I'm a professor at the University of Michigan, and I coauthored the voting study at issue with Hari Prasad. I've posted part of a phone call with Hari while he was in the police car, along with more details about the arrest.
This story is badly out of date. The panel voted again the next day and reached a compromise that will require future electronic voting machines to have paper trails. See:
Correction: It's *NOT* Princeton University
on
Textbooks With EULAs
·
· Score: 1
As has been noted in the comments of every other article about this story, the DRMed books are being sold by the Princeton University Store, a bookstore on campus that is *NOT* affiliated with the university.
Using MD5 and a single master password isn't such a good idea.
Suppose a bad guy steals your password for one site and wants to learn your master password (which you input to the hash function along with the domain name of the site). He can perform a brute force attack by checking each possible input password up to a certain length to see whether hashing it produces the stolen site password.
The problem is that MD5 is very fast to compute: for small blocks it takes <0.5us on a modern CPU. That means testing every possible password is surprisingly fast. For example, searching the space of all 8 character alphanumeric passwords (single case) would take only 16 days! With your master password in hand, the attacker can almost immediately determine your passwords for every other site where you employ this scheme. Of course, the attacker can work even faster if your password is in any way guessable.
Splitting a password with a hash function *can* work very well, but doing it securely is tricky. See this paper.
As usual, the/. blurb has the facts wrong. From the article:
The Huygens probe will detach from Cassini on Christmas day, and drop into orbit around Titan, Saturn's biggest moon. On 15 January 2005 it will begin its descent into Titan's atmosphere...
... tens of millions of new local phone numbers beginning with the digit "1" or "0."
I don't know about you, but to me this makes more sense if it refers to a "1" or "0" at the beginning of the current seven digit portion of the number. Seven digit numbers cannot begin with a "1" or "0" because that would indicate a long distance call, but if everyone were to switch to ten digit dialing, there would be a whole new range of xxx-0xx-xxxx and xxx-1xx-xxxx numbers that weren't usable before. This would make 25% more numbers possible in every area code. The new ten digit numbers could still exclude "1" and "0" from the first position to help avoid confusion over long distance dialing.
Ken Thompson isn't the only gray-beard to move away from Bell Labs this year. Just last summer, Brian Kernighan, who wrote The C Programming Language with Dennis Ritchie and The UNIX Programming Environment with Rob Pike, left full time work there for a professorship at Princeton.
It seems strange that Slashdotters have more to say about Linux showing up in some minor TV show than about truly new images from another world. Which is more important in the scheme of things?
A quick search turns up this Science News article from June 1999, which appears to refer to work of the same researchers:
http://www.sciencenews.org/sn_arc99/6_12_99/fob3 .htm
The article questions whether the organisms found in the salt are nearly as old as their discovers claim. It suggests that contamination from many sources could also account for the find.
Has any evidence turned up since 1999 that more conclusively supports these claims? This isn't clear from the Reuters story, and I don't think I'm going to believe it until I see some further proof.
> It was nice to see him bitch about people
> being trained in Visual C++; I assume he was
> complaining about Princeton
Nope. Kernighan was my professor for CS 333 last semester at Princeton, and Visual C++ training is not forced upon unsuspecting students anywhere in the curriculum.
Be that as it may, there are very real environmental concerns over the WTO's policies. Increased trade and industrialization around the world are likely to lead to greater pollution and exploitation of largely unspoiled natural areas.
Although many countries and their citizens stand to benefit economically from the increased commerce, we cannot overlook the potential for permanent damage to our entire planet.
Perhaps this is a wise move, considering the inherent risk in the crash landing. After several recent mission failures on the way to Mars, NASA has the right idea if they want to downplay this until they know it works, rather than end up with egg on their face once again.
Slashdot Mirror
I'm a professor at the University of Michigan, and I coauthored the voting study at issue with Hari Prasad. I've posted part of a phone call with Hari while he was in the police car, along with more details about the arrest.
Here is a link to the actual research paper: http://citp.princeton.edu/paper/
This story is badly out of date. The panel voted again the next day and reached a compromise that will require future electronic voting machines to have paper trails. See:
v es+e-voting+checks/2100-1028_3-6140956.html
http://news.com.com/Panel+changes+course%2C+appro
http://www.freedom-to-tinker.com/?p=1095
As has been noted in the comments of every other article about this story, the DRMed books are being sold by the Princeton University Store, a bookstore on campus that is *NOT* affiliated with the university.
Using MD5 and a single master password isn't such a good idea.
Suppose a bad guy steals your password for one site and wants to learn your master password (which you input to the hash function along with the domain name of the site). He can perform a brute force attack by checking each possible input password up to a certain length to see whether hashing it produces the stolen site password.
The problem is that MD5 is very fast to compute: for small blocks it takes <0.5us on a modern CPU. That means testing every possible password is surprisingly fast. For example, searching the space of all 8 character alphanumeric passwords (single case) would take only 16 days! With your master password in hand, the attacker can almost immediately determine your passwords for every other site where you employ this scheme. Of course, the attacker can work even faster if your password is in any way guessable.
Splitting a password with a hash function *can* work very well, but doing it securely is tricky. See this paper.
At least on my screen, the article is also only 15 lines long. It must be vying to be the world's shortest story about the world's smallest P2P app.
As usual, the /. blurb has the facts wrong. From the article:
...
The Huygens probe will detach from Cassini on Christmas day, and drop into orbit around Titan, Saturn's biggest moon. On 15 January 2005 it will begin its descent into Titan's atmosphere
You mean http://saturn.jpl.nasa.gov/home/index.cfm.
... tens of millions of new local phone numbers beginning with the digit "1" or "0."
I don't know about you, but to me this makes more sense if it refers to a "1" or "0" at the beginning of the current seven digit portion of the number. Seven digit numbers cannot begin with a "1" or "0" because that would indicate a long distance call, but if everyone were to switch to ten digit dialing, there would be a whole new range of xxx-0xx-xxxx and xxx-1xx-xxxx numbers that weren't usable before. This would make 25% more numbers possible in every area code. The new ten digit numbers could still exclude "1" and "0" from the first position to help avoid confusion over long distance dialing.
Ken Thompson isn't the only gray-beard to move away from Bell Labs this year. Just last summer, Brian Kernighan, who wrote The C Programming Language with Dennis Ritchie and The UNIX Programming Environment with Rob Pike, left full time work there for a professorship at Princeton.
It seems strange that Slashdotters have more to say about Linux showing up in some minor TV show than about truly new images from another world. Which is more important in the scheme of things?
Just my $0.02.
A quick search turns up this Science News article from June 1999, which appears to refer to work of the same researchers:3 .htm
http://www.sciencenews.org/sn_arc99/6_12_99/fob
The article questions whether the organisms found in the salt are nearly as old as their discovers claim. It suggests that contamination from many sources could also account for the find.
Has any evidence turned up since 1999 that more conclusively supports these claims? This isn't clear from the Reuters story, and I don't think I'm going to believe it until I see some further proof.
> It was nice to see him bitch about people
> being trained in Visual C++; I assume he was
> complaining about Princeton
Nope. Kernighan was my professor for CS 333 last semester at Princeton, and Visual C++ training is not forced upon unsuspecting students anywhere in the curriculum.
Be that as it may, there are very real environmental concerns over the WTO's policies. Increased trade and industrialization around the world are likely to lead to greater pollution and exploitation of largely unspoiled natural areas.
Although many countries and their citizens stand to benefit economically from the increased commerce, we cannot overlook the potential for permanent damage to our entire planet.
Perhaps this is a wise move, considering the inherent risk in the crash landing. After several recent mission failures on the way to Mars, NASA has the right idea if they want to downplay this until they know it works, rather than end up with egg on their face once again.