LJ was down, WP is down, Server Beach had an outage two weeks ago, and I at least have had the misfortune to have my ISP down for a week. Is it me, or does it seem like colocation center outages are becoming rampant lately?
A key question is whether the US economy will benefit relative the rest of the world, with some arguing that new technologies such as clean power generation and energy efficient appliances will provide an economic boost."
Why? Americans don't make or discover those things anymore.
Re:Not a problem (yet) - Do the math!
on
SHA-1 Broken
·
· Score: 1
Oh for christ fucking sakes, use your head.
The whole task presented by a hash is to provide a summary of a larger corpus of data. All an MD5 or SHA1 hash is is a massive expansion on the idea of a checksum.
Now in, say, SHA1, you've got 160 bits, and you're asking those 160 bits to give you a summary of a zip file that is, say, 200KB in size, which is 1,638,400 bits.
It's mathematically impossible to expect that 160 bit string is going to be unique for every possible combination of those 1,638,400 bits. The problem is how far you need to go to find two that match on the same size. But its bound to happen because it's impossible to expect otherwise.
Why is this still not a problem -- and why is MD5 not suddenly just a stupid little runt, either? Because the fact that you've found two random bitstreams of the same length that have the same SHA1 or even MD5 checksum doesn't mean that both (or *either*) of those bitstreams are going to make any sense -- or have any similarity to each other.
The FUD about these hash collisions is that "oh no, now I can't be absolutely certain that this 160-bit string, and this to-the-byte filesize can actually identify more than one file!" So what? Whose to say that these files have any similary to each other that would actually result in a malicious or even malfunctioning attack? How likely is it that these multiple bitstreams are going to be any of: interpretable on the same architecture, uncompressable by the same algorithm, compilable in the same language, in the same structured format, even in the same language? Pretty frickin slim, I'd say.
Hashes are NOT unique identifiers. Not even combined with file size. Not even combined with file size *and* a second hash (say, SHA-1 *and* MD5, which would of course be more unique than SHA-1 and file size alone). All of these details, even combined, represent a much smaller set of possibilities than any file of any reasonable length (greater than 128 bits + 512 bits + bits in a given filesize value).
Neither SHA-1 or MD5 hashes are going to give you absolute assurance that the bits you get are the bits you were supposed to get. But its going to be pretty damned impressive if anyone manages to create malicious code or manipulated data that matches the filesize and checksum (even MD5) of a legitimate package.
A non-electronic, low-power invention called an Odometer is available that will measure the distance a vehicle has traveled to a legally adequate accuracy.
This amazing device is already widely used in the auto sales, vehicle maintenance, and did-the-kids-take-the-car-out-while-we-were-gone industries.
"Student directories including out of state numbers!" Oh no! There's no reason the school's PBX can't be set up for an extension for each student which is forwarded onto their cells. Hell, you could even allow them to change the forward online -- good for co-op semesters and vacation.
The only "problem" is that the local telcos are pissed because the schools cut deals with them to offer packaged service to the students (which usually sucks, is one-size-fits-all, and often comes with fixed rates from 5-10 years ago which are outrageous even compared to cellular).
Landline is going to die anyway. People are going to realize that the ability to have their home phone number also be portable is better than having to hand out multiple phone numbers to everyone just so they can reap the easy access benefit the telecommunication age is supposed to bring.
I can't get over the way so many allegedly intelligent people cream themselves over these cute 3D animations of a huge behemoth lateral crane picking up building materials and laying them into place and voila, instant house. It must be the Lego lover's mindset, but it's not remotely as practical as it's proponents suggest. (And I still have no evidence that it is "already being done", all I see are drawings. But as Colin Powell proved, artistic drawings are proof of reality. But I digress.)
1. You have to lie these perfectly straight 200-foot rails down at either ends of the lot, perfectly parallel and at a perfect distance. And make sure they don't move.
2. You have to lug this huge behemoth crane on huge supports to the site and *onto the rails*.
3. You have to place all the building materials in perfectly lined up position. Who is going to do this? Construction workers? Another expensive piece of heavy machinery?
4. Who is going to climb up the damn thing when it gets jammed while carrying a 50-foot 10x10 support beam?
B: these wonderful, mod-hippie earthen building materials like cob and superadobe -- all of which are top secret and require you buying book X and going to seminar Q for a hundred here and a hundred there. Nope, that ain't the way to promote an off-the-grid natural building style, that's the way to be a beemer-driving neoliberal. Instead of these wonderfully "grassroots" building techniques going on to revolutionize building and make it accessible to the common man, cob et al become the trademark of upper-middle class SUV drivers who need a way to prove to everyone that they truly are earthy and granola.
(Let's not mention the inconvenient fact that the underprivileged and otherwise construction-disenfranchised that these cheap natural building techniques will supposedly help don't actually *own any land* to BUILD anything on!)
I'd be curious about cob... if it wasn't that every link about it I can find actually tells you *nothing* about how to do it, but instead urges you to attend a fucking paid training session. (And oh yeah, if I were in the landed class.)
I can process rich text, calculate spreadsheets, and read email for free, but I can't build with fucking mud and straw without going to some new age seminar. Funk dat.
According to research agency IDC's Worldwide Handheld QView, shipments of such devices fell nearly 20 percent year-over-year in the fourth quarter of 2004....
In contrast, in another report that was released on January 27, IDC had said that mobile phone purchases had been the highest ever.
I think it's in Running Man (the book) -- in the future, the U.S. introduces a new plastic coinage currency, but grandfathers the old metal currency by devaluating it to 1/3 of its face value. For a while, there are two U.S. "dollars", one that is 3x the value of the other.
This is probably the sort of thing you'd have to do to make low coinage useful again while not having awkwardly high base coins.
And besides, in the U.S., if we got rid of the penny, we'd get screwed on all those $xx.99 purchases. And those little dishes on the counters of convenience stores would be no more.
Some of them have/had idiots reading SpamCop reports, too.
I was threatened with a $500 "cleanup fee" by Faradic a couple years ago when some email harvester selling website search engine placement services pulled off the email addresses of people on my quote list page, and sent them ads offering to sell them placements services for *my* page. Since my URL appeared in the email, it was of course *me* that was sending out spam. I had my primary account turned off for a week while I fought via email and phone tag with the idiot on the front line. (Eventually I got a hold of an actual sysadmin who got me set back up, but the front line idiot insisted that I was getting a "one time reprieve".)
Of course, it doesn't help that SpamCop is clearly brain-dead as well, but at least some people *know* that, and research the reports, before they make accusations against customers.
Can't come up with a good show idea, plot, or good writing? Leech off of a show that did -- and explain the serious problems with implementing your leeching via bad ideas, bad plots and bad writing.
It's not the format, it's the codec. Linux is capable of playing WMV with software such as xine, mplayer, or aviplay. The problem lies in the availability of the underlying codecs in which the video is compressed and encoded.
...how the fuck do you free up 20% of your work time when your staff has 150% of its time already tied up with the work of 2 people per worker under turnaround deadlines that are 3 months short of reasonable?
Slashdot Mirror
LJ was down, WP is down, Server Beach had an outage two weeks ago, and I at least have had the misfortune to have my ISP down for a week. Is it me, or does it seem like colocation center outages are becoming rampant lately?
A key question is whether the US economy will benefit relative the rest of the world, with some arguing that new technologies such as clean power generation and energy efficient appliances will provide an economic boost."
Why? Americans don't make or discover those things anymore.
Oh for christ fucking sakes, use your head.
The whole task presented by a hash is to provide a summary of a larger corpus of data. All an MD5 or SHA1 hash is is a massive expansion on the idea of a checksum.
Now in, say, SHA1, you've got 160 bits, and you're asking those 160 bits to give you a summary of a zip file that is, say, 200KB in size, which is 1,638,400 bits.
It's mathematically impossible to expect that 160 bit string is going to be unique for every possible combination of those 1,638,400 bits. The problem is how far you need to go to find two that match on the same size. But its bound to happen because it's impossible to expect otherwise.
Why is this still not a problem -- and why is MD5 not suddenly just a stupid little runt, either? Because the fact that you've found two random bitstreams of the same length that have the same SHA1 or even MD5 checksum doesn't mean that both (or *either*) of those bitstreams are going to make any sense -- or have any similarity to each other.
The FUD about these hash collisions is that "oh no, now I can't be absolutely certain that this 160-bit string, and this to-the-byte filesize can actually identify more than one file!" So what? Whose to say that these files have any similary to each other that would actually result in a malicious or even malfunctioning attack? How likely is it that these multiple bitstreams are going to be any of: interpretable on the same architecture, uncompressable by the same algorithm, compilable in the same language, in the same structured format, even in the same language? Pretty frickin slim, I'd say.
Hashes are NOT unique identifiers. Not even combined with file size. Not even combined with file size *and* a second hash (say, SHA-1 *and* MD5, which would of course be more unique than SHA-1 and file size alone). All of these details, even combined, represent a much smaller set of possibilities than any file of any reasonable length (greater than 128 bits + 512 bits + bits in a given filesize value).
Neither SHA-1 or MD5 hashes are going to give you absolute assurance that the bits you get are the bits you were supposed to get. But its going to be pretty damned impressive if anyone manages to create malicious code or manipulated data that matches the filesize and checksum (even MD5) of a legitimate package.
A non-electronic, low-power invention called an Odometer is available that will measure the distance a vehicle has traveled to a legally adequate accuracy.
This amazing device is already widely used in the auto sales, vehicle maintenance, and did-the-kids-take-the-car-out-while-we-were-gone industries.
The catch is, the media to be searched has to be prepped first.
Holy fuck, that's just like saying text files have to be "prepped" before they can be part of a global hypertext system.
Dear god, whatever shall we do.
"Student directories including out of state numbers!" Oh no! There's no reason the school's PBX can't be set up for an extension for each student which is forwarded onto their cells. Hell, you could even allow them to change the forward online -- good for co-op semesters and vacation.
The only "problem" is that the local telcos are pissed because the schools cut deals with them to offer packaged service to the students (which usually sucks, is one-size-fits-all, and often comes with fixed rates from 5-10 years ago which are outrageous even compared to cellular).
Landline is going to die anyway. People are going to realize that the ability to have their home phone number also be portable is better than having to hand out multiple phone numbers to everyone just so they can reap the easy access benefit the telecommunication age is supposed to bring.
A: machine automated construction.
I can't get over the way so many allegedly intelligent people cream themselves over these cute 3D animations of a huge behemoth lateral crane picking up building materials and laying them into place and voila, instant house. It must be the Lego lover's mindset, but it's not remotely as practical as it's proponents suggest. (And I still have no evidence that it is "already being done", all I see are drawings. But as Colin Powell proved, artistic drawings are proof of reality. But I digress.)
1. You have to lie these perfectly straight 200-foot rails down at either ends of the lot, perfectly parallel and at a perfect distance. And make sure they don't move.
2. You have to lug this huge behemoth crane on huge supports to the site and *onto the rails*.
3. You have to place all the building materials in perfectly lined up position. Who is going to do this? Construction workers? Another expensive piece of heavy machinery?
4. Who is going to climb up the damn thing when it gets jammed while carrying a 50-foot 10x10 support beam?
B: these wonderful, mod-hippie earthen building materials like cob and superadobe -- all of which are top secret and require you buying book X and going to seminar Q for a hundred here and a hundred there. Nope, that ain't the way to promote an off-the-grid natural building style, that's the way to be a beemer-driving neoliberal. Instead of these wonderfully "grassroots" building techniques going on to revolutionize building and make it accessible to the common man, cob et al become the trademark of upper-middle class SUV drivers who need a way to prove to everyone that they truly are earthy and granola.
(Let's not mention the inconvenient fact that the underprivileged and otherwise construction-disenfranchised that these cheap natural building techniques will supposedly help don't actually *own any land* to BUILD anything on!)
I'd be curious about cob... if it wasn't that every link about it I can find actually tells you *nothing* about how to do it, but instead urges you to attend a fucking paid training session. (And oh yeah, if I were in the landed class.)
I can process rich text, calculate spreadsheets, and read email for free, but I can't build with fucking mud and straw without going to some new age seminar. Funk dat.
Mine (WA) already has a machine-readable PDF417 barcode AND a Code128 barcode.
My MA license four years ago had a barcode AND a magnetic strip.
Just like my college ID had.
Check it out for other states.
Both licenses also have/had holographic watermarks.
Now all of you, stop getting distracted.
$10?? Hell, you could get them for a buck or less (US) at a Goodwill or other thrift store, maybe as much as $3-5 at a used book store.
Why wouldn't the same have happened after the advent of the 45, or the cassette single, or the CDS?
Fans of bands will still buy their albums, just as they will go to their concerts, just as they always have.
You mean she doesn't have to stick around for six weeks to train her replacement?
In the news industry, writing a story to pump up an advertiser is lovingly referred to as a "blow job".
In the music industry, a similar situation is called payola, and there it's illegal.
from this article:
j sp ?storyid=57471
http://www.techtree.com/techtree/jsp/showstory.
According to research agency IDC's Worldwide Handheld QView, shipments of such devices fell nearly 20 percent year-over-year in the fourth quarter of 2004....
In contrast, in another report that was released on January 27, IDC had said that mobile phone purchases had been the highest ever.
Yeah, they can't count mitichlorians, either.
Wasn't the obnoxiously frantic banner ad at the top of every slashdot page over the past 3+ days enough to impress this fact upon us?
Pay-for-press in Slashdot, the same thing we get pissed off about anywhere else.
Tivo check
Ability to acquire/implement for $200 with $100 kickback - Yes
I think it's in Running Man (the book) -- in the future, the U.S. introduces a new plastic coinage currency, but grandfathers the old metal currency by devaluating it to 1/3 of its face value. For a while, there are two U.S. "dollars", one that is 3x the value of the other.
This is probably the sort of thing you'd have to do to make low coinage useful again while not having awkwardly high base coins.
And besides, in the U.S., if we got rid of the penny, we'd get screwed on all those $xx.99 purchases. And those little dishes on the counters of convenience stores would be no more.
Some of them have/had idiots reading SpamCop reports, too.
I was threatened with a $500 "cleanup fee" by Faradic a couple years ago when some email harvester selling website search engine placement services pulled off the email addresses of people on my quote list page, and sent them ads offering to sell them placements services for *my* page. Since my URL appeared in the email, it was of course *me* that was sending out spam. I had my primary account turned off for a week while I fought via email and phone tag with the idiot on the front line. (Eventually I got a hold of an actual sysadmin who got me set back up, but the front line idiot insisted that I was getting a "one time reprieve".)
Of course, it doesn't help that SpamCop is clearly brain-dead as well, but at least some people *know* that, and research the reports, before they make accusations against customers.
If Google does release an OS, it'll have succeeded in doing what Netscape probably should have done.
...really fucking stupid.
Can't come up with a good show idea, plot, or good writing? Leech off of a show that did -- and explain the serious problems with implementing your leeching via bad ideas, bad plots and bad writing.
(Shit, that sounds like the software industry.)
It's not the format, it's the codec. Linux is capable of playing WMV with software such as xine, mplayer, or aviplay. The problem lies in the availability of the underlying codecs in which the video is compressed and encoded.
I have a head to memorize those things for me.
I figure if they can crack that, I'm screwed anyway.
Actually, I get mostly references to the unicameral system... and people with joke disclaimers including it for comedic effect.
And something about Warren Buffet insisting its the best place to do business in America.
...how the fuck do you free up 20% of your work time when your staff has 150% of its time already tied up with the work of 2 people per worker under turnaround deadlines that are 3 months short of reasonable?
The biggest one for me is:
7. Project is fucking impossible