So please bear with me and see if I get this right:
A physical device called token, incorporates two vital elements - a unique seed and a "secret" algorithm that given a unique seed, and optionally (on token users side), a username and a valid password, produces a verification code. The code also depends on a clock - given the same combination of seed (and again optionally,) a username and a valid password, it is only the same for a limited timespan - i.e. same seed, (...username, password) will produce different valid verification codes at different times of day, usually split into discrete periods of ca 1 minute.
The service authenticating the user of a token like the above, is based on verification of the code "computed" by the token. It matches the code supplied by the user with the code it produces itself. Obviously, the process is the same for the service - naturally, it will require the seed, the algorithm, and ALWAYS a username and a password (hence two-factor auth.) With these on its side it also produces a code. If the codes match, authentication is a fact.
The scheme is considered more secure than username/password based auth. because it not only is based on something a user knows, but also on a physical device they must have access to. Obviously the server HAS TO keep a copy of the seed, in either form that satisfies the computing of the code given the "secret" algorithm.
At least one of the two - algorithm or the seed - have to be kept a secret obviously, and if either is unique for an account, the server HAS TO KEEP A COPY (hence my original point.) I.e. we can use a publicly known hashing function for the algorithm, but we can't give up the seed, or vice versa (preferrably former) - otherwise we at best reduce the system to a one-factor authentication, since now only the username and password have to be obtained, the code can be produced easily by anybody. At worst, the account is compromised.
Honestly, it takes an idiot to not realize that it is precisely such "it won't be the people you think we'll go after tha we'll go after" laws that effectively support a police state bordering on the infamous "new world order" model. Because, if they can, they WILL go after you. If they would want to. Give them a reason, c'mon! Of course simple laws of economy and ROI (let's face it, the modern world is largely a commercial enterprise of sorts) says that a 14 year old kid linking to infringed material on YouTube from a blog post comment will not prompt a court letter, but what if the kid is umm, son of a businessman someone would like to exert some gentle pressure on? you know stuff like that.
I am not the guy walking around with "the end is nigh, sinners repel!" banner nor do I share their views much, but admit it - it has been proven time and again that often enough world functions by the following "law" - "you are only alive, because no one wants you dead strongly enough." We may argue that it has always been so throughout the history, but in todays world it's far simpler to accomplish - to execute someone or to ruin their lives - than arguably in all other times combined.
Ecosystems would disappear, causing chain reactions that would make other ecosystems to disappear. We would have the same rocks maybe, but I wouldn't be so sure about fish, flowers, insects, bushes and even trees. We might then have grave problems with producing food, harvesting materials that we produce and consume daily or otherwise. That in turn will cause a chain reaction in our societies. Sovereign states will collapse. While the rich would ensure they continue to be privileged - have access to necessities, food and resources, the poor will be torn between misery and state of revolt, all depending. Civil wars, suffering. At times like this, few will educate themselves - think poverty in some African regions - most will be occupied with daily provision for themselves and their families. Without educations it's only a matter of time before we are back to the stone age. And all because of 4*C increase in average temperature.
The good news is that we are theoretically and potentially prepared to handle such flow of events, if we stay together, believe in our collective ability to do this, don't let panic and delusion spread and take the best of us, and basically stay focused and put and do our best to SURVIVE - flourish in a changing world without bringing ourselves to extinction. Which means, life for most on the planet will be very different, but hunams will survive. We're quite adaptable really:) I hope the same would go for as many other species on Earth as possible.
1. Cancer was a known decease in ancient Egypt - a papyrus dated 1600 BC, tells of how the Egyptians were able to tell the difference between benign and malign tumors, how they removed benign tumors surgically and cauterized wounds that were left, and how they blamed their gods for the decease. The papyrus says "There is no cure." - I am going to safely assume that means that people did die from cancer in ancient Egypt. Tumors don't just sit around, they either grow or shrink. If there is no cure, it means they grow, and that means organ failure and certain death. They also blamed their gods for the decease, i wouldn't think they'd blame their gods if it was just harmless decease of which noone would die. By the way, the name we use - "cancer" - comes from ancient Greeks who called it "karkinos" or "carcinos" which means "crab" which is what Hippocrates thought dissected tumors looked like. Documented cases of death by cancer date back at least to 1600s.
2. Leafy things as you call them, especially green ones, through long and extensive research have been proven to be of great benefit to body health. What are your sources that state the contrary?
3. I don't know what you mean by "plenty of sleep" but even though it is indeed has been proven that NOT ENOUGH sleep is directly (and often irreversibly) detrimental to health in mammals, it has not been conclusively proven that "a lot" of sleep is beneficial. Again, what are your sources that conclude that "plenty of sleep" increases lifespan?
That's a monumental and exceedingly involving task - to create such a novel concept of a language, partly because few have been written, and even fewer are usable to mere mortals, who happen to be using imperative languages just fine, mind you. Articles upon articles full of either terms-within-terms or lack there-of, have been written. Some people once set upon defining this new computing upon which you seem to touch and created www.tunes.org, which has since stagnated.
I would advise you to write down your ideas and always fragment the problems that you identify and/or abstract them to a point where you can again spot the beginning of a formal theory that you can publush. That way you will be nearing the solution you often cannot see with predictable, verifiable and not least visually available and memorable steps. Also, that way, even if you don't come within a reach of the final ultimate goal which is a working language, you will have developed a whole set of usable laws and theories that can help others in their quest for the same goal. If you know you can't reach the goal, at least be a gentleman and pave a good road for those that find your path later.
In my opinion, many problems with software development, are just as applicable in other domains of our life, and parallel programming is definitely one of them. We equally well have problems managing large teams of people working in parallel. These are problems of logistics, management and also (and no I am not joking) - cooking. And we're as bad handling these as we now handle software development. It may be right, however, to start solving this with the computers - no need to throw away rotten food and/or burned-out employees under delusional management.
What could help is a trusted set of formal theories. That would be a start. Whether it will be a mathematician, a computer programmer, or a kitchen chef that writes this set, is not important. Stripped bare of the bathwater - abstracted and proven - the baby will be what we need.
So, as I understand, it may not be the obvious weakest potential link that has been compromised - the cipher itself for example - but rather a detail of implementation that paved way for their successful attack, right? If Skype fragment the encrypted data stream in variable sized frames that have also rather umm unpredictable (bear with me here) sizes, the attack, as stated by researchers themselves I believe, could not be instantiated in its current form? The entire weakness is based around the fact that it was relatively easy - far easier than bruteforcing the cipher - to guess the phonemes even from the encrypted frames.
Am I making sense here? Trying to verify if I have understood the main point of their research paper...
Actually it's a pity most of the folks seem to be of the opinion that 21st of May, 6pm is the time when the world ends. Instead, Rapture is the event where the chosen are taken to the sky and meet Christ. In other words, they may already have and we've not seen it. 6 months later - October 2011 - comes however the time when the world (Earth and the rest of the universe according to Camping) ends indeed.
Doesn't Unity seem to be made for computers with small screens and a lot of memory? Which doesn't exactly market it to a majority of computer owners, right?
The CPU has needed help with everything since it was invented, otherwise we would still have the same CPUs we had back in the 60s with absolutely no need for improvements. Your conservatism is baseless.
You are talking about a lever that only few know about. The majority of users happily continue to use their browsers which in fact come preset with a very liberal (for the issuing end) policy of not only accepting cookies from pretty much ANYWHERE but also store them on disk as part of their browsing cache. In short, 9 out of 10 users are fed so much cookie, their teeth should grind to the roots. That's the reality. It's not about you and me who know how to fire up Preferences and set up our own policies.
I pity the folks who, upon visiting a major website, have to wade through 10 dialogs where each more or less thoroughly tries to explain them the particular meaning of their "SC=" cookie and why they feel it is paramount for them to send it. It's suicide for both the user and the website.
Slashdot Mirror
Could it be viable to keep hashes (with unique salts to prevent rainbow table attacks) instead of cleartext copies of the seeds?
So please bear with me and see if I get this right:
A physical device called token, incorporates two vital elements - a unique seed and a "secret" algorithm that given a unique seed, and optionally (on token users side), a username and a valid password, produces a verification code. The code also depends on a clock - given the same combination of seed (and again optionally,) a username and a valid password, it is only the same for a limited timespan - i.e. same seed, (...username, password) will produce different valid verification codes at different times of day, usually split into discrete periods of ca 1 minute.
The service authenticating the user of a token like the above, is based on verification of the code "computed" by the token. It matches the code supplied by the user with the code it produces itself. Obviously, the process is the same for the service - naturally, it will require the seed, the algorithm, and ALWAYS a username and a password (hence two-factor auth.) With these on its side it also produces a code. If the codes match, authentication is a fact.
The scheme is considered more secure than username/password based auth. because it not only is based on something a user knows, but also on a physical device they must have access to. Obviously the server HAS TO keep a copy of the seed, in either form that satisfies the computing of the code given the "secret" algorithm.
At least one of the two - algorithm or the seed - have to be kept a secret obviously, and if either is unique for an account, the server HAS TO KEEP A COPY (hence my original point.) I.e. we can use a publicly known hashing function for the algorithm, but we can't give up the seed, or vice versa (preferrably former) - otherwise we at best reduce the system to a one-factor authentication, since now only the username and password have to be obtained, the code can be produced easily by anybody. At worst, the account is compromised.
Yes, how about you?
Do you know how their two-factor authentication works? How do you propose their system authenticates a client if it doesn't have a copy of the seed?
Honestly, it takes an idiot to not realize that it is precisely such "it won't be the people you think we'll go after tha we'll go after" laws that effectively support a police state bordering on the infamous "new world order" model. Because, if they can, they WILL go after you. If they would want to. Give them a reason, c'mon! Of course simple laws of economy and ROI (let's face it, the modern world is largely a commercial enterprise of sorts) says that a 14 year old kid linking to infringed material on YouTube from a blog post comment will not prompt a court letter, but what if the kid is umm, son of a businessman someone would like to exert some gentle pressure on? you know stuff like that.
I am not the guy walking around with "the end is nigh, sinners repel!" banner nor do I share their views much, but admit it - it has been proven time and again that often enough world functions by the following "law" - "you are only alive, because no one wants you dead strongly enough." We may argue that it has always been so throughout the history, but in todays world it's far simpler to accomplish - to execute someone or to ruin their lives - than arguably in all other times combined.
Well-dressed in Abibas and Mike, it seems :P
22 fps on a Pentium-M 2.0Ghz, Firefox 4, Ubuntu 10.04
Sadly, I do :/ Perhaps you're right - I overestimate ourselves, but frankly what's stopping us? Well, you've exposed the believer in me...
Thanks and pardon!
Ecosystems would disappear, causing chain reactions that would make other ecosystems to disappear. We would have the same rocks maybe, but I wouldn't be so sure about fish, flowers, insects, bushes and even trees. We might then have grave problems with producing food, harvesting materials that we produce and consume daily or otherwise. That in turn will cause a chain reaction in our societies. Sovereign states will collapse. While the rich would ensure they continue to be privileged - have access to necessities, food and resources, the poor will be torn between misery and state of revolt, all depending. Civil wars, suffering. At times like this, few will educate themselves - think poverty in some African regions - most will be occupied with daily provision for themselves and their families. Without educations it's only a matter of time before we are back to the stone age. And all because of 4*C increase in average temperature.
The good news is that we are theoretically and potentially prepared to handle such flow of events, if we stay together, believe in our collective ability to do this, don't let panic and delusion spread and take the best of us, and basically stay focused and put and do our best to SURVIVE - flourish in a changing world without bringing ourselves to extinction. Which means, life for most on the planet will be very different, but hunams will survive. We're quite adaptable really :) I hope the same would go for as many other species on Earth as possible.
Much misinformation above.
1. Cancer was a known decease in ancient Egypt - a papyrus dated 1600 BC, tells of how the Egyptians were able to tell the difference between benign and malign tumors, how they removed benign tumors surgically and cauterized wounds that were left, and how they blamed their gods for the decease. The papyrus says "There is no cure." - I am going to safely assume that means that people did die from cancer in ancient Egypt. Tumors don't just sit around, they either grow or shrink. If there is no cure, it means they grow, and that means organ failure and certain death. They also blamed their gods for the decease, i wouldn't think they'd blame their gods if it was just harmless decease of which noone would die. By the way, the name we use - "cancer" - comes from ancient Greeks who called it "karkinos" or "carcinos" which means "crab" which is what Hippocrates thought dissected tumors looked like. Documented cases of death by cancer date back at least to 1600s.
2. Leafy things as you call them, especially green ones, through long and extensive research have been proven to be of great benefit to body health. What are your sources that state the contrary?
3. I don't know what you mean by "plenty of sleep" but even though it is indeed has been proven that NOT ENOUGH sleep is directly (and often irreversibly) detrimental to health in mammals, it has not been conclusively proven that "a lot" of sleep is beneficial. Again, what are your sources that conclude that "plenty of sleep" increases lifespan?
Not bad robot, but you have much to learn of human ways ;-)
It seems to me that the sheer power of this mobile thing shadows the performance of my entire Centrino laptop :/
That's a monumental and exceedingly involving task - to create such a novel concept of a language, partly because few have been written, and even fewer are usable to mere mortals, who happen to be using imperative languages just fine, mind you. Articles upon articles full of either terms-within-terms or lack there-of, have been written. Some people once set upon defining this new computing upon which you seem to touch and created www.tunes.org, which has since stagnated.
I would advise you to write down your ideas and always fragment the problems that you identify and/or abstract them to a point where you can again spot the beginning of a formal theory that you can publush. That way you will be nearing the solution you often cannot see with predictable, verifiable and not least visually available and memorable steps. Also, that way, even if you don't come within a reach of the final ultimate goal which is a working language, you will have developed a whole set of usable laws and theories that can help others in their quest for the same goal. If you know you can't reach the goal, at least be a gentleman and pave a good road for those that find your path later.
In my opinion, many problems with software development, are just as applicable in other domains of our life, and parallel programming is definitely one of them. We equally well have problems managing large teams of people working in parallel. These are problems of logistics, management and also (and no I am not joking) - cooking. And we're as bad handling these as we now handle software development. It may be right, however, to start solving this with the computers - no need to throw away rotten food and/or burned-out employees under delusional management.
What could help is a trusted set of formal theories. That would be a start. Whether it will be a mathematician, a computer programmer, or a kitchen chef that writes this set, is not important. Stripped bare of the bathwater - abstracted and proven - the baby will be what we need.
So, as I understand, it may not be the obvious weakest potential link that has been compromised - the cipher itself for example - but rather a detail of implementation that paved way for their successful attack, right? If Skype fragment the encrypted data stream in variable sized frames that have also rather umm unpredictable (bear with me here) sizes, the attack, as stated by researchers themselves I believe, could not be instantiated in its current form? The entire weakness is based around the fact that it was relatively easy - far easier than bruteforcing the cipher - to guess the phonemes even from the encrypted frames.
Am I making sense here? Trying to verify if I have understood the main point of their research paper...
Actually it's a pity most of the folks seem to be of the opinion that 21st of May, 6pm is the time when the world ends. Instead, Rapture is the event where the chosen are taken to the sky and meet Christ. In other words, they may already have and we've not seen it. 6 months later - October 2011 - comes however the time when the world (Earth and the rest of the universe according to Camping) ends indeed.
18:08 here... Death comes when you least expect it, indeed :-)
Doesn't Unity seem to be made for computers with small screens and a lot of memory? Which doesn't exactly market it to a majority of computer owners, right?
I have 1Gb of RAM and do just fine. Am I sick?
Obviously.
The CPU has needed help with everything since it was invented, otherwise we would still have the same CPUs we had back in the 60s with absolutely no need for improvements. Your conservatism is baseless.
You are talking about a lever that only few know about. The majority of users happily continue to use their browsers which in fact come preset with a very liberal (for the issuing end) policy of not only accepting cookies from pretty much ANYWHERE but also store them on disk as part of their browsing cache. In short, 9 out of 10 users are fed so much cookie, their teeth should grind to the roots. That's the reality. It's not about you and me who know how to fire up Preferences and set up our own policies.
I pity the folks who, upon visiting a major website, have to wade through 10 dialogs where each more or less thoroughly tries to explain them the particular meaning of their "SC=" cookie and why they feel it is paramount for them to send it. It's suicide for both the user and the website.
I for one, don't notice any problems. I am not saying they aren't present, I am just stating that at my setup they are not noticed at all.
What's your system specs and usage scenario?
I surf the Web with AdBlock Plus, Stylish and Default Full Zoom Level extensions on a Thinkpad T43 with 1Gb of RAM, Ubuntu 10.04.