If you consider that poverty level then there is something wrong with you. I don't care where you live, $100k is enough money that you don't have to worry about your day to day life. Maybe you can't buy a second sports car or live in that sweet downtown loft, but you won't have the kind of financial insecurity that the majority of people in the US do.
What do you want exactly? It's a job that requires just a bachelor's degree, and sometimes not even that. And you already make 3-4 times what a teacher with an advanced degree does, or a nurse.
That's not really the point though. $100k+ for an undergraduate degree (if that) is no pittance. In fact, it puts you in the top 3% in the United States. Not the vaunted 1%, for sure, but certainly no reason to complain.
Yes, the CPU executes all of them like I said. The "you" in this is the computer. It executes obliviously (think homomorphic encryption, but hiding even the circuit) so that someone with the key can recover the correct output but the entity doing the computation doesn't know what it actually computed.
Ummm... I don't know about you but I would be fine with the person being scared off and, you know, not attempting to murder me. Especially if the alternative is being used as bait by an incompetent police force.
What they are trying to construct (and at least partially succeeding), though, is a cryptographic construct whereby you can feed input in one end and "iterate" the computation, but not know what computation you are actually doing. Imagine that every time you do any operation on two variables, you actually do all possible operations (i.e. multiply, add, shift, etc.) and only one output is stored. The trick is that which one is actually kept is hidden from you cryptographically. That is a very crude metaphor for what they are doing, I suggest reading the paper for the details. It's actually very well written. The point is, however, that this technique is much more complicated and more powerful than obfuscation that people are traditionally familiar with, and it really does have the potential to do what you describe as being impossible.
Except they are not talking about "security through obscurity" they are talking about a very specific kind of cryptographic program obfuscation. It is not at all the same.
You can't sanitize anything, the web server sets the environment variables (based on the HTTP request) before your script can even run. Just invoking the shell causes the arbitrary code it execute. So maybe it is a problem with CGI or the Apache server, but that is how the standard was written and they are not doing anything "wrong".
The proper analogy would be if there was some magic string you could pass to your SQL server that would cause it to erase your entire hard drive. That is a problem with the SQL server, not with sanitizing inputs. The same thing is happening here with bash.
What are you talking about? It is completely factual and a valid point. Apple currently bundles 3.2.51, which is licensed under GPLv2. The patched version of bash is the new 4.3.25, which is licensed using GPLv3. Including it would change the license they are using, which I imagine takes some consideration.
If it weren't true, it would come out eventually in a trial where the keys were obtained from Apple. At that point, it seems like they would have opened themselves up to a huge lawsuit for publicly claiming a feature that they knew they did not have.
If by that you mean "all of us" because that is the case right now. The fact that you got +5 insightful is real proof that people around here are not as good at math as they think they are.
64-bit keys are considered pretty weak, but not trivial to break, so lets assume that you have a computer so fast you can break one of those keys every second, i.e. it does 2^64 key checks per second. Don't worry about the fact that it would take a computer a million times faster than the fastest super computer in existence now to do that, we're just estimating. Now, even with that ridiculously awesome super computer, it would still take you 10 times the lifetime of the universe to break a 128-bit key. So unless there is some theoretical break on the cipher, 128 bits is secure for a very, very long time to come.
What, do you think the outcome of this is that the police are going to start going around forcing you to make friends with women? You can be as much of an asshole as you want. But other people are equally free to call you out for it.
Sure, there are lots of forms of vegetable protein. Particularly, seitan has three times more protein by weight than steak. And of course all kinds of oils are vegetarian (olive, avocado, sunflower, coconut, etc). Just avoid pasta, bread and rice basically.
lolwut? That's your takeaway? That you can call women bitch, slut, whore and expect them to do what you want because you are a man, be available sex objects to you, but at least you aren't being violent. That would be messed up.
Those are from Spencer's, which has over 600 actual stores, not some obscure internet brand. And I have personally seen someone wearing at least 3 of those shirts in public.
And no one is saying you can't acknowledge that. But it has been done to death. It is not a defense for the rapist. People for whom their first reaction to hearing a rape accusation is, "well, she shouldn't have been drinking that much/in that situation/wearing that" are a part of the problem. When they feel like they have to say that every time there is a discussion about rape, when everyone already knows, they are a bigger part of the problem. Of course you shouldn't go to a black neighborhood and pick a fight, but when you do and the police come afterwards, they are going to believe you and investigate the crime. Many times women don't even get that.
Are you saying it can't be done or that it is too hard so we just shouldn't try? Because the Mass Effect series would like to have a word with you about gender and complicated character interactions.
Slashdot Mirror
If you consider that poverty level then there is something wrong with you. I don't care where you live, $100k is enough money that you don't have to worry about your day to day life. Maybe you can't buy a second sports car or live in that sweet downtown loft, but you won't have the kind of financial insecurity that the majority of people in the US do.
What do you want exactly? It's a job that requires just a bachelor's degree, and sometimes not even that. And you already make 3-4 times what a teacher with an advanced degree does, or a nurse.
That's not really the point though. $100k+ for an undergraduate degree (if that) is no pittance. In fact, it puts you in the top 3% in the United States. Not the vaunted 1%, for sure, but certainly no reason to complain.
Yes, the CPU executes all of them like I said. The "you" in this is the computer. It executes obliviously (think homomorphic encryption, but hiding even the circuit) so that someone with the key can recover the correct output but the entity doing the computation doesn't know what it actually computed.
Ummm... I don't know about you but I would be fine with the person being scared off and, you know, not attempting to murder me. Especially if the alternative is being used as bait by an incompetent police force.
What they are trying to construct (and at least partially succeeding), though, is a cryptographic construct whereby you can feed input in one end and "iterate" the computation, but not know what computation you are actually doing. Imagine that every time you do any operation on two variables, you actually do all possible operations (i.e. multiply, add, shift, etc.) and only one output is stored. The trick is that which one is actually kept is hidden from you cryptographically. That is a very crude metaphor for what they are doing, I suggest reading the paper for the details. It's actually very well written. The point is, however, that this technique is much more complicated and more powerful than obfuscation that people are traditionally familiar with, and it really does have the potential to do what you describe as being impossible.
Except they are not talking about "security through obscurity" they are talking about a very specific kind of cryptographic program obfuscation. It is not at all the same.
It's just as big of a problem with privilege escalation though, which bash should have been designed to protect against.
You can't sanitize anything, the web server sets the environment variables (based on the HTTP request) before your script can even run. Just invoking the shell causes the arbitrary code it execute. So maybe it is a problem with CGI or the Apache server, but that is how the standard was written and they are not doing anything "wrong".
The proper analogy would be if there was some magic string you could pass to your SQL server that would cause it to erase your entire hard drive. That is a problem with the SQL server, not with sanitizing inputs. The same thing is happening here with bash.
What are you talking about? It is completely factual and a valid point. Apple currently bundles 3.2.51, which is licensed under GPLv2. The patched version of bash is the new 4.3.25, which is licensed using GPLv3. Including it would change the license they are using, which I imagine takes some consideration.
If it weren't true, it would come out eventually in a trial where the keys were obtained from Apple. At that point, it seems like they would have opened themselves up to a huge lawsuit for publicly claiming a feature that they knew they did not have.
If by that you mean "all of us" because that is the case right now. The fact that you got +5 insightful is real proof that people around here are not as good at math as they think they are.
64-bit keys are considered pretty weak, but not trivial to break, so lets assume that you have a computer so fast you can break one of those keys every second, i.e. it does 2^64 key checks per second. Don't worry about the fact that it would take a computer a million times faster than the fastest super computer in existence now to do that, we're just estimating. Now, even with that ridiculously awesome super computer, it would still take you 10 times the lifetime of the universe to break a 128-bit key. So unless there is some theoretical break on the cipher, 128 bits is secure for a very, very long time to come.
Jesus christ, this is like the 10th comment that says the exact same thing. Maybe wait two seconds before you hit that post button?
How can there be video evidence that she doesn't enjoy games? Does it show a video game killing her parents?
What, do you think the outcome of this is that the police are going to start going around forcing you to make friends with women? You can be as much of an asshole as you want. But other people are equally free to call you out for it.
"Wow, that is some high level paranoid thinking...like Hitler, or Willy Wonka." -Jack Donaghy
Sure, there are lots of forms of vegetable protein. Particularly, seitan has three times more protein by weight than steak. And of course all kinds of oils are vegetarian (olive, avocado, sunflower, coconut, etc). Just avoid pasta, bread and rice basically.
lolwut? That's your takeaway? That you can call women bitch, slut, whore and expect them to do what you want because you are a man, be available sex objects to you, but at least you aren't being violent. That would be messed up.
I wasn't trying to prove anything, I was trying to counter your example of how only men are oppressed by dumb t shirts.
Those are from Spencer's, which has over 600 actual stores, not some obscure internet brand. And I have personally seen someone wearing at least 3 of those shirts in public.
And no one is saying you can't acknowledge that. But it has been done to death. It is not a defense for the rapist. People for whom their first reaction to hearing a rape accusation is, "well, she shouldn't have been drinking that much/in that situation/wearing that" are a part of the problem. When they feel like they have to say that every time there is a discussion about rape, when everyone already knows, they are a bigger part of the problem. Of course you shouldn't go to a black neighborhood and pick a fight, but when you do and the police come afterwards, they are going to believe you and investigate the crime. Many times women don't even get that.
Awesome, well said. I knew there was some hope left for Slashdot.
Oh hey, you mean like these twenty t-shirts to your one that I found in two seconds of googling? http://www.buzzfeed.com/donnad...
Are you saying it can't be done or that it is too hard so we just shouldn't try? Because the Mass Effect series would like to have a word with you about gender and complicated character interactions.