I agree partially. I hired a tech guy with horrible body language. He was incredibly nervous and made notes the whole time. Still, he turned out a pretty good colleague (with his faults, of course). But I wouldn't hire him as my manager. But then my manager wouldn't be an engineer.
Bacteria and fungi have a balance, I believe that's true. They compete for resources. But bacteria and viruses? Viruses don't compete for resources, they just splice in host cells dna.
This system cracks password hashes. But there's one thing missing: You need to get your hands on the password hashes first!
Therefore you require access to a system. If you already have access to that system it's fairly trivial to install password capturing code. That way you don't even need to crack any hashes.
The problem remains that a hacker who gains access to a badly secured system can do almost anything he likes. Secure hashes or not.
Even if you accept that it excuses violent acts that doesn't mean it excuses violent acts against people who have nothing to do with the 'illegal' settlements.
If the attacks were directed against the colonists I would have some understanding, if the attacks were directed against the army I would have some understanind. But for attacking random Israeli's who may be opposed to the colonization itself or who might even be Palestinians themselves I have no understanding.
Agreed, that's interesting. Let's see what happens.
In this case it's actually a bit of a pity that the suspect volunteered to give his DNA. It would've been more interesting if they'd found him through DNA supplied by his relatives.
I got an Arduino Uno starter kit 6 months ago. Then a PIC based flyport (with Wifi). Then an Atmega32u4 based Teensy 2.0. Last week I even got a Parallax Propeller, also very interesting.
Last year I hardly knew how to hold a soldering iron, now I'm having smd and through hole PCB's made of my own design in China and I'm planning on controlling various parts of my home with them.
I'm a software engineer by trade, but I'm really starting to enjoy this hardware thing. Thanks to Arduino and its competitors there's lots and lots of info out on the web to lift a complete newbie up to a surprising (to me) level.
It make make no sense to you, but it makes sense to me. If there are enough people to whom it makes sense and who are actually willing to spend their money and their time to get one the project makes sense, business sense.
I love it, really, but has anyone else noticed that using a Raspberry Pi (instead of any Linux platform at all) is the greatest way to get publicity for your computer controlled hardware project?
Brewing controlled by an HP netbook would never have made the headlines.
This is a prime example of cognitive dissonance, IMHO. We all know we have no more than a little over 80 years to live. Instead of confronting ourselves with the enormity of this fact we think of reasons to make it less bad. Oh, I'd get bored anyway...
Incomplete? OK, I'll give you the power supply, but my Raspi is never going to have a screen/keyboard or mouse. We you planning to replace your PC with it or something?
The whole 'teaching' idea is quite absurd. You can program on a standard PC just as wel or even better.
The main point of the Pi for me is that it's incredibly cheap. It has GPIO ports that no other PC's have (to my knowledge).
Also, you can change its personality completely by just swapping the SD card. I can't remember the last device I could do that with so easily.
That Maastricht discovery is based on an fMRI scanner. AFAIK these scanners are hugely expensive as well as hugely huge. That kind of limits the usefulness in the near future.
Think about it. 6 million unsalted password hashes without matching use data. If this is real password data, how big is the chance that someone would find their password in there?
Perhaps as big as the chance that you get a Google hit when you search for your password?
AFAIK all we have is: - Someone posting a list claiming it's from LinkedIn - Some people confirming that the hash of their LinkedIn password is on that list
That doesn't really prove anything, right? - People tend to pick similar passwords - People use the same password on different sites
I read this in some blog, but I already had my doubts then.
Hmm, funny, that's exactly how I described my system last wednesday in an earlier thread on the subject. The added complexity is not a problem at all, the extra password is only stored in the authentication server (which runs on a different system than the database contaning the hashed passwords.
No, it's a good idea to force users to have different types of characters in their passwords. That's exactly because of this kind of thing. The way to break hashed passwords is to use a precomputed rainbow table. That's typically a list of all possible passwords of a certain length range with the matching hashes. If you have that, cracking is easy, just a quick lookup.
Now, the problem with rainbow tables is that they are pretty big (starting with hundreds of GB's). That's big, but not that big these days. If users limit themselves to lower case alfa characters you have a pretty manageable diamond table. But if you have to account for punctuation marks, numbers and upper case characters their size explodes.
But thats still not good enough. Anyone worth their salt uses a salt. A random string of characters that you store with the password that's used to seed the hash with. A long enough salt makes using rainbow tables impossible because the space required to store them would be humongous. In an application of mine I have also added a system wide salt that is not stored in the database. If anyone gets their hands on the database data, but not the code, they'll have an extra problem to figure out.
So you're back to brute forcing, which is going to take you a very long time with 6 million passwords.
Unfortunately for the LinkedIn people, someone forgot their salt, so the passwords can be cracked fairly easily if someone has the required rainbow table.
But how much is an Arduino with ethernet and SD card storage? To name but a few features. (The answer is $13 + $40 + $25, that's $78 total, nowhere near $25 for a Pi model B)
Can I run an Apache server on that Arduino? Can I program it in PHP/Python/Perl etc, etc. Because I can with the Pi. (I own both)
An Arduino is a great device that can beat a Pi in many applications, but the same goes the other way around.
Right, I've been smelling a rat all along but I couldn't put my finer on it. That NEST thing doesn't seem so special at all. They seem to be milking this patent thing for all the publicity it's worth.
Slashdot Mirror
I agree partially. I hired a tech guy with horrible body language. He was incredibly nervous and made notes the whole time. Still, he turned out a pretty good colleague (with his faults, of course). But I wouldn't hire him as my manager. But then my manager wouldn't be an engineer.
"I called Kickstarter on my blog [livejournal.com] (I know, I'm going to start calling myself a futurist soon)."
Wow, that's pretty cool. ;)
You should've registered a patent.
Bacteria and fungi have a balance, I believe that's true. They compete for resources. But bacteria and viruses? Viruses don't compete for resources, they just splice in host cells dna.
This system cracks password hashes. But there's one thing missing: You need to get your hands on the password hashes first!
Therefore you require access to a system. If you already have access to that system it's fairly trivial to install password capturing code. That way you don't even need to crack any hashes.
The problem remains that a hacker who gains access to a badly secured system can do almost anything he likes. Secure hashes or not.
Even if you accept that it excuses violent acts that doesn't mean it excuses violent acts against people who have nothing to do with the 'illegal' settlements.
If the attacks were directed against the colonists I would have some understanding, if the attacks were directed against the army I would have some understanind. But for attacking random Israeli's who may be opposed to the colonization itself or who might even be Palestinians themselves I have no understanding.
Agreed, that's interesting.
Let's see what happens.
In this case it's actually a bit of a pity that the suspect volunteered to give his DNA. It would've been more interesting if they'd found him through DNA supplied by his relatives.
Hmm, you have a point.
It's like a positive Neutron Bomb.
I got an Arduino Uno starter kit 6 months ago. Then a PIC based flyport (with Wifi). Then an Atmega32u4 based Teensy 2.0. Last week I even got a Parallax Propeller, also very interesting.
Last year I hardly knew how to hold a soldering iron, now I'm having smd and through hole PCB's made of my own design in China and I'm planning on controlling various parts of my home with them.
I'm a software engineer by trade, but I'm really starting to enjoy this hardware thing. Thanks to Arduino and its competitors there's lots and lots of info out on the web to lift a complete newbie up to a surprising (to me) level.
The teensy 2.0 is very convenient indeed.
But, what do you know, the teensy now has a new generation 3.0, based on ARM Cortex M4! Just out!
Check this out:
http://www.kickstarter.com/projects/paulstoffregen/teensy-30-32-bit-arm-cortex-m4-usable-in-arduino-a
It make make no sense to you, but it makes sense to me. If there are enough people to whom it makes sense and who are actually willing to spend their money and their time to get one the project makes sense, business sense.
And it certainly seems that way...
"I'd say that was a pretty good move on their part, given that I've since ordered lots of more obscure components from them."
Same here, I didn't know they existed before, but now I have placed 4 orders with them.
It's not an advice, it's an opinion.
Opinions are like... (etc.)
I love it, really, but has anyone else noticed that using a Raspberry Pi (instead of any Linux platform at all) is the greatest way to get publicity for your computer controlled hardware project?
Brewing controlled by an HP netbook would never have made the headlines.
This is a prime example of cognitive dissonance, IMHO. We all know we have no more than a little over 80 years to live. Instead of confronting ourselves with the enormity of this fact we think of reasons to make it less bad. Oh, I'd get bored anyway...
Making a public spectacle may very well backfire.
Absolutely, that's the classic 'game in the middle' attack!
How could they have missed that?
Incomplete? OK, I'll give you the power supply, but my Raspi is never going to have a screen/keyboard or mouse. We you planning to replace your PC with it or something?
The whole 'teaching' idea is quite absurd. You can program on a standard PC just as wel or even better.
The main point of the Pi for me is that it's incredibly cheap. It has GPIO ports that no other PC's have (to my knowledge).
Also, you can change its personality completely by just swapping the SD card. I can't remember the last device I could do that with so easily.
That Maastricht discovery is based on an fMRI scanner. AFAIK these scanners are hugely expensive as well as hugely huge. That kind of limits the usefulness in the near future.
Another one for my quote book...
Think about it. 6 million unsalted password hashes without matching use data. If this is real password data, how big is the chance that someone would find their password in there?
Perhaps as big as the chance that you get a Google hit when you search for your password?
AFAIK all we have is:
- Someone posting a list claiming it's from LinkedIn
- Some people confirming that the hash of their LinkedIn password is on that list
That doesn't really prove anything, right?
- People tend to pick similar passwords
- People use the same password on different sites
I read this in some blog, but I already had my doubts then.
Hmm, funny, that's exactly how I described my system last wednesday in an earlier thread on the subject. The added complexity is not a problem at all, the extra password is only stored in the authentication server (which runs on a different system than the database contaning the hashed passwords.
No, it's a good idea to force users to have different types of characters in their passwords. That's exactly because of this kind of thing. The way to break hashed passwords is to use a precomputed rainbow table. That's typically a list of all possible passwords of a certain length range with the matching hashes. If you have that, cracking is easy, just a quick lookup.
Now, the problem with rainbow tables is that they are pretty big (starting with hundreds of GB's). That's big, but not that big these days. If users limit themselves to lower case alfa characters you have a pretty manageable diamond table. But if you have to account for punctuation marks, numbers and upper case characters their size explodes.
But thats still not good enough. Anyone worth their salt uses a salt. A random string of characters that you store with the password that's used to seed the hash with. A long enough salt makes using rainbow tables impossible because the space required to store them would be humongous. In an application of mine I have also added a system wide salt that is not stored in the database. If anyone gets their hands on the database data, but not the code, they'll have an extra problem to figure out.
So you're back to brute forcing, which is going to take you a very long time with 6 million passwords.
Unfortunately for the LinkedIn people, someone forgot their salt, so the passwords can be cracked fairly easily if someone has the required rainbow table.
But how much is an Arduino with ethernet and SD card storage? To name but a few features. (The answer is $13 + $40 + $25, that's $78 total, nowhere near $25 for a Pi model B)
Can I run an Apache server on that Arduino? Can I program it in PHP/Python/Perl etc, etc. Because I can with the Pi. (I own both)
An Arduino is a great device that can beat a Pi in many applications, but the same goes the other way around.
Right, I've been smelling a rat all along but I couldn't put my finer on it. That NEST thing doesn't seem so special at all. They seem to be milking this patent thing for all the publicity it's worth.
Just main stream news if you ask me....
Could we stick to our own stuff please?