It certainly is amazing how many people don't understand the difference, or more specifically, that there is a difference.
The other important factor is that hashing is not 1:1 input for output. Block digest functions are a good illustration of that. But in this specific case that's not important.
The only important thing here is that given a full site dump (or outright theft of the gear) it's not possible for the attacker to determine cleartext passwords short of brute force. (or rainbow table if the implementers are idiots)
I guess I better change it again just to be safe. Mine is definitely not in the dictionary or guessable so I'm not to worried unless they can decrypt the password file. I would hope they encrypt their password file..
If they raided the entire fridge, even if it wasencrypted, they'd have the keys and thus all the passwords on a silver platter.
I think what you meant to say is you hope the passwords were hashed.
The fact that, technically, federal income tax is unconstitutional, may be keeping things like this from getting done at a federal level, where someone calling the whole issue to the supreme court could cause quite a mess. Though from what I've read, the executive branch has made it quite clear to seated justices that this one particular glitch in the government must be overlooked because it's essential to government operation. And that if the supreme court were to hear such a case, the president would just appoint more justices to the supreme court that were willing to overlook the issue, see there being 9 justices is a matter of tradition, NOT law.
That brings up an interesting question concerning steel folding, like what was done with japanese swords.
If you were to say, take a bar of copper 10 ft x 1" x 1/4", and bend it in the middle (fold it) and then when it was folded, beat it out so its back to 10' x 1" x 1/4", and repeat the process several times, you could theoretically get a lot more than 13 folds out of it. When you were done each layer would be like gold leaf though.
The thickness of the material is ultimately what causes problems with folding, which is why TP is a good choice. (the cheap stuff is really thin, and it is somewhat stretchable) But you can get metal down to an atom or three thick without TOO much work. (as with gold leaf)
I wonder if this would count?
I also wonder also how they obtained a single roll of TP that long, or did they have to patch together several rolls? I'm not talking about the little ones at home, I'm assuming they use the big (12" or so?) rolls used in public restrooms. Still, I don't think one of those would be enough, that looked like 3 or 4 of those rolls worth of TP, but maybe that was just the effect of it getting uncompressed and air into it that fluffed it up?
I work at a computer retail store (and yes we have a biased opinion on the matter) but we try to show business owners that 10 year old computers really are a problem, even when they still work. It's amazing how hard it is to get some people to replace an old computer with a new one, when the old one still (sort of) works. It's so hard to explain productivity loss due to antiquated tools to the people holding the checkbook.
Numerous times we've had people bring in ancient computers that have died and must now be replaced, and have to treat them to the bad news that their combination of very old hardware and very old software is going to be an extremely unpleasant and expensive experience now, as they have to buy all new computer, all new peripherals (seen a peripheral cost 10k once), all new software (can you say "pagemager", "creative suite" and "quark" for 10 computers?) and all your documents are going to have to go through a painful migration of format. Generally leaves the office in chaos for the next month too. I really feel sorry for those staff.
Because the tsunami happened and then was over with. The reactor situation is ongoing, and isn't getting better very quickly. There's little point on dwelling on the past, there's nothing anyone can do about the tsunami now, the damage is completely done and over with. There are no new developments. Obviously this translates to "no news".
Fighting to keep the reactors from melting down and further major radiation releases is a current and ongoing battle. Every day brings new developments, a new news story, and people want to know what's changed since yesterday. That's the essence of "news".
You appear well-educated on the subject so I'll ask this question to you... I recall reading somewhere that in the past there were two competing strategies for photosynthesis, green and brown. (I assume brown was green & red) But green won the evolutionary war. Can you confirm this, and why was it? was it chance? can we stack the deck somehow to make brown work better now?
"So.. we had an idea and an agreement was worked out with you. and we all got what we all agreed on. BUT.. you ended up making a LOT more money off the idea than we expected, so NOW we want a bigger cut.... ok?"
Tell 'em it's to catch terrorists, then use it for everything else.
I'd be willing to bet if you looked back on when this was set up to begin with, the proponents would have vehemently denied it would be used for anything but what it was "intended for". (catching terrorists) And that testimony was instrumental in getting the green light for it to be set up to begin with.
IMHO, whenever something like this goes on the agenda, when the sales pitch is being made to the officials/voters, that they have to put it in writing that the very minute it gets used beyond those predefined and agreed on bounds, it's IMMEDIATELY TERMINATED.
If nothing else it would prove to make a very entertaining debate when the people swearing it won't go beyond "that" suddenly and most urgently fight to stop that harmless little "public rights safety" from being added to the books. "So tell me again, why is it you're so against that little clause, if you're insisting it'll never come to that???"
that picture of him in his chair working on the computer, I was hoping to see how he was managing to use his feet, but the picture didn't extend to his feet. any more descriptive pictures of the setup?
Remember though, sometimes it's more a case of bandwidth than backend. My primary line is 768k dsl. I don't care of you have a cray optimized with a team of sevants behind it, it won't handle it unless you're serving a 4k page with nothing embedded.
And what's this thing about "the engine is only suited for hybrid-electric vehicles, but that's okay. "... what does THAT mean?
That usually means it can't produce high impulse power, like accelerating from a stop. It uses the batteries to buffer power production and recharges this during lower consumption, uses regenerative braking, etc.
That brings up the worry that it has a low average impulse output, which becomes a problem when you need continuous higher output, such as when out on the highway. It may not be capable of maintaining highway speeds. That has always been an issue with hybrids, a lot of work has to be put into making sure they can go the distance.
Sort of reminds me of a sterling engine in that respect. Doesn't matter how efficient it is if you can't meet your power requirements. Though the confusing thing is he was saying how this is going to be so much lighter... if it was lighter, why not increase the size of the engine, or put in a twin, for higher power output? Maybe it's really bulky. (there was quite a bit of "stuff" in that lab, you gonna fit that into a mini couper?)
And it says they showed off a prototype, but I never saw anything short of that little aluminum/acrylic wheel he was playing with, and the camera pan around in a large chaotic lab with little in the way of identifiable machinery. (that could be a brewery for all I could tell, and hey, nice stepladder) And the only useful picture in that article wasn't much bigger than a chicklet. here is a bigger one you can actually read. What's wrong with the author of that article?
That's actually not a bad idea, as long as you have another clean installed hard drive to swap in for the trip, and still have proper encryption on the drive you remove. But I'd be worried about the xray machines etc risking the data on checked luggage. And obviously placing it in an xrayproof box or bag etc would immediately get your bags rifled through.
I wonder if the offsite-search concept applies to removed media? hard drive, or even flash drives or an SD card currently in your camera etc?
can someone explain what justification they are offering for this decision? besides what seems to be the only obvious answer of simply allowing the law enforcement to do whatever they please?
u probably already knew that the touchscreen events you use as input on your phone are the very same mouse events you use on a computer.
I don't even have to be a touch device dev to know that's got a serious problem with it. One of the biggest issues with porting to touchscreen right now is that a mouse allows you to move or hover over something with or without the button down. A touch screen's lack of "mouseover" is the #1 headache in converting flash based games, since the vast majority of them use hover extensively. (and all of them require click) The ones that use drag extensively are frequently never ported.
You have to come up with a way to differentiate a drag from a hover with the touch screen. There's several different approaches to this, including holding down a button somewhere else on the screen with a different finger, (costing valuable screen real-estate) but no matter what you do it's going to at least slightly affect game mechanics. For example, with a mouse, there's no way to get the pointer into a box without it moving over one of its sides.
Second problem: Touch displays natively allow the pointer to teleport anywhere on the screen. That alone breaks a lot of games. Again there are game mechanic changes you can make like "if the mouse tries to teleport, move it slowly from the old position to the new and make sure it doesn't run over/into something we need to process along the way", but just that by itself is a significant change/addition to the code.
"We have repeatedly asked the government and Tepco to stop further radiation leaks into the ocean. But the government and Tepco ignored us and dumped radioactive water into the sea, which is utterly outrageous," said the letter from Japan's largest fishermen's labour group. "What they have done is unforgivable. It could really destroy our business."
(emphasis mine)
They are being totally selfish and turning a blind eye to what the government has been trying to tell them. They have many millions more gallons of water than they can store. Some of it has to be dumped. They could dump some less contaminated water from the storage pond to make room for much more dangerous water that has to be removed from the reactors, OR they could stop using the pond and just dump that highly radioactive water from the reactors straight into the ocean, which would be much worse for the fishing industry over the next several years. No one else has a better idea, unless these fishermen care to stop by with some buckets?
They're upset at what's happening, and are lashing out and treating it like they're the deliberate targets of a random malicious decision. It's the best option available at this time. I don't even know if a technology exists to remove radiation from water, I'm assuming it either doesn't exist or is too slow to be practical otherwise they wouldn't be using storage ponds in the first place.
I went through that call too. Twice. Both calls sparked by my reading the superfine print in the updated terms notice they sent me. First time, about 3 yrs ago, as yours went. Second time about 8 months ago, and they said thank you for your business, and transferred me to their cancellation department, which swiftly terminated my account without so much as a second glance.
I was a little surprised by that, but owell. Not my loss. Was a little sad to see it go though, it was my first credit card while I was in college, had my photo and signature embedded on the front of the card. (made an awesome photo id) I don't carry a balance hardly ever anymore, (I'm not a "revolver") so they weren't making much off me, but they're not making anything off me now.
yes chase seems to be in the business of driving away their customers nowadays. I took off when they decided to jack my interest rate from 9.9 to 18% for literally no reason.
I had a lengthy reply written which Slashdot's incompetent message system destroyed. SLASHDOT: FIX YOUR CRAP WEBSITE.
always always ALWAYS select-all-copy a lengthy post before clicking preview or submit.
I learned that long ago and have had to invoke paste on at least a half a dozen occasions on various forums. It's not just here. Blame them, but share some of the blame for yourself.
The #1 rule in implementing encryption is "don't make up your own new variety". There are several reasons for this.
1. you're probably not a very talented crypto-analyst and there are almost certainly some serious design flaws in your method that you are not going to see.
2. published methods have lots of peer review, and many pairs of eyes tend to find problems faster than one pair.
3. published methods get used, and become targets. targets attract attention from the other pairs of eyes, (blackhat) and hasten discovery of weaknesses. Openly publicized methods tend to fall even faster by (3) since they have the spec handed to them on a platter.
Unfortunately he's probably using a variation of shorthand using unrelated letters to make symbols. Without a very large amount of text (or a windfall) to work with, this may prove very difficult. A bit like hieroglyphics in that respect. Despite all the text we had to work with, how many years we had to work on it, and how many tried, look how long it took us, and we only figured it out because we found a crib sheet. And that wasn't even deliberately encoded...
A lot of roadblocks go up in a sudden poof of smoke when you say "or would you rather deal with a nuclear meltdown?". Helicopters and fuel aren't going to be an issue when your need is at pretty much the very top of the pecking order.
block, yes. character, no. AES in that mode is also referred to as a "block cipher" for that exact reason.
Stream mode is a much better idea for security, but can fail to be decoded if part of the transmission is lost or corrupted. Block ciphers usually only lose the damaged blocks and a block on each end of the damage.
That and you can't really even call it "encryption". This is a "substitution cipher" isn't it? So it's "encipherment", not "encryption"?
Encrypted messages rely on a translation that is relative to character position in the message, such that the substitution of a given letter at one position is usually not the same as the substitution for that same letter at any other position.
I read in the article that someone said they employed "five levels of encryption". I wonder how that compares with the effectiveness of say, 5 x rot13?;)
They can put anything they darn well please into the EULA, it doesn't guarantee it to be binding or legally enforceable.
They could sneak a line in somewhere in the middle of page 28 of 45 that says by using this software you're required to send them a check for $500. It would be very hard to enforce.
The practice of installing hidden software like that already has been condemned by the FTC. (from TFA: In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007).) So they're probably going to get hammered on this. And rightfully so.
Usually when their legal department refuses to reply when you're requesting comments before someone goes public, it's because they're busy batoning down the hatches and polishing up their resumes.
Slashdot Mirror
It certainly is amazing how many people don't understand the difference, or more specifically, that there is a difference.
The other important factor is that hashing is not 1:1 input for output. Block digest functions are a good illustration of that. But in this specific case that's not important.
The only important thing here is that given a full site dump (or outright theft of the gear) it's not possible for the attacker to determine cleartext passwords short of brute force. (or rainbow table if the implementers are idiots)
If they raided the entire fridge, even if it was encrypted, they'd have the keys and thus all the passwords on a silver platter.
I think what you meant to say is you hope the passwords were hashed .
The fact that, technically, federal income tax is unconstitutional, may be keeping things like this from getting done at a federal level, where someone calling the whole issue to the supreme court could cause quite a mess. Though from what I've read, the executive branch has made it quite clear to seated justices that this one particular glitch in the government must be overlooked because it's essential to government operation. And that if the supreme court were to hear such a case, the president would just appoint more justices to the supreme court that were willing to overlook the issue, see there being 9 justices is a matter of tradition, NOT law.
ahh the fun games they pay...
That brings up an interesting question concerning steel folding, like what was done with japanese swords.
If you were to say, take a bar of copper 10 ft x 1" x 1/4", and bend it in the middle (fold it) and then when it was folded, beat it out so its back to 10' x 1" x 1/4", and repeat the process several times, you could theoretically get a lot more than 13 folds out of it. When you were done each layer would be like gold leaf though.
The thickness of the material is ultimately what causes problems with folding, which is why TP is a good choice. (the cheap stuff is really thin, and it is somewhat stretchable) But you can get metal down to an atom or three thick without TOO much work. (as with gold leaf)
I wonder if this would count?
I also wonder also how they obtained a single roll of TP that long, or did they have to patch together several rolls? I'm not talking about the little ones at home, I'm assuming they use the big (12" or so?) rolls used in public restrooms. Still, I don't think one of those would be enough, that looked like 3 or 4 of those rolls worth of TP, but maybe that was just the effect of it getting uncompressed and air into it that fluffed it up?
really? who'd have thought? TYCO
I work at a computer retail store (and yes we have a biased opinion on the matter) but we try to show business owners that 10 year old computers really are a problem, even when they still work. It's amazing how hard it is to get some people to replace an old computer with a new one, when the old one still (sort of) works. It's so hard to explain productivity loss due to antiquated tools to the people holding the checkbook.
Numerous times we've had people bring in ancient computers that have died and must now be replaced, and have to treat them to the bad news that their combination of very old hardware and very old software is going to be an extremely unpleasant and expensive experience now, as they have to buy all new computer, all new peripherals (seen a peripheral cost 10k once), all new software (can you say "pagemager", "creative suite" and "quark" for 10 computers?) and all your documents are going to have to go through a painful migration of format. Generally leaves the office in chaos for the next month too. I really feel sorry for those staff.
Because the tsunami happened and then was over with. The reactor situation is ongoing, and isn't getting better very quickly. There's little point on dwelling on the past, there's nothing anyone can do about the tsunami now, the damage is completely done and over with. There are no new developments. Obviously this translates to "no news".
Fighting to keep the reactors from melting down and further major radiation releases is a current and ongoing battle. Every day brings new developments, a new news story, and people want to know what's changed since yesterday. That's the essence of "news".
You appear well-educated on the subject so I'll ask this question to you... I recall reading somewhere that in the past there were two competing strategies for photosynthesis, green and brown. (I assume brown was green & red) But green won the evolutionary war. Can you confirm this, and why was it? was it chance? can we stack the deck somehow to make brown work better now?
"So.. we had an idea and an agreement was worked out with you. and we all got what we all agreed on. BUT.. you ended up making a LOT more money off the idea than we expected, so NOW we want a bigger cut.... ok?"
I'd be willing to bet if you looked back on when this was set up to begin with, the proponents would have vehemently denied it would be used for anything but what it was "intended for". (catching terrorists) And that testimony was instrumental in getting the green light for it to be set up to begin with.
IMHO, whenever something like this goes on the agenda, when the sales pitch is being made to the officials/voters, that they have to put it in writing that the very minute it gets used beyond those predefined and agreed on bounds, it's IMMEDIATELY TERMINATED.
If nothing else it would prove to make a very entertaining debate when the people swearing it won't go beyond "that" suddenly and most urgently fight to stop that harmless little "public rights safety" from being added to the books. "So tell me again, why is it you're so against that little clause, if you're insisting it'll never come to that???"
that picture of him in his chair working on the computer, I was hoping to see how he was managing to use his feet, but the picture didn't extend to his feet. any more descriptive pictures of the setup?
Remember though, sometimes it's more a case of bandwidth than backend. My primary line is 768k dsl. I don't care of you have a cray optimized with a team of sevants behind it, it won't handle it unless you're serving a 4k page with nothing embedded.
That usually means it can't produce high impulse power, like accelerating from a stop. It uses the batteries to buffer power production and recharges this during lower consumption, uses regenerative braking, etc.
That brings up the worry that it has a low average impulse output, which becomes a problem when you need continuous higher output, such as when out on the highway. It may not be capable of maintaining highway speeds. That has always been an issue with hybrids, a lot of work has to be put into making sure they can go the distance.
Sort of reminds me of a sterling engine in that respect. Doesn't matter how efficient it is if you can't meet your power requirements. Though the confusing thing is he was saying how this is going to be so much lighter... if it was lighter, why not increase the size of the engine, or put in a twin, for higher power output? Maybe it's really bulky. (there was quite a bit of "stuff" in that lab, you gonna fit that into a mini couper?)
And it says they showed off a prototype, but I never saw anything short of that little aluminum/acrylic wheel he was playing with, and the camera pan around in a large chaotic lab with little in the way of identifiable machinery. (that could be a brewery for all I could tell, and hey, nice stepladder) And the only useful picture in that article wasn't much bigger than a chicklet. here is a bigger one you can actually read. What's wrong with the author of that article?
That's actually not a bad idea, as long as you have another clean installed hard drive to swap in for the trip, and still have proper encryption on the drive you remove. But I'd be worried about the xray machines etc risking the data on checked luggage. And obviously placing it in an xrayproof box or bag etc would immediately get your bags rifled through.
I wonder if the offsite-search concept applies to removed media? hard drive, or even flash drives or an SD card currently in your camera etc?
can someone explain what justification they are offering for this decision? besides what seems to be the only obvious answer of simply allowing the law enforcement to do whatever they please?
I don't even have to be a touch device dev to know that's got a serious problem with it. One of the biggest issues with porting to touchscreen right now is that a mouse allows you to move or hover over something with or without the button down. A touch screen's lack of "mouseover" is the #1 headache in converting flash based games, since the vast majority of them use hover extensively. (and all of them require click) The ones that use drag extensively are frequently never ported.
You have to come up with a way to differentiate a drag from a hover with the touch screen. There's several different approaches to this, including holding down a button somewhere else on the screen with a different finger, (costing valuable screen real-estate) but no matter what you do it's going to at least slightly affect game mechanics. For example, with a mouse, there's no way to get the pointer into a box without it moving over one of its sides.
Second problem: Touch displays natively allow the pointer to teleport anywhere on the screen. That alone breaks a lot of games. Again there are game mechanic changes you can make like "if the mouse tries to teleport, move it slowly from the old position to the new and make sure it doesn't run over/into something we need to process along the way", but just that by itself is a significant change/addition to the code.
(emphasis mine)
They are being totally selfish and turning a blind eye to what the government has been trying to tell them. They have many millions more gallons of water than they can store. Some of it has to be dumped. They could dump some less contaminated water from the storage pond to make room for much more dangerous water that has to be removed from the reactors, OR they could stop using the pond and just dump that highly radioactive water from the reactors straight into the ocean, which would be much worse for the fishing industry over the next several years. No one else has a better idea, unless these fishermen care to stop by with some buckets?
They're upset at what's happening, and are lashing out and treating it like they're the deliberate targets of a random malicious decision. It's the best option available at this time. I don't even know if a technology exists to remove radiation from water, I'm assuming it either doesn't exist or is too slow to be practical otherwise they wouldn't be using storage ponds in the first place.
I went through that call too. Twice. Both calls sparked by my reading the superfine print in the updated terms notice they sent me. First time, about 3 yrs ago, as yours went. Second time about 8 months ago, and they said thank you for your business, and transferred me to their cancellation department, which swiftly terminated my account without so much as a second glance.
I was a little surprised by that, but owell. Not my loss. Was a little sad to see it go though, it was my first credit card while I was in college, had my photo and signature embedded on the front of the card. (made an awesome photo id) I don't carry a balance hardly ever anymore, (I'm not a "revolver") so they weren't making much off me, but they're not making anything off me now.
yes chase seems to be in the business of driving away their customers nowadays. I took off when they decided to jack my interest rate from 9.9 to 18% for literally no reason.
always always ALWAYS select-all-copy a lengthy post before clicking preview or submit.
I learned that long ago and have had to invoke paste on at least a half a dozen occasions on various forums. It's not just here. Blame them, but share some of the blame for yourself.
The #1 rule in implementing encryption is "don't make up your own new variety". There are several reasons for this.
1. you're probably not a very talented crypto-analyst and there are almost certainly some serious design flaws in your method that you are not going to see.
2. published methods have lots of peer review, and many pairs of eyes tend to find problems faster than one pair.
3. published methods get used, and become targets. targets attract attention from the other pairs of eyes, (blackhat) and hasten discovery of weaknesses. Openly publicized methods tend to fall even faster by (3) since they have the spec handed to them on a platter.
Unfortunately he's probably using a variation of shorthand using unrelated letters to make symbols. Without a very large amount of text (or a windfall) to work with, this may prove very difficult. A bit like hieroglyphics in that respect. Despite all the text we had to work with, how many years we had to work on it, and how many tried, look how long it took us, and we only figured it out because we found a crib sheet. And that wasn't even deliberately encoded...
A lot of roadblocks go up in a sudden poof of smoke when you say "or would you rather deal with a nuclear meltdown?". Helicopters and fuel aren't going to be an issue when your need is at pretty much the very top of the pecking order.
block, yes. character, no. AES in that mode is also referred to as a "block cipher" for that exact reason.
Stream mode is a much better idea for security, but can fail to be decoded if part of the transmission is lost or corrupted. Block ciphers usually only lose the damaged blocks and a block on each end of the damage.
but If they're only making it available to paying customers, isn't that selling it?
That and you can't really even call it "encryption". This is a "substitution cipher" isn't it? So it's "encipherment", not "encryption"?
Encrypted messages rely on a translation that is relative to character position in the message, such that the substitution of a given letter at one position is usually not the same as the substitution for that same letter at any other position.
I read in the article that someone said they employed "five levels of encryption". I wonder how that compares with the effectiveness of say, 5 x rot13? ;)
They can put anything they darn well please into the EULA, it doesn't guarantee it to be binding or legally enforceable.
They could sneak a line in somewhere in the middle of page 28 of 45 that says by using this software you're required to send them a check for $500. It would be very hard to enforce.
The practice of installing hidden software like that already has been condemned by the FTC. (from TFA: In the words of the of former FTC chairman Deborah Platt Majoras, "Installations of secret software that create security risks are intrusive and unlawful." (FTC, 2007).) So they're probably going to get hammered on this. And rightfully so.
Usually when their legal department refuses to reply when you're requesting comments before someone goes public, it's because they're busy batoning down the hatches and polishing up their resumes.