I have a web page for creating secure passwords I essentially tell them to use acronyms... Come up with a phrase, and use that phrase to generate a password. My web page is oriented towards the 8 characther password limit endemic to Solaris (I'm SO glad they've finally extended that), but easily extended to more modern limits.
I teach this method to students, and then I run
john the ripper on the results. I found one of two results -- either they completely ignored my teachings and came up with passswords like '123456', or I didn't guess their passwords in days of running ripper.
I think that forcing 'safe' passwords on people is a bad idea.. this problem was addressed on slashdot a couple of years ago, and what they found was that 'random' passwords usually resulted in people writing down their passwords and keeping them in places like their wallets or taped to their keyboard (!).
Far better is to periodically run a password checker on people's accounts.. If you find a password, change their password, and/or send them an email telling them that their password has been guessed, and they need to come up with something secure (and somp pointers to ideas on how to create a 'good' password).
Sooner or later, they'll come up with a password that at least you can't guess, which is as good a heuristic I can come up with.
Thank you -- very useful
(BTW: ffbconfig no longer exists in solaris 9. It's replacement is fbconfig )
I've tried to get solaris 10 installed on a machine with an old monitor that can only support 1024x768x60. I just could not get a config that worked on either of the old monitors I had. I've now formatted the box with OpenBSD, so it'll be a while before I can test the new info.
I'll get to go in on Monday and see if fbconfig has set up the sparc box correctly. It'll be real nice if my students can finally watch me work directly on the sparc.
Back in the '80s it was reasonably possible for someone to go for a CS degree, start up a small company and make a good living. Nowadays you generally have to be part of a much large company to make anything that's likely to make a dent in the market.
A woman in a larger company has to deal with the 'glass ceiling' problem -- If problem solving )and 80 hour weeks) aren't your forte, computer science isn't such a hot future for women.
From my experience, Women have a different style of thinking than men -- they seem to work far better in a multi-tasking world where you have to keep track of 10 or 20 things at once with lots of details. Men are far better at pointing their head at one thing and working on it for hours on end.. That style of thinking lends itself far better to the current computing paradigm.
To get (and keep) more women in computing, I'm thinking that you'd have to come up with an entirely different paradigm for the computing field. Not being a woman, I have absolutely no idea what it is.
The fan is on the electronics side. I'm thinking that you want most of the cooling on the metal (platter) side -- to cool the mechanical side, which is where most of the failures occur. (correct me if I'm wrong here).
The massive temperature decrease with the current setup is because he's cooling the temperature sensor, without cooling the components that the sensor is supposed to be measuring for -- thus producing a false reading.
Them stealing 'It just works' from Apple kinda makes me giggle -- but what worries me sick is the possibility that they've now patented hard links (and/or symlinks that actually work)
One of the most annoying things about using Solaris (9 or 10) is the way that it uses really strange and borderlind refresh rates. I've run into far to many cases where monitors refuse to deal with the settings that sun sets the cards to...
In a classroom with 24 relatively new flat-screen monitors we were able to find, maybee 4 that were able to display the output from a solaris box... and they all had an annoying 'out of range' warning on the screen.
I had similar problems last year with regular CRT displays... Not quite so bad, but about 1/2 of the monitors would repeatedly refresh trying to get a proper sync .
I'm guessing that Sun wants to pressure people to buy their own branded monitors. ('works fine for us!').
Urk:
If you compared the Americans who live within 100 Miles of the Canadian border to the Canadians who live within 100 miles of the US border, you'd probably get the same kinds of results.
The US is being very slackass about ensuring that it's citizens have access to broadband. The government has given effective monopolies on the infrastructure to large companies and not pushed them to supply brooadband to the people they serve.
I can go to places like Bowen Island (Pop. ~4000 and a 20 minute ferry ride from the mainland and still get a $45/month DSL connection (2Megabit down 600 kilobit up). Similarly for 100 mile house (about 100 miles from the middle of nowhere in the coastal mountains).
I think that even Bella Coola (about another 100 miles from 100 Mile House) can get broadband.
Most Canadians may live within 100 miles of the US, but that doesn't mean everybody is -- or is close to a major city.... In the US, between Seattle and St. Paul, there's not a whole lot near the Canadian border.... (and some Americans think that North Dakota and Montana are still overrun by indians -- but that's another story) and there are still a good number of Canadians who live further north where -40 is regularly reached almost every winter.
The other day, I walked by someone who was sitting on a park bench by himeelf and talking to nothing/nobody in particular. It hit me that, 10 years ago, I would have taken this as a clear sign that the poor sod was completely off of his rocker. These days, however, if you see someone doing that, best bet is that (s)he's got a handfree cell phone on him and is talking to someone real.
Now, I'm gonna have to deal with people walking around Mumbling to themselves!
The next time I walk into an insane asylum^W^W Mental Health Facility, the only way I'm gonna be able to tell the difference between the visitors/staff and the patients is goint to be by looking for a badge.
I've met PR people who are pretty functional, and tech people who can be complete asses, too. Although tech people tend to the practical side, it really depends, to a certain extent, on the luck of the draw.
Obviously, you worked at a space where the PR peoplke had a serious power fixation and had implemented their plans of local domination. I'd say that the Borrd of Governors needs to jerk their chain something fierce.
My guess is that the Computer Science department is somehow going to do a lot better generating power and heat then either Physics or Chemistry. (and at cooling off in the summer despite all of those CPUs.)
Oh of course, because the comments in open-source applications are always squeaky clean!
I can think of two things to look at with respect to comments.:
First of all, you would like your comments to be meaningful, understandable and accurate. (I'm sure I could find you some juicy counter-examples in my own code).
The second thing (which, I think the grandfather post referred to) is: You might want to edit out comments like
"I was going to shoot George Bush but this seems even more insane",
"This is the worst IP violation I've ever committed", or
or "This code stinks worse than our hardware."
You know -- stuff that just might embarrass your PR group if it got published on slashdot. There probably isn't a whole lot of stuff like that, but you should hire a couple of young code monkeys to go a quick read thru your code, and flag anything even vaguely questionable for your more senior programmers to vette.
Murphy's law says that you won't necessarily catch everything that might be embarrassing, but if only one or two nasty examples make it past the review, you can always blame it on too much coffee. If there's lots of stuff that you find on a quick audit, then you might want to delay the public release for a couple more months while you go over the code with a fine toothed comb.
If you can find some code monkeys with OpenBSD style auditing experience, then you could possibly add in cleaning up the actual code to the benefits of such an audit. This code is going to represent your company (unless you release it anonymously), so it'd be good to release the best code your resources allow you to generate.
Technically, the GPL violation isn't your problem. It's an issue between them, IBM, and IBM's Nazgul (aka the legal team that's rippings Boies & co. to shreds in a Utah courtroom).
That having been said, a verbal agreement is just as binding as a written one -- just a little bit harder to prove what was agreed to. If they said you could keep the code you broght in then you can. You can't givem them rights to IBM code, but they could, in theory, claim your own additions tossed in after you brought the code into their offices (unless your verbal agreement says otherwise, but see above).
If they can rip your code out of the greedy little fingers of the IBM GPL code, then they're free to do what they want (subject to their agreements with you about it). If they're distributing IBM's GPL code (with or without your code) then they can abide by the GPL or face IBM's nazgul. (and I call them nazgul with the utmost respect as someone who hangs out on Groklaw and has seen their handiwork).
IANAL -- I just read Groklaw a lot (and supreme court decisions in my spare
time).
um... you end up with an infinite loop that way too.
(-: Perhaps, but the stack isn't as deep when you overflow -- because you skipped a step:-)
Re:security -- Not just anglaphones
on
IE7 Details Emerge
·
· Score: 4, Interesting
it's kind of funny, though, how it is essentially our (...)'s lack of familiarity with the writing systems of the rest of the world that are getting us into this particular pickle.
Actually no. The problem is really just that UTF-8 is too powerful. There are half a dozen ways to encode something that looks like an 'a'. It can actually get worse for people who are multilingual -- A Frenchman who expects a site encoded with an accented A (ä) might then be sent a URL where a similar looking character (ä) is encoded out of some other page. In this case, both ä's will be marked as extended UTF characters, so there may be no easy way for a user to distinguish between the 'legitimate' site and the phish monger. You tell me which one is legitimate! (and, yes, they are different encodings in this posting).
But it's what 10,000 cases out of millions of downloaders?
About $30-80M.
costs:
$0.50 stamp
$0.15 paper, envelope and printing
$30.00 apx. 2 hours of staff time, on paperwork negotiation, etc.
Incomw:
$3-15K (( none of it needing to be paid out as royalties ))
That's about a 99% profit margin.
The thing is, that they can't get too zealous about this or people really will cut down on the volume of downloading that they do and that'll cut into both their general business model and this specific income source. As such, I don't expet them to ramp this up too much, as they're unlikely to be willing to kill the golden goose.
Slashdot Mirror
I think that they should say 'COMMERCIAL' streaming video is now 10 years old.
I teach this method to students, and then I run john the ripper on the results. I found one of two results -- either they completely ignored my teachings and came up with passswords like '123456', or I didn't guess their passwords in days of running ripper.
I think that forcing 'safe' passwords on people is a bad idea.. this problem was addressed on slashdot a couple of years ago, and what they found was that 'random' passwords usually resulted in people writing down their passwords and keeping them in places like their wallets or taped to their keyboard (!).
Far better is to periodically run a password checker on people's accounts.. If you find a password, change their password, and/or send them an email telling them that their password has been guessed, and they need to come up with something secure (and somp pointers to ideas on how to create a 'good' password).
Sooner or later, they'll come up with a password that at least you can't guess, which is as good a heuristic I can come up with.
(BTW: ffbconfig no longer exists in solaris 9. It's replacement is fbconfig )
I've tried to get solaris 10 installed on a machine with an old monitor that can only support 1024x768x60. I just could not get a config that worked on either of the old monitors I had. I've now formatted the box with OpenBSD, so it'll be a while before I can test the new info.
I'll get to go in on Monday and see if fbconfig has set up the sparc box correctly. It'll be real nice if my students can finally watch me work directly on the sparc.
A woman in a larger company has to deal with the 'glass ceiling' problem -- If problem solving )and 80 hour weeks) aren't your forte, computer science isn't such a hot future for women.
From my experience, Women have a different style of thinking than men -- they seem to work far better in a multi-tasking world where you have to keep track of 10 or 20 things at once with lots of details. Men are far better at pointing their head at one thing and working on it for hours on end.. That style of thinking lends itself far better to the current computing paradigm.
To get (and keep) more women in computing, I'm thinking that you'd have to come up with an entirely different paradigm for the computing field. Not being a woman, I have absolutely no idea what it is.
The massive temperature decrease with the current setup is because he's cooling the temperature sensor, without cooling the components that the sensor is supposed to be measuring for -- thus producing a false reading.
Where are the points when I need them?
Them stealing 'It just works' from Apple kinda makes me giggle -- but what worries me sick is the possibility that they've now patented hard links (and/or symlinks that actually work)
In a classroom with 24 relatively new flat-screen monitors we were able to find, maybee 4 that were able to display the output from a solaris box... and they all had an annoying 'out of range' warning on the screen.
I had similar problems last year with regular CRT displays... Not quite so bad, but about 1/2 of the monitors would repeatedly refresh trying to get a proper sync .
I'm guessing that Sun wants to pressure people to buy their own branded monitors. ('works fine for us!').
sklfjm ,
If you compared the Americans who live within 100 Miles of the Canadian border to the Canadians who live within 100 miles of the US border, you'd probably get the same kinds of results.
The US is being very slackass about ensuring that it's citizens have access to broadband. The government has given effective monopolies on the infrastructure to large companies and not pushed them to supply brooadband to the people they serve.
I can go to places like Bowen Island (Pop. ~4000 and a 20 minute ferry ride from the mainland and still get a $45/month DSL connection (2Megabit down 600 kilobit up). Similarly for 100 mile house (about 100 miles from the middle of nowhere in the coastal mountains). I think that even Bella Coola (about another 100 miles from 100 Mile House) can get broadband.
Most Canadians may live within 100 miles of the US, but that doesn't mean everybody is -- or is close to a major city.... In the US, between Seattle and St. Paul, there's not a whole lot near the Canadian border.... (and some Americans think that North Dakota and Montana are still overrun by indians -- but that's another story) and there are still a good number of Canadians who live further north where -40 is regularly reached almost every winter.
Now, we're all going to have to go see it just to se if it really is that bad.
Now, I'm gonna have to deal with people walking around Mumbling to themselves!
The next time I walk into an insane asylum^W^W Mental Health Facility, the only way I'm gonna be able to tell the difference between the visitors/staff and the patients is goint to be by looking for a badge.
Actually, now that I mention it...
I think that the intent is to be nice to 'innocent' illegal immagrants -- who didn't really have a choice about being brought into the US.
Great! A story by Maureen O'Garra "confirmed" by a Red Herring. How do we know that they're not one and the same?
:-)
Obviously, you worked at a space where the PR peoplke had a serious power fixation and had implemented their plans of local domination. I'd say that the Borrd of Governors needs to jerk their chain something fierce.
My guess is that the Computer Science department is somehow going to do a lot better generating power and heat then either Physics or Chemistry. (and at cooling off in the summer despite all of those CPUs.)
or I woulda been moderated 'redundant' for posting Yet Another Joke about forgetting how to get to the competition.
If a slashdot editor could do that, they'd probably think that they could win the competition.
..... Surprise!!!!!
I can think of two things to look at with respect to comments.:
First of all, you would like your comments to be meaningful, understandable and accurate. (I'm sure I could find you some juicy counter-examples in my own code).
The second thing (which, I think the grandfather post referred to) is: You might want to edit out comments like
- "I was going to shoot George Bush but this seems even more insane",
- "This is the worst IP violation I've ever committed", or
- or "This code stinks worse than our hardware."
You know -- stuff that just might embarrass your PR group if it got published on slashdot. There probably isn't a whole lot of stuff like that, but you should hire a couple of young code monkeys to go a quick read thru your code, and flag anything even vaguely questionable for your more senior programmers to vette.Murphy's law says that you won't necessarily catch everything that might be embarrassing, but if only one or two nasty examples make it past the review, you can always blame it on too much coffee. If there's lots of stuff that you find on a quick audit, then you might want to delay the public release for a couple more months while you go over the code with a fine toothed comb.
If you can find some code monkeys with OpenBSD style auditing experience, then you could possibly add in cleaning up the actual code to the benefits of such an audit. This code is going to represent your company (unless you release it anonymously), so it'd be good to release the best code your resources allow you to generate.
That having been said, a verbal agreement is just as binding as a written one -- just a little bit harder to prove what was agreed to. If they said you could keep the code you broght in then you can. You can't givem them rights to IBM code, but they could, in theory, claim your own additions tossed in after you brought the code into their offices (unless your verbal agreement says otherwise, but see above).
If they can rip your code out of the greedy little fingers of the IBM GPL code, then they're free to do what they want (subject to their agreements with you about it). If they're distributing IBM's GPL code (with or without your code) then they can abide by the GPL or face IBM's nazgul. (and I call them nazgul with the utmost respect as someone who hangs out on Groklaw and has seen their handiwork).
IANAL -- I just read Groklaw a lot (and supreme court decisions in my spare time).
(-: Perhaps, but the stack isn't as deep when you overflow -- because you skipped a step :-)
Actually no. The problem is really just that UTF-8 is too powerful. There are half a dozen ways to encode something that looks like an 'a'. It can actually get worse for people who are multilingual -- A Frenchman who expects a site encoded with an accented A (ä) might then be sent a URL where a similar looking character (ä) is encoded out of some other page. In this case, both ä's will be marked as extended UTF characters, so there may be no easy way for a user to distinguish between the 'legitimate' site and the phish monger. You tell me which one is legitimate! (and, yes, they are different encodings in this posting).
<I>An Unexpected error has occured: "Stack Overflow"</i>
Silly snoop! That should have been:
main()
{
readsite();
}
Otherwise you ene up with an infinite loop.
(( sheesh! Some people just don't know how to code! ))
If I build the rifle, can I read their site by bluetooth?
About $30-80M.
costs:
$0.50 stamp
$0.15 paper, envelope and printing
$30.00 apx. 2 hours of staff time, on paperwork negotiation, etc.
Incomw:
$3-15K (( none of it needing to be paid out as royalties ))
That's about a 99% profit margin.
The thing is, that they can't get too zealous about this or people really will cut down on the volume of downloading that they do and that'll cut into both their general business model and this specific income source. As such, I don't expet them to ramp this up too much, as they're unlikely to be willing to kill the golden goose.