Slashdot Mirror

← Back to Domains

Domain: xkcd.com

Stories and comments across the archive that link to xkcd.com.

Comments · 12,563

  1. Re:Generators by FatdogHaiku · · Score: 4, Informative · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    No, it's correcthorsebatterystaple...
    https://xkcd.com/936/
    No one would ever guess that.

  2. Re:Obligatory... by harperska · · Score: 1 · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    Have you actually ever tried an XKCD style password? I have used randomly generated ones and have found them far easier to remember than pure random character passwords. The trick, as shown in the last panel of the comic itself, is to come up with a mnemonic story describing the random sequence of words. Rather than just trying to remember the sequence "correct", "horse", "battery", "staple", you imagine a scenario where the horse is correct about staples used on batteries. The scenario itself is easy to remember, and results in the word sequence. A horse being correct about something is a "correct horse", and a staple used on batteries would be a "battery staple". Combine them all, and you get "correct horse battery staple".

  3. A bit of an essay... by Sarten-X · · Score: 5, Informative · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    In an offline cracking scenario, the number of possibilities is what counts, not which possibility you used. That means users should have the option of simple or short passwords, but should use long ones. For ease of use (more on this later), a passphrase of several words and punctuation is appropriate. Don't mandate the use or exclusion of any particular symbols, because that reduces the search space, and similarly reduces the time to break the password. In a famous example, "correct horse battery staple" is far more resistant to brute-force attacks than something complex like "Tr0ub4dor&3".

    In an online cracking scenario, uniqueness is what counts. If an attacker has harvested your password from one location, they will try to use it to access another. Make sure every password you use is unique. Dumb tricks like appending the site name to a common password are easily caught by attackers, so they don't improve security much. The best way to mitigate the risk of an online attack, then, is use a trusted password manager to create and store your passwords, so every location has a long unique password. This is the approach I use, and most of my passwords are 24+ characters, randomly generated, and all unique.

    For universal access, I keep my password manager's encrypted database files in a cloud storage service that my phone can access. Even if that storage is compromised and my file is stolen, it's useless without my master password, which is of course different from every other password for any other purpose.

    If you're ever designing a system to handle authentication, the best solution is to not do it. Thanks to standards like OpenID and OAuth, you can connect your services to someone else's authentication, because they're far more likely to handle it correctly.

    If you must do your own authentication, use sane policies. Require long (10+ characters) passwords, but don't force numbers or symbols. Requiring a number in a password cuts the password's resistance to brute-forcing by about half (very roughly speaking, and noted in TFS). Make sure nothing in your application interferes with the use of password managers, which often use the system clipboard to copy/paste passwords. To improve user experience, avoid asking for the password at all, instead using an expiring authentication token to reinstate a previous session. The less often a user has to type their password, the less averse they'll be to having a long and secure one.

    On the back end, if you must store passwords, make sure they are hashed using a modern secure algorithm (AES-256, SHA-2 or SHA-3) and salted, and do that as soon as possible in your back-end processes. No, your users do not need a way to recover their old passwords. They need a way to reset their password to a new value, and that should only happen by using two separate forms of ID (like a phone call to customer support verbally confirming security questions and an email to the address on file). Those security questions should also be as unrestricted as passwords. Allowing the user to enter open-ended prompts allow the user to use prompts that are only meaningful to them, and are thus much more difficult to find an answer on social media.

    Above all else, do not take advice from others, including me and this post, without understanding the reasoning behind it. Computer security is steeped in several decades of little more than superstition, relying on "common knowledge" that often turns out to be incorrect. It may start out well-intentioned, but the implementation is usually missing a key detail, undermining the security of the whole system.

  4. Long much better than short and complex by bobharris · · Score: 1 · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    A long easy to remember and enter password beats a short complex password that requires finger gymnastics. As others have pointed out, the XKCD comic says it all https://xkcd.com/936/ Also look at https://www.grc.com/haystack.h... Now if you are always going to use a password manager to enter the password for you, then long and complex is the best of both worlds, as long as you do not personally need to do the finger gymnastics of entering the long complex password. And if using a password manager, make the access to the password manager a long easy to remember and enter password, as that is the one you will be typing a lot.

  5. Obligatory xkcd cartoon by Rick+Zeman · · Score: 0 · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    https://xkcd.com/936/

  6. Relevant xkcd comic by suupaabaka · · Score: 3, Insightful · on Ask Slashdot: How Do You Create A Highly-Secure Password? (securitymagazine.com)

    xkcd covered this a while ago.

    I use this now. Not the actual passphrase, but the principle.

  7. Always Another Way... by ytene · · Score: 1 · on RSA Keys Can Be Harvested With Microphones (theregister.co.uk)

    Whilst I am prepared to accept the findings of this research and happy to accept that in principle it is possible to infer the calculations being performed by a computer system using nothing more than the "background noise", they produce, I have to believe that there are a myriad of easier ways that the same information could be obtained:-

    https://xkcd.com/538/

    It is likely that these attacks may be attempted by government agencies looking to crack encryption operated by foreign powers. However, in the majority of the cases I've personally looked at, I see poorly-implemented surrounding controls. Issues include having passphrase data stored on a computer so that an application can decrypt traffic without human intervention, only to have that passphrase file left protected by nothing more than local file system permissions. Let's be honest, owning the file with root and setting permissions to rw-/---/--- aren't going to pose much of a problem to a determined attacker, are they?

    This is one of the fundamental issues with encryption: people believe that because they are using high strength key lengths that they are secure; no thought is given to local protection of critical data, to PRNG entropy, to side channel data.

    Too many people get blinded by, "Oh, it's OK, it's encrypted", when that means squat if the related safeguards are compromised...

  8. Re:Major flaw in the argument by Triklyn · · Score: 1 · on Elon Musk: 'One In Billions' Chance We're Not Living In A Computer Simulation (vox.com)

    https://xkcd.com/505/

    as long as the simulation isn't rocks right?

  9. Extrapolating by DarthVain · · Score: 1 · on Elon Musk: 'One In Billions' Chance We're Not Living In A Computer Simulation (vox.com)

    Elon Musk should read this comic:
    https://xkcd.com/605/

    I mean clearly he is a smart guy and an astute businessman, but either this was out of context, off the cuff, or not a clearly thought out comment.

    Just about everything follows the same general premise. In the beginning there is a lot of advancement, because there is a lot to discover, progress is rapid. Eventually things get a bit tougher, as generally speaking the low hanging fruit has already been picked. Near the end, as whatever it is we are talking about matures, there is less and less to work with, advances are small and subtle, and grind to almost nothing as you go.

    Add to this, typically the reason we do things, capitalization, there comes a time where sure you can make something go 1/100ths faster or whatever, but due to costs which unless they go down (which there is also limits to), makes the incentive to advance any further increasingly diminish. Law of diminishing returns in general. Sure if you take that particular diminishing curve as it approaches infinity, you can predict pretty much anything. However that is an abstract concept and construct, not a real thing in reality. In reality things are not so simple and mathematical. The spherical cow joke for example.

    Yeah we have come a long way with AI and VR, etc... in the last 20 years, I've seen it. Yes I agree we have ample room to grow with these technologies. However to assume that the last 20 years of growth is representative of the next 20 years, let alone the next 10,000 is silly. Indeed extrapolating that far out considering all the factors and variables that could occur in that period is literally nothing more than fantasy.

  10. Re:They're trying to patent "human" genes by tsqr · · Score: 1 · on Scientists Announce Plans For Synthetic Human Genomes (washingtonpost.com)

    Except that it's not that simple (biology never is). Yes, multiple codons may code for a single amino acid, but they may yield different expression levels or transcription rates. In the genetic manipulation world, "codon optimization" is already a thing.

    Or, to put it another way, "Wow, biology is impossible."

  11. Re:Major flaw in the argument by karlandtanya · · Score: 1 · on Elon Musk: 'One In Billions' Chance We're Not Living In A Computer Simulation (vox.com)

    Not the one I was thinking of...
    A Bunch of Rocks

  12. Re:Major flaw in the argument by Dutch+Gun · · Score: 4, Funny · on Elon Musk: 'One In Billions' Chance We're Not Living In A Computer Simulation (vox.com)

    Maybe GNU Hurd will be ready for prime time by then.

  13. I use it but I'm not even sure what's new by Galaga88 · · Score: 1 · on Ask Slashdot: Would You Recommend Updating To Windows 10?

    I upgraded my home PC to Windows 10 because I support distance learning students at a college and knew they'd be showing up with laptops with Windows 10 preinstalled. The upgrade fiasco was totally unexpected.

    From my POV, I'm not even clear what's different from 7 and 8.1. I mean, I *know* the UI has changed considerably in a lot of places but that's just where you find buttons. Similarly, I have no interest in Modern/Metro Apps or whatever they're called. As long as I can use Explorer to manage my files, launch Chrome to get online and my games work and the software I rely on work (Office, some assorted productivity/video editing software), I really don't care. And all of those things have worked fine between 7/8/8.1/10. I've seen no performance decrease in my path from 7 -> 10.

    At some point a file versioning tool showed up in Windows, and it still works in 10, so I guess that's good? The Task Manager seems much improved? I like the flat theme just fine?

    Really, I can't help but be reminded of this: https://xkcd.com/934/

  14. Re:Yes. by StevenMaurer · · Score: 1 · on Computer Generates Largest Math Proof Ever At 200TB of Data (phys.org)

    Why does light scatter that way? Because the molecules are much smaller than the wavelengths involved, but the closer the size ratio, the bigger the interaction.

    Rayleigh scattering? I think it might actually be a bit more complicated than you think.

  15. Re:"Desktop" LOL by Kjella · · Score: 2 · on Intel Launches Its First 10-Core Desktop CPU With Broadwell-E

    It's obviously not meant for plebians. It's meant for the programmer who makes >$200 an hour, i.e. the time lost to compiling is worth more than this extreme high-end CPU is.

    Oh please, according to OpenBenchmark you can compile the Linux 4.3 kernel in 62 seconds on an Intel Core i7-5960X. Unless you have a developer who just whacks the build button to throw shit at the wall and see what sticks - which is not the kind of person you should be paying >$200/hour - then almost any kind of employee perk or complimentary service would be more effective than 0.1 second off his compile time.

  16. Re:I'd argue we need moalready to mucre humanities by dgatwood · · Score: 1 · on Apple CEO Tim Cook: I'd Require All Children To Start Coding In 4th Grade (thehill.com)

    Firstly, how much time did You spend learning how to play an instrument? Do You believe that this would be possible without a mind that is calmly capable of analyzing mistakes it had made, and then making corrections? Or do You believe that Your skill in playing an instrument stems exactly from pure emotions You have?

    No, but I wouldn't describe it as a "punishing amount of self-training". First, unlike programming, most people are taught to play music, rather than being self-trained. The stuff that you do on your own is more typically practice. The distinction is subtle, but important; training is learning new skills, whereas practice is honing existing skills through repetition. Second, the word "punishing" sounds like practicing an instrument is torture. Well, maybe if you play violin, but....

    Secondly, who says that analytical things aren't fun?

    I didn't say that they aren't. You can find fun in anything; I didn't mean to imply otherwise. My point was that if it feels like punishment, that's probably a bad sign. :-)

    Just because two things use the same wiring of the brain (which is what we assume here), doesn't necessarily mean that excersising one helps the other. The correlation can also be a negative one: one thing might be damaging to the other.

    True, but if that were the case, there wouldn't be a strong correlation between musical ability and programming ability, because learning music would ruin you as a programmer, rather than strengthening your spatial-temporal reasoning as it appears to do.

    Still a bit of "a failed musician" (I apologize again for the ad personam) -- I dare say that You could be a much better and a more accomplished musician if You could devote the fullness of Your time to the lifelong stufy of music.

    Certainly true. I've definitely hit a plateau where improvement is relatively slow because of lack of practice. That would be true for splitting your time between any two or more skills, of course. I wouldn't call that a failure, though, just a choice of balance between competing activities. For that matter, I also have to balance it with all of my other hobbies, including writing, photography, videography/moviemaking, woodworking, electronics, etc. After all, there's only so much time in a lifespan.

    Similarly, I can't say "oh, I can adjust it later" in woodworking.

    Although true, it's not really the same. This is why we take the time to laboriously measure wood before we cut it (and then swear when we measured it wrong). There's a lot of planning involved, a lot of design, a lot of careful planning. With music, you have to do almost everything in real time. There's careful planning, but the careful planning is in the form of doing the same thing over and over until you can do it (approximately) right every time. I guess to some extent that's true for some aspects of woodworking, such as turning something on a lathe, but it is kind of the exception rather than the rule, and it is also the sort of thing that we often do with CNC machines these days.

    Now in theory, writing software is supposed to involve lots of advance planning, too, but in practice, we usually just hack it together with Perl. And software continually gets redesigned. It's the computer equivalent of an office building's architecture, where you build the basic structure to be flexible, knowing that they are going to rip the walls out every two years and completely change everything... except that they constantly change the slabs and the roof, too. That's why learning to rapidly adjust to unexpected inputs results in both better musicianship and better coding.

    I will, however, grant you architecture and gardening, at least when done on a large scale. The ability to visualize such things in three dimensions

  17. Re:Did anyone read the whole thing? by Solandri · · Score: 4, Funny · on Doubts Raised About Cellphone Cancer Study (vox.com)

    Forgot to link the relevant XKCD cartoon.

  18. Obligatory XKCD by Anonymous Coward · · Score: 0 · on Doubts Raised About Cellphone Cancer Study (vox.com)

    https://xkcd.com/882/

    Explore enough subgroups, and eventually one of the subgroups will suggest a correlation.

  19. Re:Slashdot Fortune sums up the article w/ irony by matbury · · Score: 1 · on Ray Kurzeil's Google Team Is Building Intelligent Chatbots (theverge.com)

    "Computers will one day exceed human intelligence. -- Ray Kurtzweil

    "Only if we meet them half-way." -- David Snowden (No relation to Edward)

    Randall Munroe (AKA XKCD) had a great take on AI chatbots: https://xkcd.com/948/

  20. Re:Sure. by fahrbot-bot · · Score: 1 · on Why Are We Spending Billions and Tons of Fossil Fuel On Search of Lost Planes?

    But what if the USB flash drives were somehow attached to a turtle that was trained to swim back to the nearest airport?

    Or sharks

  21. Your opinion means everything. To whom I dunno... by gavron · · Score: 0 · on Android Is 'Fair Use' As Google Beats Oracle In $9 Billion Lawsuit (arstechnica.com)

    Do you know why you're downvoted? If you don't, I'll tell you.
    You're a hater. You're a troll. You're an "imaginary property cop".

    You wrote:
    > I don't think they're covered under fair use.

    Thank you for your expert opinion. You are, of course, an expert in Copyright law? No?
    A lawyer versed in Copyright law? No?
    A judge who has presided over Copyright law cases? No?

    Oh. You're an Internet commentator. Well then:

    https://xkcd.com/386/

    Ehud

  22. Re:Books Deteriorate by Anonymous Coward · · Score: 0 · on Slashdot Asks: Should It Be Legal To Resell E-Books, Software, and Other Digital Goods? (arstechnica.co.uk)

    Books deteriorate, digital files do not.

    Obligatory xkcd

  23. Better than the alternatives by Anonymous Coward · · Score: 0 · on US Military Uses 8-Inch Floppy Disks To Coordinate Nuclear Force Operations (cnbc.com)

    I'd rather have a graybeard BOFH SysAdmin maintaining the code in assembler.
    https://xkcd.com/705/

  24. Re: If by Nocturna81 · · Score: 2 · on Microsoft May Ban Your Favorite Password (securityweek.com)

    Just leaving this here: https://xkcd.com/936/

  25. Re:Karma by RDW · · Score: 1 · on Researchers Teaching Robots To Feel and React To Pain (ieee.org)

    Well, it's better than Vista: https://xkcd.com/528/

  26. Re:Number of accounts matters as well by WallyL · · Score: 1 · on Elderly Use More Secure Passwords Than Millennials, Says Report (qz.com)

    For those of you who don't get it, here's the obligatory xkcd.

  27. Ballmer Peak Detector by Anonymous Coward · · Score: 0 · on Code Quality Predicted Using Biometrics (vice.com)

    In the zone!
    Obligatory XKCD link.

  28. Re:Can Nokia Bring Back The 7110? by CronoCloud · · Score: 1 · on Motorola's Legendary RAZR Flip Phone Is Making a Comeback (engadget.com)

    Time ghost:

    https://xkcd.com/1393/

    But it was the earlier Nokia 8110 that was in the Matrix, not the 7110, which came out in '99.

  29. Re:This is what happens... by ShanghaiBill · · Score: 2, Interesting · on Scientists Say Nuclear Fuel Pools Pose Safety, Health Risks (nbcnews.com)

    There is no perfect solution for storing nuclear waste, but for the next few decades, the pools are our best option from a technical perspective, and our only option from a political perspective. Despite the alarmism in TFA, the water cannot simply be "drained out" by, say, pulling a cork at the bottom of the pool. To drain a pool takes several days of pumping, which a terrorist would be unable to do. The water itself is not radioactive. Maintenance workers go into the pools with scuba equipment, and we know this is okay because Randall Monroe said it is safe.

    In the next few decades, we are likely to make a lot of progress in robots to handle radioactive materials much more inexpensively and more safely that we can do today. We are also likely to find uses for many of the isotopes, which will have economic value and no longer be considered "waste". A few decades hence, we will almost certainly be in a better position to make long term decisions about what to do with the spent fuel. In the meantime, the fuel rods are getting less and less radioactive every day.

  30. Re:Orwell called them .... by mrmagos · · Score: 1 · on AI Will Create 'Useless Class' Of Human, Predicts Bestselling Historian (theguardian.com)

    It is really endearing of Americans when they think they can use a few handguns to rise against an army having tanks, artillery and bombs.

    Don't forget the flying killer robots. The AI sure as hell won't.

  31. Re:I love the hypocrisy... by PvtVoid · · Score: 5, Funny · on India Records Its Hottest Day Ever As Temperature Hits 51C (123.8F) (theguardian.com)

    OB xkcd.

  32. Obligatory by Cristofori42 · · Score: 4, Funny · on Google Chrome To Disallow Backspace As a 'Back' Button (independent.co.uk)

    https://xkcd.com/1172/

  33. Re:For the Love of God... by mrchaotica · · Score: 3, Insightful · on Google Announces Allo, Duo, Stable Android N Preview, Instant Apps

    Obligatory XKCD.

    XMPP already exists. Coming up with something else would be actively harmful.

  34. Re:Wanted: N900 by Reaper9889 · · Score: 1 · on Nokia Announces Return To Smartphone, Tablet Markets (nokia.com)

    I think what you are saying sounds alot like this XKCD comic:

    https://xkcd.com/1497/

  35. Re:I'll stick with this random number generator by michelcolman · · Score: 1 · on Theoretical Breakthrough Made In Random Number Generation (threatpost.com)

    Or this one

  36. Re:Fly me to the mars by geantvert · · Score: 4, Informative · on ISS Completes 100,000th Orbit of Earth (phys.org)

    This XKCD picture explains it all in a very intuitive way: https://xkcd.com/681/

    The ISS is on the "low earth orbit" line in the detailed view of the Earth well (on the right).

    Using the same analogy, image that you are at the bottom a 100m deep well. It is should be easy for you to walk in circles for 1000m (so horizontally). However, to exit the well you have to GO UP for 100m. That's is a lot more difficult.
     

  37. Re:Most everybody else does it by Dutch+Gun · · Score: 1 · on Amazon To Sell Its Own Private-Label Groceries (techcrunch.com)

    When it comes to generics, reviews are pretty useless as the underlying supplier often changes.

    Yes, but they pretty much have the exact same formulations as the brands whose packaging they imitate.

    Also: relevant to this discussion...

  38. Re:i've been there.... by Zanadou · · Score: 1 · on Apple Says It Doesn't Know Why iTunes Users Are Losing Their Music Files (theverge.com)

    Probably not. Welcome to the new phenomena of what I call "lazy caps": all lower case-often with an occasional word written with a capital letter just to prove that their keyboard is indeed working.

    And not, it's not mobile device text entry: if anything, those thing auto-capitalize the beginning of sentences, at least. No, it's the I-can-touch-type-faster-then-I-think-stream-of-conscious-keyboard-diarrhoea-using-my-pinky-fingers-slows-me-down-fuck-I-gotta-do-this-quickly-someone-is-WRONG-on-the-internet folks. I'm noticing it a lot more in the last year or so-even more so here at Slashdot.

    (Yeah, I typed this all out with two fingers. ;) )

  39. Re:Change of opinion by ShanghaiBill · · Score: 3, Insightful · on Wikipedia Announces Their 10 Longest Featured Articles (wikimedia.org)

    If I want information on a free software project, Wikipedia is almost always a better source of information than the project's official website. Wikipedia will give an overview of the project, a short history, and list some applications. The project's home page will have the changelog, recent project news, and press releases, none of which is useful to a potential new user. Most software project websites are even worse than university websites.

  40. Re:"user permissions" != "full control" by Anonymous Coward · · Score: 0 · on Dangerous 7-Zip Vulnerabilities Flow To Top Security, Software Tools (theregister.co.uk)

    No one's responded with "obligatory xkcd" yet?

  41. Re:Not Totally Bad by AK+Marc · · Score: 1 · on Where Does America's E-Waste End Up? GPS Tracker Tells All (pbs.org)

    Remember employees making iphones killing themselves,

    Nope, because it was never a problem. The peak of suicides was close to the average suicide level in a US high school, and most of those complaining about the suicide rates in China (are in the US and) don't care about US high schools, so it can't be that bad.

    And the average suicide level of all those working for Foxconn in China is less than the suicide rate in the US. So based on the "suicide because of conditions" theory, the average person in the US has a lower quality of life than a Foxconn worker.

    Taking the suicide clusters and extrapolating is stupid. https://xkcd.com/605/

  42. Re:solve a small problem by Dutch+Gun · · Score: 1 · on 'I Know How To Program, But I Don't Know What To Program' (devdungeon.com)

    Damn... which comic to choose?

  43. Re:solve a small problem by Dutch+Gun · · Score: 1 · on 'I Know How To Program, But I Don't Know What To Program' (devdungeon.com)

    Damn... which comic to choose?

  44. Re:solve a small problem by Dutch+Gun · · Score: 1 · on 'I Know How To Program, But I Don't Know What To Program' (devdungeon.com)

    Damn... which comic to choose?

  45. Obligatory XKCD... by Anonymous Coward · · Score: 1 · on Renewables Fastest-Growing Energy Sources, Feds Say (computerworld.com)

    Fastest Growing

  46. Re:Of course by dpidcoe · · Score: 4, Funny · on Slashdot Asks: How Long Before Self-Driving Cars Become Mainstream?

    Obligatory XKCD: https://xkcd.com/678/

  47. Re:Hokum & Bunkum by neminem · · Score: 1 · on Researcher Writes A Machine Language For The Universe (typepad.com)

    No, it's clearly written in perl [/obligatory xkcd]

  48. Re:Too late by LWATCDR · · Score: 1 · on 11 Years After Git, BitKeeper Is Open-Sourced (phoronix.com)

    "The world has already moved on to Git which is essentially perfect nowadays."
    What????
    https://xkcd.com/1597/

  49. Re:Wrong way to go about it by SvnLyrBrto · · Score: 1 · on Security Expert Jailed For Reporting Vulnerabilities In Lee County, FL Elections (theregister.co.uk)

    Or you start a write-in campaign for Mr. Robert Drop Tables.

    Obligatory xkcd:
    https://xkcd.com/327/

  50. Obligatory XKCD... by sfsp · · Score: 1 · on Kobo Customers Losing Books From Their Libraries After Software Upgrade (teleread.com)

    https://xkcd.com/488/