There have been about 30,000 days since he started working in 1930. If the 300,000 number is accurate, he would have had to fix an average of 10 typewriters, every day, for the past 80 years. That's without any weekends or holidays.
I guess I have no direct experience repairing typewriters. However, I would have certainly guessed that it takes longer than ~1 hour to "fix" a typewriter. In addition to that, I would think it's hard to find a stream of that many typewriters to repair. (I.e., a rather successful business.) If these numbers are true, the guy was pretty impressive.
Other than poorly designed clocks, what other devices actually care about the power line frequency?
Actually, mains power should normally be a very good frequency source for a clock. Utilities periodically adjust the frequency such that the long term clock drift is near zero. From wikipedia:
Network operators will regulate the daily average frequency so that clocks stay within a few seconds of correct time. In practice the nominal frequency is raised or lowered by a specific percentage to maintain synchronization. Over the course of a day, the average frequency is maintained at the nominal value within a few hundred parts per million.
The parent's point was not to say that 1W is useless. (Indeed, as you point out, 1W can be put to great use.)
Instead, he made a very logical argument that if society's goal is to reduce wasted energy (a noble goal), then it is misguided to try to expend tremendous engineering effort trying to reduce a device from 1W down to 0W. If, instead, we improved the efficiency of a 75,000W SUV by a mere 0.1%, we will have saved two orders of magnitude more energy.
Attack the biggest problems first, not the smallest ones.
While I'm no fan of Comcast, $195,000 per subscriber is a ludicrous amount. At $50/month, a subscriber would have paid $6k total for the entire decade the service was available. Claiming damages in excess of 30x the total value of the service seems excessive.
I'm sure they're 'trying to send a message', but it bothers me when lawsuits are so far out of the realm of reality. It's no different than the trumped up "losses" RIAA claims for sharing a few songs, or when a judge sues for $67M for a pair of pants.
In this case, available current doesn't really come into play.
The human body has a resistance of about 10K Ohms. From Ohm's Law, at 110V, your body will only conduct 110V / 10K = 0.011A. This is less than 1/100th of the current available from the voltage source, regardless of whether it's from the outlet or the battery bank.
Put another way, either of these hazards has many times the amount of current needed to kill you.
experiment... to determine if encrypted messages could be passed using unwitting third parties
They managed to share anonymous information with others using only a site whose purpose is to share anonymous information with others. The fact that the encrypted the info still doesn't make it much of an 'experiment'.
If you want to start your own pre-paid phone network, you shouldn't steal Freedom Wireless's way of doing it.
The problem with that logic is that there are likely only a small number of straightforward ways to "properly deduct the right amount of money from the account based on the number of minutes". Seriously, how many different ways are there to implement
customer.balance -= (minutes * rate);
Two independent companies could easily implement this in a very similar (straightforward) way, without "stealing" Freedom Wireless's way of doing it.
Because flash memory is non-volatile, i.e., it doesn't need power to retain information that's already been written to it
This statement is true-- flash memory is non-volatile. However, why do you assume that PDAs use flash memory for all their storage? I'm not sure that they do. I have two PDAs-- both of which will quite reliably erase all their data if the main battery dies.
Flash's slow write time & limited erase cycles make it a poor replacement for general purpose RAM. I suspect that many / most PDAs use SRAM, instead. The battery you mention (in addition to running the clock) is likely there to keep the SRAM powered if the main battery dies. However, not all of us are so lucky to have a PDA with that battery-backup feature, which was part of the OPs complaint.
So, why the need for 100 keys per second? One key at the start of the stream should be enough.
If the quantum channel were fast enough, I'm sure they'd want to use it to send the video directly. Since it isn't fast enough, they're doing the next best thing: Send the encrypted video over traditional (possibly hackable) channels, then send the keys 'securely' using quantum tech.
Rotating the key for every 1/100 sec minimizes the damage in case some of the video is decrypted: the hacker would only be able to recover one frame, rather than the whole video. Probably also makes decryption attempts less desireable in the first place
I agree with your point, but the math needs work: 26! x 26! x 26! x 26! x 26! is a *huge* number-- around 10^133. (More than the number of particles in the universe).
The actual number of combinations of 5 letter words is 26^5, about 10 million.
The fact that a fully patched IE still crashes on this JPEG (and others, I'm sure) is inexcusable.
I can somewhat understand that their previous JPEG implementation had problem(s) with unchecked input. In a perfect world, programmers would be better at validating input, but we all know the rush to get SW out the door. These bugs can (unfortunately) slip by.
However, after a highly public and exploitable flaw is found in their JPEG parsing, they should have made damn sure that the 'fixed' version is rock solid, validating every single bit of an image. What this says to me is that they found the one bug that caused the initial exploit, then didn't bother to see if there were others. Lazy and unacceptable.
One thing I always wondered about these devices, is how you keep the device synchronized with the server. Since the code changes every 60 seconds, the server and the fob have to be set to within 1 minute of each other in order to agree on the same code.
A typical quartz clock has accuracy on the order of +/-10 ppm (parts per million). To accumulate an error of 60 seconds requires only 60 / (10 / 1M) = 6M seconds = 70 days. Therefore, it would seem after a few months, the fob would 'drift' enough to make the codes not match.
Does the user have to manually keep the time set? (Though, looking at the device on RSA's site, I don't see any buttons.) Does the server automatically accept a range of codes to allow for more 'drift'? Both approaches in combination?
You are correct that putting a purely capacitive (or inductive) load on the AC line will lower the Power Factor. In that case, the line charges the cap for half of the cycle (energy fed into the cap), and then the cap discharges (energy goes back to the power company) during the other half. The net result is that the average energy transferred is zero, giving a power factor of zero. The good news is that the power company does not charge for this transfer. The bad news is you couldn't do anything useful with the energy, since you gave it right back to them.
However, that's not exactly what his circuit would do: He would charge the cap for half of the cycle. However, the diode prevents the cap from discharging energy back to the power company. Instead, the cap's energy is discharged into the bulb (useful work, for which the power company does indeed charge). In this case, the circuit simply draws more energy in a smaller period of time.
Of course, as you suggest, the power factor will be somewhere between 0 (no power used) and 1 (all power used). Wherever it lies, though, the power company will charge for any energy your circuit does use.
The watt-hour meters used by electric companies are supprisingly accurate, and resiliant to many types of 'cheats'. I've heard of several schemes to fool meters, such as drawing lots of power in very short bursts, in hopes that the meter can't keep up, etc. The results I heard were the same: The meter will do a reasonably good job of measuring your energy usage, reagardless of how you choose to use that energy.
Sure, the the diode you suggest will make your meter run slower... at the mere expense of a bulb that's not as bright as it was before. (Standard light dimmers work in much the same way: By reducing the % of the cycle the bulb is powered.) Aside from the time you spent, you'll simply come out even in the end.
At first, you don't trasmit anything. (Since, as you point out, the whitelist would prevent the access point from responding to you, anyway.) However, you just listen to the existing legitimate traffic. Then clone your device with the same MAC as one of these legitimate (and already on the whitelist) devices.
I believe MAC filters are inherently less secure than encryption: The MAC addresses, I believe, are sent in the clear (i.e., not encrypted), so all someone has to do is listen to which devices are already operating on the network, then spoof their MAC to match.
I, like many people here, was curious if it was possible to effectively chain multiple hash functions. I found your post very informative. However, I was a bit confused by the statement:
no matter what, the idea of concactenating two hash functions has such low security compared to designing a good hash function of the same length from scratch that it is unlikely that this concept will ever be useful from a pure cryptography standpoint.
If the purpose of chaining two hash functions of size n & m was to get one "super" hash function with effective size n+m, then I agree with your analysis: At the end, you get a new hash that isn't much better than hash 'n' alone.
However, I thought the intent was to combine two hashes, each of adequate length, one of which may be later found to be flawed. In the most extreme case, a major flaw reduces effective size down to m=1 (i.e., trivial to break). By your same analysis, the combination of the broken & unbroken hash has an effective size of
m*2^(n/2) + 2^(m/2) =
1*2^(n/2) + 2^(1/2) ~= 2^(n/2)= same effectiveness as original "n" hash
Meaning that if one algorithm is completely broken, you still have the full strength of the remaining function. In a perfect world, it would be simpler to use just one algorithm known from the start to be secure. However, I don't know of any crypto algs, aside from One Time Pads, that have ever been 'proven' secure. Chaining, therefore, seems a reasonable approach, given that we don't know in advance which algorithms may be broken in the future.
I agree that it's unlikely that human-powered vertical flight is quite unlikely to be practical anywhere outside of engineering demonstrations.
However, I would think that the point of the excercise is to lean new insights into helicopter design. It's (relatively) easy to get a copter off the ground with a nice, powerful turbine engine. But, if you want to get something working with 1/4 horsepower, you have to re-think a lot of 'accepted' designs in order to improve efficiency, reduce weight, etc.
The whole project helps the designers think outside the box, and may, if lucky, help create something inovative / new, that might benefit more mainstream helicopters.
Slashdot Mirror
There have been about 30,000 days since he started working in 1930. If the 300,000 number is accurate, he would have had to fix an average of 10 typewriters, every day, for the past 80 years. That's without any weekends or holidays.
I guess I have no direct experience repairing typewriters. However, I would have certainly guessed that it takes longer than ~1 hour to "fix" a typewriter. In addition to that, I would think it's hard to find a stream of that many typewriters to repair. (I.e., a rather successful business.) If these numbers are true, the guy was pretty impressive.
Other than poorly designed clocks, what other devices actually care about the power line frequency?
Actually, mains power should normally be a very good frequency source for a clock. Utilities periodically adjust the frequency such that the long term clock drift is near zero. From wikipedia:
Network operators will regulate the daily average frequency so that clocks stay within a few seconds of correct time. In practice the nominal frequency is raised or lowered by a specific percentage to maintain synchronization. Over the course of a day, the average frequency is maintained at the nominal value within a few hundred parts per million.
So yes, 1w is a lot of power.
The parent's point was not to say that 1W is useless. (Indeed, as you point out, 1W can be put to great use.)
Instead, he made a very logical argument that if society's goal is to reduce wasted energy (a noble goal), then it is misguided to try to expend tremendous engineering effort trying to reduce a device from 1W down to 0W. If, instead, we improved the efficiency of a 75,000W SUV by a mere 0.1%, we will have saved two orders of magnitude more energy.
Attack the biggest problems first, not the smallest ones.
I believe that TFS means 'the only known recording of a particular live Woody Guthrie performance'.
While I'm no fan of Comcast, $195,000 per subscriber is a ludicrous amount. At $50/month, a subscriber would have paid $6k total for the entire decade the service was available. Claiming damages in excess of 30x the total value of the service seems excessive.
I'm sure they're 'trying to send a message', but it bothers me when lawsuits are so far out of the realm of reality. It's no different than the trumped up "losses" RIAA claims for sharing a few songs, or when a judge sues for $67M for a pair of pants.
In this case, available current doesn't really come into play.
The human body has a resistance of about 10K Ohms. From Ohm's Law, at 110V, your body will only conduct 110V / 10K = 0.011A. This is less than 1/100th of the current available from the voltage source, regardless of whether it's from the outlet or the battery bank.
Put another way, either of these hazards has many times the amount of current needed to kill you.
He claims to be right more than wrong in five of the past six years.
That's nothing: I've devloped a new mathematical algorithm that correctly predicts the outcome of the past six years with 100% accuracy.
experiment ... to determine if encrypted messages could be passed using unwitting third parties
They managed to share anonymous information with others using only a site whose purpose is to share anonymous information with others. The fact that the encrypted the info still doesn't make it much of an 'experiment'.
If you want to start your own pre-paid phone network, you shouldn't steal Freedom Wireless's way of doing it.
The problem with that logic is that there are likely only a small number of straightforward ways to "properly deduct the right amount of money from the account based on the number of minutes". Seriously, how many different ways are there to implement
customer.balance -= (minutes * rate);
Two independent companies could easily implement this in a very similar (straightforward) way, without "stealing" Freedom Wireless's way of doing it.
We also all know that BluRay will win.
You may be right that BluRay will win. I certainly can't predict the future. However, history seems to have taught us one thing:
When it comes to format wars, always bet against Sony.
Has anyone told The Register that HTML now supports breaking text up into multiple paragraphs?
That article is most likely interesting, but my eyes hurt just looking at that massive blob of text.
Because flash memory is non-volatile, i.e., it doesn't need power to retain information that's already been written to it
This statement is true-- flash memory is non-volatile. However, why do you assume that PDAs use flash memory for all their storage? I'm not sure that they do. I have two PDAs-- both of which will quite reliably erase all their data if the main battery dies.
Flash's slow write time & limited erase cycles make it a poor replacement for general purpose RAM. I suspect that many / most PDAs use SRAM, instead. The battery you mention (in addition to running the clock) is likely there to keep the SRAM powered if the main battery dies. However, not all of us are so lucky to have a PDA with that battery-backup feature, which was part of the OPs complaint.
So, why the need for 100 keys per second? One key at the start of the stream should be enough.
If the quantum channel were fast enough, I'm sure they'd want to use it to send the video directly. Since it isn't fast enough, they're doing the next best thing: Send the encrypted video over traditional (possibly hackable) channels, then send the keys 'securely' using quantum tech.
Rotating the key for every 1/100 sec minimizes the damage in case some of the video is decrypted: the hacker would only be able to recover one frame, rather than the whole video. Probably also makes decryption attempts less desireable in the first place
I agree with your point, but the math needs work: 26! x 26! x 26! x 26! x 26! is a *huge* number-- around 10^133. (More than the number of particles in the universe).
The actual number of combinations of 5 letter words is 26^5, about 10 million.
The fact that a fully patched IE still crashes on this JPEG (and others, I'm sure) is inexcusable.
I can somewhat understand that their previous JPEG implementation had problem(s) with unchecked input. In a perfect world, programmers would be better at validating input, but we all know the rush to get SW out the door. These bugs can (unfortunately) slip by.
However, after a highly public and exploitable flaw is found in their JPEG parsing, they should have made damn sure that the 'fixed' version is rock solid, validating every single bit of an image. What this says to me is that they found the one bug that caused the initial exploit, then didn't bother to see if there were others. Lazy and unacceptable.
One thing I always wondered about these devices, is how you keep the device synchronized with the server. Since the code changes every 60 seconds, the server and the fob have to be set to within 1 minute of each other in order to agree on the same code.
A typical quartz clock has accuracy on the order of +/-10 ppm (parts per million). To accumulate an error of 60 seconds requires only 60 / (10 / 1M) = 6M seconds = 70 days. Therefore, it would seem after a few months, the fob would 'drift' enough to make the codes not match.
Does the user have to manually keep the time set? (Though, looking at the device on RSA's site, I don't see any buttons.) Does the server automatically accept a range of codes to allow for more 'drift'? Both approaches in combination?
...the DMCA will soon make pens illegal.
You are correct that putting a purely capacitive (or inductive) load on the AC line will lower the Power Factor. In that case, the line charges the cap for half of the cycle (energy fed into the cap), and then the cap discharges (energy goes back to the power company) during the other half. The net result is that the average energy transferred is zero, giving a power factor of zero. The good news is that the power company does not charge for this transfer. The bad news is you couldn't do anything useful with the energy, since you gave it right back to them.
However, that's not exactly what his circuit would do: He would charge the cap for half of the cycle. However, the diode prevents the cap from discharging energy back to the power company. Instead, the cap's energy is discharged into the bulb (useful work, for which the power company does indeed charge). In this case, the circuit simply draws more energy in a smaller period of time.
Of course, as you suggest, the power factor will be somewhere between 0 (no power used) and 1 (all power used). Wherever it lies, though, the power company will charge for any energy your circuit does use.
The watt-hour meters used by electric companies are supprisingly accurate, and resiliant to many types of 'cheats'. I've heard of several schemes to fool meters, such as drawing lots of power in very short bursts, in hopes that the meter can't keep up, etc. The results I heard were the same: The meter will do a reasonably good job of measuring your energy usage, reagardless of how you choose to use that energy.
Sure, the the diode you suggest will make your meter run slower... at the mere expense of a bulb that's not as bright as it was before. (Standard light dimmers work in much the same way: By reducing the % of the cycle the bulb is powered.) Aside from the time you spent, you'll simply come out even in the end.
At first, you don't trasmit anything. (Since, as you point out, the whitelist would prevent the access point from responding to you, anyway.) However, you just listen to the existing legitimate traffic. Then clone your device with the same MAC as one of these legitimate (and already on the whitelist) devices.
I believe MAC filters are inherently less secure than encryption: The MAC addresses, I believe, are sent in the clear (i.e., not encrypted), so all someone has to do is listen to which devices are already operating on the network, then spoof their MAC to match.
If the purpose of chaining two hash functions of size n & m was to get one "super" hash function with effective size n+m, then I agree with your analysis: At the end, you get a new hash that isn't much better than hash 'n' alone.
However, I thought the intent was to combine two hashes, each of adequate length, one of which may be later found to be flawed. In the most extreme case, a major flaw reduces effective size down to m=1 (i.e., trivial to break). By your same analysis, the combination of the broken & unbroken hash has an effective size of
m*2^(n/2) + 2^(m/2) = 1*2^(n/2) + 2^(1/2) ~= 2^(n/2)= same effectiveness as original "n" hash
Meaning that if one algorithm is completely broken, you still have the full strength of the remaining function. In a perfect world, it would be simpler to use just one algorithm known from the start to be secure. However, I don't know of any crypto algs, aside from One Time Pads, that have ever been 'proven' secure. Chaining, therefore, seems a reasonable approach, given that we don't know in advance which algorithms may be broken in the future.
I agree that it's unlikely that human-powered vertical flight is quite unlikely to be practical anywhere outside of engineering demonstrations.
However, I would think that the point of the excercise is to lean new insights into helicopter design. It's (relatively) easy to get a copter off the ground with a nice, powerful turbine engine. But, if you want to get something working with 1/4 horsepower, you have to re-think a lot of 'accepted' designs in order to improve efficiency, reduce weight, etc.
The whole project helps the designers think outside the box, and may, if lucky, help create something inovative / new, that might benefit more mainstream helicopters.