update-rc.d, much like the other update-(alternatives|binfmts|inetd|.*) commands, isn't really intended to be a user's frontend. Many people choose to use them for that, but they're intended to be scriptable interfaces for package installation.
Useful frontends for the rc.d scripts exist; sysv-rc-conf and sysvconfig spring to mind, although I believe there's another one.
I just tested this on my Debian machine, and I was able to create a 92 character password on my first attempt, without having modified any PAM files. I'm sure higher than this is possible, but I didn't attempt it.
Your point about not being able to find a value that collides with your password is also irrelevant from the original point you tried to make: "if your data is smaller than the checksum there may not be a colision at all", which is clearly bogus. As well, it's also likely to not hold true for much longer anyways. Since MD5 no longer has strong collision resistance, it's likely that others will soon find a way to generate collisions for existing hashes, thus taking away its weak collision resistance.
Millions of password files can answer this question for you.
Irrelevant from the context of what you were saying. If I find a 491-bit value that collides with your eight-character password, your password is still cracked.
It won't even kill off the use of MD5 checksums as a signature for verifying authenticity, because if your data is smaller than the checksum there may not be a colision at all, and an exploit wouldn't matter.
Um, just because the file is smaller than the hash doesn't mean that there isn't a collision. The collision may be larger than the original file, but it's still a collision.
Besides, what is the point on doing an MD5 for a file that is smaller than the hash itself? At that point, you can just do a diff. The entire reason for an MD5 for file verification is because it's a relatively small, easy to pass number so you can compare two small things, rather than two large things. Your example is completely nonsensical.
Just like mixing medications can have very bad synergistic side effects, so should encryption or hashing technologies be mixed and matched.
As an example, when DES was first known to be broken, the most intuitive solution would be to double-encrypt the plaintext. However, upon cryptographic analysis, this acutally fails to improve the complexity of an attack (and in some cases may simplify it). Thus, Triple DES.
Be very wary of trying to combine "broken" algorithms in an attempt to gain security, especially if you have no real grounding in cryptanalysis. Vulnerabilities in each have a nasty tendency to either amplify or at least complement each other in highly unpredictible ways.
Remember one of the basic tenets of cryptography: it's easy to create an algorithm that you can't break. But just because you can't think of a way to break it doesn't mean there's not a trivial way to do so.
Reading further, I'm beginning to wonder if this is a publicity stunt like others have suggested. Lines like the following really fail to impress me:
"It goes against Newton's law. Everything on earth gets drawn to the surface by gravity, but in the case of flying cars, it's different," Song said. "There should exist the same opposite magnitude of power as the earth's gravity-pull. So, a balance is formed between gravity and reaction, which makes flying cars float in the atmosphere," he explained.
Yeah, okay, so the kid gets points for being seven, but all this says is, "If we push up with the same force that gravity pushes down, our cars will hover!" Well, um, yeah.
At eight years old Song is already talking about building flying cars and defying Newton's law of gravity while others his age are attending the first grade.
Re:Cheaper yes, but less skilled?
on
The H-1B Swindle
·
· Score: 2, Informative
That last would be really interesting- the globalists usually claim that free markets prevent war rather than causing it!
Strictly speaking, a globalist would claim that this kind of situation is caused by the current lack of globalism, and any kind of resistance or protectionist measures are only increasingly more likely to cause conflict of this nature; i.e., delaying and complicating the problem rather than actually doing anything about it.
The point of this type of technology is not to do away with the kind of rebooting Windows requires on most upgrades, and Linux requires on a kernel upgrade. It's more akin to Suspend to Disk, so someone can turn off their computer at night and save energy.
I feel like the real skill of development lies in making stuff like that, and if it becomes defacto, all you do is build applications from building blocks. I feel it takes away some of the 'art' of development. You'd say, oh I build a nice webshop, and the other person would sya, what did you use, and your answer wouldn't be php, mysql, some html/css and javascripting. It'd be Ruby on Rails, of Smarty Templates combined with some Data Access layer, or a whole lot of those java spring/hibernate thingies. And all you did was tie up the ends.
Not at all; you have it all backwards. Rails ties up the loose ends for you, letting you actually do the artistic stuff that makes your program really go. You don't have to bother writing an ORM to your database, tying unit testing to your framework, creating your own templating code, etc., all the ends are tied together for you. It's up to you to write the contents.
This is modded *interesting*? Google would clearly win a boatload of cash in a lawsuit, Microsoft would have the worst PR nightmare of their career on their hands, and it wouldn't work to begin with since Google can just change the DNS name of their ad servers.
I would suggest that the definition of a planet be an object of sufficiently large size that it became rounded by its own gravity. PLUS, it must have been formed through accumulation in the accretion disk of the planet it currently orbits. Thus, objects like Pluto would not be considered planets (as they were not formed inside of our solar system).
What's wrong with having a password protected virtual keyring, as opposed to some sort of physical media? Say what you want, but physical media are highly likely to be lost or stolen. With keys, the former isn't much of a problem; you can always have them remade. But how do you accomplish this virtually, over a website? Even worse, when a key (or keyring) is lost, the likelihood for damage is exceedingly low, because the odds of anyone finding what each key goes to is pretty unlikely. However, if you have a device with all your authentication tokens on it, the person just has to visit paypal.com, ebay.com, and so on until they have a match. I doubt it would take long.
I don't pirate music either for the same reason. I would rather give mindshare to independant artists. So, most of the losses aren't due to piracy, they are due to people making a decision not to support the RIAA.
Let me paraphrase: "I do X which causes Y. Therefore, the largest source of Y is X.
Don't convert your shop to Linux. Especially if you've never so much as installed it before. You will run into problems, and you will have no clue how to fix them, pissing off your users and disrupting your company's business. No matter how bad it is running Windows, it will be worse running any platform you aren't familiar with.
Install a system for you home use and use it exclusively for as long as it takes to get comfortable. Set up some services on those machines and tinker around with them. You should have, in my experience, at least a year with the operating system before you even think of deploying it in a business environment. Less, if you're familiar with similar operating systems.
Please don't blame instability on applications when you're running Gentoo. I've used the latest GNOME releases on multiple other distributions, and I have not experienced any crashes with the GNOME desktop.
Slashdot Mirror
Ahem...
alias service='invoke-rc.d'
update-rc.d, much like the other update-(alternatives|binfmts|inetd|.*) commands, isn't really intended to be a user's frontend. Many people choose to use them for that, but they're intended to be scriptable interfaces for package installation.
Useful frontends for the rc.d scripts exist; sysv-rc-conf and sysvconfig spring to mind, although I believe there's another one.
I just tested this on my Debian machine, and I was able to create a 92 character password on my first attempt, without having modified any PAM files. I'm sure higher than this is possible, but I didn't attempt it.
Your point about not being able to find a value that collides with your password is also irrelevant from the original point you tried to make: "if your data is smaller than the checksum there may not be a colision at all", which is clearly bogus. As well, it's also likely to not hold true for much longer anyways. Since MD5 no longer has strong collision resistance, it's likely that others will soon find a way to generate collisions for existing hashes, thus taking away its weak collision resistance.
Besides, what is the point on doing an MD5 for a file that is smaller than the hash itself? At that point, you can just do a diff. The entire reason for an MD5 for file verification is because it's a relatively small, easy to pass number so you can compare two small things, rather than two large things. Your example is completely nonsensical.
Just like mixing medications can have very bad synergistic side effects, so should encryption or hashing technologies be mixed and matched.
As an example, when DES was first known to be broken, the most intuitive solution would be to double-encrypt the plaintext. However, upon cryptographic analysis, this acutally fails to improve the complexity of an attack (and in some cases may simplify it). Thus, Triple DES.
Be very wary of trying to combine "broken" algorithms in an attempt to gain security, especially if you have no real grounding in cryptanalysis. Vulnerabilities in each have a nasty tendency to either amplify or at least complement each other in highly unpredictible ways.
Remember one of the basic tenets of cryptography: it's easy to create an algorithm that you can't break. But just because you can't think of a way to break it doesn't mean there's not a trivial way to do so.
Obviously, the analysis of these remains is flawed. All reasonable-minded Slashdotters know the Earth has only been around for fourteen years.
This is absurd. Every true Kansanian knows that the Earth was created in 1400 AD.
The difference is the same between memorizing the text of 1984 and understanding the warnings it contains.
Reading further, I'm beginning to wonder if this is a publicity stunt like others have suggested. Lines like the following really fail to impress me:
Yeah, okay, so the kid gets points for being seven, but all this says is, "If we push up with the same force that gravity pushes down, our cars will hover!" Well, um, yeah.+1, Flamebait?
The point of this type of technology is not to do away with the kind of rebooting Windows requires on most upgrades, and Linux requires on a kernel upgrade. It's more akin to Suspend to Disk, so someone can turn off their computer at night and save energy.
Not at all; you have it all backwards. Rails ties up the loose ends for you, letting you actually do the artistic stuff that makes your program really go. You don't have to bother writing an ORM to your database, tying unit testing to your framework, creating your own templating code, etc., all the ends are tied together for you. It's up to you to write the contents.
This is modded *interesting*? Google would clearly win a boatload of cash in a lawsuit, Microsoft would have the worst PR nightmare of their career on their hands, and it wouldn't work to begin with since Google can just change the DNS name of their ad servers.
Well, if you're willing to wait three years, I have a solution...
However, most aren't large enought to have formed a sphere by their own gravity.
Er, the accretion disk of the STAR around which it currently orbits.
I would suggest that the definition of a planet be an object of sufficiently large size that it became rounded by its own gravity. PLUS, it must have been formed through accumulation in the accretion disk of the planet it currently orbits. Thus, objects like Pluto would not be considered planets (as they were not formed inside of our solar system).
What's wrong with having a password protected virtual keyring, as opposed to some sort of physical media? Say what you want, but physical media are highly likely to be lost or stolen. With keys, the former isn't much of a problem; you can always have them remade. But how do you accomplish this virtually, over a website? Even worse, when a key (or keyring) is lost, the likelihood for damage is exceedingly low, because the odds of anyone finding what each key goes to is pretty unlikely. However, if you have a device with all your authentication tokens on it, the person just has to visit paypal.com, ebay.com, and so on until they have a match. I doubt it would take long.
Sorry man, but you need to take a logic class.
Let me paraphrase: "I do X which causes Y. Therefore, the largest source of Y is X.
That's what makes it innocent-looking :)
Don't convert your shop to Linux. Especially if you've never so much as installed it before. You will run into problems, and you will have no clue how to fix them, pissing off your users and disrupting your company's business. No matter how bad it is running Windows, it will be worse running any platform you aren't familiar with.
Install a system for you home use and use it exclusively for as long as it takes to get comfortable. Set up some services on those machines and tinker around with them. You should have, in my experience, at least a year with the operating system before you even think of deploying it in a business environment. Less, if you're familiar with similar operating systems.
Please don't blame instability on applications when you're running Gentoo. I've used the latest GNOME releases on multiple other distributions, and I have not experienced any crashes with the GNOME desktop.