Yup. Gas stations have billed at 3 decimals (on a currency that only supports 2) for decades and society has not collapsed. So I'm thinking this is a soved problem.
The needs and reasons for encryption are inherently different for data at rest vs. data in motion. Yeah, the end result is that you don't want someone to see them, but the vectors are so different it is useful to think of them differently. Data at rest need never be decrypted. When it is decrypted, it need only be decrypted once, and only in one location. Data in motion is almost always unencrypted twice - once when it is being entered, and it *must be* again when it is used at its destination.
You often apply cryptography at a different time for data being transferred, but not only is that not always the case, but that's irrelevant when we're discussing interception of encrypted data. The only things that're relevant are how it's encrypted and whether it's encrypted when an attacker intercepts it.
Timing is important, as the method for encryption is often different for data at rest vs. in motion. It is useful to be able to talk about them differently.
It is critical that all passwords be stored encrypted. It is much less important that other 'personal data' be kept encrypted (there is all manner of data that can be found in public records). I argue that it is useful and important that all web traffic be encrypted.
"Encrypted Password" implies a solution like bcrypt. It also implies that the password can never be decrypted. Instead, it is the target crypto string (is it a hash for bcrypt?) that gets matched. "Securing the communication channel" implies a solution like SSL, and the fact that the password gets encrypted en route (and decrypted at the terminus) can be inferred. The fact that it is decrypted at the terminus is important.
His argument is that you shouldn't trust an unknown router OR unencrypted wireless. Encrypted wireless just gives you a false sense of security.
No. Encrypted wireless gives you 100% protections against other wireless users. It is 100% effective at protecting from 99% of the likely threats (discounting the government and phone/cable companies). And I think that's worth something.
The solution to the problems you mentioned is to phase out unencrypted passwords. In the meantime, use end to end encryption.
Encrypted passwords don't come into it. Even with end to end encryption, encrypted passwords don't come into it. We're talking about data in motion, not data at rest.
Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.
That's the purpose of well signed and maintained SSLs. Whether or not they achieve that is up for debate.
Actually, what i am trying to imply is that if I, and my Friend decide to establish secure tunnel between us, and having before that exchanged the private keys,
Public keys.
then it will become extremely difficult for anyone else to decode our conversation, or to pretend to be one of the parties (yes, that's true, the man in the middle has to have one of the private keys too if he wants to succeed).
It is *impossible* unless they have your private key *and the ability to use it* (your passphrase).
In most cases, this is enough, as the only way for the Evil guy to take your keys is to do it in person, physically. And if he has to do it for 300 million people...you make the math.
Right. Or compromise your system in such a way that they can view what you do when you decode the conversation.
Almost. Such an encryption protects entirely against passive interception, but has a serious weakness: MITM attacks...
It seems like you are conflating security and encryption. Perfect encryption exists and is trivial for any two parties to use. There is no MITM problem. Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.
And, of course, once you have exchanged public keys and can start an *encrypted* conversation, verification of identity can be established by external (what was our previously agreed upon exchange, or let me call you and make sure you are who I am talking to) or even internal (let's see you on encrypted video) protocol.
Really, the GP author is somewhat to blame - implying that an encrypted connection is the same as secure. It IS, as long as the endpoints are trusted. That's the only problem, and in practice it is not so large in many circumstances.
...I have to register with your site. One more external agent gets my E-mail, or I have to take pains to manage multiple E-mails to avoid spam. (I don't want to be part of your community! I just thought you wanted to make your product better.)...
Let me help with one aspect.
If your email address is: your_address@gmail.com then you supply your_address+domain.name@gmail.com
And if you don't use gmail, then maybe your email supplier does something similar. Or you should learn procmail if you're still managing your own.
p.s. It looks like your www.o...r.com domain/host is down.
By and large, languages don't matter. It's the frameworks that do. Nobody* is looking for a ruby programmer - they're looking for a ruby on rails programmer. Nobody is looking for an Objective-C programmer - they're looking for iOS (and/or MacApps) programmers.
* yes, there probably are 3 ruby jobs, but you don't qualify and they are not near you/flexible enough/whatever.
I don't happen to like Java. I found python annoying when I last tried it (which was long ago). I think I'd like it more, now. php was meh. I really enjoy ruby and I liked Obj-C 15 years ago. Find out what you like to work with.
Check out the Seven Languages book. It's fun to take a few languages for a spin. If it's not fun for you, maybe you should stick with IT:-)
But you're really asking about finding a job.
By and large, jobs don't matter. Yes, you need/want to make enough to live comfortably, but it's amazing what you can be comfortable with. What really matters is what you work on, who you work with, and what you work with. Find a job in a field that interests you, working for/with folks that you get along with. Once you're there, fix the kinds of problems you enjoy fixing. Do some of the ones that need fixing, too. You do both software and IT - it should not be hard to find a great place to work and make it work for you.
the cost would be much less through economies of scale
That's yet another tax on the middle class. Each homeowner would never hope to recoup the cost of this small PV system, so the only benefit is the hope that the increased demand will lower prices.
Panels pay off within 5 years. 10 on the outside. So it would be another 'tax on the middle class' in the same way that reducing their energy costs would be a tax.
... Want to bet it's lack of Govt. incentives making it too expensive for them just as it does me? I'd make the capital outlay myself but it's too damned expensive right now.
I don't think I'd put it that way. If you were a business and there were incentives to install in some places and not in others, where would you install first?
It's not that solar won't pay for itself - it will. It's a matter of when. And if you're a business, you aim for the highest return first. These companies also have crews that do the installs, so they probably tend to line up as many installs in a given region as possible before moving on to another one.
Something like 40% of American households live paycheck-to-paycheck. The next bracket up has a small cushion but not enough to provide outlay for 8 years worth of electric bills. Then there is the class that's underwater in their mortgages.
There are now several companies that at eating this up front cost for you and doing free installs of solar. No, not everywhere, but in more and more places. What the homeowners get out of it is maintained solar panels and a *lower* power bill.
Actually, all modern OSs do a fantastic job of taking advantage of multiple cores. It's the apps that fail to do so.
As for OSs that take advantage of low power CPUs, you only mention MS - who (I suppose) has done a good job of this with Windows RT on the Surface. And maybe even a good job with whatever the hell Windows Phones run. It's just that consumers have not liked the apps. Of course Apple and Google both have solid contenders in the embedded space.
So, as it always has been: "It's the applications, dummy."
Slashdot Mirror
Yup. Gas stations have billed at 3 decimals (on a currency that only supports 2) for decades and society has not collapsed. So I'm thinking this is a soved problem.
I hear that the entire english speaking world is wrong and you're trying to correct 'em.
How's that working out for you?
I don't get it. I sell things. You sell things. Everyone rounds to nickels unless the transaction isn't using hard currency. Who is losing money?
The needs and reasons for encryption are inherently different for data at rest vs. data in motion. Yeah, the end result is that you don't want someone to see them, but the vectors are so different it is useful to think of them differently. Data at rest need never be decrypted. When it is decrypted, it need only be decrypted once, and only in one location.
Data in motion is almost always unencrypted twice - once when it is being entered, and it *must be* again when it is used at its destination.
You often apply cryptography at a different time for data being transferred, but not only is that not always the case, but that's irrelevant when we're discussing interception of encrypted data. The only things that're relevant are how it's encrypted and whether it's encrypted when an attacker intercepts it.
Timing is important, as the method for encryption is often different for data at rest vs. in motion. It is useful to be able to talk about them differently.
It is critical that all passwords be stored encrypted. It is much less important that other 'personal data' be kept encrypted (there is all manner of data that can be found in public records).
I argue that it is useful and important that all web traffic be encrypted.
"Encrypted Password" implies a solution like bcrypt. It also implies that the password can never be decrypted. Instead, it is the target crypto string (is it a hash for bcrypt?) that gets matched.
"Securing the communication channel" implies a solution like SSL, and the fact that the password gets encrypted en route (and decrypted at the terminus) can be inferred. The fact that it is decrypted at the terminus is important.
There is no difference. Data is data, bits are bits. They don't take on some special property because you send them through a wire.
They kind of do:
http://www.schneier.com/blog/archives/2010/06/data_at_rest_vs.html
We have been specifically talking about data in motion, where part or all of the journey is (or is not) encrypted. "Encrypted Passwords" implies the data at rest portion of the problem - for which the generally accepted best practice solution is bcrypt.
http://stackoverflow.com/questions/4494234/what-are-the-best-practices-to-encrypt-passwords-stored-in-mysql-using-php
Solving the rest portion obviously does not solve the motion portion. And vice versa.
His argument is that you shouldn't trust an unknown router OR unencrypted wireless. Encrypted wireless just gives you a false sense of security.
No. Encrypted wireless gives you 100% protections against other wireless users. It is 100% effective at protecting from 99% of the likely threats (discounting the government and phone/cable companies). And I think that's worth something.
The solution to the problems you mentioned is to phase out unencrypted passwords. In the meantime, use end to end encryption.
Encrypted passwords don't come into it. Even with end to end encryption, encrypted passwords don't come into it. We're talking about data in motion, not data at rest.
So you're entire argument is that one should trust unencrypted public airspace more than (or as much as) one should trust a single router?
Less exposure is less exposure, and that's good. It ain't perfect, but nothing is.
I don't have that.
Ratings of books should reflect what other readers *with similar taste to mine* feel is appropriate.
Like netflix movie reviews.
How hard is that? I mean - yeah, it's hard. But how hard is it to know that is the solution?
Which is just about what I said:
Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.
That's the purpose of well signed and maintained SSLs. Whether or not they achieve that is up for debate.
Actually, what i am trying to imply is that if I, and my Friend decide to establish secure tunnel between us, and having before that exchanged the private keys,
Public keys.
then it will become extremely difficult for anyone else to decode our conversation, or to pretend to be one of the parties (yes, that's true, the man in the middle has to have one of the private keys too if he wants to succeed).
It is *impossible* unless they have your private key *and the ability to use it* (your passphrase).
In most cases, this is enough, as the only way for the Evil guy to take your keys is to do it in person, physically. And if he has to do it for 300 million people...you make the math.
Right. Or compromise your system in such a way that they can view what you do when you decode the conversation.
Almost. Such an encryption protects entirely against passive interception, but has a serious weakness: MITM attacks...
It seems like you are conflating security and encryption. Perfect encryption exists and is trivial for any two parties to use. There is no MITM problem. Security is only possible insofar as you trust someone or something - whether it be the person you are handing/receiving your public key to, or the web of trust, or whatever else.
And, of course, once you have exchanged public keys and can start an *encrypted* conversation, verification of identity can be established by external (what was our previously agreed upon exchange, or let me call you and make sure you are who I am talking to) or even internal (let's see you on encrypted video) protocol.
Really, the GP author is somewhat to blame - implying that an encrypted connection is the same as secure. It IS, as long as the endpoints are trusted. That's the only problem, and in practice it is not so large in many circumstances.
...I have to register with your site. One more external agent gets my E-mail, or I have to take pains to manage multiple E-mails to avoid spam. (I don't want to be part of your community! I just thought you wanted to make your product better.)...
Let me help with one aspect.
If your email address is:
your_address@gmail.com
then you supply
your_address+domain.name@gmail.com
And if you don't use gmail, then maybe your email supplier does something similar. Or you should learn procmail if you're still managing your own.
p.s. It looks like your www.o...r.com domain/host is down.
By and large, languages don't matter. It's the frameworks that do. Nobody* is looking for a ruby programmer - they're looking for a ruby on rails programmer. Nobody is looking for an Objective-C programmer - they're looking for iOS (and/or MacApps) programmers.
* yes, there probably are 3 ruby jobs, but you don't qualify and they are not near you/flexible enough/whatever.
I don't happen to like Java. I found python annoying when I last tried it (which was long ago). I think I'd like it more, now. php was meh. I really enjoy ruby and I liked Obj-C 15 years ago. Find out what you like to work with.
Check out the Seven Languages book. It's fun to take a few languages for a spin. If it's not fun for you, maybe you should stick with IT :-)
But you're really asking about finding a job.
By and large, jobs don't matter. Yes, you need/want to make enough to live comfortably, but it's amazing what you can be comfortable with. What really matters is what you work on, who you work with, and what you work with. Find a job in a field that interests you, working for/with folks that you get along with. Once you're there, fix the kinds of problems you enjoy fixing. Do some of the ones that need fixing, too. You do both software and IT - it should not be hard to find a great place to work and make it work for you.
Can you cut a tin can with it?!?
That's right. And the hardware that does that costs about $20,000 - $30,000 to install and certify. It's called "anti-islanding," as I said.
And is required for installing solar panels that are grid-connected.
http://www.wholesalesolar.com/inverters/grid-tie.html
IG-4000 Fronius Inverter 2940002: 4,000 watts / 240 volts Sinewave $2,250
http://www.fronius.com/cps/rde/xchg/SID-168D8631-4108EEFC/fronius_usa/hs.xsl/2714_1477.htm
Anti-islandinig protection: UL 1741, IEEE 1547
You're not saying that hooking up a $2250 piece of equipment costs $17000-27000 to install, are you?
That's yet another tax on the middle class. Each homeowner would never hope to recoup the cost of this small PV system, so the only benefit is the hope that the increased demand will lower prices.
Panels pay off within 5 years. 10 on the outside. So it would be another 'tax on the middle class' in the same way that reducing their energy costs would be a tax.
Or maybe: I wonder if someone has already solve this problem?
Or maybe: If I solve this problem, I wonder if anyone else might also benefit?
... Want to bet it's lack of Govt. incentives making it too expensive for them just as it does me? I'd make the capital outlay myself but it's too damned expensive right now.
I don't think I'd put it that way. If you were a business and there were incentives to install in some places and not in others, where would you install first?
It's not that solar won't pay for itself - it will. It's a matter of when. And if you're a business, you aim for the highest return first. These companies also have crews that do the installs, so they probably tend to line up as many installs in a given region as possible before moving on to another one.
Hawaii has hit 40% power production from solar. I don't know that they are at 40% residential install. Yeah, it's hawaii...
http://en.wikipedia.org/wiki/Solar_power_in_Hawaii
and some of the associated issues:
http://greensource.construction.com/yb/gs/article.aspx?story_id=179406663
Something like 40% of American households live paycheck-to-paycheck. The next bracket up has a small cushion but not enough to provide outlay for 8 years worth of electric bills. Then there is the class that's underwater in their mortgages.
There are now several companies that at eating this up front cost for you and doing free installs of solar. No, not everywhere, but in more and more places. What the homeowners get out of it is maintained solar panels and a *lower* power bill.
http://www.verengosolar.com/
http://www.solarcity.com/ (who went public yesterday http://www.usatoday.com/story/money/business/2012/12/13/solarcity-ipo/1766375/)
To name a couple...
Lead batteries clean?
Affordable??? (laughing)
Safe? Not sure how solar panels on my roof and a bank of car batteries in my basement is safer than getting my electricity from the grid?
At first I didn't get it!
You're not supposed to drink the contents of the batteries! It's not clean or safe in that way. Someone should have explained that to you!
And the power from the roof - you're meant to use it instead of paying for [all] your power from the power company, not give it away for free.
Yucca mountain may or may not be a great/terrible solution. Argue amongst yourselves.
Here are the facts:
* Billions spent
* About 14 years late for initial use (scheduled for 1998)
* No sign that it was ever going to get used
I believe we need a solution. But I can't get to mad about scrapping a multi-billion dollar project that looks doomed to failure.
Actually, all modern OSs do a fantastic job of taking advantage of multiple cores. It's the apps that fail to do so.
As for OSs that take advantage of low power CPUs, you only mention MS - who (I suppose) has done a good job of this with Windows RT on the Surface. And maybe even a good job with whatever the hell Windows Phones run. It's just that consumers have not liked the apps. Of course Apple and Google both have solid contenders in the embedded space.
So, as it always has been: "It's the applications, dummy."
What are you trying to get at?
...
By the way, Iâ(TM)m dying to know if this guy is marriedâ¦
It looks like it to me.