"Hate speech" is a term invented by EU governments to allow them to censor their populace. The term does not have legal meaning in the US, where freedom of speech is considered unalienable.
Google hires talented engineers and doesn't try to crush them with middle-management bullshit. They will be able to outcompete any tech company in any market.
I have plenty of good ideas to improve my company. Where's my 20% time to work on them? That's right, it doesn't exist. The only thing I should spend time on is what my boss's boss's boss has "visibility" of. My talents are wasted here at a "normal" technology company.
Also, we have way over-downsized, too. How can anyone innovate when we're putting out fires 24/7?
Google will rock the horribly-mismanaged tech industry.
You missed the point. A five character password can unlock a 128bit key. But the password can't be guessed at the rate of a trillion per second: the hardware limits it to only a few tries per minute.
Each letter in a password is selected from 96 possibilities. Each letter in a passphrase is much more predictable than 1/96, though. There are only so many English words... far fewer than the number of words which could be made with combinations of 96 characters.
Wrong. Real encryption with real key management can be either impossible (OTP) or effectively-impossible (AES) for someone to get around, even if they have physical access to your machine.
TPM is an attempt to make key management easy, but it comes at the cost of making circumvention really hard (rather than effectively impossible).
To encrypt something, you must have a 20-character password minimum to get 128-bit key strength. Nobody likes typing 20 characters, so TPM was invented. TPM stores your key on a separate chip. This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.
The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.
So they only way to get the key is to break the chip apart and look at the hardware somehow. The chips are usually encased in epoxy to make this hard to do. It's never been done before. Now it has... but it's still hard work.
TPM chips come on all business laptops these days, though few businesses make use of them. And they're still better than telling your users to memorize 20 char passwords (which they would just write down).
After Taco Bell wins the Fast Food Wars, they send probes to all bodies in the solar system which once had liquid water. The microbial life-forms are collected and sent home for use in the development of new Suspicious Sauce for their burritos.
iPad is order of magnitude more capable than the touch is
Please don't use words or phrases unless you know what they mean. Just because you hear smart people say OoM when talking about big numbers does not mean OoM means "a lot."
Java loads on App Engine are so slow, even a Java "hello world" app will occasionally time out. Java spin-up times are typically OK (1-4 seconds usually) but are occasionally and unpredictably unacceptable.
This guy is trying to hype his own findings a bit too much. Removing half of the vulnerabilities is actually really good! If you happen to remove the vulnerability that some mass-defacement takes advantage of, you really did ad a lot of value by using the imperfect scanning tool.
One of the most common and least helpful fallacies about security is that something is either secure or it is not. Nothing is 100% secure. Removing half of the vulnerabilities is a huge improvement over removing none.
You are wrong from a legal, economic, and ethical standpoint. Legally, copyrights grant rights-holders only limited, temporary authority to limit what other people do with works. Economically, creating artificial scarcity is bad for an economy, whether we're talking about information or commodities. And ethically, the idea that anyone has a "natural" right to tell other people what they can and cannot do with information is fundamentally illiberal.
Our society has decided to grant temporary monopoly rights in order to "promote science and the useful arts." We did so because scarcity was the only economic model we knew at the time.
A far better model would be to allow free access to all information (that's the stuff golden ages are made of) and reward rights-holders proportionately to the popularity and investment expense in the works.
I say such a system is inevitable because the benefits to society are fantastic, so as examples of these benefits become apparent on smaller scales, people will demand change.
Slashdot Mirror
What happens if the domain name and IP addresses used for validation are null-routed?
"Hate speech" is a term invented by EU governments to allow them to censor their populace. The term does not have legal meaning in the US, where freedom of speech is considered unalienable.
Google hires talented engineers and doesn't try to crush them with middle-management bullshit. They will be able to outcompete any tech company in any market.
I have plenty of good ideas to improve my company. Where's my 20% time to work on them? That's right, it doesn't exist. The only thing I should spend time on is what my boss's boss's boss has "visibility" of. My talents are wasted here at a "normal" technology company.
Also, we have way over-downsized, too. How can anyone innovate when we're putting out fires 24/7?
Google will rock the horribly-mismanaged tech industry.
You missed the point. A five character password can unlock a 128bit key. But the password can't be guessed at the rate of a trillion per second: the hardware limits it to only a few tries per minute.
Because you STILL would only need to guess the PASSPHRASE. I explained this to you already.
That's what a "passphrase" is. If it's not a phrase, it's a password.
It doesn't matter what hash is used. What matters is the number of combinations used to generate the key.
When you restrict yourself to combinations which form English words, you greatly reduce the number of possible combinations at a given length.
Because password-cracking software has the ability to compute hash values.
Each letter in a password is selected from 96 possibilities. Each letter in a passphrase is much more predictable than 1/96, though. There are only so many English words... far fewer than the number of words which could be made with combinations of 96 characters.
It would have to be really really long. That itself is a problem.
The entropy of a 20-character passphrase is much less than the entropy of a 20-character random password, actually.
Coercion is an out-of-scope problem for encryption, actually.
The hard part will always be taking the chip apart without destroying the data (or the ability to read the data).
What do you expect access to "design documents" will help with?
Wrong. Real encryption with real key management can be either impossible (OTP) or effectively-impossible (AES) for someone to get around, even if they have physical access to your machine.
TPM is an attempt to make key management easy, but it comes at the cost of making circumvention really hard (rather than effectively impossible).
To encrypt something, you must have a 20-character password minimum to get 128-bit key strength. Nobody likes typing 20 characters, so TPM was invented. TPM stores your key on a separate chip. This chip only coughs up the key if you enter a short password to authenticate yourself to the chip.
The chip uses rate-limiting boot-delays to prevent brute-forcing of the password.
So they only way to get the key is to break the chip apart and look at the hardware somehow. The chips are usually encased in epoxy to make this hard to do. It's never been done before. Now it has... but it's still hard work.
TPM chips come on all business laptops these days, though few businesses make use of them. And they're still better than telling your users to memorize 20 char passwords (which they would just write down).
After Taco Bell wins the Fast Food Wars, they send probes to all bodies in the solar system which once had liquid water. The microbial life-forms are collected and sent home for use in the development of new Suspicious Sauce for their burritos.
Please don't use words or phrases unless you know what they mean. Just because you hear smart people say OoM when talking about big numbers does not mean OoM means "a lot."
Didn't some kid just get three years in jail for participating in an anti-Scientology DoS attack which was organized on 4chan?
Will that be enough to keep the users in line?
No. You are 100% wrong. The reason he hates phones is because he doesn't like being interrupted with phone calls.
The only reason he likes the phone is because it is a computer masquerading as a phone.
Read his own comments if you don't believe me.
Java loads on App Engine are so slow, even a Java "hello world" app will occasionally time out. Java spin-up times are typically OK (1-4 seconds usually) but are occasionally and unpredictably unacceptable.
ASmallOrange.com has Ruby web app hosting for $5 per year.
Google App Engine offers JRuby hosting for free, though you have to deal with App Engine's miserable Java performance problems.
This guy is trying to hype his own findings a bit too much. Removing half of the vulnerabilities is actually really good! If you happen to remove the vulnerability that some mass-defacement takes advantage of, you really did ad a lot of value by using the imperfect scanning tool.
One of the most common and least helpful fallacies about security is that something is either secure or it is not. Nothing is 100% secure. Removing half of the vulnerabilities is a huge improvement over removing none.
The US department of defense will be accepting the award, as they funded the first tubes.
You are wrong from a legal, economic, and ethical standpoint. Legally, copyrights grant rights-holders only limited, temporary authority to limit what other people do with works. Economically, creating artificial scarcity is bad for an economy, whether we're talking about information or commodities. And ethically, the idea that anyone has a "natural" right to tell other people what they can and cannot do with information is fundamentally illiberal.
Our society has decided to grant temporary monopoly rights in order to "promote science and the useful arts." We did so because scarcity was the only economic model we knew at the time.
A far better model would be to allow free access to all information (that's the stuff golden ages are made of) and reward rights-holders proportionately to the popularity and investment expense in the works.
I say such a system is inevitable because the benefits to society are fantastic, so as examples of these benefits become apparent on smaller scales, people will demand change.