That's why I said there's nothing wrong with hashing your own passwords. However, in practice, just about every web site has its own quirky rules about what can or can't be used as a password, which makes it hard to use any single system for all of them.
You don't have to trust the client-side hashing function, as ordinarily you're not expecting it to be implemented on top of ordinary security. It's simply a bonus level of security a site can provide
From the user's perspective, the same benefits would be obtained equally well by simply not re-using passwords. From the web designer's perspective, there's no benefit to hashing on the client vs. on the server.
even in the case of SSL transport, in case the receiver is compromised
The hash is still the password, so if the receiver is compromised, you get the password.
If the protocol enforces hashing on the client-side before sending, you don't have to worry about trusting the client-side or javascript being disabled.
There's nothing wrong with hashing your own password so that someone can't infer "mypassword@sourceforge" from "mypassword@slashdot", but you can't trust a client-side hash function any more than you can trust the server-side authentication, unless it's your client-side hash function.
There's no benefit in designing a login form that hashes the password before it's sent, as long as the form is using SSL. Furthermore, there's no backward-compatibility for people who have Javascript disabled. They can't log in.
If the MD5 is all that gets sent, it is the password. If someone gets the MD5 hashes they can log in by hacking the Javascript to send the MD5 without ever having the original password.
If it helps, you can think of it as an MP4 container that's been oddly named for no other reason than to force QuickTime on people who don't know any better.
Actually, I'd expect a "Download" link to actually point to a URL that will load no matter what your user agent string is. But I'm not installing the QuickTime plugin to see whether the "Download" link actually works when QuickTime is installed.
The nuke detonates and temporarily interrupts the transistor radio that's playing, and then it starts working again a few seconds later... The only "EMP weapons" that have done anything require direct conductivity (think Tazer).
Okay, but how well does a transistor radio work after being microwaved on high for a few seconds? No direct conductivity required...
In FF, use the User Agent Switcher add-on to set the user agent to "QuickTime/7.6.2", or go to about:config and create a general.useragent.override String with a value of "QuickTime/7.6.2". Once the user agent is set, right-click and save link as.
No, "protip" for you: there IS room to exit the intersection, just not an open path TO that room while the oncoming traffic still has a green light, which is why you must yield and wait for it.
"Gridlock" is caused when you pull into an intersection when there really IS NO room to exit it, and yes, it's illegal.
"Clearing" the intersection means there is room outside of the intersection for you. There may be vehicles inside the intersection which are blocking your path out of the intersection, but it is generally assumed that once the light turns red everyone inside the intersection will exit the intersection as soon as they are able. As long as you have room to exit the intersection, there is nothing wrong with stopping inside of it.
"Entering the intersection is one thing. However, stopping in an intersection in Texas is prohibited at any time."
That is incorrect. It is not prohibited "at any time". There are specific times at which it is not prohibited, as described in the law. You are referring to Sec. 545.302,
(a) An operator may not stop, stand, or park a vehicle... (3) in an intersection
However, go further in the same section and there are specific instances in which it isn't prohibited:
(f) Subsections (a), (b), and (c) do not apply if the avoidance of conflict with other traffic is necessary or if the operator is complying with the law or the directions of a police officer or official traffic-control device.
I interpret that to mean that if you legally enter the intersection on a green light but there is a conflict with other traffic, you may stop in the intersection until it clears and you are able to proceed. You are complying with the laws by yielding the right of way to oncoming traffic and you are obeying the traffic-control device.
This web site takes the same interpretation of that section of the Texas transportation code. Also, the Texas Drivers Handbook(PDF) states that when making a left turn you should "Stay to the right of the centerline as you enter the intersection" and then "Yield the right-of-way to any vehicle approaching from the opposite direction". The accompanying graphic shows the vehicle in the intersection at that step.
"You cannot enter the intersection on a yellow unless in your judgement you cannot safely stop from your current position/speed."
You're wrong. Ohio's law says no such thing. It states that traffic shall not enter the intersection on red. Yellow is just a warning that red is coming.
Vehicular traffic, streetcars, and trackless trolleys facing a steady circular yellow or yellow arrow signal are thereby warned that the related green movement is being terminated or that a red indication will be exhibited immediately thereafter when vehicular traffic, streetcars, and trackless trolleys shall not enter the intersection.
"You cannot - CANNOT - enter an intersection if you cannot completely pass through it, even if you have a green light. This is known as blocking an intersection. This applies equally whether you are trying to go straight forward, or turn left."
The actual law reads thusly:
No driver shall enter an intersection or marked crosswalk or drive onto any railroad grade crossing unless there is sufficient space on the other side of the intersection, crosswalk, or grade crossing to accommodate the vehicle, streetcar, or trackless trolley the driver is operating without obstructing the passage of other vehicles, streetcars, trackless trolleys, pedestrians, or railroad trains, notwithstanding any traffic control signal indication to proceed.
If there is sufficient space on the other side (the side to which you're turning) for your vehicle, you are absolutely permitted to enter the intersection while there is still opposing traffic that prevents you from turning left. Once the light is red, as long as everyone who is in the intersection has room to get out of the intersection, that law has not been violated.
"According to the law*, a yellow light is to be treated as a red light *if* the vehicle can safely stop.... all vary state to state, but this is generally speaking the case"
Is that so? This is what Missouri state law has to say about vehicles facing a yellow light:
Vehicular traffic facing a steady yellow signal is thereby warned that the related green movement is being terminated or that a red indication will be exhibited immediately thereafter when vehicular traffic shall not enter the intersection
That says traffic shall not enter the intersection on red, and yellow is nothing more than a warning that the red light is coming.
And if I remember correctly, increasing the length of the yellow light to a reasonable time has the same effect on reducing the t-bone collisions without causing the rear-end accidents.
If you put a resistor in series with the LED, the voltage across the LED should remain fairly constant (I think), so you could put your circuit in parallel with it and regulate the voltage pretty well if your input voltage changed slightly. You're not expecting drastic changes, just slight diminishing in the voltage over time as the battery gets drained.
Just as a disclaimer, I was better with the computers than I was with the electronics in my ECE major, and it was a few years ago.
I don't feel like stumbling through pornsites looking for exploits, but I think these AdBlock Plus filters should prevent any such attacks. Let me know if you try verifying this.
It wasn't static. It went out of scope and was lost when the context switched.
If you created a stronger association between the object and the room you'd picked it up in, it would be more likely that the memory would still exist in that context when you returned to it.
Slashdot Mirror
That's why I said there's nothing wrong with hashing your own passwords. However, in practice, just about every web site has its own quirky rules about what can or can't be used as a password, which makes it hard to use any single system for all of them.
You don't have to trust the client-side hashing function, as ordinarily you're not expecting it to be implemented on top of ordinary security. It's simply a bonus level of security a site can provide
From the user's perspective, the same benefits would be obtained equally well by simply not re-using passwords. From the web designer's perspective, there's no benefit to hashing on the client vs. on the server.
even in the case of SSL transport, in case the receiver is compromised
The hash is still the password, so if the receiver is compromised, you get the password.
If the protocol enforces hashing on the client-side before sending, you don't have to worry about trusting the client-side or javascript being disabled.
Maybe you have confused hashing with encryption.
There's nothing wrong with hashing your own password so that someone can't infer "mypassword@sourceforge" from "mypassword@slashdot", but you can't trust a client-side hash function any more than you can trust the server-side authentication, unless it's your client-side hash function.
There's no benefit in designing a login form that hashes the password before it's sent, as long as the form is using SSL. Furthermore, there's no backward-compatibility for people who have Javascript disabled. They can't log in.
Do you have any idea how many that is?
16^32 = 3.4x10^38
If they could try 1M hashes per second, that would take over 10^25 years...
If the MD5 is all that gets sent, it is the password. If someone gets the MD5 hashes they can log in by hacking the Javascript to send the MD5 without ever having the original password.
If it helps, you can think of it as an MP4 container that's been oddly named for no other reason than to force QuickTime on people who don't know any better.
It's Apple. What did you expect?
No argument there.
Actually, I'd expect a "Download" link to actually point to a URL that will load no matter what your user agent string is. But I'm not installing the QuickTime plugin to see whether the "Download" link actually works when QuickTime is installed.
Yeah, but it makes no sense to have a "Download" link that doesn't work.
Did you click it? I did. It sent me to http://trailers.apple.com/ and didn't download anything.
Probably I need the QuickTime plugin. Screw that, I'm not installing QuickTime.
The nuke detonates and temporarily interrupts the transistor radio that's playing, and then it starts working again a few seconds later ... The only "EMP weapons" that have done anything require direct conductivity (think Tazer).
Okay, but how well does a transistor radio work after being microwaved on high for a few seconds? No direct conductivity required...
In FF, use the User Agent Switcher add-on to set the user agent to "QuickTime/7.6.2", or go to about:config and create a general.useragent.override String with a value of "QuickTime/7.6.2". Once the user agent is set, right-click and save link as.
No, "protip" for you: there IS room to exit the intersection, just not an open path TO that room while the oncoming traffic still has a green light, which is why you must yield and wait for it.
"Gridlock" is caused when you pull into an intersection when there really IS NO room to exit it, and yes, it's illegal.
"Clearing" the intersection means there is room outside of the intersection for you. There may be vehicles inside the intersection which are blocking your path out of the intersection, but it is generally assumed that once the light turns red everyone inside the intersection will exit the intersection as soon as they are able. As long as you have room to exit the intersection, there is nothing wrong with stopping inside of it.
"Entering the intersection is one thing. However, stopping in an intersection in Texas is prohibited at any time."
That is incorrect. It is not prohibited "at any time". There are specific times at which it is not prohibited, as described in the law. You are referring to Sec. 545.302,
(a) An operator may not stop, stand, or park a vehicle ... (3) in an intersection
However, go further in the same section and there are specific instances in which it isn't prohibited:
(f) Subsections (a), (b), and (c) do not apply if the avoidance of conflict with other traffic is necessary or if the operator is complying with the law or the directions of a police officer or official traffic-control device.
I interpret that to mean that if you legally enter the intersection on a green light but there is a conflict with other traffic, you may stop in the intersection until it clears and you are able to proceed. You are complying with the laws by yielding the right of way to oncoming traffic and you are obeying the traffic-control device.
This web site takes the same interpretation of that section of the Texas transportation code. Also, the Texas Drivers Handbook(PDF) states that when making a left turn you should "Stay to the right of the centerline as you enter the intersection" and then "Yield the right-of-way to any vehicle approaching from the opposite direction". The accompanying graphic shows the vehicle in the intersection at that step.
"You cannot enter the intersection on a yellow unless in your judgement you cannot safely stop from your current position/speed."
You're wrong. Ohio's law says no such thing. It states that traffic shall not enter the intersection on red. Yellow is just a warning that red is coming.
Vehicular traffic, streetcars, and trackless trolleys facing a steady circular yellow or yellow arrow signal are thereby warned that the related green movement is being terminated or that a red indication will be exhibited immediately thereafter when vehicular traffic, streetcars, and trackless trolleys shall not enter the intersection.
"You cannot - CANNOT - enter an intersection if you cannot completely pass through it, even if you have a green light. This is known as blocking an intersection. This applies equally whether you are trying to go straight forward, or turn left."
The actual law reads thusly:
No driver shall enter an intersection or marked crosswalk or drive onto any railroad grade crossing unless there is sufficient space on the other side of the intersection, crosswalk, or grade crossing to accommodate the vehicle, streetcar, or trackless trolley the driver is operating without obstructing the passage of other vehicles, streetcars, trackless trolleys, pedestrians, or railroad trains, notwithstanding any traffic control signal indication to proceed.
If there is sufficient space on the other side (the side to which you're turning) for your vehicle, you are absolutely permitted to enter the intersection while there is still opposing traffic that prevents you from turning left. Once the light is red, as long as everyone who is in the intersection has room to get out of the intersection, that law has not been violated.
Ohio Revised Code, Chapter 4511
"According to the law*, a yellow light is to be treated as a red light *if* the vehicle can safely stop. ... all vary state to state, but this is generally speaking the case"
Is that so? This is what Missouri state law has to say about vehicles facing a yellow light:
Vehicular traffic facing a steady yellow signal is thereby warned that the related green movement is being terminated or that a red indication will be exhibited immediately thereafter when vehicular traffic shall not enter the intersection
That says traffic shall not enter the intersection on red, and yellow is nothing more than a warning that the red light is coming.
And if I remember correctly, increasing the length of the yellow light to a reasonable time has the same effect on reducing the t-bone collisions without causing the rear-end accidents.
No, it isn't. You're a moron and either don't live here or shouldn't be allowed to drive here.
If you put a resistor in series with the LED, the voltage across the LED should remain fairly constant (I think), so you could put your circuit in parallel with it and regulate the voltage pretty well if your input voltage changed slightly. You're not expecting drastic changes, just slight diminishing in the voltage over time as the battery gets drained.
Just as a disclaimer, I was better with the computers than I was with the electronics in my ECE major, and it was a few years ago.
http://forum.allaboutcircuits.com/showthread.php?t=15170
The best counter-counter argument here is "But it IS different. We were lying when we said it's no different."
FTFY.
I don't feel like stumbling through pornsites looking for exploits, but I think these AdBlock Plus filters should prevent any such attacks. Let me know if you try verifying this.
||mail.yahoo.com^$third-party,domain=~yahoo.net
||mail.yahoo.net^$third-party,domain=~yahoo.com
||mail.yimg.com^$third-party,domain=~yahoo.com|~yahoo.net
||msg.yahoo.com^$third-party
It wasn't static. It went out of scope and was lost when the context switched.
If you created a stronger association between the object and the room you'd picked it up in, it would be more likely that the memory would still exist in that context when you returned to it.
Yes, it's pretty obvious really. It's a context switch.