The Microsoft solution represents license fees for the office suits
Coming to a clothing store near you: Tuxedo 2009, with more bling; where does your inner Gentleman want to go today?
But with Microsoft's stance on DRM, does this mean that when I bring home a girl and we're both hot and bothered by each other, helped by our champagne buzz, I have to pay extortion money to the IFPI* before we can get naked?
(*International Federation of the Pornographic Industry)
citizens have "no reasonable expectation of privacy" when they are in public
So when I'm driving on some friend's massively huge field, which is private property and hidden from public view by a forest, the police is going to turn off the GPS tracking device?
No, thought not. But presumably I have an expectation of privacy when I'm on my friend's private land.
Prime numbers, meanwhile, become decreasingly common as you get larger and larger, is that not correct?
Yes, that is correct. There are roughly logarithmically many of them.
Bertrand's Conjecture (proven by Chebyshev) states than for all n > 1, there's a prime p with n < p < 2n.
If you look only at powers of two, it's readily seen that there are n primes between 1 and 2^n; setting k=2^n, there are log(k) primes between 1 and k.
A logarithmic upper bound follows from the Prime Number Theorem, which doesn't have an easy proof (AFAIK). It says something much more specific than just "It's O(log n)", though. Maybe there's a simple theorem from which you can derive O(log n), but I don't know.
I don't know; it might be interesting to know that the leading digits of powers-of-k are distributed in some interesting way in base not-k. They obviously all have a leading 1 in base k.
I find it interesting that the article doesn't prove any theorems. At least searching for the word "theorem" in the pdf only gives references to other theorems. Searching for "proof" gives no hits.
That leaves me thinking: what does this article tell us that we couldn't find out ourselves by ripping through some prime numbers? I thought the real power of math was to say something 100% certain about some infinitude of stuff, so we don't have to go and check every case by hand.
Oh well, I guess every open question needs some results on the form "this holds for all n <= bignum"; say, like the Goldbach Conjecture (every even number n > 2 is the sum of two primes).
Imagine if anyone could create an editor and call it Emacs. The FSF is going to get stomped down by "forks" that introduce all sorts of lucentware in the source code. Without the protection of trademarks, the FSF would have to sit idly by as its market share gets split up.
I just don't understand what's so interesting/damning here.
Do you do web development? Do you support an intranet web app that only runs on IE 6.0?
I don't. But what I hear is that you first develop for standards-conforming browsers, then spend a lot of time hacking your site to be IE-compatible too.
A lot of development hours could be saved if IE was more compliant with the standards. A lot of system administration hours could be saved if users could be made to use a more secure browser than IE 6.0. ("a lot" was pulled from my ass.)
Possibly, more competition might motivate Microsoft to write a more standards-compliant browser.
Alternatively, Chrome taking over the market might mean the demise of Micro$oft:D
Because if bytes are sent to your computer, it can only move them to the sound card and not the disk. Not that I encourage dumping the packet stream and replaying it later or anything like that;)
I think parent is faulting MS for not enabling graceful degradation.
It like... if you have a hot car, you'll get tons of chicks. If you have a normal car, you still get some chicks. In MS world, you have to have a hot car to get chicks at all.
And she did not want to sue McDonalds for punitive damages, only to have them pay for the costs of her medical treatments.
This'll probably get me modded troll, but here goes...
I've heard this term, "Ambulance chaser". And there's this Liebeck vs. McHotCoffe case.
The concept of an ambulance chaser is very foreign to me. Why would you need a lawyer when you're taking a hospital cab ride?
But then again, my taxes pay my medical bills, so I don't have to worry about financial ruin whenever I break a leg or have severe sunburn from crossing the street (this being/.) or whatever.
Might US lawyers have a little less business if you had tax-paid medicine? I know, it's socialism, and socialism is bad because it's socialism, but consider this: "health is less good in societies where income differences are bigger" (http://www.ncbi.nlm.nih.gov/pubmed/16226363).
If people don't have enough time to drink a coffee properly, they need to negotiate better work hours or take up a less insane lifestyle. [...] solving entirely the wrong problem.
What makes a problem wrong? I contend that the right problems are those people want solved. Economy seems to be based on this idea ("Subjective theory of value").
Is it a bad thing that people want to solve "Drink coffee in a stressed-out lifestyle" rather than "have a not-so-stressed-out lifestyle"? Probably. Feel free to consult the literature to find out the detrimental health effects of stress; my guess is that they are plentiful.
That's an objective measure of how wrong the problem people want solved is. Your measure ("it gives me bad coffee") is subjective.
I'm not saying it's wrong (after all, didn't I just say that subjective desires define what's right?); just pointing it out...
Is there any hash function that actually is secure?
I think this would imply P != NP. While P != NP is a reasonable thing to believe, it hasn't been proven yet, so if a hash function was proven to be perfectly secure, we would likely have a proof that P != NP.
Well... not exactly; if hashes of a given hash function H have length O(1), then let n be smallest number larger than the length of the longest hash. Then there are at most 2^n - 1 different output values: 1 +... + 2^(n-1) = 2^n - 1. Then, run through 2^n valid inputs and hash them; two will be equal.
[make some assumptions about polynomial running time of H, and that 2^n input strings can be found that are all of length polynomial in n; the latter follows from a common assumption: all strings are valid inputs]. So collisions can be found in time O(1) if hash sizes are O(1).
What we really want to talk about, in a theoretical sense, is a family of hash functions {H_n | n = 1, 2,...} with outputs of size n. Any hash function with a fixed-length output will have a collision; similar to above, it's reasonable to assume they're of polynomial length. Then, a non-deterministic turing machine generates two strings which hash to the same value; by assumption of perfect security, no polynomial time turing machine can do this.
And being really pedantic, turing machines only solve decision problems; what you really want your turing machine to do is take two strings and and k, and tell you whether the two strings are prefixes of strings x and y both of length at most k, such that H(x) = H(y). Do binary search for a k that works (using the empty string as prefixes), then find the strings by expanding them bit by bit.
I'm not sure what I said is 100% formally correct, so consider this a near-complete proof sketch.
This has nothing to do with multiple hash algorithms.
You should really read the rest of that post.
Finding a pair of documents that have the same SHA1 hash doesn't help you find a pair of documents with the same MD5 hash.
No, but if you can find one you can also find many, and in the many you can find an MD5 collision. From the link:
Joux then extended this argument to point out that attempts to increase the security of hash functions by concatenating the outputs of two independent functions don't actually increase their theoretical security. For example, defining H(x) = SHA1(x) || RIPEMD160(x) still gives you only about 160 bits of strength
"||" is concatenation. The theoretical argument, in brief: with the Merkle-Damgaard construction (used in MDx, SHAx, RIPEMDx), it takes a factor k to find 2^k collisions, over finding just a single one. By finding many collisions in one hash function, we have enough messages that they're likely to collide in the second as well.
But, he goes on to say
It was pointed out in the questions that another reason for concatenating hashes is not to try to increase the theoretical security, but for practical considerations in case one of them gets broken. This is probably why SSL, for example, used MD5 along with SHA1. That is still a valid reason.
It seems he agrees with you, regarding the general sentiment:
Using multiple hash algorithms is helpful, yes.
My take is that you get security that's at least as good as the best hash function. That is useful if you don't know which one's the best.
As a more practical matter, it eases deployment of new hashes if your software can already handle multiple hash functions; the step from one to two is often easily generalized.
if someone reasonably believes you're offering legal advice, and she follows your advice and loses some legal right or money, she can sue you for legal malpractice.
I took your advice and stopped blogging about my law practice. Now I get half as many clients. There's a court summons heading your way!
"Xiph" is actually from the Greek [encoding issues] (sword) by way of 'Xiphophorus' (sword-bearing, pseudolatin?) from the genus name of a fish (Xiphophorus helleri).
Which is also a great movie (if somewhat cheesy). One of the characters is a Finn (not a fin!) named Torvalds; there's also some crypto going on, with the mandatory bogus terminology, some people blowing each other up, and Halle Berry's naked tits!;)
Slashdot Mirror
The Microsoft solution represents license fees for the office suits
Coming to a clothing store near you: Tuxedo 2009, with more bling; where does your inner Gentleman want to go today?
But with Microsoft's stance on DRM, does this mean that when I bring home a girl and we're both hot and bothered by each other, helped by our champagne buzz, I have to pay extortion money to the IFPI* before we can get naked?
(*International Federation of the Pornographic Industry)
I suppose students will be learning how to manually run libreadline.
Which of course depends on libreadword, libreadsyllable and glibc's ctype.h.
Don't use eglibc, though, it's for embedded "carp" architectures :)
citizens have "no reasonable expectation of privacy" when they are in public
So when I'm driving on some friend's massively huge field, which is private property and hidden from public view by a forest, the police is going to turn off the GPS tracking device?
No, thought not. But presumably I have an expectation of privacy when I'm on my friend's private land.
Maybe if I had read the prime number theorem, I would have known that it's O(n / log n), which is somewhat bigger...
Prime numbers, meanwhile, become decreasingly common as you get larger and larger, is that not correct?
Yes, that is correct. There are roughly logarithmically many of them.
Bertrand's Conjecture (proven by Chebyshev) states than for all n > 1, there's a prime p with n < p < 2n.
If you look only at powers of two, it's readily seen that there are n primes between 1 and 2^n; setting k=2^n, there are log(k) primes between 1 and k.
A logarithmic upper bound follows from the Prime Number Theorem, which doesn't have an easy proof (AFAIK). It says something much more specific than just "It's O(log n)", though. Maybe there's a simple theorem from which you can derive O(log n), but I don't know.
I don't know; it might be interesting to know that the leading digits of powers-of-k are distributed in some interesting way in base not-k. They obviously all have a leading 1 in base k.
You can find the mathematicians' article at http://www.citeulike.org/group/3214/article/3664693 or http://arxiv.org/pdf/0811.3302 (pdf warning).
I find it interesting that the article doesn't prove any theorems. At least searching for the word "theorem" in the pdf only gives references to other theorems. Searching for "proof" gives no hits.
That leaves me thinking: what does this article tell us that we couldn't find out ourselves by ripping through some prime numbers? I thought the real power of math was to say something 100% certain about some infinitude of stuff, so we don't have to go and check every case by hand.
Oh well, I guess every open question needs some results on the form "this holds for all n <= bignum"; say, like the Goldbach Conjecture (every even number n > 2 is the sum of two primes).
Imagine if anyone could create an editor and call it Emacs. The FSF is going to get stomped down by "forks" that introduce all sorts of lucentware in the source code. Without the protection of trademarks, the FSF would have to sit idly by as its market share gets split up.
Just because source is open does not give you the right to hijack the work of a team and call something by the same name.
AIUI, that is a right which must be taken away, not given, and (this I'm sure of:) there is nothing in the Open Source definition which takes it away.
Just because a name isn't a trademark does in fact give you the right to hijack the work of a team and call something by the same name.
and as long as they can rearrange letters on the table and get something that looks catchy to some marketing drone, they think they've got a winner.
Next time you see them, tell them from me that they should go with BetaMax! ;)
The market for proprietary software and the community for open source software does function pretty good for weeding out the crapware.
Please do take note that the code you see on thedailywtf wasn't found in someone's hobby project...
Sorry if that scared the shit out of you.
Yo, dawg! We heard you like ads, so we put an ad in your TV so you can have (our) ads while you browse.
I just don't understand what's so interesting/damning here.
Do you do web development? Do you support an intranet web app that only runs on IE 6.0?
I don't. But what I hear is that you first develop for standards-conforming browsers, then spend a lot of time hacking your site to be IE-compatible too.
A lot of development hours could be saved if IE was more compliant with the standards. A lot of system administration hours could be saved if users could be made to use a more secure browser than IE 6.0. ("a lot" was pulled from my ass.)
Possibly, more competition might motivate Microsoft to write a more standards-compliant browser.
Alternatively, Chrome taking over the market might mean the demise of Micro$oft :D
which you can then stream (but not download)
Because if bytes are sent to your computer, it can only move them to the sound card and not the disk. Not that I encourage dumping the packet stream and replaying it later or anything like that ;)
I think parent is faulting MS for not enabling graceful degradation.
It like... if you have a hot car, you'll get tons of chicks. If you have a normal car, you still get some chicks. In MS world, you have to have a hot car to get chicks at all.
And she did not want to sue McDonalds for punitive damages, only to have them pay for the costs of her medical treatments.
This'll probably get me modded troll, but here goes...
I've heard this term, "Ambulance chaser". And there's this Liebeck vs. McHotCoffe case.
The concept of an ambulance chaser is very foreign to me. Why would you need a lawyer when you're taking a hospital cab ride?
But then again, my taxes pay my medical bills, so I don't have to worry about financial ruin whenever I break a leg or have severe sunburn from crossing the street (this being /.) or whatever.
Might US lawyers have a little less business if you had tax-paid medicine? I know, it's socialism, and socialism is bad because it's socialism, but consider this: "health is less good in societies where income differences are bigger" (http://www.ncbi.nlm.nih.gov/pubmed/16226363).
If people don't have enough time to drink a coffee properly, they need to negotiate better work hours or take up a less insane lifestyle. [...] solving entirely the wrong problem.
What makes a problem wrong? I contend that the right problems are those people want solved. Economy seems to be based on this idea ("Subjective theory of value").
Is it a bad thing that people want to solve "Drink coffee in a stressed-out lifestyle" rather than "have a not-so-stressed-out lifestyle"? Probably. Feel free to consult the literature to find out the detrimental health effects of stress; my guess is that they are plentiful.
That's an objective measure of how wrong the problem people want solved is. Your measure ("it gives me bad coffee") is subjective.
I'm not saying it's wrong (after all, didn't I just say that subjective desires define what's right?); just pointing it out...
If inability to reproduce qualifies one for the Darwin Awards, I think 90% of the Linux user-base can make it to the finals.
Aww, come on! We have sex every time our machines crash.
Is there any hash function that actually is secure?
I think this would imply P != NP. While P != NP is a reasonable thing to believe, it hasn't been proven yet, so if a hash function was proven to be perfectly secure, we would likely have a proof that P != NP.
Well... not exactly; if hashes of a given hash function H have length O(1), then let n be smallest number larger than the length of the longest hash. Then there are at most 2^n - 1 different output values: 1 + ... + 2^(n-1) = 2^n - 1. Then, run through 2^n valid inputs and hash them; two will be equal.
[make some assumptions about polynomial running time of H, and that 2^n input strings can be found that are all of length polynomial in n; the latter follows from a common assumption: all strings are valid inputs]. So collisions can be found in time O(1) if hash sizes are O(1).
What we really want to talk about, in a theoretical sense, is a family of hash functions {H_n | n = 1, 2, ...} with outputs of size n. Any hash function with a fixed-length output will have a collision; similar to above, it's reasonable to assume they're of polynomial length. Then, a non-deterministic turing machine generates two strings which hash to the same value; by assumption of perfect security, no polynomial time turing machine can do this.
And being really pedantic, turing machines only solve decision problems; what you really want your turing machine to do is take two strings and and k, and tell you whether the two strings are prefixes of strings x and y both of length at most k, such that H(x) = H(y). Do binary search for a k that works (using the empty string as prefixes), then find the strings by expanding them bit by bit.
I'm not sure what I said is 100% formally correct, so consider this a near-complete proof sketch.
This has nothing to do with multiple hash algorithms.
You should really read the rest of that post.
Finding a pair of documents that have the same SHA1 hash doesn't help you find a pair of documents with the same MD5 hash.
No, but if you can find one you can also find many, and in the many you can find an MD5 collision. From the link:
Joux then extended this argument to point out that attempts to increase the security of hash functions by concatenating the outputs of two independent functions don't actually increase their theoretical security. For example, defining H(x) = SHA1(x) || RIPEMD160(x) still gives you only about 160 bits of strength
"||" is concatenation. The theoretical argument, in brief: with the Merkle-Damgaard construction (used in MDx, SHAx, RIPEMDx), it takes a factor k to find 2^k collisions, over finding just a single one. By finding many collisions in one hash function, we have enough messages that they're likely to collide in the second as well.
But, he goes on to say
It was pointed out in the questions that another reason for concatenating hashes is not to try to increase the theoretical security, but for practical considerations in case one of them gets broken. This is probably why SSL, for example, used MD5 along with SHA1. That is still a valid reason.
It seems he agrees with you, regarding the general sentiment:
Using multiple hash algorithms is helpful, yes.
My take is that you get security that's at least as good as the best hash function. That is useful if you don't know which one's the best.
As a more practical matter, it eases deployment of new hashes if your software can already handle multiple hash functions; the step from one to two is often easily generalized.
I'll probably need 80 hours over the next [48 hours] to get started
Are you implying that it's the lawyers or their clients who suck at math? ;)
if someone reasonably believes you're offering legal advice, and she follows your advice and loses some legal right or money, she can sue you for legal malpractice.
I took your advice and stopped blogging about my law practice. Now I get half as many clients. There's a court summons heading your way!
;)
and you get served by Big Out of State Corporation
If you get sued by the RIAA, instead of getting served, the South Park version happens: you get fucked in the a** :)
What about the kids in South Africa and Iraq?
They just need more maps...
"Xiph" is actually from the Greek [encoding issues] (sword) by way of 'Xiphophorus' (sword-bearing, pseudolatin?) from the genus name of a fish (Xiphophorus helleri).
Googling for "Xiphophorus helleri" gives me http://en.wikipedia.org/wiki/Green_swordtail which says genus=Xiphophorus, species=helleri.
So it's a fish with a sword---a swordfish.
Which is also a great movie (if somewhat cheesy). One of the characters is a Finn (not a fin!) named Torvalds; there's also some crypto going on, with the mandatory bogus terminology, some people blowing each other up, and Halle Berry's naked tits! ;)
imdb entry: http://www.imdb.com/title/tt0244244/
Might that have inspired Xiph?