Slashdot Mirror

Stop being an idiot. I'm an Xer too. There's a difference between a proper name (White as a surname) and a general and inaccurate term for an ethnic group (white or black). Show me any decent example of people capitalizing those; you won't find any. This has nothing to do with texting; no one except maybe stupid Southern racists ever capitalized white or black for ethnic groups in my lifetime that I can recall.

Here are some samples found by a simple search:

However, according to APA, racial and ethnic groups are designated by proper nouns and are capitalized: Black and White.APA Publication Manual, 6th edition, 3.14, p. 75. (quoted in an answer on Stack Exchange

Note: The capitalization of Black does raise problems for the treatment of the term ‘white.’ Orthographic evenhandedness would seem to require the use of uppercase ‘White,’ but this form might be taken to imply that whites constitute a single ethnic group, which is certainly debatable. Uppercase ‘White’ is also sometimes associated with the writings of white supremacist groups, which is a good enough reason for many to dismiss it. On the other hand, the use of lowercase ‘white’ in the same context as uppercase ‘Black’ would obviously raise questions as to how and why the writer has distinguished between the two groups. There is no entirely satisfactory solution to this problem and the uncertainty as whether to capitalize or not capitalize ‘white’ has discouraged many publications from adopting the capitalized form ‘Black.’ Word Wizard

But I also don't care if it's there, so long as the browser still meets my needs.

I'd suggest being slightly against it, then. You still pay the price in bloat - possible performance degradation, increased attack-surface, and more code to go wrong stability-wise.

WebGL was (totally predictably) a security nightmare, for instance.

" it's just that they were scammed and railroaded (or whatever you would call it before railroads were invented)."

Railroaded is the exact term.

"The term "railroaded" in the sense of having something forced through, either unjustly or without proper regard for those affected, clearly has it's origins in analogy to the way early railroads were build, often running straight through private lands and geographic features. "

https://english.stackexchange....

It is my understanding that the President CANNOT chose which law to act on and which law to ignore.

Haven't time to do an in depth search proving why not - but here is a series of answers to that very question:

https://politics.stackexchange...

You spelled fact wrong

Where have you seen it said that plurals of standalone letters need an apostrophe? I've always used things like "ISPs" because there are no letters missing, or is anything being possessed.

https://english.stackexchange....

But now the replacement Oxford Dictionaries Online firmly suggests to avoid the apostrophe except in a few special cases:

Apostrophes and plural forms

The general rule is that you should not use an apostrophe to form the plurals of nouns, abbreviations, or dates made up of numbers: just add -s (or -es, if the noun in question forms its plural with - es). For example:
...
MP MPs (e.g. Local MPs are divided on this issue.)

1990 1990s (e.g. The situation was different in the 1990s.)

It's very important to remember this grammatical rule.

There are one or two cases in which it is acceptable to use an apostrophe to form a plural, purely for the sake of clarity:
* you can use an apostrophe to show the plurals of single letters:
I've dotted the i's and crossed the t's. Find all the p's in appear.
* you can use an apostrophe to show the plurals of single numbers:
Find all the number 7's.

So you're correct about single letters, but you don't use the same rule for single letters and multiple letters.

That said, it's all just a matter of style. Find a style you like and pick a guide that supports it. :-) I'm sure another guide (CMOS, AP, etc.) does it your way.

But no matter what, it fucking well ain't "ISPS". :-|

As I sit here, preparing to teach electricity and magnetism (having corrected a minor error in the electrodynamics book I wrote to help supplement Jackson while teaching graduate electrodynamics, I do find it interesting that you ignore the actual algebra I put into my previous reply and instead attempt to argue using logical fallacies. Most of the Wikipedia articles on physics are, in fact, pretty damn good, and photons are considered "massless" particles in pretty much every physics textbook that considers them, where yes, the term refers to their rest mass but also where there is no real point in considering them to be massive in any other context and some serious inconsistencies to deal with when one tries to treat e.g. h\nu/c^2 as if it is a "mass" as far as gravitation is concerned.

A nice discussion of the latter is here:

https://physics.stackexchange....

And yet another article (containing many links to actual references) on the standard model in which the photon and gluon are indeed massless particles is here:

https://en.wikipedia.org/wiki/...

again with many references, such as almost any textbook in physics that addresses the issue at all.

Perhaps you could stop accusing people of ignorance and asserting that WIkipedia is written by idiots and instead provide an actual reference to a textbook or article in a peer-reviewed journal where it is claimed, with evidence, that it makes sense to associate a mass with a photon, even in the context of gravitation (where there is indeed a gravitational interaction with its ENERGY).

As documented in the historical documents, PANTS will be OBSOLETE in the 24th century.

yow, that sounds like an absolute Zippyism
also, someone please quote me on that in their .sig...

This really sucks for customers of StartCom (StartSSL):

• Your website suddenly stops working with no warning.
• There is no equivalent alternative to StartSSL

Basically Google (and to a lesser extent Firefox) have handled this really badly. I found out about this issue when I got a new certificate and it wouldn't work: StartSSL certificate gives SEC_ERROR_REVOKED_CERTIFICATE in Firefox and ERR_CERT_AUTHORITY_INVALID in Chrome

• The browser error messages are cryptic and inconsistent. None of them say what the problem actually is. None of them offer links to the blog posts or bugs announcing the revocation. The only way to figure out the issue is through searching.
• Google is killing existing certificates without making any attempt to contact webmasters. Google should be putting alerts in Google Search Console for every site that will be brought down by this change. At least Firefox limited the scope such that all existing certificates were grandfathered in.

StartSSL was the only certificate authority at its price point. You didn't have to pay by the certificate. You didn't have to pay for the automated process by which you validated ownership of domains. You only paid for validations of who you are and who your company is. Once you were validated, you could issue as many certificates as you wanted for any domains you own. For a flat fee of $200 per year, I could get all the certificates I needed.

The only alternative that I have been able to find is LetsEncrypt. While it is completely free it has some major disadvantages:

• LetsEncrypt doesn't offer wildcard certificates. I have a domain with about 60 subdomains. The lack of wildcard really hurts for me here.
• LetsEncrypt only offers the most basic level 1 certificates. They only validate that you have control over your domain. They don't offer level 2 that validates who you are. They don't offer level 3 that validates who your company is. They don't offer the level 4 extended company validations that give the green bar in browsers.

What... what... No.

Gases are compressible.

Liquids... aren't.

https://physics.stackexchange....

So, if liquids aren't compressible, I can go scuba diving miles down without worrying about pressure increases?

What... what... No.

Gases are compressible.

Liquids... aren't.

https://physics.stackexchange....

You can reduce root's privileges using systems like SELinux. -PCP

It does not magically reveal itself. Nothing does. But readable text is easy to compare, even to the human eye.
If I were to read code I wrote or supported, I would likely recognize it.

You could even consider using a computer.

https://en.wikipedia.org/wiki/...

http://www.drdobbs.com/archite...

https://academia.stackexchange...

...

Da5id = DaVid.

That is the answer for actually pronouncing the name.

https://scifi.stackexchange.com/questions/57071/is-there-any-guidance-on-how-to-pronounce-da5id-from-snow-crash

Problem is that many many Javascript libraries now use callbacks as a normal method of operation, often when it's not necessary. The result is now you get the "callback of death" with many nested layers of callbacks. It is ugly but worse, hard to read. Here is an example and some solutions.

Who cares if it is "livable"?

People who want to live.

It regularly gets 110F here in summer and people still live. In Canada it often gets below 0F and people live.

You seem to have missed the point. 110F is survivable. 110C is not.

The measurements 0F to 100F were based upon what at the time were perceived as the min and max temperatures the weather reached in Europe. That's not very scientific, even if it is meaningful.

That's not true at all. "The lower defining point, 0 F, was established as the temperature of a solution of brine made from equal parts of ice and salt. Further limits were established as the melting point of ice (32 F) and his best estimate of the average human body temperature (96 F, about 2.6 F less than the modern value due to a later redefinition of the scale). The scale is now usually defined by two fixed points: the temperature at which water freezes into ice is defined as 32 F, and the boiling point of water is defined to be 212 F, a 180 F separation, as defined at sea level and standard atmospheric pressure."

You can perceive the difference just about in 1C change. You can't perceive the difference in 1F change. A Centigrade is more meaningful to a human being as far as perception goes.

Again not true at all. I absolutely can perceive a 1F difference in temperature and so can most people. In fact we can detect temperature difference much smaller than 1F in many circumstances. If anything centigrade is a bit too coarse grained in that regard.

Isn't "heat" just slightly longer waves of red light?

Heat is kinetic energy. Temperature is a measure of the average kinetic energy of a system. It also happens that individual atoms/molecules can transition between energy levels by emitting/absorbing infrared radiation. That's the way that heat from something like the sun can travel through the vacuum of space to reach Earth.

Here is a discussion

It includes a quote from Elon, no telling if this is still the case:
  "We are going to weld steel shoes over the landing feet as a precautionary measure." -- Elon Musk

Can you cite any evidence for your opinion that "Without CATS, nothing in space is possible except on demonstration scale"? Here is some counter-evidence to your point.

While Russia has raised its prices recently, it used to charge about US$20 million to bring a person to the international space station and back. Increasing volume of one-way flights would bring those costs down given the current cheapest cost to orbit for a 200 lb human is likely closer to US$1 million based on current $5000 per pound launch costs for satellites:
https://space.stackexchange.co...

A million dollars (adjusted for inflation) is in the ballpark of what people paid to move from Europe to the Americas in the 1600s (according to Freeman Dyson in one of his books).

There are millions of people on Earth who purchase multi-million dollar homes. The availability of money for going to space right now for millions of people is simply not the issue.

So, why are these affluent people not moving to space? Why are they are instead buying multi-million dollar condos in NYC and multi-million dollar houses on the beach?

Answer: Because there are no long-term interesting cities or habitats in space yet worth living in for the long-term.

We need to build the space habitats first, and then transportation costs will fall to make them accessible to everyone

For one idea on build space habitats/cities, see:
https://en.wikipedia.org/wiki/...

From the 1929 by J.D.Bernal:
http://bactra.org/Bernal/world...
"Imagine a spherical shell ten miles or so in diameter, made of the lightest materials and mostly hollow; for this purpose the new molecular materials would be admirably suited. Owing to the absence of gravitation its construction would not be an engineering feat of any magnitude. The source of the material out of which this would be made would only be in small part drawn from the earth; for the great bulk of the structure would be made out of the substance of one or more smaller asteroids, rings of Saturn or other planetary detritus. The initial stages of construction are the most difficult to imagine. They will probably consist of attaching an asteroid of some hundred yards or so diameter to a space vessel, hollowing it out and using the removed material to build the first protective shell. Afterwards the shell could be re-worked, bit by bit, using elaborated and more suitable substances and at the same time increasing its size by diminishing its thickness. The globe would fulfill all the functions by which our earth manages to support life. In default of a gravitational field it has, perforce, to keep its atmosphere and the greater portion of its life inside; but as all its nourishment comes in the form of energy through its outer surface it would be forced to resemble on the whole an enormously complicated single-celled plant. ... A globe interior eight miles across would contain as much effective space as a countryside one hundred and fifty miles square even if one gave a liberal allowance of air, say fifty feet above the ground. ... However, the essential positive activity of the globe or colony would be in the development, growth and reproduction of the globe. A globe which was merely a satisfactory way of continuing life indefinitely would barely be more than a reproduction of terrestrial conditions in a more restricted sphere. "

And to get to that point of having such space habitats, we first need to learn how to build such sustainable self-contained and self-replicating things on Earth. Learning to do so so can benefit all of humanity right now.

Then, when we know how to make such things through Earth-based experiment and simulation, all it takes is *one* launch of *one* automated factor seed to the Moon or an asteroid (or

A good programming editor has the ability to make 'whitespace' characters visible somehow. IMHO, lack of that feature is one of the criterion for being good or being suitable for programming. (Yes, you can also write War and Peace in notepad.exe if you really have to.)

VIM has 'set list'.

Sublime shows whitespace on selected text.

Atom has the editor.toggle-invisible setting (and lots of packages to add menu option for it.)

Visual Studio has CTRL + R, CTRL + W Menu: Edit -> Advanced -> View White Space

In EMACS you have to write a little lisp code.

At the end of the day this is about as annoying as finding the missing semicolon in ALGOL-style code.

The Paris Accord was a 2015 modification to that Treaty. Modification to the treaty or accord requires Senate approval. No such approval was obtained. As such, the USA was never part of the Paris Accord.

Sorry to burst your bubble, but the whole point of the UNFCCC treaty was to create a "framework" (it's in the name) for future climate agreements.

The Paris Agreement was specifically designed to be "voluntary" in many of its requirements to avoid the legal issues that plagued the Kyoto Accord back in the 1990s. The Kyoto Accord *did* place legally binding restrictions on climate actions to be taken by the U.S., and as such, it required Senate confirmation (where it was rejected).

Executive Agreements do not necessarily require reconfirmation of the Senate when they are implementing a treaty already approved by the Senate. Specifically, if they do not modify existing domestic laws, executive agreements generally don't require Senate confirmation. (Note that Executive Agreements are not uncommon -- the U.S. has engaged in over 18,000 of them, some dating back to the early days of the country, compared to only a bit over 1,000 treaties.) As I understand it, the Obama administration intended to enforce its contribution to the agreement through existing federal statutes and regulations (like the Clean Air Act), so no changes to domestic laws would be necessary beyond what was already achieved in the UNFCCC treaty.

Note, of course, that an Executive Agreement is less binding than a treaty, so there's no question that Trump has the authority to unilaterally withdraw from it, though doing so without following the terms of withdrawal in the agreement would be a diplomatic disaster that would undermine U.S. authority in international negotiations.

HTTPS over UDP

From what I've read, it is a fancy way of saying modules will enforce the object oriented paradigm.

Loooks like this might be the Java version of the Python package (a collection of modules) with a layer of access control. Being a Java implementation, it's going to be a fine mess.

https://softwareengineering.stackexchange.com/questions/311280/why-packages-and-modules-are-separate-concepts-in-java-9

The stories about Monsanto suing innocent farmers are myths or more complicated than some narratives portray them. Popular Monsanto myths have been debunked over and over, yet they keep being brought up:

http://theness.com/neurologica...
http://www.npr.org/sections/th...
https://geneticliteracyproject...
https://skeptics.stackexchange...

I would at least recommend an excerpt from The Skeptics Guide to the Universe podcast about Monsanto myths:
https://www.youtube.com/watch?...

You can't possibly be this stupid. Can you? Jesus fucking Christ. This is Slashdot. You can't possibly be this fucking stupid. Please, for the love of God, tell me you're trolling. Please tell me you're trolling. It's everywhere, therefor in your mind is must be secure? FUCK. Kill yourself. Please! Kill yourself. If you've reproduced, kill yoru children too. Stupidity of this magnitude can't be allowed to spread. It's a moral imperative!

>> infinite amount of loss.
> This is a piece of audiophile bullshit that makes no more sense

Agreed that this is bullshit.

> than the tortoise and the hare "paradox"

There is no paradox.. You DO realize the infinitesimal does NOT physically exist, right?

Reality is Quantized in both Space and Time. That is, Reality is DIGITAL.

i.e. According to Physicists,

* There is NO thing smaller then Planck length approximately 1.616229(38) x 10^-35 m.
* There is NO time less then Plank time approximately 5.39 x 10^-44 s.

We have NO idea if anything smaller then Planck length or Planck Time exists and probably never will via Science. The smallest length that has been directly measured is between 10^-18 m (LHC) and 10^-22 m (single electron).

* What is the smallest length scale ever measure

--
Stack Overflow RETARDS: "Fixed compilation errors by adding missing headers" is NOT "more accurate or more accessible." WTF?!

Fair enough. I was wrong. https://physics.stackexchange....

In my understanding, the low-level resolution of printers is much higher than the resolution of full colour or grayscale pixels you'll get. So something like 5000 dpi doesn't sound that weird, but that would only apply to monochrome images. https://graphicdesign.stackexc...

This problem has previously been posed on stackexchange. You can use this computer to generate the shortest possible code that satisfies a set of unit tests.
Also, the mere existence of such a computer would prove that P=NP, so that would cause some pretty huge shockwaves even without using the computer at all.

I understand the objection to systend as "violating UNIX design principles", but for those of us out in Userland, who just want the damn OS to work -- what are the pros and cons?

I read this:
https://unix.stackexchange.com...
which is all dandy from a technical POV, but doesn't tell me how it affects me as an everyday-desktop-OS user.

This stack exchange article calculates the power needed to hover:

https://physics.stackexchange....

At perfect efficiency, you need about 10 watts to hover 1kg. Assuming around 20% efficiency, carry 300kg is 15k watts, or 20 horsepower.

Meh, it seems a common 'misunderstanding':

https://english.stackexchange....

Period in the context that you are referring to is used as an idiom of sorts. It means there is no counter argument.

For example, "Chuck Norris will kick anybody's butt, period."

or

"Abstinence from sex is the best STD prevention, period."

There is usually a pause after the sentence and before the word "period".

Another thing that Americans say instead of "period" is "end of story".

Putting "stuff" up there (LEO) costs between $2K and $13K [1]. Just to be expensively de-orbited.

Now I know it's a *horror* for your standard capitalist these days, but what about, like, PLANNING (omfg, he's said the *P* word!) a bit ahead?

Think about some standards which would make those things as recyclable as possible (like trying to keep a set of agreed-upon materials, standards for easy deconstructibility -- all things which, you know, *might* help us down here too), working towards a LEO factory of the future?

Heck, folks: some of you are dreaming of 3D printing dwellings on Mars, let's fucking tackle LEO first!

[1] https://space.stackexchange.co...

As long as we're going to continue this silly discussion, it should be noted that if the proper materials are used overheating is not a problem. Iron, for instance, melts at 1538 C, and at well below that temperature it is radiating far more energy than it is receiving from the sun.

In fact, black body radiation in the Earth's orbit is temperate.
http://space.stackexchange.com/questions/7827/whats-the-typical-temperature-of-a-satellite-orbiting-the-earth

People on Aviation.stackexchange has asked/answered this already: Could you land a large airplane on short circular runways?

Than is operator>= ()

Maybe you want memcmp ()

Uh, no. Try again.

http://english.stackexchange.com/questions/38917/using-compared-with-in-comparison-with-or-than-to-compare

Usb devices? The os, and therefore you, decides what happens when usb devices connect.

Nope. USB operates at a lower level than the OS. USB is capable of talking to other pieces of hardware without the OS's involvement (or knowledge). USB even has Direct Memory Access.

You're wrong. I used to write drivers for USB 2.0 host controllers. A controller might have DMA support, but it still need to be directed where to write and when.

I haven't touched USB 3, but AFAICT the following is still true:

• There's no device to device communication, devices are slaved to the host and can't initiate transactions
• The USB standard says nothing about DMA
• A xHCI controller can probably access memory, but only as directed by the drivers. (Unless your USB controller is malicious, but then you probably have hostile hardware attached to your primary bus, at which point USB isn't really your problem.)

I suspect you might be confusing USB with Firewire that had that particular misfeature (i.e device initiated DMA), or possibly with Thunderbolt, when allowing PCI Express extension

You might also want to read This answer on security.stackexchange, though note that the answer confuses USB 3.0/USB 3.1 with a specific xHCI implementation.

I think it is grammatically correct to have a list without either "or" or "and." Here are some good examples: http://english.stackexchange.c...

Agreed!

A better way to put that into perspective would be to mention that that Moon's orbital path is 2,412,517.5 km (or 1,499,070 miles) and that if it were orbiting the Earth at the same speed as this star, it would orbit every 11.5 minutes (2,412,517.5 km / 12,600,000 km/hr), or 5 times an hour.

Due to this page http://www.baesystems.com/en/c... they are pretty much screwed any where in the world, when that page hits the court. False advertising, contractual misrepresentation and employment under false conditions. Why they chose this path, in this incident, is likely indicated of poor hiring practices, specifically the human resources twit, who will likely be looking for a new job (one rush of ego and power trip and millions of dollars of recruiting advertising pissed against the wall). That BAE have to self promote extensively to hire people into Death industries, is pretty indicative of unpopular working for them has become, if affect making their employees death eaters (oddly apt for them, http://scifi.stackexchange.com... and they sick desire to fully control the deaths of others). It really is a crap industry, surviving on the death and misery on others but they like to tell themselves they provide for the defence of their country. Nah, just greedy and a lack of self conscious though to guide them past the immorality of their employment.

Puts me in two minds about the victim, when employees or ex-employees of death industries want us to be sorry for them when they show not the slightest bit of sympathy or empathy for the people their efforts mangle, main and kill, men, women and children and even their pets. Like all things a choice but not empathy for others in your employment choice but you demand empathy. Might be a bit harsh but when those death industries actively and corruptly promote war, and lobby for more conflict with complete disregard for all those they kill, you have to start looking at their employees in a different way, even when you are related.

In theory, there IS a way to store passwords in a way that works kind of like a reversible hash... use RSA in "deterministic" mode ("RSA/ECB/NoPadding"). Basically, generate your keypair, and keep the private key offline and physically secured. When users register, use the public key to encrypt the salted password. When users subsequently authenticate, encrypt whatever they entered with the correct salt & compare the results, just like you would for a hash function. And if you someday ever need to do some kind of software migration that would otherwise require wholesale password resets, you can bring the private key out of storage and use it (on an offline computer) to decrypt a copy of the current passwords, then re-encrypt/hash them by whatever new means you're using.

Note that this is NOT the way RSA normally works. Usually, random padding gets added to the plaintext before encryption (and thrown away after decryption), to ensure that two identical plaintext inputs won't produce the same plaintext output. And even fairly LONG RSA keys can only encrypt a relatively small number of bytes. A 2048-bit RSA key is probably long enough to directly encrypt a 16-character password (assuming worst-case UTF-8 encoding and 4-6 bytes per character), and 1024 bits MIGHT be enough, but I'm pretty sure that 1024 bits would be the smallest power-of-two big enough to directly encrypt arbitrary passwords of reasonable length.

There are some sobering things to consider, though:

1. There's no official PKCS standard for doing this, which means you'll be using a scheme that hasn't been peer-validated, and has zero high-level support by any off the shelf software product. In regulated industries, the fact that it's not a PKCS standard will probably disqualify it outright.

2. There's more to encryption than dumping bytes into a black box, ESPECIALLY when it comes to RSA (google "textbook RSA OAEP" (sans quotes) for the gory details of what happens when you try using Schneier's "Applied Cryptography" as an implementation cookbook rather than as a high-level introduction). Reference: http://crypto.stackexchange.co...

3. If you're planning to use BouncyCastle, I'm pretty sure I remember reading that deterministic RSA ciphertext isn't deterministic across platforms. In other words, if you encrypted a given plaintext with key in a C# program under Windows, you wouldn't necessarily get the exact same output if you ran a program written in C++ running on Linux with the same plaintext and key. They'd both DECRYPT to the same original plaintext, but the encrypted bytes wouldn't necessarily be identical on both platforms.

Is this more secure than storing the passwords in plaintext? Unquestionably.

Is this more secure than encrypting the passwords with AES, using a key protected only by filesystem security? Probably.

Is this more secure than storing the original passwords using the most robust mode of RSA currently available, alongside a salted SHA256 hash that's used for routine authentication? I don't know. I'm pretty sure that giving attackers two copies derived from the same plaintext reduces their aggregate security, but I don't know whether the resulting, diminished security would be better or worse than using deterministic RSA to encrypt the password instead.

The gold standard, probably enshrined in at least one PKCS standard, would almost certainly involve hardware PKI... very, very expensive hardware PKI.

TL/DR: deterministic RSA is probably the least-bad option available to someone not required to follow PKCS standards, but it's kind of like transpolar air traffic(*)... a few guidelines, but you're pretty much on your own and fucked if anything goes wrong.

First of all, I'm amazed NO ONE mentioned the classic xkcd comic on memorized random password security: https://xkcd.com/936/ ...

1) Generate a SINGLE 6-7 word diceware PASSPHRASE.

Such passphrases are EXTREMELY weak. The words are easily predictable (just use a few different language dictionaries, and the usual uppercase/lowercase/substitution combos) and concatenating several of them doesn't increase the amount of entropy enough to resist brute force attacks on a cheap GPU.

Er, what? The letters on a keyboard are easily predictable too, what matters is that the order they are in is generated randomly and not by a human. As long as you use the Diceware methods to generate passwords randomly you have a higher number of possible combinations to work with (the Diceware word list is 7776 words so 7 of those picked randomly gives you a lot of combinations).

See here: https://security.stackexchange.com/questions/10294/can-a-dictionary-attack-crack-a-diceware-passphrase

Look up rainbow tables, people!

Salting negates that threat. If the site doesn't salt or limits you to 11 character passwords, it has bigger problems and a good password won't protect your account.

AND, even if you managed to memorize all this, it's a goddam PAIN IN THE ASS to type these passwords in, especially on phones.

Any half way good password manager will copy them for you. Keepass on Windows and Android does, for example, and it's implemented in a secure way. You don't even have to display the password on screen, so no danger of shoulder surfing.

The best option is to use something like Keepass with both a password and a keyfile. Store the database in the cloud for easy access, but keep the keyfile local only. Then you only have to copy it to each device once, while the database can be synced whenever changes are made. Use a good, random password (you just have to memorize it, there is no getting around it).

Something easily memorable like a Diceware password, perhaps.

Correct my math if I'm wrong

The maths is wrong. The error rate is 1 in 100000000000000. So if we read 100000000000000 bytes the probability of us hitting an error is ~63% (link).

However, we are only reading 8000000000000 bytes, which is 8% of 100000000000000. So the probability of hitting an error somewhere in 8000000000000 bytes is ~5% (0.63*0.08).

There are several projects/tools out there.
Search for reed-solomon

https://www.thanassis.space/rs...
http://unix.stackexchange.com/...

I used par2 to put my videos on CD-R, but those are now 10 years old and I did not check if it's still readable :-)

I take it you've never seen a team that for some reason merged current files on a pull to effectively revert commits pushed to the remote with their few intended changes, over and over and over, across several people, for days, before noticing that there was a problem. You will bang your head on a desk shouting "why didn't they notice there was a problem..."

I can't believe though that question was upvoted 13,182 times. According to this SA "most upvoted" query, it's the currently the second most upvoted question they have. There are a *lot* of questions on SA. Sorry, but there is something wrong when something that should be so obvious is a problem that is so commonly faced by so many people when trying to use a "common" and "most fit for the purpose" tool.

Unbelievably, the third most upvoted question is also related to git. Five of the results in that query are related to git. That's 25% of the top 20 upvoted questions on SA. No questions in the top 20 are related to subversion. I believe that is valid circumstantial evidence that git is difficult to use and understand, especially the concepts related to it. That doesn't mean it's bad, but if you're working with a team that doesn't have much SCM experience (thankfully that's becoming less of an issue quickly), and you don't have time to commit to everyone on the team being able to pick up the nuances of git for a project, SVN is a great way to go as it's extremely simple, mostly due to significantly less feature coverage. Though, $deity help you if you aren't sitting next door to the server.

Using memory dependent hashes works better if one is a small server since one will rarely have a lot of people sending in their passwords at the same time, so the RAM space you need isn't that large. If you are a large organization then this doesn't work as well because you then need room to be able to do many such calculations functionally simultaneously.

Meh. If you are a large organization, you can afford more.

Anyway, the point is that you should turn it up as much as you can afford.

I agree that there's a linear v. exponential difference there(although for many of these it is more like linear and subexponential due to algorithms like the number field sieve),

Yes, NFS is subexponential, but not very "sub". And anyway, RSA is old, broken crypto which should be migrated away from.

but the rest of your comment is essentially wrong. We keep keys just long enough that we consider it to be highly unlikely that they are going to be vulnerable, but not much more than that.

I hate to resort to appeal to authority, but the actual analysis required to prove it is way more effort than I have time for this morning. Take a look at keylength.com, it has a host of authoritative references.

In fact, it would be a lot safer if we increased key sizes more than we do, but there are infrastructural problems with that. See e.g. discussion at http://crypto.stackexchange.com/questions/19655/what-is-the-history-of-recommended-rsa-key-sizes

Heh. In my previous reply I actually typed a long section about why RSA is a weak counterexample to my argument, but deleted it because it's nitpicking. Since you chose to pick that nit...

It's a valid counterexample because RSA key generation, and, to a much lesser extent, RSA private key operations, are computationally expensive enough to stress low-end devices (an issue I often have to deal with... I'm responsible for some of the core crypto subsystems in Android). But it's a weak counterexample because RSA is not modern crypto. It's ancient, outmoded, we have some reasons to suspect that factoring may not be NP hard, using it correctly is fraught with pitfalls, and it's ridiculously expensive computationally. And even still, the common standard of 2048-bit keys is secure for quite some time to come. As that stackoverflow article you linked mentions, the tendency has been to choose much larger-than-required keys (not barely large enough) rather than tracking Moore's law.

So, yeah, if you use an outdated, ridiculously expensive algorithm, and you do it on very low-spec hardware, and you want it to be secure for a very long time then, yeah, you might end up having to use barely-large-enough key sizes.

Don't do that. For asymmetric crypto use ECC. Preferably with an Edwards curve, so you don't have to deal with niggling suspicions that the curve is weak in some obscure way known only to the NSA.

It might be. I've not looked into it so just throwing out a theory, but I would assume that most people don't bother putting the time and money into appeals that they're guaranteed to lose...

If there's also some sort of pre-review to further knock off ones that the appealer thinks might have a chance but the court doesn't, again the ratio pushes in favor of cases that get overturned.

Your theory is correct. There's a good discussion of the issue here.
From the link:

This would give an approximate breakdown of 84.7% of cases weren't even considered by the Supreme Court, 15.1% of cases were declined by the Supreme Court, 0.12% of cases were overturned, and 0.03% of cases were confirmed."

But this is exactly why good password hashing algorithms are moving to RAM consumption as the primary barrier. It's pretty trivial for a server with many GiB of RAM to allocate 256 MiB to hashing a password, for a few milliseconds, but it gets very costly, very fast, for the attacker. And if you can't afford 256 MiB, how about 64?

Using memory dependent hashes works better if one is a small server since one will rarely have a lot of people sending in their passwords at the same time, so the RAM space you need isn't that large. If you are a large organization then this doesn't work as well because you then need room to be able to do many such calculations functionally simultaneously.

Nope. The leverage factor in the password hashing case is linear, since the entropy of passwords is constant (on average). The leverage factor for cryptographic keys is exponential. The reason we don't use much longer keys for public key encryption, etc., is because there's no point in doing so, not because we can't afford it. The key sizes we use are already invulnerable to any practical attack in the near future. For data that must be secret for a long time, we do use larger key sizes, as a hedge against the unknown.

I agree that there's a linear v. exponential difference there(although for many of these it is more like linear and subexponential due to algorithms like the number field sieve), but the rest of your comment is essentially wrong. We keep keys just long enough that we consider it to be highly unlikely that they are going to be vulnerable, but not much more than that. That's why for example we've been steadily increasing the size of keys used in RSA, DH and other systems. Note by the way that part of the concern also is that many of these algorithms require a fair bit of computation not just on the server side but on the client side as well which may be a small device like a tablet or phone. In fact, it would be a lot safer if we increased key sizes more than we do, but there are infrastructural problems with that. See e.g. discussion at http://crypto.stackexchange.com/questions/19655/what-is-the-history-of-recommended-rsa-key-sizes The only way that the linear v. exponential(or almost exponential) comes into play is how much we need to increase the underlying key size or how long we need to make the next hash system if we want it to be secure. Keys only need to be increased a tiny bit, whereas hashes need to grow a lot more. But in both cases we're still not making them any longer than we can plausibly get away with for most applications.

Or you can just forget about iOS and loose only about 15% of the market

Is iOS 15 percent of the market by user count, or is it 15 percent of the market by revenue? There's a big difference. Assume for the moment that the mean iOS user spends $40 per year on apps, while the mean Android user spends $5 per year. Then 15 percent of the market by user count represents a 15 * 40 / (15 * 40 + 85 * 5) * 100 = 59 percent of the market by revenue.

http://space.stackexchange.com...

actual collision that happened, near-perpendicular. No detectable shards on escape trajectory, but quite a few in a considerably higher orbit.