You don't need to pay anything to get a certificate. You only need if you want it signed by a major CA. Something with closed membership like the bar association could just publish the fingerprint and have everyone trust the certificate manually.
it might be even wiser.
Yeah, I know I'd be happier with a bar issued certificate than a, say, DigiNotar one.
And with a weird story. It sounds very much like what an American CEO thinks French union worker would talk like if you accused them of working a three hour day.
"wee wee, eet eez ze Frrrrranch way" [twirls thin moustache, drinks some wine and eats some cheese]
In particular because they should recognise that the customer has all the power there. I normally won't cancel a service I'm using because I'm using it so it takes a lot to make me cancel. If I can't use the service, though, they should recognise how fragile their hold on me is.
MVP and F2P eventually passed into regular industry jargon along with a boat load of other terms. Most every company involved in the space now talks about DAU, LTV, ARPU, ARPPU, ARPDAU and even ARPPDAU. They talk about performing cohort analyses. Some of them ask whether they are working on an MVP or an MDP? Most don’t really bother discussing viral K-factors any more, and instead obsess about the CPA of players. These are significant changes for an industry that used to worry more about Metacritic ratings.
Jesus, some executive just had a seizure on that guy's keyboard.
To translate things into terms that the slashdot audience may have an easier time understanding: The failure to reproduce a software bug on the programmer's system is hardly evidence that the software is fine.
It is still quite possible -- even likely -- that the software bug, or flight computer anomaly, is not caused by what the user thinks it was caused by. People are very good at finding patterns, but that includes spurious ones as well as real ones.
Although this is absolutely true, I hope you'll agree that it's not -- by itself -- a good reason to go out and do the thing you think might be causing the problem. It's certainly why we should keep looking for a definite culprit.
This is the problem with sic/tech reporting in the media today. They've made it "their experts say, our experts say". You just have to toss a coin.
The quotes are telling too, though. The FAA never claimed that the power multiplies linearly, just that it's different.
2) is a weird one. Speaking as a plane user, I care about what goes on in the plane. Basically, something anomalous happens on a plane and doesn't in the lab. The obvious solution is we should fly labs everywhere.
Totally agreed. It's a big metal tube, filled with people and god knows what devices in god knows what state of repair and if something bad happens everyone usually dies.
That's not a problem. You would never do any of this on the client end. It's far too easy for someone to strip out the hashing the password stage and replace it with a false "yeah, it worked" signal. Sony did a howler where they implemented a client side CAPTCHA where they sent out the right answer and asked if you'd typed it in. http://cryptogasm.com/2011/07/sony-captcha-fail/
It's might be 1000x slower but, so what? You can afford to take half a second longer. Users generally won't even notice.
Dr_Barnowl puts it very well too. I'm taking his example of a 6 digit password here.
IIRC someone (maybe at Google?) did research that most users will sit for around a second on a login before they start wondering if it's broken, so that gives you a whole second -- billions of processor cycles -- to run anything you want on the single password. An attacker doesn't have the luxury of spending that much time on a single password. For example, a million seconds (000000-999999 @ 1s each) is about a week and a half.
Parallelism helps attackers, really quite a bit -- a single Nvidia GeForce GTX690 has 3072 cores which means that with all cores running you can cut that down to 5 minutes with one graphics card which is why you don't want your hash to be easily run on hugely parallel hardware. The important thing is that trying billions of possibilities in parallel is only something an attacker ever would do. That means you want to make the hash function too big to fit into a GPU core's cache, use instructions that a GPU can't process, lock in some way etc etc.
Slashdot Mirror
You don't need to pay anything to get a certificate. You only need if you want it signed by a major CA. Something with closed membership like the bar association could just publish the fingerprint and have everyone trust the certificate manually.
it might be even wiser.
Yeah, I know I'd be happier with a bar issued certificate than a, say, DigiNotar one.
I'm disappointed about how poorly this joke was received.
Depends how hot your feet were when they touched the ground.
And with a weird story. It sounds very much like what an American CEO thinks French union worker would talk like if you accused them of working a three hour day. "wee wee, eet eez ze Frrrrranch way" [twirls thin moustache, drinks some wine and eats some cheese]
Micron Technology and Sun Microsystems announced an SLC NAND flash memory chip rated for 1,000,000 P/E cycles on 17 December 2008."
Only if you're using SLC NAND, which is the fast, expensive, long lasting stuff. The other kinds (MLC/TLC) wear out much quicker.
I'm going with no on that.
In particular because they should recognise that the customer has all the power there. I normally won't cancel a service I'm using because I'm using it so it takes a lot to make me cancel. If I can't use the service, though, they should recognise how fragile their hold on me is.
I think you get to point to 60s-80s movie villains *or* suggest that the other guy has been living under a rock.
I've never actually considered what would happen if you put a unicode password into an email because, well...
Depends on the contract. For example, the special thing about an employment contract is the personal obligation.
And OP's quote just isn't the smoking gun he thinks it is. That's not chiding, that's disagreeing.
MVP and F2P eventually passed into regular industry jargon along with a boat load of other terms. Most every company involved in the space now talks about DAU, LTV, ARPU, ARPPU, ARPDAU and even ARPPDAU. They talk about performing cohort analyses. Some of them ask whether they are working on an MVP or an MDP? Most don’t really bother discussing viral K-factors any more, and instead obsess about the CPA of players. These are significant changes for an industry that used to worry more about Metacritic ratings.
Jesus, some executive just had a seizure on that guy's keyboard.
Yeah, I know. I thought the mountains sticking up out of the atmosphere was very cool, though.
To translate things into terms that the slashdot audience may have an easier time understanding: The failure to reproduce a software bug on the programmer's system is hardly evidence that the software is fine.
It is still quite possible -- even likely -- that the software bug, or flight computer anomaly, is not caused by what the user thinks it was caused by. People are very good at finding patterns, but that includes spurious ones as well as real ones.
Although this is absolutely true, I hope you'll agree that it's not -- by itself -- a good reason to go out and do the thing you think might be causing the problem. It's certainly why we should keep looking for a definite culprit.
This is the problem with sic/tech reporting in the media today. They've made it "their experts say, our experts say". You just have to toss a coin. The quotes are telling too, though. The FAA never claimed that the power multiplies linearly, just that it's different.
Wait, synthetic CDOs? As opposed to naturally occurring ones?
2) is a weird one. Speaking as a plane user, I care about what goes on in the plane. Basically, something anomalous happens on a plane and doesn't in the lab. The obvious solution is we should fly labs everywhere.
Totally agreed. It's a big metal tube, filled with people and god knows what devices in god knows what state of repair and if something bad happens everyone usually dies.
That's not a problem. You would never do any of this on the client end. It's far too easy for someone to strip out the hashing the password stage and replace it with a false "yeah, it worked" signal. Sony did a howler where they implemented a client side CAPTCHA where they sent out the right answer and asked if you'd typed it in. http://cryptogasm.com/2011/07/sony-captcha-fail/
It's might be 1000x slower but, so what? You can afford to take half a second longer. Users generally won't even notice.
Oh yeah, but it's just a chalkboard in their office.
Thank you for repeating your point from the article, Lockheed CEO Robert Stevens.
The nice thing about standards is that there're so many of them.
Exactly, that's very well put.
Dr_Barnowl puts it very well too. I'm taking his example of a 6 digit password here. IIRC someone (maybe at Google?) did research that most users will sit for around a second on a login before they start wondering if it's broken, so that gives you a whole second -- billions of processor cycles -- to run anything you want on the single password. An attacker doesn't have the luxury of spending that much time on a single password. For example, a million seconds (000000-999999 @ 1s each) is about a week and a half. Parallelism helps attackers, really quite a bit -- a single Nvidia GeForce GTX690 has 3072 cores which means that with all cores running you can cut that down to 5 minutes with one graphics card which is why you don't want your hash to be easily run on hugely parallel hardware. The important thing is that trying billions of possibilities in parallel is only something an attacker ever would do. That means you want to make the hash function too big to fit into a GPU core's cache, use instructions that a GPU can't process, lock in some way etc etc.
I thought you weren't a crypto expert?