arcfour256 drops the first 256 bytes, which is done expressly to prevent a known attack against RC4. In addition, unlike a public https server an attacker can't force you to transfer a same-plaintext file a billion times via ssh. ssh with arcfour256 should still be fairly safe, though I'd certainly transition to AES in a timely fashion.
TLS 1.x could standardize RC4-dropN, but why bother? It's already standardized provably strong algorithms, but browsers don't bother to implement them. Why do you think they're bother to implement yet another new algorithm?
What "provably strong" bulk cipher algorithm is in TLS 1.x? AFAIK as of the latest version--TLS 1.2 (the latest)--only 3DES and AES are allowed as alternatives to RC4. A prove that either of those is strong would be a major result in the crypto world.
A market where money isn't at stake is no market at all
I agree, but I don't see how it's relevant to my post. The IEM markets are real money markets and you cannot participate without putting money in:
Are the participants playing with real money?
YES. Trading accounts can be opened for $5 to $500. Participants then use their funds to buy and sell contracts. Traders therefore have the opportunity to profit from their trades but must also bear the risk of losing money.
How does the IEM safeguard my money?
The IEM is operated under the auspices of the University of Iowa. You write your check to the University of Iowa and the funds are deposited to a University of Iowa account. When funds are withdrawn from your account, the University of Iowa accounting group (a group independent of the IEM) writes a check and mails it directly to your last known address. As a university operation, the IEM is subject to audits by university and state auditors.
I live in Europe--can I still trade in the US political markets?
The US political markets are open to traders, world-wide. To open an account, you will need to send some form of US currency (personal check, money order, electronic transfer) to the IEM office
The political prediction markets at IEM aren't limited to academics. From their FAQ:
The IEM is operated for research and teaching purposes. All interested participants world-wide can trade in our political markets. Other markets--such as the earnings and returns markets--are open only to academic traders.
Drugs, polygamy, gambling, legal age prostitution, etc., could all be arguably classified under victim-less crimes.
That's not the issue here at all. http://tippie.uiowa.edu/ and other futures markets run without CTFC interference.
It's not gambling that's the issue here. The investigation at hand is about undocumented payments from the company to its (retired) founder and others, and whether there's potential investor fraud--a crime with an actual victim--going on.
I never understood why Intrade got so much press--the Iowa Electronic Market has been doing the "online futures trading" thing for far longer. They're still up and running at: http://tippie.uiowa.edu/iem/
As noted, Chromium is the open-source browser project, Chrome is Google's branded version of that code (much as Netscape v6 and later and Mozilla were related).
The bigger error in the article is calling Opera one of the 5 major browsers. The summary then links to a page that isn't overall browser share, but is only non-mobile browser share. When you stop cherry-picking data, it becomes clear that:
a) There are only 4 major browsers; Firefox, Chrome, IE, and Safari all have about 10-30% of the market share, and nothing else has more than 5% share; and b) The 5th largest browser is the Android stock browser. Opera is at best the 6th biggest browser, with 3.2% of the market.
At the outset, Beta had slightly higher video resolution than VHS. VHS had 2-hour tapes rather than Beta's 1-hour tapes.
How do you say which was "better", objectively? The ability to record a movie while you're out of the house (impossible with a 1-hour Betamax tape) is a huge deal. Not having to turn on the lights and switch tapes halfway through a horror movie (and ruin the mood) isn't nothing. Having the video store's inventory take up half the room is a big deal.
By the time Beta II speed finally allowed 2-hour tapes, it was competing with VHS HQ. At that point the video quality difference (which was always pretty small to begin with) between VHS and Beta was negligible and depended more on the quality of the player and tape than the format. Meanwhile VHS had added 4- and 6-hour modes.
And by 1984, Betamax VCRs were selling for about half the price of VHS players and still couldn't get any traction.
Sorry, but you're wrong: it is. Or did you forget where the PYC files come from? You might want to read the official Python documentation on this one http://docs.python.org/3/glossary.html [python.org] . Go to "interpreted" in case you're too lazy to find it yourself. And by the definition we use over at the electronics department Python is an interpreted language no matter what you wish to claim.
You're conflating implementations with languages.
Not every Python implementation even has.pyc files. When I compile a.py file to java bytecodes and then use gcj to generate linkable object code, that's interpreted? And if you consider the use of psyco+CPython to be interpreted, then I'd humbly suggest that the definition you use over at the electronics department is wildly out of touch with what the computer science community means by "interpreted".
Compiled vs. VM vs. interpreted are artifacts of particular implementations, not of the language itself--Aspen has a perfectly fine Fortran interpreter, and EiC and ch have fine C interpreters.
Most of those are still interpreted. It's not because it's a bytecode that it's not interpreted. In fact even your CPU interprets complex instructions and executes them using a set of simple instructions in a lot of cases (yay for RISC/CISC hybrids).
Okay, then Fortran's an interpreted language too. What was the point of your original post, then?
Moving the goalposts like this in the middle of a conversation is pointless--sure, there's a semi-rational definition under which x86 assembler is an interpreted language in some sense. That's not what people mean by an interpreted language, nor is it what you meant in the post I was responding to.
The core processing in SciPy/NumPy is done in compiled C or Fortran libraries (LAPACK is used extensively where available), not in Python.
I'm unaware of a widely-used interpreted version of Python. Whether Python is byte-compiled (CPython), JIT'd (psyco, pypy, IronPython, many Jython stacks), or compiled ahead of time to machine code (Jython+gcj, ShedSkin) depends on which Python implementation you're talking about.
They also did a premium edition of Unearthed Arcana (which is the first-ever edition to include all the published errata). But, yeah, trying to get Chainmail and Eldritch Wizardry and all that stuff would require a lot of work.
The ents and balrogs (and the Elric and Cthulu stuff from the original Deities and Demigods)probably can't be republished for the same reason it was removed in the first place--Tolkein, the Lovecraft estate, Moorcock, etc still have interests that would make legal threats probable.
The first 3 books (Player's Handbook, Dungeon Master's Guide, and Monster Manual) weren't originally digitally typeset, but WotC has already gone through the process of doing that for the "1e premium" releases and they're in InDesign, so there should be clean text available without OCR.
In case you aren't aware, the files for the original printing don't exist. In fact, there were never any files. The books were created long before the advent of the personal computer and its introduction into the publishing industry. When the original books were put together, they were put together "old school" style. Paste up, stats, Rubylith, and hand-building each and every page. Sigh . . . I remember those days fondly.
That would be the plural of the (nonexistent) word stylius. "styli" with one i is better, technically.
I got a kick out of the article: "Unlike conventional styluses which work passively by blocking electric field lines between the drive and sense electrodes of a capacitive touch sensor panel"
Um, no. Conventional styluses [sic] work by scraping wax or clay out of a groove so that the groove is visible to later observers.
Dialing 1 for long distance is actually something that goes farther than the country code. Until about twenty years ago calls within an area code did not require you to dial the area code, but you did have to dial a 1 for long distance.
Heck, up until 25 years ago I didn't have to dial the full exchange.
My town had 2 exchanges, numbers were either 729-xxxx or 725-xxxx.
If you were dialing in town, you only had to dial 5 digits (9-xxxx or 5-xxxx) If you were dialing the next town over, then you needed the full exchange (e.g. 867-xxxx). If you were dialing a local number in another area code, you needed the area code (212-867-xxxx). And if you were dialing a long-distance number then you needed a 1 plus the area code (1-213-867-xxxx).
All rotary phones in Sweden have the 0 before the 1, making the 0 quickest to dial. 0 gives one click.
Interesting.
In the US, city area codes were assigned based on the relative importance/population of the cities in order to make them fastest to dial for the most people. They can't start with 1- (that's for long distance calls) or end with -11 (x11 are reserved for special use--911 for emergencies and 411 for information being the most commonly known) and the middle digit is always "1" or "0". Within those rules, you got the biggest cities with the quickest codes to dial:
212--New York (fastest to dial goes to largest city) 213--Los Angeles 312--Chicago 214--Dallas 313--Detroit etc
Some of the higher/slower numbers were unused, but there's a lot that were allocated (0 is the slowest to dial here):
907--Alaska (the whole state) 808--Hawaii 906--Central Michigan etc.
It's not a hard and fast rule--some higher codes were split off as lower-coded regions became too big and so are in very populated areas, or came along more recently when the rule wasn't really applicable (touch-tone era). But it's kind of interesting.
You're right... every lecture should be delivered in the most droll monotone available. We need to get a hundred Ben Stein clones up in our colleges and universities.
I think you have that backwards. Gamification is an attempt to make lectures and learning more droll*, an adjective that the post you were responding too seemed against. And monotones are rarely droll, though Ben Stein's is a notable exception. Having someone as smart and funny as he is up there teaching seems like a pretty good approach.
That's great IF you can use a password that long. My bank limits passwords to 14 characters
14 characters is still enough for 90 bits of entropy (assuming you're limited to ASCII). If you choose it truly randomly, that's 2^90 possible passwords; this thing can try 77 million passphrases per second. Call that 2^27; so it'll take 2^90/2^27 seconds to hack you, which is 2^63 seconds.
Which is roughly 275 billion years.
The trick is choosing and remembering the random password.
Exactly. This article title is intentionally misleading--strong 14-character passwords are not being devoured in minutes, weak passwords are. The problem, as always, is that people (for good reason) don't choose and remember strong passwords, not that strong passwords are insufficient.
A key phrase from the summary is "That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks"--it's completely nonsensical even without knowing what "that" is. A dictionary attack is a way of limiting the amount of the key space that you need to search by assuming that passwords are distributed non-uniformly throughout the keyspace, and that you know how they're distributed. "The most secure passwords" are by definition uniformly distributed, and hence immune to dictionary/word list attacks.
Slashdot Mirror
arcfour256 drops the first 256 bytes, which is done expressly to prevent a known attack against RC4. In addition, unlike a public https server an attacker can't force you to transfer a same-plaintext file a billion times via ssh. ssh with arcfour256 should still be fairly safe, though I'd certainly transition to AES in a timely fashion.
TLS 1.x could standardize RC4-dropN, but why bother? It's already standardized provably strong algorithms, but browsers don't bother to implement them. Why do you think they're bother to implement yet another new algorithm?
What "provably strong" bulk cipher algorithm is in TLS 1.x? AFAIK as of the latest version--TLS 1.2 (the latest)--only 3DES and AES are allowed as alternatives to RC4. A prove that either of those is strong would be a major result in the crypto world.
ssh's authors are smarter than that, they don't prepend a fixed header when enabling compression.
A market where money isn't at stake is no market at all
I agree, but I don't see how it's relevant to my post. The IEM markets are real money markets and you cannot participate without putting money in:
The political prediction markets at IEM aren't limited to academics. From their FAQ:
IEM's been running real-money prediction markets since 1988. They're still up and running fine (and their FAQ links to their CTFC approval letter).
http://tippie.uiowa.edu/iem/
Drugs, polygamy, gambling, legal age prostitution, etc., could all be arguably classified under victim-less crimes.
That's not the issue here at all. http://tippie.uiowa.edu/ and other futures markets run without CTFC interference.
It's not gambling that's the issue here. The investigation at hand is about undocumented payments from the company to its (retired) founder and others, and whether there's potential investor fraud--a crime with an actual victim--going on.
Yeah, it's here: http://betsofbitco.in/
Also, the Iowa Electronic Market is still up in the US (and has CTFC approval) if you prefer dollars: http://tippie.uiowa.edu/
I never understood why Intrade got so much press--the Iowa Electronic Market has been doing the "online futures trading" thing for far longer. They're still up and running at: http://tippie.uiowa.edu/iem/
And they have approval from the CTFC: http://www.cftc.gov/files/foia/repfoia/foirf0503b004.pdf
As noted, Chromium is the open-source browser project, Chrome is Google's branded version of that code (much as Netscape v6 and later and Mozilla were related).
The bigger error in the article is calling Opera one of the 5 major browsers. The summary then links to a page that isn't overall browser share, but is only non-mobile browser share. When you stop cherry-picking data, it becomes clear that:
a) There are only 4 major browsers; Firefox, Chrome, IE, and Safari all have about 10-30% of the market share, and nothing else has more than 5% share; and
b) The 5th largest browser is the Android stock browser. Opera is at best the 6th biggest browser, with 3.2% of the market.
Betamax was better. VHS was cheaper.
At the outset, Beta had slightly higher video resolution than VHS. VHS had 2-hour tapes rather than Beta's 1-hour tapes.
How do you say which was "better", objectively? The ability to record a movie while you're out of the house (impossible with a 1-hour Betamax tape) is a huge deal. Not having to turn on the lights and switch tapes halfway through a horror movie (and ruin the mood) isn't nothing. Having the video store's inventory take up half the room is a big deal.
By the time Beta II speed finally allowed 2-hour tapes, it was competing with VHS HQ. At that point the video quality difference (which was always pretty small to begin with) between VHS and Beta was negligible and depended more on the quality of the player and tape than the format. Meanwhile VHS had added 4- and 6-hour modes.
And by 1984, Betamax VCRs were selling for about half the price of VHS players and still couldn't get any traction.
Sorry, but you're wrong: it is. Or did you forget where the PYC files come from? You might want to read the official Python documentation on this one http://docs.python.org/3/glossary.html [python.org] . Go to "interpreted" in case you're too lazy to find it yourself. And by the definition we use over at the electronics department Python is an interpreted language no matter what you wish to claim.
You're conflating implementations with languages.
Not every Python implementation even has .pyc files. When I compile a .py file to java bytecodes and then use gcj to generate linkable object code, that's interpreted? And if you consider the use of psyco+CPython to be interpreted, then I'd humbly suggest that the definition you use over at the electronics department is wildly out of touch with what the computer science community means by "interpreted".
Compiled vs. VM vs. interpreted are artifacts of particular implementations, not of the language itself--Aspen has a perfectly fine Fortran interpreter, and EiC and ch have fine C interpreters.
Most of those are still interpreted. It's not because it's a bytecode that it's not interpreted. In fact even your CPU interprets complex instructions and executes them using a set of simple instructions in a lot of cases (yay for RISC/CISC hybrids).
Okay, then Fortran's an interpreted language too. What was the point of your original post, then?
Moving the goalposts like this in the middle of a conversation is pointless--sure, there's a semi-rational definition under which x86 assembler is an interpreted language in some sense. That's not what people mean by an interpreted language, nor is it what you meant in the post I was responding to.
The core processing in SciPy/NumPy is done in compiled C or Fortran libraries (LAPACK is used extensively where available), not in Python.
I'm unaware of a widely-used interpreted version of Python. Whether Python is byte-compiled (CPython), JIT'd (psyco, pypy, IronPython, many Jython stacks), or compiled ahead of time to machine code (Jython+gcj, ShedSkin) depends on which Python implementation you're talking about.
They also did a premium edition of Unearthed Arcana (which is the first-ever edition to include all the published errata). But, yeah, trying to get Chainmail and Eldritch Wizardry and all that stuff would require a lot of work.
The ents and balrogs (and the Elric and Cthulu stuff from the original Deities and Demigods)probably can't be republished for the same reason it was removed in the first place--Tolkein, the Lovecraft estate, Moorcock, etc still have interests that would make legal threats probable.
The first 3 books (Player's Handbook, Dungeon Master's Guide, and Monster Manual) weren't originally digitally typeset, but WotC has already gone through the process of doing that for the "1e premium" releases and they're in InDesign, so there should be clean text available without OCR.
http://wizards.com/dnd/Article.aspx?x=dnd/4dreye/20120704 has more info on the premium releases.
For one, this construct or something similar is used several times, but isn't valid in sed AFAIK (what's it supposed to mean?): /^$/g
x
What language is this? It's something heavily sed influenced obviously, but it's not sed nor is it an ed or ex script.
stylii technically
That would be the plural of the (nonexistent) word stylius. "styli" with one i is better, technically.
I got a kick out of the article: "Unlike conventional styluses which work passively by blocking electric field lines between the drive and sense electrodes of a capacitive touch sensor panel"
Um, no. Conventional styluses [sic] work by scraping wax or clay out of a groove so that the groove is visible to later observers.
And people said that Applied Eschatology was a stupid major.
Dialing 1 for long distance is actually something that goes farther than the country code. Until about twenty years ago calls within an area code did not require you to dial the area code, but you did have to dial a 1 for long distance.
Heck, up until 25 years ago I didn't have to dial the full exchange.
My town had 2 exchanges, numbers were either 729-xxxx or 725-xxxx.
If you were dialing in town, you only had to dial 5 digits (9-xxxx or 5-xxxx)
If you were dialing the next town over, then you needed the full exchange (e.g. 867-xxxx).
If you were dialing a local number in another area code, you needed the area code (212-867-xxxx).
And if you were dialing a long-distance number then you needed a 1 plus the area code (1-213-867-xxxx).
All rotary phones in Sweden have the 0 before the 1, making the 0 quickest to dial. 0 gives one click.
Interesting.
In the US, city area codes were assigned based on the relative importance/population of the cities in order to make them fastest to dial for the most people. They can't start with 1- (that's for long distance calls) or end with -11 (x11 are reserved for special use--911 for emergencies and 411 for information being the most commonly known) and the middle digit is always "1" or "0". Within those rules, you got the biggest cities with the quickest codes to dial:
212--New York (fastest to dial goes to largest city)
213--Los Angeles
312--Chicago
214--Dallas
313--Detroit
etc
Some of the higher/slower numbers were unused, but there's a lot that were allocated (0 is the slowest to dial here):
907--Alaska (the whole state)
808--Hawaii
906--Central Michigan
etc.
It's not a hard and fast rule--some higher codes were split off as lower-coded regions became too big and so are in very populated areas, or came along more recently when the rule wasn't really applicable (touch-tone era). But it's kind of interesting.
You're right ... every lecture should be delivered in the most droll monotone available. We need to get a hundred Ben Stein clones up in our colleges and universities.
I think you have that backwards. Gamification is an attempt to make lectures and learning more droll*, an adjective that the post you were responding too seemed against. And monotones are rarely droll, though Ben Stein's is a notable exception. Having someone as smart and funny as he is up there teaching seems like a pretty good approach.
* Droll: having a humorous, whimsical, or odd quality .
That's great IF you can use a password that long. My bank limits passwords to 14 characters
14 characters is still enough for 90 bits of entropy (assuming you're limited to ASCII). If you choose it truly randomly, that's 2^90 possible passwords; this thing can try 77 million passphrases per second. Call that 2^27; so it'll take 2^90/2^27 seconds to hack you, which is 2^63 seconds.
Which is roughly 275 billion years.
The trick is choosing and remembering the random password.
Exactly. This article title is intentionally misleading--strong 14-character passwords are not being devoured in minutes, weak passwords are. The problem, as always, is that people (for good reason) don't choose and remember strong passwords, not that strong passwords are insufficient.
A key phrase from the summary is "That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks"--it's completely nonsensical even without knowing what "that" is. A dictionary attack is a way of limiting the amount of the key space that you need to search by assuming that passwords are distributed non-uniformly throughout the keyspace, and that you know how they're distributed. "The most secure passwords" are by definition uniformly distributed, and hence immune to dictionary/word list attacks.