For having to remember something additional about your password you want more than a bit of entropy. Its not too much harder to remember another common word at the end and get eleven or 2048 times the guesses. Or a proper random substitution, eg replace the 14th letter with ; or insert it afterwards this also gets some real entropy. If you think your password is possible to crack in a reasonable time and care about what it protects, you are doing it wrong.
if you mix the two you get even stronger, if you speek "leet" you would have read that password as normal english, and its something the OP could very easliy remember WHILE increasing length AND adding bits
My understanding of leet speak is its a mapping of a latin character to one of many alternative representations, that you choose to use or not. In his case he chose a subset of the leet alphabet which allows for a one to one mapping of a letter to a number which he can choose to do or not. He can do this at random at a 50/50 split. If there is some commonly know way chose to use the leet char then this is easier to remember but only requires a trivially small amount of guesses to guess. I count 23 number leetable letters so if you do it randomly (he is not even close to random, he has chosen characters that make it look good) you add 23 bits to the password this gives good security with 67 bits but requires you to remember 23+4 choices in sequence (some people can do this easy others not a hope to get it right first time after not having used it for a couple of weeks). Alternatively those bits could be added by adding two extra words or by using a much smaller number of proper random substitutions. Leeting adds complexity but is insanely hard to remember and if not done randomly you probably do it similar to how everyone else did it making it easier than binary choices to guess. In his case its making a choice of one out of a set of 2 (2^1), which according to the comic is a terrible (the worst) way to do it. Randal advocates randomly choosing 1 from a set to 2^11 which is not exponentially harder to remember but exponentially harder to guess.
The problem I have with that comic is that the "strong" password is lowercase only.
I doubt Randal intended to make it an example of how to chose a password. He made it to demonstrate that password policies are poor and alpha numeric passwords with special characters do not guarantee strength (as most people get taught). Probably most significantly he wanted to say users suck at choosing a good password, they don't have a clue about what they are trying to stop. The number of tech people who think common substitutions make the password exponentially harder to crack too high.
Did you understand the XKCD comic? the whole idea is random. Those similar looking numeric substitutions are binary at best adding 13 bits at best. It's hard to remember the ones you chose and if you chose all of them you would only add 1 bit.
It's not officially supported it appears, which is even more stupid.
I think all linux (or possibly all software downloads) should be managed by Mirror Brain or similar. I guess its a bandwidth overhead but meta-links should be standard practice for large files and thus integrated into the browser.
Along with every other movie/show that portrays hacking as a ridiculously quick, all powerful weapon. It is a useful plot tool, you can make all kinds of hypothetical situation sound plausible because of peoples ignorance. Then if you reinforce this enough with next movie people start to believe it.
It seems like Microsoft is really going out of it's way to innovate in Windows 8.
No Windows 8 is Microsoft implementing a lot of things that Linux/BSD already have. This would include an attempt to force a first gen "Duel OS" onto its users.
In before all the stupid replies that Linux cannot be hacked.:)
I assume you mean cannot get drive-byes. Linux is hacked in broad scene rather often. Linux does not get viruses in the sense that its never happened.
I assume you mean there is likely to be similar security holes in a bleeding edge easy to use distro as windows which may be true. Linux is extremely hard to compare security on as you can everything from a full on SElinux setup to whatever ASUS use to distribute.
I think rapid updates all security wholes are fixed within a week (worse case) and a low user base make Linux so unattractive for virus spreading that no one needs to worry. When there a successful virus for Linux, then Linux security becomes non-hypothetical and decisions can be made on the security convince trade-off (as of now its just all inconvenience for malware threats).
Yes you can avoid upgrades but then you have to weigh up productivity losses as you are no longer compatible with organizations and people who have. The business model encourages making deliberate incompatibles and withholding features to speed the process up. This hurts the productivity and user experience of the product, which sucks for the end user. This is very likely to happen on mobile devices if Microsoft was to win the majority of the market share. Though i think any non-oss company would find it hard not to do the same.
They are no longer seen as tech leaders but as a company that forces you buy from them. While they get lucky with a few products their innovation generally appears as incompetent and poorly implemented (such as Win 8). Most people don't like having to buy an updated version of windows and office every few years and start to think another company might be able do a better job.
So, in your hypothetical alternative do these kids learn about and use computers at home or not? TFS implies that if it's not done at school some students not be exposed to computers at all by the time they leave school in 8 or so years (where they might need to know something about computers to get a job). TFS also says the teachers are trained in how to use the computers.
Don't build children's educational frameworks around a particular device, or an operating system, or any other single technological artefact or format.
You misunderstand the choice here. It's not choosing to base a program base on one device or many but having a laptop program to expose the kids to computer and tech skills or take 3 to 8 years to find the funding and develop a well rounded curriculum for multiple devices while the children complete their education never having used a computer at school.
Learning how to operate one device is a huge head start for real tech training than never having spent any meaningful time in front of one of them. The employer also knows that they are technologically capable and are likely to be able to learn on the job. They are being used for primary and and secondary not tertiary education.
Seriously? the project is neither little or KDE, it's has first-class multi platform support. I'm guessing you mean it has a QT client with KDE integration.
Does the OS community really hate RH?
on
Open Source Payday
·
· Score: 3, Interesting
As long we can obtain the source code for free (as in both beer and freedom) does anyone care if someone found a way to make a profit off it? I would much rather give a company selling FOSS related products so they could profit over someone else.
I think all of those have happened in Linux at some stage, with the exception of privilege escalation exploits in an IDE. It just happens less and the number of exploits is reduced due to rapid updates, on average much better admin and version fragmentation from different distros.
Once your communication goes beyond one or two sentences, it quickly becomes inferior to written- or text-based communication of some form.
In a conversation you rarely go beyond one or two sentences without some kind of feedback from the other end. Phones have always been used to decrease latency of communication.
You appear to be leet at typing on a phone touchscreen which mean you are only able to talk to 10 percent of the population anyway.
AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible
No basic automated testing of say the top 500 websites and 100 applications to see if they get a false positive is too hard or time consuming. Say they managed to block some local news site that uses some site that uses shitty java-script with adds is a mistake.
That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security
No this incident is does not prove anything like this, just that software needs decent quality testing.
Only if you first activate another terminal window. Why should I have to activate one application instance to create another?
It depends on how "expensive" a Ctl-Shift-T is to you. System resources and start-up wise its good to use the old instance of your terminal or browser (when it works you save a second or two loading the browser). They are trying to encourage new behavior (which they think is better) which is painful. They could make an option to make the default a new instance but too many people would use it and it may break the desktops design goals.
The golden rule of UI design is consistency, consistency, consistency.
I disagree the goal is intuitiveness without any significant learning curve, consistency is just the most reliable way to get there. If everyone designed for only one instance or self cloning and users understood it then it would start to make sense. There are some programs that its good not to get a second instance off.
NB : I think you need to use the keyboard to make Gnome3 work there is small list of commands somewhere. I installed lx[terminal] that works well with Alt-F2 that gets me a new instance (make a link to gnome-terminal if you need to). I do think the layout makes the best of 16:9 screens.
Ctl + Shift + N will get you a new terminal but they are probably wanting to encourage you to make a open a new tab. Yes if you have it on a different workspace it does not work well.
I do find Gnome3 works better if you use the keyboard for some of the simple task management but that's probably because they didn't change too much there.
Slashdot Mirror
For having to remember something additional about your password you want more than a bit of entropy. Its not too much harder to remember another common word at the end and get eleven or 2048 times the guesses.
Or a proper random substitution, eg replace the 14th letter with ; or insert it afterwards this also gets some real entropy.
If you think your password is possible to crack in a reasonable time and care about what it protects, you are doing it wrong.
if you mix the two you get even stronger, if you speek "leet" you would have read that password as normal english, and its something the OP could very easliy remember WHILE increasing length AND adding bits
My understanding of leet speak is its a mapping of a latin character to one of many alternative representations, that you choose to use or not.
In his case he chose a subset of the leet alphabet which allows for a one to one mapping of a letter to a number which he can choose to do or not. He can do this at random at a 50/50 split. If there is some commonly know way chose to use the leet char then this is easier to remember but only requires a trivially small amount of guesses to guess.
I count 23 number leetable letters so if you do it randomly (he is not even close to random, he has chosen characters that make it look good) you add 23 bits to the password this gives good security with 67 bits but requires you to remember 23+4 choices in sequence (some people can do this easy others not a hope to get it right first time after not having used it for a couple of weeks). Alternatively those bits could be added by adding two extra words or by using a much smaller number of proper random substitutions.
Leeting adds complexity but is insanely hard to remember and if not done randomly you probably do it similar to how everyone else did it making it easier than binary choices to guess. In his case its making a choice of one out of a set of 2 (2^1), which according to the comic is a terrible (the worst) way to do it. Randal advocates randomly choosing 1 from a set to 2^11 which is not exponentially harder to remember but exponentially harder to guess.
The problem I have with that comic is that the "strong" password is lowercase only.
I doubt Randal intended to make it an example of how to chose a password.
He made it to demonstrate that password policies are poor and alpha numeric passwords with special characters do not guarantee strength (as most people get taught).
Probably most significantly he wanted to say users suck at choosing a good password, they don't have a clue about what they are trying to stop. The number of tech people who think common substitutions make the password exponentially harder to crack too high.
Did you understand the XKCD comic?
the whole idea is random. Those similar looking numeric substitutions are binary at best adding 13 bits at best.
It's hard to remember the ones you chose and if you chose all of them you would only add 1 bit.
It's not officially supported it appears, which is even more stupid.
I think all linux (or possibly all software downloads) should be managed by Mirror Brain or similar. I guess its a bandwidth overhead but meta-links should be standard practice for large files and thus integrated into the browser.
he didn't need bittorrent, all he had to do was go to a mirror site that didn't have bandwidth issues.
What should happen is Ubuntu should provide a meta-link so you don't even have to look up the mirrors. You even get proper hash checking like bt.
Along with every other movie/show that portrays hacking as a ridiculously quick, all powerful weapon.
It is a useful plot tool, you can make all kinds of hypothetical situation sound plausible because of peoples ignorance. Then if you reinforce this enough with next movie people start to believe it.
It seems like Microsoft is really going out of it's way to innovate in Windows 8.
No Windows 8 is Microsoft implementing a lot of things that Linux/BSD already have. This would include an attempt to force a first gen "Duel OS" onto its users.
In before all the stupid replies that Linux cannot be hacked. :)
I assume you mean cannot get drive-byes. Linux is hacked in broad scene rather often. Linux does not get viruses in the sense that its never happened.
I assume you mean there is likely to be similar security holes in a bleeding edge easy to use distro as windows which may be true.
Linux is extremely hard to compare security on as you can everything from a full on SElinux setup to whatever ASUS use to distribute.
I think rapid updates all security wholes are fixed within a week (worse case) and a low user base make Linux so unattractive for virus spreading that no one needs to worry. When there a successful virus for Linux, then Linux security becomes non-hypothetical and decisions can be made on the security convince trade-off (as of now its just all inconvenience for malware threats).
Yes you can avoid upgrades but then you have to weigh up productivity losses as you are no longer compatible with organizations and people who have.
The business model encourages making deliberate incompatibles and withholding features to speed the process up. This hurts the productivity and user experience of the product, which sucks for the end user.
This is very likely to happen on mobile devices if Microsoft was to win the majority of the market share. Though i think any non-oss company would find it hard not to do the same.
They are no longer seen as tech leaders but as a company that forces you buy from them.
While they get lucky with a few products their innovation generally appears as incompetent and poorly implemented (such as Win 8).
Most people don't like having to buy an updated version of windows and office every few years and start to think another company might be able do a better job.
So, in your hypothetical alternative do these kids learn about and use computers at home or not?
TFS implies that if it's not done at school some students not be exposed to computers at all by the time they leave school in 8 or so years (where they might need to know something about computers to get a job).
TFS also says the teachers are trained in how to use the computers.
Don't build children's educational frameworks around a particular device, or an operating system, or any other single technological artefact or format.
You misunderstand the choice here. It's not choosing to base a program base on one device or many but having a laptop program to expose the kids to computer and tech skills or take 3 to 8 years to find the funding and develop a well rounded curriculum for multiple devices while the children complete their education never having used a computer at school.
Learning how to operate one device is a huge head start for real tech training than never having spent any meaningful time in front of one of them. The employer also knows that they are technologically capable and are likely to be able to learn on the job. They are being used for primary and and secondary not tertiary education.
That will run Linux. If so I am excited.
Seriously? the project is neither little or KDE, it's has first-class multi platform support. I'm guessing you mean it has a QT client with KDE integration.
As long we can obtain the source code for free (as in both beer and freedom) does anyone care if someone found a way to make a profit off it?
I would much rather give a company selling FOSS related products so they could profit over someone else.
I think all of those have happened in Linux at some stage, with the exception of privilege escalation exploits in an IDE.
It just happens less and the number of exploits is reduced due to rapid updates, on average much better admin and version fragmentation from different distros.
Who gives a shit if it uses a little bit more memory. I just bought 16GB of RAM for $75. It isn't 1991 anymore.
Have a look at your local DDR2 RAM prices. Its become legacy hardware and is rather expensive.
How many successful products aren't copied like this?
As far as I know ASUS don't use locked boot loaders and most major Linux Distros are wanting to get a ARM build working as soon as possible.
Once your communication goes beyond one or two sentences, it quickly becomes inferior to written- or text-based communication of some form.
In a conversation you rarely go beyond one or two sentences without some kind of feedback from the other end. Phones have always been used to decrease latency of communication.
You appear to be leet at typing on a phone touchscreen which mean you are only able to talk to 10 percent of the population anyway.
This is a really bad example for this argument. It is not an example of good, properly tested scanner failing.
AV software based on signatures has a very high probability of doing things like that and testing all common possibilities is very hard or impossible
No basic automated testing of say the top 500 websites and 100 applications to see if they get a false positive is too hard or time consuming. Say they managed to block some local news site that uses some site that uses shitty java-script with adds is a mistake.
That also shows that AV software is, at best, a temporary measure. IMO the future is better OS security (and here MS is to blame), better application security
No this incident is does not prove anything like this, just that software needs decent quality testing.
Only if you first activate another terminal window. Why should I have to activate one application instance to create another?
It depends on how "expensive" a Ctl-Shift-T is to you. System resources and start-up wise its good to use the old instance of your terminal or browser (when it works you save a second or two loading the browser). They are trying to encourage new behavior (which they think is better) which is painful. They could make an option to make the default a new instance but too many people would use it and it may break the desktops design goals.
The golden rule of UI design is consistency, consistency, consistency.
I disagree the goal is intuitiveness without any significant learning curve, consistency is just the most reliable way to get there. If everyone designed for only one instance or self cloning and users understood it then it would start to make sense. There are some programs that its good not to get a second instance off.
NB : I think you need to use the keyboard to make Gnome3 work there is small list of commands somewhere. I installed lx[terminal] that works well with Alt-F2 that gets me a new instance (make a link to gnome-terminal if you need to). I do think the layout makes the best of 16:9 screens.
Ctl + Shift + N will get you a new terminal but they are probably wanting to encourage you to make a open a new tab.
Yes if you have it on a different workspace it does not work well.
I do find Gnome3 works better if you use the keyboard for some of the simple task management but that's probably because they didn't change too much there.