SHA-1 isn't about keys, or keyspaces. This attack is about finding two messages that hash to the same SHA-1 hash.
It takes roughly 56 hours to go from a message of
Please transfer $1,000,000 from account 123456789 to account 987654321
which hashes to 0xAABBCCDD11223344, to a message of
Please transfer $1,000,000 from account 123456789 to account 555555555 Its a nice sunny day please pardon the line noise Ab29!jqMV3o$2__#%#992mx...w,ea@L@L
whichh also hashes to 0xAABBCCDD11223344, which means that it would have an identical signature, meaning that the original signature would validate the fake message.
Personally its not the huge end-of-the-world scenario everyone thinks it is. It would probably take tens of thousands of years for this machine to output a well-formatted message that had a hash collision and could not be trivially discarded as gibberish.
Wrong, they're required by law to try their best to make a profit. Due diligence and all. And that includes making sure they behave legally to avoid fines and lawsuits, though many CxOs don't give a shit once they strap on their golden parachute.
As I see it, either municipal wifi is profitable (in which case these companies are failing their due diligence in identifying and moving into new markets) or its not (in which case the companies should shut up and move on).
The ONLY ban I would support would be of the government competing against a service provided by a business. If theres no businesses willing or able to provide the service, then theres no problem.
From here in Houston, TX, I see nobody providing wireless service or fiber-to-the-home service, beyond the couple of cell providers providing first-generation low-bitrate GPRS that only works on certain cellphones and then only to whatever crappy webbrowser the cellphone has built in. If there are companies out there providing that service, they need to make themselves more visible so I can find them and subscribe!
Yeah, after that "no child left behind" act Bush put on, the school children could use some real educational material. They'll need all the help they can get to grow up to be educated, honest, voting citizens.
Kernel-level rootkits have plagued Unixes (including Linux) for a long time. Fortunately on Linux most suck, and can be detected with chkrootkit (yet how many out there that aren't detectable...), and (this is true for windows as well) any of them can be found simply by inspecting the drive from a known clean boot media.
Removing rootkits (kernel level or not) from any OS requires either guruhood, an exact knowledge of which rootkit(s) was used and what files they trojan (as well as a clean source to restore those files from), or a reformat-reinstall-restore(dataonly)frombackups.
Its one thing to patent a way of processing music that produces a result that one could say was tangible. What about that help icon? Is a method for obtaining help tangible and concrete? Does it produce anything? If you say it produces information, does that then mean that the act of teaching is patentable?
People with jobs, families, communities, little league teams, the works.
I don't see anyone calling for people to lose the right to vote because they work for Wal-Mart. I don't see people calling for the end to individual donations to campaigns.
Get a grip! Corporations are a way to pool resources to get tasks completed in an efficient manner
Yes to "get tasks completed". Not to bribe public officials. No, government subsidies to companies/people that provide the president/congressman/whatever-voting-official a hefty kickback are bad on any continent.
This business of trying to make out corporations as some kind of faceless inhuman creature is just silly.
Maybe if the people in charge didn't hide behind the corporate veil when they screw up (or better yet, not screw up in the first place), people would quit calling them "faceless inhuman creatures".
The problem is that coporations pay taxes. As such, this entitles them to those rights
All they really earn from paying those taxes is the right to transact business. The rest are artifically granted thanks to a stray supreme court ruling.
Except that the original owner isn't transferring the account, the new owner is expecting to be able to create a new account, just like anyone else who bought the product. Your beetle analogy was nice, but not quite right.
Let's say I sell you a beetle. Now lets say you go to the vehicle registration bureau to get your license tags, and they tell you "Hell no. You're not the original owner, you can't drive that thing around here. Not only that, but we're not going to update our database to mark you as the owner of the car, so the guy who sold it to you could report it as stolen any day now." Now, lets say the state law specifically allows cars to be sold. Is there not an expectation that the purchaser would then be allowed to use the car?
Actually, it'd be pretty interesting to put things like that up into orbit just for the purpose of catching all the little junk that's been whizzing around up there. Then, just let it crash into the atmosphere. Or, retrieve it, dig out the debris and sell the toothbrushes and other random bits.
A fix is pretty easy, but requires two parts: 1) Amend the IDN spec to require that valid IDN urls use the lowest-numbered codepoints that match that glyph. 2) Have browsers use a table that identifies all the characters that share a glyph. Any invalid IDNs are mapped down to the lowest codepoints before the browser goes there, so a link to a fake paypal.com address actually goes to the real paypal.com address.
Of course, this still can't stop people who just refuse to look closely at the URL. The payqal.com domain is taken, who knows what its used for...
Well, lets show a hypothetical situation that will cover who they are what they do and why they're bad.
Let's say that to earn a certain rank in Game X, you have to get a special item Blizzrt's Tail in order to prove your strength and valor, yadda yadda. Obviously, you get this by killing Blizzrt and taking its tail. The problem is that there is only one Blizzrt in the game world at any one time, so it becomes more a test of "waiting your turn" than of strength or valor.
Now, what IGN does is called "farming". They get 30 or 40 players to all stand around in the cave that Blizzrt lives in (where it appears every time its killed, this is its spawn point). Every time Blizzrt appears, they immediately start to kill it, and take the tail for themselves. Over and over, without respect for the other people who need to kill it in order to advance.
But thats ok, if you can't get a sword in edgewise to score a tail for yourself, the IGN crew will be more than happy to sell it to you on ebay for real money, since they seem to have just "stumbled across" a few hundred extra. Now getting that tail isn't about patience or valor, just about shelling out enough dough on an auction site somewhere.
Now whether this is bad or not depends on how much you care. If you say "its just a game" then consider it as frustrating as waiting in line at say... McDonalds. You have 11 kids in front of you, and they think its real cool to keep you from getting your food by ordering a glass of water, getting it, then getting their buddy in 11th place to let them cut in front for another glass. Unless of course you slip them a buck to get to the front of the line.
this to me is the least offensive method of combatting piracy. Assuming the technology works properly
MD5 was finally proven to have calculatable hash collisions. Any "fingerprinting" scheme that They can come up with will hit that wall eventually, and score all sorts of false positives, while people split files, swap byte orders, and do all sorts of other random things to keep that finger print from appearing.
That is to say, if its possible in the first place. How do you generate a fingerprint of a 750MB dvd-rip when you only see about 1400 bytes at a time? Store-and-forward versus a gigabyte is a LOT of network latency, and when you apply that to everything you do, its going to suck. Is that a game of Quake 3? Or a copy of spiderman 2? Gonna have to hold on to the first couple of hundred MB to find out. Loading up a website with a few pictures? Every one of those connections is going to stall while the ISP figures out if its legal or not.
I agree that this is probably the minimally invasive option, but thats not saying a lot in the face of technical and practical hurdles (someone STILL has to come up with a database of all of these fingerprints, and you still need some kind of dispute process for false positives).
I'm not sure what you're getting at. What happens now is that keys are pressed or the joystick is moved, and this is converted into an updated joystick state and/or press and release events for the keys. Your application should then read these events and convert them into whatever that app wants to do with them.
Biometrics, on the other hand, requires that you only have your body present at the time!
Or that someone else has your body present. Or just search google for jelly fingerprint to see how to duplicate other people's prints for fun and profit.
Biometrics is bound to stick around for a while, but the fad will hopefully fade before all my bank and credit card accounts get tied to my fingerprint and I have to have new prints carved into my fingers to replace the ones that some identity thief lifted off the scanner.
side note, can American filesharers use proxies in remote countries to protect themselves from **AA lawsuits?
With bittorrent, not easily. You might be able to hide your real identity from web-based aggregator sites like suprnova, but when it comes to getting the data, you could theoretically pass all connections backwards and forwards through a custom-made proxy you set up, but the connections back to you wouldn't work through a standard-issue open proxy.
I'm not an expert on the protocol itself, it might be possible to use a very open proxy (some can proxy more than just http) to leech in this situation (get list of ips from tracker through the proxy, then connect to each client through the proxy and request a chunk. Requests to download from you will be dropped by the proxy though, so you'll be flagged as a leech pretty quick)
In the last 15 years, the majority of most of these scientist's time has been spend under a Democratic president;
And in the past 300000 years, Starbucks did not exist for a vast majority of the time. Clearly all our problems are due to the planet's lack of Starbucks coffee shops. Since my randomly chosen numbers have a larger sample size than your randomly chosen ones, clearly mine are more correct.
Most scientists in FWS reported no such pressure
RTFA harder: nearly 40% said they had never been required to do so. (in regards to being required to alter findings). That means around 60% were required to do so.
As for UCS being a radical group, sounds about right to me. Now, are you going to prove that they lied, or do you just intend to will away the numbers?
Oh, and in addition to suing the wrong people, you've made the same mistake that other replies did:
"oh this is easy you idiot! Even
I know that if I search for [insert major national brand name here] I shouldn't get results for [insert some other major national brand name]!"
...While completely ignoring the fact that right this second, there are probably thousands of minor brand names looking to see if they can retain Louis Vuitton's lawyers to convert their claim to "Ben's" or "Windows" into cash.
Google simply needs to carry a policy to warn advertisers that google will bill for legal fees if your a name stealing butthead.
As opposed to suing the name-stealing buttheads in the first place, rather than making google front the money that it'd probably have to sue to get back, if it ever got that money back at all.
This behavior is simply killing the messenger. I wonder if Louis Vuitton's lawyers even met with any of the companies doing the advertising.
all the courts would have to do is respond to complaints - same way it works now.
At how many tens of thousands of dollars per complaint?
a bit unethical.
Ethical or not, its a near-impossible problem. Google would have to maintain a massive database of every potential competitor for every possible keyword. And then, if I search for "Anderson", whose ads are forbidden from showing up? Does the user want Anderson Accounting? Anderson Computers? Anderson Farms? Anderson Law Firm? Anderson & Samuel Law Firm? Anderson Anderson Anderson & Sons Law firm? You can bet if the wrong law firm showed up, they'd all be lined up to sue.
I think it also might have to do with some VERY high up people in the UN, France and others making tons of illegal money off the "Oil for Food" fiasco
This holds water, up til the point where documents were discovered proving both Clinton and Bush knew about the trading, and went so far as to condone it for Jordan, citing "national security" as the reason to allow it to continue.
All google needs for World (well... US anway) Dominance is to learn what side of the street the odd-numbered addresses are. Nothing like getting to your destination and finding strip malls on both sides of you and no clue which one the dinky little storefront is.
Someone is looking for your product, and you show listings of counter products.
I don't know if that's right or wrong, but where does freedom of competition come in?
Here's a hint:
Next time you stroll through your grocery store looking for a can of raviolli, see how many different brands of raviolli you have to get through to find chef boy-r-dee's. Now imagine that if the store had to be entirely re-organized so that all the products canned by one company were in one place so that nobody else "infringed" on their presence.
If the competitor's ads claimed they were selling the product that was searched for, that would clearly be trademark infringement by the competitors, but in this case, they just paid to show up on the same page, much like all those other brands of raviolli paid for their shelf space.
It takes roughly 56 hours to go from a message of which hashes to 0xAABBCCDD11223344, to a message of whichh also hashes to 0xAABBCCDD11223344, which means that it would have an identical signature, meaning that the original signature would validate the fake message.
Personally its not the huge end-of-the-world scenario everyone thinks it is. It would probably take tens of thousands of years for this machine to output a well-formatted message that had a hash collision and could not be trivially discarded as gibberish.
Wrong, they're required by law to try their best to make a profit. Due diligence and all. And that includes making sure they behave legally to avoid fines and lawsuits, though many CxOs don't give a shit once they strap on their golden parachute.
As I see it, either municipal wifi is profitable (in which case these companies are failing their due diligence in identifying and moving into new markets) or its not (in which case the companies should shut up and move on).
The ONLY ban I would support would be of the government competing against a service provided by a business. If theres no businesses willing or able to provide the service, then theres no problem.
From here in Houston, TX, I see nobody providing wireless service or fiber-to-the-home service, beyond the couple of cell providers providing first-generation low-bitrate GPRS that only works on certain cellphones and then only to whatever crappy webbrowser the cellphone has built in. If there are companies out there providing that service, they need to make themselves more visible so I can find them and subscribe!
Yeah, after that "no child left behind" act Bush put on, the school children could use some real educational material. They'll need all the help they can get to grow up to be educated, honest, voting citizens.
Yeah, thats great, but what does it DO.
Seriously. What the hell is in this "directory" that makes it more magic than just having samba alone, aside from just being a list of users?
Maybe it is time to look at a Mac.
Kernel-level rootkits have plagued Unixes (including Linux) for a long time. Fortunately on Linux most suck, and can be detected with chkrootkit (yet how many out there that aren't detectable...), and (this is true for windows as well) any of them can be found simply by inspecting the drive from a known clean boot media.
Removing rootkits (kernel level or not) from any OS requires either guruhood, an exact knowledge of which rootkit(s) was used and what files they trojan (as well as a clean source to restore those files from), or a reformat-reinstall-restore(dataonly)frombackups.
Its one thing to patent a way of processing music that produces a result that one could say was tangible. What about that help icon? Is a method for obtaining help tangible and concrete? Does it produce anything? If you say it produces information, does that then mean that the act of teaching is patentable?
People with jobs, families, communities, little league teams, the works.
I don't see anyone calling for people to lose the right to vote because they work for Wal-Mart. I don't see people calling for the end to individual donations to campaigns.
Get a grip! Corporations are a way to pool resources to get tasks completed in an efficient manner
Yes to "get tasks completed". Not to bribe public officials. No, government subsidies to companies/people that provide the president/congressman/whatever-voting-official a hefty kickback are bad on any continent.
This business of trying to make out corporations as some kind of faceless inhuman creature is just silly.
Penny Arcade has a good tutorial on this. These CxOs and what have you get behind the corporate veil and go hog wild. When they get caught behind the wheel after a drunken joy ride they go "I'm a an incompetent manager who had no idea what the people in my charge were doing. I guess I'll take my $20 million bonus for being a loser and go home now." And hey, thats ok, because even though they're paid to be the "face" of the corporation, they're just as blameless as everyone else in it.
Maybe if the people in charge didn't hide behind the corporate veil when they screw up (or better yet, not screw up in the first place), people would quit calling them "faceless inhuman creatures".
The problem is that coporations pay taxes. As such, this entitles them to those rights
All they really earn from paying those taxes is the right to transact business. The rest are artifically granted thanks to a stray supreme court ruling.
Kinda reminds me of Slashdot
1N s0v13+ M1kR0z0fT, |33t Sp33|Z j00!
Except that the original owner isn't transferring the account, the new owner is expecting to be able to create a new account, just like anyone else who bought the product. Your beetle analogy was nice, but not quite right.
Let's say I sell you a beetle. Now lets say you go to the vehicle registration bureau to get your license tags, and they tell you "Hell no. You're not the original owner, you can't drive that thing around here. Not only that, but we're not going to update our database to mark you as the owner of the car, so the guy who sold it to you could report it as stolen any day now." Now, lets say the state law specifically allows cars to be sold. Is there not an expectation that the purchaser would then be allowed to use the car?
Actually, it'd be pretty interesting to put things like that up into orbit just for the purpose of catching all the little junk that's been whizzing around up there. Then, just let it crash into the atmosphere. Or, retrieve it, dig out the debris and sell the toothbrushes and other random bits.
A fix is pretty easy, but requires two parts:
1) Amend the IDN spec to require that valid IDN urls use the lowest-numbered codepoints that match that glyph.
2) Have browsers use a table that identifies all the characters that share a glyph. Any invalid IDNs are mapped down to the lowest codepoints before the browser goes there, so a link to a fake paypal.com address actually goes to the real paypal.com address.
Of course, this still can't stop people who just refuse to look closely at the URL. The payqal.com domain is taken, who knows what its used for...
Well, lets show a hypothetical situation that will cover who they are what they do and why they're bad.
Let's say that to earn a certain rank in Game X, you have to get a special item Blizzrt's Tail in order to prove your strength and valor, yadda yadda. Obviously, you get this by killing Blizzrt and taking its tail. The problem is that there is only one Blizzrt in the game world at any one time, so it becomes more a test of "waiting your turn" than of strength or valor.
Now, what IGN does is called "farming". They get 30 or 40 players to all stand around in the cave that Blizzrt lives in (where it appears every time its killed, this is its spawn point). Every time Blizzrt appears, they immediately start to kill it, and take the tail for themselves. Over and over, without respect for the other people who need to kill it in order to advance.
But thats ok, if you can't get a sword in edgewise to score a tail for yourself, the IGN crew will be more than happy to sell it to you on ebay for real money, since they seem to have just "stumbled across" a few hundred extra. Now getting that tail isn't about patience or valor, just about shelling out enough dough on an auction site somewhere.
Now whether this is bad or not depends on how much you care. If you say "its just a game" then consider it as frustrating as waiting in line at say... McDonalds. You have 11 kids in front of you, and they think its real cool to keep you from getting your food by ordering a glass of water, getting it, then getting their buddy in 11th place to let them cut in front for another glass. Unless of course you slip them a buck to get to the front of the line.
this to me is the least offensive method of combatting piracy. Assuming the technology works properly
MD5 was finally proven to have calculatable hash collisions. Any "fingerprinting" scheme that They can come up with will hit that wall eventually, and score all sorts of false positives, while people split files, swap byte orders, and do all sorts of other random things to keep that finger print from appearing.
That is to say, if its possible in the first place. How do you generate a fingerprint of a 750MB dvd-rip when you only see about 1400 bytes at a time? Store-and-forward versus a gigabyte is a LOT of network latency, and when you apply that to everything you do, its going to suck. Is that a game of Quake 3? Or a copy of spiderman 2? Gonna have to hold on to the first couple of hundred MB to find out. Loading up a website with a few pictures? Every one of those connections is going to stall while the ISP figures out if its legal or not.
I agree that this is probably the minimally invasive option, but thats not saying a lot in the face of technical and practical hurdles (someone STILL has to come up with a database of all of these fingerprints, and you still need some kind of dispute process for false positives).
So basically what you want is the hardware layer to say "go forward" and another layer that says "UT, forward=w. q3, forward=w. doom3, forward=" etc?
I'm not sure what you're getting at. What happens now is that keys are pressed or the joystick is moved, and this is converted into an updated joystick state and/or press and release events for the keys. Your application should then read these events and convert them into whatever that app wants to do with them.
Biometrics, on the other hand, requires that you only have your body present at the time!
Or that someone else has your body present. Or just search google for jelly fingerprint to see how to duplicate other people's prints for fun and profit.
Biometrics is bound to stick around for a while, but the fad will hopefully fade before all my bank and credit card accounts get tied to my fingerprint and I have to have new prints carved into my fingers to replace the ones that some identity thief lifted off the scanner.
side note, can American filesharers use proxies in remote countries to protect themselves from **AA lawsuits?
With bittorrent, not easily. You might be able to hide your real identity from web-based aggregator sites like suprnova, but when it comes to getting the data, you could theoretically pass all connections backwards and forwards through a custom-made proxy you set up, but the connections back to you wouldn't work through a standard-issue open proxy.
I'm not an expert on the protocol itself, it might be possible to use a very open proxy (some can proxy more than just http) to leech in this situation (get list of ips from tracker through the proxy, then connect to each client through the proxy and request a chunk. Requests to download from you will be dropped by the proxy though, so you'll be flagged as a leech pretty quick)
In the last 15 years, the majority of most of these scientist's time has been spend under a Democratic president;
And in the past 300000 years, Starbucks did not exist for a vast majority of the time. Clearly all our problems are due to the planet's lack of Starbucks coffee shops. Since my randomly chosen numbers have a larger sample size than your randomly chosen ones, clearly mine are more correct.
Most scientists in FWS reported no such pressure
RTFA harder: nearly 40% said they had never been required to do so. (in regards to being required to alter findings). That means around 60% were required to do so.
As for UCS being a radical group, sounds about right to me. Now, are you going to prove that they lied, or do you just intend to will away the numbers?
Google simply needs to carry a policy to warn advertisers that google will bill for legal fees if your a name stealing butthead.
As opposed to suing the name-stealing buttheads in the first place, rather than making google front the money that it'd probably have to sue to get back, if it ever got that money back at all.
This behavior is simply killing the messenger. I wonder if Louis Vuitton's lawyers even met with any of the companies doing the advertising.
all the courts would have to do is respond to complaints - same way it works now.
At how many tens of thousands of dollars per complaint?
a bit unethical.
Ethical or not, its a near-impossible problem. Google would have to maintain a massive database of every potential competitor for every possible keyword. And then, if I search for "Anderson", whose ads are forbidden from showing up? Does the user want Anderson Accounting? Anderson Computers? Anderson Farms? Anderson Law Firm? Anderson & Samuel Law Firm? Anderson Anderson Anderson & Sons Law firm? You can bet if the wrong law firm showed up, they'd all be lined up to sue.
I think it also might have to do with some VERY high up people in the UN, France and others making tons of illegal money off the "Oil for Food" fiasco
This holds water, up til the point where documents were discovered proving both Clinton and Bush knew about the trading, and went so far as to condone it for Jordan, citing "national security" as the reason to allow it to continue.
All google needs for World (well... US anway) Dominance is to learn what side of the street the odd-numbered addresses are. Nothing like getting to your destination and finding strip malls on both sides of you and no clue which one the dinky little storefront is.
Someone is looking for your product, and you show listings of counter products.
I don't know if that's right or wrong, but where does freedom of competition come in?
Here's a hint:
Next time you stroll through your grocery store looking for a can of raviolli, see how many different brands of raviolli you have to get through to find chef boy-r-dee's. Now imagine that if the store had to be entirely re-organized so that all the products canned by one company were in one place so that nobody else "infringed" on their presence.
If the competitor's ads claimed they were selling the product that was searched for, that would clearly be trademark infringement by the competitors, but in this case, they just paid to show up on the same page, much like all those other brands of raviolli paid for their shelf space.