Let me tell you a story. My dad asks me if he should pirate photoshop. I told him no, said the reasons for why most ways of pirating are bad (possible trojeans, lawsuits, etc). So he asks me what should he do. So I told him about GIMP. His response was why would he use inferior tools. So I said what about paint shop pro. He responded inferior and costly. So I told him about the low cost version of photoshop (stripped down a bit). He looked at it and his response was that important features are missing from it. I told him he does not need those features, and his response was what if I do.
Basically Adobe runs into the problem where every person that wants to do image editing is now thinking "photoshop or bust". And all of those types will end up pirating it or not doing any image editing at all. I think my dad went the no editing at all route, because he wanted to only use photoshop for editing (not that he knows how).
And how is this different then just sending a png with the text. I guess it could then be dynamically sized -- but somehow I think that even Flash will have a hard time figuring out if I like my fonts triple sized.
AFAIK it is 32 bit, but if you have 32-compat libraries installed, it will just run in 32 bit mode automatically.
This is unlike flash, since it does not have its own process, it needs that the parent application (firefox) runs in 32-bit mode as well.
However, if you are really desparate for a 32 bit system, but have a 64 bit system, you should set up a 32-bit chroot. It wastes disk space -- but can be highly useful.
You go into any place where selling is allowed. (Flea markets, etc) Look for the big sign that says SOFTWARE, WINDOWS, OFFICE. No need for hiding -- no one is cracking down.
And people have a deep mindset that software is free.
If MS ever clamps down on people, they will either continue to pirate more covertly...or they will switch to linux. MS will not have a hold on that market until they will manage to change the mindset.
which is dropping the price on the normal product to something the local economy can supporty
There is a problem in this statement. Suppose I sell a product in another country for 10% of the price. Immediately someone will step up to redistribute that product back in the US for 50% of the price.
We live in the world market nowdays. There is very little that protects the separate pricing schemes. Many tariffs are considered illegal. The only thing left is packing and shipping costs.
Microsoft can chuse to fight that with contracts prohibiting reimportation, but it can fail due to first sale doctrines (if the contracts are not explicitly signed for rental, and not ownership).
As for the starter Edition, I think MS knew they were not going to sell any. I doubt they even spent the money testing it. The SE is there just to pressure governments into cracking down on piracy, since they no longer can use the "it is too expensive for anyone to buy" excuse.
The problem is that since everything on the low end has to be certified/encrypted, it can not run on your high end TC-free machine. So no more email from grandma for you.
And of course since 95% of the world is going to be on the low end, they will blame you for not being able to interoperate with them. This would be similar to how linux user now complain about Word document email...but for now you can use antiword/less to read them...what will happen if that were to become impossible.
I for one hope that the low end will not become a great majority.
I was misusing the terminology to try to clarify the point
You are not the only one. By message space -- I meant hash space. (So it may have sounded like I said the opposite of what I was trying to say)
And the more I think about it the more I think that it is 2^n. Finding a hash does not yield a string....hence you end up searching for strings....not hashes.
But then again -- there may be a different way to do a brute force attack, that I am not thinking of. I will probably leave this topic at this point , and leave it to real mathematicians to sort this out. I never was strong on counting, and unfortunately it shows.
Even if you ignore most of my other advice, NEVER allow a contractor to remove or not leave a pull string in a conduit run
That also typically means that you should have conduit runs...to everywhere you might consider it. Any closet could later become a server closet, so put two conduits to a closet as well.
If your house is multi-story, you would probably want the conduits going between floors. It was the biggest PIA to get CAT5 going to the first floor in my house, as it felt like every conduit was hitting a beam. and did not go below. There was two conduits with power and the other one media going from crawl to attic at the most inaccessible point imaginable.
Oh, that brings me to the last point....make sure all conduits are accessible without great pain.
As for the pull string -- that is usually nothing to worry about. I simply used a drain cleaner (a long metal blade that is both fairly flexible, but will stay straight unless provoked. Basically a less bendy measuring tape) with a hole on the tip. Simply push the drain cleaner through...and tie a string, then pull the drain cleaner out.
Conclusion: have multiple conduits crossing floors as well. (remember to keep data and power separate) Make sure they are going everywhere, and you will be alright for the future.
I am slightly confused over one thing....to do any attacks aren't you searching the string space rather than the message space....which would allow for replacement (duplicates) in the message space.
So in effect -- you could end up searching through unbounded number of strings before finding something that hashes to x. So I do not see where halfing of the space comes from. Each string has a 1/(2^n) probability of hashing to x -- therefore the expected time to success is 2^n.
and I am confused over the term mean expected time to success.....would not that be E(E(X=x)) = E(X=x), since each run of X is independent. So for independent X, mean expected time to success and expected time to success are the same thing.
What am I missing. Sorry to keep bugging you...but it feels like I need a good refresher in statistics.
Do not panic and read the sibling thread. I am in the wrong here...2^69 is the birthday attack... but for some reason my mind changed the sha-1 to 80-bit and the pair collision to a specific string collision search....
I am clearing up my mind in the your posts sibling.
Actually -- it is my mind that is turned off due to it being a Saturday probably. Should that be (2^n) and not 2^(n-1) for the preimage. It sounds like that if you have a 1 over 2^n probability of getting any string to hash to x, then your expected succeess time would be 2^x.
I even forgot that SHA-1 is 160 bit...and I keep thinking it is an 80-bit hash. You are obviously right...shoot I even forgot my favorite latin phrase for "everything is obvious once explained".
The perfect hash does exist, but it is unfeasable. It requires that there is a perfect secure storage of unlimited size...but the basic point of it is for every string generate a unique random number of x bits, and then store the the mapping of the string to the number. Given that number generator is perfect, the strings map uniformly over the entire space, and any string has exactly 1 over 2^x probability of mapping to the same hash, and due to complete random mapping, there can be no weakness in the mapping itself. Now -- since I made 2 mistakes already -- I think I will swallow any traces of remaining pride and immediately ask if there are mistakes in this hash. (assume no one can read the actual mapping)
However, you still get the 2^x preimage attack, and 2^(x/2) complexity for collision due to birthday paradox.
Now obviously I am not an expert in the field...but wouldn't 2^(n/2) mappings result in a huge huge list of strings, which then you have to proceed to find a matching. My mind is quite slow right now... but how much time would it take to search for which of the 2^(n/2) strings you generated actually collided?
My guess is that if you use any datastructure hash or a trie comes to mind, then you will need the amount of memory to store each of the 2^(n/2) strings that are generated....which seems huge. Is this even feasable....I guess one could reduce the strings to their ordinal numbers and then store those in the hash....but then you would still get 2^69 integers in the hash....still does not sound feasable....
Oh I see. So this means that I can generate a colliding pair in 2^69, but I have to generate pairs of strings without fixing any of them. Interestingly enough...if the hash is perfect then the collision attack and pre-image attack would require the same computational complexity....which makes me think is usually not the case given any hash function in P memory and time.
Obviously it is the case in the perfect hash function...but the only perfect hash that I can think of requires exponential space.
Ummm. No. It is because given any string, I can produce another string with the same hash faster.
And yes you do sign gibberish...It is called keys, which are used for encrypted communication. Now I can produce the key with the same hash as your key faster, and (depending on session speed) I can substitute my key for your key.
Now -- all this only means that I can do it about 2048 times faster...not by much, and assuming there are no other weaknesses...the sha-1 hash continues to be pretty good. The increase in computing power makes all hashes absolete eventually, and this change only means that SHA-1 will be absolete faster.
And you are right -- if you have another security hole, then it is irrelevant if SHA-1 is broken or not....But consider this: a typical hacker does not know about your specific security hole, but he knows of SHA-1 hole. Sometimes it is easier to just exploit a known hole, as opposed to try to find one that is easier to exploit.
I know you are joking, but why not have animated vector fonts. Now I can really have that aqua font I always wanted.
Also imagine if the font specifies its own translucency and reflectivity with normal angles. Suddenly you can now have a terminal where the fonts look like they are made of glass or mirrors, and reflect other fonts and applications around you.
Of course -- taking this to the extreme, we should have ray traced desktops for that ultimate visual candy.
Raytraced desktops are the way of the future. Remember you heard it here first. (actually you probably did not -- since I am sure thousands of other people have probably considered it, and it is probably implemented in some obscure way on N64 or something)
on Windows most of the dependancies are built in to the operating system, and the others, aren't covered by licenses that say things that make them hard to distribute or anything, so they are included when you install software.
Are you sure that you are talking about the same DLL hell. And if you are, how is the above quote a solution, rather than a problem? DLL hell occurs because the libraries are distributed with the software and not managed. Here are three cases of DLL hell:
Application assumes that library is installed, and therefore does not bundle it with the program. Result: library missing, program does not run. This happens either due to programmer oversight, or due to newer version of windows not including the library, or library being installed by an optional component that is common, but not on this specific machine. The only solution is to search for the DLLs manually -- an extremely painfull process, due to versioning and registration issues.
Uninstalling application removes a DLL. This happens due to faulty install toolkits, most of which make assumption about underlying library management. If the install toolkit does not understand your version of windows, then it may cause damage. Result: applications can not find libraries, and do not run. Solution: reinstall each application that broke.
Two incompatible versions of the library share the same name. I know this is solved by having multiple versions installed, both in windows and in linux, but it seems to happen in windows, albeit rarely.
These issues exist in linux, but none of them is a fault of any specific application except the package manager. Having correct dependencies is the key, and Windows is now taking the same approach by using MSI, which attempts to control which libraries are being used and which are not.
This is a right solution, and it fails only when the package has a mistake in its dependency list, in which case it is quite easy to fix -- manually install the dependency, instead of hunting for individual files, that are never distributed separately.
Basically I do not understand which side is to be taken. If software patent is something like 1-click shopping, or the look and feel of the interface, or some crappy new way of solving the same problem, then I am against it.
But if it something like a completely radical new way of designing OS's, or things like RSA, then I will actually side with software patents being a good thing.
Also I am worried about legally distinguishing the two cases above. Can it even be done?
The format is standardized over a very generic self-describing protocol. Thus a different keyboard may send the same key using different method. However, if all traffic is recorded, then it should not take too much effort to figure it out.
If not all traffic is recorded or the device actually wants to grab keys not USB msgs, the job is made harder, since the keylogger will have to ask the keyboard to resend its usage codes, and then proceed to use those codes to link them with reports sent when the buttons are pressed.
This is not an easy task, but doable. (Note: some keyboards use a dumb protocol -- as in ps/2 over usb... Those are much simpler, but are a rarity nowdays, I think.)
I was never talking about whether or not the system can actually support itself using fares only. In fact I am not aware of any transportation system which survives without major subsidies. Most metro area transport is funded by local taxes, and national transport gets huge subsidies in form of facilities (as in airports and rights of way).
The point I was making is that it is hard to make US Cities have really good transport systems, as densities tend to be lower than in Cities in the rest of the world. NYC is one example in US where this is not the case, and the system actually does work.
Many US cities have subways, but the city needs to have at least a million people, before it is at all useful.
And once it is in place, it is underused. The main reason is that the cities in US are lower density. For example NYC has an incredibly useful system through Brooklyn, Queens, and Manhattan, becuase those areas are quite dense. However, few US cities get to that point.
At best, what ends up happening is that subways/commuter rail/other transport becomes a park and ride...meaning it is a way to save money on parking, by parking further from the center. This system works, but unfortunately it does not create a good transportation system, causing people to rely on cars for everything but going to the center.
Has nothing to do with cities not being world class.
Re:I guess someone at TiVo downloaded Mythtv
on
TiVo to Offer SDK
·
· Score: 1
If one truly cares, this can probably be done by opening the receiver and tapping the mpeg stream straight after the tuner/decrypter, and then running that into a firewire port.
I am sure someone already has sites about it. But I am too lazy, and someone else will probably reply with links.
Slashdot Mirror
Let me tell you a story. My dad asks me if he should pirate photoshop. I told him no, said the reasons for why most ways of pirating are bad (possible trojeans, lawsuits, etc). So he asks me what should he do. So I told him about GIMP. His response was why would he use inferior tools. So I said what about paint shop pro. He responded inferior and costly. So I told him about the low cost version of photoshop (stripped down a bit). He looked at it and his response was that important features are missing from it. I told him he does not need those features, and his response was what if I do.
Basically Adobe runs into the problem where every person that wants to do image editing is now thinking "photoshop or bust". And all of those types will end up pirating it or not doing any image editing at all. I think my dad went the no editing at all route, because he wanted to only use photoshop for editing (not that he knows how).
And how is this different then just sending a png with the text. I guess it could then be dynamically sized -- but somehow I think that even Flash will have a hard time figuring out if I like my fonts triple sized.
It is still nice to be able to run both without chrooting. For that there are a bunch of emul-libs that hook 64 bit apps into 32 bit libs.
Are there emul-libs that hook 32 bit apps into 64 bit libs?
AFAIK it is 32 bit, but if you have 32-compat libraries installed, it will just run in 32 bit mode automatically.
This is unlike flash, since it does not have its own process, it needs that the parent application (firefox) runs in 32-bit mode as well.
However, if you are really desparate for a 32 bit system, but have a 64 bit system, you should set up a 32-bit chroot. It wastes disk space -- but can be highly useful.
Wow. Here is the way it is done in Russia.
You go into any place where selling is allowed. (Flea markets, etc) Look for the big sign that says SOFTWARE, WINDOWS, OFFICE. No need for hiding -- no one is cracking down.
And people have a deep mindset that software is free.
If MS ever clamps down on people, they will either continue to pirate more covertly...or they will switch to linux. MS will not have a hold on that market until they will manage to change the mindset.
which is dropping the price on the normal product to something the local economy can supporty
There is a problem in this statement. Suppose I sell a product in another country for 10% of the price. Immediately someone will step up to redistribute that product back in the US for 50% of the price.
We live in the world market nowdays. There is very little that protects the separate pricing schemes. Many tariffs are considered illegal. The only thing left is packing and shipping costs.
Microsoft can chuse to fight that with contracts prohibiting reimportation, but it can fail due to first sale doctrines (if the contracts are not explicitly signed for rental, and not ownership).
As for the starter Edition, I think MS knew they were not going to sell any. I doubt they even spent the money testing it. The SE is there just to pressure governments into cracking down on piracy, since they no longer can use the "it is too expensive for anyone to buy" excuse.
The problem is that since everything on the low end has to be certified/encrypted, it can not run on your high end TC-free machine. So no more email from grandma for you.
And of course since 95% of the world is going to be on the low end, they will blame you for not being able to interoperate with them. This would be similar to how linux user now complain about Word document email...but for now you can use antiword/less to read them...what will happen if that were to become impossible.
I for one hope that the low end will not become a great majority.
Macromedia Flash continues to not have a 64-bit linux version.
I make sure to leave a note to all websites that use flash heavily for ads, that they did not even have a chance at getting any money due to my visit.
I was misusing the terminology to try to clarify the point
You are not the only one. By message space -- I meant hash space. (So it may have sounded like I said the opposite of what I was trying to say)
And the more I think about it the more I think that it is 2^n. Finding a hash does not yield a string....hence you end up searching for strings....not hashes.
But then again -- there may be a different way to do a brute force attack, that I am not thinking of. I will probably leave this topic at this point , and leave it to real mathematicians to sort this out. I never was strong on counting, and unfortunately it shows.
Thanks for the comments.
Even if you ignore most of my other advice, NEVER allow a contractor to remove or not leave a pull string in a conduit run
That also typically means that you should have conduit runs...to everywhere you might consider it. Any closet could later become a server closet, so put two conduits to a closet as well.
If your house is multi-story, you would probably want the conduits going between floors. It was the biggest PIA to get CAT5 going to the first floor in my house, as it felt like every conduit was hitting a beam. and did not go below. There was two conduits with power and the other one media going from crawl to attic at the most inaccessible point imaginable.
Oh, that brings me to the last point....make sure all conduits are accessible without great pain.
As for the pull string -- that is usually nothing to worry about. I simply used a drain cleaner (a long metal blade that is both fairly flexible, but will stay straight unless provoked. Basically a less bendy measuring tape) with a hole on the tip. Simply push the drain cleaner through...and tie a string, then pull the drain cleaner out.
Conclusion: have multiple conduits crossing floors as well. (remember to keep data and power separate) Make sure they are going everywhere, and you will be alright for the future.
I am slightly confused over one thing....to do any attacks aren't you searching the string space rather than the message space....which would allow for replacement (duplicates) in the message space.
So in effect -- you could end up searching through unbounded number of strings before finding something that hashes to x. So I do not see where halfing of the space comes from. Each string has a 1/(2^n) probability of hashing to x -- therefore the expected time to success is 2^n.
and I am confused over the term mean expected time to success.....would not that be E(E(X=x)) = E(X=x), since each run of X is independent. So for independent X, mean expected time to success and expected time to success are the same thing.
What am I missing. Sorry to keep bugging you...but it feels like I need a good refresher in statistics.
Thanks.
Do not panic and read the sibling thread. I am in the wrong here...2^69 is the birthday attack... but for some reason my mind changed the sha-1 to 80-bit and the pair collision to a specific string collision search....
I am clearing up my mind in the your posts sibling.
Actually -- it is my mind that is turned off due to it being a Saturday probably. Should that be (2^n) and not 2^(n-1) for the preimage. It sounds like that if you have a 1 over 2^n probability of getting any string to hash to x, then your expected succeess time would be 2^x.
... but how much time would it take to search for which of the 2^(n/2) strings you generated actually collided?
I even forgot that SHA-1 is 160 bit...and I keep thinking it is an 80-bit hash. You are obviously right...shoot I even forgot my favorite latin phrase for "everything is obvious once explained".
The perfect hash does exist, but it is unfeasable. It requires that there is a perfect secure storage of unlimited size...but the basic point of it is for every string generate a unique random number of x bits, and then store the the mapping of the string to the number. Given that number generator is perfect, the strings map uniformly over the entire space, and any string has exactly 1 over 2^x probability of mapping to the same hash, and due to complete random mapping, there can be no weakness in the mapping itself. Now -- since I made 2 mistakes already -- I think I will swallow any traces of remaining pride and immediately ask if there are mistakes in this hash. (assume no one can read the actual mapping)
However, you still get the 2^x preimage attack, and 2^(x/2) complexity for collision due to birthday paradox.
Now obviously I am not an expert in the field...but wouldn't 2^(n/2) mappings result in a huge huge list of strings, which then you have to proceed to find a matching. My mind is quite slow right now
My guess is that if you use any datastructure hash or a trie comes to mind, then you will need the amount of memory to store each of the 2^(n/2) strings that are generated....which seems huge. Is this even feasable....I guess one could reduce the strings to their ordinal numbers and then store those in the hash....but then you would still get 2^69 integers in the hash....still does not sound feasable....
Thanks.
You are probably right...the 2^69 confused me.
Oh I see. So this means that I can generate a colliding pair in 2^69, but I have to generate pairs of strings without fixing any of them. Interestingly enough...if the hash is perfect then the collision attack and pre-image attack would require the same computational complexity....which makes me think is usually not the case given any hash function in P memory and time.
Obviously it is the case in the perfect hash function...but the only perfect hash that I can think of requires exponential space.
Ummm. No. It is because given any string, I can produce another string with the same hash faster.
And yes you do sign gibberish...It is called keys, which are used for encrypted communication. Now I can produce the key with the same hash as your key faster, and (depending on session speed) I can substitute my key for your key.
Now -- all this only means that I can do it about 2048 times faster...not by much, and assuming there are no other weaknesses...the sha-1 hash continues to be pretty good. The increase in computing power makes all hashes absolete eventually, and this change only means that SHA-1 will be absolete faster.
And you are right -- if you have another security hole, then it is irrelevant if SHA-1 is broken or not....But consider this: a typical hacker does not know about your specific security hole, but he knows of SHA-1 hole. Sometimes it is easier to just exploit a known hole, as opposed to try to find one that is easier to exploit.
Next time, subpoena the ad.
Thanks for the laugh.
I know you are joking, but why not have animated vector fonts. Now I can really have that aqua font I always wanted.
Also imagine if the font specifies its own translucency and reflectivity with normal angles. Suddenly you can now have a terminal where the fonts look like they are made of glass or mirrors, and reflect other fonts and applications around you.
Of course -- taking this to the extreme, we should have ray traced desktops for that ultimate visual candy.
Raytraced desktops are the way of the future. Remember you heard it here first. (actually you probably did not -- since I am sure thousands of other people have probably considered it, and it is probably implemented in some obscure way on N64 or something)
Suppose you do this, and you can still reach the whole internet, how does this help you? Stuff from UUNET/MCI can still find you.
Would it not be more intelligent to find their ipblock and filter on that.
I think IHBT.
Are you sure that you are talking about the same DLL hell. And if you are, how is the above quote a solution, rather than a problem? DLL hell occurs because the libraries are distributed with the software and not managed. Here are three cases of DLL hell:
These issues exist in linux, but none of them is a fault of any specific application except the package manager. Having correct dependencies is the key, and Windows is now taking the same approach by using MSI, which attempts to control which libraries are being used and which are not.
This is a right solution, and it fails only when the package has a mistake in its dependency list, in which case it is quite easy to fix -- manually install the dependency, instead of hunting for individual files, that are never distributed separately.
Can someone clearly explain this.
Basically I do not understand which side is to be taken. If software patent is something like 1-click shopping, or the look and feel of the interface, or some crappy new way of solving the same problem, then I am against it.
But if it something like a completely radical new way of designing OS's, or things like RSA, then I will actually side with software patents being a good thing.
Also I am worried about legally distinguishing the two cases above. Can it even be done?
Thanks.
Then someone would have forked BSD with a GPL license.
The format is standardized over a very generic self-describing protocol. Thus a different keyboard may send the same key using different method. However, if all traffic is recorded, then it should not take too much effort to figure it out.
If not all traffic is recorded or the device actually wants to grab keys not USB msgs, the job is made harder, since the keylogger will have to ask the keyboard to resend its usage codes, and then proceed to use those codes to link them with reports sent when the buttons are pressed.
This is not an easy task, but doable.
(Note: some keyboards use a dumb protocol -- as in ps/2 over usb... Those are much simpler, but are a rarity nowdays, I think.)
I was never talking about whether or not the system can actually support itself using fares only. In fact I am not aware of any transportation system which survives without major subsidies. Most metro area transport is funded by local taxes, and national transport gets huge subsidies in form of facilities (as in airports and rights of way).
The point I was making is that it is hard to make US Cities have really good transport systems, as densities tend to be lower than in Cities in the rest of the world. NYC is one example in US where this is not the case, and the system actually does work.
Many US cities have subways, but the city needs to have at least a million people, before it is at all useful.
And once it is in place, it is underused. The main reason is that the cities in US are lower density.
For example NYC has an incredibly useful system through Brooklyn, Queens, and Manhattan, becuase those areas are quite dense. However, few US cities get to that point.
At best, what ends up happening is that subways/commuter rail/other transport becomes a park and ride...meaning it is a way to save money on parking, by parking further from the center. This system works, but unfortunately it does not create a good transportation system, causing people to rely on cars for everything but going to the center.
Has nothing to do with cities not being world class.
If one truly cares, this can probably be done by opening the receiver and tapping the mpeg stream straight after the tuner/decrypter, and then running that into a firewire port.
I am sure someone already has sites about it. But I am too lazy, and someone else will probably reply with links.