If only there was an article to answer these questions.
The bill would allow the Department of Justice to seek court orders requiring U.S. domain-name registrars to shut down domestic websites suspected of hosting infringing materials. The bill would also allow the DOJ, through a court order, to order U.S. Internet service providers to redirect customer traffic away from infringing websites not based in the U.S.
Without differential GPS, you're fundamentally limited to an accuracy of a few meters, regardless of the receiver (ionospheric effects, satellite clock skew). With WAAS and a good signal, you can get that down to a couple of meters. Car lanes are only a couple meters wide. So a zig or zag the size of a lane -- which is pretty big -- isn't reliably detectable.
Correlating with data from the phone's accelerometer (only when traveling at speeds above, say, 10 mph) would be more reliable.
This isn't finding collisions, it's a dictionary attack to find the original inputs.
A collision is where you find two different inputs, A and B, such that hash(A) = hash(B). A collision attack is where you are able to control both A and B, and you manage to compute an A and B such that hash(A) = hash(B). A collision attack is now possible in MD5, but, as far as I know, not SHA1. A preimage attack is where you have a fixed A or a fixed hash(A) and you try to compute a B such that hash(A) = hash(B). That is, the difference is that you can't modify A. There is no known preimage attack for MD5 or SHA1 that is more efficient than brute force. The effectiveness of a brute-force attack is mitigated by having a larger hash output size, as that dramatically reduces the probability of finding a collision. So, moving from SHA1 to SHA2 would decrease the effectiveness of a brute-force attack. However, it's still computationally unreasonably to perform a preimage attack on MD5, much less SHA1.
However, this is talking about a dictionary attack to find the original input. That's where you have hash(A) and you try various possibilities A' and compute hash(A) until you find an A' where hash(A') = hash(A). This looks pretty similar to a preimage attack, but in a preimage attack, you don't care about the nature of A. You just want to find some B, any B, that hashes to the same value. Brute-force preimage attacks take far, far too long. In a dictionary attack, you're trying to use your knowledge of the likely properties of A to recreate likely values for A and compute their hashes. The properties of the hash function are largely irrelevant for this attack. It can be any function, they all work equally will. The important thing is the properties of A. If A is no more than 6 alphanumeric characters, that's a very small space to search through.
So, to summarize. In a brute-force collision attack, the properties of the hash function matter. In a dictionary attack, the properties of the possible inputs (passwords) matter.
Imagine they used only MD5 for hashing. If you tried to perform a collision attack, you'd need to compute on the order of 2^128 MD5 hashes. If you tried to perform a dictionary attack on passwords of 1-6 alphanumeric characters, you'd need to compute on the order of 72^6 ~= 2^37 MD5 hashes.
You need passwords of at least 20 alphanumeric characters (high-entropy ones, at that) before the strength of MD5 is a security weakness. You need 26-character passwords for SHA1 to be weaker than your password.
If only there was some sort of Password-Based Key Derivation Function that could use salted, fast-to-compute hashes and apply them many times to increase the cost of computation so that dictionary attacks are proportionally more difficult.
There is no absolute clock. For a particular event, there is no defined point in time where all points in space agree on when the event occured. A separation in space is also a separation in time.
Nobody who really understands science thinks they understand the Universe, but they know that they understand it in a measurably better way than others.
Well, it would figure that most of the comments on Slashdot would be criticizing TFA and at the same time getting relativity wrong by reasoning as if there is some absolute clock.
But, more to the point, what we're observing now is a 30-year-old black hole. It's just that over where the black hole is, it's no longer 30 years old. That's not particularly relevant to us on Earth.
Except that that technique is not widely used, since it's extremely prone to failure (usually resulting in a blue-screen or such). As a fragile technique that requires a specialist on hand when you encounter a live machine, it doesn't see a whole lot of field use.
Well, on Firefox on Linux, an application that is registered as the URL handler (e.g., for callto:) is automatically launched when you click on an appropriate URL. No idea about iframes and other trickery. No idea how Skype on Linux works (if it confirms calls), but it's certainly up to the application.
No -- some versions of Flash on some systems do hardware-assisted H.264 decoding, which seems almost as processor-intensive as unassisted H.264 without Flash (until you get to large resolutions).
Slashdot Mirror
You mean it got through the Judiciary Committee. That's not the same as the Senate or the House.
If only there was an article to answer these questions.
The bill would allow the Department of Justice to seek court orders requiring U.S. domain-name registrars to shut down domestic websites suspected of hosting infringing materials. The bill would also allow the DOJ, through a court order, to order U.S. Internet service providers to redirect customer traffic away from infringing websites not based in the U.S.
There's only 19 people in the Senate?
Only when you place a 911 call.
Without differential GPS, you're fundamentally limited to an accuracy of a few meters, regardless of the receiver (ionospheric effects, satellite clock skew). With WAAS and a good signal, you can get that down to a couple of meters. Car lanes are only a couple meters wide. So a zig or zag the size of a lane -- which is pretty big -- isn't reliably detectable.
Correlating with data from the phone's accelerometer (only when traveling at speeds above, say, 10 mph) would be more reliable.
Not with GPS's accuracy, they won't.
One in half a million is a small chance, not an infinitesimal chance. Let's not abuse well-defined mathematical terms. :p
This isn't finding collisions, it's a dictionary attack to find the original inputs.
A collision is where you find two different inputs, A and B, such that hash(A) = hash(B). A collision attack is where you are able to control both A and B, and you manage to compute an A and B such that hash(A) = hash(B). A collision attack is now possible in MD5, but, as far as I know, not SHA1. A preimage attack is where you have a fixed A or a fixed hash(A) and you try to compute a B such that hash(A) = hash(B). That is, the difference is that you can't modify A. There is no known preimage attack for MD5 or SHA1 that is more efficient than brute force. The effectiveness of a brute-force attack is mitigated by having a larger hash output size, as that dramatically reduces the probability of finding a collision. So, moving from SHA1 to SHA2 would decrease the effectiveness of a brute-force attack. However, it's still computationally unreasonably to perform a preimage attack on MD5, much less SHA1.
However, this is talking about a dictionary attack to find the original input. That's where you have hash(A) and you try various possibilities A' and compute hash(A) until you find an A' where hash(A') = hash(A). This looks pretty similar to a preimage attack, but in a preimage attack, you don't care about the nature of A. You just want to find some B, any B, that hashes to the same value. Brute-force preimage attacks take far, far too long. In a dictionary attack, you're trying to use your knowledge of the likely properties of A to recreate likely values for A and compute their hashes. The properties of the hash function are largely irrelevant for this attack. It can be any function, they all work equally will. The important thing is the properties of A. If A is no more than 6 alphanumeric characters, that's a very small space to search through.
So, to summarize. In a brute-force collision attack, the properties of the hash function matter. In a dictionary attack, the properties of the possible inputs (passwords) matter.
Imagine they used only MD5 for hashing. If you tried to perform a collision attack, you'd need to compute on the order of 2^128 MD5 hashes. If you tried to perform a dictionary attack on passwords of 1-6 alphanumeric characters, you'd need to compute on the order of 72^6 ~= 2^37 MD5 hashes.
You need passwords of at least 20 alphanumeric characters (high-entropy ones, at that) before the strength of MD5 is a security weakness. You need 26-character passwords for SHA1 to be weaker than your password.
If only there was some sort of Password-Based Key Derivation Function that could use salted, fast-to-compute hashes and apply them many times to increase the cost of computation so that dictionary attacks are proportionally more difficult.
You are scientifically inaccurate, yes.
There is no absolute clock. For a particular event, there is no defined point in time where all points in space agree on when the event occured. A separation in space is also a separation in time.
It's 50 million years old over in the point in space where it's located, but it's only 30 years old over in the point in space where we're located.
Nobody who really understands science thinks they understand the Universe, but they know that they understand it in a measurably better way than others.
Well, it would figure that most of the comments on Slashdot would be criticizing TFA and at the same time getting relativity wrong by reasoning as if there is some absolute clock.
From our point in space, it is 30 years old.
But, more to the point, what we're observing now is a 30-year-old black hole. It's just that over where the black hole is, it's no longer 30 years old. That's not particularly relevant to us on Earth.
Except that that technique is not widely used, since it's extremely prone to failure (usually resulting in a blue-screen or such). As a fragile technique that requires a specialist on hand when you encounter a live machine, it doesn't see a whole lot of field use.
Apparently you're T'd off by typos.
Nah, scientists never think to consider systematic error. It's up to random Slashdot "readers" to remind them.
Well, on Firefox on Linux, an application that is registered as the URL handler (e.g., for callto:) is automatically launched when you click on an appropriate URL. No idea about iframes and other trickery. No idea how Skype on Linux works (if it confirms calls), but it's certainly up to the application.
Why on earth would the file: protocol have the meaning "maybe execute this file"?
URL handlers handle URLs. Geeks are shocked.
This is only true for most lights -- some intersections have pedestrian phases.
The temperature and pressure of the Sun is necessarily higher than the temperature and pressure needed for fusion.
No -- some versions of Flash on some systems do hardware-assisted H.264 decoding, which seems almost as processor-intensive as unassisted H.264 without Flash (until you get to large resolutions).
The FPU hasn't been separate from the CPU for ages now.
Running a DVD, though, takes something like an order of magnitude less CPU than an equivalent Flash video. Likewise with the simple 2D Flash games.
Decoding H.264 is much less CPU-intensive than Flash -- even non-video Flash.