First off, as an Australian and a nerd, I am very proud.
Now.
Good news: there is now a formally verified microkernel. 8,700 lines of C and 600 odd lines of ARM assembly. Awesome.
Bad news: it took 200,000 lines of manually-generated proof and approximately 25 person-years by PhDs to verify the aforementioned microkernel.
Conclusion: formal verification of software is not going to take off any time soon.
25 man-years is not that much, if we really valued it. If the process is modular, 100 persons do 25 man-years in 3 months. Now, I have no idea by what method this was performed, but surely it has to at least be modular over different programs, so that we could, if we really cared about it, have a formally proven whole distribution in a few years.
It is by no means out of reach.
But you are right that it would take all the required man-years away from developing time, so we can be quite confident that it will not be adopted, it would slow down developing time too much to justify the cost for most developers.
The US military seems to think otherwise. Here a quote from an article in The Economist about the militarisation of space (http://www.economist.com/science/displaystory.cfm?story_id=10533205). The numer of nulcear missiles is not the only thing determining the outcome of a military conflict...
But the Pentagon worries about what would happen if America came up against a major power, a "near-peer" rival (as it calls China and Russia), able to intercept space assets with missiles and "space mines", or to disable them with lasers and electronic jammers. "There are a lot of vulnerabilities," admits an American general, "There are backups, but our space architecture is very fragile."
The precise nature of these weaknesses is a well-guarded secret. But wargames simulating a future conflict over Taiwan often end up with the "Red Force" (China) either defeating the "Blue Force" (America) or inflicting grievous losses on it by launching an early attack in space, perhaps by setting off one or more nuclear explosions above the atmosphere. "I have played Red and had a wonderful time," says the general, "It is pretty easy to disrupt Blue. We should not expect an enemy to play by established norms in space. They will play dirty pool."
You're right... I guess I was somewhat too tired when I read that article... But thanks for correcting me! I guess I have to change my picture of the global warming somewhat then, even though I've got problems with imagining that we could be influencing the global climate that much...
The fact that this 1 degree rise and the continuing trend so closely correlate to the rise of the automobile and industrialization is even more suspicious and alarming.
It might also just be a coincidence that the warming has occurred when industry and automobiles rose. In fact there was the Medieval Warm Period and the Little Ice Age some hundred years ago. This was only a regional anomaly, and lasted a few hundred years, but it shows that the climate is in no way the same all the time.
Actually one can measure the climate quite a long time back, by looking at ice at the poles, deep in the glaciers, and then one sees that there've been cycles for the last few hundred thousand years (I've not seen data going further back), in which there is about 90.000 years ice age, and then 10.000 a warmer period of time. One also sees that at the end of the 10.000-warm-periods, the climate goes up and down more than in the beginning and middle of the cycle. The fact that we're at the end of a 10.000 year-period right now should be quite telling, not?
Also, now scientists doubt that we've measured the climate in the right way. The weather satellites we've been using over the last 40 years have been giving us *wrong* data. (Or, rather we have been correcting the data in a wrong way, when we've been calculating the influence of the sun). See this article for more information: http://www.economist.com/science/displayStory.cfm? story_id=4269858 It's a *MUST* read.
Sorry for my bad english, but it's not my mother-tounge and I'm kind of very tired right now...
Actually, what if I take some 5MB of qubits and write copyright beneath them? As they represent *all* the possible 5MB-sequences, have I copyrighted them all?!
Hate to break it to ya, but Sony's already had to pay $90million to Immersion, a "minor player" who claimed a patent on the Dual Shock pad.
A 'dual shock pad' is a physical device, and not a game(-idea). Such things have been patentable for a long time.
What this article talks about are patents on *games* (or ideas) themselves. E.g. I might patent 'A guy jumping around and eating mushrooms', and then if someone makes a game called, let's say Oiram Repus, with the same idea, then he'd have to pay royalties. The example is probably quite unrealistic, but you get the point.
Actually I don't see why games shouldn't be patentable, when *algorithms* are. It's the same (bad) idea about claiming ownership on ideas.
The manipulation is clear, and despite my pro-copyright-principle stance I don't like abuse of copyright any more than the next guy. However, the answer to bad laws is to get them changed. If a population in a country that claims to be democratic can't even work out how to do that, then it has far greater problems than abuse of the law to extend copyright. (This is, arguably, true of both the US and the UK in light of the recent actions of their governments and the recent election results. Of such things changes come, sooner or later.)
Civil Disobedience is a way to change laws, and sometimes it's necessary. For example, you might take the Civil Rights movement. Just because there are laws, they don't have to be ethical, and sometimes the only way to make a change is to make resistance. The problem is, that there are some things that politicians won't do, not because they'd not be good for the people, but because they wouldn't be good for themselves. The problem in many democracies is that politicians don't always have the same interests as the people. One way to solve this is to make the people able to force a legislation by majority in a vote, and hence make the people more powerful than the government. (Switzerland has implemented this, and I think 100K people are necessary to force a vote) That way, if a majority of the people were in favour of legal file-sharing, then they'd be able to start a vote. But in a representative democracy, and especially democracies where there are only few big political partys (2 or 3), it's not always easy to change laws, because they come in 'packages'. When you vote for someone, you choose a set of things you want to be done, not single things, and hence it might be that you have to choose between the lesser of two evils.
Where's the difference to Hash-cash? (from a technically POV) Both ideas are about making it expensive for the spammer to send his email (using different methods, of course...) and Hash-cash was, AFAIK, proposed some years ago. But somehow it never happened, that you used hash-cash when sending emails, and implementing hash-cash is so much easier than implementing this (I think at least). But sure, it'd be great if it'd work this time...
And, as a side note, all the "political dissident" stuff is pure horseshit and misdirection. It's illegal in China (and other countries with harsh free speech laws) to use encryption at all. Freenet is not even an option for the oppressed village of Wing Wang.
Actually, that's what the story is about. They want to make it usable & undetecable in repressive regimes. From TFA:
If we can't build something that can survive its own illegality, then I'm not sure what the point is. [...] If you can hide the nodes as well, via some kind of steganography, then you can make it hard to find them. If you don't have trusted links, then there is no point hiding them as the attacker will just harvest.
Personally, I find the question about free speech very difficult and I totally agree with you that someone who rapes an 8-year-old is far worse than someone who murders some other adult, and that the kids in pictures are real kids, that suffers alot.
But there are other ways to look at the question, e.g. if there'd been a darknet under Hitler, there might have been more resistance, and it might have saved many lives.
The problem, I think, it's that as the "normal" internet is so much faster, a darknet will only be used for illegal things, and while different political opinions is still legal, it won't be used for political opinions. But once it's illegal to express ones own political opinions, it'll be used for it (see the example with Hitler), and might in the end save many lives (or not).
That's why I find the question about free speech very difficult, and cannot really take position on it.
Everyone is selfish. Everyone wants what's best for him, so if you let the public decide what they want, they decide what's best for them, not what's the most fair.
That is a very interesting point, but what do you define as "the most fair"? You cannot have one single answer to that question, and as we live in a democracy, "the most fair" by definition is what the people want. I do not always agree with that, you can have a great influence over the people with propaganda, but I think democracy is the best alternative we have, and that won't change very soon, i think.
I'm actually an utilitarian ("the greatest happiness principle", see http://en.wikipedia.org/wiki/Utilitarianism) and think that whatever has the greatest happiness as consequence is the right (and "the most fair") thing to do. This is of course not possible in reality because one cannot forsee all consequences by doing something, but I'm not in any way bound to any "moral laws" if I think that something else would result in greater happiness. And that's also why I'm against copyright laws as they exist today, because I think we could achieve greater happiness without them. (I do not know though, if we'd be better off without copyright laws at all, or if they simply should be replaced with different ones. I'm very in favor of the creative commons licenses though, see http://creativecommons.org/)
There would be no incentive to create something new for a living, since you can't make a living off it. Sure, it would be a perfect ideal to have everything for free, but communism didn't work...
That's not true, at least not in the way you put it. First off, I'm *not* in favor communism, but of reforming copyright. Also, there'd still be reason to create new art, etc... See http://creativecommons.org/ for example. Also, I do not think someone becomes a musician beacuse of earning money (if I'm not Brittney Spears...), but to create something. Also, artists would still earn money by giving concerts.
That's stupid. That will mean anything anyone creates is part of the public. Sure, copyright laws can be a pain in the ass, but if you look at it rationally, if someone who creates something (say, for example, a musician) wants money for it, what right do we have to claim it as ours for free ?
I don't agree with you. If everything is part of the public, doesn't the public benefit from it?
Also, I do not think that an artist should have total control how his work is distributed. I think that the society should decide how he should be able to control it. Actually, that's the case today, but I do not think that the copyright laws express the public opinion.
Then there is also a philosophical aspect, that the content of a CD which you buy is really just one big number. I don't think that one should be able to have copyright on numbers. (See my journal for more information)
I think that artists should be able to earn money with performances, rather than by selling records. There are many groups who live from doing live-performances, and I do not see any reason that others should not. Actually I'm a musician myself, though only in my spare time, and I do not want any copyright to stop my music from spreading.
Without any copyright laws, the GPL would be null and void, wouldn't it? Or am I missing something?
1. He might not like the GPL
2. Without copyright you'd be able to share the source if you wanted. Of course you'd not be forced to give away the source code on modified versions, but there's still the possibility of doing it, and what is the point of keeping something closed-sourced if there are no copyright laws so that you can earn money by selling numbers?
But if there are no real-world-implementations of the algorithms, what good are they? Also, and more importantly, these challenges show just how good public-key cryptography is, and what is technically feasible to break.
The most visible one at this point is to my knowledge YellowDog's reluctance to release the code of their linux-on-ipod installer code. You can buy it but there is no cvs or sourcecode repository that I know of.
AFAIK the GPL allows selling of source-code, provided that the copy you sell is also GPL:ed so that the person can modify it, give it away, or even sell it if he wants to.
Also, if it's _their_ installer, then they don't have to GPL it, so it might be copyrighted under another license.
HOWEVER, somewhere, someplace way WAY down the sequence, it will certainly start repeating the ENTIRE sequence again, like 3.14159....3141592653589793....
No, Pi will never repeat itself. Substrings will, but the entire number of Pi will never be repeated inside itself. This is because it is an irrational number. For more information: http://mathworld.wolfram.com/IrrationalNumber.html
First off, he _does_ 'pay' for slashdot by seeing the ads.
Then, he can complain if he wants to... why shouldn't he? He's trying to tell the editors what to do, to make the site _better_. The editors should be grateful for people giving feedback, as they learn how to do things better. If the editors won't listen to him, then he (and probably alot of other people) can decide that it's not worth his time (BTW, the time needed for a user to read slashdot is also worth something) to read slashdot, stop reading slashdot, and do something better instead.
... but the program. The problem is that when you search for a hash, then the other users are telling you they've got the file with the hash. _You_ cannot know whether the given file _in reality_ has the hash you searched for. So, these guys probably haven't broken SHA-1 in some new way, because they don't have to.
On another note, when somebody wants to download something, then he searches for the name of the file, and not for the hash(!). The hash is only useful when you download large files at the same time, from different sources. So to flood e.g. the kazaa-network, one wouldn't even have to try to hash the files.
Of course all of the above isn't true to BitTorrent, but it could be fixed by e.g.: Everybody downloads X pieces 2(or more times) from different sources(The tracker could also have trusted sources, etc...). If they don't match they download them from other sources, and the client whose version is wrong is reported to the tracker. If client Y is reported Z times, then the tracker disconnects him.
No, it can't. If you use a 256-bit key and you assume that the algorithm is perfect, ie you have to brute-force, then, due to the 2nd law of thermodynamic (you need a certain amount of energy no less than Tk, where T = absoulute temperature & k = Boltzmann constant to change a bit) you'd still not be able to, even theoretically if we used all the energy from all the stars, to make a counter go through all the sates up to 2^256. It'd take 32 years for out theoretical machine to count even the 2^219 first possibilities, and 32*2^37 years to brute-force our key.
When/If quantum computers become reality, the complexity will 'only' be half the bits, ie a complexity of 2^128, but it is still pretty much unbreakable, as long as the algorithm is good.
You could use the interlock protocol. It works as follows:
(1) key exchange -> ISP is man-in-the-middle, so he gives Alice his own poublic key instead of Bob's.
(2) Alice encrypts the message she wants to send, but only sends half of it, so that a attempt to decrypt it without the other half results in gibberish (How this is done depends on the cipher, whether it's a stream cipher, etc..)
(3) Bob sends one half of a message he wants to send Alice.
(4) Alice sends her 2nd half, so that Bob is able to decrypt her message.
(5) Bob sends the 2nd half of his message, so that Alice can decrypt his message.
If the ISP is man-in-the middle he can't read the message, so he has to invent a new message which he sends to Bob, because he has to reencrypt it! That way, if the ISP decides to switch the public-keys, he has to invent _new_ message all the time, so Alice and Bob won't even communicate with eachother during the session!
>>>>Perfect compression should eliminate all randomness. >>Okay, you lost me here, or maybe I've forgotten the little bit of information theory I once knew. Shouldn't perfect compression generate something which appears perfectly random?
It eliminates randomness in so far that it finds a pattern a replaces the file with the pattern. By finding patterns you reduce the file-size and also eliminate (some) randomness. Of course the result looks random, but it is a description of more data than it contains in itself (But not together with the algorithm).
It is however theoretically impossible to write a compression-algorithm that is able to reduce the size of all files.
Sorry for answering so late, and sorry for answering in reverse order...
>>>>To create real randomness, a PRNG has to have 3 properties: >>Uh, no! Whatever constitutes real randomness is more of a philosophical question. But a pseudo-random number generator is certainly not real randomness. That is why the P (for pseudo) is there.
I was talking about real randomness, so sorry for the 'P'. But what constitutes real randomness isn't a philosphical question. For something to be random, it has to really random and that is really unredictable.
>>>>In theory this i true, but in reality it's impossible to create a one-time-pad. >>Huh? You can't have tried hard. Try throwing a dice enough times, and record the results. That is your one-time pad.
But they aren't really random. It's very hard to build a perfect dice. And they are reproducable, because if you throw the dice in the same way twice, the result will be the same.
>>I'm unsure about what you mean by "need quantum mechanics". Apart from being needed simply because it's another part of the laws of physics, you are obviously mistaken. I was talking about quantum mechanics because it is really random. If you make the same experiment twice, you will probably get two different results. But even if you don't have a hardware random number generator, it is nowhere as hard to create random numbers as you suggest. That is because real computers (as opposed to Turing machines) do input and output, and when you combine enough different inputs, what you get is for all practical purposes random./dev/random on linux is just one example.
Well, I wasn't talking about practical purposes, but about real randomness. I don't know how the/dev/random is generated on a Linux machine, but it does still depend on some input, so it isn't really random, at least not for large OTPs.
The reason something that produces the same output with a given input isn't secure, is that, for it to be secure, has to have as much randomness as input as it has output. Therefore, to create a OTP with a given length, you'd need at least as much randomness as input, that is something corresponding to the OTP.
Therefore you do not create randomness, but simply convert it from one form to another.
E.g., for creating a 256-bit-key, you need a input that you can be certain has 2^256 (that is about 1.157920e+77, a quite large number) possible different inputs. It is quite hard to make a PRNG just to be good enough to make 256-bit-keys, and often they involve other randomness, such as mouse movements, etc..
"Normal" PRNGs (for example such that often come with C-compilers) are very often only good for statistical randomness, but not for creating "good" randomness.
Sure. Encode it with a one-time pad, and throw the pad away. All you're left with is completely random data.
In theory this i true, but in reality it's impossible to create a one-time-pad. You'd need quantum-mechanics to create a real one-time-pad, because we don't have the possiblity to create such randomness with a computer. Creating pseudo-randomness, is what cryptography is all about, but we can never create real randomness in a computer, because a computer can only be in a finite (but still very large) number of states, and therefore it's periodic by definiton.
To create real randomness, a PRNG has to have 3 properties:
1 * The string of numbers has to pass every statistical test. 2 * It has to be unpredictable, even when you know about all the bits produced so far and you have complete knowledge about the algorithm used, except for the key. 3 * You can not reproduce the result by running it again with exactly the same input.
Computers fail on the last point, and hence can't produce really random outputs.
If it doesn't use trackers, how is the connection between clients done? "Suprnodes" i suppose? I'm trying to find out but TFSHBS (The * Site Has Been Slashdotted). So, any info plz? Or a.torrent for the docs?;)
2. No, everyone acts as tracker(for things you've downloaded), as far as I know... Haven't read everything through, though, but I think it's fully decentralised, but please correct me if I'm wrong.
Slashdot Mirror
First off, as an Australian and a nerd, I am very proud.
Now.
Good news: there is now a formally verified microkernel. 8,700 lines of C and 600 odd lines of ARM assembly. Awesome.
Bad news: it took 200,000 lines of manually-generated proof and approximately 25 person-years by PhDs to verify the aforementioned microkernel.
Conclusion: formal verification of software is not going to take off any time soon.
25 man-years is not that much, if we really valued it. If the process is modular, 100 persons do 25 man-years in 3 months. Now, I have no idea by what method this was performed, but surely it has to at least be modular over different programs, so that we could, if we really cared about it, have a formally proven whole distribution in a few years.
It is by no means out of reach.
But you are right that it would take all the required man-years away from developing time, so we can be quite confident that it will not be adopted, it would slow down developing time too much to justify the cost for most developers.
You're right ... I guess I was somewhat too tired when I read that article ... ...
But thanks for correcting me! I guess I have to change my picture of the global warming somewhat then, even though I've got problems with imagining that we could be influencing the global climate that much
In fact there was the Medieval Warm Period and the Little Ice Age some hundred years ago. This was only a regional anomaly, and lasted a few hundred years, but it shows that the climate is in no way the same all the time.
Actually one can measure the climate quite a long time back, by looking at ice at the poles, deep in the glaciers, and then one sees that there've been cycles for the last few hundred thousand years (I've not seen data going further back), in which there is about 90.000 years ice age, and then 10.000 a warmer period of time. One also sees that at the end of the 10.000-warm-periods, the climate goes up and down more than in the beginning and middle of the cycle.
The fact that we're at the end of a 10.000 year-period right now should be quite telling, not?
Also, now scientists doubt that we've measured the climate in the right way. The weather satellites we've been using over the last 40 years have been giving us *wrong* data. (Or, rather we have been correcting the data in a wrong way, when we've been calculating the influence of the sun).
See this article for more information:
http://www.economist.com/science/displayStory.cfm
It's a *MUST* read.
Sorry for my bad english, but it's not my mother-tounge and I'm kind of very tired right now
Actually, what if I take some 5MB of qubits and write copyright beneath them?
As they represent *all* the possible 5MB-sequences, have I copyrighted them all?!
A 'dual shock pad' is a physical device, and not a game(-idea). Such things have been patentable for a long time.
What this article talks about are patents on *games* (or ideas) themselves. E.g. I might patent 'A guy jumping around and eating mushrooms', and then if someone makes a game called, let's say Oiram Repus, with the same idea, then he'd have to pay royalties. The example is probably quite unrealistic, but you get the point.
Actually I don't see why games shouldn't be patentable, when *algorithms* are. It's the same (bad) idea about claiming ownership on ideas.
Civil Disobedience is a way to change laws, and sometimes it's necessary. For example, you might take the Civil Rights movement. Just because there are laws, they don't have to be ethical, and sometimes the only way to make a change is to make resistance.
The problem is, that there are some things that politicians won't do, not because they'd not be good for the people, but because they wouldn't be good for themselves. The problem in many democracies is that politicians don't always have the same interests as the people.
One way to solve this is to make the people able to force a legislation by majority in a vote, and hence make the people more powerful than the government. (Switzerland has implemented this, and I think 100K people are necessary to force a vote)
That way, if a majority of the people were in favour of legal file-sharing, then they'd be able to start a vote.
But in a representative democracy, and especially democracies where there are only few big political partys (2 or 3), it's not always easy to change laws, because they come in 'packages'. When you vote for someone, you choose a set of things you want to be done, not single things, and hence it might be that you have to choose between the lesser of two evils.
Where's the difference to Hash-cash? (from a technically POV) ...
Both ideas are about making it expensive for the spammer to send his email (using different methods, of course...) and Hash-cash was, AFAIK, proposed some years ago.
But somehow it never happened, that you used hash-cash when sending emails, and implementing hash-cash is so much easier than implementing this (I think at least).
But sure, it'd be great if it'd work this time
And, as a side note, all the "political dissident" stuff is pure horseshit and misdirection. It's illegal in China (and other countries with harsh free speech laws) to use encryption at all. Freenet is not even an option for the oppressed village of Wing Wang.
Actually, that's what the story is about. They want to make it usable & undetecable in repressive regimes. From TFA:
If we can't build something that can survive its own illegality, then I'm not sure what the point is.
[...]
If you can hide the nodes as well, via some kind of steganography, then you can make it hard to find them. If you don't have trusted links, then there is no point hiding them as the attacker will just harvest.
Personally, I find the question about free speech very difficult and I totally agree with you that someone who rapes an 8-year-old is far worse than someone who murders some other adult, and that the kids in pictures are real kids, that suffers alot.
But there are other ways to look at the question, e.g. if there'd been a darknet under Hitler, there might have been more resistance, and it might have saved many lives.
The problem, I think, it's that as the "normal" internet is so much faster, a darknet will only be used for illegal things, and while different political opinions is still legal, it won't be used for political opinions.
But once it's illegal to express ones own political opinions, it'll be used for it (see the example with Hitler), and might in the end save many lives (or not).
That's why I find the question about free speech very difficult, and cannot really take position on it.
Everyone is selfish. Everyone wants what's best for him, so if you let the public decide what they want, they decide what's best for them, not what's the most fair.
... See http://creativecommons.org/ for example.
That is a very interesting point, but what do you define as "the most fair"?
You cannot have one single answer to that question, and as we live in a democracy, "the most fair" by definition is what the people want.
I do not always agree with that, you can have a great influence over the people with propaganda, but I think democracy is the best alternative we have, and that won't change very soon, i think.
I'm actually an utilitarian ("the greatest happiness principle", see http://en.wikipedia.org/wiki/Utilitarianism) and think that whatever has the greatest happiness as consequence is the right (and "the most fair") thing to do.
This is of course not possible in reality because one cannot forsee all consequences by doing something, but I'm not in any way bound to any "moral laws" if I think that something else would result in greater happiness. And that's also why I'm against copyright laws as they exist today, because I think we could achieve greater happiness without them. (I do not know though, if we'd be better off without copyright laws at all, or if they simply should be replaced with different ones. I'm very in favor of the creative commons licenses though, see http://creativecommons.org/)
There would be no incentive to create something new for a living, since you can't make a living off it. Sure, it would be a perfect ideal to have everything for free, but communism didn't work...
That's not true, at least not in the way you put it. First off, I'm *not* in favor communism, but of reforming copyright.
Also, there'd still be reason to create new art, etc
Also, I do not think someone becomes a musician beacuse of earning money (if I'm not Brittney Spears...), but to create something.
Also, artists would still earn money by giving concerts.
That's stupid. That will mean anything anyone creates is part of the public. Sure, copyright laws can be a pain in the ass, but if you look at it rationally, if someone who creates something (say, for example, a musician) wants money for it, what right do we have to claim it as ours for free ?
I don't agree with you. If everything is part of the public, doesn't the public benefit from it?
Also, I do not think that an artist should have total control how his work is distributed. I think that the society should decide how he should be able to control it. Actually, that's the case today, but I do not think that the copyright laws express the public opinion.
Then there is also a philosophical aspect, that the content of a CD which you buy is really just one big number. I don't think that one should be able to have copyright on numbers. (See my journal for more information)
I think that artists should be able to earn money with performances, rather than by selling records. There are many groups who live from doing live-performances, and I do not see any reason that others should not. Actually I'm a musician myself, though only in my spare time, and I do not want any copyright to stop my music from spreading.
Without any copyright laws, the GPL would be null and void, wouldn't it? Or am I missing something?
1. He might not like the GPL
2. Without copyright you'd be able to share the source if you wanted. Of course you'd not be forced to give away the source code on modified versions, but there's still the possibility of doing it, and what is the point of keeping something closed-sourced if there are no copyright laws so that you can earn money by selling numbers?
But if there are no real-world-implementations of the algorithms, what good are they?
Also, and more importantly, these challenges show just how good public-key cryptography is, and what is technically feasible to break.
The most visible one at this point is to my knowledge YellowDog's reluctance to release the code of their linux-on-ipod installer code. You can buy it but there is no cvs or sourcecode repository that I know of.
AFAIK the GPL allows selling of source-code, provided that the copy you sell is also GPL:ed so that the person can modify it, give it away, or even sell it if he wants to.
Also, if it's _their_ installer, then they don't have to GPL it, so it might be copyrighted under another license.
HOWEVER, somewhere, someplace way WAY down the sequence, it will certainly start repeating the ENTIRE sequence again, like 3.14159....3141592653589793....
l
No, Pi will never repeat itself. Substrings will, but the entire number of Pi will never be repeated inside itself. This is because it is an irrational number.
For more information: http://mathworld.wolfram.com/IrrationalNumber.htm
That's not true at all.
... why shouldn't he? He's trying to tell the editors what to do, to make the site _better_. The editors should be grateful for people giving feedback, as they learn how to do things better.
First off, he _does_ 'pay' for slashdot by seeing the ads.
Then, he can complain if he wants to
If the editors won't listen to him, then he (and probably alot of other people) can decide that it's not worth his time (BTW, the time needed for a user to read slashdot is also worth something) to read slashdot, stop reading slashdot, and do something better instead.
... but the program. The problem is that when you search for a hash, then the other users are telling you they've got the file with the hash. _You_ cannot know whether the given file _in reality_ has the hash you searched for.
So, these guys probably haven't broken SHA-1 in some new way, because they don't have to.
On another note, when somebody wants to download something, then he searches for the name of the file, and not for the hash(!). The hash is only useful when you download large files at the same time, from different sources. So to flood e.g. the kazaa-network, one wouldn't even have to try to hash the files.
Of course all of the above isn't true to BitTorrent, but it could be fixed by e.g.:
Everybody downloads X pieces 2(or more times) from different sources(The tracker could also have trusted sources, etc...). If they don't match they download them from other sources, and the client whose version is wrong is reported to the tracker.
If client Y is reported Z times, then the tracker disconnects him.
I think he meant the ISPs having slow-upload rates & fast download-rates.
...
I, e.g., have 1mbit dl while only having 256kbit upload.
Maybe i got it wrong
No, it can't.
If you use a 256-bit key and you assume that the algorithm is perfect, ie you have to brute-force, then, due to the 2nd law of thermodynamic (you need a certain amount of energy no less than Tk, where T = absoulute temperature & k = Boltzmann constant to change a bit) you'd still not be able to, even theoretically if we used all the energy from all the stars, to make a counter go through all the sates up to 2^256. It'd take 32 years for out theoretical machine to count even the 2^219 first possibilities, and 32*2^37 years to brute-force our key.
When/If quantum computers become reality, the complexity will 'only' be half the bits, ie a complexity of 2^128, but it is still pretty much unbreakable, as long as the algorithm is good.
You could use the interlock protocol.
..)
It works as follows:
(1) key exchange -> ISP is man-in-the-middle, so he gives Alice his own poublic key instead of Bob's.
(2) Alice encrypts the message she wants to send, but only sends half of it, so that a attempt to decrypt it without the other half results in gibberish (How this is done depends on the cipher, whether it's a stream cipher, etc
(3) Bob sends one half of a message he wants to send Alice.
(4) Alice sends her 2nd half, so that Bob is able to decrypt her message.
(5) Bob sends the 2nd half of his message, so that Alice can decrypt his message.
If the ISP is man-in-the middle he can't read the message, so he has to invent a new message which he sends to Bob, because he has to reencrypt it!
That way, if the ISP decides to switch the public-keys, he has to invent _new_ message all the time, so Alice and Bob won't even communicate with eachother during the session!
>>>>Perfect compression should eliminate all randomness.
>>Okay, you lost me here, or maybe I've forgotten the little bit of information theory I once knew. Shouldn't perfect compression generate something which appears perfectly random?
It eliminates randomness in so far that it finds a pattern a replaces the file with the pattern.
By finding patterns you reduce the file-size and also eliminate (some) randomness. Of course the result looks random, but it is a description of more data than it contains in itself (But not together with the algorithm).
It is however theoretically impossible to write a compression-algorithm that is able to reduce the size of all files.
Sorry for answering so late, and sorry for answering in reverse order ...
/dev/random on linux is just one example.
/dev/random is generated on a Linux machine, but it does still depend on some input, so it isn't really random, at least not for large OTPs.
>>>>To create real randomness, a PRNG has to have 3 properties:
>>Uh, no! Whatever constitutes real randomness is more of a philosophical question. But a pseudo-random number generator is certainly not real randomness. That is why the P (for pseudo) is there.
I was talking about real randomness, so sorry for the 'P'. But what constitutes real randomness isn't a philosphical question.
For something to be random, it has to really random and that is really unredictable.
>>>>In theory this i true, but in reality it's impossible to create a one-time-pad.
>>Huh? You can't have tried hard. Try throwing a dice enough times, and record the results. That is your one-time pad.
But they aren't really random. It's very hard to build a perfect dice.
And they are reproducable, because if you throw the dice in the same way twice, the result will be the same.
>>I'm unsure about what you mean by "need quantum mechanics". Apart from being needed simply because it's another part of the laws of physics, you are obviously mistaken.
I was talking about quantum mechanics because it is really random. If you make the same experiment twice, you will probably get two different results.
But even if you don't have a hardware random number generator, it is nowhere as hard to create random numbers as you suggest. That is because real computers (as opposed to Turing machines) do input and output, and when you combine enough different inputs, what you get is for all practical purposes random.
Well, I wasn't talking about practical purposes, but about real randomness.
I don't know how the
The reason something that produces the same output with a given input isn't secure, is that, for it to be secure, has to have as much randomness as input as it has output.
Therefore, to create a OTP with a given length, you'd need at least as much randomness as input, that is something corresponding to the OTP.
Therefore you do not create randomness, but simply convert it from one form to another.
E.g., for creating a 256-bit-key, you need a input that you can be certain has 2^256 (that is about 1.157920e+77, a quite large number) possible different inputs.
It is quite hard to make a PRNG just to be good enough to make 256-bit-keys, and often they involve other randomness, such as mouse movements, etc..
"Normal" PRNGs (for example such that often come with C-compilers) are very often only good for statistical randomness, but not for creating "good" randomness.
Sure. Encode it with a one-time pad, and throw the pad away. All you're left with is completely random data.
In theory this i true, but in reality it's impossible to create a one-time-pad. You'd need quantum-mechanics to create a real one-time-pad, because we don't have the possiblity to create such randomness with a computer.
Creating pseudo-randomness, is what cryptography is all about, but we can never create real randomness in a computer, because a computer can only be in a finite (but still very large) number of states, and therefore it's periodic by definiton.
To create real randomness, a PRNG has to have 3 properties:
1 * The string of numbers has to pass every statistical test.
2 * It has to be unpredictable, even when you know about all the bits produced so far and you have complete knowledge about the algorithm used, except for the key.
3 * You can not reproduce the result by running it again with exactly the same input.
Computers fail on the last point, and hence can't produce really random outputs.
It is now known that slashdot editors don't read slashdot.
That was the official eXeem release, the one with spyware.
This is eXeem Lite, which is supposed to be spyware free.
If it doesn't use trackers, how is the connection between clients done? "Suprnodes" i suppose? I'm trying to find out but TFSHBS (The * Site Has Been Slashdotted). So, any info plz? Or a .torrent for the docs? ;)
a 2714349e08 72bb15300c31d12/index.htmlo rg/stories/be6b55cafbd710266 e6055abafed4cee/index.html
... Haven't read everything through, though, but I think it's fully decentralised, but please correct me if I'm wrong.
1. Mirrors:
http://www.mirrordot.org/stories/764ece
http://www.mirrordot.
2. No, everyone acts as tracker(for things you've downloaded), as far as I know