I agree. Bad management encouraging/enabling poor technicians/developers by not looking for quality hires.
Either way, we can still blame Yahoo as they have a professional responsibility to make sure their employees know common industry standards. Protecting against SQL Inject is common knowledge. I learned about it sophomore year and StackOverflow users mention it in almost every case where it could happen when a question is posted.
Newer antivirus engines use heuristics. Vipre was reviewed to have about 95% effectiveness on 0-day unknown malware. If I ever get an anti-virus, that will be the one. So far the Microsoft one works just fine.
Even if a hash was O(1) and took one clock-cycle no matter the password length, a 14+ char password will be safe for a very very long time. If you had EVERY computer in the world working on colliding your hash, to find your password, it would take decades even if they're lucky and found a way to make 500ghz graphite chips.
In the real world, hashing scales with the stream length and takes several cycles per char, plus look-up times and no 500ghz chips.
If someone wanted your password so badly, they would just buy a wrench and some thugs.
Expensive hashes are only good for weak passwords. Users shouldn't have week passwords. Just use a strong salted-hash, that's Good Enough(tm), don't care about slowness.
Faster than RSA1024 by a few factors, and about the strength of a 256bit symmetrical key, putting it at "universe lifes" for how long it takes to break.
Adult Swim on Cartoon Network, now that would piss me off.
Only reason I have cable. I'm just waiting for them to open streaming as a paid service and/or enough money to start buying discs from them. Then I can "cut the cord".
The tax penalty will cost more than dropping the insurance. For those people where it is not the case, the insurance will be nearly free anyway, so there is still no reason to drop it.
I would love to know what you're smoking so I could live in your world.
You would make a great Microsoft spokes person for early 2000. You could talk about insecure Linux is because everyone can see the source code. A little bit of reading shows you either don't understand almost anything or you're making strawmen by only showing 1/2 the story.
If you have a pre-existing condition the insurance company can - and will - consider it when pricing a plan for you. If you broke your little toe water skiing 20 years ago your insurance company is free to consider that and write up a plan that is 80-300% of your annual income. Sure, you won't be able to afford it, but they met their obligation by not denying you coverage. It's your own stupid fault for breaking your toe 20 years ago.
They cannot charge your more either. They are not allowed to discriminate in any form.
Healthy people will opt out and will pay for minor doctor visits out of pocket and will wait until they really need insurance for major coverage to get back on a plan (they can't be denied), and so all insurance companies will fail.
Why would someone do that? The tax penalty is greater than my year premium, then if you add in the tax credit, my insurance will be almost free.
Hmm.. Nearly free insurance or paying a tax penalty.. choices.. choices..
In the long run, the interest accumulated on that 99% is worth more than the initial 99%. Most of that money is invested and they use the returns to keep funding projects.
Probably to some degree. Actually, the water company sent out a flyer talking about their upgrade. Now that they can monitor water demand in real time, they can speed-up and slow-down their pumps around the city. This allows them to be pro-active to keep water pressure up, while saving money by reducing their pumps when demand is low.
Light has only one attribute... frequency, there is no "flat" or "sine". What you see on a oscilloscope is a visual representation to help humans use their visual processing.
I'm still going with what mrwilsox said, I just had to point the above out.
While it's definitely the power company's right to know how much power I'm using, and even to know in aggregate how much peak versus non-peak power I'm using, but they really shouldn't need to know hour by hour or minute by minute (or even day by day) how much power I'm using.
What business does a server admin have in knowing hours by hours or minute by minute load? Any admin of an infrastructure probably wants to know usage outside of monthly intervals.
They already have instrumentation at the substations that tells them how much power my neighborhood
"Neighborhood"?! Shit, we have one substation for the entire city of 20k people, excluding the factories. They may want to know a little more about how power is used in different sections of the city.
While data must be collected at the house level, maybe we need laws stating that only monthly data can be saved by customer and any lesser interval must be stored by city section(some larger logical unit).
My local water company has switched over to smart meters for water usage. Now that they have pseudo-realtime flow information, they have reduced their operations costs by about $200k/year and my water will has gone down because of reduced rates.
The more information engineers have access to, the more efficient the system.
If we EVER want to have massive roll-outs of green energy, we'll need smart meters. Fuck green, lets burn coal until we die, I don't want someone seeing how much power I use.
What we do need is rules stating that the information collected must be securely accessed and transmitted. Possibly limit collected data to just stuff like average power-draw, local voltages, highest burst, standard deviation.. stuff like that.
They don't need to know what exactly what I'm running, just a category of power demand.
Power company says "if you want to save money, we need more data"
Power distribution says "if you want more reliable power, we need more data"
Customers say "We want cheaper and more reliable power!"
OMG! they want to know more info?!
Next thing you'll know, your Doctor will want to know your medical history! Fuck him/her! Why would they need to know that?!
Just be careful with "Volatile", as many new CPUs may re-arrange memory access, which can break a lock-less algorithm that assumes Volatile fixes everything.
My points expired a few minutes before reading your post. /sigh
I don't think people realize the choke-point ACID creates. It's like a global lock.
I agree. Bad management encouraging/enabling poor technicians/developers by not looking for quality hires.
Either way, we can still blame Yahoo as they have a professional responsibility to make sure their employees know common industry standards. Protecting against SQL Inject is common knowledge. I learned about it sophomore year and StackOverflow users mention it in almost every case where it could happen when a question is posted.
Newer antivirus engines use heuristics. Vipre was reviewed to have about 95% effectiveness on 0-day unknown malware. If I ever get an anti-virus, that will be the one. So far the Microsoft one works just fine.
SQL injection is insanely easy to protect against. Your input should NOT be in your command stream
C# pseudo-syntax
sql.CommandType=Procedure
sql.command = "MyStoredProcedure"
sql.parameters.add("@MyInput",InputValue)
You will never get an SQL injection through that.(assuming MyInput isn't a string that gets concatenated to dynamic SQL inside the sproc)
You could even do something like this
sql.CommandType=Text
sql.command = "select * from table"
if(InputValue != null) {
sql.command += " where table.myfield = @MyInput"
sql.parameters.add("@MyInput",InputValue) }
This is also safe from injection
You're always in a race against computing power.
Even if a hash was O(1) and took one clock-cycle no matter the password length, a 14+ char password will be safe for a very very long time. If you had EVERY computer in the world working on colliding your hash, to find your password, it would take decades even if they're lucky and found a way to make 500ghz graphite chips.
In the real world, hashing scales with the stream length and takes several cycles per char, plus look-up times and no 500ghz chips.
If someone wanted your password so badly, they would just buy a wrench and some thugs.
Expensive hashes are only good for weak passwords. Users shouldn't have week passwords. Just use a strong salted-hash, that's Good Enough(tm), don't care about slowness.
We should just go with ECC already. http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
Faster than RSA1024 by a few factors, and about the strength of a 256bit symmetrical key, putting it at "universe lifes" for how long it takes to break.
Adult Swim on Cartoon Network, now that would piss me off.
Only reason I have cable. I'm just waiting for them to open streaming as a paid service and/or enough money to start buying discs from them. Then I can "cut the cord".
Your weather is reported in kelvin? That is so awesome.
double negatives hurt my brain :*(
The tax penalty will cost more than dropping the insurance. For those people where it is not the case, the insurance will be nearly free anyway, so there is still no reason to drop it.
I would love to know what you're smoking so I could live in your world.
You would make a great Microsoft spokes person for early 2000. You could talk about insecure Linux is because everyone can see the source code. A little bit of reading shows you either don't understand almost anything or you're making strawmen by only showing 1/2 the story.
If you have a pre-existing condition the insurance company can - and will - consider it when pricing a plan for you. If you broke your little toe water skiing 20 years ago your insurance company is free to consider that and write up a plan that is 80-300% of your annual income. Sure, you won't be able to afford it, but they met their obligation by not denying you coverage. It's your own stupid fault for breaking your toe 20 years ago.
They cannot charge your more either. They are not allowed to discriminate in any form.
Healthy people will opt out and will pay for minor doctor visits out of pocket and will wait until they really need insurance for major coverage to get back on a plan (they can't be denied), and so all insurance companies will fail.
Why would someone do that? The tax penalty is greater than my year premium, then if you add in the tax credit, my insurance will be almost free.
Hmm.. Nearly free insurance or paying a tax penalty.. choices.. choices..
In the long run, the interest accumulated on that 99% is worth more than the initial 99%. Most of that money is invested and they use the returns to keep funding projects.
Probably to some degree.
Actually, the water company sent out a flyer talking about their upgrade. Now that they can monitor water demand in real time, they can speed-up and slow-down their pumps around the city. This allows them to be pro-active to keep water pressure up, while saving money by reducing their pumps when demand is low.
While they still have to collect at the house level, I do agree that they should only store 15min intervals at neighborhood or higher level.
Bit of a jump to go from monitoring power usage over 15min windows to web-cams throughout the house.
Isn't that a bit like saying "If you're going to cut the child's umbilical cord, why not just chop off an arm?!". Same thing, right?
We don't kind to logic and facts around here(internet).
Are you saying they don't use ECC+Skein(1024bit)+Threefish(1024bit) to secure their communications?
http://en.wikipedia.org/wiki/Elliptic_curve_cryptography
http://en.wikipedia.org/wiki/Skein_(hash_function)
http://en.wikipedia.org/wiki/Threefish
Light has only one attribute... frequency, there is no "flat" or "sine". What you see on a oscilloscope is a visual representation to help humans use their visual processing.
I'm still going with what mrwilsox said, I just had to point the above out.
While it's definitely the power company's right to know how much power I'm using, and even to know in aggregate how much peak versus non-peak power I'm using, but they really shouldn't need to know hour by hour or minute by minute (or even day by day) how much power I'm using.
What business does a server admin have in knowing hours by hours or minute by minute load? Any admin of an infrastructure probably wants to know usage outside of monthly intervals.
They already have instrumentation at the substations that tells them how much power my neighborhood
"Neighborhood"?! Shit, we have one substation for the entire city of 20k people, excluding the factories. They may want to know a little more about how power is used in different sections of the city.
While data must be collected at the house level, maybe we need laws stating that only monthly data can be saved by customer and any lesser interval must be stored by city section(some larger logical unit).
To really get the sarcasm going, you should have put something more like "They are every bit as dangerous as a cellphone through a wall 25' from you."
My local water company has switched over to smart meters for water usage. Now that they have pseudo-realtime flow information, they have reduced their operations costs by about $200k/year and my water will has gone down because of reduced rates.
The more information engineers have access to, the more efficient the system.
If we EVER want to have massive roll-outs of green energy, we'll need smart meters. Fuck green, lets burn coal until we die, I don't want someone seeing how much power I use.
What we do need is rules stating that the information collected must be securely accessed and transmitted. Possibly limit collected data to just stuff like average power-draw, local voltages, highest burst, standard deviation.. stuff like that.
They don't need to know what exactly what I'm running, just a category of power demand.
Power company says "if you want to save money, we need more data"
Power distribution says "if you want more reliable power, we need more data"
Customers say "We want cheaper and more reliable power!"
OMG! they want to know more info?!
Next thing you'll know, your Doctor will want to know your medical history! Fuck him/her! Why would they need to know that?!
Just be careful with "Volatile", as many new CPUs may re-arrange memory access, which can break a lock-less algorithm that assumes Volatile fixes everything.