Sure, it could do that. But that would give you a less accurate result. Why should it go to extra effort to provide a less accurate result unless some standard or specification requires it to? If you really need that, GCC does provide an option for it, '-ffloat-store'. But it has a performance and accuracy penalty.
It's not fair to blame this on the x87 FP. The bug is in PHP.
PHP performs operations and gets results that the compiler ensures fully comply with the requirements of the C standard. PHP relies on assumptions that are false for the x87 FP, but these are *invalid* assumptions.
Primary blame goes to PHP. Secondary blame goes to the C specification for not putting tighter requirements on floating point operations. Tertiary blame goes to x87 FP for providing a more accurate answer than PHP expected.
Believe it or not, that really does seem to be the fix for the problem. Using 'volatile' to force loads and stores to and from memory is the accepted workaround for cases where additional internal FPU precision causes a problem.
Sorry, the article is fundamentally wrong. It is only this kind of indiscriminate leaking that makes it possible for people to get a holistic understanding of what our diplomats are actually doing in our name. For example, the lack of any discussion about pushing Arab countries on human rights issues cannot be brought to the public's attention any other way that I know of.
The patent, aside from using "degrees Kelvin" twice, only covers combining the communications device with building illumination. This is a remarkably pointless thing to do and conveys no obvious benefit. (Oddly, the patent also would only be infringed by a system including at least one name tag that communicates with the system.)
And if you have no job and haven't applied for whatever assistance your country provides and there's nobody willing to provide you a free meal, you may find yourself in a situation where you have to steal or starve. The answer to all these hypotheticals is to plan ahead and not get into a bad situation. And if despite your planning, bad things still happen to you by pure bad luck, then you will suffer some bad consequences. So what? So we re-engineer the whole world so that there are no bad consequences?
No, you can't legally get around their tech embargo. See 17 USC 1201: "No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that.. is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title..."
The Xbox360's firmware, microcode, and dashboard are all works protected under title 17.
An attacker has two mechanisms by which he could break the scheme. He could find the password, or he could find some other password that hashes to the same value. In most real world cases, the former will be much simpler than the latter. So increasing the difficulty of the former has significant value.
If your password is going to be something like "hTudv9-TvlINqz;i" then I agree, there's no point in making it more than about 16 characters. There's about 92 bits in there, and it's not going to be brute forced no matter what.
In practice, most passwords of 16 character length will be more like 'firefly-absta1ns' if we're lucky (40-50 bits or so) and so will not have nearly that strength.
Sure, *IF* you manage to find a 4-char string. But that's like saying there's no point in having a combination to a safe because *if* a burglar manages to guess the combination on his first try...
That assumes that an 8-character password will contain 8 characters each equally likely to be any of 128 characters. If so, that would be an incredibly strong 8-character password, suitable for almost any application where SHA-1 would be used to hash a password.
In addition, this attack cannot (yet) be used where the original input to the hash function is unknown, so it wouldn't affect the use of SHA-1 for this purpose. (It does affect digital signature applications.) And the current status of this attack is that it has defects that may or may not be fixable -- so the attack may not even exist.
This is a myth. Actually, MD5 and SHA-1 together are a very inefficient use of both your CPU cycles and your bits. If you needed a 288-bit hash, taking the first 288 bits of a SHA-512 hash is believed to be significantly stronger than a 128-bit MD5 followed by a 160-bit SHA-1 hash, and it would take less time to generate.
There is no evidence that using hash functions from two different families has any effect on the chance of finding collisions. Theoretically, n-bit collisions should be no harder or easier to find if all n bits come from the same algorithm than if some of them come from one algorithm and some come from another.
So a job that requires you to have your own car is no different in spirit from a job that requires you to have your own 747? A big enough difference in scale is a difference in spirit, and there is no doubt that this qualifies.
That. The problem is that the vast majority of people don't need the CPU power that's becoming available. In the past, the software and applications changed such that you needed a new computer every three years ago or there was lots of stuff you couldn't do.
The trend away from desktops and the slow market for upgrades is all coming from the fact that a three year old CPU is perfectly satisfactory for what most people want to do with their computers. Gamers and servers are helping to keep the high end going, but unless there's a new "killer app", Moore's law won't much matter. Computers will just cheaper.
Maybe video editing? Or Flash can get to be even more of a resource hog?
Yes, exactly. And that's why it's so surprising that there's no good way to do what he wants.
The only quirk is that he wants to keep frequently-read, rarely-modified sectors on the SSD. Not frequently-used data, and not recently-modified data. He needs the software to identify frequently-read, rarely modified data and store *that* on the SSD.
Actually, that's not even strictly necessary. For example, a coin flip is, in a sense, completely unpredictable. But in another sense, you can perfectly predict that it will either come up heads or tails, and it will not come up 3 or Fred.
To put it more precisely, you can perfectly predict that half the time a coin will come up heads and half the time it will come up tails. So if you frequently have opportunities where you'll make $50 if it comes up heads but lose $45 if it comes up tails, you can reliably make money over time betting on coin flips, even though the coin flips are entirely unpredictable.
It is in this sense that you need not predict the market to make money. You need only determine probabilities for various market outcomes and take only bets where you have a statistical chance of a net gain.
Even if you did know that these were digits of pi, you still couldn't know the next digit was 5. To know that the next digit was 5, you'd have to know that the sequence "7,8,4,8,8,9,1,0,1,5,9,8,6,0,3,0,9,3" doesn't appear anywhere in the digits of Pi (or else the next number could be 3), and there is no conceivable way you could know that.
"The GPL is there to allow modification and that of course includes the ability to actually compile the source back into a working executable."
Sure, on open platforms. The GPL is not about opening hardware nor is about using software to pry open platforms. (This was an explicit decision, by the way. It was specifically decided not to make any attempt to pry open closed hardware.)
The spirit of the GPLv2 is that the source code be open. Full stop.
What good is source code when you can't compile and run it? How do you help your neighbor when the binary you have is completely useless for him?
Free Software is about freedom, the DRM on the iPhone is there to prevent people from exercising the freedom that the GPL gives them.
Nothing about the GPL guarantees that you will find the source code useful. What it does guarantee is that if you have the binary, you will have access to the source code. That is its spirit. It is about open *source*, not open platforms or hardware.
What good is it? Well, for one thing, you can take all of part of it to an open platform, if you want to.
The GPL doesn't guarantee that you'll be able to help your neighbor either. But it does guarantee that the source will be open, so that if the source is useful to your neighbor, you can give it to him.
This is about open *source*. Really. That's the spirit of the GPL.
It is not about open platforms, open binaries, useful source, or the like.
The fact that the GPLv3 deviated from that principle is one of the reasons that a lot of people who like GPLv2 don't like GPLv3. Of course, it's also the reason a lot of people who didn't like the GPLv2 like the GPLv3.
The GPLv3 is not a better job of expressing the same spirit as the GPLv2. It reflects a significant change in what the spirit of the GPL actually is. And a lot of people who picked the GPLv2 and donated code under it believed in the old spirit.
As for the DRM on the iPhone preventing people from exercising the freedoms the GPL gives them, which freedom would that be exactly? I don't see where the GPL say anything about being able to use open source on a closed platform. The GPL freedoms are availability of source code and the ability to modify that source code and put it on the open platform of your choice.
A prohibition against closed platforms, in fact, would be totally against the spirit of the GPL. The GPL is about being able to do *whatever* you want with the source code, even lock it down or use it on closed platforms. (With others free to unlock it or move it to open platforms, of course.)
Slashdot Mirror
Sure, it could do that. But that would give you a less accurate result. Why should it go to extra effort to provide a less accurate result unless some standard or specification requires it to? If you really need that, GCC does provide an option for it, '-ffloat-store'. But it has a performance and accuracy penalty.
It's not fair to blame this on the x87 FP. The bug is in PHP.
PHP performs operations and gets results that the compiler ensures fully comply with the requirements of the C standard. PHP relies on assumptions that are false for the x87 FP, but these are *invalid* assumptions.
Primary blame goes to PHP.
Secondary blame goes to the C specification for not putting tighter requirements on floating point operations.
Tertiary blame goes to x87 FP for providing a more accurate answer than PHP expected.
The max processing time check won't help you. It doesn't occur inside internal library functions. It is only checked between them.
Believe it or not, that really does seem to be the fix for the problem. Using 'volatile' to force loads and stores to and from memory is the accepted workaround for cases where additional internal FPU precision causes a problem.
Sorry, the article is fundamentally wrong. It is only this kind of indiscriminate leaking that makes it possible for people to get a holistic understanding of what our diplomats are actually doing in our name. For example, the lack of any discussion about pushing Arab countries on human rights issues cannot be brought to the public's attention any other way that I know of.
The patent, aside from using "degrees Kelvin" twice, only covers combining the communications device with building illumination. This is a remarkably pointless thing to do and conveys no obvious benefit. (Oddly, the patent also would only be infringed by a system including at least one name tag that communicates with the system.)
And if you have no job and haven't applied for whatever assistance your country provides and there's nobody willing to provide you a free meal, you may find yourself in a situation where you have to steal or starve. The answer to all these hypotheticals is to plan ahead and not get into a bad situation. And if despite your planning, bad things still happen to you by pure bad luck, then you will suffer some bad consequences. So what? So we re-engineer the whole world so that there are no bad consequences?
Which one do you think is their strongest?
No, you can't legally get around their tech embargo. See 17 USC 1201: .. is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title..."
"No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that
The Xbox360's firmware, microcode, and dashboard are all works protected under title 17.
An attacker has two mechanisms by which he could break the scheme. He could find the password, or he could find some other password that hashes to the same value. In most real world cases, the former will be much simpler than the latter. So increasing the difficulty of the former has significant value.
If your password is going to be something like
"hTudv9-TvlINqz;i" then I agree, there's no point in making it more than about 16 characters. There's about 92 bits in there, and it's not going to be brute forced no matter what.
In practice, most passwords of 16 character length will be more like 'firefly-absta1ns' if we're lucky (40-50 bits or so) and so will not have nearly that strength.
Now everyone is staring at me and I'm going to have to explain why I'm laughing so hard to a bunch of people who don't even know what hashing is.
Sure, *IF* you manage to find a 4-char string. But that's like saying there's no point in having a combination to a safe because *if* a burglar manages to guess the combination on his first try ...
That assumes that an 8-character password will contain 8 characters each equally likely to be any of 128 characters. If so, that would be an incredibly strong 8-character password, suitable for almost any application where SHA-1 would be used to hash a password.
In addition, this attack cannot (yet) be used where the original input to the hash function is unknown, so it wouldn't affect the use of SHA-1 for this purpose. (It does affect digital signature applications.) And the current status of this attack is that it has defects that may or may not be fixable -- so the attack may not even exist.
http://eprint.iacr.org/2009/259
(See the last paragraph)
This is a myth. Actually, MD5 and SHA-1 together are a very inefficient use of both your CPU cycles and your bits. If you needed a 288-bit hash, taking the first 288 bits of a SHA-512 hash is believed to be significantly stronger than a 128-bit MD5 followed by a 160-bit SHA-1 hash, and it would take less time to generate.
There is no conceivable scenario in which the attacker would search for the salt.
There is no evidence that using hash functions from two different families has any effect on the chance of finding collisions. Theoretically, n-bit collisions should be no harder or easier to find if all n bits come from the same algorithm than if some of them come from one algorithm and some come from another.
So a job that requires you to have your own car is no different in spirit from a job that requires you to have your own 747? A big enough difference in scale is a difference in spirit, and there is no doubt that this qualifies.
That. The problem is that the vast majority of people don't need the CPU power that's becoming available. In the past, the software and applications changed such that you needed a new computer every three years ago or there was lots of stuff you couldn't do.
The trend away from desktops and the slow market for upgrades is all coming from the fact that a three year old CPU is perfectly satisfactory for what most people want to do with their computers. Gamers and servers are helping to keep the high end going, but unless there's a new "killer app", Moore's law won't much matter. Computers will just cheaper.
Maybe video editing? Or Flash can get to be even more of a resource hog?
Yes, exactly. And that's why it's so surprising that there's no good way to do what he wants.
The only quirk is that he wants to keep frequently-read, rarely-modified sectors on the SSD. Not frequently-used data, and not recently-modified data. He needs the software to identify frequently-read, rarely modified data and store *that* on the SSD.
Actually, that's not even strictly necessary. For example, a coin flip is, in a sense, completely unpredictable. But in another sense, you can perfectly predict that it will either come up heads or tails, and it will not come up 3 or Fred.
To put it more precisely, you can perfectly predict that half the time a coin will come up heads and half the time it will come up tails. So if you frequently have opportunities where you'll make $50 if it comes up heads but lose $45 if it comes up tails, you can reliably make money over time betting on coin flips, even though the coin flips are entirely unpredictable.
It is in this sense that you need not predict the market to make money. You need only determine probabilities for various market outcomes and take only bets where you have a statistical chance of a net gain.
Or, to put it another way, it just shows that they found a way to make random data that doesn't look very much like actual financial data.
Even if you did know that these were digits of pi, you still couldn't know the next digit was 5. To know that the next digit was 5, you'd have to know that the sequence "7,8,4,8,8,9,1,0,1,5,9,8,6,0,3,0,9,3" doesn't appear anywhere in the digits of Pi (or else the next number could be 3), and there is no conceivable way you could know that.
1) Vaginas.
2) When God has gay sex.
3) Rayleigh scattering.
"The GPL is there to allow modification and that of course includes the ability to actually compile the source back into a working executable."
Sure, on open platforms. The GPL is not about opening hardware nor is about using software to pry open platforms. (This was an explicit decision, by the way. It was specifically decided not to make any attempt to pry open closed hardware.)
The spirit of the GPLv2 is that the source code be open. Full stop.
What good is source code when you can't compile and run it? How do you help your neighbor when the binary you have is completely useless for him?
Free Software is about freedom, the DRM on the iPhone is there to prevent people from exercising the freedom that the GPL gives them.
Nothing about the GPL guarantees that you will find the source code useful. What it does guarantee is that if you have the binary, you will have access to the source code. That is its spirit. It is about open *source*, not open platforms or hardware.
What good is it? Well, for one thing, you can take all of part of it to an open platform, if you want to.
The GPL doesn't guarantee that you'll be able to help your neighbor either. But it does guarantee that the source will be open, so that if the source is useful to your neighbor, you can give it to him.
This is about open *source*. Really. That's the spirit of the GPL.
It is not about open platforms, open binaries, useful source, or the like.
The fact that the GPLv3 deviated from that principle is one of the reasons that a lot of people who like GPLv2 don't like GPLv3. Of course, it's also the reason a lot of people who didn't like the GPLv2 like the GPLv3.
The GPLv3 is not a better job of expressing the same spirit as the GPLv2. It reflects a significant change in what the spirit of the GPL actually is. And a lot of people who picked the GPLv2 and donated code under it believed in the old spirit.
As for the DRM on the iPhone preventing people from exercising the freedoms the GPL gives them, which freedom would that be exactly? I don't see where the GPL say anything about being able to use open source on a closed platform. The GPL freedoms are availability of source code and the ability to modify that source code and put it on the open platform of your choice.
A prohibition against closed platforms, in fact, would be totally against the spirit of the GPL. The GPL is about being able to do *whatever* you want with the source code, even lock it down or use it on closed platforms. (With others free to unlock it or move it to open platforms, of course.)