We're entirely agreed, then, except for one thing: when do we need to start looking for compromise? I don't think it's been shown yet that we need to start compromising. I don't think it's impossible to find a technological solution which will reduce the ability of malicious users to abuse Tor, while at the same time preserving the ability of legitimate users to make use of it.
I think that until we've struck out on technological fixes, we should be very reluctant to start making compromises of freedom. Freedoms, once diminished, are a long and hard time in the regaining.
I never argued against anonymity. It would be absolutely crazy of me to do so; anonymity has a long and honored tradition in American political theater. After all, the Federalist Papers were originally published anonymously, and I'm of the belief they're among the most important political tracts in human history.
I only argued against the (in my mind grotesque) belief that it's acceptable to purchase essential human rights for one oppressed party at the price of essential human rights for a privileged party. The right to speak freely and the right to assemble (online or offline) are essential human rights without respect to whether you're rich or poor, whether you're privileged or underprivileged, whether you live in China or America. It's just as immoral to deprive a free American of those rights to give it to Chinese dissidents as it would be to further oppress a Chinese citizen in order to enhance American freedom.
You're turning freedom into a zero-sum game. Freedom's clearly not a zero-sum game, as can be seen by looking at history. History shows us the greatest advances in human history have been those times when people have taken a stand and demanded that freedom stop being viewed as zero-sum.
I'm willing to accept compromise and I'm even willing to accept tradeoff. What I'm not willing to accept are cheap superficialities which say that we must give up our essential freedom in order to give other people their essential freedom, without first exhausting all possibility of increasing the amount of freedom for everyone first.
You're arguing freedom is worth any price, without considering what the word freedom means. Do the Chinese possess the human right to criticize their government freely, to talk to their fellow citizens without worrying about secret police, etc.? Absolutely so--and that the Chinese government insists on interfering with this human right is proof, in my book, that the Chinese government is illegitimate.
But we cannot buy human rights for people in China at the expense of the human rights of people in America or Europe. I have the exact same right to speak my mind freely, to make effective use of public forums to disseminate my ideas and my views. The original poster was remarking, quite correctly, that the total lack of accountability which Tor facilitates leads directly to a radical diminishment of his ability to effectively and freely communicate.
So you're saying that the right of Chinese dissidents to speak their minds freely is more important than my right to speak my mind freely? That I should be forced to endure a diminishment of my ability to express my views on the Internet, in order to ensure that Chinese dissidents can get their views out?
Congratulations: you're a character in a George Orwell book. The book is Animal Farm, and you're the character that tells the farm animals all pigs are created equal, just some of them more equal than others.
It is immoral to buy one person's freedom with another person's freedom.
The only moral way out of this which I can see is to devise protocols which guarantee everyone's freedom--the freedom of Chinese dissidents to criticize their government without the secret police knocking, and my freedom to have the Internet available for me to publish and disseminate my own information without dealing with a crapflood of spam.
No offense, but I'll take a professional diagnosis from psychiatrists who've seen my complete medical records over the random opinions of someone on Slashdot who's coming up with a medical diagnosis without ever having met me.
Have you graduated from medical school? Have you done a psychiatric internship specializing in autistic spectrum disorders? Have you sat down with me to collect a medical history? Spoken with my relatives and friends to get a pattern of socialization behaviors?
I was diagnosed autistic at age five. The diagnosis was quickly withdrawn, since at the time a high IQ was a bar to a diagnosis of autism. In 1993, Asperger's Syndrome became an accepted diagnosis in the US, and it was pretty clear that it matched up with the behaviors seen when I was five. In 2000 I finally got around to talking to a psych about it. She gave me some excellent advice when it came to deciding whether or not I was autistic:
If the diagnosis helped me make sense of my life, if it gave me tools with which I could build a better life, then yes, I was autistic.
If the diagnosis turned into an excuse for self-destructive behavior, turned into a rationale for why I should be excused from the rules of civility, if it became a license for uncivil behavior, then no, I wasn't autistic.
In the end, she told me, it wasn't up to her to decide whether I was autistic. It was up to me.
It was the best psychiatric advice I've ever received. And, y'know what? I'm not going to tell you if I'm autistic or not. I don't care if you know. I don't wear a sign and advertise myself to the world one way or another.
I know if I'm autistic or not. That's enough.
So please show some courtesy to Bram Cohen. It's very possible he's received the exact same (excellent) psychiatric advice I've received.
My favorite logs are the ones where I get control over what events get logged and in what detail they get logged. There's no such thing as a one-size-fits-all software solution; why do we believe in one-size-fits-all logging?
The alternative is to log everything in great detail, but do so in such a way as to make it truly trivial for me to strip out everything except the specific events in which I'm interested, in the level of detail in which I'm interested.
An unwavering belief that there is only one absolute truth and the speaker is in possession of it is usually considered at least a mild form of insanity.
For all that hardcore Democrats condemn Bush for basing so many of his policies on articles of faith, the Democrats accept as an article of faith that no reasonable person could ever see anything redeeming in Bush.
Check the United States Constitution, wherein all executive power is vested in the President. Like it or not, all executive power is vested in the Oval Office. If the president wasn't ultimately responsible for the actions of the FCC, the FCC would have no authority whatsoever.
You could just as easily say that the powers of the United States Treasury are delegated to it by the Treasury Act. That doesn't mean the Secret Service is a Congressional authority.
A marker as to the language the user learned, yes; a marker as to the sophistication of the user, never.
Languages change over time. One way to assess the power of a language is to measure the rate at which it changes and evolves. This process of evolution is natural and should neither be feared nor welcomed. It's a natural state of affairs. Hence my remark of "deal with it". You may think it's rude, but I think you should deal with it, the same way I think you should deal with gravity, the sun rising in the east, or other facts of existence.
I'm not in a rush to change the language, but neither do I have any sympathy for people who wish their favorite parts of the language to remain fixed in stone. The greatest virtue of the English language has always been its willingness to lead other languages into dark alleys, brutally mug them, then rifle through their pockets for any bits of interesting grammar. The language is alive and vibrant, and long may it remain.
The language changes. It's the natural state of affairs. Deal with it the same way you'd deal with any other inexorable process of nature. You're the one who has to adapt. Nature is just going to be what it is, and nature will always win.
Until recently, no educated speaker of English would have allowed a sentence to end with a preposition or to start with a conjunction. Today, educated speakers of English agree that these are unnecessary pseudo-remnants of the past. (The "don't end sentences with prepositions" rule isn't even English grammar; it was an attempt to dress English up by incorporating Latin grammatical elements.)
The language changes. Deal with it. It doesn't make you educated to avoid ending sentences with prepositions, nor does it make you educated to embrace them. Likewise with the use of the phrase "begs the question". As long as it's used appropriately in a logical context and as long as it's used clearly outside of that context, modern language experts say there's no problem with it.
Adleman also said the directors were right to use the grease-penned slides. There's no way a mathematician delivering a lecture would spend a week making perfectly pretty graphs. That's a week which could be spent further preparing the speech. A real mathematician would grease-pen the slides and run with it, which is exactly what they did in the movie. Adleman's mistake was he tried to give them what he thought they wanted, not what they wanted.
The irony is he thought they wanted something that looked good, and they wanted something that looked like a real mathematician would come up with.
The owner of the Second Chance body armor corporation used to (don't know if he does this anymore) do a vivid demonstration of just how good body armor is, and just how wimpy even high-velocity, high-energy rifle ammunition is.
While wearing lightweight body armor of modern manufacture (Spectrafiber, not Kevlar) and a trauma plate, he'd get shot by a 7.62mm NATO armor-piercing round.
He never got knocked off his feet. Nobody even saw his breathing go haywire from the shot. He never even developed a bruise from the impact.
A 7.62mm NATO armor-piercing round will seriously fuck you up if you get hit by it, but as far as energy goes, it's pretty wimpy. You can deliver far more energy to someone with a pair of nunchuks, to say nothing of a good baseball bat.
This isn't strictly true. "Begging the question" has a very specific meaning in the world of logical fallacies, but it also has a very different meaning in the world of conversational English. Something may "beg a question" if there is an obvious and relevant follow-up question.
Do your job. If you have authority to decide which of these distros to use, you have the responsibility to make the right decision.
And where are you posting to? Slashdot. What's Slashdot well-known for? Being visited, by and large, by a lot of young geeks with more ambition than they have knowledge. This is the place where people love to trash-talk technology without first bothering to learn what the technology is first (because, after all, all the cool kids know that technology's lame).
Yeah, there's the occasional gem in the comments, but there's a sea of bullshit you have to wade through in order to find it. By the time you're done wading, it would've been easier to just grab all three distros and evaluate them for yourself.
You have a job to do. I suggest you do it, and not substitute a horde of lemmings for your better judgment.
I don't know why I'm bothering to respond to a troll, but what the hell.
Cryptography is codes.
No. C.f. Schneier, section 1.1: "The art and science of keeping messages secure is cryptography." There's nothing in that definition about math. Cryptography is just as much about physics as it is mathematics; information theory, upon which almost all of cryptography is based, is taken from electrical engineering. Claude Shannon's original groundbreaking work in information theory wasn't done from a purely mathematical perspective; it was done from the perspective of someone who was concerned with transmitting information over a wire.
In crypto, we're concerned with things like the Landauer Bound and the Margolus-Levitin Limits, and what implications they have for the future of cryptography. These are both taken directly from quantum mechanics.
We're concerned with things like the architecture of computers. If crypto were a purely mathematical discipline, no one would use RSA; it's too easy to crack! (How do I factor a large composite number C? Easy: first I assume that I know the set of prime factors Pf of C...) The entire security of RSA is dependent upon several mathematical conjectures and several engineering conjectures--namely, that it's infeasible to build accurate and efficient nondeterministic Turing Machines. Give me an accurate and efficient nondeterministic Turing Machine and presto, I've just broken every asymmetric algorithm known.
We're concerned with things like Dan Bernstein's proposal for computer architectures which solve the factoring problem faster than prior architectures. Adi Shamir's TWINKLE cracker, too, gets a lot of discussion in the crypto field, even though that's a hardware issue.
Nor is cryptography software. DES was, is, a magnificent crypto algorithm. It was a magnificent crypto algorithm even when it existed only in hardware. (Remember, DES was never meant to exist in software.) The Enigma machine was a fatally flawed crypto algorithm; it existed only in hardware. The Vignere Tableaux, the German doppelkasten, the Playfair Cipher... all of these had hardware components; they didn't exist as pure algorithms. Yet, they're fair game for cryptography. Book ciphers and one-time-pads are dependent on hardware; they're fair game.
10 guys with machine guns escorting a station wagon full of CD-Rs is also a "code"
It's not a code. It is cryptography, which is the art and science of keeping messages secure.
Incidentally, you're using the wrong terminology... cryppies use the word "cipher". "Code" is something engineers talk about; encoding theory, for instance, is the study of how to encode information for efficient transmission across networks.
Oh, I'm a big open-source partisan. I'd already spoken with my co-author about licensing, and we agreed that if a patent was issued, it would be made at no cost for any project released under an OSI-approved license.
But we also live in a world where we have to pay the bills. I have to pay for graduate school somehow. I wasn't expecting to get independently wealthy off this idea, but I was hoping to be able to pay for a couple of semesters of grad school from the proceeds. That's a reasonable hope, I think.
Unfortunately, the current patent system has very little to do with reasonableness, or hope.
I'm a grad student studying computer security. Recently, I made some discoveries which have the potential to significant increase the security of Web transactions. (With luck, I'll be presenting at Black Hat 2005, so please forgive me not saying more than that until my submission gets a thumbs-up or a thumbs-down.) After hearing from several Ph.Ds in the field that this idea was fairly novel, I decided it'd be good to talk to a patent lawyer. After all, I came up with it on my own time, without using any university resources, in private research unconnected to my university activities, and under my contract my discovery belongs to me.
So I did my research and found one of the better IP lawyers in the state. I walked into his office with a preprint of my academic paper, copies of existing academic articles which may be considered prior art, everything I thought he'd need.
His first question was whether I was willing to go bankrupt for this idea. "Uh... what?" I asked. That wasn't what I was expecting to hear.
The average cost for a successful patent, he explained to me, runs around $7,000. That news floored me; isn't the patent system supposed to be accessible to private citizens?
Oh, no, he told me, that's not the price. That's the price for a successful application. Right now, only about 35% of all software patents are granted. So the amortized cost of a software patent is about $20,000.
Then it starts getting even worse.
About one patent in ten will ever make their original investment back from licensing fees. The overwhelming majority of patents issued fail to recoup their initial outlay. Most patents are not used to get licensing fees; most patents are used to deny other people entry into your market. If a patent can keep other people out from your business, then it might make financial sense; but as it currently stands, since I have no business in this area of the security field... I'd be looking at one chance in ten of recouping my patent cost.
So, in other words, take the amortized cost of a patent ($20,000) and subtract from it the speculative revenues I'd be receiving ($20,000 *.1 = $2,000). What I'm left with is how much it'd cost me to get a patent, or $18,000.
That's considerably more than I make in a year as a graduate student. I could possibly, if I sold all my worldly possessions, get that much money together, but I'd probably have to declare bankruptcy as soon as it came time to pay my student loans. Hence, his question: is this idea worth going bankrupt over? Especially given the unavoidable fact that, if I did manage to beat the odds and get good licensing, all the major players would simply threaten to sue me for infringing on patents of theirs I didn't even know I'd infringed, and would offer just a no-cost cross-licensing deal that would let them have access to my patent for free, and all I'd really get out of it would be the mercy of them not suing me?...
I'm not opposed to the existence of software patents. I think they're wildly overused, and overused in unethical ways, but there are some algorithms which are so breathtakingly new and innovative that they deserve patent protection. (RSA comes to mind as an example.)
I am opposed to a patent system which is priced far outside the capabilities of private citizens.
I am opposed to a patent system which is structured in such a way that large companies can get unlimited access to the small guy's patent portfolio just by threatening a lawsuit.
I guess you could say I'm opposed to practically every dimension of how patents are currently practiced.
IAGSSTS (I Am A Grad Student Studying This Shit--specifically, cryptography).
Quantum key exchange is cryptography. Just like the Diffie-Hellman Key Exchange Algorithm (DHKEA) is cryptography. There are a lot of key exchange algorithms in cryptography; you can find a lot of good information about them in books with titles like Applied Cryptography and The Handbook of Applied Cryptography.
Of all the professional cryptographers I know--and that's quite a few--none of them believe QKE is not a cryptographic algorithm. There's a lot of doubt about how useful QKE is, both in theory and in practice, but there's no serious debate over whether QKE is part of the field of cryptography.
Yes and no. Quantum key exchange is, as you point out, a key negotiation protocol which relies on the laws of physics to keep the negotiated key safe from eavesdroppers. However, there's absolutely no limit on the size of key you can generate. If you need a million bits of key, then fine: make a million bit key.
Once you have as many bits of key as you have bits of data, you can treat it as a one-time pad. And that would be a perfectly secure transmission, as long as both sides make sure they destroy the key once it's been used to do an encryption or decryption operation.
In other words, QKE leads quite directly to (a) a cipher and (b) a traditional cryptographic system.
IAAGSSTS (I Am A Grad Student Studying This Shit).
Please reread what I wrote. While C++ generics are inspired by the Ada83 generics mechanism, they're stronger than Ada83's mechanism. C++'s generics predate Ada95's strong generics.
Ada95 has a stronger mechanism than C++, which is really impressive.
The STL has a consistent design, but the base C++ language doesn't.
The STL is part of the base C++ language. Read the Standard.
The STL is a decent library
Damning with faint praise. Have you ever used the STL for more than a trivial 5,000-line app?
but it was hardly revolutionary. Type-safe generics were not a new technology at the time.
C++ generics predate Ada95's strong generics mechanism by quite some time. In fact, the inventor of generics--Stepanov--used C++ as his testbed for ideas. C++ generics go back to the early 1980s.
C++ started out as an extension of C, but the two quickly diverged. C++ is not a superset of C; it's an entirely different language nowadays with a syntax clearly borrowed from C.
A trivial conversion exists between any ISO C90 program and ISO C++, but then again, we have FORTRAN-to-C translators and nobody thinks C is an extension of FORTRAN.
Stroustrup would also likely be a little uncomfortable with the appellation "creator". While he's certainly been one of the pivotal figures in C++, Stroustrup has always been quick to recognize the contributions of other people and the work of the ISO standardization committee.
Slashdot Mirror
We're entirely agreed, then, except for one thing: when do we need to start looking for compromise? I don't think it's been shown yet that we need to start compromising. I don't think it's impossible to find a technological solution which will reduce the ability of malicious users to abuse Tor, while at the same time preserving the ability of legitimate users to make use of it.
I think that until we've struck out on technological fixes, we should be very reluctant to start making compromises of freedom. Freedoms, once diminished, are a long and hard time in the regaining.
I never argued against anonymity. It would be absolutely crazy of me to do so; anonymity has a long and honored tradition in American political theater. After all, the Federalist Papers were originally published anonymously, and I'm of the belief they're among the most important political tracts in human history.
I only argued against the (in my mind grotesque) belief that it's acceptable to purchase essential human rights for one oppressed party at the price of essential human rights for a privileged party. The right to speak freely and the right to assemble (online or offline) are essential human rights without respect to whether you're rich or poor, whether you're privileged or underprivileged, whether you live in China or America. It's just as immoral to deprive a free American of those rights to give it to Chinese dissidents as it would be to further oppress a Chinese citizen in order to enhance American freedom.
You're turning freedom into a zero-sum game. Freedom's clearly not a zero-sum game, as can be seen by looking at history. History shows us the greatest advances in human history have been those times when people have taken a stand and demanded that freedom stop being viewed as zero-sum.
I'm willing to accept compromise and I'm even willing to accept tradeoff. What I'm not willing to accept are cheap superficialities which say that we must give up our essential freedom in order to give other people their essential freedom, without first exhausting all possibility of increasing the amount of freedom for everyone first.
You're arguing freedom is worth any price, without considering what the word freedom means. Do the Chinese possess the human right to criticize their government freely, to talk to their fellow citizens without worrying about secret police, etc.? Absolutely so--and that the Chinese government insists on interfering with this human right is proof, in my book, that the Chinese government is illegitimate.
But we cannot buy human rights for people in China at the expense of the human rights of people in America or Europe. I have the exact same right to speak my mind freely, to make effective use of public forums to disseminate my ideas and my views. The original poster was remarking, quite correctly, that the total lack of accountability which Tor facilitates leads directly to a radical diminishment of his ability to effectively and freely communicate.
So you're saying that the right of Chinese dissidents to speak their minds freely is more important than my right to speak my mind freely? That I should be forced to endure a diminishment of my ability to express my views on the Internet, in order to ensure that Chinese dissidents can get their views out?
Congratulations: you're a character in a George Orwell book. The book is Animal Farm, and you're the character that tells the farm animals all pigs are created equal, just some of them more equal than others.
It is immoral to buy one person's freedom with another person's freedom.
The only moral way out of this which I can see is to devise protocols which guarantee everyone's freedom--the freedom of Chinese dissidents to criticize their government without the secret police knocking, and my freedom to have the Internet available for me to publish and disseminate my own information without dealing with a crapflood of spam.
No offense, but I'll take a professional diagnosis from psychiatrists who've seen my complete medical records over the random opinions of someone on Slashdot who's coming up with a medical diagnosis without ever having met me.
Have you graduated from medical school? Have you done a psychiatric internship specializing in autistic spectrum disorders? Have you sat down with me to collect a medical history? Spoken with my relatives and friends to get a pattern of socialization behaviors?
No?
Then why should I take your opinion seriously?
I was diagnosed autistic at age five. The diagnosis was quickly withdrawn, since at the time a high IQ was a bar to a diagnosis of autism. In 1993, Asperger's Syndrome became an accepted diagnosis in the US, and it was pretty clear that it matched up with the behaviors seen when I was five. In 2000 I finally got around to talking to a psych about it. She gave me some excellent advice when it came to deciding whether or not I was autistic:
If the diagnosis helped me make sense of my life, if it gave me tools with which I could build a better life, then yes, I was autistic.
If the diagnosis turned into an excuse for self-destructive behavior, turned into a rationale for why I should be excused from the rules of civility, if it became a license for uncivil behavior, then no, I wasn't autistic.
In the end, she told me, it wasn't up to her to decide whether I was autistic. It was up to me.
It was the best psychiatric advice I've ever received. And, y'know what? I'm not going to tell you if I'm autistic or not. I don't care if you know. I don't wear a sign and advertise myself to the world one way or another.
I know if I'm autistic or not. That's enough.
So please show some courtesy to Bram Cohen. It's very possible he's received the exact same (excellent) psychiatric advice I've received.
My favorite logs are the ones where I get control over what events get logged and in what detail they get logged. There's no such thing as a one-size-fits-all software solution; why do we believe in one-size-fits-all logging?
The alternative is to log everything in great detail, but do so in such a way as to make it truly trivial for me to strip out everything except the specific events in which I'm interested, in the level of detail in which I'm interested.
An unwavering belief that there is only one absolute truth and the speaker is in possession of it is usually considered at least a mild form of insanity.
For all that hardcore Democrats condemn Bush for basing so many of his policies on articles of faith, the Democrats accept as an article of faith that no reasonable person could ever see anything redeeming in Bush.
Hypocrisy is the Devil's favorite sin.
Check the United States Constitution, wherein all executive power is vested in the President. Like it or not, all executive power is vested in the Oval Office. If the president wasn't ultimately responsible for the actions of the FCC, the FCC would have no authority whatsoever.
You could just as easily say that the powers of the United States Treasury are delegated to it by the Treasury Act. That doesn't mean the Secret Service is a Congressional authority.
A marker as to the language the user learned, yes; a marker as to the sophistication of the user, never.
Languages change over time. One way to assess the power of a language is to measure the rate at which it changes and evolves. This process of evolution is natural and should neither be feared nor welcomed. It's a natural state of affairs. Hence my remark of "deal with it". You may think it's rude, but I think you should deal with it, the same way I think you should deal with gravity, the sun rising in the east, or other facts of existence.
I'm not in a rush to change the language, but neither do I have any sympathy for people who wish their favorite parts of the language to remain fixed in stone. The greatest virtue of the English language has always been its willingness to lead other languages into dark alleys, brutally mug them, then rifle through their pockets for any bits of interesting grammar. The language is alive and vibrant, and long may it remain.
The language changes. It's the natural state of affairs. Deal with it the same way you'd deal with any other inexorable process of nature. You're the one who has to adapt. Nature is just going to be what it is, and nature will always win.
Until recently, no educated speaker of English would have allowed a sentence to end with a preposition or to start with a conjunction. Today, educated speakers of English agree that these are unnecessary pseudo-remnants of the past. (The "don't end sentences with prepositions" rule isn't even English grammar; it was an attempt to dress English up by incorporating Latin grammatical elements.)
The language changes. Deal with it. It doesn't make you educated to avoid ending sentences with prepositions, nor does it make you educated to embrace them. Likewise with the use of the phrase "begs the question". As long as it's used appropriately in a logical context and as long as it's used clearly outside of that context, modern language experts say there's no problem with it.
Adleman also said the directors were right to use the grease-penned slides. There's no way a mathematician delivering a lecture would spend a week making perfectly pretty graphs. That's a week which could be spent further preparing the speech. A real mathematician would grease-pen the slides and run with it, which is exactly what they did in the movie. Adleman's mistake was he tried to give them what he thought they wanted, not what they wanted.
The irony is he thought they wanted something that looked good, and they wanted something that looked like a real mathematician would come up with.
The owner of the Second Chance body armor corporation used to (don't know if he does this anymore) do a vivid demonstration of just how good body armor is, and just how wimpy even high-velocity, high-energy rifle ammunition is.
While wearing lightweight body armor of modern manufacture (Spectrafiber, not Kevlar) and a trauma plate, he'd get shot by a 7.62mm NATO armor-piercing round.
He never got knocked off his feet. Nobody even saw his breathing go haywire from the shot. He never even developed a bruise from the impact.
A 7.62mm NATO armor-piercing round will seriously fuck you up if you get hit by it, but as far as energy goes, it's pretty wimpy. You can deliver far more energy to someone with a pair of nunchuks, to say nothing of a good baseball bat.
This isn't strictly true. "Begging the question" has a very specific meaning in the world of logical fallacies, but it also has a very different meaning in the world of conversational English. Something may "beg a question" if there is an obvious and relevant follow-up question.
"Are you still beating your wife?"
"No!"
"That begs the question--when did you stop?"
Do your job. If you have authority to decide which of these distros to use, you have the responsibility to make the right decision.
And where are you posting to? Slashdot. What's Slashdot well-known for? Being visited, by and large, by a lot of young geeks with more ambition than they have knowledge. This is the place where people love to trash-talk technology without first bothering to learn what the technology is first (because, after all, all the cool kids know that technology's lame).
Yeah, there's the occasional gem in the comments, but there's a sea of bullshit you have to wade through in order to find it. By the time you're done wading, it would've been easier to just grab all three distros and evaluate them for yourself.
You have a job to do. I suggest you do it, and not substitute a horde of lemmings for your better judgment.
In crypto, we're concerned with things like the Landauer Bound and the Margolus-Levitin Limits, and what implications they have for the future of cryptography. These are both taken directly from quantum mechanics.
We're concerned with things like the architecture of computers. If crypto were a purely mathematical discipline, no one would use RSA; it's too easy to crack! (How do I factor a large composite number C? Easy: first I assume that I know the set of prime factors Pf of C...) The entire security of RSA is dependent upon several mathematical conjectures and several engineering conjectures--namely, that it's infeasible to build accurate and efficient nondeterministic Turing Machines. Give me an accurate and efficient nondeterministic Turing Machine and presto, I've just broken every asymmetric algorithm known.
We're concerned with things like Dan Bernstein's proposal for computer architectures which solve the factoring problem faster than prior architectures. Adi Shamir's TWINKLE cracker, too, gets a lot of discussion in the crypto field, even though that's a hardware issue.
Nor is cryptography software. DES was, is, a magnificent crypto algorithm. It was a magnificent crypto algorithm even when it existed only in hardware. (Remember, DES was never meant to exist in software.) The Enigma machine was a fatally flawed crypto algorithm; it existed only in hardware. The Vignere Tableaux, the German doppelkasten, the Playfair Cipher... all of these had hardware components; they didn't exist as pure algorithms. Yet, they're fair game for cryptography. Book ciphers and one-time-pads are dependent on hardware; they're fair game.It's not a code. It is cryptography, which is the art and science of keeping messages secure.
Incidentally, you're using the wrong terminology... cryppies use the word "cipher". "Code" is something engineers talk about; encoding theory, for instance, is the study of how to encode information for efficient transmission across networks.
Oh, I'm a big open-source partisan. I'd already spoken with my co-author about licensing, and we agreed that if a patent was issued, it would be made at no cost for any project released under an OSI-approved license.
But we also live in a world where we have to pay the bills. I have to pay for graduate school somehow. I wasn't expecting to get independently wealthy off this idea, but I was hoping to be able to pay for a couple of semesters of grad school from the proceeds. That's a reasonable hope, I think.
Unfortunately, the current patent system has very little to do with reasonableness, or hope.
I'm a grad student studying computer security. Recently, I made some discoveries which have the potential to significant increase the security of Web transactions. (With luck, I'll be presenting at Black Hat 2005, so please forgive me not saying more than that until my submission gets a thumbs-up or a thumbs-down.) After hearing from several Ph.Ds in the field that this idea was fairly novel, I decided it'd be good to talk to a patent lawyer. After all, I came up with it on my own time, without using any university resources, in private research unconnected to my university activities, and under my contract my discovery belongs to me.
.1 = $2,000). What I'm left with is how much it'd cost me to get a patent, or $18,000.
...
So I did my research and found one of the better IP lawyers in the state. I walked into his office with a preprint of my academic paper, copies of existing academic articles which may be considered prior art, everything I thought he'd need.
His first question was whether I was willing to go bankrupt for this idea. "Uh... what?" I asked. That wasn't what I was expecting to hear.
The average cost for a successful patent, he explained to me, runs around $7,000. That news floored me; isn't the patent system supposed to be accessible to private citizens?
Oh, no, he told me, that's not the price. That's the price for a successful application. Right now, only about 35% of all software patents are granted. So the amortized cost of a software patent is about $20,000.
Then it starts getting even worse.
About one patent in ten will ever make their original investment back from licensing fees. The overwhelming majority of patents issued fail to recoup their initial outlay. Most patents are not used to get licensing fees; most patents are used to deny other people entry into your market. If a patent can keep other people out from your business, then it might make financial sense; but as it currently stands, since I have no business in this area of the security field... I'd be looking at one chance in ten of recouping my patent cost.
So, in other words, take the amortized cost of a patent ($20,000) and subtract from it the speculative revenues I'd be receiving ($20,000 *
That's considerably more than I make in a year as a graduate student. I could possibly, if I sold all my worldly possessions, get that much money together, but I'd probably have to declare bankruptcy as soon as it came time to pay my student loans. Hence, his question: is this idea worth going bankrupt over? Especially given the unavoidable fact that, if I did manage to beat the odds and get good licensing, all the major players would simply threaten to sue me for infringing on patents of theirs I didn't even know I'd infringed, and would offer just a no-cost cross-licensing deal that would let them have access to my patent for free, and all I'd really get out of it would be the mercy of them not suing me?
I'm not opposed to the existence of software patents. I think they're wildly overused, and overused in unethical ways, but there are some algorithms which are so breathtakingly new and innovative that they deserve patent protection. (RSA comes to mind as an example.)
I am opposed to a patent system which is priced far outside the capabilities of private citizens.
I am opposed to a patent system which is structured in such a way that large companies can get unlimited access to the small guy's patent portfolio just by threatening a lawsuit.
I guess you could say I'm opposed to practically every dimension of how patents are currently practiced.
IAGSSTS (I Am A Grad Student Studying This Shit--specifically, cryptography).
Quantum key exchange is cryptography. Just like the Diffie-Hellman Key Exchange Algorithm (DHKEA) is cryptography. There are a lot of key exchange algorithms in cryptography; you can find a lot of good information about them in books with titles like Applied Cryptography and The Handbook of Applied Cryptography.
Of all the professional cryptographers I know--and that's quite a few--none of them believe QKE is not a cryptographic algorithm. There's a lot of doubt about how useful QKE is, both in theory and in practice, but there's no serious debate over whether QKE is part of the field of cryptography.
Yes and no. Quantum key exchange is, as you point out, a key negotiation protocol which relies on the laws of physics to keep the negotiated key safe from eavesdroppers. However, there's absolutely no limit on the size of key you can generate. If you need a million bits of key, then fine: make a million bit key.
Once you have as many bits of key as you have bits of data, you can treat it as a one-time pad. And that would be a perfectly secure transmission, as long as both sides make sure they destroy the key once it's been used to do an encryption or decryption operation.
In other words, QKE leads quite directly to (a) a cipher and (b) a traditional cryptographic system.
IAAGSSTS (I Am A Grad Student Studying This Shit).
Dude, that was the leaked Internet Explorer code, not KHTML. Expect your DMCA notice from Microsoft any time now. You've got a lawyer already, right?
Please reread what I wrote. While C++ generics are inspired by the Ada83 generics mechanism, they're stronger than Ada83's mechanism. C++'s generics predate Ada95's strong generics.
Ada95 has a stronger mechanism than C++, which is really impressive.
Not in some time. Zero-overhead exceptions have been in GCC for a while now, and IIRC, same thing with RTTI.
C++ started out as an extension of C, but the two quickly diverged. C++ is not a superset of C; it's an entirely different language nowadays with a syntax clearly borrowed from C.
A trivial conversion exists between any ISO C90 program and ISO C++, but then again, we have FORTRAN-to-C translators and nobody thinks C is an extension of FORTRAN.
Stroustrup would also likely be a little uncomfortable with the appellation "creator". While he's certainly been one of the pivotal figures in C++, Stroustrup has always been quick to recognize the contributions of other people and the work of the ISO standardization committee.