My example of switching e's for 3's wasn't meant to be taken as the only substitution. There are many different types of substitution, and each one increases the entropy of the password.
I'm not sure that dictionary attacks can be run word-wise on a phrase, since it is the whole phrase that is hashed, and a good hash function will have wildly different output values with similar, but different, input. That is, you can't hone in on the proper phrase with "These", "These were", "These were the", and so on.
The point is, small changes can be used to increase the size of the dictionary so that a dictionary search becomes no better than a brute force attack.
Anyone smart who uses passphrases, will sufficiently mangle them to defeat dictionary attacks. For example, why use "They were the best of times, they were the worst of times," when with a little forethought, you could as easily remember "They were the b3st of t1mes, they were the w0rst of tim3s." Those numbers could go anywhere, and switching out all the possibilities for every character of every phrase would take far longer than just a brute force dictionary attack.
If people really want a challenge, they should research cancer drugs, or engineer safety solutions for automobiles. Spending 15 days wrestling with an OS isn't a challenge, it's a waste of time, especially when a simpler solution exists.
It wasn't exactly BAD tech support, but it was amusing. We've had DSL ever since we moved to WA (just outside Seattle), and in the beginning, it worked about 98% of the time. Then, after a year of just fine service, it suddenly stopped.
I called Verizon, and asked what happened, since nothing had changed at home. They ran through the regular tests over the phone, and when nothing odd turned up, they said they'd look into it and call me back.
The next day I get a phone call. "Yes, sir? Yeah, well, as you know, for DSL to work, you have to be within five miles of a phone switch." Yeah, I'm thinking, I haven't moved or anything... "Well, sir, the thing is, someone was doing some upgrading on the lines, and they patched in a GIANT COIL of cable about a block from you, effectively making the line distance between you and the switch about twenty miles. We'll send someone to remove that coil ASAP."
A day later some Verizon guy shows up at the door shaking his head. "You the guy with the DSL problem? Yeah, there's only one key for the hatch with the GIANT LOOP of coil behind it, and the guy who has it is out sick today. I'll fix it tomorrow." He shook his head like he was seriously embarassed to be telling me this. I just laughed.
It got fixed a day later, but that was easily the most amusing tech problem I've ever had.
Yeah, this guy is doing the collision testing on his server? So, what, he's caching every test input and Hash Value, and is going to flag a notice when the same Hash comes up twice? I hope he has a LOT of Hard Drive space to store the 2^128 different keys and input strings.
Tangentially related, but important in the "big companies are ripping off the little guys" way:
eMusic.com has many CDs that are from smaller labels on their site, and they are not paying royalties to the smaller labels. Their philosophy is "We're owned by HP, these small labels can't afford to sue us." I know this for a fact as a friend of mine is a major artist on Metropolis Records, and neither he nor his label get nothing from any sale of his music through eMusic.com.
BuyMusic.com stole their DRM code from their DRM provider, in that they refused to pay out their contract after receiving 99% of the code, again with the philosophy that "we're too big for you small fries to afford to sue." Another friend lost a job because of this (he worked for the DRM provider, who subsequently ran out of money).
Anyway, please don't throw your dollars at either of these companies. They're screwing over musicians and software developers alike.
Maybe instead of concentrating on all the things they shouldn't be doing (because really, they're going to do them anyway, at some point), the focus should be placed on encouraging them to use the computer as a tool to learn about software development, art, music, creativity, writing, and things other than Pr0n and A/S/L chatrooms. Back in the days when all I had was a BBS to log onto by night, my C64 (and eventually Amiga) allowed me to explore all sorts of musical, graphical, and software development endevors. It's almost sad that the Intarweb is this big shiny thing that wastes the time of anyone without the discipline to back themselves away from it and do something self-improving with their computer.
So yes, change the focus to productive computer usage, trust them to behave (reasonably), and talk to them candidly and in a non-judgemental way about what they find that may be offensve on the Web. If you're really scared about what they're going to find on the internet unsupervised, take a walk with them around your nearest Inner City area, so you can see what nastyness really is.
I wish I were joking. The former guitarist for SMP (currently half of the Seattle band Doll Factory) worked tech support at Mackie, and you would not believe the phone calls he would get. Not only is the above quote direct from a call he got, but he had irate customers who couldn't find the "custom cable" for the onboard microphones in the Mackie 8 Bus Consoles. Apparantly they thought the holes drilled in the plates above the surface mounted talkback microphones were custom jacks.
From a musician's standpoint, I doubt many would care what OS their sound-making device is running. Most musicians just want a device that is stable, affordable, and sounds like they want it to sound. Lots of coveted synths (say, the Access Virus C) run an embedded OS, and musicians are totally happy with that.
With software synths (Reason, Reaktor, plus the various VST and DXi synths available) gaining in popularity, a laptop and a small USB keyboard are all many electronic musicians need to get going. Factor into this the low cost (since downloading of MP3s is killing small/new artists more than it harms anyone associated with the RIAA), and the fact that even electronic musicians are not highly technically savvy ("Yo, mate, I plugged my 'board into the Insert Jack on this Mackie, becuase I want to Insert the sound, right?"), musicians will tend to go with what everyone else is using because then support is easy to find. Unless some new device offers some unique and killer sound with a dirt simple or intuitive user interface, it's just another box destined to fade into obscurity.
Best example of how to speak about Security
on
Beyond Fear
·
· Score: 4, Informative
As a computer person, I don't consider myself a great conversationalist. And I agree that I've already thought about a lot of the issues Schneier brings up in "Beyond Fear."
However, most "normal people" relate well to anecdotes, and general examples, and this book is full of them. Instead of trying to describe how 256 bit keys are safer than 64 bit keys to non-technical friends and relatives, I've learned lots of metahphors involving door locks, car theft, and every day risk assesment that will help me to get my point across a lot more clearly.
I think this is the point of this book. It's not technical. It's Security for the Everyman.
Musicians have been using laptops for a variety of purposes for years now. Daniel Myer, otherwise known as German artist Haujobb, uses laptops live and in the studio. In fact, it's all he brings on tour, and relies on local acts and promoters for the rest of his stage gear. Tom Shear of Assemblage23 has a Powerbook Ti and a G3 at home, which he used to produce his last several albums, and a pletheora of remixes. Supposedly Kevin Cey of Skinny Puppy fame is working on new stuff entirely on a laptop.
My whole equipment list is here: http://www.staticengine.com/studio.html And that's toned down from the hardware monstrosity it used to be. The bottom list of equipment is all hardware I've sold since getting softsynths, Sonar 2.2, and Reason 2.5. More and more music production occurs entirely in the digital environment, because it just sounds cleaner and crisper. All those cables used to add noise. Now, it's just the CPU pressing bits. And that 2.4GHz P4 1GB RAM system that's my main music computer is VASTLY overpowered - I wrote, recorded, and mixed down a 40 track song entirely in Reason 2.5 (with imported vocal lines from the singer) and the CPU never once peaked above 30%.
The bottom line is that software and fast PCs have made the days of lusting over large analog (or even overpriced digital, D8B anyone?) consoles a thing of the past. Sure, you may still need a mixer to route some signals and use outboard effects processors (the MOTU line of zero latency audio I/O boxes can even eliminate this need), but aside from having a good recording environment and a modicum of talent, there's very little barrier to entry for anyone with $2k lying around to become a professional sounding musician.
So do the Telemarketers now have a list of phone numbers that they know are valid? Can they use the DNC list to target their marketing for "difficult" or "hostile" numbers? Was this really just a scam all along?
Or is their access to the DNC list numbers restricted?
The Game Industry has embraced OGG, although somewhat silently. With slim budgets, we're always looking for the cheap (and free) solution, and OGG is perfect when we want compressed audio at a good quality.
The sole deciding factor in whether or not compressed audio really gets used in a game is available minspec bandwidth. If marketing is forcing us to target a 500MHz machine, and decompressing OGG audio kills our framerate, then audio compression goes. It the sad truth that the tech heads do not call the shots in this department.
There's a sales site directly on the main page. The big "O" leads to orders and I ship out directly. I think the prices are reasonable.
And responding to another post, the point was that $5 a CD is too little to charge, which is why I charge more, so I break even earlier and can hopefully keep the deal going longer because additional CDs bring in more money.
Slashdot Mirror
Isn't the size of a CRT limited by how strong the tube must be to withstand the atmosphere crushing it due to the vacuum inside the tube?
This strength, of course, adds to the weight, which of course makes large tubes cumbersome and unattractive to consumers.
My example of switching e's for 3's wasn't meant to be taken as the only substitution. There are many different types of substitution, and each one increases the entropy of the password.
I'm not sure that dictionary attacks can be run word-wise on a phrase, since it is the whole phrase that is hashed, and a good hash function will have wildly different output values with similar, but different, input. That is, you can't hone in on the proper phrase with "These", "These were", "These were the", and so on.
The point is, small changes can be used to increase the size of the dictionary so that a dictionary search becomes no better than a brute force attack.
Anyone smart who uses passphrases, will sufficiently mangle them to defeat dictionary attacks. For example, why use "They were the best of times, they were the worst of times," when with a little forethought, you could as easily remember "They were the b3st of t1mes, they were the w0rst of tim3s." Those numbers could go anywhere, and switching out all the possibilities for every character of every phrase would take far longer than just a brute force dictionary attack.
If people really want a challenge, they should research cancer drugs, or engineer safety solutions for automobiles. Spending 15 days wrestling with an OS isn't a challenge, it's a waste of time, especially when a simpler solution exists.
Lego has insane tolerances for their brick manufacturing processes. None of the knockoffs are anywhere near as precise. Thus, the brand loyalty.
This volcano is surrounded by miles of ash and rock. The lava isn't that fast flowing. It's not going to set anything on fire.
Check out Inform: http://www.inform-fiction.org/index.html
Also, this year's Interactive Fiction Competition: http://www.ifcomp.org
and the newsgroups rec.arts.int-fiction and rec.games.int-fiction. Text Adventures are still alive, thank you.
"Imagine a world of humans without gender"
So, a whole world like my office full of programmers? No thanks.
Could it be due to Relativistic Frame Dragging caused by the rotation of the Sun?
It wasn't exactly BAD tech support, but it was amusing. We've had DSL ever since we moved to WA (just outside Seattle), and in the beginning, it worked about 98% of the time. Then, after a year of just fine service, it suddenly stopped.
I called Verizon, and asked what happened, since nothing had changed at home. They ran through the regular tests over the phone, and when nothing odd turned up, they said they'd look into it and call me back.
The next day I get a phone call. "Yes, sir? Yeah, well, as you know, for DSL to work, you have to be within five miles of a phone switch." Yeah, I'm thinking, I haven't moved or anything... "Well, sir, the thing is, someone was doing some upgrading on the lines, and they patched in a GIANT COIL of cable about a block from you, effectively making the line distance between you and the switch about twenty miles. We'll send someone to remove that coil ASAP."
A day later some Verizon guy shows up at the door shaking his head. "You the guy with the DSL problem? Yeah, there's only one key for the hatch with the GIANT LOOP of coil behind it, and the guy who has it is out sick today. I'll fix it tomorrow." He shook his head like he was seriously embarassed to be telling me this. I just laughed.
It got fixed a day later, but that was easily the most amusing tech problem I've ever had.
If all the clocks stop at Midnight, how do yo know when the 40 minutes are up?
Yeah, this guy is doing the collision testing on his server? So, what, he's caching every test input and Hash Value, and is going to flag a notice when the same Hash comes up twice? I hope he has a LOT of Hard Drive space to store the 2^128 different keys and input strings.
Tangentially related, but important in the "big companies are ripping off the little guys" way:
eMusic.com has many CDs that are from smaller labels on their site, and they are not paying royalties to the smaller labels. Their philosophy is "We're owned by HP, these small labels can't afford to sue us." I know this for a fact as a friend of mine is a major artist on Metropolis Records, and neither he nor his label get nothing from any sale of his music through eMusic.com.
BuyMusic.com stole their DRM code from their DRM provider, in that they refused to pay out their contract after receiving 99% of the code, again with the philosophy that "we're too big for you small fries to afford to sue." Another friend lost a job because of this (he worked for the DRM provider, who subsequently ran out of money).
Anyway, please don't throw your dollars at either of these companies. They're screwing over musicians and software developers alike.
Maybe instead of concentrating on all the things they shouldn't be doing (because really, they're going to do them anyway, at some point), the focus should be placed on encouraging them to use the computer as a tool to learn about software development, art, music, creativity, writing, and things other than Pr0n and A/S/L chatrooms. Back in the days when all I had was a BBS to log onto by night, my C64 (and eventually Amiga) allowed me to explore all sorts of musical, graphical, and software development endevors. It's almost sad that the Intarweb is this big shiny thing that wastes the time of anyone without the discipline to back themselves away from it and do something self-improving with their computer.
So yes, change the focus to productive computer usage, trust them to behave (reasonably), and talk to them candidly and in a non-judgemental way about what they find that may be offensve on the Web. If you're really scared about what they're going to find on the internet unsupervised, take a walk with them around your nearest Inner City area, so you can see what nastyness really is.
I wish I were joking. The former guitarist for SMP (currently half of the Seattle band Doll Factory) worked tech support at Mackie, and you would not believe the phone calls he would get. Not only is the above quote direct from a call he got, but he had irate customers who couldn't find the "custom cable" for the onboard microphones in the Mackie 8 Bus Consoles. Apparantly they thought the holes drilled in the plates above the surface mounted talkback microphones were custom jacks.
From a musician's standpoint, I doubt many would care what OS their sound-making device is running. Most musicians just want a device that is stable, affordable, and sounds like they want it to sound. Lots of coveted synths (say, the Access Virus C) run an embedded OS, and musicians are totally happy with that.
With software synths (Reason, Reaktor, plus the various VST and DXi synths available) gaining in popularity, a laptop and a small USB keyboard are all many electronic musicians need to get going. Factor into this the low cost (since downloading of MP3s is killing small/new artists more than it harms anyone associated with the RIAA), and the fact that even electronic musicians are not highly technically savvy ("Yo, mate, I plugged my 'board into the Insert Jack on this Mackie, becuase I want to Insert the sound, right?"), musicians will tend to go with what everyone else is using because then support is easy to find. Unless some new device offers some unique and killer sound with a dirt simple or intuitive user interface, it's just another box destined to fade into obscurity.
As a computer person, I don't consider myself a great conversationalist. And I agree that I've already thought about a lot of the issues Schneier brings up in "Beyond Fear."
However, most "normal people" relate well to anecdotes, and general examples, and this book is full of them. Instead of trying to describe how 256 bit keys are safer than 64 bit keys to non-technical friends and relatives, I've learned lots of metahphors involving door locks, car theft, and every day risk assesment that will help me to get my point across a lot more clearly.
I think this is the point of this book. It's not technical. It's Security for the Everyman.
Musicians have been using laptops for a variety of purposes for years now. Daniel Myer, otherwise known as German artist Haujobb, uses laptops live and in the studio. In fact, it's all he brings on tour, and relies on local acts and promoters for the rest of his stage gear. Tom Shear of Assemblage23 has a Powerbook Ti and a G3 at home, which he used to produce his last several albums, and a pletheora of remixes. Supposedly Kevin Cey of Skinny Puppy fame is working on new stuff entirely on a laptop.
My whole equipment list is here: http://www.staticengine.com/studio.html And that's toned down from the hardware monstrosity it used to be. The bottom list of equipment is all hardware I've sold since getting softsynths, Sonar 2.2, and Reason 2.5. More and more music production occurs entirely in the digital environment, because it just sounds cleaner and crisper. All those cables used to add noise. Now, it's just the CPU pressing bits. And that 2.4GHz P4 1GB RAM system that's my main music computer is VASTLY overpowered - I wrote, recorded, and mixed down a 40 track song entirely in Reason 2.5 (with imported vocal lines from the singer) and the CPU never once peaked above 30%.
The bottom line is that software and fast PCs have made the days of lusting over large analog (or even overpriced digital, D8B anyone?) consoles a thing of the past. Sure, you may still need a mixer to route some signals and use outboard effects processors (the MOTU line of zero latency audio I/O boxes can even eliminate this need), but aside from having a good recording environment and a modicum of talent, there's very little barrier to entry for anyone with $2k lying around to become a professional sounding musician.
So do the Telemarketers now have a list of phone numbers that they know are valid? Can they use the DNC list to target their marketing for "difficult" or "hostile" numbers? Was this really just a scam all along?
Or is their access to the DNC list numbers restricted?
The Game Industry has embraced OGG, although somewhat silently. With slim budgets, we're always looking for the cheap (and free) solution, and OGG is perfect when we want compressed audio at a good quality.
The sole deciding factor in whether or not compressed audio really gets used in a game is available minspec bandwidth. If marketing is forcing us to target a 500MHz machine, and decompressing OGG audio kills our framerate, then audio compression goes. It the sad truth that the tech heads do not call the shots in this department.
That wouldn't happen to be the nightmarish electronic billboard between Seattle and Federal Way, over a car or boat dealership, now would it?
That particular sign is a nighttime driving hazard because of it's brightness.
Swallows your what?!?
When I saw the filename, I feared it would be exactly what it is.
Oh man, it's like I'm 6 years old again, and forced to hear all my mothers favorite music. No wonder I'm a synthpop geek now.
Actually, I haven't looked at the prices in a while.
Since there's a new CD coming out, I'll probably drop the price on the existing one. Thanks for pointing that out.
There's a sales site directly on the main page. The big "O" leads to orders and I ship out directly. I think the prices are reasonable.
And responding to another post, the point was that $5 a CD is too little to charge, which is why I charge more, so I break even earlier and can hopefully keep the deal going longer because additional CDs bring in more money.