Depends on the application. Day to day when I'm buying lunch meat not really, but if it's a technical issue or article then yes, it would be a problem. Technical and scientific articles have a much greater need for correctness. Getting these things wrong can lead to significant and expensive problems.
Something that weighs 2 pounds in orbit would have to have a huge amount of mass. I'm pretty sure they meant 1 kilogram which is a unit of mass. Science writing is really going downhill it seems.
Drink a lot of water and you'll be hydrated (good) and you'll have to get up to go the the bathoom. People can't really make a fuss over that, so you know have an excuse to get up, walk around, stretch, etc.
All I want is reliable bandwidth and latency (what good is 50ms latency if it spikes to 1-2 seconds every so often? say good bye to skype and any online gaming) and ideally a static IP.
$110 per month for a terabyte plan on 100 Mbps down and 40 Mbps speeds over the fibre network
Is actually better than what I currently pay, I get 100 meg down, 5 up, 250 gig cap for $90 a month (Canadian duopoly, wheee). I hope they write up how they accomplish all this, might be time to start more of these co-ops. I also love the fact that with the trading scheme they encourage people to use the bandwidth, but intelligently. Right now since there's no real advantage of disadvantage to me when I run major downloads during prime time (and I notice that my speeds/latency are quite a bit worse during prime time), this co-op would result in me scripting most downloads it to run when bandwidth is "cheaper" (aka 3am). I suspect this is true for many other heavy users.
After the fact replacement of the engine means you need to pay someone to take the existing engine out, put a new one in, integrate it with the existing systems/etc. I imagine that takes a few hours (probably tens of hours) which adds significantly to the cost.
So with Gnome 3 to configure it you need the control panel, which comes built in. Except that is highly limited and doesn't include the ability to do basic things like manage window buttons, modify icons to include command line options, etc. All basic things that every other GUI includes in the control panel/properties of icons/etc.
What you will need to manage Gnome 3: the gnome teak tool, gnome extensions, and alacarte to modify icons. Except alacarte is broken, and has been broken since about August of 2011. So you'll need to copy text files into your home dir and edit them by hand to have custom command line options for icons. I cover all the gory details on F17 here:
TLDR: customizing Gnome 3 is a disaster. It's not that configuration options are hidden, they simply aren't present, you'll need additional tools, one of which is totally broken.
Go read "Great by choice", and Intels strategy (aka "Intel delivers") is explained, but in a nutshell they realized early on (like in the 70's) it wasn't enough to make good chips, you have to make lots of them, perfectly. So they are heavy into the manufacturing side and making sure it works really really well.
So I have a question: Google Chrome (and some other browsers) treats the address bar as a search bar. How will that work with new TLD's like "pepsi", does every search (for a single word) first get a DNS lookup, and then if fails, searched for at Google (which means all your personal searches leak to your ISP and any DNS server along the way), or do we include a whitelist of every new tld in the browser?
You need to be able to send arbitrary Dbus messages, so you need either local access or to remotely compromise the system (in which case you already won). This article is ridiculous and much ado about nothing.
The thing I still enjoy about Slashdot is not the number of comments, but reading them at 4+ or 5, and there are some real gems/informative things/etc. Unfortunately as people leave these great (not merely good) comments will leave as well leading to a downward spiral. Ala Digg. The system Reddit uses makes it much more difficult to simply say "show me all the good comments", although Reddit definitely wins the timeliness game.
Seriously. I'm not one to reminisce about the "good old days" (see my UID) but this is serious ridiculous. This really reminds me of when Digg cratered out, just checked Digg, 15 stories on the front page and 77 comments, in total. I remember when they had hundreds of comments, per story. So I'm guessing if this continues Slashdot will crater out by the end of the year. Well it was nice while it lasted.
$250,000 is basically one employee for one year (say 100k *2 for overhead/etc.) plus 50k in hardware/software. Properly securing this stuff is bound to cost more than the fines, so sadly I suspect many businesses simply do the math and decide to eat the fine.
I think Fight Club summed it up nicely:
Narrator: A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
Woman on plane: Are there a lot of these kinds of accidents?
Narrator: You wouldn't believe.
Woman on plane: Which car company do you work for?
Narrator: A major one.
Just put a few of these change stations on the outskirts of the cities on the highway, so electric in town, drive a few hours to X, stop at a station on the way to get an engine and a full tank of gas, when you hit the other city swap the engine back for a battery. For people who drive a LOT in town they can keep the engine. Sounds very handy. Would need a ridiculous amount of infrastructure however.
In this article, I’m not going to talk about an emerging technology (don’t get me wrong, I love new technology) but about something even more interesting: An emergent behavior that was never expected: bufferbloat.
Bufferbloat is not a recent phenomenon; however, it has only recently been uncovered and understood, and developers will likely be grappling with it for some time. Additionally, this problem, if left unchecked, will make the Internet painfully slow to use, greatly reducing the availability of services. Remember, availability is one of the three legs of the AIC triad (along with integrity and confidentiality).
So when people say "congestion causes slow networks" they are quite often right, but not for the reasons they think they are. Case in point: my Cablemodem ping times to www.seifried.org are nice and fast, until I saturate my uplink (with even just a single upload stream) at which point the latency increases to one second (in a semi-linear fashion over a few seconds, you can almost hear all the buffers getting filled up along the way).
1. AES is not a hash function. It can be used in some constructions to emulate a hash, but you wouldn't just call that AES-256 as you do, nor is it commonly used this way.
No but sadly it is used as one. Google results for SHA password storage: 143,000 results, results for AES password storage: 490,000 results. It is commonly used that way.
2. "Because hash functions like AES256 only provide 2^256 possible unique outputs..." Only? This would put you at ~2^128 outputs before you could really hope to get a collision (and not a collision with a specific output, just any two outputs colliding). This is WAAAY beyond the resources of all of humanity.
We said the same things about DES/3DES, Moores law, the groth of bot nets, and all that has some interesting side effects
3. "Brute-forcing older algorithms is definitely possible now (DES and 3DES already fell to brute-force attacks several years ago)." Since when was 3DES brute-forced? I see no evidence that even 2TDEA has been brute-forced, let alone 3TDEA which is what people actually use. Citation greatly needed.
DES was cracked in 1998 on $250,000 or so of custom hardware, using an average of 4.5 days (so half the key space). In the last 13 years hardware has gotten SIGNIFICANTLY faster and cheaper, from a 2006 paper: http://www.ietf.org/rfc/rfc4772.txt, and those 10 gig/sec chips are CHEAP now. Putting a few tens of thousands onto custom boards wouldn't be that expensive (same price range as deep crack).
Sadly password storage is actually tricky and most places do it wrong (using MD5/SHA1 for example). Covered in Nov 2011 article Storing your passwords properly (disclaimer: I wrote it, and it's a PDF file). One problem is that even if zappos enforces strong passwords users have a tendency to reuse their strong passwords between sites (you can only memorize so much gibberish or passphrases). Hopefully Zappos learns from this and builds a more resilient system.
The data needed to make actuarial tables isn't good enough (so you can't assess risk rates that well), and the amount of self inflicted harm (e.g. Sony) is staggering. What will happen is insurance companies will attempt to do this, claims will be filed, and denied on various grounds (some legitimate, like you did have a password on the admin account, and some less legitimate) but payout rates will be low to zero. Companies will realize that attempts to financially offset the impact of the risk isn't working (you pay the premiums but never win any claims) and eventually stop buying cyber insurance.
Slashdot Mirror
Depends on the application. Day to day when I'm buying lunch meat not really, but if it's a technical issue or article then yes, it would be a problem. Technical and scientific articles have a much greater need for correctness. Getting these things wrong can lead to significant and expensive problems.
Something that weighs 2 pounds in orbit would have to have a huge amount of mass. I'm pretty sure they meant 1 kilogram which is a unit of mass. Science writing is really going downhill it seems.
Drink a lot of water and you'll be hydrated (good) and you'll have to get up to go the the bathoom. People can't really make a fuss over that, so you know have an excuse to get up, walk around, stretch, etc.
All I want is reliable bandwidth and latency (what good is 50ms latency if it spikes to 1-2 seconds every so often? say good bye to skype and any online gaming) and ideally a static IP.
$110 per month for a terabyte plan on 100 Mbps down and 40 Mbps speeds over the fibre network
Is actually better than what I currently pay, I get 100 meg down, 5 up, 250 gig cap for $90 a month (Canadian duopoly, wheee). I hope they write up how they accomplish all this, might be time to start more of these co-ops. I also love the fact that with the trading scheme they encourage people to use the bandwidth, but intelligently. Right now since there's no real advantage of disadvantage to me when I run major downloads during prime time (and I notice that my speeds/latency are quite a bit worse during prime time), this co-op would result in me scripting most downloads it to run when bandwidth is "cheaper" (aka 3am). I suspect this is true for many other heavy users.
After the fact replacement of the engine means you need to pay someone to take the existing engine out, put a new one in, integrate it with the existing systems/etc. I imagine that takes a few hours (probably tens of hours) which adds significantly to the cost.
Cats vs dogs. Etc.
Mayor of New York city comes to mind, population: 8.2 million, compared to countries that makes it the 96th most populated country (out of 242).
So with Gnome 3 to configure it you need the control panel, which comes built in. Except that is highly limited and doesn't include the ability to do basic things like manage window buttons, modify icons to include command line options, etc. All basic things that every other GUI includes in the control panel/properties of icons/etc.
What you will need to manage Gnome 3: the gnome teak tool, gnome extensions, and alacarte to modify icons. Except alacarte is broken, and has been broken since about August of 2011. So you'll need to copy text files into your home dir and edit them by hand to have custom command line options for icons. I cover all the gory details on F17 here:
http://kurt.seifried.org/2012/06/01/making-fedora-17-gnome-3-work-you-cant-its-completely-broken/
TLDR: customizing Gnome 3 is a disaster. It's not that configuration options are hidden, they simply aren't present, you'll need additional tools, one of which is totally broken.
Go read "Great by choice", and Intels strategy (aka "Intel delivers") is explained, but in a nutshell they realized early on (like in the 70's) it wasn't enough to make good chips, you have to make lots of them, perfectly. So they are heavy into the manufacturing side and making sure it works really really well.
So I have a question: Google Chrome (and some other browsers) treats the address bar as a search bar. How will that work with new TLD's like "pepsi", does every search (for a single word) first get a DNS lookup, and then if fails, searched for at Google (which means all your personal searches leak to your ISP and any DNS server along the way), or do we include a whitelist of every new tld in the browser?
You need to be able to send arbitrary Dbus messages, so you need either local access or to remotely compromise the system (in which case you already won). This article is ridiculous and much ado about nothing.
The thing I still enjoy about Slashdot is not the number of comments, but reading them at 4+ or 5, and there are some real gems/informative things/etc. Unfortunately as people leave these great (not merely good) comments will leave as well leading to a downward spiral. Ala Digg. The system Reddit uses makes it much more difficult to simply say "show me all the good comments", although Reddit definitely wins the timeliness game.
Seriously. I'm not one to reminisce about the "good old days" (see my UID) but this is serious ridiculous. This really reminds me of when Digg cratered out, just checked Digg, 15 stories on the front page and 77 comments, in total. I remember when they had hundreds of comments, per story. So I'm guessing if this continues Slashdot will crater out by the end of the year. Well it was nice while it lasted.
$250,000 is basically one employee for one year (say 100k *2 for overhead/etc.) plus 50k in hardware/software. Properly securing this stuff is bound to cost more than the fines, so sadly I suspect many businesses simply do the math and decide to eat the fine.
I think Fight Club summed it up nicely:
Narrator: A new car built by my company leaves somewhere traveling at 60 mph. The rear differential locks up. The car crashes and burns with everyone trapped inside. Now, should we initiate a recall? Take the number of vehicles in the field, A, multiply by the probable rate of failure, B, multiply by the average out-of-court settlement, C. A times B times C equals X. If X is less than the cost of a recall, we don't do one.
Woman on plane: Are there a lot of these kinds of accidents?
Narrator: You wouldn't believe.
Woman on plane: Which car company do you work for?
Narrator: A major one.
Just put a few of these change stations on the outskirts of the cities on the highway, so electric in town, drive a few hours to X, stop at a station on the way to get an engine and a full tank of gas, when you hit the other city swap the engine back for a battery. For people who drive a LOT in town they can keep the engine. Sounds very handy. Would need a ridiculous amount of infrastructure however.
Yes it is wrong, it's called fraud. There may also be health concerns, e.g. allergies.
http://www.linuxpromagazine.com/Issues/2011/127/Security-Lessons-Bufferbloat/%28kategorie%29/0
In this article, I’m not going to talk about an emerging technology (don’t get me wrong, I love new technology) but about something even more interesting: An emergent behavior that was never expected: bufferbloat.
Bufferbloat is not a recent phenomenon; however, it has only recently been uncovered and understood, and developers will likely be grappling with it for some time. Additionally, this problem, if left unchecked, will make the Internet painfully slow to use, greatly reducing the availability of services. Remember, availability is one of the three legs of the AIC triad (along with integrity and confidentiality).
So when people say "congestion causes slow networks" they are quite often right, but not for the reasons they think they are. Case in point: my Cablemodem ping times to www.seifried.org are nice and fast, until I saturate my uplink (with even just a single upload stream) at which point the latency increases to one second (in a semi-linear fashion over a few seconds, you can almost hear all the buffers getting filled up along the way).
Cheaper than running physical cable to each machine. One AP can service multiple systems easily.
Not bad, it would seem white collar crime really does pay.
http://careers.redhat.com/.
Or the occupant is a 6 year old child that is sick and was picked up from school by the car to be sent home.
Sadly I wish it were so
1. AES is not a hash function. It can be used in some constructions to emulate a hash, but you wouldn't just call that AES-256 as you do, nor is it commonly used this way.
No but sadly it is used as one. Google results for SHA password storage: 143,000 results, results for AES password storage: 490,000 results. It is commonly used that way.
2. "Because hash functions like AES256 only provide 2^256 possible unique outputs..." Only? This would put you at ~2^128 outputs before you could really hope to get a collision (and not a collision with a specific output, just any two outputs colliding). This is WAAAY beyond the resources of all of humanity.
We said the same things about DES/3DES, Moores law, the groth of bot nets, and all that has some interesting side effects
3. "Brute-forcing older algorithms is definitely possible now (DES and 3DES already fell to brute-force attacks several years ago)." Since when was 3DES brute-forced? I see no evidence that even 2TDEA has been brute-forced, let alone 3TDEA which is what people actually use. Citation greatly needed.
DES was cracked in 1998 on $250,000 or so of custom hardware, using an average of 4.5 days (so half the key space). In the last 13 years hardware has gotten SIGNIFICANTLY faster and cheaper, from a 2006 paper: http://www.ietf.org/rfc/rfc4772.txt, and those 10 gig/sec chips are CHEAP now. Putting a few tens of thousands onto custom boards wouldn't be that expensive (same price range as deep crack).
I assume you mean http://www.tarsnap.com/scrypt.html and https://github.com/pbhogan/scrypt? Looks interesting, I'll have to check them out.
Sadly password storage is actually tricky and most places do it wrong (using MD5/SHA1 for example). Covered in Nov 2011 article Storing your passwords properly (disclaimer: I wrote it, and it's a PDF file). One problem is that even if zappos enforces strong passwords users have a tendency to reuse their strong passwords between sites (you can only memorize so much gibberish or passphrases). Hopefully Zappos learns from this and builds a more resilient system.
The data needed to make actuarial tables isn't good enough (so you can't assess risk rates that well), and the amount of self inflicted harm (e.g. Sony) is staggering. What will happen is insurance companies will attempt to do this, claims will be filed, and denied on various grounds (some legitimate, like you did have a password on the admin account, and some less legitimate) but payout rates will be low to zero. Companies will realize that attempts to financially offset the impact of the risk isn't working (you pay the premiums but never win any claims) and eventually stop buying cyber insurance.