Very roughly, an optimization problem that can be solved in polynomial time on a nondeterministic Turing machine. NP-hard problems are believed (but not proven) to take greater than polynomial (but still finite!) time on deterministic computers. There are often approximation algorithms that get near-optimal solutions quickly, probabilistically, or for constrained classes of input. The mesh algorithm here appears to be an approximation algorithm.
As a resident of South Kern county, I take offense at that! As far from Los Angeles to Grapevine is quite an interesting stretch, with Pyramid Lake, Tejon Lake, Frazier Mountain, the rolling hills near Gorman.
Dude. The drive from LA to Lebec might be OK, but once you get down the hill, around the split with 99, there is nothing for 300 miles. Harris Ranch and that's it. Kern County is about 100 miles, of which maybe 5 are interesting. At least you can drive it all at 80mph.
I don't think that's true. ESR really ought to refrain from making statements about all hackers, all libertarians, all gun owners, or any other group larger than himself.
The term "intellectual property" is vague (here, ESR means copyrights, rather than trademarks or patents), and the term "theft" doesn't apply particularly well. The wordier statement "all hackers condemn the unauthorized reproduction of copyrighted works, with the exception of fair and personal use" is somewhat more accurate, though probably still not true. Even better would be "all hackers condemn plagiarism," which is really what putting your name on someone else's code is. Plagiarism is a matter of honor, not law, and is somewhat more likely to be something that all hackers -- a pretty big and diverse group -- might condemn.
I know at least one hacker (ahem, a libertarian, even) who condemns copyrights and patents altogether and would probably describe ESR's assertion as nonsensical or undefined.
Condeming IP theft, Eric says, "is what distinguishes [hackers] from the cracker/phreak subculture." Nonsense. Destructive intent is what distinguishes crackers from hackers. Denial-of-service attacks and website vandalism have nothing to do with so-called "IP theft."
For the record, all hackers also don't use the hacker logo, any more than all hackers channel Greek gods. Eric would do well to describe his own opinions and let me describe my own.
But just look at how incredibly anal the FSF is about copyrights and associated paperwork, they are ironically more "legally sound" than a lot of proprietary shops.
The GPL uses existing copyright law to promote the production of free software. To enforce the GPL, the FSF has to be the copyright owner, which is why they do all the paperwork.
I believe that Stallman is on the record as saying he would prefer a no-copyrights regime. But given that copyrights exist, the FSF may as well use them. Being meticulous about copyright assignment makes it easier for the FSF to promote and defend GNU software.
Brooks won the Turing Award. Given the choice between that and induction into a hall of fame that inducted the inventor of the KAYPRO (it was built in San Diego!) before they inducted Alan Turing himself... I'd totally choose the Turing Award.
The others... well, what was the last non-cosmetic change to Emacs, or fetchmail?
You've got to give RMS and ESR more credit than that. Stallman also wrote GCC, which is alive and well and still evolving. ESR's software offerings are all a little small, but his "Cathedral and the Bazaar" helped bring open source software to the commercial world. Mozilla would quite probably have never been written, if not for ESR's writings and evalgelism.
My vote is for Stallman over the other two, but they're all three entirely worthy.
I don't mind in the least bit if part of what I pay for infrastructure is used to subsidise the rural areas.
Where do you draw the line? Rural dwellers get publicly subsidized schools and roads, but not mass transit. They get publicly subsidized phone and power, but not water, sewer, or cable TV. Mail delivery, but not trash pickup. And so on. It seems pretty arbitrary to lump broadband in with things that should be subsidized.
$2.99? I got Bill Gates's "The Road Ahead" in a 50-cents bin. Are you telling me "Online!" is worth nearly six times as much as BillG's 1995-era visions of the future?
Unless you're running a root, 99% of Linux users have nothing to worry about from viruses. The viruses cannot effectively spread themselves.
I've heard that argument before, but it's still wrong. A program running as you has the ability to delete your email and data files and the ability to send out email to propagate itself. Who cares if it can mangle/bin/ls? I care much more that it can mangle/home/patrick/important_document.tex. Being root has nothing to do with anything.
That is why the "Linux viruses" you see are only in the labs of the anti-virus vendors.
No, that's because most virus writers and most victims are running Windows. Why write viruses for a desktop that only 1% of end users (and the 1% most likely to keep their systems patched) are running?
A well designed operating system security model will prevent the infection.
Your statement is true. Your implication that Linux's security model is well designed is not. Your email program can, if hijacked, execute programs, open network sockets to arbitrary hosts, and delete files. It doesn't need any of those privileges, but Linux has no mechanism to protect you on that level. All Linux can do is keep your email client from mangling/bin/ls -- so what?
Linux isn't prone to floppy-borne, executable-modifying viruses. But it certainly could be prone to email viruses if anyone finds a buffer overflow in pine, mutt, or Evolution.
RTFA. The entire car retails for $220K, and presumably some of that goes into buying the ugly body, paying for all that R&D, and so on.
They claim the battery has 50,000 Wh. My Dell battery has 66 Wh, so it would only take 758 such batteries (about $80K before any discounts) to power the tzero. Maybe the 6800 batteries figure actually refers to individual cells?
If nothing else, they must see some sort of economies of scale. Those 6800 batteries (or cells) don't all need casing, status LEDs, individual charging circuitry, and so on.
Still a little pricy to maintain when all that lithium dies after a year or two!
It's just damn unlikely to get 2 files with same MD5, and if you wanted to brute force it, you would have to try average 2^64 different files before you found one with identical MD5 to another file. And this would take a long time (actually not that terribly long, a few years at most, and it parallelizes perfectly).
The page you link to implies that it's possible to "easily" fabricate a file that produces a given check sum, so instead of months of processing time, only days or hours would be needed to get a MD5 hash collision.
There's a difference between finding two files with the same hash and finding a file with a specific hash. The former is an example of the Birthday Paradox and "only" takes 2^64 tries (perhaps a few months). The latter is truly brute-forcing the hash and would take 2^128 tries (a billion billion years or so).
To put it another way, if you get to generate both files, it's moderately difficult. If you have to generate a forgery for someone else's signature (an existing MP3 or ISO file), that's impossible.
So all P2P users / software makers need to do to circumvent this, is to agree on a specific MD5 sum, then patch every file so that they produce this same MD5 sum
That's a particularly strange request. For a small number of files, you get to control all of the files, so it's around 2^64. For a large number of files, you have to brute-force each one independently, so each file is 2^128. I think the actual expected time to make N files produce the same checksum is (N^N)/N!*2^64 or N*2^128, whichever is less.
In sum (pun intended), if two files have the same hash value, they almost certainly have identical contents, even if they are not of the same origin.
That's the real problem here. Part of the system of Checks and Balances here is that the company alleging infringement must do so under penalty of perjory,
On the contrary, the only statement that they must make under penalty of perjury is that they own the copyright for Pac Man. Their statement that a copyright has been infringed must be done in good faith, but there's no criminal liability if they're wrong.
Read the DMCA more closely, or go back and read the question that dealt with exactly this distinction in the recent Slashdot interview of DoJ copyright lawyers.
this means we need about 300 acres of mirrors. Seems real practical.
Ever been to Arizona? Big, empty state with a whole lot of sun. You can't miss it. 300 acres is under half a square mile, which means that you could build about 225,000 of these 200MW power plants in Arizona alone.
Did you read the article? The power output per acre is substantially better than hydro (no lake!) and is comparable to coal if you count the coal mining operations. And it doesn't cause smog, underground fires, ruined streams, trapped miners, or millions of tons of CO2 emissions, the way coal does.
All MOST users want is those 4 features, email, maybe mp3 playback, basic audio recording, simple stuff.
You're wandering off toward the "everyone uses only 20% of Bloatedsoft's features" fallacy. That may be so, but everyone's 20% is different. You yourself demonstrate that by throwing a few extra features into the mix: email, MP3, and voice memo. I consider those things useless, but I highly value my PDA's eBook reader, mapping software, KeyRing, and portable spreadsheet. Every feature Palm (or in my case Sony) includes has some devoted followers, to be sure.
The Palm platform has an excellent approach from a software perspective: a general-purpose CPU, a well-documented API, and backwards compatibility. You can install any app you find useful and leave the rest off. Some of the apps that I find useful require more CPU power, RAM, or screen colors than the Palm III, which is why I'm quite glad to have upgraded.
The hardware perspective (changing the damn connectors with each new generation) is another story.
Yes, I know how ATMs work, and I know what two-factor authentication is. The only reason I mentioned ATMs is to counter your "System A only accepts 8-character passwords, so System B will probably suck." Incidentally, the most important thing ATMs do from a PIN security standpoint is eat your card if you get the PIN wrong too many times in a row. A brute force attack is infeasible, even on a 10^4 space, if you only get five guesses.
My point about the 26 was that it would be a lot better to replace that 26 with 40
Why? A space of 26^20 is not the weak link here, nor will it be for another 30 years or more. If it ever becomes the weak link, it's easier to expand the number of inkblots than the number of characters in the Latin alphabet.
The ink blot model COMPLETELY RULES OUT the possibility of them being random
Passwords aren't random anyway. This system aims to replace unrandom passwords with passwords that are random enough but are still easy to remember. They're easy to remember because your brain is hard-wired in the way it recognizes blots.
psychiatrists used the rorshack tests for years under the assumption that 'normal' people see the same patterns in inkblots.
Have you actually read any of the psychological research papers on the subject? Adam, the intern who wrote the inkblot password system, did. There are published statistics about how stable each person's interpretations of inkblots are, as well as about the variety of things that different people see. And different people do see a couple dozen different things in any given inkblot. Compound that with the facts that 1) everyone gets different inkblots in this system, and 2) people can see the same thing but describe it different ways. Adam did experiments with actual human subjects and estimated the amount of entropy in people's blot interpretations. The entropy was well beyond that found in normal passwords.
The story says you get double the battery life with an external battery pack. Man. This thing would be sweet for watching movies on airplanes!
Sony's battery-life claims are based on using low-demand apps with the backlight off. Weasel Reader, for example, really does last the claimed 7-10 hours on a charge. Movie players don't. To watch a movie, you'll want the backlight turned all the way up, and the CPU and sound chip will be running full time. You'd be lucky to watch three hours of video, let alone ten.
Plus two more things. Movie-capable Clies thus far have shipped with Kinoma, which uses the highly proprietary Cinepak Mobile CODEC. Don't expect your DivX;-) rips to work. (I tried converting them. No love.) And second, have you checked the price of 1GB memory sticks recently? (Hint: more expensive than buying a portable DVD player!) How exactly did you plan to store that movie?
I guess the best way to look at Clies is as consumer gadgets, not hardware running an operating system: you get the software that comes with them. Some additional Palm software may work on them, but perhaps not all that well.
Unless you've actually verified this yourself, I cry FUD. I own a Clie SJ-33, and it's lovely. It runs every PalmOS app I've tried on it. The Clie-only apps and Clie HiRes modes in standard apps (e.g., Weasel Reader) are just bonus. It's no more a "[non-expandable] consumer gadget" than any other PalmOS device.
anything using audio, won't work on the Clies because Sony has created their own undocumented and proprietary APIs.
As of May 1st, they released a development library and accompanying documentation for the PA1 sound chip that ships in recent Clies. Check
here. Contrary to your claim of "undocumented and proprietary," the API is clearly based on MIDI, and it was documented well enough that I had an on-screen MIDI keyboard working in an evening.
Sony's biggest sin against its Clie developers is that their Clie emulator (an extended version of POSE) doesn't run under Linux. But the GPL source is there for anyone who wants to bother porting it.
But they funded his research - don't they get some credit for that?
Oh, absolutely. The development of Adam's inkblot idea belongs to Microsoft, both legally and morally. But the idea itself was Adam's.
I'd bet that if, instead of Microsoft, it was some "Slashdot approved" company that came up with this, nobody here would be jumping through hoops to explain why it didn't really count.
I'm not particularly trying to discount the idea. I worked for Microsoft last summer, too, and I saw plenty of good ideas form and get developed on company time. In this one case, I pointed out with tongue in cheek, Adam already had his idea before he started work.
Incidentally, I think our society makes a tradition of crediting ideas to their inventors, even while letting the employers reap the patent royalties. Who gets credit for inventing the transistor and the C programming language? Not AT&T. They funded it, but Shockley and K&R, respectively, tend to get the credit. And the inventor of the web isn't traditionally the CERN lab, but Berners-Lee, who just happened to be working there.
only 26 options for the first character, 26 for the next, etc.
Um... 26**20 is about 94 bits of entropy. Even if you could try a billion passwords per second, it would take you 631 billion years to guess the password. Brute force is not the right approach here. Words like "butterfly" (by) and "batman" (bn) are much more common than random pairs of characters.
Plus, how many places are there on the web that limit the lenght of passwords to like 8 or 10?
That's like saying that all passwords are a bad idea because ATMs only use four-digit pins. If you go to the trouble of putting an inkblot-based authenticator on your website, presumably you could also increase your password length limit to 20.
Slashdot Mirror
Very roughly, an optimization problem that can be solved in polynomial time on a nondeterministic Turing machine. NP-hard problems are believed (but not proven) to take greater than polynomial (but still finite!) time on deterministic computers. There are often approximation algorithms that get near-optimal solutions quickly, probabilistically, or for constrained classes of input. The mesh algorithm here appears to be an approximation algorithm.
Or Google for it: here's an answer
If only it were mid-June all year.
You must be new here. :)
Dude. The drive from LA to Lebec might be OK, but once you get down the hill, around the split with 99, there is nothing for 300 miles. Harris Ranch and that's it. Kern County is about 100 miles, of which maybe 5 are interesting. At least you can drive it all at 80mph.
The term "intellectual property" is vague (here, ESR means copyrights, rather than trademarks or patents), and the term "theft" doesn't apply particularly well. The wordier statement "all hackers condemn the unauthorized reproduction of copyrighted works, with the exception of fair and personal use" is somewhat more accurate, though probably still not true. Even better would be "all hackers condemn plagiarism," which is really what putting your name on someone else's code is. Plagiarism is a matter of honor, not law, and is somewhat more likely to be something that all hackers -- a pretty big and diverse group -- might condemn.
I know at least one hacker (ahem, a libertarian, even) who condemns copyrights and patents altogether and would probably describe ESR's assertion as nonsensical or undefined.
Condeming IP theft, Eric says, "is what distinguishes [hackers] from the cracker/phreak subculture." Nonsense. Destructive intent is what distinguishes crackers from hackers. Denial-of-service attacks and website vandalism have nothing to do with so-called "IP theft."
For the record, all hackers also don't use the hacker logo, any more than all hackers channel Greek gods. Eric would do well to describe his own opinions and let me describe my own.
The GPL uses existing copyright law to promote the production of free software. To enforce the GPL, the FSF has to be the copyright owner, which is why they do all the paperwork.
I believe that Stallman is on the record as saying he would prefer a no-copyrights regime. But given that copyrights exist, the FSF may as well use them. Being meticulous about copyright assignment makes it easier for the FSF to promote and defend GNU software.
A pendant is jewelry. You meant pedant, which is what I am being by responding. Like virii, your use of pendant is wrong. Not slang, just wrong.
If I referred to your sentence as "high-falutin'," that is slang. If I referred to it as "retartid," that is simply an incorrect spelling.
The English language isn't evolving new Latin-esque plurals. It's not slang. It's just ignorant pretension, which is the worst kind of pretension.
A four-finger screw grabber does it better in an even narrower space, when even chopsticks won't fit inside.
Brooks won the Turing Award. Given the choice between that and induction into a hall of fame that inducted the inventor of the KAYPRO (it was built in San Diego!) before they inducted Alan Turing himself... I'd totally choose the Turing Award.
You've got to give RMS and ESR more credit than that. Stallman also wrote GCC, which is alive and well and still evolving. ESR's software offerings are all a little small, but his "Cathedral and the Bazaar" helped bring open source software to the commercial world. Mozilla would quite probably have never been written, if not for ESR's writings and evalgelism.
My vote is for Stallman over the other two, but they're all three entirely worthy.
Then they should have used a self-parking Toyota Prius instead of a Hummer.
--The Oracle
Where do you draw the line? Rural dwellers get publicly subsidized schools and roads, but not mass transit. They get publicly subsidized phone and power, but not water, sewer, or cable TV. Mail delivery, but not trash pickup. And so on. It seems pretty arbitrary to lump broadband in with things that should be subsidized.
$2.99? I got Bill Gates's "The Road Ahead" in a 50-cents bin. Are you telling me "Online!" is worth nearly six times as much as BillG's 1995-era visions of the future?
Well, OK, maybe.
I've heard that argument before, but it's still wrong. A program running as you has the ability to delete your email and data files and the ability to send out email to propagate itself. Who cares if it can mangle /bin/ls? I care much more that it can mangle /home/patrick/important_document.tex. Being root has nothing to do with anything.
That is why the "Linux viruses" you see are only in the labs of the anti-virus vendors.
No, that's because most virus writers and most victims are running Windows. Why write viruses for a desktop that only 1% of end users (and the 1% most likely to keep their systems patched) are running?
A well designed operating system security model will prevent the infection.
Your statement is true. Your implication that Linux's security model is well designed is not. Your email program can, if hijacked, execute programs, open network sockets to arbitrary hosts, and delete files. It doesn't need any of those privileges, but Linux has no mechanism to protect you on that level. All Linux can do is keep your email client from mangling /bin/ls -- so what?
Linux isn't prone to floppy-borne, executable-modifying viruses. But it certainly could be prone to email viruses if anyone finds a buffer overflow in pine, mutt, or Evolution.
RTFA. The entire car retails for $220K, and presumably some of that goes into buying the ugly body, paying for all that R&D, and so on.
They claim the battery has 50,000 Wh. My Dell battery has 66 Wh, so it would only take 758 such batteries (about $80K before any discounts) to power the tzero. Maybe the 6800 batteries figure actually refers to individual cells?
If nothing else, they must see some sort of economies of scale. Those 6800 batteries (or cells) don't all need casing, status LEDs, individual charging circuitry, and so on.
Still a little pricy to maintain when all that lithium dies after a year or two!
The page you link to implies that it's possible to "easily" fabricate a file that produces a given check sum, so instead of months of processing time, only days or hours would be needed to get a MD5 hash collision.
There's a difference between finding two files with the same hash and finding a file with a specific hash. The former is an example of the Birthday Paradox and "only" takes 2^64 tries (perhaps a few months). The latter is truly brute-forcing the hash and would take 2^128 tries (a billion billion years or so).
To put it another way, if you get to generate both files, it's moderately difficult. If you have to generate a forgery for someone else's signature (an existing MP3 or ISO file), that's impossible.
So all P2P users / software makers need to do to circumvent this, is to agree on a specific MD5 sum, then patch every file so that they produce this same MD5 sum
That's a particularly strange request. For a small number of files, you get to control all of the files, so it's around 2^64. For a large number of files, you have to brute-force each one independently, so each file is 2^128. I think the actual expected time to make N files produce the same checksum is (N^N)/N!*2^64 or N*2^128, whichever is less.
In sum (pun intended), if two files have the same hash value, they almost certainly have identical contents, even if they are not of the same origin.
On the contrary, the only statement that they must make under penalty of perjury is that they own the copyright for Pac Man. Their statement that a copyright has been infringed must be done in good faith, but there's no criminal liability if they're wrong.
Read the DMCA more closely, or go back and read the question that dealt with exactly this distinction in the recent Slashdot interview of DoJ copyright lawyers.
Ever been to Arizona? Big, empty state with a whole lot of sun. You can't miss it. 300 acres is under half a square mile, which means that you could build about 225,000 of these 200MW power plants in Arizona alone.
Did you read the article? The power output per acre is substantially better than hydro (no lake!) and is comparable to coal if you count the coal mining operations. And it doesn't cause smog, underground fires, ruined streams, trapped miners, or millions of tons of CO2 emissions, the way coal does.
You're wandering off toward the "everyone uses only 20% of Bloatedsoft's features" fallacy. That may be so, but everyone's 20% is different. You yourself demonstrate that by throwing a few extra features into the mix: email, MP3, and voice memo. I consider those things useless, but I highly value my PDA's eBook reader, mapping software, KeyRing, and portable spreadsheet. Every feature Palm (or in my case Sony) includes has some devoted followers, to be sure.
The Palm platform has an excellent approach from a software perspective: a general-purpose CPU, a well-documented API, and backwards compatibility. You can install any app you find useful and leave the rest off. Some of the apps that I find useful require more CPU power, RAM, or screen colors than the Palm III, which is why I'm quite glad to have upgraded.
The hardware perspective (changing the damn connectors with each new generation) is another story.
Yes, I know how ATMs work, and I know what two-factor authentication is. The only reason I mentioned ATMs is to counter your "System A only accepts 8-character passwords, so System B will probably suck." Incidentally, the most important thing ATMs do from a PIN security standpoint is eat your card if you get the PIN wrong too many times in a row. A brute force attack is infeasible, even on a 10^4 space, if you only get five guesses.
My point about the 26 was that it would be a lot better to replace that 26 with 40
Why? A space of 26^20 is not the weak link here, nor will it be for another 30 years or more. If it ever becomes the weak link, it's easier to expand the number of inkblots than the number of characters in the Latin alphabet.
The ink blot model COMPLETELY RULES OUT the possibility of them being random
Passwords aren't random anyway. This system aims to replace unrandom passwords with passwords that are random enough but are still easy to remember. They're easy to remember because your brain is hard-wired in the way it recognizes blots.
psychiatrists used the rorshack tests for years under the assumption that 'normal' people see the same patterns in inkblots.
Have you actually read any of the psychological research papers on the subject? Adam, the intern who wrote the inkblot password system, did. There are published statistics about how stable each person's interpretations of inkblots are, as well as about the variety of things that different people see. And different people do see a couple dozen different things in any given inkblot. Compound that with the facts that 1) everyone gets different inkblots in this system, and 2) people can see the same thing but describe it different ways. Adam did experiments with actual human subjects and estimated the amount of entropy in people's blot interpretations. The entropy was well beyond that found in normal passwords.
Sony's battery-life claims are based on using low-demand apps with the backlight off. Weasel Reader, for example, really does last the claimed 7-10 hours on a charge. Movie players don't. To watch a movie, you'll want the backlight turned all the way up, and the CPU and sound chip will be running full time. You'd be lucky to watch three hours of video, let alone ten.
Plus two more things. Movie-capable Clies thus far have shipped with Kinoma, which uses the highly proprietary Cinepak Mobile CODEC. Don't expect your DivX;-) rips to work. (I tried converting them. No love.) And second, have you checked the price of 1GB memory sticks recently? (Hint: more expensive than buying a portable DVD player!) How exactly did you plan to store that movie?
Unless you've actually verified this yourself, I cry FUD. I own a Clie SJ-33, and it's lovely. It runs every PalmOS app I've tried on it. The Clie-only apps and Clie HiRes modes in standard apps (e.g., Weasel Reader) are just bonus. It's no more a "[non-expandable] consumer gadget" than any other PalmOS device.
anything using audio, won't work on the Clies because Sony has created their own undocumented and proprietary APIs.
As of May 1st, they released a development library and accompanying documentation for the PA1 sound chip that ships in recent Clies. Check here. Contrary to your claim of "undocumented and proprietary," the API is clearly based on MIDI, and it was documented well enough that I had an on-screen MIDI keyboard working in an evening.
Sony's biggest sin against its Clie developers is that their Clie emulator (an extended version of POSE) doesn't run under Linux. But the GPL source is there for anyone who wants to bother porting it.
--Patrick, happy Clie user/developer
Oh, absolutely. The development of Adam's inkblot idea belongs to Microsoft, both legally and morally. But the idea itself was Adam's.
I'd bet that if, instead of Microsoft, it was some "Slashdot approved" company that came up with this, nobody here would be jumping through hoops to explain why it didn't really count.
I'm not particularly trying to discount the idea. I worked for Microsoft last summer, too, and I saw plenty of good ideas form and get developed on company time. In this one case, I pointed out with tongue in cheek, Adam already had his idea before he started work.
Incidentally, I think our society makes a tradition of crediting ideas to their inventors, even while letting the employers reap the patent royalties. Who gets credit for inventing the transistor and the C programming language? Not AT&T. They funded it, but Shockley and K&R, respectively, tend to get the credit. And the inventor of the web isn't traditionally the CERN lab, but Berners-Lee, who just happened to be working there.
Um... 26**20 is about 94 bits of entropy. Even if you could try a billion passwords per second, it would take you 631 billion years to guess the password. Brute force is not the right approach here. Words like "butterfly" (by) and "batman" (bn) are much more common than random pairs of characters.
Plus, how many places are there on the web that limit the lenght of passwords to like 8 or 10?
That's like saying that all passwords are a bad idea because ATMs only use four-digit pins. If you go to the trouble of putting an inkblot-based authenticator on your website, presumably you could also increase your password length limit to 20.