"Given that Universities are for the most part funded by government and other public funding sources one could make the case that they should ALL operate this way. Universities are the last entity that should be locking up ideas with patents."
Sounds great, provided that the funding universities give up would come from extra public support. I'd be all for it, but I'm probably not in the majority.
I set up my dad's law firm with rsnapshot (http://rsnapshot.org/) to synch and archive documents over the net to an offsite storage server. It's like rsync, but it keeps a rolling list of previous states, so you can undo any mistakes easily enough. Best part about it: it uses hard links to store multiple instances of the same file, so the overhead of keeping your entire document history is pretty minimal (unless you edit a whole lot of videos all the time). YMMV, but I'm one satisfied customer.
I agree with your sentiment. However, when's the last time you installed a binary from a company you've never heard of? When's the last time you've visited an active website from a similarly obscure company?
The barrier to entry for web apps is so absurdly low that many companies or projects are going to use them just because it's the only way to run code on users' computers. Given web apps are here to stay for at least a certain market segment, ask yourself if WebAPI is a good or a bad thing; that's really the only question left.
It gets better. If Google borrowed an amount of $ with a nonzero imaginary component, through the miracle of complex number exponentiation eventually the bank would owe *them* money.
I know I'm posting against the prevailing opinion here, but I think AT&T might be doing the right thing. Consider that communication technology gets better and cheaper every year. Upgrading now not only cuts into profits, but it also means buying capacity for more money than the competition who doesn't upgrade for a few years.
The sign of a well-managed telecom is that its network is just at the point of being so crappy that folks are leaving. Any more capacity and they're wasting their dough. Erring a little to one side or the other is probably understandable too.
For example, MD5 is 128 bits, but SHA-1 is 160 bits. This means that an SHA-1 rainbow table needs around four billion times more entries than for MD5.
I don't think so. Rather than storing the hash of every password, rainbow tables store the hash of every, say, alphanumeric password less than X characters long. The character set and the password length are set by the reduction function - see http://en.wikipedia.org/wiki/Rainbow_table for more info. That means for a given set of possible passwords, the MD5 and SHA-1 rainbow tables will be about the same size.
There are about 10^500 possible string theories. We haven't yet found any that conform to all our observations. We don't know if it's even possible to search efficiently for that needle in the 10^500-big haystack, so string theory might be like the evil hall of mirrors in a bad B-movie: "yes, my childish nemesis, you falsified THIS one, but which one is the REAL string theory? HA HA HA!".
String theory may not be on a par with astrology, but IMHO it sullies the term theory. Anyone who has defended the theory of Evolution against fundies knows that's a bad move. It wouldn't be a bad idea to rename it string physics, even though arguably it's not physics yet either.
SSL is a PITA. It's much easier to configure Apache to only serve admin pages to the local machine. SSH tunnels are more secure and easier to maintain too.
If you read the work carefully, the smallest p-value for a stimulation-associated change is p =.03. That means there's a 1-in-30 chance that random noise in their results just happened to show an effect as strong as they actually observed. I commend the authors for being upfront with their p values; thanks for reporting them.
Without being a total naysayer, I'd still be cautious about swallowing these results wholeheartedly before independent confirmation. I don't suspect there was any experimental shenanigans, but the statistical evidence for making you smarter (or at least a faster learner) using this technique is still just above the minimum publication threshold (usually 1-in-20).
That's 70,410,355,200 with commas, about 70 Gb/s (8 GB/s). That's about one order of magnitude faster than the current HDMI spec. It's technically feasible now, and will be easy to do in about 4 years.
By then, many digital cameras will have many tens of megapixels, so the resolution of the screen won't be unused.
What kind of applications would benefit from such uber-high def? One idea: I'm looking forward to the day we will be able to use commodity cameras and displays to get digital microscopy good enough to replace having to stare down an eyepiece. Imaging also being able to show other scientists what you're doing without having to switch seats, refocus, etc. Bring it on.
(And no, current HD is about 2-3 times too rough to do the really fine observations I need on a daily basis.)
Article says they knew about a hardcoded pw two years ago and sat on their thumbs, and then it questions whether this is negligence. There is no question. That is negligence
Not always. Some control systems are run on a dedicated computer without Internet access. Some control systems need to have little downtime to avoid serious consequences. (Some manufacturing plants or refineries have razor-thin margins - an extra 1% downtime could mean the difference between profit and bankruptcy.) In cases like these, if a hard-coded password means a faster system recovery, it's the right choice.
If I had software on my desktop system with a hard-coded password, I'd be justifiably pissed. However, for some industrial applications (including some SCADA installations) , the simplicity of not needing to enter a unique password plus a physical air gap of security trumps a forced-unique password with only digital security - particularly if that digital security is Windows-based (where adding a keylogger would have resulted in almost as bad a p0wnage as what Stuxnet already has)!
Honest answer: about 128 characters of typical English.
Claude Shannon estimated that the rate of entropy of the English language is about one bit per character, so for a hash picked at random, the smallest typical English-language message with that hash would be about 128 characters long. (Of course, many longer messages also have the same hash, and finding the smallest English message that digests to the 128 bit hash is a hard problem.) That means that trying to put a longer-than-128-character message into a hash means there's some other, simpler English message with that hash too.
Aside: "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." is 393 characters. That means there are almost certainly other, shorter English messages with the same md5 digest; if these guys are totally 1337 it would be awesome if they knew of another, terser secret message with the same md5 hash. Since they have control of the exact wording of the two messages, they might even have done a birthday attack to find a collision with variants of the shorter, secret message. Show of hands: are these dudes that 1337?
It's a particle's kinetic energy, not its speed, that's related to temperature. (The constant of proportionality is called Boltzmann's constant k, related to R, the ideal gas constant.) Since particles become more massive as they approach c and kinetic energy depends on both mass and speed (.5 * m * v * v), the energy starts going more into increased mass and less into increased speed as you approach c. In fact you can put an arbitrary amount of kinetic energy into them with them still traveling slower than c. Ridiculously-energetic particles still go slower than light - for instance the particles at the LHC travel at something like 99.999% of the speed of light. So really high-temperature objects would start having their particles get more massive rather than substantially faster.
Mods: granted this is off-topic, but I'd like to indulge the parent post's questions. I am a biophysicist.
Let me have a stab at explaining the history of stimulated emission and lasers.
Einstein predicted stimulated emission based just on two things: the fact that atoms can absorb light and the fact that thermodynamically, as you approach infinite temperature all possible arrangements of particles become equally likely. Consider a collection of atoms that have a ground and an excited state. As temperature (and black-body radiation) increases, more and more photons will pump atoms into the excited state. Excited states naturally decay after a certain lifetime, but without stimulated emission, at higher temperatures more and more atoms would get pumped into the excited state, until an arbitrarily large fraction of atoms would be in the excited state at arbitrarily high temperature. However, from thermodynamics we know that as you approach arbitrarily high temperature there will be a 50/50 mix of ground state and excited atoms, since high temperature favors disorder (entropy) and 50/50 mixes are maximally disordered. Therefore, there must be a process whose rate is proportional to the intensity of the thermal radiation in the system that takes an atom from the excited to the ground state; this is stimulated emission.
Different people give credit to different inventors of the laser, but you can make a good case for Charles Townes' input being timely and critical. He figured out that putting a gain medium (a material with population inversion - more atoms in the excited than the ground state) in an optical resonator would produce coherent light through stimulated emission. He turns 95 next month, and is still going strong last I heard.
OK, here's an idea that solves the "we can't delete it but we must be able to forget it and we can't forge it" problem.
Encrypt the conversations while recording them, each with their own unique AES cypher.
Store the encrypted conversations to a WORM drive and keep them forever.
Store the AES keys on erasable media.
If you want to delete a conversation, you permanently delete the key but leave the encrypted conversation there.
If you want to *alter* a conversation, you're out of luck because the only alterable media is the one storing the keys.
Even though the encrypted conversation lasts forever on the WORM drive, bringing a conversation back from the dead is as hard as breaking AES without the benefit of any side channel attack - this won't happen any time soon.
Once the air is saturated on the allocated frequencies, we turn down the power of each cell tower and make cell towers closer together. Repeat as needed, where needed.
(Granted, for this to work, mobile devices also would have to limit their transmit power to just what is needed. Still, the tech challenges aren't insurmountable.)
The wavelength of the laser light is about 1315 nm: far enough into the infrared that it could be this laser will kill you by cooking you before blinding you. If it kills before blinding, that's "ethical".
There's nothing at the level of https - where users can have confidential connections without messing about too much - no need even for "username and password".
It would be great if you could have this kind of security without any exchange of credentials, but it's just not possible. With https, every site's public key is signed by a certificate authority; this kind of public key infrastructure (probably) wouldn't be practical with routers, and without it you're always vulnerable to a man in the middle attack.
A lot of the troubles that look like fundamental roadblocks (like e^KT/q) become less of an issue at low temperature: quantum tunneling, resistivity, and smallest noticeable voltage change to name a few.
Let me speculate: say we lived in an era where you could run a medium-thick client with hardware like what we have today, but have a fast Internet link to a datacenter with 4 nm chips designed to work at 20 K or cooler. These chips could use much lower voltages and currents, and could have fewer tunneling problems than room temperature computers. Even with the cooling needed, performance/Watt would be a lot higher.
You might not be a fan of "utility" computing, but if you could have a 200 GHz (or so) computer you could get to via NX in some liquid Helium-cooled facility rather than having a poky ~5 GHz machine pushing up against room temperature limits, wouldn't that be tempting?
53.3 ms times the speed of light is only about 10 000 miles: not enough for a round trip from Colorado to Australia even if you had a light speed connection going straight through the Earth's mantle.
Google must mirror google.com.au close to you; it's also suspicious that 74.125.91.104 and 74.125.127.100 share the first and second numbers (suggesting that they're physically not too far apart).
... especially tolls, which are often wildly inefficient. When I lived in the SF Bay area, I would often wait a good half hour to pay a $4.00 toll. With two people in the car whose time is worth $40/hr each, the cost in time of paying the toll is 10 X the actual toll.
Raise the gas tax a little to cover all tolls and I would be much happier!
Slashdot Mirror
"Given that Universities are for the most part funded by government and other public funding sources one could make the case that they should ALL operate this way. Universities are the last entity that should be locking up ideas with patents."
Sounds great, provided that the funding universities give up would come from extra public support. I'd be all for it, but I'm probably not in the majority.
I set up my dad's law firm with rsnapshot (http://rsnapshot.org/) to synch and archive documents over the net to an offsite storage server. It's like rsync, but it keeps a rolling list of previous states, so you can undo any mistakes easily enough. Best part about it: it uses hard links to store multiple instances of the same file, so the overhead of keeping your entire document history is pretty minimal (unless you edit a whole lot of videos all the time). YMMV, but I'm one satisfied customer.
I agree with your sentiment. However, when's the last time you installed a binary from a company you've never heard of? When's the last time you've visited an active website from a similarly obscure company?
The barrier to entry for web apps is so absurdly low that many companies or projects are going to use them just because it's the only way to run code on users' computers. Given web apps are here to stay for at least a certain market segment, ask yourself if WebAPI is a good or a bad thing; that's really the only question left.
It gets better. If Google borrowed an amount of $ with a nonzero imaginary component, through the miracle of complex number exponentiation eventually the bank would owe *them* money.
I know I'm posting against the prevailing opinion here, but I think AT&T might be doing the right thing. Consider that communication technology gets better and cheaper every year. Upgrading now not only cuts into profits, but it also means buying capacity for more money than the competition who doesn't upgrade for a few years.
The sign of a well-managed telecom is that its network is just at the point of being so crappy that folks are leaving. Any more capacity and they're wasting their dough. Erring a little to one side or the other is probably understandable too.
For example, MD5 is 128 bits, but SHA-1 is 160 bits. This means that an SHA-1 rainbow table needs around four billion times more entries than for MD5.
I don't think so. Rather than storing the hash of every password, rainbow tables store the hash of every, say, alphanumeric password less than X characters long. The character set and the password length are set by the reduction function - see http://en.wikipedia.org/wiki/Rainbow_table for more info. That means for a given set of possible passwords, the MD5 and SHA-1 rainbow tables will be about the same size.
There are about 10^500 possible string theories. We haven't yet found any that conform to all our observations. We don't know if it's even possible to search efficiently for that needle in the 10^500-big haystack, so string theory might be like the evil hall of mirrors in a bad B-movie: "yes, my childish nemesis, you falsified THIS one, but which one is the REAL string theory? HA HA HA!".
String theory may not be on a par with astrology, but IMHO it sullies the term theory. Anyone who has defended the theory of Evolution against fundies knows that's a bad move. It wouldn't be a bad idea to rename it string physics, even though arguably it's not physics yet either.
SSL is a PITA. It's much easier to configure Apache to only serve admin pages to the local machine. SSH tunnels are more secure and easier to maintain too.
If you read the work carefully, the smallest p-value for a stimulation-associated change is p = .03. That means there's a 1-in-30 chance that random noise in their results just happened to show an effect as strong as they actually observed. I commend the authors for being upfront with their p values; thanks for reporting them.
Without being a total naysayer, I'd still be cautious about swallowing these results wholeheartedly before independent confirmation. I don't suspect there was any experimental shenanigans, but the statistical evidence for making you smarter (or at least a faster learner) using this technique is still just above the minimum publication threshold (usually 1-in-20).
Worst case scenario: the sun sets on a Friday for the last time that year. Imagine trying to keep Shabbat for four months, at 78N.
Ummm...
9160 * 5358 * 60 * 24 = 70410355200
That's 70,410,355,200 with commas, about 70 Gb/s (8 GB/s). That's about one order of magnitude faster than the current HDMI spec. It's technically feasible now, and will be easy to do in about 4 years.
By then, many digital cameras will have many tens of megapixels, so the resolution of the screen won't be unused.
What kind of applications would benefit from such uber-high def? One idea: I'm looking forward to the day we will be able to use commodity cameras and displays to get digital microscopy good enough to replace having to stare down an eyepiece. Imaging also being able to show other scientists what you're doing without having to switch seats, refocus, etc. Bring it on.
(And no, current HD is about 2-3 times too rough to do the really fine observations I need on a daily basis.)
Not always. Some control systems are run on a dedicated computer without Internet access. Some control systems need to have little downtime to avoid serious consequences. (Some manufacturing plants or refineries have razor-thin margins - an extra 1% downtime could mean the difference between profit and bankruptcy.) In cases like these, if a hard-coded password means a faster system recovery, it's the right choice.
If I had software on my desktop system with a hard-coded password, I'd be justifiably pissed. However, for some industrial applications (including some SCADA installations) , the simplicity of not needing to enter a unique password plus a physical air gap of security trumps a forced-unique password with only digital security - particularly if that digital security is Windows-based (where adding a keylogger would have resulted in almost as bad a p0wnage as what Stuxnet already has)!
Honest answer: about 128 characters of typical English.
Claude Shannon estimated that the rate of entropy of the English language is about one bit per character, so for a hash picked at random, the smallest typical English-language message with that hash would be about 128 characters long. (Of course, many longer messages also have the same hash, and finding the smallest English message that digests to the 128 bit hash is a hard problem.) That means that trying to put a longer-than-128-character message into a hash means there's some other, simpler English message with that hash too.
Aside: "USCYBERCOM plans, coordinates, integrates, synchronizes and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries." is 393 characters. That means there are almost certainly other, shorter English messages with the same md5 digest; if these guys are totally 1337 it would be awesome if they knew of another, terser secret message with the same md5 hash. Since they have control of the exact wording of the two messages, they might even have done a birthday attack to find a collision with variants of the shorter, secret message. Show of hands: are these dudes that 1337?
Hi General Fault,
It's a particle's kinetic energy, not its speed, that's related to temperature. (The constant of proportionality is called Boltzmann's constant k, related to R, the ideal gas constant.) Since particles become more massive as they approach c and kinetic energy depends on both mass and speed (.5 * m * v * v), the energy starts going more into increased mass and less into increased speed as you approach c. In fact you can put an arbitrary amount of kinetic energy into them with them still traveling slower than c. Ridiculously-energetic particles still go slower than light - for instance the particles at the LHC travel at something like 99.999% of the speed of light. So really high-temperature objects would start having their particles get more massive rather than substantially faster.
Mods: granted this is off-topic, but I'd like to indulge the parent post's questions. I am a biophysicist.
Let me have a stab at explaining the history of stimulated emission and lasers.
Einstein predicted stimulated emission based just on two things: the fact that atoms can absorb light and the fact that thermodynamically, as you approach infinite temperature all possible arrangements of particles become equally likely. Consider a collection of atoms that have a ground and an excited state. As temperature (and black-body radiation) increases, more and more photons will pump atoms into the excited state. Excited states naturally decay after a certain lifetime, but without stimulated emission, at higher temperatures more and more atoms would get pumped into the excited state, until an arbitrarily large fraction of atoms would be in the excited state at arbitrarily high temperature. However, from thermodynamics we know that as you approach arbitrarily high temperature there will be a 50/50 mix of ground state and excited atoms, since high temperature favors disorder (entropy) and 50/50 mixes are maximally disordered. Therefore, there must be a process whose rate is proportional to the intensity of the thermal radiation in the system that takes an atom from the excited to the ground state; this is stimulated emission.
Different people give credit to different inventors of the laser, but you can make a good case for Charles Townes' input being timely and critical. He figured out that putting a gain medium (a material with population inversion - more atoms in the excited than the ground state) in an optical resonator would produce coherent light through stimulated emission. He turns 95 next month, and is still going strong last I heard.
Yes. With Accelereyes and cuda.
Would this work?
Once the air is saturated on the allocated frequencies, we turn down the power of each cell tower and make cell towers closer together. Repeat as needed, where needed. (Granted, for this to work, mobile devices also would have to limit their transmit power to just what is needed. Still, the tech challenges aren't insurmountable.)
What about renting a longer-range car when you need it?
Would you have to open the computer case every time you installed an OS patch? If so, would that make your system more or less secure?
The wavelength of the laser light is about 1315 nm: far enough into the infrared that it could be this laser will kill you by cooking you before blinding you. If it kills before blinding, that's "ethical".
There's nothing at the level of https - where users can have confidential connections without messing about too much - no need even for "username and password".
It would be great if you could have this kind of security without any exchange of credentials, but it's just not possible. With https, every site's public key is signed by a certificate authority; this kind of public key infrastructure (probably) wouldn't be practical with routers, and without it you're always vulnerable to a man in the middle attack.
A lot of the troubles that look like fundamental roadblocks (like e^KT/q) become less of an issue at low temperature: quantum tunneling, resistivity, and smallest noticeable voltage change to name a few.
Let me speculate: say we lived in an era where you could run a medium-thick client with hardware like what we have today, but have a fast Internet link to a datacenter with 4 nm chips designed to work at 20 K or cooler. These chips could use much lower voltages and currents, and could have fewer tunneling problems than room temperature computers. Even with the cooling needed, performance/Watt would be a lot higher.
You might not be a fan of "utility" computing, but if you could have a 200 GHz (or so) computer you could get to via NX in some liquid Helium-cooled facility rather than having a poky ~5 GHz machine pushing up against room temperature limits, wouldn't that be tempting?
53.3 ms times the speed of light is only about 10 000 miles: not enough for a round trip from Colorado to Australia even if you had a light speed connection going straight through the Earth's mantle.
Google must mirror google.com.au close to you; it's also suspicious that 74.125.91.104 and 74.125.127.100 share the first and second numbers (suggesting that they're physically not too far apart).
... especially tolls, which are often wildly inefficient. When I lived in the SF Bay area, I would often wait a good half hour to pay a $4.00 toll. With two people in the car whose time is worth $40/hr each, the cost in time of paying the toll is 10 X the actual toll.
Raise the gas tax a little to cover all tolls and I would be much happier!