Heh, I had a similar experience at Radio Shack, complaining about the "gold cable scam," since all their cables were gold.
The sales guy tried to say that gold was the best, and I should trust him on this. I tried to explain that both copper and silver have better conductivity than gold (by a significant percent, greater than gold beats aluminum), and he more or less told me to shut up, because he was educated in these matters.
Just in case your post(s) aren't trolls, and you really *are* that that stupid, the GP did to you exactly what you did. Your complaints to the GP could just as easily apply to your original post.
Also, again, on the off chance you aren't a troll. There are probably dozens/hundreds of slashdotters, for any given article, that find it uninteresting, but you don't see them wasting the time of others, as you had with your original post. Typically they just don't bother opening the article, or if they did, then they close the tab/window/hit the back button. This site is about news for geeks, not geek, with only one in mind. This article is trivial to apply to a certain group of geeks (those that want to distribute their creations, possibly make a little money, or recoup a little cost in the process).
I'm still surprised at all the scam commercials I see on tv, and am amazed they are still around, and haven't been persecuted (i.e. MyCleanPc which has been running for over a year now at least).
You complain about people asking for proof, but if it has saved millions of lives, then proof shouldn't be hard to find.
Open minded means accepting possibilities, not jumping at them as fact. For example, saying chiropractic care can can't cure cancer, is closed minded, but so is saying it does. Without proof, either way, holding to one belief is closed minded.
A common misconception is that believing different from the norm makes you open minded. It doesn't.
If you don't need that kind of performance, then that extra $100 is wasted.
My server currently runs on an AMD. For one, it was the lowest energy using quad core I could find (45W). For two, at the time, it was cheaper than most Intel quad cores. And used less power than all but their lowest end dual cores.
Then again, my gaming rig is an i7 and my notebook is a Core2 Duo.
So, to answer your question: when it is the right tool for the job.
Please re-read the second chunk of text in my post, until you realize the problem you posted was already covered and taken care of.
Here's a hint if you need some assistance, the opposite of the bolded text was explicitly stated.
There password becomes the hash they generate and send to the server, if it is not hashed on the server, a db comprimise reveals what is needed to log in, we are back to trusting the site.
So, that would prevent a second salt/hashing from being applied?
No.
Anything done server side, can still be done server side, but now the client also has the ability to keep the protection of his/her password in his/her own hands.
Not if your site hints on how the user should salt their password (in a manner unlikely to be duplicated on other sites).
Also, there's nothing preventing the site from running a second hash, again fixing the issue, and now the user has the advantage of knowing their password isn't stored clear text.
Working on such in my personal time, I can, again call BS.
It would be somewhere between easy and trivial on most, to remove password hashing. It's a problem I've been trying to solve myself. I finally came to the conclusion that the hashing has to be done in javascript on the client side, or otherwise by the user, without an unhashed password being sent over the wire, for the user to be sure their unhashed password isn't sent.
I admin a closed sourced app with a web portal, and I can tell you the passwords are damn well hashed and salted. It doesn't take much having to fiddle around with the various data files enough in the lines of customizing things, to see where and how the passwords are stored.
In other cases, where the database is used to store this, the user account table(s) in the database usually have a cryptically named column such as "pass", "pass _hash", etc. that couldn't have anything to do with the password...
In general practice, things that target cheapskates for money tend to be *very* poor quality in any area where dropping quality shaves off a buck of cost - the profit margins tend to be low, and every saved dollar is necessary. Better to stay in business until caught, than make no profit at all.
I wouldn't trust it on Windows or MacOS. With Linux or *BSD I'd still feel like I'm playing Russian Roulette (cue meme here). Yeah, they are *probably* safe, but it only takes one flaw, and I've yet to hear of any OS that hasn't had an oopsie bug. And we won't even go into possibilities from the BIOS if you leave the thing in at boot time.
Damn, why'd I have to work with a paranoid security freak in undergrad?
Given how much the lower level hardware does with USB these days, I'm not sure I would trust such a thing on any computer, even with a good wipe of the drive (i.e. combination of multiple invokations of `dd if=/dev/zero of="${DEV}"` and `dd if=/dev/random of="${DEV}"`
I wouldn't be so sure of that, it certainly doesn't read like that to me.
Knowing modern DRM, that "simple fix" would likely destroy the game.
If more companies do this, I suspect the result will be a large market for DS card readers, that you can use to wipe the save game. They'd also work well for rewriting cards too, I'm sure.
Capcom better hope this "brilliant" idea doesn't catch on. Pirates will love it.
Really it's a matter of the amount of force used to hold the plug in. It doesn't matter the source of the force. I well built connector (such as on my toshibas) will come out when the force exceeds that of the maximum weight of the cable pulling down on it, but is less than the friction force holding the item in place.
My Toshiba does that just as well as a friends MacBook, without a proprietary magnetic connector.
You can only get apps for your iDevices via the app store, they go out of their way to make it difficult for 3rd party software to access / update the content on their devices...
Slashdot Mirror
Heh, I had a similar experience at Radio Shack, complaining about the "gold cable scam," since all their cables were gold.
The sales guy tried to say that gold was the best, and I should trust him on this. I tried to explain that both copper and silver have better conductivity than gold (by a significant percent, greater than gold beats aluminum), and he more or less told me to shut up, because he was educated in these matters.
Actually, there is still a difference, durability.
And, as far as my experience goes, Radio Shack's cables are pretty damn well near the bottom of that list.
Just in case your post(s) aren't trolls, and you really *are* that that stupid, the GP did to you exactly what you did. Your complaints to the GP could just as easily apply to your original post.
Also, again, on the off chance you aren't a troll. There are probably dozens/hundreds of slashdotters, for any given article, that find it uninteresting, but you don't see them wasting the time of others, as you had with your original post. Typically they just don't bother opening the article, or if they did, then they close the tab/window/hit the back button. This site is about news for geeks, not geek, with only one in mind. This article is trivial to apply to a certain group of geeks (those that want to distribute their creations, possibly make a little money, or recoup a little cost in the process).
That's nice. The only nail that counts, will be the one where solid state is at least modestly cheaper for a given amount of space.
Mind you, I look forward to that nail, but until it gets here, it's not yet time to party.
I'm still surprised at all the scam commercials I see on tv, and am amazed they are still around, and haven't been persecuted (i.e. MyCleanPc which has been running for over a year now at least).
Seriously, all those people who get it for free should shut up. I had to pay lots of hookers good money to get mine!
woooosh!
I don't see you paying to get the privilege of reading (or reading about) such complaints!
So quit your bitching! It's free! Be thankful!
You complain about people asking for proof, but if it has saved millions of lives, then proof shouldn't be hard to find.
Open minded means accepting possibilities, not jumping at them as fact. For example, saying chiropractic care can can't cure cancer, is closed minded, but so is saying it does. Without proof, either way, holding to one belief is closed minded.
A common misconception is that believing different from the norm makes you open minded. It doesn't.
If you don't need that kind of performance, then that extra $100 is wasted.
My server currently runs on an AMD. For one, it was the lowest energy using quad core I could find (45W). For two, at the time, it was cheaper than most Intel quad cores. And used less power than all but their lowest end dual cores.
Then again, my gaming rig is an i7 and my notebook is a Core2 Duo.
So, to answer your question: when it is the right tool for the job.
Please re-read the second chunk of text in my post, until you realize the problem you posted was already covered and taken care of.
Here's a hint if you need some assistance, the opposite of the bolded text was explicitly stated.
So, that would prevent a second salt/hashing from being applied?
No.
Anything done server side, can still be done server side, but now the client also has the ability to keep the protection of his/her password in his/her own hands.
You don't have to use the same salt on every user. Heck, you don't even have to use the same salting pattern.
Not if your site hints on how the user should salt their password (in a manner unlikely to be duplicated on other sites).
Also, there's nothing preventing the site from running a second hash, again fixing the issue, and now the user has the advantage of knowing their password isn't stored clear text.
Working on such in my personal time, I can, again call BS.
It would be somewhere between easy and trivial on most, to remove password hashing. It's a problem I've been trying to solve myself. I finally came to the conclusion that the hashing has to be done in javascript on the client side, or otherwise by the user, without an unhashed password being sent over the wire, for the user to be sure their unhashed password isn't sent.
bullshit on #2.
I admin a closed sourced app with a web portal, and I can tell you the passwords are damn well hashed and salted. It doesn't take much having to fiddle around with the various data files enough in the lines of customizing things, to see where and how the passwords are stored.
In other cases, where the database is used to store this, the user account table(s) in the database usually have a cryptically named column such as "pass", "pass _hash", etc. that couldn't have anything to do with the password...
In general practice, things that target cheapskates for money tend to be *very* poor quality in any area where dropping quality shaves off a buck of cost - the profit margins tend to be low, and every saved dollar is necessary. Better to stay in business until caught, than make no profit at all.
Call me nuts, but what OS would that be?
I wouldn't trust it on Windows or MacOS. With Linux or *BSD I'd still feel like I'm playing Russian Roulette (cue meme here). Yeah, they are *probably* safe, but it only takes one flaw, and I've yet to hear of any OS that hasn't had an oopsie bug. And we won't even go into possibilities from the BIOS if you leave the thing in at boot time.
Damn, why'd I have to work with a paranoid security freak in undergrad?
Given how much the lower level hardware does with USB these days, I'm not sure I would trust such a thing on any computer, even with a good wipe of the drive (i.e. combination of multiple invokations of `dd if=/dev/zero of="${DEV}"` and `dd if=/dev/random of="${DEV}"`
and what about prior museums (with the quantity of sites already doing this, prior art just doesn't have the right context)?
I wouldn't be so sure of that, it certainly doesn't read like that to me.
Knowing modern DRM, that "simple fix" would likely destroy the game.
If more companies do this, I suspect the result will be a large market for DS card readers, that you can use to wipe the save game. They'd also work well for rewriting cards too, I'm sure.
Capcom better hope this "brilliant" idea doesn't catch on. Pirates will love it.
Really it's a matter of the amount of force used to hold the plug in. It doesn't matter the source of the force. I well built connector (such as on my toshibas) will come out when the force exceeds that of the maximum weight of the cable pulling down on it, but is less than the friction force holding the item in place.
My Toshiba does that just as well as a friends MacBook, without a proprietary magnetic connector.
You can only get apps for your iDevices via the app store, they go out of their way to make it difficult for 3rd party software to access / update the content on their devices...
It was recently changed when they added that message. It was then changed when they removed the message, so they had to add it again for accuracy?
Yes, but they had 0% of the phone and phone app market before they made phones. Likewise with portable music players + .
Now they are anticompetative in both of those.
Why would they be different in TV?