Look at any spy movie - classified material is in folders with red or black borders, the pages are marked, etc.
I've done the same with some SSL-aware custom JSP tags. If you browse to the page over an unencrypted channel you don't see the material at all (it's blocked at the server), if you have an SSL connection there's a thick black border, and if you have an authenticated and recognized SSL connection there's a thick red border. The actual appearance is controlled by CSS stylesheets, so it could easily faked... but that's not the point. What's important is that the symbol is obvious enough to be clearly seen even if partly obscured, while subtle enough that it doesn't get in the way.
In contrast, Microsoft's ideas are things that should be rejected out of hand by anyone with even a bit of security awareness. "Out of sight, out of mind" definitely applies here - if somebody sees a thick red or black border out of the corner of their eye they'll stop to lock the screen before walking away. But under Microsoft's oh-so-brilliant plan, there won't be any visual indication that they must lock their screen before dashing to the bathroom or to the coffee machine. Or joining a friend for lunch. Yet the confidential material will be available to anyone who cycles through the frames to see if there's anything interesting on the system.
It's time to declare a discussion over whenever somebody suggests SSH tunnels as the answer to all of the world's problems. Security, authentication, fresher breath and bedmates with big breasts! It's as predictable as a flame war escalating to the inevitable comparison to Nazi Germany.
If you knew half as much as you think you do, you would know that SSH tunnels are a clever ad hoc tool but they suck as a real VPN solution. They also don't give you nearly as much authentication as you think, since that information is not available to the user. In contrast my Unix socket code and SSL-aware applications always pull strongly authentication information about the peer as the first thing they do.
If you want to learn more, check out the documentation on CIPE... and try to write a tunneled application that can provide strong socket-level authentication of the peer's identity.
Moderators on crack again (when it was marked as 'insightful,' iirc)
It is completely legal to write your own software. It's completely legal to use the same metaphors when solving the same problems. It's even legal to "clone" an interface when such interoperatibility is a high user requirement. Can you imagine the chaos if every vendor had to come up with new names and flags for programs like ls(1), cc(1), find(1), etc.
What's illegal is copying code without permission. That's not cloning, and the results can't be copylefted since the punitive author doesn't have the right to release the code.
And as for the idea that all OS implementations are just ripped off from commercial products, have you actually looked at the quality of commercial code lately? Haven't you heard of company after company after company switching to Linux and open tools after realizing that they were regularly spending 20% or so of their time fixing files corrupted when the app or system crashed, cleaning up after viruses, cleaning up the mess left by bundled malware, etc.? Even if some mad Microsoft employee sneaked out with the source for Word or Outlook and ported it to Linux, a lot of us would still keep far away from it because of the profound flaws in the applications.
Never let the assholes win. If browsers and web authors dropped frames "because of this patent," then they'll use the same patent to go after tables and explicit positioning and it will be a lot harder to defend against the claims.
I don't know the wording of the SBC patent, but I can guarantee it doesn't say anything at all about the <FRAME> tag. It refers to some unspecified mechanism for formatting text, combining it from different places, etc., and any decent lawyer can stretch it cover pretty much anything you can name.
The only way to stop this crap is to make it hurt when someone (corporation or greedy individual) makes excessive claims.
> After all this shit HR will force you to sign a self incriminating document as part of your pink slip to receive severance pay.
The details vary from state to state, but in Colorado all back pay (including things like unused vacation time) must be given to the employee immediately. If they want you to sign something to get the check, the answer is to walk out and call the state - let them explain to the state why they failed to hand you your termination check.
If they try to hold you anyway, calmly say the magic words "false arrest." (And follow up with a criminal complaint for false arrest if they detain you anyway.)
"Severance pay" above and beyond this is another matter, but let's be honest here. Ask your friends about the terms of their last few layoffs - few people get more than two weeks of severance pay (N.B., this is above and beyond the legally required backpay), and many will have gotten nothing. Some wouldn't have gotten their full backpay. How much are you really out if you refuse to sign a document containing self-incriminating statements? How much would you lose in the long run if you did sign it?
They could still claim that you refused to sign it... but since you never signed it they would be opening themselves up to a libel, slander and/or defamation suit.
P.S., the boss in the final example has exposed his company to an unwinnable suit and should have been terminated immediately. Regardless of the merits of his original notice or her threatened suit, he clearly retaliated after HR reinstated her.
Like many people, I have a strong love-hate relationship with Larry Flynt and Hustler magazine. I love his willingness to fight to protect our rights from attacks by the easily offended, even while finding much of the content of his magazines personally repugnant.
Anyway, one quick phone call or email should end this matter real quick. How many people have seen this online strip, vs. how many people would see similar strips in that magazine? How much money is AG willing to spend to harrass a couple small-time artists, vs. how much money is it prepared to spend defending itself from a company that's successfully argued Freedom of Speech cases before the Supreme Court?
Call me crazy, but I don't see a lot of crossover in the consumers of <i>Hustler</i> and sappy greeting cards so the magazine can fight hard and fight dirty if AG wanted to fight them. Hell, I wouldn't put it past them to launch their own lines of parody greeting cards (real greeting cards, not just jokes in the magazine). I mean, where else are you going to find the perfect Valentine card for the girl who dumped you for your best friend, or for your former boss?
Groups tend to make extraordinarily stupid decisions. It's a classic "weakest link" argument - you can only go as fast as the dumbest or most obstinent person. So groups tend to strongly favor the status quo unless some alternative is clearly better.
That's why you rarely see legislative groups with more than a few hundred members, and they invariably break down into subcommittees of fewer than a dozen people for the bulk of the work.
Individuals are responsible for the big changes. The group should act as a brake when they are working towards their own personal advantage - that's why guarding the group from subversion is so critical. Saddam's prior job was no coincidence, and that's why many of us are worried by the apparent close ties between entertainment industries and Congress. ("Sure you could fight this bill, Senator, but we can keep the hometown TV stations from covering your side of the story, from airing your reelection campaign ads, etc.")
Groups will usually also resist helpful changes pushed by individuals, but a well-run group won't prevent the loons from trying. Every so often one will be right and you'll have FedEx (and its knockoffs) despite people claiming that there's no demand for overnight delivery, CNN (and its knockoffs) despite people claiming that there's no demand for 24-hour news, etc.
If you actually study attractors in nonlinear dynamic systems, what's popularly called "chaos theory," you'll see that what you actually have are quasi-stable attractors surrounded by regions of long-term unpredictability.
If you're near an attractor, it will take a lot to dislodge you from near that attractor. A butterfly flapping its wings won't cause a hurricane, but a volcano erupting on the other side of the plant might.
But what people usually forget is that there can be multiple attractors, and if you're not that close to one attractor it may not take much to push you over the edge to another attractor.
That's what happened at Easter Island. Cutting down the first tree caused no harm. Saving the last tree wouldn't have prevented the massive population crash. The details would have been changed in each case, but in a century you would still have ended up with a heavily forested island or a stripped one.
But during a long period in the middle they could have changed the outcome *in either direction* by seemingly small changes. That's the chaotic realm - it was impossible to where any simple change would lead. What's the consequences of cutting down a single tree? What if it's used to shore up the ground in the forest it came from?
What does that mean to us today? That we need to be careful since we're clearly in a chaotic realm and we can't predict the long term consequences of our actions. Some of this is due to natural variability (e.g., did you realize that it's been an unusually long time since a massive volcanic eruption, and that alone has driven global warming to a large extent?), some of it is due to human neglect (overfishing, agricultural monoculturism). Some of our problems are due to prior solutions - our artificial fertilizers prevented global starvation in the late 19th century but has now spread throughout the entire biosphere, resulting in plant growth and algae blooms even far from human activities.
N.B., that doesn't mean we shouldn't try to change policies that will push us back to a desirable attractor. It means that there's no "final answer"... and that the consequences if we fail can be disasterous. It's not like we haven't had clear warnings (Easter Island, the Irish potato famine, smallpox ripping through the new world or syphillis (IIRC) through the old one.)
It's only a problem if a "one size fits all" approach to liability is taken. What many of us would like to see is consumers given a choice:
- they can have access to the source and are responsible for identifying and fixing their own problems. This won't help the average user, but organizations can often provide their own support more efficiently than going through the vendor,
- they don't have access to the source but the vendor has to deliver what they promised,
- they have access to the source but paid extra for liability protection (which they can pass on to their clients) and support. They can make small changes without invalidating the warranty.
What would not be permitted is what is now common: you have no ability to solve your own problems or to get any meaningful help from the vendor. Hell, under the UCITA the vendor is not only not held to any standards, it can prevent you from discussing your problems with others.
Any election system which allows a voter to prove how he voted is unconstitutional in many states.
The implication here is that it *is* constitutional in some states and we don't appear
to see the problems you outline.
No at all, it just means that it's merely illegal in those states, or contrary to long-standing regulations. Some states have very lean constitutions that focus on the main issues and leave the details to legislation. Other states have constitutions that attempt to specify a fair amount of details.
If you can't prove how you voted, there's no point in buying votes or attempting to coerce voters.
In this day and age any attempt to coerce a voter is liable to be picked up on somebody's camcorder and backfire spectacularly.
You have got to be kidding me. 19th Century coercion was obvious, but 21st Century coercion can be subtle and backed by documents that appear to show the victim is responsible for their own problems.
And I have less of a problem with the rich buying my vote than I do the vote of my representative.
I have a problem with anyone buying the vote of my representative. I don't expect my representative to vote the same way I would on every issue, but I do expect them to give each side a fair listen. If they're willing to take shortcuts for money, let them do it elsewhere.
- a battered woman can be forced to vote "the right way" by her abusive husband. (or use "spouse" all around, since there are some battered husbands)
The battered woman is so terrified she will probably vote the way her husband wants, regardless of the system.
Where's your support for this claim? I have never heard anyone make this claim before. The main dysfunction is coming to the rescue of the abuser, e.g., refusing to press charges, not kowtowing to the abuser in all matters.
- an employee can be forced to vote in his boss's office.
The employee can blow the whistle on the employer, sue for damages, etc.
You're still fired, and will have no meaningful recourse. This will always be a case of your word against your boss's, and only an idiot would fire you on the spot. But during the next few months you'll find your working conditions rapidly deteriorate to the point where you either quit or are fired for having a bad attitude, etc., and you'll never be able to prove the connection.
- a church group can get together to pray and then "Witness" each other voting the right way.
A person can choose to leave that group.
Did it hurt when you fell off the turnip truck? Religious groups are notorious for both being difficult to leave and fostering groupthink, and a large part of the population may be willing to privately admit to having doubts about the wisdom of voting for a candidate or a referendum, but find it impossible to admit this in a church group that just had a fiery sermon that, oh, anyone who votes for Gore is voting for Sodomites who will rape all of their children and is thus inevitably headed to the fires of Hell.
I'd gladly risk all of the scenarios you've described
It's not your decision. You sound a lot like that idealistic idiot who tried to push his scheme in Boulder. He was sure that nobody, ever, broke the law or abused relationships, and could not understand why person after person after person after person after person cited these concerns to the city council and at debates on his proposal. If everyone always behaved like we would wish, we wouldn't need laws or courts at all.
Any election system which allows a voter to prove how he voted is unconstitutional in many states. This includes publishing ballots by name, publishing ballots by issued ID, etc. I know Colorado has this provision in its constitution because it came up when a local performance artist/election system designer tried to convince the City of Boulder to try telephone voting using software to be written by student volunteers.
The reason for this restriction, as others have stated, is to prevent election fraud. If you can't prove how you voted, there's no point in buying votes or attempting to coerce voters.
The other manifestation of the same restriction is that you must vote in private. Nobody can join you in the voting booth, etc. After all, external proof of how you voted is irrelevant if some 300 lb guy with a lead pipe is in the booth with you.
Ironically, this is provided by voting in public. Since others are around, nobody can force themselves into your voting booth.
But e-voting systems fail miserably at this. If I can vote from the convenience of my home:
- a battered woman can be forced to vote "the right way" by her abusive husband. (or use "spouse" all around, since there are some battered husbands)
- an employee can be forced to vote in his boss's office.
- a church group can get together to pray and then "Witness" each other voting the right way.
and so forth. All highly illegal, but difficult to prove and expensive to buck since you're still beaten up, fired, excommunicated, whatever.
Pre-DMCA and UCITA you could often come up with a reasonable analogy to books. (Post-DMCA and UCITA, grab a lawyer. But some of us still have hopes that common sense will eventually return and the pre-DMCA/UCITA rules will return.)
Anyway, can an author or publisher suggest that you read the book in a comfy chair with natural lighting over your shoulder from a warm spring day? Sure.
Can they compel it? Can they deny you the right to read it while sitting in on your toilet, flushing each page as you finish reading it? Or from reading it by flashlight or chemlight while camping? Nope.
They can't even say anything when you take their magnus opus home and use it to prop up a wobbly table. Or stick it, unopened, on a decorative bookcase.
Software should be no different. You can't copy it and sell it to others. You can't copy it and give it away. But anything else should be fair game. If you want to use the program disk as a really bad source of random data, it's your choice. If you want to run it on an "unapproved" operating system, it's your loss if you lose data because minimal support will be forthcoming.
But no company should have the right to deny any lawful use of its products.
The post office has just changed the valuation of its retirement plans... and in the view of some critics it's now the taxpayers who are subsidizing junk mail. Unlike private companies, the federal government backs the retirement benefits of USPS employees (or at least those hired before 1974).
The same article discussing this change pointed out that fully 60% of postal mail is now bulk mail, and the proportion continues to grow. First class mail is only 30% and shrinking.
Understanding the Kreb's cycle is important, but it's not the full story.
Do you even understand why a food's GI is important? How the insulin response affects the availability of different fuels? The difference between juvenile and adult-onset diabetes, and why so many public health officials are terrified by the latter's appearance in teenagers and even children? (Or why some people think that's tied to the widespread availability of soft drinks to children?)
Finally, do you know the real history behind the food pyramid? It was covered by several of its authors in a recent Scientific American piece on a revised pyramid.
The Kreb's cycle is important, and far too many diet authors push their own agendas. But claiming that the Kreb's cycle is all you need to know is comparable to saying that you understand, oh, memory management and therefore you understand everything involved in a modern OS & applications.
You know, like most people I have a bunch of CDs that I never listen to and have been too lazy to take to the used record store for a buck or two apiece.
Maybe it's time to just offer them to whoever wants them, for free. Just to show he RIAA that not only do I never want to buy another album (not hard, since I listen to adult music that gets no radio airplay so I can never learn about new artists anyway, except via word of mouth) - but now I consider the value of most of my collection essentially worthless. But maybe others will find it useful.
I could organize a swap, but it feels more important to arrange informal swaps. Some people are now leaving books in public places, with notes asking people to register where they found the book (and what they thought of it) on a website, before passing it on.
Maybe the same thing can be done with CDs. I just print out some labels, stick them on the jewel case, then leave them on the local pedestrian mall, at the local trailheads, etc.
What's the RIAA going to do, sue me for $150,000 for leaving a CD I purchased a decade ago on a park bench? Sue somebody else for picking up and enjoying that music, and leaving their own music for others?
Maybe I'm just over-sensitive today, but these are pranks, not hoaxes. Hoaxes harm people, and are things like
the Protocols of Zion
the Nazi Holocaust
the California "energy crisis" a few years ago
Enron making money
Worldcom making money
claims that Saddam Hussein could have ever convinced this administration that war was not necessary
the Florida 2000 election
plus innumerable hoaxes for petty gain but which cause confusion for years:
various skeletons of early humans,
fairies in the forest,
ghosts in the parlor,
seances
John Edward,
crop circles
and so forth.
Few April first pranks take more than a moment to detect, and they're almost always revealed as harmless pranks within a day or two. In contrast, hoaxes often last for years and develop a life on their own. The "Protocols of Zion" - a document arguably responsible for millions of deaths, is a well-documented forgery/hoax. Yet there are still millions of people who are convinced it's real and are ready to kill over it.
(P.S., yes I'm being provocative in some of my claimed hoaxes. That's the point - every one of them is, or was, widely believed at some point.)
(P.P.S, one of the best PRANKS ever has to be the guy who lived in Sitka, Alaska waiting for a clear April First. When one finally arrived, he took a helicopter to a nearby extinct volcano and set a pile of old tires on fire. Smoke poured from the volcano, the more credulous residents were convinced that the volcano was erupting... and if I heard the story correctly the prank made the national news that night.)
They've already tried that, at McDonnell Douglas. The engineering prototype even did a few test flights.
But NASA shut it down in the contest to choose the successor to the shuttle fleet. Why go with proven technology when you can pin everything on the development of new hypersonic jet engines and similiar exotic materials?
One minor nit about the probabilistic primality tests: you also need to check whether the number is a "weak" prime - composite numbers which falsely pass those tests. Fortunately they're easily enumerated.
We're dealing with naturals (or integers), and "approximations" and "limits" just don't matter. Either a number is a perfect square, or it's not. There's no digits to the right of the decimal place, et.c
The final value will be close to the average of the two primes, but that's meaningless. Indeed, the square root of a composite number with two prime factors will always be (close to) the geometric mean of the factors, by definition.
Even if you know it's an RSA modulus, you don't know how competently the prime factors were chosen. The odds that two 512-bit primes are close enough for this technique to work are vanishingly small, but it doesn't take long to eliminate the possibility.
BTW, the last time I looked at the code for one of the more sophisticated approaches (rho-something, it's been a long time and this isn't my main focus) the software performed a number of these checks before dropping into the main routine.
It's been a while since I studied RSA prime selection, but I'm sure someone will rush to correct my errors....:-)
With RSA, I thought you wanted "strong primes," not just primes. A strong prime p is one such that p = 2p' + 1, where p' is also prime. This means that Phi(pq) = (p-1)(q-1) = 4p'q'.
Anyway, in practice this means that you'll go through a lot of primes before you find one suitable for use in an RSA key. That's why it takes so long to generate an RSA keypair....
By definition, your sqrt() function is broken. Many programs wouldn't even try, since no number ending with '99' (base 10) can be a perfect square. (You would actually look at the last byte or word, of course.)
Add 1, and the sum ends with '0000' and you can immediately see that any root has to end with '00'.
But this somewhat misses the point - factor 338959063631117. You could factor it by enumerating small primes, or you could note that adding 1642^2 gives you 338959066327281, a perfect square. 18410841 +/- 1642 gives you the two primes.
These numbers are still small enough that you can simply do trial division with small primes, but try it with 11489663619628510761447969341629.
(3389690632633463 and 3389590633733483, in case I mistyped a digit or three.)
I'm not quite sure why it was marked 'funny' either, but it's not just a matter of the square root being "approximately" p.
What you do is generate a sequence of small integers, square them, then add them to your composite number. You then check whether the result is a perfect square - I seem to recall there are efficient checks for this which don't involve actually computing the root, or you could just use Newton's method to determine the root.
If, despite all odds, you find a perfect square then you know from basic algebra that your two factors are r +/- n, where 'r' is the root of the perfect square and 'n' is the small integer.
It's not a question of efficiency. Even a 512-bit keypair has 256-bit factors, and it's just not practical to do that many trial divisions.
My point, which seems to have been misunderstood, is that nobody should ever turn to the heavy factoring algorithms without first exhausting all of the trivial checks. A few hours spent on trial division, checking for close factors, etc., is nothing when held against the tremendous effort of cracking the numbers via ECD or whatever is the preferred factoring method today.
To me, it's a lot like the time "wasted" putting on and taking off my seat belt when I get in my car. I, and everyone I know, has taken thousands of trips without nneding them. But all it takes is one hit to make the effort worthwhile.
Slashdot Mirror
Wrong metaphor.
Look at any spy movie - classified material is in folders with red or black borders, the pages are marked, etc.
I've done the same with some SSL-aware custom JSP tags. If you browse to the page over an unencrypted channel you don't see the material at all (it's blocked at the server), if you have an SSL connection there's a thick black border, and if you have an authenticated and recognized SSL connection there's a thick red border. The actual appearance is controlled by CSS stylesheets, so it could easily faked... but that's not the point. What's important is that the symbol is obvious enough to be clearly seen even if partly obscured, while subtle enough that it doesn't get in the way.
In contrast, Microsoft's ideas are things that should be rejected out of hand by anyone with even a bit of security awareness. "Out of sight, out of mind" definitely applies here - if somebody sees a thick red or black border out of the corner of their eye they'll stop to lock the screen before walking away. But under Microsoft's oh-so-brilliant plan, there won't be any visual indication that they must lock their screen before dashing to the bathroom or to the coffee machine. Or joining a friend for lunch. Yet the confidential material will be available to anyone who cycles through the frames to see if there's anything interesting on the system.
It's time to declare a discussion over whenever somebody suggests SSH tunnels as the answer to all of the world's problems. Security, authentication, fresher breath and bedmates with big breasts! It's as predictable as a flame war escalating to the inevitable comparison to Nazi Germany.
If you knew half as much as you think you do, you would know that SSH tunnels are a clever ad hoc tool but they suck as a real VPN solution. They also don't give you nearly as much authentication as you think, since that information is not available to the user. In contrast my Unix socket code and SSL-aware applications always pull strongly authentication information about the peer as the first thing they do.
If you want to learn more, check out the documentation on CIPE... and try to write a tunneled application that can provide strong socket-level authentication of the peer's identity.
Moderators on crack again (when it was marked as 'insightful,' iirc)
It is completely legal to write your own software. It's completely legal to use the same metaphors when solving the same problems. It's even legal to "clone" an interface when such interoperatibility is a high user requirement. Can you imagine the chaos if every vendor had to come up with new names and flags for programs like ls(1), cc(1), find(1), etc.
What's illegal is copying code without permission. That's not cloning, and the results can't be copylefted since the punitive author doesn't have the right to release the code.
And as for the idea that all OS implementations are just ripped off from commercial products, have you actually looked at the quality of commercial code lately? Haven't you heard of company after company after company switching to Linux and open tools after realizing that they were regularly spending 20% or so of their time fixing files corrupted when the app or system crashed, cleaning up after viruses, cleaning up the mess left by bundled malware, etc.? Even if some mad Microsoft employee sneaked out with the source for Word or Outlook and ported it to Linux, a lot of us would still keep far away from it because of the profound flaws in the applications.
> This might be a good excuse to dump frames.
Never let the assholes win. If browsers and web authors dropped frames "because of this patent," then they'll use the same patent to go after tables and explicit positioning and it will be a lot harder to defend against the claims.
I don't know the wording of the SBC patent, but I can guarantee it doesn't say anything at all about the <FRAME> tag. It refers to some unspecified mechanism for formatting text, combining it from different places, etc., and any decent lawyer can stretch it cover pretty much anything you can name.
The only way to stop this crap is to make it hurt when someone (corporation or greedy individual) makes excessive claims.
> After all this shit HR will force you to sign a self incriminating document as part of your pink slip to receive severance pay.
The details vary from state to state, but in Colorado all back pay (including things like unused vacation time) must be given to the employee immediately. If they want you to sign something to get the check, the answer is to walk out and call the state - let them explain to the state why they failed to hand you your termination check.
If they try to hold you anyway, calmly say the magic words "false arrest." (And follow up with a criminal complaint for false arrest if they detain you anyway.)
"Severance pay" above and beyond this is another matter, but let's be honest here. Ask your friends about the terms of their last few layoffs - few people get more than two weeks of severance pay (N.B., this is above and beyond the legally required backpay), and many will have gotten nothing. Some wouldn't have gotten their full backpay. How much are you really out if you refuse to sign a document containing self-incriminating statements? How much would you lose in the long run if you did sign it?
They could still claim that you refused to sign it... but since you never signed it they would be opening themselves up to a libel, slander and/or defamation suit.
P.S., the boss in the final example has exposed his company to an unwinnable suit and should have been terminated immediately. Regardless of the merits of his original notice or her threatened suit, he clearly retaliated after HR reinstated her.
Like many people, I have a strong love-hate relationship with Larry Flynt and Hustler magazine. I love his willingness to fight to protect our rights from attacks by the easily offended, even while finding much of the content of his magazines personally repugnant.
Anyway, one quick phone call or email should end this matter real quick. How many people have seen this online strip, vs. how many people would see similar strips in that magazine? How much money is AG willing to spend to harrass a couple small-time artists, vs. how much money is it prepared to spend defending itself from a company that's successfully argued Freedom of Speech cases before the Supreme Court?
Call me crazy, but I don't see a lot of crossover in the consumers of <i>Hustler</i> and sappy greeting cards so the magazine can fight hard and fight dirty if AG wanted to fight them. Hell, I wouldn't put it past them to launch their own lines of parody greeting cards (real greeting cards, not just jokes in the magazine). I mean, where else are you going to find the perfect Valentine card for the girl who dumped you for your best friend, or for your former boss?
Groups tend to make extraordinarily stupid decisions. It's a classic "weakest link" argument - you can only go as fast as the dumbest or most obstinent person. So groups tend to strongly favor the status quo unless some alternative is clearly better.
That's why you rarely see legislative groups with more than a few hundred members, and they invariably break down into subcommittees of fewer than a dozen people for the bulk of the work.
Individuals are responsible for the big changes. The group should act as a brake when they are working towards their own personal advantage - that's why guarding the group from subversion is so critical. Saddam's prior job was no coincidence, and that's why many of us are worried by the apparent close ties between entertainment industries and Congress. ("Sure you could fight this bill, Senator, but we can keep the hometown TV stations from covering your side of the story, from airing your reelection campaign ads, etc.")
Groups will usually also resist helpful changes pushed by individuals, but a well-run group won't prevent the loons from trying. Every so often one will be right and you'll have FedEx (and its knockoffs) despite people claiming that there's no demand for overnight delivery, CNN (and its knockoffs) despite people claiming that there's no demand for 24-hour news, etc.
If you actually study attractors in nonlinear dynamic systems, what's popularly called "chaos theory," you'll see that what you actually have are quasi-stable attractors surrounded by regions of long-term unpredictability.
If you're near an attractor, it will take a lot to dislodge you from near that attractor. A butterfly flapping its wings won't cause a hurricane, but a volcano erupting on the other side of the plant might.
But what people usually forget is that there can be multiple attractors, and if you're not that close to one attractor it may not take much to push you over the edge to another attractor.
That's what happened at Easter Island. Cutting down the first tree caused no harm. Saving the last tree wouldn't have prevented the massive population crash. The details would have been changed in each case, but in a century you would still have ended up with a heavily forested island or a stripped one.
But during a long period in the middle they could have changed the outcome *in either direction* by seemingly small changes. That's the chaotic realm - it was impossible to where any simple change would lead. What's the consequences of cutting down a single tree? What if it's used to shore up the ground in the forest it came from?
What does that mean to us today? That we need to be careful since we're clearly in a chaotic realm and we can't predict the long term consequences of our actions. Some of this is due to natural variability (e.g., did you realize that it's been an unusually long time since a massive volcanic eruption, and that alone has driven global warming to a large extent?), some of it is due to human neglect (overfishing, agricultural monoculturism). Some of our problems are due to prior solutions - our artificial fertilizers prevented global starvation in the late 19th century but has now spread throughout the entire biosphere, resulting in plant growth and algae blooms even far from human activities.
N.B., that doesn't mean we shouldn't try to change policies that will push us back to a desirable attractor. It means that there's no "final answer"... and that the consequences if we fail can be disasterous. It's not like we haven't had clear warnings (Easter Island, the Irish potato famine, smallpox ripping through the new world or syphillis (IIRC) through the old one.)
It's only a problem if a "one size fits all" approach to liability is taken. What many of us would like to see is consumers given a choice:
- they can have access to the source and are responsible for identifying and fixing their own problems. This won't help the average user, but organizations can often provide their own support more efficiently than going through the vendor,
- they don't have access to the source but the vendor has to deliver what they promised,
- they have access to the source but paid extra for liability protection (which they can pass on to their clients) and support. They can make small changes without invalidating the warranty.
What would not be permitted is what is now common: you have no ability to solve your own problems or to get any meaningful help from the vendor. Hell, under the UCITA the vendor is not only not held to any standards, it can prevent you from discussing your problems with others.
Any election system which allows a voter to prove how he voted is unconstitutional in many states. This includes publishing ballots by name, publishing ballots by issued ID, etc. I know Colorado has this provision in its constitution because it came up when a local performance artist/election system designer tried to convince the City of Boulder to try telephone voting using software to be written by student volunteers.
The reason for this restriction, as others have stated, is to prevent election fraud. If you can't prove how you voted, there's no point in buying votes or attempting to coerce voters.
The other manifestation of the same restriction is that you must vote in private. Nobody can join you in the voting booth, etc. After all, external proof of how you voted is irrelevant if some 300 lb guy with a lead pipe is in the booth with you.
Ironically, this is provided by voting in public. Since others are around, nobody can force themselves into your voting booth.
But e-voting systems fail miserably at this. If I can vote from the convenience of my home:
- a battered woman can be forced to vote "the right way" by her abusive husband. (or use "spouse" all around, since there are some battered husbands)
- an employee can be forced to vote in his boss's office.
- a church group can get together to pray and then "Witness" each other voting the right way.
and so forth. All highly illegal, but difficult to prove and expensive to buck since you're still beaten up, fired, excommunicated, whatever.
Pre-DMCA and UCITA you could often come up with a reasonable analogy to books. (Post-DMCA and UCITA, grab a lawyer. But some of us still have hopes that common sense will eventually return and the pre-DMCA /UCITA rules will return.)
Anyway, can an author or publisher suggest that you read the book in a comfy chair with natural lighting over your shoulder from a warm spring day? Sure.
Can they compel it? Can they deny you the right to read it while sitting in on your toilet, flushing each page as you finish reading it? Or from reading it by flashlight or chemlight while camping? Nope.
They can't even say anything when you take their magnus opus home and use it to prop up a wobbly table. Or stick it, unopened, on a decorative bookcase.
Software should be no different. You can't copy it and sell it to others. You can't copy it and give it away. But anything else should be fair game. If you want to use the program disk as a really bad source of random data, it's your choice. If you want to run it on an "unapproved" operating system, it's your loss if you lose data because minimal support will be forthcoming.
But no company should have the right to deny any lawful use of its products.
The post office has just changed the valuation of its retirement plans... and in the view of some critics it's now the taxpayers who are subsidizing junk mail. Unlike private companies, the federal government backs the retirement benefits of USPS employees (or at least those hired before 1974).
The same article discussing this change pointed out that fully 60% of postal mail is now bulk mail, and the proportion continues to grow. First class mail is only 30% and shrinking.
Understanding the Kreb's cycle is important, but it's not the full story.
Do you even understand why a food's GI is important? How the insulin response affects the availability of different fuels? The difference between juvenile and adult-onset diabetes, and why so many public health officials are terrified by the latter's appearance in teenagers and even children? (Or why some people think that's tied to the widespread availability of soft drinks to children?)
Finally, do you know the real history behind the food pyramid? It was covered by several of its authors in a recent Scientific American piece on a revised pyramid.
The Kreb's cycle is important, and far too many diet authors push their own agendas. But claiming that the Kreb's cycle is all you need to know is comparable to saying that you understand, oh, memory management and therefore you understand everything involved in a modern OS & applications.
You're right that OJ has a few more calories... but how much will you drink over an entire day?
How many calories are in 16 or 20 oz of juice?
What about a 6-pack (or more) of 12-oz colas?
You know, like most people I have a bunch of CDs that I never listen to and have been too lazy to take to the used record store for a buck or two apiece.
Maybe it's time to just offer them to whoever wants them, for free. Just to show he RIAA that not only do I never want to buy another album (not hard, since I listen to adult music that gets no radio airplay so I can never learn about new artists anyway, except via word of mouth) - but now I consider the value of most of my collection essentially worthless. But maybe others will find it useful.
I could organize a swap, but it feels more important to arrange informal swaps. Some people are now leaving books in public places, with notes asking people to register where they found the book (and what they thought of it) on a website, before passing it on.
Maybe the same thing can be done with CDs. I just print out some labels, stick them on the jewel case, then leave them on the local pedestrian mall, at the local trailheads, etc.
What's the RIAA going to do, sue me for $150,000 for leaving a CD I purchased a decade ago on a park bench? Sue somebody else for picking up and enjoying that music, and leaving their own music for others?
plus innumerable hoaxes for petty gain but which cause confusion for years:
- various skeletons of early humans,
- fairies in the forest,
- ghosts in the parlor,
- seances
- John Edward,
- crop circles
and so forth.Few April first pranks take more than a moment to detect, and they're almost always revealed as harmless pranks within a day or two. In contrast, hoaxes often last for years and develop a life on their own. The "Protocols of Zion" - a document arguably responsible for millions of deaths, is a well-documented forgery/hoax. Yet there are still millions of people who are convinced it's real and are ready to kill over it.
(P.S., yes I'm being provocative in some of my claimed hoaxes. That's the point - every one of them is, or was, widely believed at some point.)
(P.P.S, one of the best PRANKS ever has to be the guy who lived in Sitka, Alaska waiting for a clear April First. When one finally arrived, he took a helicopter to a nearby extinct volcano and set a pile of old tires on fire. Smoke poured from the volcano, the more credulous residents were convinced that the volcano was erupting... and if I heard the story correctly the prank made the national news that night.)
They've already tried that, at McDonnell Douglas. The engineering prototype even did a few test flights.
But NASA shut it down in the contest to choose the successor to the shuttle fleet. Why go with proven technology when you can pin everything on the development of new hypersonic jet engines and similiar exotic materials?
One minor nit about the probabilistic primality tests: you also need to check whether the number is a "weak" prime - composite numbers which falsely pass those tests. Fortunately they're easily enumerated.
Huh?
We're dealing with naturals (or integers), and "approximations" and "limits" just don't matter. Either a number is a perfect square, or it's not. There's no digits to the right of the decimal place, et.c
The final value will be close to the average of the two primes, but that's meaningless. Indeed, the square root of a composite number with two prime factors will always be (close to) the geometric mean of the factors, by definition.
Even if you know it's an RSA modulus, you don't know how competently the prime factors were chosen. The odds that two 512-bit primes are close enough for this technique to work are vanishingly small, but it doesn't take long to eliminate the possibility.
BTW, the last time I looked at the code for one of the more sophisticated approaches (rho-something, it's been a long time and this isn't my main focus) the software performed a number of these checks before dropping into the main routine.
It's been a while since I studied RSA prime selection, but I'm sure someone will rush to correct my errors.... :-)
With RSA, I thought you wanted "strong primes," not just primes. A strong prime p is one such that p = 2p' + 1, where p' is also prime. This means that Phi(pq) = (p-1)(q-1) = 4p'q'.
Anyway, in practice this means that you'll go through a lot of primes before you find one suitable for use in an RSA key. That's why it takes so long to generate an RSA keypair....
By definition, your sqrt() function is broken. Many programs wouldn't even try, since no number ending with '99' (base 10) can be a perfect square. (You would actually look at the last byte or word, of course.)
Add 1, and the sum ends with '0000' and you can immediately see that any root has to end with '00'.
But this somewhat misses the point - factor 338959063631117. You could factor it by enumerating small primes, or you could note that adding 1642^2 gives you 338959066327281, a perfect square. 18410841 +/- 1642 gives you the two primes.
These numbers are still small enough that you can simply do trial division with small primes, but try it with 11489663619628510761447969341629.
(3389690632633463 and 3389590633733483, in case I mistyped a digit or three.)
I'm not quite sure why it was marked 'funny' either, but it's not just a matter of the square root being "approximately" p.
What you do is generate a sequence of small integers, square them, then add them to your composite number. You then check whether the result is a perfect square - I seem to recall there are efficient checks for this which don't involve actually computing the root, or you could just use Newton's method to determine the root.
If, despite all odds, you find a perfect square then you know from basic algebra that your two factors are r +/- n, where 'r' is the root of the perfect square and 'n' is the small integer.
Two examples:
35 + 1 = 36 = 6^2, factors 6-1,6+1.
77 + 4 = 81 = 9^2, factors = 9-2, 9+2.
It's not a question of efficiency. Even a 512-bit keypair has 256-bit factors, and it's just not practical to do that many trial divisions.
My point, which seems to have been misunderstood, is that nobody should ever turn to the heavy factoring algorithms without first exhausting all of the trivial checks. A few hours spent on trial division, checking for close factors, etc., is nothing when held against the tremendous effort of cracking the numbers via ECD or whatever is the preferred factoring method today.
To me, it's a lot like the time "wasted" putting on and taking off my seat belt when I get in my car. I, and everyone I know, has taken thousands of trips without nneding them. But all it takes is one hit to make the effort worthwhile.