Talk:1193: Externalities

Explain xkcd: It's 'cause you're dumb.
Revision as of 13:18, 6 April 2013 by Theodric (talk | contribs)
Jump to: navigation, search

Any chance we can convince Randall to let other universities in: the Canadian ones only work if they have a .edu, so uwaterloo.ca and sfu.ca are out.

As are [schools].ac.in
I can't get my university (PUC-Rio, in Brazil) too... =/ 139.82.240.51 18:28, 1 April 2013 (UTC) etandel
It looks like he may have lifted the restriction, considering all the different urls such as google.com, reddit.com, and even what I have to assume is a porn website. --LRFLEW (talk) 03:46, 3 April 2013 (UTC)

--137.147.40.248 13:53, 1 April 2013 (UTC) For an easier time spotting the changes, go to [1] and open your web console

199.48.226.89 10:18, 1 April 2013 (UTC) I put in "caltech.edu" and hashed a lot of words, and "Twilight Sparkle is best pony." was the best result I managed, only off by 496 bits.

Lol, "only". The results should be binomially distributed, with a mean of 512, so 496 isn't even close to the scores in the ranking. BKA (talk) 12:44, 2 April 2013 (UTC)

I noticed when looking at the list of scores that a large number of universities have a best score at 420. According to my calculations, the amount of universities with this score is 2516 out of the 2824 universities listed. Is there any reason that so many universities have the exact same score? --LRFLEW (talk) 03:38, 2 April 2013 (UTC)

+1! A few hours ago this wasn't the case... What's up with all the 420's?? 108.218.230.91 03:42, 2 April 2013 (UTC)
People keep posting hash values on the internet. Those universities are dirty cheaters, and they're all just entering the 420 hash in for their university without actually calculating it. Davidy²²[talk] 04:05, 2 April 2013 (UTC)
While this copy-cattism might be the reason for the proliferation of 420s (which, in India, is slang that, funnily enough, refers to a confidence-trickster) - note that at the beginning of the contest, a lot of different domain names all had 'scores' between 400-500. Now, if I'm not wrong, the hash contains 1024 bits. So you could be off by 1024 in the worst case, and 0 in the best case. But the spread was very narrow. Admittedly, you wouldn't notice the higher numbers, because only the best case scenario has been published, but from the clustering of the different universities (with respect to their scores), as well as the fact that it's taking this long for even ONE clear best score to emerge, seems to suggest that there IS something special about the 400-500 score band. Does anyone have any layman-level information on the statistics of the entropy of the Skein hash function? And the statistics of what error figure for random hash compared to given hash is most frequent? 220.224.246.97 18:26, 2 April 2013 (UTC)
a hash is, at best, very close to a random number. Here, we have two 1024-bit random numbers. It makes sense that most commonly, two such random numbers differ in about half of the bits - for each bit, there's a 50% probability that the bits will be the same and 50% that they will differ. Therefore the spread centers on 512, but of course we just see the lower part of the spread here. 2.223.68.79 23:46, 2 April 2013 (UTC)
My test here shows that the 420s is that 420 Bits wrong is about what a single computer can get to within a few hours. So its no wonder that 420s are common for a lot of universities. Its just someone there who is running a little script to break the hash.

91.214.44.212 23:34, 2 April 2013 (UTC)

Although it's true that if you run a PC for a couple of hours, you're very likely ending up somewhere between 415 and 425, this does not explain such a peak at 420. If you consider the probability function for a PC's best result within a day, then maybe 420 is the most likely outcome, but you should see a lot of 421s, 419s, 418s and so on: Seeing a number in 419...415 before you see a 420 should have a chance > 0.5. BKA (talk) 11:47, 3 April 2013 (UTC)


All I see is a blank white 780x969 image. Nothing appears when I hover over stuff. 109.65.100.208 09:04, 1 April 2013 (UTC)

Sometimes it does that. It takes a while to generate, and it doesn't always render correctly. Try updating your browser or refreshing. Davidy²²[talk] 09:06, 1 April 2013 (UTC)

The person who provided the shopped image either isn't using a modern browser or is using IE. The font is supposed to be "xkcd-Regular", which I assume is a font that gets downloaded from XKCD's server. Loading the same page in IE 9 gave me that Times New Roman-esque font instead (Chrome, Firefox, and Opera use the special font, although it's rendered a little fuzzy in Firefox). 129.21.119.153 09:25, 1 April 2013 (UTC)

The dog part now shows "[email protected]" underneath the sliders for me. --Gefrierbrand (talk) 09:50, 1 April 2013 (UTC)

I think it matches the company in the first panel? (Currently CAREERS@XLINX INC for me.) --81.138.95.57 10:53, 1 April 2013 (UTC)

The page where the company name is supposed to be fetched from is "Sith" now, but I checked and the company is not there. I think this will take some time to decipher ... -- Hkmaly (talk) 11:12, 1 April 2013 (UTC)

.... uh, remember few pages ago where we JOKED about being used as distributted computer? Now we ARE used to crack the provided hash ... -- Hkmaly (talk) 11:15, 1 April 2013 (UTC)
It's April 1st. Maybe the idea that the company is sourced from a Wikipedia page is not true. That would explain the link to the Wikipedia fund raising page as an apology for the fact that there will be many XKCD readers vandalising the Sith page Jeremyp (talk) 11:38, 1 April 2013 (UTC).
... AND it's [wikipedia:Jean-Luc_Picard|Jean Luc Picard] now. AND there is actually Apple linked from it. While the Google is company doing recruiting now ... hmmm ... but Google actually IS mentioned in one of previous version of page ... damn vandals. -- Hkmaly (talk) 12:35, 1 April 2013 (UTC)
WAIT. Randal now mentioned "... Final Fantasy Tactics. But link on Jean Luc Picard could beat it". So either it's something like "taken from last edited page" or he is doing it manually. -- Hkmaly (talk) 12:42, 1 April 2013 (UTC)
"Microsoft Corporation is the first NASDAQ-100 company mentioned on the wikipedia page 'IBM'. But a link on 'Oprah' could beat it." -- Hkmaly (talk) 14:05, 1 April 2013 (UTC)
... AND wikipedia editors started observing the comics to edit-protect wikipedia entries BEFORE the vandals strike, as shown here. -- Hkmaly (talk) 14:49, 1 April 2013 (UTC)

The top of the page for the comic now mentions this: "You can change the company in this comic. Mouse over its name in the first panel. The schools are selected by a hash breaking competition." Don't think that was there before. More interesting is the first sentence. Do we have a list of wikipedia pages that he's tracking for the first company mentioned in the page? 220.224.246.97 17:52, 1 April 2013 (UTC)


Ignorant question: What is this hash finding competition? Was it announced somewhere? 129.67.199.117 11:56, 1 April 2013 (UTC)

Click that panel: http://almamater.xkcd.com/ Jeremy1026 (talk) 12:05, 1 April 2013 (UTC).
Looking in the externalities file, another usefull link is "... full standings at http://almamater.xkcd.com/best.csv" -- Hkmaly (talk) 14:24, 1 April 2013 (UTC)

The sad thing is that people are probably only donating to a good cause to see the dog-drawing get bigger. 76.106.251.87 14:11, 1 April 2013 (UTC)

In that case it's good Randal used GOOD cause. -- Hkmaly (talk) 14:24, 1 April 2013 (UTC)
Actually, the sad thing is taht people are vandalizing Wikipedia. --189.61.0.28 19:26, 1 April 2013 (UTC)

Can anyone explain what, if anything, the name/email/education values (fifth panel) refer to? 108.36.128.122 19:34, 1 April 2013 (UTC)

Looks like one random string and one random pair of strings. 178.238.159.109 20:12, 1 April 2013 (UTC)

Has anyone been able to reproduce the 1024-bit Skein hash values that he is generating at http://almamater.xkcd.com/? The hashes that he shows don't match the ones I'm getting from my Skein hash calculator (using 1024 bit output and 1024 bit internal state size). I tried feeding the same string into the hash function both with and without a trailing null character and neither matches. For example, if I type abc into the form, he shows 35a599...1f1f (edited for brevity), but I calculate that a hash of the 3-byte message "abc" should be 10a866...035c.Theodric (talk) 22:03, 1 April 2013 (UTC)

I'm getting completely different values also. 173.22.172.7 22:57, 1 April 2013 (UTC)
I have the same problem as you. I'm thinking that Xkcd is using an older standard of the encryption. I'm currently trying out the php versions of the code to see if I can get it to work. --LRFLEW (talk) 23:16, 1 April 2013 (UTC)
Nope. Tried all I could and still couldn't figure it out. My guess is that he's using a secret salt. --LRFLEW (talk) 23:37, 1 April 2013 (UTC)
Solved! :) I was originally using version 1.2 of the Skein hash function. Version 1.3 uses different constants and yields different results. The almamater page seems to be using version 1.3 -- my calculator now matches Randall's hashes.--Theodric (talk) 03:34, 2 April 2013 (UTC)
Where are you getting the implementation? I can't seem to get it to work even with v1.3. --LRFLEW (talk) 04:42, 2 April 2013 (UTC)
I'm using source code from here: http://www.skein-hash.info/sites/default/files/NIST_CD_102610.zip. I'm using the code in the Optimized_64bit directory. All C files were compiled with gcc as well as http://theodric.com/test_skein.c --Theodric (talk) 10:00, 2 April 2013 (UTC)
Thank you for the example code. I had two errors in how I was implementing it. The interesting problem I ran into was that the string to hash needs to be formatted for the web (so space becomes '+', ext.) --LRFLEW (talk) 17:02, 2 April 2013 (UTC)
Confirmed, xkcd uses skein 1.3. Did anyone find another implementation (besides the reference implementation)? I wasted an hour starting with the Java impl, before I decided to re-fresh my C, but now I am running roughly 7 million tests per minute on my poor notebook ;) Still way too slow to catch up with the current leaders. My best score is 415. BKA (talk) 12:26, 2 April 2013 (UTC)

"Wikipedia article on Template:hint: The perpetrators of the largest extinction in Earth's history" Would this be humans? I'm afraid to get in on the Wikipedia editing since I'm already in so-so standing due to some childishness in 2006... 76.106.251.87 21:54, 1 April 2013 (UTC)

The opening line of the first panel has changed. It's now "Ahoy, Carnegie Melonites!" (for the current school) rather than "Hey, [university] students!" (as listed in all the current entries for the changing first panel text). The question and response seem to be the same as before. And the fifth panel now has "if they're clever with their applications" instead of "provided any of them manage to fill out the application correctly". So showing the text as static in the comic image is no longer accurate. --50.0.108.18 23:00, 1 April 2013 (UTC)

If I visit http://xkcd.com/1193/ then the font is xkcd-Regular, whereas if I visit http://www.xkcd.com/1193/ then the font is the default serif font… (Iceweasel with NoScript) 178.238.159.109 02:44, 2 April 2013 (UTC)

The font is loaded from [2], regardless of where you see the comic from. However, Iceweasel (and presumably Firefox) dissallow cross-site access. For this reason, https://xkcd.com/1193/ also gets the default serif font. 128.211.198.17 22:24, 3 April 2013 (UTC)

Someone, please explain what hash breaking is. Jackdavinci (talk) 04:00, 2 April 2013 (UTC)

A cryptographically-secure hash function maps a set of numbers onto another set of numbers in such a way that converting forwards is easy, but converting back is difficult. The idea is that given a key and a lock, you can check the key against the lock by hashing the key and seeing if it maps to the lock. But given just the lock, you can't generate the key (easily). Randall gave us a lock, and the competition is to find the closest key. This is basically a competition to see who has the most computing power to generate lots and lots of keys. Keep in mind, I've glossed over a lot of technical details here. --173.162.57.51 15:22, 2 April 2013 (UTC)
There should be some cleverness involved in addition to access to computers. It all comes down to who can generate the most hashes in the time available, because as a good cryptographic hash Skein gives you no hint about how to change your input to get a result closer to your target, you just have to keep making guesses. But that is not just a matter of how many computers you have. For example, Googling around for implementations of Skein I didn't find any ready to run libraries for GPUs of Skein 1024 1024. A team at a university could have stuck with an existing C implementation running on an available set of computers, or taken the time to get it running on GPUs and get quite a bit of extra speed. Also, I haven't experimented with it, but a hash function should be faster if you give it a smaller input. The current best result from CMU would take on the average about 1 quadtrillion (1e15) trials to find. Given that the input to the hash has to be in the form of URL-safe printable characters, if you assume that your team will not have time to generate more than, say 1e16 hashes and the character set you have to work with is 100 characters (my guess from looking at my keyboard) then your test input strings do not have to be longer than 8 characters. Anyone who is generating test input for the hash that is any longer, for example if they are, as a really bad example, converting 1024-bit numbers to 256 ASCII character hex, is doing at least 32 times too much work for each hash calculation. Bugstomper (talk) 00:37, 3 April 2013 (UTC)
The time it takes to compute a Skein hash depends only on the number of bits of internal state, not of the input. This is intentional; if the execution time were dependent on input length, an attacker could execute a timing attack on the hash. AES is known to be sensitive to such attacks, but Skein is resistant. 140.254.153.76 04:14, 3 April 2013 (UTC)

Is it over now that it's after midnight? When I moused over the school name, it didn't give me a pop-up showing the next hint. 76.106.251.87 06:06, 2 April 2013 (UTC)

I would assume so. The wikipedia challenges needed to be done manually, automatic ones would be blocked by wikipedia staff (see my point about Elixir page). Also, making people vandalize wikipedia is not exactly nice. -- Hkmaly (talk) 08:52, 3 April 2013 (UTC)

Do you suppose the "Needs more Bob" possibility in the second panel is a reference to Microsoft Bob (an absolutely and justly reviled Microsoft product from the 90's)? 66.140.241.100 11:25, 2 April 2013 (UTC)

Scary Thought #392: 'Time' and 'Extenalities' are giving Explainxkcd heavy loads. This may be on purpose. Randall might upload yet another 'heavy' comic. Greyson (talk) 14:05, 2 April 2013 (UTC)

It does feel like he sometimes just releases comics that do unusual edge-casey things, just to see us wiki editors struggle with handling the comic. Then again, it might just be Randall trying to make a really dynamic and novel webcomic. Davidy²²[talk] 14:28, 2 April 2013 (UTC)
At the moment, xkcd.com seems to be down. Coincidence? --Johnsmith (talk) 06:49, 3 April 2013 (UTC)

I'm surprised no one had added the Activision/Blizzard versions. I know it wasn't up for long, but I expected we'd have a ton of gamers jumping at the chance to add that version of the comic. (Good thing I screen-captured it so I had a reference to work from!)

Did anyone try using http://xkcd.com/936/ as a method of generating hash inputs? --Theodric (talk) 13:18, 6 April 2013 (UTC)