Slashdot Mirror


User: tibit

tibit's activity in the archive.

Stories
0
Comments
6,671
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,671

  1. Re:does it work? on How Red Hat Hires · · Score: 1

    Background checks using databases are an instant thing. Whatever you do past that is IMHO a waste of time.

  2. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    But you see, that string is just as random as any other. If you don't know what kind of a password someone uses, any guesses you make are not helping at all. They are all equally likely to improve your chances, thus they do nothing. Never mind that when doing exhaustive searches, keeping track of all those special cases you might have tried, at some point will slow you down a lot. There's a point where the memory bandwidth demands for keeping track start exceeding any gains from limiting your search space. Trees quickly start suffering from cache locality issues :)

  3. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    Of course I use various languages, but I have no problem sprinkling symbols in. A while ago it was all random without words, these days I'm a better typist. The problem is with stupid webpages that don't dig 30 character passwords, though. Something tells me they may just store the actual password and not merely a hash. Otherwise they'd have no need for a limit, save for the html request size limit enforced by their servers.

  4. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 2

    I think it goes like this. The world moves ahead. We're arriving at a society where people who don't dig technology at the basic level become third class citizens. Demonstrably, some logical thinking and memorization skills that go beyond the rudimentary are becoming a thrive-or-perish kind of a thing. Technology has started applying selection pressure, and I'm only happy that it's becoming so. There is a point at which you just can't help people who don't grok some things. They have to die out, and only hope that the next generation of their kin is any better. People with silly passwords and risky online behaviors will negatively affect their workplaces, so they'll have problems with their jobs, they'll be fighting stolen identities, they'll be really in for a world of hurt. Again, I'm OK with that.

    We've arranged a global civilization in which most crucial elements profoundly depend on science and technology. We have also arranged things so that almost no one understands science and technology. This is a prescription for disaster. We might get away with it for a while, but sooner or later this combustible mixture of ignorance and power is going to blow up in our faces.

    Carl Sagan, The Demon-Haunted World: Science as a Candle in the Dark

    We're at a stage where it blows up in our individual faces. Eventually it'll affect the larger human collective as well.

  5. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    How exactly do you know someone will use such a passphrase? :)

  6. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    Many of my passwords that I do remember are line noise, some newer ones are line noise with random words chosen from a bunch of languages. As far as I'm concerned, they're all uncrackable.

  7. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    Among the things I teach are remedial community college arithmetic & algebra classes, as taken by about half the nation's college students, and frankly, they can't remember dick. For example: About 1/2 of our arithmetic students can never remember the one-digit multiplication table; about 1/2 of our algebra students can never remember operations on negatives.

    It's not because they can't remember dick, it's simply because that kind of stuff needs to be a foregone conclusion halfway before entering college, at the latest. The remembering part is easy when you're 8. When you're 18, you can remember stuff with context much better, and arbitrary line noise like multiplication tables are relatively off the table at that point. There is a small part of the population that can memorize line noise even when they are 30, but so what.

    Alas, I can't understand why anyone who doesn't know basics such as simple arithmetic even pretends like belonging in college. They should be flipping burgers or something, and praying that the cash registers work.

  8. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    adding a few words is far more secure than mangling the pass phrase with a few symbols

    Nope. Mangling it with symbols moves it into the symbol-by-symbol exhaustive search category -- the fact that there are words there becomes somewhat irrelevant. Sure you assume that symbol frequencies are shaped in a certain way, so you can still do a tad better than fully exhaustive search where you start with all zeroes and go up, but it's really no worse than a similarly long bunch of random symbols with a certain distribution of individual symbols and maybe symbol pairs.

  9. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 2

    You mean "o31pe41na59lsoso26onagain54" is easy to find? You on crack or something? Protip: passphrases can be sprinkled with "line noise". Someone may use prime number sequence to space line noise, and digits of pi for line noise proper. Someone else may use, well, something else. You see where it's going. Good luck with figuring it out.

  10. Re:I Got It! on Deloitte: Use a Longer Password In 2013. Seriously. · · Score: 1

    This is all fine and dandy, but really is rubbish. When you have an unknown password to crack, you don't know how it's composed. Sure you can try the most likely pass-phrases and pass-words, and this will weed out the obvious low hanging fruit. Yet it doesn't take much to make you keep on guessing for millenia to come. Who the heck says the password should be only words. Throw a few extra symbols in there, and your guessing strategy suddenly is no better than an exhaustive search done on symbols. I like random passwords like co7i2@ao)p1, with a word or two thrown in there -- usually obscure words from relatively obscure languages. That makes them long, and from the point of view of any sort of a search strategy, equivalent to being completely random. Even the information I've just provided to you doesn't make it any easier to guess those passwords.

  11. Re:So to be clear ... on UK Court: MPAA Not Entitled To Profits From Piracy · · Score: 1

    Duh that they are bastards, I never claimed otherwise :) Alas, to claim that they are parasitic -- it's not quite that, or at least not the way you make it seem. MPAA would vanish in an instant were it not provided steady funding by the industry. They are mostly lawyers. What do you think, that they do pro bono work? The lawyers are the parasites, and they are parasites on the industry, not on the consumer. They just happen to harass and bully the consumer, but whatever money they get from consumers is relatively speaking peanuts to them (not to the consumer!). It probably wouldn't pay their office space lease. Litigation is expensive, and lawyers play some role in keeping it that way.

    The industry thinks, or, rather, is deluded to think, that MPAA's lawyers are beneficial parasites. I'd think MPAA lawyers are in the category of parasites that alter the behavior of the host -- the music industry.

  12. Re:My point exactly! on UK Court: MPAA Not Entitled To Profits From Piracy · · Score: 2

    NOPE. Copyright != trademark. It has been said over and over and over, and is a common misconception. Just stop, will you, pwetty pwetty please?

    Nobody is required to go after copyright infringers in order not to lose the benefits of copyright protection. At least under U.S. law.

  13. Re:Apparently running Newzbin gave a good lifestyl on UK Court: MPAA Not Entitled To Profits From Piracy · · Score: 1

    You made my day! Thanks :)

  14. Re:Dear MPAA on UK Court: MPAA Not Entitled To Profits From Piracy · · Score: 1

    Nope. They don't care about wealth, because they are paid for by the industry to be the collective's bullies. That's a bit different than an organization that's only after money for itself.

  15. Re:Dear MPAA on UK Court: MPAA Not Entitled To Profits From Piracy · · Score: 1

    Not really -- I don't see how they are parasitic at all. They exist because the labels and the "industry" pays them to exist. They bully on behalf of the industry. They are paid service providers. Now the court has essentially said that the industry has to bully directly, and I agree. They have more face to lose than some organization whose public image nobody cares about. Grandma sued by MPAA is no biggie, but Grandma sued by SONY may blow up to a well-recognized name dragged through the mud by the media -- and everyone can remember and pronounce SONY, it's a household name. MPAA - not so much.

  16. Re:Less demand on Hard Drive Revenue About To Take a Double-Digit Dip · · Score: 1

    Ahh well, there's crazies out there. Can't help with that :(

  17. Re:this is true.. on Microsoft May Be Seeking Protection From Linux With Dell Loan · · Score: 1

    Yeah, because not-otherwise-described open source software running on an OS X desktop = Desktop Linux. You can't read, AC, and you assume too much.

  18. Re:ok then on Hard Drive Revenue About To Take a Double-Digit Dip · · Score: 1

    There's a big difference between scratches from tiny particles and dragging a utility knife across a disc. In the first case, the anti-scratch coating is thick enough to mechanically resist the plastic deformation of the underlying substrate, and to resist the shearing as well. With a utility knife, the anti-scratch coating simply transmits the compressive load to the substrate, which then gets plastically deformed. Then some anti-scratch coatings will crack, some will deform along with the substrate. That's all there's to it. It's like expecting chrome-plated brass to resist utility knife treatment. It doesn't -- it sure resists a bit better than without the hard chome plating, but once you press hard enough, it doesn't matter -- all it does is make the knife slide easier!

  19. Re:Less demand on Hard Drive Revenue About To Take a Double-Digit Dip · · Score: 1

    BTW, I don't see if you consider me a stalker, as your first paragraph is somewhat cryptic, but I just happen to run into your comments. I don't seek them out. Seriously. I do agree on quite a few bits, probably more often than not.

  20. Re:Less demand on Hard Drive Revenue About To Take a Double-Digit Dip · · Score: 1

    If it was only the data map held in some integrated FLASH, this could be reverse-engineered and copied. With encryption, it's way more effort -- still doable, but you definitely need to microphotograph and reverse-engineer large parts of a controller. That's not anymore in the realm of being worth it for someone fixing people's computers. Only dedicated amateurs (very dedicated ones) could pull it off, or a larger data recovery shop with some money to burn.

    I'm waiting for someone to get fed up and develop an open-hardware controller as a replacement (using an FPGA)... probably not worth it, but someone could do it for the heck of it...

  21. Re:this is true.. on Microsoft May Be Seeking Protection From Linux With Dell Loan · · Score: 2, Insightful

    This is stupid. For there to be 1% or even 10% marketshare, there must be 0.1%, and it must not be stifled by artificial means like trusted bootloaders. I don't know who that "average" person is, but I've been using desktop linux, and now also OS X, for quite a while. I run pretty much the same open source software on OS X as I've been running on Linux.

  22. Re:They would have more primes to choose from ... on New Largest Known Prime Number: 2^57,885,161-1 · · Score: 1

    Hah, I used to run it on a bunch of 486 and Pentium I systems, when it still made sense. Past certain length, you really needed a more powerful system.

  23. Re:Uhhh... on New Largest Known Prime Number: 2^57,885,161-1 · · Score: 1

    If you could find new primes that easily then internet banking wouldn't be secure

    LOLWUT?'
    $ openssl genrsa
    Generating RSA private key, 512 bit long modulus ...++++ .++++
    e is 65537 (0x10001)
    -----BEGIN RSA PRIVATE KEY-----[...]

    Took a second, maybe, and generated two "new" primes. Each and every time you run it. I find it interesting that anyone would think otherwise. You haven't generated any RSA private keys recently, I think...

  24. Re:DVD-Rs are for long term backups on Hard Drive Revenue About To Take a Double-Digit Dip · · Score: 1

    I haven't had a single hard drive that sat years on the shelf seize up. Not a single one, despite having at least 40 drives that sat 5+ years on a shelf. I usually don't toss out old hard drives, just wipe them and put them on a shelf somewhere. I've just finished spinning them all up and verifying that they are operative. All prompted by the crazy slashdot posts. 0 in 40 is good enough for me, including one drive that sat on a shelf for 12 years at least. All the hard drives I ever had would die while being in use.

  25. Re:No usb what about input like keyboards / mouses on Hard Drive Revenue About To Take a Double-Digit Dip · · Score: 1

    How on Earth will a legacy asynchronous serial port resolve any "timing" issues? A USB host sends out a start of frame every 1ms (or subframes every 1/8th of a ms for high-speed). Those reach all devices attached to same host at the same time, and are perfect for synchronizing multiple PLLs etc. There's no trivial way to synchronize multiple legacy async serial devices that are hooked up to separate serial ports -- not without writing a kernel driver, at least, and even then you'll run into a lot of work trying to get sub-microsecond jitter. USB also has link layer error detection that is quite a bit better than what you get with parity checks. I don't know how a specialized low-speed PS/2 port is any better than that.

    If you don't know how to use it properly, you need to learn, it's all there's to it. The USB specs are free. I don't know what timing issues you have that would have been fixed by legacy ports. I seriously don't. Just look at what you get with typical legacy async running at 115200,N,8,1. You get 11.5 bytes per millisecond - per one USB frame period. Not only no one wants a smaller granularity than that, but with contemporary async cards you will have worse granularity than that because a 64 byte FIFO will probably only wake the driver up every couple of ms unless you reconfigure the FIFO watermark levels. People do have problems when they use USB-to-serial converter chips and access them using Windows serial port APIs, because those APIs do not deal with USB peculiarities and don't offer the control you need to use the interface properly. When you use the FTDI chip, use the FT2XX API, not legacy serial API. I'm not sure how it's done on chips from other vendors. I'm not sure either what bells and whistles are available for the OS-provided USB CDC driver on Windows 7 & up -- haven't tried that yet, but I will.

    No, move from PS/2 to USB was not a dumb move. It was probably one of the best things to come around. You're free to disable USB storage driver in any OS of your choice, thus solving your "security nightmare". Even relatively low-key microcontrollers can emulate low-bandwidth USB without any dedicated hardware. It's only 1.5 mbits/s. The sources are available for many popular microcontrollers. For this, you get a HID class device that needs no custom drivers, and has all of its bells-and-whistles direcly visible to the userspace. With a PS/2 keyboard, you wouldn't get that. There was no trivial way to send any data but scancodes, so forget joysticks or anything else, unless you were up for writing a custom kernel driver.

    So yeah, you have no clue, you won't educate yourself, and are just rambling.