Does anyone else read an article like this and think that it's just a load of bullshit? I mean... the whole thing. It sounds like people are making up excuses to describe things that they theorize or observed, but don't understand. Honestly, the whole field of quantum physics smells of a bad description of observed behavior that we don't truly understand.
How about instead of coming up with some lame excuse like "quantum darwinism", y'all just say you don't know? It's really not that hard.
Well, when my family went vacationing in Canada this summer, the three family members with digital cameras all had to stop by internet cafes to put their pictures on CD. I had to do it multiple times, and came back from the trip looking for something like this. This is also MUCH more cost-effective than large memory cards.
With this gadget I could take photos in high-quality raw format, and not worry about storage, and have room for the pics of my family too. That's a lot more convenient than taking trips to the cafe every week to put pictures on CD.
I've studied steganography for maybe a couple weeks, and have already built a ruidmentary system (Thinking about making something more advanced into an open-source project). If it's so easy to homebrew secret means of communicating secretly encrypted data, then how much use is it to monitor chat rooms?
Not that terrorists are usually that covert, honestly... But if they needed to be, they could. That is, of course, pretending a system like this wasn't an excuse to monitor a society which has grown less and less loving of its government.
... But tough shit. I thought that we were supposed to be better than MicroSoft, because we don't lock our users onto a specific platform. I thought we were better because we are giving people utilities, power, and choice.
When did our goal of "Write better, more powerful, freely available software" become "Doing what we can to fuck MicroSoft"?
What is so incoherant about it? The first is a statement of their infrastructure: Meaning that they don't run their internal applications off of Oracle, they use their own products. When they're developing a new project, and are choosing a platform, his choice is Microsoft.
The second statement ties into this: They have some open source stuff to get an idea of what the competition is doing, but the organization itself operates on Microsoft software.
Thus: While they occasionally RUN other programs, the only software they USE is Microsoft products.
I think one reason people tend to pack-rat their media so much is that it isn't generally cheap, and it's not "real". The idea that your music isn't really a physical object, and your entire library could be instantly destroyed at the whim of fate is an incentive for people to have a full copy of their audio.
The other aspect is availability... Since it's not like each additional song on your player makes it weigh more (unlike their paper comparison), why not? Having your whole music collection on there means greater availability for a whim, or to let a friend listen to something they might not have heard. It also means not having to make sure you have whichever CD or whatever handy. If you have your whole music collection, you don't have to think about it, which is nice.
I know a fair amount about this stuff, but obviously not as much as you...
What do you think are the most viable alternatives? It seems to me that SHA-1 would suffer similar vulnerabilities. Does SHA-1 suffer from the appendable cascade issue?
Do you think there is any way to avoid this kind of problem with hashes? I'm not really aware of any alternate techniques that wouldn't suffer from this same kind of attack eventually. Sure, you could develop related algorithms that increase the hash size, but then it looks like it'd just be an arms race between hashers and colliders.
First, we've always known in theory this is possible. The question is: How useful is it? Can me, replacing block 4356 of a file with a different block useful? Possibly, but not really. The only thing you could do is gunk up files, but people already do that by publishing fake legit files.
Nowadays a lot of P2P applications are also moving to hash trees... Meaning that each X bytes of a file is hashed, and the combination of those hashes are hashed. Generally this is used for finding corrupt file parts (If the main hash doesn't go right, then you can find the parts of the tree that don't match right). It isn't a lot more computationally expensive in a real-world situation to just compare each leaf's hash to look for problems anyway.
So, you're downloading a 10 gigabyte file (Movie). Say you hash every megabyte (10,000 hashes), that's an additional what... 160K? BFD. Then the MPAA^H^H^H^H offending party would have to write a payload that fits inside a megabyte and that section hashes right. Increase hash resolution as needed. A fingerprint that validates 100K would result in 1.6 Megabytes of overhead data. 10K would be 16 megabytes.
Writing a payload that would hash correctly, and do anything in 10K of space would be exceptionally difficult in real-world scenarios. The overhead would only be about 1.6% of the filesize. Not a bad tradeoff.
For the really paranoid, you can increase your fingerprint resolution to 1K (Probably about the same size as this post), and it would add 16% to your file. You'd start to notice the overhead at that point, but it'd be nearly impossible to do anything with a file that well fingerprinted.
Of course, you can always try to attack the hash as it's being transferred as well, but if they invalidate your checksum, they could give you any old file they wanted anyway.
Thanks man... I've been playing around with "master" nodes acting as a proxy for slave nodes, to get around the problem... Which apparently a lot of people do.
This sounds a lot easier. A little bit of port randomization, and I have myself a working solution.
A smart move, really. I'm a big fan of firefly, and I know the movie's going to be good. However, if you pit it against the Star Wars series firefly will get squashed like it's namesake. It doesn't matter how BAD the Star Wars film will be, people will still go see the conclusion of their erstwhile favorite story, before taking a chance on a new film in the same genre. If Episode III actually turned out to be decent, then Serenity would be doomed. This is especially true since they're going for somewhat younger audiences, many of whom (College students, recent grads) are on limited entertainment budgets.
The ability to run any program on a farm doesn't make a lot of sense.
I've studied and worked with distributed/parallel programming. There are a lot of things you need to take into account. Your primary troubles are how to divide up the work evenly and well, especially when you're working with multiple computers at different specifications.
So, yeah, you have Blender, and you want to distribute it... But how do you tell blender to divide up the work? Do you have another program that manages multiple installations of blender?
Other parts of the program, usually synchronization and organization, need to be run on one (or a few) places to prevent chaos.
That's, honestly, the easy part. If you want a good system (versus getting by on the skin of your teeth), then you also need to deal with fault-tolerance (As the number of machines increases, so does the chance of failure).
All of this assumes that the grid is designed for speed in mind (instead of fault tolerance).
Writing for a distributed environment requires that you re-think the way that you approach the application at hand. You litterally have to program it differently.
If you're into software, then I highly recommend that you do some research into distributed computing. It's a really interesting field.
As cool as it would be to create a large-format picture like this using a camera with zero overlap, it's impossible.
Very simply: When you're putting multiple images like this together, you quickly become aware that the images you take do not form a flat surface. Because your camera is located at a single point, and is then rotated in multiple axes, a complete sweep of all pictures in all directions would form a sphere made of rectangles. Think of it like an inside-out disco ball.
This means, for most large-format pictures, part of the process of turning your output into a rectangle is to flatten a section of a sphere (which results in a loss of image data). In some cases, you can try to preserve all of the image data, and end up with curved images (A couple mars rover photos are like this). Either way however, You need some overlap to cover the sections of the image that would otherwise be lost in the differences between the rectangular photograph, and the curve.
Now, if there were a way to move the camera laterally, it would be quite possible to do what you're interested in. Reasonable for macro images, or microscopic reconstruction. Not reasonable for grand vistas.
A physical object that can be taken from me, so that when someone steals my wallet, not only do they get my IDs, credit cards, and cash, but they'd also get access to all my e-holdings as well.
I believe they've addressed that in the news postings in the last month or so, and said that the meetings were pleasant (Even though they weren't sure they really deserved it).
Do you get somewhat frustrated at attacks on your motivations for child's play? I mean... Your encouraging us to give toys to sick children for chrissake!
Tricky tricky... I've been doing software for quite some time now. I know assembly, as well as a myriad of other languages. I have learned a few things:
1) Coding in assembly is a lot more time consuming, and my code isn't faster. C and C++ compile directly to assembly, and then get optimized. The code optimizers in these compilers are a LOT more sophisticated than I am. The result: When I was writing my own VGA graphics library for games, some functions I wrote in assembly, but others I did in C. I just couldn't write more optimized code than the compiler. That was like 10 years ago, I'm sure they've improved since.
2) Managed code is safer, because of the virtual machine, than non-managed code. VB.net (and I think Java) have upper bound checking for arrays. This means the largest current security flaw, buffer overflows, cease to be a problem.
3) Coding in some of these languages, like VB.net is faster than older schools of programming. For larger corporations, this means you get lots of "features" in the latest version of your bloatware that you don't care about. For guys like me, it means it's easier to publish software in my time after my real job.
For these hashes, you cannot work on the complete hash space, otherwise it would take forever for someone to send a message because of how long it will take to find the hash. That means each message sent will have a subset of the hash space, or (more likely) large portions of the hash space will go unused.
If you're using the hash space uniformally, then armies of infected Windows PCs will take just a couple seconds per e-mail. What does the spammer care? Those CPUs are free/cheap. Just means it's time to find a way to compromise more machines.
If you're only using a subset of the hash space, store the results of each hash you try. Then, the next time around, finding the result is near instantaneous... Making the scheme innefective.
As a novel idea, they could stick to what they're really good at, and continue to make a browser so good that the buzz gets louder. They're making great inroads and doing the near impossible by taking on MicroSoft and winning. It also means their success is fragile, and should be nurtured with care.
Computers move fast, and we have to move with them. My bachelor's degree gave me a base knowledge, but it was my master's that has really given me knowledge that increases my adaptability.
Slashdot Mirror
I'm glad to see the therapy worked. ;)
~D
Does anyone else read an article like this and think that it's just a load of bullshit? I mean... the whole thing. It sounds like people are making up excuses to describe things that they theorize or observed, but don't understand. Honestly, the whole field of quantum physics smells of a bad description of observed behavior that we don't truly understand.
How about instead of coming up with some lame excuse like "quantum darwinism", y'all just say you don't know? It's really not that hard.
~D
Well, when my family went vacationing in Canada this summer, the three family members with digital cameras all had to stop by internet cafes to put their pictures on CD. I had to do it multiple times, and came back from the trip looking for something like this. This is also MUCH more cost-effective than large memory cards.
With this gadget I could take photos in high-quality raw format, and not worry about storage, and have room for the pics of my family too. That's a lot more convenient than taking trips to the cafe every week to put pictures on CD.
~D
Meaning what, a viable company?
~D
I've studied steganography for maybe a couple weeks, and have already built a ruidmentary system (Thinking about making something more advanced into an open-source project). If it's so easy to homebrew secret means of communicating secretly encrypted data, then how much use is it to monitor chat rooms?
Not that terrorists are usually that covert, honestly... But if they needed to be, they could. That is, of course, pretending a system like this wasn't an excuse to monitor a society which has grown less and less loving of its government.
~D
... But tough shit. I thought that we were supposed to be better than MicroSoft, because we don't lock our users onto a specific platform. I thought we were better because we are giving people utilities, power, and choice.
When did our goal of "Write better, more powerful, freely available software" become "Doing what we can to fuck MicroSoft"?
~D
Ever wonder why you don't get laid? This is it... Right here.
~D
What is so incoherant about it? The first is a statement of their infrastructure: Meaning that they don't run their internal applications off of Oracle, they use their own products. When they're developing a new project, and are choosing a platform, his choice is Microsoft.
The second statement ties into this: They have some open source stuff to get an idea of what the competition is doing, but the organization itself operates on Microsoft software.
Thus: While they occasionally RUN other programs, the only software they USE is Microsoft products.
~D
I think one reason people tend to pack-rat their media so much is that it isn't generally cheap, and it's not "real". The idea that your music isn't really a physical object, and your entire library could be instantly destroyed at the whim of fate is an incentive for people to have a full copy of their audio.
The other aspect is availability... Since it's not like each additional song on your player makes it weigh more (unlike their paper comparison), why not? Having your whole music collection on there means greater availability for a whim, or to let a friend listen to something they might not have heard. It also means not having to make sure you have whichever CD or whatever handy. If you have your whole music collection, you don't have to think about it, which is nice.
~D
I know a fair amount about this stuff, but obviously not as much as you...
What do you think are the most viable alternatives? It seems to me that SHA-1 would suffer similar vulnerabilities. Does SHA-1 suffer from the appendable cascade issue?
Do you think there is any way to avoid this kind of problem with hashes? I'm not really aware of any alternate techniques that wouldn't suffer from this same kind of attack eventually. Sure, you could develop related algorithms that increase the hash size, but then it looks like it'd just be an arms race between hashers and colliders.
~D
I agree...
For those who don't understand "Variadic"
First, we've always known in theory this is possible. The question is: How useful is it? Can me, replacing block 4356 of a file with a different block useful? Possibly, but not really. The only thing you could do is gunk up files, but people already do that by publishing fake legit files.
Nowadays a lot of P2P applications are also moving to hash trees... Meaning that each X bytes of a file is hashed, and the combination of those hashes are hashed. Generally this is used for finding corrupt file parts (If the main hash doesn't go right, then you can find the parts of the tree that don't match right). It isn't a lot more computationally expensive in a real-world situation to just compare each leaf's hash to look for problems anyway.
So, you're downloading a 10 gigabyte file (Movie). Say you hash every megabyte (10,000 hashes), that's an additional what... 160K? BFD. Then the MPAA^H^H^H^H offending party would have to write a payload that fits inside a megabyte and that section hashes right. Increase hash resolution as needed. A fingerprint that validates 100K would result in 1.6 Megabytes of overhead data. 10K would be 16 megabytes.
Writing a payload that would hash correctly, and do anything in 10K of space would be exceptionally difficult in real-world scenarios. The overhead would only be about 1.6% of the filesize. Not a bad tradeoff.
For the really paranoid, you can increase your fingerprint resolution to 1K (Probably about the same size as this post), and it would add 16% to your file. You'd start to notice the overhead at that point, but it'd be nearly impossible to do anything with a file that well fingerprinted.
Of course, you can always try to attack the hash as it's being transferred as well, but if they invalidate your checksum, they could give you any old file they wanted anyway.
~D
Thanks man... I've been playing around with "master" nodes acting as a proxy for slave nodes, to get around the problem... Which apparently a lot of people do.
This sounds a lot easier. A little bit of port randomization, and I have myself a working solution.
~D
A smart move, really. I'm a big fan of firefly, and I know the movie's going to be good. However, if you pit it against the Star Wars series firefly will get squashed like it's namesake. It doesn't matter how BAD the Star Wars film will be, people will still go see the conclusion of their erstwhile favorite story, before taking a chance on a new film in the same genre. If Episode III actually turned out to be decent, then Serenity would be doomed. This is especially true since they're going for somewhat younger audiences, many of whom (College students, recent grads) are on limited entertainment budgets.
~D
This isn't consistant, however. I've been on the outskirts of a town of 10,000 in WV, and neither was available.
~D
The ability to run any program on a farm doesn't make a lot of sense.
I've studied and worked with distributed/parallel programming. There are a lot of things you need to take into account. Your primary troubles are how to divide up the work evenly and well, especially when you're working with multiple computers at different specifications.
So, yeah, you have Blender, and you want to distribute it... But how do you tell blender to divide up the work? Do you have another program that manages multiple installations of blender?
Other parts of the program, usually synchronization and organization, need to be run on one (or a few) places to prevent chaos.
That's, honestly, the easy part. If you want a good system (versus getting by on the skin of your teeth), then you also need to deal with fault-tolerance (As the number of machines increases, so does the chance of failure).
All of this assumes that the grid is designed for speed in mind (instead of fault tolerance).
Writing for a distributed environment requires that you re-think the way that you approach the application at hand. You litterally have to program it differently.
If you're into software, then I highly recommend that you do some research into distributed computing. It's a really interesting field.
~D
As cool as it would be to create a large-format picture like this using a camera with zero overlap, it's impossible.
Very simply: When you're putting multiple images like this together, you quickly become aware that the images you take do not form a flat surface. Because your camera is located at a single point, and is then rotated in multiple axes, a complete sweep of all pictures in all directions would form a sphere made of rectangles. Think of it like an inside-out disco ball.
This means, for most large-format pictures, part of the process of turning your output into a rectangle is to flatten a section of a sphere (which results in a loss of image data). In some cases, you can try to preserve all of the image data, and end up with curved images (A couple mars rover photos are like this). Either way however, You need some overlap to cover the sections of the image that would otherwise be lost in the differences between the rectangular photograph, and the curve.
Now, if there were a way to move the camera laterally, it would be quite possible to do what you're interested in. Reasonable for macro images, or microscopic reconstruction. Not reasonable for grand vistas.
~D
A physical object that can be taken from me, so that when someone steals my wallet, not only do they get my IDs, credit cards, and cash, but they'd also get access to all my e-holdings as well.
Fuck that.
~D
Wanged, actually. :)
I believe they've addressed that in the news postings in the last month or so, and said that the meetings were pleasant (Even though they weren't sure they really deserved it).
~D
Do you get somewhat frustrated at attacks on your motivations for child's play? I mean... Your encouraging us to give toys to sick children for chrissake!
~D
Tricky tricky... I've been doing software for quite some time now. I know assembly, as well as a myriad of other languages. I have learned a few things:
.net (and I think Java) have upper bound checking for arrays. This means the largest current security flaw, buffer overflows, cease to be a problem.
.net is faster than older schools of programming. For larger corporations, this means you get lots of "features" in the latest version of your bloatware that you don't care about. For guys like me, it means it's easier to publish software in my time after my real job.
1) Coding in assembly is a lot more time consuming, and my code isn't faster. C and C++ compile directly to assembly, and then get optimized. The code optimizers in these compilers are a LOT more sophisticated than I am. The result: When I was writing my own VGA graphics library for games, some functions I wrote in assembly, but others I did in C. I just couldn't write more optimized code than the compiler. That was like 10 years ago, I'm sure they've improved since.
2) Managed code is safer, because of the virtual machine, than non-managed code. VB
3) Coding in some of these languages, like VB
~D
For these hashes, you cannot work on the complete hash space, otherwise it would take forever for someone to send a message because of how long it will take to find the hash. That means each message sent will have a subset of the hash space, or (more likely) large portions of the hash space will go unused.
If you're using the hash space uniformally, then armies of infected Windows PCs will take just a couple seconds per e-mail. What does the spammer care? Those CPUs are free/cheap. Just means it's time to find a way to compromise more machines.
If you're only using a subset of the hash space, store the results of each hash you try. Then, the next time around, finding the result is near instantaneous... Making the scheme innefective.
~D
As a novel idea, they could stick to what they're really good at, and continue to make a browser so good that the buzz gets louder. They're making great inroads and doing the near impossible by taking on MicroSoft and winning. It also means their success is fragile, and should be nurtured with care.
~D
Mod parent up.
Computers move fast, and we have to move with them. My bachelor's degree gave me a base knowledge, but it was my master's that has really given me knowledge that increases my adaptability.
~D
I think a lot of it has to do with life experience...
"I've made my money, and it didn't make me happy... Now I have a better idea of what will really make me happy, and the freedom to pursue it."
~D