No. But then again, firefox has a show stopping html5 audio bug, which renders it useless for probably most applications. It doesn't respect the preload="none" or depreciated autobuffer attributes. If you have a long list of OGG, such as a playlist, FF will hammer your server until it gets a header for each one.
Case study:, people trying to increase security be doing odd things such as first hashing with SHA1, then MD5, and many, many strange combinations. None of which actually improve security. Not even security though obscurity, but obscurity though spaghettification.
Bottom line: Stop torturing that weak hash algorithm. Feed a strong key into a strong hash.
What utter, utter nonsense. You don't iterate a hash function. That's just cryptographic hand waving. Pick a hash function that has not been broken with respect to password storage, then use a longer password, or key.
HMAC is for message authentication codes. You do, in fact just use string concatenation for adding salt. NO HMAC, NO XORing, NO interleaving, JUST concatenation. Anything else is yet more cryptographic hand waving.
I'm glad you did. I read slashdot by quickly skimming the comments for "the answer". There is always just one, and in this case you posted it. I can then bail, like in this case, or RTFA and more comments.
Stories about patents are the worst, since the inflammatory headline almost never match what the patent application is really about. The comments quickly fill with 70% "don't understand the patent system", and 29% "Took the headline at face value".
Advertising and micro-payments are not mutually exclusive.
Examples: You buy a game (macro-payment) and the greedy developer still shoehorns in obnoxious adverts, even patching them in after release. You pay for subscription TV which also comes loaded with ads.
If you wish micropayments will replace ads, you'll get both.
What's important is the counter measure. Here is something for the US border patrol to bear in mind:
When faced with enemy trebuchets, cavalry work best due to their high speed and good damage. A small group of Knights make short work of a group of trebuchets. Cavalry archers also work well, especially the Mongol Mangudai due to its bonus damage vs. siege units. Infantry and foot archers are also acceptable but are less desirable due to their lack of speed; this weakness allows the user to spot them early and respond to the situation by unpacking the trebuchets and/or retaliating with an army of his/her own.
you can't crash a plane into a reactor under the ocean.
Did you ever see that footage of a test jet crashing into a containment building? There wasn't a scratch on the concrete, but the plane was pulverised into fine dust.
In 1986, windows was suffering from a virus infestation, a man dressed in business/casual with glasses and a stethoscope appeared, claiming to be a virus scanner. He promised the users a solution for their problem with the malware. The users in turn promised to pay him $29.99 a month for the removal. The man accepted, and played a musical pipe to lure the viruses onto a 5.25" floppy, where all of them quarantined.
Despite his success, the users reneged on their promise, and did a charge-back on their credit cards. The man left the town angrily, but vowed to return some time later, seeking revenge.
On talk like a pirate day, while the users were in McDonalds, he played his pipe yet again, dressed in lycra, this time attracting the data and core DLLs. One hundred and thirty files followed him out of c:/windows, where they were lured into a recycle bin and never seen again.
Pure calculations take fractions of ms. Building a DOM fragment in memory takes ms. Splicing the new fragment and redrawing, takes hundreds of ms. Ajax requests are obviously instantaneous... no wait, I mean thousands of ms.
For whizz bang ajax sites, the bottle neck probably isn't in your Javascript.
Slashdot Mirror
No.
But then again, firefox has a show stopping html5 audio bug, which renders it useless for probably most applications.
It doesn't respect the preload="none" or depreciated autobuffer attributes. If you have a long list of OGG, such as a playlist, FF will hammer your server until it gets a header for each one.
If you're not using encryption to protect evidence more incriminating that the mere use of encryption itself, you need to up your game.
But who will get the 1st suicide?
I guess I made a "hash" of making my point.
Case study:, people trying to increase security be doing odd things such as first hashing with SHA1, then MD5, and many, many strange combinations. None of which actually improve security.
Not even security though obscurity, but obscurity though spaghettification.
Bottom line: Stop torturing that weak hash algorithm. Feed a strong key into a strong hash.
The point basically was, use a stronger key in the first place, rather than layering on key strengthening techniques.
(Whoops, copy pasted link from wrong tab)
What utter, utter nonsense.
You don't iterate a hash function. That's just cryptographic hand waving. Pick a hash function that has not been broken with respect to password storage, then use a longer password, or key.
HMAC is for message authentication codes. You do, in fact just use string concatenation for adding salt.
NO HMAC, NO XORing, NO interleaving, JUST concatenation. Anything else is yet more cryptographic hand waving.
This one is $1.99
Do you find the windows tax equally easy to ignore?
I'm glad you did. I read slashdot by quickly skimming the comments for "the answer". There is always just one, and in this case you posted it.
I can then bail, like in this case, or RTFA and more comments.
Stories about patents are the worst, since the inflammatory headline almost never match what the patent application is really about. The comments quickly fill with 70% "don't understand the patent system", and 29% "Took the headline at face value".
Great. Clog up the exit nodes of I2P and TOR so that users with a real political need can't access the web.
At least get a VPN that terminates in Scandinavia.
This is prohibition 2.0
Smiting the random, in an attempt to hold back the tide.
Porn wants to be free.
I'm so fucking glad we can abandon the libre web platform, and develop for a DRM based platform, and a 3rd party to veto your creation.
I don't think that's Chrome specific. I use FF, and the slashdot login process is rather hit and miss lately.
That 7 MHz 68000 CPU rendered a lot faster than my quad core Phenom does today.
Well actually that was footage from the movie Independence Day, but the real laser would be a lot like that. Yeah. scary.
Advertising and micro-payments are not mutually exclusive.
Examples:
You buy a game (macro-payment) and the greedy developer still shoehorns in obnoxious adverts, even patching them in after release.
You pay for subscription TV which also comes loaded with ads.
If you wish micropayments will replace ads, you'll get both.
Freedom isn't free.
Freedom is definitely not ad supported.
What's important is the counter measure. Here is something for the US border patrol to bear in mind:
When faced with enemy trebuchets, cavalry work best due to their high speed and good damage. A small group of Knights make short work of a group of trebuchets. Cavalry archers also work well, especially the Mongol Mangudai due to its bonus damage vs. siege units. Infantry and foot archers are also acceptable but are less desirable due to their lack of speed; this weakness allows the user to spot them early and respond to the situation by unpacking the trebuchets and/or retaliating with an army of his/her own.
you can't crash a plane into a reactor under the ocean.
Did you ever see that footage of a test jet crashing into a containment building?
There wasn't a scratch on the concrete, but the plane was pulverised into fine dust.
In 1986, windows was suffering from a virus infestation, a man dressed in business/casual with glasses and a stethoscope appeared, claiming to be a virus scanner. He promised the users a solution for their problem with the malware.
The users in turn promised to pay him $29.99 a month for the removal. The man accepted, and played a musical pipe to lure the viruses onto a 5.25" floppy, where all of them quarantined.
Despite his success, the users reneged on their promise, and did a charge-back on their credit cards. The man left the town angrily, but vowed to return some time later, seeking revenge.
On talk like a pirate day, while the users were in McDonalds, he played his pipe yet again, dressed in lycra, this time attracting the data and core DLLs. One hundred and thirty files followed him out of c:/windows, where they were lured into a recycle bin and never seen again.
Attack toolkits are about as scary as game toolkits are to EA/Ubisoft/Activision.
Firebug has a nice profiler.
Pure calculations take fractions of ms. ... no wait, I mean thousands of ms.
Building a DOM fragment in memory takes ms.
Splicing the new fragment and redrawing, takes hundreds of ms.
Ajax requests are obviously instantaneous
For whizz bang ajax sites, the bottle neck probably isn't in your Javascript.
Javascript speed is a strange thing to compete so fiercely on. I don't want to calculate fast fourier transforms in my browser.
Heavy DOM manipulation, and the subsequent redraw is where browsers really hit the wall. Opera seemed to be fastest last time I benchmarked.