IMHO, this is very bad tactics from Microsoft and should be treated carefully by ISPs and mail providers. Because if gmail does not adopt it then the average user (who doesn't care about protocols, pattents and licences) will say "gmail is so lame, I can't even send a message to my friend". If gmail does adopt it, it will gain a big advantage against yahoo (with the same argument) pushing it to adopt it too. This can make Sender ID a standard and force everyone to depend on Microsoft's patended protocol to just send an email. Scary.
Please, everybody, don't fall to the trap. The correct way of thinking is "Hotmail is so lame that it can't receive mail from provider X", not the opposite!
I would be very interested in understanding the legality of charge customers 5 bucks for a convenience fee of dressing up a cd and a case to sell to my customers.
IMHO, it is legal to charge a fee for any service you provide to your customers. If you package software in a cd and provide it to the customer, it's a service. After all you save him time and bandwidth. Preinstalling software to his pc is also a service.
And I believe it is also ethical to do it. You don't try to fool your customer, you can even tell him that the software can be downloaded free of charge. But if you offer the software installed, ready to use, why not charging a small amount? It is exactly the same as buying a linux cd.
To my point of view, computer stores could earn some good money by *selling* open source software. That's the whole idea about free as in speech, not beer.
Client: I want to use my new pc to write documents and retouch my digital photos. Could you install Word & Photoshop to my new pc? Store: Of course, they cost $XXXX. Client: (laughing) Yeah right. Nevermind, I'll find some pirate versions. Store: But you know, we can install you OpenOffice, GIMP and a lot of other useful software for just $20. They offer similar functionality and it's 100% legal. Client: w00t!
And I'm sure a store don't earn $20 for each copy of Word they sell. In slashdot-friendly words:
1. Preinstall open source software 2. Charge a small fee 3. Profit!
Actually there are at least 10 different explanations about the origin of "w00t", ranging from Quake to Daffy Duck. I guess the truth will remain a mystery.
I don't understand why a 1-2 days latency is such a problem for a distro. It's like someone complaining that cvs users get the fixes before they appear on mozilla.org.
Summary: - you're paranoid about security, get cvs updates every hour. - you're seriously concerned about security, get the new binary as soon as you read it on/. - you're lazy and you like it: apt-get install, 1-2 days after.
Do not confuse CONDUCTOR and TRAIN OPERATOR (read on) What they're not doing: - They're not phasing out the train operators. It's no going to happen. In Paris line 14 has no driver, no conductor, no train operator, nobody. You can even sit on the first wagon and watch the view! So there is no theoretical problem from removing drivers, of course I suppose the line is still monitored by humans.
and for the fact that many homeless tend to like to live in tunnels. That's irrelevent, it's not the drivers job to keep homelesses out anyway.
As contradictory as it may sound, there is always a notion of "belief" in a proof. "Proving" essentially menas "persuading everyone that something is true" and the only difference between mathematics and other sciences is that the former constructs everything from very elementary axioms using basic induction rules, so that it is (usually) clear that a proof is correct.
However it is common to use deduction rules incorrectly, theorems without meeting all preconditions, etc. When a proof becomes complicated, doubts arise.
But that's exactly why we can have much more faith in computer proofs. A computer can only use very specific proof techniques, written formally in some kind of logic. All theorems must also be given very precisely. And the proof can be also checked mechanically, possibly using different software to avoid bugs etc. Size is irrelevent, as long as the basic proof technique is rock solid.
On the other hand machines are stupid, you need humans to program them and prove the correctness of every proof technique they use.
PS. Reading this article was very interesting, given that I'm currently attending a computer science conference (ETAPS) one of the main topics of which is logic and computer proofs:)
I had the impression that the buy-a-domain-to-be-rich story was over, not only due to NASDAQ, but also because of google! I can't imagine anyone who wants to update its hardware typing www.hardware-update.com, instead of googling "hardware update" (and at least in the first 20 pages of results that I checked, hardware-update.com does not appear!). Personally I even type "apple" in the google bar sometimes, its easier than www.apple.com).
Oxford announced the addition of the word "macmini" to their dictionary which appears to be a unit to measure size and coolness at the same time. Typical examples of its usage are:
- Cool, my new Mac Mini is exactly one macmini - Duh, my iPod is less than half a macmini - Who the hell would buy a 10 macminis Shuttle XPC SN25P - Add a full macmini to your p****, 100% safe!
Mr2cents' suggestion is definetely interesting, as it would exponentially increase the difficulty of generating a specifically sized chunk of data to match two different hash algorithms
What I'm trying to say is that you don't know that this would exponentially increase the dufficulty, you just complicate things and this is not good for security. That's why the response to the discovery of an attack is not "let's encrypt 5-times with all available algorithms". Understanding and extensively testing an algorithm is indispensable for security. After a lot of work we now know that SHA-1 breaks in 2^69 calculations and we believe that SHA-512 wont break so easily, at least not very soon. Combining hash functions is just a "dirty" trick for which we have no results and no knowledge.
Such use-whatever-you-can solutions can indeed make intruder's life harder, but cannot offer true security.
Even using two algorithms concurrent collisions will exist (due to the infinite number of collisions for each algorithm). If someone can find collisions for each hash function, nothing can guarantee that he will not find one for both. The problem is that the algorithm's security foundations are shaken, so we can no longer trust it.
It's like using two passwords instead of one. Of course it's better, but it can only slow down an attacker who knows how to break passwords.
Weak and strong collision resistance
on
SHA-1 Broken
·
· Score: 3, Informative
For password hashes this attack shouldn't be a problem, if it is as described in the article. The attack does only one thing: allows an attacker to generate two streams of data which hash to the same value. This is a problem for digital signatures, because somebody can sign one data stream, then distribute another with the same signature. So the signature doesn't guarantee the data has not been modified
Even for signatures, it depends on the application. There are two types of collision resistance:
- Weak collision resistance: Given x, I cannot coumpute y s.t. H(x)=H(y)
- Strong collision resistance: I cannot compute arbitrary x,y s.t. H(x)=H(y)
Usually collision results show that a hash algorithm is not strong resistant.
So if I want to create random data (a nonce) and sign it there is a problem, I can create x,y with the same signature. However if I want to sign something specific, say an email, then I have to break weak resistance, random x,y won't do since x is unlikely to be the email I wrote.
I think that iTunes and Napster are just targeting different groups of people, with quite different music listening habits.
There are people, like me, who listen the same groups for years, collect their albums (in my case in vinyl!), know their history etc. This kind of people would never rent music, an album for them is something they want to have in their collection and listen forever.
On the other hand there are many people who treat music as fashion, watch the latest hits on MTV, buy only singles (who needs an album to hear just one song), know only 2-3 hits from each group, change favourite group each month, etc. For such people the ability to hear all new hits with a fixed subscription is very appealing whereas song expiration doesn't matter. Nobody listen to the same pop hit after a month.
So I think there is room for both systems. Indeed Napster also provides pay-per-song sales (they call it Napster Light, see bottom of page). And I won't be surprised if I see Apple launching subscription services in the near future.
Encryption algorithms rely on the fact that some problems need an exponential number of 'calculations' to be solved. If b is the number of bits in a key, breaking the encryption needs 2^b steps.
On the other hand in traditional computers, if you have p processors and each can perform n calculations per time unit, then you can perform p.n calculation in total. Increasing p or n gives only a *linear* improvement in performance. This is not enough to match 2^b if b is big enough.
On the other hand with q Qbits you can perform 2^q calculations simultaneously (nature's miracle). Take b Qbits and you're done (I said rough explanation, remember). The only problem is that its VERY dificult to tie QBits together.
Interesting idea, but I doubt that such an extension would be useful. The nofollow tag will be added automatically by the blog system to ALL links submited by visitors. It can't help to distinguish spam messages. Nofollow doesn't mean "this is spam" but "this is a user-added link, so it might be spam". It is useless information for humans who can judge the link by its context.
Of course, one could try creating such an extension to see if it works. That's the power of open source!
Slashdot Mirror
10 buttons
I sense it, the creation of the world's first Dvorak mouse is near.
IMHO, this is very bad tactics from Microsoft and should be treated carefully by ISPs and mail providers. Because if gmail does not adopt it then the average user (who doesn't care about protocols, pattents and licences) will say "gmail is so lame, I can't even send a message to my friend". If gmail does adopt it, it will gain a big advantage against yahoo (with the same argument) pushing it to adopt it too. This can make Sender ID a standard and force everyone to depend on Microsoft's patended protocol to just send an email. Scary.
Please, everybody, don't fall to the trap. The correct way of thinking is "Hotmail is so lame that it can't receive mail from provider X", not the opposite!
Who cares. Here's the .avalanche file.
He got flamed on /. for flaming Microsoft!
Strange times.
What's wrong about "my" anyway? In fact, the best would be to call it
my $computer;
I would be very interested in understanding the legality of charge customers 5 bucks for a convenience fee of dressing up a cd and a case to sell to my customers.
IMHO, it is legal to charge a fee for any service you provide to your customers. If you package software in a cd and provide it to the customer, it's a service. After all you save him time and bandwidth. Preinstalling software to his pc is also a service.
And I believe it is also ethical to do it. You don't try to fool your customer, you can even tell him that the software can be downloaded free of charge. But if you offer the software installed, ready to use, why not charging a small amount? It is exactly the same as buying a linux cd.
To my point of view, computer stores could earn some good money by *selling* open source software. That's the whole idea about free as in speech, not beer.
Client: I want to use my new pc to write documents and retouch my digital photos. Could you install Word & Photoshop to my new pc?
Store: Of course, they cost $XXXX.
Client: (laughing) Yeah right. Nevermind, I'll find some pirate versions.
Store: But you know, we can install you OpenOffice, GIMP and a lot of other useful software for just $20. They offer similar functionality and it's 100% legal.
Client: w00t!
And I'm sure a store don't earn $20 for each copy of Word they sell. In slashdot-friendly words:
1. Preinstall open source software
2. Charge a small fee
3. Profit!
Actually there are at least 10 different explanations about the origin of "w00t", ranging from Quake to Daffy Duck. I guess the truth will remain a mystery.
I don't understand why a 1-2 days latency is such a problem for a distro. It's like someone complaining that cvs users get the fixes before they appear on mozilla.org.
/.
Summary:
- you're paranoid about security, get cvs updates every hour.
- you're seriously concerned about security, get the new binary as soon as you read it on
- you're lazy and you like it: apt-get install, 1-2 days after.
the only reason you created this dance floor is that you can dance this mega hit in the proper environment. Now send us the real video please.
Do not confuse CONDUCTOR and TRAIN OPERATOR (read on) What they're not doing: - They're not phasing out the train operators. It's no going to happen.
In Paris line 14 has no driver, no conductor, no train operator, nobody. You can even sit on the first wagon and watch the view! So there is no theoretical problem from removing drivers, of course I suppose the line is still monitored by humans.
and for the fact that many homeless tend to like to live in tunnels.
That's irrelevent, it's not the drivers job to keep homelesses out anyway.
Think about the poor google employees who had a heart attack reading "Google founders cut salaries to $1", before realizing to whose income it refers.
This is not the first time Microsoft releases open source software. He has also released the following projects
- Windows Installer XML (WiX) toolset
- Windows Template Library
- FlexWiki
all under IBM's Common Public License which is approved by the OSI. Maybe they'll chose CPL again(?).
As contradictory as it may sound, there is always a notion of "belief" in a proof. "Proving" essentially menas "persuading everyone that something is true" and the only difference between mathematics and other sciences is that the former constructs everything from very elementary axioms using basic induction rules, so that it is (usually) clear that a proof is correct.
:)
However it is common to use deduction rules incorrectly, theorems without meeting all preconditions, etc. When a proof becomes complicated, doubts arise.
But that's exactly why we can have much more faith in computer proofs. A computer can only use very specific proof techniques, written formally in some kind of logic. All theorems must also be given very precisely. And the proof can be also checked mechanically, possibly using different software to avoid bugs etc. Size is irrelevent, as long as the basic proof technique is rock solid.
On the other hand machines are stupid, you need humans to program them and prove the correctness of every proof technique they use.
PS. Reading this article was very interesting, given that I'm currently attending a computer science conference (ETAPS) one of the main topics of which is logic and computer proofs
Sure, here it is.
Try:
slashdt - Did you mean slashdot?
sourcefore - Did you mean sourceforge?
Sometimes you get strange results though:
pr0n - Did you mean slashdot?
I had the impression that the buy-a-domain-to-be-rich story was over, not only due to NASDAQ, but also because of google! I can't imagine anyone who wants to update its hardware typing www.hardware-update.com, instead of googling "hardware update" (and at least in the first 20 pages of results that I checked, hardware-update.com does not appear!). Personally I even type "apple" in the google bar sometimes, its easier than www.apple.com).
Apparently domain sales prove me wrong.
Oxford announced the addition of the word "macmini" to their dictionary which appears to be a unit to measure size and coolness at the same time. Typical examples of its usage are:
- Cool, my new Mac Mini is exactly one macmini
- Duh, my iPod is less than half a macmini
- Who the hell would buy a 10 macminis Shuttle XPC SN25P
- Add a full macmini to your p****, 100% safe!
Mr2cents' suggestion is definetely interesting, as it would exponentially increase the difficulty of generating a specifically sized chunk of data to match two different hash algorithms
What I'm trying to say is that you don't know that this would exponentially increase the dufficulty, you just complicate things and this is not good for security. That's why the response to the discovery of an attack is not "let's encrypt 5-times with all available algorithms". Understanding and extensively testing an algorithm is indispensable for security. After a lot of work we now know that SHA-1 breaks in 2^69 calculations and we believe that SHA-512 wont break so easily, at least not very soon. Combining hash functions is just a "dirty" trick for which we have no results and no knowledge.
Such use-whatever-you-can solutions can indeed make intruder's life harder, but cannot offer true security. Even using two algorithms concurrent collisions will exist (due to the infinite number of collisions for each algorithm). If someone can find collisions for each hash function, nothing can guarantee that he will not find one for both. The problem is that the algorithm's security foundations are shaken, so we can no longer trust it.
It's like using two passwords instead of one. Of course it's better, but it can only slow down an attacker who knows how to break passwords.
For password hashes this attack shouldn't be a problem, if it is as described in the article. The attack does only one thing: allows an attacker to generate two streams of data which hash to the same value. This is a problem for digital signatures, because somebody can sign one data stream, then distribute another with the same signature. So the signature doesn't guarantee the data has not been modified
Even for signatures, it depends on the application. There are two types of collision resistance:
- Weak collision resistance: Given x, I cannot coumpute y s.t. H(x)=H(y)
- Strong collision resistance: I cannot compute arbitrary x,y s.t. H(x)=H(y)
Usually collision results show that a hash algorithm is not strong resistant.
So if I want to create random data (a nonce) and sign it there is a problem, I can create x,y with the same signature. However if I want to sign something specific, say an email, then I have to break weak resistance, random x,y won't do since x is unlikely to be the email I wrote.
I think that iTunes and Napster are just targeting different groups of people, with quite different music listening habits.
There are people, like me, who listen the same groups for years, collect their albums (in my case in vinyl!), know their history etc. This kind of people would never rent music, an album for them is something they want to have in their collection and listen forever.
On the other hand there are many people who treat music as fashion, watch the latest hits on MTV, buy only singles (who needs an album to hear just one song), know only 2-3 hits from each group, change favourite group each month, etc. For such people the ability to hear all new hits with a fixed subscription is very appealing whereas song expiration doesn't matter. Nobody listen to the same pop hit after a month.
So I think there is room for both systems. Indeed Napster also provides pay-per-song sales (they call it Napster Light, see bottom of page). And I won't be surprised if I see Apple launching subscription services in the near future.
So this is justice? Would you say the same thing when RIAA/MPAA sues Mr. Nobody for sharing, or is it only when we have IBM's backing?
So you're complaining about the 503's that you don't see, basically because you're rarely online?
VERY rough explanation.
Encryption algorithms rely on the fact that some problems need an exponential number of 'calculations' to be solved. If b is the number of bits in a key, breaking the encryption needs 2^b steps.
On the other hand in traditional computers, if you have p processors and each can perform n calculations per time unit, then you can perform p.n calculation in total. Increasing p or n gives only a *linear* improvement in performance. This is not enough to match 2^b if b is big enough.
On the other hand with q Qbits you can perform 2^q calculations simultaneously (nature's miracle). Take b Qbits and you're done (I said rough explanation, remember). The only problem is that its VERY dificult to tie QBits together.
Interesting idea, but I doubt that such an extension would be useful. The nofollow tag will be added automatically by the blog system to ALL links submited by visitors. It can't help to distinguish spam messages. Nofollow doesn't mean "this is spam" but "this is a user-added link, so it might be spam". It is useless information for humans who can judge the link by its context.
Of course, one could try creating such an extension to see if it works. That's the power of open source!