No, making it easier to run multiple instances of a hash, especially on a CPU, doesn't benefit a legitimate user very much but it hugely benefits an attacker. The problem is the different workload that someone storing and verifying passwords has compared to someone who is trying to crack a long list of them. All but the biggest web services will be dealing with roughly one login at a time (ie. you're usually finished with the previous login before the next user tries to login) whereas people attacking will be trying to run as many hashes as possible as quickly as possible to find any matches.
For password storage, you want a really unwieldy hashing algorithm that runs slowly and expensively (in terms of I/O, memory and processing) because you want to punish an attacker for running it so many times. An algorithm that's too memory hungry or esoteric to run on something like a GPU core is all to the good right now.
I'm not sure about a stream of minor complaints from each new starter. I think this can so easily become "we did it differently at my last place" and you need some experience of how it works at the new place too before you can start fixing it. There will be low hanging fruit that's immediately obvious on their first day but given you've managed to avoid burning the place down so far, it's not as if you're sitting around waiting for your new hires to tell how it's done.
I think the key words are "in a constructive way". For example, it seems like this guy's instinct after he (at least thinks he has) tanked a phone interview is to make an anonymous blogspot account and complain how he had too much warning to know if he was free, not enough warning to prepare for the interview and how he can't type and use a phone at the same time. I don't know anything else about him but so far it just doesn't scream "asset" to me.
Depending on how many years ago it was it might well have changed. In my experience, they're pretty quick to stop paying JSA now. The latest rules for sanctions came into force October 22 2012 and they can stop your benefit for up to three years.
Well, if you really think so. It seems a bit of a stretch to me. A denier is just someone who denies something. The first stage of grief is denial -- but not in the sense that they're denying the Holocaust.
Oh no, that's reference to climate change 'deniers', in that they deny climate change.
"It's a popular [climate change] denier meme: 1998 was a very hot year and if you start your data series there you can show an overall decline."
There certainly is such a thing as a Holocaust Denier (although even then I personally wouldn't have associated the Nazis with Holocaust *denial* as such) but they deny a separate thing.
There was a good point made that only people who aren't thought of as smart have anything to gain by joining MENSA. For example, if you found out Stephen Hawking was a member of MENSA you might just about manage a "well, figures" but if you found out Sarah Palin was in it you'd go "wow, never expected that".
Ridiculously ambitious guarantees are common from small companies in lots of industries. You'll find sole trader carpenters who'll happily slap 200 year guarantees on house repairs because why not? It sounds good and they probably won't be around for it.
Flashcrashes usually end when the exchange halts trading. I don't recognise "...and then quickly recovers", I do recognise "[someone pulls the plug and then] the SEC undoes transactions to protect..."
The thing that gets me about this story is the sheer number of "I was born following my GPS into a desert, you merely adopted it" comments that say "you obviously/clearly/etc haven't driven in Australia"
Is it all the same guy?
I suppose there's definitely no reason to stop the elevator for calls made inside the car if the car's at its unloaded weight (ie. empty). I think you don't want to start clearing instructions for UX reasons if there are people inside the car, though.
I imagine face recognition technology could lead to situations of even identifying which passenger pressed all the buttons..
The community will also only validate code that is frequently looked at. The vast majority of Github will never be accessed once it's been committed, never mind carefully analysed by experienced third parties for security issues.
Failing is the best way to learn, and that includes licensing.
That said, this is not to say that failing at something can never have consequences. Sure, you're just messing about with things you don't (initially, anyway) understand and you're learning new things but that doesn't make it all OK if you do something wrong.
Perhaps this is an issue with the way people learn to code. The coder who doesn't understand what a license is a kid with the internet -- there's no senior programmer watching over them providing supervision and pointing out mistakes.
Actually UK law does require they let you do that. Of course they don't have to agree to your modified contact, but the opportunity to examine and edit to must at least exist. It is a legal requirement, without which the contract is void.
I use the TOSEdit extension to edit web site TOS whenever I sign up, and they always seem to accept my changes.
What do you mean by "seems to"? Does the other side not say they're agreeing to your changes?
Right, but in keeping with the spirit of this intent, policing the extraction of personal information from broad data might have a better chance of getting reasonable legislation than policing its storage. Plus, you might be able to catch someone's use of info easier than its storage of info.
No, this has actually been tried. It's very difficult to show that someone is using information in any particular way. The main way is to take their data processing software apart and see what it does with what. Doing that on a large scale is seriously not going to fly with anyone -- neither businesses: revealing trade secrets, nor individuals: it's not an effective way of protecting privacy.
Slashdot Mirror
No, making it easier to run multiple instances of a hash, especially on a CPU, doesn't benefit a legitimate user very much but it hugely benefits an attacker. The problem is the different workload that someone storing and verifying passwords has compared to someone who is trying to crack a long list of them. All but the biggest web services will be dealing with roughly one login at a time (ie. you're usually finished with the previous login before the next user tries to login) whereas people attacking will be trying to run as many hashes as possible as quickly as possible to find any matches.
For password storage, you want a really unwieldy hashing algorithm that runs slowly and expensively (in terms of I/O, memory and processing) because you want to punish an attacker for running it so many times. An algorithm that's too memory hungry or esoteric to run on something like a GPU core is all to the good right now.
I'm not sure about a stream of minor complaints from each new starter. I think this can so easily become "we did it differently at my last place" and you need some experience of how it works at the new place too before you can start fixing it. There will be low hanging fruit that's immediately obvious on their first day but given you've managed to avoid burning the place down so far, it's not as if you're sitting around waiting for your new hires to tell how it's done.
I think the key words are "in a constructive way". For example, it seems like this guy's instinct after he (at least thinks he has) tanked a phone interview is to make an anonymous blogspot account and complain how he had too much warning to know if he was free, not enough warning to prepare for the interview and how he can't type and use a phone at the same time. I don't know anything else about him but so far it just doesn't scream "asset" to me.
Depending on how many years ago it was it might well have changed. In my experience, they're pretty quick to stop paying JSA now. The latest rules for sanctions came into force October 22 2012 and they can stop your benefit for up to three years.
I have a mod stalker who is modding down my past comments and is too much of a cowardly pussy to admit it or face me.
You should test this theory by making another account.
Well, if you really think so. It seems a bit of a stretch to me. A denier is just someone who denies something. The first stage of grief is denial -- but not in the sense that they're denying the Holocaust.
Oh no, that's reference to climate change 'deniers', in that they deny climate change.
"It's a popular [climate change] denier meme: 1998 was a very hot year and if you start your data series there you can show an overall decline."
There certainly is such a thing as a Holocaust Denier (although even then I personally wouldn't have associated the Nazis with Holocaust *denial* as such) but they deny a separate thing.
There was a good point made that only people who aren't thought of as smart have anything to gain by joining MENSA. For example, if you found out Stephen Hawking was a member of MENSA you might just about manage a "well, figures" but if you found out Sarah Palin was in it you'd go "wow, never expected that".
Even then, I didn't realise he made a Nazi reference.
Ridiculously ambitious guarantees are common from small companies in lots of industries. You'll find sole trader carpenters who'll happily slap 200 year guarantees on house repairs because why not? It sounds good and they probably won't be around for it.
I'm not sure we mean the same things by "Goodwining"
Flashcrashes usually end when the exchange halts trading. I don't recognise "...and then quickly recovers", I do recognise "[someone pulls the plug and then] the SEC undoes transactions to protect..."
The thing that gets me about this story is the sheer number of "I was born following my GPS into a desert, you merely adopted it" comments that say "you obviously/clearly/etc haven't driven in Australia" Is it all the same guy?
Its noxious and thick atmosphere. It's hotter than Mercury as a result.
I suppose there's definitely no reason to stop the elevator for calls made inside the car if the car's at its unloaded weight (ie. empty). I think you don't want to start clearing instructions for UX reasons if there are people inside the car, though. I imagine face recognition technology could lead to situations of even identifying which passenger pressed all the buttons..
The community will also only validate code that is frequently looked at. The vast majority of Github will never be accessed once it's been committed, never mind carefully analysed by experienced third parties for security issues.
Absolutely. When you're sued you can go to court and try to prove it was fair use. All of the costs, none of the certainty.
Failing is the best way to learn, and that includes licensing.
That said, this is not to say that failing at something can never have consequences. Sure, you're just messing about with things you don't (initially, anyway) understand and you're learning new things but that doesn't make it all OK if you do something wrong.
Perhaps this is an issue with the way people learn to code. The coder who doesn't understand what a license is a kid with the internet -- there's no senior programmer watching over them providing supervision and pointing out mistakes.
Yeah, it's definitely regional. I'm Scottish and even we don't deep fry turkeys. You roast them in the oven and it's delicious.
Actually UK law does require they let you do that. Of course they don't have to agree to your modified contact, but the opportunity to examine and edit to must at least exist. It is a legal requirement, without which the contract is void.
I use the TOSEdit extension to edit web site TOS whenever I sign up, and they always seem to accept my changes.
What do you mean by "seems to"? Does the other side not say they're agreeing to your changes?
Right, but in keeping with the spirit of this intent, policing the extraction of personal information from broad data might have a better chance of getting reasonable legislation than policing its storage. Plus, you might be able to catch someone's use of info easier than its storage of info.
No, this has actually been tried. It's very difficult to show that someone is using information in any particular way. The main way is to take their data processing software apart and see what it does with what. Doing that on a large scale is seriously not going to fly with anyone -- neither businesses: revealing trade secrets, nor individuals: it's not an effective way of protecting privacy.
And especially don't go in a huff blaming the mere prospect of a sponsor leaving when no one actually left.
Isn't this just "the thing I do is special"? The cafeteria staff and office administrators aren't there for fun either.
Yes, and you'll have to promptly sue yourself.
It would only make a difference if it was true, of course.
Well, are you? The odds are 7 billion to one.
Online services don't provide pornography?