This. While the teacher is certainly entitled to her own opinions, and even to speak privately about them with uninvolved parties, posting things like this publicly is a gross breach of professionalism. The teacher/student relationship doesn't really have anything to do with it; the same would apply between bosses and workers, professionals of other types and their clients, or even coworkers in a business setting.
Or, to put it another way: I have no sympathy for those with no discretion.
I'm fairly green when it comes to the security game, but wasn't the purpose of the salting to avoid the issue we saw with Gawker in that once you figured out Bob's unsalted password "password" hashed to "5f4dcc3b5aa765d61d8327deb882cf99" you suddenly has the credentials for X other users that all used "password" as their password as well? Where if the password had been salted all the hashes would be different and they would have had to brute force each one?
That's correct. Salts do not make any individual password any harder to crack. They just make it so that an attacker can't take a shortcut by cracking one password and then looking for identical hashes.
If the hacker has root access to your machine and has access to the encrypted passwords, salts and your code... it sort of seems like a given that you are (a) screwed and (b) they can brute-force the passwords with a much higher success rate.
Um... I don't know what computational world you live in where requiring TWO dictionary attacks is merely doubling the effort required.
This one. Running an algorithm twice means double the effort spent, at least in terms of time (assuming that the password and salt are the same length). You could get the same effectiveness by adding a single bit to the salt, which then could be said require two attacks: one assuming that the salt bit is 0 and one assuming that it is 1. Add another bit to the salt, and you need four attacks, one each for 00, 01, 10, and 11. Add a third bit to require eight attacks, and so on. This is why salts are effective.
However, you're right that encrypting the salt with the password renders the salt useless: finding the salt will give you the password, and vice versa. You could get somewhat more mileage by encrypting the salt using some other key than the password -that way, finding one won't give you the other- but you still don't gain very much by doing so. You'd likely gain more, even if the salt is stored in the clear, by adding another byte to it.
Disclaimer: I'm not a lawyer. But as I understand things, code incorporated into GPL code only becomes GPL if it isn't already under some other license that doesn't conflict with the GPL (this is the whole "GPL-compatibility" thing). BSD-licensed code doesn't conflict with the GPL, so it doesn't become GPL, though to avoid confusion it should be clearly marked as being under a different license.
If the DM was giving out orders, then it sounds like he was a really bad DM. Either that, or there really was a gang that tried (poorly) to mask its operations as a D&D session.
Brings new meaning to the term "railroading," I guess.
There's only no conflict if you either keep your subsets straight or proceed broaden things very carefully. Anti-religious arguments are easy to narrow into anti-Christian ones, but broadening specifically anti-Christian arguments into anti-religious ones can be considerably more difficult. Most Internet attempts to do so end in failure, making the whole argument look like it was written by a teenager -possibly a very smart one- looking to piss off his parents because they made him go to church too often.
Game-movies and movie-games make about as much sense as building a statue out of paint: sure, you can do it, but you're not using the medium the way it works best. Games and movies are suited to entirely different kinds of stories, neither one superior nor inferior to the other, merely different. Shoehorning one into the other seldom if ever works well. This is not an issue of respect or dominance, it's about round pegs and square holes.
But why should us lower classes have to go begging to some rich guy just to get what they need?
Because if you're not going to pull enough of your own weight to get what you need, then the other option is to live off of the goodwill of those who do. What entitles you to an illusion of a third option?
Alas, no. While "our enemies" do in fact hate our freedoms (having learned long ago that free people reject their unique brand of insanity), they also very explicitly want to be in charge, which puts them directly at odds with the TSA.
Although profiling is effective, there are some douchebag law-enforcement officers -stereotypically mostly in the South, but when hear their victims talk it becomes apparent that they're pretty much everywhere- who ruin profiling for everyone, even the honest law-enforcement officers. We need other methods, because abuse of profiling in the US has been way too great in recent years to trust law enforcement to do it properly.
That's not to say that current methods are any better: they aren't, and should be discarded summarily. But a move to profiling just isn't going to work; a third option has to be found.
The alternative should be to dismantle the TSA, put every single person who works for it on trial for treason, and have them executed.
The third can't happen, because the second wouldn't convict anybody. According to the Constitution you and I use to argue against them, only two things constitute treason: acts of war against the US, or aiding and abeting those who commit such acts. For all that can be said about the TSA, and pretty much all of it is bad, they still haven't managed to do either of these things yet, so there is no treason involved.
I applaud you for looking into the abyss, but the abyss is looking back into you, and you are letting it win. If you want to be better than what you're fighting, that starts with respecting their rights even if they do not respect yours.
Why take the trouble to break off a leg when using the whole chair is almost as effective? Even most student desks nowadays are light enough to be effective, if rather awkward, weapons.
But this is little more than the next logical step proceeding forward from a paralyzing, irrational fear of weapons and conflict.
First of all, "one way" doesn't necessarily mean they die. We could send a hell of a lot of unmanned supply dumps for the cost of upgrading from one-way to a round trip ticket.
...and this is, for me, the clincher. Send a bunch of people, and start sending mining, refinery, and manufacturing supplies. First order of business: build a spaceport and a ship (again, one-way) that can get the people back to Earth. You might still be able to do this for less than the cost of a single ship with supplies for a round-trip journey, and once two-way travel has been established, things become MUCH easier.
You might even be able to reuse the "one-way" ship, saving on costs even further. Send the supplies for the return journey on an unmanned mission (which should be FAR less expensive than sending them with the colonists), stock the ship, and use the newly-built Martian spaceport to re-launch it and get people back home.
Second, we would have no shortage of volunteers for such a mission even if it did mean certain death - Hell, I'd jump at the chance in a heartbeat.
If it meant certain death, I'm not so sure I'd do it. I wouldn't necessarily object to not being able to return to Earth, but I would at least want a decent shot at a normal lifespan.
I'd feel a lot better about this if Microsoft weren't the one writing so many of the tests. As things stand, it smells an awful lot like the fox guarding the hen house.
There was a hole in freedom of speech that needed to be corrected. It now falls to Congress to find another way to achieve the desired goal, this time while actually respecting freedom of speech. Transparency is one possible solution.
Not quite. They did indeed ditch Communicator because it had become bloated and slow, but that's where you diverge. "Mozilla," as it was then called, eventually also became bloated and slow. Mozilla 0.6 eventually became Netscape 6, and if the idea of shipping a production product and major brand risk based on an 0.6 release of software sounds strange to you, well, let's just say there's a reason for that and Netscape learned it the hard way. This older code base, plus incremental improvements over time, survives as Seamonkey.
"Mozilla Browser" was an attempt to create a new browser from the Mozilla core: "just a browser," hence the name. This code base eventually became Phoenix, then Firebird, and most recently Firefox.
Is that considerate, or really creepy? First you get your laptop stolen, then you get proof that the thief was rifling through your data and evidently thought some of it was important enough to back up and send to you at their own expense. I don't know if 'hope' is the right word to express what I'd be feeling.
OK, so apparently the idea behind the "Works with Windows" and "Made for Mac," and similar being incompatible is that a user might think that the hardware requires these pieces of proprietary software. However, wouldn't the FSF's endorsement itself be sufficient clarification that this isn't the case? This seems more a matter of ego-stroking, much in the same way that they insist on the "GNU/Linux" name as another condition of endorsement when there is, in all likelihood, precisely one person on the planet who cares about the difference.
I'd admonish the FSF that injecting petty politics into what should be a technology-based endorsement doesn't do anybody any favors, but frankly, I'm not sure I have to. These two requirements alone will ensure that nobody ever applies for this thing.
Slashdot Mirror
This. While the teacher is certainly entitled to her own opinions, and even to speak privately about them with uninvolved parties, posting things like this publicly is a gross breach of professionalism. The teacher/student relationship doesn't really have anything to do with it; the same would apply between bosses and workers, professionals of other types and their clients, or even coworkers in a business setting.
Or, to put it another way: I have no sympathy for those with no discretion.
I'm fairly green when it comes to the security game, but wasn't the purpose of the salting to avoid the issue we saw with Gawker in that once you figured out Bob's unsalted password "password" hashed to "5f4dcc3b5aa765d61d8327deb882cf99" you suddenly has the credentials for X other users that all used "password" as their password as well? Where if the password had been salted all the hashes would be different and they would have had to brute force each one?
That's correct. Salts do not make any individual password any harder to crack. They just make it so that an attacker can't take a shortcut by cracking one password and then looking for identical hashes.
If the hacker has root access to your machine and has access to the encrypted passwords, salts and your code... it sort of seems like a given that you are (a) screwed and (b) they can brute-force the passwords with a much higher success rate.
Yeah, pretty much.
Um... I don't know what computational world you live in where requiring TWO dictionary attacks is merely doubling the effort required.
This one. Running an algorithm twice means double the effort spent, at least in terms of time (assuming that the password and salt are the same length). You could get the same effectiveness by adding a single bit to the salt, which then could be said require two attacks: one assuming that the salt bit is 0 and one assuming that it is 1. Add another bit to the salt, and you need four attacks, one each for 00, 01, 10, and 11. Add a third bit to require eight attacks, and so on. This is why salts are effective.
However, you're right that encrypting the salt with the password renders the salt useless: finding the salt will give you the password, and vice versa. You could get somewhat more mileage by encrypting the salt using some other key than the password -that way, finding one won't give you the other- but you still don't gain very much by doing so. You'd likely gain more, even if the salt is stored in the clear, by adding another byte to it.
Disclaimer: I'm not a lawyer. But as I understand things, code incorporated into GPL code only becomes GPL if it isn't already under some other license that doesn't conflict with the GPL (this is the whole "GPL-compatibility" thing). BSD-licensed code doesn't conflict with the GPL, so it doesn't become GPL, though to avoid confusion it should be clearly marked as being under a different license.
If the DM was giving out orders, then it sounds like he was a really bad DM. Either that, or there really was a gang that tried (poorly) to mask its operations as a D&D session.
Brings new meaning to the term "railroading," I guess.
There's only no conflict if you either keep your subsets straight or proceed broaden things very carefully. Anti-religious arguments are easy to narrow into anti-Christian ones, but broadening specifically anti-Christian arguments into anti-religious ones can be considerably more difficult. Most Internet attempts to do so end in failure, making the whole argument look like it was written by a teenager -possibly a very smart one- looking to piss off his parents because they made him go to church too often.
Don't forget the anti-Christian rhetoric poorly disguised as anti-religious-in-general rhetoric. That's popular too these days.
Quite well, actually. And at least in the title of this article, they're even used correctly.
Game-movies and movie-games make about as much sense as building a statue out of paint: sure, you can do it, but you're not using the medium the way it works best. Games and movies are suited to entirely different kinds of stories, neither one superior nor inferior to the other, merely different. Shoehorning one into the other seldom if ever works well. This is not an issue of respect or dominance, it's about round pegs and square holes.
But why should us lower classes have to go begging to some rich guy just to get what they need?
Because if you're not going to pull enough of your own weight to get what you need, then the other option is to live off of the goodwill of those who do. What entitles you to an illusion of a third option?
Alas, no. While "our enemies" do in fact hate our freedoms (having learned long ago that free people reject their unique brand of insanity), they also very explicitly want to be in charge, which puts them directly at odds with the TSA.
Although profiling is effective, there are some douchebag law-enforcement officers -stereotypically mostly in the South, but when hear their victims talk it becomes apparent that they're pretty much everywhere- who ruin profiling for everyone, even the honest law-enforcement officers. We need other methods, because abuse of profiling in the US has been way too great in recent years to trust law enforcement to do it properly.
That's not to say that current methods are any better: they aren't, and should be discarded summarily. But a move to profiling just isn't going to work; a third option has to be found.
The alternative should be to dismantle the TSA, put every single person who works for it on trial for treason, and have them executed.
The third can't happen, because the second wouldn't convict anybody. According to the Constitution you and I use to argue against them, only two things constitute treason: acts of war against the US, or aiding and abeting those who commit such acts. For all that can be said about the TSA, and pretty much all of it is bad, they still haven't managed to do either of these things yet, so there is no treason involved.
I applaud you for looking into the abyss, but the abyss is looking back into you, and you are letting it win. If you want to be better than what you're fighting, that starts with respecting their rights even if they do not respect yours.
Why take the trouble to break off a leg when using the whole chair is almost as effective? Even most student desks nowadays are light enough to be effective, if rather awkward, weapons.
But this is little more than the next logical step proceeding forward from a paralyzing, irrational fear of weapons and conflict.
First of all, "one way" doesn't necessarily mean they die. We could send a hell of a lot of unmanned supply dumps for the cost of upgrading from one-way to a round trip ticket.
...and this is, for me, the clincher. Send a bunch of people, and start sending mining, refinery, and manufacturing supplies. First order of business: build a spaceport and a ship (again, one-way) that can get the people back to Earth. You might still be able to do this for less than the cost of a single ship with supplies for a round-trip journey, and once two-way travel has been established, things become MUCH easier.
You might even be able to reuse the "one-way" ship, saving on costs even further. Send the supplies for the return journey on an unmanned mission (which should be FAR less expensive than sending them with the colonists), stock the ship, and use the newly-built Martian spaceport to re-launch it and get people back home.
Second, we would have no shortage of volunteers for such a mission even if it did mean certain death - Hell, I'd jump at the chance in a heartbeat.
If it meant certain death, I'm not so sure I'd do it. I wouldn't necessarily object to not being able to return to Earth, but I would at least want a decent shot at a normal lifespan.
I'd feel a lot better about this if Microsoft weren't the one writing so many of the tests. As things stand, it smells an awful lot like the fox guarding the hen house.
The indirection problem is easily solved through basic recursion. Through its support of Corporation C, Corporation B is engaged in electioneering.
Expressions of support for a candidate, including material support, is political speech. What part of this is so hard to understand?
This. There are ways to achieve the desired result while still respecting free speech. They should be used.
There was a hole in freedom of speech that needed to be corrected. It now falls to Congress to find another way to achieve the desired goal, this time while actually respecting freedom of speech. Transparency is one possible solution.
Not quite. They did indeed ditch Communicator because it had become bloated and slow, but that's where you diverge. "Mozilla," as it was then called, eventually also became bloated and slow. Mozilla 0.6 eventually became Netscape 6, and if the idea of shipping a production product and major brand risk based on an 0.6 release of software sounds strange to you, well, let's just say there's a reason for that and Netscape learned it the hard way. This older code base, plus incremental improvements over time, survives as Seamonkey.
"Mozilla Browser" was an attempt to create a new browser from the Mozilla core: "just a browser," hence the name. This code base eventually became Phoenix, then Firebird, and most recently Firefox.
Is that considerate, or really creepy ? First you get your laptop stolen, then you get proof that the thief was rifling through your data and evidently thought some of it was important enough to back up and send to you at their own expense. I don't know if 'hope' is the right word to express what I'd be feeling.
I think the grandparent meant to say that science makes no value judgments, as opposed to saying that it has no value.
OK, so apparently the idea behind the "Works with Windows" and "Made for Mac," and similar being incompatible is that a user might think that the hardware requires these pieces of proprietary software. However, wouldn't the FSF's endorsement itself be sufficient clarification that this isn't the case? This seems more a matter of ego-stroking, much in the same way that they insist on the "GNU/Linux" name as another condition of endorsement when there is, in all likelihood, precisely one person on the planet who cares about the difference.
I'd admonish the FSF that injecting petty politics into what should be a technology-based endorsement doesn't do anybody any favors, but frankly, I'm not sure I have to. These two requirements alone will ensure that nobody ever applies for this thing.
I bought one share of Apple stock back in September 2001, when it was trading at about $20. The stock has split since then, so I now have two shares.
Hearing this news, I really wish I'd bought more.