He didn't say "high prices", he said "valuable". He also didn't say "buy things", he said "80%-90% reduction in numbers"
The high value causes more fishermen to go out and hunt the Bluefin Tuna and attempt to sell them for high prices at the market. The prices go up because the demand exceeds the supply. The high prices cause the perceived value to go up and even more fishermen decide that Bluefin Tuna are the best choice of fish for them to catch. If the price goes high enough, some of the Bluefin Tuna won't be sold and will simply go to waste, but that still contributes to the 80%-90% reduction in numbers even though nobody bought anything.
Any misjudgements about the levels of supply and demand end up with dead fish and poor fishermen.
The supply and demand dynamics are circular so it's very easy to get confused about cause and effect when the effect is, in turn, the cause of the original cause.
No, he wants the rules moved out of the source code for the same reason that anti-virus definitions are not compiled-in to anti-virus products and Nessus plugins are not compiled-in to Nessus.
New attacks are developed all the time, new vulnerabilities are discovered all the time. Having to write C code for this and re-compile the entire scanner is a massive pain and waste of time. Writing a rule should be quick and easy. And yes, even non-coders (say, sysadmins who may have never touched C or maybe anything other than Perl) should be able to do it successfully.
Even changing it to be a compiled-C plugin would be better than having it compiled in to the main application.
I see this being an improvement for the near future.
The purpose of changing the port is not security (a simple portscan will undo that) but reduction of logged error messages while still allowing all IP addresses anywhere to SSH to the machine.
The port you choose is important. At one place I worked we used port 10000. This is already used for Webmin (although we never used Webmin) and hence we got thousands of Webmin brute force attacks against our SSH port. They could never have been successful but it didn't cut down on the logged error messages very much.
Denyhosts and Fail2ban both have the ability to be quite nasty on false positives and are rather prone to them. Amongst all the suggestions above to use these products, I would also add to make sure you whitelist a place you can always get access to. You should also have an out-of-band communication method with your servers. That way, when you do finally get locked out of your own server by your security tool, you know how to get in and fix the problem. The same goes for an IPS if you install one. Make sure you can still access it when it decides you are an intruder.
Check your SSH error log to make sure something like denyhosts or fail2ban would even be of any use. I have seen plenty of brute force attempts where each IP address only tries three different username/password combinations and then moves on to another server. Then another picks up where the first one left off. These guys wouldn't even notice if you were using fail2ban. Sharing your denyhosts with the denyhosts site might help. You could use the shared denyhosts block lists to configure fail2ban if you preferred it.
And to the original poster who gets a million per year across 50 or so domains... I got a new box installed a few weeks ago that had 45,000 attempts in the three days it was online before my ISP gave me the IP address. That's a million attempts about every two months. Per server. You have only yet seen the tip of the iceberg.
I imagine you are absolutely correct about people having strong emotional reactions to rape and child pornography. In fact, much more so than murder, the mere mention of the other two crimes can cause an emotional reaction, whereas for most people, the murder needs to be of somebody they know to have the same level of emotional reaction.
On the other hand, within some games, death is a normal part of the game. In FPS style games, murder is the entire point. In this sense, our expectations are different in the game to in real life. But since rape and theft are not expected in most games we are taken aback and shocked if it happens. I wonder if murder might matter more in a game where death and murder are uncommon.
As for the technology, I'm not sure if you are familiar with the LambdaMOO case or the technology involved. As for me, my University used their own MOO based on the LambdaMOO as a tool to help teach their Computer Ethics course and I have had a character on the actual LambdaMOO in the past.
A MOO is basically a multi-person text-based adventure game. You can cause any text you like to appear on the screen of everybody currently connected if you know how. The rapist could cause the text: Macgrrl slowly takes off her clothes.
to appear on the screen. This would (to most users) be completely indistinguishable from Macgrrl actually typing that. The technology is low but precisely because of that, the power of words became greater. Any player could completely alter the world as you (and everyone else) saw it. With current games, our power over the world is much less because the world is so much more complex. We can only do what the developers give us the ability to do. But this has not changed the emotional involvement (at least for some people). I think the emotional involvement comes more from the social interaction rather than the online persona. In the LambdaMOO case, the avatar was an extension of her real world self and had real friends, even if they were only ever contacted in a virtual setting. In that sense, WoW is unlikely to ever have this problem, but Second Life very well could or, as you said, Surrogates. The technology, however, I think is almost irrelevant. It's just the player's power over the world and other players that matters and the technology affects this.
What if I'm playing an online game and someone attacks and kills my character ? Is that against the law too ? Does it matter that death is not permanent in this particular virtual world ? What if death is a normal part of this particular virtual world (WoW PVP servers for instance)
What if I have a virtual house in (say) Second Life and someone enters without asking or enters through the window ? Is that virtual break and enter ? What if they steal my stuff ? I have then suffered actual losses, not just psychological trauma.
So why is rape different ?
The laws that apply to a virtual world must be appropriate for that virtual world. If death is a minor setback to a player then the punishment for killing someone needs to be minor. If death is an expected part of the game then there need not be any punishment at all. If death is permanent in the virtual world and not an expected part of the gameplay then there probably should be some sort of significant punishment for a killer. The same reasoning applies to theft and rape and (one would extrapolate) child pornography. It is a mistake to attempt to create a single set of laws that apply to all online virtual worlds.
Of course, any actions in a virtual world that cause real-world crimes to be committed can be simply dealt with by the existing real-world laws.
As a counter-example to your assertion, I started playing WoW about three weeks ago on a Mac.
Despite WoW being an old game, it is constantly being updated with expansions and new content. Even old players are still finding it a rewarding experience.
I understand that this doesn't mean that a lot of users are like me, but to say that "Everyone who wants to play WoW is already playing it." is not correct.
I didn't see anything in that link to indicate that he is a snake oil salesman. There were certainly plenty of concerning allegations, but none of them alleged that he has sold them a product that didn't work. Most of them are regarding his failure to pay bills.
The article mentioned the same thing, after mentioning that the reporter was a personal friend of the CEO.
It all looks to me like he's a genuine guy with a decent product and bad business sense.
I think I would have waited to see the results published by the third party before running this on Slashdot. The results linked from the site are actually hosted on its sister site, both of which are funded by Michael Spitzauer and don't look to be published by the US Military at all.
What they have done is created a chip that can do 1.6 billion DES operations per second (compared to 250 million for a GPU card) and then put 176 of them in a 4U server. This lowers the price to performance ratio by around a factor of 6 if you assume that their chip and a GPU are the same price.. By the way, this press release (and research) was made by the company that manufactures the chips in question.
The "massively parallel" algorithm (their term, Dr. Dobbs just copied it) only decrypts a little of the file and looks for ASCII integers because that's what they put in the file before encrypting it. They have not found a way of culling candidate keys without already knowing what sort of data is in the encrypted file. That would be a "crypto breakthrough".
it's a good bit of technology with many uses beyond cryptography that has, unfortunately, been marred by some overly breathless reporting.
Salt is, by definition, exposed when the hash is exposed. They are stored side-by-side and the salt is not encrypted.
Salt does not prevent brute-forcing of a single hash. What it prevents is users with the same password from having the same hash. With salt, an attacker must brute-force each password individually (or create a separate rainbow table for each different salt, which defeats the purpose of a rainbow table). With a rainbow table and no salt, every hash can be reversed in seconds to minutes.
It's worth noting that the algorithm you are using to generate the hash (or rather, the resultant hash itself) has an inherent complexity limit. MD5 hashes are 128 bits which is 16 bytes. Any password longer than 16 bytes has another password that is shorter than 16 bytes that will have the same MD5 hash. Yes... an attacker doesn't need to know your password, just a password that, when hashed, collides with your password.
SHA1 hashes have a length of 160 bits so passwords longer than 20 characters will have an equivalent password shorter than 20 characters that produces the same hash if you are using SHA1.
True... but the few years later may well have been 10 or 100 or 1000 or 10,000. We don't know enough about earthquakes yet to know which of those options is likely.
If you put it to a vote, I would bet that most of the population would go for a doubling of intensity if they knew it wouldn't happen for another 100 years.
The bit you missed out in your quote is important.
"We may disclose personal information if we or one of our affiliated companies is required by law to disclose personal information, or if we believe in good faith that such action is necessary to comply with a law or some legal process, to protect or defend our rights and property, to protect against misuse or unauthorized use of our web sites or to protect the personal safety or property of our users or the public."
This was not required by law. What Kurt did is still in violation of the policy of the website.
The EU decided that IP addresses were personally identifiable information. I don't know if I agree but this guy was certainly personally identified by his.
This is another one of those annoying blog posts where some uninformed non-scientist copy-pastes an article from a reputable scientific reporting organisation. At least in this case he linked to the original: http://www.physorg.com/news176483573.html which appears to be a duplicate of an even older article: http://www.physorg.com/news170927623.html
The main advantage appears to be not that people don't have to peel the sticker off before eating their apples but rather that the label cannot be tampered with. (Or at least, not easily.)
Not quite. The length of the stations is pretty much fixed. Adding another carriage is easy but if no one can get on or off at that carriage then you still have the same problem.
I catch a train to work every day and the last two of the stations on this line only support 4 of the 8 carriages on the train. Looking at the stations, they can't be expended to accommodate the train because there are existing buildings where the platform would need to be. Luckily, most people seem to get on at one particular station about a third of the way through the journey and get off at another particular station about two-thirds of the way through. Between these two stops, there are as many standing passengers as seated. At the start and end of the line, I can have a booth of six seats to myself.
I caught a long distance train a few weeks ago that was oversold. I ended up spending the entire four hour journey standing up along with about 15 other people at my end of the carriage. The entire train looked the same.
On the other hand, getting from London to Paris is best done by train. You can leave from Waterloo, arrive 20 minutes before the train is due to depart, be there in 2.5 hours, get to see some of the French countryside along the way and arrive right in the centre of Paris at Gare du Nord. It takes an hour just to get to Heathrow or Gatwick or Luton from London, you have to be there two hours before the plane is due to depart, you don't get to see anything other than clouds along the way and you arrive in Charles de Gaulle airport which is 45 minutes outside Paris. If we left at the same time, you would still be in the departure lounge when I'm having lunch in a Parisian cafe.
Planes do scale the same way that adding another carriage to a train works. A four-seater plane requires the same infrastructure and staff that a ten-seater plane requires. A twenty-seater is the same as a fifty-seater. A 747 is the same as an A380... except that it requires a longer runway. But the number of staff required to run it is the same and the price per passenger goes down.
In general you're right, and trains are definitely a superior way of getting around, but problems with trains are not trivial to solve.
Does anybody have any technical details about this worm ?
Some people can't upgrade immediately and it would be nice to be able to block the request strings (or user-agent, IP address, whetever) that the worm uses.
I have looked around the various blogs reporting this and on full-disclosure lists but I can't find any better advice than "Upgrade. Now."
I used ring up my mate and tell him to start loading a game into his C64 before walking over to his place. We'd usually have time for a snack before the tape had fully loaded. So no... somewhat slower than Vista.
On the other hand, I had an Apple ][e at the same time and even including the time it took to find the correct 5 1/4 inch floppy disk in one of the many boxes of disks we had, boot the computer and load the entire game, it was still faster than Vista is these days. The downside, of course, was that it only had 16 shades of green available to it and high resolution mode meant 192 x 280 pixels.
Re:facebook killed TV?
on
Why TV Lost
·
· Score: 1
He compared MP3s to CDs in the last sentence of his post. I'm pretty sure he was referring to DVDRips as being "digital" distribution and DVDs as being "physical" distribution, MP3s as "digital" and CDs as "physical".
He didn't refer to VHS or Vinyl at all. Of course, judging by the Slashdot ID, it may just be that he wasn't around when CDs were invented.
Re:facebook killed TV?
on
Why TV Lost
·
· Score: 1
The summary is flawed. (Well... that's new.)
To reproduce the full quote from the article: "Facebook killed TV. That is wildly oversimplified, of course, but probably as close to the truth as you can get in three words."...and that's not even taking the context of the three previous paragraphs into account.
What Paul is saying is that some of us have had computers for years but thanks to social applications like Facebook (and although he doesn't say it I think this actually started with ICQ and MSN Messenger and their ilk.) computers can now be found in every home. The chances of finding a computer and an appropriate internet connection in a randomly picked home are the same as finding a TV in a randomly picked home these days.
Facebook (and all the other social applications) is not the reason people stop watching TV. It's the reason the few people who don't already have a computer get a computer in the first place.
As long as there was a market that computers couldn't reach, TV still had a chance and a point in existing. Now, it doesn't.
I do still think he is being a little preemptive in using the past-tense "killed" in his article but in a year or two he will probably be 100% correct.
I'm sure Paul wrote those three words knowing full well that they would be quoted out of context but I suspect he was hoping that would drive people to come and read the full article, not simply complain about the three words somewhere else.
What matters is not the keyspace size but where in your adversary's brute-force method your particular key is located.
For instance, if they try "aaa" then "aab" then "aac" then this 36 character pass-phrase will not be found for a VERY long time. If they start with words separated by spaces then this pass-phrase will be found much more quickly. Probably even more quickly than the pure punctuation pass-phrase.
But why would they ever use such a method ?
Normal brute-force methods focus on "normal" passwords. Passwords are usually 6 to 10 characters - often a dictionary word with a number at the end. The brute forcer would have no reason to suspect that the key was actually 6 dictionary words, each with the first letter capitalised, separated by spaces and with an exclamation mark at the end.
This is not just "only dictionary words" because it contains capitals, spaces and one punctuation mark and is clearly much more resistant to brute force attacks than a short password, even if the short password contains capitals, numbers and punctuation. As a bonus, it's also resistant to keyboard wear analysis.
The only thing that makes this a bad pass-phrase is that it is now cached on your hard drive and hence will show up if they run "strings" across the volume.
While all that you have said is true, the state of their customer service is woeful.
I am still being sent bills for my broadband with them even though I moved out of the house in question two years ago and am now living in Australia and have called them and notified them several times about this.
For the record, TalkTalk are doing the same thing for the next connection I had. TalkTalk gave me 400kbit/s on my 8Mbit line so I wasn't interested in signing up with them at the next house. They still send me bills 10 months later. They just won't cancel the account.
So far, Sky Broadband in the UK has caused me no troubles but there's still time.
Slashdot Mirror
He didn't say "high prices", he said "valuable". He also didn't say "buy things", he said "80%-90% reduction in numbers"
The high value causes more fishermen to go out and hunt the Bluefin Tuna and attempt to sell them for high prices at the market. The prices go up because the demand exceeds the supply. The high prices cause the perceived value to go up and even more fishermen decide that Bluefin Tuna are the best choice of fish for them to catch. If the price goes high enough, some of the Bluefin Tuna won't be sold and will simply go to waste, but that still contributes to the 80%-90% reduction in numbers even though nobody bought anything.
Any misjudgements about the levels of supply and demand end up with dead fish and poor fishermen.
The supply and demand dynamics are circular so it's very easy to get confused about cause and effect when the effect is, in turn, the cause of the original cause.
Well, not really.
"Some anonymous guy" is Steven J. Vaughan-Nichols and he's a regular writer for IT World.
And the anonymous submitter would appear to be one "smlynch" according to the URL to TFA. Sure, it's not much, but it's not exactly anonymous.
No, he wants the rules moved out of the source code for the same reason that anti-virus definitions are not compiled-in to anti-virus products and Nessus plugins are not compiled-in to Nessus.
New attacks are developed all the time, new vulnerabilities are discovered all the time. Having to write C code for this and re-compile the entire scanner is a massive pain and waste of time. Writing a rule should be quick and easy. And yes, even non-coders (say, sysadmins who may have never touched C or maybe anything other than Perl) should be able to do it successfully.
Even changing it to be a compiled-C plugin would be better than having it compiled in to the main application.
I see this being an improvement for the near future.
My thoughts on these suggestions:
And to the original poster who gets a million per year across 50 or so domains... I got a new box installed a few weeks ago that had 45,000 attempts in the three days it was online before my ISP gave me the IP address. That's a million attempts about every two months. Per server. You have only yet seen the tip of the iceberg.
I imagine you are absolutely correct about people having strong emotional reactions to rape and child pornography. In fact, much more so than murder, the mere mention of the other two crimes can cause an emotional reaction, whereas for most people, the murder needs to be of somebody they know to have the same level of emotional reaction.
On the other hand, within some games, death is a normal part of the game. In FPS style games, murder is the entire point. In this sense, our expectations are different in the game to in real life. But since rape and theft are not expected in most games we are taken aback and shocked if it happens. I wonder if murder might matter more in a game where death and murder are uncommon.
As for the technology, I'm not sure if you are familiar with the LambdaMOO case or the technology involved. As for me, my University used their own MOO based on the LambdaMOO as a tool to help teach their Computer Ethics course and I have had a character on the actual LambdaMOO in the past.
A MOO is basically a multi-person text-based adventure game. You can cause any text you like to appear on the screen of everybody currently connected if you know how. The rapist could cause the text:
Macgrrl slowly takes off her clothes.
to appear on the screen. This would (to most users) be completely indistinguishable from Macgrrl actually typing that. The technology is low but precisely because of that, the power of words became greater. Any player could completely alter the world as you (and everyone else) saw it. With current games, our power over the world is much less because the world is so much more complex. We can only do what the developers give us the ability to do. But this has not changed the emotional involvement (at least for some people). I think the emotional involvement comes more from the social interaction rather than the online persona. In the LambdaMOO case, the avatar was an extension of her real world self and had real friends, even if they were only ever contacted in a virtual setting. In that sense, WoW is unlikely to ever have this problem, but Second Life very well could or, as you said, Surrogates. The technology, however, I think is almost irrelevant. It's just the player's power over the world and other players that matters and the technology affects this.
What about murder or theft ?
What if I'm playing an online game and someone attacks and kills my character ? Is that against the law too ? Does it matter that death is not permanent in this particular virtual world ? What if death is a normal part of this particular virtual world (WoW PVP servers for instance)
What if I have a virtual house in (say) Second Life and someone enters without asking or enters through the window ? Is that virtual break and enter ? What if they steal my stuff ? I have then suffered actual losses, not just psychological trauma.
So why is rape different ?
The laws that apply to a virtual world must be appropriate for that virtual world. If death is a minor setback to a player then the punishment for killing someone needs to be minor. If death is an expected part of the game then there need not be any punishment at all. If death is permanent in the virtual world and not an expected part of the gameplay then there probably should be some sort of significant punishment for a killer. The same reasoning applies to theft and rape and (one would extrapolate) child pornography. It is a mistake to attempt to create a single set of laws that apply to all online virtual worlds.
Of course, any actions in a virtual world that cause real-world crimes to be committed can be simply dealt with by the existing real-world laws.
As a counter-example to your assertion, I started playing WoW about three weeks ago on a Mac.
Despite WoW being an old game, it is constantly being updated with expansions and new content. Even old players are still finding it a rewarding experience.
I understand that this doesn't mean that a lot of users are like me, but to say that "Everyone who wants to play WoW is already playing it." is not correct.
I didn't see anything in that link to indicate that he is a snake oil salesman. There were certainly plenty of concerning allegations, but none of them alleged that he has sold them a product that didn't work. Most of them are regarding his failure to pay bills. The article mentioned the same thing, after mentioning that the reporter was a personal friend of the CEO. It all looks to me like he's a genuine guy with a decent product and bad business sense. I think I would have waited to see the results published by the third party before running this on Slashdot. The results linked from the site are actually hosted on its sister site, both of which are funded by Michael Spitzauer and don't look to be published by the US Military at all.
Summary says:
"An individual (who insisted he or she is not a spokesperson for the group) said..."
TFA says exactly the opposite:
"...received a reply from an individual claiming to be a spokesperson."
Authenticity of said spokesperson: YMMV.
There has been no "crypto breakthrough".
What they have done is created a chip that can do 1.6 billion DES operations per second (compared to 250 million for a GPU card) and then put 176 of them in a 4U server. This lowers the price to performance ratio by around a factor of 6 if you assume that their chip and a GPU are the same price.. By the way, this press release (and research) was made by the company that manufactures the chips in question.
The "massively parallel" algorithm (their term, Dr. Dobbs just copied it) only decrypts a little of the file and looks for ASCII integers because that's what they put in the file before encrypting it. They have not found a way of culling candidate keys without already knowing what sort of data is in the encrypted file. That would be a "crypto breakthrough".
it's a good bit of technology with many uses beyond cryptography that has, unfortunately, been marred by some overly breathless reporting.
Salt is, by definition, exposed when the hash is exposed. They are stored side-by-side and the salt is not encrypted.
Salt does not prevent brute-forcing of a single hash. What it prevents is users with the same password from having the same hash. With salt, an attacker must brute-force each password individually (or create a separate rainbow table for each different salt, which defeats the purpose of a rainbow table). With a rainbow table and no salt, every hash can be reversed in seconds to minutes.
It's worth noting that the algorithm you are using to generate the hash (or rather, the resultant hash itself) has an inherent complexity limit. MD5 hashes are 128 bits which is 16 bytes. Any password longer than 16 bytes has another password that is shorter than 16 bytes that will have the same MD5 hash. Yes... an attacker doesn't need to know your password, just a password that, when hashed, collides with your password.
SHA1 hashes have a length of 160 bits so passwords longer than 20 characters will have an equivalent password shorter than 20 characters that produces the same hash if you are using SHA1.
Not that you should be using MD5 or even SHA1 for hashing passwords. Both hash functions are inappropriate for this purpose. If you are using raw hash functions for protecting passwords, even if you are using salt, then you need to read this now: http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html
If you put it to a vote, I would bet that most of the population would go for a doubling of intensity if they knew it wouldn't happen for another 100 years.
The bit you missed out in your quote is important. "We may disclose personal information if we or one of our affiliated companies is required by law to disclose personal information, or if we believe in good faith that such action is necessary to comply with a law or some legal process, to protect or defend our rights and property, to protect against misuse or unauthorized use of our web sites or to protect the personal safety or property of our users or the public." This was not required by law. What Kurt did is still in violation of the policy of the website. The EU decided that IP addresses were personally identifiable information. I don't know if I agree but this guy was certainly personally identified by his.
Solaris 10 has backwards compatibility with SunOS 2 so yes, tar is still broken.
The point is: it's broken in exactly the same way that it was broken in 1994.
This is another one of those annoying blog posts where some uninformed non-scientist copy-pastes an article from a reputable scientific reporting organisation. At least in this case he linked to the original: http://www.physorg.com/news176483573.html which appears to be a duplicate of an even older article: http://www.physorg.com/news170927623.html
The main advantage appears to be not that people don't have to peel the sticker off before eating their apples but rather that the label cannot be tampered with. (Or at least, not easily.)
Not quite. The length of the stations is pretty much fixed. Adding another carriage is easy but if no one can get on or off at that carriage then you still have the same problem.
I catch a train to work every day and the last two of the stations on this line only support 4 of the 8 carriages on the train. Looking at the stations, they can't be expended to accommodate the train because there are existing buildings where the platform would need to be. Luckily, most people seem to get on at one particular station about a third of the way through the journey and get off at another particular station about two-thirds of the way through. Between these two stops, there are as many standing passengers as seated. At the start and end of the line, I can have a booth of six seats to myself.
I caught a long distance train a few weeks ago that was oversold. I ended up spending the entire four hour journey standing up along with about 15 other people at my end of the carriage. The entire train looked the same.
On the other hand, getting from London to Paris is best done by train. You can leave from Waterloo, arrive 20 minutes before the train is due to depart, be there in 2.5 hours, get to see some of the French countryside along the way and arrive right in the centre of Paris at Gare du Nord. It takes an hour just to get to Heathrow or Gatwick or Luton from London, you have to be there two hours before the plane is due to depart, you don't get to see anything other than clouds along the way and you arrive in Charles de Gaulle airport which is 45 minutes outside Paris. If we left at the same time, you would still be in the departure lounge when I'm having lunch in a Parisian cafe.
Planes do scale the same way that adding another carriage to a train works. A four-seater plane requires the same infrastructure and staff that a ten-seater plane requires. A twenty-seater is the same as a fifty-seater. A 747 is the same as an A380... except that it requires a longer runway. But the number of staff required to run it is the same and the price per passenger goes down.
In general you're right, and trains are definitely a superior way of getting around, but problems with trains are not trivial to solve.
Does anybody have any technical details about this worm ?
Some people can't upgrade immediately and it would be nice to be able to block the request strings (or user-agent, IP address, whetever) that the worm uses.
I have looked around the various blogs reporting this and on full-disclosure lists but I can't find any better advice than "Upgrade. Now."
I don't suppose it's possible that Google's results are skewed to be anti-Microsoft are they ?
I tried it Google.
4th result:
WikiAnswers - Why is mac and cheese so awesome
Clearly Google has some sort of pro-cheese-and-pasta agenda.
I used ring up my mate and tell him to start loading a game into his C64 before walking over to his place. We'd usually have time for a snack before the tape had fully loaded. So no... somewhat slower than Vista.
On the other hand, I had an Apple ][e at the same time and even including the time it took to find the correct 5 1/4 inch floppy disk in one of the many boxes of disks we had, boot the computer and load the entire game, it was still faster than Vista is these days. The downside, of course, was that it only had 16 shades of green available to it and high resolution mode meant 192 x 280 pixels.
He compared MP3s to CDs in the last sentence of his post. I'm pretty sure he was referring to DVDRips as being "digital" distribution and DVDs as being "physical" distribution, MP3s as "digital" and CDs as "physical".
He didn't refer to VHS or Vinyl at all. Of course, judging by the Slashdot ID, it may just be that he wasn't around when CDs were invented.
The summary is flawed. (Well... that's new.)
To reproduce the full quote from the article: "Facebook killed TV. That is wildly oversimplified, of course, but probably as close to the truth as you can get in three words." ...and that's not even taking the context of the three previous paragraphs into account.
What Paul is saying is that some of us have had computers for years but thanks to social applications like Facebook (and although he doesn't say it I think this actually started with ICQ and MSN Messenger and their ilk.) computers can now be found in every home. The chances of finding a computer and an appropriate internet connection in a randomly picked home are the same as finding a TV in a randomly picked home these days.
Facebook (and all the other social applications) is not the reason people stop watching TV. It's the reason the few people who don't already have a computer get a computer in the first place.
As long as there was a market that computers couldn't reach, TV still had a chance and a point in existing. Now, it doesn't.
I do still think he is being a little preemptive in using the past-tense "killed" in his article but in a year or two he will probably be 100% correct.
I'm sure Paul wrote those three words knowing full well that they would be quoted out of context but I suspect he was hoping that would drive people to come and read the full article, not simply complain about the three words somewhere else.
Didn't Nine Inch Nails already do steps 1 and 2 ?
I'm not Irish so I can't help you with step 3.
What matters is not the keyspace size but where in your adversary's brute-force method your particular key is located.
For instance, if they try "aaa" then "aab" then "aac" then this 36 character pass-phrase will not be found for a VERY long time. If they start with words separated by spaces then this pass-phrase will be found much more quickly. Probably even more quickly than the pure punctuation pass-phrase.
But why would they ever use such a method ?
Normal brute-force methods focus on "normal" passwords. Passwords are usually 6 to 10 characters - often a dictionary word with a number at the end. The brute forcer would have no reason to suspect that the key was actually 6 dictionary words, each with the first letter capitalised, separated by spaces and with an exclamation mark at the end.
This is not just "only dictionary words" because it contains capitals, spaces and one punctuation mark and is clearly much more resistant to brute force attacks than a short password, even if the short password contains capitals, numbers and punctuation. As a bonus, it's also resistant to keyboard wear analysis.
The only thing that makes this a bad pass-phrase is that it is now cached on your hard drive and hence will show up if they run "strings" across the volume.
While all that you have said is true, the state of their customer service is woeful.
I am still being sent bills for my broadband with them even though I moved out of the house in question two years ago and am now living in Australia and have called them and notified them several times about this.
For the record, TalkTalk are doing the same thing for the next connection I had. TalkTalk gave me 400kbit/s on my 8Mbit line so I wasn't interested in signing up with them at the next house. They still send me bills 10 months later. They just won't cancel the account.
So far, Sky Broadband in the UK has caused me no troubles but there's still time.