"Someone who, given the choice of spending $30K on a car that they fully control and can go anywhere they want at any speed they want – or another, likely more expensive buggy that will only travel on certain routes at slower speeds and with less options." Which car would you buy?"
Cell phones? They said that about horses when cars first came out! Given the choice between an intelligent, sure-footed creature that can travel over any terrain and a noisy, smelly, prone-to-breakdown mechanical contraption, which would you buy?
They said that about early human migration. Given the choice of moving on foot, generation by generation, out of Africa towards Europe, the middle East and East to China or a horse that would only take you a few miles before getting tired or sick, which would you buy?
So I take it your employer gives you equal time out of the office to accomplish this? If not, it doesn't sound like a solution, just more of a time-suck.
My boss is 6000 miles away. Part of working in a big corp. It's moot.
Yes, it sucks. But it's not going away. The competent developer needs to solve their problem. Generally by not trying to write code in such an environment. Write documents, have phone calls, pick your nose, whatever. But when you need to write code, go somewhere else where the noise and/or interruptions are not directed at you. I go home, or the corner of the cafeteria after rush hour. I get lots of code written on long plane journeys, so I plan ahead to be able to take advantage of that (I.E. using tools I can run locally on my work laptop).
Be blunt about why you are doing it. If you can't be blunt, find a different employer that appreciates honesty.
Those windows teks made the previous generation of tek scopes instantly more desirable. Office space used a red stapler, but in the real world, in real labs, people fight over the most recent tek scope that still has a useable interface.
You created a 10,000X increase in the work factor for brute force attacks. If you had just hashed over the salt and password once, encrypted the result and kept the key private, you would have a 340282366920938463463374607431768211456 increase in the work factor.
Relying on low integer multiples of work factors seems like a poor solution to me.
Which brings up the question, was the lack of two factor authentication actually a factor in this particular breach, or is it something that is simply being tacked onto the story?
If two factor auth can be handled by an app, or even a dongle, how much additional protection can it really provide?
It's being tacked on. If there was one factor auth and the auth failed, then it raises the question why did the auth fail? Was it weak in some way? Hypothesizing that two factor auth would have fixed it in the style of "Well duh, didn't they know to use two factor auth" is just plain overreaching and wrong. There are any number of authentication schemes of different types. You can't judge any of them without first having an idea of the capabilities of the adversary.
BANK OF BERNE Warez--slow 3.0, probe 10.0, armorall 1.0 Other stuff--Ok, here's one you'll really like. What you do is read the messages and find out about account number 121519831200. You use the transfer funds option to transfer the funds to your account in the Bank of Zurich Orbital. Here's the info you need to do it:
Bank of Berne account - 121519831200
Credit transfer authorization code- LYMA1211MARZ
Bank of Zurich link code- bozobank
YOUR account at Bank of Zurich-712345450134
You can transfer funds to your account at BOZOBANK. Be careful, there's some new AI's in cyberspace.
>Yes it is as your using the same seed. An attack that breaks e-trade's security can then give them the seed for your bank etc etc.
You're making overly broad assertions. There are plenty of protocols that can use a single hardware token in multiple places securely. By using a ZKP for instance. By 'seed' I assume you are referring to the time based RNG where you type in the number from the dongle. We have better ways.
>There are unfortunately lots of Unicode characters with the graphical appearance of a horizontal line at roughly the height of the middle line of a capital E.
"Someone who, given the choice of spending $30K on a car that they fully control and can go anywhere they want at any speed they want – or another, likely more expensive buggy that will only travel on certain routes at slower speeds and with less options." Which car would you buy?"
Cell phones? They said that about horses when cars first came out! Given the choice between an intelligent, sure-footed creature that can travel over any terrain and a noisy, smelly, prone-to-breakdown mechanical contraption, which would you buy?
They said that about early human migration. Given the choice of moving on foot, generation by generation, out of Africa towards Europe, the middle East and East to China or a horse that would only take you a few miles before getting tired or sick, which would you buy?
So I take it your employer gives you equal time out of the office to accomplish this? If not, it doesn't sound like a solution, just more of a time-suck.
My boss is 6000 miles away. Part of working in a big corp. It's moot.
Constant noise and distraction...
Yes, it sucks. But it's not going away. The competent developer needs to solve their problem. Generally by not trying to write code in such an environment. Write documents, have phone calls, pick your nose, whatever. But when you need to write code, go somewhere else where the noise and/or interruptions are not directed at you. I go home, or the corner of the cafeteria after rush hour. I get lots of code written on long plane journeys, so I plan ahead to be able to take advantage of that (I.E. using tools I can run locally on my work laptop).
Be blunt about why you are doing it. If you can't be blunt, find a different employer that appreciates honesty.
Uphill, in the solar wind.
At minus 148 degrees Fahrenheit (in the shade)
Both ways,
But those early cell phone innovators got a lot of patents.
Google is probably rolling on driverless car and wearable tech patents.
So what the hell are Phablets? Do we really need this new term that will be out of date in 6 months?
A phablet is a mythical tablet where they re-enable the disabled phone circuitry that's present in the chips.
The triple point of water is a lot more stable and well defined than the freezing point.
but diet is 100% of what you can do about it.
And exercise is the rest.
Not if you're unmeasurably lazy like me.
Those windows teks made the previous generation of tek scopes instantly more desirable. Office space used a red stapler, but in the real world, in real labs, people fight over the most recent tek scope that still has a useable interface.
What about the previous 2,000,000 years, how did these brown fats help the primitive man whose main problem was finding enough calories to eat?
Kept you from freezing to death.
What is this all about proving that it's 100% diet, despite all the studies to the opposite?
It's not 100% diet, but diet is 100% of what you can do about it.
>"Don't Do Business With Them" is terrible advice, because it helps exactly 1 person.
If it's me choosing not to do the business, then I'm that one person, which is perfect.
EOM
Levi in January is unreasonably cold in my experience.
As it happens, I'm trying to make a good KDA right now at work, for very specific interpretations of the word 'good'.
I may be done in a year or two.
You created a 10,000X increase in the work factor for brute force attacks.
If you had just hashed over the salt and password once, encrypted the result and kept the key private, you would have a 340282366920938463463374607431768211456 increase in the work factor.
Relying on low integer multiples of work factors seems like a poor solution to me.
and appreciate systemd's implicit mandate for backup suffixes that won't fill your hd undetected as an exercise.
So implicit that it wasn't explicit.
[1]: Assuming a private VPLS
VPLs are by definition public.
Which brings up the question, was the lack of two factor authentication actually a factor in this particular breach, or is it something that is simply being tacked onto the story?
If two factor auth can be handled by an app, or even a dongle, how much additional protection can it really provide?
It's being tacked on. If there was one factor auth and the auth failed, then it raises the question why did the auth fail? Was it weak in some way? Hypothesizing that two factor auth would have fixed it in the style of "Well duh, didn't they know to use two factor auth" is just plain overreaching and wrong. There are any number of authentication schemes of different types. You can't judge any of them without first having an idea of the capabilities of the adversary.
Here is some info I'm posting from the breach.
BANK OF BERNE Warez--slow 3.0, probe 10.0, armorall 1.0 Other stuff--Ok,
here's one you'll really like. What you do is read the messages and find out
about account number 121519831200. You use the transfer funds option to
transfer the funds to your account in the Bank of Zurich Orbital. Here's the
info you need to do it:
Bank of Berne account - 121519831200
Credit transfer authorization code- LYMA1211MARZ
Bank of Zurich link code- bozobank
YOUR account at Bank of Zurich-712345450134
You can transfer funds to your account at BOZOBANK. Be careful, there's some new AI's in cyberspace.
You missed a step.
>Yes it is as your using the same seed. An attack that breaks e-trade's security can then give them the seed for your bank etc etc.
You're making overly broad assertions.
There are plenty of protocols that can use a single hardware token in multiple places securely. By using a ZKP for instance.
By 'seed' I assume you are referring to the time based RNG where you type in the number from the dongle. We have better ways.
TOTP? Top of the Pops?
Which tastes more like chicken? Human or Alligator?
Specifically this canon was found in luggage
I believe I once had a record of Pachelbel's Canon in my luggage. Perhaps you're thinking of cannons.
I had a Pachelbel's Canon printer once, but it kept printing the same page in various orientations and reversals.
>so I had to pay 25% of what a new one cost to check in my carry-on bag.
Bingo! That's why people carry stuff on that they would otherwise check. Airlines started charging for checked bags.
>There are unfortunately lots of Unicode characters with the graphical appearance of a horizontal line at roughly the height of the middle line of a capital E.
How is that not redundant?