I'm sorry, but even if the hash seems hard to any human being, the way it was generated doesn't use enough entropy. Using the website fqdn or whatever combination reduces significantly the entropy, coupled with your master password in a predictable way and then generating the hash isn't sufficient at my humble opinion to say this is a secure way to generate a password. In particular, if someone has access to the resulting hash for many different sites. The result must be predictable, hence, the combination of the orignal factors cannot change.
I know about a bank that forces you to pick a password starting with three digits numbers, then you can use letters. This is one of the most idiotic security rule I have every seen. First of all, it reduces the entropy significantly and second it forces many people to write down their passwords because they cannot remember them because of the three digits number rule. Or they pick the three digits from their birthdate, street number, phone number or something like that.
However, after three wrong trials, your account is locked and you have to go to your branch to get a fresh new password printed on a sheet of paper.
And for an unknown reason, you have to go to your branch, you cannot go at any branch or even head office. On another hand, you can get the password over phone.
I don't know who is the chief security officier, but I want his job.
And the biometrics data hasn't have to be saved in clear anywhere, it can just be encrypted with a one-way crypto algorithm with the key to encrypt stored in the TPM. Then, the device collects the biometrics data, encrypt it with the key in the TPM and compare the resulting signature with the stored encrypted signature. If they match, you are the right guy, if not you are not authorized. Nobody can steal you biometrics data unless they temper with the hardware and introduce an hardware trojan horse. Getting the crypted data will not leak any useful information since it is equivalent to a very long password with very high entropy. A brute force method would take thousands years to crack it. And getting the key will not help since it is a one-way algorithm and the key is useless to decrypt.
Fortunately, for that purpose, we have Pol Pot, Staline, Mao, Leopold II of Belgium, Ismail Enver, Kim Il Sung and few others. It is about time racism cease, Germans are not the only one who have perform massive killings in the 20th century.
It is not event an example of IoT. The wallet doesn't connect to the internet, it sends a signal to a smartphone app and the smartphone app starts crying when it no longer recevies the signal. Kind of Tamagochi. At no point internet is involved. So, why the OP talked about IoT in first place? Did he lost his mind? That's why he connected his brain on the internet so that/. can alert him he lost his mind?
There is less death due to the nuclear power industry and operation than any other power generation industry. Still uninformed comment marked insightful while it is just propaganda.
Nuclear power is less expensive than wind farms, solar panel fields and large hydro-electricity projects. Coal, natural gas and oil are less expensive and they are the main reason why the nuclear power industry is struggling these days. You obviously don't know anything about the electricity industry in the world. It is a shame people marked your comment as insightful while it is not.
False statement. Security and features are not mutually exclusive. Even though in the head of many security guys they are just looking forward to block features they haven't yet found how to make secure.
Having written the on-line banking communication protocol of a bank back in 1995 I can assure you they were not taking security seriously. I explicitly asked about requirements for encryption and they had none. They didn't want to bother with encryption because the infrastructure was running on dialup lines connected directly to their infrastructure and they wanted to be the first bank to make on-line banking available to its customers. At this time, the internet was in its infancy, hence the choice for the dialup infrastructure, and everyone was subscribing dialup lines for the Internet access DSL and cable-modem was still waiting to be invented. It was even Windows 3 and OS/2.
Why people are actually buying penis enlargement pumps? You will always find enough idiots in this world to make anyone rich, it is just a matter of reach enough of them which the web excels at.
You are about right. Considering there is actually many jobs even higher paid than tech and programmers' jobs, then why this exact rational from TFA hasn't yet been applied to these jobs since the savings will be much greater? Many diagnostics and prescriptions from omnipraticians doctors could be replaced by automated systems with higher success rate and lower error rate in prescriptions and much lower price than the average or even expert doctor these days. These doctors essentially measure a small amount of physical characteristics, pulse, blood pressure, temperature and ask few questions to finally reach a diagnostic. This can be automated for the vast majority of common diseases. And when the application cannot reach a diagnostic because the case is too complex it could even ask for more information, blood analysis, CT-scan, bacteriological culture, etc. Which a nurse can take a sample as required of the tissus needed or the blood sample to be sent to a lab for analysis and the results being returned back to the automated system for further analysis. If at the end, the program cannot reach a diagnostic with a high probability, then the case can be refered to human doctors and probably to a panel of experts because at this point it is very likely the regular average doctor will not be able to do better.
Economics isn't pseudoscience. Would you say sociology, psychology,etc are not science just because your narrow definition of science is exact science, those fields like physics, chemistry and mathematics which are leading to one single unambiguous answer? As soon as humans are involved the complexity is many magnitudes of order higher than the most complex physics theory, hence the results cannot lead to a single and well defined answer. Economics is about humans and humans' behavior. Even meteorology and climatology which are base on science first principles and formalized mathematics models are failing to predict the future and you are not rejecting them as scientific fields. Why do you expect a science dealing with a much more complex organism than fluid dynamics to lead to exact results?
Are you kidding? The government is getting half my pay each year and they do not leverage anything. They are employing a lot of people which have almost zero incentive to improve anything. Whatever happen, they will get paid and they will get their retirement allowance and pension which is above what most people in private sector can dream to have when time of retirement will come. The inefficiencies of the governments are costing manifold the profit CEOs and shareholders are pumping from the private ventures. You are living on another planet.
Wait, these guys have a technology and can afford the expense of sending a ship many lights years away to harvest live stock here? That is an utterly ridiculous question indeed. Why would you spend all this effort just to harvest some f... humans?
I must specify for clarity that these laptops and their NVidia chips were not doing overclocking at all. Just bad chip design and overheating melting the soldering.
NVidia was even hammered when they released a chip on HP and Lenovo Thinkpads that was overheating and resulted in a significant reduction of the lifetime of the laptop and never took responsability for it. So, this is half bullshit since NVidia never replaced all the chips and never paid the cost of replacement to HP and Lenovo for selling these chips to them. The customers did complain to HP and Lenovo, and only a bunch of them got a replacement. They used the serial number and expiration date of the warranty to design their replacement policy in order to minimize their costs and took the risk of having a few disatisfied customers, those knowing the chip was the problem for their laptops stopping to work after the warranty has expired. They saved a load of money this way.
Should we try to teach everyone their mother tongue? Should we try to teach everyone history? Should we try to teach everyone mathematics, economics, physics, litterature, arts, poetry and so on?
Of course we should. Learning about history doesn't make everyone an historian and everyone doesn't pretend to be one neither. So, what is the problem with coding? It doesn't mean you want to turn everyone into a professional programmer.
A smart home needing a smart phone to be controlled isn't smart in first place. This is obviously marketing BS and abuse of terminology. It is a remote controlled home and in no case it can be considered smart. You are right to point out what would make the home smart. A smart home will adjust itself to the needs of the people living in it without requiring their intervention or with minimal intervention. In first place, it implies reliable parts, hardware and software.
The Jetson's syndrom has made marketeers to exploit the smart label to call smart what isn't.
Did you read the article? Or even the summary? Or you are another one of these writing comments just because they can? It is free electricity for the POORERS GREEKS not for everyone. Hence, it is equivalent to food stamps or other kind of charity for the poors. Nothing particularily socialist here.
Slashdot Mirror
I'm sorry, but even if the hash seems hard to any human being, the way it was generated doesn't use enough entropy. Using the website fqdn or whatever combination reduces significantly the entropy, coupled with your master password in a predictable way and then generating the hash isn't sufficient at my humble opinion to say this is a secure way to generate a password. In particular, if someone has access to the resulting hash for many different sites. The result must be predictable, hence, the combination of the orignal factors cannot change.
This isn't better than a long passphrase.
I know about a bank that forces you to pick a password starting with three digits numbers, then you can use letters. This is one of the most idiotic security rule I have every seen. First of all, it reduces the entropy significantly and second it forces many people to write down their passwords because they cannot remember them because of the three digits number rule. Or they pick the three digits from their birthdate, street number, phone number or something like that.
However, after three wrong trials, your account is locked and you have to go to your branch to get a fresh new password printed on a sheet of paper.
And for an unknown reason, you have to go to your branch, you cannot go at any branch or even head office. On another hand, you can get the password over phone.
I don't know who is the chief security officier, but I want his job.
And the biometrics data hasn't have to be saved in clear anywhere, it can just be encrypted with a one-way crypto algorithm with the key to encrypt stored in the TPM. Then, the device collects the biometrics data, encrypt it with the key in the TPM and compare the resulting signature with the stored encrypted signature. If they match, you are the right guy, if not you are not authorized. Nobody can steal you biometrics data unless they temper with the hardware and introduce an hardware trojan horse. Getting the crypted data will not leak any useful information since it is equivalent to a very long password with very high entropy. A brute force method would take thousands years to crack it. And getting the key will not help since it is a one-way algorithm and the key is useless to decrypt.
Perhaps you are sarcasm-proof.
Fortunately, for that purpose, we have Pol Pot, Staline, Mao, Leopold II of Belgium, Ismail Enver, Kim Il Sung and few others. It is about time racism cease, Germans are not the only one who have perform massive killings in the 20th century.
Maybe you should stop believing the headlines and think for yourself about what is discussed in TFA. Did you read if, btw?
It is not event an example of IoT. The wallet doesn't connect to the internet, it sends a signal to a smartphone app and the smartphone app starts crying when it no longer recevies the signal. Kind of Tamagochi. At no point internet is involved. So, why the OP talked about IoT in first place? Did he lost his mind? That's why he connected his brain on the internet so that /. can alert him he lost his mind?
There is less death due to the nuclear power industry and operation than any other power generation industry. Still uninformed comment marked insightful while it is just propaganda.
Nuclear power is less expensive than wind farms, solar panel fields and large hydro-electricity projects. Coal, natural gas and oil are less expensive and they are the main reason why the nuclear power industry is struggling these days. You obviously don't know anything about the electricity industry in the world. It is a shame people marked your comment as insightful while it is not.
False statement. Security and features are not mutually exclusive. Even though in the head of many security guys they are just looking forward to block features they haven't yet found how to make secure.
Having written the on-line banking communication protocol of a bank back in 1995 I can assure you they were not taking security seriously. I explicitly asked about requirements for encryption and they had none. They didn't want to bother with encryption because the infrastructure was running on dialup lines connected directly to their infrastructure and they wanted to be the first bank to make on-line banking available to its customers. At this time, the internet was in its infancy, hence the choice for the dialup infrastructure, and everyone was subscribing dialup lines for the Internet access DSL and cable-modem was still waiting to be invented. It was even Windows 3 and OS/2.
Why people are actually buying penis enlargement pumps? You will always find enough idiots in this world to make anyone rich, it is just a matter of reach enough of them which the web excels at.
1000 years before Intel, the advertising slogan "Monk inside!" was invented.
You are about right. Considering there is actually many jobs even higher paid than tech and programmers' jobs, then why this exact rational from TFA hasn't yet been applied to these jobs since the savings will be much greater? Many diagnostics and prescriptions from omnipraticians doctors could be replaced by automated systems with higher success rate and lower error rate in prescriptions and much lower price than the average or even expert doctor these days. These doctors essentially measure a small amount of physical characteristics, pulse, blood pressure, temperature and ask few questions to finally reach a diagnostic. This can be automated for the vast majority of common diseases. And when the application cannot reach a diagnostic because the case is too complex it could even ask for more information, blood analysis, CT-scan, bacteriological culture, etc. Which a nurse can take a sample as required of the tissus needed or the blood sample to be sent to a lab for analysis and the results being returned back to the automated system for further analysis. If at the end, the program cannot reach a diagnostic with a high probability, then the case can be refered to human doctors and probably to a panel of experts because at this point it is very likely the regular average doctor will not be able to do better.
Economics isn't pseudoscience. Would you say sociology, psychology,etc are not science just because your narrow definition of science is exact science, those fields like physics, chemistry and mathematics which are leading to one single unambiguous answer? As soon as humans are involved the complexity is many magnitudes of order higher than the most complex physics theory, hence the results cannot lead to a single and well defined answer. Economics is about humans and humans' behavior. Even meteorology and climatology which are base on science first principles and formalized mathematics models are failing to predict the future and you are not rejecting them as scientific fields. Why do you expect a science dealing with a much more complex organism than fluid dynamics to lead to exact results?
Are you kidding? The government is getting half my pay each year and they do not leverage anything. They are employing a lot of people which have almost zero incentive to improve anything. Whatever happen, they will get paid and they will get their retirement allowance and pension which is above what most people in private sector can dream to have when time of retirement will come. The inefficiencies of the governments are costing manifold the profit CEOs and shareholders are pumping from the private ventures. You are living on another planet.
Wait, these guys have a technology and can afford the expense of sending a ship many lights years away to harvest live stock here? That is an utterly ridiculous question indeed. Why would you spend all this effort just to harvest some f... humans?
That's what Moses said when he splitted the Red Sea apart.
Don't talk physics with them, this is religious beliefs. There is no ground for rational discussion.
I must specify for clarity that these laptops and their NVidia chips were not doing overclocking at all. Just bad chip design and overheating melting the soldering.
NVidia was even hammered when they released a chip on HP and Lenovo Thinkpads that was overheating and resulted in a significant reduction of the lifetime of the laptop and never took responsability for it. So, this is half bullshit since NVidia never replaced all the chips and never paid the cost of replacement to HP and Lenovo for selling these chips to them. The customers did complain to HP and Lenovo, and only a bunch of them got a replacement. They used the serial number and expiration date of the warranty to design their replacement policy in order to minimize their costs and took the risk of having a few disatisfied customers, those knowing the chip was the problem for their laptops stopping to work after the warranty has expired. They saved a load of money this way.
... stupid questions to make their way to /.?
What do you expect from such a discussion?
Should we try to teach everyone their mother tongue? Should we try to teach everyone history? Should we try to teach everyone mathematics, economics, physics, litterature, arts, poetry and so on?
Of course we should. Learning about history doesn't make everyone an historian and everyone doesn't pretend to be one neither. So, what is the problem with coding? It doesn't mean you want to turn everyone into a professional programmer.
A smart home needing a smart phone to be controlled isn't smart in first place. This is obviously marketing BS and abuse of terminology. It is a remote controlled home and in no case it can be considered smart. You are right to point out what would make the home smart. A smart home will adjust itself to the needs of the people living in it without requiring their intervention or with minimal intervention. In first place, it implies reliable parts, hardware and software.
The Jetson's syndrom has made marketeers to exploit the smart label to call smart what isn't.
Everyone is, aren't you?
Did you read the article? Or even the summary? Or you are another one of these writing comments just because they can? It is free electricity for the POORERS GREEKS not for everyone. Hence, it is equivalent to food stamps or other kind of charity for the poors. Nothing particularily socialist here.