The Computing At School Working Group (CAS) is a grass roots organisation that aims to promote the teaching of Computing at school. CAS is a collaborative partner with the BCS through the BCS Academy of Computing, and has formal support from other industry partners.
They are dedicated to finding and sharing the best ways to teach IT to the young(er) generations, and they have a proven track-record with great results.
I am not affiliated with them; but I use their website and material for my own children, because nothing better is available to me locally.
You can join their online Educators Community here:
Sounds like you need a simple mechanism for unique passwords. I have a suggestion for you to consider.
Personally - I "salt" a standard password with the name of the website: the first initial of each of the words in a site's name for example. If my 'standard' password was for example "Aware20130530ness", and I was signing up for slashdot, I can simply add the letters to the start of the password, resulting in "sdAware20130530ness"
Right, clever boy, and now that you have revealed this, it will be trivial for any cracker to include this pattern in their decryption script... if it isn't already there (which is not impossible at all). Commonly used patterns such as the one you describe can be identified mathematically and easily applied to the decryption process. The added work of even 100 patterns absolutely pales in comparison to real brute-force, so you should expect crackers to get past your "salt" real easy.
Making patterns like yours from the name of the website, or information in the usertable, is standard operating procedure when cracking.
Stop doing it. It does little to help you. At the very least you should use a pattern containing characters not present in the website name, and not present in your user properties on the site in question.
Doh! Because if your password is "secure" it can't easily be decrypted in the exact scenario described here?:-)
All the weak passwords are the ones to fall first. If you used something along the lines of "sFr95y/Gfd0w2_z+3xnMCIr4yl,cdjEO" (and perhaps a password manager to keep track of it) this particular story wouldn't really matter to you at all...;-)
Please provide actual technical details that make sense so that there's a reason to invest in your hysteria.
From a technical standpoint he is totally correct, so what "hysteria" would that be exactly?
Salting does little other than prevent mass-cracking on large lists of userdata. So if someone takes the Drupal.org userlist and targets a few (2-5) individuals, rather than attempting to decrypt all passwords, the salt will have very little impact.
Calling this simple fact "hysteria" only makes your ignorance on the subject more clear - said with all possible respect and no trolling intended.
While current phpass implementations support bcrypt it has not always been so, and the framework support many different methods.
The article doesn't admit which method was used (suggesting they're not proud of their choice perhaps?). Does anyone know what method was used?
The articles at Ars mentioned by multiple./ers here, were based on MD5 (which is totally unsuitable for passwords btw). So don't panic until the method used by drupal.org has been revealed.
Alienware has a history of offering both AMD and nVidia graphics for its models. It will only be a matter of time before they will offer this as an option in their notebook models.
The 8970M option is likely to appear in their Haswell-generation of notebooks expected this summer, and a dual-8970M (crossfire) is likely in their next M18x model.
With both a CPU and GPU change, i'll be holding my purchase until later this year.
Stuck with a norma-human-being-Lenovo in the mean time. Ouch:-(
Thanks for reaching out through the campaign; but IndieGoGo does not share any other information with your message so I am unable to get in touch with you. Please mail me on the contact address now listed in the campaign description.:-)
If you have access to a 3D printer, or are a 3D artist able to make the modelling involved, please get in touch with me through the IndieGoGo campaign.
If you feel you are in a position to make busts like the ones you describe, we could easily make them a Perk in the campaign and compensate you for making them. :-)
A statue for doing one's job? Where's the fundraiser for my statue?
Not quite. He went well beyond his duties (in the best possible sense). He could have simply shut the case down at an earlier point, collected his regular pay, and proceed to the next case. Instead this judge decided to use extra time and resources to do "the right thing" - as opposed to just his job.
The link he provided shows what enormous energy it takes to lift stuff into space. It speaks nothing of price; only thrust and energy.
The actual dollar-price, and your comparison to hollywood movies, is totally irrelevant. The important thing to learn from the NASA article, is the consumption of energy. That translates into pollution - a lot of it!
Moron. Just think about it for a minute, take a long term view...
Without the commercialization of space we are all doomed to live and die on earth, with the commercialization of space the stars are within our long term reach.
I as a child I read Arthur C Clarke's 'the next 50 years in space' and if I remember correctly, by now we should have colonies on both the Moon and Mars. Then I remember reading about project Orion, which would give us the ability to lift entire orbitals into space. But of course budget cuts and 'it's not green' saw an end to my childhood dreams.
Then I look at 'greenies' like you, and I despair. You want to keep the kindergarten neat and tidy, and can't see any further than that.
Nice. Calling people "moron" but posting as AC? Won't stand by your words, eh? What a brave person you are!
If you're not just trolling, but actually think I look no further than my childrens kindergarten, then I pity you. You must have a very narrow perception of other people.
I have no objecting to commercializing space. I have objections to doing it in ways which will doom the planet - or at least significantly hamper future generations ability to live a proper life. We simple do not have the right to destroy the planet - period.
You speak of long term views, yet you are hopelessly shortsighted. You propose commercializing space with current engine technology at a cost which is obviously way too high.
I disagree. While there is plenty to be done in other areas, as you correctly point out, this does not translate into allowing a small isolated (and filthy-rich) group of people to pollute as much as several thousands "normal citizens". It is simply ethically and mortally objectionable.
They should be forced to pay the full true cost of their environmental impact - or be banned from doing it at all.
Screwing up the planet for science is one thing. Screwing it up just because they have the money to get a very expensive thrill is another.
In a world of climate change and rising temperatures I can't help but wonder: What is the carbon/energy footprint of a single ticket? To speak nothing of the total impact if this "business"? It look to me like Virgin Galactic and its customers are likely to be the absolute worst polluters on the planet...
Would they be so eager to go into space for fun if they had to pay the actual environmental cost as well? Allowing it for science is one thing... doing it solely for entertainment is another!
If I had the money to spend, sure thing. Any geek would.
Problem is... I don't have the money to spend. Not even if I sell my house. And I suspect most geeks don't either. The question is, to be a bit blunt, rather stupid.
I presume Virgin will find plenty of people willing to spend 200K on a week-long orbital vacation (probably not too many geeks) but less people with the actual cash in hand.
All sort of things which are not accepted as payment are taxed. Things like financial bonds and potatoes for example - they are taxed in different ways, but not accepted as "payment" anywhere.
[Item eligeble for collecting taxes] != [valid currency for payment]
The only newsworthy in this, is the fact that the authorities are looking into BitCoin transactions, thereby raising BitCoins legitimacy in the playingfield.
Pretty much every country on the planet taxes both capitol gains and bartering. In fact, one may wonder what took the authorities so long...
Slashdot Mirror
Take the time to visit non-profit organization Computing At School.
Their own description of themselves is:
The Computing At School Working Group (CAS) is a grass roots organisation that aims to promote the teaching of Computing at school. CAS is a collaborative partner with the BCS through the BCS Academy of Computing, and has formal support from other industry partners.
They are dedicated to finding and sharing the best ways to teach IT to the young(er) generations, and they have a proven track-record with great results.
I am not affiliated with them; but I use their website and material for my own children, because nothing better is available to me locally.
You can join their online Educators Community here:
http://community.computingatschool.org.uk/door
- Jesper
Sounds like you need a simple mechanism for unique passwords. I have a suggestion for you to consider.
Personally - I "salt" a standard password with the name of the website: the first initial of each of the words in a site's name for example. If my 'standard' password was for example "Aware20130530ness", and I was signing up for slashdot, I can simply add the letters to the start of the password, resulting in "sdAware20130530ness"
Right, clever boy, and now that you have revealed this, it will be trivial for any cracker to include this pattern in their decryption script ... if it isn't already there (which is not impossible at all). Commonly used patterns such as the one you describe can be identified mathematically and easily applied to the decryption process. The added work of even 100 patterns absolutely pales in comparison to real brute-force, so you should expect crackers to get past your "salt" real easy.
Making patterns like yours from the name of the website, or information in the usertable, is standard operating procedure when cracking.
Stop doing it. It does little to help you. At the very least you should use a pattern containing characters not present in the website name, and not present in your user properties on the site in question.
- Jesper
Big surprise... you know because Drupal is known for their excellent securely written software. ;)
Big surprise ... you know because you really didn't RTFA.
The problem was in a 3rd party module and is absolutely unrelated to the Drupal codebase itself.
Trolling failed! ;-)
- Jesper
why I need to pick a "secure password" again?
Doh! Because if your password is "secure" it can't easily be decrypted in the exact scenario described here? :-)
All the weak passwords are the ones to fall first. If you used something along the lines of "sFr95y/Gfd0w2_z+3xnMCIr4yl,cdjEO" (and perhaps a password manager to keep track of it) this particular story wouldn't really matter to you at all... ;-)
- Jesper
Anyone else sick to death of Drupal-related security issues?
Trolling as AC ... and making it clear you really didn't RTFA ... ;-)
The breach was in a 3rd party module installed on the servers, and is totally unrelated to the Drupal codebase.
Trolling fail! :-)
Please provide actual technical details that make sense so that there's a reason to invest in your hysteria.
From a technical standpoint he is totally correct, so what "hysteria" would that be exactly?
Salting does little other than prevent mass-cracking on large lists of userdata. So if someone takes the Drupal.org userlist and targets a few (2-5) individuals, rather than attempting to decrypt all passwords, the salt will have very little impact.
Calling this simple fact "hysteria" only makes your ignorance on the subject more clear - said with all possible respect and no trolling intended.
- Jesper
While current phpass implementations support bcrypt it has not always been so, and the framework support many different methods.
The article doesn't admit which method was used (suggesting they're not proud of their choice perhaps?). Does anyone know what method was used?
The articles at Ars mentioned by multiple ./ers here, were based on MD5 (which is totally unsuitable for passwords btw). So don't panic until the method used by drupal.org has been revealed.
- Jesper
Alienware has a history of offering both AMD and nVidia graphics for its models. It will only be a matter of time before they will offer this as an option in their notebook models.
The 8970M option is likely to appear in their Haswell-generation of notebooks expected this summer, and a dual-8970M (crossfire) is likely in their next M18x model.
With both a CPU and GPU change, i'll be holding my purchase until later this year.
Stuck with a norma-human-being-Lenovo in the mean time. Ouch :-(
- Jesper
I made a /. journal entry on it. Let us see how far we can make this thing go... :-)
The Death of Prenda as a Statue
(Disclosure: I am the author of it)
- Jesper
Is a Statue geek appeal enough for you?
If yes, check this journal entry: The Death of Prenda as a Statue
(Disclosure: I am the author of it)
- Jesper
Perhaps your support to the Judge Wright Statue can act as imaginary beating? ;-)
Thanks for reaching out through the campaign; but IndieGoGo does not share any other information with your message so I am unable to get in touch with you. Please mail me on the contact address now listed in the campaign description. :-)
- Jesper
I don't know. I actually expected IndieGoGo to have a proper procedure for contacting the owner of a campaign.
Since that does not seem to be the case, please write to: wrightfundraiser@conceptfactory.dk
I have updated the campaign description to include this email for contact information.
If you have access to a 3D printer, or are a 3D artist able to make the modelling involved, please get in touch with me through the IndieGoGo campaign.
If you feel you are in a position to make busts like the ones you describe, we could easily make them a Perk in the campaign and compensate you for making them.
:-)
- Jesper
Actually I was thinking more along the lines of Q's robe (at Picard's/Humanity's trial) ... ;-)
A statue for doing one's job? Where's the fundraiser for my statue?
Not quite. He went well beyond his duties (in the best possible sense). He could have simply shut the case down at an earlier point, collected his regular pay, and proceed to the next case. Instead this judge decided to use extra time and resources to do "the right thing" - as opposed to just his job.
In sutiations like these, everybody always talk about how cool it would be to "do something". Several people have already mentioned a statue.
Well here goes: The unofficial Otis D. Wright Statue Fundraiser
http://www.indiegogo.com/projects/the-unofficial-otis-d-wright-ii-statue-fundraiser
Go throw a buck or five at Judge Wright. Show the world that your respect for this man reaches further that a simple forum-post :-)
- Jesper
Here is the official filing:
http://www.scribd.com/doc/139843902/Prenda-Sanctions-Order
First lines:
“The needs of the many outweigh the needs of the few.” —Spock,
Star Trek II: The Wrath of Khan
(1982).
Somebody should make a status of this judge. Preferably 3D printed and with references to popular SciFi universes. He deserves no less. :-)
- Jesper
Surely you are joking?
The link he provided shows what enormous energy it takes to lift stuff into space. It speaks nothing of price; only thrust and energy.
The actual dollar-price, and your comparison to hollywood movies, is totally irrelevant. The important thing to learn from the NASA article, is the consumption of energy. That translates into pollution - a lot of it!
- Jesper
Moron. Just think about it for a minute, take a long term view...
Without the commercialization of space we are all doomed to live and die on earth, with the commercialization of space the stars are within our long term reach.
I as a child I read Arthur C Clarke's 'the next 50 years in space' and if I remember correctly, by now we should have colonies on both the Moon and Mars. Then I remember reading about project Orion, which would give us the ability to lift entire orbitals into space. But of course budget cuts and 'it's not green' saw an end to my childhood dreams.
Then I look at 'greenies' like you, and I despair. You want to keep the kindergarten neat and tidy, and can't see any further than that.
Nice. Calling people "moron" but posting as AC? Won't stand by your words, eh? What a brave person you are!
If you're not just trolling, but actually think I look no further than my childrens kindergarten, then I pity you. You must have a very narrow perception of other people.
I have no objecting to commercializing space. I have objections to doing it in ways which will doom the planet - or at least significantly hamper future generations ability to live a proper life. We simple do not have the right to destroy the planet - period.
You speak of long term views, yet you are hopelessly shortsighted. You propose commercializing space with current engine technology at a cost which is obviously way too high.
- Jesper
I disagree. While there is plenty to be done in other areas, as you correctly point out, this does not translate into allowing a small isolated (and filthy-rich) group of people to pollute as much as several thousands "normal citizens". It is simply ethically and mortally objectionable.
They should be forced to pay the full true cost of their environmental impact - or be banned from doing it at all.
Screwing up the planet for science is one thing. Screwing it up just because they have the money to get a very expensive thrill is another.
- Jesper
In a world of climate change and rising temperatures I can't help but wonder: What is the carbon/energy footprint of a single ticket? To speak nothing of the total impact if this "business"? It look to me like Virgin Galactic and its customers are likely to be the absolute worst polluters on the planet ...
Would they be so eager to go into space for fun if they had to pay the actual environmental cost as well? Allowing it for science is one thing ... doing it solely for entertainment is another!
- Jesper
If I had the money to spend, sure thing. Any geek would.
Problem is ... I don't have the money to spend. Not even if I sell my house. And I suspect most geeks don't either. The question is, to be a bit blunt, rather stupid.
I presume Virgin will find plenty of people willing to spend 200K on a week-long orbital vacation (probably not too many geeks) but less people with the actual cash in hand.
[willing to spend] != [able to spend]
- Jesper
LOL ... ahemm ... no?
All sort of things which are not accepted as payment are taxed. Things like financial bonds and potatoes for example - they are taxed in different ways, but not accepted as "payment" anywhere.
[Item eligeble for collecting taxes] != [valid currency for payment]
- Jesper
The only newsworthy in this, is the fact that the authorities are looking into BitCoin transactions, thereby raising BitCoins legitimacy in the playingfield.
Pretty much every country on the planet taxes both capitol gains and bartering. In fact, one may wonder what took the authorities so long ...
- Jesper