That's problematic, but everyone getting those messages will realize you got hacked anyway.
I apparently had a windows live account that got hacked. Not really sure when, not really sure how since I don't recall having used it for years. it sent out some spam before MS shut it down and some friends where kind enough to let me know it was sending out stuff. Everyone was well aware that the account was hacked, and to most people its not obvious if its your fault you got hacked or the fault of the site owner.
Web development and security is a 2nd or 3rd year class. You only get 4 years before you're expected to go off and be able to work on any reasonable system. Developing a new salt or hash algorithm is a 4th year and grad school problem, knowing how to use them is 2nd or 3rd (depends on your school and where it fits with other courses).
For my undergrad web development was a 3rd year course (so they assumed you knew data structures already, but that could have been second semester of second year too). Security was a 3rd year topic as part of networking. 4th year networking was advanced topics that would prepare you to know what academic journals to read to do research in the area or keep up to date with it. We also had the students build a real mobile project for the university at a 4th year level. Web development and how to use salting and hashing algorithms is definitely only a 2nd or 3rd year level problem.
Oh of course it's been going on, it's been going on really widespread for 20 years. But there two most obvious places where we can eliminate redundant people with the next major rounds of technology are in law and medicine, at least to me. Other people may have other ideas as well. After that there will be new areas that can be dealt with, and before that secretaries (typing pools) and manual labour jobs got axed etc. etc. etc.
We also put artists out of business, but in many cases that's just changing their workflow. Rather than spending 3 years making trees for a game or a movie they spend 3 days using an algorithm to generate the trees, 3 or 4 touching it up, and then they get on with actually doing something creative.
If I were to guess the next step after law and medicine it will be transportation and business, and then a lot of retail. Self driving cars, automated checkouts (rfid tag everything), robotic shelf stocking, most of the routine business supply chain management stuff are all really problems better solved by computers. But those are relatively hard or expensive problems to solve so we're quite a ways away from widespread adoption of those technologies.
Well ya. but we haven't come far enough. Unemployment for lawyers at the school I'm at is only about 50% for new grads. Hopefully with some work we're doing in comp sci we can get that up to 75 or 80%, and some of that can be permanent, and force the law school to contract. If we could wipe out patent lawyers (and admittedly, I'm in canada so our patent lawyers in many cases exist because we have to figure out how to navigate foreign patents rather than our own) that might even be better for technology.
This isn't new. Computers put people out of work if they're doing work that is best done by computer. That's why we build them at all.
I expect the fields most susceptible to being replaced by computers are lawyers and doctors. Any problem that is an exercise in searching or sorting is better done by computers than people, and is something we're particularly good at. There will always be lawyers and doctors, but they will transition to using a computer for more searching for case law for example than having low level employees dig through paperwork themselves, and the diagnostic part of medicine will become much more automated, with diagnostic equipment having its results interpreted by the computer rather than just an image being spat out and read by a technician and then a doctor.
I don't see financial market prediction going away. Quite the contrary they use computational tools and have for a long time, and disagree on what the important factors are and how they should be weighted. A computer will simplify some of that process, but that's not a problem that actually has a correct or optimal solution.
If your job can be done by a robot, it will be. If your job can be done better by a scientist, and that work can be done on computer it will be. That's progress.
Except the SAT is an example of federal level (if not federal government administered)standardized testing for the purposes of comparison and defining what makes a good school and student, and teachers preparing students had to teach to that test. Students went through all of the problems associated with a standardized test, and worse yet, a *single* standardized test. No unrealistic pressure there.
And I'm canadian, we get US applicants for grad school (and undergrads). Your 'college accreditation' system is a joke. Unless you went to a school I recognize I have no way to know if you went to a legitimate place or not, or at least, not quickly. I don't want to spend hours researching thousands of students individually, but I can't trust your education system, because it's half fraudulent.
And your premise is that parents are going to move states to educate their children. That might be true, but what if dear old dad believes you shouldn't be exposed to ideas like evolution or electricity? States running the show creates competition, but it also creates competition for stupidity, allowing the willfully ignorant to both reinforce that believe and isolate their children from competing believes, and it creates a death spiral for places that do badly, have people leave, and so then they're worse off, and will do worse.
Greece and spain being the perfect examples, where anyone who can is going to try and leave those countries, leaving them with less people, less money and the proportionally more problems as time goes on.
That assumes parents know what is best for their children. If they fall into the category of 'no evolution and no climate change' they do not.
And my point is the federal government should have overarching responsibility for it. It's not that I'm right and texas is wrong, it's that the role of government is to make sure you aren't being fucked over because you made the mistake of being born in the wrong place. If everyone gets the same bad education then at least everyone is in the same boat, and you aren't any better or worse off if you happen to be born in the wrong place or you have parents who are brain dead. It also means you could be fairly treated by people from everywhere else. I'm canadian, at a canadian university, when I get a US student I have no idea if they went to a branded homeschool arrangement where they learned nothing, or went to a prestigious highschool. I have no way to know if (for example) the University of Phoenix is legitimate and the University of Los Angles isn't. Which means if you *did* go to a legitimate place you're being disadvantaged by those who didn't, and if you went to a fraudulent school you were sold snake oil. Neither of which needs to happen.
1. Because iran has money. 2. Because there are 70 million people in Iran, the vast majority of whom are not engaged in trying to kill americans or europeans. 3. Because lots of people, especially in europe, believe that US sanctions are counter productive, and so don't have such sanctions.
Also keep in mind there are lots of things that aren't barred from export to Iran, and lots of things are sold legally to other countries and then illegally re-exported to Iran. Most notably to qatar and bahrain, but other places as well.
If it's intended to run on not networked control systems (say the ones being used in hardened bunkers to make nuclear weapons components) that wouldn't help you a lot.
Those computers probably start network connected to get setup, and are then disconnected for work, precisely the time you want your malware to do its thing. They circumvent the hooks into windows update knowing that they'll all have windows updates run on them before the get pulled off.
There's not really a convention on this. Depends on the type of software, whether you can (and will ) reuse any or all of it, making pushing fixes back viable.
Really the only way to get indefinite support is to develop it yourself in house, and that isn't free. You simply have to tell your client that what he wants is not something you're prepared to do, and anyone else offering to do it is almost certainly overshooting their capabilities or lying. You can't retain staff 7 years from now to fix problems some custom piece of code you wrote today, and training someone up that far in the future may not be feasible.
I had a project a few years ago to try and recover some working code from an Apple 2, and last year I was asked to try and find a way to read some CP/M disks. Those problems *can* be solved. But you're looking at a huge amount of time to try and solve them.
The most I would ever commit to a single contract for personally is 5 years. Any more than that and the entire industry could shift and you have no way to be prepared for that. Remember IE6 was replaced in 2006, so that's only 6 years ago, and think of the chaos that causes, and think of the problems with trying to convert code written for IE6 to well... anything else. You're looking at a complete rewrite basically. If you write your code today for regular old Windows 7, well in 5 years windows 9 could be (for all we know) entirely ARM, and only use the metro UI, or the entire industry could have shifted to something other than windows. You don't want to be, and can't risk being on the hook for that. Web services... PHP and sql I would expect to stick around longer than 5 years but languages change and that could be a real pain.
It depends how long and how big the project is, but I would be willing to bake into the price a fixed fee for a year or two after a contract is done without batting an eye. Especially a big contract. Much longer than that and I'd be looking for maintenance in the contract, and as I say, I wouldn't under any circumstances agree to anything more than 5 years out. You can agree to reevaluate the contract in 5 years time if you are so inclined but that's about it.
In short: Indefinite support, no way, no one sane or honest will agree to that. In terms of negotiating actual rates... depends very much on how big the project is. 20 developers for 2 years is very different than 4 for 3 months.
MS has different types of lifecycle support, which will eventually come to an end. When you buy windows part of that is making a contract with microsoft for their support as laid out in their policies.
It's something like 5 years for general updates and so on, and then another 5 years for major fixes from the date of release of the software (not the date you signed the contract). With Xp specifically, they basically restarted the clock with I think SP1 and SP2 but not SP3.
Except this really has nothing to do with open source. MS offers a computing cloud, and they offer various options on the computing cloud because they want to make money. Some of those things happen to be open source.
MS open sourcing one of their major product lines would be open source news. This is 'cloud provider has wide variety of services'. It's not going to make open source OS's mainstream on the desktop, and there's a wide array of open source software for windows. Azure is (for the moment) an enterprise product, for enterprise users, and you're right, they've been readily using open source for some things since the 90's.
Microsoft never got much past 50% of the server market, and I think they're down around 40% these days, depending on how you count it. Considering azure is basically a giant platform service they couldn't aim to be a serious single solutions provider business and only host windows.
I was on the phone to an nvidia rep about a week after that happened. They had a very very very bad time with that one.
Both companies have had their occasional spectacularly bad driver releases, that, in the course of years of business is not a huge surprise.
I think this is more about AMD not bothering to keep their drivers in step with modern windows software practices. There's a strong case for "if it works" (which generally it does) don't break it, but eventually have to keep up with technology and AMD will have to. But at this point I would think they've forgotten about anything major for windows 7 or less, and are only really thinking about windows 8. What they should do for that is a fair point.
The passwords aren't salted at all, we already knew that.
And I'm not being elitist. A job seeking site is as close as you can get to taking basically everything important in someones identity shy of their social insurance/security number and bank account information, and some people have (or used to have) that info on resumes. Their work history, work contacts, education, address, contact info etc it's all there, the entire history of your professional life. I fully expect a huge portion of users to have terrible passwords. Because on every service in existence lots of people have terrible passwords. And my point is if your password is 12345678 you're not meaningfully less secure now than you were 2 days ago. Especially not without salting.
Any minimally competent man in the middle attack of any sort could have gotten the password hashes, or one could simply, on any service, try the few most common passwords on every account you can find and see what happens. This is not meaningfully worse than being able to do that.
'most' is a strong word here. If most people have terrible passwords there was never really anything you could do to save them and their accounts, especially if they reused those passwords.
The interesting part is the ones that won't show up in rainbow tables.
Sure. But people with trivial passwords never had any hope of security anyway, we can discount those accounts and identities and write them off with or without this leak. It's everyone else I'd be worried about.
ya but without any easy way to tie passwords to accounts there's nothing new there. Yes, lots of accounts on web services have bad passwords, that's not news to anyone.
Right, but as I say, you could be dead before they can brute force it. Depends on how strong your password is and how much computing power can be thrown at it.
It's not going to be a big shock to hackers that there are a lot of people on linkedin with passwords like 12345678 and linkedin. Without any immediately obvious way to tie passwords to accounts they're not a whole lot better off. Using a simply dictionary attack to verify that yes, there are shitty passwords isn't really making those accounts much less secure.
That was my point with the blurb as to whether or not this might be a specific problem. Linkedin has been around since 2003, it's not inconceivable that they would have used SHA 1 in 2003, or in some countries for some circumstances etc.
This would seem to raise two questions. the first is whether or not usernames can be tied to their corresponding hash. Even if they can't that's not a hugely difficult problem to overcome though.
The more serious question is how good is SHA 1 then. A database like this (a table of hashes) is what you'd expect someone could hack from a reasonably secure system (although you would have wanted to see some salting as well as hashing but either way). Having a hash of a password doesn't mean you can regenerate the password. If your password is subject to a simple dictionary attack then sure it can be regenerated, you're pretty much doomed, but you're not much more doomed than you were before. A strong password... now that's where this gets interesting. The question is whether or not there are vulnerabilities in SHA 1 that will let you regenerate good passwords (or even bad passwords that aren't dictionary attacks).
If you had a strong password, and SHA 1 is robust enough you could die of old age before anyone manages to figure it out. If SHA 1 has meaningful holes in it... well that's not so good.
Also, linkedin has 160 million users (or at least accounts) if not more than that. So their full database would be significantly larger than this. It will be interesting to know if this is a particular subset of the data (all iOS users, all android 2.3.2 users, all chrome users, that sort of thing) or something else. Purely hypothetically this could be all of the really early linked in users that haven't changed passwords since they implemented SHA 2 if they ever did for example, or it could be a particular version of the website fails.
People on twitter finding their password doesn't mean a whole lot, unless you know the password was strong and unique, and where those users are from, and when they joined linkedin.
I do science experiments. We only call people like you in for the fun parts. Because 2 days a week writing research grant proposals isn't something we want to inflict on anyone else if we can avoid it.
Because more federal influence doesn't mean the right federal influence?
And what exactly is wrong with saying schools should deal in facts, and not politically decreed beliefs? That *is* improving education.
This is/. not a 100 page treatise on how to improve education. But you can't exclude states from the process as long as there are states. You can leave them room for innovation, locally relevant information and so on.
Imagine in the dramatically oversimplified case, that you said 3 days a week of school content is determined by the federal government, then one each for states and local boards. That would give you a reasonable baseline of what you can say to anyone in the world an american student knows. That would be presumably maths, science, federal history, national and international geography, english and what the US calls civics 3 days a week. And the other 2 for days be for locally relevant science or maths, local history, local geography, local civics, local sports (phys ed)? If the *federal* government paid teachers then when a GM plant closes they wouldn't have lay off teachers because the local tax base shrinks. That fuels the a downward spiral of poverty.
It's not like state level education has been working out particularly well thus far, and there's no harm in discussing alternatives.
Well ya, part of the problem is that real science isn't playing with toys. It's learning to do math, to predict results, to analyse results and to communicate results. Teaching kids that science is duct taping things together and seeing what happens isn't preparing them for real science. Nor is it giving them the critical thinking skills required to understand science or to apply scientific processes to any problem.
Mixing chemicals and seeing what happens is fun, as is shooting rockets into the air. But if you don't learn how to document and interpret your results, and if your rocket kit was a kit you assembled you haven't actually learned all that much.
Slashdot Mirror
That's problematic, but everyone getting those messages will realize you got hacked anyway.
I apparently had a windows live account that got hacked. Not really sure when, not really sure how since I don't recall having used it for years. it sent out some spam before MS shut it down and some friends where kind enough to let me know it was sending out stuff. Everyone was well aware that the account was hacked, and to most people its not obvious if its your fault you got hacked or the fault of the site owner.
Web development and security is a 2nd or 3rd year class. You only get 4 years before you're expected to go off and be able to work on any reasonable system. Developing a new salt or hash algorithm is a 4th year and grad school problem, knowing how to use them is 2nd or 3rd (depends on your school and where it fits with other courses).
For my undergrad web development was a 3rd year course (so they assumed you knew data structures already, but that could have been second semester of second year too). Security was a 3rd year topic as part of networking. 4th year networking was advanced topics that would prepare you to know what academic journals to read to do research in the area or keep up to date with it. We also had the students build a real mobile project for the university at a 4th year level. Web development and how to use salting and hashing algorithms is definitely only a 2nd or 3rd year level problem.
Oh of course it's been going on, it's been going on really widespread for 20 years. But there two most obvious places where we can eliminate redundant people with the next major rounds of technology are in law and medicine, at least to me. Other people may have other ideas as well. After that there will be new areas that can be dealt with, and before that secretaries (typing pools) and manual labour jobs got axed etc. etc. etc.
We also put artists out of business, but in many cases that's just changing their workflow. Rather than spending 3 years making trees for a game or a movie they spend 3 days using an algorithm to generate the trees, 3 or 4 touching it up, and then they get on with actually doing something creative.
If I were to guess the next step after law and medicine it will be transportation and business, and then a lot of retail. Self driving cars, automated checkouts (rfid tag everything), robotic shelf stocking, most of the routine business supply chain management stuff are all really problems better solved by computers. But those are relatively hard or expensive problems to solve so we're quite a ways away from widespread adoption of those technologies.
Well ya. but we haven't come far enough. Unemployment for lawyers at the school I'm at is only about 50% for new grads. Hopefully with some work we're doing in comp sci we can get that up to 75 or 80%, and some of that can be permanent, and force the law school to contract. If we could wipe out patent lawyers (and admittedly, I'm in canada so our patent lawyers in many cases exist because we have to figure out how to navigate foreign patents rather than our own) that might even be better for technology.
This isn't new. Computers put people out of work if they're doing work that is best done by computer. That's why we build them at all.
I expect the fields most susceptible to being replaced by computers are lawyers and doctors. Any problem that is an exercise in searching or sorting is better done by computers than people, and is something we're particularly good at. There will always be lawyers and doctors, but they will transition to using a computer for more searching for case law for example than having low level employees dig through paperwork themselves, and the diagnostic part of medicine will become much more automated, with diagnostic equipment having its results interpreted by the computer rather than just an image being spat out and read by a technician and then a doctor.
I don't see financial market prediction going away. Quite the contrary they use computational tools and have for a long time, and disagree on what the important factors are and how they should be weighted. A computer will simplify some of that process, but that's not a problem that actually has a correct or optimal solution.
If your job can be done by a robot, it will be. If your job can be done better by a scientist, and that work can be done on computer it will be. That's progress.
Except the SAT is an example of federal level (if not federal government administered)standardized testing for the purposes of comparison and defining what makes a good school and student, and teachers preparing students had to teach to that test. Students went through all of the problems associated with a standardized test, and worse yet, a *single* standardized test. No unrealistic pressure there.
And I'm canadian, we get US applicants for grad school (and undergrads). Your 'college accreditation' system is a joke. Unless you went to a school I recognize I have no way to know if you went to a legitimate place or not, or at least, not quickly. I don't want to spend hours researching thousands of students individually, but I can't trust your education system, because it's half fraudulent.
And your premise is that parents are going to move states to educate their children. That might be true, but what if dear old dad believes you shouldn't be exposed to ideas like evolution or electricity? States running the show creates competition, but it also creates competition for stupidity, allowing the willfully ignorant to both reinforce that believe and isolate their children from competing believes, and it creates a death spiral for places that do badly, have people leave, and so then they're worse off, and will do worse.
Greece and spain being the perfect examples, where anyone who can is going to try and leave those countries, leaving them with less people, less money and the proportionally more problems as time goes on.
That assumes parents know what is best for their children. If they fall into the category of 'no evolution and no climate change' they do not.
And my point is the federal government should have overarching responsibility for it. It's not that I'm right and texas is wrong, it's that the role of government is to make sure you aren't being fucked over because you made the mistake of being born in the wrong place. If everyone gets the same bad education then at least everyone is in the same boat, and you aren't any better or worse off if you happen to be born in the wrong place or you have parents who are brain dead. It also means you could be fairly treated by people from everywhere else. I'm canadian, at a canadian university, when I get a US student I have no idea if they went to a branded homeschool arrangement where they learned nothing, or went to a prestigious highschool. I have no way to know if (for example) the University of Phoenix is legitimate and the University of Los Angles isn't. Which means if you *did* go to a legitimate place you're being disadvantaged by those who didn't, and if you went to a fraudulent school you were sold snake oil. Neither of which needs to happen.
1. Because iran has money.
2. Because there are 70 million people in Iran, the vast majority of whom are not engaged in trying to kill americans or europeans.
3. Because lots of people, especially in europe, believe that US sanctions are counter productive, and so don't have such sanctions.
Also keep in mind there are lots of things that aren't barred from export to Iran, and lots of things are sold legally to other countries and then illegally re-exported to Iran. Most notably to qatar and bahrain, but other places as well.
If it's intended to run on not networked control systems (say the ones being used in hardened bunkers to make nuclear weapons components) that wouldn't help you a lot.
Those computers probably start network connected to get setup, and are then disconnected for work, precisely the time you want your malware to do its thing. They circumvent the hooks into windows update knowing that they'll all have windows updates run on them before the get pulled off.
which isn't all that dumb if they won't set off the mines, and get food when they're done.
There's not really a convention on this. Depends on the type of software, whether you can (and will ) reuse any or all of it, making pushing fixes back viable.
Really the only way to get indefinite support is to develop it yourself in house, and that isn't free. You simply have to tell your client that what he wants is not something you're prepared to do, and anyone else offering to do it is almost certainly overshooting their capabilities or lying. You can't retain staff 7 years from now to fix problems some custom piece of code you wrote today, and training someone up that far in the future may not be feasible.
I had a project a few years ago to try and recover some working code from an Apple 2, and last year I was asked to try and find a way to read some CP/M disks. Those problems *can* be solved. But you're looking at a huge amount of time to try and solve them.
The most I would ever commit to a single contract for personally is 5 years. Any more than that and the entire industry could shift and you have no way to be prepared for that. Remember IE6 was replaced in 2006, so that's only 6 years ago, and think of the chaos that causes, and think of the problems with trying to convert code written for IE6 to well... anything else. You're looking at a complete rewrite basically. If you write your code today for regular old Windows 7, well in 5 years windows 9 could be (for all we know) entirely ARM, and only use the metro UI, or the entire industry could have shifted to something other than windows. You don't want to be, and can't risk being on the hook for that. Web services... PHP and sql I would expect to stick around longer than 5 years but languages change and that could be a real pain.
It depends how long and how big the project is, but I would be willing to bake into the price a fixed fee for a year or two after a contract is done without batting an eye. Especially a big contract. Much longer than that and I'd be looking for maintenance in the contract, and as I say, I wouldn't under any circumstances agree to anything more than 5 years out. You can agree to reevaluate the contract in 5 years time if you are so inclined but that's about it.
In short: Indefinite support, no way, no one sane or honest will agree to that. In terms of negotiating actual rates... depends very much on how big the project is. 20 developers for 2 years is very different than 4 for 3 months.
MS has different types of lifecycle support, which will eventually come to an end. When you buy windows part of that is making a contract with microsoft for their support as laid out in their policies.
It's something like 5 years for general updates and so on, and then another 5 years for major fixes from the date of release of the software (not the date you signed the contract). With Xp specifically, they basically restarted the clock with I think SP1 and SP2 but not SP3.
Except this really has nothing to do with open source. MS offers a computing cloud, and they offer various options on the computing cloud because they want to make money. Some of those things happen to be open source.
MS open sourcing one of their major product lines would be open source news. This is 'cloud provider has wide variety of services'. It's not going to make open source OS's mainstream on the desktop, and there's a wide array of open source software for windows. Azure is (for the moment) an enterprise product, for enterprise users, and you're right, they've been readily using open source for some things since the 90's.
Microsoft never got much past 50% of the server market, and I think they're down around 40% these days, depending on how you count it. Considering azure is basically a giant platform service they couldn't aim to be a serious single solutions provider business and only host windows.
I was on the phone to an nvidia rep about a week after that happened. They had a very very very bad time with that one.
Both companies have had their occasional spectacularly bad driver releases, that, in the course of years of business is not a huge surprise.
I think this is more about AMD not bothering to keep their drivers in step with modern windows software practices. There's a strong case for "if it works" (which generally it does) don't break it, but eventually have to keep up with technology and AMD will have to. But at this point I would think they've forgotten about anything major for windows 7 or less, and are only really thinking about windows 8. What they should do for that is a fair point.
The passwords aren't salted at all, we already knew that.
And I'm not being elitist. A job seeking site is as close as you can get to taking basically everything important in someones identity shy of their social insurance/security number and bank account information, and some people have (or used to have) that info on resumes. Their work history, work contacts, education, address, contact info etc it's all there, the entire history of your professional life. I fully expect a huge portion of users to have terrible passwords. Because on every service in existence lots of people have terrible passwords. And my point is if your password is 12345678 you're not meaningfully less secure now than you were 2 days ago. Especially not without salting.
Any minimally competent man in the middle attack of any sort could have gotten the password hashes, or one could simply, on any service, try the few most common passwords on every account you can find and see what happens. This is not meaningfully worse than being able to do that.
'most' is a strong word here. If most people have terrible passwords there was never really anything you could do to save them and their accounts, especially if they reused those passwords.
The interesting part is the ones that won't show up in rainbow tables.
Sure. But people with trivial passwords never had any hope of security anyway, we can discount those accounts and identities and write them off with or without this leak. It's everyone else I'd be worried about.
ya but without any easy way to tie passwords to accounts there's nothing new there. Yes, lots of accounts on web services have bad passwords, that's not news to anyone.
Right, but as I say, you could be dead before they can brute force it. Depends on how strong your password is and how much computing power can be thrown at it.
It's not going to be a big shock to hackers that there are a lot of people on linkedin with passwords like 12345678 and linkedin. Without any immediately obvious way to tie passwords to accounts they're not a whole lot better off. Using a simply dictionary attack to verify that yes, there are shitty passwords isn't really making those accounts much less secure.
Nor should you.
That was my point with the blurb as to whether or not this might be a specific problem. Linkedin has been around since 2003, it's not inconceivable that they would have used SHA 1 in 2003, or in some countries for some circumstances etc.
This would seem to raise two questions. the first is whether or not usernames can be tied to their corresponding hash. Even if they can't that's not a hugely difficult problem to overcome though.
The more serious question is how good is SHA 1 then. A database like this (a table of hashes) is what you'd expect someone could hack from a reasonably secure system (although you would have wanted to see some salting as well as hashing but either way). Having a hash of a password doesn't mean you can regenerate the password. If your password is subject to a simple dictionary attack then sure it can be regenerated, you're pretty much doomed, but you're not much more doomed than you were before. A strong password... now that's where this gets interesting. The question is whether or not there are vulnerabilities in SHA 1 that will let you regenerate good passwords (or even bad passwords that aren't dictionary attacks).
If you had a strong password, and SHA 1 is robust enough you could die of old age before anyone manages to figure it out. If SHA 1 has meaningful holes in it... well that's not so good.
Also, linkedin has 160 million users (or at least accounts) if not more than that. So their full database would be significantly larger than this. It will be interesting to know if this is a particular subset of the data (all iOS users, all android 2.3.2 users, all chrome users, that sort of thing) or something else. Purely hypothetically this could be all of the really early linked in users that haven't changed passwords since they implemented SHA 2 if they ever did for example, or it could be a particular version of the website fails.
People on twitter finding their password doesn't mean a whole lot, unless you know the password was strong and unique, and where those users are from, and when they joined linkedin.
I do science experiments. We only call people like you in for the fun parts. Because 2 days a week writing research grant proposals isn't something we want to inflict on anyone else if we can avoid it.
Because more federal influence doesn't mean the right federal influence?
And what exactly is wrong with saying schools should deal in facts, and not politically decreed beliefs? That *is* improving education.
This is /. not a 100 page treatise on how to improve education. But you can't exclude states from the process as long as there are states. You can leave them room for innovation, locally relevant information and so on.
Imagine in the dramatically oversimplified case, that you said 3 days a week of school content is determined by the federal government, then one each for states and local boards. That would give you a reasonable baseline of what you can say to anyone in the world an american student knows. That would be presumably maths, science, federal history, national and international geography, english and what the US calls civics 3 days a week. And the other 2 for days be for locally relevant science or maths, local history, local geography, local civics, local sports (phys ed)? If the *federal* government paid teachers then when a GM plant closes they wouldn't have lay off teachers because the local tax base shrinks. That fuels the a downward spiral of poverty.
It's not like state level education has been working out particularly well thus far, and there's no harm in discussing alternatives.
And how well has that been working for you? Some states are doing great, some states are doing badly. That's the problem I think should be avoided.
Well ya, part of the problem is that real science isn't playing with toys. It's learning to do math, to predict results, to analyse results and to communicate results. Teaching kids that science is duct taping things together and seeing what happens isn't preparing them for real science. Nor is it giving them the critical thinking skills required to understand science or to apply scientific processes to any problem.
Mixing chemicals and seeing what happens is fun, as is shooting rockets into the air. But if you don't learn how to document and interpret your results, and if your rocket kit was a kit you assembled you haven't actually learned all that much.