Do you really want pig farms to move in next to you? How about a slaughterhouse?
Farming isn't all beautiful waves of grain and rolling meadows with horses frolicking. Some things need to be out in the middle of nowhere. But those places also need to be connected to the rest of the country.
Since a pig farm or a slaughterhouse needs to be in the middle of nowhere, why not make the pig farm or slaughter house pay the increased cost of providing mail delivery? Since nearly all pig farms and slaughterhouses need to be in the middle of nowhere, no one pig farm or slaughterhouse is put at a disadvantage by paying higher postage. The higher costs are simply passed on to the consumer in the form of higher prices instead of higher postage.
Note that I'm not suggesting that the USPS stop providing mail service to isolated areas (which would almost certainly be the effect of removing the USPS's limited monopoly), but charging most customers in rural areas the true cost of providing mail delivery. To the extent that some customers might not be able to afford the true cost of their mail delivery, it might be better to subsidize their relocation to other areas rather than continuing to subsidize services.
Also as far as USPS is concerned, a county made up mostly of farms that sees 15 pieces of legitimate mail a month is not worth their time. But when those 15 pieces of legitimate mail are vital to our food supply...
So why not make those farmers in the middle of nowhere pay for the costs of delivering their mail (and of providing other government services to isolated areas)? If, without the various subsidies, they can no longer afford to farm that land, we should encourage them to relocate and farm other land where government services can be more easily provided. It might be better to pay the farmers' costs to relocate to a place where they can farm more efficiently than to continue subsidize their costs to run a farm in the middle of nowhere.
What this patent fails to account for is that starting up the car results in increased fuel consumption for the short period while the engine attains running speed. Short period, though, but multiply it by the number of signals in an average city, and it might just come out that this actually increases sum consumption.
Keep in mind that a number of automakers are developing "stop-start" systems for their future models. Cars equipped with these systems will shut off the engine automatically after a period of stationary idling and restart the engine automatically when the driver steps on the gas. Unlike most current vehicles, where the driver must stop the engine manually, these systems only stop the engine when it is expected to save fuel. Further, the power-train is designed to restart immediately once the driver presses the gas pedal (either with a starter-alternator or by stopping the engine with one cylinder compressed and ready-to-fire).
Traffic signals that inform the vehicle of the amount of time before the next green phase can make these systems more efficient since it will allow the vehicle to determine whether it is likely to be stationary for long enough to save fuel by stopping the engine.
Also, I'd like to draw your attention to a post detailing just what can happen if we introduce networking into cars. And this is even made easier by the forced standards needed for this project to work...
IMHO...there are three problems noted in the paper: A challenge-response mechanism that is easily brute-forced, CAN nodes which fail to properly implement the challenge-response security mechanism, and CAN nodes which fail to do proper sanity checking before accepting commands via the debugging protocol. None of these issues are made worse by installing a traffic-light receiver.
Pots? That's mid 20th century technology. I'd be very surprised if they didn't use optical encoders.
May throttle-by-wire systems do, in fact, use potentiometers. Others use hall effect or inductive sensors to avoid the wear-out issues pots can suffer from (think noisy volume controls). IIRC, the CTS pedals involved in the recent Toyota recalls are in inductive sensor design. I'm not aware of any vehicle which uses an encoder (optical or mechanical) to sense pedal position.
The gas pedal has to be connected to a position encoder...suppose there is an intermittant connection in a readhead for a track. Then all hell can break loose. If the fault is in a bad place, the encoder can indicate full pedal to the floor. -- Sudden acceleration.
All "electronic throttle control" gas pedals contain multiple position sensors (at least in the US). If the sensors indicate different pedal positions, or if any sensor indicates an invalid pedal position, the engine computer will generally force the engine to idle. Obviously there are failure modes which can cause all of the sensors to indicate the same incorrect pedal position, but these are generally mechanical failures (for example CTS's sicky friction mechanism) rather than sensor failures or software bugs.
Keep in mind that Toyota's problem could have happened even with a mechanical linkage between the accelerator pedal and the throttle body.
There are certain categories of product in the UK that Amazon must charge VAT and then pay that to the Gov; if they can do it here - and elsewhere in Europe - why not in the US?
From a technical (as opposed to a legal standpoint) the problem is that both the sales tax rate and the types of products to which the sales tax applies is set individually by each state, and in some cases, by individual cities or counties. According to wikipedia, Michigan charges a 6% sales tax on books, but no sales on magazines, while Texas exempts "school supplies" from its 6.25% to 8.25% sales tax (rate depends on the location) one weekend each year.
Right now activity is so low that radio is breaking down (nothing to bounce off of). But in the future, activity will be much higher and interfere in the other direction.
WLAN's use frequencies around 2.4 GHz and 5 GHz. Under best case conditions, the ionosphere can only reflect radio waves with frequencies below 250 MHz. WLAN signals simple aren't going to refract off of the ionosphere regardless of solar activity.
Even if some freak of nature allowed the 2.4 GHz or 5 GHz signals to refract off the lower layers of the ionosphere, the minimum path length (from the ground, straight up to the D-layer, and back to the ground) is around 100 km.
If you don't have the IPass, you have to take something that almost looks like an exit ramp and either throw some coins in a machine or give money to an actual human.
I visited Chicago right after they went to open-road tolling, and it was a royal pain in the neck because the exits to the toll plazas were only signed about a quarter mile before the ramp. I probably missed half of them simply because I couldn't get through 2-5 lanes of bumper-to-bumper traffic to reach the toll plaza. Of course, since the car I was driving was registered to my out-of-state employer, I never saw any kind of a bill for the toll/fines/etc.
I think the open road tolling is great, but they need to pay some attention to making the tolls easy to pay for visitors who don't have the transponder. Snapping a picture of the plate and sending a bill doesn't sound like that bad of an idea.
OK, could someone please explain to me how running hotter processors saves money on cooling costs? It seems that it would actually increase cooling costs.
If the processors can operate 5 degrees warmer, the room can be kept 5 degrees warmer while the processors do the same amount of work. This should cut down on cooling costs.
I hate to nitpick because I am sure they are referring to load voltage or some equivalent voltage, but superconductors by definition carry current at ZERO voltage otherwise they would not be superconducting now would they. Ok they still could have some supercurrent for non zero voltages.
You're confusing the phase-to-phase or phase-to-ground voltage of the transmission line with the voltage drop along the length of the transmission line. The former is nominally 138 kV, according to the article, while the latter is greatly reduced by using superconductors.
Heins' claim is trivially easy to test: Put the device on a dynamometer and measure power out vs. power in. If holding a magnet a few centimenters away from the drive shaft increases the efficiency of the motor, then Heins may have something worth investigating.
IMHO, there are many other possibilities here that must be ruled out before Heins can claim that he's increased the efficiency of the motor, let along make a claim to perpetual motion:
1. The hand-held magnet may alter the back-EMF waveform in such a way that it allows more current through the motor windings for a given supply voltage.
2. The hand-held magnet may be changing the commutation of the motor, effectively adding phase advance. Again, this would allow more current through the motor windings for a given supply voltage.
If we can't trust the electronic system (and if we did, what's the point in having a dead tree backup?) then you end up with the loser demanding a hand count every time.
It's real simple:
The machine counts the votes.
For some fraction of the ballots, a human verifies that the machine correctly counted the votes. This should catch any systematic error, whether due to fraud or misconfiguration.
If the outcome is uncertain, either due to a tight race or due to errors detected with the manually-verified ballots, all ballots are counted by hand.
The ballots then get stored in a nice, safe place.
If somebody (the press, interested citizens, one of the candidates, etc) wants a further recount, they are more then welcome to examine the ballots, at their own expense, after the election.
The safest way to protect your data with encryption is to develop your own cipher and don't publish how it works.
That is about the worst technical you can give regarding encryption. Folks who design cryptographic algorithms for a living have a difficult time designing secure algorithms. Hobbyists trying their hand at cryptographic algorithm design on the weekend are almost certain to design an insecure algorithm.
If there is a security flaw in a particular algorithm, the NSA (and their counterparts in other countries) is likely able to discover and exploit it. Since your homemade algorithm probably has such a flaw, it is highly likely the NSA will discover and exploit it. Algorithms which have withstood multiple competent attempts at cryptanalysis are far more likely not to have any exploitable flaw. Without an exploitable flaw, all the NSA can do is build a really fast machine to brute-force the algorithm, which they could have done with your homemade algorithm anyway.
Yeah, that would suck if because of vandalism on Wikipedia kids wrote in papers that the Earth is the largest planet in the world, or that Mark Taddonio built the pyriamids (sic).
And if they did, it would be an excellent opportunity to discuss critical evaluation of an article's claims, the value of having multiple sources, etc.
Wikipedia's value is that it gives the reader a broad overview of a topic and then points the reader (at least in the better articles) to more detailed and authoritative sources.
If I trust developer A and he include bad thing, he will risk ruining his reputation so that's not a md5 problem.
Yes and no. In some cases, the risk of damage is low enough that it makes sense to trust the developer. In other cases, the risk is great enough that there should be safe-guards in place to ensure that a rogue developer can't insert malicious code. Safe-guards which rely on the MD5 hash should no longer be relied upon to prevent a rogue developer from inserting malicious code.
It's a lot harder to try hiding something like md5 garbage in source form.
Not necessarily. Take an empty line in the source file and add various combinations of tabs and spaces. For some languages, you might be able to add other white space characters as well. Or, you could add 128-bits worth of initialized variables and hide the fact that they do nothing. In any case, creating 128 possible changes to the file should be easy to do in a manner which passes a cursory inspection.
developper A produce software X(for example openssh), calculate hash of program X and sign the hash with his PGP key.
He then put all these files on mirrors servers on Internet (but not his private PGP key !)
/
One mirror is hijacked by B.
B wan't to replace X by X' with the same hash than X
True, but imagine that developer A is the attacker. That developer can create two different versions of his program: One benign version to go trough verification, QA testing, and any customer acceptance testing, and a malicious version which is actually distributed. Now developer A can slip in malicious features which would otherwise be discovered during testing.
Also, keep in mind that B might also have access to the signing key. If so, he can create X' and X'' from X which have the same MD5 sum. X', without malicious content, is made available for download. B can then use X'' for whatever he wants. For example, he can arrange that only his target gets X''. Since there have been no reports of problems with X', and the signature on X'' checks out and matches the signature on X', the target may never know that he has received a different version of X than everybody else.
It's not exactly hard to understand that a 128-bit hash is going to be less unique than a multi-kilobyte executable.
In theory, it should require 2^64 attempts to find two identical messages with the same MD5 hash. That should be enough to routine prevent brute-force attacks for the foreseeable future, except possibly for attackers with deep enough pockets to build special MD5 cracking machines. This issue isn't simply that the 128-bit hash is less unique than the multi-kilobyte executable being signed.
What the authors of this paper have done is expanded on a known flaw in the MD5 algorithm to allow them to find two messages with the same signature in 2^50 attempts instead of 2^64 attempts (requiring 1/16384th the time). What should only have been routinely possible for an attacker with the money to build dedicated hardware is now practical for anybody who wants to dedicate a Playstation3 to the task for a couple of days.
Also note that this attack "only" lets the attacker create two files with the same MD5 hash. It does not allow the attacker to create a new file with the same MD5 hash as an existing file. For now, the means the attacker still can't create a malicious executable to replace an existing, benign, executable unless the attacker also has access to the signing key or can change the published MD5 hash of the executable. However, if the attacker has access to the signing key or can change the MD5 hash published for the executable, he can create two versions of the executable. The attacker could submit the benign version verification and QA testing but distribute the malicious version instead.
Does Wikipedia have the right to license that material under Creative Commons without the original authors' consent?
Besides for the issue of plagiarism, not all content on Wikipedia is free-as-in-speech. Some content is fair-use or is in the public-domain only in the United States. Common sense says you should verify that the content is actually free-as-in-speech, Before republishing content from Wikipedia.
1. Release geek-oriented product nobody's ever heard of
I don't think that geeks are Asus' target market on this one. From what I've seen, their goal was to produce an sub-laptop with the best possible ratio of out-of-the-box capabilities to cost. What resulted is, IMHO, somewhere between the capabilities of a smart-phone (minus the cell phone, of course) and a note-book. I think they expect to be able to sell this to populations that might not otherwise be able to afford a computer (think OLPC, but less philanthropic), or who might not currently have their own computer (think of schools outfitting every classroom with a set, for example, or parents buying one for their school-aged child).
2. Make it very obvious it's based on GNU/Linux
I think this was mainly for cost reasons. The OS itself is free (not counting anything Asus might have paid Xandros for development work), and massive amounts of software are freely available. I suspect that license costs, hardware requirements, and cost/headache-factor of distributing a similar suite of applications for Windows would have driven up the price.
3. "Accidentally" screw up the GPL code release
4. Wait for Slashdot Story
5. Fix GPL code release
6. Trigger Slashdot follow-up story
5. Free advertising sells lots of product
6. Profit!
Or, more likely IMHO,
4. Fail to release the code on time to some combination of overwhelming bureaucracy, over-optimistic marketing deadlines, and overworked engineers.
5. Release the code shortly after consumers point out your omission.
6. Good will!
Give me a concealed handgun with a couple of 16-round magazines to balance the odds against the psychotic animal attacking my family.
IMHO, tazers being used instead of lethal force is a great idea. Tazers being used so that the police can avoid chasing down a subject or to force compliance in a subject who is passively resisting arrest is a problem, since there is risk that the tazer will cause death. If lethal force was not justified and use of a "less-lethal" weapon results in a subject's death, I see no reason why the officer should not be held responsible.
Since DNA and RNA did form, the probability is greater than zero. If the probability is calculated to be zero, it implies that one or more of the assumptions that went into the calculations was incorrect and it's time for science to fill in a few more gaps and then re-compute. That's the power of science: You can refine your models and re-check for as many times as are necessary to produce useful results. Perhaps the incorrect assumption _is_ that DNA/RNA formed randomly and we need to investigate how DNA/RNA arrived on our planet.
Now I, personally, don't know how knowledge of the origin of DNA/RNA will benifit humanity. I do know we'll never find out if we take the easy way out and invoke an unobservable supernatural power.
You're right, the numbers are completely made up. The point, though, is that there are so few "bad guys" that, unless the government is extremely good at determining who is a "good guy" and who a "bad guy", the government is going to catch as many "good guys" as "bad guys".
I suggest reading Bruce Schneier's "Beyond Fear" for a much more detailed analysis of the problem.
I want the government watching you just in case you're one of the bad guys. I'll gladly give up a bit of my own privacy to make sure they don't have any.
Here's the thing: "Bad guys" are rare. As a result, the majority of people the government would end up watching are "good guys". Let's say that 1 in 100 users being watched is a "bad guy", and the government gets the "good guy/bad buy" decision right 99% of the time. That implies that about 1 "good guy" is incorrectly labeled a "bad guy" for every "bad guy" correctly labeled a "bad guy". I'd rather minimize the information the government might use to incorrectly label me a "bad guy", even if it means increasing the very slight risk that one of the "bad guys" will hurt me or someone I care about.
Or, in Franklin's words: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
in this globalised world, a business oriented phone like this must have the ability to store phone numbers and ZIP codes in international formats, which means the ZIP code must accept letters too. also, auto formatting phone numbers with parenthesis, what if you have a brasilian number ? our numbers are formated as (xx) yyyy-zzzz. two digits for area code and 8 for the number. some countries have only one digit for area code, it varies wildly.
Yes, but the U.S. version of the phone should always recognize NXXNXXXXXX as a NANP (North-American Numbering Plan) number a format accordingly. Any number beginning with 011 (or whatever the carrier uses for international access) can be formatted differently. Bonus points if the software automatically formats in the preferred format for the country-code.
Slashdot Mirror
Do you really want pig farms to move in next to you? How about a slaughterhouse?
Farming isn't all beautiful waves of grain and rolling meadows with horses frolicking. Some things need to be out in the middle of nowhere. But those places also need to be connected to the rest of the country.
Since a pig farm or a slaughterhouse needs to be in the middle of nowhere, why not make the pig farm or slaughter house pay the increased cost of providing mail delivery? Since nearly all pig farms and slaughterhouses need to be in the middle of nowhere, no one pig farm or slaughterhouse is put at a disadvantage by paying higher postage. The higher costs are simply passed on to the consumer in the form of higher prices instead of higher postage.
Note that I'm not suggesting that the USPS stop providing mail service to isolated areas (which would almost certainly be the effect of removing the USPS's limited monopoly), but charging most customers in rural areas the true cost of providing mail delivery. To the extent that some customers might not be able to afford the true cost of their mail delivery, it might be better to subsidize their relocation to other areas rather than continuing to subsidize services.
Also as far as USPS is concerned, a county made up mostly of farms that sees 15 pieces of legitimate mail a month is not worth their time. But when those 15 pieces of legitimate mail are vital to our food supply...
So why not make those farmers in the middle of nowhere pay for the costs of delivering their mail (and of providing other government services to isolated areas)? If, without the various subsidies, they can no longer afford to farm that land, we should encourage them to relocate and farm other land where government services can be more easily provided. It might be better to pay the farmers' costs to relocate to a place where they can farm more efficiently than to continue subsidize their costs to run a farm in the middle of nowhere.
What this patent fails to account for is that starting up the car results in increased fuel consumption for the short period while the engine attains running speed. Short period, though, but multiply it by the number of signals in an average city, and it might just come out that this actually increases sum consumption.
Keep in mind that a number of automakers are developing "stop-start" systems for their future models. Cars equipped with these systems will shut off the engine automatically after a period of stationary idling and restart the engine automatically when the driver steps on the gas. Unlike most current vehicles, where the driver must stop the engine manually, these systems only stop the engine when it is expected to save fuel. Further, the power-train is designed to restart immediately once the driver presses the gas pedal (either with a starter-alternator or by stopping the engine with one cylinder compressed and ready-to-fire).
Traffic signals that inform the vehicle of the amount of time before the next green phase can make these systems more efficient since it will allow the vehicle to determine whether it is likely to be stationary for long enough to save fuel by stopping the engine.
Also, I'd like to draw your attention to a post detailing just what can happen if we introduce networking into cars. And this is even made easier by the forced standards needed for this project to work...
IMHO...there are three problems noted in the paper: A challenge-response mechanism that is easily brute-forced, CAN nodes which fail to properly implement the challenge-response security mechanism, and CAN nodes which fail to do proper sanity checking before accepting commands via the debugging protocol. None of these issues are made worse by installing a traffic-light receiver.
Pots? That's mid 20th century technology. I'd be very surprised if they didn't use optical encoders.
May throttle-by-wire systems do, in fact, use potentiometers. Others use hall effect or inductive sensors to avoid the wear-out issues pots can suffer from (think noisy volume controls). IIRC, the CTS pedals involved in the recent Toyota recalls are in inductive sensor design. I'm not aware of any vehicle which uses an encoder (optical or mechanical) to sense pedal position.
The gas pedal has to be connected to a position encoder...suppose there is an intermittant connection in a readhead for a track. Then all hell can break loose. If the fault is in a bad place, the encoder can indicate full pedal to the floor. -- Sudden acceleration.
All "electronic throttle control" gas pedals contain multiple position sensors (at least in the US). If the sensors indicate different pedal positions, or if any sensor indicates an invalid pedal position, the engine computer will generally force the engine to idle. Obviously there are failure modes which can cause all of the sensors to indicate the same incorrect pedal position, but these are generally mechanical failures (for example CTS's sicky friction mechanism) rather than sensor failures or software bugs.
Keep in mind that Toyota's problem could have happened even with a mechanical linkage between the accelerator pedal and the throttle body.
There are certain categories of product in the UK that Amazon must charge VAT and then pay that to the Gov; if they can do it here - and elsewhere in Europe - why not in the US?
From a technical (as opposed to a legal standpoint) the problem is that both the sales tax rate and the types of products to which the sales tax applies is set individually by each state, and in some cases, by individual cities or counties. According to wikipedia, Michigan charges a 6% sales tax on books, but no sales on magazines, while Texas exempts "school supplies" from its 6.25% to 8.25% sales tax (rate depends on the location) one weekend each year.
Right now activity is so low that radio is breaking down (nothing to bounce off of). But in the future, activity will be much higher and interfere in the other direction.
WLAN's use frequencies around 2.4 GHz and 5 GHz. Under best case conditions, the ionosphere can only reflect radio waves with frequencies below 250 MHz. WLAN signals simple aren't going to refract off of the ionosphere regardless of solar activity.
Even if some freak of nature allowed the 2.4 GHz or 5 GHz signals to refract off the lower layers of the ionosphere, the minimum path length (from the ground, straight up to the D-layer, and back to the ground) is around 100 km.
If you don't have the IPass, you have to take something that almost looks like an exit ramp and either throw some coins in a machine or give money to an actual human.
I visited Chicago right after they went to open-road tolling, and it was a royal pain in the neck because the exits to the toll plazas were only signed about a quarter mile before the ramp. I probably missed half of them simply because I couldn't get through 2-5 lanes of bumper-to-bumper traffic to reach the toll plaza. Of course, since the car I was driving was registered to my out-of-state employer, I never saw any kind of a bill for the toll/fines/etc.
I think the open road tolling is great, but they need to pay some attention to making the tolls easy to pay for visitors who don't have the transponder. Snapping a picture of the plate and sending a bill doesn't sound like that bad of an idea.
Something like this?
OK, could someone please explain to me how running hotter processors saves money on cooling costs? It seems that it would actually increase cooling costs.
If the processors can operate 5 degrees warmer, the room can be kept 5 degrees warmer while the processors do the same amount of work. This should cut down on cooling costs.
I hate to nitpick because I am sure they are referring to load voltage or some equivalent voltage, but superconductors by definition carry current at ZERO voltage otherwise they would not be superconducting now would they. Ok they still could have some supercurrent for non zero voltages.
You're confusing the phase-to-phase or phase-to-ground voltage of the transmission line with the voltage drop along the length of the transmission line. The former is nominally 138 kV, according to the article, while the latter is greatly reduced by using superconductors.
Heins' claim is trivially easy to test: Put the device on a dynamometer and measure power out vs. power in. If holding a magnet a few centimenters away from the drive shaft increases the efficiency of the motor, then Heins may have something worth investigating.
IMHO, there are many other possibilities here that must be ruled out before Heins can claim that he's increased the efficiency of the motor, let along make a claim to perpetual motion:
1. The hand-held magnet may alter the back-EMF waveform in such a way that it allows more current through the motor windings for a given supply voltage.
2. The hand-held magnet may be changing the commutation of the motor, effectively adding phase advance. Again, this would allow more current through the motor windings for a given supply voltage.
It's real simple:
- The machine counts the votes.
- For some fraction of the ballots, a human verifies that the machine correctly counted the votes. This should catch any systematic error, whether due to fraud or misconfiguration.
- If the outcome is uncertain, either due to a tight race or due to errors detected with the manually-verified ballots, all ballots are counted by hand.
- The ballots then get stored in a nice, safe place.
If somebody (the press, interested citizens, one of the candidates, etc) wants a further recount, they are more then welcome to examine the ballots, at their own expense, after the election.The safest way to protect your data with encryption is to develop your own cipher and don't publish how it works.
That is about the worst technical you can give regarding encryption. Folks who design cryptographic algorithms for a living have a difficult time designing secure algorithms. Hobbyists trying their hand at cryptographic algorithm design on the weekend are almost certain to design an insecure algorithm.
If there is a security flaw in a particular algorithm, the NSA (and their counterparts in other countries) is likely able to discover and exploit it. Since your homemade algorithm probably has such a flaw, it is highly likely the NSA will discover and exploit it. Algorithms which have withstood multiple competent attempts at cryptanalysis are far more likely not to have any exploitable flaw. Without an exploitable flaw, all the NSA can do is build a really fast machine to brute-force the algorithm, which they could have done with your homemade algorithm anyway.
Yeah, that would suck if because of vandalism on Wikipedia kids wrote in papers that the Earth is the largest planet in the world, or that Mark Taddonio built the pyriamids (sic).
And if they did, it would be an excellent opportunity to discuss critical evaluation of an article's claims, the value of having multiple sources, etc.
Wikipedia's value is that it gives the reader a broad overview of a topic and then points the reader (at least in the better articles) to more detailed and authoritative sources.
If I trust developer A and he include bad thing, he will risk ruining his reputation so that's not a md5 problem.
Yes and no. In some cases, the risk of damage is low enough that it makes sense to trust the developer. In other cases, the risk is great enough that there should be safe-guards in place to ensure that a rogue developer can't insert malicious code. Safe-guards which rely on the MD5 hash should no longer be relied upon to prevent a rogue developer from inserting malicious code.
It's a lot harder to try hiding something like md5 garbage in source form.
Not necessarily. Take an empty line in the source file and add various combinations of tabs and spaces. For some languages, you might be able to add other white space characters as well. Or, you could add 128-bits worth of initialized variables and hide the fact that they do nothing. In any case, creating 128 possible changes to the file should be easy to do in a manner which passes a cursory inspection.
developper A produce software X(for example openssh), calculate hash of program X and sign the hash with his PGP key.
He then put all these files on mirrors servers on Internet (but not his private PGP key !)
/ One mirror is hijacked by B.
B wan't to replace X by X' with the same hash than X
True, but imagine that developer A is the attacker. That developer can create two different versions of his program: One benign version to go trough verification, QA testing, and any customer acceptance testing, and a malicious version which is actually distributed. Now developer A can slip in malicious features which would otherwise be discovered during testing.
Also, keep in mind that B might also have access to the signing key. If so, he can create X' and X'' from X which have the same MD5 sum. X', without malicious content, is made available for download. B can then use X'' for whatever he wants. For example, he can arrange that only his target gets X''. Since there have been no reports of problems with X', and the signature on X'' checks out and matches the signature on X', the target may never know that he has received a different version of X than everybody else.
It's not exactly hard to understand that a 128-bit hash is going to be less unique than a multi-kilobyte executable.
In theory, it should require 2^64 attempts to find two identical messages with the same MD5 hash. That should be enough to routine prevent brute-force attacks for the foreseeable future, except possibly for attackers with deep enough pockets to build special MD5 cracking machines. This issue isn't simply that the 128-bit hash is less unique than the multi-kilobyte executable being signed.
What the authors of this paper have done is expanded on a known flaw in the MD5 algorithm to allow them to find two messages with the same signature in 2^50 attempts instead of 2^64 attempts (requiring 1/16384th the time). What should only have been routinely possible for an attacker with the money to build dedicated hardware is now practical for anybody who wants to dedicate a Playstation3 to the task for a couple of days.
Also note that this attack "only" lets the attacker create two files with the same MD5 hash. It does not allow the attacker to create a new file with the same MD5 hash as an existing file. For now, the means the attacker still can't create a malicious executable to replace an existing, benign, executable unless the attacker also has access to the signing key or can change the published MD5 hash of the executable. However, if the attacker has access to the signing key or can change the MD5 hash published for the executable, he can create two versions of the executable. The attacker could submit the benign version verification and QA testing but distribute the malicious version instead.
Does Wikipedia have the right to license that material under Creative Commons without the original authors' consent?
Besides for the issue of plagiarism, not all content on Wikipedia is free-as-in-speech. Some content is fair-use or is in the public-domain only in the United States. Common sense says you should verify that the content is actually free-as-in-speech, Before republishing content from Wikipedia.
1. Release geek-oriented product nobody's ever heard of
I don't think that geeks are Asus' target market on this one. From what I've seen, their goal was to produce an sub-laptop with the best possible ratio of out-of-the-box capabilities to cost. What resulted is, IMHO, somewhere between the capabilities of a smart-phone (minus the cell phone, of course) and a note-book. I think they expect to be able to sell this to populations that might not otherwise be able to afford a computer (think OLPC, but less philanthropic), or who might not currently have their own computer (think of schools outfitting every classroom with a set, for example, or parents buying one for their school-aged child).
2. Make it very obvious it's based on GNU/Linux
I think this was mainly for cost reasons. The OS itself is free (not counting anything Asus might have paid Xandros for development work), and massive amounts of software are freely available. I suspect that license costs, hardware requirements, and cost/headache-factor of distributing a similar suite of applications for Windows would have driven up the price.
3. "Accidentally" screw up the GPL code release
4. Wait for Slashdot Story
5. Fix GPL code release
6. Trigger Slashdot follow-up story
5. Free advertising sells lots of product
6. Profit!
Or, more likely IMHO,
4. Fail to release the code on time to some combination of overwhelming bureaucracy, over-optimistic marketing deadlines, and overworked engineers.
5. Release the code shortly after consumers point out your omission.
6. Good will!
Give me a concealed handgun with a couple of 16-round magazines to balance the odds against the psychotic animal attacking my family.
IMHO, tazers being used instead of lethal force is a great idea. Tazers being used so that the police can avoid chasing down a subject or to force compliance in a subject who is passively resisting arrest is a problem, since there is risk that the tazer will cause death. If lethal force was not justified and use of a "less-lethal" weapon results in a subject's death, I see no reason why the officer should not be held responsible.
What if the probability is zero?
Since DNA and RNA did form, the probability is greater than zero. If the probability is calculated to be zero, it implies that one or more of the assumptions that went into the calculations was incorrect and it's time for science to fill in a few more gaps and then re-compute. That's the power of science: You can refine your models and re-check for as many times as are necessary to produce useful results. Perhaps the incorrect assumption _is_ that DNA/RNA formed randomly and we need to investigate how DNA/RNA arrived on our planet.
Now I, personally, don't know how knowledge of the origin of DNA/RNA will benifit humanity. I do know we'll never find out if we take the easy way out and invoke an unobservable supernatural power.
These %s sound made up to me.
You're right, the numbers are completely made up. The point, though, is that there are so few "bad guys" that, unless the government is extremely good at determining who is a "good guy" and who a "bad guy", the government is going to catch as many "good guys" as "bad guys".
I suggest reading Bruce Schneier's "Beyond Fear" for a much more detailed analysis of the problem.
I want the government watching you just in case you're one of the bad guys. I'll gladly give up a bit of my own privacy to make sure they don't have any.
Here's the thing: "Bad guys" are rare. As a result, the majority of people the government would end up watching are "good guys". Let's say that 1 in 100 users being watched is a "bad guy", and the government gets the "good guy/bad buy" decision right 99% of the time. That implies that about 1 "good guy" is incorrectly labeled a "bad guy" for every "bad guy" correctly labeled a "bad guy". I'd rather minimize the information the government might use to incorrectly label me a "bad guy", even if it means increasing the very slight risk that one of the "bad guys" will hurt me or someone I care about.
Or, in Franklin's words: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
in this globalised world, a business oriented phone like this must have the ability to store phone numbers and ZIP codes in international formats, which means the ZIP code must accept letters too. also, auto formatting phone numbers with parenthesis, what if you have a brasilian number ? our numbers are formated as (xx) yyyy-zzzz. two digits for area code and 8 for the number. some countries have only one digit for area code, it varies wildly.
Yes, but the U.S. version of the phone should always recognize NXXNXXXXXX as a NANP (North-American Numbering Plan) number a format accordingly. Any number beginning with 011 (or whatever the carrier uses for international access) can be formatted differently. Bonus points if the software automatically formats in the preferred format for the country-code.