The book will inevitably go to someone who will enjoy reading it; it just won't be the person who bought it at the sale.

If the library wants to ensure the book is available to everyone, not just people who are wealthy enough to buy used books online, the obvious solution is to keep it in their circulating collection.

No, the pond is on the 49-acre property that the couple bought with the proceeds of the sale, not the 1-acre property that they sold.

In this house we obey the laws of thermodynamics!

Six figures? What is this, the 1970s? Of course, the bulk of income earned by people making six figures is taxed at ordinary income tax rates: wages, self-employment income, etc. Intuitively, you have far, far more people with six figure incomes from employment than retired and drawing six figures from investments, or young people drawing six figures from trust funds; and also six figures is way below point of things like hedge fund managers arranging things such that most of their income is in the form of capital gains.

Here is data from the IRS on sources of income classified by AGI. I selected 2006 so you can't say that capital gains are low due to the recession, which started in 2007. As you can see, for the 12 million returns with AGI from $100K to $200K, 3.6% of the income was from qualified dividends and net long-term capital gains. For the 3 million returns from $200K to $500K, it was 8.1%, for the 600 thousand from $500K to $1M, it was 12.0%. A large majority of "six figure income" people hardly have any income taxed at the special 15% rate. Obviously you are correct that someone making a large portion of their income in capital gains and dividends will pay a lower tax rate than many people making their money from wages, but overall it is not until well into the seven figures that the average effective tax rate starts going down.

And sucrose is a disaccharide composed of fructose and glucose--i.e., 50% fructose. It's broken down by sucrase in the small intestine. Sucrose may well be substantially healthier than HFCS, but it's perfectly valid for a somewhat knowledgable person to want to know what the reason for the difference is. You haven't helped in that regard.

And I think you're being willfully obtuse.

When you receive a bill, there is no force of nature causing you to send payment. Here's how it works with a debit card:

1. Money is stolen via your card, coming immediately from your bank account.
2. You notice the discrepancy (perhaps because you want to withdraw money you expected to have but don't, in which case it sucks to be you).
3. You ask the bank to return or restore the money, claiming fraud.
4. (a) The bank returns the money, or (b) the bank denies the claim.

In case 4(a), you have no access to the money in the time between 3 and 4(a), which could be 10 business days (two weeks). In 4(b), it is up to you to pursue legal action against the bank.

Here's how it works with a credit card:

1. Money is stolen via your card, being paid from the card company's accounts.
2. You receive a bill including the fraudulent charge (note: the company is asking you for money, rather than vice versa).
3. You make a claim for fraud.
4. You send a payment only for the non-fraudulent amounts.
5. (a) The company accepts your claim, and that's the end of it, or (b) they deny your claim, so you keep getting bills and other collection action.

In 5(b), it's up to the company to pursue legal action against you, rather than vice versa. In all cases, the money remains in your control at least until the company wins in court. (Of course, you would lose the money with the debit card as well if you lost against the bank in court, but the money would have remained out of your control immediately.)

The point is clear: your money is gone with a debit card in that you lose actual control of it, and have to ask for it back. The card company's money is gone with a credit card because they have to ask you for it back (perhaps not entirely, if they haven't paid the merchant yet, but that's not your concern).

So, let me see if I have this straight. Suppose it is a crime to fail to disclose the existence of asbestos when selling a property (completely separate from cleanup). In that case, the authorities should charge the CURRENT OWNER, Jafafa Hots, with failing to disclose the existence of asbestos when the property was sold, since the OWNER took on ALL the liabilities when they purchase the property. Similarly, if I create a bogus company, for the sole purpose of scamming investors, and con a total of 5 investors, A, B, C, D, and E, into buying shares, they should be fined for defrauding investors A, B, C, D, and E. Should the SEC continue to exist? It wastes a lot of time "protecting" investors, even though you have proven that it is categorically impossible for an investor to be a victim of the company's actions.

Way to completely ignore the point. Your parent post was pointing out that in this particular story, where Dell is paying a fine for defrauding people who bought their stock, it is perverse to claim that the current stockholders should be treated as personally liable. You brought up an unrelated example where the victims were not the stockholders. To be clear, you are claiming that when a company is fined for using a secret slush fund to smooth out its earnings, thereby defrauding people who newly bought its stock, the penalty should fall on the current stockholders. I think quite the opposite. No publicly traded company should pay a dime in any sort of investment fraud case--any penalties should be paid by management.

Argggh. However, I think I'm right at least as to symmetric ciphers. I've never heard brute force refer to anything that doesn't treat the algorithm as a black box in that case.

It is true that there is a sweet spot in key length where brute force by a classical computer is infeasible but by a quantum computer it is feasible in theory. What people usually mean by quantum computers not being useful for brute force is that, for any algorithm with adequate choices of key length, where the time is linear in key length or close to it, if key length N is infeasible for classical computers to brute force and you're worried about quantum computers, you can simply choose 2*N. (I have no reason to think you disagree with these statements, I'm just saying what people probably mean.)

I sure as hell do not plan on reading through again to figure out the blame and/or argue about it.

The problem is the way physical laws are updated with new knowledge. Nineteenth century physics was correct in normal human situations. We know at least it was wrong at the samll scale, high speeds, or high gravity. It was the small scale issues that were technologically revolutionary (e.g., semiconductors and probably quantum computers at some point), because there are no inherent resource problems with building small things. Currently, QM really looks correct at normal small scale situations. Where things break down is high engergies and also high gravity is still not solidly understood. So, this is all very exciting for physics, but we won't end up with a Tevatron on everyone's desk. It's pretty clear I consider new computing due to new physics more science fictional than you (although it's clearly possible). Thus, I'm not inclined to say it has to be related to QM as opposed to small black holes or wormholes or the like.

Well, I have to admit that people use "brute force" that way, but that's only because people use "brute force" loosely. They didn't try all 2^512 private keys: they factored the public key, and they didn't even use a brute force factorization like trial division! Nothing about that is brute force--it's just an instance of people using "brute force" to mean "best known attack".

I said I'm not talking about what's possible with current engineering limitations, which would indeed be pointless. It's pretty obvious that we're talking about different things by "theory". I tried to clarify that in response to the Arthur C. Clarke quote. I'll do so more fully. One sense of "theory" in the future unknown, where everything is possible except traveling faster than light, and maybe even that is possible. I consider this equally pointless. Sure, we might feasibly brute force AES using a quantum phenomenom uknown to current physics, but we might also break it with something unknown to physics that has nothing to do with quantum mechanics.

My sense of "theory" uses the fact that we have a mathematically well-defined theory of quantum computing at this point, in addition to actual physics research about building the things. For example, there's a complexity class BQP, and it doesn't change anything about the class if we discover that a new type of computation is physically possible (although it creates a naming problem if this also involves quantum mechanics), just as harnessing a physical phenonmenon to solve NP-complete problems in polynomial physical time would not prove that P=NP. This provides a useful basis for discussion. We can think about what might happen if decoherence problems are solved, and systems with hundreds, or thousands, or that matter billions of qubits are built. And, to continue with our current example, we can say that overcoming practical problems like decoherence is not itself enough to brute force AES. This talk about theoretical limits is thus useful, just as speculation can be. The only disagreement I continue to have is what I identified above: there's no reason to say that newly discovered physical possiblities allowing faster computation will be quantum in nature.

Let's follow the discussion.

assemblerex started the thread: "The universe would suffer thermal death before they break 256-bit aes."

An Anonymous Coward responded, in relevant part:

Another AC responded to that (emphasis mine):

It's certainly up for debate what the first AC meant, but it's quite clear what the second AC meant: quantum computers do not usefully improve our ability to use brute force to break AES or anything else. Further, it's clear that the AC is claiming this lack of usefulness for brute force alone, using the example where factoring, a non-brute-force approach, is usefully improved by quantum computers. The AC is not saying that factoring is the only such possibility. I don't think I'm reading anything into this, but let me know if I am.

This is relevant because it was to post to which you initially responded, writing:

Particularly in the context of the post you're replying to, it is reasonable to assume that you meant that brute forcing AES on a quantum computer would be usefully faster, maybe to the point of being feasible, not merely the trivial point that it's possible given unlimited running time.

I responded, linking to Grover's algorithm:

The point is that Grover's algorithm is the optimal way to find a brute force match on a quantum computer, that it is quadratic faster: O(N^(1/2)) rather than O(N), and that therefore with an n-bit key, which would be O(2^n) to brute force on a classical computer, on a quantum computer it is O((2^n)^(1/2))=O(2^(n/2)), which is the time to classically brute force half the key length. Certainly this is sometimes a big deal, but it's not very helpful if the original n is 256, because 2^128 is still impractically large.You can see that this paragraph matches the statement in my post--I'm elaborating for your benefit, not "waffling."

Note: this optimiality is of course even if you can implement AES as a quantum algorithm--otherwise you can't even use Grover's algorithm. Fortunately, quantum computers are Turing-complete, so this is not a problem. (Also, BQP is a superset of P, so there is no super-polynomial slowdown.) Also realize that I'm only worried here about theoretical limits of quantum computing , not engineering limits. I apologize if this wasn't clear, but it seems like it would only help you if I'm only worried about theoretical limits...

You could have taken the opportunity to clarify that you didn't really mean quantum computers could feasibly brute force AES-256, but instead you made several posts about parallelism.

From my perspective, you were clearly not backing down from the idea that quantum computers could feasibly brute force AES. I assumed that you meant that quantum computing provides a parallelism beyond that provided by classical computers, which brought me to the assumption that you believed that quantum computers can "split the universe" and do things in parallel. I apologize for making that assumption and putting words in your mouth. However, given that a factor of "a million or more fast processors" means jackshit when you're talking about 2^128 or 2^256, you can understand that, missing that part, I assumed you meant the sort of massive "splitting the universe" parallelism that would make brute forcing AES feasible. I currently don't know what your point was with the parallelism.

Anyway, I then wrote:

I stand by my statement that you were saying that quantum computers could feasibly brute force everything. There was nothing specific to AES. You did attach some importance to creating a quantum implementation, but as you seemed aware, this is just an engineering issue. Furthermore, the very nature of brute force is that the algorithm is treated as a black box. If you can feasibly brute force algorithm A over N possibilities, where trying each possibility uses an amount of reasources X (time/space/power/whatever), you can feasibly brute force algorithm B over N possiblities, where trying each possibility uses an amount of resources comparable to X. If this isn't so, you weren't brute forcing A in the first place: you were using some special property of A. If quantum computers can feasibly brute force AES-256, then Blowfish-256, Serpent-256, and so on, will "fall like dominoes".

Regarding the "lay magazine" reference, I again apologize for assuming you were thinking of "split the universe" parallelism.

On to your last posts.

You can't have been referring to anything better than Grover's algorithm, as it's the optimal way to brute force with a quantum computer. My belief that you believed that there is a generic procedure for exponential speed-up (of classical algorithms only, certainly I would not have thought you had some ridiculous belief that quantum computers can speed up quantum algorithms and thereby run infinitely fast) is because of your implication that quantum computers might feasibly brute force AES.

(1) I apologized about the "split the universe" assumption. (2) I remain currently in ignorance of what your point is with the parallelism.

Explained above. If "brute force" applies to AES but not similar things, it isn't brute force.

Again, we're talking about brute forcing. Each individual operation of trying a key is O(1) -- the speed of the AES implementation itself is just a constant factor so it's not really relevant to the discussion. If you're doing something that takes advantage of details of the algorithm to do better than the O(N^(1/2)) you get with Grover's, then you're not brute forcing--you're using a weakness in the cipher.

Please explain why you'd be able brute force, for example, AES-256 but not Blowfish-256.

I have adequately explained how you implied that quantum computing could feasibly brute force AES, as you seem to acknowledge in the last sentence. As I've said, parallelism means jackshit when you're talking about 2^256, even if each computer can use Grover's. If there's some point beyond that with the parallelism, you've never said.

Uh, yeah, that O(N^(1/2) was the reason my very first post said, "it's no easier than classically brute-forcing half the key length". In fairness, maybe you were watching TV at the time and only reading every other word or something.

If you're talking about cryptanalytic attacks on AES, that's not brute force. I gave the best possible quantum algorithm for brute force search in my first post.

Make no mistake, we're both arrogant bastards.

I'll just respond to all your posts at once. There is a section "Optimality" in the Grover's algorithm article. You should read it. (And please don't bother bringing up the point that it that article says that it is not proven that NP is not contained in BQP. Lots of things aren't proven, but if P=NP there is no encryption anyway.) In the field that people refer to as quantum computing, there is not, and almost certainly cannot be, any generic procedure to get exponential speed up.

In response to points you brought up: (1) This whole notion that quantum computing is the same as classical computing with extremely massive parallelism is grossly incorrect, whatever lay magazine article you read notwithstanding. (2) Specifically, uantum computing does not change the fact that you cannot have 2^256, let alone (2^256)^2, processors in the physical universe (you do not get a number of generic "processors" that is exponential in the amount of matter you have). (2) Some algorithms may be exponentially faster with quantum computing, but you were obviously claiming that every encryption algorithm can be brute forced, presumably subexponentially, by a quantum computer, which is a completely different claim.

It is a common fallacy to believe that there is rational expectation that quantum computing can brute force everything. Regarding Arthur C. Clarke, don't be a jerk. The frame of discussion has clearly been the current scientific field of quantum computing. When you said that "brute-forcing" is "trivially easy" for quantum computers, the assumption is that you have some actual reason to believe that is true, not that you're speculating about technology in the future that goes beyond current theory. Telling you that you are wrong is simply stating a correct fact about the field of quantum computing--it is not a claim that technology beyond this is a priori impossible.

Um, no. The speed-up is quadratic, so it's no easier than classically brute-forcing half the key length.

Grover's alogrithm would allow the search in sqrt(N)=sqrt(2^256)=2^128 time. I don't know where 256^6 is coming from.