Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Comment Re:what about git? (Score 4, Interesting) 68

Immerman's point is essentially right. Here is a more thorough opinion.

Git does not use SHA1 for cryptographic purposes. The use of SHA1 for cryptographic purpose is what should be deprecated. If major git repositories start calculating SHA256 hashes too, and keep an eye out for in the wild collisions, it will probably be ok. Git does not need to be attack resistant like TLS does. In any case, it is worth rejigging the code so that the hash is done via a plugin and can be migrated, if this isn't already done. I haven't read the git source and am not sure, but it would be easy to get it done before it becomes a problem for git. I use md5sum for a lot of applications which don't require security sufficient for cryptographic purposes. Cryptography is the Formula 1 of computation, and just like most vehicles don't need to compete against an F1 car, many of the trickle-down uses of cryptographic hashes will be fine for a while. Git only has an issue if two versions of files in the same repo produce the same hash. In practice that means two compilable source files, rather than arbitrary meaningful input. That makes cracking much harder since you have a language recognition problem bolted onto the frontend of your hash, so most potentially colliding inputs will be excluded by this (if one colliding file is a C file, and the other is bad French poetry, it is clear which is intended -- cryptographic purposes cannot rely upon such applications of commonsense recognition). Do not worry about Git.

As an exercise, try and write two valid Python3 files between 10 and 30 lines long importing only sys, re and glob, such that they have identical md5sum outputs. By reducing the input space for a hash, you can make collisions less likely. What is important about this attack is that there is a round trip forward through the hash, and then backwards to a different input. By looking at the information discarded by the nonlinear parts of the hashing algorithm (that is, the non-reversible steps) you can start to make meaningful sense of what the hash is doing. Interestingly, if you produce a language specification which permits fewer valid inputs than the number of possible hash outputs, it is in principle possible that no collisions will occur. Indeed it would be a good exercise for a beginning cryptanalyst to try and construct a language such that valid inputs were guaranteed to get different md5sum outputs.

Comment Yes. Turing Mechanics doing Turing Mechanics (Score 1) 99

I have registered I have watched carefully for years (note my /. serial 987). I am descended academically from Turing, and after letting the mental elf numpties try to destroy my mind, and concluding that they cannot, I am confident to ring the doorbell and offer my assistance. I will for the UK Guild of Turing Mechanics for the purpose of putting Dear Alan's legacy straight. For reference, here is my entry in the mathemalogical family tree: http://www.genealogy.math.ndsu...

Comment Eye Strain (Score 1) 198

The reason we need silly resolution (Full HD as low, 4K as high) is that when things are blurry and what the eye sees is something that ought not to be blurry, the eyes will (in my humble non-medical experience) strain themselves trying to focus hunt over a small range, rather like a confused consumer camera. Pin sharp means that when focus is correct, it is clear to the focus regulation circuitry in the brain that it is.

Comment Take it from me (Score 4, Insightful) 616

As an obsessive pure mathematician who is obsessed with twisted forms of coding minimalism to stave off boredom and so on, and who did his PhD in arithmetic.

1. You learn to count from 1 to 100 so well it is effortless.
2. You do so in a way that is fun (e.g. snakes and ladders).
3. You learn to code.
4. When your coding problems require mathematics, you look it up in a book.

Crucially, if you do it this way, you will have motivation to learn the hard maths. Really, motivation does seriously make a difference here.

Comment PCW Cover CD (Score 2) 136

I had just arrived at uni, had not yet used unix (but would soon since the physics dept at brum uni had a lab of X terminals and a Ultrasparc server). I read PCW magazine regularly, and one month Slackware was on the cover cd. Virtually instructions, and as I was new to the web, searching for help was alien. I figured out how to boot my 486 off an install floppy. I guessed cd from dos, had read about ls somewhere, but the way I finally figured out how to delete a file (del didnt work, nor did era) was to run Xconfigurator, then startx, and use the openlookalike file manager. When it asked 'do you want to remove...' I had that epiphany, switched to a vt, logged in and, rm worked! I found out many programs by reinstalling and noting package names as things went on, and used them as hints once i was logged in. Ultima 7 was a great adventure game, but Linux and the task of making anything work at all was my new adventure.

Comment Re:Needs a much lighter OS (Score 1) 111

For this reason I reencode virtually all my video content to Mp4 h264. The Pi2 plays it wonderfully, and Kodi is great, to the extent that the I only use my PS3 for playing games and accessing things like Amazon Prime video (though for that my Fire TV stick both works better, without updating every fsck'ing week, and also runs Kodi, albeit accessed through the app settings menu). For re-encoding, I tend to use a bigger machine (e.g. 2nd hand Z800 with 12 cores.)

Comment Re:Let's be real (Score 1) 111

'is' in this context (and usually) works more like the 'is a member of' operator. I will denote it by e here.

When we say 'x == 2', in a sense, we are saying that 'x e { 2 }', that is, 'x is a member of the set, the only member of which is the number 2'.
When we say 'Android is Linux', we mean that 'all Android devices are members of the set of devices running Linux'.
When we say 'Linux is not Android', we mean that 'there exist devices running Linux which do not run Android' (or that there could exist devices running Linux which do not run Android).
Thus 'x runs Android' implies 'x runs Linux', but 'x runs Linux' does not imply 'x runs Android'.

(You will note that, in the foundations are nearly all modern mathematics, the fundamental relationship upon which everything else is built is set membership.)

Comment Behaviour of advertisers (Score 1) 528

I tolerate sensible adverts that aren't too intrusive. Banners are fine. In-page popups are not, vibrant ads are not, and so on. For sites that advertise sensibly, I quite happily switch off ad blocking. But advertisers need to also realise that bandwidth is not always a plentiful resource, and go easy on it. If I didn't have unlimited broadband at home (but a 10gig cap), I would certainly use ad-blocking quite aggressively there. The thing is, if a page needs more than, say, 200k of data when the written content is maybe 3 pages long and that is the only point of the page, this is just profligate, and if someone is restricted to mobile internet (and possibly a cap of 2gig per month, or even 0.5gig per month), then the amount of bandwidth wasted by adverts is, quite frankly, unacceptable. If advertisers suffer because of ad blocking, as a community they only have themselves to blame.

Comment Shows the DMCA is poorly written (Score 2) 272

It should be a requirement that somebody filing a DMCA takedown should at least be able to show reasonable cause for believing the work to be a rights violation, with penalties for abuse. That is, if lawyer writes a letter (automated or not) it should be possible for the owner of the work to request justification and, if no satisfactory justification is forthcoming, get compensation.

This kind of use of the DMCA should be seen in the same light as swatting (calling SWAT round to somebody's house on false info).

Comment Re: In other words... (Score 1, Troll) 119

One idiot to get the thunderbolt adapter infected, then passing round the adapter will spread infections. I recall corporate it being paranoid about plugging things into usb, this paranoia is getting more and more justifiable. Option rom stuff and dma need to be hardware sandboxed, but too few modern buyers are discerning enough for it to be worth the r and d.