Look, its my body and I had understood this to be a free country where rational adults could make grown-up decisions about what to eat without the consent and blessing of brilliant government intellectuals.
What someone "thinks" I should be eating should really not even enter the equation.
SHA is hashing, AES is encryption. If you submit the hashed username, the server can look up what the encrypted password is. If you supply the hashed username + password, the server will be able to decrypt that password.
If you use AES-256, your output size will be 32 bytes. As long as your password is shorter than that, you will be fine, and even if not the most the attacker will know is whether your password length is more or less than 32 bytes.
Whats wrong with encrypting passwords? Are you just objecting to the specific case where no salt (technically nonce) is used and a single encryption key is used for all accounts?
What if they stored it as such-- SHA1(Username):: AES(password, sha1(password+username))
Id be interested to see why thats fundamentally weaker than hashing; it certainly can be more useful (such as when you want to use the password as a key for other data without ever having to pass it over the wire).
Encrypting a password doesnt have to be an issue, if you use the password hash + username as the key for encrypting the password. There could be reasons to do it that way, and AFAICT it would be functionally identical to hashing with salt-- in either case a weak password would fall to brute-force, in either case you need to crack the passwords one at a time (due to the "salt").
The benefit of doing so is for instance if you wanted to encrypt user data with a key without giving said key to the vendor (adobe): they would use your password as the data encryption key, and encrypt the password itself with the password hash. You never need to transmit your password plaintext, and noone could decrypt your password without knowing it. It also allows you to change your logon password without having to re-encrypt all of your data.
AFAIK what matters isnt "encryption vs hashing", its "are they salting, and are they using per-user keys".
Building cost is not that significant. I can rent a 3-BR 1400 sq ft apt for $15000 / year in Northern Va, which is enough for 3 adults. If you were to itemize the cost for building, it would probably be like $1k for the student.
Teacher cost IS a lot of the problem, in all honesty. You cant even cry "it improves performance" because there tends to be very little link between costs and performance (as evidenced by this-- average parents are getting their kids to 85th percentile with no educational training).
But if you think about it, the home schooler has the advantage of a very low teacher/pupil ratio (1:1? 1:2?) and a dedicated comfortable classroom (the home)
Of course, thats a lot of it. The general point is that homeschooling is quite good though, in contradiction to the claims that theyre all ignorant.
Id note that if you're valuing the parent's skills at teaching at ~$8000 / pupil = ~$160,000 salary for a classroom, that doesnt say much for the state of public school teachers.
Regardless of how old they believe the earth to be, statistics generally support that they will score far higher in math, reading, etc than the public or even privately schooled students.
Every graph you will find on the topic will show, in order of performance, Public Schools Private schools Homeschools / Catholic schools (I forget which performs best)
This one is a goodie-- its in a peer reviewed journal, shows the full demographic breakdown, and indicates that 65% of homeschool families in 2007-2008 spent less than $900 on schooling (compared to the average $9000/pupil in public schools)-- a full quarter spent only $200-400. It also indicates that in all tests the students on average achieved 84th and above percentile. http://contentcat.fhsu.edu/cdm/compoundobject/collection/p15732coll4/id/456 (pick "Academic achievement and.....")
If you need more, you should really just google "homeschool achievement". This isnt even news, youre just trolling at this point.
People will do bad things. Responses to this tend to fall on a spectrum between "accept that a free society has bad actors" and "Set up a police state, and know what everyone is doing at all times".
The thing is, the police can be bad actors too. At least arming individuals makes the "bad actor" have to consider whether his actions could endanger his own safety.
How many planes fly every day? How many flights, on average, between plane hijackings?
Also, do you think the police would keep you safe from a man walking down the street with a bomb? But then, you dont generally worry about THAT, do you?
PS: The answers are ~90,000 domestic flights, and ~1400 days between hijacking attempts on US flights. 6 successful and unsuccessful plane hijackings in the last 23 years for the US = Once every 1400 days = Once every 125 million flights. Is this really something that concerns you?
Contrary to the claim, crashplan doesnt require 24/7 power on. The initial seed does, after that it does incrementals daily (for the free version) which generally will happen whenever they need to. If theyre scheduled for 3am and your computer misses the schedule, it will simply postpone till the next time things are on.
If you pony up for one of their paid versions (CP+, Pro, or ProE), you get backups every 15 minutes of tiny deltas.
There may be other solutions, but you may want to take a deeper look at crashplan.
Thats not correct. RIM routes data, but that data is encrypted end-to-end with keys that RIM never possesses. Each device has its own key, which only the BES has access to.
All of this is moot, as I understand the latest blackberries use ActiveSync, not BES.
Slashdot Mirror
Should we not ban something that is directly linked to an increased risk in heart disease
No, because thats really noones business but my own.
And before anyone drags health insurance into the discussion, thats exactly why so many people objected to the government butting into that area.
Look, its my body and I had understood this to be a free country where rational adults could make grown-up decisions about what to eat without the consent and blessing of brilliant government intellectuals.
What someone "thinks" I should be eating should really not even enter the equation.
How do you blame people when they are intentionally mislead, uninformed, and outright lied too
You stop treating them like helpless children, for one. Theyre adults, they should be able to figure this stuff out.
The difference is, the fighters are hugely complex and bleeding edge. A website is pretty old hat in 2013.
I think youre wrong about the no outrage thing tho, its just been beaten to death.
Things can be done securely online, but he was making a joke and everyone here fails for ruining it.
At least you have the strawman angle covered so we dont have to worry about THAT.
$150million or whatever it cost for a broken website is hardly a bargain.
SHA is hashing, AES is encryption.
If you submit the hashed username, the server can look up what the encrypted password is. If you supply the hashed username + password, the server will be able to decrypt that password.
Re-check what I wrote.
If you use AES-256, your output size will be 32 bytes. As long as your password is shorter than that, you will be fine, and even if not the most the attacker will know is whether your password length is more or less than 32 bytes.
Not much of a leak.
SHA-2, aka SHA256 or SHA512.
http://en.wikipedia.org/wiki/SHA-2
The more you know....
While poor practice as if the encryption key can be recovered _everyones_ password is now released
That ONLY follows if they are using the same key for everyone. That does not have to be the case.
Whats wrong with encrypting passwords? Are you just objecting to the specific case where no salt (technically nonce) is used and a single encryption key is used for all accounts?
What if they stored it as such-- :: AES(password, sha1(password+username))
SHA1(Username)
Id be interested to see why thats fundamentally weaker than hashing; it certainly can be more useful (such as when you want to use the password as a key for other data without ever having to pass it over the wire).
Encrypting a password doesnt have to be an issue, if you use the password hash + username as the key for encrypting the password. There could be reasons to do it that way, and AFAICT it would be functionally identical to hashing with salt-- in either case a weak password would fall to brute-force, in either case you need to crack the passwords one at a time (due to the "salt").
The benefit of doing so is for instance if you wanted to encrypt user data with a key without giving said key to the vendor (adobe): they would use your password as the data encryption key, and encrypt the password itself with the password hash. You never need to transmit your password plaintext, and noone could decrypt your password without knowing it. It also allows you to change your logon password without having to re-encrypt all of your data.
AFAIK what matters isnt "encryption vs hashing", its "are they salting, and are they using per-user keys".
State tests.
they still think the earth is 6000 years old and was made in 6 days.
Why do you care? Theyre scoring higher on state-issued tests, theyre going to good schools, and theyre not costing the taxpayer a dime.
And yet they score in the 85th percentile. Laugh away.
Building cost is not that significant. I can rent a 3-BR 1400 sq ft apt for $15000 / year in Northern Va, which is enough for 3 adults. If you were to itemize the cost for building, it would probably be like $1k for the student.
Teacher cost IS a lot of the problem, in all honesty. You cant even cry "it improves performance" because there tends to be very little link between costs and performance (as evidenced by this-- average parents are getting their kids to 85th percentile with no educational training).
But if you think about it, the home schooler has the advantage of a very low teacher/pupil ratio (1:1? 1:2?) and a dedicated comfortable classroom (the home)
Of course, thats a lot of it. The general point is that homeschooling is quite good though, in contradiction to the claims that theyre all ignorant.
Id note that if you're valuing the parent's skills at teaching at ~$8000 / pupil = ~$160,000 salary for a classroom, that doesnt say much for the state of public school teachers.
Regardless of how old they believe the earth to be, statistics generally support that they will score far higher in math, reading, etc than the public or even privately schooled students.
Here, have some statistics.
http://contentcat.fhsu.edu/cdm/compoundobject/collection/p15732coll4/id/456
Click the "Academic Achievement and...." link on the side.
Those "abused kids" score in the 85th percentile and cost 1/10th the average per-pupil rate in public schools.
Every graph you will find on the topic will show, in order of performance,
Public Schools
Private schools
Homeschools / Catholic schools (I forget which performs best)
If you really want to be lazy,
Good old wikipedia: http://en.wikipedia.org/wiki/Homeschooling#Research
This one is a goodie-- its in a peer reviewed journal, shows the full demographic breakdown, and indicates that 65% of homeschool families in 2007-2008 spent less than $900 on schooling (compared to the average $9000 /pupil in public schools)-- a full quarter spent only $200-400. It also indicates that in all tests the students on average achieved 84th and above percentile.
http://contentcat.fhsu.edu/cdm/compoundobject/collection/p15732coll4/id/456 (pick "Academic achievement and.....")
If you need more, you should really just google "homeschool achievement". This isnt even news, youre just trolling at this point.
People will do bad things. Responses to this tend to fall on a spectrum between "accept that a free society has bad actors" and "Set up a police state, and know what everyone is doing at all times".
The thing is, the police can be bad actors too. At least arming individuals makes the "bad actor" have to consider whether his actions could endanger his own safety.
How many planes fly every day? How many flights, on average, between plane hijackings?
Also, do you think the police would keep you safe from a man walking down the street with a bomb? But then, you dont generally worry about THAT, do you?
PS: The answers are ~90,000 domestic flights, and ~1400 days between hijacking attempts on US flights.
6 successful and unsuccessful plane hijackings in the last 23 years for the US = Once every 1400 days = Once every 125 million flights.
Is this really something that concerns you?
High-powered anti-cavity toothpaste.
Contrary to the claim, crashplan doesnt require 24/7 power on. The initial seed does, after that it does incrementals daily (for the free version) which generally will happen whenever they need to. If theyre scheduled for 3am and your computer misses the schedule, it will simply postpone till the next time things are on.
If you pony up for one of their paid versions (CP+, Pro, or ProE), you get backups every 15 minutes of tiny deltas.
There may be other solutions, but you may want to take a deeper look at crashplan.
Thats not correct. RIM routes data, but that data is encrypted end-to-end with keys that RIM never possesses. Each device has its own key, which only the BES has access to.
All of this is moot, as I understand the latest blackberries use ActiveSync, not BES.