There is no evidence that quantum computing will break hash functions or block ciphers beyond the square-root advantage you get from Grover's algorithm. This effectively halves the bit length of any hash function in terms of collision resistance making it something like 512 / 2 / 2 = 128 bits of security. This is considered far out of the reach of any technology for the next few decades.
Not that I fundamentally disagree with you, but there is a logistical problem to deal with if you decide to allow other office suites. Do you just allow Libre Office? What about Google Docs? If you add one additional one you then have to allow others. That in itself is not so big a problem because these tools are largely functionally equivalent, however, you have to remember that these are students who are very new to computers and may not understand the differences that do exist. I taught the equivalent of this course as a grad student and I allowed the students to use other office suites, but I graded it in MS Office and I told them that. I did not have time to troubleshoot conversion problems or formulas that were different/didn't exist, so if it didn't open they got a zero. It is unfortunate, but I don't know another way that would have worked. Keep in mind that I had several students submit their.accdbl files (the empty lock file) instead of their actual databases despite the fact that I loudly and repeatedly told them about this potential problem. Counter to what you would think, kids are actually not very good at computers these days.
Agreed. As a grad student I taught the equivalent of this class at my school and it would not be logistically possible to teach MS Office and Libre/Open Office at the same time. It is true that they are largely the same, but there are enough differences that it would be confusing for some people. Personally, I told the students they could complete the assignments in another office suite if they wanted to but I would be grading it in MS Office and I don't have time to figure out if it isn't working because you got it wrong or because there was some conversion problem. We also spent a lot of time using Access which, as far as I know, doesn't have a good open source analog.
This problem has already essentially been solved. There are several secure cryptographic voting systems (some with open source implementations) which provide the ability to verify to your vote without it being linked back to you. For instance, Scantegrity has a set of randomly generated codes on each ballot, one per candidate. When you vote, you copy the code corresponding to the candidate you selected and write it at the bottom on a detachable receipt. When you get home, you go to the website, put in your serial number and check that the published code matches the code that you wrote down. This way you can verify that the system recorded your vote as you cast it, but nobody but you can be sure of which candidate it was for. Additionally, there is a mixnet structure that links these codes to candidates and actual votes in a way that allows for verification of the final tally without compromising individual votes. This system has been used for several municipal elections already. Check out the paper if you are interested.
It makes perfect sense. Your argument would only hold if in fact no humans had ever become vegetarians, even though they now had the ability to. Since some humans became vegetarians, this mutation allowed humans to become vegetarians. It doesn't say allowed humanity or allowed all humans to become vegetarian. English has more nuances than you are giving it credit for.
Well in that case they should be a note in big red letters that says "not recommended for use, backwards compatibility only" or something to that effect.
Thats the point of this API I imagine. If it is included in the browser then there is nothing to intercept and replace. Also it can have some priveledged status where methods can't be overwritten by other scripts.
The API has two padding modes for RSA, PKCS#1v1.5 and OAEP. OAEP is provably secure. That is, if the underlying scheme (RSA) is a secure public key cipher, then RSA combined with OAEP is a semantically secure encryption scheme that is resistant to chosen-plaintext attacks. On the other hand, not only is PKCS#1v1.5 not provably secure, it has been knownfor years to be vulnerable to real world attacks.
Most of the time when you see people using it today it is for backwards compatibility, but in this case they are designing a brand new API. Why not go with the one which we know to be secure instead of encouraging the use of a dangerously vulnerable scheme?
Lets look at history then, since you suggested it. For Microsoft's entire existence one of their most important goals has always been backwards compatibility, even to the overall detriment of their OS. There is no reason to think that they would suddenly pull a 180 and lock out people from using/installing the software they are used to. Remember, they make a large chunk of their money from corporate installs where something like this would not be tolerated. They are not stupid, it is not going to happen.
Completely agree. Sometimes I get depressed with how much stock people put in money around here. Work hard to get enough to support yourself and your family, but above that do what makes you happy.
Maybe that means that iPad users actually use their tablets and Android owners just leave it in a drawer? No way to know without further statistics so its stupid to draw conclusions.
A bachelor's degree should be structured to enable the student to make more money upon graduation than someone without that degree (or at least enough additional money to cover their insanely high student loan payments). Do you really think that hiring manager considering you for a programming job cares if you took and passed a Sociology class which is so brain-dead easy as to have no value whatsoever?
You are right, we should all be cogs in a machine not people who try to understand the world around them. There is no profit in that. Best stick to our vain attempt to accumulate wealth rather than pursue things that can actually make us happy.
You have missed the point entirely. The chance that you will stumble upon the one True Lesson Plan the first time you write it is incredibly small. You will teach the class, note which things worked and which things didn't, revise your lesson and try again next semester ad infinitum.
Like that article is anything resembling science. It only has data 1.5 years of no limits and 1.5 years of limits. Maybe the difference is within normal deviation? Maybe there was some other variable that accounted for the change? Maybe the number of accidents spiked when the signs were added but then went back to normal when people got used to them? There is no way to know without looking at the bigger picture.
Right, but they don't require a 100% match on the extracted features. Also, if the key is derived from the fingerprint, and the fingerprint template is stored on the disk, then really the key is just being stored on the disk in a roundabout way and you don't have any better security anyway.
There is actually some new research into exactly this problem. Using what they call "fuzzy extractors" you can derive a secure key from noisy information. Really cool, check it out http://www.cs.bu.edu/~reyzin/fuzzy.html
Right, but then what if you have your home directory encrypted? Usually this key is not stored but derived from your password at login time. You can't do that with fingerprints.
I obviously know that bitcoins are mined, I meant that without the transaction chain it would be possible to copy bitcoins and make an unlimited supply.
A bitcoin is nothing but a really hard to create crypto string (the factor of some unimaginably large number).
Since you are being pedantic, I will point out that the proof of work has nothing to do with factoring. That would make no sense because factoring is an asymmetric problem, someone would first have to generate the composite number and they would already know the factors. If you were just trying to factor a random number it would not be very hard as the difficulty is proportional to the size of the factors and most numbers have small factors (or are prime, which is also easy to verify).
In actuality, the proof of work is to find a salt such that the hash of the previous transaction block and all pending transactions ends in a certain number of zeroes. This is also how bitcoins become harder to generate as time goes on, the number of zeroes required increases.
when you say "i am giving these coins to that person" the transaction is queued up and carried out by god-knows-who, and the resulting bitcoins are *nothing like the original*.
The transactions are "queued" up as you say, but the verifiers are actually the miners. When you successfully find one the above hashes, you simultaneously create a new block in the transaction chain (which validates all transactions included in that block) and receive a number of newly mined bitcoins. In order for this all to work out, you have to broadcast your block to everyone in the network. If you did not, then they would continue to make the chain without your block and you would be "orphaned" out of the accepted transaction chain, losing your bitcoins. Since all transaction blocks must be broadcast, the entire chain is public and anyone can trace the provenance of any bitcoin in the network, as I have said. Even if you create new bitcoin addresses and transfer your coins to them, you are not laundering them because they will still be traceable back to your original account.
That is not true. In order for a seller to accept bitcoins there must be a path in the transaction chain that links the bitcoins from their creation to the person who is currently trying to give them to you. Otherwise, there would be no way to prevent creating bitcoins out of nothing or double spending. This means that the history of every bitcoin is public and available to anyone. The reason it is considered anonymous is that there is no link between your bitcoin address and any real, personally identifiable information.
In this situation, it becomes a huge problem because Romney could just publish his bitcoin address (voluntarily linking himself to it) and then anyone would know they were being presented with illicit bitcoins if the hackers tried to spend them. A lot of people might refuse to take these as it would definitely draw law enforcement attention. The police's goal would then be to try to identify one of the people who receive the bitcoins in question and then trace back from there to the hackers.
Slashdot Mirror
I'll just leave this here http://en.wikipedia.org/wiki/Centrifugal_force_(rotating_reference_frame)
There is no evidence that quantum computing will break hash functions or block ciphers beyond the square-root advantage you get from Grover's algorithm. This effectively halves the bit length of any hash function in terms of collision resistance making it something like 512 / 2 / 2 = 128 bits of security. This is considered far out of the reach of any technology for the next few decades.
Not that I fundamentally disagree with you, but there is a logistical problem to deal with if you decide to allow other office suites. Do you just allow Libre Office? What about Google Docs? If you add one additional one you then have to allow others. That in itself is not so big a problem because these tools are largely functionally equivalent, however, you have to remember that these are students who are very new to computers and may not understand the differences that do exist. I taught the equivalent of this course as a grad student and I allowed the students to use other office suites, but I graded it in MS Office and I told them that. I did not have time to troubleshoot conversion problems or formulas that were different/didn't exist, so if it didn't open they got a zero. It is unfortunate, but I don't know another way that would have worked. Keep in mind that I had several students submit their .accdbl files (the empty lock file) instead of their actual databases despite the fact that I loudly and repeatedly told them about this potential problem. Counter to what you would think, kids are actually not very good at computers these days.
Agreed. As a grad student I taught the equivalent of this class at my school and it would not be logistically possible to teach MS Office and Libre/Open Office at the same time. It is true that they are largely the same, but there are enough differences that it would be confusing for some people. Personally, I told the students they could complete the assignments in another office suite if they wanted to but I would be grading it in MS Office and I don't have time to figure out if it isn't working because you got it wrong or because there was some conversion problem. We also spent a lot of time using Access which, as far as I know, doesn't have a good open source analog.
According to the article, about $64.
This problem has already essentially been solved. There are several secure cryptographic voting systems (some with open source implementations) which provide the ability to verify to your vote without it being linked back to you. For instance, Scantegrity has a set of randomly generated codes on each ballot, one per candidate. When you vote, you copy the code corresponding to the candidate you selected and write it at the bottom on a detachable receipt. When you get home, you go to the website, put in your serial number and check that the published code matches the code that you wrote down. This way you can verify that the system recorded your vote as you cast it, but nobody but you can be sure of which candidate it was for. Additionally, there is a mixnet structure that links these codes to candidates and actual votes in a way that allows for verification of the final tally without compromising individual votes. This system has been used for several municipal elections already. Check out the paper if you are interested.
It makes perfect sense. Your argument would only hold if in fact no humans had ever become vegetarians, even though they now had the ability to. Since some humans became vegetarians, this mutation allowed humans to become vegetarians. It doesn't say allowed humanity or allowed all humans to become vegetarian. English has more nuances than you are giving it credit for.
Well in that case they should be a note in big red letters that says "not recommended for use, backwards compatibility only" or something to that effect.
Thats the point of this API I imagine. If it is included in the browser then there is nothing to intercept and replace. Also it can have some priveledged status where methods can't be overwritten by other scripts.
The API has two padding modes for RSA, PKCS#1v1.5 and OAEP. OAEP is provably secure. That is, if the underlying scheme (RSA) is a secure public key cipher, then RSA combined with OAEP is a semantically secure encryption scheme that is resistant to chosen-plaintext attacks. On the other hand, not only is PKCS#1v1.5 not provably secure, it has been known for years to be vulnerable to real world attacks.
Most of the time when you see people using it today it is for backwards compatibility, but in this case they are designing a brand new API. Why not go with the one which we know to be secure instead of encouraging the use of a dangerously vulnerable scheme?
How did you get modded insightful when it says right in the summary: "We're not doing Android on this platform, at least not now."
Lets look at history then, since you suggested it. For Microsoft's entire existence one of their most important goals has always been backwards compatibility, even to the overall detriment of their OS. There is no reason to think that they would suddenly pull a 180 and lock out people from using/installing the software they are used to. Remember, they make a large chunk of their money from corporate installs where something like this would not be tolerated. They are not stupid, it is not going to happen.
Completely agree. Sometimes I get depressed with how much stock people put in money around here. Work hard to get enough to support yourself and your family, but above that do what makes you happy.
But how much would it be worth it to you if you could have a job that was fun? For me, a lot (of money).
Maybe that means that iPad users actually use their tablets and Android owners just leave it in a drawer? No way to know without further statistics so its stupid to draw conclusions.
A bachelor's degree should be structured to enable the student to make more money upon graduation than someone without that degree (or at least enough additional money to cover their insanely high student loan payments). Do you really think that hiring manager considering you for a programming job cares if you took and passed a Sociology class which is so brain-dead easy as to have no value whatsoever?
You are right, we should all be cogs in a machine not people who try to understand the world around them. There is no profit in that. Best stick to our vain attempt to accumulate wealth rather than pursue things that can actually make us happy.
You have missed the point entirely. The chance that you will stumble upon the one True Lesson Plan the first time you write it is incredibly small. You will teach the class, note which things worked and which things didn't, revise your lesson and try again next semester ad infinitum.
Like that article is anything resembling science. It only has data 1.5 years of no limits and 1.5 years of limits. Maybe the difference is within normal deviation? Maybe there was some other variable that accounted for the change? Maybe the number of accidents spiked when the signs were added but then went back to normal when people got used to them? There is no way to know without looking at the bigger picture.
Right, but they don't require a 100% match on the extracted features. Also, if the key is derived from the fingerprint, and the fingerprint template is stored on the disk, then really the key is just being stored on the disk in a roundabout way and you don't have any better security anyway.
But your fingerprint is not read 100% the same every time so you would not be able to decrypt any of your files.
There is actually some new research into exactly this problem. Using what they call "fuzzy extractors" you can derive a secure key from noisy information. Really cool, check it out http://www.cs.bu.edu/~reyzin/fuzzy.html
Right, but then what if you have your home directory encrypted? Usually this key is not stored but derived from your password at login time. You can't do that with fingerprints.
Ah, I see what you are saying, that makes sense.
A bitcoin is nothing but a really hard to create crypto string (the factor of some unimaginably large number).
Since you are being pedantic, I will point out that the proof of work has nothing to do with factoring. That would make no sense because factoring is an asymmetric problem, someone would first have to generate the composite number and they would already know the factors. If you were just trying to factor a random number it would not be very hard as the difficulty is proportional to the size of the factors and most numbers have small factors (or are prime, which is also easy to verify).
In actuality, the proof of work is to find a salt such that the hash of the previous transaction block and all pending transactions ends in a certain number of zeroes. This is also how bitcoins become harder to generate as time goes on, the number of zeroes required increases.
when you say "i am giving these coins to that person" the transaction is queued up and carried out by god-knows-who, and the resulting bitcoins are *nothing like the original*.
The transactions are "queued" up as you say, but the verifiers are actually the miners. When you successfully find one the above hashes, you simultaneously create a new block in the transaction chain (which validates all transactions included in that block) and receive a number of newly mined bitcoins. In order for this all to work out, you have to broadcast your block to everyone in the network. If you did not, then they would continue to make the chain without your block and you would be "orphaned" out of the accepted transaction chain, losing your bitcoins. Since all transaction blocks must be broadcast, the entire chain is public and anyone can trace the provenance of any bitcoin in the network, as I have said. Even if you create new bitcoin addresses and transfer your coins to them, you are not laundering them because they will still be traceable back to your original account.
Read the white paper, it is all in there http://bitcoin.org/bitcoin.pdf
That is not true. In order for a seller to accept bitcoins there must be a path in the transaction chain that links the bitcoins from their creation to the person who is currently trying to give them to you. Otherwise, there would be no way to prevent creating bitcoins out of nothing or double spending. This means that the history of every bitcoin is public and available to anyone. The reason it is considered anonymous is that there is no link between your bitcoin address and any real, personally identifiable information.
In this situation, it becomes a huge problem because Romney could just publish his bitcoin address (voluntarily linking himself to it) and then anyone would know they were being presented with illicit bitcoins if the hackers tried to spend them. A lot of people might refuse to take these as it would definitely draw law enforcement attention. The police's goal would then be to try to identify one of the people who receive the bitcoins in question and then trace back from there to the hackers.