I'm not pretending -- the whole point is that I know there is plenty I could do that I don't. And if I did give $10, there would still be someone dying because I didn't give $20. But I'm not saying that to justify not giving $10.
I'm saying that there's no way I'm going to act like people across the world starving is more important to me than buying a DVD. Any DVD I buy is someone who died because I didn't send them food bought with that money. That's what I have to come to terms with.
No, wait, before you mod me down -- this is a fallacy I see a lot that bothers me and will probably come out a lot in these comments. When someone does something big and pointless and it's closely related to something good for the world, people say "what a waste of time!" but when they do something big and pointless and geeky that doesn't remind you about the world's problems, people say "cool!" Millions of people are wasting time constantly, including people with the potential to change the world tremendously.
Put another way, researchers don't have to devote every minute of their lives to doing research. Especially not when we're wasting our lives posting about them on/.
But I repeat, this is not a preimage attack; you're not generating the collision for a chosen file, and it is thus not a problem in the P2P context. I don't think MD5 is vulnerable to this yet. If it is, please correct me.
My original point was that a good hash function is not vulnerable to either preimage OR general collisions (contrary to the OP's supposition), but even a function with general collision weakness (MD5 or SHA-l now) is not necersarially weak for certain purposes (e.g. file integrity check or the P2P stuff).
Oh, I get Mr. Schneier's thing and I'm not behind on the news; I am under the impression that that there have not been demonstrated preimage attacks on MD5, which is what I was referring to.
Re: SHA-1:
These are not theoretical results but actual collisions.
Again, here it is preimage attacks that are the problem, not just any collisions. But the results mentioned in the link are NOT actual collisions, just an algorithm to produce those collisions that might be feasable to run sometime soon. They didn't actually calculate any collisions. So not "actual collisons", but a "theoretical result". But that's just pedantry, sort of.
Anyway, as far as preimage goes SHA-1 is certainly still secure, as is -- I believe -- MD5, and this is what's relevant in downloading. If they are not, please point me to the appropriate thing.
Everyone, first coming into crypo, thinks that it's easy to come up with secure algorithms like that which no pattern will ever be found in. The crypto world is littered with the skeletons of these systems.
Real security comes from tested algorithms, not from piling on more obfuscation that you figure no one will be able to break. That having been said, simply combining two reasonably good hash algorithms, like MD5 and SHA-1, is very good. But the goodness only comes from the fact that it's using good algorithms -- not the GCD phi nonsense.
I've always thought it would be extremely possible to create a file with the same MD5 hash.
Well, it's not.
That is, the strength of any hash is based on that being near impossible. MD5 is a special case in that it's been partially broken, but generally, no, it's NOT extremely possible to create a file with the same MD5 hash, same size or not. (iirc, generated collisions have always been in same-size files).
This kind of thing makes me think of this part of The Eyes of Kid Midas
Josh shook his head. "I don't think that's how the world's going to end." Josh leaned in closer as he spoke. "I think it's going to be a quieter thing. It's going to happen so that no one even notices anything is wrong. I think things are going to sort of... stop making sense... bit by bit. Things won't work right, people won't think right, everything's going to get all mixed up, until nothing in the universe works the way it's supposed to... And then, everything will just...stop."
"The dream time," said Kirkpatrick, raising his eyebrows.
"What?"
Kirkpatrick took on that knowing look of a shaman -- the way he had around the campfire two weekends before. "There are some cultures," he said, "that believe in a future time when dreams cross the barrier into the real world, and the real world is dragged into an endless dream. All the laws of science, and logic break down to the chaos of nightmares. Pretty wild, huh."
Josh shook his head. "I don't think that's how the world's going to end." Josh leaned in closer as he spoke. "I think it's going to be a quieter thing. It's going to happen so that no one even notices anything is wrong. I think things are going to sort of... stop making sense... bit by bit. Things won't work right, people won't think right, everything's going to get all mixed up, until nothing in the universe works the way it's supposed to... And then, everything will just...stop."
I thought, looking at a lot of these, that they would be things someone might legitimately buy, if for a conversation piece if nothing else. I wonder if Aprl Fools' day joke might double as a way to actually sell things.
After all, I'm giving away Google Gulp caps for free -- I got one in the mail last night, see -- but I hear some people are selling them on eBay.
Well, quite obviously, it's a problem with how deadlines are chosen, combined with peoples' natural work tendencies (where they work up to a deadline and get it done sometime soon after).
This isn't "oh no evidence of every company doing some particular thing wrong 95% of the time." It's a general property of this type of project.
To put it differently, if 95% of people are voted above 9 on hotornot, it means there are some parameters to the voting or the choices or the statistics. Not that the world is incredibly attractive.
I have a cheap older tablet I picked up off eBay for about $150. It runs win98 and is good for quietly using in class; I can basically stick it in my notebook. But overall, it hasn't worked as a notebook replacement for me -- I still do all my equations and diagrams in my graph paper engineering notebooks like I used to. Maybe I just need better software, but overall it hasn't been as useful as I thought.
However, drawing in paint is fun, and I can see using it for some photoshopping. I'm not so good at doing smooth lines with the mouse, and the tablet makes sketching easy.
BUT!
All that pales in comparison to the fact that my girlfriend loves drawing on it, and the tablet form factor makes it easier to curl up with both her and it. So it stays.
For a lot of people, this will be the big missing piece that makes Skype useable for everyday stuff. I was turned off when I realized you couldn't get regular calls to your Skype phone number. (I was also turned off when I realized you had to pay for SkypeOut, but that's just because I hate paying money).
I'm curious how they interface with various telecom companies. What numbers do you call to get to a Skype number, etc.
Slashdot Mirror
http://bash.org/?119969
http://bash.org/?83489
http://bash.org/?38640
http://bash.org/?7658
http://bash.org/?7229
http://bash.org/?11701
60 seconds with photoshop
No actually foxes were harmed in the making of this picture. Well, less than two.
I set a fox on fire :(
I'm not pretending -- the whole point is that I know there is plenty I could do that I don't. And if I did give $10, there would still be someone dying because I didn't give $20. But I'm not saying that to justify not giving $10.
I'm saying that there's no way I'm going to act like people across the world starving is more important to me than buying a DVD. Any DVD I buy is someone who died because I didn't send them food bought with that money. That's what I have to come to terms with.
There are children starving because of me. Dying.
Seriously. I either have to not think, be okay with that, or go insane. I'm wavering between the first two.
Like posting on /.?
/.
No, wait, before you mod me down -- this is a fallacy I see a lot that bothers me and will probably come out a lot in these comments. When someone does something big and pointless and it's closely related to something good for the world, people say "what a waste of time!" but when they do something big and pointless and geeky that doesn't remind you about the world's problems, people say "cool!" Millions of people are wasting time constantly, including people with the potential to change the world tremendously.
Put another way, researchers don't have to devote every minute of their lives to doing research. Especially not when we're wasting our lives posting about them on
Though the GWR is silly.
Wait, I've seen this before . . .
Wait, the summary was right but the article was wrong?
WHAT IS GOING ON?
Hey, don't question us. *eyes username*
I know. I've seen this before.
But I repeat, this is not a preimage attack; you're not generating the collision for a chosen file, and it is thus not a problem in the P2P context. I don't think MD5 is vulnerable to this yet. If it is, please correct me.
My original point was that a good hash function is not vulnerable to either preimage OR general collisions (contrary to the OP's supposition), but even a function with general collision weakness (MD5 or SHA-l now) is not necersarially weak for certain purposes (e.g. file integrity check or the P2P stuff).
Not a great advertisment for your spellchecker (sig) -- why didn't it catch "shure"?
I have a friend who spells so phonetically that the checker often fails to figure out what he's talking about.
But yeah, are you joking about the advertising? Because that's kind of funny. Bad press for them.
Oh, I get Mr. Schneier's thing and I'm not behind on the news; I am under the impression that that there have not been demonstrated preimage attacks on MD5, which is what I was referring to.
Re: SHA-1:
These are not theoretical results but actual collisions.
Again, here it is preimage attacks that are the problem, not just any collisions. But the results mentioned in the link are NOT actual collisions, just an algorithm to produce those collisions that might be feasable to run sometime soon. They didn't actually calculate any collisions. So not "actual collisons", but a "theoretical result". But that's just pedantry, sort of.
Anyway, as far as preimage goes SHA-1 is certainly still secure, as is -- I believe -- MD5, and this is what's relevant in downloading. If they are not, please point me to the appropriate thing.
Everyone, first coming into crypo, thinks that it's easy to come up with secure algorithms like that which no pattern will ever be found in. The crypto world is littered with the skeletons of these systems.
Real security comes from tested algorithms, not from piling on more obfuscation that you figure no one will be able to break. That having been said, simply combining two reasonably good hash algorithms, like MD5 and SHA-1, is very good. But the goodness only comes from the fact that it's using good algorithms -- not the GCD phi nonsense.
I've always thought it would be extremely possible to create a file with the same MD5 hash.
Well, it's not.
That is, the strength of any hash is based on that being near impossible. MD5 is a special case in that it's been partially broken, but generally, no, it's NOT extremely possible to create a file with the same MD5 hash, same size or not. (iirc, generated collisions have always been in same-size files).
Because bundling applications with an OS is what marks a company we like around here.
It came within 300 feet of the Pentagon satellite before suffering a "mysterious failure".
Oh, just come right out and say it. The craft was death-rayed by the skittish Pentagon satellite.
Which way did CAN-SPAM go?
There is still hope; Netcraft has not confirmed the cancelation!
This kind of thing makes me think of this part of The Eyes of Kid Midas
.
Josh shook his head. "I don't think that's how the world's going to end." Josh leaned in closer as he spoke. "I think it's going to be a quieter thing. It's going to happen so that no one even notices anything is wrong. I think things are going to sort of... stop making sense... bit by bit. Things won't work right, people won't think right, everything's going to get all mixed up, until nothing in the universe works the way it's supposed to... And then, everything will just...stop."
"The dream time," said Kirkpatrick, raising his eyebrows
"What?"
Kirkpatrick took on that knowing look of a shaman -- the way he had around the campfire two weekends before. "There are some cultures," he said, "that believe in a future time when dreams cross the barrier into the real world, and the real world is dragged into an endless dream. All the laws of science, and logic break down to the chaos of nightmares. Pretty wild, huh."
From The Eyes of Kid Midas
Josh shook his head. "I don't think that's how the world's going to end." Josh leaned in closer as he spoke. "I think it's going to be a quieter thing. It's going to happen so that no one even notices anything is wrong. I think things are going to sort of... stop making sense... bit by bit. Things won't work right, people won't think right, everything's going to get all mixed up, until nothing in the universe works the way it's supposed to... And then, everything will just...stop."
"The dream time."
I thought, looking at a lot of these, that they would be things someone might legitimately buy, if for a conversation piece if nothing else. I wonder if Aprl Fools' day joke might double as a way to actually sell things.
After all, I'm giving away Google Gulp caps for free -- I got one in the mail last night, see -- but I hear some people are selling them on eBay.
This clearly isn't an April Fools joke because I got one in the mail yesterday.
On a completely unrelated note, wouldn't you agree that it's better to take someting and run with it rather than just shout "I got the joke!"
Well, quite obviously, it's a problem with how deadlines are chosen, combined with peoples' natural work tendencies (where they work up to a deadline and get it done sometime soon after).
This isn't "oh no evidence of every company doing some particular thing wrong 95% of the time." It's a general property of this type of project.
To put it differently, if 95% of people are voted above 9 on hotornot, it means there are some parameters to the voting or the choices or the statistics. Not that the world is incredibly attractive.
I have a cheap older tablet I picked up off eBay for about $150. It runs win98 and is good for quietly using in class; I can basically stick it in my notebook. But overall, it hasn't worked as a notebook replacement for me -- I still do all my equations and diagrams in my graph paper engineering notebooks like I used to. Maybe I just need better software, but overall it hasn't been as useful as I thought.
However, drawing in paint is fun, and I can see using it for some photoshopping. I'm not so good at doing smooth lines with the mouse, and the tablet makes sketching easy.
BUT!
All that pales in comparison to the fact that my girlfriend loves drawing on it, and the tablet form factor makes it easier to curl up with both her and it. So it stays.
For a lot of people, this will be the big missing piece that makes Skype useable for everyday stuff. I was turned off when I realized you couldn't get regular calls to your Skype phone number. (I was also turned off when I realized you had to pay for SkypeOut, but that's just because I hate paying money).
I'm curious how they interface with various telecom companies. What numbers do you call to get to a Skype number, etc.