Interestingly enough, a couple years ago my Biostats teacher mentioned that about 50% of scientific articles in biological journals contain at least one statistical error. Personally, I think this can be attributed to the general lack of math skills of most Biology majors (not all of course). Biology is a memorization-based science, and most classes require virtually no math skills. In the courses that do have some math, it's never above the algebra level (with the exception of Biostats), and even that is considered quite difficult for a lot of people. Most of my classmates have an amazingly hard time with non-Calculus based physics. My university is even lowering the math required to get a Biology degree (from Calculus II to Calculus I). Even if students do learn it, if you don't use it you tend to forget it. Therefore it doesn't surprise me that many scientists and doctors (which many of my classmates may become) make mathematical errors in journal articles.
I figured that you knew the difference, but since this is the internet you can't be too sure. That's why I pointed out that "Password encryption is one way." is a false statement as a side not in my post. "Password hashing is one way", is true. "Password encryption is one way", is false. You were using the terms sloppily so I mentioned it just in case you didn't realize the difference. It's not a subset of encryption BTW, but the distinction isn't terribly important. Passwords and pass phrases can be used to seed encryption or be hashed. I've been talking about both since they both apply. You're right in that length cannot be determined by a hash. You're wrong in thinking that such a thing matters.
We're talking about 15-100+ character passwords.
Nope, "we" aren't. I'm talking about 15-100+ character passphrases compared to standard sized passwords. If we were talking about 100+ character passwords then nothing that I've mentioned would even come close to making it crackable. Proper passwords have a fairly high entropy, pass phrases don't. That's the difference and that's why what I'm suggesting would probably work. I realize that you already understand the difference, but you're using the terms synonymously, and it's a little hard to discuss the differences between the two unless we use different terms for each.
With the exception of my hash VS encryption triad I haven't been jumping around. My original post was about the fact that pass phrases don't inherently contain more entropy than passwords, and as such could be bruteforced. My later posts entail a theoretic way that such a bruteforce engine could operate. It would be stupid to bruteforce 30+ characters of anything using the traditional aaaa, aaab, aaac approach. A keyspace of 256^100 isn't even worth considering. Because they are longer, pass phrases seem more secure at face value. But English is very low entropy. Compression is not a 50% reduction, the human brain has few problems decoding something like that. Fr exmp ths sent cn b read ez. With a more standard 85% compression that 100 character pass phrase becomes only 15 characters (still difficult, but not impossible with current technology). Now why does this matter? Well, what if we try to brute force the compressed version of the text? That's what I'm suggesting. I am not suggesting brute forcing the fairly long pass phrase, just the short compressed text. "This is my really, really, really long pass phrase." may not be easy to brute force directly (256^length), but a 10 (or whatever it may be) character compressed version is bruteforcable (256^10 = 2^80). Knowing the length of the pass phrase isn't necessary. The reason I'm stating the length is to illustrate the the keyspace isn't something like 256^100.
The point remains, if you are using Windows,
I don't even use a multi-user OS, so there are no hashed passwords on my system. I'm speaking in general terms. Also, the storage of lanman hashes can be disabled in the registry, so a 15+ character password isn't necessary (though it is more secure). Rainbow tables will still work, but I wouldn't feel safe against them at 15 characters.
Hashing works like you mention. It takes any length input and generates a fixed sized output. There are two major types of encryption, block and stream. Stream encryption always generates output the same length as the input. Block encryption requires that the last block processed be padded so that it has a block to work with. In either case the original length can be determined (to within a block size, so 128 bits for example) by the length of the cipher text. Hashing is one way, used for file and password verification. Encryption is reversible, so it can't discard data to generate a fixed length output. So, as I mentioned before, it's a semantics issue since encryption != hashing, though they are similar.
As for brute forcing, adding an additional character increases the keyspace geometrically. So it doesn't take much longer to bruteforce all 1 - 9 character passwords than just 9 character passwords. The method I describe for bruteforcing pass phrases is essentially traditional bruteforcing with one extra step. So it isn't necessary to know the length of the original pass phrase.
You don't need to know the length though. Just like traditional brute forcing, start small and work your way up. Start with decompressing an 8 bit sample (or whatever), then move up to whatever is practical. Decompressing x random bytes won't always result in an output of y bytes, but as x increases y should increase as well (in general, specific cases are unpredictable). I defined the length so I could estimate the keyspace that would need to be searched before a match would probably be found. BTW, (just a semantics note) encryption does let you know the length of the clear text within one block size (128 bits for example). Hashing always results in the same size output.
I didn't calculate in variations of words and misspellings because the grammatical and frequency components would still dwarf it. (And even misspellings are somewhat predictable.) With pass phrases the number of possible "phrases" is huge, but the number of likely phrases is much more manageable. English text (and probably text in other languages) compresses very well, something like 85% - 95%. A brute force algorithm could simply decompress random text of the appropriate length. Something like: random string --> decompression --> longer string of characters with English-like characteristics. Here's an example:
So if a 9 word pass phrase has an average word length of 5, plus one for punctuation/spaces, then the pass phrase would be approximately 54 characters long. If that's compressed to 5% - 15% of it's original size then the compressed text would only be 2.7 - 8.0 characters long. So you only have to search a key space of between 2^8 and 2^24. Therefore, in this case, the pass phrase would be far easier to brute force, unless it was extremely random (high entropy --> lousy compression but better encryption). The problem, IMHO, is that people aren't good at being random, and have a lot of difficulty remembering truly random things. It doesn't matter if you make people type 16 characters or 54 characters, if it's not random then it will be easy to brute force.
Hmm... it seems to me that the pass phrase idea wouldn't be that much more secure should cracking utilities be crafted to them. English words and phrases aren't terribly random. They compress very well after all. So it doesn't seem like you gain any entropy from a pass phrase, just length. To crack a pass phrase one could use an intelligent dictionary search that exploits the rules of grammar (subject, verb, noun) combined with word and letter frequencies, and with some spelling variation. Pass phrases aren't inherently more secure than passwords, just longer. It's possible that pass phrases could serve as mnemonic devices, thus allowing a user to remember a secure pass phrase more easily than a secure password, but I have my doubts.
Just in case I haven't explained my point very well, here's a more mathematical example. A 16 character alphanumeric password has a total of (26*2 + 10)^16 ~= 2^95 possible combinations. The average person uses something like 2,000 words in a given day (and only knows something like 15,000). A 9 word pass phrase could then be something like 2000^9 ~= 2^98 possibilities. That's better than a 16 character password, but it assumes that the 10 words are randomly picked and unrelated (and spelled perfectly). By mixing in misspellings you might gain, say, 100 possibilities per word, but it's also likely that a few of the words will be "the", "a", or "I". The rest can be searched based on usage frequency and word order. It makes cracking more complicated, but it probably wouldn't add significant time to a bruteforce attack. Unless, of course, pass phrases are a mnemonic device that let people remember something really long and random (hence with a lot of entropy).
Because his followers have a history of violence? Just kidding. Mostly because nukes raised the stakes for war a little higher than most countries are willing to go. So less war, which I figure is a good thing worthy of blessing. Nukes aren't made to be used after all. Otherwise there'd be no point in making enough to destroy the world 4000 times over.
Yes, because the world was such a peaceful place before nuclear weapons were developed, especially those last 30 or so years. (Hint, people long ago figured out how to kill and maim large numbers of people without the use of nukes.)
Yep, each cell has several mitchondria. When a cell divides each daughter cell gets roughtly half of them (if it doesn't get any then it dies). As the cell grows the mitochondria detects that it has a relatively low population relative to the cell size so it divides. When a woman produces eggs the mitochondria are included (causing mitochondria to be inherited solely from the mother, baring extreme circumstances).
You're right, but "some gene loss/exchange" would be an understatement. IIRC, there are about 1600 mitochondrial genes, and only about 20 of them are actually on mtDNA (most of those are tRNA). So the rest have been integrated into the "host" genome. This is actually an ongoing process and gene transfer happens a lot more frequently than you'd think. Mitochondrial genes that get inserted are called NUMTs and have actually been associated with human disease.
While disk imaging is a very useful technique, you do miss out on updates. What I like to do is to create a custom XP install CD pre-tweaked the way I'd like with some of my programs set to quietly install on first boot. I don't actually burn the disk until I need it, and before I do so I slipstream in any service packs or updates. nLite actually makes this fairly easy. By slipstreaming I save time in installing, time in downloading, and disk space for updates. I don't take this as far as I could, but you should (in theory) be able to create an install CD that's essentially completely unattended and installs everything for you. Slightly slower and more complex than disk images, but if you partition a lot it's invaluable since you can install XP on whatever size partition you want without resizing and you're ready to go after it installs rather than wasting time downloading/installing numerous individual updates. You also don't risk accidentally getting malware on your disk image or freshly re-imaged machine. Note: I do this with an OEM version of XP so activation might be an issue for retail versions.
Doh, brain lapse.:-) Anyway, I know there are some personal firewalls that play with TCP on a fairly low level (such as randomizing the sequence number), so it should be possible to run a helper program that would selectively drop RSTs. You don't need to put the entire client in kernel space, just the helper. Similar to how several Windows packet sniffers require WinPcap. In any case, it wouldn't be a good solution since it requires the cooperation of everyone else, but for private trackers and smaller communities it may work fairly well.
Because having your data on the internet makes it more accessible, and if your house burns down you won't lose it. Plus RAID controllers aren't free and often require some setup/maintenance.
Very good point. Back when I ran track (distance) I had a BMI of ~29. What's unhealthy (AFAIK) is having a high body fat percentage, not your weight:height ratio. For normal people BMI can approximate this without too elaborate of a test. For insurance reasons it would be more reasonable to charge a $5 fee if your BMI is over X UNLESS your body fat percentage is under Y%. Otherwise you overcharge healthy people (and disproportionately short people).
Couldn't that vulnerability be solved by including a thermometer? I.e. if the temperature is outside of the designed operational range then the RNG doesn't return anything.
what if you could either 1-find a way to stack h20 so it stayed the same size (most things shrink when they freeze, water is an exception) or 2- find a substitute molecule that could replace the water in a human corpus... one that also doesn't expand when frozen....
Like the Trehalose that Tardigrades use to survive at tempatures approaching absolute zero? (While trehalose might protect the cell membranes I suspect that human proteins would be denatured by extremely low temperatures.)
Isn't PGP/GPG public key encryption? I.e. you encrypt your e-mail with the public key of your recipient, and only the recipient's private key can be used to decrypt it. So AFAIK you shouldn't be able to decrypt the messages that you send. Of course, your argument still applies to messages that you receive.
How about duel boot laptops? After all, Linux's hardware support for laptops isn't that great, and many people still have things they need (or prefer) to do in Windows or some other OS. Hibernation doesn't remount partitions, so guess what happens if you hibernate, boot another OS, edit a file, then resume?
If boot time didn't matter then people wouldn't complain about it. You could hibernate all the time, but hibernation isn't perfect (or safe in all situations), and some people just like to start with a "clean slate" in the morning. Boot time is actually one of the big things that keeps me from using Linux very often. When I wake up in the morning and want to check my RSS feeds I have three options. First I turn on my laptop (which is off to conserve energy, prevent my P4 from acting like a space heater for my dorm room, keep the room quiet, and cut down on EM interference that keeps my "atomic" clocks from syncing), and get to my boot manager. If I choose BeOS (my primary OS) I can wait 30 seconds for the OS to load (since I'm stuck with 1 MB/sec disk read speed, normally it would be ~7 seconds), immediately launch Firefox in ~5 seconds (same problem) and I'm done. If I choose Windows I wait about 40 seconds for my desktop, and about 20 seconds for Windows to finish so I can launch Firefox. With Linux I have to wait 2 - 3 minutes for it to boot and I can launch Firefox immediately. Hibernation wouldn't work since I use one Firefox profile on a shared drive.
So, even though hibernation works for you, it's not a valid excuse for an unnecessarily long boot time. (Oh, and if you're wondering why I still use the BeOS despite crappy hardware support, it's because it tends to be an order of magnitude faster for opening folders, e-mail, and non-ported applications. I get pissed off if I have to wait for a program and there isn't a hardware or network bottleneck that's causing the delay.)
AFAIK hibernate is entirely done in the OS. I.e. instead of booting normally it partially boots then retrieves the contents of RAM from disk. Sleep requires that hardware is put in a low power state and such. Personal example: my Mom's computer came preinstalled with Windows 98, so obviously it shouldn't have any hardware support for hibernation, but it still manages to hibernate with Windows XP just fine.
An FM radio station is limited by range, an internet radio station is limited by bandwidth. An FM radio station could broadcast to millions (perhaps billions in theory) and AM could do even more. Internet radio stations aren't limited by range, but they are limited to X listeners. While internet radio stations can scale up, internet radio is also less popular. So I don't see why they should have to pay higher royalties to broadcast to fewer people. (Well other than that whole "RIAA wants to protect its monopoly on what Average Joe is exposed to" thing.)
Ok, by judgment I mean that no number of scientists can make something true. Every scientist in a field believing in something doesn't make it any truer. Only data collected can suggest what the truth actually is. Waiting until "all the evidence is in" is a straw man position that nobody actually holds since the amount of evidence collectible is infinite.
In an attempt to distill what we actually are disagreeing about, lets look at the original thread that caused me to object to your opinion.
But, you're really quite positive about the whole global warming thing being caused by man, right? - Thundersnatch
Yes, unless you've got a theory that does a better job of explaining all the evidence to the satisfaction of the majority of people who study the problem. - You
How does satisfying a majority of people make a theory correct? - SaDan
Please educate yourself on science before criticizing it. - You
Going on what has been said, it would seem that you firmly believe in global warming being caused by man. You challenge Thundersnatch to provide an alternate theory that satisfies a couple of conditions. This implies you don't know of any other opinion that has merit. It also begs the question why must those conditions be met? The first (better job) is acceptable. The second is unscientific and SaDan points this out. You essentially state that he doesn't know what he's talking about, so I felt compelled to chime in. I don't care if you believe in global warming being mostly due to the activities of mankind. That's an acceptable and logical position to hold. What I won't tolerate is the implication that this is the only acceptable position to hold. Just because you choose to follow the scientific consensus doesn't mean everyone else has to. In science it's the data that matters, not consensus. Consensus may correlate with fact, but it doesn't cause something to be fact. Because of that reason, I object to your intolerance of someone holding an alternate opinion, or the implication that someone could be unconvinced. (I.e. they don't believe in global warming due to mankind, but don't believe in any other theories on the matter either.)
researchers can't base their conclusions only on the scientific method, but it is still useful
Yes, climatologists know what they're talking about and are scientists. No, you aren't using the scientific method if you model your opinions based on what researchers personally believe.
You speak of a better method of understanding the climate which the professionals are overlooking, what exactly is it?
No, I say that the scientific method isn't terribly well suited for climate research, and that if there's a better method then we should adopt it regardless of its history (long or short). Obviously if I knew a better method then I would be evangelizing it, not implicitly referencing it in Slashdot posts (although I didn't even do that).
almost none of us who aren't professionals have any basis to make good judgments based on our superficial knowledge of the subject.
Nobody has any basis to make a judgment on something like climatology. That is to say, no one researcher can say "Mankind's activities are the sole reason that the average temperature is increasing". A layman can know the following:
Research tells us that increased CO2 levels correlate with higher average global temperatures
Burning fossil fuels dumps a lot of CO2 into the atmosphere
This would lead a layman to believe that humans are contributing to global warming. It does not entitle a layman to believe that human activity is the only contribution or that all scientists are in agreement about exactly how much influence human activity has had on the warming trend. Therefore, a layman can form a moderately informed opinion. You attacked a couple people for not blindly believing what you hear on the media about the opinions of scientists. I.e. how many climatologists have you personally interacted with, and why should their opinion matter? They may be well informed, but they may not necessarily be unbiased (research and data should be unbiased, opinion usually is, whether that be toward an external influence or the person's own limited experience). Realistically, global warming is probably due to a variety of reasons. Human activity probably played no small part, but, natural or not, changes have happened. These changes affect everybody, not just climatologists. Therefore, it's reasonable for everyone to have an opinion on it. (Or if they choose not to have an opinion then that's fine too.) Science is skeptical by nature. Therefore, one should be skeptical of broad claims. One should listen to reason and solid data, not opinion or speculation. Scientists are not infallible, and should not be treated as such. Heck, the Pope isn't even infallible unless a variety of conditions are met. (One of which being that you're catholic and you care about the Pope.) That's why you shouldn't blindly believe what anyone says. Now, if you know a lot of really well informed people believe a certain way, and you want to model your beliefs after them, that's fine. But don't attack people who don't show the same blind faith that you do. Leave that to the theists. (And no, I'm not intending to liken faith in science to faith in religion, just that the blind acceptance of people's opinions is not scientific and one shouldn't pretend that it is.)
For most of those you seem to be missing the point. Haiku is designed to be a successor to BeOS. Many BeOS users (current and past) have used or now use other OSes, but haven't seen the things they liked about the BeOS present in them. That's why there's a need for Haiku. There is the Cosmoe Project that seeks to make Linux more like the BeOS, but personally I'm placing my hopes with Haiku (although I expect Cosmoe & Haiku can improve each other). That said, there are a few of your comments that I'd like to address.
* Focused on desktop, don't want to be a wristwatch
** So they believe in the future of desktops and not having a system that's built up of components but having a system designed for the desktop. Apple have their desktop OS running on a phone, Linux has been ported to just about anything under the sun, Microsoft have a stripped down version of their OS for phones and PDA but Haiku think they are better by focusing on desktop only -- mistake!
Haiku is designed to be a desktop OS. Not a server OS, or an embedded OS. Other OSes do that, and they do it well enough that there isn't a whole lot of need to compete with them in those areas. There are also trade-offs, so Haiku is aiming to be specialized toward the Desktop, not a Jack-of-all-trades.
* Compatible with Beos R5
** As he said in the presentation, why focus so much on being compatible with a 6 year old OS? - Maybe an emulator for the sake of it, but this is a priority?
Because much of the potential userbase is currently running BeOS R5.0.3 or R5.1 or Zeta. Many parts of Haiku have even been ported (if necessary) to run in BeOS R5. Parts like the Mail Daemon and ShowImage. Binary compatibility also ensures a fairly easy transition from BeOS/Zeta to Haiku, and that means that Haiku will have a fair amount of software available immediately. Many older BeOS apps are also closed-source (with the authors incommunicado), so binary compatibility is kind-of a big deal. Haiku R1 aims to be very similar to BeOS R5, Haiku R2 - Glass Elevator may break application compatibility.
* Kernel designed for responsiveness
** Low latency means lower performance and that dig at Linux he made in the presentation is inaccurate - firstly, responsiveness depends on options chosen in the kernel, having the option of better performance over lower latency is a GOOD thing.
I assume you haven't used the BeOS. Its speed will spoil you. Whenever I have to use Linux and Windows the speed difference becomes obvious. It isn't major, just annoying. Things like folders taking one second to open instead of a tenth of a second. Or applications that start essentially instantaneously. As a desktop user I don't really care that such responsiveness causes a small hit in performance, I'm not running a MySQL database or serving webpages in x milliseconds.
* Small footprint, fast boot
** 60MB uncompressed is not small, Linux even with X can be as small as 6MB uncompressed if that
True, Linux can be small, but the desktop distros usually aren't. They also tend to have a boot time on the order of minutes, while BeOS (and I assume Haiku) has it on the order of seconds. I.e. on the same machine it's not uncommon for BeOS to boot in ~7 seconds (ready to launch Firefox), and Linux to take 2 minutes. I'm sure you could reduce the Linux boot time, but even on my GP2X it still takes 14 seconds, and that's not loading network stuff or other things.
* Less Debug - no need to test with FreeBSD, OpenBSD, NetBSD, Multiple Linux kernels, Windows
** Absolute bullshit, he seems to encourage software to be made for their OS only, making it compatible with Linux, FreeBSD or Windows is a sin!
Yet another way BeOS is different. BeOS isn't entirely posix compatible. Virtually all non-trivial programs are multi-threaded, and BeOS uses it's own version of threads. It's related to the responsiveness of the B
Hmm... last time I checked science was about data and falsifiable theories constructed around that data, not consensus. The difference isn't immediately obvious since a belief widely held by scientists is usually supported by pretty good evidence. However, scientists are human (well, most of them), so many are reluctant to immediately disregard a belief they've held for several years even if there's proof that it's false. Furthermore, many scientists understand their field really well, and tend to either not understand other fields or not consider them (or both). A climatologist may downplay the effects of astronomical events on climate for instance. (BTW, since you're talking about global warming, climatology isn't really something the scientific method works on, well, unless you start essentially terraforming planets.)
If you've got a system that works better than the scientific method which has been developed for many centuries and used to bring our civilization to the level of technical sophistication that we now enjoy then I'd love to hear all about it. If not then please take a seat and stop trying to hinder attempts at progress.
Why does the scientific method's history matter? If there's a better method then it should be used, regardless of its age. In fact, the scientific method isn't terribly effective for engineering or historical analysis (archeology, climatology, etc.). Also, the scientific method, as I understand it, doesn't have a requirement that experiments adhere to the consensus opinion. The consensus opinion is fairly close to a null hypothesis in an experiment, i.e. the thing you're trying to falsify.
Slashdot Mirror
Interestingly enough, a couple years ago my Biostats teacher mentioned that about 50% of scientific articles in biological journals contain at least one statistical error. Personally, I think this can be attributed to the general lack of math skills of most Biology majors (not all of course). Biology is a memorization-based science, and most classes require virtually no math skills. In the courses that do have some math, it's never above the algebra level (with the exception of Biostats), and even that is considered quite difficult for a lot of people. Most of my classmates have an amazingly hard time with non-Calculus based physics. My university is even lowering the math required to get a Biology degree (from Calculus II to Calculus I). Even if students do learn it, if you don't use it you tend to forget it. Therefore it doesn't surprise me that many scientists and doctors (which many of my classmates may become) make mathematical errors in journal articles.
Nope, "we" aren't. I'm talking about 15-100+ character passphrases compared to standard sized passwords. If we were talking about 100+ character passwords then nothing that I've mentioned would even come close to making it crackable. Proper passwords have a fairly high entropy, pass phrases don't. That's the difference and that's why what I'm suggesting would probably work. I realize that you already understand the difference, but you're using the terms synonymously, and it's a little hard to discuss the differences between the two unless we use different terms for each.
With the exception of my hash VS encryption triad I haven't been jumping around. My original post was about the fact that pass phrases don't inherently contain more entropy than passwords, and as such could be bruteforced. My later posts entail a theoretic way that such a bruteforce engine could operate. It would be stupid to bruteforce 30+ characters of anything using the traditional aaaa, aaab, aaac approach. A keyspace of 256^100 isn't even worth considering. Because they are longer, pass phrases seem more secure at face value. But English is very low entropy. Compression is not a 50% reduction, the human brain has few problems decoding something like that. Fr exmp ths sent cn b read ez. With a more standard 85% compression that 100 character pass phrase becomes only 15 characters (still difficult, but not impossible with current technology). Now why does this matter? Well, what if we try to brute force the compressed version of the text? That's what I'm suggesting. I am not suggesting brute forcing the fairly long pass phrase, just the short compressed text. "This is my really, really, really long pass phrase." may not be easy to brute force directly (256^length), but a 10 (or whatever it may be) character compressed version is bruteforcable (256^10 = 2^80). Knowing the length of the pass phrase isn't necessary. The reason I'm stating the length is to illustrate the the keyspace isn't something like 256^100.
I don't even use a multi-user OS, so there are no hashed passwords on my system. I'm speaking in general terms. Also, the storage of lanman hashes can be disabled in the registry, so a 15+ character password isn't necessary (though it is more secure). Rainbow tables will still work, but I wouldn't feel safe against them at 15 characters.
Hashing works like you mention. It takes any length input and generates a fixed sized output. There are two major types of encryption, block and stream. Stream encryption always generates output the same length as the input. Block encryption requires that the last block processed be padded so that it has a block to work with. In either case the original length can be determined (to within a block size, so 128 bits for example) by the length of the cipher text. Hashing is one way, used for file and password verification. Encryption is reversible, so it can't discard data to generate a fixed length output. So, as I mentioned before, it's a semantics issue since encryption != hashing, though they are similar.
As for brute forcing, adding an additional character increases the keyspace geometrically. So it doesn't take much longer to bruteforce all 1 - 9 character passwords than just 9 character passwords. The method I describe for bruteforcing pass phrases is essentially traditional bruteforcing with one extra step. So it isn't necessary to know the length of the original pass phrase.
You don't need to know the length though. Just like traditional brute forcing, start small and work your way up. Start with decompressing an 8 bit sample (or whatever), then move up to whatever is practical. Decompressing x random bytes won't always result in an output of y bytes, but as x increases y should increase as well (in general, specific cases are unpredictable). I defined the length so I could estimate the keyspace that would need to be searched before a match would probably be found. BTW, (just a semantics note) encryption does let you know the length of the clear text within one block size (128 bits for example). Hashing always results in the same size output.
I didn't calculate in variations of words and misspellings because the grammatical and frequency components would still dwarf it. (And even misspellings are somewhat predictable.) With pass phrases the number of possible "phrases" is huge, but the number of likely phrases is much more manageable. English text (and probably text in other languages) compresses very well, something like 85% - 95%. A brute force algorithm could simply decompress random text of the appropriate length. Something like: random string --> decompression --> longer string of characters with English-like characteristics. Here's an example:
So if a 9 word pass phrase has an average word length of 5, plus one for punctuation/spaces, then the pass phrase would be approximately 54 characters long. If that's compressed to 5% - 15% of it's original size then the compressed text would only be 2.7 - 8.0 characters long. So you only have to search a key space of between 2^8 and 2^24. Therefore, in this case, the pass phrase would be far easier to brute force, unless it was extremely random (high entropy --> lousy compression but better encryption). The problem, IMHO, is that people aren't good at being random, and have a lot of difficulty remembering truly random things. It doesn't matter if you make people type 16 characters or 54 characters, if it's not random then it will be easy to brute force.
Hmm... it seems to me that the pass phrase idea wouldn't be that much more secure should cracking utilities be crafted to them. English words and phrases aren't terribly random. They compress very well after all. So it doesn't seem like you gain any entropy from a pass phrase, just length. To crack a pass phrase one could use an intelligent dictionary search that exploits the rules of grammar (subject, verb, noun) combined with word and letter frequencies, and with some spelling variation. Pass phrases aren't inherently more secure than passwords, just longer. It's possible that pass phrases could serve as mnemonic devices, thus allowing a user to remember a secure pass phrase more easily than a secure password, but I have my doubts.
Just in case I haven't explained my point very well, here's a more mathematical example. A 16 character alphanumeric password has a total of (26*2 + 10)^16 ~= 2^95 possible combinations. The average person uses something like 2,000 words in a given day (and only knows something like 15,000). A 9 word pass phrase could then be something like 2000^9 ~= 2^98 possibilities. That's better than a 16 character password, but it assumes that the 10 words are randomly picked and unrelated (and spelled perfectly). By mixing in misspellings you might gain, say, 100 possibilities per word, but it's also likely that a few of the words will be "the", "a", or "I". The rest can be searched based on usage frequency and word order. It makes cracking more complicated, but it probably wouldn't add significant time to a bruteforce attack. Unless, of course, pass phrases are a mnemonic device that let people remember something really long and random (hence with a lot of entropy).
Because his followers have a history of violence? Just kidding. Mostly because nukes raised the stakes for war a little higher than most countries are willing to go. So less war, which I figure is a good thing worthy of blessing. Nukes aren't made to be used after all. Otherwise there'd be no point in making enough to destroy the world 4000 times over.
Yes, because the world was such a peaceful place before nuclear weapons were developed, especially those last 30 or so years. (Hint, people long ago figured out how to kill and maim large numbers of people without the use of nukes.)
Yep, each cell has several mitchondria. When a cell divides each daughter cell gets roughtly half of them (if it doesn't get any then it dies). As the cell grows the mitochondria detects that it has a relatively low population relative to the cell size so it divides. When a woman produces eggs the mitochondria are included (causing mitochondria to be inherited solely from the mother, baring extreme circumstances).
You're right, but "some gene loss/exchange" would be an understatement. IIRC, there are about 1600 mitochondrial genes, and only about 20 of them are actually on mtDNA (most of those are tRNA). So the rest have been integrated into the "host" genome. This is actually an ongoing process and gene transfer happens a lot more frequently than you'd think. Mitochondrial genes that get inserted are called NUMTs and have actually been associated with human disease.
While disk imaging is a very useful technique, you do miss out on updates. What I like to do is to create a custom XP install CD pre-tweaked the way I'd like with some of my programs set to quietly install on first boot. I don't actually burn the disk until I need it, and before I do so I slipstream in any service packs or updates. nLite actually makes this fairly easy. By slipstreaming I save time in installing, time in downloading, and disk space for updates. I don't take this as far as I could, but you should (in theory) be able to create an install CD that's essentially completely unattended and installs everything for you. Slightly slower and more complex than disk images, but if you partition a lot it's invaluable since you can install XP on whatever size partition you want without resizing and you're ready to go after it installs rather than wasting time downloading/installing numerous individual updates. You also don't risk accidentally getting malware on your disk image or freshly re-imaged machine. Note: I do this with an OEM version of XP so activation might be an issue for retail versions.
Doh, brain lapse. :-) Anyway, I know there are some personal firewalls that play with TCP on a fairly low level (such as randomizing the sequence number), so it should be possible to run a helper program that would selectively drop RSTs. You don't need to put the entire client in kernel space, just the helper. Similar to how several Windows packet sniffers require WinPcap. In any case, it wouldn't be a good solution since it requires the cooperation of everyone else, but for private trackers and smaller communities it may work fairly well.
Well, if this problem is widespread couldn't trackers just drop RST packets from Comcast's IP range?
Because having your data on the internet makes it more accessible, and if your house burns down you won't lose it. Plus RAID controllers aren't free and often require some setup/maintenance.
Very good point. Back when I ran track (distance) I had a BMI of ~29. What's unhealthy (AFAIK) is having a high body fat percentage, not your weight:height ratio. For normal people BMI can approximate this without too elaborate of a test. For insurance reasons it would be more reasonable to charge a $5 fee if your BMI is over X UNLESS your body fat percentage is under Y%. Otherwise you overcharge healthy people (and disproportionately short people).
Couldn't that vulnerability be solved by including a thermometer? I.e. if the temperature is outside of the designed operational range then the RNG doesn't return anything.
what if you could either 1-find a way to stack h20 so it stayed the same size (most things shrink when they freeze, water is an exception) or 2- find a substitute molecule that could replace the water in a human corpus... one that also doesn't expand when frozen....
Like the Trehalose that Tardigrades use to survive at tempatures approaching absolute zero? (While trehalose might protect the cell membranes I suspect that human proteins would be denatured by extremely low temperatures.)
Isn't PGP/GPG public key encryption? I.e. you encrypt your e-mail with the public key of your recipient, and only the recipient's private key can be used to decrypt it. So AFAIK you shouldn't be able to decrypt the messages that you send. Of course, your argument still applies to messages that you receive.
How about duel boot laptops? After all, Linux's hardware support for laptops isn't that great, and many people still have things they need (or prefer) to do in Windows or some other OS. Hibernation doesn't remount partitions, so guess what happens if you hibernate, boot another OS, edit a file, then resume?
If boot time didn't matter then people wouldn't complain about it. You could hibernate all the time, but hibernation isn't perfect (or safe in all situations), and some people just like to start with a "clean slate" in the morning. Boot time is actually one of the big things that keeps me from using Linux very often. When I wake up in the morning and want to check my RSS feeds I have three options. First I turn on my laptop (which is off to conserve energy, prevent my P4 from acting like a space heater for my dorm room, keep the room quiet, and cut down on EM interference that keeps my "atomic" clocks from syncing), and get to my boot manager. If I choose BeOS (my primary OS) I can wait 30 seconds for the OS to load (since I'm stuck with 1 MB/sec disk read speed, normally it would be ~7 seconds), immediately launch Firefox in ~5 seconds (same problem) and I'm done. If I choose Windows I wait about 40 seconds for my desktop, and about 20 seconds for Windows to finish so I can launch Firefox. With Linux I have to wait 2 - 3 minutes for it to boot and I can launch Firefox immediately. Hibernation wouldn't work since I use one Firefox profile on a shared drive.
So, even though hibernation works for you, it's not a valid excuse for an unnecessarily long boot time. (Oh, and if you're wondering why I still use the BeOS despite crappy hardware support, it's because it tends to be an order of magnitude faster for opening folders, e-mail, and non-ported applications. I get pissed off if I have to wait for a program and there isn't a hardware or network bottleneck that's causing the delay.)
AFAIK hibernate is entirely done in the OS. I.e. instead of booting normally it partially boots then retrieves the contents of RAM from disk. Sleep requires that hardware is put in a low power state and such. Personal example: my Mom's computer came preinstalled with Windows 98, so obviously it shouldn't have any hardware support for hibernation, but it still manages to hibernate with Windows XP just fine.
An FM radio station is limited by range, an internet radio station is limited by bandwidth. An FM radio station could broadcast to millions (perhaps billions in theory) and AM could do even more. Internet radio stations aren't limited by range, but they are limited to X listeners. While internet radio stations can scale up, internet radio is also less popular. So I don't see why they should have to pay higher royalties to broadcast to fewer people. (Well other than that whole "RIAA wants to protect its monopoly on what Average Joe is exposed to" thing.)
In an attempt to distill what we actually are disagreeing about, lets look at the original thread that caused me to object to your opinion.
Going on what has been said, it would seem that you firmly believe in global warming being caused by man. You challenge Thundersnatch to provide an alternate theory that satisfies a couple of conditions. This implies you don't know of any other opinion that has merit. It also begs the question why must those conditions be met? The first (better job) is acceptable. The second is unscientific and SaDan points this out. You essentially state that he doesn't know what he's talking about, so I felt compelled to chime in. I don't care if you believe in global warming being mostly due to the activities of mankind. That's an acceptable and logical position to hold. What I won't tolerate is the implication that this is the only acceptable position to hold. Just because you choose to follow the scientific consensus doesn't mean everyone else has to. In science it's the data that matters, not consensus. Consensus may correlate with fact, but it doesn't cause something to be fact. Because of that reason, I object to your intolerance of someone holding an alternate opinion, or the implication that someone could be unconvinced. (I.e. they don't believe in global warming due to mankind, but don't believe in any other theories on the matter either.)
Yes, climatologists know what they're talking about and are scientists. No, you aren't using the scientific method if you model your opinions based on what researchers personally believe.
You speak of a better method of understanding the climate which the professionals are overlooking, what exactly is it?
No, I say that the scientific method isn't terribly well suited for climate research, and that if there's a better method then we should adopt it regardless of its history (long or short). Obviously if I knew a better method then I would be evangelizing it, not implicitly referencing it in Slashdot posts (although I didn't even do that).
almost none of us who aren't professionals have any basis to make good judgments based on our superficial knowledge of the subject.
Nobody has any basis to make a judgment on something like climatology. That is to say, no one researcher can say "Mankind's activities are the sole reason that the average temperature is increasing". A layman can know the following:
This would lead a layman to believe that humans are contributing to global warming. It does not entitle a layman to believe that human activity is the only contribution or that all scientists are in agreement about exactly how much influence human activity has had on the warming trend. Therefore, a layman can form a moderately informed opinion. You attacked a couple people for not blindly believing what you hear on the media about the opinions of scientists. I.e. how many climatologists have you personally interacted with, and why should their opinion matter? They may be well informed, but they may not necessarily be unbiased (research and data should be unbiased, opinion usually is, whether that be toward an external influence or the person's own limited experience). Realistically, global warming is probably due to a variety of reasons. Human activity probably played no small part, but, natural or not, changes have happened. These changes affect everybody, not just climatologists. Therefore, it's reasonable for everyone to have an opinion on it. (Or if they choose not to have an opinion then that's fine too.) Science is skeptical by nature. Therefore, one should be skeptical of broad claims. One should listen to reason and solid data, not opinion or speculation. Scientists are not infallible, and should not be treated as such. Heck, the Pope isn't even infallible unless a variety of conditions are met. (One of which being that you're catholic and you care about the Pope.) That's why you shouldn't blindly believe what anyone says. Now, if you know a lot of really well informed people believe a certain way, and you want to model your beliefs after them, that's fine. But don't attack people who don't show the same blind faith that you do. Leave that to the theists. (And no, I'm not intending to liken faith in science to faith in religion, just that the blind acceptance of people's opinions is not scientific and one shouldn't pretend that it is.)
For most of those you seem to be missing the point. Haiku is designed to be a successor to BeOS. Many BeOS users (current and past) have used or now use other OSes, but haven't seen the things they liked about the BeOS present in them. That's why there's a need for Haiku. There is the Cosmoe Project that seeks to make Linux more like the BeOS, but personally I'm placing my hopes with Haiku (although I expect Cosmoe & Haiku can improve each other). That said, there are a few of your comments that I'd like to address.
* Focused on desktop, don't want to be a wristwatch
** So they believe in the future of desktops and not having a system that's built up of components but having a system designed for the desktop. Apple have their desktop OS running on a phone, Linux has been ported to just about anything under the sun, Microsoft have a stripped down version of their OS for phones and PDA but Haiku think they are better by focusing on desktop only -- mistake!
Haiku is designed to be a desktop OS. Not a server OS, or an embedded OS. Other OSes do that, and they do it well enough that there isn't a whole lot of need to compete with them in those areas. There are also trade-offs, so Haiku is aiming to be specialized toward the Desktop, not a Jack-of-all-trades.
* Compatible with Beos R5
** As he said in the presentation, why focus so much on being compatible with a 6 year old OS? - Maybe an emulator for the sake of it, but this is a priority?
Because much of the potential userbase is currently running BeOS R5.0.3 or R5.1 or Zeta. Many parts of Haiku have even been ported (if necessary) to run in BeOS R5. Parts like the Mail Daemon and ShowImage. Binary compatibility also ensures a fairly easy transition from BeOS/Zeta to Haiku, and that means that Haiku will have a fair amount of software available immediately. Many older BeOS apps are also closed-source (with the authors incommunicado), so binary compatibility is kind-of a big deal. Haiku R1 aims to be very similar to BeOS R5, Haiku R2 - Glass Elevator may break application compatibility.
* Kernel designed for responsiveness
** Low latency means lower performance and that dig at Linux he made in the presentation is inaccurate - firstly, responsiveness depends on options chosen in the kernel, having the option of better performance over lower latency is a GOOD thing.
I assume you haven't used the BeOS. Its speed will spoil you. Whenever I have to use Linux and Windows the speed difference becomes obvious. It isn't major, just annoying. Things like folders taking one second to open instead of a tenth of a second. Or applications that start essentially instantaneously. As a desktop user I don't really care that such responsiveness causes a small hit in performance, I'm not running a MySQL database or serving webpages in x milliseconds.
* Small footprint, fast boot
** 60MB uncompressed is not small, Linux even with X can be as small as 6MB uncompressed if that
True, Linux can be small, but the desktop distros usually aren't. They also tend to have a boot time on the order of minutes, while BeOS (and I assume Haiku) has it on the order of seconds. I.e. on the same machine it's not uncommon for BeOS to boot in ~7 seconds (ready to launch Firefox), and Linux to take 2 minutes. I'm sure you could reduce the Linux boot time, but even on my GP2X it still takes 14 seconds, and that's not loading network stuff or other things.
* Less Debug - no need to test with FreeBSD, OpenBSD, NetBSD, Multiple Linux kernels, Windows
** Absolute bullshit, he seems to encourage software to be made for their OS only, making it compatible with Linux, FreeBSD or Windows is a sin!
Yet another way BeOS is different. BeOS isn't entirely posix compatible. Virtually all non-trivial programs are multi-threaded, and BeOS uses it's own version of threads. It's related to the responsiveness of the B
Hmm... last time I checked science was about data and falsifiable theories constructed around that data, not consensus. The difference isn't immediately obvious since a belief widely held by scientists is usually supported by pretty good evidence. However, scientists are human (well, most of them), so many are reluctant to immediately disregard a belief they've held for several years even if there's proof that it's false. Furthermore, many scientists understand their field really well, and tend to either not understand other fields or not consider them (or both). A climatologist may downplay the effects of astronomical events on climate for instance. (BTW, since you're talking about global warming, climatology isn't really something the scientific method works on, well, unless you start essentially terraforming planets.)
If you've got a system that works better than the scientific method which has been developed for many centuries and used to bring our civilization to the level of technical sophistication that we now enjoy then I'd love to hear all about it. If not then please take a seat and stop trying to hinder attempts at progress.
Why does the scientific method's history matter? If there's a better method then it should be used, regardless of its age. In fact, the scientific method isn't terribly effective for engineering or historical analysis (archeology, climatology, etc.). Also, the scientific method, as I understand it, doesn't have a requirement that experiments adhere to the consensus opinion. The consensus opinion is fairly close to a null hypothesis in an experiment, i.e. the thing you're trying to falsify.