Did you read the rest of what I wrote? Reset all accounts cookies, dump login info. Very simple, and if you do it covertly enough would probably go on for months without anyone knowing.
Actually no, it is not fixed key. The major reason why we went with SHA-1 with mutating keypairs that are based off a predictable dataset (I'm assuming you have seen these types of setups before, they are actually quite common.. this is the same setup) to generate the result hash. And yes, SHA stands for Secure Hash Algorithm, I am quite aware it is a hash. The system does not rely on the key being kept secret, it relies upon the entire system being kept secure. I can say this with absolute certainty, outside of someone sniffing the passwords coming in (even though it is coming via an encrypted connection), unless someone compromised the server there is no way they could retrieve a password. And even then, it would take them a while to setup the predictable decryption routine. Unfortunately, it also has to maintain the ability to be decrypted as well, which adds more irritating variables into the picture. The current implementation is just there to get by for a temporary solution, it's going to be replaced by a single signon method, which will probably be kerberos based but it's still in the brain storming stages.
Rest assured, ample thought has gone into the encryption scheme. We're dealing with high school students, I know if anyone can break it it's probably them:)
MD5 is not an encryption scheme, and besides, if someone rooted slashdot it would be exceptionally easy to find anyones passwords out anyway. Expire logins, put a mailto: on the login, wait and have the passwords mailed to a disposable email address.
And SHA-1, that works great as long as your keyset isn't compromised. We're using SHA-1 at the company I work with, and using a rather obscure private/public keyset - it can't be random because it must be synched amongst a set of boxes, so it has to be calculated and predictable. However, someone would have to look at the code, and have root access to the box in order to crack the keyset. I think that's pretty secure, but it can be broken.
Everything is a risk assessment, you just have to see how your risks weigh in with the benefit. If you have an ultra secure login system, but it takes 20 minutes to authorize, that isn't very useful.
Oh true, Oracle does not guarantee data integrity and all that. However, heads still roll if Oracle screws up. If someone pays $80K for a database solution, they pay for someone to blame and also someone to come fix the problem.
Oracle doesn't really have an EULA to work with. If a company is shelling out the $80K to get Oracle in their operations, they know damn well it will be working or someones head rolls.
Apache is the only open source application that people have utmost faith in working. Why? Because it has a huge proven record of working. I'd say the second "best" open source application is probably CVS. Another thing, if Apache dies you restart it. If CVS pukes, you can fix it easily. If you have a DB you lose data, nobody wants that.
Sorry to interject, but this is the whole point to support contracts. And this is where enterprise level software differs from your off-the-shelf variety. The reason why Oracle is so expensive is not for the actual database software, it's for the reliability and the support contracts.
If you are running a business that runs a couple million transactions a day, you want a tie to grab. You want someone who you can call and get down there in under an hour if the software barfs. That's why this stuff is there. That's why GPL software (unless they sell support contracts) wont make it into enterprise level business (with the exception of Apache) At one job, we had an SGI box that started acting up, within 4 hours we had a support team out there working on the box. Ended up having to replace the entire box, but that's enterprise support. It's like the insurance business almost, hoping only a small percentage of your clients have issues.
Wrong, go read the legal documents. Legal documents state the Valdez did in fact get permission to avoid the growlers. Legal documents state the Valdez was supposed to turn sharper. Legal documents state Hazelwood was no longer in command, so his intoxication had nothing to do with the accident.
Was Exxon at fault? Absolutely. Was it "a drunken exxon captain"? No. It was an accident that could have been prevented. Saying things like what was posted in the main article is trolling.
Wrong - there are three possibilities (as quoted in the legal finding) - Unfortunately, you don't have one person "steering the boat" -- Whether it was Cousins (who was in command), the helmsman, or a mechanical glitch (causing the ship to not turn sharp enough) is up in the air.
Bottom line: It's Exxon's fault it happened. I'm not saying it wasn't. However, at least get the damn facts straight. Slashdot expects us to subscribe when people can't even refrain from trolling on the front page.
Assuming you are American, You are just as guilty as Exxon-Mobil. The US soldiers murdered a group of Afghans (and tortured the survivors) based on false information. The US response: Oh, sorry.
The States does this all the time, but it's ok for American military to be funded by Americans so these actions are possible.
You pay taxes for military protection. The military kills innocent people, and slaughters/tortures in the name of "war" and it's acceptable. Same thing..
The point is, it's water hazards. The Valdez wasn't in shallow water, it wasn't in dangerous unnavigable waters. It was in open waters, with a well known reef. The problem was they didn't turn sharp enough to get back into the shipping lane (to avoid the growlers) -- Hazelwood being drunk had nothing to do with it.
If it wasn't in open navigable water then how did the US Coast guard boat suck right up to it?
It was returning to a shipping lane when it got stuck. There are water hazards specified and they did not turn sharp enough (Not sure whose fault that was) and hit a hazard. That's the bottom line.
Except they did something wrong, and I'm directly involved. Funny how relevance and facts come into play. Wait, this is Slashdot. We don't have time for facts.. I won't forget again.
Damn you are fucked up if you believe this. I feel sorry for your family. First off, Exxon-Mobil is not operating in that area anymore. It was too dangerous and the military was no longer able to provide adequate security. That was why Exxon-Mobil gave the government money. For security. Who cares what they do on their off time. It's not Exxon-Mobil's concern.
I'm not saying it's self-defense. I'm saying it's not Exxon-Mobils problem. Which it's not. If you want someone to go in there and stop all these people from getting killed, charter America to go on another global police manhunt. If you think that everyone will be all fine and dandy after a place that employs several thousand people disappears than you are the delusional one. Go visit a third world country and open your eyes. If the choice if living and dying in a warm bed, or living and dying out in the elements -- I'm sure you'd pick the warm bed. Yeah, maybe Exxon-Mobil could have done more to help the locals, but they were there to get oil not help a revolution.
You can't hold a valid argument, it's not my problem. You may want to resort to insults, oh wait. Got that. BP should not fund the entire Scottish wave power research effort. Plain and simple, they are a company in a way to make money. They will invest in technologies that can make them money. That was my point. The sheer stupidity of that statement shows you have little understanding of any sort of business, whether it be profitable and environmentally friendly, or something totally different. Either way -- I won't continue this thread after this, because you really have no clue in this regard.
First off, the Bligh Reef is not "running aground." It was in open and navigable waters, minus the reef. The Valdez went off course to avoid ice. It did not do this without permission (according to the legal documents) and the reason it hit the reef was it did not turn sharp enough to go back into the lane. As far as the trial goes, there was no cause other than it was Exxon's fault.
Nobody tells the truth all the time, because I quite frankly don't think there is such a thing as truth. There are things near truth, but never the absolute.
Here is a good source of info for Valdez. Ugly background, but good. I usually will not back something up unless necessary to prove it, otherwise it comes to me citing facts not debating.:)
You just said it in your previous comment, I quoted you directly. I'm done with this thread, if you can't hold what you speak you aren't worth talking to.
Absolutely - I stick to the truth and will not introduce statements unless I can back them up. I view people that do such things as weak in the debate field. If you can't win by facts you haven't won at all. Just my $0.02 in it. I just hate FUD.
Oh, sorry, my bad. Since they aren't dumping all the money you seem fit into alternate power sources they must be wrong. Yeah. Ok.
I hope you realise how stupid this statement is: Why isn't BP funding the entire Scottish wave power research effort?
The entire effort? Yeah. I have a hard time understanding why you are able conveive the steps to actually post if you think that was an intelligent argument.
I wasn't saying you were taking pot shots at oil companies. I was stating that was what I was posting in opposition of. I'm not protecting oil companies. I'm merely shedding the light that if youwant to bash the oil companies, at least do it truthfully. FUD seems to cause a lot of problems for some easy gain.:)
I am absolutely in favor of mass transit, and alternate power supplies. I just hate when people spread lies for the sake of knee jerk reactions.
Riiiight. So, basically, Exxon-Mobile gives money to the military to try to stabalize the economy their because they don't want to lose control and have their facilities taken over.
So, if any company (or country) happens to ask America for support and says we'll give you $1M for every month the Army is in front of our base, and then the Army goes and throws people in internment camps then that company is liable? Uh, please step away from the crack pipe.
Basically, you are pissed off that Exxon-Mobil had to give the military money for protection of their outfits. They haven't even been found guilty in any stretch of the imagination of being involved with what went on. I suppose you would feel better if they chartered an entire army to go fight for the unjust people that will be persecuted anyway? No, fuck that. These people are going to be beaten, raped, tortured no matter what. It is not up to a company to help, or hurt either side. It's up to governments. The way I figure it is they are giving people jobs over there, yeah -- life's rough, but it's a whole lot worse if you are unemployed.
Slashdot Mirror
Oh hell, 3 weeks ago I found out that was most definitely not the case. Thank goodness for a recent hot backup.
Did you read the rest of what I wrote? Reset all accounts cookies, dump login info. Very simple, and if you do it covertly enough would probably go on for months without anyone knowing.
To me, it sounded like you were using a fixed slat to gnerate your authenicators from passwords, and you somehow needed the salt kept secret.
:)
When I posted the original post, I had a 103 degree temperature. Wouldn't surprise me if that's what I'd think too
Unfortunately, we deal with a lot of passwords that are just plain retarded.
Actually no, it is not fixed key. The major reason why we went with SHA-1 with mutating keypairs that are based off a predictable dataset (I'm assuming you have seen these types of setups before, they are actually quite common.. this is the same setup) to generate the result hash. And yes, SHA stands for Secure Hash Algorithm, I am quite aware it is a hash. The system does not rely on the key being kept secret, it relies upon the entire system being kept secure. I can say this with absolute certainty, outside of someone sniffing the passwords coming in (even though it is coming via an encrypted connection), unless someone compromised the server there is no way they could retrieve a password. And even then, it would take them a while to setup the predictable decryption routine. Unfortunately, it also has to maintain the ability to be decrypted as well, which adds more irritating variables into the picture. The current implementation is just there to get by for a temporary solution, it's going to be replaced by a single signon method, which will probably be kerberos based but it's still in the brain storming stages.
:)
Rest assured, ample thought has gone into the encryption scheme. We're dealing with high school students, I know if anyone can break it it's probably them
MD5 is not an encryption scheme, and besides, if someone rooted slashdot it would be exceptionally easy to find anyones passwords out anyway. Expire logins, put a mailto: on the login, wait and have the passwords mailed to a disposable email address.
And SHA-1, that works great as long as your keyset isn't compromised. We're using SHA-1 at the company I work with, and using a rather obscure private/public keyset - it can't be random because it must be synched amongst a set of boxes, so it has to be calculated and predictable. However, someone would have to look at the code, and have root access to the box in order to crack the keyset. I think that's pretty secure, but it can be broken.
Everything is a risk assessment, you just have to see how your risks weigh in with the benefit. If you have an ultra secure login system, but it takes 20 minutes to authorize, that isn't very useful.
Oh true, Oracle does not guarantee data integrity and all that. However, heads still roll if Oracle screws up. If someone pays $80K for a database solution, they pay for someone to blame and also someone to come fix the problem.
Oracle doesn't really have an EULA to work with. If a company is shelling out the $80K to get Oracle in their operations, they know damn well it will be working or someones head rolls.
Apache is the only open source application that people have utmost faith in working. Why? Because it has a huge proven record of working. I'd say the second "best" open source application is probably CVS. Another thing, if Apache dies you restart it. If CVS pukes, you can fix it easily. If you have a DB you lose data, nobody wants that.
Sorry to interject, but this is the whole point to support contracts. And this is where enterprise level software differs from your off-the-shelf variety. The reason why Oracle is so expensive is not for the actual database software, it's for the reliability and the support contracts.
If you are running a business that runs a couple million transactions a day, you want a tie to grab. You want someone who you can call and get down there in under an hour if the software barfs. That's why this stuff is there. That's why GPL software (unless they sell support contracts) wont make it into enterprise level business (with the exception of Apache) At one job, we had an SGI box that started acting up, within 4 hours we had a support team out there working on the box. Ended up having to replace the entire box, but that's enterprise support. It's like the insurance business almost, hoping only a small percentage of your clients have issues.
Wrong, go read the legal documents. Legal documents state the Valdez did in fact get permission to avoid the growlers. Legal documents state the Valdez was supposed to turn sharper. Legal documents state Hazelwood was no longer in command, so his intoxication had nothing to do with the accident.
Was Exxon at fault? Absolutely. Was it "a drunken exxon captain"? No. It was an accident that could have been prevented. Saying things like what was posted in the main article is trolling.
Wrong - there are three possibilities (as quoted in the legal finding) - Unfortunately, you don't have one person "steering the boat" -- Whether it was Cousins (who was in command), the helmsman, or a mechanical glitch (causing the ship to not turn sharp enough) is up in the air.
Bottom line: It's Exxon's fault it happened. I'm not saying it wasn't. However, at least get the damn facts straight. Slashdot expects us to subscribe when people can't even refrain from trolling on the front page.
Assuming you are American, You are just as guilty as Exxon-Mobil. The US soldiers murdered a group of Afghans (and tortured the survivors) based on false information. The US response: Oh, sorry.
The States does this all the time, but it's ok for American military to be funded by Americans so these actions are possible.
You pay taxes for military protection. The military kills innocent people, and slaughters/tortures in the name of "war" and it's acceptable. Same thing..
The point is, it's water hazards. The Valdez wasn't in shallow water, it wasn't in dangerous unnavigable waters. It was in open waters, with a well known reef. The problem was they didn't turn sharp enough to get back into the shipping lane (to avoid the growlers) -- Hazelwood being drunk had nothing to do with it.
If it wasn't in open navigable water then how did the US Coast guard boat suck right up to it?
It was returning to a shipping lane when it got stuck. There are water hazards specified and they did not turn sharp enough (Not sure whose fault that was) and hit a hazard. That's the bottom line.
Except they did something wrong, and I'm directly involved. Funny how relevance and facts come into play. Wait, this is Slashdot. We don't have time for facts.. I won't forget again.
Damn you are fucked up if you believe this. I feel sorry for your family. First off, Exxon-Mobil is not operating in that area anymore. It was too dangerous and the military was no longer able to provide adequate security. That was why Exxon-Mobil gave the government money. For security. Who cares what they do on their off time. It's not Exxon-Mobil's concern.
I'm not saying it's self-defense. I'm saying it's not Exxon-Mobils problem. Which it's not. If you want someone to go in there and stop all these people from getting killed, charter America to go on another global police manhunt. If you think that everyone will be all fine and dandy after a place that employs several thousand people disappears than you are the delusional one. Go visit a third world country and open your eyes. If the choice if living and dying in a warm bed, or living and dying out in the elements -- I'm sure you'd pick the warm bed. Yeah, maybe Exxon-Mobil could have done more to help the locals, but they were there to get oil not help a revolution.
You can't hold a valid argument, it's not my problem. You may want to resort to insults, oh wait. Got that. BP should not fund the entire Scottish wave power research effort. Plain and simple, they are a company in a way to make money. They will invest in technologies that can make them money. That was my point. The sheer stupidity of that statement shows you have little understanding of any sort of business, whether it be profitable and environmentally friendly, or something totally different. Either way -- I won't continue this thread after this, because you really have no clue in this regard.
First off, the Bligh Reef is not "running aground." It was in open and navigable waters, minus the reef. The Valdez went off course to avoid ice. It did not do this without permission (according to the legal documents) and the reason it hit the reef was it did not turn sharp enough to go back into the lane. As far as the trial goes, there was no cause other than it was Exxon's fault.
Nobody tells the truth all the time, because I quite frankly don't think there is such a thing as truth. There are things near truth, but never the absolute.
:)
Here is a good source of info for Valdez. Ugly background, but good. I usually will not back something up unless necessary to prove it, otherwise it comes to me citing facts not debating.
You just said it in your previous comment, I quoted you directly. I'm done with this thread, if you can't hold what you speak you aren't worth talking to.
Absolutely - I stick to the truth and will not introduce statements unless I can back them up. I view people that do such things as weak in the debate field. If you can't win by facts you haven't won at all. Just my $0.02 in it. I just hate FUD.
On an OT note, quoting yourself is really poor character. Especially in the method you have used.
Oh, sorry, my bad. Since they aren't dumping all the money you seem fit into alternate power sources they must be wrong. Yeah. Ok.
I hope you realise how stupid this statement is: Why isn't BP funding the entire Scottish wave power research effort?
The entire effort? Yeah. I have a hard time understanding why you are able conveive the steps to actually post if you think that was an intelligent argument.
I wasn't saying you were taking pot shots at oil companies. I was stating that was what I was posting in opposition of. I'm not protecting oil companies. I'm merely shedding the light that if youwant to bash the oil companies, at least do it truthfully. FUD seems to cause a lot of problems for some easy gain. :)
I am absolutely in favor of mass transit, and alternate power supplies. I just hate when people spread lies for the sake of knee jerk reactions.
And on another side note -- how many people will die of starvation after losing their job because Exxon-Mobil pulled out their operations.
1. Grow a brain.
2. Use it to see the whole picture.
Riiiight. So, basically, Exxon-Mobile gives money to the military to try to stabalize the economy their because they don't want to lose control and have their facilities taken over.
So, if any company (or country) happens to ask America for support and says we'll give you $1M for every month the Army is in front of our base, and then the Army goes and throws people in internment camps then that company is liable? Uh, please step away from the crack pipe.
Basically, you are pissed off that Exxon-Mobil had to give the military money for protection of their outfits. They haven't even been found guilty in any stretch of the imagination of being involved with what went on. I suppose you would feel better if they chartered an entire army to go fight for the unjust people that will be persecuted anyway? No, fuck that. These people are going to be beaten, raped, tortured no matter what. It is not up to a company to help, or hurt either side. It's up to governments. The way I figure it is they are giving people jobs over there, yeah -- life's rough, but it's a whole lot worse if you are unemployed.