Many posts are talking about Pi being random.
Well, Pi is not random: it's Pi!
Also, the digits of Pi are not "random". It I want to compute the 1024th digit of Pi, I can. So, it's not a random number.
The word "random" might not be the most appropriate here. The question is whether any "substring" of Pi (expressed in any base) appears exactly as frequently as any other substring of the same length.
What is rather clear is that you cannot deploy a voting system, nor any paiement or security system for that matter, in the current environment. To deploy such systems, you need secure platforms. I mean really secure. So, naturally, Windows won't do. And even the Unices, will are probably much better security wise, are most likely not secure enough in practice.
What could be done nowadays, however, is a system using smartcard, or a similar hardware system.
In some European countries (and most notably France), smartcards are already being used, and smartcard readers that you can plug in your PC are starting to be available.
A generalisation of such a system could allow, among other things, a rather secure voting system. Of course, if would make it a bit easier to buy votes and control what people do, but there is not so much that can be done about this...
Re:Look at the bottom line - not so fast
on
Mandrake Shakeup
·
· Score: 3
but it is a simply matter of a simple budget.
When executives are let go in groups, it is very, very rarely an issue of budget cuts.
Well, this depends how much they are paid... There was a rumor that they were paid a LOOOOOOOOOOOT... Not sure how it went exactly but the following scenario makes sense:
A group of mostly developpers start a company
They realize they need a stronger management
They hire a team of executives
This team takes a LOT of money
The core developpers team is not happy with the management ans still has a majority of shares
Maybe you already got a close look at this, but if not, you should definitely write a good tutorial on caching... It is just amazing how a web site which is nicely set up for caching can save on bandwidth (which is, I assume, your primary cost)... and that's true even when you serve more or less personalized content.
All you need to do is make sure URLs are unique and totally define what's in the page, set up a good caching policy for all your site and watch your bandwidth costs go doooooown.
...on our own paper regarding the SDMI challenge. Now, I'm not sure I will...
What I think is really very funny is that the SDMI didn't contact us to have to paper removed or something. This probably means that either 1) they know we are French and know the DMCA doesn't apply or 2) (most likely) they don't really care about our results because we are attacking an algorithm that they haven't picked.
So the funny point is that they had apparently already chosen and deployed an algorithm before the contest. Now they are whinning because the Princeton team (brillantly) broke this very algorithm. And they are invoking some almost "moral" reasons for that, while they probably would have shut up if only the three other algorithms had been broken.
Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up, and that eventually the US one will be removed.
Activation code or not, it is very possible that windows is already sending sensitive information away. There are some incredibly subtle way to do this so that any statistical analysis on the output would fail.
I would make perfect sense that MS has installed a backdoor which leaks information slowly. I mean, they'd have the ultimate spying tool ever...
I would never use Windows or any closed source product to handle sensitive information, activation code or not.
Yes, it seems to be some kind of practical joke... So what? A large part of the population (a majority in some countries) does not believe in god, so "Jedi" seems to be as good as anything else. Furthermore a "religion" is something pretty vague and an "official" religion is just a religion who has enough adepts, so I do not see why "Jedi" would be somehow inferior to any other religion...
Users are greedy. If you want this system to work, you shouldn't be giving away karma, but money.
If you have enough "karma ad" points, then you can get the latest cool item at thinkgeek. _That_ might work. You'll have to face the problem of cheating though...
I can't believe the number of people who claim this cypher is bullshit without even seeing it. I mean, this is not coming from some random guy. Michael Rabin is one of the best cryptologist ever. Furthermore, he does not actually claim that his scheme is "unbreakable". He claims that in standard schemes the security relies on an assumption on the limitation of the computing power of the adversary and that in his scheme, the security relies on the assumption on the limitation of the storage of the adversary, independantly of his computing power, which may be infinite.
This is certainly a very nice result, now it has to be published and analyzed before we can say more. From the short description in the article, it seems that there is a stream of random number which comes in at very high speed and that to decipher, you have to know which part of the stream was used. Well, if you are "lucky", you can just store small parts of the stream from time to time and maybe you'll get the very right one. Of course, the probability is negligeable, but the probability to guess the key in a traditionnal cypher is too!
Naturally here, the nice thing seems to be that if you don't get the right part of the stream, you will never be able to decipher no matter how long you spend, whereas in traditionnal settings, you will be able to decipher after some time (say a few million years)...
I've asked this several times before, but have yet to see a satisfactory answer: why does it have to be that we can break this?
Well, noone knows the answer, but there are a few points (among others) which makes the existence of robust watermarks in the near future rather improbable.
They are supposed to be inaudible, so compression algorithms will hit them where it hurts.
Most people don't care soooo much about quality of music being slightly degraded, so the watermark should be even more robust than the song itself (in some sense).
When detector are available, you will be able to make of LOT of trials and errors, and you will be able to do them step by step, has the SDMI requires that the songs stop after 15 seconds if a mark is detected, no matter where you start in the song.
Finally, to the best of my knowledge, there is currently no "public key" watermarking method available, in the sense that you will need to protect some sort of secret with a tamper-resistant device or obfuscated code.
But well, it is also possible that there is a breakthrough in watermarking research in some time...
Imagine there were an address like sysadmin@home.com. It would get literally flooded with zillions of emails of users not being able to read their mail or to access their favorite prOn site.
My own humble experience at contacting network sysadmins (with some real reason) is that
first, you don't get through, then you don't get through, then if you eventually get through, the sysop will usually start by assuming you're just another dumbass. Finally, if you are lucky enough to reach him to make your point, then you might get an answer. At least in my case, when I (finally) managed to obtain the "private" email of the sysop and carefully explained the routing problem I had thought their network, I received a nice reply (and the problem was fixed) in a matter of minutes!
So, do your best at explaining that your problem is REAL and that you know what you are talking about... But of course, theatre courses might be more efficient then CS here:)
No offence intended towards the anonymous poster, but why is this a piece of "news for the nerds"?
Oooh. I see, because of the "INTERNET" company...
Come on... These kind of questions are getting pretty ridiculous. Soon we will see:
An anonymous 12 years old girl says : I met a boy on the "INTERNET". I really like him a lot, but he seems to like my best girlfriend Nina more than he likes me. I tried to dye my hair, but he did not like it either. Please, Slashdot community, I need your help! Tell me what to do to get his attention.
I'm French, and I've worked in the US for more than 1 year total, in 3 or 4 large companies or start-ups .
There are several differences you will find in France:
Much lower salaries. I can make about 4 or 5 time my salary in the US. However, if you plan to stay for a long time, you will realize, that the health care (free), the education (free) and the retirement (included) will compensate so that the real difference is only a factor af about 1.5 to 2. However, if you plan to come here for just a few years and go back, your salary will diminish.
Much more holidays. Period.
Shops that close earlier (makes a difference for geek who finish their job late).
People with better social skills in average. (This is from my personnal experience of US companies, your mileage may vary).
People who smoke in their offices:)
MUCH better wine and REAL cheese !!
Regarding the language, usually in high tech companies, people speak english pretty well, but you would want to learn for everyday life anyway.
Also, many people have a very bad view of americans, mostly due to the arrogance of the vast majority of the tourists, who do not even understand that the ATM cannot give them dollars but francs (I've seen that) or that people in France do not speak english as their primary language, but if you play it cool, that should be fine too:)
The metric system is UNIFIED with respect to distances, weight and temperature.
The unit for distance is defined as 1/40000000 of the circonference of the earth (well, now, it's defined by light but...), then the weight unit is defined as the weight of 1 cubic meter of water at sea level (1000kg), finally the temperature is defined by the frozing and boiling points of water (under condition that I don't exactly remember).
All these definitions come from physical things, while anglo-saxon measures come from nothing.
Furthermore, the metric system is WAY easier to use, no matter what you thing.
This is why the system should change, but I you said, unfortunately, this is not going to be any time soon:)
How can one claim to have been legitimately elected when the difference is made on a smallish bunch of votes? I meant, whoever wins, there will be suspicion of fraud, or misleading ballots or booth closing 5 minutes late or whatever. Of course, that won't come from the "big" guys, but you can be sure that the controversy on this election will last for loooong.
I meant what will the new president say?
"Thanks to all of you! We totally kicked the a** of the [republicans|democrats]. Thanks in particular to the 5 folks who made the difference in Florida. Now, we are just going to apply _our_ politic without taking care of these losers!"
;)
We all know that USA is recruting a LOT of geeks worldwide, so what about this for the next poll (especially if Bush wins)...
What you you feel about going to work and live in a country where human rights are constantly trashed? (Mostly because of the shitty money-based legal system, and the roll-and-dice-to-decide death penalty).
human what?
I wish they could do better, but I just care about bick bucks
That would be a big problem
I wouldn't go
(And yeah, this is flamebait, but well, if geeks could do something for that...)
The problem would be solved if you could educate students. Backups are the way to go, whatever the media is. However, as some people pointed out, this is nearly impossible to MAKE students do something.
So, maybe you could try something like this:
one week before they have to give this huge project. Backup all there homedirs, and erase them all. Then, send email to explain that you are terribly sorry, but everything has been lost due to a power outage and a fire and a flood and whatever.
Way one day or two (just before the major riot in the school) and give everything back, with a little sermon on backups:)
And don't be a BOFH, be careful to actually BACKUP everything, else...:)
First, I have some severe doubts about the fact that all 6 technologies have been "cracked".
Technologies D and E if properly implemented should not be crackable. They are basically digital signatures.
Regarding techno A,B,C and F (watermarking technologies), the problem is the following.
They start with a song A and create a marked version A'. Now there are two ways to "remove" the mark: either find A again (or something extremely close to A) or create yet a new version A'', which is not necessarily close to A, but where the mark is not detected. In the first case, you need a complete understanding of how the watermark is working, is the second, you can just randomly modify the song until the Oracle tells you it can't detect the mark.
If you can recreate A, (or almost can), then it is a major crack, because (1) it will work for all song, (2) it will almost surely pass the audibility testing.
If you won be creating some A'', then there is no garantee that your attack will work against another song, nor that the audibility test will be passed, nor that the audibility test will be passed for other songs.
I assume most attacks followed the second path because they require less technical knowledge. This is why the SDMI needs to do a lot of testing.
As a side note, the hard part in the contest, (if you really want to recover the original A), is to understand how detection works exactly. I won't mention the specific technologies, but I can tell that for some of them, finding the algorithm was rather simple. Some others introduced artefacts to make the recovery harder.
However, SDMI people need to realize that if they release their system, it _will_ be reverse enginnered and that the detection algorithm will be made public. Once you know how detection works, it is usually fairly easy to peform this major cracking, e.g. surgically removing the mark, without damaging the song.
Hum, hopefully this is going to be expensive, else I can only imagine how work would be like, when your "office" will be reduced to the size of one of these things.
- "Err.. Where is my office?"
- "But this IS your office, you have everything you need inside. We are actually waiting for the new model, which features a body excrements removal system, walls and a sas lockable from outside. Have fun!"
I would like to patent the process of hiring some random stupid lawyers in order to write down an utterly foolish well known idea, and to make it accepted as a patent by the USPTO.
Note 1: The patent also applies if the lawyer happens to be smart.
Note 2: There is no prior art: as a matter of fact, who would dare to think that the USPTO has already accepted foolish patents. (Oh well, maybe some will, but the USPTO won't anyway).
Note 3: This patent cannot if any case be considered foolish: if it was, either it's acceptance or it's innaceptance would lead to illogical results. Therefore, it should be accepted.
"A method of using javascript or similar technology to produce a series of Web page-displayed images that, automatically either causes a purchase to be consummated or causes a series of preselected items to be placed in a single customer-accessible data file so that the customer can purchase all selected items at the same time instead of having to perform a series of separate transactions except if the customer clicks fast enough to cancel the transaction"
I disagree. Ideally, they should have given an Oracle for reverse-engineering too, but as it is, it's not so bad... The info they are providing is different that what you would have in real life, but is not strictly lower (you don't have the original in real life). There is enough data to break everything (expect maybe technos d and e, where some details about the processing would be much helpful, especially considering that it could be reverse-engineered in real life...).
Slashdot Mirror
Many posts are talking about Pi being random.
Well, Pi is not random: it's Pi!
Also, the digits of Pi are not "random". It I want to compute the 1024th digit of Pi, I can. So, it's not a random number.
The word "random" might not be the most appropriate here. The question is whether any "substring" of Pi (expressed in any base) appears exactly as frequently as any other substring of the same length.
What is rather clear is that you cannot deploy a voting system, nor any paiement or security system for that matter, in the current environment. To deploy such systems, you need secure platforms. I mean really secure. So, naturally, Windows won't do. And even the Unices, will are probably much better security wise, are most likely not secure enough in practice.
What could be done nowadays, however, is a system using smartcard, or a similar hardware system.
In some European countries (and most notably France), smartcards are already being used, and smartcard readers that you can plug in your PC are starting to be available.
A generalisation of such a system could allow, among other things, a rather secure voting system. Of course, if would make it a bit easier to buy votes and control what people do, but there is not so much that can be done about this...
When executives are let go in groups, it is very, very rarely an issue of budget cuts.
Well, this depends how much they are paid... There was a rumor that they were paid a LOOOOOOOOOOOT... Not sure how it went exactly but the following scenario makes sense:
Maybe you already got a close look at this, but if not, you should definitely write a good tutorial on caching... It is just amazing how a web site which is nicely set up for caching can save on bandwidth (which is, I assume, your primary cost) ... and that's true even when you serve more or less personalized content.
All you need to do is make sure URLs are unique and totally define what's in the page, set up a good caching policy for all your site and watch your bandwidth costs go doooooown.
...on our own paper regarding the SDMI challenge. Now, I'm not sure I will...
What I think is really very funny is that the SDMI didn't contact us to have to paper removed or something. This probably means that either 1) they know we are French and know the DMCA doesn't apply or 2) (most likely) they don't really care about our results because we are attacking an algorithm that they haven't picked.
So the funny point is that they had apparently already chosen and deployed an algorithm before the contest. Now they are whinning because the Princeton team (brillantly) broke this very algorithm. And they are invoking some almost "moral" reasons for that, while they probably would have shut up if only the three other algorithms had been broken.
Anyway, I hope that this story will illustrate the dangers of the DMCA so that the european equivalent which is on its way will never come up, and that eventually the US one will be removed.
I would make perfect sense that MS has installed a backdoor which leaks information slowly. I mean, they'd have the ultimate spying tool ever...
I would never use Windows or any closed source product to handle sensitive information, activation code or not.
Yes, it seems to be some kind of practical joke... So what? A large part of the population (a majority in some countries) does not believe in god, so "Jedi" seems to be as good as anything else. Furthermore a "religion" is something pretty vague and an "official" religion is just a religion who has enough adepts, so I do not see why "Jedi" would be somehow inferior to any other religion...
If you have enough "karma ad" points, then you can get the latest cool item at thinkgeek. _That_ might work. You'll have to face the problem of cheating though...
This is certainly a very nice result, now it has to be published and analyzed before we can say more. From the short description in the article, it seems that there is a stream of random number which comes in at very high speed and that to decipher, you have to know which part of the stream was used. Well, if you are "lucky", you can just store small parts of the stream from time to time and maybe you'll get the very right one. Of course, the probability is negligeable, but the probability to guess the key in a traditionnal cypher is too!
Naturally here, the nice thing seems to be that if you don't get the right part of the stream, you will never be able to decipher no matter how long you spend, whereas in traditionnal settings, you will be able to decipher after some time (say a few million years)...
Well, noone knows the answer, but there are a few points (among others) which makes the existence of robust watermarks in the near future rather improbable.
But well, it is also possible that there is a breakthrough in watermarking research in some time...
Julien Stern
This is true, and I think it's really bad.
I hope the legal problem will be settled and that they will publish their results soon.
I have reasons to believe that their results are excellent, especially on the algorithms that for which we haven't posted a technical report yet.
Julien Stern
And possibly some pissed off French hackers turning up at Hemos's house to have a word :)
:)
Oh well,
about 11 hours is quite a long way to have a little talking with "daddy" Hemos, so...
Julien Stern
Imagine there were an address like sysadmin@home.com. It would get literally flooded with zillions of emails of users not being able to read their mail or to access their favorite prOn site.
... But of course, theatre courses might be more efficient then CS here :)
My own humble experience at contacting network sysadmins (with some real reason) is that
first, you don't get through, then you don't get through, then if you eventually get through, the sysop will usually start by assuming you're just another dumbass. Finally, if you are lucky enough to reach him to make your point, then you might get an answer. At least in my case, when I (finally) managed to obtain the "private" email of the sysop and carefully explained the routing problem I had thought their network, I received a nice reply (and the problem was fixed) in a matter of minutes!
So, do your best at explaining that your problem is REAL and that you know what you are talking about
No offence intended towards the anonymous poster, but why is this a piece of "news for the nerds"?
Oooh. I see, because of the "INTERNET" company...
Come on... These kind of questions are getting pretty ridiculous. Soon we will see:
An anonymous 12 years old girl says : I met a boy on the "INTERNET". I really like him a lot, but he seems to like my best girlfriend Nina more than he likes me. I tried to dye my hair, but he did not like it either. Please, Slashdot community, I need your help! Tell me what to do to get his attention.
Due to the impossibility of error counts by a software, we can now announce that
Mr Bush has beaten Mr Gore by 567% to 556%...
There are several differences you will find in France:
Regarding the language, usually in high tech companies, people speak english pretty well, but you would want to learn for everyday life anyway.
Also, many people have a very bad view of americans, mostly due to the arrogance of the vast majority of the tourists, who do not even understand that the ATM cannot give them dollars but francs (I've seen that) or that people in France do not speak english as their primary language, but if you play it cool, that should be fine too
Good luck...
The metric system is UNIFIED with respect to distances, weight and temperature.
:)
The unit for distance is defined as 1/40000000 of the circonference of the earth (well, now, it's defined by light but...), then the weight unit is defined as the weight of 1 cubic meter of water at sea level (1000kg), finally the temperature is defined by the frozing and boiling points of water (under condition that I don't exactly remember).
All these definitions come from physical things, while anglo-saxon measures come from nothing.
Furthermore, the metric system is WAY easier to use, no matter what you thing.
This is why the system should change, but I you said, unfortunately, this is not going to be any time soon
How can one claim to have been legitimately elected when the difference is made on a smallish bunch of votes? I meant, whoever wins, there will be suspicion of fraud, or misleading ballots or booth closing 5 minutes late or whatever. Of course, that won't come from the "big" guys, but you can be sure that the controversy on this election will last for loooong.
I meant what will the new president say?
"Thanks to all of you! We totally kicked the a** of the [republicans|democrats]. Thanks in particular to the 5 folks who made the difference in Florida. Now, we are just going to apply _our_ politic without taking care of these losers!"
;)
What you you feel about going to work and live in a country where human rights are constantly trashed? (Mostly because of the shitty money-based legal system, and the roll-and-dice-to-decide death penalty).
(And yeah, this is flamebait, but well, if geeks could do something for that...)
The problem would be solved if you could educate students. Backups are the way to go, whatever the media is. However, as some people pointed out, this is nearly impossible to MAKE students do something.
:)
:)
So, maybe you could try something like this:
one week before they have to give this huge project. Backup all there homedirs, and erase them all. Then, send email to explain that you are terribly sorry, but everything has been lost due to a power outage and a fire and a flood and whatever.
Way one day or two (just before the major riot in the school) and give everything back, with a little sermon on backups
And don't be a BOFH, be careful to actually BACKUP everything, else...
First, I have some severe doubts about the fact that all 6 technologies have been "cracked".
Technologies D and E if properly implemented should not be crackable. They are basically digital signatures.
Regarding techno A,B,C and F (watermarking technologies), the problem is the following.
They start with a song A and create a marked version A'. Now there are two ways to "remove" the mark: either find A again (or something extremely close to A) or create yet a new version A'', which is not necessarily close to A, but where the mark is not detected. In the first case, you need a complete understanding of how the watermark is working, is the second, you can just randomly modify the song until the Oracle tells you it can't detect the mark.
If you can recreate A, (or almost can), then it is a major crack, because (1) it will work for all song, (2) it will almost surely pass the audibility testing.
If you won be creating some A'', then there is no garantee that your attack will work against another song, nor that the audibility test will be passed, nor that the audibility test will be passed for other songs.
I assume most attacks followed the second path because they require less technical knowledge. This is why the SDMI needs to do a lot of testing.
As a side note, the hard part in the contest, (if you really want to recover the original A), is to understand how detection works exactly. I won't mention the specific technologies, but I can tell that for some of them, finding the algorithm was rather simple. Some others introduced artefacts to make the recovery harder.
However, SDMI people need to realize that if they release their system, it _will_ be reverse enginnered and that the detection algorithm will be made public. Once you know how detection works, it is usually fairly easy to peform this major cracking, e.g. surgically removing the mark, without damaging the song.
Hum, hopefully this is going to be expensive, else I can only imagine how work would be like, when your "office" will be reduced to the size of one of these things.
- "Err.. Where is my office?"
- "But this IS your office, you have everything you need inside. We are actually waiting for the new model, which features a body excrements removal system, walls and a sas lockable from outside. Have fun!"
I would like to patent the process of hiring some random stupid lawyers in order to write down an utterly foolish well known idea, and to make it accepted as a patent by the USPTO.
Note 1: The patent also applies if the lawyer happens to be smart.
Note 2: There is no prior art: as a matter of fact, who would dare to think that the USPTO has already accepted foolish patents. (Oh well, maybe some will, but the USPTO won't anyway).
Note 3: This patent cannot if any case be considered foolish: if it was, either it's acceptance or it's innaceptance would lead to illogical results. Therefore, it should be accepted.
"A method of using javascript or similar technology to produce a series of Web page-displayed images that, automatically either causes a purchase to be consummated or causes a series of preselected items to be placed in a single customer-accessible data file so that the customer can purchase all selected items at the same time instead of having to perform a series of separate transactions except if the customer clicks fast enough to cancel the transaction"
I disagree. Ideally, they should have given an Oracle for reverse-engineering too, but as it is, it's not so bad... The info they are providing is different that what you would have in real life, but is not strictly lower (you don't have the original in real life). There is enough data to break everything (expect maybe technos d and e, where some details about the processing would be much helpful, especially considering that it could be reverse-engineered in real life...).