Apparently you've never met my ex's lawyer! *received a "brief" big enough to completely fill my slightly larger than normal mailbox once*
(and they call them BRIEFs.. boggle)
so you replace their password data with passwords that MD5 to the same thing, but they are not the same thing. Boom, suddenly no one can login to the box. Sounds like that could be pretty devastating, too.
Well, obviously, the algorithm for MD5 is known, therefore, it would be relatively easily to write a program for a computer that would determine what would be necessary to build a different file with the same MD5-sum. Poisoning a torrent or P2P program would be an easy thing to do. Making a program that erases everything on your disk have the same MD5-sum as say, an IRC client, would take a little more work.
The only way to avoid it is to straight byte-compare the files. An EASY way to make it less of a pain in the ass, if someone were to go about writing a program that would make spoofing MD5-sum files easy, would be to compare a random sampling of say, 1/10th of the bytes in the file. That's something that the bittorrent and P2P software would be able to handle easily, communicating back and forth between them, and letting some person on one end or the other know that their files are fuct.
It seems that MD5-sums are more of a "human readable" way to get a quick comparison of wether two files are supposed-to-be-identical or not. However, though it is slightly more difficult to defeat than older methods, it's not all -that- difficult. So, since the P2P programs have no need for "human readable" ways to compare the files, as they can communicate between each other and determine the differences, we really don't have much of a need for MD5sum anymore.
well, yeah, i forgot about gentoo, gentoo is sort of a "define exactly what you want" thing, though.. from what i understand, having not used it, that might be the way to go, to avoid having all the garbage that I don't need.. but requires a lot more time to invest to getting it up and running.. ?
actually, i haven't even managed to get my debian box to ever auto-configure it's network interface at all.. i defined the configuration when i ran the installation, but it always says "failed to bring up eth0"..
is there a functioning Linux distribution that DOESN'T come with a fully functioning DHCP server preinstalled, that you have to kill if you have more than one box on your network?? I don't think so..
at least, after installing three Fedora boxes and a Debian box on my network, I had a hell of a time getting my networking to work on the systems, until I realised that without asking me, all of them installed a function DHCP client and server..
Why is it that, it's yesterday for west coast, in freaking March, for upper midwest, October next year for lower midwest, and mid-2006 for the east coast/territories?
This is just some seriously dumb bullshit. Besides, you are entitled to a free credit report from an agency when someone turns you down for credit purposes, and the price of a credit report is set to not exceed $9 by federal law.
Another way to get a free credit report is to go to progressive.com (yes, the insurance people) and ask for an online quote for insurance. If you give them permission to run your credit, they will then have you qualified to get the free information from the bureau.
Now, on the other hand, since there are three different credit bureaus, you're still basically fucked. You get one free one, you gotta pay for the other two. So, it really doesn't matter.
It's because cellos (and "not upright" basses) have 4 strings, and you have 4 fingers to play them with. The looneys that play 6-string guitars.. well.. you just can't play them right, when you have four fingers.
Untrue, there's not anything even remotely resembling "universal health coverage" that will ever make it to even a Senate VOTE, let alone get yays or nays. The industry would never let it happen.
eh, my grandmother was told in 1981, just after my mother died, that her stomach and ovarian cancer would kill her "within about 6-8 months". Her doctor went into the Peace Corp, and died of apparently absolutely nothing while working in a field, about 6 months after telling her that.
My grandmother passed away 4 weeks after I graduated from High School, in 1994.
She always attributed it to that when my mother told her that she "didn't think she was coming back" the last time mother went to the hospital, mother had made grandmother promise "to make sure that my kids make it through school". And she did. Didn't make it two days past actually getting my diploma in the mail, though.
Hope and determination work in mysterious ways. People call that God. I call it "hope and determination".
(the article says it's because of the power of prayer that she appears to be recovering.. but.. it's because she's in Wisconsin. And there's so much CHEESE!)
the kernel updates require binutils updates, modutils updates, lib updates, so on so forth. Then, once you update that, then you have to start updating all the other software as the new libs break the old software, and at some point you'll have replaced a large quantity of the software on th machine
When WOW cable stops fucking around with my Internet access, I should design a packaging system that actually does this. Specify the types of files (and a system to attempt to determine what they are if they aren't specified) in some sort of human readable text file, then have the installer figure out where the fark they go.
Aside from development, all I've used my computers for for about the last 10 years has been:
IM, Chat, Email, Web, Poker, Quake (1/2/3)
I haven't even loaded a word processor in at least that long. (my ten year high school reunion is coming up this week.. so probably more like 12 years)
EXACTLY correct. The versioning system is there, but the package managers defeat it all! When you install a program that depends on/lib/libA.so.2, then a program that depends on/lib/libA.so.3, the package manager goes and picks up libA.so.3, which requires removal of libA.so.2, so it removes that, and now it has to remove your first program, because that has now had it's dependency removed.
exactly. That's what I was complaining about. A proper installer, in a system that is designed to have everything centrally located (ie,/usr/lib,/usr/doc,/usr/share, etc) should automatically determine, by the files included in the package, where the files go, and what the heck to do with them.
The installer should be distribution specific, not the packages!
Slashdot Mirror
Apparently you've never met my ex's lawyer! *received a "brief" big enough to completely fill my slightly larger than normal mailbox once*
(and they call them BRIEFs.. boggle)
so you replace their password data with passwords that MD5 to the same thing, but they are not the same thing. Boom, suddenly no one can login to the box. Sounds like that could be pretty devastating, too.
Well, obviously, the algorithm for MD5 is known, therefore, it would be relatively easily to write a program for a computer that would determine what would be necessary to build a different file with the same MD5-sum. Poisoning a torrent or P2P program would be an easy thing to do. Making a program that erases everything on your disk have the same MD5-sum as say, an IRC client, would take a little more work.
The only way to avoid it is to straight byte-compare the files. An EASY way to make it less of a pain in the ass, if someone were to go about writing a program that would make spoofing MD5-sum files easy, would be to compare a random sampling of say, 1/10th of the bytes in the file. That's something that the bittorrent and P2P software would be able to handle easily, communicating back and forth between them, and letting some person on one end or the other know that their files are fuct.
It seems that MD5-sums are more of a "human readable" way to get a quick comparison of wether two files are supposed-to-be-identical or not. However, though it is slightly more difficult to defeat than older methods, it's not all -that- difficult. So, since the P2P programs have no need for "human readable" ways to compare the files, as they can communicate between each other and determine the differences, we really don't have much of a need for MD5sum anymore.
Make sense?
Isn't 0.11 higher than 0.5??
Oh, that's right, that's only if you're talking about version numbers of software that open source developers write...
What is "Ken Jennings is out to make some more cash?"
well, yeah, i forgot about gentoo, gentoo is sort of a "define exactly what you want" thing, though.. from what i understand, having not used it, that might be the way to go, to avoid having all the garbage that I don't need.. but requires a lot more time to invest to getting it up and running.. ?
..
actually, i haven't even managed to get my debian box to ever auto-configure it's network interface at all.. i defined the configuration when i ran the installation, but it always says "failed to bring up eth0"
is there a functioning Linux distribution that DOESN'T come with a fully functioning DHCP server preinstalled, that you have to kill if you have more than one box on your network?? I don't think so..
at least, after installing three Fedora boxes and a Debian box on my network, I had a hell of a time getting my networking to work on the systems, until I realised that without asking me, all of them installed a function DHCP client and server..
(Linux distribution install programs suck)
wow, awesome my first ever -1 moderated post.. yay..
boobies!
see topic
Why is it that, it's yesterday for west coast, in freaking March, for upper midwest, October next year for lower midwest, and mid-2006 for the east coast/territories?
This is just some seriously dumb bullshit. Besides, you are entitled to a free credit report from an agency when someone turns you down for credit purposes, and the price of a credit report is set to not exceed $9 by federal law.
Another way to get a free credit report is to go to progressive.com (yes, the insurance people) and ask for an online quote for insurance. If you give them permission to run your credit, they will then have you qualified to get the free information from the bureau.
Now, on the other hand, since there are three different credit bureaus, you're still basically fucked. You get one free one, you gotta pay for the other two. So, it really doesn't matter.
well, yes, it is offtopic, but it's very pertinent to slashdot, so i don't think it deserves a moderation, jerkoff.
some changes to html here have caused this article to seriously screw up browsing slashdot in Opera
It's because cellos (and "not upright" basses) have 4 strings, and you have 4 fingers to play them with. The looneys that play 6-string guitars .. well.. you just can't play them right, when you have four fingers.
Just curious, does anyone think this is bad? or is this thread going to consist of 300 "I think this is just fine" "Me too" "me three" .. "me 300" ?
At least one of the candidates did promise us SOMETHING positive, whereas the other only promised us years of death and destruction.
Unfortunatly, we ended up with the latter.
Untrue, there's not anything even remotely resembling "universal health coverage" that will ever make it to even a Senate VOTE, let alone get yays or nays. The industry would never let it happen.
Citadel/UX probably has all of this stuff now, though I haven't looked at it for anything but BBS usage.. and PHPGroupWare.
eh, my grandmother was told in 1981, just after my mother died, that her stomach and ovarian cancer would kill her "within about 6-8 months". Her doctor went into the Peace Corp, and died of apparently absolutely nothing while working in a field, about 6 months after telling her that.
My grandmother passed away 4 weeks after I graduated from High School, in 1994.
She always attributed it to that when my mother told her that she "didn't think she was coming back" the last time mother went to the hospital, mother had made grandmother promise "to make sure that my kids make it through school". And she did. Didn't make it two days past actually getting my diploma in the mail, though.
Hope and determination work in mysterious ways. People call that God. I call it "hope and determination".
Behold.. the power of... CHEESE!
(the article says it's because of the power of prayer that she appears to be recovering.. but.. it's because she's in Wisconsin. And there's so much CHEESE!)
happens to me every time i run 'apt-get dist-upgrade' ..
the kernel updates require binutils updates, modutils updates, lib updates, so on so forth. Then, once you update that, then you have to start updating all the other software as the new libs break the old software, and at some point you'll have replaced a large quantity of the software on th machine
note to self:
When WOW cable stops fucking around with my Internet access, I should design a packaging system that actually does this. Specify the types of files (and a system to attempt to determine what they are if they aren't specified) in some sort of human readable text file, then have the installer figure out where the fark they go.
Aside from development, all I've used my computers for for about the last 10 years has been:
IM, Chat, Email, Web, Poker, Quake (1/2/3)
I haven't even loaded a word processor in at least that long. (my ten year high school reunion is coming up this week.. so probably more like 12 years)
EXACTLY correct. The versioning system is there, but the package managers defeat it all! When you install a program that depends on /lib/libA.so.2, then a program that depends on /lib/libA.so.3, the package manager goes and picks up libA.so.3, which requires removal of libA.so.2, so it removes that, and now it has to remove your first program, because that has now had it's dependency removed.
exactly. That's what I was complaining about. A proper installer, in a system that is designed to have everything centrally located (ie, /usr/lib, /usr/doc, /usr/share, etc) should automatically determine, by the files included in the package, where the files go, and what the heck to do with them.
The installer should be distribution specific, not the packages!