They are forging your domain, so they are clearly in violation. I'm just hoping that one day they are "close" enough that this will have some effect.....
That is exactly the idea. You can decide on the number (5 seconds) in advance, but will waste a lot of time if the computation really takes a lot less. Or you might end up with "no improvement" if you happen to buy a faster computer....
So the trick is usually to make all yes/no paths take exactly the same amount of time. That's the idea I was trying to show.....
You are not fit to be a cryptographic-program-writer. You SHOULD check the assembly output of your compiler before deploying the code, to make sure that the "else" part consumes exactly the same number of cycles.
On an CISC machine you should possibly even modify the assembly:
; test the bit.
jne elsepart
mov 1, badbit
jmp next elsepart:
mov 1, goodbit next:
by adding a
jmp next
into the "else" part to make the timing identical. It is exactly these minute timing differences that cryptanalysts use to determine the probable values of the bits..... Even in the presence of multitasking timing differences, or even networking delays, they manage to reduce the "time-to-crack" from billions of years to something humans can understand.
On a RISC machine you often have conditional instuctions. The compiler will then most likely turn the C-pseudocode above into something like
mov 1, R3
test [....]
moveq R3, R4
movne R3, R5...
store R4, badbit
store R5, goodbit
which needs no modification to be entirely "flat" on the timing front...
The idea is that bad code will do something like: if (bit[i] != key[i]) return FALSE;
By timing this accurately, you'll know what (approximately) bit failed. Once fixed, and everyone agrees the fix is trivial, your code will look something like: if (bit[i] != key[i]) bad_bit = 1;
else good_bit = 1; [...] if (bad_bit) return FALSE;
As you can see the computer has to do exactly the same work for a good or a bad bit. Thus the timing should be identical.
It's VERY VERY hard to mask these timing issues by "random" delays. Worst case, the attacker guesses your random numbers. Best case, the attacker will have to run his attack a couple more times to get the same results through the noise.
Cryptographers have known about this for years. In fact, this (kind of) attack was posted on slashdot no more than a week ago.
Working for a data-recovery company, we regularly have to send drives back to customers. We'd rather not have them damaged in transit. So we now have boxes that we use to send the drives to customers.
As a test, I put a working drive in one of our boxes, and dropped it from 250m from a paraglider.
In my experience a compiler with all warnings on will warn of something "innocent" in about 90% of the cases. On average it will cost me about 30 seconds to fix the warning, and recompile.
However, those 10% of the cases, I'll save more than half an hour because the compiler pointed me to a bug, line number and all.
The classical
if (ch = EOF) {...
will generate a warning. You'll find it if you pay attention to your compiler warnings. And that's only possible if it normally doesn't spew pages full of "benign" warnings.
So: I fully agree: fix the warnings, so that your code compiles cleanly.... And of course, if your compiler complains it does pay to look around the code a bit to see the problem. In the above example, you can make the warning go away by adding an extra set of braces:
if ((ch = EOF)) {...
but that just hides the warning, it doesn't fix the bug. So if you're coding: stay alert.
I can't find any way to contact you: No email addresses anywhere. You may want to fix that....
My understanding as a non-lawyer is that they can force you to stop using the logo. They might also be able to stop you from using the letters PCI if you were to refer to something that they didn't want to be called PCI.
So, IMHO, you'd be OK if you just remove the logo from your site.
Also, if they disagree with the content on your site, they have a valid claim to want to distantiate themselves from it. However, you now have written proof that they WANT to be associated with the information on your site: they are saying they want your information on their own site!
I'm not from the USA, but "COD" means "cash on delivery", right?
Cash as in "real money"? I thought that this was the way to ensure that you got the money provided that the item gets delivered.
If FedEx doesn't bring you the cash it got for the item, then I'd say that FedEx has a problem. If FedEx is stupid enough to accept bouncable cheques, then that's FedEx's problem.
I have to conclude that FedEx doesn't want to run around with loads of cash, and accepts cheques. But this defeats the whole purpose of COD, so why do this?
To be honest, I haven't read the article, but the consensus here is that 50 years ago, technology was not in the state that "2k RAM" was an option. The same goes for 300KHz.
Both figures would fit into "early sixties", or 40 years ago.
Current practise in "patent-land" seems to be to sit on your patents until they are widely used, and then come out of the closet to claim royalties.
The problem is that people have patents on just about anything. If you're compressing audio, there is always someone who can (will!) claim they have a patent.
For example: If I understand the MP3 patent correctly, it applies to ANY lossy audio compression.
Ehmm. can anybody tell me why I would like to roll up my screen? My laptop has a big rigid part, and the screen fits right along the top. My worstation has a flat screen sitting on top of the desk. Now if the screen would be higher quality than either, I can see myself rolling it up and taking it home. But for me to be rolling up screens they have to be cheap. You don't just do that with an expensive screen, do you? But if they are cheap I'll just buy one for at home and one for at work.
I just don't see a combination of cheap/expensive and usefulness that would make the "able to roll it up" feature essential.
Now there are a bunch of geeky things you can do with a rolable screen. But that's just geeky. Nothing really very useful.
If these things would become very, very cheap, then maybe. However, as they are going to have to have adressable pixels, you will have to have per-pixel electronics, and even when the price of those drops below 0.01 cents per pixel, you still want more than a million of them. And it's not pretty if there is a "dead" one. On a digital camera, you can map the dead pixels out. Nobody is going to notice. But on a screen there is not much you can do about a dead pixel.... Getting a million pixels "just right" is going to stay tricky and expensive.
The whole time you deal with PayPal, you do it all through website/e-mail, right? Why should that change just because you got screwed?
Whoa there! That would be fine and convenient, yes, but then they would be required to properly handle the issue over the EMail. They are allowed to have a couple of "canned" responses ready for popular questions, but you have to be able to get through to a human one way or another.
It is the flexibility of then screwed customer that they are willing to switch to some other form of communication than "the internet". But it usually only happens if contacting a human through the internet doesn't work.....
As far as I can see, the service is $9.95 per month, allowing you to burn 10 songs per month. Yes, that comes to $ 0.99 (or with proper rounding $1.00) per song, but it does NOT allow me to buy/burn 100 songs this month and then buy none next month.
The only way to get 120 songs is to subscribe for a year and pay $9.95 the whole year.
Not that I can speak from experience, but the army here has ads about "seeing the world", but I doubt that you'll get to see anything you want to see if you join the army.....
Even when the economy is bad, if you're good you're going to find a job. So, spin a globe, pick a place, and send a bunch of resumes in that direction. Make sure you "live cheap" so that you will be able to fall into a "work 6 months, travel 2 months" schedule, or something like that. Travel a bit around the "work" place as well. Then you should have enough saved to be able to say goodbye, and travel for two months straight. Then find a job again, preferably somewhere else. Repeat 2 or 3 times......
In an airliner, the jet turbine is driving some huge fans to propel the aircraft, causing vibrations in the air (sound). In these jet engines for electrical power, they are not moving as much air, thus I would expect much less noise.
As far as I understand things, he says he didn't break the official rules. He says that the interpretation is currenlty very strict, so that what he did was "uncommon".
It melts around 319 degrees centigrade, and starts to boil around 1387. I think it's just going to boil and give you gaseous NaOH. (My table doesn't have an entry for boiling point if the salt desintegrates before boiling).
But where were you going to put it in while it boils?....
The Human gene set holds about 3 billion acid pairs. Thus you'd need a file of about 3 gigabytes to hold it in plain ascii. The file holds only 2 bits per byte, so can trivially be compressed to 600M, but gzip is very likely able to do much better.
#include
int main (int argc, char **argv) {
int ch;
char ACGT[] = "ACGT";
Life develops if there are cycles. Earth has cycles: waves in the seas: 1-10 seconds. Tides: 0.5 days. days: 1.0 days, weather: 3-7 days. moon shine: 28 days, Seasons: 1.0 years, solar cycles: 11 years, climatic cycles: 10000 years. (I probably forgot a bunch!)
For life to develop, cycles are very important. A cycle at around every "order of magnitude" is almost compulsory.
Once life is "bootstrapped" in the most ideal place of all those cycles, it will suddenly be able to survive in the weirdest of conditions.
On pluto, the year cycle is WAY too long, the planet is WAY too far from the sun to experience lots of the influences of the cycles of the sun. etc etc. Nope, Pluto is going to be lifeless, unless we (or someone else) bring(s) it some seeds.....
- a 10-year gap in your "activities". Either educational or in the work section. You'd better have a good explanation, and it better show on the resume: You won't get invited to tell me in person.
- Highly under-qualified work. College graduate person swapping tapes for example. Either you were very desparate for a job because everybody else was turning you down, or they figured out that that was all you were good for after a week or so, so that's what you ended up doing. It's certainly a hint when other people were declining someone a job....
- Not listing your mother tongue as a "language you master".
I'm currently interviewing people for a job: Technical, hardware/software, you have to work in Delft, The Netherlands. EE/CS college degree. Linux(unix) expertise very much a bonus. Company: Harddisk-recovery.com, send CVs to r.e.wolff@harddisk-recovery.com.
I think they are worried about the cost of bandwidth.
Being friends with some sysops at a university means you sometimes get to see the numbers.
Most universities are connected to some "research-internet" which has enormous amounts of bandwidth.
P2P networks however tend to consume large, VERY LARGE amounts of bandwidth.
A couple of years ago, before p2p networks took off, they had more than 60% of the 155Mb/s dedicated to file-sharing. Now they must have something like 10 times more bandwidth and a higher percentage of "illegal music" moving about.
Even if you're a large university, the sharing of the student's own music is not going to be significant on the bandwidth bill...
I do datarecovery. I used to hold office in my home. So a client comes in with his drive, finds nobody at the "ofice", and drops the drive through the mailbox.
(For the americans: on this side of the ocean we usually have a slot in the door for the mail instead of a little box outside...)
The drive was unrecoverable after that. So I asked him if he had anything else we might try to recover. He did. So we made an appointment at 5:15, and he showed up at 4:50. Found me "not available" and dropped the second drive through the mailslot as well....
We actually did recover data from a drive that was shipped to us in one of those bubble envelopes by the way... We got lucky that time....
Tomorow is the day that I'll try to drop a correctly packed drive from a paraglider....
Slashdot Mirror
I'd consider reporting them to the police.
They are forging your domain, so they are clearly in violation. I'm just hoping that one day they are "close" enough that this will have some effect.....
Roger.
That is exactly the idea. You can decide on the number (5 seconds) in advance, but will waste a lot of time if the computation really takes a lot less. Or you might end up with "no improvement" if you happen to buy a faster computer....
So the trick is usually to make all yes/no paths take exactly the same amount of time. That's the idea I was trying to show.....
You are not fit to be a cryptographic-program-writer. You SHOULD check the assembly output of your compiler before deploying the code, to make sure that the "else" part consumes exactly the same number of cycles.
...
On an CISC machine you should possibly even modify the assembly:
; test the bit.
jne elsepart
mov 1, badbit
jmp next
elsepart:
mov 1, goodbit
next:
by adding a
jmp next
into the "else" part to make the timing identical. It is exactly these minute timing differences that cryptanalysts use to determine the probable values of the bits..... Even in the presence of multitasking timing differences, or even networking delays, they manage to reduce the "time-to-crack" from billions of years to something humans can understand.
On a RISC machine you often have conditional instuctions. The compiler will then most likely turn the C-pseudocode above into something like
mov 1, R3
test [....]
moveq R3, R4
movne R3, R5
store R4, badbit
store R5, goodbit
which needs no modification to be entirely "flat" on the timing front...
Roger.
The idea is that bad code will do something like:
if (bit[i] != key[i]) return FALSE;
By timing this accurately, you'll know what (approximately) bit failed. Once fixed, and everyone agrees the fix is trivial, your code will look something like:
if (bit[i] != key[i]) bad_bit = 1;
else good_bit = 1;
[...]
if (bad_bit) return FALSE;
As you can see the computer has to do exactly the same work for a good or a bad bit. Thus the timing should be identical.
It's VERY VERY hard to mask these timing issues by "random" delays. Worst case, the attacker guesses your random numbers. Best case, the attacker will have to run his attack a couple more times to get the same results through the noise.
Cryptographers have known about this for years. In fact, this (kind of) attack was posted on slashdot no more than a week ago.
Roger.
Working for a data-recovery company, we regularly have to send drives back to customers. We'd rather not have them damaged in transit. So we now have boxes that we use to send the drives to customers.
As a test, I put a working drive in one of our boxes, and dropped it from 250m from a paraglider.
The drive survived.
Roger.
In my experience a compiler with all warnings on will warn of something "innocent" in about 90% of the cases. On average it will cost me about 30 seconds to fix the warning, and recompile.
...
...
However, those 10% of the cases, I'll save more than half an hour because the compiler pointed me to a bug, line number and all.
The classical
if (ch = EOF) {
will generate a warning. You'll find it if you pay attention to your compiler warnings. And that's only possible if it normally doesn't spew pages full of "benign" warnings.
So: I fully agree: fix the warnings, so that your code compiles cleanly.... And of course, if your compiler complains it does pay to look around the code a bit to see the problem. In the above example, you can make the warning go away by adding an extra set of braces:
if ((ch = EOF)) {
but that just hides the warning, it doesn't fix the bug. So if you're coding: stay alert.
Hi Jim,
I can't find any way to contact you: No email addresses anywhere. You may want to fix that....
My understanding as a non-lawyer is that they can force you to stop using the logo. They might also be able to stop you from using the letters PCI if you were to refer to something that they didn't want to be called PCI.
So, IMHO, you'd be OK if you just remove the logo from your site.
Also, if they disagree with the content on your site, they have a valid claim to want to distantiate themselves from it. However, you now have written proof that they WANT to be associated with the information on your site: they are saying they want your information on their own site!
Anyway, good luck with the meeting next week!
Roger.
I'm not from the USA, but "COD" means "cash on delivery", right?
Cash as in "real money"? I thought that this was the way to ensure that you got the money provided that the item gets delivered.
If FedEx doesn't bring you the cash it got for the item, then I'd say that FedEx has a problem. If FedEx is stupid enough to accept bouncable cheques, then that's FedEx's problem.
I have to conclude that FedEx doesn't want to run around with loads of cash, and accepts cheques. But this defeats the whole purpose of COD, so why do this?
Roger.
To be honest, I haven't read the article, but the consensus here is that 50 years ago, technology was not in the state that "2k RAM" was an option. The same goes for 300KHz.
Both figures would fit into "early sixties", or 40 years ago.
Roger.
If I remember correctly, last time the Microsoft presscontact made the papers with: "We were expecting a lot of people, but nobody showed up."
So here in the Netherlands, feel free to go to MS Headquarters (I believe in Hoofddorp).
Roger.
Current practise in "patent-land" seems to be to sit on your patents until they are widely used, and then come out of the closet to claim royalties.
The problem is that people have patents on just about anything. If you're compressing audio, there is always someone who can (will!) claim they have a patent.
For example: If I understand the MP3 patent correctly, it applies to ANY lossy audio compression.
Roger.
Ehmm. can anybody tell me why I would like to roll up my screen? My laptop has a big rigid part, and the screen fits right along the top. My worstation has a flat screen sitting on top of the desk. Now if the screen would be higher quality than either, I can see myself rolling it up and taking it home. But for me to be rolling up screens they have to be cheap. You don't just do that with an expensive screen, do you? But if they are cheap I'll just buy one for at home and one for at work.
I just don't see a combination of cheap/expensive and usefulness that would make the "able to roll it up" feature essential.
Now there are a bunch of geeky things you can do with a rolable screen. But that's just geeky. Nothing really very useful.
If these things would become very, very cheap, then maybe. However, as they are going to have to have adressable pixels, you will have to have per-pixel electronics, and even when the price of those drops below 0.01 cents per pixel, you still want more than a million of them. And it's not pretty if there is a "dead" one. On a digital camera, you can map the dead pixels out. Nobody is going to notice. But on a screen there is not much you can do about a dead pixel.... Getting a million pixels "just right" is going to stay tricky and expensive.
Roger.
The whole time you deal with PayPal, you do it all through website/e-mail, right? Why should that change just because you got screwed?
Whoa there! That would be fine and convenient, yes, but then they would be required to properly handle the issue over the EMail. They are allowed to have a couple of "canned" responses ready for popular questions, but you have to be able to get through to a human one way or another.
It is the flexibility of then screwed customer that they are willing to switch to some other form of communication than "the internet". But it usually only happens if contacting a human through the internet doesn't work.....
Roger.
As far as I can see, the service is $9.95 per month, allowing you to burn 10 songs per month. Yes, that comes to $ 0.99 (or with proper rounding $1.00) per song, but it does NOT allow me to buy/burn 100 songs this month and then buy none next month.
The only way to get 120 songs is to subscribe for a year and pay $9.95 the whole year.
Roger.
then maybe the Peace Core or the Army is for you.
Not that I can speak from experience, but the army here has ads about "seeing the world", but I doubt that you'll get to see anything you want to see if you join the army.....
Even when the economy is bad, if you're good you're going to find a job. So, spin a globe, pick a place, and send a bunch of resumes in that direction. Make sure you "live cheap" so that you will be able to fall into a "work 6 months, travel 2 months" schedule, or something like that. Travel a bit around the "work" place as well. Then you should have enough saved to be able to say goodbye, and travel for two months straight. Then find a job again, preferably somewhere else. Repeat 2 or 3 times......
Roger.
In an airliner, the jet turbine is driving some huge fans to propel the aircraft, causing vibrations in the air (sound). In these jet engines for electrical power, they are not moving as much air, thus I would expect much less noise.
As far as I understand things, he says he didn't break the official rules. He says that the interpretation is currenlty very strict, so that what he did was "uncommon".
Roger.
What happens if you boil NaOH (s)?
It melts around 319 degrees centigrade, and starts to boil around 1387. I think it's just going to boil and give you gaseous NaOH. (My table doesn't have an entry for boiling point if the salt desintegrates before boiling).
But where were you going to put it in while it boils?....
Roger.
Just do the reaction in reverse, 4(NaOH) + heat -> 2(Na2) + 2(H2O) + O2.
Nope. You get:
NaOH (aq) + heat + H2O (l) -> NaOH (s) + H2O (g)
i.e. you get a salt-like substance left over once you boil away the water.
Roger.
CGAAGACTCTTTCAGATCGGCTAGATTGATTACATCTCGG
Nope. Won't fit.
The Human gene set holds about 3 billion acid pairs. Thus you'd need a file of about 3 gigabytes to hold it in plain ascii. The file holds only 2 bits per byte, so can trivially be compressed to 600M, but gzip is very likely able to do much better.
#include
int main (int argc, char **argv)
{
int ch;
char ACGT[] = "ACGT";
while ((ch = getchar ()) != EOF) {
putchar (ACGT[ (ch >> 0) & 0x03] );
putchar (ACGT[ (ch >> 2) & 0x03] );
putchar (ACGT[ (ch >> 4) & 0x03] );
putchar (ACGT[ (ch >> 6) & 0x03] );
}
exit (0);
}
Regards,
Roger.
Life develops if there are cycles. Earth has cycles: waves in the seas: 1-10 seconds. Tides: 0.5 days. days: 1.0 days, weather: 3-7 days. moon shine: 28 days, Seasons: 1.0 years, solar cycles: 11 years, climatic cycles: 10000 years. (I probably forgot a bunch!)
For life to develop, cycles are very important. A cycle at around every "order of magnitude" is almost compulsory.
Once life is "bootstrapped" in the most ideal place of all those cycles, it will suddenly be able to survive in the weirdest of conditions.
On pluto, the year cycle is WAY too long, the planet is WAY too far from the sun to experience lots of the influences of the cycles of the sun. etc etc. Nope, Pluto is going to be lifeless, unless we (or someone else) bring(s) it some seeds.....
Roger.
Things that "turn me off":
.
- a 10-year gap in your "activities". Either educational or in the work section. You'd better have a good explanation, and it better show on the resume: You won't get invited to tell me in person.
- Highly under-qualified work. College graduate person swapping tapes for example. Either you were very desparate for a job because everybody else was turning you down, or they figured out that that was all you were good for after a week or so, so that's what you ended up doing. It's certainly a hint when other people were declining someone a job....
- Not listing your mother tongue as a "language you master".
I'm currently interviewing people for a job: Technical, hardware/software, you have to work in Delft, The Netherlands. EE/CS college degree. Linux(unix) expertise very much a bonus. Company: Harddisk-recovery.com, send CVs to r.e.wolff@harddisk-recovery.com
Roger.
I think they are worried about the cost of bandwidth.
Being friends with some sysops at a university means you sometimes get to see the numbers.
Most universities are connected to some "research-internet" which has enormous amounts of bandwidth.
P2P networks however tend to consume large, VERY LARGE amounts of bandwidth.
A couple of years ago, before p2p networks took off, they had more than 60% of the 155Mb/s dedicated to file-sharing. Now they must have something like 10 times more bandwidth and a higher percentage of "illegal music" moving about.
Even if you're a large university, the sharing of the student's own music is not going to be significant on the bandwidth bill...
Roger.
I do datarecovery. I used to hold office in my home. So a client comes in with his drive, finds nobody at the "ofice", and drops the drive through the mailbox.
(For the americans: on this side of the ocean we usually have a slot in the door for the mail instead of a little box outside...)
The drive was unrecoverable after that. So I asked him if he had anything else we might try to recover. He did. So we made an appointment at 5:15, and he showed up at 4:50. Found me "not available" and dropped the second drive through the mailslot as well....
We actually did recover data from a drive that was shipped to us in one of those bubble envelopes by the way... We got lucky that time....
Tomorow is the day that I'll try to drop a correctly packed drive from a paraglider....
Roger.