I don't know that the statement "the salt will always be known" is a valid one. The fact that it's different for each password is what makes it secure.
The statements "the salt will always be known" and "it's different for each password" aren't mutually exclusive. You can have a unique salt for each user / password and still always know the salt for each of those users.
Also, in the case of Wordpress, I imagine the only password an attacker would be interested in would be that of an admin. Presumably you wouldn't be trying to brute force every single users password on a Wordpress installation, anyway. Of course, then again, I'm not sure non-admins have a reason to have an account, anyway, since most Wordpress installs allow unauthenticated users to comment.
Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security.
Do you even know what a salted password is? Instead of brute forcing hash(password) you brute force hash(salt + password). Since the salt is always going to be known, brute forcing hash(salt + password) takes no more time then brute forcing hash(password). All it protects against are run-of-the-mill rainbow table attacks
Obfuscating banners only adds a trivial amount of work to determine the version a server is running.
I assume you're referring to the capability testing that the wordpress.org post mentioned? Tell me - did 2.8.4 even introduce new capabilities? If so, then, presumably, it should have been numbered 2.9.0 - not 2.8.4. And if they didn't add new capabilities, then capability testing wouldn't allow an attacker to figure out if you were running a vulnerable version or not, wordpress.org's comments notwithstanding.
I suppose you also think salted passwords are snake oil? Sure, they're not going to stop someone who's brute forcing on-the-fly, but it does make life more complicated for people using rainbow tables.
I only mention salted passwords because Wordpress uses them (see wp-includes/class-phpass.php).
TV networks generally have 15 minutes of commercials for every 45 minutes of programming and as loathsome as having that many commercials may be, I'd, personally, rather have that than have to pay $20.00 / month or whatever. And I don't see pirating as a viable alternative, either - however unjustified the penalties for copyright violation may be, the fact remains that if you get caught, you're liable to be fined several thousand dollars.
Most computers come with dial-up modems. Microsoft could use playing crippled files as an excuse to sell the Butterfly [userfriendly.org] to listeners.
just because most computers have dial-up modems doesn't mean that most people with dial-up modems are going to want to have to connect every time they want to play an audio CD.
or to another spin on this... should someone not be able to listen to an audio CD with headphones just because someone else is on the phone?
or what about someone using a laptop on a plane, in a car ride, or just outside, somewhere where they're not going to have an internet connection... should they not be able to listen to audio CD's?
or what about kids who have a computer, but whose parents won't let them get on the internet without their permission? do they now need permission just to play an audio CD?
make no mistake... having to connect to the internet to do something *is* an inconvience to some people, and i dislike the precidence this sets... i don't think we should have to inconvenience ourselves anymore than we already do for Microsoft.
for those of ya'll who are currious how transmeta's line of processors compares to ARM based processors, here's an interesting page which sorta demonstrates that:
last year at SXSW, a leakedcopy of Star Wars ep II was reviewed... this year, all we get is some streaming ogg vorbis!? ack! where the hell is the review the leaked matrix reloaded!? i mean, tsk, tsk, tsk... SXSW is really begining to disappoint me!
-- for news, visit slashdot.org
-- for community, visit us!
SanDisk has also apparently announced 512MB and 1GB SD cards at CeBIT, which you can read about here, and PDA France has some coverage of it, too, but... it's all in french, heh.
cdfreaks.com has been covering CeBIT for two days, now, and i have to say... there are some really neat stuff being shown at CeBIT!
Plextor is showing off a new 52x32x52x cd burner, a new DVD burner, and a new version of PlexTools, which apparnetly is due out in the US pretty soon, too! the new version of PlexTools has some pretty cool features, too, including the ability to password protect CD's, to burn 980mb on a 700mb cd (i don't really understand how this works, but oh well), and the ability to make plextor drivers more quiet? i dunno, but you can read about all this here
also, LiteOn is planning on releasing some new CD / DVD burners, as well as entering the standalone DVD player business. Nero is also showing off Nero 6, and an MPEG4 / AAC codec they have in development called Nero Digital. you can read about all this here
-- for new, visit slashdot.org...
-- for community, visit us!
actually, the Hauppage WinTV-PVR 250 can be had for $150 dollars, and it is, in a number of ways, superior to the Hauppage WinTV-PVR - for one, the WinTV-PVR doesn't have, and will never have WDM drivers, according to hauppage.
and while the WinTV-PVR's do have their problems, most of them are because of Hauppage's software... even for the PVR-250, you can get better software out there then what Hauppage uses.
personally, i think the best alternative to this would be a ReplayTV. for $400 dollars, you can have a receiver, tv interface, and timeshifting / recording up to 80 hours. the reason i say ReplayTV over TiVo is because the ReplayTV also has an ethernet port, with which you can transfer stuff to your computer, and burn it on CD / DVD, using software from sites such as this one
-- for news, visit slashdot.org...
-- for community, visit us
B) They already certify hardware, and qualify drivers. This is just another sticker vendors can put on the box to sell more units. (ever see "Designed for Windows 95" on anything you've owned?)
the point that he was trying to make is that Microsoft is going to be *choosing* what hardware will work with the OS.
as valid as the point was, i think it was a little misguided, though - for one, Microsoft already chooses, to some extenct, what hardware will work with the OS. not just any company can say that their hardware has been certified by Microsoft or carry the "Designed for Windows 95" logo - they have to pay to get that certification.
C) Windows update works. It'd be nice to use it to update games. And GameSpy can either compete or die, like any other company. They're basically just an IRC forum for peer to peer gaming.
Is that what Netscape and Sun should have done, also? Compete or die? If phone companies were to only allow their service on their lines, should other phone service providers just compete or die? I mean, just because Microsoft has a monopoly, for all essential purposes, over OS's, doesn't mean that they should have a monopoly over the whole of the computer, does it?
And I'm not worried in the least about the Microsoft 'boogerman' stealing through my innermost thoughts while I sleep and selling me out to foreign terrorists. Thats just slashbore jibber jabber.
slashbore jibber jabber would suggest that Microsoft sell our thoughts not to foreign terrorists, but rather to domestic thiefs:P
What can you buy with DivX? DVD's sure don't use DivX, and the only people who really use it are either pirates or enthusiasts, and according to the MPAA, enthusiats are pirates, too.
For all you who imagine that electronic shoplifting is somehow different than walking into a local shop and pocketing a DVD, here's the text of the fair use clause from the U.S. copyright law [copyright.gov]. You will notice that "wanting to see a movie prior to release" is not listed as an example of fair use.
Most people are well aware that downloading a movie is a violation of copyright laws. But does that make it right? Should it be a violation of copyright laws? I don't think so. And even if it were, I think the movie industry is being willfully beligerant if they try to "punish" anyone who downloads a copy of it, or any pre release version of a movie.
If someone cares enough about a movie to waste gigs and gigs of bandwidth to download a rather crappy cam version, and risk the wrath of New Line Cinema, in the process, then wouldn't it stand to reason that they would also be willing to spend the $7.50 it requires to see the movie in 8 channel SDDS surround sound, on a 50+ foot screen, in almost infinitly better quality? When you watch a movie on a little 17" computer monitor, you don't come any where close to experiencing the movie, as you do in a movie theatre.
Besides, if you have so much money that a broadband connection isn't going to put any sort of financial burden on you, then why wouldn't you buy a ticket, or multiple tickets?
And have we forgotten Spider-Man, yet? A camcorder version of that was released two weeks before the actual movie came out. Did that hurt sales? No. Spider-Man still pulled in record breaking ammounts of money. I mean, what were they expecting?
Simply put, pre release copies of movies are not hurting the movie industry at all. And if they're going to "punish" everyone who downloads them, then they are going to end up shooting themselves in the foot...
Actually, I was refering to DVD-R's, but...
there are double-sided double layer discs, as this "advertisement" of sorts, sorta shows. I also think they only had the DVD be double sided for the first few DVD's of this, because I have this set, and it's on two seperate DVD's - not one two sided DVD.
I think the main reason for this is simply that double sided discs don't sell. No one likes them, and so only the early DVD's had them, or the newer, really cheaply made DVD's (ala Babylon 5). In order to sell more copies, I bet the people behind the T2 DVD redid it.
Of course, for burnable CD's, this drive could help make a come back!:)
What would go along well with this is double sided CD-R disks. I've always wondered why they aren't around. Have one side completely free to write these pretty graphics, text, warez keys, and the other side for the data or music.
they're called coasters:p both sides are equally useless.
then what about double sided DVD's? Though I can't find any major retailer selling them right now, I have seen them. And, if you want more proof that they exist, why do you think they always make a distinction for "single sided dvd's"? go take a look on amazon.com for dvd-r's - every listing i saw also said they were single sided. now why say that if they could only be single sided?
of course, for all i know, double sided dvd's might be twice as thick, but... they do exist, and if they exist, why can't double sided cd-r's?
now, not only with CloneCD can you make identitical copies of the data on the Windows XP CD's - you can make almost identitical copies of the cover with this Sony drive! All they have to do, now, is make double sided CD-R's.
the only people whom i think have a right to hack are the true hackers. they can keep it for themselves, and beat the game, or release it, and gain the "prestigue" from the underground community for it. if they release it, and the script kiddies get a hold of it, then a work around will be made such that the hack doesn't work. simple as that. you can't have both, and script kiddies sure can't get something for nothing, 'cause abusing the hack sure does cost them something.
Game companies are looking to subscription fees from online players as a major source of recurring revenue in the near future, with leading games publisher Electronic Arts predicting that 400,000 subscribers will be paying about $15 a month for "The Sims Online" by the end of its current fiscal year.
i would sure hate to loose battle.net. the freedom of battle.net is the reason games like StarCraft and Diablo have lasted as long as they have! I mean, sure, it may cost money to run the servers, and all, but they could get more sales of the actual product if you didn't have to pay, and if people just stopped playing, they could release *gasp* a new version!
I also wonder why MPEG-4 is ".mp4". ".mp3" isn't for MPEG-3, after all.
this is nothing new. The people over at DivXNetworks have been using the mp4 extionsion for mpeg-4 for just about as long as they've been around. it has less restrictions than the avi file format does.
I just wonder if they are as "ISO compliant" as Apple's gonna be, heh.
A "CAM" recording has lousy quality to begin with, but the original file size is still going to be very large, several Gigabytes at a minimum. In order to reduce the file size, in order to make downloading easier, the file will be compressed, almost certainly with a "lossy compression" scheme. Lossy compression means that some of the data in the original is thrown out; the scheme "loses" some of the data. While this makes for a smaller file, it also means that the file has been degraded in quality as well.
someone forgot to tell him that MPEG2 (the format which DVD's use) is a lossy format, also. Just as MPEG4 (aka DivX). However, most people consider DVD's to be of a better quality than VHS tapes. As for compressing something that would normally take gigabytes into something that can fit on a CD reducing quality... sure, but it's not like it really matters, anyway. It's not like _we_ would be able to see any difference, if it was a quality encoding. Now, if it _is_ dectable, chances are you're just playing it at a higher resolution than it was intended for. If you want to make a DVD look crappy, try to play it on a 50' screen, or maybe just zoom in with your DVD player. Now I'm not saying that the quality can't be degradded, just that it usually isn't, and if it is, it doesn't get distrubuted enough to make much of a difference either way.
Anyway's, I agree what the author is trying to do, but... the only reason the MPAA gets away with twisting the facts is because they have some level of pre established credibility.
The MPAA's using a broken law that assumes that anything that can go wrong will go wrong. It's ironic that it sounds so much like zero tolerance - anything that can be used as a weapon will be used as a weapon...
heh. this is kinda short notice!
anyway's, i suppose i'll have to go and find that old vhs player. the only reason i even kept it was because of another cult phenmominan - Star Wars...
someday slashdot.org will have to stop posting reviews of every new computer like this - i mean, as the article said, small form factor machines ARE becomming more popular!
Slashdot Mirror
The statements "the salt will always be known" and "it's different for each password" aren't mutually exclusive. You can have a unique salt for each user / password and still always know the salt for each of those users.
Also, in the case of Wordpress, I imagine the only password an attacker would be interested in would be that of an admin. Presumably you wouldn't be trying to brute force every single users password on a Wordpress installation, anyway. Of course, then again, I'm not sure non-admins have a reason to have an account, anyway, since most Wordpress installs allow unauthenticated users to comment.
Salted passwords have nothing to do with what essentially is the same thing as obfuscating banners on web or mail servers. Salted passwords significantly improve security.
Do you even know what a salted password is? Instead of brute forcing hash(password) you brute force hash(salt + password). Since the salt is always going to be known, brute forcing hash(salt + password) takes no more time then brute forcing hash(password). All it protects against are run-of-the-mill rainbow table attacks
Obfuscating banners only adds a trivial amount of work to determine the version a server is running.
I assume you're referring to the capability testing that the wordpress.org post mentioned? Tell me - did 2.8.4 even introduce new capabilities? If so, then, presumably, it should have been numbered 2.9.0 - not 2.8.4. And if they didn't add new capabilities, then capability testing wouldn't allow an attacker to figure out if you were running a vulnerable version or not, wordpress.org's comments notwithstanding.
I suppose you also think salted passwords are snake oil? Sure, they're not going to stop someone who's brute forcing on-the-fly, but it does make life more complicated for people using rainbow tables.
I only mention salted passwords because Wordpress uses them (see wp-includes/class-phpass.php).
TV networks generally have 15 minutes of commercials for every 45 minutes of programming and as loathsome as having that many commercials may be, I'd, personally, rather have that than have to pay $20.00 / month or whatever. And I don't see pirating as a viable alternative, either - however unjustified the penalties for copyright violation may be, the fact remains that if you get caught, you're liable to be fined several thousand dollars.
just because most computers have dial-up modems doesn't mean that most people with dial-up modems are going to want to have to connect every time they want to play an audio CD.
or to another spin on this... should someone not be able to listen to an audio CD with headphones just because someone else is on the phone?
or what about someone using a laptop on a plane, in a car ride, or just outside, somewhere where they're not going to have an internet connection... should they not be able to listen to audio CD's?
or what about kids who have a computer, but whose parents won't let them get on the internet without their permission? do they now need permission just to play an audio CD?
make no mistake... having to connect to the internet to do something *is* an inconvience to some people, and i dislike the precidence this sets... i don't think we should have to inconvenience ourselves anymore than we already do for Microsoft.
http://www.duke.edu/~kaf3/lowpower/slide28.html
-- for news, visit slashdot.org
-- for community, visit us!
SanDisk has also apparently announced 512MB and 1GB SD cards at CeBIT, which you can read about here, and PDA France has some coverage of it, too, but... it's all in french, heh.
Plextor is showing off a new 52x32x52x cd burner, a new DVD burner, and a new version of PlexTools, which apparnetly is due out in the US pretty soon, too! the new version of PlexTools has some pretty cool features, too, including the ability to password protect CD's, to burn 980mb on a 700mb cd (i don't really understand how this works, but oh well), and the ability to make plextor drivers more quiet? i dunno, but you can read about all this here
also, LiteOn is planning on releasing some new CD / DVD burners, as well as entering the standalone DVD player business. Nero is also showing off Nero 6, and an MPEG4 / AAC codec they have in development called Nero Digital. you can read about all this here
-- for new, visit slashdot.org...
-- for community, visit us!
and while the WinTV-PVR's do have their problems, most of them are because of Hauppage's software... even for the PVR-250, you can get better software out there then what Hauppage uses.
for example, you can get SageTV.
personally, i think the best alternative to this would be a ReplayTV. for $400 dollars, you can have a receiver, tv interface, and timeshifting / recording up to 80 hours. the reason i say ReplayTV over TiVo is because the ReplayTV also has an ethernet port, with which you can transfer stuff to your computer, and burn it on CD / DVD, using software from sites such as this one
-- for news, visit slashdot.org...
-- for community, visit us
the point that he was trying to make is that Microsoft is going to be *choosing* what hardware will work with the OS.
as valid as the point was, i think it was a little misguided, though - for one, Microsoft already chooses, to some extenct, what hardware will work with the OS. not just any company can say that their hardware has been certified by Microsoft or carry the "Designed for Windows 95" logo - they have to pay to get that certification.
C) Windows update works. It'd be nice to use it to update games. And GameSpy can either compete or die, like any other company. They're basically just an IRC forum for peer to peer gaming.
Is that what Netscape and Sun should have done, also? Compete or die? If phone companies were to only allow their service on their lines, should other phone service providers just compete or die? I mean, just because Microsoft has a monopoly, for all essential purposes, over OS's, doesn't mean that they should have a monopoly over the whole of the computer, does it?
And I'm not worried in the least about the Microsoft 'boogerman' stealing through my innermost thoughts while I sleep and selling me out to foreign terrorists. Thats just slashbore jibber jabber.
slashbore jibber jabber would suggest that Microsoft sell our thoughts not to foreign terrorists, but rather to domestic thiefs :P
http://www.frostjedi.com/phpbb
http://www.palmos.com/dev/tools/simulator/
What can you buy with DivX? DVD's sure don't use DivX, and the only people who really use it are either pirates or enthusiasts, and according to the MPAA, enthusiats are pirates, too.
For all you who imagine that electronic shoplifting is somehow different than walking into a local shop and pocketing a DVD, here's the text of the fair use clause from the U.S. copyright law [copyright.gov]. You will notice that "wanting to see a movie prior to release" is not listed as an example of fair use. Most people are well aware that downloading a movie is a violation of copyright laws. But does that make it right? Should it be a violation of copyright laws? I don't think so. And even if it were, I think the movie industry is being willfully beligerant if they try to "punish" anyone who downloads a copy of it, or any pre release version of a movie. If someone cares enough about a movie to waste gigs and gigs of bandwidth to download a rather crappy cam version, and risk the wrath of New Line Cinema, in the process, then wouldn't it stand to reason that they would also be willing to spend the $7.50 it requires to see the movie in 8 channel SDDS surround sound, on a 50+ foot screen, in almost infinitly better quality? When you watch a movie on a little 17" computer monitor, you don't come any where close to experiencing the movie, as you do in a movie theatre. Besides, if you have so much money that a broadband connection isn't going to put any sort of financial burden on you, then why wouldn't you buy a ticket, or multiple tickets? And have we forgotten Spider-Man, yet? A camcorder version of that was released two weeks before the actual movie came out. Did that hurt sales? No. Spider-Man still pulled in record breaking ammounts of money. I mean, what were they expecting? Simply put, pre release copies of movies are not hurting the movie industry at all. And if they're going to "punish" everyone who downloads them, then they are going to end up shooting themselves in the foot...
...or what about black CD's?
Actually, I was refering to DVD-R's, but... there are double-sided double layer discs, as this "advertisement" of sorts, sorta shows. I also think they only had the DVD be double sided for the first few DVD's of this, because I have this set, and it's on two seperate DVD's - not one two sided DVD. I think the main reason for this is simply that double sided discs don't sell. No one likes them, and so only the early DVD's had them, or the newer, really cheaply made DVD's (ala Babylon 5). In order to sell more copies, I bet the people behind the T2 DVD redid it. Of course, for burnable CD's, this drive could help make a come back! :)
they're called coasters :p both sides are equally useless.
of course, for all i know, double sided dvd's might be twice as thick, but... they do exist, and if they exist, why can't double sided cd-r's?
now, not only with CloneCD can you make identitical copies of the data on the Windows XP CD's - you can make almost identitical copies of the cover with this Sony drive! All they have to do, now, is make double sided CD-R's.
I guess IBM's just trying to secure the last of _their_ patents before everything they do becomes the property of Hitachi...
Game companies are looking to subscription fees from online players as a major source of recurring revenue in the near future, with leading games publisher Electronic Arts predicting that 400,000 subscribers will be paying about $15 a month for "The Sims Online" by the end of its current fiscal year.
i would sure hate to loose battle.net. the freedom of battle.net is the reason games like StarCraft and Diablo have lasted as long as they have! I mean, sure, it may cost money to run the servers, and all, but they could get more sales of the actual product if you didn't have to pay, and if people just stopped playing, they could release *gasp* a new version!
I also wonder why MPEG-4 is ".mp4". ".mp3" isn't for MPEG-3, after all.
this is nothing new. The people over at DivXNetworks have been using the mp4 extionsion for mpeg-4 for just about as long as they've been around. it has less restrictions than the avi file format does.
I just wonder if they are as "ISO compliant" as Apple's gonna be, heh.
someone forgot to tell him that MPEG2 (the format which DVD's use) is a lossy format, also. Just as MPEG4 (aka DivX). However, most people consider DVD's to be of a better quality than VHS tapes. As for compressing something that would normally take gigabytes into something that can fit on a CD reducing quality... sure, but it's not like it really matters, anyway. It's not like _we_ would be able to see any difference, if it was a quality encoding. Now, if it _is_ dectable, chances are you're just playing it at a higher resolution than it was intended for. If you want to make a DVD look crappy, try to play it on a 50' screen, or maybe just zoom in with your DVD player. Now I'm not saying that the quality can't be degradded, just that it usually isn't, and if it is, it doesn't get distrubuted enough to make much of a difference either way.
Anyway's, I agree what the author is trying to do, but... the only reason the MPAA gets away with twisting the facts is because they have some level of pre established credibility.
The MPAA's using a broken law that assumes that anything that can go wrong will go wrong. It's ironic that it sounds so much like zero tolerance - anything that can be used as a weapon will be used as a weapon...
heh. this is kinda short notice!
anyway's, i suppose i'll have to go and find that old vhs player. the only reason i even kept it was because of another cult phenmominan - Star Wars...
someday slashdot.org will have to stop posting reviews of every new computer like this - i mean, as the article said, small form factor machines ARE becomming more popular!