and yet the same technology can be used to create genetic cleansing virii (genocide style). some people want this made illegal b/c of possible uses. Oddly enough people have made certaina areas of number theory illegal due to their possible use as a weapon of mass destruction. Some people even face hanging (a penalty for treason IIRC) for such things. Many people fear knowledge and try to legislate stupidity or morality. They seem to be succeeding at the first, and if one is ok with complacency and fear, then one is making significant progress towards the second. I think satre pretty much defined morality as fear of retribution, but im not a phil major. Then again neither are the politicians:)
IE is viral because windows reinstalls it if you "deinstall it" without your consent. Try deleting it from win98. (im no windows guy, but i found its persistence awe inspiring).
Netscape I believe was an example of trojan.
AutoDoubler has 3 forms. The control panel, the init, and the virus. You install the first, it installs the second, and the second installs the third which is self propagating (once installed). It needs the init to infect properly (it infects opened documents) so its more what is called a companion virus i believe.
Even if you CONSENT to having a self progating program begin its life cycle, once started it is still a virus. Many "wild" "malicious" viruses have "clcik to install" and "send these message to disinfect" options. Most people dont get the "click to install" version they catch it at the later life cycle. Say you bought my mac from me (ill never sell damnit, she just needs a little bit of work) you personallywouldnt have consented but the virus would continue operating. Same if I clicked "yes infect the boot sector of this floppy please" and you somehow got the disk. Consent was involved, but the virus is then ethically ambivalent, which is why some people dont like them at all. They run whether you tell them to or not, kinda like IE's upgrade detector, or in SOME (fixed for a long time) versions of netscape, the smart update feature. Or the video card report oin q3test, or the "Tell anyone who asks what my user name and ethernet MAC are" program that runs on every windows box ive tested. or the tell the web server what my user agent is, or the actually put the correct mac address in outgoing packets, or the correct src address in outgoing ip packets.
and yet in way you "consented" to all these trojan activities by running the software. shrug. hopefully the computing paradigm will switch to a more privacy least privaledge model.
A virus is simple a program that can install itself. A self-extracting archive. It often installs itself into key areas of the system, to maintain a state of high availability. The same technique is used by anti-viral software to bypass normal operation for the purpose of verifying certain software actions.
Some viruses are badly written, like M$Word, and internet explorer, and netscape. They corrupt files, exhaust disk space, and have a pernicious habit of reinstalling themselves.
Some viruses have easter eggs or are trojan horses. M$Word for instance fingerprints files, Netscape v4.x (yes all of them) publishes every file it can find on the net so that any web page writer can receive your files in return. RealAudio publishes your playlists, sun's c compiler emailed SUN your compiling habits. Most people do not consider these features, and yet is netscape or microsoft culpable? (Real and Sun have fixed these problems).
There are malicious programs, I firmly believe NT SP6 was designed to destroy microsofts competition by creating incompatiblities where none existed before. The NT install process oft times corrupts BSD or linux partitions, and always overwrites the boot sector. Standard malicious viral behavior.
A virus however can be completely harmless, legal, and useful. A virus by the name of AutoDoubler(tm) significantly helped out Mac users when hard disks were measured in tens of megabytes. It surreptiously installed itself into EVERY application on the machine. It would even alter files, and instaled itself into system memory. I believe one version even infected the system software itself (most likely just fonts and whatnot).
Autodoubler would not have been useful if it did not act in a viral manner. It's ease of use was due solely to the fact that it worked in the background. Whenever an applciation was run, it would intercept that system call and check to see if the binary was UNcompressed (not infected) if so it would add it to a compress list, and wait for the first call to GetNextEvent to comrpess it. Remember you naysayers that in those days MacOS was completely "cooperative" multitasking, if a process wanted to be multitasking it had to depend on every other running process to explicity give up time. Also remember disk seeks and recursive directory scans of an 80mb disk could take an hour. Indeed the previous product "DiskDoubler" died since it normally took up to 6 hours to compress about 80 megs.
Autodoubler did not noticabnly affect system performance because it used its viral like properties to infect only those files the user actually used, or when the user was idle. It subverted many system calls, altered virtually every file on the system (after about a week of keeping it installed), and ran WITHOUT your explicit permission. Once you installed the "init" as they are called, it did the rest.
Other harmless viruses might be integrity checkers, the virus installs itself into applications (slowly, quietly, so as not to grind the disk away, and not to degrade performance, and not to have a weird process "INTRUDER_DETECT -R" running for the next several hours as it scans the 10 gig disks. It would simply install checksum code into the initialastion code. It would store a secure hash of the original binary, and code to check it. It would also infect the kernel and wait for about a week, then it would start logging whenever a binary was launched without the checksum, or with an incorrect checksum. Note that intially the administrator would consent to its installation, but the viruses use lies specifically in the fact that he need not worry about it after that, AND that the programs action is completely unnoticed and hidden.
Another harmless useful virus might be a patch installer, it is initially loaded with a domain name, company.com, and then spreads itself about using worm techniques to update all versions of the software it can find. Why not just do it manually? The whole point is ease of use, and transparency. Also in a large corporation many computers get "lost" and their whereabouts are not always remembered, network-wise or physically. Also new computers sometimes spring up that are from another department, or the purchaser let the new temp fill out the forms, and he forgot to do the paper work on one, etc. If the software is an internal release (say a proprietary database interface used at many data-entry companies) where old versions might be harmful to the database, the preferred infection method would be on connection to the database server. What if the database is distributed, where each client maintains a certain section of the database? Then whenever two clients communicate the patch should have a chance to spread.
That sort of update would also be helpful for seti@home, distrbuted.net, napster, icq, and lots of other distributed products where old versions don't interact as well with new versions. Of course in those cases the program should have an option "Prompt me before accepting a viral update".
At any rate, it always irritates me to see virus == malicious software. t4 is a real life virus that is permaps most responsible for our knowledge of genetics at the dna level. It is the virus used to infect E.Coli and give them new genes. Plasmids themselves are really just viruses that bacteria have grown to love. Mitochondria are suspected to be basically co-depenedent mutualistic parasites. They are just barely above the virus level.
The viral technique is simply a pardigm for writing software. Just like a GUI or an operating system. Its a way of viewing "How is this software going to be used?" Viruses are supposed to run without (further) user interaction, and to withstand attempts to prove their existence or remove them (except when the person removing them makes a concerted effort, an effort that a hacker could not mount, but the original sysadmin or owner could). Just like a tatoo, some people WANT permanent software. The viral paradigm tries to make software as permenent as possible (by distrubting copies in multiple places). It simply backs itself up. Amanda and most disk backups programs are viruses that infect backup tapes with copies of themselves even without the users epxlicit permission.
Weil. That guy whose name is the "W" in STW? Heard of him? One of the major founders of quantum mechanics. His conjecture is just a generalization of another mathematician who revolutionized physics, Riemann.
The Reimann conjecture is one of the biggest stumbling blocks in quantum mechanics. Quantum chaos theory, studying the evolution of stable orbits over time that have the odd property that they "wander pretty much everywhere", relies heavily on the Reimann hypothesis, and its generalisations. There are next to no proofs in this area, only implications. "If Reimann were to generalize in this way, then we could prove..."
At any rate STW may have little to do with lab rats or engineers, but for theoretical physicists, this should be a major source of good news, as it may mean that quite a bit of what they are doing has a firm mathematical base.
I acknowledge the typos reported above. With the two corrections the constant obtained is 1.2e-15, resulting in a estimate of 2,337 secs, or 195 million times as long as a 512bit key. That is approx 40minutes btw. Sorry for the carelessness (hey at least I put a ? next to 0.012:)...
Symmetric doesn't technically have anything to do with it (you could brute force an asymmetric just as well). The main issue is that people are not using brute force guessing (which has running time 2^n even in assymmetric case) but are using factoring to break the cryptosystem (presumably). The complexity of factoring an n-bit number under the NFS as you point out, is order of exp( (ln(n))^(1/3) * (ln(ln(n)) ^(2/3)) so we plug in the results of a 512 bit number (which I believe was 0.012 seconds?) and obtain the constant. I calculate the constant to be about 7.6 * 10^-4, and thus plugging in 2048 into the above equation I get 0.018 secs more or less. I don't feel much safer with a 2048 bit key, do you?
On another note, I would guess the article left out a small detail, the optical machine they were working on solved the second half of the seive, the half they used a Cray on in the earlier story. The pre calculations needed to setup the problem in terms the optical machine can handle took a few months of spare cpu cycles from some small amount of computers (under a 100 as i recall?). If they have discovered how to reduce that to near constant time then this would probably be the end of RSA type algorithms. There are still quite a few public key algorithms out there, so we might still have to wait for the quantum computers to come out before public key crypto is dead.
Thanks for correcting that 2^n comment, it was might have misled alot of people.
Caveats on this comment as well: complexity given above is ASYMPTOTIC. It has (logically) nothing whatsoever to do with any finite n, or set of n. It says nothing about them. Specifcally the running time says nothing about the relationship between 512bit and 2048bit factoring. However it is standard practice to assume that it does, and this practice (while not grounded in rigorous proof) tends to work out.
The main problem I have with OpenBSD is someone (oh theo) doesn't think a local kernel panic is a bug. While linux has more malicious DOS vulnerabilities, OpenBSD crashed much more often during casual use.
In fairness, OpenBSD is my second favorite OS, next to an inspected and patched linux 2.2.10-int.
It like all works of man is imperfect, but its contribution to the open source OS community cannot be over-estimated.
Slashdot Mirror
and yet the same technology can be used to create genetic cleansing virii (genocide style). some people want this made illegal b/c of possible uses. Oddly enough people have made certaina areas of number theory illegal due to their possible use as a weapon of mass destruction. Some people even face hanging (a penalty for treason IIRC) for such things. Many people fear knowledge and try to legislate stupidity or morality. They seem to be succeeding at the first, and if one is ok with complacency and fear, then one is making significant progress towards the second. I think satre pretty much defined morality as fear of retribution, but im not a phil major. Then again neither are the politicians :)
IE is viral because windows reinstalls it if you "deinstall it" without your consent. Try deleting it from win98. (im no windows guy, but i found its persistence awe inspiring).
Netscape I believe was an example of trojan.
AutoDoubler has 3 forms. The control panel, the init, and the virus. You install the first, it installs the second, and the second installs the third which is self propagating (once installed).
It needs the init to infect properly (it infects opened documents) so its more what is called a companion virus i believe.
Even if you CONSENT to having a self progating program begin its life cycle, once started it is still a virus. Many "wild" "malicious" viruses have "clcik to install" and "send these message to disinfect" options. Most people dont get the "click to install" version they catch it at the later life cycle. Say you bought my mac from me (ill never sell damnit, she just needs a little bit of work) you personallywouldnt have consented but the virus would continue operating. Same if I clicked "yes infect the boot sector of this floppy please" and you somehow got the disk. Consent was involved, but the virus is then ethically ambivalent, which is why some people dont like them at all. They run whether you tell them to or not, kinda like IE's upgrade detector, or in SOME (fixed for a long time) versions of netscape, the smart update feature. Or the video card report oin q3test, or the "Tell anyone who asks what my user name and ethernet MAC are" program that runs on every windows box ive tested. or the tell the web server what my user agent is, or the actually put the correct mac address in outgoing packets, or the correct src address in outgoing ip packets.
and yet in way you "consented" to all these trojan activities by running the software. shrug. hopefully the computing paradigm will switch to a more privacy least privaledge model.
A virus is simple a program that can install itself. A self-extracting archive. It often installs itself into key areas of the system, to maintain a state of high availability. The same technique is used by anti-viral software to bypass normal operation for the purpose of verifying certain software actions.
Some viruses are badly written, like M$Word, and internet explorer, and netscape. They corrupt files, exhaust disk space, and have a pernicious habit of reinstalling themselves.
Some viruses have easter eggs or are trojan horses. M$Word for instance fingerprints files, Netscape v4.x (yes all of them) publishes every file it can find on the net so that any web page writer can receive your files in return. RealAudio publishes your playlists, sun's c compiler emailed SUN your compiling habits. Most people do not consider these features, and yet is netscape or microsoft culpable? (Real and Sun have fixed these problems).
There are malicious programs, I firmly believe NT SP6 was designed to destroy microsofts competition by creating incompatiblities where none existed before. The NT install process oft times corrupts BSD or linux partitions, and always overwrites the boot sector. Standard malicious viral behavior.
A virus however can be completely harmless, legal, and useful. A virus by the name of AutoDoubler(tm) significantly helped out Mac users when hard disks were measured in tens of megabytes. It surreptiously installed itself into EVERY application on the machine. It would even alter files, and instaled itself into system memory. I believe one version even infected the system software itself (most likely just fonts and whatnot).
Autodoubler would not have been useful if it did not act in a viral manner. It's ease of use was due solely to the fact that it worked in the background. Whenever an applciation was run, it would intercept that system call and check to see if the binary was UNcompressed (not infected) if so it would add it to a compress list, and wait for the first call to GetNextEvent to comrpess it. Remember you naysayers that in those days MacOS was completely "cooperative" multitasking, if a process wanted to be multitasking it had to depend on every other running process to explicity give up time. Also remember disk seeks and recursive directory scans of an 80mb disk could take an hour. Indeed the previous product "DiskDoubler" died since it normally took up to 6 hours to compress about 80 megs.
Autodoubler did not noticabnly affect system performance because it used its viral like properties to infect only those files the user actually used, or when the user was idle. It subverted many system calls, altered virtually every file on the system (after about a week of keeping it installed), and ran WITHOUT your explicit permission. Once you installed the "init" as they are called, it did the rest.
Other harmless viruses might be integrity checkers, the virus installs itself into applications (slowly, quietly, so as not to grind the disk away, and not to degrade performance, and not to have a weird process "INTRUDER_DETECT -R" running for the next several hours as it scans the 10 gig disks. It would simply install checksum code into the initialastion code. It would store a secure hash of the original binary, and code to check it. It would also infect the kernel and wait for about a week, then it would start logging whenever a binary was launched without the checksum, or with an incorrect checksum. Note that intially the administrator would consent to its installation, but the viruses use lies specifically in the fact that he need not worry about it after that, AND that the programs action is completely unnoticed and hidden.
Another harmless useful virus might be a patch installer, it is initially loaded with a domain name, company.com, and then spreads itself about using worm techniques to update all versions of the software it can find. Why not just do it manually? The whole point is ease of use, and transparency. Also in a large corporation many computers get "lost" and their whereabouts are not always remembered, network-wise or physically. Also new computers sometimes spring up that are from another department, or the purchaser let the new temp fill out the forms, and he forgot to do the paper work on one, etc. If the software is an internal release (say a proprietary database interface used at many data-entry companies) where old versions might be harmful to the database, the preferred infection method would be on connection to the database server. What if the database is distributed, where each client maintains a certain section of the database? Then whenever two clients communicate the patch should have a chance to spread.
That sort of update would also be helpful for seti@home, distrbuted.net, napster, icq, and lots of other distributed products where old versions don't interact as well with new versions. Of course in those cases the program should have an option "Prompt me before accepting a viral update".
At any rate, it always irritates me to see virus == malicious software. t4 is a real life virus that is permaps most responsible for our knowledge of genetics at the dna level. It is the virus used to infect E.Coli and give them new genes. Plasmids themselves are really just viruses that bacteria have grown to love. Mitochondria are suspected to be basically co-depenedent mutualistic parasites. They are just barely above the virus level.
The viral technique is simply a pardigm for writing software. Just like a GUI or an operating system. Its a way of viewing "How is this software going to be used?" Viruses are supposed to run without (further) user interaction, and to withstand attempts to prove their existence or remove them (except when the person removing them makes a concerted effort, an effort that a hacker could not mount, but the original sysadmin or owner could). Just like a tatoo, some people WANT permanent software. The viral paradigm tries to make software as permenent as possible (by distrubting copies in multiple places). It simply backs itself up. Amanda and most disk backups programs are viruses that infect backup tapes with copies of themselves even without the users epxlicit permission.
Weil. That guy whose name is the "W" in STW? Heard of him? One of the major founders of quantum mechanics. His conjecture is just a generalization of another mathematician who revolutionized physics, Riemann.
The Reimann conjecture is one of the biggest stumbling blocks in quantum mechanics. Quantum chaos theory, studying the evolution of stable orbits over time that have the odd property that they "wander pretty much everywhere", relies heavily on the Reimann hypothesis, and its generalisations. There are next to no proofs in this area, only implications. "If Reimann were to generalize in this way, then we could prove..."
At any rate STW may have little to do with lab rats or engineers, but for theoretical physicists, this should be a major source of good news, as it may mean that quite a bit of what they are doing has a firm mathematical base.
I acknowledge the typos reported above. With the two corrections the constant obtained is 1.2e-15, :) ...
resulting in a estimate of 2,337 secs, or 195 million times as long as a 512bit key. That is approx 40minutes btw. Sorry for the carelessness (hey at least I put a ? next to 0.012
Symmetric doesn't technically have anything to do with it (you could brute force an asymmetric just as well). The main issue is that people are not using brute force guessing (which has running time 2^n even in assymmetric case) but are using factoring to break the cryptosystem (presumably). The complexity of factoring an n-bit number under the NFS as you point out, is order of exp( (ln(n))^(1/3) * (ln(ln(n)) ^(2/3)) so we plug in the results of a 512 bit number (which I believe was 0.012 seconds?) and obtain the constant. I calculate the constant to be about 7.6 * 10^-4, and thus plugging in 2048 into the above equation I get 0.018 secs more or less. I don't feel much safer with a 2048 bit key, do you?
On another note, I would guess the article left out a small detail, the optical machine they were working on solved the second half of the seive, the half they used a Cray on in the earlier story. The pre calculations needed to setup the problem in terms the optical machine can handle took a few months of spare cpu cycles from some small amount of computers (under a 100 as i recall?). If they have discovered how to reduce that to near constant time then this would probably be the end of RSA type algorithms. There are still quite a few public key algorithms out there, so we might still have to wait for the quantum computers to come out before public key crypto is dead.
Thanks for correcting that 2^n comment, it was might have misled alot of people.
Caveats on this comment as well: complexity given above is ASYMPTOTIC. It has (logically) nothing whatsoever to do with any finite n, or set of n. It says nothing about them. Specifcally the running time says nothing about the relationship between 512bit and 2048bit factoring. However it is standard practice to assume that it does, and this practice (while not grounded in rigorous proof) tends to work out.
www.rootshell.com
someone had a crack at it and won.
It was touted as a secure server.
The main problem I have with OpenBSD is someone (oh theo) doesn't think a local kernel panic is a bug. While linux has more malicious DOS vulnerabilities, OpenBSD crashed much more often during casual use.
In fairness, OpenBSD is my second favorite OS, next to an inspected and patched linux 2.2.10-int.
It like all works of man is imperfect, but its contribution to the open source OS community cannot be over-estimated.
ah, rational thought. thanks. it's refreshing to see someone put things neatly in perspective.