and accidentally destroy important history info (eg git-push --force)
This is disabled in shared respositories by default, and you can run "git config receive.denyNonFastForwards true" in non-shared repositories if you somehow think you'll "accidentally" use --force even though you know better.
VCS should be simple
Git provides a very simple data structure (it's just a directed acyclic graph of commits), and a comprehensive and mature set of tools for manipulating this structure. Sure, there's a learning curve, but really it's easier to learn than, say, Ruby, and once that's done git stays out of your way and does a great job of helping you manage your changes.
Have you seen NASA TV? I have, and I thought it was just a live, unedited satellite feed of, well, something. I'm surprised it has an Executive Producer.
Re:a game that tells the truth about religion
on
Religion in Video Games
·
· Score: 2, Informative
You keep using that word. I do not think it means what you think it means.
Many people who adopt the label of agnostic reject the label of atheist — there is a common perception that agnosticism is a more “reasonable” position while atheism is more “dogmatic,” ultimately indistinguishable from theism except in the details. This is not a valid position to adopt because it misrepresents or misunderstands everything involved: atheism, theism, agnosticism, and the nature of belief itself. It also happens to reinforce popular prejudice against atheists.
I don't know about this instance in particular, but some amount of paranoia around Microsoft's practices and ethics is justified. The Comes v. Microsoft case exposes a lot about that. Quoting a commenter at Groklaw:
Gates in public:
In fact, Microsoft goes out of its way to make early copies of API and protocol specifications available,
The open source definition is a set of 10 criteria that "distribution terms" (i.e. a copyright license) must meet to be legitimately called "open source". The problem is that, if you're dishonest (and many people are), you can still use patent law or other means to render most of those criteria moot while still nominally meeting them.
On the other hand, FSF's free software definition only deals with the necessary results of those rules, rather than the rules themselves. It doesn't matter whether somebody's lawyers have figured out a clever way to cover all the "open source" checkboxes, unless you have the actual, meaningful freedoms to run, study, adapt, improve, and redistribute a program (including improved versions) to anyone for any purpose at any price, then the program is not free software.
I switched from bzr to git after I lost data to bzr-rebase. It was partly my own fault, but it wouldn't have happened if I had been able to easily rewrite the history, since then I would have been committing stuff more often.
Complaints about it being plural show ignorance of a couple centuries of common usage.
Substituting a singular pronoun for a plural one is simply cumbersome in some cases. Consider:
The client spoke with his lawyers. He was not impressed, because he had worked an entire week without being paid a dime.
Clear and to the point, but not politically correct, so we edit:
The client spoke with their lawyers. They were not impressed, because they had worked an entire week without being paid a dime.
No, that won't work. Who was unimpressed? Who hadn't been paid? It's ambiguous, so let's try to clean it up:
The client spoke with their lawyers. The client was not impressed, because the client had worked an entire week without being paid a dime.
Okay, that's clear now, but we've repeated "the client" three times...
I will sometimes spend the time to rewrite perfectly clear paragraphs in order to satisfy the demands of an oversensitive audience. Similarly, I will sometimes spend the time to make a web page look pretty in MSIE. However, it's a pain and the results can get ugly, so it's simply not worth it most of the time. When I choose not to do so, it's not necessarily out of ignorance.
Saying "I can't think of any reason why XYZ" doesn't demonstrate others' ignorance; It demonstrates your lack of creativity.
Let us use text editors as an example. It's inefficient to have human
beings spending millions of man-hours making hundreds of different text
editors that all solve the same problem. If we could somehow reduce the
amount of human effort spent writing text editors, the remaining effort could
be diverted toward solving as-yet unsolved problems.
The world really only needs a few text editors, so one might think it would
make sense to reduce the number of text-editor vendors, allowing a few vendors
to serve everyone's need to edit text. In that case, there would be little to
prevent these companies from charging exorbitant prices for (proprietary) text
editing software. Furthermore, those companies would be free to waste
resources developing features nobody wants, hiring incompetent staff, buying
expensive furniture, and making nonsensical "premium editions" ("I'm sorry, the
Standard Edition can only edit *.txt files. If you want to edit *.c or *.cpp
files, you need to buy the Professional Edition. Also, the *.bas files you
made with the Educational Version can't be edited with any other version.").
By reducing the number of text-editor vendors, we enable those
vendors to become extremely inefficient.
In a free market with only a few producers making expensive, poor-quality
text editors, new vendors will naturally enter the market with cheaper
alternatives of better quality. This, in turn, forces the incumbents to
either "get efficient or get lost". So, in order maximize the efficiency of individual vendors, you need
sufficiently many vendors that none of them acting alone can manipulate the
market price. However, if you have 200 vendors making 200 different text
editors, then 199 of the text editors are extraneous but necessary to keep the
market competitive. Every so often, some some of these vendors will be
purchased or otherwise eliminated by their competitors, and there there
will eventually be so little competition that prices will again begin to increase. When
that happens, new competitors will enter the market, and they'll waste yet more human
effort developing brand new text editors that serve no other purpose than to
stabilize market prices.
Free/open-source software (FOSS) offers an escape. People may decide to
write one last text editor---once and for all---to avoid having to continue
paying for this otherwise endless cycle of wasted human labour. But how will
the initial development of this new text editor be paid for? Here are a few possibilities:
Motivated by altruism or seeking fame, a few individuals might spend a few
man-years writing a good FOSS text editor for free in their spare time;
The number of text-editor users might grow so large that it becomes
cheaper for a subset of them to contribute to the development of a FOSS text
editor than for each of them to pay for a proprietary alternative, even when
taking into account the possibility that the development project might fail;
In anticipation of #2 above, a few vendors might write a good FOSS text
editor, hoping to lead a spin-off market for add-ons or for related
services; or
Fearful that one vendor who has a near-monopoly in text
editors might leverage that monopoly to manipulate the market for compilers,
compiler vendors might write a good FOSS text editor.
This provides a blueprint for how to make money selling proprietary software in a world of FOSS:
Work on boring-and/or-painful-but-necessary software that few people would want to write in their spare time. Examples: ERP software, point-and-click GUIs, Win32 software, Win32 software with point-and-click GUIs, etc.
Work on niche markets, so the number of users will take a long time to grow to the point that #2 above happens. It may help if there is little overlap between your users and software developers. Example: Graphics art. Adobe Photoshop still hasn't been displaced by The GIMP, despite the latter having been around for over a decade.
The simple and unavoidable fact is that software has zero scarcity; once one copy exists there is no limit to how many copies can exist. Same is true with music and all other forms of media and of course and we can see how hard that realization is for them to make.
Correct, but note that software development and music composition are indeed scarce, and they have value. That's why the best software developers and the best musicians aren't nearly as afraid as the incompetents and the middlemen.
Given Microsoft's scathing history, including its tendency to promise lots of wonderful things it never delivers, I'll believe it when I've seen it happen for a few years. Microsoft has a lot to apologize for, and I certainly wouldn't be making any concessions for them for at least the next 5-10 years.
This is not the time to be giving MS representatives positions on the boards of say, the Free Software Foundation or the Open Source Initiative.
Microsoft is not a leader in the world of free and open-source software. It is a latecomer---a very late comer. Having a large pile of money doesn't change that, and it's perfectly reasonable to ask Microsoft to prove itself over the course of years before it is to be trusted.
Microsoft could just as easily be using Gates' departure as yet another opportunity to try to fool us all. If that's true, I hope people don't fall for it.
My feeling around anything and anybody connected with Microsoft is that of either (willful) ignorance or maliciousness.
I'm moving to Ottawa (Canada) over the next few weeks, and I'll be looking for a job that will let me work on free software, at least in my spare time.
I won't be considering a job at Xandros, for much the same reason as you described. I refuse to assist a company that gets into bed with Microsoft to screw over potentially millions of people.
I just figured you would like to know that. There are others who think like you do.
As I read the comments attached to this article, I see that many slashdotters can't imagine why this debug code would be put into the software in the first place.
To those slashdotters: You people have no imagination.
Imagine you're a G-Archiver developer, and one of your customers calls you, saying "Your program doesn't work. It's saying something about an invalid user." In order to reproduce the problem, you ask the customer for his credentials. He tells you his username and password over the phone, and you try logging in yourself. It works fine.
After a while, you think the problem might be that the password being entered is different from the one you were given over the phone. Perhaps it has something to do with the customer's strange keyboard layout, or maybe the customer's keyboard has some flaky keys.
So what do you do? You give that one customer a special build of the software that emails you the username and password as entered.
Later, you accidentally check in the debug code for that special build. Oops.
I don't know if it makes me more productive, but having two monitors saves me a ton in printing costs.
I often need to have reference material visible when I work (the alternative is to switch back and forth on a single monitor, which, when feasible, is still hugely inefficient). Prior to having a dual-monitor setup, I would print out whatever manuals, source code, etc. that I needed. With dual monitors, I just open whatever web page or PDF file I need on one screen, and do my work on the other.
It works the same way with web development. I'll have source code on one screen and the browser (possibly inside VMware) on the other. It works rather nicely.
If you want to convince your boss to give you dual monitors (assuming you need them), don't just say, "It will make me more productive". Point out specifically how it will improve things.
That's not our Amiga; It's Amiga-branded
on
AmigaOS 4
·
· Score: 4, Insightful
I remember when "Amiga" meant innovation and usability at an affordable price. One of the amazing things about the Amiga was that most of the cheesy slogans that were used to sell it (e.g. "Only Amiga makes it possible" and "The computer for the creative mind") were true. It felt good to own an Amiga, because it was orders of magnitude better than anything else out there.
Today, "Amiga" is just a trademark. Will this new Amiga-branded system compete with Mac OS X? With GNU/Linux? With Windows? If not, why should I, as an nostalgic Amiga zealot, care?
I have no need for yet more proprietary hardware running yet another proprietary OS in a time when commodity hardware and free software are where most of the interesting things are happening.
The new Amiga we dream of won't be called "Amiga". It will be something completely different---built by a small group of brilliant people that nobody has ever heard of---not the underwhelming output of some company whose only real purpose is to figure out how to extract revenue from the copyrights and trademarks for a 20-year-old technology.
However, as a devout agnostic I would like to point out a fallacy that atheists often fall victim to: how do you know that "god/es/s" are simply "magic"?
Short answer: You don't.
Long answer:
I used to ask the same question, but then I visited Battleground God, which claimed I was being inconsistent. The site isn't perfect (some of the questions are too polarized), but it's worth looking at.
I am an atheist and an agnostic, but my views aren't really in line with people who traditionally call themselves "atheist" or "agnostic". The problem for me is that these people define "belief" as an all-or-nothing constant; Either you believe in God, or you don't, or you take absolutely no position. That's a fallacy.
If you asked me the time, and I told you it is 8:48 PM, would you believe me? Under normal circumstances, you probably would. However, if you were Phileas Fogg, and you were on the 80th day of your trip around the world, you would be wise to be a little more skeptical. Your apparent belief in my accuracy depends upon the situation.
I don't know, with complete certainty, that the supernatural does not exist---that's what makes me "agnostic"---but I also don't know, with complete certainty, that anybody except me exists. Maybe I'm just a brain in a vat; Maybe the universe came into existence five seconds ago; Maybe I'm a brain-in-a-vat that came into existence five seconds ago. Who knows?
And who cares? There is a reason why scientists demand that hypotheses be testable. What good is a theory that, for example, incorporates 300 different completely undetectable particles? If the particles have no measurable effect, then a theory that discards them is just as useful and probably easier to work with than a theory that posits their existence. Today, structural engineers continue to apply Newtons laws of motion---even though it is well understood that Newton's laws are "wrong"---because they are good enough for structural engineering.
Ultimately, everyone has to make decisions in spite of their limited knowledge. Some people base (or purport to base) their decisions on unconditionally-held religious beliefs. I do not; Instead, I use what can loosely be described as statistics: Every proposition has a certain probability of being true, and for each decision I make, I try to compare my confidence in the applicable propositions with the confidence level that is necessary to sufficiently mitigate the expected cost of one or more errors. To put it another way, I make decisions not as though I "believe" anything, but as though I am sufficiently convinced of various things. What constitutes "sufficiently convinced" depends upon the situation.
As is typical of someone who is agnostic, my view is that claims of the supernatural are highly speculative. I think they are so speculative that I currently can't imagine a situation where I would ever make a decision presuming the existence of the supernatural. That is, for every decision I will ever make, none will be based upon the notion that a supernatural entity exists. Thus, in addition to being agnostic, I am also atheist, albeit tentatively, for all practical purposes.
<rant>On a related point, even if I'm wrong and there really are supernatural entities, they simply aren't as reliable as other factors that can be used as the basis of a decision-making process. Look at the failure of so-called "abstinence-based sex education" programs. Most of us know that abstinence is in the best interests of adolescents, but why aren't they getting the message? In my view, these programs tend to fail because they're centred around the notion that abstinence should be practiced for religious reason
"Recently, a coworker tried to assert that encrypting a file twice with a 64 bit algorithm is equivalent to encrypting it once with a 128 bit algorithm. I know enough about encryption to know that isn't true, but I am having difficulties explaining why and how. Doesn't each pass of the encryption create a separate file header which makes this assertion untrue? Can anyone point me to references that would better help me explain this?"
First of all, what is a '64-bit encryption algorithm'? Is this a symmetric or asymmetric algorithm? Is it a block or stream cipher? Are you talking about block or key sizes? What specific algorithm are you referring to?
We can't analyze anything if all we're given are vague generalizations like "a 64-bit algorithm" and "a 128-bit algorithm". Some symmetric ciphers gain security under functional composition. We know that DES is one such cipher, since it has been shown that DES is not a group. However, it is not true in general that symmetric ciphers gain security under composition. For example, no matter how many times you encrypt something using a Caesar cipher (a generalization of ROT-13), there will always be a single key that decodes the resulting ciphertext. Ask your coworker to show that the specific algorithm you're discussing is not a group. If he can't, then what reason do you have to believe that you gain any security through what he proposes?
The second problem here is that your coworker seems to think that the onus is on you to prove that a given system is insecure. Every time an expert invents a new cryptosystem, there is a good chance that the system will be insecure; It is a near-certainty that any cryptosystem your coworker comes up with will be insecure. Bruce Schneier brought up this topic again in this month's Crypto-Gram:
Anyone can invent a security system that he himself cannot break. I've said this so often that Cory Doctorow has named it "Schneier's Law": When someone hands you a security system and says, "I believe this is secure," the first thing you have to ask is, "Who the hell are you?" Show me what you've broken to demonstrate that your assertion of the system's security means something.
Thirdly, even if your coworker's new cipher design---and that's what it is---miraculously has the security properties that he thinks it does, is that enough? If you're using 128-bit keys in a symmetric cipher, you're only getting 64 bits of security, thanks to the "Birthday Paradox". If you want an attacker to have to perform 2^128 steps to brute-force your key, then you should be using 256-bit keys anyway. Justin Troutman explains this in more detail in his two-part series, "Ideal-to-Realized Security Assurance In Cryptographic Keys".
Finally, all this talk about composing cipher primitives might well be irrelevant. What is this cipher being used for? Disk-based encryption, for example, has vastly different requirements than a typical secure channel. (See New Methods in Hard Disk Encryption for a discussion of some of the issues associated with hard disk encryption.) What mode of operation are you using? What are you using for authentication? How much information does your cryptosystem leak? How are you negotiating what protocol you're using? To what extent is your protocol switch vulnerable to a chosen protocol attack? What about implementation issues?
I suggest that your coworker read the first two chapters
Slashdot Mirror
I can tell you from years of experience that it works quite well at this dosage
No! You really very almost certainly can't tell from your own experience! That's why we have double-blinded experiments.
Silly need for repository maintenance, ala git-gc
Git does this for you automatically.
and accidentally destroy important history info (eg git-push --force)
This is disabled in shared respositories by default, and you can run "git config receive.denyNonFastForwards true" in non-shared repositories if you somehow think you'll "accidentally" use --force even though you know better.
VCS should be simple
Git provides a very simple data structure (it's just a directed acyclic graph of commits), and a comprehensive and mature set of tools for manipulating this structure. Sure, there's a learning curve, but really it's easier to learn than, say, Ruby, and once that's done git stays out of your way and does a great job of helping you manage your changes.
I lost data as a result of bzr not supporting history rewriting. As far as I can tell, it's still not supported.
I have never lost data that has been committed to a git repository, even though my build of git-svn occasionally segfaults on me.
Have you seen NASA TV? I have, and I thought it was just a live, unedited satellite feed of, well, something. I'm surprised it has an Executive Producer.
See this:
Many people who adopt the label of agnostic reject the label of atheist — there is a common perception that agnosticism is a more “reasonable” position while atheism is more “dogmatic,” ultimately indistinguishable from theism except in the details. This is not a valid position to adopt because it misrepresents or misunderstands everything involved: atheism, theism, agnosticism, and the nature of belief itself. It also happens to reinforce popular prejudice against atheists.
Then I guess Chrome will win, because it's shiny!
The open source definition is a set of 10 criteria that "distribution terms" (i.e. a copyright license) must meet to be legitimately called "open source". The problem is that, if you're dishonest (and many people are), you can still use patent law or other means to render most of those criteria moot while still nominally meeting them.
On the other hand, FSF's free software definition only deals with the necessary results of those rules, rather than the rules themselves. It doesn't matter whether somebody's lawyers have figured out a clever way to cover all the "open source" checkboxes, unless you have the actual, meaningful freedoms to run, study, adapt, improve, and redistribute a program (including improved versions) to anyone for any purpose at any price, then the program is not free software.
The FSF has a fairly decent (and reasonably fair) comparison of "free software" vs "open source", entitled Why "Open Source" misses the point of Free Software
I switched from bzr to git after I lost data to bzr-rebase. It was partly my own fault, but it wouldn't have happened if I had been able to easily rewrite the history, since then I would have been committing stuff more often.
I'd rather use git-svn than touch bzr ever again.
Complaints about it being plural show ignorance of a couple centuries of common usage.
Substituting a singular pronoun for a plural one is simply cumbersome in some cases. Consider:
The client spoke with his lawyers. He was not impressed, because he had worked an entire week without being paid a dime.
Clear and to the point, but not politically correct, so we edit:
The client spoke with their lawyers. They were not impressed, because they had worked an entire week without being paid a dime.
No, that won't work. Who was unimpressed? Who hadn't been paid? It's ambiguous, so let's try to clean it up:
The client spoke with their lawyers. The client was not impressed, because the client had worked an entire week without being paid a dime.
Okay, that's clear now, but we've repeated "the client" three times...
I will sometimes spend the time to rewrite perfectly clear paragraphs in order to satisfy the demands of an oversensitive audience. Similarly, I will sometimes spend the time to make a web page look pretty in MSIE. However, it's a pain and the results can get ugly, so it's simply not worth it most of the time. When I choose not to do so, it's not necessarily out of ignorance.
Saying "I can't think of any reason why XYZ" doesn't demonstrate others' ignorance; It demonstrates your lack of creativity.
Let us use text editors as an example. It's inefficient to have human beings spending millions of man-hours making hundreds of different text editors that all solve the same problem. If we could somehow reduce the amount of human effort spent writing text editors, the remaining effort could be diverted toward solving as-yet unsolved problems.
The world really only needs a few text editors, so one might think it would make sense to reduce the number of text-editor vendors, allowing a few vendors to serve everyone's need to edit text. In that case, there would be little to prevent these companies from charging exorbitant prices for (proprietary) text editing software. Furthermore, those companies would be free to waste resources developing features nobody wants, hiring incompetent staff, buying expensive furniture, and making nonsensical "premium editions" ("I'm sorry, the Standard Edition can only edit *.txt files. If you want to edit *.c or *.cpp files, you need to buy the Professional Edition. Also, the *.bas files you made with the Educational Version can't be edited with any other version."). By reducing the number of text-editor vendors, we enable those vendors to become extremely inefficient.
In a free market with only a few producers making expensive, poor-quality text editors, new vendors will naturally enter the market with cheaper alternatives of better quality. This, in turn, forces the incumbents to either "get efficient or get lost". So, in order maximize the efficiency of individual vendors, you need sufficiently many vendors that none of them acting alone can manipulate the market price. However, if you have 200 vendors making 200 different text editors, then 199 of the text editors are extraneous but necessary to keep the market competitive. Every so often, some some of these vendors will be purchased or otherwise eliminated by their competitors, and there there will eventually be so little competition that prices will again begin to increase. When that happens, new competitors will enter the market, and they'll waste yet more human effort developing brand new text editors that serve no other purpose than to stabilize market prices.
Free/open-source software (FOSS) offers an escape. People may decide to write one last text editor---once and for all---to avoid having to continue paying for this otherwise endless cycle of wasted human labour. But how will the initial development of this new text editor be paid for? Here are a few possibilities:
This provides a blueprint for how to make money selling proprietary software in a world of FOSS:
The simple and unavoidable fact is that software has zero scarcity; once one copy exists there is no limit to how many copies can exist. Same is true with music and all other forms of media and of course and we can see how hard that realization is for them to make.
Correct, but note that software development and music composition are indeed scarce, and they have value. That's why the best software developers and the best musicians aren't nearly as afraid as the incompetents and the middlemen.
Given Microsoft's scathing history, including its tendency to promise lots of wonderful things it never delivers, I'll believe it when I've seen it happen for a few years. Microsoft has a lot to apologize for, and I certainly wouldn't be making any concessions for them for at least the next 5-10 years.
This is not the time to be giving MS representatives positions on the boards of say, the Free Software Foundation or the Open Source Initiative.
Microsoft is not a leader in the world of free and open-source software. It is a latecomer---a very late comer. Having a large pile of money doesn't change that, and it's perfectly reasonable to ask Microsoft to prove itself over the course of years before it is to be trusted.
Microsoft could just as easily be using Gates' departure as yet another opportunity to try to fool us all. If that's true, I hope people don't fall for it.
I'm moving to Ottawa (Canada) over the next few weeks, and I'll be looking for a job that will let me work on free software, at least in my spare time.
I won't be considering a job at Xandros, for much the same reason as you described. I refuse to assist a company that gets into bed with Microsoft to screw over potentially millions of people.
I just figured you would like to know that. There are others who think like you do.
As I read the comments attached to this article, I see that many slashdotters can't imagine why this debug code would be put into the software in the first place.
To those slashdotters: You people have no imagination.
Imagine you're a G-Archiver developer, and one of your customers calls you, saying "Your program doesn't work. It's saying something about an invalid user." In order to reproduce the problem, you ask the customer for his credentials. He tells you his username and password over the phone, and you try logging in yourself. It works fine.
After a while, you think the problem might be that the password being entered is different from the one you were given over the phone. Perhaps it has something to do with the customer's strange keyboard layout, or maybe the customer's keyboard has some flaky keys.
So what do you do? You give that one customer a special build of the software that emails you the username and password as entered.
Later, you accidentally check in the debug code for that special build. Oops.
Mens rea is usually irrelevant in civil lawsuits.
Actually, Slade (of the infamous QuakeLives project) did that, and it took a few months of being really nice about it before John Carmack finally threatened legal action.
I often need to have reference material visible when I work (the alternative is to switch back and forth on a single monitor, which, when feasible, is still hugely inefficient). Prior to having a dual-monitor setup, I would print out whatever manuals, source code, etc. that I needed. With dual monitors, I just open whatever web page or PDF file I need on one screen, and do my work on the other.
It works the same way with web development. I'll have source code on one screen and the browser (possibly inside VMware) on the other. It works rather nicely.
If you want to convince your boss to give you dual monitors (assuming you need them), don't just say, "It will make me more productive". Point out specifically how it will improve things.
I remember when "Amiga" meant innovation and usability at an affordable price. One of the amazing things about the Amiga was that most of the cheesy slogans that were used to sell it (e.g. "Only Amiga makes it possible" and "The computer for the creative mind") were true. It felt good to own an Amiga, because it was orders of magnitude better than anything else out there.
Today, "Amiga" is just a trademark. Will this new Amiga-branded system compete with Mac OS X? With GNU/Linux? With Windows? If not, why should I, as an nostalgic Amiga zealot, care?
I have no need for yet more proprietary hardware running yet another proprietary OS in a time when commodity hardware and free software are where most of the interesting things are happening.
The new Amiga we dream of won't be called "Amiga". It will be something completely different---built by a small group of brilliant people that nobody has ever heard of---not the underwhelming output of some company whose only real purpose is to figure out how to extract revenue from the copyrights and trademarks for a 20-year-old technology.
Want to play pong? Download my pong clone.
Short answer: You don't.
Long answer:
I used to ask the same question, but then I visited Battleground God, which claimed I was being inconsistent. The site isn't perfect (some of the questions are too polarized), but it's worth looking at.
I am an atheist and an agnostic, but my views aren't really in line with people who traditionally call themselves "atheist" or "agnostic". The problem for me is that these people define "belief" as an all-or-nothing constant; Either you believe in God, or you don't, or you take absolutely no position. That's a fallacy.
If you asked me the time, and I told you it is 8:48 PM, would you believe me? Under normal circumstances, you probably would. However, if you were Phileas Fogg, and you were on the 80th day of your trip around the world, you would be wise to be a little more skeptical. Your apparent belief in my accuracy depends upon the situation.
I don't know, with complete certainty, that the supernatural does not exist---that's what makes me "agnostic"---but I also don't know, with complete certainty, that anybody except me exists. Maybe I'm just a brain in a vat; Maybe the universe came into existence five seconds ago; Maybe I'm a brain-in-a-vat that came into existence five seconds ago. Who knows?
And who cares? There is a reason why scientists demand that hypotheses be testable. What good is a theory that, for example, incorporates 300 different completely undetectable particles? If the particles have no measurable effect, then a theory that discards them is just as useful and probably easier to work with than a theory that posits their existence. Today, structural engineers continue to apply Newtons laws of motion---even though it is well understood that Newton's laws are "wrong"---because they are good enough for structural engineering.
Ultimately, everyone has to make decisions in spite of their limited knowledge. Some people base (or purport to base) their decisions on unconditionally-held religious beliefs. I do not; Instead, I use what can loosely be described as statistics: Every proposition has a certain probability of being true, and for each decision I make, I try to compare my confidence in the applicable propositions with the confidence level that is necessary to sufficiently mitigate the expected cost of one or more errors. To put it another way, I make decisions not as though I "believe" anything, but as though I am sufficiently convinced of various things. What constitutes "sufficiently convinced" depends upon the situation.
As is typical of someone who is agnostic, my view is that claims of the supernatural are highly speculative. I think they are so speculative that I currently can't imagine a situation where I would ever make a decision presuming the existence of the supernatural. That is, for every decision I will ever make, none will be based upon the notion that a supernatural entity exists. Thus, in addition to being agnostic, I am also atheist, albeit tentatively, for all practical purposes.
<rant>On a related point, even if I'm wrong and there really are supernatural entities, they simply aren't as reliable as other factors that can be used as the basis of a decision-making process. Look at the failure of so-called "abstinence-based sex education" programs. Most of us know that abstinence is in the best interests of adolescents, but why aren't they getting the message? In my view, these programs tend to fail because they're centred around the notion that abstinence should be practiced for religious reason
Yeah, I realize that now. I've updated the page accordingly.
If you'd followed the second link I posted, you would have found a similar solution.
-- Your friend, "this idiot".
I particularly like this example.
Here's the spoiler.
First of all, what is a '64-bit encryption algorithm'? Is this a symmetric or asymmetric algorithm? Is it a block or stream cipher? Are you talking about block or key sizes? What specific algorithm are you referring to?
We can't analyze anything if all we're given are vague generalizations like "a 64-bit algorithm" and "a 128-bit algorithm". Some symmetric ciphers gain security under functional composition. We know that DES is one such cipher, since it has been shown that DES is not a group. However, it is not true in general that symmetric ciphers gain security under composition. For example, no matter how many times you encrypt something using a Caesar cipher (a generalization of ROT-13), there will always be a single key that decodes the resulting ciphertext. Ask your coworker to show that the specific algorithm you're discussing is not a group. If he can't, then what reason do you have to believe that you gain any security through what he proposes?
The second problem here is that your coworker seems to think that the onus is on you to prove that a given system is insecure. Every time an expert invents a new cryptosystem, there is a good chance that the system will be insecure; It is a near-certainty that any cryptosystem your coworker comes up with will be insecure. Bruce Schneier brought up this topic again in this month's Crypto-Gram :
Thirdly, even if your coworker's new cipher design---and that's what it is---miraculously has the security properties that he thinks it does, is that enough? If you're using 128-bit keys in a symmetric cipher, you're only getting 64 bits of security, thanks to the "Birthday Paradox". If you want an attacker to have to perform 2^128 steps to brute-force your key, then you should be using 256-bit keys anyway. Justin Troutman explains this in more detail in his two-part series, "Ideal-to-Realized Security Assurance In Cryptographic Keys".
Finally, all this talk about composing cipher primitives might well be irrelevant. What is this cipher being used for? Disk-based encryption, for example, has vastly different requirements than a typical secure channel. (See New Methods in Hard Disk Encryption for a discussion of some of the issues associated with hard disk encryption.) What mode of operation are you using? What are you using for authentication? How much information does your cryptosystem leak? How are you negotiating what protocol you're using? To what extent is your protocol switch vulnerable to a chosen protocol attack? What about implementation issues?
I suggest that your coworker read the first two chapters