As another reply commented, SHA1 is not "perfectly strong". And yes, salting is an easy assist to hash security. And yes, strong passwords have value, the problem is the human cost. Don't you evaluate user costs?
Unprofessionalism (in IT and elsewhere) transfers costs from the incompetent to users/customers. Of course some costs have to be transferred. But they have a cost-benefit including user costs. Even competent management [rare] will have trouble catching mistransfers because the diffuse user community is "each only slightly inconvenienced" and may not complain (inertia hurdle). Yet in aggregate, the loss is substantial.
The predictable whining (and obligatory xkcd rebut) will be to make passwds "stronger", because open hashes or fast guessing is acceptable provider security.
I call BS! More "blaming the victim". Any secadmin/netadmin who has hashes available or allows unthrottled passwd guessing is INCOMPETANT. Staff are paid for professional-level knowledge so users do not need to be concerned.
The work itself is very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.
Practical security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.
My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.
Very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.
Actual security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.
My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.
Hoo boy, where to start? First some disclosure -- I have both a 20-something son and daughter. Both have suffered heartaches much as I did. Neither has an easy time of it.
TFA makes the major assumption that things are worse now than earlier. I would like some proof. Yes, marriage and childbirth are being delayed, but I'm far from convinced this is a bad thing. Child rearing has been improved and battery reduced.
Second, this is all been laid at the feet of the young men. Yes, our species does seem to both require activity from the males and passivity from the females. But society has become much more complex, with many more choices in activities. SSmall wonder young men don't get it right. I have to remind my daughter that her beaux cannot read her mind, and need appropriate signs of encouragement. N ot things she thinks are encouragement, but things _they_ will interpret as such.
Finally, if it actually is that things are worse, why should it be that vidgames/pr0n are to blame? Handy whipping boi's? This gets into the vent or foment debate. But sidestepping it, consider something else: half of all young people grew up in split/divorced households. Might this not make them more than a bit leery ? The staggaring increase in divorce 1970-1990 is squarely on my generation's shoulders.
I still think we have not the foggiest clue of what technological contraception does to a society long-term. It changes attitudes towards children and many other things. We are still discovering, and won't even approach normality for another 100+ years.
Nice, but these are only ~0.4 M$/y which looks like 2x overtime even while sleeping, totalling 10x salary.
Canada/UK/oz/... rely _very_ heavily on the Crown (civil servants) and even company officers in general doing the "Right Thing", and being very embarrassed otherwise. Unfortunately, this has been eroded by US movies/TV.
US/state/corp officials derive their power from election, and are otherwise devoid of civic duty. So they need hard slaps from courts.
Good luck to him -- even if he waits longer to get a jury trial, the judge will still set damages and cannot assess anything resembling punative damages under Canadian law. At most he will get actual, proveable damages, two years salary (should try for overtime:). And might actually get costs awarded against him if he rejects a higher "paid-into-court" settlement offer.
Just look at the current bete-noir -- Jaime Dimon of JPMorgan/Chase who was too puffed up with himself to see the London Whale lose 2B$. And he's not even taking the fall...
Look, I despise MSFT just as much as the next/.r , but fair-is-fair: Ballmer is not _quite_that_ bad; the whole MSFT business model is terrible, just like the RIAA -- you can milk the back-catalog forever, but it will not give you anything resembling growth.
Ballmer is getting a bad rap mostly in comparison to Steve Jobs (RIP) who revitalized an Apple suffering the same rot with new (for them) and attractive products.
That, or Forbes editors cannot pull a filler back-story when real news makes it laughable. Slow@$$es
Any sort of selection or filtration system is going to have TWO very different forms of error: false negatives and false positives. Missed badguys and caught goodguys. Most of the testing is done to reduce false negatives, so that you're not embarrassed by a glaring badguy getting though. As a result, lots of false positives are generated because they are less unacceptable. Do not expect rationality from censors -- that is not their objective.
The real customer's objective is to minimize the total cost both of false negatives and false positives. It doesn't help until people realise the [often high] cost of a false positive -- a large sales order that was missed & lost by a spam filter.
Some areas like police, do not have any notion of a false positive -- "It's all good -- they needed a warning".
... TFA begs the question -- why do we consider any icons make sense? Aren't they just abandoning the invention of the alphabet and reverting to earlier pictographs?
The Square D Surgebreaker plus is a SDSB1175C. The "cheepie" I have is an SDSA1175. Not quite as fancy -- no cable/telco & lighter specs, 36kA vs 80 kA. At worst, 1/2 as powerful. YMMV.
I agree many surges come in across telco/cable. I lost 3 POTS modems in 18 months until I fixed the telco NID ground. None after. I mentioned this in my GP post, and both telco & cable NID boxes have some surge protection, but it will be useless if the box isn't properly grounded.
Sorry, I'm just not convinced -- sure, the Surgebreaker _might_ (need to read specs) offer some additional protection, but nothing stops everything. I think the additional $200 is unlikely to pay off -- "Golden Ears".
Not too worried about local power strip devices -- the AC certainly is on separate circuits, and the fridge is most likely to be. If they generate any surges (unlikely), they have to feed it to the panel where the whole-house MOVs will ground it out.
Whole-house surge protectors run $40-60 at Lowes and Home Depot (Siemans/SquareD), but you're best to get an electrician to install them because they need to be installed in the breaker box. One type is a double-breaker and clamps into the A & B busses with a wire to ground. The other has three wires to the same places.
IMHO whole-house is _much_ better than power-strip MOVs because of the reduced impedence to ground -- the rod is near the box. Also, check your ground rod and upgrade clamps -- they often deteriorate (loosen or corrode).
Make sure phone & cable TV entrances are also grounded, preferably to the same stake. If they are on opposite sides of [old] houses, you are going to occasionally fry equipment from nearby lightening strikes due to transient ground potential difference.
[cyber]stalking is not about using illegal means to gather information. It is about using otherwise legal information in a threatening or intimidating way. The key is the _threat_, not otherwise easily classified as assault or blackmail. That is why it is a new and controversial offense.
Of course, Phazbuch makes it ever so much worse by default privacy settings that help them build a network and show off a product at the risk of user privacy. MS does the same.
I don't know what qualifies as cyberstalking under 'stralian law, but this looks like it might qualify. I don't know any law that limits cyberstalking to just one target. Digging out an employer is quite an intrusion, obviously intended to intimidate.
Of course there will be some Parlimentary Privilige, but I believe that applies only to comment on the floor, not elsewhere.
Science is not politics or military action, both of whom require proponderences in numbers and quality. Science is about discovering underlying truth, quite irrespective of who believes what or how well they speak.
This is why the Climategate email scandal is an irrelevant distraction. It might mean something about the credibility of the individuals invovled, but science is supposed to be testable, so personalities are irrelevant. The climate does not care about emails much -- just from the slight additional power generation, somewhat less than for JanetJacksons nip-slip.
It is very odd (&revealing?) the NYT doesn't know better.
Vertical is definitely better for only a few units. Instead of hanging from horizontal faceplates, they can also be hung flat against the wall with faceplates vertical for easier access to the back connectors. Consumer-grade switches, routers, etc can also be tacked to the plywood.
Precisely. And this is very d@mning of CEOs, who ought to value diverse opinions and strong characters. A good CEO will want people who keep her from scr3wing up, not people who will help him down a known dead-end.
So many CEOs don't like CIOs? And resort to namecalling? They reveal themselves...
Such CEOs are very arrogant and resentful of any nay-sayers. Even when the objections are based on physics or established computing capabilities.
The problem is such CEOs have gotten to where they are by pushing people around, and believe physics can be similarly pushed. Sorry, but it won't even notice.
The very limitations of FORTRAN control flow, especially around DO - loops are things that make vectorization easier which keeps FORTRAN very viable for numeric processing.
The person identified will be the service subscriber, and by recording IPs are identifiable without access to DHCP logs, potentially long afterwards. This might not be enough for a criminal conviction, but will be damning in the court of public opinion and more than sufficient for extra-legal enforcement (Gitmo).
You've never heard of bait'n'switch? Get you lusting after a/48 and all hot-to-go, then get a/72 or less? Tell me -- if you were Big Sis and wanted to clamp down on the Internet, what would you do? Do you think Crisco and other router mfrs are gonna complain with more routing bits?
Of course you control your machines. But why would an ISP be so generous as to give you a/60 ? Most people won't need it and won't know what to do. More likely they will keep the bits for themselves (routing) and may be required by telecoms police to use some for userid.
More likely you will get a/96 at best. In those fixed 96 bits, there can easily be static UID portions. Right now with IPv4, the "tightness" of addr space means very few users have static bits in their addr, and most pay heavily for the privilige because they need it for incoming traffic.
Disclaimer: I generally do not like Apple (quality but overpriced hardware, buggy, slow & closed software) in a manner rivalling my dislike for Microsoft.
But here I have to give Apple some credit (even if not for the same reasons) -- IPv6 is a privacy nightmare and a lawyer/spook/stalker's dream. Addresses will have 128 bits. Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Yes, yes, I know there are lots of things the ISPs _can_ do to under IPv6 preserve anonymity. Most will not, and of the few remaining, a few unfriendly chats from the telecommunication regulators will persuade most. A token few might remain unpersuaded, but this is not a problem for authorities since they will collect many suspects in one place. Mixmaster/Anonymizer don't need to be honeypots when they are pink flags.
One of the important keys for anonymity is herd protection. Having an impossibly large number of people doing similar things so the anon is hard to distinguish. Like ecommerce using https unflagging encryption. Currently, most users are using corp proxies or using limited IPv4 addr that ISPs have to dynamically allocate. Of course there are logs of who has what IP, but these are generally difficult to access and most importantly, expire after some time. Retro-fishing becomes hard/impossible.
I don't know how "typical"/common-to-type, but I too smell a whiner. 10 years of cyberstalking isn't harassment, it is symbiosis. "Co-dependency" in PC-speak. I find it beyond incredible that a computer-savvy person would be stalked that long without identification and intervention by law enforcement.
OTOH, any site that complains of spamming needs to require registration or grow a pair. The cost of allowing anon is some spam tolerence, or filters of some sort. Banning positive contributors (is she?) enters the death spiral -- rewarding bad behaviour.
Slashdot Mirror
As another reply commented, SHA1 is not "perfectly strong". And yes, salting is an easy assist to hash security. And yes, strong passwords have value, the problem is the human cost. Don't you evaluate user costs?
Unprofessionalism (in IT and elsewhere) transfers costs from the incompetent to users/customers. Of course some costs have to be transferred. But they have a cost-benefit including user costs. Even competent management [rare] will have trouble catching mistransfers because the diffuse user community is "each only slightly inconvenienced" and may not complain (inertia hurdle). Yet in aggregate, the loss is substantial.
The predictable whining (and obligatory xkcd rebut) will be to make passwds "stronger", because open hashes or fast guessing is acceptable provider security.
I call BS! More "blaming the victim". Any secadmin/netadmin who has hashes available or allows unthrottled passwd guessing is INCOMPETANT. Staff are paid for professional-level knowledge so users do not need to be concerned.
The work itself is very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.
Practical security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.
My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.
Very nice, MD5 hashes can be cracked quickly in massive parallel on GPU hardware. This only matters after the hashes have already been stolen.
Actual security should be more systemic -- the cost of a wrong guess is more than a nanosecond of GPU. There are at least network delays, and in many cases lockouts. The latter make random guessing too costly/slow, especially progressive systems that allow 5 wrongs immediately, 10 in an hour, 20 in a day, and lock hard (manual intervention) above that.
My father had one of the early ATM cards but had me operate the machinery. It had an 8 digit assigned PIN, but dropped quickly to 4 when it was realized the 8 were hard to remember, and swallowing the card after 3 wrong guesses was more than adequate.
Hoo boy, where to start? First some disclosure -- I have both a 20-something son and daughter. Both have suffered heartaches much as I did. Neither has an easy time of it.
TFA makes the major assumption that things are worse now than earlier. I would like some proof. Yes, marriage and childbirth are being delayed, but I'm far from convinced this is a bad thing. Child rearing has been improved and battery reduced.
Second, this is all been laid at the feet of the young men. Yes, our species does seem to both require activity from the males and passivity from the females. But society has become much more complex, with many more choices in activities. SSmall wonder young men don't get it right. I have to remind my daughter that her beaux cannot read her mind, and need appropriate signs of encouragement. N ot things she thinks are encouragement, but things _they_ will interpret as such.
Finally, if it actually is that things are worse, why should it be that vidgames/pr0n are to blame? Handy whipping boi's? This gets into the vent or foment debate. But sidestepping it, consider something else: half of all young people grew up in split/divorced households. Might this not make them more than a bit leery ? The staggaring increase in divorce 1970-1990 is squarely on my generation's shoulders.
I still think we have not the foggiest clue of what technological contraception does to a society long-term. It changes attitudes towards children and many other things. We are still discovering, and won't even approach normality for another 100+ years.
Nice, but these are only ~0.4 M$/y which looks like 2x overtime even while sleeping, totalling 10x salary.
Canada/UK/oz/... rely _very_ heavily on the Crown (civil servants) and even company officers in general doing the "Right Thing", and being very embarrassed otherwise. Unfortunately, this has been eroded by US movies/TV.
US/state/corp officials derive their power from election, and are otherwise devoid of civic duty. So they need hard slaps from courts.
Good luck to him -- even if he waits longer to get a jury trial, the judge will still set damages and cannot assess anything resembling punative damages under Canadian law. At most he will get actual, proveable damages, two years salary (should try for overtime:). And might actually get costs awarded against him if he rejects a higher "paid-into-court" settlement offer.
Just look at the current bete-noir -- Jaime Dimon of JPMorgan/Chase who was too puffed up with himself to see the London Whale lose 2B$. And he's not even taking the fall ...
Look, I despise MSFT just as much as the next /.r , but fair-is-fair: Ballmer is not _quite_that_ bad; the whole MSFT business model is terrible, just like the RIAA -- you can milk the back-catalog forever, but it will not give you anything resembling growth.
Ballmer is getting a bad rap mostly in comparison to Steve Jobs (RIP) who revitalized an Apple suffering the same rot with new (for them) and attractive products.
That, or Forbes editors cannot pull a filler back-story when real news makes it laughable. Slow@$$es
Any sort of selection or filtration system is going to have TWO very different forms of error: false negatives and false positives. Missed badguys and caught goodguys. Most of the testing is done to reduce false negatives, so that you're not embarrassed by a glaring badguy getting though. As a result, lots of false positives are generated because they are less unacceptable. Do not expect rationality from censors -- that is not their objective.
The real customer's objective is to minimize the total cost both of false negatives and false positives. It doesn't help until people realise the [often high] cost of a false positive -- a large sales order that was missed & lost by a spam filter.
Some areas like police, do not have any notion of a false positive -- "It's all good -- they needed a warning".
... TFA begs the question -- why do we consider any icons make sense? Aren't they just abandoning the invention of the alphabet and reverting to earlier pictographs?
I agree many surges come in across telco/cable. I lost 3 POTS modems in 18 months until I fixed the telco NID ground. None after. I mentioned this in my GP post, and both telco & cable NID boxes have some surge protection, but it will be useless if the box isn't properly grounded.
Not too worried about local power strip devices -- the AC certainly is on separate circuits, and the fridge is most likely to be. If they generate any surges (unlikely), they have to feed it to the panel where the whole-house MOVs will ground it out.
Whole-house surge protectors run $40-60 at Lowes and Home Depot (Siemans/SquareD), but you're best to get an electrician to install them because they need to be installed in the breaker box. One type is a double-breaker and clamps into the A & B busses with a wire to ground. The other has three wires to the same places.
IMHO whole-house is _much_ better than power-strip MOVs because of the reduced impedence to ground -- the rod is near the box. Also, check your ground rod and upgrade clamps -- they often deteriorate (loosen or corrode).
Make sure phone & cable TV entrances are also grounded, preferably to the same stake. If they are on opposite sides of [old] houses, you are going to occasionally fry equipment from nearby lightening strikes due to transient ground potential difference.
Of course, Phazbuch makes it ever so much worse by default privacy settings that help them build a network and show off a product at the risk of user privacy. MS does the same.
I don't know what qualifies as cyberstalking under 'stralian law, but this looks like it might qualify. I don't know any law that limits cyberstalking to just one target. Digging out an employer is quite an intrusion, obviously intended to intimidate.
Of course there will be some Parlimentary Privilige, but I believe that applies only to comment on the floor, not elsewhere.
Science is not politics or military action, both of whom require proponderences in numbers and quality. Science is about discovering underlying truth, quite irrespective of who believes what or how well they speak.
This is why the Climategate email scandal is an irrelevant distraction. It might mean something about the credibility of the individuals invovled, but science is supposed to be testable, so personalities are irrelevant. The climate does not care about emails much -- just from the slight additional power generation, somewhat less than for JanetJacksons nip-slip.
It is very odd (&revealing?) the NYT doesn't know better.
Vertical is definitely better for only a few units. Instead of hanging from horizontal faceplates, they can also be hung flat against the wall with faceplates vertical for easier access to the back connectors. Consumer-grade switches, routers, etc can also be tacked to the plywood.
Precisely. And this is very d@mning of CEOs, who ought to value diverse opinions and strong characters. A good CEO will want people who keep her from scr3wing up, not people who will help him down a known dead-end.
So many CEOs don't like CIOs? And resort to namecalling? They reveal themselves ...
Such CEOs are very arrogant and resentful of any nay-sayers. Even when the objections are based on physics or established computing capabilities.
The problem is such CEOs have gotten to where they are by pushing people around, and believe physics can be similarly pushed. Sorry, but it won't even notice.
The very limitations of FORTRAN control flow, especially around DO - loops are things that make vectorization easier which keeps FORTRAN very viable for numeric processing.
The person identified will be the service subscriber, and by recording IPs are identifiable without access to DHCP logs, potentially long afterwards. This might not be enough for a criminal conviction, but will be damning in the court of public opinion and more than sufficient for extra-legal enforcement (Gitmo).
You've never heard of bait'n'switch? Get you lusting after a /48 and all hot-to-go, then get a /72 or less? Tell me -- if you were Big Sis and wanted to clamp down on the Internet, what would you do? Do you think Crisco and other router mfrs are gonna complain with more routing bits?
More likely you will get a /96 at best. In those fixed 96 bits, there can easily be static UID portions. Right now with IPv4, the "tightness" of addr space means very few users have static bits in their addr, and most pay heavily for the privilige because they need it for incoming traffic.
Disclaimer: I generally do not like Apple (quality but overpriced hardware, buggy, slow & closed software) in a manner rivalling my dislike for Microsoft.
But here I have to give Apple some credit (even if not for the same reasons) -- IPv6 is a privacy nightmare and a lawyer/spook/stalker's dream. Addresses will have 128 bits. Not only is this a significant increase in packet overhead, but it is highly likely that some portion will identify a person.
Yes, yes, I know there are lots of things the ISPs _can_ do to under IPv6 preserve anonymity. Most will not, and of the few remaining, a few unfriendly chats from the telecommunication regulators will persuade most. A token few might remain unpersuaded, but this is not a problem for authorities since they will collect many suspects in one place. Mixmaster/Anonymizer don't need to be honeypots when they are pink flags.
One of the important keys for anonymity is herd protection. Having an impossibly large number of people doing similar things so the anon is hard to distinguish. Like ecommerce using https unflagging encryption. Currently, most users are using corp proxies or using limited IPv4 addr that ISPs have to dynamically allocate. Of course there are logs of who has what IP, but these are generally difficult to access and most importantly, expire after some time. Retro-fishing becomes hard/impossible.
You expect bro's who can't get dates to be nice to women??? Which came first is another question.
I don't know how "typical"/common-to-type, but I too smell a whiner. 10 years of cyberstalking isn't harassment, it is symbiosis. "Co-dependency" in PC-speak. I find it beyond incredible that a computer-savvy person would be stalked that long without identification and intervention by law enforcement.
OTOH, any site that complains of spamming needs to require registration or grow a pair. The cost of allowing anon is some spam tolerence, or filters of some sort. Banning positive contributors (is she?) enters the death spiral -- rewarding bad behaviour.