DRM is not crytography. DRM is a braindead try to do the impossible. Cryptography is concerned about "How do I get authenticated information from A to B without letting C know it". DRM isnt a cryptography problem because B and C are the same, thus DRM is pretty offtopic here.
The 'man in the middle' attack always has a way to work.
Using the common aproximations "Time is universal", "Light is just a em-wave" and "The earth is flat." you are probably right.
1. You would have all the info you needed
*Bzzz* Wrong.
You will have to choose the part of information you want to measure like everybody else. As long as you dont know which information the sender and reciever randomly choose to measure, you are screwed...
No, you cant. You have to choose which half of the information you want to recieve and if you pick the wrong half, you will have to guess on retransmit (QMs way of telling you "You cannot have a pie and eat it"). Make the key long and the MITM is screwed.
why can't you install a repeater in the line that picks up each photon an then transmits another photon with the same quantum state thingy..?
Ok, I will make some simplification but you will get the idea.
The photons spin can be measured in two directions | and -, but you can know only one at a time (because measureing one will destroy the information about the other direction). The sender sends a stream of photons down the line and knows *one* of these spin measurements. He either knows if its left or right or he knows if its up or down. The receiver randomly measures one of the spin directions (either up/down or left/right). After that, he cant measure the other direction. After the transmission is over, sender and receiver communicate over a public channel. The sender tell the reciever which spin directions he measured, but not the result, i.e. he say "first photon: up/down" but keeps the result "down" secret. The receiver does the same and both now know were they measured in the same direction and they can use half of the results of these (i.e. "down") as key and compare the other half over the public channel to check for eavesdropping.
Enter MITM: he doesnt if he has to measure "left/right" or "up/down". If he measures "left/right" and sender and reciever measured "up/down" he is screwed, since he cant produce a photon with the right "up/down" spin direction to the reciever. Make the keys long enough and this will get noticed by the sender/reciever upon comparing half of the keys as the propability of the MITM producing the right photon shrinks with the 1/2^(number of photons).
Usually you can get what you need from either the source or destination directly.
Not with quantum crytography. That is protected by the laws of physics and unless you have a deal with $DEITY you wont be able to hack or reverse-engineer it. (Or you find a "security hole" in QM, but the stuff used by quantum crytography is very well established.)
Quantum crytography could be used for DRM, if you lay one of those optical fibers to every DVD-player and livestream the content (no information is kept on the player). But this is:
a) expensive
b) the output of the player could still be captured (the real problem with DRM)
Gentoo Tranlate-O-Matic returns: 1. My time is better spent doing things other than compiling basic system utilities.
"The install would have been faster if I would have RTFM'ed and learned about Stage3+GRP or had http://justfuckinggoogleit.com/" 2. My optimized Gentoo system does not run faster enough to make up for the time lost building it from source.
"I really did trust the ramblings of clueless newbies of any distro." 3. Turns out there was nothing to learn from installing Gentoo from stage 1. I already knew what goes into a system at the most basic level, but I got this from 10+ years of Unix/Linux experience, before I ever saw Gentoo.
"I cheerfully ignored the good stuff, like for example an excellent initscript layout, and whine on/. how gentoo is not completely different from other linux/unix setups." Going to try MEPIS now. 'Sposed to be easy and painless.
"Next week, you will hear be bitch about MEPIS."
It's a free download, so what's the problem? It probably isn't M$ brand-loyalty.
It is. You can be sure it is. MS products were so buggy in the early days it was impossible to find rational explainations for the behavior. This became very convinient for some Blame-MS admins and users: If it didnt work it was the fault of MS. These guys became 'Knows-about-computers-guys' in the family and office circle and shape the mindset. And they fear for their status because everything non-MS might actually behave in a deterministic way, so there is actually knowledge required to master problems and not just the oldschool iterate-through-all-possible-driver-combos-until-i t -works-or-blame-MS which merely requires some faith and acting.
Yeah, imagine if they did this for Windows. The software catalog would only be several hundred thousand entires long.
So its hard to find the good stuff? Even linux distros give you not much more than ten handpicked different pkgs for one problem. The rest is would be pretty much useless dublication. Has Windows actually more to offer? In some areas (games for example), yes. In others it has not, although there are bazillions of pkgs more for the same stuff. And don't think that these nice universal GUI software installers won't go away if Linux ever catches on for the desktop.
Like the installers for Sun Java, Adobe Reader, Nvidia Gfx drivers that are nicely integrated into my package management system (portage)? They might be there, but they will become invisible to the enduser.
Care to point the last truly _original_ game (that does not suck)? http://darwinia.co.uk/
suprise, suprise - their development department is bigger than their marketing department, I guess (unlike others *cough* EA *cough*)
But what distributions are using it to control the security in their systems? Any at all?
gentoo has ACLs and even had them enabled in the GRP binaries by default. However, almost nobody who really understood the unix permissions model needs ACLs...
I would really love to see a comparison of CVS vs. Subversion vs. GNU Arch vs. Monotone vs. http://better-scm.berlios.de/comparison/comparison.html
BTW, on the LKML Linus pretty much ruled out svn and gave a hint towards monotone. The reason is probably the support for distributed development. This gives GNU/arch and monotone the best chances. (Darcs still seems to have scaling problems)
We all prefer to use a language with good tools, but hardly any of us have any choice in the matter of working with bad programmers.
Ok, thats a good argument. Still it hurts to see the code being less elegant and efficient than it has too...
Dont you get the point?
Its not about recursion. Its that the requirements are too restrictive to paint a realistic picture of the performance.
About the mandelbrot programm: The python code doesnt look to bad at first glance, and the rank (13) of python in that particular test isnt too worrying. Python get its worst ranks in the ackermann (45), fibonacci (47) and random tests (42). The first two tests require the useage of recursion (I dont know if the ackermann function can be calculated non-recusively right now), the random test requires the exact reimplementation of a C algorithm and thus prohibits the usage of pythons native API.
So the shootout is a nice idea, but nothing to make decisions on without deeper analysis.
If you feel you have better python code to perform a task on the benchmark, feel free to submit it.
Actually I tweaked around with the code - but the rule of the game are just wrong. Just look at the fibonacci test. It requires you to do the stuff completely recursively - thats one of the rules. So you not only generate a huge return stack, you also calculate all the fibonacci numbers far too often. This is just braindead. A good requirement would say: "Calculate the nth fibonacci number".
A simple solution would be to start from the beginning and not recursively calulate every fibonacci number bazillion times.
Ok, the test description says that its task is to show the performance of recursion. But then they have to find a task where recursion is an merit - not a flaw. Otherwise you could claim your language is best because it has the best performing idle loops....
Can one use Python to do the same?
Not as a applet. Where would it play its role? The backend or on client machines?
A little interface script on the server connecting to a database (like PHP does now most of the time.) Or to previde a completeCMS. On the clientside either XUL in Mozilla is still a Toolkit to be discovered or a browserindependant Python-client (Python is well integrated with native Toolkits, for example via wxWindows - used in bittorrent).
The Computer Language Shootout is pretty useless - often there is a reference implementation in C and the task is to code the *same* algorithm in other language. This ignores the fact that there might be better ways to solve the problem in the other languages. Or in almost all languages. Just take a look at the fibonacci test - it a stupid useage of recursion, if your compiler doesnt optimize out all the duplication. Ok, that would be a nice feature, but it just shows "This language/compiler is good at optimizing bad written code".
Also you can make the shootout say almost anything, for example if you also calculate the code lines in and weight pidigits with a 4 multiplier, Python comes up as the best of the "serverside languages" (Perl, Python, Java, PHP..)
It is just sad that it's written i Python. I like Python for scripting, but production software should not be written in dynamically typed scripting languages.
Yeah, we all know scripting languages suffer from buffer overflows and other serious flaws.
So sgi, NATO and Viacom and gentoo did it all wrong: http://www.zope.org/Resources/ZopePowered/ http://www.gentoo.org/proj/en/portage/index.xml The fact that the use of Python is listed as one of the top features indicates that the programmers behind this project are either immature, untalented, or both.
For what reason?
Use something like portsentry:
http://sourceforge.net/projects/sentrytools/
It allows you to automatically firewall misbehaving IPs (detects portscans) and more...
(easy configuration possible via webmin)
Thats one of the big issues I have with Linux. This hierarchy is left up to the various distributions and many times, a strong, well planned layout is simply not there. http://www.pathname.com/fhs/
Once you learn a handful of basic things (like where Control Panel is or that ctrl+c means 'copy'), you're rockin and rollin. Linux distros need to take on this philosophy.
No.
Simply because not all distros are aiming at that target audience. SuSE, Mandrake, Ubuntu, MEPIS and KNOPPIX should. Slackware, debian, gentoo most certainly should not do that (esp. debian and gentoo are both metadistros by now - they should concentrate on improving the package management tools).
I've tried to adopt Linux a couple of times, but these very problems that were mentioned made me throw my arms up in defeat. [...]
Niether will a lot of 'desktop' people that Linux is going after.
Thats why I stopped recommending Linux to everybody I meet. For guys who customize and tweak their system anyway Linux is and always will be a good recommandation. For the "I just want to work"-crowd, I recommend a Mac. It just works and runs MS Office (which is all these guys use mostly). Linux on the desktop will only happen via adoption in the workspace. Linux is far easier to administer than Windows if there are more than five machines. And users wont edit the conf files. I just hope one day a little more thought in the direction of "Microsoft's already trained 10s of millions of peoples how to use a computer..." happens.
The trained them rather bad. Stuff like "if stuff doesnt work do round-robin installs of remotely related drivers till it does." is seen way to often as a best practice by those "trained users".
Slashdot Mirror
DRM is not crytography. DRM is a braindead try to do the impossible. Cryptography is concerned about "How do I get authenticated information from A to B without letting C know it". DRM isnt a cryptography problem because B and C are the same, thus DRM is pretty offtopic here.
The 'man in the middle' attack always has a way to work.
Using the common aproximations "Time is universal", "Light is just a em-wave" and "The earth is flat." you are probably right.
1. You would have all the info you needed ...
*Bzzz* Wrong.
You will have to choose the part of information you want to measure like everybody else. As long as you dont know which information the sender and reciever randomly choose to measure, you are screwed
No, you cant. You have to choose which half of the information you want to recieve and if you pick the wrong half, you will have to guess on retransmit (QMs way of telling you "You cannot have a pie and eat it"). Make the key long and the MITM is screwed.
why can't you install a repeater in the line that picks up each photon an then transmits another photon with the same quantum state thingy..?
Ok, I will make some simplification but you will get the idea.
The photons spin can be measured in two directions | and -, but you can know only one at a time (because measureing one will destroy the information about the other direction). The sender sends a stream of photons down the line and knows *one* of these spin measurements. He either knows if its left or right or he knows if its up or down. The receiver randomly measures one of the spin directions (either up/down or left/right). After that, he cant measure the other direction. After the transmission is over, sender and receiver communicate over a public channel. The sender tell the reciever which spin directions he measured, but not the result, i.e. he say "first photon: up/down" but keeps the result "down" secret. The receiver does the same and both now know were they measured in the same direction and they can use half of the results of these (i.e. "down") as key and compare the other half over the public channel to check for eavesdropping.
Enter MITM: he doesnt if he has to measure "left/right" or "up/down". If he measures "left/right" and sender and reciever measured "up/down" he is screwed, since he cant produce a photon with the right "up/down" spin direction to the reciever. Make the keys long enough and this will get noticed by the sender/reciever upon comparing half of the keys as the propability of the MITM producing the right photon shrinks with the 1/2^(number of photons).
Usually you can get what you need from either the source or destination directly.
Not with quantum crytography. That is protected by the laws of physics and unless you have a deal with $DEITY you wont be able to hack or reverse-engineer it. (Or you find a "security hole" in QM, but the stuff used by quantum crytography is very well established.)
Quantum crytography could be used for DRM, if you lay one of those optical fibers to every DVD-player and livestream the content (no information is kept on the player). But this is:
a) expensive
b) the output of the player could still be captured (the real problem with DRM)
Gentoo Tranlate-O-Matic returns: /. how gentoo is not completely different from other linux/unix setups."
1. My time is better spent doing things other than compiling basic system utilities.
"The install would have been faster if I would have RTFM'ed and learned about Stage3+GRP or had http://justfuckinggoogleit.com/"
2. My optimized Gentoo system does not run faster enough to make up for the time lost building it from source.
"I really did trust the ramblings of clueless newbies of any distro."
3. Turns out there was nothing to learn from installing Gentoo from stage 1. I already knew what goes into a system at the most basic level, but I got this from 10+ years of Unix/Linux experience, before I ever saw Gentoo.
"I cheerfully ignored the good stuff, like for example an excellent initscript layout, and whine on
Going to try MEPIS now. 'Sposed to be easy and painless.
"Next week, you will hear be bitch about MEPIS."
It's a free download, so what's the problem? It probably isn't M$ brand-loyalty.i t -works-or-blame-MS which merely requires some faith and acting.
It is. You can be sure it is. MS products were so buggy in the early days it was impossible to find rational explainations for the behavior. This became very convinient for some Blame-MS admins and users: If it didnt work it was the fault of MS. These guys became 'Knows-about-computers-guys' in the family and office circle and shape the mindset. And they fear for their status because everything non-MS might actually behave in a deterministic way, so there is actually knowledge required to master problems and not just the oldschool iterate-through-all-possible-driver-combos-until-
Yeah, imagine if they did this for Windows. The software catalog would only be several hundred thousand entires long.
So its hard to find the good stuff? Even linux distros give you not much more than ten handpicked different pkgs for one problem. The rest is would be pretty much useless dublication. Has Windows actually more to offer? In some areas (games for example), yes. In others it has not, although there are bazillions of pkgs more for the same stuff.
And don't think that these nice universal GUI software installers won't go away if Linux ever catches on for the desktop.
Like the installers for Sun Java, Adobe Reader, Nvidia Gfx drivers that are nicely integrated into my package management system (portage)? They might be there, but they will become invisible to the enduser.
Care to point the last truly _original_ game (that does not suck)?
http://darwinia.co.uk/
suprise, suprise - their development department is bigger than their marketing department, I guess (unlike others *cough* EA *cough*)
But what distributions are using it to control the security in their systems? Any at all? ...
gentoo has ACLs and even had them enabled in the GRP binaries by default. However, almost nobody who really understood the unix permissions model needs ACLs
I would really love to see a comparison of CVS vs. Subversion vs. GNU Arch vs. Monotone vs. http://better-scm.berlios.de/comparison/comparison .html
BTW, on the LKML Linus pretty much ruled out svn and gave a hint towards monotone. The reason is probably the support for distributed development. This gives GNU/arch and monotone the best chances. (Darcs still seems to have scaling problems)
gnu/arch is working (Im using it). And it does progress - see the arch wiki, the mailing lists and #arch on freenode ...
http://www.microsoft.com/windowsserversystem/facts /videos/didio_video.wvx
...
com'on guys, microsoft.com needs some traffic
We all prefer to use a language with good tools, but hardly any of us have any choice in the matter of working with bad programmers. ...
Ok, thats a good argument. Still it hurts to see the code being less elegant and efficient than it has too
Dont you get the point?
Its not about recursion. Its that the requirements are too restrictive to paint a realistic picture of the performance.
About the mandelbrot programm: The python code doesnt look to bad at first glance, and the rank (13) of python in that particular test isnt too worrying. Python get its worst ranks in the ackermann (45), fibonacci (47) and random tests (42). The first two tests require the useage of recursion (I dont know if the ackermann function can be calculated non-recusively right now), the random test requires the exact reimplementation of a C algorithm and thus prohibits the usage of pythons native API.
So the shootout is a nice idea, but nothing to make decisions on without deeper analysis.
If you feel you have better python code to perform a task on the benchmark, feel free to submit it.
....
Actually I tweaked around with the code - but the rule of the game are just wrong. Just look at the fibonacci test. It requires you to do the stuff completely recursively - thats one of the rules. So you not only generate a huge return stack, you also calculate all the fibonacci numbers far too often. This is just braindead. A good requirement would say: "Calculate the nth fibonacci number". A simple solution would be to start from the beginning and not recursively calulate every fibonacci number bazillion times.
Ok, the test description says that its task is to show the performance of recursion. But then they have to find a task where recursion is an merit - not a flaw. Otherwise you could claim your language is best because it has the best performing idle loops
Can one use Python to do the same?
Not as a applet.
Where would it play its role? The backend or on client machines?
A little interface script on the server connecting to a database (like PHP does now most of the time.) Or to previde a complete CMS. On the clientside either XUL in Mozilla is still a Toolkit to be discovered or a browserindependant Python-client (Python is well integrated with native Toolkits, for example via wxWindows - used in bittorrent).
The Computer Language Shootout is pretty useless - often there is a reference implementation in C and the task is to code the *same* algorithm in other language. This ignores the fact that there might be better ways to solve the problem in the other languages. Or in almost all languages. Just take a look at the fibonacci test - it a stupid useage of recursion, if your compiler doesnt optimize out all the duplication. Ok, that would be a nice feature, but it just shows "This language/compiler is good at optimizing bad written code".
..)
Also you can make the shootout say almost anything, for example if you also calculate the code lines in and weight pidigits with a 4 multiplier, Python comes up as the best of the "serverside languages" (Perl, Python, Java, PHP
Things can go a few certain ways, but there's only one right way.
Oh, really?
It is just sad that it's written i Python. I like Python for scripting, but production software should not be written in dynamically typed scripting languages.
Yeah, we all know scripting languages suffer from buffer overflows and other serious flaws. So sgi, NATO and Viacom and gentoo did it all wrong:
http://www.zope.org/Resources/ZopePowered/
http://www.gentoo.org/proj/en/portage/index.xml
The fact that the use of Python is listed as one of the top features indicates that the programmers behind this project are either immature, untalented, or both.
For what reason?
Use something like portsentry: http://sourceforge.net/projects/sentrytools/ ...
It allows you to automatically firewall misbehaving IPs (detects portscans) and more
(easy configuration possible via webmin)
Thats one of the big issues I have with Linux. This hierarchy is left up to the various distributions and many times, a strong, well planned layout is simply not there.
http://www.pathname.com/fhs/
Once you learn a handful of basic things (like where Control Panel is or that ctrl+c means 'copy'), you're rockin and rollin. Linux distros need to take on this philosophy.
No.
Simply because not all distros are aiming at that target audience. SuSE, Mandrake, Ubuntu, MEPIS and KNOPPIX should. Slackware, debian, gentoo most certainly should not do that (esp. debian and gentoo are both metadistros by now - they should concentrate on improving the package management tools).
I've tried to adopt Linux a couple of times, but these very problems that were mentioned made me throw my arms up in defeat. [...] Niether will a lot of 'desktop' people that Linux is going after.
Thats why I stopped recommending Linux to everybody I meet. For guys who customize and tweak their system anyway Linux is and always will be a good recommandation. For the "I just want to work"-crowd, I recommend a Mac. It just works and runs MS Office (which is all these guys use mostly). Linux on the desktop will only happen via adoption in the workspace. Linux is far easier to administer than Windows if there are more than five machines. And users wont edit the conf files.
I just hope one day a little more thought in the direction of "Microsoft's already trained 10s of millions of peoples how to use a computer..." happens.
The trained them rather bad. Stuff like "if stuff doesnt work do round-robin installs of remotely related drivers till it does." is seen way to often as a best practice by those "trained users".