There may even be a theoretical argument to support that: since a single core processor at twice the speed can do anything the dual core processor can do at least as quickly (by just running the two threads in sequence, or interleaving their instructions, etc.), the real question is whether or not there are problems that are inherently hard to benefit from parallelizing. The P-complete problems are good candidates for this, and so if you need to deal with anything that involves such problems (e.g. linear programming problems), you will definitely want the faster single-core processor.
Turns out, I don't download stuff other people like
...because there are so many people in the world who like Teen Anal Nightmare 2 or Batman XXX: A Porn Parody? The fact that something is unpopular is not a protection from these lawsuits.
Luckily, these lawsuits were stopped by the judge as well, because of how completely absurd it is to sued thousands of people across different jurisdictions in the same court room.
Damages awarded in lawsuits are so lucrative that people like USCG would never want to see an end to file sharing. Their business is making money by suing people, and they are getting bad directors like Uwe Boll on board. If people suddenly stopped sharing movies, USCG would go out of business, although they might try a few lawsuits anyway just to keep themselves propped up (e.g. people discussing a movie's script on a forum).
Would you shell out the $3500 to get Mac OS X? The way I see it, that is the choice you will have in the near future: iOS for a "consumer" level computer, and Mac OS X for high end "professional" level computers.
On the other hand, Apple could only market Mac OS X to professional users, on their high end workstations. Consumers will get iOS everything -- iOS tablets, iOS PDAs, iOS laptops, maybe even some sort of iOS desktop (with a completely different form factor than current desktops?), and they will be cut out of the development process; only professionals with high end workstations will be able to write software for iOS.
Apple is not going to kill of Mac OS X. I have said it before, and I'll say it again: Mac OS X's future is on high end workstations, targeting the professional and power user markets. Apple's consumer strategy will be centered on iOS.
It is probably easier to get marijuana than it is to get alcohol or tobacco, especially if you are a teenager. Making a drug illegal does not magically stop people from obtaining or using it. The biggest deterrent to illegal drug use has been the government's widespread propaganda campaign, which has convinced people to accept without question the notion that illegal drugs are automatically worse for them than legal ones.
Cracking one password may be enough for a larger attack even if the target user is not particularly high priority. So, maybe the hackers gain access to the shadow file of some other system, and correctly surmise that a low-level employee at the target company uses the same password for their work account as for whatever other system was compromised, and now they have access to the target company's internal LAN.
The real answer, IMO, is to start moving toward cryptographic authentication methods, and remove the problem of passwords altogether.
If your passphrase is longer enough, you get a diminishing return, as there is going to be a collision with a shorter string, and so the amount of work your attacker needs to do is really bounded by the length of the output of your hash function.
The reason mathematicians are interested in the 3n+1 problem is that we do not have a very good understanding of the process -- it is a fairly simple process to describe, but it is not so easy to explain why it would always fall into the same cycle (1,4,2,1,4,2,1,4,2). A lot of problems in number theory are like this; Fermat's last theorem was similarly easy to state but very difficult to understand and prove. The real-life application of these problems is often more related to the various methods required to solve them than the problem itself.
For example, consider the problem of the quintic formula. As everyone with a middle school education should know, there is a formula that gives the solution to any linear equation (ax+b = 0), and there is a formula that gives the solutions to any quadratic equation (ax^2 + bx + c = 0). Some more educated people will also know that there are formulas for cubic equations (ax^3 + bx^2 + cx + d = 0) and quartic equations (ax^4 + bx^3 + cx^2 + dx + e = 0). The obvious question is, "What about quintic equations (ax^5 + bx^4 + cx^3 + dx^2 + ex + f = 0)?"
The answer is a somewhat intellectually interesting, "No, there is no formula that gives the solution to all quintic equations (using only arithmetic and radicals)." There is no real-world application of that answer; we can get good enough approximations of the solutions to quintic equations by various numeric methods, which is perfectly fine for any problem that involves solving a quintic. However, the proof that there is no quintic formula involves fields of mathematics that are very much applicable to real-world problems: group theory and field theory are very important in cryptography and certain branches of physics. Additionally, those fields of study led to the research of more general abstract algebra, with still more real-world application.
So, no, there is no real-world use for the Collatz conjecture, at least none that I am aware of. In all likelihood, the proof of the Collatz conjecture will lead to some practical application, or a better understanding of certain real world problems.
it's a lot of work to run a CA well even if you're not accepting submissions from the general public and you add having to distribute your CA key and get people to trust it.
If it is internal to your organization, distributing the key is really not hard to do, particularly since new members of the organization will (presumably) go through some sort of orientation process. If new members never meet current members in-person, then you have something of a challenge, but there are all sorts of security issues in such a situation. When I said "for internal use" I meant, in a very literal way, "for internal use" -- not for situations where you need to securely communicate with people who are external to your organization.
Plus you really want to be able to change your service certificates when (not if) you have deployment problems (such as a service compromise by insufficiently secured PHP; remember, security's not just one thing) which CA-based solutions have down pat whereas most of the others (e.g., web of trust) find difficult.
This is not a CA issue, it is just an issue of separating master signing keys from keys that you intend to use. Using PGP as a WoT example, you can create subkeys which do not need to be verified by the WoT, and keep the master signing key safe (perhaps in a safe). Revoking the master signing key is still going to be hard, but I can say something similar for the CA itself: revoking the CA's root certificate is a very hard thing to do.
Additionally, I would be worried about a CA that makes the process of obtaining a new signed certificate too easy. Most CAs are not nearly strict enough when it comes to verifying the authenticity of the certificates they are signing. We are unfortunately stuck with CAs, mainly because most computer users are nowhere near knowledgeable enough to remove an untrustworthy CA's root certificates from their systems, and the CAs all know it.
4. When you cooperate with the cops, you go to jail.
I would not do anything except ask for my lawyer and tell the cops that I am exercising my right to remain silent if I were arrested. You cannot be prosecuted for exercising your rights (and if we ever degenerate to such a state of government, then cooperation still will not help you), and nothing you say to the police will be used in your defense. What, do you think that by telling the police where you got your marijuana from you will somehow help get yourself out of your prison sentence?
Your rights were not codified for the benefit of criminals. You have the right to remain silent as a protection against the government, and we certainly need that sort of protection in this day and age. I would not say anything to a police officer, even if I were not being arrested, except perhaps a polite "Good afternoon, officer." There are just too many ways to break the law, and too many ways that a friendly conversation with a cop could result in the admission of a crime.
if you're going to go to the trouble (or expense) of setting up SSL
What trouble and expense? TLS (SSL is obsolete) is only expensive if you need to get your certificates signed by a commercial CA i.e. if you are interacting with random people who are not affiliated with you or your organization. If you are only deploying TLS for internal purposes, just maintain your own internal CA and deploy your internal signing key to all of your organization's systems.
Also, what would be the minimum level of encryption required for, say, online banking?
AES-128 is perfectly reasonable here; it has a sufficient security margin for online banking and is nowhere near the weakest link in the security chain. If you happen to have extremely sensitive information and you need >30 years security, a more conservative cipher like MARS or Twofish might be appropriate (given the attacks on the AES-256 key schedule; in any case, 256 bit ciphers are recommended for >30 year security last I checked). Really though, any of the AES finalists are fine.
Can I trust that my SSL provider hasn't been hacked (or at least snooped)? How do I know some disgruntled IT admin hasn't sold the private key of his company's root CA to the same organization that developed the conficker virus?
CAs should not be trusted; the CA system is based on a typically bad assumption, which is that there are enough users who are aware of what it means for a CA to be untrustworthy to force the CAs to exercise appropriate security policies (or lose their business). Since only a tiny minority of Internet users even know what a CA is, and only a tiny minority of those people know how often CAs issue signatures for fraudulent certificates, the assumption does not hold. CAs are not trustworthy and should not be trusted.
I've read some of Bruce Schneier's work (I'm subscribed to Cryptogram) and he tends to highlight the FUD that surrounds internet security
You should take more time to read about cryptography. Confusing a hash function with a cipher is not a good indication that you have the minimum level of knowledge needed to understand what Schneier is saying.
Except that they are talking about thousands of executions per year. The United States increased its prison population by hundreds of thousands in 2008 alone:
Yes, China is the world leader in executions (but per capita, Iran is the leader), but we are talking about orders of magnitude difference in terms of how many people the United States imprisons. The United States does not arrest people who did not commit any crimes; the United States simply defines so many things to be crimes that it becomes difficult for people to live their lives without being criminals.
We are free, except for the millions of people who are behind bars; in fact, the US imprisons more people than any other country, including China, and the only countries to even imprison more people than the US were the USSR and Nazi Germany. As if that were not shameful enough, we also imprison a higher proportion of our black population than South Africa did during Apartheid.
Slashdot Mirror
There may even be a theoretical argument to support that: since a single core processor at twice the speed can do anything the dual core processor can do at least as quickly (by just running the two threads in sequence, or interleaving their instructions, etc.), the real question is whether or not there are problems that are inherently hard to benefit from parallelizing. The P-complete problems are good candidates for this, and so if you need to deal with anything that involves such problems (e.g. linear programming problems), you will definitely want the faster single-core processor.
Imagine how many bucks the MPAA could have made if it were not for these people.
Turns out, I don't download stuff other people like
http://arstechnica.com/tech-policy/news/2010/11/a-new-record-9729-p2p-porn-pushers-sued-at-once.ars
Luckily, these lawsuits were stopped by the judge as well, because of how completely absurd it is to sued thousands of people across different jurisdictions in the same court room.
Damages awarded in lawsuits are so lucrative that people like USCG would never want to see an end to file sharing. Their business is making money by suing people, and they are getting bad directors like Uwe Boll on board. If people suddenly stopped sharing movies, USCG would go out of business, although they might try a few lawsuits anyway just to keep themselves propped up (e.g. people discussing a movie's script on a forum).
"Doe" as in "John Doe" as in they are anonymous for the time being, because USCG has not been able to determine who they are.
Perhaps because a penis (once removed from a person's body) is homeomorphic to a torus?
http://en.wikipedia.org/wiki/Homeomorphism
Why do you need Facebook to keep up with your friends? You could try actually spending time with them, talking to them, etc.
Just...wow...
Would you shell out the $3500 to get Mac OS X? The way I see it, that is the choice you will have in the near future: iOS for a "consumer" level computer, and Mac OS X for high end "professional" level computers.
On the other hand, Apple could only market Mac OS X to professional users, on their high end workstations. Consumers will get iOS everything -- iOS tablets, iOS PDAs, iOS laptops, maybe even some sort of iOS desktop (with a completely different form factor than current desktops?), and they will be cut out of the development process; only professionals with high end workstations will be able to write software for iOS.
Yes, TFA seems to say the same thing, except with a more negative attitude about Apple's interest in the high end workstation market.
Apple is not going to kill of Mac OS X. I have said it before, and I'll say it again: Mac OS X's future is on high end workstations, targeting the professional and power user markets. Apple's consumer strategy will be centered on iOS.
It is probably easier to get marijuana than it is to get alcohol or tobacco, especially if you are a teenager. Making a drug illegal does not magically stop people from obtaining or using it. The biggest deterrent to illegal drug use has been the government's widespread propaganda campaign, which has convinced people to accept without question the notion that illegal drugs are automatically worse for them than legal ones.
Except the Fields medal. And the Turing Award...
Oh, you know, things like this:
http://hacks.mit.edu/Hacks/by_year/1994/cp_car/
Cracking one password may be enough for a larger attack even if the target user is not particularly high priority. So, maybe the hackers gain access to the shadow file of some other system, and correctly surmise that a low-level employee at the target company uses the same password for their work account as for whatever other system was compromised, and now they have access to the target company's internal LAN.
The real answer, IMO, is to start moving toward cryptographic authentication methods, and remove the problem of passwords altogether.
If your passphrase is longer enough, you get a diminishing return, as there is going to be a collision with a shorter string, and so the amount of work your attacker needs to do is really bounded by the length of the output of your hash function.
The reason mathematicians are interested in the 3n+1 problem is that we do not have a very good understanding of the process -- it is a fairly simple process to describe, but it is not so easy to explain why it would always fall into the same cycle (1,4,2,1,4,2,1,4,2). A lot of problems in number theory are like this; Fermat's last theorem was similarly easy to state but very difficult to understand and prove. The real-life application of these problems is often more related to the various methods required to solve them than the problem itself.
For example, consider the problem of the quintic formula. As everyone with a middle school education should know, there is a formula that gives the solution to any linear equation (ax+b = 0), and there is a formula that gives the solutions to any quadratic equation (ax^2 + bx + c = 0). Some more educated people will also know that there are formulas for cubic equations (ax^3 + bx^2 + cx + d = 0) and quartic equations (ax^4 + bx^3 + cx^2 + dx + e = 0). The obvious question is, "What about quintic equations (ax^5 + bx^4 + cx^3 + dx^2 + ex + f = 0)?"
The answer is a somewhat intellectually interesting, "No, there is no formula that gives the solution to all quintic equations (using only arithmetic and radicals)." There is no real-world application of that answer; we can get good enough approximations of the solutions to quintic equations by various numeric methods, which is perfectly fine for any problem that involves solving a quintic. However, the proof that there is no quintic formula involves fields of mathematics that are very much applicable to real-world problems: group theory and field theory are very important in cryptography and certain branches of physics. Additionally, those fields of study led to the research of more general abstract algebra, with still more real-world application.
So, no, there is no real-world use for the Collatz conjecture, at least none that I am aware of. In all likelihood, the proof of the Collatz conjecture will lead to some practical application, or a better understanding of certain real world problems.
it's a lot of work to run a CA well even if you're not accepting submissions from the general public and you add having to distribute your CA key and get people to trust it.
If it is internal to your organization, distributing the key is really not hard to do, particularly since new members of the organization will (presumably) go through some sort of orientation process. If new members never meet current members in-person, then you have something of a challenge, but there are all sorts of security issues in such a situation. When I said "for internal use" I meant, in a very literal way, "for internal use" -- not for situations where you need to securely communicate with people who are external to your organization.
Plus you really want to be able to change your service certificates when (not if) you have deployment problems (such as a service compromise by insufficiently secured PHP; remember, security's not just one thing) which CA-based solutions have down pat whereas most of the others (e.g., web of trust) find difficult.
This is not a CA issue, it is just an issue of separating master signing keys from keys that you intend to use. Using PGP as a WoT example, you can create subkeys which do not need to be verified by the WoT, and keep the master signing key safe (perhaps in a safe). Revoking the master signing key is still going to be hard, but I can say something similar for the CA itself: revoking the CA's root certificate is a very hard thing to do.
Additionally, I would be worried about a CA that makes the process of obtaining a new signed certificate too easy. Most CAs are not nearly strict enough when it comes to verifying the authenticity of the certificates they are signing. We are unfortunately stuck with CAs, mainly because most computer users are nowhere near knowledgeable enough to remove an untrustworthy CA's root certificates from their systems, and the CAs all know it.
4. When you cooperate with the cops, you go to jail.
I would not do anything except ask for my lawyer and tell the cops that I am exercising my right to remain silent if I were arrested. You cannot be prosecuted for exercising your rights (and if we ever degenerate to such a state of government, then cooperation still will not help you), and nothing you say to the police will be used in your defense. What, do you think that by telling the police where you got your marijuana from you will somehow help get yourself out of your prison sentence?
Your rights were not codified for the benefit of criminals. You have the right to remain silent as a protection against the government, and we certainly need that sort of protection in this day and age. I would not say anything to a police officer, even if I were not being arrested, except perhaps a polite "Good afternoon, officer." There are just too many ways to break the law, and too many ways that a friendly conversation with a cop could result in the admission of a crime.
Or the army will be called in, and the "heavily armed citizens" will realize that their AKs and ARs are no match for the equipment our soldiers carry.
SHA-512 encryption
SHA-512 is a hash function, not a cipher.
if you're going to go to the trouble (or expense) of setting up SSL
What trouble and expense? TLS (SSL is obsolete) is only expensive if you need to get your certificates signed by a commercial CA i.e. if you are interacting with random people who are not affiliated with you or your organization. If you are only deploying TLS for internal purposes, just maintain your own internal CA and deploy your internal signing key to all of your organization's systems.
Also, what would be the minimum level of encryption required for, say, online banking?
AES-128 is perfectly reasonable here; it has a sufficient security margin for online banking and is nowhere near the weakest link in the security chain. If you happen to have extremely sensitive information and you need >30 years security, a more conservative cipher like MARS or Twofish might be appropriate (given the attacks on the AES-256 key schedule; in any case, 256 bit ciphers are recommended for >30 year security last I checked). Really though, any of the AES finalists are fine.
Can I trust that my SSL provider hasn't been hacked (or at least snooped)? How do I know some disgruntled IT admin hasn't sold the private key of his company's root CA to the same organization that developed the conficker virus?
CAs should not be trusted; the CA system is based on a typically bad assumption, which is that there are enough users who are aware of what it means for a CA to be untrustworthy to force the CAs to exercise appropriate security policies (or lose their business). Since only a tiny minority of Internet users even know what a CA is, and only a tiny minority of those people know how often CAs issue signatures for fraudulent certificates, the assumption does not hold. CAs are not trustworthy and should not be trusted.
I've read some of Bruce Schneier's work (I'm subscribed to Cryptogram) and he tends to highlight the FUD that surrounds internet security
You should take more time to read about cryptography. Confusing a hash function with a cipher is not a good indication that you have the minimum level of knowledge needed to understand what Schneier is saying.
Sorry, misread that; s/hundreds of thousands/tens of thousands/. The point remains the same: the US adds more prisoners per year than China executes.
Except that they are talking about thousands of executions per year. The United States increased its prison population by hundreds of thousands in 2008 alone:
http://www.thedefendersonline.com/2009/02/03/america-on-lockdown-new-facts-about-america%E2%80%99s-prisons-prisoners/
Yes, China is the world leader in executions (but per capita, Iran is the leader), but we are talking about orders of magnitude difference in terms of how many people the United States imprisons. The United States does not arrest people who did not commit any crimes; the United States simply defines so many things to be crimes that it becomes difficult for people to live their lives without being criminals.
We are free, except for the millions of people who are behind bars; in fact, the US imprisons more people than any other country, including China, and the only countries to even imprison more people than the US were the USSR and Nazi Germany. As if that were not shameful enough, we also imprison a higher proportion of our black population than South Africa did during Apartheid.
Shameful.