Apparently Jupiter isn't big enough to fuse hydrogen It needs to be 75 times more massive to fuse hydrogen and 13 times to fuse deuterium like a brown dwarf
Is it bad that I found it funny you have to type "man abort" to read it, inferring only men can abort? Someone should mandate all distros create an "alias woman=man"
I'm not allowed USB drives at work. If I plug one in, it's blocked. If I really need one to do my job, I get given an encrypted usb drive that requires a pin code.
The news here should be IBM is late to the party and has been lax about information security.
I sure hope this California based company didn't record these calls in their demo in California, where both parties must provide consent. There's no mention on any of the recorded calls about the call being recorded.
You missed the bit where I said "or has managed to obtain a trusted certificate for the domain"
You're also ignoring the point where if that happens, the credentials do not get compromised. The attack can only happen while the MITM is in the middle to initiate the session.
If you were building a service that required high security, you'd also make any secure actions require a new authentication to be performed. I had a bank once that sent out hardware tokens. You needed a code from the token to login. You also needed to enter a challenge number into the token and then enter the response if you did any action that could lose you money - transfer to external accounts, set up direct debit authorities, change personal details, etc.
There was no password ever entered in to their website, only a hardware token and PIN number for the token.
This is basically the same thing, except instead of me entering the numbers into the token and typing them in the browser, it's an API, where I still give physical authorisation for each request.
Most (read: all) organisations I've worked for have two sets of production servers. Prod and DR. Software updates and patches only happen to one at a time, until it has been proven good. If there's a failure, there's almost no down-time as the server roles are switched.
Because the fake website also needs to present a trusted certificate for the domain the credentials are associated with. They also don't get given the credentials either. They get given a signature.
The hardware stores different certificates for each site. The private keys aren't required to be exported anywhere.
When you register your hardware device with your account, you're only sharing the public key of a new unique private/public key pair..
If the man in the middle has stolen the private key of the servers certificate or has managed to obtain a trusted certificate for the domain and hijacked your DNS.
Even then, the man in the middle would not obtain access to the credentials, they would only have access to an authenticated session. If you were using a password, the man in the middle would get the password too.
Just as well this is just a generic API for private key authentication then. Any biometric part of it doesn't share the biometric data. It only uses it to unlock a private key.
Someone with access to the host machine does not have access to the private key. The private key stays on the authentication device. Data goes in to it, signed or encrypted data comes out of it. The private key stays just that - private.
You can't replay responses either, as the data going in to the device is randomly generated by the server requesting authentication.
I wish I hadn't commented here so I could mod the parent post down. null etc. doesn't even realise Excel ha always used floating point arithmetic internally, so it's a benefit that JavaScript also uses IEEE 754 floating point.
It's like an incremental upgrade to the Kinect hardware that instead of buying the whole thing, you buy half of it and are forced to rent the other half from a single provider that will leave your hardware useless as soon as you (or they) cancel the service.
Slashdot Mirror
Apparently Jupiter isn't big enough to fuse hydrogen
It needs to be 75 times more massive to fuse hydrogen and 13 times to fuse deuterium like a brown dwarf
Don't expect a reply.
Over 300 story submissions and only 8 comments, none in the last two years.
email
What about those of us without a freakin' internet connection?
Last time I worked at a bank, I put an easter egg in the software.
Is it bad that I found it funny you have to type "man abort" to read it, inferring only men can abort?
Someone should mandate all distros create an "alias woman=man"
Here comes the fun police.
Time to remove all jokes from the internet.
What's next? The Teapot protocol? Avian carriers?
I'm not allowed USB drives at work. If I plug one in, it's blocked.
If I really need one to do my job, I get given an encrypted usb drive that requires a pin code.
The news here should be IBM is late to the party and has been lax about information security.
I sure hope this California based company didn't record these calls in their demo in California, where both parties must provide consent. There's no mention on any of the recorded calls about the call being recorded.
You missed the bit where I said "or has managed to obtain a trusted certificate for the domain"
You're also ignoring the point where if that happens, the credentials do not get compromised. The attack can only happen while the MITM is in the middle to initiate the session.
If you were building a service that required high security, you'd also make any secure actions require a new authentication to be performed.
I had a bank once that sent out hardware tokens. You needed a code from the token to login. You also needed to enter a challenge number into the token and then enter the response if you did any action that could lose you money - transfer to external accounts, set up direct debit authorities, change personal details, etc.
There was no password ever entered in to their website, only a hardware token and PIN number for the token.
This is basically the same thing, except instead of me entering the numbers into the token and typing them in the browser, it's an API, where I still give physical authorisation for each request.
Most (read: all) organisations I've worked for have two sets of production servers. Prod and DR.
Software updates and patches only happen to one at a time, until it has been proven good. If there's a failure, there's almost no down-time as the server roles are switched.
If so, it may be illegal in some countries when both parties have not been told the call is being recorded.
Put them in a box and attach a hose to the exhaust pipe of a car.
Because the fake website also needs to present a trusted certificate for the domain the credentials are associated with. They also don't get given the credentials either. They get given a signature.
The hardware stores different certificates for each site. The private keys aren't required to be exported anywhere.
When you register your hardware device with your account, you're only sharing the public key of a new unique private/public key pair..
If the man in the middle has stolen the private key of the servers certificate or has managed to obtain a trusted certificate for the domain and hijacked your DNS.
Even then, the man in the middle would not obtain access to the credentials, they would only have access to an authenticated session.
If you were using a password, the man in the middle would get the password too.
Just as well this is just a generic API for private key authentication then.
Any biometric part of it doesn't share the biometric data. It only uses it to unlock a private key.
Advertising on the internet has been around for longer than the internet.
https://tech.slashdot.org/stor...
For this use case Smart Lock is just a password manager.
Perhaps they don't want to confuse authentication with authorisation.
Authn sounds more like authentication than authorisation.
Someone with access to the host machine does not have access to the private key.
The private key stays on the authentication device. Data goes in to it, signed or encrypted data comes out of it. The private key stays just that - private.
You can't replay responses either, as the data going in to the device is randomly generated by the server requesting authentication.
I wish I hadn't commented here so I could mod the parent post down.
null etc. doesn't even realise Excel ha always used floating point arithmetic internally, so it's a benefit that JavaScript also uses IEEE 754 floating point.
You've listed nothing relevant at all and also demonstrated that you don't know much about Excel.
Excel uses floating point too, just like JavaScript. The same basic type of floating point too, IEEE 754
https://support.microsoft.com/...
Excel doesn't have type safety in its cells either. Or in its current VBA language.
Microsoft isn't embedding a package manager in Excel
Again, Microsoft isn't embedding a package manager in Excel.
Excel used VBA because it's easy to pick up and use. You've listed a pro, not a con.
And you've just demonstrated your inability to function in IT, not knowing that JavaScript and Java are completely different.
Remove custom functions, scripting and macros from Excel.
At the very least, it will stop people building business critical applications as a spread sheet.
On second thought, bring on the JavaScript functions. I make a lot of money replacing spread sheet applications with real ones.
Original 650x480 video, 320x240 depth
V2 1920x1080 video, 512x424 depth
V2 also has a wider field of view but lacks a motor to move it.
It can track more joints and more skeletons.
http://zugara.com/how-does-the...
It's like an incremental upgrade to the Kinect hardware that instead of buying the whole thing, you buy half of it and are forced to rent the other half from a single provider that will leave your hardware useless as soon as you (or they) cancel the service.