Interesting. I've seen both sides, and all kinds. One favorite example was a consultant to a defense company, who was chartered to herd the project that we were a contractor on. This guy was the best meeting manager I've ever experienced. Before the meeting, he made sure that everyone's concerns were reflected on a published agenda. During the meeting he made sure that we progressed through each agenda item, stayed on topic, progressed to a conclusion and action (even if it was for X person to go find out what needed to be known), and went to the next item. At the end of the meeting he went through all the agenda items, got consensus on what had been decided on each one, and we were done.
We got an amazing amount done in each of those two-hour meetings.
But what if...
- cycles in the cloud become 100 million times cheaper? 10 billion?
- 'web printing' of CPUs (like newsprint) means that desktops can have 100,000 core CPUs that are the size of a present day motherboard, and can be stacked 100 in a desktop box => equivalent of 10,000,000 CPUs in one desktop?
- quantum computing is finally 'ready for the desktop':D or whatever... I could make up more stuff, but you get the idea.
It's always dangerous to predict the end of tech growth. For perspective, it wasn't that long ago that hard drives looked like they were going to hit a hard limit on BPI - then vertical domains and several other technologies arrived. We are now achieving densities more than 1000x greater. True, there is a hard limit on the heat density equation, and many issues regarding shrinkage vs. leakage.
OTOH, 30 characters would in the abstract require 10^22 times as many cycles (using your model), which is a large number.
A 1000x improvement? That's not much. Moving to a slightly stronger hash algorithm that takes 10x longer to calculate combined with adding just 2-4 characters to passwords gets you that.
So an interesting metaquestion - given passphrases that normal people can remember, is a 30 character passphrase really 10^22 times harder to crack than an eight character password? Considering that it is very likely to be a slightly-disrupted string of words ('L1ke th1d 0n9!??') that has some mnemonic value. There's also the probability that they will be using the same password in several places, unless we go to some form of ubiquitous key exchange system, for which they only have to remember one password (a method that has its own issues)
Another factor is the application - it's certainly not worth while to spend $1,000,000 to crack my Slashodot account password, but it may be worth $100,000,000 (or more!) to crack the password of a notorious criminal or dictator, or the encryption system used by evil alien spies to communicate their plans to the invading fleet of star cruisers!
So I still think there is some crossover between the curve of the ability of humans to remember and use any form of passphrase plus tokens and the curve of complexity required to make cracking infeasible. I can't say where it is, but I am sure there is a limit that, eventually, will be passed.
True. I was thinking more on the lines of, "when will every 30 character passphrase be generally recognized as crackable on a desktop machine in 5 minutes" as a criteria for what we might call the 'singularity' - the time when passwords that a 'normal' human can be expected to remember are no longer a useful barrier, at least for some common uses - the time when passwords become essentially useless, to be replaced by... what?
Since your post was at 7:35 PM and it's now 8:37 PM when I'm receiving it, the actual delivery of your correct password guess took over an hour. So it took longer than the GPU!:D
This raises the question, at predictable rates of increase in computing performance (per $) and projected advances in cryptography and decryptography, how many years will this longer password be reasonably secure? I think that's a very interesting and provocative question, with many subtopics to consider including users.
Say you decide the phrase "There can only be one," should be your password. Do something like "Th3r3 can only be #1!"
Of course, the ultimate bottom line for most any password scheme is, "Is it worth the bother of torturing the poor sap, and creating a duplicate of his retina?"
Consider the scenario in which an employee goes rogue: disable firewire port (DMA attacks are easily possible), disable usb ports, lock the server room, immediately lock out/revoke IDs to an employee about to be fired (preferably before they're fired), and for god's sake screen your applicants.
Beyond the many war stories, I went to a security conference back in 1999 (yes, that early) where the then-primary IT security guy for the Navy told us that in real-world penetration testing 'red team' exercises, the average cost to bribe a systems administrator to let you into the machine room and do whatever you want was just $7000.
I read a while back that something like 80% of all movie tickets are bought by males between 15 and 22. (These guys will go see a movie they like 3, 4 or more times, which skews the data quite a bit.) That demographic doesn't care much about plot, acting, character development, or other fooferah. Basically the purpose of all those things is just to carry the movie to the next car crash or explosion - preferably with at least one awesome never-seen-before special effect. So to make a lot of money, you only need enough plot string the action along between explosions. Lucas, Cameron, various other blockbuster directors and producers, use that formula to make a $crapton. It's worth noting that Lucas spent many hours watching 'B-movies' from the 1940s and 1950s, especially the WWII fighter-pilot scenes, to inform the script and the flight choreography. Those movies were mostly the same way - simple plots (written in one week, shot the next, no time for complex dialog and character development).
I went and saw 'Avatar' at Imax 3D - minimal plot, cardboard characters, impossible science, and really cool effects - and I enjoyed it, knowing what to expect. I like 3D a lot. If I wanted complex characters I could go see 'Wuthering Heights' or something - and I haven't seen the 16-22 demographic for a long time - my daughter is almost old enough to have kids that age.
I seriously irritated my wife when I described 'Titanic' as 'Terminator for girls' - which it was.:D Same formula, except you add some relational tearjerking.
One would hope so!:D Consider that this posting on/. has generated thousands of views of the word 'gamestop' (not a gamer, I never heard of it before, for example), and the marketing aphorism that 'all publicity is good publicity', It makes financial sense as well as 'karma sense'. Of course, if they proceed to do some other thing that generates bad publicity, then they have failed. It's been said that one bad reference outweighs 200 good references. I do note that a lot of the comments here on/. are mostly negative, so it's not obvious that this will work for them, but hey. A positive response here could even affect their approach to marketing in the future in a positive way.
I mentioned somewhere above that since the publisher is also different, Gamestop is probably taking a hit for every one of those. The new publisher has no legal responsibility to honor any difference in the wholesale price. So Gamestop is (most likely) really taking a hit on every deposit.
I would add that since the publisher is different, they are probably not giving Gamestop a break on those pre-orders. GS is most likely having to eat the cost of the deposits folks made. So it really is a biggish deal - it amounts to a discount by Gamestop.
Indeed. I've advocated this (privately, mostly) for a number of years. IMHO it's a good way to combine what government does best and what private industry does best.
Reminds me of the special lanes on the highway from Washington DC to Dulles Airport that used to be only available to VIPs. I don't know if it's still true, but it was common to be stuck in traffic on the way to catch a flight, while one or two cars every minute zipped by in the two or three mostly-empty VIP lanes.
Indeed, he did. So that guy's notion is unbaked.:)
Not to mention that defense is one of the very few things that is specifically allocated to the federal government - as opposed to bailing out everyone from artists to bankers.
It's worth noting that there is not a single rail transport system in the world that is self-supporting. (That's also true of highways and air transport, depending on what you count.) So we would have to agree that rail is worth doing. It is the most energy efficient way of moving people besides bicycle - provided that the people are going where the train goes! (IMHO it's also the most comfortable and enjoyable, at least for us great unwashed who don't have a 'Capitalist Tool'.)
Beyond the cost of building and running the rail system, the biggest problem with all mass transport systems is that the trip tends to take longer than other options - driving typically takes about 1/3 the time as taking the bus. So even if the bus is free, it's really more expensive for the rider, unless the rider makes minimum wage and doesn't own a car. (Of course this ignores externalities - pollution, use of space for ten-lane freeways, etc.)
The biggest issue here in the US is that well before the rise of the automobile, we built a society based on the buckboard wagon, the horse and buggy, and the Conestoga wagon. Those are replaced today by the pickup truck, the car, and (more or less) the RV. We have a widely distributed populace, with both and infrastructure and a social system that is intimately tied with the 'sub - urban' world and world view. A related factor is that the US has one of the lowest mean population densities of any country in the world.
So not only is it expensive and only rarely cost effective to build mass transport systems here, there is little short term preference. Folks outside the big cities here, by and large, just don't like being next to other people in enclosed spaces. (One could argue that's indicative why many of our ancestors left wherever it was they're from.)
Back when I lived in Southern California, Amtrak spent $millions on a plan for high speed rail from LA to San Diego. Every small town between the two cities sued to prevent it, and Amtrak finally gave up. Without a national eminent domain program on the scale of the Interstate Highway System, it's really not going to happen. I came up with the idea that the gov't. could nationalize the physical rail system (making them analogous to the federal highways), and allow private enterprise to run trains on them (analogous to the commercial trucking industry). I think this would work.
I personally really like the trains - but they are still too expensive, even though they are subsidized. It's often more expensive to take the train between two cities than to fly, and because of track conditions and the fact that freight takes priority, it often takes as long as riding the bus. So, other than the enjoyment, it's the worst of all options.
I know you're making funny, but the real thing is interesting as well.:) According to Merriam-Webster, first use was in 1724, origin unknown; definition: "to obtain especially by devious or irregular means". So it's misused in the original comment. SNAFU is from WWII.;)
Some folks think it is derived (somehow) from the noun 'snaffle' which is a type of bit used for training horses. I'm not sure how that works, but perhaps because with a snaffle bit you can lead a horse away from its owner more easily?
I don't know, but I suspect it has more to do with the form factor than the resolution. The form factor affects everything on the production line from the size and shape of bins and shelves to the robot programming and glass cutting. Changing the form factor would require either shutting down the line for a period of time, or making a very smart, adaptable production line - both of which add expense. The resolution is only germane in a few steps in the middle, which are largely analogous to printing - it wouldn't be that difficult to change the printed pattern. It might even be possible to run different resolutions on the same line, with only slightly different routing for the printing steps. Of course I'm just guessing, but I have seen some production lines here and there. The higher the production rate and lower the cost, the more specialized the line is going to be. And in the screen business (where most manufacturers were losing money a couple of years ago as the market saturated and the prices plummeted), cost is key. Adding 1c per unit can cost $millions per year.
Old but relevant anecdote - I read once that back in the 1950s or 1960s when RCA made TVs, and TVs were made from discrete analog components, one EE spent two years working out a way to reduce the resistor count on a particular circuit board by one. Just that change saved the company - much more than the cost of the engineer.
I do note, however, that there is a kind of glass that's (almost) entirely non-reflective. Head down to your local picture framing place (Michaels, for certain, has it) and take a look. Quite why this glass/coating isn't in use on LCD screens right now, I have no idea.
I'm not sure about the picture framing glass, but IIRC most economical anti-reflection coatings are softer than the glass and are susceptible to scratches and/or wear. Since laptop screens get touched a lot more than a picture on the wall, it makes them impractical for that application. Some interesting information about Anti-reflection coating - there are several kinds, and it's an interesting entree into refractive optics, in the thick- and thin-film regimes. There's even some bio-nano-materials technology, complements of certain moths.
From my personal experience with eyeglasses having anti-reflection coating, once the coating gets scratched or worn it is much worse than a surface without anti-reflection. I ended up having the entire coating removed, since at the time I couldn't afford new lenses. The glasses were fine for another year.
In a corporation that large, in an emergency it would probably take a month for management and legal to get the memo written, edited and approved for sending. If not an emergency, it could take much longer.
Then, each team would have to reschedule other activities to make room for the 'mission from the Suits On High', figure out what things need to be fixed, work up a fix plan, build the fixes on the dev server, test there, get through the release process, and rollout to the production servers. After all, accidentally creating a new hole while fixing the old one would not be a good thing. So that's another month, or two.
Since some of these teams work for various companies in various parts of the world, which are loosely held by the top level holding company, add another month just for the various companies to get the word from the holding company that something needs to be done.
To add to that, from what I've read, the approach to work scheduling in Greece (and many other countries) is rather casual, so it might take an extra month to get the whole thing done there. "After all, who's going to go after us? We're just a little music service in East Podunk. Nobody's heard of us, and if they have, nobody cares!" (A too-common attitude of many companies toward security.)
So, they're probably right on schedule, but the hackers can move much faster. Think PT boat vs. Battleship.
I was going to mention that, but not in the nicely ironic way you did.:) Considering that merging the two is one of the half-dozen most important concepts in 'stored program' computers.
Slashdot Mirror
Interesting. I've seen both sides, and all kinds. One favorite example was a consultant to a defense company, who was chartered to herd the project that we were a contractor on. This guy was the best meeting manager I've ever experienced. Before the meeting, he made sure that everyone's concerns were reflected on a published agenda. During the meeting he made sure that we progressed through each agenda item, stayed on topic, progressed to a conclusion and action (even if it was for X person to go find out what needed to be known), and went to the next item. At the end of the meeting he went through all the agenda items, got consensus on what had been decided on each one, and we were done.
We got an amazing amount done in each of those two-hour meetings.
But what if ... :D ... I could make up more stuff, but you get the idea.
- cycles in the cloud become 100 million times cheaper? 10 billion?
- 'web printing' of CPUs (like newsprint) means that desktops can have 100,000 core CPUs that are the size of a present day motherboard, and can be stacked 100 in a desktop box => equivalent of 10,000,000 CPUs in one desktop?
- quantum computing is finally 'ready for the desktop'
or whatever
It's always dangerous to predict the end of tech growth. For perspective, it wasn't that long ago that hard drives looked like they were going to hit a hard limit on BPI - then vertical domains and several other technologies arrived. We are now achieving densities more than 1000x greater. True, there is a hard limit on the heat density equation, and many issues regarding shrinkage vs. leakage.
OTOH, 30 characters would in the abstract require 10^22 times as many cycles (using your model), which is a large number.
A 1000x improvement? That's not much. Moving to a slightly stronger hash algorithm that takes 10x longer to calculate combined with adding just 2-4 characters to passwords gets you that.
So an interesting metaquestion - given passphrases that normal people can remember, is a 30 character passphrase really 10^22 times harder to crack than an eight character password? Considering that it is very likely to be a slightly-disrupted string of words ('L1ke th1d 0n9!??') that has some mnemonic value. There's also the probability that they will be using the same password in several places, unless we go to some form of ubiquitous key exchange system, for which they only have to remember one password (a method that has its own issues)
Another factor is the application - it's certainly not worth while to spend $1,000,000 to crack my Slashodot account password, but it may be worth $100,000,000 (or more!) to crack the password of a notorious criminal or dictator, or the encryption system used by evil alien spies to communicate their plans to the invading fleet of star cruisers!
So I still think there is some crossover between the curve of the ability of humans to remember and use any form of passphrase plus tokens and the curve of complexity required to make cracking infeasible. I can't say where it is, but I am sure there is a limit that, eventually, will be passed.
True. I was thinking more on the lines of, "when will every 30 character passphrase be generally recognized as crackable on a desktop machine in 5 minutes" as a criteria for what we might call the 'singularity' - the time when passwords that a 'normal' human can be expected to remember are no longer a useful barrier, at least for some common uses - the time when passwords become essentially useless, to be replaced by ... what?
Since your post was at 7:35 PM and it's now 8:37 PM when I'm receiving it, the actual delivery of your correct password guess took over an hour. So it took longer than the GPU! :D
This raises the question, at predictable rates of increase in computing performance (per $) and projected advances in cryptography and decryptography, how many years will this longer password be reasonably secure? I think that's a very interesting and provocative question, with many subtopics to consider including users.
Say you decide the phrase "There can only be one," should be your password. Do something like "Th3r3 can only be #1!"
Of course, the ultimate bottom line for most any password scheme is, "Is it worth the bother of torturing the poor sap, and creating a duplicate of his retina?"
Wish I had mod points!! :D
Consider the scenario in which an employee goes rogue: disable firewire port (DMA attacks are easily possible), disable usb ports, lock the server room, immediately lock out/revoke IDs to an employee about to be fired (preferably before they're fired), and for god's sake screen your applicants.
Beyond the many war stories, I went to a security conference back in 1999 (yes, that early) where the then-primary IT security guy for the Navy told us that in real-world penetration testing 'red team' exercises, the average cost to bribe a systems administrator to let you into the machine room and do whatever you want was just $7000.
I read a while back that something like 80% of all movie tickets are bought by males between 15 and 22. (These guys will go see a movie they like 3, 4 or more times, which skews the data quite a bit.) That demographic doesn't care much about plot, acting, character development, or other fooferah. Basically the purpose of all those things is just to carry the movie to the next car crash or explosion - preferably with at least one awesome never-seen-before special effect. So to make a lot of money, you only need enough plot string the action along between explosions. Lucas, Cameron, various other blockbuster directors and producers, use that formula to make a $crapton. It's worth noting that Lucas spent many hours watching 'B-movies' from the 1940s and 1950s, especially the WWII fighter-pilot scenes, to inform the script and the flight choreography. Those movies were mostly the same way - simple plots (written in one week, shot the next, no time for complex dialog and character development).
I went and saw 'Avatar' at Imax 3D - minimal plot, cardboard characters, impossible science, and really cool effects - and I enjoyed it, knowing what to expect. I like 3D a lot. If I wanted complex characters I could go see 'Wuthering Heights' or something - and I haven't seen the 16-22 demographic for a long time - my daughter is almost old enough to have kids that age.
I seriously irritated my wife when I described 'Titanic' as 'Terminator for girls' - which it was. :D Same formula, except you add some relational tearjerking.
One would hope so! :D Consider that this posting on /. has generated thousands of views of the word 'gamestop' (not a gamer, I never heard of it before, for example), and the marketing aphorism that 'all publicity is good publicity', It makes financial sense as well as 'karma sense'. Of course, if they proceed to do some other thing that generates bad publicity, then they have failed. It's been said that one bad reference outweighs 200 good references. I do note that a lot of the comments here on /. are mostly negative, so it's not obvious that this will work for them, but hey. A positive response here could even affect their approach to marketing in the future in a positive way.
I mentioned somewhere above that since the publisher is also different, Gamestop is probably taking a hit for every one of those. The new publisher has no legal responsibility to honor any difference in the wholesale price. So Gamestop is (most likely) really taking a hit on every deposit.
I would add that since the publisher is different, they are probably not giving Gamestop a break on those pre-orders. GS is most likely having to eat the cost of the deposits folks made. So it really is a biggish deal - it amounts to a discount by Gamestop.
And they'll have Linux desktops built into the back of the seats!! :D
They kept saying that maglev trains will be everywhere by 1985, and that there will be cities in space by 2010.
Indeed. I've advocated this (privately, mostly) for a number of years. IMHO it's a good way to combine what government does best and what private industry does best.
Reminds me of the special lanes on the highway from Washington DC to Dulles Airport that used to be only available to VIPs. I don't know if it's still true, but it was common to be stuck in traffic on the way to catch a flight, while one or two cars every minute zipped by in the two or three mostly-empty VIP lanes.
Indeed, he did. So that guy's notion is unbaked. :)
Not to mention that defense is one of the very few things that is specifically allocated to the federal government - as opposed to bailing out everyone from artists to bankers.
It's worth noting that there is not a single rail transport system in the world that is self-supporting. (That's also true of highways and air transport, depending on what you count.) So we would have to agree that rail is worth doing. It is the most energy efficient way of moving people besides bicycle - provided that the people are going where the train goes! (IMHO it's also the most comfortable and enjoyable, at least for us great unwashed who don't have a 'Capitalist Tool'.)
Beyond the cost of building and running the rail system, the biggest problem with all mass transport systems is that the trip tends to take longer than other options - driving typically takes about 1/3 the time as taking the bus. So even if the bus is free, it's really more expensive for the rider, unless the rider makes minimum wage and doesn't own a car. (Of course this ignores externalities - pollution, use of space for ten-lane freeways, etc.)
The biggest issue here in the US is that well before the rise of the automobile, we built a society based on the buckboard wagon, the horse and buggy, and the Conestoga wagon. Those are replaced today by the pickup truck, the car, and (more or less) the RV. We have a widely distributed populace, with both and infrastructure and a social system that is intimately tied with the 'sub - urban' world and world view. A related factor is that the US has one of the lowest mean population densities of any country in the world.
So not only is it expensive and only rarely cost effective to build mass transport systems here, there is little short term preference. Folks outside the big cities here, by and large, just don't like being next to other people in enclosed spaces. (One could argue that's indicative why many of our ancestors left wherever it was they're from.)
Back when I lived in Southern California, Amtrak spent $millions on a plan for high speed rail from LA to San Diego. Every small town between the two cities sued to prevent it, and Amtrak finally gave up. Without a national eminent domain program on the scale of the Interstate Highway System, it's really not going to happen. I came up with the idea that the gov't. could nationalize the physical rail system (making them analogous to the federal highways), and allow private enterprise to run trains on them (analogous to the commercial trucking industry). I think this would work.
I personally really like the trains - but they are still too expensive, even though they are subsidized. It's often more expensive to take the train between two cities than to fly, and because of track conditions and the fact that freight takes priority, it often takes as long as riding the bus. So, other than the enjoyment, it's the worst of all options.
haha! :)
Maybe they're just practicing for the new operational paradigm! :)
I know you're making funny, but the real thing is interesting as well. :) According to Merriam-Webster, first use was in 1724, origin unknown; definition: "to obtain especially by devious or irregular means". So it's misused in the original comment. SNAFU is from WWII. ;)
Some folks think it is derived (somehow) from the noun 'snaffle' which is a type of bit used for training horses. I'm not sure how that works, but perhaps because with a snaffle bit you can lead a horse away from its owner more easily?
I don't know, but I suspect it has more to do with the form factor than the resolution. The form factor affects everything on the production line from the size and shape of bins and shelves to the robot programming and glass cutting. Changing the form factor would require either shutting down the line for a period of time, or making a very smart, adaptable production line - both of which add expense. The resolution is only germane in a few steps in the middle, which are largely analogous to printing - it wouldn't be that difficult to change the printed pattern. It might even be possible to run different resolutions on the same line, with only slightly different routing for the printing steps. Of course I'm just guessing, but I have seen some production lines here and there. The higher the production rate and lower the cost, the more specialized the line is going to be. And in the screen business (where most manufacturers were losing money a couple of years ago as the market saturated and the prices plummeted), cost is key. Adding 1c per unit can cost $millions per year.
Old but relevant anecdote - I read once that back in the 1950s or 1960s when RCA made TVs, and TVs were made from discrete analog components, one EE spent two years working out a way to reduce the resistor count on a particular circuit board by one. Just that change saved the company - much more than the cost of the engineer.
I do note, however, that there is a kind of glass that's (almost) entirely non-reflective. Head down to your local picture framing place (Michaels, for certain, has it) and take a look. Quite why this glass/coating isn't in use on LCD screens right now, I have no idea.
I'm not sure about the picture framing glass, but IIRC most economical anti-reflection coatings are softer than the glass and are susceptible to scratches and/or wear. Since laptop screens get touched a lot more than a picture on the wall, it makes them impractical for that application. Some interesting information about Anti-reflection coating - there are several kinds, and it's an interesting entree into refractive optics, in the thick- and thin-film regimes. There's even some bio-nano-materials technology, complements of certain moths.
From my personal experience with eyeglasses having anti-reflection coating, once the coating gets scratched or worn it is much worse than a surface without anti-reflection. I ended up having the entire coating removed, since at the time I couldn't afford new lenses. The glasses were fine for another year.
In a corporation that large, in an emergency it would probably take a month for management and legal to get the memo written, edited and approved for sending. If not an emergency, it could take much longer.
Then, each team would have to reschedule other activities to make room for the 'mission from the Suits On High', figure out what things need to be fixed, work up a fix plan, build the fixes on the dev server, test there, get through the release process, and rollout to the production servers. After all, accidentally creating a new hole while fixing the old one would not be a good thing. So that's another month, or two.
Since some of these teams work for various companies in various parts of the world, which are loosely held by the top level holding company, add another month just for the various companies to get the word from the holding company that something needs to be done.
To add to that, from what I've read, the approach to work scheduling in Greece (and many other countries) is rather casual, so it might take an extra month to get the whole thing done there. "After all, who's going to go after us? We're just a little music service in East Podunk. Nobody's heard of us, and if they have, nobody cares!" (A too-common attitude of many companies toward security.)
So, they're probably right on schedule, but the hackers can move much faster. Think PT boat vs. Battleship.
I think they still make the Kirby, pretty much like before. But maybe not.
Remember when Sony products were cool because they were innovative?
Yes, I'm actually that old.
That's OK. I'm old enough to remember before Sony meant good. I remember when Sony meant cheap knock-off from Japan.
So does this mean they've gone full circle?
I was going to mention that, but not in the nicely ironic way you did. :) Considering that merging the two is one of the half-dozen most important concepts in 'stored program' computers.