Is DES an algorithm or a collection or interface or something...
DES is a cipher. It's been used for years, by governments, banks, etc. It's a symmetric cipher, so the same key is used to decrypt as to encrypt.
crypt() was traditionally an interface to DES, used for passwords. It would encrypt a string of six zeros as the plaintext. The key would be the user's password, concatenated with two random bytes (the "salt"). The salt is stored along with the encrypted output. When the user logs in, the salt is retrieved, the password encrypted, and compared against the stored ciphertext.
Using the password as the key rather than the plaintext makes a hash out of DES. That way, even the sysadmin can't retrieve the password. Using the salt prevents a prebuilt dictionary from being useful: it would have to be too long to handle all the possible salts.
Yes. I know that they do lots of useful things, but how can I trust to people who release stuff like aalib.
How can you trust people who don't?
I'm serious here. Every programmer is going to need to learn different things at different times. (Everybody who thinks that programmers can learn all they need to know in college, you have the wrong idea.) They need to hone their craft. They need to practice.
Would you like programmers to have their learning, honing, practicing programs be the big, important ones that your CTO needs? Or would you rather them be silly jaunts that are for mostly for the entertainment of other programmers?
While writing an earlier post, I needed to know the mass of a superball. But I didn't see a paper on their results on the web page. Did anybody see a writeup?
Besides the problem of making a highly elastic orbital vehicle, you also have the problem of making, transporting, inflating, and lifting a basketball that's a 1500m in diameter and 980,000kg. That's about as much mass as all the fans at a Big Ten game, and the size of 50 basketball courts end-to-end.
I don't think a no-compromise solution is going to pass. This is probably as good as it's going to get.
Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.
As has been copiously explained elsewhere, hashing can deal with that problem.
The pornifity of the email is irrelevant. Spam is spam.
Yes, but emphasizing the porn aspect makes it more likely to pass.
Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.
Why would you have to say no all these times? It's a single registry!
But non-fraudulent spam is ok?
Where is that said?
I thought fraud, whatever the medium, was already illegal.
It is. But it's quite difficult to convict these guys on fraud alone. This may make it easier to convict. It also adds more charges, which is very common.
I just don't see the point of a law where enforcement is not permitted.
This may be true. But this is specifically tasking the FTC and state attorneys general with enforcement, instead of leaving it unspecified so that different enforcement agencies can ignore it.
Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?
It says "damages". Let's start with the idea that you needed to incur damages. Was this a question for clarification, or were you pointing out a fault with the bill?
Some people have told me they don't think a fat penguin really
embodies the grace of Linux, which just tells me they have never seen
a angry penguin charging at them in excess of 100mph. They'd be a lot
more careful about what they say if they had.
-- Linus Torvalds
Personally, I think that it's telling that InfoWorld feels so comfortable talking about this report that's not written yet. That fact alone shows how biased M$-commissioned reports typically are, and how well-understood this is by the industry press.
I think the funniest thing will be if Microsoft doesn't release the report... meaning that they couldn't find any way to spin it so they look good!
True, but there's a difference that's quite significant for this discussion. Microsoft Word treats files as structured objects, so they can hold code. Emacs doesn't; it treats files as byte streams. Sure, it has hooks to look for code (and ask the user if it should be executed), but it's out there where the user sees it.
If he's referring to the little "spots" like previews and such on the TiVo menu, I was of the understanding that these were downloaded from TiVo over the phone lines pre-encoded, not "taped".
Nope. Check the Discovery Channel for "Advanced Paid Programming" or something like that. Watch it sometime.
I did. That article says that John Baird (the Scot) expanded on an earlier TV made by Paul Nipkow (a German).
Personally, I tend to think of Philo Farnsworth as the inventor of the television, but that's because I tend to think of TV as an electronic, cathode ray tube device. Yes, Baird did invent a device capable of transmitting moving pictures through a medium, and it was called a "television", but it bore no resemblance whatsoever to what you and I think of as a television.
But a more subtle incentive, and one that the FSF completely ignores, is simply that it's the right thing to do. When you don't treat your users as potential thieves, but with respect, you tend to find that they will gladly open their derivative bits without you even asking. I've get patches to my own BSD licensed works, without asking for them. They spontaneously come in.
So have I. But nobody's going to get rich selling modifications of my code, so they have an economic incentive to contribute back.
RMS specifically saw problems being caused by non-copylefted software. Let's look at the 4.2 BSD TCP/IP stack. It was chock full of bugs, and I mean scores of them. But it was copied into many Unixes as their TCP/IP stack, and made propritetary. Now, because of all these networking bugs, each vendor was fixing bugs in their own source tree, but not giving back their fixes. Each vendor had to fix their code on their own, causing loads of duplicated work, and somebody using stock 4.2 saw few-- if any-- of these fixes.
SunOS 4 was based almost entirely on BSD, and Sun made many, many changes without contributing back. Why would they?
Also, remember that the GPL isn't just about returning fixes to the community. It's also about giving users the freedom to copy code. RMS writes about this:
The paradigmatic example of this problem is the X Window System. Developed at MIT, and released as free software with a permissive license, it was soon adopted by various computer companies. They added X to their proprietary Unix systems, in binary form only, and covered by the same nondisclosure agreement. These copies of X were no more free software than Unix was.
The developers of the X Window System did not consider this a problem--they expected and intended this to happen. Their goal was not freedom, just "success", defined as "having many users." They did not care whether these users had freedom, only that they should be numerous.
This lead to a paradoxical situation where two different ways of counting the amount of freedom gave different answers to the question, "Is this program free?" If you judged based on the freedom provided by the distribution terms of the MIT release, you would say that X was free software. But if you measured the freedom of the average user of X, you would have to say it was proprietary software. Most X users were running the proprietary versions that came with Unix systems, not the free version.
You'll also note that X11R6.4 was originally released with a proprietary license; the X Consortium and the Open Group co-opted all the contributions-- stuff people thought was going to remain open-- and making them proprietary. It wasn't until several months later that they reversed that decision, and it seems like that was because they felt that development would stagnate under a closed-source model.
When you treat people like theives, you'll find that people are theives. When you treat them with respect, you'll find that most will behave quite respectably.
I agree. But I don't think that the GPL is treating people like thieves. If companies were doing the "right thing" in the first place, the GPL would have never been created.
They want to see the GPL nulled and voided so that when "they win their case", they can, at a later date, keep right on using Linux code in their shitty products.
If the GPL were to become null and void, then what would give SCO the right to use the code?
You make it sound like there's even MORE stuff you have to manage with continuations than with GOTO.
In a way, there is. There's also more you have to manage with function calls than with GOTO.
Continuations let you capture an object that remembers "where am I going next". This includes not just the instruction pointer, but also the return stack. Common applications exceptions, coroutines, and nondeterminism. I'll present some examples, using a mythical, vaguely C-like language with the following syntax for continuations:
// I have to include some long lines in my ecode sections to get around a slashdot lameness filter. // I have no idea why slashdot would require a long average line length, particularly with ecode, since you usually don't want long lines in code. // Sorry about the distraction, but if slashdot is going to be lame, there's not much I can do about it. something = with_continuation(varname) { ...body... }
This saves the continuation of the block in varname. It will return the result of the block in something. The continuation can be invoked with invoke_continuation(varname,value). Note that this would store value in something.
Now, let's use this to implement exceptions. We're navigating a file tree, and want to find the first corefile.
// I have to include some long lines in my ecode sections to get around a slashdot lameness filter. // I have no idea why slashdot would require a long average line length, particularly with ecode, since you usually don't want long lines in code. // Sorry about the distraction, but if slashdot is going to be lame, there's not much I can do about it. function find_first_corefile() { continuation found_it; string first_corefile = NULL; first_corefile = with_continuation(found_it) { find_corefile_in("/", found_it); }; if (first_corefile == NULL) print("No corefiles!"); else print("First corefile is %s", first_corefile); } // I have to include some long lines in my ecode sections to get around a slashdot lameness filter. // I have no idea why slashdot would require a long average line length, particularly with ecode, since you usually don't want long lines in code. // Sorry about the distraction, but if slashdot is going to be lame, there's not much I can do about it. function find_corefile_in(string directory, continuation when_found) { string filename; for (filename = first_file_in(directory); filename != NULL; filename = next_file_in(directory)) { if (is_directory(filename)) { find_corefile_in(filename, when_found); } elsif (is_corefile(filename)) { invoke_continuation(when_found, filename); } } }
This looks similar to the try/catch/throw that some languages provide, and that's what we're implementing here. I know, you could use return values to do the same in this case. Remember that I'm making short examples.
Now let's implement something that exceptions don't allow: nondeterminism. This example is similar one in Paul Graham's On Lisp, but has been heavily adapted for an imperative language.
// I have to include some long lines in my ecode sections to get around a slashdot lameness filter. // I have no idea why slashdot would require a long average line length, particularly with ecode, since you usually don't want long lines in code. // Sorry about the distraction, but if slashdot is going to be lame, there's not much I can do about it. function parlor_trick (int sum) { int first_number = magically_determine_number(); int second_number = magically_determine_number(); if (first_number + second_number == sum) print("%i is the sum of %i and %i", sum, first_number, second_number);
I never got around to reading On Lisp. I got started on Lisp with CLtL, and used AMOP, SICP, and Norvig's Paradigms to continue. None of these have good descriptions of continuation-based techniques. Only Paradigms mentions them, and there it's more of an obsticle to be overcome in writing a Scheme interpreter, than a tool that can be usefully applied. Since I do all my work in CL, it never really was that big of a deal to learn about them. I thought about them, of course, and realized that there's some cool stuff you can do, but didn't really spend a lot of time investigating theories and techniques.
So anyway, On Lisp didn't ever really look that appealing from the descriptions, but I never took the time to check out the content. After I got your post, I looked over the TOC and forward, and it looks quite interesting.
I'm mostly a CL guy. I've never written any huge bodies of Scheme; I think about 1500 lines is as much as I've done. One Scheme program I wrote, a clone of the card game Fluxx, used continuations to get around a bit of weird hair, but I never really went anywhere after the intial implementation on that one.
At work, my big thing is a program with a nondeterministic search engine at its core. It's the sort of thing that would be perfect for Prolog, but my initial Prolog implementations were considerably less efficient than pure-Lisp implementations, and I didn't have time to learn Prolog well enough to write an efficient version.
Presently, I'm simulating the nondeterminism by structuring the stack in a particular way and using catch/throw for backtracking. This leads to pretty hairy code, since I had to structure the implementation around the stack needs instead of vice versa. (It also ends up interleaving heap structure changes with the search, for that little bit of extra hair.)
I was thinking of moving to a series- or stream-based implementation, but it looks like Graham's chapters on nondeterminism may be just the sort of thing I need. I'll have to check it out.
Okay, no offense, but that's the worst description of continuations I've ever heard. It seems to be giving people ideas that it's like goto, which is a common reaction people have when they first hear about continuations. But it's not accurate. Goto manipulates the instruction pointer alone; continuations manipulate the entire stack in much more interesting ways.
There's some good stuff on continuations out there. They have little use in imperative programming styles like C++ encourages. In functional styles, they're used to implement exceptions, non-determinism, coroutines, generators, and a host of other control features that can open up whole new worlds of programming.
The crack about "ways of confusing people" doesn't mean that continuations tend make your code unreadable, like goto. It means that continuations are a confusing concept, but if you understand continuations, you can make much clearer code.
How do you figure? I mean, you could write outward-only continuations by using catch/throw, but complete continuations, it would seem, would require you to rewrite eval (to accept a continuation argument).
In some, the TA will walk around the room before the test and clear all the calculators' memories. At the time, TIs rarely had useful memories, Casios had none, and every HP could be cleared by the classic three-finger salute: the power button, the top left, and the top right.
Of course, in response to this, somebody wrote a program that would capture the keyboard h/w, and simulate a clear.
So, according to Gator, the difference between spyware and adware is that, with adware, a user is aware.
So if a user knows what Gator does, then being told it's "spyware" should not give them any misinformation. They're not going to think, "Oh, my, I thought I knew that it was watching my actions, but I now see that I didn't!"
If a user runs PC Pitstop, either way, they'll be told that they have a program that watches their actions. If they wanted it to watch their actions (which would be the case if they were previously aware of it), then they'll leave it. If not, then they'll delete it-- in which case it really was spyware.
I think the real problem that Gator has is that people don't know what "adware" means (in this dictionary), but they know what "spyware" means, so Gator would rather keep people in the dark about what their program does.
Slashdot Mirror
Is DES an algorithm or a collection or interface or something...
DES is a cipher. It's been used for years, by governments, banks, etc. It's a symmetric cipher, so the same key is used to decrypt as to encrypt.
crypt() was traditionally an interface to DES, used for passwords. It would encrypt a string of six zeros as the plaintext. The key would be the user's password, concatenated with two random bytes (the "salt"). The salt is stored along with the encrypted output. When the user logs in, the salt is retrieved, the password encrypted, and compared against the stored ciphertext.
Using the password as the key rather than the plaintext makes a hash out of DES. That way, even the sysadmin can't retrieve the password. Using the salt prevents a prebuilt dictionary from being useful: it would have to be too long to handle all the possible salts.
Modern unixes use MD5 or Blowfish instead of DES.
Boy, when that clears the HRPTO it'll be worth a pretty dinarius. 44BC, eh? Should be any day now.
Yes. I know that they do lots of useful things, but how can I trust to people who release stuff like aalib.
How can you trust people who don't?
I'm serious here. Every programmer is going to need to learn different things at different times. (Everybody who thinks that programmers can learn all they need to know in college, you have the wrong idea.) They need to hone their craft. They need to practice.
Would you like programmers to have their learning, honing, practicing programs be the big, important ones that your CTO needs? Or would you rather them be silly jaunts that are for mostly for the entertainment of other programmers?
Not to mention the excessively high acceleration that the vehicle would have to tolerate :)
Hopefully, the high elasticity of the vehicle would help keep it from tearing.
The crew, on the other hand...
While writing an earlier post, I needed to know the mass of a superball. But I didn't see a paper on their results on the web page. Did anybody see a writeup?
Besides the problem of making a highly elastic orbital vehicle, you also have the problem of making, transporting, inflating, and lifting a basketball that's a 1500m in diameter and 980,000kg. That's about as much mass as all the fans at a Big Ten game, and the size of 50 basketball courts end-to-end.
The bill is opt-out. Enough said.
I don't think a no-compromise solution is going to pass. This is probably as good as it's going to get.
Won't work, for many reasons that have been copiously explained elsewhere. Primarily, great, give the spammers a list of valid email addresses.
As has been copiously explained elsewhere, hashing can deal with that problem.
The pornifity of the email is irrelevant. Spam is spam.
Yes, but emphasizing the porn aspect makes it more likely to pass.
Again, you have to say "no," possibly thousands or tens of thousands of times. Opt-out.
Why would you have to say no all these times? It's a single registry!
But non-fraudulent spam is ok?
Where is that said?
I thought fraud, whatever the medium, was already illegal.
It is. But it's quite difficult to convict these guys on fraud alone. This may make it easier to convict. It also adds more charges, which is very common.
I just don't see the point of a law where enforcement is not permitted.
This may be true. But this is specifically tasking the FTC and state attorneys general with enforcement, instead of leaving it unspecified so that different enforcement agencies can ignore it.
Spam is abuse of the email system. Who can sue for these statutory damages? The ISP, the recipient, the states?
It says "damages". Let's start with the idea that you needed to incur damages. Was this a question for clarification, or were you pointing out a fault with the bill?
First we ignored them.
Then we laughed at them.
Now we are fighting them.
Uh-oh...
Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
(remembering a translated manual referring to "water-sheep")
I read that, wondered about it, and almost googled for it. Then I started thinking about the pages I'd get back. I think I'll live with the mystery.
Personally, I think that it's telling that InfoWorld feels so comfortable talking about this report that's not written yet. That fact alone shows how biased M$-commissioned reports typically are, and how well-understood this is by the industry press.
I think the funniest thing will be if Microsoft doesn't release the report... meaning that they couldn't find any way to spin it so they look good!
True, but there's a difference that's quite significant for this discussion. Microsoft Word treats files as structured objects, so they can hold code. Emacs doesn't; it treats files as byte streams. Sure, it has hooks to look for code (and ask the user if it should be executed), but it's out there where the user sees it.
If he's referring to the little "spots" like previews and such on the TiVo menu, I was of the understanding that these were downloaded from TiVo over the phone lines pre-encoded, not "taped".
Nope. Check the Discovery Channel for "Advanced Paid Programming" or something like that. Watch it sometime.
the tv was invented in by a scottish man look,
I did. That article says that John Baird (the Scot) expanded on an earlier TV made by Paul Nipkow (a German).
Personally, I tend to think of Philo Farnsworth as the inventor of the television, but that's because I tend to think of TV as an electronic, cathode ray tube device. Yes, Baird did invent a device capable of transmitting moving pictures through a medium, and it was called a "television", but it bore no resemblance whatsoever to what you and I think of as a television.
I didn't check any of your other claims.
you rock dude - the first comment that I have read that has clue!
You've been here a long time, haven't you?
!0x2B = 11010100
Bzzt! Sorry, that answer is incorrect.
!0x2B == 0
~0x2B == 11010100
! is a logical not. It returns 0 if its argument is anything but 0. ~ is a binary not. It inverts the bits.
But a more subtle incentive, and one that the FSF completely ignores, is simply that it's the right thing to do. When you don't treat your users as potential thieves, but with respect, you tend to find that they will gladly open their derivative bits without you even asking. I've get patches to my own BSD licensed works, without asking for them. They spontaneously come in.
So have I. But nobody's going to get rich selling modifications of my code, so they have an economic incentive to contribute back.
RMS specifically saw problems being caused by non-copylefted software. Let's look at the 4.2 BSD TCP/IP stack. It was chock full of bugs, and I mean scores of them. But it was copied into many Unixes as their TCP/IP stack, and made propritetary. Now, because of all these networking bugs, each vendor was fixing bugs in their own source tree, but not giving back their fixes. Each vendor had to fix their code on their own, causing loads of duplicated work, and somebody using stock 4.2 saw few-- if any-- of these fixes.
SunOS 4 was based almost entirely on BSD, and Sun made many, many changes without contributing back. Why would they?
Also, remember that the GPL isn't just about returning fixes to the community. It's also about giving users the freedom to copy code. RMS writes about this:
You'll also note that X11R6.4 was originally released with a proprietary license; the X Consortium and the Open Group co-opted all the contributions-- stuff people thought was going to remain open-- and making them proprietary. It wasn't until several months later that they reversed that decision, and it seems like that was because they felt that development would stagnate under a closed-source model.
When you treat people like theives, you'll find that people are theives. When you treat them with respect, you'll find that most will behave quite respectably.
I agree. But I don't think that the GPL is treating people like thieves. If companies were doing the "right thing" in the first place, the GPL would have never been created.
They want to see the GPL nulled and voided so that when "they win their case", they can, at a later date, keep right on using Linux code in their shitty products.
If the GPL were to become null and void, then what would give SCO the right to use the code?
You make it sound like there's even MORE stuff you have to manage with continuations than with GOTO.
In a way, there is. There's also more you have to manage with function calls than with GOTO.
Continuations let you capture an object that remembers "where am I going next". This includes not just the instruction pointer, but also the return stack. Common applications exceptions, coroutines, and nondeterminism. I'll present some examples, using a mythical, vaguely C-like language with the following syntax for continuations:
This saves the continuation of the block in varname. It will return the result of the block in something. The continuation can be invoked with invoke_continuation(varname,value). Note that this would store value in something.
Now, let's use this to implement exceptions. We're navigating a file tree, and want to find the first corefile.
This looks similar to the try/catch/throw that some languages provide, and that's what we're implementing here. I know, you could use return values to do the same in this case. Remember that I'm making short examples.
Now let's implement something that exceptions don't allow: nondeterminism. This example is similar one in Paul Graham's On Lisp, but has been heavily adapted for an imperative language.
I never got around to reading On Lisp. I got started on Lisp with CLtL, and used AMOP, SICP, and Norvig's Paradigms to continue. None of these have good descriptions of continuation-based techniques. Only Paradigms mentions them, and there it's more of an obsticle to be overcome in writing a Scheme interpreter, than a tool that can be usefully applied. Since I do all my work in CL, it never really was that big of a deal to learn about them. I thought about them, of course, and realized that there's some cool stuff you can do, but didn't really spend a lot of time investigating theories and techniques.
So anyway, On Lisp didn't ever really look that appealing from the descriptions, but I never took the time to check out the content. After I got your post, I looked over the TOC and forward, and it looks quite interesting.
I'm mostly a CL guy. I've never written any huge bodies of Scheme; I think about 1500 lines is as much as I've done. One Scheme program I wrote, a clone of the card game Fluxx, used continuations to get around a bit of weird hair, but I never really went anywhere after the intial implementation on that one.
At work, my big thing is a program with a nondeterministic search engine at its core. It's the sort of thing that would be perfect for Prolog, but my initial Prolog implementations were considerably less efficient than pure-Lisp implementations, and I didn't have time to learn Prolog well enough to write an efficient version.
Presently, I'm simulating the nondeterminism by structuring the stack in a particular way and using catch/throw for backtracking. This leads to pretty hairy code, since I had to structure the implementation around the stack needs instead of vice versa. (It also ends up interleaving heap structure changes with the search, for that little bit of extra hair.)
I was thinking of moving to a series- or stream-based implementation, but it looks like Graham's chapters on nondeterminism may be just the sort of thing I need. I'll have to check it out.
Thanks for the pointer!
Okay, no offense, but that's the worst description of continuations I've ever heard. It seems to be giving people ideas that it's like goto, which is a common reaction people have when they first hear about continuations. But it's not accurate. Goto manipulates the instruction pointer alone; continuations manipulate the entire stack in much more interesting ways.
There's some good stuff on continuations out there. They have little use in imperative programming styles like C++ encourages. In functional styles, they're used to implement exceptions, non-determinism, coroutines, generators, and a host of other control features that can open up whole new worlds of programming.
The crack about "ways of confusing people" doesn't mean that continuations tend make your code unreadable, like goto. It means that continuations are a confusing concept, but if you understand continuations, you can make much clearer code.
How do you figure? I mean, you could write outward-only continuations by using catch/throw, but complete continuations, it would seem, would require you to rewrite eval (to accept a continuation argument).
Alternatively, we could say that it's the same as Forth. Forth is a stack-based, postfix language in which function calls are not delimited.
Of course, in response to this, somebody wrote a program that would capture the keyboard h/w, and simulate a clear.
So, according to Gator, the difference between spyware and adware is that, with adware, a user is aware.
So if a user knows what Gator does, then being told it's "spyware" should not give them any misinformation. They're not going to think, "Oh, my, I thought I knew that it was watching my actions, but I now see that I didn't!"
If a user runs PC Pitstop, either way, they'll be told that they have a program that watches their actions. If they wanted it to watch their actions (which would be the case if they were previously aware of it), then they'll leave it. If not, then they'll delete it-- in which case it really was spyware.
I think the real problem that Gator has is that people don't know what "adware" means (in this dictionary), but they know what "spyware" means, so Gator would rather keep people in the dark about what their program does.