Hashing multiple times makes each individual attempt take a lot longer, though. A thousand repetitions of the hash function means 1000x as much time (or processing power) needed by a hacker for a brute force attack.
If this has appeared somewhere in the other comments, sorry for missing it, but http://xkcd.com/664/ seems oh so appropriate here. (especially the alt text)
I mean this in the nicest possible way, but that post really makes it sound as if you don't know what you're talking about. 100000 light years is the size of a typical galaxy, i.e. the Milky Way (admittedly diameter, not radius). And the more massive a black hole, the bigger it is (as measured by the Schwarzschild radius); a black hole with 100 billion stars - which, again, is a typical galaxy's worth - would be about 600 billion km across. That's something like 100 times the size of the orbit of Neptune, and much bigger than any star.
I would temper the grandparent's statement by saying it depends on which data you're talking about. I mean,/tmp is supposed to be a temporary storage location - even the name tells you so. The whole point of it existing is so that you (well, the OS) can cache things there and trust that they're not going to sit around forever hogging disk space without having to remember to delete them explicitly. So I would expect that to be wiped on boot. (Same applies to temporary folders in Windows or any other system) Other data, though, I would generally expect to be kept. Especially System Restore points, which are pretty much useless if your last one is going to get deleted automatically.
First off, do not change your SSH port. It won't do a whole lot for you, and it will be more hassle than it works.
Well now that depends on your user base. If there are only a few people who need to log into the server, and they are familiar with using SSH to the point where they know how to specify an alternate port, and if you have an easy way to convey that information to them, then it's barely any hassle at all, and it does reduce the chance of unauthorized access by a significant factor - of course, that chance is already pretty small, so even a significant factor reduction might not be worth it to you. On the other hand, if you have users who aren't particularly comfortable with SSH or if there are, say, too many to tell them manually about the alternate port, then you might as well leave it at port 22.
Either DenyHosts or Fail2ban - I've looked at both and I don't know any reason to strongly prefer one over the other. They have slightly different feature sets so it depends on your preference, to some extent.
I was going to say the same, that Linode looks good but there are other VPS companies worth considering. I've been with Slicehost for a year or so and I'm quite happy with it, except for the fact that their cost per unit {RAM,disk space,bandwidth} is a little higher than Linode and Slicehost seems unwilling or unable to completely close that gap. There's also the possibility of using a cloud server, which typically lets you be more flexible in paying for only the resources you really need.
Regardless, a VPS is only the kind of thing to consider if you know how to (or want to learn how to) administer a Linux server from the kernel up. Some people don't want to get involved at that level and for them, shared hosting is a perfectly viable option.
Agreed, I was just about to post the same thing. In years of taking notes in math-intensive classes I've never found anything that can match handwriting for speed (including LaTeX... I'm a big fan of LaTeX but it doesn't cut it for real-time transcription).
Well, the more people who set up Tor *relays*, the more quickly traffic can propagate, yes. But not every Tor user is (or can be) a relay operator, and unfortunately the more non-relay-operator Tor users there are, the less quickly traffic can propagate. Basically, relays provide bandwidth for the network, and non-relay Tor users use it up. Ideally the ratio of relay operators to non-relay users should be reasonably high (well, at least a large fraction of 1).
This reminds me of a comment from a friend of mine who works at Google - he says that he's gotten the sense of a company philosophy (unofficial of course) that advocates doing things automatically, without human intervention as much as possible. Basically, they work as though there's an algorithm for everything and it's just a matter of how long it takes us (well, how long it takes them) to produce it and properly refine it. So I wouldn't be surprised if the reliance on human evaluators decreases over time. I bet Google would really like for the original language of their search result explanation to be true, but they've had to make concessions to reality...
They do follow the basic principle of science, though, namely that if you want to find out how the world works, you try stuff out, rather than believing whatever you hear from people. Which, given the way a lot of people seem to think, may be an improvement.
(Also, ever seen the episode on tenderizing meat? That was a lot more scientific than most of the stuff on the show... numerical results and repetition and all that.)
And you can't intercept and regenerate the signal because the laws of quantum physics make it impossible to measure enough information about the beam to generate a copy of it.
What you say is mostly true, but slightly misleading. Google "quantum repeater". Basically, it is possible to intercept and regenerate the signal precisely, but in doing so you cannot know what that signal actually was.
Actually I could say the same about what you say. Sure it's possible to intercept the quantum signal, but it is not possible to regenerate it precisely - by which I mean reproducing the original quantum state. Read up on the "no-clone theorem" - for example Wikipedia's article. It is possible to generate a new signal (state) that, if measured in the same basis, will produce the same result. But this is not the same as the original signal.
Last I heard, quantum cryptography did require a dedicated line.
And you can't intercept and regenerate the signal because the laws of quantum physics make it impossible to measure enough information about the beam to generate a copy of it. The way quantum cryptography works (at least this is one simple scheme), the sender of the key transmits photons that are polarized in one of 4 directions: N-S, E-W, NE-SW, or NW-SE. But when you measure the photons, you have to choose whether to make a N-S vs. E-W measurement, or an NE-SW vs. NW-SE measurement - you can't make both. And if you choose the wrong one for any particular photon, the outcome of the measurement is random (and the original orientation of the photon is lost).
Although, the sender and receiver of the key will have to compare notes via non-quantum means, to see which photons they measured using the same scheme, and if you have access to both the quantum channel and the non-quantum channel, I guess you could pull off a man-in-the-middle attack.
The poster said this is an American high school, and assuming that high school is public (as most of them are), there is no tuition charged. It's completely publicly funded (i.e. tax money pays for the school). It's been pointed out already that that may or may not make a difference.
There's still the issue (brought up above) of the terms of service. If the TOS says that AOL may discontinue the service at any time with or without notice for any reason whatsoever, then too bad for the users, they don't have any right to a two weeks' notice or any notice at all. The difference between $0.00 and $0.01 is that a sensible consumer is a whole lot less likely to pay a nonzero amount of money for a service with a TOS that includes that clause. There's no basic right to an advance notice of termination, it's just that - one would hope - offering a service without one wouldn't be economically viable.
I doubt that white noise vs. voice has anything to do with it. He's yelling *right* in front of the disks - his voice is going to induce a lot more vibration just because he's so much closer than the equipment. Inverse-square decay and all that;-)
Sure, but as long as it's up on/. I'm sure people who have one of these things will appreciate the warning. Just my opinion, but it's not all that bad to repeat similar stories every once in a while if it's the kind of thing that people are likely to get complacent about and/or forget about.
Key point: InDesign is for *layout*, not for writing. The design goal of InDesign and similar programs (Quark Xpress, Scribus, etc.) is to allow you to place regions of text and/or images exactly where you want them on the page, to twist them into exotic shapes, to apply fancy colored borders or backgrounds, and generally to take the existing content and make it artistic. I would never use one of these programs to write a book, unless it were something like a magazine where the text is split up into little oddly placed regions, and even then I'd write the text itself in some other program before copying and pasting into the layout editor. (I speak from a few years of experience with InDesign and Scribus, btw)
Well, it depends on what kind of thermometer you're using. Sure, a normal mercury or alcohol thermometer wouldn't work in outer space, but there are definitely devices that can measure very very low temperatures, and in some sense you can consider anything that measures temperature a "thermometer".
"temperature about 100 times colder than intergalactic space"
How can you have something that is 100 times colder than space. I think that space runs at about -270 C, so to be 100 times colder it would have to be -2700 C. I thought absolute zero was -273.15 C at which point all movement is stopped, so how do you get a temperature below that?
Read the discussion above...the 100x colder is measured in Kelvin, i.e. the "offset" above absolute zero. The temperature of space is about 3K (which is -270 Celsius), so 100x colder is about 3/100 Kelvin.
If it's his own property, placing it online with the intent that you download it probably creates a license. Just because it's not in writing doesn't mean it's not enforceable. And regardless of that, putting it online with the intent that you download it precludes any claim that your downloading it is piracy.
Actually no, because that's exactly what happens in real piracy - someone puts a music track/movie/book/etc. online with the intent that other people download it. Those downloaders are the pirates, the same ones the *IAA get so worked up about. The difference here is that the person putting the book online is (presumably) the same one who owns the copyright, and it's perfectly within his rights to distribute it - that's why it's not piracy. (Unless, of course, he has signed over those rights to a publishing company or something)
Slashdot Mirror
Hashing multiple times makes each individual attempt take a lot longer, though. A thousand repetitions of the hash function means 1000x as much time (or processing power) needed by a hacker for a brute force attack.
But the margin is too narrow to contain it.
See, this is why the default margin settings in LaTeX are the way they are.
If this has appeared somewhere in the other comments, sorry for missing it, but http://xkcd.com/664/ seems oh so appropriate here. (especially the alt text)
I mean this in the nicest possible way, but that post really makes it sound as if you don't know what you're talking about. 100000 light years is the size of a typical galaxy, i.e. the Milky Way (admittedly diameter, not radius). And the more massive a black hole, the bigger it is (as measured by the Schwarzschild radius); a black hole with 100 billion stars - which, again, is a typical galaxy's worth - would be about 600 billion km across. That's something like 100 times the size of the orbit of Neptune, and much bigger than any star.
I would temper the grandparent's statement by saying it depends on which data you're talking about. I mean, /tmp is supposed to be a temporary storage location - even the name tells you so. The whole point of it existing is so that you (well, the OS) can cache things there and trust that they're not going to sit around forever hogging disk space without having to remember to delete them explicitly. So I would expect that to be wiped on boot. (Same applies to temporary folders in Windows or any other system) Other data, though, I would generally expect to be kept. Especially System Restore points, which are pretty much useless if your last one is going to get deleted automatically.
First off, do not change your SSH port. It won't do a whole lot for you, and it will be more hassle than it works.
Well now that depends on your user base. If there are only a few people who need to log into the server, and they are familiar with using SSH to the point where they know how to specify an alternate port, and if you have an easy way to convey that information to them, then it's barely any hassle at all, and it does reduce the chance of unauthorized access by a significant factor - of course, that chance is already pretty small, so even a significant factor reduction might not be worth it to you. On the other hand, if you have users who aren't particularly comfortable with SSH or if there are, say, too many to tell them manually about the alternate port, then you might as well leave it at port 22.
Either DenyHosts or Fail2ban - I've looked at both and I don't know any reason to strongly prefer one over the other. They have slightly different feature sets so it depends on your preference, to some extent.
I was going to say the same, that Linode looks good but there are other VPS companies worth considering. I've been with Slicehost for a year or so and I'm quite happy with it, except for the fact that their cost per unit {RAM,disk space,bandwidth} is a little higher than Linode and Slicehost seems unwilling or unable to completely close that gap. There's also the possibility of using a cloud server, which typically lets you be more flexible in paying for only the resources you really need. Regardless, a VPS is only the kind of thing to consider if you know how to (or want to learn how to) administer a Linux server from the kernel up. Some people don't want to get involved at that level and for them, shared hosting is a perfectly viable option.
Agreed, I was just about to post the same thing. In years of taking notes in math-intensive classes I've never found anything that can match handwriting for speed (including LaTeX... I'm a big fan of LaTeX but it doesn't cut it for real-time transcription).
I made a blog post about this sort of thing a while ago (posting this link had better not crash my server ;-)
You mean steganography, not stenography. ;-)
Well, the more people who set up Tor *relays*, the more quickly traffic can propagate, yes. But not every Tor user is (or can be) a relay operator, and unfortunately the more non-relay-operator Tor users there are, the less quickly traffic can propagate. Basically, relays provide bandwidth for the network, and non-relay Tor users use it up. Ideally the ratio of relay operators to non-relay users should be reasonably high (well, at least a large fraction of 1).
This reminds me of a comment from a friend of mine who works at Google - he says that he's gotten the sense of a company philosophy (unofficial of course) that advocates doing things automatically, without human intervention as much as possible. Basically, they work as though there's an algorithm for everything and it's just a matter of how long it takes us (well, how long it takes them) to produce it and properly refine it. So I wouldn't be surprised if the reliance on human evaluators decreases over time. I bet Google would really like for the original language of their search result explanation to be true, but they've had to make concessions to reality...
They do follow the basic principle of science, though, namely that if you want to find out how the world works, you try stuff out, rather than believing whatever you hear from people. Which, given the way a lot of people seem to think, may be an improvement. (Also, ever seen the episode on tenderizing meat? That was a lot more scientific than most of the stuff on the show... numerical results and repetition and all that.)
Actually I could say the same about what you say. Sure it's possible to intercept the quantum signal, but it is not possible to regenerate it precisely - by which I mean reproducing the original quantum state. Read up on the "no-clone theorem" - for example Wikipedia's article. It is possible to generate a new signal (state) that, if measured in the same basis, will produce the same result. But this is not the same as the original signal.
Last I heard, quantum cryptography did require a dedicated line. And you can't intercept and regenerate the signal because the laws of quantum physics make it impossible to measure enough information about the beam to generate a copy of it. The way quantum cryptography works (at least this is one simple scheme), the sender of the key transmits photons that are polarized in one of 4 directions: N-S, E-W, NE-SW, or NW-SE. But when you measure the photons, you have to choose whether to make a N-S vs. E-W measurement, or an NE-SW vs. NW-SE measurement - you can't make both. And if you choose the wrong one for any particular photon, the outcome of the measurement is random (and the original orientation of the photon is lost). Although, the sender and receiver of the key will have to compare notes via non-quantum means, to see which photons they measured using the same scheme, and if you have access to both the quantum channel and the non-quantum channel, I guess you could pull off a man-in-the-middle attack.
Slashdot effect? ;-)
The poster said this is an American high school, and assuming that high school is public (as most of them are), there is no tuition charged. It's completely publicly funded (i.e. tax money pays for the school). It's been pointed out already that that may or may not make a difference.
There's still the issue (brought up above) of the terms of service. If the TOS says that AOL may discontinue the service at any time with or without notice for any reason whatsoever, then too bad for the users, they don't have any right to a two weeks' notice or any notice at all. The difference between $0.00 and $0.01 is that a sensible consumer is a whole lot less likely to pay a nonzero amount of money for a service with a TOS that includes that clause. There's no basic right to an advance notice of termination, it's just that - one would hope - offering a service without one wouldn't be economically viable.
I doubt that white noise vs. voice has anything to do with it. He's yelling *right* in front of the disks - his voice is going to induce a lot more vibration just because he's so much closer than the equipment. Inverse-square decay and all that ;-)
Sure, but as long as it's up on /. I'm sure people who have one of these things will appreciate the warning. Just my opinion, but it's not all that bad to repeat similar stories every once in a while if it's the kind of thing that people are likely to get complacent about and/or forget about.
Key point: InDesign is for *layout*, not for writing. The design goal of InDesign and similar programs (Quark Xpress, Scribus, etc.) is to allow you to place regions of text and/or images exactly where you want them on the page, to twist them into exotic shapes, to apply fancy colored borders or backgrounds, and generally to take the existing content and make it artistic. I would never use one of these programs to write a book, unless it were something like a magazine where the text is split up into little oddly placed regions, and even then I'd write the text itself in some other program before copying and pasting into the layout editor. (I speak from a few years of experience with InDesign and Scribus, btw)
Well, it depends on what kind of thermometer you're using. Sure, a normal mercury or alcohol thermometer wouldn't work in outer space, but there are definitely devices that can measure very very low temperatures, and in some sense you can consider anything that measures temperature a "thermometer".
"temperature about 100 times colder than intergalactic space"
How can you have something that is 100 times colder than space. I think that space runs at about -270 C, so to be 100 times colder it would have to be -2700 C. I thought absolute zero was -273.15 C at which point all movement is stopped, so how do you get a temperature below that?
Read the discussion above...the 100x colder is measured in Kelvin, i.e. the "offset" above absolute zero. The temperature of space is about 3K (which is -270 Celsius), so 100x colder is about 3/100 Kelvin.
If it's his own property, placing it online with the intent that you download it probably creates a license. Just because it's not in writing doesn't mean it's not enforceable. And regardless of that, putting it online with the intent that you download it precludes any claim that your downloading it is piracy.
Actually no, because that's exactly what happens in real piracy - someone puts a music track/movie/book/etc. online with the intent that other people download it. Those downloaders are the pirates, the same ones the *IAA get so worked up about. The difference here is that the person putting the book online is (presumably) the same one who owns the copyright, and it's perfectly within his rights to distribute it - that's why it's not piracy. (Unless, of course, he has signed over those rights to a publishing company or something)