Sure, it's complicated stuff. But people understand it a lot better than this guy does. We've got lasers that work, for example.
With due respect, your statement has shown that you do not understand quantum mechanics.
The actions of atoms and subatomic interactions can be described, certainly. Predicted, absolutely. But understood, never. Niels Bohr once said that "if the quantum theory does not astonish you, then you do not understand it". Brilliant physicists have tried to understand quantum mechanics and all they get are splitting headaches. The theory is too astonishing; it is so contrary to our everyday experience that it might as well have come from an alien culture.
Quantum mechanics is describable, yes.
Understandable, never.
I don't know a single physicist who understands quantum mechanics. I know lots of people who don't understand QMech who say it's understandable.
Oh, please don't misunderstand me -- I'm not calling evolutionary science meaningless, or based on shaky foundations. I just draw a line between observed phenomena and hypothetical explanations for those phenomena. I've read plenty of descriptions of evolution in action to believe that it exists; I've yet to read a theory explaining evolution which I feel has a substantial chance of being substantially correct.
This doesn't mean that the field is useless. Far from it; it means the field is extremely useful, because somewhere there's a whole lot of discoveries just waiting to be made.
I just think we're a long way from having a good theory of how evolution occurs -- that's all.:)
Insofar as explaining observed pheonomena, predicting future phenomena, empirically testable, I submit the punctuated-equilibrium theory to you. Hypothesizing that evolution happens in times of catastrophic ecological upheaval is all fine and dandy, but it's kind of hard to conduct controlled tests of the same, don't you think?:)
My own personal belief is that geographic isolation and punctuated equilibrium are, taken together, probably the most promising ideas. The geographic isolation bit you can actually test under reasonably controlled conditions; the ecological catastrophes, less so.
Warning: I am not a biologist. I am a computer scientist. As you can guess, I'm not an expert in the field -- I've read enough to be dangerous and maybe enough to hold an intelligent conversation, but that's all.
Yes, this fellow is most likely completely off his rocker. But let's keep something in mind, all right?
1. This theory depends on DNA/RNA molecules being able to perform quantum computations. If DNA/RNA are not efficient chemical "vehicles" for quantum computation, then this theory is completely and utterly wrong.
2. This theory can actually be proven wrong, unlike almost every other evolutionary theory out there. You name the theory -- Punctuated Equilibrium, Red Queen, Designed Evolution... their mechanisms are all-but-unobservable, and cannot be empirically tested in a lab (as best I know). This theory can be tested in a lab; if DNA/RNA isn't good at quantum computation, presto, the theory's wrong.
3. Don't dismiss it because it didn't appear in a scientific journal. Odds are nobody would touch this one with a ten-foot pole; it's so far from conventional science that it's easy to dismiss it as being crackpot. But this fellow has a serious idea, and he's also conveniently provided us with a way to prove him wrong. Don't write him off as a nut and not worth your time just because he's published in a book -- first prove him wrong, and then write him off as a nut. Not before, and certainly not in the reverse order.
4. Dismiss anyone who says "this man doesn't know a thing about quantum mechanics" just because he takes a weird view of the implications of quantum mechanics. His theory, as best as I can tell, depends on the Everett many-worlds interpretation of quantum mechanics. I prefer the Copenhagen interpretation, but you know what? Neither one of them is in the slightest bit scientific.
Quantum mechanics is a fact. It describes observed phenomena, it has successfully predicted phenomena, and it can be proven wrong (not that it ever has been proven wrong -- but if you were to ever successfully measure both the precise location and velocity of a particle, you'd prove QM to be an incorrect theory). The problem is that quantum mechanics is so alien to our idea of the universe that most physicists have to come up with a framework from which quantum mechanics makes some sort of sense.
This gentleman's interpretation of quantum mechanics is no nuttier than the Copenhagen Interpretation, or even an interpretation that the collective farts of all the universe's sentient races causes the weirdness in QM. Any interpretation of QM is metaphysics, not science. It's easy to say "this guy's a crackpot, since his interpretation isn't shared by any other "serious scientist". It's just as easy, and as accurate, to say "a lot of guys are crackpots because they believe in a multiverse which is constantly splitting off from itself, as proposed by Everett."
For all this fellow's failings, I've got to give him credit for coming up with a perfect theory.
(1) It's insane. As Wolfgang Pauli is supposed to have said to a colleague, "We are all divided on whether or not your theory is crazy. I do not believe it is crazy enough." In QM, crazy is good.
(2) It explains observed phenomena.
(3) It predicts future phenomena.
(4) It's empirically testable.
... In other words, it's a hell of a lot better than most evolutionary theories I've seen. It's probably wrong, of course. But it's wrong to dismiss this one out-of-hand.
The only requirements, legally speaking, for a signature to be valid are that (a) the individual must mark the document in some way, and (b) the individual must intend for the mark to be affirmative. If you and I were to enter into a contract, either of us could sign with an X or as "Mortimer J. Humphries III" -- even if you sign with something that's not your real name, if it meets the two requirements above, it's a binding signature.
So, in light of this, the Digital Signature Act (or whatever they're calling it) is really quite irrelevant. If you and I sign an electronic contract with digital signatures, and we both mark it affirmatively, then the signature is valid -- period. (The virtue of digital signature algorithms is in that the signatures are difficult to repudiate -- while anyone could sign a contract as "Robert J. Hansen", presumably only I could sign a contract with my OpenPGP private key.)
In short, this legislation is unsurprising and unnecessary. Don't get your shorts in a knot over it; no matter how you cut it, digital signatures are already valid.
However -- to the best of my knowledge, digital signatures have not passed any kind of a court test. Instead of waiting for the courts to establish that digital signatures are valid (a process which could take years), the Legislature has just informed the courts that digital signatures are valid.
The last time I checked out the various digital signature acts, they (wisely) didn't specify algorithms to use, key management methods, etc. All they did was instruct the courts that digital signatures were valid, except in certain critical instances where physical signatures are viewed as more secure.
Just a few thoughts on the subject. Feel free to moderate me as (+1, -1, +2, -pi, Moderation As Rambling As The Content Is).
1. For the last two or three months the NSA has been playing "woe is me". Check out the press they've received recently; most egregiously was a Newsweek article which was very possibly written by the NSA. The NSA knows that the best PR is no PR -- the more people who watch the NSA, the harder it is for them to do their job. If people must watch the NSA, best if they point, laugh and make rude noises to mock them... after all, if the NSA is a laughingstock, nobody will take them seriously, which makes it easier for them to do their job.
2. Never believe anything the NSA tells you without independent confirmation. If the NSA feels it's in the national security of the United States to lie to you, they'll do so with a straight face and a clear conscience. The NSA says that some computers went down? Great -- big deal, computers go down all the time. "No," the NSA says, "these were important computers." Great -- that happens all the time, too. What, don't you guys have backup systems? A budget larger than every other intelligence agency combined and you can't afford redundant, independent computers for your mission-critical tasks?
Something in there just doesn't sound right to me.
3. The ability to process information is now more important than the ability to collect it. The article says that an NSA official downplayed the incident, saying that data was still collected -- it just wasn't processed and it'll have to be looked at later. Sounds like it wasn't too bad after all, right?
No. It means the NSA was blind, deaf and dumb, and not only that, they will likely forever be blind, deaf and dumb to events that happened during those few days.
NASA still has data from the Apollo Program which they haven't had the time or resources to look through and catalog yet. The NSA collects orders of magnitude more data than NASA, and unless they've got some incredibly advanced form of storage technology, they simply cannot store data for very long. They do not have the manpower or the resources to look through their backlog; with the scope and prevalence of digital communications today, they're drowning -- they must be drowning -- in a tidal wave of noise searching for the life-preserver of signal. It's a Herculean task.
... Add all of the above together and what do you get? I don't know. If I knew, I'd be Bruce Schneier.
And regardless of people arguing that this is supposed to be ready for "prime time" the fact is, it's not shipping and any rational IT professional will recognize that that means *BETA*.
Warning: I am a rational IT professional. Not only that, but I worked in QA for a few years (first with Sir-Tech Software, then with MCI-WorldCom).
I could talk at great length about rational versus irrational QA policies. (There should be an "Ask Slashdot" about how to properly QA a product...) But that's really not the issue here; good QA, bad QA, it all boils down to the same thing in the end.
At the end of QA, the QA Lead signs off on the project. What the QA Lead signs off on becomes the first version released to the consumer.
Period, end of discussion.
The fact that Win2K went gold means that the QA Lead signed off on it. The pre-release development cycle ended the instant the QA Lead signed off on it. Everything after the moment his/her pen left the paper is part of the maintenance cycle, not the development cycle.
In short, the exploit was found in a consumer release of Win2K. It doesn't matter if it was on the store shelves or not; when the QA Lead signed off on it, it became a final product.
Everything clear?
Beware of trivialities. :)
on
Author Unknown
·
· Score: 2
If it's trivial, then you ought to be able to tell me the IP address of the machine I used to do that language mangling, right?
After all, that's what trivial means--that anyone can do it.
That's also ignoring the fact that Babelfish-like programs are available for free download. How do you propose to trace down exactly which program was used to do the language mangling when there are a few million laptops around with that sort of software on it?
Really, I would like to see if it's as trivial as you're making it out to be. Just post the IP address I filed the Fish request from (hint: it's not the same as the IP address I'm posting this from) and I'll concede that it's a trivial exercise.
Online anonymity is easy. If you want to really screw up efforts to identify you by specific language details, just run your posts through the Fish a couple of times. What comes out is guaranteed to give Foster a first class migraine.
=====
On-line anonymity is simple. If you want to really upward screw efforts to identify itself by the specific language details just your masts by the fish execute a pair of the periods. Which comes out, is guaranteed, giving foster a first class klassenmigraene.
(English->French->German->English, for those who are interested.)
It's hardly irrelevant to correct you when you put words in my mouth.
Which one of us was the one who said we would be able to compute anything, anything at all, thermodynamic limitations be damned?
Extraordinary claims require extraordinary evidence. Since your claim is absolutely extraordinary and you have no evidence of any sort to back up your claim, your claim has absolutely zero standing.
Usually, I am more reserved. It's when people demonstrate themselves to be willfully anti-reason that I write them off as being fools.
I said I don't have as much confidence in the limits it provides. Why not? We have systematically expanded and deepened our understanding of every ruleset about the cosmos in recorded history.
Granted. That's also wholly irrelevant. I could just as easily say "well, when we become gods, then we'll be able to compute anything"--but unless I present a theory which shows how we can become gods and compute anything, I haven't challenged the existing theory at all. What you're doing is standing on the sidelines and throwing rocks at the underpinnings of modern physics when you're too much of an intellectual coward to brave the arena yourself by presenting new theories and ideas.
Anyone can belittle the existing state of affairs, whether it be in politics, in literature, in civic life or in science. I have no use for these critics, these mean and petty souls who, fearing defeat, mock those who brave it.
If you want me to take you seriously, then present an idea, a hypothesis, some way which will show thermodynamics to be wrong. But as long as you merely throw rocks, you're an imbecile and useless.
If you want to throw rocks, climb down here in the mud with the rest of us who are actually trying to build something. Get dirty, soiled and sweaty. Get your hands calloused and the mud blood-soaked. Build something better than what we presently have, and you'll find that to be ten thousand times more effective than any pebble you could hurl from the bleachers.
What arrogance you portray trying to tell me that THIS time we have it right. THIS time the equations cover all the bases and define the absolutes of the universe with no possible exceptions.
What arrogance you have, to sit idly by and tell the flawed, valorous people who are actually doing things that what they do does not matter, that it's all going to fall by the wayside anyway.
I'm sure Copernicus and Gallileo were called far worse when they challenged the accepted world view of their day.
If you wish to challenge the accepted worldview, by all means, feel free--but you must challenge it by presenting something better, as Copernicus and Galileo did.
Until such time as you do so, expect people--such as myself--to laugh at you. You may find solace in the knowledge that Galileo and Copernicus were laughed at, but rest assured that history will not mark you among their ranks.
Remember that people also laugh at circus clowns who twist balloons into animal shapes.
I'm just telling you that you don't know enough to say how they won't be.
Until such time as you come up with a better theory, thermodynamics is the only theory we have. What? Are we to discard thermodynamics merely because it may have flaws, without first seeing what those flaws are, without first having a competing theory which successfully explains those flaws?
Why stop with thermodynamics? Relativity, too, has its weaknesses. Thus, let's throw relativity out the door. And quantum mechanics, and Newtonian mechanics, until we all merely sit around and say "yes, we had some brilliant ideas once, but we stopped and gave up once we realized they weren't exactly, totally, one hundred percent true. And since nothing we think of will be exactly, totally, one hundred percent true, none of us saw the point in ever thinking scientifically anymore."
I refuse to let incompetent, marginal hacks like you impose your insecurities upon me.
Is thermodynamics flawed? Very possibly. Have we found any instances yet where thermodynamics is flawed? No. So therefore, you're naieve to say we should discount what thermodynamics predicts as computational limits, based solely on your perception that thermodynamics is wrong.
As you continue your almost unbroken string of negatory, insulting and cynical attacks on your fellow Slashdotters pause a moment and ask yourself why everyone but you has to be so wrong about the possible future.
Oh, I know I'm not right about the future. What I do know, though, is that you're even less right than I am. I am working within the constraints which all of our best scientific evidence of the last two hundred years suggests as absolute. You are working within the undefined paradigm of "well, maybe not".
You tell me which one is the more scientific.
I'm guessing we have different styles of argumentation.
You're not arguing--you're naysaying, which is automatically of zero use whatsoever. If you want to find an argument, some line of reasoning based on empiricism or solidly-established theory, then I'll take you seriously.
But the automatic naysaying of others who attempt, flawed human beings though they are, to apply reason and logic to the cosmos is not argument.
You want assurance and proof, I have none to offer.
I want you to think, Goddammit. God gave you a brain; why not apply it?
Don't sit back in the bleachers and jeer at those of us who are actually doing the work. Don't consider yourself to be "above" the awful, wretched, and common work of exerting yourself wholly in a challenge which you will most likely fail at.
Either contribute to the process of the development of human knowledge, or else shut up and don't interfere with or naysay those hardy few who possess the mental acumen and the intestinal fortitude to wake up every morning, realize the Sisyphean task before them, and go ahead with it anyway.
If you want to contribute, the way is clear. Contribute a theory, an idea, an observation, an empirical measurement. Build something of your own, something which is better than what currently exists.
Do that, and all the things you wish to see brought low will collapse in the most glorious heap of rubble.
But until you are willing to do that, you possess no company in the fractious band of brothers who do their imperfect best to perfect knowledge.
At this point you've crossed the line into blithering idiocy. Saying "I'm not quite as confident in the fundamental limits of computational power as defined by heat death" is all fine and well, provided you can show reason to believe thermodynamics is not an ultimate limitation.
If I say "I'm not quite confident that reality exists", I can give all sorts of philosophy to back it up. But guess what? Until I present evidence which suggests something that radical, I'm just philosophizing.
If I say "I'm not quite confident that time really exists", ditto. But if I'm Julian Barbour and I can present evidence to back up my beliefs, then people take me seriously.
Now you're saying "I don't think thermodynamics are the ultimate limitation in computation that people make them out to be." That's great. Tell you what; as soon as you can present me with evidence that suggests thermodynamics, particularly the First and Second Laws, are invalid in the context of computation, then I'll take you seriously.
I don't know; I've never seen "polynomial time" or "exponential time", only the time on my wristwatch.:)
Polynomial time = exponential time = real time. The only difference between polynomial time and nonpolynomial time is how much time is required, nothing else.
When I say that no deterministic Turing machine will ever be able to solve the Traveling Salesman problem for a reasonably large set of cities, I meant it. Do the power analysis--just flipping enough bits to do the processing would require orders of magnitude more energy than could be liberated from making an entire galaxy go supernova. Do the time analysis--even assuming an ungodly fast machine, the computation couldn't be finished before the computer itself evaporated away due to proton decay.
The only way you can posit that NP problems are solvable is either (a) prove that P=NP, or (b) come up with computers which are made of something other than normal matter, or which run in something other than normal space, or which run on something other than normal energy, or which run in something other than normal time.
In other words, to solve an NP problem requires either (a) a Godlike feat of mathematics, or (b) a Godlike feat of engineering.
If you grant either (a) or (b), then yes, NP problems become solvable. But my counter to that is that once you assume that you're God, everything becomes possible, so the entire godhood argument tends to solve nothing.
Just because a problem is intractible doesn't mean a computer can't find a reasonable solution in finite time.
Sure, but then you're redefining the question. The original statement that I took issue with was that any question could be computed, and it can't.
And NP doesn't mean a turing machine can't solve it ever. It means it can't solve it in polynomial time.
Ever heard of this little thing called "the inescapable heat death of the universe", buddy? Free hint: all the protons in the universe will evaporate into neutrino showers long before a computer comes up with a solution to the Traveling Salesman problem for a reasonably large set of cities.
That doesn't even begin to address the power requirements, either. Each bit-flip requires a minimum of 4.42E-23 Joules--that's a fundamental thermodynamic limitation of the cosmos, not something we can get around. Once you get into exponential operations, that means you need a lot of energy to do NP problems. Go on, do the math.
Next time you flame someone, make sure you know what you're talking about.
Fortunately, I do, otherwise I wouldn't have flamed you. And, honestly, you deserved it.
... who wants to talk to you about vacuum cleaners.
(Word to the humor-impaired: the Traveling Salesman problem has been proven NP-complete, which means it can only be solved by a deterministic Turing machine if P=NP. Nobody's proven any relation yet between P and NP, but it's widely believed P!=NP, which means no deterministic Turing machine will ever be able to solve the Traveling Salesman problem.
In other words, my comment of "there's a Traveling Salesman who wants to talk to you about vacuum cleaners" is a carefully-worded flame. Translated, "it's good that you got out of computer science, because, buddy, you suck if you don't know the intractability of NP problems.)
A society that needs guns to get rid of their government is not democratic. Australia is democratic, ergo your argument is crap.
As a mild correction... I'm taking an implication here that you think the American populace needs guns to get rid of our government. We don't. Every four years we have a revolution; we see if the current Chief Executive has been responsive to the needs of the people, and if not, we throw him out.
The American protection of firearms dates back to Revolutionary times, when it was felt that the best way to ensure that the government responded to the people's needs was to make sure the government would be too terrified of the people to not respond to their needs. Depending on what your political alignment is, this principle is either (a) an anachronism of a bygone time which permits barbarism in the present day, or (b) just as important today as it was in 1789.
If the American people ever firmly and steadfastly believe that the answer is (a), the American people have the ability to amend the Constitution and cut out the Second Amendment. This has not happened yet, which makes me think that many more Americans feel (b) than the Gallup Polls suggest.
Gun ownership in America is not a cut-and-dried legal issue. People who attempt to turn it into a black-and-white issue, without a proper appreciation of the historical, legal and political-philosophy principles involved, are dooming themselves to failure.
Disclosure: I own firearms myself, and I believe (b). I hope that you'll agree that it hasn't addled my brain too badly.:)
If anyone would like to talk further about this, my EMail address is up top and I encourage you to use it.
Honest truth, I think you didn't get as much out of your Java class as you should've. Whether this is due to your performance or your prof's teaching skill is something I'm not qualified to comment on. With that said, here we go:
1. No pointers. It can't possibly be a programming language.
PROLOG and LISP were developed as languages to emulate human intelligence with, and they steadfastly avoid pointers. Both of them are really cool languages, too; when was the last time you saw natural-language written in C?
Computer science is, at heart, about information. A computer science education should teach about ways to store and represent information, different paradigms of information, and the ways in which information oftentimes cannot be accurately represented using only one scheme. Pointers are one scheme, but they are not the only scheme.
Now, strictly speaking you're right in that Java doesn't have pointers; it has references. Everything you want to do with a pointer you can do with a reference, though, with the exception of pointer arithmetic. While I admit that it took me a while to get over the mental block of not being able to juggle pointers the way I do in C, I can't honestly say that it's a major hindrance.
2. People say it has no #includes, yet there continues to be this funny, mystical command called `import'...
import != #include. Import is analogous to a `using' statement in C++ -- `using namespace std' is the C++ version of `import java.lang.*'. An #include is a preprocessor directive which prepends the contents of the listed header files to your program code. An import statement just makes it possible to refer to Java objects and methods without using their fully-qualified names.
3. Strings are a class!!! Whose dumb idea was it to take a string, call it a class, and make stringVariableName.equals(someOtherString); be a strcmp(a,b);?
Short answer: must've been Bjarne Stroustrup's -- you know, that C++ guy? -- because they're objects in C++, too. It's one of C++'s strengths. C is a beautiful language for a lot of things, but text processing is not one of them. Text processing in C is a remarkably painful experience -- and if you think otherwise, I can only remark that you must not have encountered the joyous and elegant way in which LISP handles it.
Remember, information exists independent of paradigm. C's paradigm for handling string information is pretty poor. Better paradigms exist, and while Java's implementation of a String class isn't perfect, it's a definite improvement.
4. Java treats everything like an object. Everything, Integers used in a for loop do not need to be objects! (ok so i'm exagerating a little)
Well, barring the fact that the primitive data types in Java are not objects, you're right. This is viewed as a strength of Java by a lot of people, myself included. Lots of truly elegant languages, such as Smalltalk, treat everything as objects. I've used Smalltalk only a little, but there's a reason why it's still around today.
To hammer a point home: information exists independent of paradigm. Procedural paradigms, object paradigms, list paradigms -- they all have the same ultimate goal, and that is to permit us to productively manipulate information. The wise hacker, instead of dwelling purely on one paradigm, will adapt to whatever paradigm best suits his/her needs at the moment. There are instances in which procedural languages (C, Pascal, Ada83) are best. There are instances in which procedural-object hybrid languages are best (Ada95, C++). There are instances in which list-based languages are best (LISP). There are instances in which set-based languages are best (PROLOG). There are instances where object-based languages are best (Java, Smalltalk).
The wise hacker uses whichever is best suited to the situation. Holy wars over "my language is better than your language" belong to the lamers and lusers. We're hackers; we know better.
IM(ns)HO java is C with a vesectome (in the words of a friend), or best described as a cross between Pascal and C, with the useful components of both removed, but portability up the wazoo...and down the other side.
Which "useful components" of both have been removed? Pascal, remember, was never intended to be a real language. Niklaus Wirth is on record as saying that "if I had known people would take Pascal so seriously, I would have been more careful with its design". Wirth intended for Pascal to be a teaching language, first, foremost and only. Java is a very good teaching language; the syntax is simple, the language is fairly self-consistent, and its crossplatform nature means that when students write their programs at the college on UNIX boxes, they can take their programs home and show it off to Mom and Dad on their Macintosh. You'll probably look down your nose at those people -- but those people are beginning the long road to hackerdom, and anything which will spark their interest and make them think "this is cool" is a Good Thing(tm).
Insofar as throwing away the useful components of C, the only thing that it threw out was pointer arithmetic. Which, as I already showed, isn't a big deal at all.
Java's portability is not a major issue for a lot of programmers. Even if Java wasn't as rabidly crossplatform as it is, it would have a lot to recommend it.
And now...they have java compilers written in...well...java. Wonderful, next thing you know linux kernel will be ported to QBasic!
Did you know that GCC is written in C, and they use one version of GCC to compile the next version of GCC? Really. This isn't at all uncommon; in fact, it's usually a sign of a well-designed language if you can write a compiler for the language in the language.
If anyone wants to discuss these things further, either reply to the message or use my EMail address listed at the top. It's there for a reason, folks.:)
... they just don't tell you about it.:) No, really. While it's not possible for a Java programmer to overload operators, the JDK absolutely does overload operators from time to time. As a case in point, consider the addition (+) operator. It's been overloaded to allow the concatenation of strings.
Java is plagued with tiny inconsistencies like that.
In the end, Java is just a tool in a programmer's toolbox. Use the right tool for the job. If Java makes your life simpler for task X, use it. If Java complicates your life for task Y, use something else.
That said: I can't figure out if your post is satire or meant to be factual, or some delirious blend of the two. There are portions which are factual, portions which are obviously satirical, and a lot that's in between.
Most US citizens don't bother with crypto either, because they can't get a mail program that integrates strong crypto. So they send all the E-Mail in the clear, allowing Echelon to work much more efficiently...
Pretty accurate, except that it isn't a dearth of cryptographic EMail clients that's doing us in; rather, crypto is too daunting technically for the average user. When PGP 5.0 came out it was hailed as making it accessible to the masses, but in independent testing it was shown that one Real User in three was unable to use PGP properly in a way which did not compromise the security of PGP.
Crypto has been widely available to the technically knowledgable since the '70s, with the invention of public-key crypto and DES, the first truly modern symmetric algorithm. IMO -- and remember, I am not a cryptographer, and my opinion on this may not count for much -- by the time breaking DES became a trivial task for world intelligence agencies, TripleDES was already known.
Basically, we've had good crypto tools available for the last twenty-five years or thereabouts. We've had the algorithms and we've had the software. What we lacked twenty-five years ago -- and what we still lack now -- is, IMO:
1. A way to educate the public about crypto and security without requiring anything more advanced than 9th Grade algebra. I may be overestimating the mathematical education of the general public here, but it's hard to imagine talking about crypto without using any mathematics.
2. PKI (Public Key Infrastructure). Somehow, there needs to exist a mechanism for the safe and trusted exchange of public keys. To the best of my knowledge, at present there is no suitable PKI anywhere in the world. PGP's Web of Trust is not scalable to the worldwide community (and has a whole host of other problems, besides).
3. A political climate which considers cryptography, privacy and information security to be worthy topics in the national discourse. Almost every time I see privacy brought up in the mainstream news media, it's always in the context of "you are losing your privacy", never "you are losing your privacy, but there are things you can do about it, on a personal level through your own action, and on a national level through our collective action". People who discount the "unwashed masses" are in for a rude surprise. The hordes of Real Users out there will either make or break national policy. Remember that. You want to get ITAR and those other silly rules thrown out? You need the help of John Q. Public. The forces who want to restrict crypto access even more than they're already restricted are also courting John Q. Public.
...and not spend the 15 microseconds it takes the NSA to factor primes, something they've been able to do with ease since the 1960's when they discovered the formula for fast factoring. They've managed to steer every educational institution in the US and many other countries away from the relatively simple math it takes to do that. Any math professor who gets too close gets a little visit from the men in black.
I hope this is satire with a kernel of truth. Yes, factoring has never been proven to be a difficult problem, merely conjectured to be so. However, if a polynomial-time factorization algorithm were to be discovered, it would have such revolutionary impacts on the computer industry that I don't think it could be concealed. Honestly. If factorization can be done in P time, then all sorts of related problems can be done in P time, and suddenly... wow. All sorts of incredibly thorny problems suddenly become made clear.
Re:*BSD is hurting Open Source/Linux, time to stop
on
FreeBSD at COMDEX
·
· Score: 2
Tom --
I figure that your refutation deserves a refutation of its own, of sorts. First off, I agree with you for ninety percent of what you said. That said, let's go.
Shall we please track the number of exploits for various Linuxes, and compare them with those for, say, OpenBSD?
I think you're giving the original poster more credit than is deserved and, in some way, you're making the same mistake. The mistake of the original poster is in believing that a difference means either a superiority or an inferiority. This is, IMO, absolutely not the case. Godzilla may be able to beat King Kong up, or vice versa, but either one of them can stomp Tokyo flat if they feel like it. When it comes to urban demolition, there is no substantial, quantifiable superiority between the two.
Same with Linux and the BSDs. For ninety percent of all uses, Linux and the BSDs can interoperate without a problem. I prefer Linux machines as desktops and OpenBSD machines as servers. Big deal. With some work, I can make Linux into a reasonably secure and perfectly good server, and turn OpenBSD into a good desktop.
The original poster thinks that since Linux is different and s/he uses Linux, Linux must be superior. It's not. It's different. That's all.
Original poster -- for the love of God, man, get a clue. BSD is not the enemy. The enemy is internal divisions, fractiousness and backbiting. If you want to help the free UNIX community, and help Linux, then stop flaming our BSD brothers.
The algorithm is Cayley-Purser. Can't remember the young lady's name, either. At any rate, Cayley-Purser is irrelevant. If memory serves me right, it gets the extra speed from some absolutely awful memory requirements.
There are also some real questions about security. Remember, the crypto community barely trusts DES, and DES has survived 20+ years of intense cryptanalysis. There are some places that won't use Blowfish because it's too new and untested.
An algorithm which came out only a year or so ago may be interesting, but at this stage it's also irrelevant except to the academic community. If it survives three years, I'll be moderately impressed.
99% of all algorithm designs are crap. (This is not to say they're worthless; FEAL is an example of a very crap algorithm, but it's very useful as a way to test out new cryptanalytic attacks.) Cayley-Purser is no different; statistically, it has a 99% chance of being demonstrated to be crap. And even if it's not demonstrated to be crap, that's not the same as saying it's not crap.
For right now, it's interesting to the academic community and irrelevant to the practical world.
Cipher theory is a subtle and mathematical subject. Rather than write several pages of HTML text about how asymmetric ciphers work, I'll just refer you to Google (http://www.google.com). Do a websearch for "el gamal rsa asymmetric cipher" and you should come up with some interesting pages.
If you've got a real interest, I'd suggest the ICSA Guide to Cryptography and Schneier's _Applied Cryptography 2nd Edition_.
Also, check out the PGP owner's manual. It has a good introduction to crypto.
The problem with streaming asymmetric encryption comes from the way asymmetric encryption works. Namely, you've got all these different numbers that all coalesce and interact to give the cipher security. The two numbers that cause the most problems with streaming are referred to as p and k. p is a prime number that's very, very large, and k is a number which is relatively prime to (p-1).
The value of p is a constant for all the bytes you want to encrypt. The value of k will change for each byte -- or at least it should change, if you're as rabidly paranoid about security as you should be.
If p is a few hundred digits long, then it is a nontrivial task to find k relatively prime to p-1. Right there is a huge bottleneck. You also have to do a lot of multiplication on extremely large numbers; this, too, causes a bottleneck. And since you'd have to do these tasks for each and every byte, it would become a huge tax on the processor in no time flat.
Then there's the problems of decrypting. At some point in the decryption process, the extended Euclidean algorithm (or one of its derivatives) must be used. This is another nontrivial algorithm, and it must be executed for every byte received.
So in short -- yes, it is possible to do streamed asymmetric algorithms. But it's such an enormous performance hit that it's almost universally a bad idea. Far better to use an asymmetric method to negotiate a random session key (Diffie-Hellmann key exchange is specifically designed just for this), and then use a very fast symmetric algorithm to encrypt the stream.
If I recall correctly, algorithms like Blowfish are something like three orders of magnitude faster than asymmetric algorithms like RSA or Diffie-Hellmann. It's significant.
I may be off somewhat on some of my statements; I don't have my usual crypto references handy. So take this with a grain of salt.:)
The first thing I want to ask is, "What kind of crack are you on?"
I run Linux. I also happen to have a really huge amount of affection in my heart for OpenBSD. One's my preference for desktops, one's my preference for servers. Am I a BSD supporter? Absolutely. Am I a Linux supporter? Absolutely.
So, who's this "we" you're referring to when you say "we hate the GPL"? I certainly don't hate it. It's a software license, not the end of the world. It doesn't virally infect your software; rather, the authors of GPLed software merely assert their rights as authors to keep you from using their software in non-GPLed software. Most authors who release their code under GPL do so for strong moral reasons. You might not like someone else's strong moral reasons, but I certainly hope you're mature enough to respect their reasons instead of hating their reasons.
Insofar as Linux being technically inferior to BSD, I really don't see how that's happening, either. The various BSDs are significantly lacking when it comes to hardware support; Linux tends to punch new drivers out like they're movie tickets. That doesn't make Linux more technically advanced; it just means they get drivers out faster. And BSD's faster TCP/IP stack doesn't mean that Linux's is inferior; it just means the BSD TCP/IP stack is faster.
A difference between two things does not always imply that one is superior and one is inferior.
Linux is an SVR4 clone. It has a poor development model.
A lot of really cool hacks were developed on SysV systems, friend. I'd suggest showing a little more respect for our AT&T brothers. Insofar as Linux's "poor development model" -- this one is so laughably false that I really can't refute it. Is it chaotic? Unquestionably. Haphazard? Not hardly. Chaotic systems coalesce and interact to create extremely complex, subtle effects. The Linux kernel is a good example. BSD has the planning and structure of a classical symphony; Linux has the general feel of a really good jazz quartet. Which one is better? Depends entirely on whether you prefer classical or jazz.
I'm a jazz man, myself.
BSD isn't fragmenting the UNIX community...
Agreed, wholeheartedly. Each flavor of BSD caters to a different segment of the community, and the richness of BSD flavors is one of the reasons why BSD is such an attractive choice. I don't like FreeBSD or NetBSD, but OpenBSD rocks my world.
Linux is.
Let me repeat my earlier question: what kind of crack are you on?
The real UNIX fragmentation problem is the absurd number of Linux distros, which, despite what some Linux folk say, have very significant differences.
Well, duh. OpenBSD and FreeBSD have very significant differences, too, but they have far more in common. Similarly, SuSE has significant differences from Debian, but I've never had problems installing SuSE packages on my Red Hat box and then installing a Debian package.
If you're going to claim that the fragmentation of BSDs doesn't fragment the UNIX community, then you've got to extend the same civility to the Linux community. Neither one is causing the fragmentation of UNIX. UNIX fragmented long, long before either BSD or Linux came out.
BSD was in widespread usage before Linux
... and MVS/TSO was in widespread usage before BSD. Older != better, newer != better.
I'm really getting sick of the Linux mentality that we need a gleaming, one world OS.
Find me a Linux user who believes this and I'll personally whack the idiot with a clue-by-four. The people who grok Linux know, beyond any shadow of a doubt, that Linux is not the Way, the Truth and the Life. Linux is an operating system, and a pretty damn good one. As soon as Linux stops fitting our needs, we'll toss it and make something that does.
And y'know what? BSD will do the exact same thing if BSD ever stops being useful.
First off, that's not a threat. If it had been a threat, it would have come from an attorney. When I read that, I see someone giving you warning that, in his opinion, you're coming dangerously close to crossing a line you can't uncross. Instead of being angry at him, I'd be thankful.
Secondly, McCandlish asserted that "[y]ou are knowingly or negligiently making provably false statements about TRUSTe with intent to harm their reputation. That's libel." Well, guess what: if that's what you were doing, that is libel, and it's wrong.
Truth is the penultimate defense in libel lawsuits; if what you write is true, then even if it's written with malice it's not libel. If you're acting in good faith, then even if you write is untrue, it's not libel. But if what you write is untrue and you're not acting in good faith, then, brother, you are in trouble and there's no way anyone's going to come to your defense.
Why is it you cited only a few excerpts from McCandlish's EMail, without citing any of your own statements to demonstrate that what you were saying wasn't untrue? The words "provably false" are, if McCandlish is correct in that they are provably false, important in that they demonstrate that what you were saying is false. The words "you are knowingly or negligiently" are, again if McCandlish is correct and you were knowingly or negligiently making these assertions, important in that it shows you don't have a good-faith defense.
You expect a public apology from a man who believes that you were acting libelously? And you expect Slashdot to rally behind you in a "damn the man!" frenzy? It's not going to happen. If you want to demonstrate that what you were saying wasn't false, or that it was based on good-faith information you possessed, then fine -- do it -- then I'll believe that McCandlish was off his rocker.
But until then, brother, all you're doing is getting ticked off because someone told you, "You're screwing up, and TRUSTe could take you to court over this and win".
Wise men pay attention when other people tell them they're screwing up. Fools cling to a tenacious belief that everything they do is right.
Warning: I am not a lawyer, and nothing in here is legal advice.
If you're going to send that, then I suggest reading "Civil Actions for Dummies"... several times... all six thousand volumes.
In case you haven't noticed, these people are attorneys. They are paid hundreds of dollars an hour by corporations like IDG just to stomp on people like you. Just writing that letter probably cost IDG a cool $300. If you get pissy with them, then they will drop the hammer on you.
They honestly don't give a shit if you're polite to them or not. What they care about is protecting and preserving the intellectual-property rights of their client, IDG. Snippiness is completely irrelevant to them.
If you want to avoid a long, prolonged flamewar with a lawyer -- and when lawyers flame, they do it in ways that your pocketbook will feel -- then I suggest writing back a polite, professional letter.
This is not Usenet, and you do not get style points for creative flamage.
Slashdot Mirror
Sure, it's complicated stuff. But people understand it a lot better than this guy does. We've got lasers that work, for example.
With due respect, your statement has shown that you do not understand quantum mechanics.
The actions of atoms and subatomic interactions can be described, certainly. Predicted, absolutely. But understood, never. Niels Bohr once said that "if the quantum theory does not astonish you, then you do not understand it". Brilliant physicists have tried to understand quantum mechanics and all they get are splitting headaches. The theory is too astonishing; it is so contrary to our everyday experience that it might as well have come from an alien culture.
Quantum mechanics is describable, yes.
Understandable, never.
I don't know a single physicist who understands quantum mechanics. I know lots of people who don't understand QMech who say it's understandable.
Oh, please don't misunderstand me -- I'm not calling evolutionary science meaningless, or based on shaky foundations. I just draw a line between observed phenomena and hypothetical explanations for those phenomena. I've read plenty of descriptions of evolution in action to believe that it exists; I've yet to read a theory explaining evolution which I feel has a substantial chance of being substantially correct.
:)
:)
This doesn't mean that the field is useless. Far from it; it means the field is extremely useful, because somewhere there's a whole lot of discoveries just waiting to be made.
I just think we're a long way from having a good theory of how evolution occurs -- that's all.
Insofar as explaining observed pheonomena, predicting future phenomena, empirically testable, I submit the punctuated-equilibrium theory to you. Hypothesizing that evolution happens in times of catastrophic ecological upheaval is all fine and dandy, but it's kind of hard to conduct controlled tests of the same, don't you think?
My own personal belief is that geographic isolation and punctuated equilibrium are, taken together, probably the most promising ideas. The geographic isolation bit you can actually test under reasonably controlled conditions; the ecological catastrophes, less so.
Warning: I am not a biologist. I am a computer scientist. As you can guess, I'm not an expert in the field -- I've read enough to be dangerous and maybe enough to hold an intelligent conversation, but that's all.
Yes, this fellow is most likely completely off his rocker. But let's keep something in mind, all right?
1. This theory depends on DNA/RNA molecules being able to perform quantum computations. If DNA/RNA are not efficient chemical "vehicles" for quantum computation, then this theory is completely and utterly wrong.
2. This theory can actually be proven wrong, unlike almost every other evolutionary theory out there. You name the theory -- Punctuated Equilibrium, Red Queen, Designed Evolution... their mechanisms are all-but-unobservable, and cannot be empirically tested in a lab (as best I know). This theory can be tested in a lab; if DNA/RNA isn't good at quantum computation, presto, the theory's wrong.
3. Don't dismiss it because it didn't appear in a scientific journal. Odds are nobody would touch this one with a ten-foot pole; it's so far from conventional science that it's easy to dismiss it as being crackpot. But this fellow has a serious idea, and he's also conveniently provided us with a way to prove him wrong. Don't write him off as a nut and not worth your time just because he's published in a book -- first prove him wrong, and then write him off as a nut. Not before, and certainly not in the reverse order.
4. Dismiss anyone who says "this man doesn't know a thing about quantum mechanics" just because he takes a weird view of the implications of quantum mechanics. His theory, as best as I can tell, depends on the Everett many-worlds interpretation of quantum mechanics. I prefer the Copenhagen interpretation, but you know what? Neither one of them is in the slightest bit scientific.
Quantum mechanics is a fact. It describes observed phenomena, it has successfully predicted phenomena, and it can be proven wrong (not that it ever has been proven wrong -- but if you were to ever successfully measure both the precise location and velocity of a particle, you'd prove QM to be an incorrect theory). The problem is that quantum mechanics is so alien to our idea of the universe that most physicists have to come up with a framework from which quantum mechanics makes some sort of sense.
This gentleman's interpretation of quantum mechanics is no nuttier than the Copenhagen Interpretation, or even an interpretation that the collective farts of all the universe's sentient races causes the weirdness in QM. Any interpretation of QM is metaphysics, not science. It's easy to say "this guy's a crackpot, since his interpretation isn't shared by any other "serious scientist". It's just as easy, and as accurate, to say "a lot of guys are crackpots because they believe in a multiverse which is constantly splitting off from itself, as proposed by Everett."
For all this fellow's failings, I've got to give him credit for coming up with a perfect theory.
(1) It's insane. As Wolfgang Pauli is supposed to have said to a colleague, "We are all divided on whether or not your theory is crazy. I do not believe it is crazy enough." In QM, crazy is good.
(2) It explains observed phenomena.
(3) It predicts future phenomena.
(4) It's empirically testable.
... In other words, it's a hell of a lot better than most evolutionary theories I've seen. It's probably wrong, of course. But it's wrong to dismiss this one out-of-hand.
IANAL. Take this with a grain of salt.
The only requirements, legally speaking, for a signature to be valid are that (a) the individual must mark the document in some way, and (b) the individual must intend for the mark to be affirmative. If you and I were to enter into a contract, either of us could sign with an X or as "Mortimer J. Humphries III" -- even if you sign with something that's not your real name, if it meets the two requirements above, it's a binding signature.
So, in light of this, the Digital Signature Act (or whatever they're calling it) is really quite irrelevant. If you and I sign an electronic contract with digital signatures, and we both mark it affirmatively, then the signature is valid -- period. (The virtue of digital signature algorithms is in that the signatures are difficult to repudiate -- while anyone could sign a contract as "Robert J. Hansen", presumably only I could sign a contract with my OpenPGP private key.)
In short, this legislation is unsurprising and unnecessary. Don't get your shorts in a knot over it; no matter how you cut it, digital signatures are already valid.
However -- to the best of my knowledge, digital signatures have not passed any kind of a court test. Instead of waiting for the courts to establish that digital signatures are valid (a process which could take years), the Legislature has just informed the courts that digital signatures are valid.
The last time I checked out the various digital signature acts, they (wisely) didn't specify algorithms to use, key management methods, etc. All they did was instruct the courts that digital signatures were valid, except in certain critical instances where physical signatures are viewed as more secure.
Just a few thoughts on the subject. Feel free to moderate me as (+1, -1, +2, -pi, Moderation As Rambling As The Content Is).
1. For the last two or three months the NSA has been playing "woe is me". Check out the press they've received recently; most egregiously was a Newsweek article which was very possibly written by the NSA. The NSA knows that the best PR is no PR -- the more people who watch the NSA, the harder it is for them to do their job. If people must watch the NSA, best if they point, laugh and make rude noises to mock them... after all, if the NSA is a laughingstock, nobody will take them seriously, which makes it easier for them to do their job.
2. Never believe anything the NSA tells you without independent confirmation. If the NSA feels it's in the national security of the United States to lie to you, they'll do so with a straight face and a clear conscience. The NSA says that some computers went down? Great -- big deal, computers go down all the time. "No," the NSA says, "these were important computers." Great -- that happens all the time, too. What, don't you guys have backup systems? A budget larger than every other intelligence agency combined and you can't afford redundant, independent computers for your mission-critical tasks?
Something in there just doesn't sound right to me.
3. The ability to process information is now more important than the ability to collect it. The article says that an NSA official downplayed the incident, saying that data was still collected -- it just wasn't processed and it'll have to be looked at later. Sounds like it wasn't too bad after all, right?
No. It means the NSA was blind, deaf and dumb, and not only that, they will likely forever be blind, deaf and dumb to events that happened during those few days.
NASA still has data from the Apollo Program which they haven't had the time or resources to look through and catalog yet. The NSA collects orders of magnitude more data than NASA, and unless they've got some incredibly advanced form of storage technology, they simply cannot store data for very long. They do not have the manpower or the resources to look through their backlog; with the scope and prevalence of digital communications today, they're drowning -- they must be drowning -- in a tidal wave of noise searching for the life-preserver of signal. It's a Herculean task.
... Add all of the above together and what do you get? I don't know. If I knew, I'd be Bruce Schneier.
And regardless of people arguing that this is supposed to be ready for "prime time" the fact is, it's not shipping and any rational IT professional will recognize that that means *BETA*.
Warning: I am a rational IT professional. Not only that, but I worked in QA for a few years (first with Sir-Tech Software, then with MCI-WorldCom).
I could talk at great length about rational versus irrational QA policies. (There should be an "Ask Slashdot" about how to properly QA a product...) But that's really not the issue here; good QA, bad QA, it all boils down to the same thing in the end.
At the end of QA, the QA Lead signs off on the project. What the QA Lead signs off on becomes the first version released to the consumer.
Period, end of discussion.
The fact that Win2K went gold means that the QA Lead signed off on it. The pre-release development cycle ended the instant the QA Lead signed off on it. Everything after the moment his/her pen left the paper is part of the maintenance cycle, not the development cycle.
In short, the exploit was found in a consumer release of Win2K. It doesn't matter if it was on the store shelves or not; when the QA Lead signed off on it, it became a final product.
Everything clear?
If it's trivial, then you ought to be able to tell me the IP address of the machine I used to do that language mangling, right?
After all, that's what trivial means--that anyone can do it.
That's also ignoring the fact that Babelfish-like programs are available for free download. How do you propose to trace down exactly which program was used to do the language mangling when there are a few million laptops around with that sort of software on it?
Really, I would like to see if it's as trivial as you're making it out to be. Just post the IP address I filed the Fish request from (hint: it's not the same as the IP address I'm posting this from) and I'll concede that it's a trivial exercise.
Online anonymity is easy. If you want to really screw up efforts to identify you by specific language details, just run your posts through the Fish a couple of times. What comes out is guaranteed to give Foster a first class migraine.
=====
On-line anonymity is simple. If you want to really upward screw efforts to identify itself by the specific language details just your masts by the fish execute a pair of the periods. Which comes out, is guaranteed, giving foster a first class klassenmigraene.
(English->French->German->English, for those who are interested.)
It's hardly irrelevant to correct you when you put words in my mouth.
Which one of us was the one who said we would be able to compute anything, anything at all, thermodynamic limitations be damned?
Extraordinary claims require extraordinary evidence. Since your claim is absolutely extraordinary and you have no evidence of any sort to back up your claim, your claim has absolutely zero standing.
This name calling is pointless and inappropriate.
Usually, I am more reserved. It's when people demonstrate themselves to be willfully anti-reason that I write them off as being fools.
I said I don't have as much confidence in the limits it provides. Why not? We have systematically expanded and deepened our understanding of every ruleset about the cosmos in recorded history.
Granted. That's also wholly irrelevant. I could just as easily say "well, when we become gods, then we'll be able to compute anything"--but unless I present a theory which shows how we can become gods and compute anything, I haven't challenged the existing theory at all. What you're doing is standing on the sidelines and throwing rocks at the underpinnings of modern physics when you're too much of an intellectual coward to brave the arena yourself by presenting new theories and ideas.
Anyone can belittle the existing state of affairs, whether it be in politics, in literature, in civic life or in science. I have no use for these critics, these mean and petty souls who, fearing defeat, mock those who brave it.
If you want me to take you seriously, then present an idea, a hypothesis, some way which will show thermodynamics to be wrong. But as long as you merely throw rocks, you're an imbecile and useless.
If you want to throw rocks, climb down here in the mud with the rest of us who are actually trying to build something. Get dirty, soiled and sweaty. Get your hands calloused and the mud blood-soaked. Build something better than what we presently have, and you'll find that to be ten thousand times more effective than any pebble you could hurl from the bleachers.
What arrogance you portray trying to tell me that THIS time we have it right. THIS time the equations cover all the bases and define the absolutes of the universe with no possible exceptions.
What arrogance you have, to sit idly by and tell the flawed, valorous people who are actually doing things that what they do does not matter, that it's all going to fall by the wayside anyway.
I'm sure Copernicus and Gallileo were called far worse when they challenged the accepted world view of their day.
If you wish to challenge the accepted worldview, by all means, feel free--but you must challenge it by presenting something better, as Copernicus and Galileo did.
Until such time as you do so, expect people--such as myself--to laugh at you. You may find solace in the knowledge that Galileo and Copernicus were laughed at, but rest assured that history will not mark you among their ranks.
Remember that people also laugh at circus clowns who twist balloons into animal shapes.
I'm just telling you that you don't know enough to say how they won't be.
Until such time as you come up with a better theory, thermodynamics is the only theory we have. What? Are we to discard thermodynamics merely because it may have flaws, without first seeing what those flaws are, without first having a competing theory which successfully explains those flaws?
Why stop with thermodynamics? Relativity, too, has its weaknesses. Thus, let's throw relativity out the door. And quantum mechanics, and Newtonian mechanics, until we all merely sit around and say "yes, we had some brilliant ideas once, but we stopped and gave up once we realized they weren't exactly, totally, one hundred percent true. And since nothing we think of will be exactly, totally, one hundred percent true, none of us saw the point in ever thinking scientifically anymore."
I refuse to let incompetent, marginal hacks like you impose your insecurities upon me.
Is thermodynamics flawed? Very possibly. Have we found any instances yet where thermodynamics is flawed? No. So therefore, you're naieve to say we should discount what thermodynamics predicts as computational limits, based solely on your perception that thermodynamics is wrong.
As you continue your almost unbroken string of negatory, insulting and cynical attacks on your fellow Slashdotters pause a moment and ask yourself why everyone but you has to be so wrong about the possible future.
Oh, I know I'm not right about the future. What I do know, though, is that you're even less right than I am. I am working within the constraints which all of our best scientific evidence of the last two hundred years suggests as absolute. You are working within the undefined paradigm of "well, maybe not".
You tell me which one is the more scientific.
I'm guessing we have different styles of argumentation.
You're not arguing--you're naysaying, which is automatically of zero use whatsoever. If you want to find an argument, some line of reasoning based on empiricism or solidly-established theory, then I'll take you seriously.
But the automatic naysaying of others who attempt, flawed human beings though they are, to apply reason and logic to the cosmos is not argument.
You want assurance and proof, I have none to offer.
I want you to think, Goddammit. God gave you a brain; why not apply it?
Don't sit back in the bleachers and jeer at those of us who are actually doing the work. Don't consider yourself to be "above" the awful, wretched, and common work of exerting yourself wholly in a challenge which you will most likely fail at.
Either contribute to the process of the development of human knowledge, or else shut up and don't interfere with or naysay those hardy few who possess the mental acumen and the intestinal fortitude to wake up every morning, realize the Sisyphean task before them, and go ahead with it anyway.
If you want to contribute, the way is clear. Contribute a theory, an idea, an observation, an empirical measurement. Build something of your own, something which is better than what currently exists.
Do that, and all the things you wish to see brought low will collapse in the most glorious heap of rubble.
But until you are willing to do that, you possess no company in the fractious band of brothers who do their imperfect best to perfect knowledge.
At this point you've crossed the line into blithering idiocy. Saying "I'm not quite as confident in the fundamental limits of computational power as defined by heat death" is all fine and well, provided you can show reason to believe thermodynamics is not an ultimate limitation.
If I say "I'm not quite confident that reality exists", I can give all sorts of philosophy to back it up. But guess what? Until I present evidence which suggests something that radical, I'm just philosophizing.
If I say "I'm not quite confident that time really exists", ditto. But if I'm Julian Barbour and I can present evidence to back up my beliefs, then people take me seriously.
Now you're saying "I don't think thermodynamics are the ultimate limitation in computation that people make them out to be." That's great. Tell you what; as soon as you can present me with evidence that suggests thermodynamics, particularly the First and Second Laws, are invalid in the context of computation, then I'll take you seriously.
Until then, you're a blithering idiot.
...in polynomial time, you mean, right?
:)
I don't know; I've never seen "polynomial time" or "exponential time", only the time on my wristwatch.
Polynomial time = exponential time = real time. The only difference between polynomial time and nonpolynomial time is how much time is required, nothing else.
When I say that no deterministic Turing machine will ever be able to solve the Traveling Salesman problem for a reasonably large set of cities, I meant it. Do the power analysis--just flipping enough bits to do the processing would require orders of magnitude more energy than could be liberated from making an entire galaxy go supernova. Do the time analysis--even assuming an ungodly fast machine, the computation couldn't be finished before the computer itself evaporated away due to proton decay.
The only way you can posit that NP problems are solvable is either (a) prove that P=NP, or (b) come up with computers which are made of something other than normal matter, or which run in something other than normal space, or which run on something other than normal energy, or which run in something other than normal time.
In other words, to solve an NP problem requires either (a) a Godlike feat of mathematics, or (b) a Godlike feat of engineering.
If you grant either (a) or (b), then yes, NP problems become solvable. But my counter to that is that once you assume that you're God, everything becomes possible, so the entire godhood argument tends to solve nothing.
Just because a problem is intractible doesn't mean a computer can't find a reasonable solution in finite time.
Sure, but then you're redefining the question. The original statement that I took issue with was that any question could be computed, and it can't.
And NP doesn't mean a turing machine can't solve it ever. It means it can't solve it in polynomial time.
Ever heard of this little thing called "the inescapable heat death of the universe", buddy? Free hint: all the protons in the universe will evaporate into neutrino showers long before a computer comes up with a solution to the Traveling Salesman problem for a reasonably large set of cities.
That doesn't even begin to address the power requirements, either. Each bit-flip requires a minimum of 4.42E-23 Joules--that's a fundamental thermodynamic limitation of the cosmos, not something we can get around. Once you get into exponential operations, that means you need a lot of energy to do NP problems. Go on, do the math.
Next time you flame someone, make sure you know what you're talking about.
Fortunately, I do, otherwise I wouldn't have flamed you. And, honestly, you deserved it.
... who wants to talk to you about vacuum cleaners.
(Word to the humor-impaired: the Traveling Salesman problem has been proven NP-complete, which means it can only be solved by a deterministic Turing machine if P=NP. Nobody's proven any relation yet between P and NP, but it's widely believed P!=NP, which means no deterministic Turing machine will ever be able to solve the Traveling Salesman problem.
In other words, my comment of "there's a Traveling Salesman who wants to talk to you about vacuum cleaners" is a carefully-worded flame. Translated, "it's good that you got out of computer science, because, buddy, you suck if you don't know the intractability of NP problems.)
A society that needs guns to get rid of their government is not democratic. Australia is democratic, ergo your argument is crap.
:)
As a mild correction... I'm taking an implication here that you think the American populace needs guns to get rid of our government. We don't. Every four years we have a revolution; we see if the current Chief Executive has been responsive to the needs of the people, and if not, we throw him out.
The American protection of firearms dates back to Revolutionary times, when it was felt that the best way to ensure that the government responded to the people's needs was to make sure the government would be too terrified of the people to not respond to their needs. Depending on what your political alignment is, this principle is either (a) an anachronism of a bygone time which permits barbarism in the present day, or (b) just as important today as it was in 1789.
If the American people ever firmly and steadfastly believe that the answer is (a), the American people have the ability to amend the Constitution and cut out the Second Amendment. This has not happened yet, which makes me think that many more Americans feel (b) than the Gallup Polls suggest.
Gun ownership in America is not a cut-and-dried legal issue. People who attempt to turn it into a black-and-white issue, without a proper appreciation of the historical, legal and political-philosophy principles involved, are dooming themselves to failure.
Disclosure: I own firearms myself, and I believe (b). I hope that you'll agree that it hasn't addled my brain too badly.
If anyone would like to talk further about this, my EMail address is up top and I encourage you to use it.
Honest truth, I think you didn't get as much out of your Java class as you should've. Whether this is due to your performance or your prof's teaching skill is something I'm not qualified to comment on. With that said, here we go:
:)
1. No pointers. It can't possibly be a programming language.
PROLOG and LISP were developed as languages to emulate human intelligence with, and they steadfastly avoid pointers. Both of them are really cool languages, too; when was the last time you saw natural-language written in C?
Computer science is, at heart, about information. A computer science education should teach about ways to store and represent information, different paradigms of information, and the ways in which information oftentimes cannot be accurately represented using only one scheme. Pointers are one scheme, but they are not the only scheme.
Now, strictly speaking you're right in that Java doesn't have pointers; it has references. Everything you want to do with a pointer you can do with a reference, though, with the exception of pointer arithmetic. While I admit that it took me a while to get over the mental block of not being able to juggle pointers the way I do in C, I can't honestly say that it's a major hindrance.
2. People say it has no #includes, yet there continues to be this funny, mystical command called `import'...
import != #include. Import is analogous to a `using' statement in C++ -- `using namespace std' is the C++ version of `import java.lang.*'. An #include is a preprocessor directive which prepends the contents of the listed header files to your program code. An import statement just makes it possible to refer to Java objects and methods without using their fully-qualified names.
3. Strings are a class!!! Whose dumb idea was it to take a string, call it a class, and make stringVariableName.equals(someOtherString); be a strcmp(a,b);?
Short answer: must've been Bjarne Stroustrup's -- you know, that C++ guy? -- because they're objects in C++, too. It's one of C++'s strengths. C is a beautiful language for a lot of things, but text processing is not one of them. Text processing in C is a remarkably painful experience -- and if you think otherwise, I can only remark that you must not have encountered the joyous and elegant way in which LISP handles it.
Remember, information exists independent of paradigm. C's paradigm for handling string information is pretty poor. Better paradigms exist, and while Java's implementation of a String class isn't perfect, it's a definite improvement.
4. Java treats everything like an object. Everything, Integers used in a for loop do not need to be objects! (ok so i'm exagerating a little)
Well, barring the fact that the primitive data types in Java are not objects, you're right. This is viewed as a strength of Java by a lot of people, myself included. Lots of truly elegant languages, such as Smalltalk, treat everything as objects. I've used Smalltalk only a little, but there's a reason why it's still around today.
To hammer a point home: information exists independent of paradigm. Procedural paradigms, object paradigms, list paradigms -- they all have the same ultimate goal, and that is to permit us to productively manipulate information. The wise hacker, instead of dwelling purely on one paradigm, will adapt to whatever paradigm best suits his/her needs at the moment. There are instances in which procedural languages (C, Pascal, Ada83) are best. There are instances in which procedural-object hybrid languages are best (Ada95, C++). There are instances in which list-based languages are best (LISP). There are instances in which set-based languages are best (PROLOG). There are instances where object-based languages are best (Java, Smalltalk).
The wise hacker uses whichever is best suited to the situation. Holy wars over "my language is better than your language" belong to the lamers and lusers. We're hackers; we know better.
IM(ns)HO java is C with a vesectome (in the words of a friend), or best described as a cross between Pascal and C, with the useful components of both removed, but portability up the wazoo...and down the other side.
Which "useful components" of both have been removed? Pascal, remember, was never intended to be a real language. Niklaus Wirth is on record as saying that "if I had known people would take Pascal so seriously, I would have been more careful with its design". Wirth intended for Pascal to be a teaching language, first, foremost and only. Java is a very good teaching language; the syntax is simple, the language is fairly self-consistent, and its crossplatform nature means that when students write their programs at the college on UNIX boxes, they can take their programs home and show it off to Mom and Dad on their Macintosh. You'll probably look down your nose at those people -- but those people are beginning the long road to hackerdom, and anything which will spark their interest and make them think "this is cool" is a Good Thing(tm).
Insofar as throwing away the useful components of C, the only thing that it threw out was pointer arithmetic. Which, as I already showed, isn't a big deal at all.
Java's portability is not a major issue for a lot of programmers. Even if Java wasn't as rabidly crossplatform as it is, it would have a lot to recommend it.
And now...they have java compilers written in...well...java. Wonderful, next thing you know linux kernel will be ported to QBasic!
Did you know that GCC is written in C, and they use one version of GCC to compile the next version of GCC? Really. This isn't at all uncommon; in fact, it's usually a sign of a well-designed language if you can write a compiler for the language in the language.
If anyone wants to discuss these things further, either reply to the message or use my EMail address listed at the top. It's there for a reason, folks.
... they just don't tell you about it. :) No, really. While it's not possible for a Java programmer to overload operators, the JDK absolutely does overload operators from time to time. As a case in point, consider the addition (+) operator. It's been overloaded to allow the concatenation of strings.
:)
Java is plagued with tiny inconsistencies like that.
In the end, Java is just a tool in a programmer's toolbox. Use the right tool for the job. If Java makes your life simpler for task X, use it. If Java complicates your life for task Y, use something else.
But above all else, code.
... I don't even play one on TV.
...and not spend the 15 microseconds it takes the NSA to factor primes, something they've been able to do with ease since the 1960's when they discovered the formula for fast factoring. They've managed to steer every educational institution in the US and many other countries away from the relatively simple math it takes to do that. Any math professor who gets too close gets a little visit from the men in black.
That said: I can't figure out if your post is satire or meant to be factual, or some delirious blend of the two. There are portions which are factual, portions which are obviously satirical, and a lot that's in between.
Most US citizens don't bother with crypto either, because they can't get a mail program that integrates strong crypto. So they send all the E-Mail in the clear, allowing Echelon to work much more efficiently...
Pretty accurate, except that it isn't a dearth of cryptographic EMail clients that's doing us in; rather, crypto is too daunting technically for the average user. When PGP 5.0 came out it was hailed as making it accessible to the masses, but in independent testing it was shown that one Real User in three was unable to use PGP properly in a way which did not compromise the security of PGP.
Crypto has been widely available to the technically knowledgable since the '70s, with the invention of public-key crypto and DES, the first truly modern symmetric algorithm. IMO -- and remember, I am not a cryptographer, and my opinion on this may not count for much -- by the time breaking DES became a trivial task for world intelligence agencies, TripleDES was already known.
Basically, we've had good crypto tools available for the last twenty-five years or thereabouts. We've had the algorithms and we've had the software. What we lacked twenty-five years ago -- and what we still lack now -- is, IMO:
1. A way to educate the public about crypto and security without requiring anything more advanced than 9th Grade algebra. I may be overestimating the mathematical education of the general public here, but it's hard to imagine talking about crypto without using any mathematics.
2. PKI (Public Key Infrastructure). Somehow, there needs to exist a mechanism for the safe and trusted exchange of public keys. To the best of my knowledge, at present there is no suitable PKI anywhere in the world. PGP's Web of Trust is not scalable to the worldwide community (and has a whole host of other problems, besides).
3. A political climate which considers cryptography, privacy and information security to be worthy topics in the national discourse. Almost every time I see privacy brought up in the mainstream news media, it's always in the context of "you are losing your privacy", never "you are losing your privacy, but there are things you can do about it, on a personal level through your own action, and on a national level through our collective action". People who discount the "unwashed masses" are in for a rude surprise. The hordes of Real Users out there will either make or break national policy. Remember that. You want to get ITAR and those other silly rules thrown out? You need the help of John Q. Public. The forces who want to restrict crypto access even more than they're already restricted are also courting John Q. Public.
I hope this is satire with a kernel of truth. Yes, factoring has never been proven to be a difficult problem, merely conjectured to be so. However, if a polynomial-time factorization algorithm were to be discovered, it would have such revolutionary impacts on the computer industry that I don't think it could be concealed. Honestly. If factorization can be done in P time, then all sorts of related problems can be done in P time, and suddenly... wow. All sorts of incredibly thorny problems suddenly become made clear.
Tom --
I figure that your refutation deserves a refutation of its own, of sorts. First off, I agree with you for ninety percent of what you said. That said, let's go.
Shall we please track the number of exploits for various Linuxes, and compare them with those for, say, OpenBSD?
I think you're giving the original poster more credit than is deserved and, in some way, you're making the same mistake. The mistake of the original poster is in believing that a difference means either a superiority or an inferiority. This is, IMO, absolutely not the case. Godzilla may be able to beat King Kong up, or vice versa, but either one of them can stomp Tokyo flat if they feel like it. When it comes to urban demolition, there is no substantial, quantifiable superiority between the two.
Same with Linux and the BSDs. For ninety percent of all uses, Linux and the BSDs can interoperate without a problem. I prefer Linux machines as desktops and OpenBSD machines as servers. Big deal. With some work, I can make Linux into a reasonably secure and perfectly good server, and turn OpenBSD into a good desktop.
The original poster thinks that since Linux is different and s/he uses Linux, Linux must be superior. It's not. It's different. That's all.
Original poster -- for the love of God, man, get a clue. BSD is not the enemy. The enemy is internal divisions, fractiousness and backbiting. If you want to help the free UNIX community, and help Linux, then stop flaming our BSD brothers.
The algorithm is Cayley-Purser. Can't remember the young lady's name, either. At any rate, Cayley-Purser is irrelevant. If memory serves me right, it gets the extra speed from some absolutely awful memory requirements.
There are also some real questions about security. Remember, the crypto community barely trusts DES, and DES has survived 20+ years of intense cryptanalysis. There are some places that won't use Blowfish because it's too new and untested.
An algorithm which came out only a year or so ago may be interesting, but at this stage it's also irrelevant except to the academic community. If it survives three years, I'll be moderately impressed.
99% of all algorithm designs are crap. (This is not to say they're worthless; FEAL is an example of a very crap algorithm, but it's very useful as a way to test out new cryptanalytic attacks.) Cayley-Purser is no different; statistically, it has a 99% chance of being demonstrated to be crap. And even if it's not demonstrated to be crap, that's not the same as saying it's not crap.
For right now, it's interesting to the academic community and irrelevant to the practical world.
Cipher theory is a subtle and mathematical subject. Rather than write several pages of HTML text about how asymmetric ciphers work, I'll just refer you to Google (http://www.google.com). Do a websearch for "el gamal rsa asymmetric cipher" and you should come up with some interesting pages.
If you've got a real interest, I'd suggest the ICSA Guide to Cryptography and Schneier's _Applied Cryptography 2nd Edition_.
Also, check out the PGP owner's manual. It has a good introduction to crypto.
... in fact, I don't even play one on TV.
:)
The problem with streaming asymmetric encryption comes from the way asymmetric encryption works. Namely, you've got all these different numbers that all coalesce and interact to give the cipher security. The two numbers that cause the most problems with streaming are referred to as p and k. p is a prime number that's very, very large, and k is a number which is relatively prime to (p-1).
The value of p is a constant for all the bytes you want to encrypt. The value of k will change for each byte -- or at least it should change, if you're as rabidly paranoid about security as you should be.
If p is a few hundred digits long, then it is a nontrivial task to find k relatively prime to p-1. Right there is a huge bottleneck. You also have to do a lot of multiplication on extremely large numbers; this, too, causes a bottleneck. And since you'd have to do these tasks for each and every byte, it would become a huge tax on the processor in no time flat.
Then there's the problems of decrypting. At some point in the decryption process, the extended Euclidean algorithm (or one of its derivatives) must be used. This is another nontrivial algorithm, and it must be executed for every byte received.
So in short -- yes, it is possible to do streamed asymmetric algorithms. But it's such an enormous performance hit that it's almost universally a bad idea. Far better to use an asymmetric method to negotiate a random session key (Diffie-Hellmann key exchange is specifically designed just for this), and then use a very fast symmetric algorithm to encrypt the stream.
If I recall correctly, algorithms like Blowfish are something like three orders of magnitude faster than asymmetric algorithms like RSA or Diffie-Hellmann. It's significant.
I may be off somewhat on some of my statements; I don't have my usual crypto references handy. So take this with a grain of salt.
The first thing I want to ask is, "What kind of crack are you on?"
I run Linux. I also happen to have a really huge amount of affection in my heart for OpenBSD. One's my preference for desktops, one's my preference for servers. Am I a BSD supporter? Absolutely. Am I a Linux supporter? Absolutely.
So, who's this "we" you're referring to when you say "we hate the GPL"? I certainly don't hate it. It's a software license, not the end of the world. It doesn't virally infect your software; rather, the authors of GPLed software merely assert their rights as authors to keep you from using their software in non-GPLed software. Most authors who release their code under GPL do so for strong moral reasons. You might not like someone else's strong moral reasons, but I certainly hope you're mature enough to respect their reasons instead of hating their reasons.
Insofar as Linux being technically inferior to BSD, I really don't see how that's happening, either. The various BSDs are significantly lacking when it comes to hardware support; Linux tends to punch new drivers out like they're movie tickets. That doesn't make Linux more technically advanced; it just means they get drivers out faster. And BSD's faster TCP/IP stack doesn't mean that Linux's is inferior; it just means the BSD TCP/IP stack is faster.
A difference between two things does not always imply that one is superior and one is inferior.
Linux is an SVR4 clone. It has a poor development model.
A lot of really cool hacks were developed on SysV systems, friend. I'd suggest showing a little more respect for our AT&T brothers. Insofar as Linux's "poor development model" -- this one is so laughably false that I really can't refute it. Is it chaotic? Unquestionably. Haphazard? Not hardly. Chaotic systems coalesce and interact to create extremely complex, subtle effects. The Linux kernel is a good example. BSD has the planning and structure of a classical symphony; Linux has the general feel of a really good jazz quartet. Which one is better? Depends entirely on whether you prefer classical or jazz.
I'm a jazz man, myself.
BSD isn't fragmenting the UNIX community...
Agreed, wholeheartedly. Each flavor of BSD caters to a different segment of the community, and the richness of BSD flavors is one of the reasons why BSD is such an attractive choice. I don't like FreeBSD or NetBSD, but OpenBSD rocks my world.
Linux is.
Let me repeat my earlier question: what kind of crack are you on?
The real UNIX fragmentation problem is the absurd number of Linux distros, which, despite what some Linux folk say, have very significant differences.
Well, duh. OpenBSD and FreeBSD have very significant differences, too, but they have far more in common. Similarly, SuSE has significant differences from Debian, but I've never had problems installing SuSE packages on my Red Hat box and then installing a Debian package.
If you're going to claim that the fragmentation of BSDs doesn't fragment the UNIX community, then you've got to extend the same civility to the Linux community. Neither one is causing the fragmentation of UNIX. UNIX fragmented long, long before either BSD or Linux came out.
BSD was in widespread usage before Linux
... and MVS/TSO was in widespread usage before BSD. Older != better, newer != better.
I'm really getting sick of the Linux mentality that we need a gleaming, one world OS.
Find me a Linux user who believes this and I'll personally whack the idiot with a clue-by-four. The people who grok Linux know, beyond any shadow of a doubt, that Linux is not the Way, the Truth and the Life. Linux is an operating system, and a pretty damn good one. As soon as Linux stops fitting our needs, we'll toss it and make something that does.
And y'know what? BSD will do the exact same thing if BSD ever stops being useful.
First off, that's not a threat. If it had been a threat, it would have come from an attorney. When I read that, I see someone giving you warning that, in his opinion, you're coming dangerously close to crossing a line you can't uncross. Instead of being angry at him, I'd be thankful.
Secondly, McCandlish asserted that "[y]ou are knowingly or negligiently making provably false statements about TRUSTe with intent to harm their reputation. That's libel." Well, guess what: if that's what you were doing, that is libel, and it's wrong.
Truth is the penultimate defense in libel lawsuits; if what you write is true, then even if it's written with malice it's not libel. If you're acting in good faith, then even if you write is untrue, it's not libel. But if what you write is untrue and you're not acting in good faith, then, brother, you are in trouble and there's no way anyone's going to come to your defense.
Why is it you cited only a few excerpts from McCandlish's EMail, without citing any of your own statements to demonstrate that what you were saying wasn't untrue? The words "provably false" are, if McCandlish is correct in that they are provably false, important in that they demonstrate that what you were saying is false. The words "you are knowingly or negligiently" are, again if McCandlish is correct and you were knowingly or negligiently making these assertions, important in that it shows you don't have a good-faith defense.
You expect a public apology from a man who believes that you were acting libelously? And you expect Slashdot to rally behind you in a "damn the man!" frenzy? It's not going to happen. If you want to demonstrate that what you were saying wasn't false, or that it was based on good-faith information you possessed, then fine -- do it -- then I'll believe that McCandlish was off his rocker.
But until then, brother, all you're doing is getting ticked off because someone told you, "You're screwing up, and TRUSTe could take you to court over this and win".
Wise men pay attention when other people tell them they're screwing up. Fools cling to a tenacious belief that everything they do is right.
Warning: I am not a lawyer, and nothing in here is legal advice.
If you're going to send that, then I suggest reading "Civil Actions for Dummies"... several times... all six thousand volumes.
In case you haven't noticed, these people are attorneys. They are paid hundreds of dollars an hour by corporations like IDG just to stomp on people like you. Just writing that letter probably cost IDG a cool $300. If you get pissy with them, then they will drop the hammer on you.
They honestly don't give a shit if you're polite to them or not. What they care about is protecting and preserving the intellectual-property rights of their client, IDG. Snippiness is completely irrelevant to them.
If you want to avoid a long, prolonged flamewar with a lawyer -- and when lawyers flame, they do it in ways that your pocketbook will feel -- then I suggest writing back a polite, professional letter.
This is not Usenet, and you do not get style points for creative flamage.