. The table he posted is an example, not the real thing (I hope). There are risks associated with this method, but it isn't particularly bad unless you have some sample passwords and know the words that they encode.
Except that the table is secret. At least, I'm assuming he didn't post the real thing.
If you have a large enough sample of passwords generated using the table, then there's a threat. Otherwise, it isn't significantly worse than any other method.
Having the table stolen is certainly a risk (and having it "borrowed" and copied without your knowledge even more so), but if it's treated as part of the secret key, and kept in a wallet, then it's considerably better than post-it notes.
Making the function a random permutation of the ASCII code gives more (theoretical) security than a simple password - there 72! permutations of just alphanumeric characters. The disadvantage is that if you have some passwords you may be able to reconstruct enough of the function to crack others.
Some sort of hash function would help here. Obviously, hash -> permute doesn't help much, as it's vulnerable to the same attack. But would permute -> hash -> permute work? The first "permutation" can be any function (256^256 to choose from), and the second is a mapping to the target character set (say, 72^256).
In this case, the two permutations become the key, and passwords can be generated from any old rubbish - such as a website name, maybe with a couple of salt characters (indeed, that would increase security against just hash -> permute). I don't know enough about hash functions to say whether there are trivial attacks against it, though.
As for my passwords, I just generate them randomly and have them encrypted on a PDA. I remember 5 or 6 that I use regularly, and look up the rest.
In which case, can the RIAA/MPAA be sued for infringing their own copyrights?
One place where the analogy breaks down is that the distributors are entitled to distribute the files, as they are the copyright holders (or agents of the copyright holders). Downloading a file from a copyright holder that has been knowingly made available for download can hardly be seen as copyright infringement.
To successfully sue, it would be necessary to show that the downloader believed the file was not legitimate, i.e. the people offering it were not the copyright holders.
Furthermore, as far as I know, copyright infringement is still a civil offence (is DMCA criminal? Can't remember), and it treated differently to drug laws. Things get even better in Scotland, where the civil courts do not allow punitive damages.
Who says they're upside down? Left-right, top-bottom is a completely arbitrary order for processing raster data.
Some systems (such as the old BBC Micro) had a graphics origin at the bottom left - as do most graphs in mathematics. I'm not aware of any language that is written bottom-up, but there's no fundamental problem with it.
Actually, I'd expect the correlation to be logarithmic not linear, but that's just nitpicking (it's difficult to quantify evil, of course). A positive correlation, certainly.
For the sake of playing devil's advocate, there could easily be causation in the other direction: those people with a tendency towards evil have fewer scruples, and are better at business and other means of obtaining money. In fact, outside of politics (where bribery is a serious problem), I think that's a more likely situation.
Lots of file types allow for arbitrary junk at certain places.
For example, a very basic form of steganography: cat a.zip file to the end of a.gif file. The result is a valid file that can be displayed as an image (which ignores trailing junk), and decompressed with zip (which ignores leading junk).
Most file formats I've written don't care about junk at the end of the file. It'll be stripped off if you load and then save, but the program won't notice or complain. One program even preserves records it doesn't recognise (which could be secret messages, or just random crap).
Not necessarily - it depends on how much the author is trusted to begin with. Certain types of software are very closely checked by the open source community, and any trojan will be discovered if it exists in the package.
Say I write a bit of security software (for which most people take the time to compare checksums). As a relative nobody, lots of people are going to scrutinise the source code before using it. Any new release will also be checked. Only after it's been scrutinised and built up a reasonable userbase is it worth switching it for the evil version - otherwise, the evil version would be discovered early and nobody would use it.
Someone like Schneier could probably release a trojan directly and people would install it without thinking (I trust he's too responsible for that, though). For the rest of us, this gives a feasible way to sneak in evil code without anyone checking it.
The problem with people forming their own echo chamber is that journalists are no longer forming everyone else's opinions. Ethnicity aside (I don't even want to go there), traditional journalists have a huge amount of power in telling readers and viewers what to think. Most people don't go to the trouble of reading two or more conflicting papers.
Old media isn't doing so badly, to be honest. TV is alive and well, and even newspapers still sell well, since most people aren't using wireless internet on the train to work (oh, and try passing round a newspaper article and a page on a laptop, and see which is easier). Most of the media companies have already bought into the internet (Scotsman, NYTimes, and so on) - it's the journalists and reviewers that are concerned that they personally don't have the influence they did.
The key point, however, is that just because it's flamebait doesn't mean it's not true.
I enjoy the occasional troll, but don't want to read all of them. In my opinion, the best of them (that is, the subtle ones) get past the moderators and I see them anyway. I wouldn't want to live at -1.
Almost certainly. Of course, it mostly consists of variations on "first post", "Natalie Portman", and so on.
(Bear with me, I'm a little out of touch with Slashdot trolls these days)
There certainly was a tendency for some forums to have a "trolltalk" area. I think it was normally created by exploiting bugs in the code, but once there, it was tolerated because it helped reduce the amount of trolling in otherwise serious discussions. No idea if these things still exist.
I wonder if that's anything to do with the multiple meanings of "ass". If it's a contraction of "jackass", then it clearly refers to a donkey, and has connotations of stupidity. In the form "asshole", then it has much the same meaning as "arse".
"Crap" as a less offensive form of "shit" is common on both sides of the Atlantic: it's commonly believed that it came from Thomas Crapper, who invented the flushing toilet (a little research suggests that he didn't, and it wasn't, but common belief is frequently wrong). I wasn't aware the US found anything offensive in "toilet", but somehow I'm not surprised.
No. The problem was that pairs of hammer bars that were close together jammed more often. If common pairs of bars were separated, then it would be possible to type faster without the machine jamming. The QWERTY layout just happened to result from that arrangement of bars and linkages.
The layout wasn't designed to slow anything down, but to speed things up on the original hardware. It's completely irrelevent now, but stays around mostly due to tradition (and Dvorak being patented).
Thanks to Paul Whitehouse et al, just "arse" has become quite common over here. Prior to that, it was normally only used in forms such as "arsehole", and "shove it up your -".
For the record, though, I feel "arsehole" has a better sound to it than "asshole". It's probably slightly milder, but we just switch to different profanities when needed. Must be a cultural thing.
Many universities (such as my own) do have liability exemptions in the contract you undoubtedly signed without reading when you started.
There is, of course, no legal backing to this, and you're entitled to sue if you want. The university, on the other hand, have no legal requirement to retain you as a student, and can revoke any qualifications if they so wish.
Whether they would actually do this is questionable, and probably depends on how much of a fuss you make.
Easily solved. Throw in a few buzz-words and sell it for $3000, and they'll rave about how much better it sounds instead.
Audiophiles continue to annoy me. In general, their hearing is no better than anyone else's (although they'll swear otherwise), and they seem to form their opinions based on reviews by other audiophiles, who don't understand what a double-blind study is.
For me, the last straw was when they tried to convince me that recording from a digital source will be better with a more expensive optical cable. No. It's digital. Either the signal gets there or it doesn't, and unless you've got 500 feet of cable, where there's enough noise due to attenuation, that's all there is to it.
Sorry, rant over. Back to your regularly scheduled (and relatively on-topic) discussion.
I think you'll find Rot-13 will rotate into a previous password rather quickly. Any number that isn't a multiple of 2 or 13 will require 26 iterations before a password is repeated.
In fact, I do use a PDA with Keyring for most of my passwords.
Slashdot Mirror
Not an expression I've ever heard, and Google lists nothing. Hypochlorite is regular chlorine bleach, anyway.
Peroxide blond, yes. However, you won't find peroxide sold as generic bleach. It's also even less kind to natural fabrics than chlorine. There are several other chemicals used as bleaching agents (iodine is the other common one, normally used for food containers), but only chlorine is referred to as "bleach" without qualification.
Proving programs correct is possible in theory (not counting the Halting Problem for now), but the tools aren't really there yet. Unit testing helps, but can only work to test small parts of the program. It can't detect errors in the way units are fitted together.
One of the advantages of formal semantics is that it gives a system that's more suited to proving properties about programs. Again, though, the tools simply don't exist to do this with large programs (just about everyone who's taken a semantics course has done it with factorials).
It might be possible to do the bulk of the program design and construction in a series of custom-written languages, each with an appropriate semantics, and only rewrite as a "real" language at the lowest level, once everything has been proved correct, and unit test that. On the other hand, I have no idea whether it would work in practice, and it's so different to current methods that I doubt anyone outside of language research would want to try it.
It isn't really a necessary check, it's just a check. If you could remove world hunger, the population would be able to expand until it hit some other check. If no other check existed, then there would be no problem in the population continuing to expand.
If you look at development of nations, the birth rate tends to follow the death rate (particularly infant mortality), but lags by a generation or two. So all these countries that we've given clean water and improved health care are going to have a population explosion until the birth rate settles - which it should do naturally.
Much of world hunger is a result of this explosion in population, which in turn is a result of introducing modern health care to the developing world (I don't want to get into a debate over whether that was a good idea).
Anyway, getting back to the point, there's nothing special about world hunger, it just happens to be the smallest upper bound on the population at the moment. Remove it, and the next will probably be disease caused by overcrowding.
I'd like to see any intelligent life in the universe.
(sorry)
Really? That seems to lead to an obvious loophole:
Take GPL3 web application, incorporate code into non-web application, distribute under GPL3. Download code not needed since it's not a web application.
Take non-web application, incorporate code into new web application. Since the non-web application has no download code, no need to incorporate download code.
For best results, have the two steps performed by two groups with no obvious ties.
So it isn't quite as general as the headline suggests. That still doesn't make it a good thing.
In the trivial case where someone just removes the ability to download source code, it makes sense to prevent this. But if there are major, non-trivial modifications to the code, the company currently has the right not to distribute the changes (since it's only running on their own machines).
The article is quite clear in saying that the modified server must continue to distribute the source for the running version, including the changes. If authors are encouraged to include this download command in the unmodified code, the result will be exactly what others have claimed: if you modify the code and run it on your own servers, you must distribute the source for the modified code.
Security through obfuscation of algorithms is not security. Obfuscation of keys is security. The whole point of a key is that it's obfuscated (hidden, kept secret).
A good security system has an algorithm, and a key. It should be possible to reveal the algorithm in detail, without compromising security. If the key is revealed, then obviously you're screwed.
The table is part of the key. The table he posted is an example, not the real thing (I hope). There are risks associated with this method, but it isn't particularly bad unless you have some sample passwords and know the words that they encode.
Except that the table is secret. At least, I'm assuming he didn't post the real thing.
If you have a large enough sample of passwords generated using the table, then there's a threat. Otherwise, it isn't significantly worse than any other method.
Having the table stolen is certainly a risk (and having it "borrowed" and copied without your knowledge even more so), but if it's treated as part of the secret key, and kept in a wallet, then it's considerably better than post-it notes.
Making the function a random permutation of the ASCII code gives more (theoretical) security than a simple password - there 72! permutations of just alphanumeric characters. The disadvantage is that if you have some passwords you may be able to reconstruct enough of the function to crack others.
Some sort of hash function would help here. Obviously, hash -> permute doesn't help much, as it's vulnerable to the same attack. But would permute -> hash -> permute work? The first "permutation" can be any function (256^256 to choose from), and the second is a mapping to the target character set (say, 72^256).
In this case, the two permutations become the key, and passwords can be generated from any old rubbish - such as a website name, maybe with a couple of salt characters (indeed, that would increase security against just hash -> permute). I don't know enough about hash functions to say whether there are trivial attacks against it, though.
As for my passwords, I just generate them randomly and have them encrypted on a PDA. I remember 5 or 6 that I use regularly, and look up the rest.
In which case, can the RIAA/MPAA be sued for infringing their own copyrights?
One place where the analogy breaks down is that the distributors are entitled to distribute the files, as they are the copyright holders (or agents of the copyright holders). Downloading a file from a copyright holder that has been knowingly made available for download can hardly be seen as copyright infringement.
To successfully sue, it would be necessary to show that the downloader believed the file was not legitimate, i.e. the people offering it were not the copyright holders.
Furthermore, as far as I know, copyright infringement is still a civil offence (is DMCA criminal? Can't remember), and it treated differently to drug laws. Things get even better in Scotland, where the civil courts do not allow punitive damages.
And then, of course, there's "Tennents", which as any Scot should know, is a truly foul concoction.
Sadly, most Scots are seriously deluded into believing that not only is it potable, it is also a good thing.
For the sake of (tangential) relevence, I'm sure many deviant acts have been fuelled by that stuff.
Who says they're upside down? Left-right, top-bottom is a completely arbitrary order for processing raster data.
Some systems (such as the old BBC Micro) had a graphics origin at the bottom left - as do most graphs in mathematics. I'm not aware of any language that is written bottom-up, but there's no fundamental problem with it.
Actually, I'd expect the correlation to be logarithmic not linear, but that's just nitpicking (it's difficult to quantify evil, of course). A positive correlation, certainly.
For the sake of playing devil's advocate, there could easily be causation in the other direction: those people with a tendency towards evil have fewer scruples, and are better at business and other means of obtaining money. In fact, outside of politics (where bribery is a serious problem), I think that's a more likely situation.
Lots of file types allow for arbitrary junk at certain places.
For example, a very basic form of steganography: cat a .zip file to the end of a .gif file. The result is a valid file that can be displayed as an image (which ignores trailing junk), and decompressed with zip (which ignores leading junk).
Most file formats I've written don't care about junk at the end of the file. It'll be stripped off if you load and then save, but the program won't notice or complain. One program even preserves records it doesn't recognise (which could be secret messages, or just random crap).
Not necessarily - it depends on how much the author is trusted to begin with. Certain types of software are very closely checked by the open source community, and any trojan will be discovered if it exists in the package.
Say I write a bit of security software (for which most people take the time to compare checksums). As a relative nobody, lots of people are going to scrutinise the source code before using it. Any new release will also be checked. Only after it's been scrutinised and built up a reasonable userbase is it worth switching it for the evil version - otherwise, the evil version would be discovered early and nobody would use it.
Someone like Schneier could probably release a trojan directly and people would install it without thinking (I trust he's too responsible for that, though). For the rest of us, this gives a feasible way to sneak in evil code without anyone checking it.
The problem with people forming their own echo chamber is that journalists are no longer forming everyone else's opinions. Ethnicity aside (I don't even want to go there), traditional journalists have a huge amount of power in telling readers and viewers what to think. Most people don't go to the trouble of reading two or more conflicting papers.
Old media isn't doing so badly, to be honest. TV is alive and well, and even newspapers still sell well, since most people aren't using wireless internet on the train to work (oh, and try passing round a newspaper article and a page on a laptop, and see which is easier). Most of the media companies have already bought into the internet (Scotsman, NYTimes, and so on) - it's the journalists and reviewers that are concerned that they personally don't have the influence they did.
The key point, however, is that just because it's flamebait doesn't mean it's not true.
I enjoy the occasional troll, but don't want to read all of them. In my opinion, the best of them (that is, the subtle ones) get past the moderators and I see them anyway. I wouldn't want to live at -1.
Almost certainly. Of course, it mostly consists of variations on "first post", "Natalie Portman", and so on.
(Bear with me, I'm a little out of touch with Slashdot trolls these days)
There certainly was a tendency for some forums to have a "trolltalk" area. I think it was normally created by exploiting bugs in the code, but once there, it was tolerated because it helped reduce the amount of trolling in otherwise serious discussions. No idea if these things still exist.
I wonder if that's anything to do with the multiple meanings of "ass". If it's a contraction of "jackass", then it clearly refers to a donkey, and has connotations of stupidity. In the form "asshole", then it has much the same meaning as "arse".
"Crap" as a less offensive form of "shit" is common on both sides of the Atlantic: it's commonly believed that it came from Thomas Crapper, who invented the flushing toilet (a little research suggests that he didn't, and it wasn't, but common belief is frequently wrong). I wasn't aware the US found anything offensive in "toilet", but somehow I'm not surprised.
No. The problem was that pairs of hammer bars that were close together jammed more often. If common pairs of bars were separated, then it would be possible to type faster without the machine jamming. The QWERTY layout just happened to result from that arrangement of bars and linkages.
The layout wasn't designed to slow anything down, but to speed things up on the original hardware. It's completely irrelevent now, but stays around mostly due to tradition (and Dvorak being patented).
Thanks to Paul Whitehouse et al, just "arse" has become quite common over here. Prior to that, it was normally only used in forms such as "arsehole", and "shove it up your -".
For the record, though, I feel "arsehole" has a better sound to it than "asshole". It's probably slightly milder, but we just switch to different profanities when needed. Must be a cultural thing.
Many universities (such as my own) do have liability exemptions in the contract you undoubtedly signed without reading when you started.
There is, of course, no legal backing to this, and you're entitled to sue if you want. The university, on the other hand, have no legal requirement to retain you as a student, and can revoke any qualifications if they so wish.
Whether they would actually do this is questionable, and probably depends on how much of a fuss you make.
Easily solved. Throw in a few buzz-words and sell it for $3000, and they'll rave about how much better it sounds instead.
Audiophiles continue to annoy me. In general, their hearing is no better than anyone else's (although they'll swear otherwise), and they seem to form their opinions based on reviews by other audiophiles, who don't understand what a double-blind study is.
For me, the last straw was when they tried to convince me that recording from a digital source will be better with a more expensive optical cable. No. It's digital. Either the signal gets there or it doesn't, and unless you've got 500 feet of cable, where there's enough noise due to attenuation, that's all there is to it.
Sorry, rant over. Back to your regularly scheduled (and relatively on-topic) discussion.
I think you'll find Rot-13 will rotate into a previous password rather quickly. Any number that isn't a multiple of 2 or 13 will require 26 iterations before a password is repeated.
In fact, I do use a PDA with Keyring for most of my passwords.
Don't do that, because when you put the card into the machine, you won't be able to read the number.
I think there might have been some other reason, too.