Basically the keyfob contains a psuedo random number generator which generates a new key every few seconds. The authenticating server knows the original seed, and can figure out the currently "valid" number shown on the key.
Wouldn't reverse-engineering the keyfob (or even computing an X number of keys and some background on the algorithm used) reveal the original seed and make the whole process useless?
One of the banks I use provide a cardreader where you have to enter your PIN to generate a key for every login / transfer. Even though I've been using it for many years I've always wondered if it really is more secure than a username / password + one-time SMS codes or the like.
Frankly, his site gives me that tingle in the back of my mind that's either caffeine deprivation or that feeling I get when a page is run by some guy in Nigeria who happens to be of royalty and needs my money quick.
My thoughts exactly. I'm not sure who I'd rather donate to: some scammer in Nigeria or some guy who bought a house way beyond his means.
At least the Nigerian would actually make use of the money instead of it ending up in a black hole mortgage that has no chance of being paid off.
Add one more number to push into the negatives (typically, armor and shield) and you'll have the posibility of creating a class that manipulates that other number (a shield healer of some sort) a class that damages said number (An EMP mage) and a class that endures more damage to said number (A shield...tank).
Or go in the Cthulhu direction: sanity points! Horrific monsters would require different skills (restore sanity, block horrors etc). You would still end up with a trinity, but you would require a different trinity for different encounters. An emotionally-stable cleric who normally heals would have to tank, for instance.
The discussion is the botnets, and I haven't seen any running on Linux. Those are more of one-off, defacing attacks, or somewhere to run an IRC bot. If you intend on running a botnet for spamming, Windows users are the best targets.
I have. Over the recent years I've seen many automated attacks that target a range of IP addresses, searching for vulnerable SSH accounts, Apache installs with old PHP crapware and various other vulnerabilities. 9 times out of 10 they will start IRC bots or another process that phones home and the botnet operator can use them as he pleases. An IRC bot is not the goal, it is a means to control many such compromised servers at once.
Think that running Linux makes you invulnerable? It doesn't. Linux servers are vulnerable if only due to the large amounts of unmaintained boxes out there. A compromised Linux box is much more useful to a botnet operator than a Windows box, simply because the former will stay online 24/7 and is likely on a high-speed network.
There are companies out there that sell pre-loaded Linux boxes to SMB's as a black-box, not understanding that without maintenance or a proper firewall those boxes will be compromised within a few years. The SMB employees wonder why their network connection is so slow, blaming their computers, while the compromised box pumps out spam as fast as it can... *shiver*
Linux, Windows, BSD or OS X: be vigilant, install updates regularly and check your security.
I've been using Trac for quite a while now, decent ticketing system for bugs & tasks combined with a wiki for everything else. Nice and simple.
From what you mention most of your requirements can be filled with the default install. Only subtasks might be tricky depending on what you want exactly, as I haven't needed to set up a hierarchy of tasks myself. Maybe one of the plugins would do the trick. YMMV.
The Twitter API is nothing more than a REST implementation. Seriously, how can you compare the Twitter API with XML-RPC or SOAP? If you want to rant about the last two, you should have at least compared them with REST. The Twitter API might be far better designed because it offers a limited amount of functionality, versus REST, XML-RPC and SOAP that provide a protocol to implement web-based APIs.
Besides, how should I know what POSTing to/statuses/update means: the "Twitter API RPC protocol" doesn't support schemas either!
It seems like you only have to chuck in a couple of acronyms for the mods to love you.
Is it a remote display protocol? If so, how does it differ from RDP or NX?
It's more Citrix than RDP or NX. You have a Linux server with multiple qemu/kvm instances, each of which are accessed from a client (Linux/Windows).
The advantage is that you can have multiple clients on a single server, push CPU/GPU-intensive display operations to the client and have access to client-side hardware from within the virtualized server instance.
Normally I'd add a RTFA-sneer, but I read through the site and am only moderately sure I got the above correct. Should be very useful for large-scale Linux desktop deployments however: server-side maintenance with client-side display speed & hardware support. In theory.
It means that some interesting gameplay aspects that can normally be found in MMORPGs (such as open world pvp) have been pretty much set aside in WoW to make room for more soulless dungeon crawling and loot whoring.
This really is a pity. During the early days of WoW there were plenty of open world PvP battles between the factions (Crossroads?): they were fun, simple to get involved with, frantic and you end up meeting dozens of new people in the midst of battle. Much more fun than the high-end raiding, IMHO.
They should have promoted this type of pvp (by fixing the numbers issue, having objectives, gaining control over areas) instead of creating separate arena's where you duke it out and impact nothing in the world.
I never did understand the stupidity of flying across the country just for a 2 hour meeting.
Meeting face to face is more effective, helps you to get to know other people and do business. I agree with you that conferences can be a waste of time & funds, however what counts is the face time _after_ that 2 hour meeting or half-day conference.
The important talks are held after meetings and conferences during drinks and dinner.
Then next time when you figure something out, reply to yourself with the answer. I've done so numerous times and regularly search & find my own posts, and then follow my own advice.
There must be some sort of offline capability built into Chrome wich makes it more of a hybrid than a pure thin client/Web OS and it will be interesting to see what the final product look like.
You're forgetting about Google Gears. I think they've been planning their approach for a while now, with Gears-enabled web apps you wouldn't even notice being offline (that is, until you want to access a document that wasn't cached).
In empirical science, we accept that the observations of our senses is real (at least at some level), even though we have no "proof" that anything outside our thoughts is really real (remember DeCartes?)
Except that science only requires observation as a postulate and no other 'leaps of faith'. That is the difference between science and religion. Science doesn't expect you to believe in a bearded man on a cloud that watches your every move, or in angels or in eternal damnation. Observation and thought, that's it.
But as long as your religion doesn't condone those slaves in the basement, that's fine with me.
It is not the companies fault that many customers don't provide the proper interaction with the *trial* and take it as a free gift and walk away not expecting a bill because they didn't meet their trial obligations (making a yes or no decision and reporting it).
So it is OK for the company to assume an automatic 'yes' decision when no decision was made? This sounds very much like a scam.
It naturally depends on the country you are in but I don't see why customers would have to wade through fine print to discover they will be billed, even if they request the product and don't even touch it. If you haven't made a decision you shouldn't get charged.
The ethical way would be to call such a customer after a month and get a clear yes or no decision, if they haven't reported before. I know, I know, capitalism has nothing to do with ethics and a company should only be in the game to make money but maybe the last few years show that that isn't always a good principle in the long run. If you as a company screw your customers, eventually they will screw you back.
It doesn't matter how good the picture is. This is the point many a photographer forgets when it comes to phone cameras.
It's about being able to get an acceptable picture without having to carry a camera with you. It's about being able to know the time without wearing a watch. It's about being able to set an alarm or add a quick note without needing a separate PDA. It's about being able to check your e-mail without having to carry around a laptop.
Quality doesn't matter, as long as it is good enough to get the job done. I for one like being able to leave my camera at home and still being able to make a quick shot if the occasion arises. Nobody is going to compare them to shots taken with a SLR, and that's perfectly fine.
Even maintaining a relatively light distribution feature-wise isn't a lot easier and anyone claiming installing Linux is hard clearly hasn't tried over the last 5 years. The days of manually having to fix your lilo configuration are over.
Linux is desktop material, look at the countless numbers of Linux-based netbooks before MS got into that market and look at increasingly more systems coming with a Linux distro preinstalled. If Linux is _your_ desktop material, that just depends on your dependence on Windows software.
Google clearly disagrees with you, but it seems to be going the Apple-route: tie the operating system to both the hardware and the services. It will be interesting to see how much of an overlap there will be between Android and Chrome OS.
The rampant out-of-control population increases are all in "developing" countries full of brown people, a very inconvenient truth that you will never hear during the eugenics debate
Perhaps, instead of using corks, we should consider why these populations are "out-of-control" (hint: they're not only countries 'full of brown people') and solve that problem instead?
I totally agree that China's policies have had terrible effects, but even these policies aren't possible in the regions with current high population growth. These are countries where you'd be glad if you had a year without a revolution, drought or war. Government are the guys who won last time and don't give a damn about population growth.
As an aside, when Sirius and XM originally got their satellite radio licenses from the FCC, it included a requirement that the two companies never merge. In America, the companies merged. In Europe, one of them would have been allowed to fail.
Or they would have had to hand in one of their licenses, which sounds like the more logical solution.
There are other solutions than either merging or 'allowing to fail'. MySQL could be spun off as a separate business, or could be sold to another company.
Anti-competitive laws aren't written for the heck of it, there are cases where the market would be disrupted enough to warrant intervention. Wouldn't everyone here be crying bloody murder if Microsoft bought Mozilla corp?
During the last two years of elementary my biology/science education consisted almost entirely of copying down into our notebooks from overhead transparencies; and it was pretty much the same material as what we were assigned to read in our textbooks. Our teacher (who had no relevant education) felt that writing things down by hand were the best way to ensure that we learned the material.
I had a geography "teacher" in my last years in high school that subscribed to the same teaching method (but with no books, we had to write the exact same text the teacher prepared in advance which he read out loud during the hour, while showing the same text using an overhead projector). While I thoroughly enjoyed geography before we got this robot, our grades and enjoyment soon plummeted after the first few classes.
He went so far that he even made the exact same jokes at certain points during his monologue (easy to verify with other classes/years). He could have put on an audio recording and we wouldn't have known the difference. Creepy stuff.
Should the setting be based on your first session, your settings, or based on your browser?
I get your point, it's a solvable problem, but not as simple as it first appears.
Determine the language based on the browser but allow the user to override and _make the user-defined settings permanent_.
You still hit the problem of what to do when the user isn't logged in and doesn't have a session, but accept-languages should be your main clue, not geo-ip. Django's i18n gets the job done properly in this aspect.
If using a cloud, where you pay by CPU-Hour, wouldn't it make sense to use as many VMs as it takes to get it done in.. an hour? (if that many are available)
If you can provision 30k CPUs, sure. As mentioned in the article this type of password cracking is trivially parallel.
Do you think the 3G airtime to download, say, a 64 MB game will cost more than making and shipping a Game Card?
On a national level it wouldn't be a problem, but don't forget that international data roaming charges are insane (EUR 2/MB for me). That would make downloading games rather expensive.
I have no doubt that Nintendo would be able to strike a much better deal, but with 200MB DS games out there they will have to get quite a bargain if they want to make this cost-effective internationally.
Geolocation via IP - serve up different ads based on the viewers' geographical location. It's done all the time, along with time-of-day, so that you can target your ads to the viewers you want. Spamvertisers with their affiliate advertising do it all the time, why can't Hulu?
They already do. How do you think they block non-US viewers?
The problem is that US-centric advertisers don't want to target someone in Kazakhstan and that Hulu doesn't want to jump through hoops licensing their content to each and every country.
Hadn't expected them to actively block VPN services though.
Over the past few years quite a few criminal cases were lost exactly because of this problem. In Amsterdam a huge case against Hell's Angels went south in 2007 (everyone was set free) because they didn't destroy tapped recordings with attorneys. Last year it happened again (dutch links, sorry).
I hope someone got canned because of this, but given our incompetent justice department I really can't see that happening. Phone tapping has reached epidemic proportions over here (highest number of taps per person in the western world), as it's much easier than actually investigating a case based on given evidence.
Funny that this is the second article on our incapable justice system within a day on/., go us \o/
Slashdot Mirror
Wouldn't reverse-engineering the keyfob (or even computing an X number of keys and some background on the algorithm used) reveal the original seed and make the whole process useless?
One of the banks I use provide a cardreader where you have to enter your PIN to generate a key for every login / transfer. Even though I've been using it for many years I've always wondered if it really is more secure than a username / password + one-time SMS codes or the like.
My thoughts exactly. I'm not sure who I'd rather donate to: some scammer in Nigeria or some guy who bought a house way beyond his means.
At least the Nigerian would actually make use of the money instead of it ending up in a black hole mortgage that has no chance of being paid off.
Good examples!
Or go in the Cthulhu direction: sanity points! Horrific monsters would require different skills (restore sanity, block horrors etc). You would still end up with a trinity, but you would require a different trinity for different encounters. An emotionally-stable cleric who normally heals would have to tank, for instance.
I have. Over the recent years I've seen many automated attacks that target a range of IP addresses, searching for vulnerable SSH accounts, Apache installs with old PHP crapware and various other vulnerabilities. 9 times out of 10 they will start IRC bots or another process that phones home and the botnet operator can use them as he pleases. An IRC bot is not the goal, it is a means to control many such compromised servers at once.
Think that running Linux makes you invulnerable? It doesn't. Linux servers are vulnerable if only due to the large amounts of unmaintained boxes out there. A compromised Linux box is much more useful to a botnet operator than a Windows box, simply because the former will stay online 24/7 and is likely on a high-speed network.
There are companies out there that sell pre-loaded Linux boxes to SMB's as a black-box, not understanding that without maintenance or a proper firewall those boxes will be compromised within a few years. The SMB employees wonder why their network connection is so slow, blaming their computers, while the compromised box pumps out spam as fast as it can... *shiver*
Linux, Windows, BSD or OS X: be vigilant, install updates regularly and check your security.
I've been using Trac for quite a while now, decent ticketing system for bugs & tasks combined with a wiki for everything else. Nice and simple.
From what you mention most of your requirements can be filled with the default install. Only subtasks might be tricky depending on what you want exactly, as I haven't needed to set up a hierarchy of tasks myself. Maybe one of the plugins would do the trick. YMMV.
Bring on the AC Winer-hate!
The Twitter API is nothing more than a REST implementation. Seriously, how can you compare the Twitter API with XML-RPC or SOAP? If you want to rant about the last two, you should have at least compared them with REST. The Twitter API might be far better designed because it offers a limited amount of functionality, versus REST, XML-RPC and SOAP that provide a protocol to implement web-based APIs.
Besides, how should I know what POSTing to /statuses/update means: the "Twitter API RPC protocol" doesn't support schemas either!
It seems like you only have to chuck in a couple of acronyms for the mods to love you.
It's more Citrix than RDP or NX. You have a Linux server with multiple qemu/kvm instances, each of which are accessed from a client (Linux/Windows).
The advantage is that you can have multiple clients on a single server, push CPU/GPU-intensive display operations to the client and have access to client-side hardware from within the virtualized server instance.
Normally I'd add a RTFA-sneer, but I read through the site and am only moderately sure I got the above correct. Should be very useful for large-scale Linux desktop deployments however: server-side maintenance with client-side display speed & hardware support. In theory.
This really is a pity. During the early days of WoW there were plenty of open world PvP battles between the factions (Crossroads?): they were fun, simple to get involved with, frantic and you end up meeting dozens of new people in the midst of battle. Much more fun than the high-end raiding, IMHO.
They should have promoted this type of pvp (by fixing the numbers issue, having objectives, gaining control over areas) instead of creating separate arena's where you duke it out and impact nothing in the world.
Then again, I've left long ago. Good riddens.
Meeting face to face is more effective, helps you to get to know other people and do business. I agree with you that conferences can be a waste of time & funds, however what counts is the face time _after_ that 2 hour meeting or half-day conference.
The important talks are held after meetings and conferences during drinks and dinner.
Then next time when you figure something out, reply to yourself with the answer. I've done so numerous times and regularly search & find my own posts, and then follow my own advice.
Google doesn't forget as easily as you do.
You're forgetting about Google Gears. I think they've been planning their approach for a while now, with Gears-enabled web apps you wouldn't even notice being offline (that is, until you want to access a document that wasn't cached).
Except that science only requires observation as a postulate and no other 'leaps of faith'. That is the difference between science and religion. Science doesn't expect you to believe in a bearded man on a cloud that watches your every move, or in angels or in eternal damnation. Observation and thought, that's it.
But as long as your religion doesn't condone those slaves in the basement, that's fine with me.
So it is OK for the company to assume an automatic 'yes' decision when no decision was made? This sounds very much like a scam.
It naturally depends on the country you are in but I don't see why customers would have to wade through fine print to discover they will be billed, even if they request the product and don't even touch it. If you haven't made a decision you shouldn't get charged.
The ethical way would be to call such a customer after a month and get a clear yes or no decision, if they haven't reported before. I know, I know, capitalism has nothing to do with ethics and a company should only be in the game to make money but maybe the last few years show that that isn't always a good principle in the long run. If you as a company screw your customers, eventually they will screw you back.
Wealth is what you have that some other entity wants (regardless if that other entity is a person, company or country).
I don't see how such a question would make people uncomfortable, it's the basis of economics.
This is probably the case, MS has dropped XP costs significantly in order to get it pre-installed on cheap netbooks.
I recently sent an OEM Vista Home Premium serial/license back to MSI, they said that the refund would be between $15-$25 which seems reasonable.
MS is pushing Windows 7 hard, but doesn't mind cutting the price of their older products if that keeps them entrenched in the market.
It doesn't matter how good the picture is. This is the point many a photographer forgets when it comes to phone cameras.
It's about being able to get an acceptable picture without having to carry a camera with you. It's about being able to know the time without wearing a watch. It's about being able to set an alarm or add a quick note without needing a separate PDA. It's about being able to check your e-mail without having to carry around a laptop.
Quality doesn't matter, as long as it is good enough to get the job done. I for one like being able to leave my camera at home and still being able to make a quick shot if the occasion arises. Nobody is going to compare them to shots taken with a SLR, and that's perfectly fine.
Even maintaining a relatively light distribution feature-wise isn't a lot easier and anyone claiming installing Linux is hard clearly hasn't tried over the last 5 years. The days of manually having to fix your lilo configuration are over.
Linux is desktop material, look at the countless numbers of Linux-based netbooks before MS got into that market and look at increasingly more systems coming with a Linux distro preinstalled. If Linux is _your_ desktop material, that just depends on your dependence on Windows software.
Google clearly disagrees with you, but it seems to be going the Apple-route: tie the operating system to both the hardware and the services. It will be interesting to see how much of an overlap there will be between Android and Chrome OS.
Perhaps, instead of using corks, we should consider why these populations are "out-of-control" (hint: they're not only countries 'full of brown people') and solve that problem instead?
I totally agree that China's policies have had terrible effects, but even these policies aren't possible in the regions with current high population growth. These are countries where you'd be glad if you had a year without a revolution, drought or war. Government are the guys who won last time and don't give a damn about population growth.
Or they would have had to hand in one of their licenses, which sounds like the more logical solution.
There are other solutions than either merging or 'allowing to fail'. MySQL could be spun off as a separate business, or could be sold to another company.
Anti-competitive laws aren't written for the heck of it, there are cases where the market would be disrupted enough to warrant intervention. Wouldn't everyone here be crying bloody murder if Microsoft bought Mozilla corp?
I had a geography "teacher" in my last years in high school that subscribed to the same teaching method (but with no books, we had to write the exact same text the teacher prepared in advance which he read out loud during the hour, while showing the same text using an overhead projector). While I thoroughly enjoyed geography before we got this robot, our grades and enjoyment soon plummeted after the first few classes.
He went so far that he even made the exact same jokes at certain points during his monologue (easy to verify with other classes/years). He could have put on an audio recording and we wouldn't have known the difference. Creepy stuff.
Determine the language based on the browser but allow the user to override and _make the user-defined settings permanent_.
You still hit the problem of what to do when the user isn't logged in and doesn't have a session, but accept-languages should be your main clue, not geo-ip. Django's i18n gets the job done properly in this aspect.
If you can provision 30k CPUs, sure. As mentioned in the article this type of password cracking is trivially parallel.
On a national level it wouldn't be a problem, but don't forget that international data roaming charges are insane (EUR 2/MB for me). That would make downloading games rather expensive.
I have no doubt that Nintendo would be able to strike a much better deal, but with 200MB DS games out there they will have to get quite a bargain if they want to make this cost-effective internationally.
They already do. How do you think they block non-US viewers?
The problem is that US-centric advertisers don't want to target someone in Kazakhstan and that Hulu doesn't want to jump through hoops licensing their content to each and every country.
Hadn't expected them to actively block VPN services though.
Over the past few years quite a few criminal cases were lost exactly because of this problem. In Amsterdam a huge case against Hell's Angels went south in 2007 (everyone was set free) because they didn't destroy tapped recordings with attorneys. Last year it happened again (dutch links, sorry).
I hope someone got canned because of this, but given our incompetent justice department I really can't see that happening. Phone tapping has reached epidemic proportions over here (highest number of taps per person in the western world), as it's much easier than actually investigating a case based on given evidence.
Funny that this is the second article on our incapable justice system within a day on /., go us \o/