If he wasn't telling the truth then he should be charged with making false statements.
You're so right. But why stop there? Not only he should be charged for making false statements, everyone who writes something false on the Internet should be charged!
I have personally no problem with the death sentence, but I consider your justice system and your prison system an institutionalized crime against humanity. Your country is barbaric.
It is obviously not the right way, at least not to people who know how the Internet works. That's what this whole discussion is about.
The right way to deal with objectionable content is to take down the content from the server on which it is stored. Not from search engines. (There are fully distributed search engines, wonder how this nonsensical EU rule works with them.)
What on earth do you mean by "I don't think TCO has ever mattered much"? TCO is the bread and butter of every Scheme dialect and of all strictly functional programming languages on earth. A vast range of data structures and algorithms for FP rely on it.
What the NoCrack authors try to achieve is a solution where every incorrect guess at the master password still provides a set of (incorrect but at least sometimes plausible) passwords.
That's a bad design. If the attacker can access the password file, then he will usually also be able to save your fake passwords from within the password manager. Think about your wife trying to find out the password for your porn collection. So either she may (perhaps inadvertently) delete the original ones, which would be a disaster, or you need to have padding space in the original file so the attacker cannot detect that you have saved the additional files. And you cannot have an arbitrary amount of padding space, of course.
What makes sense is to allow some attempts and then create fake passwords and save them encrypted with the fake masterpassword in the already padded database file (so there is no difference in file size). However, that only works if the password manager always modifies the password file in some way whenever it is opened, since otherwise the attacker can choose *not* to modify and save the file (which would be the wise choice anyway, from his perspective) and can easily recognize that he has been served fakes by monitoring file activity. It doesn't bring any advantage when the attacker is reverse engineering the code or debugging it.
What somehow works against offline attackers would be a variant of a 'fully bijective encryption' that was advocated many times by some crackpot on sci.crypt 15 years ago. I forgot his name. In the present case, this would mean that the encryption scheme is hand-crafted in such a way that the ciphertext is mapped to seemingly valid cleartext no matter what master passphrase is provided, and there is no check for correctness. I suppose that's what the authors were working on, but I'm pretty sure that this can only work convincingly if the passwords are random-generated in the first place. It will fail with user-provided passphrases (or, worse, it could become cryptographically insecure). The proof is left as an exercise to the reader. (just kidding)
My 2 cents. But thanks for the linked paper, I'll check it out.
As the maker of a password manager, I'm curious how this is supposed to work. The article is a bit sparse on information.
Suppose I'm the attacker and after say, ten guesses the fake passwords are shown. So if I now save the passwords, will the original ones be overwritten? I guess not, since that would be rather inconvenient. So if not, will the fake passwords along with the master password and the original data be stored in the password database? Than the attacker can check the length of the original file after saving to determine whether he has obtained fake passwords. Or are they assuming some mysterious online password application where the user has no knowledge of where and how his passwords are stored? In that case, the application will be insecure anyway.
I suppose the right way to make this work is by saving fake passwords (or the space for them) along with the real ones all the time but encrypt them separately with the fake master password after it has been created on the fly. Thinking about it, I might add this as an option to my program.
I just can't decide on which loosing horse I should all my money!
Jokes aside, anyone who knows a little bit about the history of Apple should be careful not to put too much efforts in one of their 'projects'. At least develop the core of your applications in C or C++ and use the proprietary technology just for GUI glue code. Unless we're talking about another fart app that requires zero know-how and programming effort anyway.
Your terminal -- mainframe concept sounds a bit too 70ish to me. Why should it be the future of computing now when it already failed in the 80s-90s for most uses? I really don't buy it.
Perhaps the lawmakers hoped that such laws would make employers reconsider their options and look a bit more at the skills of the candidates rather than looking at insubstantial factors like gender, race or age.
It's a strange idea to think that a law is bullshit just because you can circumvent it. Don't get me wrong, I'm not saying that the law is good, I'm merely saying that your arguments are stupid.
The only guy I've ever met who could judge the age of people well was a man who made some money on the Stroget in Copenhagen more than ten years ago by betting with pedestrians that he could guess their age (he probably did it mostly for fun, though). But he didn't use the face only, he used all kinds of clues, especially he looked at people's necks. He was really good, but everyone else just sucks at it.
No wonder A.I. can't do it when ordinary people can't do it either.
I think it's a nice scene, the hair is great, for example. The problem for me is that it is as blurry, unsharp and overloaded with artificial contrast than any other current video game graphics. I'd like it to be more realistic but apparently my apprehension of reality is different than that of the Square Enix developers.
Show me some dense dark woods with thousands of trees that move in the wind and every tree with as many leaves as a real tree, and how the sun shines through the roofs of the trees like in real life and without any artifical effects like 'rays of god' etc. And all of this as sharp as possible, please. That would impress me more.
May I ask what the point of this exercise is? What is being tested? Is this about "essay" writing? AFAIK, only a few French philosophers still do that. (I have a Ph.D. in philosophy, so I feel qualified to say that.) I also can't see how such tests can have anything to do with scientific writing, and even less with creative writing. I understand checking for plagiarism, but what the heck is the point of these tests?
What do they put on it? Checklists? Airport charts? Or even approach/departure charts? What if it crashes during taxiing on a busy airport? What if it crashes in the middle of a complicated approach procedure? What if it crashes during checklist and the pilots forget to check a point?
In other words: Why would anyone use cheap crap such as an iPad in a professional passenger airplane? How stupid is that?
Well, I work at a university and I'm also astonished about this story. If I caught anybody cheating in class, this person would surely fail class and there would possibly be an honor commission and the result could be ejection from university in a severe case. At least that's what I thought - haven't had to deal with a case of cheating so far.
Are the standards of that university so low that somebody can cheat and even continue with the course? Is that normal for US universities?
Alright then, I'll put a graphics program on Steam and sell it for 50 USD. Somewhere in the EULA I'll hide the clause that I'll maintain the rights on any derivative work, and if people want to sell anything created with my program, they'll have to give me 45% share and Steam 30%. They can only get 25%.
How about doing the same for word processors, music recording programs, etc.?
Also, how about creating a platform, something like an app store, and wait until nearly everybody is using it and there is no viable competition left. Then change the EULA unilaterally to give me a higher cut, as much as I want, for things that used to be free. Why not? It's a free market!
Why stop there? How about selling something unique to you, say, a tool that no other company produces, but hide in the contract a clause that prohibits you from making money with it. Then, after you have used the tool for years to create things and you start to think about making money with it, I'll drop the bomb and tell you that you will have to give me 45% and the tool shop where you've bought it 30%. Sounds fair? Why not, it's a free market!
Here's some news pal: None of this is fair in any ordinary sense of the word. Legal, perhaps, in some countries, but certainly not fair.
And that's also why Valve stepped back from it, because they don't want to be (rightly) perceived as unfair assholes.
Slashdot Mirror
If he wasn't telling the truth then he should be charged with making false statements.
You're so right. But why stop there? Not only he should be charged for making false statements, everyone who writes something false on the Internet should be charged!
If web sites can't find a way to pay for the content and hosting then they eventually will go away.
No problem for me. They can all go to hell, as far as I'm concerned. The web did just fine without them.
I have personally no problem with the death sentence, but I consider your justice system and your prison system an institutionalized crime against humanity. Your country is barbaric.
It is obviously not the right way, at least not to people who know how the Internet works. That's what this whole discussion is about.
The right way to deal with objectionable content is to take down the content from the server on which it is stored. Not from search engines. (There are fully distributed search engines, wonder how this nonsensical EU rule works with them.)
Whenever I get omitted search results, I use a proxy to go to Google.com and read what has been deleted. It's surprisingly informative.
Still waiting for someone to write a Firefox extension to do that automatically.
You mean he did the same as what spin doctors do for politicians?
No, that's not the problem. The problem is that every second secret agency in the world and every third Russian botnet owner could rig the election.
The whole story is lame, because it's not about the paper or his research but about his leisure time activities.
Who cares? How about a story about Joe the Plumber's sports at the local bowling center instead?
what used to be AOL == Gmail now
meaning, only morons and noobs use it
I know this is controversial, so let's start the flamewar and downmodding in 3, 2, 1...
What on earth do you mean by "I don't think TCO has ever mattered much"? TCO is the bread and butter of every Scheme dialect and of all strictly functional programming languages on earth. A vast range of data structures and algorithms for FP rely on it.
Count me amongst the skeptics.
What the NoCrack authors try to achieve is a solution where every incorrect guess at the master password still provides a set of (incorrect but at least sometimes plausible) passwords.
That's a bad design. If the attacker can access the password file, then he will usually also be able to save your fake passwords from within the password manager. Think about your wife trying to find out the password for your porn collection. So either she may (perhaps inadvertently) delete the original ones, which would be a disaster, or you need to have padding space in the original file so the attacker cannot detect that you have saved the additional files. And you cannot have an arbitrary amount of padding space, of course.
What makes sense is to allow some attempts and then create fake passwords and save them encrypted with the fake masterpassword in the already padded database file (so there is no difference in file size). However, that only works if the password manager always modifies the password file in some way whenever it is opened, since otherwise the attacker can choose *not* to modify and save the file (which would be the wise choice anyway, from his perspective) and can easily recognize that he has been served fakes by monitoring file activity. It doesn't bring any advantage when the attacker is reverse engineering the code or debugging it.
What somehow works against offline attackers would be a variant of a 'fully bijective encryption' that was advocated many times by some crackpot on sci.crypt 15 years ago. I forgot his name. In the present case, this would mean that the encryption scheme is hand-crafted in such a way that the ciphertext is mapped to seemingly valid cleartext no matter what master passphrase is provided, and there is no check for correctness. I suppose that's what the authors were working on, but I'm pretty sure that this can only work convincingly if the passwords are random-generated in the first place. It will fail with user-provided passphrases (or, worse, it could become cryptographically insecure). The proof is left as an exercise to the reader. (just kidding)
My 2 cents. But thanks for the linked paper, I'll check it out.
As the maker of a password manager, I'm curious how this is supposed to work. The article is a bit sparse on information.
Suppose I'm the attacker and after say, ten guesses the fake passwords are shown. So if I now save the passwords, will the original ones be overwritten? I guess not, since that would be rather inconvenient. So if not, will the fake passwords along with the master password and the original data be stored in the password database? Than the attacker can check the length of the original file after saving to determine whether he has obtained fake passwords. Or are they assuming some mysterious online password application where the user has no knowledge of where and how his passwords are stored? In that case, the application will be insecure anyway.
I suppose the right way to make this work is by saving fake passwords (or the space for them) along with the real ones all the time but encrypt them separately with the fake master password after it has been created on the fly. Thinking about it, I might add this as an option to my program.
I just can't decide on which loosing horse I should all my money!
Jokes aside, anyone who knows a little bit about the history of Apple should be careful not to put too much efforts in one of their 'projects'. At least develop the core of your applications in C or C++ and use the proprietary technology just for GUI glue code. Unless we're talking about another fart app that requires zero know-how and programming effort anyway.
Your terminal -- mainframe concept sounds a bit too 70ish to me. Why should it be the future of computing now when it already failed in the 80s-90s for most uses? I really don't buy it.
Intel was significantly ahead of everyone else.
Was? They still are!
Learn Forth now. Or something else.
Perhaps the lawmakers hoped that such laws would make employers reconsider their options and look a bit more at the skills of the candidates rather than looking at insubstantial factors like gender, race or age.
It's a strange idea to think that a law is bullshit just because you can circumvent it. Don't get me wrong, I'm not saying that the law is good, I'm merely saying that your arguments are stupid.
That was possibly the most stupid comment I've ever read on the Internet.
The only guy I've ever met who could judge the age of people well was a man who made some money on the Stroget in Copenhagen more than ten years ago by betting with pedestrians that he could guess their age (he probably did it mostly for fun, though). But he didn't use the face only, he used all kinds of clues, especially he looked at people's necks. He was really good, but everyone else just sucks at it.
No wonder A.I. can't do it when ordinary people can't do it either.
I think it's a nice scene, the hair is great, for example. The problem for me is that it is as blurry, unsharp and overloaded with artificial contrast than any other current video game graphics. I'd like it to be more realistic but apparently my apprehension of reality is different than that of the Square Enix developers.
Show me some dense dark woods with thousands of trees that move in the wind and every tree with as many leaves as a real tree, and how the sun shines through the roofs of the trees like in real life and without any artifical effects like 'rays of god' etc. And all of this as sharp as possible, please. That would impress me more.
May I ask what the point of this exercise is? What is being tested? Is this about "essay" writing? AFAIK, only a few French philosophers still do that. (I have a Ph.D. in philosophy, so I feel qualified to say that.) I also can't see how such tests can have anything to do with scientific writing, and even less with creative writing. I understand checking for plagiarism, but what the heck is the point of these tests?
What do they put on it? Checklists? Airport charts? Or even approach/departure charts? What if it crashes during taxiing on a busy airport? What if it crashes in the middle of a complicated approach procedure? What if it crashes during checklist and the pilots forget to check a point?
In other words: Why would anyone use cheap crap such as an iPad in a professional passenger airplane? How stupid is that?
Well, I work at a university and I'm also astonished about this story. If I caught anybody cheating in class, this person would surely fail class and there would possibly be an honor commission and the result could be ejection from university in a severe case. At least that's what I thought - haven't had to deal with a case of cheating so far.
Are the standards of that university so low that somebody can cheat and even continue with the course? Is that normal for US universities?
The game developers should get no more than 0% share, because anything else would create an obvious conflict of interest.
When I buy a game, I want it to be halfway finished and playable, not a bug-ridden unfinished modding platform.
Alright then, I'll put a graphics program on Steam and sell it for 50 USD. Somewhere in the EULA I'll hide the clause that I'll maintain the rights on any derivative work, and if people want to sell anything created with my program, they'll have to give me 45% share and Steam 30%. They can only get 25%.
How about doing the same for word processors, music recording programs, etc.?
Also, how about creating a platform, something like an app store, and wait until nearly everybody is using it and there is no viable competition left. Then change the EULA unilaterally to give me a higher cut, as much as I want, for things that used to be free. Why not? It's a free market!
Why stop there? How about selling something unique to you, say, a tool that no other company produces, but hide in the contract a clause that prohibits you from making money with it. Then, after you have used the tool for years to create things and you start to think about making money with it, I'll drop the bomb and tell you that you will have to give me 45% and the tool shop where you've bought it 30%. Sounds fair? Why not, it's a free market!
Here's some news pal: None of this is fair in any ordinary sense of the word. Legal, perhaps, in some countries, but certainly not fair.
And that's also why Valve stepped back from it, because they don't want to be (rightly) perceived as unfair assholes.