On the other hand, he is credited with saving HP. HP may have fired him, but they sure as hell aren't going to deviate from his plan for a few years at least. He quite literally saved that company. He made the cover of business week, forbes, and all those other financial mags for it, for god's sake. That's one hell of a thing to have on your resume.
Besides, though Hurd's indiscretions were serious, they were nothing compared to what he did for HP. He saved the company hundreds of millions of dollars, maybe billions, and brought them back from the brink of bankruptcy, but gets caught over-expensing a few thousand dollars and he has to go?
If I were Oracle I'd snatch him up too. HP was stupid for letting him go.
There are only three possible venues for a breach of contract case.
The first and default venue is the place where the contract was finalized - as in, where both parties signed.
The second venue is only available if the contract was signed in two different locations. As in, party A lives in Florida and party B lives in Washington, and party A mails the contract to party B after signing it, and party B mails back a copy to party A after signing it. This situation generally brings about the third and final option, because determining jurisdiction in these cases is messy, but it's still only one or the other.
The third venue is one specified in the contract, generally because it is a neutral venue (though I'm sure people sign heavy-handed contracts all the time).
Those are the three possibilities for a breach of contract lawsuit. The contract does not jump around from place to place, it stays at its place origin and that is where any breaches occur.
There is another option that must be specified in the contract, and that's the use of an adjudicator instead of the courts. The adjudication carries legal weight with regards to the contract, but if it fails the courts must then be used for final resolution.
If Hurd signed a contract in California with HP, and there was no alternate venue specified, then California is always the venue where a contract breach must be adjudicated.
If Hurd goes to New York and breaches the contract with HP, the activities occurred in New York but the breach didn't really occur in New York, because there is no contract in New York. The breach occurred in California - that's where the contract is. That is where the case must be resolved.
No I'm not a lawyer, but I did take one hell of a contract law class, so there are probably intricacies here I'm not aware of. That is the gist of it, though.
The argument HP is making is not that Hurd isn't allowed to work for Oracle because of a previous agreement with HP. That would be a non-compete, and is not valid in California.
The argument HP is making is that it is impossible for Hurd to perform his new duties for Oracle without sharing HP's trade secrets, and Hurd has a contract with HP saying he will not share HP's trade secrets. In other words it's a breach of contract due to conflict of interest, not a non-compete agreement.
As such, the best HP will be able to do is get all or part of their money back from Hurd. There is no way they will be able to prevent him from working for Oracle in his current capacity. For comparison, a non-compete contract would prevent Hurd from being employed by Oracle in this case.
Except that this DOES address those issues, it doesn't make them impossible, but you are missing some advantages here.
It only addresses the issues for people who are paying attention to them. Those are the same people who are already unlikely to be taken in by the various forms of social engineering.
Let's say you maintain passwords with 10 different services (not unlikely anymore). Does the typical person know the practices of each of those services? Do they keep track of when those practices change? No, of course they don't.
But let's say you reduce that to one service. All of a sudden you CAN expect people, if demonstrated to them and repeated, that KEYLOGINSERVICE will only contact them by this method (FedEx?, etc) will NEVER ask for ANY information if they are calling you (or may NOT call you). Our website will look like THIS exactly, and here are several ways to verify that.
Most people do not pay attention to the privacy policies of any website, regardless of how many websites they actually need to log in to. That's why phishing scams and the like work so well. Furthermore, the rules to avoid social engineering are not website specific, they are universal, and they apply whether you use a centralized password system or not. Basically everything you outlined there is how you avoid scams on the net - if you know the rules you already know they apply to everything, not just one website or another. Most people simply don't grasp the rules for safe browsing. As such, the problem is not with any particular website, or the number of passwords, etc. It's with the uninformed nature of the user. A centralized ID does not, in any way, address that problem. Companies already try to get their customers to follow safe browsing practices with very limited success.
A centralized login will help with users who have many passwords and must write them down. However, for most people who would use a centralized login (end users, generally) this is not a high-risk issue because their passwords are stored in a private place, even if they are stickied to their monitor.
Writing passwords down is a very big deal in public environment (the workplace, etc), but most of these environments already have a centralized login for all of their sensitive information - their local domain login. In these environments I might recommend something like OpenID for online content, simply because the user is more likely to put their passwords at risk by writing them down in public view. Most companies, however, have a proscription against using the web for personal use, so it likely would never come up. Then again, slightly smarter habits would eliminate the problem - keeping your notebook with your passwords on your person at all times and not associating the password directly with a specific user name or website would be reasonably secure under those conditions.
For most users though, it's a tradeoff of more convenience vs putting all of your online content at risk with a single breach of security. Nothing about the centralized login improves your security at all.
A dictionary attack would fail completely in all of those cases, and a brute force attack would be required. Since the length of the password is unknown, more than likely even the "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa" password is no easier to crack than any other possible password. If the length is known, then of course passwords like those you listed are the first ones you try, but with an unknown length there is nothing wrong with that password or any other in your list.
Indeed, there are parts of the country where housing/utilities and food expenses shouldn't top $1000 per month for a single person in a 1 bedroom apartment. At that rate, $4,000 per month (around $55k before taxes income to get $4k after taxes) and you could live very well. You could burn $1000 in entertainment (in an area where most such things are much cheaper, due to the lower cost of living) every month and still save $24k a year. That's pretty impressive. It isn't rich, but if you are smart money will never be a concern, and that's just on $55k per year. In 10 years you could pay cash for a $240k house.
At $75k per year, you could be putting away/investing $50k per year if you really wanted to. That's a lot.
Yes it is solvable, but assuming one variation can be calculated in a single floating point operation (it probably can't, but who knows) with current tech (3 petaflop/s) it would take 10^97 years just to calculate the first move*. The next calculation is nearly as big as the first, with the calculations getting slightly smaller as the game goes on.
That means a computer that solves one chess move per year (for the first 10 moves or so, after that the calculations are a fraction of the size of the first calc) would need to be 10^97 times more powerful than the most powerful supercomputer we have. With that computer you could probably solve it in 5-10 years. If it's only 10^96 times as powerful, though, it would take well over 100 years to solve.
I've got bad news for you in that regard, because the current supercomputers (3 petaflop/s or less) are only 10^16 times more powerful than the Z3, the first turing complete computer, which was invented in 1941 and could only do one multiplication per three seconds. Assuming the same exponential rate of growth, and in 70 years we'll still be 10^81 times too weak to solve chess in any reasonable amount of time.
Add to that the fact that a quantum computer will almost certainly have absolutely no advantage in solving for each position than a classical computer (it's a simple accounting of each move, there aren't any computationally complex problems, just an assload of computations), and there is no reason to believe quantum computing will solve chess any time soon.
I know we'll do it eventually, I just can't see it happening for a couple hundred years. Once solved, though, Chess will be boring with regards to computers. It will become a simple "if this than this" operations. Humans still probably couldn't handle it, but any of today's computers would be unbeatable.
In other words, the game is solvable, but the amount of computational power necessary is absolutely staggering. It's so staggering that some have argued that computers (yes, even quantum computers) will run into the limits of physics long before they are ever powerful enough to truly solve chess. You run into the limits of the speed of light and quantum entanglement and the laws of thermodynamics and such at some point, and we are already nearing the physical limits of chipmaking for classical computers now (the reason we had to stop the GHZ expansion), just 70 years after the invention of the computer (of which we are only 10^16 times more powerful today).
*To get the first move, you need to calculate the entire tree, which has 10^120 variations for a 40 move (average) game, in order to know the the best possible move. From there the variations start to shrink (you've eliminated all the branches that don't start with your first move), but at this point the number is still nearly as large. Not until many moves in would the calculation time shrink to a reasonable level for that powerful of a computer. So far only limited 4 piece or fewer end game scenarios have been solved.
You've got to give these things times, my man. This is Slashdot. Just an hour after your post (and about an hour and 40 minutes after the original) it is up to +5, Funny where it belongs.
Keyloggers still work, phishing scams still work, and social engineering still works. If centralized logins become the norm, the bad folks will simply target the centralized logins.
Your risk with centralized logins, however, skyrockets. Now, instead of losing control of one login to one website, you lose everything. Moreover, they don't even have to guess what sites you have access to, they can simply dig through the centralized login site and find it once they have your account info.
The NYT article is interesting, but the SlashDot summary is near useless. There is no need to specifically include universal logins in the discussion, because universal logins suffer from exactly the same issues that individual logins do. The only possible reason for including them is the fact that the potential loss is much much higher with a universal login.
You did say "store it all in IMAP", which is incorrect.
Of course, you clarify that a little later by recommending Maildir++ for the physical storage format.
Nothing is ever stored in IMAP. It can only be sent or received in IMAP.
Frankly, since the OP never asked for a messaging protocol, I have no idea why everyone is recommending IMAP for anything. He wants an archive, and he wants it to be platform neutral. Frankly, you can't beat something like a SQL database for those requirements. Maildir and the like seem alright, but are running into the "I don't want a format that will go away in a few years" part of his request. SQL is going nowhere, and you can put anything in a SQL database. Done correctly, it can also be very quick to find and retrieve emails.
Slashdot Mirror
On the other hand, he is credited with saving HP. HP may have fired him, but they sure as hell aren't going to deviate from his plan for a few years at least. He quite literally saved that company. He made the cover of business week, forbes, and all those other financial mags for it, for god's sake. That's one hell of a thing to have on your resume.
Besides, though Hurd's indiscretions were serious, they were nothing compared to what he did for HP. He saved the company hundreds of millions of dollars, maybe billions, and brought them back from the brink of bankruptcy, but gets caught over-expensing a few thousand dollars and he has to go?
If I were Oracle I'd snatch him up too. HP was stupid for letting him go.
Holy crap are you uninformed about contract law.
There are only three possible venues for a breach of contract case.
The first and default venue is the place where the contract was finalized - as in, where both parties signed.
The second venue is only available if the contract was signed in two different locations. As in, party A lives in Florida and party B lives in Washington, and party A mails the contract to party B after signing it, and party B mails back a copy to party A after signing it. This situation generally brings about the third and final option, because determining jurisdiction in these cases is messy, but it's still only one or the other.
The third venue is one specified in the contract, generally because it is a neutral venue (though I'm sure people sign heavy-handed contracts all the time).
Those are the three possibilities for a breach of contract lawsuit. The contract does not jump around from place to place, it stays at its place origin and that is where any breaches occur.
There is another option that must be specified in the contract, and that's the use of an adjudicator instead of the courts. The adjudication carries legal weight with regards to the contract, but if it fails the courts must then be used for final resolution.
If Hurd signed a contract in California with HP, and there was no alternate venue specified, then California is always the venue where a contract breach must be adjudicated.
If Hurd goes to New York and breaches the contract with HP, the activities occurred in New York but the breach didn't really occur in New York, because there is no contract in New York. The breach occurred in California - that's where the contract is. That is where the case must be resolved.
No I'm not a lawyer, but I did take one hell of a contract law class, so there are probably intricacies here I'm not aware of. That is the gist of it, though.
It's a contract, and it applies like any other.
The argument HP is making is not that Hurd isn't allowed to work for Oracle because of a previous agreement with HP. That would be a non-compete, and is not valid in California.
The argument HP is making is that it is impossible for Hurd to perform his new duties for Oracle without sharing HP's trade secrets, and Hurd has a contract with HP saying he will not share HP's trade secrets. In other words it's a breach of contract due to conflict of interest, not a non-compete agreement.
As such, the best HP will be able to do is get all or part of their money back from Hurd. There is no way they will be able to prevent him from working for Oracle in his current capacity. For comparison, a non-compete contract would prevent Hurd from being employed by Oracle in this case.
I was only with HP for a year, and I'm glad to be rid of them.
IBM isn't perfect, but they are much better than HP at least.
Ignorance makes you much more gullible.
Website/program/service = lock
USB/Memory stick/certificate = key
Lock and key are matched up the first time you set up the service, just like we do with frickin doors and shit.
Seriously, why is this hard to understand?
It's a lock, and it's a key that fits the lock. There is one lock and one key (or multiple keys, if the need is there).
Except that this DOES address those issues, it doesn't make them impossible, but you are missing some advantages here.
It only addresses the issues for people who are paying attention to them. Those are the same people who are already unlikely to be taken in by the various forms of social engineering.
Let's say you maintain passwords with 10 different services (not unlikely anymore). Does the typical person know the practices of each of those services? Do they keep track of when those practices change? No, of course they don't.
But let's say you reduce that to one service. All of a sudden you CAN expect people, if demonstrated to them and repeated, that KEYLOGINSERVICE will only contact them by this method (FedEx?, etc) will NEVER ask for ANY information if they are calling you (or may NOT call you). Our website will look like THIS exactly, and here are several ways to verify that.
Most people do not pay attention to the privacy policies of any website, regardless of how many websites they actually need to log in to. That's why phishing scams and the like work so well. Furthermore, the rules to avoid social engineering are not website specific, they are universal, and they apply whether you use a centralized password system or not. Basically everything you outlined there is how you avoid scams on the net - if you know the rules you already know they apply to everything, not just one website or another. Most people simply don't grasp the rules for safe browsing. As such, the problem is not with any particular website, or the number of passwords, etc. It's with the uninformed nature of the user. A centralized ID does not, in any way, address that problem. Companies already try to get their customers to follow safe browsing practices with very limited success.
A centralized login will help with users who have many passwords and must write them down. However, for most people who would use a centralized login (end users, generally) this is not a high-risk issue because their passwords are stored in a private place, even if they are stickied to their monitor.
Writing passwords down is a very big deal in public environment (the workplace, etc), but most of these environments already have a centralized login for all of their sensitive information - their local domain login. In these environments I might recommend something like OpenID for online content, simply because the user is more likely to put their passwords at risk by writing them down in public view. Most companies, however, have a proscription against using the web for personal use, so it likely would never come up. Then again, slightly smarter habits would eliminate the problem - keeping your notebook with your passwords on your person at all times and not associating the password directly with a specific user name or website would be reasonably secure under those conditions.
For most users though, it's a tradeoff of more convenience vs putting all of your online content at risk with a single breach of security. Nothing about the centralized login improves your security at all.
A dictionary attack would fail completely in all of those cases, and a brute force attack would be required. Since the length of the password is unknown, more than likely even the "aaaaaaaaaaaaaaaaaaaaaaaaaaaaa" password is no easier to crack than any other possible password. If the length is known, then of course passwords like those you listed are the first ones you try, but with an unknown length there is nothing wrong with that password or any other in your list.
So, what is your point?
I'm sorry, but you don't get 5 $60k+ cars on a $250k per year salary. If you do you'll be poor in a heartbeat.
You could probably handle four or five $30k cars, or two $60k cars, though.
Personally, I'd go with a $130k pimp-mobile and a $10k workhorse, but to each his own.
Also, I think the GP was commenting tongue-in-cheek, the upper east side housing and nanny/elite day care should have tipped you off.
Apparently it didn't (or any of the mods either).
Is your Puritan streak so strong that you would deny your fellow citizens happiness because they were not the ones providing it for themselves?
Yes.
Indeed, there are parts of the country where housing/utilities and food expenses shouldn't top $1000 per month for a single person in a 1 bedroom apartment. At that rate, $4,000 per month (around $55k before taxes income to get $4k after taxes) and you could live very well. You could burn $1000 in entertainment (in an area where most such things are much cheaper, due to the lower cost of living) every month and still save $24k a year. That's pretty impressive. It isn't rich, but if you are smart money will never be a concern, and that's just on $55k per year. In 10 years you could pay cash for a $240k house.
At $75k per year, you could be putting away/investing $50k per year if you really wanted to. That's a lot.
I think you are underestimating chess.
Yes it is solvable, but assuming one variation can be calculated in a single floating point operation (it probably can't, but who knows) with current tech (3 petaflop/s) it would take 10^97 years just to calculate the first move*. The next calculation is nearly as big as the first, with the calculations getting slightly smaller as the game goes on.
That means a computer that solves one chess move per year (for the first 10 moves or so, after that the calculations are a fraction of the size of the first calc) would need to be 10^97 times more powerful than the most powerful supercomputer we have. With that computer you could probably solve it in 5-10 years. If it's only 10^96 times as powerful, though, it would take well over 100 years to solve.
I've got bad news for you in that regard, because the current supercomputers (3 petaflop/s or less) are only 10^16 times more powerful than the Z3, the first turing complete computer, which was invented in 1941 and could only do one multiplication per three seconds. Assuming the same exponential rate of growth, and in 70 years we'll still be 10^81 times too weak to solve chess in any reasonable amount of time.
Add to that the fact that a quantum computer will almost certainly have absolutely no advantage in solving for each position than a classical computer (it's a simple accounting of each move, there aren't any computationally complex problems, just an assload of computations), and there is no reason to believe quantum computing will solve chess any time soon.
I know we'll do it eventually, I just can't see it happening for a couple hundred years. Once solved, though, Chess will be boring with regards to computers. It will become a simple "if this than this" operations. Humans still probably couldn't handle it, but any of today's computers would be unbeatable.
In other words, the game is solvable, but the amount of computational power necessary is absolutely staggering. It's so staggering that some have argued that computers (yes, even quantum computers) will run into the limits of physics long before they are ever powerful enough to truly solve chess. You run into the limits of the speed of light and quantum entanglement and the laws of thermodynamics and such at some point, and we are already nearing the physical limits of chipmaking for classical computers now (the reason we had to stop the GHZ expansion), just 70 years after the invention of the computer (of which we are only 10^16 times more powerful today).
*To get the first move, you need to calculate the entire tree, which has 10^120 variations for a 40 move (average) game, in order to know the the best possible move. From there the variations start to shrink (you've eliminated all the branches that don't start with your first move), but at this point the number is still nearly as large. Not until many moves in would the calculation time shrink to a reasonable level for that powerful of a computer. So far only limited 4 piece or fewer end game scenarios have been solved.
You obviously don't know what a Beowulf cluster is.
The joke is "imagine a Beowulf cluster of those!" for a reason.
The quantum computers wouldn't run your Beowulf cluster, they would be your Beowulf cluster.
And the first ones will probably be slow as shit anyway (but catch up much faster than current tech).
You've got to give these things times, my man. This is Slashdot. Just an hour after your post (and about an hour and 40 minutes after the original) it is up to +5, Funny where it belongs.
Exactly my thoughts.
Keyloggers still work, phishing scams still work, and social engineering still works. If centralized logins become the norm, the bad folks will simply target the centralized logins.
Your risk with centralized logins, however, skyrockets. Now, instead of losing control of one login to one website, you lose everything. Moreover, they don't even have to guess what sites you have access to, they can simply dig through the centralized login site and find it once they have your account info.
The NYT article is interesting, but the SlashDot summary is near useless. There is no need to specifically include universal logins in the discussion, because universal logins suffer from exactly the same issues that individual logins do. The only possible reason for including them is the fact that the potential loss is much much higher with a universal login.
Yeah, seriously. The UAE is way more reasonable than those other wackjob Muslim countries.
(it's sarcasm, for those of you who can't tell by the content and context)
Why?
I don't see any practical difference between a blog and an editorial, and editorials are newsworthy.
Rejecting the information/argument solely because of the delivery method is a classic logical fallacy.
This is Slashdot, you should have known better man.
Most file systems have a limit on the number of files in a directory.
Since the idea is to be platform independent, this is something that needs to be delt with for the OP to have an effective solution.
You did say "store it all in IMAP", which is incorrect.
Of course, you clarify that a little later by recommending Maildir++ for the physical storage format.
Nothing is ever stored in IMAP. It can only be sent or received in IMAP.
Frankly, since the OP never asked for a messaging protocol, I have no idea why everyone is recommending IMAP for anything. He wants an archive, and he wants it to be platform neutral. Frankly, you can't beat something like a SQL database for those requirements. Maildir and the like seem alright, but are running into the "I don't want a format that will go away in a few years" part of his request. SQL is going nowhere, and you can put anything in a SQL database. Done correctly, it can also be very quick to find and retrieve emails.
Assange treats them that way, that's why Jonsdottir wants him to step down in the first place.
What's a "right-ring female pundit"?
You're at (+2, Troll), that's pretty impressive.
I think the record is +3 or +4 Troll, lets see how far you can go!
If regulation were done correctly consistently, there would be no such thing as over-regulation.
This is exactly what happens when there is too much regulation, and it is exactly why the amount of regulation is considered too much.