sqrt(N) is small compared to the other promised speedups of quantum computers which are typically reduction from super-polynomial or exponential time to polynomial time.
The real crux is that the type of problems that you often want to apply Grover's algorithm to are already O(2^n). Grovers algorithm reduces that to O(2^(n/2)). With a similar size quantum computer you could only solve problems of roughly twice the size.
Still interesting and potentially useful, The main advantage is its wide applicability. Many classical algorithms can simply be directly translated to a quantum equivalent, then have Grover's algorithm applied. Finding a special-purpose quantum algorithm is typically very hard or impossible.
The wikipedia article is not bad, though it is fairly technical.
A very small number of algorithms are known for universal quantum computers (which the D-wave device does not claim to be) that are asymptotically faster than any known algorithm for classical computers.
The most widely known of these is Shor's factoring algorithm. Mostly it would be useful for breaking public key cryptography. The others are: Grovers search algorithm which can give a small speed boost to any classical algorithm that involves enumerating all possibilities and checking some property and quantum simulation: simulating the behavior of systems of many particles where quantum effects are important.
In the past 10 years, considerable progress has been made, but nobody still has a good handle on when scalable universal quantum computing might be a reality, though it no longer looks impossible--only very hard. D-wave does not claim their device is universal. In particular they don't say they can do factoring. They claim to be able to efficiently do quantum simulation and also traveling salesman type optimization problems. Evidence of them actually solving any hard problems is not widely available.
No, their device is *NOT* a universal quantum computer. So far as I know, no reputable quantum physicist not in their employ has been allowed to examine what they actually do. Examples of performing calculations impractical on a classical computer are not available as far as I know.
They are something of a joke among the QC people I know. While people acknowledge that their device may be possible of doing some interesting things, everything they do is acting like they have something to hide.
Passive eavesdropping is often more technically practical than man-in-the-middle.
Self-signed certificates are just as good at signed certificates at defending against passive eavesdropping.
Signed certificates are part of a defense against MitM, but only part. Such attacks are still possible.
The SSH method of certificate distribution is also reasonably secure in practice without requiring signed certificates. The first time you contact a given host, the key is accepted with notice. After that, changes in the key trigger a warning, so unless the man in the middle was there from the beginning, he will be detected. For some applications this would work OK, not for others.
Current CA practice is a joke. Even if verisign goes to much effort to validate your identity, there are plenty of CAs who will just hand out a certificate based on the email listed in the whois record. And your browser treats them the same unless you actually view the certificate for a specific site.
Except that the cable company has permission from the national feed to inject local ads in specific slots. Sometimes the raw feeds have black space in those locations, other times they have ads for people who watch the national feed directly. Your local cable company is certainly not splicing in their own commercials without permission.
His movies are really, really bad. But I would never sign the petition. Better to try making moving and totally suck that be a bunch of whiny jerks on the internet who can "hate" someone for simply making movies which they can choose not to watch.
As for "loophole tax shelter"--it was never a loophole, it was an incentive to get people to make movies in germany, which he did. If I were a tax paying german, I could see being upset by this, but since I am not, I don't really see any reason to do this.
Yes, I am being whiny jerk on the internet. That doesn't affect whether what I say is true or not.
I don't know. Are you better at telling when some girl is coming on to your friend? That would indicate that men can damn well read the signs fine, they just corrupt the reading with their own emotions when it is directed at themselves.
Uh, no. You can't rectify thermal noise, at least not on a continuous basis. Thermal noise has zero power content -- that is what thermal noise means. The force is 90 degrees out of phase with the displacement so the average power is zero.
A wind turbine requires a temperature gradient to operate, which is what generates wind in the first place.
Please see the second law of thermodynamics, the first law of thermodynamics, and Maxwell's demon.
(e.g.: when using two dissimilar metals to generate a charge, the absolute temperature is directly proportional to the reaction rate).
Thermopower from bimetalic contacts definitely requires a cold junction to generate power.
If you are talking about a consumable chemical reaction, then all you have is a battery. It is true that chemical reactions often go faster at elevated temperatures, but that is not the same thing.
Windows uses a different ABI, the windows ABI, so the definition of how the DF should be set is based on a different standard. Furthermore, in the windows world it is a fairly strong argument that the actual behavior of windows+MSVC is the most authoritative guide, rather than what any document may or may not say about what should happen. Finally, windows doesn't have unix signal handlers, so the particular point in question is moot, though there may be alternate ways where the same issue would show up in windows.
Fire hazard. Not only are there the defective batteries that internally short out and explode on their own, most lithium batteries will do this if shorted out externally. In zero-G it is easier for metal particles to float around and get into the electronics. If they just break your ipod, no big deal. If they start a fire it is *very* bad. Doubly so with lithium batteries, since lithium fires are very difficult to extinguish and can potentially ignite other metals.
Even ignoring whether a given lithium battery would really be a hazard, it is much more effective to certify AA batteries (or a certain model of AA batteries) as safe for space, then use devices that run off of AA batteries than having to individually certify every rechargeable battery in every device you want to use.
That is a good point not mentioned in the article.
While I assume that the scientists involved have done their homework, this relies not just on the precision of velocity measurement, but on the accuracy of the calculations of the expected velocity. Some forms of systematic error would likely be constant between multiple spacecraft, such as imprecise knowledge of the mass distribution of earth.
If it isn't actually a security risk (I have no idea if it is or not), the most secure thing to do is to not "fix" it. Changing code always carries the risk of introducing security problems.
The OpenBSD guys are pretty defensive about security. If they say it is not a problem, I am inclined to believe them.
The point of the DTD URI is to uniquely identify the document type. An application can use it to decide what to do with a given document, or whether it can handle it at all. For almost all client applications, if the DTD uri is one that is recognized, you don't need to download it. If it isn't recognized, downloading it doesn't help--you still don't know what to do with the data. The existence of a downloadable document at the URL of the same name is a convenience, it is not required for correct operation of any application.
The only type of application which should ever want (not need) to fetch the DTD is a general-purpose validator, such as in an XML editor. In that case, it can save the user a bit of effort by automatically loading the DTD rather than requiring the user to supply it (a feature which must be supported--there is no requirement that the URI corresponds to a specific URL). Applications which do this are expected to maintain a cache.
Well, so far there is no legal action. He is just offering $10,000 to anyone who can tell him who the guy is.
Presumably if he had a legitimate case, he wouldn't bother with that, he would file suit against the anonymous blogger and try to get the courts in force the ISP to release the records. Since he apparently hasn't done so, presumably he thinks nothing illegal is going on, he just wants to out the blogger publicly.
Unless they run the mains voltage to the laptop, which I have never seen, all that needs to be double insulated is the power adapter. The laptop itself doesn't have to meet much of anything in the way of electrical safety since high voltage is never supposed to be present. Some power adapters are 2-wire and some are 3-wire, my dell laptop charger is 3-wire even though it has a plastic case.
The point of them is actually to ensure that you have space to accelerate. You can't safely accelerate if there is a person right in front of you. You are supposed to stop well behind the freeway entrance, then give a few seconds for the person in front of you to leave a gap. Now you have clear space in front of you. In many cases they work quite well.
What you describe is not as easy as you make it sound. You can fiddle with the "good" source code so that it passes whatever hash test you want, but even assuming it gets included into the kernel with zero changes, what gets signed by redhat are the binary module or the whole kernel package. Even assuming the source to your module is not changed at all, the binary module is not likely to be the same as the version you compiled. At the very least, redhat includes a build number in every kernel package (also included in each kernel module), and unless you know in advance what the final released build number is going to be, your carefully constructed hashes will be invalidated.
People should stop using MD5 for secure hashes, but this vulnerability is already well known, and really requires signing a binary provided by an untrustworthy source to be effective. It is probably much easier to just get people to trust you (perhaps start a 3rd party RPM repo), then give them bogus binaries.
People who inject fake RSTs into network streams should be shot.
This will lead to non-compliant network stacks which attempt to detect "bogus" RSTs and ignore them. And that cannot be allowed to happen at any cost.
It is fine for them to drop packets. It is a dick move, of course, when they sold people the bandwidth and don't let them use it, but TCP/IP is designed to deal with packet loss, and treat it as congestion. Fragrantly violating the network standards that allow communication between different networks to interoperate is literally trying to destroy the internet, and cannot be tolerated.
The IBM winchester line of drives from the 70s were always labels in units of 1 MB = 10^6. It is just completely false that hard drives have always been labeled using binary prefixes. Digging around, it appears that early PC/workstation drives in the early 80s were mixed. Some used 2^20, some used 10^6. In the late 80s, consumer hard drives made by Seagate, WD, etc. all converged on 2^N for a few years, before switching to 10^6 in the early 90s.
Bandwidth is always measured in 1 MB/s = 10^6 bytes/s, or 1 Mb/s = 10^6 bits/s. Should 1 MB take 1.04 seconds to transfer of 1 MB/s data link? This includes all forms of Ethernet, SCSI, ATA, PCI, and any other protocol I have looked up. If 1 MB/s does not equal 1 MB per 1 s, someone should be shot, that is just not OK.
mega = 10^6 in all other fields. Including other computer terms -- 1 MHz, 1 MFLOP, 1 megapixel, etc.
computer RAM is the only thing that has consistently been labeled using binary approximations to the SI units. And as long as I can remember (computing magazines in the 80s) people have acknowledged that 1 MB = 2^20 is an *approximation* and that mega=10^6.
Mega=10^6 is right. mega=2^20 is wrong. End of story. It happens that it is technically convenient to manufacture and use RAM in powers of 2. No such constraint applies for hard drives, so there is no reason to use the base-2 prefixes. Stupid OSs should be changed to use the SI prefixes when reporting file sizes. RAM should be labeled using the "base-2" prefixes, but they are admittedly somewhat annoying due to lack of familiarity, and since nobody uses base-10 ram, it isn't a big deal.
Require all users to add and authorize Comcast's cert. Proxy all SSL/TLS connections. Block all other encrypted traffic.
I am guessing that the implications of them eavesdropping on all encrypted traffic, including online banking, web shopping, and corporate VPNs would pretty much end in disaster for them.
Slashdot Mirror
sqrt(N) is small compared to the other promised speedups of quantum computers which are typically reduction from super-polynomial or exponential time to polynomial time.
The real crux is that the type of problems that you often want to apply Grover's algorithm to are already O(2^n). Grovers algorithm reduces that to O(2^(n/2)). With a similar size quantum computer you could only solve problems of roughly twice the size.
Still interesting and potentially useful, The main advantage is its wide applicability. Many classical algorithms can simply be directly translated to a quantum equivalent, then have Grover's algorithm applied. Finding a special-purpose quantum algorithm is typically very hard or impossible.
The wikipedia article is not bad, though it is fairly technical.
A very small number of algorithms are known for universal quantum computers (which the D-wave device does not claim to be) that are asymptotically faster than any known algorithm for classical computers.
The most widely known of these is Shor's factoring algorithm. Mostly it would be useful for breaking public key cryptography. The others are: Grovers search algorithm which can give a small speed boost to any classical algorithm that involves enumerating all possibilities and checking some property and quantum simulation: simulating the behavior of systems of many particles where quantum effects are important.
In the past 10 years, considerable progress has been made, but nobody still has a good handle on when scalable universal quantum computing might be a reality, though it no longer looks impossible--only very hard. D-wave does not claim their device is universal. In particular they don't say they can do factoring. They claim to be able to efficiently do quantum simulation and also traveling salesman type optimization problems. Evidence of them actually solving any hard problems is not widely available.
No, their device is *NOT* a universal quantum computer. So far as I know, no reputable quantum physicist not in their employ has been allowed to examine what they actually do. Examples of performing calculations impractical on a classical computer are not available as far as I know.
They are something of a joke among the QC people I know. While people acknowledge that their device may be possible of doing some interesting things, everything they do is acting like they have something to hide.
Passive eavesdropping is often more technically practical than man-in-the-middle.
Self-signed certificates are just as good at signed certificates at defending against passive eavesdropping.
Signed certificates are part of a defense against MitM, but only part. Such attacks are still possible.
The SSH method of certificate distribution is also reasonably secure in practice without requiring signed certificates. The first time you contact a given host, the key is accepted with notice. After that, changes in the key trigger a warning, so unless the man in the middle was there from the beginning, he will be detected. For some applications this would work OK, not for others.
Current CA practice is a joke. Even if verisign goes to much effort to validate your identity, there are plenty of CAs who will just hand out a certificate based on the email listed in the whois record. And your browser treats them the same unless you actually view the certificate for a specific site.
Foxmarks will let you store bookmarks on any webdav server, including with https.
Sharing the bookmarks.htm file doesn't allow multiple access at the same time.
Except that the cable company has permission from the national feed to inject local ads in specific slots. Sometimes the raw feeds have black space in those locations, other times they have ads for people who watch the national feed directly. Your local cable company is certainly not splicing in their own commercials without permission.
His movies are really, really bad. But I would never sign the petition. Better to try making moving and totally suck that be a bunch of whiny jerks on the internet who can "hate" someone for simply making movies which they can choose not to watch.
As for "loophole tax shelter"--it was never a loophole, it was an incentive to get people to make movies in germany, which he did. If I were a tax paying german, I could see being upset by this, but since I am not, I don't really see any reason to do this.
Yes, I am being whiny jerk on the internet. That doesn't affect whether what I say is true or not.
No, quartz is silicon dioxide.
I don't know. Are you better at telling when some girl is coming on to your friend? That would indicate that men can damn well read the signs fine, they just corrupt the reading with their own emotions when it is directed at themselves.
Uh, no. You can't rectify thermal noise, at least not on a continuous basis. Thermal noise has zero power content -- that is what thermal noise means. The force is 90 degrees out of phase with the displacement so the average power is zero.
A wind turbine requires a temperature gradient to operate, which is what generates wind in the first place.
Please see the second law of thermodynamics, the first law of thermodynamics, and Maxwell's demon.
Thermopower from bimetalic contacts definitely requires a cold junction to generate power.
If you are talking about a consumable chemical reaction, then all you have is a battery. It is true that chemical reactions often go faster at elevated temperatures, but that is not the same thing.
Windows uses a different ABI, the windows ABI, so the definition of how the DF should be set is based on a different standard. Furthermore, in the windows world it is a fairly strong argument that the actual behavior of windows+MSVC is the most authoritative guide, rather than what any document may or may not say about what should happen. Finally, windows doesn't have unix signal handlers, so the particular point in question is moot, though there may be alternate ways where the same issue would show up in windows.
Fire hazard. Not only are there the defective batteries that internally short out and explode on their own, most lithium batteries will do this if shorted out externally. In zero-G it is easier for metal particles to float around and get into the electronics. If they just break your ipod, no big deal. If they start a fire it is *very* bad. Doubly so with lithium batteries, since lithium fires are very difficult to extinguish and can potentially ignite other metals.
Even ignoring whether a given lithium battery would really be a hazard, it is much more effective to certify AA batteries (or a certain model of AA batteries) as safe for space, then use devices that run off of AA batteries than having to individually certify every rechargeable battery in every device you want to use.
That is a good point not mentioned in the article.
While I assume that the scientists involved have done their homework, this relies not just on the precision of velocity measurement, but on the accuracy of the calculations of the expected velocity. Some forms of systematic error would likely be constant between multiple spacecraft, such as imprecise knowledge of the mass distribution of earth.
If it isn't actually a security risk (I have no idea if it is or not), the most secure thing to do is to not "fix" it. Changing code always carries the risk of introducing security problems.
The OpenBSD guys are pretty defensive about security. If they say it is not a problem, I am inclined to believe them.
The point of the DTD URI is to uniquely identify the document type. An application can use it to decide what to do with a given document, or whether it can handle it at all. For almost all client applications, if the DTD uri is one that is recognized, you don't need to download it. If it isn't recognized, downloading it doesn't help--you still don't know what to do with the data. The existence of a downloadable document at the URL of the same name is a convenience, it is not required for correct operation of any application.
The only type of application which should ever want (not need) to fetch the DTD is a general-purpose validator, such as in an XML editor. In that case, it can save the user a bit of effort by automatically loading the DTD rather than requiring the user to supply it (a feature which must be supported--there is no requirement that the URI corresponds to a specific URL). Applications which do this are expected to maintain a cache.
Well, so far there is no legal action. He is just offering $10,000 to anyone who can tell him who the guy is.
Presumably if he had a legitimate case, he wouldn't bother with that, he would file suit against the anonymous blogger and try to get the courts in force the ISP to release the records. Since he apparently hasn't done so, presumably he thinks nothing illegal is going on, he just wants to out the blogger publicly.
Unless they run the mains voltage to the laptop, which I have never seen, all that needs to be double insulated is the power adapter. The laptop itself doesn't have to meet much of anything in the way of electrical safety since high voltage is never supposed to be present. Some power adapters are 2-wire and some are 3-wire, my dell laptop charger is 3-wire even though it has a plastic case.
The point of them is actually to ensure that you have space to accelerate. You can't safely accelerate if there is a person right in front of you. You are supposed to stop well behind the freeway entrance, then give a few seconds for the person in front of you to leave a gap. Now you have clear space in front of you. In many cases they work quite well.
You can get your hardware certified for operation in the band in question.
You might be able to make a router that doesn't infringe on any hardware patents you can't easily license.
You might want to port any busybox patches to openwrt and use them in a linksys box.
Any inability to replicate the hardware due to other IP is irrelevant, the busybox people don't own that.
What you describe is not as easy as you make it sound. You can fiddle with the "good" source code so that it passes whatever hash test you want, but even assuming it gets included into the kernel with zero changes, what gets signed by redhat are the binary module or the whole kernel package. Even assuming the source to your module is not changed at all, the binary module is not likely to be the same as the version you compiled. At the very least, redhat includes a build number in every kernel package (also included in each kernel module), and unless you know in advance what the final released build number is going to be, your carefully constructed hashes will be invalidated.
People should stop using MD5 for secure hashes, but this vulnerability is already well known, and really requires signing a binary provided by an untrustworthy source to be effective. It is probably much easier to just get people to trust you (perhaps start a 3rd party RPM repo), then give them bogus binaries.
People who inject fake RSTs into network streams should be shot.
This will lead to non-compliant network stacks which attempt to detect "bogus" RSTs and ignore them. And that cannot be allowed to happen at any cost.
It is fine for them to drop packets. It is a dick move, of course, when they sold people the bandwidth and don't let them use it, but TCP/IP is designed to deal with packet loss, and treat it as congestion. Fragrantly violating the network standards that allow communication between different networks to interoperate is literally trying to destroy the internet, and cannot be tolerated.
Copper is a better conductor than gold.
The IBM winchester line of drives from the 70s were always labels in units of 1 MB = 10^6. It is just completely false that hard drives have always been labeled using binary prefixes. Digging around, it appears that early PC/workstation drives in the early 80s were mixed. Some used 2^20, some used 10^6. In the late 80s, consumer hard drives made by Seagate, WD, etc. all converged on 2^N for a few years, before switching to 10^6 in the early 90s.
Bandwidth is always measured in 1 MB/s = 10^6 bytes/s, or 1 Mb/s = 10^6 bits/s. Should 1 MB take 1.04 seconds to transfer of 1 MB/s data link? This includes all forms of Ethernet, SCSI, ATA, PCI, and any other protocol I have looked up. If 1 MB/s does not equal 1 MB per 1 s, someone should be shot, that is just not OK.
mega = 10^6 in all other fields. Including other computer terms -- 1 MHz, 1 MFLOP, 1 megapixel, etc.
computer RAM is the only thing that has consistently been labeled using binary approximations to the SI units. And as long as I can remember (computing magazines in the 80s) people have acknowledged that 1 MB = 2^20 is an *approximation* and that mega=10^6.
Mega=10^6 is right. mega=2^20 is wrong. End of story. It happens that it is technically convenient to manufacture and use RAM in powers of 2. No such constraint applies for hard drives, so there is no reason to use the base-2 prefixes. Stupid OSs should be changed to use the SI prefixes when reporting file sizes. RAM should be labeled using the "base-2" prefixes, but they are admittedly somewhat annoying due to lack of familiarity, and since nobody uses base-10 ram, it isn't a big deal.
I am guessing that the implications of them eavesdropping on all encrypted traffic, including online banking, web shopping, and corporate VPNs would pretty much end in disaster for them.