March 23, 2017

Archives for October 2014

Bitcoin mining is NP-hard

This post is (mostly) a theoretical curiosity, but a discussion last week at CITP during our new course on Bitcoin led us to realize that being an optimal Bitcoin miner is in fact NP-hard. NP-hardness is a complexity classification used in computer science to describe many optimization problems for which we believe there is no algorithm which can always solve such problems efficiently. We’re not talking about the well-known hash puzzle portion of Bitcoin mining here in which miners race to find a block with an unusually low hash value-that’s hard by design. Before hashing anything miners first have to assemble a candidate block by choosing which transactions to include from the set of all pending transactions. As it turns out, this requires solving two optimization problems, both of which are NP-hard!

[Read more…]

Four Fair Use Takeaways from Cambridge University Press v. Patton

The most important copyright and educational fair use case in recent memory (mine, at least) was decided by the Eleventh Circuit Court of Appeals last week. The case, Cambridge University Press v. Patton, challenged Georgia State University’s use of e-reserves in courses offered by the university. The copyrighted works at issue were scholarly books–i.e., a mix of monographs, edited volumes, and portions thereof–not textbooks. This case is important because of its broad applicability to similarly situated academic institutions throughout the country that routinely engage in the same practices for which GSU was sued. It’s also important because the court’s decision re-articulated and faithfully followed some foundational fair use principles from prior case law. Readers of the case who are proponents of a vigorous fair use doctrine shouldn’t be disheartened by the fact that the Eleventh Circuit reversed the district court’s ruling in favor of GSU and remanded the case for reconsideration. Ultimately, this case is good news for educational fair use. Here are four reasons why:
[Read more…]

POODLE and the fundamental market failure of browser security

Last week saw the public disclosure of the POODLE vulnerability, a practical attack allowing a network attacker to steal plaintext from HTTPS connections. In particular, this attack can be used to steal authentication cookies. It’s a bad vulnerability, and it particularly hurts because it should have been fixed long ago. It only affects the ancient SSL v3 protocol, which was marked deprecated 15 years ago with the introduction of TLS v1.0.

Support for SSL should have been disabled long ago, but as has been pointed out, browser vendors delayed because they didn’t want users to lose access to outdated servers. Unfortunately, even now that we know of the POODLE bug making SSLv3 highly insecure against a competent network attacker, Firefox is the only major browser which has announced definitive plans to kill SSLv3 for good. [Read more…]