I don't think you understand the concept that the xkcd advocates.
The ars technica article is pointing out that context can grossly reduce the entropy in any given search space. If you're going to test combinations of words from different languages, for instance, you shouldn't bother with "crotalus fthagn" or "Cthulhu atrox" until you've already tried "crotalux atrox" and "Cthulhu fthagn". The point is that you can't beat the password crackers by picking something from an obscure search space -- in other words, it's a classic point against security by obscurity.
The XKCD is making a different point: that passwords comprised of unrelated words deprive the attacker of such information and are resistant to attack not because of the obscurity of the search space in which they're found, but because of its size. Perhaps 44 bits of entropy isn't enough to defeat extensive computational resources, but the point is that six words chosen out of the dictionary at random, all in lowercase, with spaces between them is a better password than "Cthulhu fthagn" because modern datamining techniques mean that it's likely to appear in someone's dictionary after all.
Those supercomputers are made of x86 CPU's and GPU's (mostly). Those things are optimized for floating point performance and memory bandwidth, and have complicated memory hierarchies to keep all of the compute bits fed.
Computing hashes requires none of this, which is why an ASIC built for Bitcoin mining is so much faster than a GPU, which is built for other things. It's true that all the physicists in the world couldn't out-hash the Bitcoin network with our supercomputers, but that's not a realistic attack avenue anyway; the thing to worry about is the NSA spending $1 billion on ASICs.
You don't always have internet access. Wifi doesn't work, people's authentication systems don't work. Sometimes you want to draft replies to people's letters on an airplane and send them when you land. In short, there are lots of reasons why you can't get to The Cloud to see your mail.
Mail is lightweight. Why *shouldn't* I store my mail locally, so I can get at it no matter what? What benefit do I get from using a webmail interface over an IMAP client?
Yes, I know that things like gmail offer imap access, and that's what I use. I completely understand why companies like Google are pushing "everything is inside the browser" -- it locks people in. But what I don't understand is why people are willing to go along with it.
I'd rather put up with two hours of airline passengers than thirty minutes of the sorts of respectable citizens that ride the bus in Washington anywhere east of Rock Creek Park. People eat fried chicken and throw the bones on the bus floor and guffaw at each other; last time a lovely lady told the driver to "shut the fuck up and drive" after he told her to stop bothering all the other passengers.
... until the next time when Congress gets collectively drunk and decides to shut down the government, and someone puts up Faraday-cage Barrycades* around the GPS satellites. Yes, it sounds crazy -- but so did the Barrycades around the memorials at the National Mall, until the Feds did it.
Point is, governments occasionally get crazy and do crazy things. So do the European ones, of course, but it's nice to be able to use satellite navigation even if one particular government goes crazy and throws a tantrum.
*Referencing Barack Obama's nickname, name given to the barricades erected at random around public property to make the government shutdown look bad
We are your friends. Actually. We've been your allies for a long time and we've been faithful throughout. I'm not sure what we'd have to do to improve your impression.
Stop being a bully. Listen to your friends, rather than deriding them as "Old Europe", when they tell you that the Iraq war is a shitty idea.
I wish someone would tell us that, since France seems to be a mostly peaceful country these days (more than the US), and that would be one more stick with which to whack my government with when it gets bellicose.
Speeding fines on all roads? Fuck, to me that's reason enough to let them do it. STOP FUCKING BREAKING THE LAW. If you want to speed, campaign for higher speed limits (a proposal TOTALLY IGNORED by the electorate last time it was brought up in the UK political system), not disregarding the laws we have.
You'll notice that on many roads, nearly all drivers go substantially faster than the speed limit. These are isolated roads (in the US: Eisenhower interstate highway system), not residential streets where both drivers and nearby residents have an interest in how the speed limit is set. On the interstate, the only folks whose opinion really matters is the folks who drive on it. So why, then, is the speed limit on (say) the 495 a paltry 55mph when a majority of drivers clearly want it to be higher?
The people who impose traffic laws (at least in the US) are legendarily unresponsive to the public will.
If that tax isn't intended to be confiscatory or punitive (i.e. "we hate cars a lot", as with many urban planner types), but economic ("let's use price signals to balance supply and demand of a finite resource"), then it's a great idea -- so long as the data don't get used for something nefarious, which is a long shot. Some places in the US do this, with billboards saying things like "it's 50 cents to go this way", and transponders (EZPass) in the cars.
I don't understand how announcing them in advance gets around 4th amendment issues: we paid for those roads. They don't belong to the cops, they belong to us. Saying "you can't drive on the roads without going through these checkpoints, which are only legal since we announced them in advance" makes no sense.
Yes, my license to drive is conditional on me being sober. It does not give the government permission to harass me to see if I am sober without any evidence that I am not.
Exactly. There was a columnist for the Examiner (local right-wing newspaper) who documented every step of what was necessary to get a handgun; it took many months and many visits to the police station and many hundreds of dollars -- all for a weapon that she can't take out of her house.
I don't own a gun and don't really want to, and think that people who on a daily basis carry concealed are perhaps a little weird. Then, I don't live in Anacostia; were I a woman who worked the night shift there? You'd better bet I'd want protection during the commute.
Washington DC has a de facto ban on guns in these places, since it has a de facto ban on handguns. At the university where I work, there was a "CAMPUS ALERT!" that went out about a year ago saying "a MAN with a GUN was spotted near campus, everyone be careful, the police are looking for him". My reaction was "wait, has he actually shot or threatened anyone?" Nope, was just a dude with a gun, but that's not allowed here.
Arizona (a place with very liberal gun laws) incidentally gives property owners a strong right to prohibit firearms: the assumption is that guns are allowed if they're not forbidden, and many bars and restaurants have "no guns allowed" signs by their doors. You don't lose your concealed carry license because no such license is required there, of course.
It's only because of a one-off event that people know who's been helping out the NSA. Can you count on future such events to tell you who should be trusted?
Slashdot Mirror
I don't think you understand the concept that the xkcd advocates.
The ars technica article is pointing out that context can grossly reduce the entropy in any given search space. If you're going to test combinations of words from different languages, for instance, you shouldn't bother with "crotalus fthagn" or "Cthulhu atrox" until you've already tried "crotalux atrox" and "Cthulhu fthagn". The point is that you can't beat the password crackers by picking something from an obscure search space -- in other words, it's a classic point against security by obscurity.
The XKCD is making a different point: that passwords comprised of unrelated words deprive the attacker of such information and are resistant to attack not because of the obscurity of the search space in which they're found, but because of its size. Perhaps 44 bits of entropy isn't enough to defeat extensive computational resources, but the point is that six words chosen out of the dictionary at random, all in lowercase, with spaces between them is a better password than "Cthulhu fthagn" because modern datamining techniques mean that it's likely to appear in someone's dictionary after all.
This is a little deceptive.
Those supercomputers are made of x86 CPU's and GPU's (mostly). Those things are optimized for floating point performance and memory bandwidth, and have complicated memory hierarchies to keep all of the compute bits fed.
Computing hashes requires none of this, which is why an ASIC built for Bitcoin mining is so much faster than a GPU, which is built for other things. It's true that all the physicists in the world couldn't out-hash the Bitcoin network with our supercomputers, but that's not a realistic attack avenue anyway; the thing to worry about is the NSA spending $1 billion on ASICs.
You don't always have internet access. Wifi doesn't work, people's authentication systems don't work. Sometimes you want to draft replies to people's letters on an airplane and send them when you land. In short, there are lots of reasons why you can't get to The Cloud to see your mail.
Mail is lightweight. Why *shouldn't* I store my mail locally, so I can get at it no matter what? What benefit do I get from using a webmail interface over an IMAP client?
Yes, I know that things like gmail offer imap access, and that's what I use. I completely understand why companies like Google are pushing "everything is inside the browser" -- it locks people in. But what I don't understand is why people are willing to go along with it.
I'd rather put up with two hours of airline passengers than thirty minutes of the sorts of respectable citizens that ride the bus in Washington anywhere east of Rock Creek Park. People eat fried chicken and throw the bones on the bus floor and guffaw at each other; last time a lovely lady told the driver to "shut the fuck up and drive" after he told her to stop bothering all the other passengers.
Even with a perfect link cell connections are shit. Compare what your cellphone sounds like to Speex 16kbps; it's remarkable.
The more people accept Bitcoin for stuff, the more stable the price will be -- when it becomes more of a currency and less of an investment.
s/Democrat/politician
... until the next time when Congress gets collectively drunk and decides to shut down the government, and someone puts up Faraday-cage Barrycades* around the GPS satellites. Yes, it sounds crazy -- but so did the Barrycades around the memorials at the National Mall, until the Feds did it.
Point is, governments occasionally get crazy and do crazy things. So do the European ones, of course, but it's nice to be able to use satellite navigation even if one particular government goes crazy and throws a tantrum.
*Referencing Barack Obama's nickname, name given to the barricades erected at random around public property to make the government shutdown look bad
This, exactly.
Nobody wants to invade Europe because Europe is most valuable, to pretty much everyone else, as a peaceful trading partner.
We are your friends. Actually. We've been your allies for a long time and we've been faithful throughout. I'm not sure what we'd have to do to improve your impression.
Stop being a bully. Listen to your friends, rather than deriding them as "Old Europe", when they tell you that the Iraq war is a shitty idea.
I wish someone would tell us that, since France seems to be a mostly peaceful country these days (more than the US), and that would be one more stick with which to whack my government with when it gets bellicose.
You'll notice that on many roads, nearly all drivers go substantially faster than the speed limit. These are isolated roads (in the US: Eisenhower interstate highway system), not residential streets where both drivers and nearby residents have an interest in how the speed limit is set. On the interstate, the only folks whose opinion really matters is the folks who drive on it. So why, then, is the speed limit on (say) the 495 a paltry 55mph when a majority of drivers clearly want it to be higher?
The people who impose traffic laws (at least in the US) are legendarily unresponsive to the public will.
If that tax isn't intended to be confiscatory or punitive (i.e. "we hate cars a lot", as with many urban planner types), but economic ("let's use price signals to balance supply and demand of a finite resource"), then it's a great idea -- so long as the data don't get used for something nefarious, which is a long shot. Some places in the US do this, with billboards saying things like "it's 50 cents to go this way", and transponders (EZPass) in the cars.
They've already done that: if you live too near the border (which I did), the 4th Amendment doesn't apply.
There is no love lost between the Border Patrol and the population of southern Arizona, white and Hispanic, immigrant and native.
Guilt by statistics is not a legal principle. Shall we just search everyone's house while we're at it, since someone's smoking pot somewhere?
I don't understand how announcing them in advance gets around 4th amendment issues: we paid for those roads. They don't belong to the cops, they belong to us. Saying "you can't drive on the roads without going through these checkpoints, which are only legal since we announced them in advance" makes no sense.
Yes, my license to drive is conditional on me being sober. It does not give the government permission to harass me to see if I am sober without any evidence that I am not.
+1, imagery
Exactly. There was a columnist for the Examiner (local right-wing newspaper) who documented every step of what was necessary to get a handgun; it took many months and many visits to the police station and many hundreds of dollars -- all for a weapon that she can't take out of her house.
I don't own a gun and don't really want to, and think that people who on a daily basis carry concealed are perhaps a little weird. Then, I don't live in Anacostia; were I a woman who worked the night shift there? You'd better bet I'd want protection during the commute.
Washington DC has a de facto ban on guns in these places, since it has a de facto ban on handguns. At the university where I work, there was a "CAMPUS ALERT!" that went out about a year ago saying "a MAN with a GUN was spotted near campus, everyone be careful, the police are looking for him". My reaction was "wait, has he actually shot or threatened anyone?" Nope, was just a dude with a gun, but that's not allowed here.
Arizona (a place with very liberal gun laws) incidentally gives property owners a strong right to prohibit firearms: the assumption is that guns are allowed if they're not forbidden, and many bars and restaurants have "no guns allowed" signs by their doors. You don't lose your concealed carry license because no such license is required there, of course.
And then folks like Opera Software will say "US who?" and continue doing exactly what they did before.
The republicans didn't vote to stop Obamacare because they don't like big government.
They voted to stop Obamacare because it's not their big government.
It's only because of a one-off event that people know who's been helping out the NSA. Can you count on future such events to tell you who should be trusted?
Do we need safety, or do we need the TSA? The correlation is a bit weak.
they have successfully tested remote flying of an aircraft through takeoff, flight, and landing
The US uses said remote aircraft to murder people pretty often.