My point is that if you are sending the server the hash then effectively, that hash *IS* your password... and that's all that a would be attacker would ever have to send to impersonate you, because that's all that *YOU* sent to identify yourself.
Second protip, don't move the goalposts of a discussion and then try and call someone on not knowing what they are talking about.
The suggestion above was to encrypt the password on the client side.... but of course, you still need to actually send that encrypted password, and that encrypted password could be logged. The server would never know the "real" underlying password, but a person who viewed that log could send that exact same byte sequence without ever ever knowing the alleged real password, just as the server itself is able to identify the user without knowing the real password in such a case.
The only difference between this and what happened at github is that the password logged in github's case wasn't actually encrypted, and was logged as simple plaintext. But the end result is the same... a person could send what they saw in the log it to the server as part of a login sequence and fraudulently identify as another user.
It doesn't matter if you send it in the clear or if you send it encrypted... the point is that the server will know what you sent, and if that server logs what you sent, then all someone else will have to do is send the same thing in their own session. If you can't replicate it, then there's no way for the server to possibly be able to verify your identity at all.
Anything that you send to the server can be read by that server and can therefore be potentially logged as plain text (which is what happened here). The only way around this is to move 100% of the server functionality to the client, which means that the client can't exchange any data with the server in any way (because any data that they do exchange to somehow confirm identity can be logged, as I said above).
I'm not saying it can't work in specific circumstances, only that its ability to work cannot actually be manipulated by the liar or cheater. If you'll forgive me for paraphrasing an X-files tagline, the truth is still out there... and while dishonesty can certainly sometimes be quite successful in the short term, it is ultimately not indefinitely sustainable, and its failure may as well be perceived as inevitable. The best a would-be cheater can hope for is to never be discovered before they die, which might happen... but then again, might not. There's no way for the cheater to help or control it.
Let's say your password is X, and you hash it locally to Y. You still have to send Y to the server to be validated. There's no way around this.
If you are sending Y, then it is possible that the server could potentially log Y, and someone who sees those logs might in turn be able reproduce your login by sending Y themselves, even without ever knowing what X is.
That Y might happen to be a binary string that has no visible representation or ability to directly type on a keyboard has no bearing on whether Y may still be visible as "plain text".
If people were perfect and nobody ever made mistakes, sure.
The thing is that since those dating sites require that you not be a minor to even *use* the service, a false representation of one's age will have to be deliberate.
Because facebook allows minors on its site (to a minimum of 13), such a setting could plausibly be entirely accidental on the part of the user.
One could only argue it's good faith on facebook's part if minors were prohibited entirely from using the service, because then the onus is not on the user to misrepresent themselves. Otherwise a simple accidental setting that would not have otherwise prevented them from being on facebook in the first place (because they are still over 13) could result in all kinds of bad shit.
I know that some people will go to enormous lengths to lie or cheat... but in the end, if they are caught, such efforts are invariably not worth it. In some cases, one could even be exposing themselves to legal repercussions for deliberate misrepresentation.
Building a career out of lying and cheating is like trying to hold build a dam out of rotted wood. Failure is often both catastrophic and impossible to recover from.
I'm saying only that cheating requires invoking a deception, one which might bear a striking resemblance to fraud, and that the effort that one must go through to maintain the deception is nowhere nearly worth the loss of trust that one experiences if or when their lack of integrity is discovered.
While specific examples of cheating may exist where it was sustained for a prolonged time, a cheater actually has no real ability to actually prevent discovery of the truth about themselves at any given moment, and as such it may as well be considered inevitable.
Because eventually, you'll end up in a situation where the option to cheat won't be available, and you'll be exposed for not knowing your shit, or else you'll be caught, and then the jig's up. Any trust that anyone may have placed in you up until that point is shot to hell.
In theory it might give you a moderate head start at certain things, but in the long run it's so self-defeating as to not be worth the effort taken to conceal it.
When kids that use facebook start getting recommended to other people as potential dates just because of a bad setting, they are going to be in sooooo much shit for this....
Not true... in fact, exactly the opposite if a question is interesting.
It's far from impossible to be the first one to ask a particular interesting question... and while it's best to always initially assume that you are not, it's entirely fine to have done the initial research and then explain why existing answers you were able to find were not satisfactory.
On stackoverflow, it takes 50 reputation points to be able to leave a comment on someone else's post. Getting 50 points is not that hard, at least in my experience. Before asking on stackoverflow, however... do research yourself, and see if you can figure out an answer before asking. If the information you've been able to find isn't helpful, it's good to indicate this in your question, as well as why particular sources were not helpful.
You'll start gaining a positive reputation almost immediately if your questions are clear, and you can show that you've made an honest attempt at trying to figure the answer out for yourself. In particular, when you are first asking the question, check out stack overflow's recommendations on possibly similar questions before you even get to the point of submitting your question. In my experience, as often as not, someone else has had a similar issue and it makes my asking superfluous.
My point was that with cryptocurrencies whose value might rise over time, it may eventually exceed the value of electricity usage consumed when it was initially mined. This may or may not happen, of course, and there is no guarantee that such a threshold will be eventually reached. One can only say for sure that it has happened in the past with some cryptocurrencies such as Bitcoin. People who were mining bitcoin in 2011, for instance, have had the value of their bitcoin *FAR* exceed the costs of electricity that was used to mine it, but at the time that they mined it, the value of bitcoin was still low enough that the electricity usage still outweighed it at the time.
Anyone using any GPU will lose money mining cryptocurrency unless one is willing to wait until the currency rises significantly in value some amount of time after mining it.
Continued extensions are no longer necessary for that now that Disney has finally gotten around to trademarking the Mouse and its image. Trademarks do not have an expiry, and last for as long as the company is willing to protect them.
This doesn't technically stop people from freely copying old works whose copyright has expired, even if they feature the trademarked character, but it does stop anyone from being able to utilize the character in their own work, even if that work was derived from one that was now in public domain.
I'm honestly not sure what you're talking about. Every Kinder Surprise egg I've ever seen has a prize inside of almost the exact same monetary worth as any other prize in another egg*. The so-called "good" ones are of no better quality than the so-called "junk" ones. The only difference is whether a person likes that toy or not, and it happens to be the case that many of the "less valued" prizes just aren't interesting to most people.
Last time I checked, the price for a normal-sized KS egg with 20g of candy was about $1.50cdn each. This places it on the higher end for candies by weight, but it's nowhere near the top... and the higher end candies usually don't even have prizes in them.
* when compared to eggs of the same size. KS makes larger eggs that contain higher end prizes inside, but the larger eggs also have considerably more chocolate on them.
Linux (and for that matter all Unix OS's) has, and has always had, a mitigation strategy in place to counter that style of attack. In practice, the only systems that could hope to negatively impact are those that are administrated by people who didn't give a damn about system security in the first place.
Slashdot Mirror
My point is that if you are sending the server the hash then effectively, that hash *IS* your password... and that's all that a would be attacker would ever have to send to impersonate you, because that's all that *YOU* sent to identify yourself.
Second protip, don't move the goalposts of a discussion and then try and call someone on not knowing what they are talking about.
The suggestion above was to encrypt the password on the client side.... but of course, you still need to actually send that encrypted password, and that encrypted password could be logged. The server would never know the "real" underlying password, but a person who viewed that log could send that exact same byte sequence without ever ever knowing the alleged real password, just as the server itself is able to identify the user without knowing the real password in such a case.
The only difference between this and what happened at github is that the password logged in github's case wasn't actually encrypted, and was logged as simple plaintext. But the end result is the same... a person could send what they saw in the log it to the server as part of a login sequence and fraudulently identify as another user.
It doesn't matter if you send it in the clear or if you send it encrypted... the point is that the server will know what you sent, and if that server logs what you sent, then all someone else will have to do is send the same thing in their own session. If you can't replicate it, then there's no way for the server to possibly be able to verify your identity at all.
Anything that you send to the server can be read by that server and can therefore be potentially logged as plain text (which is what happened here). The only way around this is to move 100% of the server functionality to the client, which means that the client can't exchange any data with the server in any way (because any data that they do exchange to somehow confirm identity can be logged, as I said above).
I'm not saying it can't work in specific circumstances, only that its ability to work cannot actually be manipulated by the liar or cheater. If you'll forgive me for paraphrasing an X-files tagline, the truth is still out there... and while dishonesty can certainly sometimes be quite successful in the short term, it is ultimately not indefinitely sustainable, and its failure may as well be perceived as inevitable. The best a would-be cheater can hope for is to never be discovered before they die, which might happen... but then again, might not. There's no way for the cheater to help or control it.
No, it wouldn't.
Let's say your password is X, and you hash it locally to Y. You still have to send Y to the server to be validated. There's no way around this.
If you are sending Y, then it is possible that the server could potentially log Y, and someone who sees those logs might in turn be able reproduce your login by sending Y themselves, even without ever knowing what X is.
That Y might happen to be a binary string that has no visible representation or ability to directly type on a keyboard has no bearing on whether Y may still be visible as "plain text".
If people were perfect and nobody ever made mistakes, sure.
The thing is that since those dating sites require that you not be a minor to even *use* the service, a false representation of one's age will have to be deliberate.
Because facebook allows minors on its site (to a minimum of 13), such a setting could plausibly be entirely accidental on the part of the user.
One could only argue it's good faith on facebook's part if minors were prohibited entirely from using the service, because then the onus is not on the user to misrepresent themselves. Otherwise a simple accidental setting that would not have otherwise prevented them from being on facebook in the first place (because they are still over 13) could result in all kinds of bad shit.
Building a career out of lying and cheating is like trying to hold build a dam out of rotted wood. Failure is often both catastrophic and impossible to recover from.
I'm saying only that cheating requires invoking a deception, one which might bear a striking resemblance to fraud, and that the effort that one must go through to maintain the deception is nowhere nearly worth the loss of trust that one experiences if or when their lack of integrity is discovered.
While specific examples of cheating may exist where it was sustained for a prolonged time, a cheater actually has no real ability to actually prevent discovery of the truth about themselves at any given moment, and as such it may as well be considered inevitable.
Because eventually, you'll end up in a situation where the option to cheat won't be available, and you'll be exposed for not knowing your shit, or else you'll be caught, and then the jig's up. Any trust that anyone may have placed in you up until that point is shot to hell.
In theory it might give you a moderate head start at certain things, but in the long run it's so self-defeating as to not be worth the effort taken to conceal it.
(sarcasm intended).
When kids that use facebook start getting recommended to other people as potential dates just because of a bad setting, they are going to be in sooooo much shit for this....
Not true... in fact, exactly the opposite if a question is interesting.
It's far from impossible to be the first one to ask a particular interesting question... and while it's best to always initially assume that you are not, it's entirely fine to have done the initial research and then explain why existing answers you were able to find were not satisfactory.
Tell that to people who have several million dollars in bitcoin because they happened to get on board early.
On stackoverflow, it takes 50 reputation points to be able to leave a comment on someone else's post. Getting 50 points is not that hard, at least in my experience. Before asking on stackoverflow, however... do research yourself, and see if you can figure out an answer before asking. If the information you've been able to find isn't helpful, it's good to indicate this in your question, as well as why particular sources were not helpful.
You'll start gaining a positive reputation almost immediately if your questions are clear, and you can show that you've made an honest attempt at trying to figure the answer out for yourself. In particular, when you are first asking the question, check out stack overflow's recommendations on possibly similar questions before you even get to the point of submitting your question. In my experience, as often as not, someone else has had a similar issue and it makes my asking superfluous.
My point was that with cryptocurrencies whose value might rise over time, it may eventually exceed the value of electricity usage consumed when it was initially mined. This may or may not happen, of course, and there is no guarantee that such a threshold will be eventually reached. One can only say for sure that it has happened in the past with some cryptocurrencies such as Bitcoin. People who were mining bitcoin in 2011, for instance, have had the value of their bitcoin *FAR* exceed the costs of electricity that was used to mine it, but at the time that they mined it, the value of bitcoin was still low enough that the electricity usage still outweighed it at the time.
Anyone using any GPU will lose money mining cryptocurrency unless one is willing to wait until the currency rises significantly in value some amount of time after mining it.
Copyright in Canada has been life of author + 70 years for quite some time now. The copyright on TOS won't expire in Canada until after 2061.
You have been misinformed. Star Trek, even TOS, is still definitely covered by copyright in Canada.
The ISP can terminate your account if the problem persists enough though.
Continued extensions are no longer necessary for that now that Disney has finally gotten around to trademarking the Mouse and its image. Trademarks do not have an expiry, and last for as long as the company is willing to protect them.
This doesn't technically stop people from freely copying old works whose copyright has expired, even if they feature the trademarked character, but it does stop anyone from being able to utilize the character in their own work, even if that work was derived from one that was now in public domain.
Nope. There's still no Linux or FreeBSD iTunes client.
Whether that is complaining or gratitude is left as an exercise for the reader.
I'm honestly not sure what you're talking about. Every Kinder Surprise egg I've ever seen has a prize inside of almost the exact same monetary worth as any other prize in another egg*. The so-called "good" ones are of no better quality than the so-called "junk" ones. The only difference is whether a person likes that toy or not, and it happens to be the case that many of the "less valued" prizes just aren't interesting to most people.
Last time I checked, the price for a normal-sized KS egg with 20g of candy was about $1.50cdn each. This places it on the higher end for candies by weight, but it's nowhere near the top... and the higher end candies usually don't even have prizes in them.
* when compared to eggs of the same size. KS makes larger eggs that contain higher end prizes inside, but the larger eggs also have considerably more chocolate on them.
One would have thought it was obvious.... don't run a webserver as root.
Linux (and for that matter all Unix OS's) has, and has always had, a mitigation strategy in place to counter that style of attack. In practice, the only systems that could hope to negatively impact are those that are administrated by people who didn't give a damn about system security in the first place.