Wikipedia:Reference desk/Archives/Computing/2013 April 11

Computing desk
< April 10	<< Mar | April | May >>	April 12 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

April 11

Why do we have cell phone contracts ?

Specifically in Canada. Why can't you get an iPhone 5 or galaxy s4 without a contract? Why can't someone just create a company without contracts but still offer smartphones? — Preceding unsigned comment added by 216.218.29.234 (talk) 00:04, 11 April 2013 (UTC)[reply]

Same on my side of the St Laurance; buyers only care about the discount on what they pay this year for this year's hot model, but sellers also care about the money they'll get next year. Incidentally I always buy last year's smartphone and never a contract. Every year I save on service charges more than I paid for full price hardware. Jim.henderson (talk) 00:13, 11 April 2013 (UTC)[reply]

You can get them without contracts. ¦ Reisio (talk) 00:25, 11 April 2013 (UTC)[reply]

Aren't those a little bit of a cheat, though? You can get a no-contract smartphone, but unless I'm mistaken, they usually work with only one provider, or am I wrong? So if you find a better deal with some other company, you can switch, but then your hardware is useless, unless you jailbreak it and take your chances with the evolving legal/political situation.

If I'm wrong about this please let me know — this is one of the main reasons I haven't bought a smartphone. --Trovatore (talk) 00:38, 11 April 2013 (UTC)[reply]

They should work with whatever, but you pay a much higher price (unless you get slightly older models, like Jim.henderson). Wireless providers sell them for less because they sell a greater volume and make more on the contracts anyways. ¦ Reisio (talk) 02:08, 11 April 2013 (UTC)[reply]

So you're saying you can buy a smartphone with provider unspecified, and then shop around for a provider to give you service on that phone, and they'll actually do it, and you don't have to jailbreak anything? Can you tell me how? My google-fu is not coming up with anything. --Trovatore (talk) 15:54, 11 April 2013 (UTC)[reply]

They tend to be called “unlocked” (as in not locked into a provider yet [jailbreaking/rooting is a whole other thing]), but also basically any phone you can buy that doesn’t come with a contract will probably be one. They also, again, tend to cost more than buying one through a provider. There are tons of them on amazon and elsewhere. ¦ Reisio (talk) 18:13, 11 April 2013 (UTC)[reply]

Thanks very much! Pity more people don't know about this. Might move the telcos towards a business model that's more flexible for the consumer. Trovatore (talk) 05:36, 12 April 2013 (UTC)[reply]

I think the problem is sticker shock. Let's say you have to pay US$1000 to buy a pre-paid smart phone with a year's worth of minutes on it. That would scare off many buyers. Even if they would end up spending that much with a contract, they don't have to think about it if they don't have to pay it all at once. StuRat (talk) 00:32, 11 April 2013 (UTC)[reply]

No, the problem is they make more money with contracts or hardware lock-ins. If they offered up full-priced phones without contracts and no hardware lock-ins, a significant number of people would snap up that option in a second. But the phone companies would make less money that way. --Mr.98 (talk) 00:48, 11 April 2013 (UTC)[reply]

There's no inherent reason why prepaid phones plans must be cheaper, overall. They do tend to be, but that's because they tend to offer lesser phones, no doubt to avoid the sticker shock I spoke of. StuRat (talk) 01:11, 11 April 2013 (UTC)[reply]

Mr. 98 isn't talking specifically about prepaid. The point is, what if you could buy a smartphone directly from Samsung or Apple or whomever, without a provider specified, and then make arrangements with Verizon or Tmobile or Sprint or whomever to provide you with service on that phone? The service could be prepaid, or it could be month-to-month, or whatever, but the point is that the providers would have to compete to serve you. Assuming they are genuinely competing rather than colluding, the price for service would presumably go down, but you would have to pay an honest cost upfront for the iron. --Trovatore (talk) 02:09, 11 April 2013 (UTC)[reply]

I would say everyone is making good points, but there's an extra thing, from having worked in a telco. You don't just walk in and say, I'll sign up for a casual plan, and let's take it from there. There are all sorts of different plans. That uses up a salesperson's time (which was me, once upon a time). Then you have to monitor what they are doing, and make sure they are bringing in money etc. Considering the staff time taken up, they presumably want more for it, with something definite for the half hour or more it can take (depending on whether the systems stuff up). Hence the heavy push towards contracts. If they bail at the last moment in a sale, it is a frightful nuisance for the company (and of course the salesperson). This isn't the whole point, but I would suggest it must be a factor - time consuming sales advice, for someone who could just jump ship at any moment. IBE (talk) 08:15, 11 April 2013 (UTC)[reply]

I think there's a lesson in there for dealing with salesmen. If you waste enough of their time, they might be willing to offer you a better deal to justify the time spent, if you threaten to walk away otherwise. However, in my case, I hate dealing with salesmen, and would much prefer an online app that can suggest the best plan, based on usage patterns and a brief questionnaire. If that saves everyone money, then all the better. StuRat (talk) 08:46, 11 April 2013 (UTC)[reply]

Very astute, Stu, but from the other side, it's all about getting a new person to sign up with a new contract (not a renewal of an existing one). Then it doesn't matter what sort of plan, so you do the best for the customer. Buying the sale is difficult in a big organisation (management can clamp down on it), although it does happen. When I was there, it happened on and off, but you would spend a lot of your time getting that $50 in your pocket, and if it's not allowed, you'll waste your time haggling over something that isn't there. In this case, the money is less reliable than the box (that the phone comes in). IBE (talk) 01:14, 12 April 2013 (UTC)[reply]

I don't know why it isn't offered in Canada, but there are neither technical or truly insurmountable economic reasons why it can't be done. For example I bought my phone on German Amazon in a retail box straight from the manufacturer - no contract, no lock, no branding, no nothing. Then I took the SIM card out of my old phone, put it into my new phone and continued to use the same contract as before. Then a bit over a year later I decided to reduce my bills a bit and swapped the SIM for a prepaid one that I simply bought at the supermarket. KarlLohmann (talk) 23:56, 11 April 2013 (UTC)[reply]

These phones are available unlocked in Canada. Apple stores have iPhones ready for you to take home. The only issue is the different systems (GSM vs CDMA) mean you may be restricted to any carrier that uses the mode you select, so you must choose wisely. Galaxy and other phones are also available unlocked from various providers. Mingmingla (talk) 01:12, 12 April 2013 (UTC)[reply]

In the UK, the phrase "Sim Free" is normally used to mean unlocked phones sold without either a monthly contract or a pay-as-you-go deal. Googling "Sim Free Canada" does bring back some results. davidprior ^t/_c 13:42, 13 April 2013 (UTC)[reply]

Accidental deletions

When editing, I often look at the keyboard as I type. When I look up, a good portion of the paragraph often has disappeared. I then use Control Z to undo the last few edits, and see that the chunk which was deleted was all highlighted at some point, then was deleted when I typed the next letter. I'd like to stop this from happening. The problem is, I don't know quite what causes it. Did I click the mouse accidentally as I moved it ? Did I double click when I meant to do a single click ? So, I'd like to disable a bunch of windows behaviors, in the hopes of stopping this. Which of the following can be disabled, and how ?

1) Can I stop Windows 7 from highlighting a word if I double click (or a paragraph if I triple click) ?

2) Can I stop Windows 7 from replacing the entire highlighted text when I type something new ? Instead it should add what I type after the highlighted text.

3) Apparently if you click the mouse while moving it across text, it grabs a random chunk of text and moves it. Can this be disabled in Windows 7 ? StuRat (talk) 01:08, 11 April 2013 (UTC)[reply]

Are you perhaps using a laptop? Does it perhaps have a touchpad? Looie496 (talk) 01:29, 11 April 2013 (UTC)[reply]

Most laptops have a key that, typically combined with a function (Fn) key, will disable/enable the touchpad. ¦ Reisio (talk) 02:11, 11 April 2013 (UTC)[reply]

No to both. Desktop with mouse. StuRat (talk) 06:28, 11 April 2013 (UTC)[reply]

I'm not getting the picture here. If you're looking at the keyboard while you type, why is anything at all happening with the mouse? Are you doing mouse actions without looking at the screen? Looie496 (talk) 15:30, 11 April 2013 (UTC)[reply]

Yea, I wondered about that, too. I might move the mouse to the area where I want to type, click, then look down to do the typing. I suppose I might look down between the first click and an accidental second click, so everything looks fine, especially when you add in some lag. But, as I've said, I'm really not quite sure what's causing it. StuRat (talk) 16:08, 11 April 2013 (UTC)[reply]

Let me gently suggest that typing is a lot easier if you do it with two hands, and an additional benefit is that there is no possibility of accidentally doing bad things with the mouse. Looie496 (talk) 16:16, 11 April 2013 (UTC)[reply]

I've seen a failing mouse produce spurious movements and clicks. Have you ever noticed the mouse do something unexpectedly while watching the screen? I think the odds of finding something that does what you want to the input controls in Windows are pretty low - it certainly won't be anything Microsoft created. Theoretically I suppose it is possible to write a tool that hooks all of the related Windows messages and filters things out, but I don't know where you'll find something that handles all of the features you listed and is implemented well enough not to have unintended side effects in other places. 38.111.64.107 (talk) 12:17, 12 April 2013 (UTC)[reply]

The mouse doesn't seem to move on it's own, but perhaps it clicks on it's own, or does a double click when I try to single click. StuRat (talk) 19:14, 12 April 2013 (UTC)[reply]

Selecting text can not just happen by mouse click, but also by pressing shift+arrowkey while editing, so perhaps you press shift or have some sort of shift-lock on (for disabled persons Windows offers some shift key function modifications as accessibility features) while editing. 93.95.251.162 (talk) 15:15, 16 April 2013 (UTC) Martin.[reply]

cripto

here is an app i wrote. i need to know what cryptographic attacks can be used against files encrypted with it (just point me to the article). also, when brute forcing an encrypted file, how do you do it if you don't know the sceame used to encrypt it? and how do you know when you have the key? thank you, 70.114.248.114 (talk) 02:29, 11 April 2013 (UTC)[reply]

Source code in collapse box. Collapsing it because long comment affected formatting for entire page. Shadowjams (talk) 13:52, 11 April 2013 (UTC)[reply]

#512 bit cypher, takes var-length password, hashes in sha512, xors each 512bit chunk of file with hash. #to use: input name and path of file to encript or decript, input password, input name of encripted file. to decript: input name of encripted file, password, and name of new decripted file. #"open('path','ab')" creates file if it doesn't exist. def block(data,key): #make empty array for altered data. alt_data=[] #alter each byte of "data", append it to "alt_data", and return. i=0 for byte in data: alt_data.append(ord(byte)^key[i])#ord converts chr to int. if i==len(key)-1: i=0 else: i=i+1 return alt_data import hashlib #read file into string (data). file_=open(raw_input("input-file path: "),"rb") data=file_.read() file_.close() #make empty array for key and input pass-word. key=[] password=str(raw_input("password: ")) #make key by hashing password. keyhex is hex string of key. sha=hashlib.new("sha512") sha.update(password) keyhex=sha.hexdigest() #convert keyhex to int and append to array "key". i=0 while i<128: key.append(int(keyhex[i]+keyhex[i+1],16))#int convert needs base (16). i=i+2 #encript or decript data. newdata=block(data,key) #open output-file and write en/decripted data to it. out=open(raw_input("output-file path: "),"ab") for b in newdata: out.write(buffer(str(chr(b)))) out.close() print "done"

(i forgot to put the code.)

I think that if you run it on a big enough text file, it can be broken without too much trouble. About 19-20 years ago I wrote a program to break the 40-bit equivalent on English text files, on a 60-MHz Pentium I. Bubba73 ^{You talkin' to me?} 05:31, 11 April 2013 (UTC)[reply]

Yep, just picture arranging the output in a table with 64 bytes (512 bits) per column. In a column, each character is xor'ed with the same value, so you just loop through the 256 possible values until you get one that gives reasonable output. Do this for each column and you've worked out the plaintext and the 512 bit hash. There's no need to figure out the original password. For a text file, this would be trivial to automate - the odds of there being more than one key character for a column that gives a reasonable mix of characters must be pretty low. For decrypting other files, knowing details about the file format helps. If you know the plaintext has a given header, or tends to have large chunks of zero bytes, or otehr details like that it can make it pretty easy to work out huge parts of the key hash. 38.111.64.107 (talk) 12:55, 11 April 2013 (UTC)[reply]

Right - that is basically how I did it. I did it to show a kid that I could do it. He asked me to tell him what the keyword was, but I don't know what it was- it wasn't necessary to determine that. Bubba73 ^{You talkin' to me?} 15:08, 11 April 2013 (UTC)[reply]

This is a variation on the Vigenère cipher. -- BenRG 07:39, 11 April 2013 (UTC)

I don't think it's a Vigenere cipher.

My python's not very good, but as I understand it, the code's taking an arbitrary input, sha512 hashing it, and then using that as a keystream. It XORs that against the input data. Is that accurate?

It seems to only "encrypt" 512 bits worth of data, (update: Oh I see now, you're looping back around with the original 512 bit keystream.... that's bad... see post below) because that's all the larger your "key" (really keystream). There are similar implementations of this idea where the hash function is used to expand the key into an arbitrary length keystream, and then you can encrypt any length data.

Schneir mentions it in Applied Cryptography, but I can't remember exactly what it was called. This post describes the same idea, skip down to the first answer. Essentially it uses a hash function to generate the keystream. All the caveats about your keysize and not reusing input keys is important--everything you'd have to worry about with a stream cipher. I also don't know if your implementation doesn't have some other issues (my python's not great and I just glanced at the code and comments).

If I remember right, the risk with these is that hash algorithms are built around different design goals than a stream cipher, say. For instance, there might be bias in their outputs, which is something you'd want to avoid in encryption. Most of the modern cryptographic hash functions are designed to be resistant to that kind of statistical bias, but it's not to say there might not be other issues. It's telling that most (all?) of the Advanced Hash Standard entries were based on ciphers; they're two sides of the same coin.

If I'm misunderstanding your code though please tell me. Shadowjams (talk) 14:13, 11 April 2013 (UTC)[reply]

I think I see, you're reusing the 512 bit "key" over and over. That's bad. See Stream cipher attack#Reused key attack. Your code exhibits and extreme version of that vulnerability (again, if I'm reading it right). Your keystream needs to be as long as your input data. There are ways to do this that would be better (but as I say above, still maybe not secure). Shadowjams (talk) 14:16, 11 April 2013 (UTC)[reply]

With the XOR, it is a special case of a Vigenère cipher. Bubba73 ^{You talkin' to me?} 15:10, 11 April 2013 (UTC)[reply]

It's not a Vigenere cipher, unless you're defining any stream cipher as a Vigenere "special case." It has the same weakness because he reuses keystream material. Shadowjams (talk) 15:16, 11 April 2013 (UTC)[reply]

I stand corrected, I guess some people do define any stream cipher as a "Vigenere cipher". Shadowjams (talk) 15:30, 11 April 2013 (UTC)[reply]

"when brute forcing an encrypted file, how do you do it if you don't know the sceame used to encrypt it?" (sic)

This is almost the definition of a "brute force attack." One simply tries every conceivable variation of every conceivable scheme until a plausible vulnerability is discovered. For this reason, one of the best defenses against brute-force attack is to intentionally include lots and lots of extraneous information that can easily be attacked, distracting the attacker from the important materièl. This principle does not only apply to cryptography; it's a general principle in solid security design. It is why server farms include easy-to-"hack" servers; why there are so many abandoned cars in lousy neighborhoods; it is why there are so many military bases in the middle of nowhere, and why there are so many free file-hosting services on the internet... In each case, it is well-known that the attacker's efforts can outnumber the defenders' structural defenses. In response, the defender deflects the attacker's attention away from valuable targets. Nimur (talk) 18:00, 11 April 2013 (UTC)[reply]

Generally it isn't possible to decrypt a file if you don't know the scheme used to encode it. What makes "brute force" possible is that people tend to choose from a limited set of schemes, and naive attempts to invent new ones usually produce ones that are actually well known. Most schemes leave some sort of "statistical signature" that makes them recognizable. For example in a substitution cipher, some code symbols appear much more often than others, matching the frequencies of letters in the alphabet. Brute force decoding programs begin by looking for the signature of each scheme they can handle, and then, after finding a match, try to decode using the appropriate algorithm for that scheme. Looie496 (talk) 15:48, 12 April 2013 (UTC)[reply]

The problem can be expressed mathematically. When we are decrypting data without any a priori information, we are trying to "guess the right answer" to a problem that has no well-defined "correct answer." This problem manifests in the same way in simple pattern-recognition games: e.g., "what is the next number in this sequence?" The answer is, there are an uncountably infinite number of integer sequences, and so the answer to the problem is not well-defined - any algorithm is a valid algorithm to "guess" the right next number. In the same way, an encryption/decryption algorithm is a function that maps from a source domain into an encrypted co-domain. Any algorithm that inverts from the co-domain to the source domain is a legitimate answer. Standard decryption simply inverts the mapping. But brute-force attacks are a pathological inverse problem - they seeking to invert an unknown function, when all we have is the co-domain. In fact, there are an uncountably infinite number of functions that exist between these domains; and therefore, there are an uncountably infinite number of valid decryption algorithms. The issue is, how does one instill confidence that they can determine the "correct" decryption uniquely? If, out of the infinite number of possible decryptions, we find by trial-and-error that there are ten or twenty that each decrypt the source-data and all produce some sort of plain-text that seems like a reasonable decrypted sequence, then how do we accomplish the task of instilling confidence in our decryption?

It is along these lines of reasoning that cryptographers "mathematically prove" the strength, or the weakness, of a particular algorithm. Strong algorithms have pathological inverse functions. Nimur (talk) 19:47, 12 April 2013 (UTC)[reply]

whats the html tag to make a page unspidered?

thanks, 70.114.248.114 (talk) 02:30, 11 April 2013 (UTC)[reply]

See robots.txt. ¦ Reisio (talk) 02:42, 11 April 2013 (UTC)[reply]

thanks. but is there an html tag to tell spiders not to index the html page the tag's on? and that gives me an idea. could one write a script to check the reference desk at regular intervals to see when someone posts a new section, or when someone answers yours? and would the terms of use be violated by this? thanks, 70.114.248.114 (talk) 03:06, 11 April 2013 (UTC)[reply]

“is there an html tag…”

Not that I’m aware of; and even if there were, like robots.txt there would be no way to enforce compliance 100% of the time.

“could one write a script…”

Yes.

“would the terms of use be violated…”

No.

¦ Reisio (talk) 04:46, 11 April 2013 (UTC)[reply]

• There is such a tag, sort of. See noindex. Looie496 (talk) 05:48, 11 April 2013 (UTC)[reply]

thanks all, that's all i needed. 70.114.248.114 (talk) 22:23, 11 April 2013 (UTC)[reply]

• but keep in mind that any such note for robots, whether in the global file robots.txt or in a specific html page, is just a note, not a command. Robots should obey these instructions, but you can not force them to – the only way to be sure the information is not indexed or stored anywhere is ...not to publish it in the net. --CiaPan (talk) 05:51, 12 April 2013 (UTC)[reply]

what does "mining for bitcoins" mean?

thank you, 70.114.248.114 (talk) 05:55, 11 April 2013 (UTC)[reply]

Bitcoin / Bitcoin#Bitcoin_mining ¦ Reisio (talk) 06:07, 11 April 2013 (UTC)[reply]

thank you, 70.114.248.114 (talk) 21:00, 11 April 2013 (UTC)[reply]

Weird phenomenon on YouTube

A lot of times when I watch videos on YouTube, the visual part of the video seemingly "freezes" for 10 seconds, but the audio part keeps running as usual, and by the time the visual part continues, 10 seconds of visual content is skipped. Has anyone else experienced this before? If so, can someone explain why this happens? 24.47.141.254 (talk) 06:20, 11 April 2013 (UTC)[reply]

Yes. It happens because the audio and video info are transmitted separately, and the video part, being much larger, has a much higher tendency to lag if the server can't supply data fast enough. Similar things can happen with dvds or other media -- generally speaking for all types of media, audio and video are separate processes that the system has to work hard to keep synchronized. Looie496 (talk) 15:26, 11 April 2013 (UTC)[reply]

We have an article subsection on incorrect audio-video synchronization. In the case of a modern video software player - like your web browser's video-playback for Youtube content - the root cause is that the software is not strictly enforcing presentation time-stamps (or the equivalent thereof). The software may relax this condition because of a bug; or it may intentionally relax AV sync in case of lost data (e.g., due to network latency, as Looie496 has described). Nimur (talk) 17:47, 11 April 2013 (UTC)[reply]

In TV, there is no 10-second delay like above, but all or almost all TV is out of sync. Is there any hope of getting the picture and sound back in sync? Bubba73 ^{You talkin' to me?} 03:26, 12 April 2013 (UTC)[reply]

Best closed-back headphones

Can anyone recommend me closed-back headphones that are under 40 bucks, as well as a cheap headphone amplifier? Thanks. 70.55.108.19 (talk) 10:36, 11 April 2013 (UTC)[reply]

For the headphones, my audiophile friends like Sennheiser. They sell pro-grade models for thousands of dollars, but also a few "low end" models, like these [1], which fit your budget. In my experience, they are much better than the common brands you see at retail stores for the same price.

IME they’re the only affordable circum-aural headphones anybody even stocks anymore. :/ I have the HD 201’s, they’re just fine, and can be obtained at BestBuy (which has random little headphone sections all over the place in their stores, so look around if you can’t find them). ¦ Reisio (talk) 17:54, 11 April 2013 (UTC)[reply]

yeah, another vote for sennheiser. i'd also recommend if you don't go with them, stay away from anything that has anybody's name endorsing it. Gzuckier (talk) 18:26, 11 April 2013 (UTC)[reply]

Bose & Panasonic both have at least one affordable model, too, but I haven’t seen them in local retailers in a while. ¦ Reisio (talk) 18:47, 11 April 2013 (UTC)[reply]

I can't recommend any under $40, but I do recommend the Sony MDR-V6 for closed (under $70) and the Grado SR-60 for open (about $80). These are the cheapest ones I know of that have good sound. Bubba73 ^{You talkin' to me?} 03:34, 12 April 2013 (UTC)[reply]

That’s only ’cause you’ve trained your ears to empty your wallet. :p ¦ Reisio (talk) 05:21, 12 April 2013 (UTC)[reply]

I assure you, those are on the cheap end of the ones that have acceptable sound. Bubba73 ^{You talkin' to me?} 05:25, 12 April 2013 (UTC)[reply]

That’s what the guy at the shop that doesn’t sell affordable headphones said to me, too. :p (Or, if you prefer: some of us just don’t have ears that picky.) ¦ Reisio (talk) 18:00, 12 April 2013 (UTC)[reply]

I want to help people download OSS faster, what software should I torrent?

I want to donate my bandwidth for people to download OSS faster. I can't afford a server, but I can seed torrents or Kad on my home pc. Do you recommend any projects? How should I choose the software? I'd start by sharing Debian CDs for uncommon architectures, and I'm looking for some advice, thanks --Jon24cole (talk) 20:50, 11 April 2013 (UTC)[reply]

You might want to start by looking at http://www.debian.org/mirror/ - Cucumber Mike (talk) 23:21, 11 April 2013 (UTC)[reply]

Can't set up a mirror, I have a dynamic IP address --Jon24cole (talk) 10:09, 12 April 2013 (UTC)[reply]

This is a noble goal, but its intent is incredibly impractical, given the state of internet connectivity in 2013. To whom do you wish to accelerate downloads? And what content do you wish to offer? If you are on a residential trunk, or even on a "high-performance" commercial subscription, chances are very high that you cannot uplink data to clients faster than dedicated hosting servers. Your premise presupposes that your torrent uplink will outperform a conventional distribution server's downlink. This is unlikely, except in very special corner-cases: when your uplink is very fast relative to the internet, or when the downlink is very slow relative to the internet. So what you need to find is software that satisfies these constraints:

• software that is demanded by people who are very local to your network (e.g., fairly close to you, geographically - the next room or building)
• software that is hosted on a server that is not already mirrored by a content-distribution network (e.g., open source software that is not taking advantage of free content hosts)

In other words, what incredibly unpopular open-source software are the people very near you using?

Put another way, your uplink bandwidth is essentially value-less, unless you are willing to spend a large amount of money to buy equipment and purchase service connectivity contracts that can outperform professional hosting providers. Nimur (talk) 21:44, 12 April 2013 (UTC)[reply]

Good points. Thank you. So, those who are in a hurry will not use p2p, because they can download everything at full-speed, from the mirrors. --Jon24cole (talk) 12:06, 13 April 2013 (UTC)[reply]