Look, it was clearly just a stupid mistake. That was the only meter they had available at Tepco, and the AC wasn't there to explain to them about the different type of meters. By the time they found out that stronger meters were available, and they waited for it to arrive with free shipping from amazon, it was already too late -- the press release already went out with the reading from the first meter. You can't expect them to know all of these details.. it isn't like they are nuclear engineers or anything.
"Still - there are two md5 hashes with a salt added "
No, even that part was done improperly. Since they hashed the password, then added the salt, then hashed the result.. it's actually just (# of users) + 1 md5 hashes.
1) hash password 2) concat hash + salt 3) hash result 4) repeat 2 & 3 for each user
the salt is random.. so each user's password would need to be cracked individually.
that doesn't make it 52min though..
You could speed this up by hashing the password you want to try, then hashing it with each user's salt. So instead of 2x hashes, you would have (# of users) + 1 md5 calcs for each password attempt.
And the average time would be 1/2 of the max time.
Also... most of those passwords are probably dictionary words.
MD5 is just not computationally intensive by todays standards. You can easily calculate several BILLION MD5 hashes per second on a modern GPU. It's fast enough that you can simply bruteforce it.. you can rent an EC2 cluster for a few dollars if you don't want to spend the money on the GPUs.
There's a reason why at a minimum stretching is used (this is when you hash a password + salt, then hash the hash typically a few 10000 times)... this is standard practice BTW if you're going to use hashes (or better, use bcrypt or pbkdf)
The only thing the salt does is prevent them from cracking all of the passwords at once.. they'll have to crack each user individually.
They use vBulletin.. the passwords are salted.. but it's just md5(salt+md5(password)). The salt is in the db, and it's just 2 md5 hashes -- NO stretching, PBKDF2, bcrypt, or anything else. It's literally one step up from plaintext. You can recover those passwords in very little time. You SHOULD assume the passwords are compromised.
Why are you such a troll? First, the quote is from the article. So it's the writers fault, not slashdot's.
Second, you should try reading TFA. You say, "A quack is someone who doesn't use the right process, who avoids peer review, who insists they can't be wrong.".
Guess what? If you read the fucking article, you would know that he did exactly that.
He tried to publish articles in a journal he had input into that would not scientifically valid just because they pushed his pro-vitamin agenda. He refused to believe studies that were published proving him wrong, and said they were personal attacks against him.
So please, STFU. You clearly didn't read the article. You go off on some rant that literally makes no sense at all,
Softlayer was founded by Lance Crosby, the COO for The Planet.. They forced him out of the company, so he left and started Softlayer. Shortly after The Planet merged with EV1, and then about 5 years later Softlayer and The Planet merged and kept the Softlayer name.
I had servers at The Planet the entire time.. it's a good company.. and they have the revenue and profits to actually be worth $2B.. unlike some other recent acquisitions.
there's another corporate scam: sending fake compliance notices that look like they are from the state w/ an official looking seal, citing some state law, and demanding $X for compliance. I've received 3 of them over the past few years.
If I'm willing to risk tossing a state notice in the trash, then the trolls letter has no chance.
you fail at reading comprehension. 1) the facility is being EXPANDED by 300000sqft to total 1.4m sqft. 2) a data center is obviously more complex and has more power and cooling requirements than an office tower.. and 3) the article mentions apple's 500k sq ft datacenter that cost 1billion... so this facility is not more expensive than other data centers.
That made me laugh a little.. but seriously.. I don't think that would do it. There's no place on earth that comes close to the conditions on Mars (for example).. even if an asteroid hit earth, it would still be the best place for us to survive.
I wish you were right.. but the answer is no. What those rockets are used for has not changed. The missions are still the same; the customers are still the same.
We have to discover something valuable in space.. then the space age will begin as everyone capable goes into space to claim their share of whatever it is.
You're recommending Linode? Are you fucking kidding me? They just had a data breach a few days ago, that they completely fucked up. Lost credit card data, passwords, etc. Originally claimed a single account was attacked, so they reset EVERYONE's password... if that wasn't dodgy enough, then they announced the breach days (a week?) later. The hacker says the public AND private keys were stored on the webserver.. so if he's telling the truth, you'll need to get a replacement card soon from your bank.
Both terrible examples.. because the dessert cups were paid with after tax dollars, and the dinner was also paid with aftertax dollars. Only in the Google example is someone receiving a gift that was paid for with before-tax dollars... meaning no tax was paid on it at all by anyone.
Hmm... my figures come from the annual reports filed by the company and include links to the reports... someone with no references says my figures are off... wonder which one of us is wrong....
So there goes 113% of Google's short-term assets with just those two companies... and they would have to take on 55b in additional liabilities. So they would have 0 cash, no short term assets, and over 75b in liabilities.
Amazon gets about 1 billion in revenue from their web services division. That is 1.67% of their total revenue. It's such an insignificant part of their business that they group it together in the "OTHER" category on their income statement.
So is Amazon a bookseller. Damn right they are. And in order to sell books over the internet, they have some servers (duh), which they are happy to rent out to gain an extra 1.67% increase in revenue. To sell 60 billion of goods over the internet, they have _A LOT_ of servers, and a lot of tech knowledge in-house. But don't deceive yourself. At the end of the day, they are a RETAILER.. which is where 98.33% of their business is.
If I return back to Washington with those groceries, should the Oregon grocery store be forced to report the spending and pay the sales tax to Oregon for the money I spent,
You raise a good point. In my state, Colorado, use tax is required to be paid for the difference (unless it's negative, in which case you get/pay nothing to Colorado).
So just like online sales, people shopping outside of their tax district is a problem. To make it fair, every physical retailer should be required to ask for the shoppers address, so they can remit the sales tax to the correct district.
Slashdot Mirror
Look, it was clearly just a stupid mistake. That was the only meter they had available at Tepco, and the AC wasn't there to explain to them about the different type of meters. By the time they found out that stronger meters were available, and they waited for it to arrive with free shipping from amazon, it was already too late -- the press release already went out with the reading from the first meter. You can't expect them to know all of these details.. it isn't like they are nuclear engineers or anything.
very funny slashdot.. you got me again.. apparently, everyday is april fools day.
You're right.. the hash is appended to the password hash (not prepended). Carelessness on my part.. good catch.
"Still - there are two md5 hashes with a salt added "
No, even that part was done improperly. Since they hashed the password, then added the salt, then hashed the result.. it's actually just (# of users) + 1 md5 hashes.
1) hash password
2) concat hash + salt
3) hash result
4) repeat 2 & 3 for each user
the salt is random.. so each user's password would need to be cracked individually.
that doesn't make it 52min though..
You could speed this up by hashing the password you want to try, then hashing it with each user's salt. So instead of 2x hashes, you would have (# of users) + 1 md5 calcs for each password attempt.
And the average time would be 1/2 of the max time.
Also... most of those passwords are probably dictionary words.
MD5 is just not computationally intensive by todays standards. You can easily calculate several BILLION MD5 hashes per second on a modern GPU. It's fast enough that you can simply bruteforce it.. you can rent an EC2 cluster for a few dollars if you don't want to spend the money on the GPUs.
There's a reason why at a minimum stretching is used (this is when you hash a password + salt, then hash the hash typically a few 10000 times)... this is standard practice BTW if you're going to use hashes (or better, use bcrypt or pbkdf)
The only thing the salt does is prevent them from cracking all of the passwords at once.. they'll have to crack each user individually.
They use vBulletin.. the passwords are salted.. but it's just md5(salt+md5(password)). The salt is in the db, and it's just 2 md5 hashes -- NO stretching, PBKDF2, bcrypt, or anything else. It's literally one step up from plaintext. You can recover those passwords in very little time. You SHOULD assume the passwords are compromised.
http://www.vbulletin.org/forum/showthread.php?t=178091
Why are you such a troll? First, the quote is from the article. So it's the writers fault, not slashdot's.
Second, you should try reading TFA. You say, "A quack is someone who doesn't use the right process, who avoids peer review, who insists they can't be wrong.".
Guess what? If you read the fucking article, you would know that he did exactly that.
He tried to publish articles in a journal he had input into that would not scientifically valid just because they pushed his pro-vitamin agenda. He refused to believe studies that were published proving him wrong, and said they were personal attacks against him.
So please, STFU. You clearly didn't read the article. You go off on some rant that literally makes no sense at all,
Softlayer was founded by Lance Crosby, the COO for The Planet.. They forced him out of the company, so he left and started Softlayer. Shortly after The Planet merged with EV1, and then about 5 years later Softlayer and The Planet merged and kept the Softlayer name.
I had servers at The Planet the entire time.. it's a good company.. and they have the revenue and profits to actually be worth $2B.. unlike some other recent acquisitions.
there's another corporate scam: sending fake compliance notices that look like they are from the state w/ an official looking seal, citing some state law, and demanding $X for compliance. I've received 3 of them over the past few years.
If I'm willing to risk tossing a state notice in the trash, then the trolls letter has no chance.
This guy posted an image of one on his blog:
http://parasec.files.wordpress.com/2013/04/screen-shot-2013-04-05-at-9-23-41-am.png
Q1 2013 - cars sold
BMW Group (BMW + Mini + Rolls Royce): 448,200
Audi: 369,500
Mercedes: 341,511
Tesla: 4,750
http://beta.fool.com/sarfarazis/2013/05/08/audi-vs-mercedes-who-is-winning/33384/
http://www.bmwblog.com/2013/05/02/bmw-group-reports-first-quarter-revenues/
GIMP an alternative to Photoshop? Don't make me laugh. I used to believe that.. then I bought a copy of Photoshop... GIMP is not even close.
you fail at reading comprehension. 1) the facility is being EXPANDED by 300000sqft to total 1.4m sqft. 2) a data center is obviously more complex and has more power and cooling requirements than an office tower.. and 3) the article mentions apple's 500k sq ft datacenter that cost 1billion... so this facility is not more expensive than other data centers.
That made me laugh a little.. but seriously.. I don't think that would do it. There's no place on earth that comes close to the conditions on Mars (for example).. even if an asteroid hit earth, it would still be the best place for us to survive.
I wish you were right.. but the answer is no. What those rockets are used for has not changed. The missions are still the same; the customers are still the same.
We have to discover something valuable in space.. then the space age will begin as everyone capable goes into space to claim their share of whatever it is.
2nd breach in the past 13 months. If you're ok with that, then you're nuts.
You're recommending Linode? Are you fucking kidding me? They just had a data breach a few days ago, that they completely fucked up. Lost credit card data, passwords, etc. Originally claimed a single account was attacked, so they reset EVERYONE's password... if that wasn't dodgy enough, then they announced the breach days (a week?) later. The hacker says the public AND private keys were stored on the webserver.. so if he's telling the truth, you'll need to get a replacement card soon from your bank.
Like CLEP?
Both terrible examples.. because the dessert cups were paid with after tax dollars, and the dinner was also paid with aftertax dollars. Only in the Google example is someone receiving a gift that was paid for with before-tax dollars... meaning no tax was paid on it at all by anyone.
It appears you're unfamiliar with a common practice: regularly scanning and auditing computers on your internal network to catch comprised hosts.
Since they are doing part of your job for you, send them a nice Thank You card for helping you out.
Hmm... my figures come from the annual reports filed by the company and include links to the reports... someone with no references says my figures are off... wonder which one of us is wrong....
Sorry to destroy your little fantasy, but Google has 60b in short term assets (cash and equivalents):
http://finance.yahoo.com/q/bs?s=GOOG+Balance+Sheet&annual
Disney has 39b in stock holders equity:
http://finance.yahoo.com/q/bs?s=DIS+Balance+Sheet&annual
NBC Universal has 29b in stock holders equity:
http://apps.shareholder.com/sec/viewerContent.aspx?companyid=cmcsa&docid=8075925
So there goes 113% of Google's short-term assets with just those two companies... and they would have to take on 55b in additional liabilities. So they would have 0 cash, no short term assets, and over 75b in liabilities.
In other words.. never going to happen.
The default in s3 has containers set to private. The 'flaw' here is that public containers can be listed by anyone.
1) set container to public
2) shout loudly that the public can see inside your public container
I'm tempted to call the author a moron.
Amazon gets about 1 billion in revenue from their web services division. That is 1.67% of their total revenue. It's such an insignificant part of their business that they group it together in the "OTHER" category on their income statement.
So is Amazon a bookseller. Damn right they are. And in order to sell books over the internet, they have some servers (duh), which they are happy to rent out to gain an extra 1.67% increase in revenue. To sell 60 billion of goods over the internet, they have _A LOT_ of servers, and a lot of tech knowledge in-house. But don't deceive yourself. At the end of the day, they are a RETAILER.. which is where 98.33% of their business is.
If I return back to Washington with those groceries, should the Oregon grocery store be forced to report the spending and pay the sales tax to Oregon for the money I spent,
You raise a good point. In my state, Colorado, use tax is required to be paid for the difference (unless it's negative, in which case you get/pay nothing to Colorado).
So just like online sales, people shopping outside of their tax district is a problem. To make it fair, every physical retailer should be required to ask for the shoppers address, so they can remit the sales tax to the correct district.
But that would be outrageous, right?