The link you provide supports that this is selection bias - he cracked 26025 out of 93688 passwords, and then made the brilliant deduction that boils down to "of those passwords that I easily cracked, most were found to be easily cracked". No shit, Sherlock.
I didn't say that the link disproves that the selection bias exists---it simply doesn't exhibit that selection bias, because it represents a sample of all passwords used on a site. The top 30 passwords were not "the top 30 that were cracked"; they were the top 30 passwords used on the site at all. I could determine this because they were stored as unsalted MD5 hashes.
Sure, that 36% of passwords are easily cracked is bad in itself, but that's another thing entirely. It can't be used as statistics to extrapolate anything using the word "most". It only applies to that subset of weak password.
Yes, I don't dispute that.
I also have to arrest you for " I found that 36% of all passwords were easily discoverable using a rainbow table". This is incorrect. 100% of all passwords are easily discoverable using a rainbow table. 36% may be easily discoverable using a partial rainbow table, which is not the same thing.
What is the difference between a rainbow table and a "partial rainbow table", in your view? Do you think a "rainbow table" means a table containing all possible passwords? Considering that many hash functions have an infinite number of possible inputs, there's no such thing as a rainbow table, according to that definition. It also seems to contradict the usage by Philippe Oechslin in the paper which introduced the term.
Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak
No surprise there.
, virtually no one uses strong passwords.
Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.
Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.
I actually had a list of email addresses and their corresponding passwords for the site. I wouldn't be surprised if a lot of these passwords could also be used to get access to their corresponding GMail/Yahoo/Hotmail accounts (but I didn't test it out, because I enjoy not being in jail).
Part of the problem is that the Javascript programming model is inherently single-threaded, so even if your Javascript engine is multi-threaded, it must fake being single-threaded. It could be that it makes more sense to just use a single-threaded Javascript engine.
I think it stopped being a pump-and-dump when the last bubble burst. I find it's still a very useful micropayments platform, especially when the exact dollar value of the micropayments doesn't matter that much (e.g. when donating money to somebody who operates a website).
Obviously, what's happening here is that some police don't know the law, so they're doing their investigative work by gut feeling. If I lived there, I'd want my local city councillors to answer some hard questions about why the police in my area are so poorly trained.
The CO2 emitted by burning wood is CO2 which was extracted from the atmosphere by the plant as it was growing, so it is carbon-neutral.
That's only true if you re-grow all the wood that you burn in some short period of time. The carbon in fossil fuels was also extracted from the atmosphere when the plants that produced it were growing, but we don't consider fossil fuels to be carbon-neutral because we're not recapturing the carbon from the atmosphere in any short period of time.
I also believe that software patents are counter productive and slowing our progress.
A lot of Slashdotters believe this, but none are able to offer any evidence other than a gut feeling, and gut feelings won't convince Congress to amend the Patent Act. Do you have any evidence? Software has been patentable for about 30 years... How has our progress been slowed in that time, and where would we be now otherwise?
Please stop capitalizing "atheists" and "agnostics"; They're common nouns. (Yes, I realize that you used "atheists" at the beginning of a sentence *this time*, but I bet you usually capitalize it no matter where it occurs, and even if you don't, others reading this do.)
Step 1. Distribute the entire transaction history to everyone in the P2P network, much like how a git repository works.
Step 2. Have a bunch of people do lots of expensive hashing so that anyone in the P2P network can tell which "branch" of the repository is the official one. ("The branch that was the most difficult to compute" is the one that wins.)
Step 3. To see how much money you have, look at the transaction history for the accounts that you control.
Bitcoins aren't really a thing you can have. Even the physical "bitcoins" you can buy aren't really coins. They're just private keys that are allowed to sign transactions on behalf of accounts that have a non-zero balance.
The only reason why people talk about Bitcoin as being untraceable is that anyone can create accounts, and there aren't necessarily names attached to accounts, but it would be too hard for authorities with warrants to catch you if they suspected you. The entire transaction history is still there, forever, for everyone to see!
To everyone here who writes comments like, "I think the GPL says such-and-such", just read the fucking thing. Seriously, it's not a hard document to understand.
Something was seriously wrong with your system and it wasn't memory.
Well, Java and a Windows virtual machine or two will easily cause this. Of course, both qualify as "something seriously wrong" to me, so I don't disagree...
Slashdot Mirror
The link you provide supports that this is selection bias - he cracked 26025 out of 93688 passwords, and then made the brilliant deduction that boils down to "of those passwords that I easily cracked, most were found to be easily cracked". No shit, Sherlock.
I didn't say that the link disproves that the selection bias exists---it simply doesn't exhibit that selection bias, because it represents a sample of all passwords used on a site. The top 30 passwords were not "the top 30 that were cracked"; they were the top 30 passwords used on the site at all. I could determine this because they were stored as unsalted MD5 hashes.
Sure, that 36% of passwords are easily cracked is bad in itself, but that's another thing entirely. It can't be used as statistics to extrapolate anything using the word "most". It only applies to that subset of weak password.
Yes, I don't dispute that.
I also have to arrest you for " I found that 36% of all passwords were easily discoverable using a rainbow table". This is incorrect. 100% of all passwords are easily discoverable using a rainbow table. 36% may be easily discoverable using a partial rainbow table, which is not the same thing.
What is the difference between a rainbow table and a "partial rainbow table", in your view? Do you think a "rainbow table" means a table containing all possible passwords? Considering that many hash functions have an infinite number of possible inputs, there's no such thing as a rainbow table, according to that definition. It also seems to contradict the usage by Philippe Oechslin in the paper which introduced the term.
Every time I go to pastebin.com and look at the hacked sites the passwords are always weak, extremely weak
No surprise there.
, virtually no one uses strong passwords.
Non sequitur. The published passwords are weak because that's the passwords that were easily cracked. Those who have strong passwords are underrepresented on the lists precisely because they have stronger passwords so they weren't brute-forced easily.
Sure, but every now and then, some *site* uses a poor hash, which allows people like me to do research on password strength and frequency. These results don't exhibit the selection bias you're talking about, because they're a full dump of passwords on the site. This is just for one specific site, but I found that 36% of all passwords were easily discoverable using a rainbow table, 33% of passwords weren't unique, and 1 in 72 users had the password "super123" for some reason.
I actually had a list of email addresses and their corresponding passwords for the site. I wouldn't be surprised if a lot of these passwords could also be used to get access to their corresponding GMail/Yahoo/Hotmail accounts (but I didn't test it out, because I enjoy not being in jail).
My idea is totally new and never been done before!
Trololololo!
I don't see why they couldn't just do surveillance on him and wait for him to, for example, actually purchase some of the items on his shopping list.
Part of the problem is that the Javascript programming model is inherently single-threaded, so even if your Javascript engine is multi-threaded, it must fake being single-threaded. It could be that it makes more sense to just use a single-threaded Javascript engine.
Netflix uses Silverlight.
Technology is eroding government control of Canadian culture.
Home Depot might not, but if you can find somebody who wants a Home Depot gift card, you can sell it to them for Bitcoins.
I think it stopped being a pump-and-dump when the last bubble burst. I find it's still a very useful micropayments platform, especially when the exact dollar value of the micropayments doesn't matter that much (e.g. when donating money to somebody who operates a website).
Obviously, what's happening here is that some police don't know the law, so they're doing their investigative work by gut feeling. If I lived there, I'd want my local city councillors to answer some hard questions about why the police in my area are so poorly trained.
Japan ending its nuclear program? Source?
I think he means Germany.
The CO2 emitted by burning wood is CO2 which was extracted from the atmosphere by the plant as it was growing, so it is carbon-neutral.
That's only true if you re-grow all the wood that you burn in some short period of time. The carbon in fossil fuels was also extracted from the atmosphere when the plants that produced it were growing, but we don't consider fossil fuels to be carbon-neutral because we're not recapturing the carbon from the atmosphere in any short period of time.
Nuclear power: only in Kenya!
I also believe that software patents are counter productive and slowing our progress.
A lot of Slashdotters believe this, but none are able to offer any evidence other than a gut feeling, and gut feelings won't convince Congress to amend the Patent Act. Do you have any evidence? Software has been patentable for about 30 years... How has our progress been slowed in that time, and where would we be now otherwise?
RFW
The landscape changed as soon as these bills were introduced in Congress. The question is, what do we do about it?
Corporate interests controlling voter behavior (vote our way or we'll break the Internet) is terrifying
You do realize that Congress is voting on whether to break the Internet, right?
Hmm. I wonder how accurate of a keylogger could be made with something like that...
Please stop capitalizing "atheists" and "agnostics"; They're common nouns. (Yes, I realize that you used "atheists" at the beginning of a sentence *this time*, but I bet you usually capitalize it no matter where it occurs, and even if you don't, others reading this do.)
Our wise Emperor is wise!
True but bitcoins are completely untraceable
Ok, so here's how Bitcoin works:
Bitcoins aren't really a thing you can have. Even the physical "bitcoins" you can buy aren't really coins. They're just private keys that are allowed to sign transactions on behalf of accounts that have a non-zero balance.
The only reason why people talk about Bitcoin as being untraceable is that anyone can create accounts, and there aren't necessarily names attached to accounts, but it would be too hard for authorities with warrants to catch you if they suspected you. The entire transaction history is still there, forever, for everyone to see!
To everyone here who writes comments like, "I think the GPL says such-and-such", just read the fucking thing. Seriously, it's not a hard document to understand.
Yes, DuckDuckGo uses Bing as back-end. Which kind of makes the usual slashdot "bing sucks ass" posts kind of funny,
I tried DuckDuckGo for about a month, but the results sucked ass. Now I know why. :)
Do they have pets, and you don't?
Something was seriously wrong with your system and it wasn't memory.
Well, Java and a Windows virtual machine or two will easily cause this. Of course, both qualify as "something seriously wrong" to me, so I don't disagree...