post a news story when an authentication scheme which/doesn't/ invite users to type their usernames and passwords into dozens of random websites is broken.
The point of OpenID is that you *don't* type your password into dozens of random websites.
One that will always loop through the longest string (would need to figure out something to compare it to once past the end of the short string), even after it has decided they're not equal.
That seems like a silly idea to me. Why would you implement it in strcmp() when most of the time you want to maximize performance. The proper place to do this is not in strcmp but in the password verification routine. As noted above also, sleeping is a more efficient use of processor resources than performing non-important calculations.
The point isn't that it is hard to do... the point is that it isn't being done. The other point is that it wasn't being done because of the contention that the exploit was so unfeasible it wasn't worth it. The research demonstrates that the exploit is more feasible than people thought.
That comment there is insightful. This has nothing to do with passwords, it has to do with SSO keys. I was confused originally because OpenID says nothing about how systems store or verify passwords, so it wouldn't make sense to check in that manner.
It's also possible that we're hearing about it with Toyota's because of the initial media report. This could have led to many people who got into accidents in their Toyota's to go public with a report to try and shift the blame off of themselves and onto the car. Also, the media, knowing there is a hot Toyota story, was actively looking for these sorts of incidents and could have imposed a bias.
Meanwhile, the same things could have been happening in other cars (again, driver error) at the same rate but nobody really reported them because there wasn't already a story to piggyback on.
I am not on facebook and regularly get their creepy emails that say "Hello 'Real Name', 'A Friend' wants you to join" and "You may know these people on Facebook: ".
It is probably people you know that are causing those emails to be sent. You can try to add friends by email address. Doing so causes an email to be sent out to you to try and get you to sign up.
The fact that you receive multiples means one of two things - 1. Facebook doesn't store your email address and therefore doesn't know that somebody else has already tried to add you or 2. They do store your email address and don't care.
I'd probably guess 2.
Either way, Facebook in doing this is acting in some respects as a webmail client. Another user (one who holds an account) searches for you on Facebook by email. You are not found. They are given the option to send you an email to ask you to join Facebook.
Isn't there a spec for deleting data? Seems it would be a good selling feature and cheap to implement a system in the BIOS of all PCs and any device that has a hard drive a way to securely delete all data. This would make it much easier to get rid of old equipment without having to worry about what data is left.
But that will only tell you that the data actually did get stored and can be read. It will not tell you that the data actually got stored where you wanted it to get stored.
I could write something that would have a nice GUI interface that would allow you to select a location on the disk and write a 1 or 0 to it. It would also allow you to read from a selected location. As long as in my code I use a predictable mapping to a location somewhere on disk, the actual user has no way of knowing it is actually doing what the code says it is doing.
But car companies do sell subscriptions to things like onStar, where I think it is free for a year and then you have to pay monthly after that. Seems similar.
I still think it would suck to have to pay subscription fees for games, but then I don't game, so, *shrug*. Certainly lessens my view of Sony though.
From what I gather it is illegal in the UK at least to leave a running car unattended:
Regulation 107(2)(a). This states that no person shall cause or permit to be on any road any motor vehicle which is not attended by a person duly licensed to drive it unless the engine is stopped and the parking brake is effectively set. Exemptions to the requirements of this Regulation as to the stopping of the engine include a fire brigade vehicle, the engine of which is being used for any fire brigade purpose.
Plus if your car gets stolen while you are not in attendance and you left it running [with keys in the ignition or otherwise] the insurance companies will not pay.
Thanks
I wonder what would classify as a road? Generally, I would not consider a drive way or a parking lot to be a road.
As for your other point, do you have a citation? I mean, sure if you left the car open, but generally with car starters, the car doors are locked, and there are no keys in the ignition, which means that the steering column is locked (making it very difficult to drive). Would seem to me there is no difference in terms of being easier or harder to steal (correct me if I'm wrong).
All that being said, I have no plans to install a car starter in my vehicle because I think it is unnecessary and wasteful (and I do live in a climate where the weather gets cold in the winter and I do have small children).
Slashdot Mirror
post a news story when an authentication scheme which /doesn't/ invite users to type their usernames and passwords into dozens of random websites is broken.
The point of OpenID is that you *don't* type your password into dozens of random websites.
One that will always loop through the longest string (would need to figure out something to compare it to once past the end of the short string), even after it has decided they're not equal.
That seems like a silly idea to me. Why would you implement it in strcmp() when most of the time you want to maximize performance. The proper place to do this is not in strcmp but in the password verification routine. As noted above also, sleeping is a more efficient use of processor resources than performing non-important calculations.
The point isn't that it is hard to do... the point is that it isn't being done. The other point is that it wasn't being done because of the contention that the exploit was so unfeasible it wasn't worth it. The research demonstrates that the exploit is more feasible than people thought.
http://www.computerworld.com/comments/node/9179224#comment-588733
That comment there is insightful. This has nothing to do with passwords, it has to do with SSO keys. I was confused originally because OpenID says nothing about how systems store or verify passwords, so it wouldn't make sense to check in that manner.
It's also possible that we're hearing about it with Toyota's because of the initial media report. This could have led to many people who got into accidents in their Toyota's to go public with a report to try and shift the blame off of themselves and onto the car. Also, the media, knowing there is a hot Toyota story, was actively looking for these sorts of incidents and could have imposed a bias.
Meanwhile, the same things could have been happening in other cars (again, driver error) at the same rate but nobody really reported them because there wasn't already a story to piggyback on.
I am not on facebook and regularly get their creepy emails that say "Hello 'Real Name', 'A Friend' wants you to join" and "You may know these people on Facebook: ".
It is probably people you know that are causing those emails to be sent. You can try to add friends by email address. Doing so causes an email to be sent out to you to try and get you to sign up.
The fact that you receive multiples means one of two things - 1. Facebook doesn't store your email address and therefore doesn't know that somebody else has already tried to add you or 2. They do store your email address and don't care.
I'd probably guess 2.
Either way, Facebook in doing this is acting in some respects as a webmail client. Another user (one who holds an account) searches for you on Facebook by email. You are not found. They are given the option to send you an email to ask you to join Facebook.
http://news.cnet.com/8301-1035_3-10274953-94.html
Looks like industry is moving in that direction. I thought Mini USB was going to win out but looks like Micro USB is the future.
Apple store != amazon.com
Facebook Applications seem to have access to all sorts of data, so couuldn't one write an application that did a data export?
Isn't there a spec for deleting data? Seems it would be a good selling feature and cheap to implement a system in the BIOS of all PCs and any device that has a hard drive a way to securely delete all data. This would make it much easier to get rid of old equipment without having to worry about what data is left.
http://www.post-gazette.com/pg/10104/1050455-100.stm
That's odd... I always though a gigabyte was 10^9. 10^5 seems like a really odd number for that sort of thing.
Yeah... because YoctoNewton is a unit that appears in general press all the time.
But that will only tell you that the data actually did get stored and can be read. It will not tell you that the data actually got stored where you wanted it to get stored.
I could write something that would have a nice GUI interface that would allow you to select a location on the disk and write a 1 or 0 to it. It would also allow you to read from a selected location. As long as in my code I use a predictable mapping to a location somewhere on disk, the actual user has no way of knowing it is actually doing what the code says it is doing.
Then the question becomes... how do you know it worked?
But car companies do sell subscriptions to things like onStar, where I think it is free for a year and then you have to pay monthly after that. Seems similar.
I still think it would suck to have to pay subscription fees for games, but then I don't game, so, *shrug*. Certainly lessens my view of Sony though.
I thought the iTampon was the name of the coming wearable computer.
Sorry... had to...
whhhooooooooooossssshhhhhhh
I thought mountain cable was bought out by shaw?
There is Source Cable as well though, although they are really small.
The end of the day, in any given area, there is only one selection for cable providers unless you go Satellite (which isn't cable).
Ahhh... interesting. Had not heard of such a thing (so maybe that answers your question?)
I think the implication was that his drive wasn't mindless or boring because he had company and music. *Shrug*
http://en.wikipedia.org/wiki/Block_heater
Probably somewhat rare in the US. Not common where I live in Canada, but frequently used in areas further north.
From what I gather it is illegal in the UK at least to leave a running car unattended:
Regulation 107(2)(a). This states that no person shall cause or permit to be on any road any motor vehicle which is not attended by a person duly licensed to drive it unless the engine is stopped and the parking brake is effectively set. Exemptions to the requirements of this Regulation as to the stopping of the engine include a fire brigade vehicle, the engine of which is being used for any fire brigade purpose.
Plus if your car gets stolen while you are not in attendance and you left it running [with keys in the ignition or otherwise] the insurance companies will not pay.
Thanks
I wonder what would classify as a road? Generally, I would not consider a drive way or a parking lot to be a road.
As for your other point, do you have a citation? I mean, sure if you left the car open, but generally with car starters, the car doors are locked, and there are no keys in the ignition, which means that the steering column is locked (making it very difficult to drive). Would seem to me there is no difference in terms of being easier or harder to steal (correct me if I'm wrong).
All that being said, I have no plans to install a car starter in my vehicle because I think it is unnecessary and wasteful (and I do live in a climate where the weather gets cold in the winter and I do have small children).
Because going through turnstiles with luggage sucks.
I have a friend that snuck into Estonia by going through the exit. Had an interesting time explaining on the way out how he got in :)