It would be interesting to know how long each of these colliding files was... funny how we all *know* that for nontrivial hash inputs there are many many possible colliding inputs, but over time we tend to slide into "let's just compare hashes to find identical data; collisions are so rare - after all, we haven't seen any!"

Part of BMW's response FTFA:
"A vital point to acknowledge here is that there is no such thing as the ‘unstealable’ car, as Ron Cliff knows well. If a criminal decides they want your car, they will find a way to take it. Our job is to make it as difficult as possible."

Apparently, that means making it take three minutes, instead of, say, two and a half. Dare we dream one day of the car that can resist theft for... four minutes?

Anyone who thinks that tinnitus adds anything to life is kidding themselves. Constant ringing in your ears, worse with stress or fatigue.

I have much accumulated damage to my body, but my highest priority for improvement would be my hearing. I don't mind wearing a splint for the rest of my life to save my teeth from finally wearing to the point of mechanical failure, but I hate having tinnitus and high frequency hearing loss.

Look after your diet, people - your small blood vessels in your middle ear can get constricted with fatty crap just like your big arteries around your heart can. Reduced blood supply => increased oxidative stress => less robust neurons in your ears => increased risk of hearing loss after noise exposure.

...holding patents on:
- FM Synthesis (John Chowning at CCRMA)
- PageRank (a certain Larry Page and Sergei Brin)

Yamaha licensed the FM synthesis patents, and later waveguide synthesis patents, that stemmed from work at CCRMA, part of Stanford.
Google holds an exclusive license to the PageRank patent.

Stanford certainly doesn't sell musical instruments or search engine services, so does that make them patent trolls? Maybe Stanford hasn't ever had to sue any other companies to enforce their rights on these patents, but that could simply be down to people knowing not to mess with an institution backed by that kind of intellectual and financial firepower. Having made considerable profit from these patents, do you think it likely that Stanford would lie down and let some company use these patents without licensing them?

Thanks very much for this quote! I have been saying basically the same thing, albeit less eloquently, for years, but never came across this quote.

Maybe advanced magic prevents MPEG-4 compression artifacts from being just as annoying as MPEG-2 compression artifacts, but it would seem shortsighted to devalue what is supposed to be the premium movie viewing experience (digital projectors, in a cinema) by using consumer grade compression. I see enough melty faces on standard definition DVB-T broadcasts that I remain skeptical about the invisibility of MPEG-4 compression, especially when the result is blown up to huge proportions and the film has lots of special effects. I am not going to a cinema to look at blocky crap where the compression algorithm ran out of bits for the breaking waves or rushing water or full-on special effects.

Anyway, all of that P- and B-frame stuff is just to get the bit rate down to the point where a movie fits on a nice, cheap-to-produce piece of optical media sold to individual households. The economic equation is totally different for the media that is used to exhibit a film to (hopefully!) many people, and it's not like making a physical print and shipping it around was very cheap either.

Flicker depends a lot on the shutter angle (proportion of frame time that the film is exposed for) as well, for traditional film cameras.

Small shutter angle => short exposure => more flicker on fast action. Think "Saving Private Ryan" beach landing scene - little bits of dirt from explosions caught in mid-air for a single frame by the short per-frame exposure. A flow-on is that such shots often have more grain and less colour saturation, because the film needs to be of a faster type to get properly exposed at these shorter exposure times using practical amounts of light -- especially for outdoor scenes.

"Bully" should only be used as a verb - "bullying". The noun should instead be "vicious shithead". People who enjoy inflicting pain on people should not be called bullies, but vicious shitheads.

It is of course possible to stop being a vicious shithead. I was one too - I bullied my brother, because I was so angry at the breakdown of my parents' marriage and being bullied myself; I was an Asperger's space cadet bully magnet. I bullied another pupil at my school, until the day he fought back and I realised that right then there was nothing separating me from the shitheads who called me a faggot so often I ended up questioning my own sexuality by the end of high school and were always threatening me with violence... sometimes more than just threats. I never bullied again after that day.

Later I apologised to my brother. I should have apologised to that pupil too, but I was too much of a coward then. What I have learned since that day, in adult life, is that almost nobody wants to admit that their shit stinks as much as anyone else's, let alone that their actions and attitudes are especially toxic and fucked. Doesn't change the fact that if someone enjoys inflicting pain on someone else (who doesn't consent, please insert obligatory "BDSM is a valid lifestyle" whalesong here) they aren't a mere "bully", they are a vicious shithead.

As for the premature aging signs that are mentioned in the original post - I can believe it. Due to some stupid life choices, I ended up living on a farm with my alpha male father-in-law, who felt no great restraint against venting his toxic temper whenever things didn't go his way - and I ended up with crippling osteoarthritic pain in my knees and wrists so bad that I could not walk up stairs without bracing my knees with my hands. Thankfully I eventually managed these symptoms with concentrated fish oil extracts and glucosamine, both of which have been reported to moderate inflammation responses. But I am under no illusion that my body is in anything other than "fuck off and die young" mode because of the social situation that I find myself in. My continued ability to do the manual work this lifestyle requires is as far as I can tell dependent on my luck in finding some appropriate dietary supplements. Before I started taking those, I could hardly get out of my car to open the farm gates on my daily commute. Chronic oxidative stress fucks you up good and proper.

When I was at home during the day over the Christmas holiday period, a number of the "hello, this is the technical support centre, your Microsoft Windows computer has a virus [so please install our trojan software to remove the bogus virus, you chump]" scam callers had an accent that sounded Filipino to me, and spoke pretty clearly compared to the Indian accented callers I had heard before. Perhaps I was experiencing the benefits of US-funded English training in the Phillipines.

NB: This is not any racist remark, just my experience of a number of phone calls (1 or 2 per day) that I received when I happened to be home for a week. It got to the point where I was interrupting them with "Oh, you're calling about the computer, aren't you?" within a second of them starting their patter. It was a small consolation to hear the pause and uncertain "..yes?" before I hung up on them.

When the labour of humans with Internet access is so plentiful and cheap, you can try all the same "works one in a hundred times" scams that used only to be economical to automate, but now your scam mechanism can talk, interpret speech, pass a Turing test and solve CAPTCHAs...

I can hear a Zippy quote: "SINGAPORE has instituted PERMANENT PUNCTUALITY!" How fitting.

But seriously, I can't think of any justification for Daylight Savings near the equator. Where I live in Australia, which is only 35 degrees south, it used to get pretty annoying waking up at 5:00 in the morning with the sun in spring, because DST used to start at the end of October. Now that DST starts at the beginning of October, sunrise only gets to about 05:40 before DST kicks in.

The boards are in manufacturing, expected to complete on Feb 20th. The most recent holdup came down to a misunderstanding as to whether a particular form factor of piezo crystal was easily available in China at the expected price, because the same crystal is easily available and cheap in the UK. The Raspberry Pi team have been incredibly open and patient in explaining to the many, many people visiting their web site how the design decisions have been made, and what has been taking all the time in going from an alpha board prototype to a ready to manufacture product.

When the goal is to produce something in large quantities for low price, and the project is done by people with great skill but also other competing demands on their time (like, their day jobs), it's not surprising there have been some delays in trying to get the board design to the point of manufacture. I've been following the project for months, and it has struck me how the degree of openness of this project has added more work for the RasPi team in having to clarify/dispel misconceptions and ill-founded rumours - such as when a simple mention of 10,000 "parts kits" being on order caused some people to start thinking that the RasPi was not going to be fully assembled, simply because they didn't understand the meaning of that phrase in that context, and had not read the FAQ - and yet the RasPi team keep telling us what is going on because that is the ethos of the project.

I've got no association with the project, other than frank admiration at their dedication and focus on meeting their real goals, which is not to ship device X by time T, but to spark a renewed interest in the actual study and practise of computing.

Parent post hits nail squarely on head. Just because Random Hopeless CA X is still in a browser's trusted root CA list, should not mean that they can issue certs against my domain that anyone should trust. Placing signed cert public key fingerprints (or even the public key fingerprint of the root CA that actually issues your cert, if you really trust that CA) would make it much harder for an attacker to compromise a well-run, high-value web site (such as gmail.com or a banking web site).

Google did this unilaterally in their own browser, by only trusting the small set of CAs that Google uses when accessing its own web sites. Neat, but not at all scalable, even if Google were motivated to extend that feature to high-value web sites run by other companies.

Grid computing had a similar idea - if you wanted to get your CA's certificate into the bundle of trusted CAs distributed with common Grid software bundles like Globus or VDT, your CA had to have a "signing authority" that limited what certificate subjects it could sign for, which was part of the CA certificate. This meant that even if I compromised Random Trusted Grid CA X, I could not issue a cert that claimed I was from, say, Fermilab, because that cert would not match against the signing authority for that other Grid CA. Commercial CAs would never agree to similar provisions, because that would restrict who they could sell certs to, but the parent post's idea devolves that signing authority down to the people who actually pay for the certificate, which is naturally where that authority should reside.

Best of all, to implement this scheme, you just need to create an appropriate DNS record, add the check to your preferred open source web browser, and start selling the idea to the browser users and web site operators. With luck, the public support for the idea gets it adopted by web site operators (it costs them almost nothing), CAs have nothing to object to because they can still sell certs to whoever they were already selling certs to, and browser users put pressure on the developers to support the scheme. You don't have to persuade everyone to swallow a barrel of crypto-anarchist-libertarian "decentralise everything, storm the Winter Palace, power to the people, right on!" Kool-Aid and destroy the existing PKI CA architecture in order to save it.

Remember, politics is the art of the possible.

It is also true that no person who was ever born has ever had any personal knowledge or experience of any impossible state of affairs. That does not make any impossible thing more possible just because we don't know what it would be like to experience that impossible thing. Or, indeed, help us work out which impossible thing would be more likely.

How about you work out a consensus "God(s) made everything we see just like so" story with all the other religions than the one you happen to cleave to? Because, by the same token you would not necessarily know how to recognise the world as a creation of Brahma, Eurynome and Ophion, Mazda, or the Flying Spaghetti Monster, rather than your god. Who knows, you might end up looking at the world to find evidence of a specific creation story. How would you weigh one religion's claim for justification based on one piece of evidence with other evidence that supports your preferred religion? Or different interpretations of the same evidence? You might need to develop some theories of natural science that let you tell the commonplace from the extraordinary. You will no doubt be relieved to find that there happen to be some quite useful theories of that sort knocking around already, that have been refined for many centuries. Feel free to use them to rationalise however much self-deception you need in order to elevate your creation story over all the others.

I expected a lot from my young children, but I never expected them to bake cookies!

(My wife plays and draws and bakes cookies with my kids too, BTW... sorry, I just couldn't resist the exploitable typo :-)