"It's not all that hard to buy an AMD64 machine with Windows XP"
It's not all that hard to buy an AMD64 machine with Windows XP 32-bit Edition. This of course renders most 64-bit goodness moot. I have yet to see a machine in any of the major high street and online shops (read: where most people still get their PC's from) that ships with XP x64, I guess because it's only available in it's 'Professional' flavour - not the shockingly different 'Home' flavour.
Don't expect the majority of people to be properly 64-bit enabled until Longhorn and a bit (for OS turnover in the consumer world). One of the umpteen LH flavours is sure to support your nice juicy new processor.
One question, are "modern Pentium 4 chips", "64-bit capable"? And to what extent? I wasn't aware any of the P4's were in anyway 64-bit (atleast no corny dun-dun-dun-dun adverts on TV bragging about 'Intel 64-bit technology' yet)
No, I believe the 'real question' is why did we give up on our space program in the first place, really just a few years before people started seeing and reaping the commercial benefits of satellite technology.
It is feasibly that if we had continued our efforts, unclamped by the government, we may have put a man in space ourselves.
There was recently a brilliantly put together but saddening documentary on the highlights of the British space program on the BBC. Unfortunately there isn't a torrent in sight (if anyone finds one PLEASE me know) and there aren't many central sources for general information on the era to be found with Google (unless you know specific project names).
Simple, this is acheived by using wildcard DNS entries. The big DNS servers like BIND support this out of the box. Then you just extract the subdomain but from the HTTP "Host:" header, mandatory in the HTTP/1.1 standard.
The first thing that came to mind for me was the Britvic Tango drink. A fizzy orangey drink much like Coca Cola's Fanta[1].
I'm was rather surprised noone else has mentioned this until I did a quick Google search and found out it's a British thing. Over here it pretty much dominates the market in fizzy fruit drinks (atleast in terms of brand awareness). Obviously I don't have any figures but Fanta is seemingly much less popular.
It's always nice to come across differences in brand awareness across the globe.:)
To clairify, my point here wasn't to disagree with what Page said. But just putting something 'in perspective' is just a way of saying, putting things into ONE perspective...that and 'humanitarian' posts tend to make me verbose. I just thought it was rather redundant and, to quote a sibling post with what I agree, moronic, of both the grandparent and Page to bother mentioning it in the first place.
One could argue that thousands of lives being lost is far better alternative than the history and memories that those people created. For a few, i'm sure Walice and Gromit, to them atleast, represents some of their better acheivements.
Likewise, what would be the greater loss to everyone alive today and everyone yet to be born, the sudden death of Matt Groening or the sudden combustion of every Simpsons show ever produced?
Mourning or promoting the case for Matt Groening, who you've probably never met or known, would be, or for those 20,000 people in India is, an insult, as these people mean absolutely nothing to you. If you want to make news why don't you do something that'll help the suffering in India (like promote the aid effort) rather than try to give us perspective that we (well I for one) already disagree on?
There is a time for compassion and pointing out how petty a loss is by making comparison with a humanitarian point, and then there are just plain unnecessary comments like yours...life must go on.
This little discussion tree is flooded with code each with various advantages and disadvantages... so of course I felt the urge to investigate the problem myself and contribute something.
I started off looking at the x86 instruction set and then googling for "XCHG reverse string" and voila, came up with this page that, aswell as covering some some of the methods described in this little discussion tree, has a final comment thats extra-specially interesting:
In practice, for most compilers on Intel hardware the code
int tmp; tmp = *b; *b = *a; *a = tmp;
will compile into a single XCHG instruction. However, most compilers will not figure out the equivalent
b ^= a; a ^= b; b ^= a;
Ham Fisted Saturday, August 21, 2004
Of course, if you didn't trust your compiler (or working toward multiple architectures) you could always use some compiler directives and some embedded asm?
Is it possible to write this function using nothing but reigsters and the memory occupied by the string? Anyone care to give it a go? >)
...and while we're at it lets make all software developers responsible for the consequences of every bug and flaw in all of their products. This will make Microsoft and other closed source non-free embracing corporate demons 'go away'.
Whether you're playing with people's money, time or lives there is a personal risk and responsibility to to end user (us) when we do anything in life. Yet we're constantly trying to make it somebody elses problem?
Rather than just shifting the blame why doesn't somebody come up with a decent list of things banks could actually do to make us safer.
Wouldn't using your browser to access web applications on your local intranet, to do OO/MS Office like work, just be a really crappy way to turn all your workstations into thin clients? I'm sure there are better solutions for this than doing everything via hypertext.
In terms of Internet services... why the hell would the web need this? If everyone got thei act together (i.e. Microsoft) and produced a decent (and i mean really good) open standard it'd make the concept somewhat redundant what with the cheap/free and excessive availability of webspace providers.
Somehow I don't think office applications will port to the web as naturally as e-mail has with webmail.
"What consumes performance? Well, resolutions have increased"
Speaking of which, I wish somebody could explain how Windows 2000 manages 24 bit depth at 1280x1024 resolution and 75 Hz on my ATI AGP 4MB (you read right) video card and yet xorg flakes out complaining of not enough memory at 24 bit (I've got it at 16 bit atm).
This is the impact optimisation can have. It can be all the difference between high quality porn and poorly dithered porn.
Do you think we will see a time when there are so many restrictions on passwords that the actual dictionary size on a dictionary attack can be reduced and not enlarged? It's very easy for a restrictive system to become counter productive.
Dictionary attacks should be made moot on any important system by limiting the number of login attempts with time. What is the point?
What authentication needs is to layoff the password restrictions (except for MAYBE a minimum length, because somebody typing 'a' is extremely easy to spot even from metres away), persistantly remind users not to use their date of birth or nick name and for implementions to take more responsibility in keeping crackers out.
JPEG is a stupid format for producing photo archives today. Nevermind 2045.
Here we are entering the realm of HDTV, MPEG-4, wavelet compression techniques for video and we look back at 320/252x240/288 MPEG-1 and cringe (atleast I do). In the future our JPEG's may be seen on the lower end of useable quality.... Hey these old JPEG's aren't detailed enough for our holodeck compute... better run it through Photoshop XII Virtual Reality Edition.
We should be using lossless JPEG2000 / Some kind of wavelet / PNG / some kind of compressed but LOSSLESS format. Atleast that way out descendants can't blame us for not doing our very best to preserve our documents (given our current limitations in scanning and restoration techniques).
The Wang vector pair floating about at the moment, when prepended to 2 useable files will produce a MD5 collision of the said files. BUT - as a result of doing this you are also going to corrupt these files and make them unuseable (executeables, MP3's etc, obviously not text documents).
All the proof-of-concept article shows is the two attack vectors by Wang in use with 3 simple programs. You will notice the "md5extractor", which needs to be in place to remove the arbitrary vector data before the evil good.exe becomes dangerous. This exact procedure doesn't apply to most software distribution actually, how are you going to get the extractor on the victims computer in the first place?
This could be a problem is somebody can produce an attack vector pair that does produce a valid executeable/PE header or and MP3 header. But these have structure and leave much less room for the vector, may place restrictions on the payload, and might not even be possible.
The webpage thing described in the comment you link to is pretty harmless. Who the hell usines a MD5 hash on a HTML documents? Misleading documentation? Browser exploits? Unlikely.
The fact remains if you were to try and use this method you would really be doing, and what you will have to do, is nothing more than trick the user by normal means (human failure).
Coincedentally, for use in authentication you would be a fool NOT to be running sanity checks on input anyway. For use in authentication, salted and sanity checked input to MD5 should is still very very safe.
I can't see a reason why P2P applications implemented for networks using MD5 file verification can't start popping off bytes at the beginning of downloads (the first block) and try it with another payload to detect and reject people using this type of multicollision attack. In addition these applications could check for valid MP3, AVI, JPEG, headers etc.
The author of the "MD5 - Someday to be considered harmful" paper is correct. MD5 is risky for some purposes, P2P networks still using MD5 without any smarts may be ruined, but the hash far from dead if used carefully backed up by other checks. What makes people think moving to SHA-1 or Whirlpool is going to solve these problems (OK with SHA-1 different types of attacks) in the longer term?
Relying on the hash mechanism alone is just a bad habit to get into. People are switching because it's just best to play it safe when people (myself included) don't understand the full significance of the attacks produced this year.
This has been discussed before and seems to start flamewars.
Yes there is a way to remove the IE engine from Windows 2000's installation files (and indeed integrate IE6 into them, since 2000+SP4 comes with IE 5).
The method of doing so is here. However it breaks things such as Windows help, Windows Update and lots of miscellaneous parts of the OS. For me atleast, it made the OS almost unbareable, introducing alot of annoyances. Although to be fair, I followed the post-install instructions...in theory, pre-install removal should be smoother.
Doesn't look so memorable to me. Maybe if you had posted this 3 years ago when I was doing A level math I would have been more motivated to try it out though.:(
Warning: main(php/rss_parse.inc): failed to open stream: No such file or directory in/home/groups/p/py/pyscrabble/htdocs/inc/about.php on line 5
Fatal error: main(): Failed opening required 'php/rss_parse.inc' (include_path='') in/home/groups/p/py/pyscrabble/htdocs/inc/about.php on line 5
... yeah because PHP is working out so well for you.
Here is the user javascript (I use it with Opera 8 but it should work with Firefox & greasemonkey too) to add cache links. I wrote it myself because I wasn't too happy with existing ones.
If you make any changes you can do so at pastebin (it's a mini CVS).
Slashdot Mirror
Your sig fails to take into account the terminating null byte, or perhaps a length indicator byte.
I do, Sir Tubwarmer, have a segmentation fault.
"It's not all that hard to buy an AMD64 machine with Windows XP"
It's not all that hard to buy an AMD64 machine with Windows XP 32-bit Edition. This of course renders most 64-bit goodness moot. I have yet to see a machine in any of the major high street and online shops (read: where most people still get their PC's from) that ships with XP x64, I guess because it's only available in it's 'Professional' flavour - not the shockingly different 'Home' flavour.
Windows XP Professional x64 Edition.
Don't expect the majority of people to be properly 64-bit enabled until Longhorn and a bit (for OS turnover in the consumer world). One of the umpteen LH flavours is sure to support your nice juicy new processor.
One question, are "modern Pentium 4 chips", "64-bit capable"? And to what extent? I wasn't aware any of the P4's were in anyway 64-bit (atleast no corny dun-dun-dun-dun adverts on TV bragging about 'Intel 64-bit technology' yet)
No, I believe the 'real question' is why did we give up on our space program in the first place, really just a few years before people started seeing and reaping the commercial benefits of satellite technology.
It is feasibly that if we had continued our efforts, unclamped by the government, we may have put a man in space ourselves.
There was recently a brilliantly put together but saddening documentary on the highlights of the British space program on the BBC. Unfortunately there isn't a torrent in sight (if anyone finds one PLEASE me know) and there aren't many central sources for general information on the era to be found with Google (unless you know specific project names).
Britain's first space pioneers - A nice summary of British space efforts, courtesy of the BBC.
So release your code under the 'public domain' and get it over with already?
Simple, this is acheived by using wildcard DNS entries. The big DNS servers like BIND support this out of the box. Then you just extract the subdomain but from the HTTP "Host:" header, mandatory in the HTTP/1.1 standard.
The first thing that came to mind for me was the Britvic Tango drink. A fizzy orangey drink much like Coca Cola's Fanta [1].
:)
I'm was rather surprised noone else has mentioned this until I did a quick Google search and found out it's a British thing. Over here it pretty much dominates the market in fizzy fruit drinks (atleast in terms of brand awareness). Obviously I don't have any figures but Fanta is seemingly much less popular.
It's always nice to come across differences in brand awareness across the globe.
To clairify, my point here wasn't to disagree with what Page said. But just putting something 'in perspective' is just a way of saying, putting things into ONE perspective...that and 'humanitarian' posts tend to make me verbose. I just thought it was rather redundant and, to quote a sibling post with what I agree, moronic, of both the grandparent and Page to bother mentioning it in the first place.
One could argue that thousands of lives being lost is far better alternative than the history and memories that those people created. For a few, i'm sure Walice and Gromit, to them atleast, represents some of their better acheivements.
Likewise, what would be the greater loss to everyone alive today and everyone yet to be born, the sudden death of Matt Groening or the sudden combustion of every Simpsons show ever produced?
Mourning or promoting the case for Matt Groening, who you've probably never met or known, would be, or for those 20,000 people in India is, an insult, as these people mean absolutely nothing to you. If you want to make news why don't you do something that'll help the suffering in India (like promote the aid effort) rather than try to give us perspective that we (well I for one) already disagree on?
There is a time for compassion and pointing out how petty a loss is by making comparison with a humanitarian point, and then there are just plain unnecessary comments like yours...life must go on.
...i meant in assembly. :(
I started off looking at the x86 instruction set and then googling for "XCHG reverse string" and voila, came up with this page that, aswell as covering some some of the methods described in this little discussion tree, has a final comment thats extra-specially interesting:
Of course, if you didn't trust your compiler (or working toward multiple architectures) you could always use some compiler directives and some embedded asm?
Is it possible to write this function using nothing but reigsters and the memory occupied by the string? Anyone care to give it a go? >)
...and while we're at it lets make all software developers responsible for the consequences of every bug and flaw in all of their products. This will make Microsoft and other closed source non-free embracing corporate demons 'go away'.
Whether you're playing with people's money, time or lives there is a personal risk and responsibility to to end user (us) when we do anything in life. Yet we're constantly trying to make it somebody elses problem?
Rather than just shifting the blame why doesn't somebody come up with a decent list of things banks could actually do to make us safer.
No usually that's when I start working.
Wouldn't using your browser to access web applications on your local intranet, to do OO/MS Office like work, just be a really crappy way to turn all your workstations into thin clients? I'm sure there are better solutions for this than doing everything via hypertext.
In terms of Internet services... why the hell would the web need this? If everyone got thei act together (i.e. Microsoft) and produced a decent (and i mean really good) open standard it'd make the concept somewhat redundant what with the cheap/free and excessive availability of webspace providers.
Somehow I don't think office applications will port to the web as naturally as e-mail has with webmail.
Speaking of which, I wish somebody could explain how Windows 2000 manages 24 bit depth at 1280x1024 resolution and 75 Hz on my ATI AGP 4MB (you read right) video card and yet xorg flakes out complaining of not enough memory at 24 bit (I've got it at 16 bit atm).
This is the impact optimisation can have. It can be all the difference between high quality porn and poorly dithered porn.
Do you think we will see a time when there are so many restrictions on passwords that the actual dictionary size on a dictionary attack can be reduced and not enlarged? It's very easy for a restrictive system to become counter productive.
Dictionary attacks should be made moot on any important system by limiting the number of login attempts with time. What is the point?
What authentication needs is to layoff the password restrictions (except for MAYBE a minimum length, because somebody typing 'a' is extremely easy to spot even from metres away), persistantly remind users not to use their date of birth or nick name and for implementions to take more responsibility in keeping crackers out.
JPEG is a stupid format for producing photo archives today. Nevermind 2045.
... Hey these old JPEG's aren't detailed enough for our holodeck compute... better run it through Photoshop XII Virtual Reality Edition.
Here we are entering the realm of HDTV, MPEG-4, wavelet compression techniques for video and we look back at 320/252x240/288 MPEG-1 and cringe (atleast I do). In the future our JPEG's may be seen on the lower end of useable quality.
We should be using lossless JPEG2000 / Some kind of wavelet / PNG / some kind of compressed but LOSSLESS format. Atleast that way out descendants can't blame us for not doing our very best to preserve our documents (given our current limitations in scanning and restoration techniques).
No it doesn't.
The Wang vector pair floating about at the moment, when prepended to 2 useable files will produce a MD5 collision of the said files. BUT - as a result of doing this you are also going to corrupt these files and make them unuseable (executeables, MP3's etc, obviously not text documents).
All the proof-of-concept article shows is the two attack vectors by Wang in use with 3 simple programs. You will notice the "md5extractor", which needs to be in place to remove the arbitrary vector data before the evil good.exe becomes dangerous. This exact procedure doesn't apply to most software distribution actually, how are you going to get the extractor on the victims computer in the first place?
This could be a problem is somebody can produce an attack vector pair that does produce a valid executeable/PE header or and MP3 header. But these have structure and leave much less room for the vector, may place restrictions on the payload, and might not even be possible.
The webpage thing described in the comment you link to is pretty harmless. Who the hell usines a MD5 hash on a HTML documents? Misleading documentation? Browser exploits? Unlikely.
The fact remains if you were to try and use this method you would really be doing, and what you will have to do, is nothing more than trick the user by normal means (human failure).
Coincedentally, for use in authentication you would be a fool NOT to be running sanity checks on input anyway. For use in authentication, salted and sanity checked input to MD5 should is still very very safe.
I can't see a reason why P2P applications implemented for networks using MD5 file verification can't start popping off bytes at the beginning of downloads (the first block) and try it with another payload to detect and reject people using this type of multicollision attack. In addition these applications could check for valid MP3, AVI, JPEG, headers etc.
The author of the "MD5 - Someday to be considered harmful" paper is correct. MD5 is risky for some purposes, P2P networks still using MD5 without any smarts may be ruined, but the hash far from dead if used carefully backed up by other checks. What makes people think moving to SHA-1 or Whirlpool is going to solve these problems (OK with SHA-1 different types of attacks) in the longer term?
Relying on the hash mechanism alone is just a bad habit to get into. People are switching because it's just best to play it safe when people (myself included) don't understand the full significance of the attacks produced this year.
This has been discussed before and seems to start flamewars.
Yes there is a way to remove the IE engine from Windows 2000's installation files (and indeed integrate IE6 into them, since 2000+SP4 comes with IE 5).
The method of doing so is here. However it breaks things such as Windows help, Windows Update and lots of miscellaneous parts of the OS. For me atleast, it made the OS almost unbareable, introducing alot of annoyances. Although to be fair, I followed the post-install instructions...in theory, pre-install removal should be smoother.
2b || !2b =?
true... true.
Doesn't look so memorable to me. Maybe if you had posted this 3 years ago when I was doing A level math I would have been more motivated to try it out though. :(
:| Well the answer to my question is obviously 'yes'.
What I mean is, most atlases use a better representation where sizes are maintained. Why does Google maps not use like other atlases?
Can't a 2D map be distorted in such a way as to correct for this?
If so why the hell isn't it.
If you want a sweet little out of context sound byte how about:
Gates on Google: "Our search API is way better than their search API."
Here is the user javascript (I use it with Opera 8 but it should work with Firefox & greasemonkey too) to add cache links. I wrote it myself because I wasn't too happy with existing ones.
If you make any changes you can do so at pastebin (it's a mini CVS).