I know in criminal courts, prosecutors often "hold things back" so that they can launch a different line of prosecution in case their primary line is defeated. I do not know if similar techniques are used in tort cases.
They know they can win with the "fair use" defense, but they're going for an even stronger ruling. If that fails, they will appeal on fair use grounds. That's my guess, anyway.
Buy a cheap-o all-in-1 mobo/CPU/RAM/case combo. Fill it up with cheap TB sata disks in a software RAID. Add a dynamic DNS name, ssh server, and rsync. Plug it in at your mom's house, rsync your local fileserver with that one every night at 4am.
I thought about buying a fireproof save and external hard drives, but I realized I would not have the discipline to archive to them regularly. With the solution I posted, no discipline is required after the initial setup, and it would save you even thieves empties your safe.
I have never seen a company with a security department large enough to realistically keep the number of publicly-discoverable/exploitable vulneraiblites in a network to near zero. Most companies have just enough IT security staff to fill checkboxes on some auditor's clipboard. Companies with relatively "good" security may have enough staff to actually address the most severe and easily exploited problems with their networks. In such a "good" company, any hacker who wants to break in to that company will be able to do so; the security efforts only keep "drive-by" style attackers at bay.
Anybody running life-critical systems, like the FAA, must have IT security far far in excess of the "standard" levels in the private sector. They should have enough security staff that no in-house or custom code ever sees production without white and black-box vulnerability testing. They should have enough to analyze and look for anomalies in every network and authentication log. They should have enough to have penetration tests going on 24/7. And they should have enough security staff to investigate every detection picked up by the pen-testers and routine scanning.
Comparing such organizations as the FAA to the averages for industry just doesn't cut it.
The scanner used against you must not have been very good. The most common (and least expensive) vulnerability scanner, Nessus, only generates a very small minority of false-positive results.
I know this is hard to grasp, but MD5 is not SHA-1.
Do you act like that in person, or just online? Either way, you're a real winner.
It doesn't look like you understand the implications of the birthday attack, but perhaps you can cover up that fact by acting like an arrogant jackass. Good luck!
You jest, but slashdot has been fundamental in shaping my career. I'm sure it had similar affects on other high school students who were trying to decide what to study in college.
But your point stands. There is always the chance of an impressionable young mind stumbling across 4chan and being forever ruined.
An ideal cryptographic hash should require exponential (on the hash length) time to break. A "broken" hash, like MD5 or SHA-1, is one for which an algorithm exists which is capable of finding collisions in less than exponential time.
Combining hashes is the cryptographic equivalent of making a single, longer hash. If you combine broken hashes, you have a long broken hash, which would actually be far easier to break than an ideal cryptographic hash of the same length.
What country do you live in? In the US, "off of" is a well-established phrase. A patient may move "off of" one drug to another, or an IT system may move "off of" a particular platform to a newer platform.
Over-generalization is generally a bad idea. MD5 and SHA-1 were flawed. That does not mean all cryptographic hashes are flawed. One could conceive of a cryptographic hash long enough that a computer as large as the universe would be required to successfully attack it within the lifetime of the Sun.
A related illustration is that OTP can provably provide perfect encryption (this is not the same as hashing, however).
Actually, the birthday attack IS useful in the real world. The birthday attack has been successfully used to dupe Verisign into issuing an SSL certificate to an address of the attacker's choosing! The attackers simply created two CSRs with the same MD5 hash--one for their website (which they had signed) and another for their victim's site.
Had they been blackhats instead of security researchers, they could have performed flawless MITM against SSL sites.
Chat is a different medium, so one can immediately ask for clarification if there is a problem. Email and essays are different animals.
Re:the English language weeps
on
Reviews: Star Trek
·
· Score: 2, Insightful
Actually, it does matter. If you stop caring about the proper use of language, you will begin making the same mistakes yourself. This not only makes you look dumb, but also leads to communication problems in which using the wrong words significantly changes the meaning of a sentence.
I routinely work with outsourced Indian workers who have very poor English skills. Much time is wasted dealing with miscommunications resulting from their undisciplined approach to language, especially when time zone differences result in 16-hour delays to our "what does that mean?"-emails.
the English language weeps
on
Reviews: Star Trek
·
· Score: 3, Insightful
In the first three paragraphs, the author makes all three of the most common English errors: to/too, its/it's, and then/than. Praise Bob, I'm glad he didn't screw up there/they're/their; that would have been too much to bear/bare (haha).
But seriously, if you're going to submit a lengthy bit of prose to a popular website, please ask someone with a high-school understanding of English to proofread it for you. Everyone knows that Slashdot keeps no such talent on the payroll, so you shouldn't expect editing from the "editors."
An internet-connected computer is one of the best possible gifts for a child in a poor and education-hostile home setting. It would allow the student to reach out to people around the world, rather than being exposed only to the proudly ignorant community he is surrounded by in RL. The child could pursue intellectual curiosities with the encouragement of the peers he finds on the net, whereas, locally, he would find only discouragement.
We may be past nuclear holocaust, but we still face viral holocaust. The bacon-lung will get ye.
The only known protection from this flu is to put a plastic bag over your head, poke a hole in it, then use a snorkel to breathe. You will then be known as a baconaut. You will roam the world like a god as all those around you die of the disease.
Actually, you don't need an atmosphere to turn a windmill. They could be powered by the flows of the aether. This method (pushing against the aether) is the same means by which rockets move in space, so it's proven technology.
Slashdot Mirror
My Samsung NC10 netbook gets nine hours off of a charge. They cost more than the eees, but they're simply better-quality machines.
I know in criminal courts, prosecutors often "hold things back" so that they can launch a different line of prosecution in case their primary line is defeated. I do not know if similar techniques are used in tort cases.
They know they can win with the "fair use" defense, but they're going for an even stronger ruling. If that fails, they will appeal on fair use grounds. That's my guess, anyway.
Buy a cheap-o all-in-1 mobo/CPU/RAM/case combo. Fill it up with cheap TB sata disks in a software RAID. Add a dynamic DNS name, ssh server, and rsync. Plug it in at your mom's house, rsync your local fileserver with that one every night at 4am.
I thought about buying a fireproof save and external hard drives, but I realized I would not have the discipline to archive to them regularly. With the solution I posted, no discipline is required after the initial setup, and it would save you even thieves empties your safe.
I have never seen a company with a security department large enough to realistically keep the number of publicly-discoverable/exploitable vulneraiblites in a network to near zero. Most companies have just enough IT security staff to fill checkboxes on some auditor's clipboard. Companies with relatively "good" security may have enough staff to actually address the most severe and easily exploited problems with their networks. In such a "good" company, any hacker who wants to break in to that company will be able to do so; the security efforts only keep "drive-by" style attackers at bay.
Anybody running life-critical systems, like the FAA, must have IT security far far in excess of the "standard" levels in the private sector. They should have enough security staff that no in-house or custom code ever sees production without white and black-box vulnerability testing. They should have enough to analyze and look for anomalies in every network and authentication log. They should have enough to have penetration tests going on 24/7. And they should have enough security staff to investigate every detection picked up by the pen-testers and routine scanning.
Comparing such organizations as the FAA to the averages for industry just doesn't cut it.
The scanner used against you must not have been very good. The most common (and least expensive) vulnerability scanner, Nessus, only generates a very small minority of false-positive results.
You need to review your grammar rules.
Show me where I said that. Or are you trying to put words in my mouth to make yourself look less foolish?
PS: When talking about cryptography, it is, in fact, the "birthday attack," as it is used to attack cryptographic systems.
You are a pathetic douche bag. True or False? True.
Is there a fundamental reason why they can't just shrink the block size?
Do you act like that in person, or just online? Either way, you're a real winner.
It doesn't look like you understand the implications of the birthday attack, but perhaps you can cover up that fact by acting like an arrogant jackass. Good luck!
It looks like they did edit it! So don't say whining on the Internet never accomplished anything ;-)
You jest, but slashdot has been fundamental in shaping my career. I'm sure it had similar affects on other high school students who were trying to decide what to study in college.
But your point stands. There is always the chance of an impressionable young mind stumbling across 4chan and being forever ruined.
An ideal cryptographic hash should require exponential (on the hash length) time to break. A "broken" hash, like MD5 or SHA-1, is one for which an algorithm exists which is capable of finding collisions in less than exponential time.
Combining hashes is the cryptographic equivalent of making a single, longer hash. If you combine broken hashes, you have a long broken hash, which would actually be far easier to break than an ideal cryptographic hash of the same length.
What country do you live in? In the US, "off of" is a well-established phrase. A patient may move "off of" one drug to another, or an IT system may move "off of" a particular platform to a newer platform.
Over-generalization is generally a bad idea. MD5 and SHA-1 were flawed. That does not mean all cryptographic hashes are flawed. One could conceive of a cryptographic hash long enough that a computer as large as the universe would be required to successfully attack it within the lifetime of the Sun.
A related illustration is that OTP can provably provide perfect encryption (this is not the same as hashing, however).
Actually, the birthday attack IS useful in the real world. The birthday attack has been successfully used to dupe Verisign into issuing an SSL certificate to an address of the attacker's choosing! The attackers simply created two CSRs with the same MD5 hash--one for their website (which they had signed) and another for their victim's site.
Had they been blackhats instead of security researchers, they could have performed flawless MITM against SSL sites.
Sure, cheese and port would make for a fine dessert/desert.
Chat is a different medium, so one can immediately ask for clarification if there is a problem. Email and essays are different animals.
Actually, it does matter. If you stop caring about the proper use of language, you will begin making the same mistakes yourself. This not only makes you look dumb, but also leads to communication problems in which using the wrong words significantly changes the meaning of a sentence.
I routinely work with outsourced Indian workers who have very poor English skills. Much time is wasted dealing with miscommunications resulting from their undisciplined approach to language, especially when time zone differences result in 16-hour delays to our "what does that mean?"-emails.
In the first three paragraphs, the author makes all three of the most common English errors: to/too, its/it's, and then/than. Praise Bob, I'm glad he didn't screw up there/they're/their; that would have been too much to bear/bare (haha).
But seriously, if you're going to submit a lengthy bit of prose to a popular website, please ask someone with a high-school understanding of English to proofread it for you. Everyone knows that Slashdot keeps no such talent on the payroll, so you shouldn't expect editing from the "editors."
An internet-connected computer is one of the best possible gifts for a child in a poor and education-hostile home setting. It would allow the student to reach out to people around the world, rather than being exposed only to the proudly ignorant community he is surrounded by in RL. The child could pursue intellectual curiosities with the encouragement of the peers he finds on the net, whereas, locally, he would find only discouragement.
We may be past nuclear holocaust, but we still face viral holocaust. The bacon-lung will get ye.
The only known protection from this flu is to put a plastic bag over your head, poke a hole in it, then use a snorkel to breathe. You will then be known as a baconaut. You will roam the world like a god as all those around you die of the disease.
Uranium has a half-life, right? It's a use-it-or-lose-it fuel source. I say we use as much of it as we can before it goes to waste!
Actually, you don't need an atmosphere to turn a windmill. They could be powered by the flows of the aether. This method (pushing against the aether) is the same means by which rockets move in space, so it's proven technology.