Looks like yet another case of Microsoft abusing their monopoly position to dump money into a new market.
IE. XBox. MSN Messenger.
All these products, Microsoft offers below marginal cost (or in this case, gives away money for a free product) by subsidizing the new product with money gained from a monopoly.
Think "just read article with security implications" and "has no sense of humor" and you'll be describing me.
improvements to inkblot generation algorithm
on
Inkblot Passwords
·
· Score: 1
There is a possible change to the above inkblot generation described. Instead of basing the inkblot generation solely upon the user name (and of course a server key), it could also base it upon the user name and the time at which the inkblot was generated (or other random input at the time), and then save the inkblots for the user (or at least the inputs to the inkblot generator). This would have the advantage of a malicious user not being able to study a particular user's "inkblot output" by generating the user's inkblot on a different machine, even if the server key was stolen.
A big problem with this inkblot algorithm altogether is that given a particular inkblot, there really are a more finite number of possible answers for a given inkblot. Given enough time and enough different brains looking at the inkblots, a list of 100 or so possible passwords could be attempted.
I agree that this inkblot strategy _does_ help in "brute force" attempts, since the passwords are more complex than "password" which is good. However, what happens when computers can recognize inkblots? Then a computer program could be written to attack one of these inkblot passwords without human "brain" power.
/etc/passwd would not change ONE iota. It is the login mechanisms that would change. They would use the same library interface to/etc/passwd without a single line of code changing, or a single change in/etc/passwd.
For example, the KDE login, instead of having just a login and password prompt, would have a login prompt, you enter your login and it enters "password gathering mode". KDE (or more appropriately the auth_inkblot library) generates inkblots based on the login (thus we get the same inkblot each time for the same login, very important, and it should probably be cached to save the CPU) and as you type in the password prompt, the inkblots cycle through (one each after 2 characters). Then KDE asks/etc/passwd if "myuser" and "mypass" are a valid user, same as always.
1. Tech firms move tech support jobs to cheap labour shops. 2. Tech firms move software and hardware test jobs to cheap labour shops. 3. Tech firms move software and hardware development jobs to cheap labour shops. 4. Tech firms move software and hardware design jobs to cheap labour shops. 5. Tech firms move project management jobs to cheap labour shops. 6. Cheap labour shops will soon realise that they do not need the tech firm at all, which by now has been reduced to a corporate headquarters.
We are currently rushing headlong with #1, and inching forward with #2. But I can almost guarantee that as #1's cost savings are shown, soon #2 will start gaining huge ground. And as #2's cost savings are shown, #3 will start gaining huge ground, and so on.
It will probably be another 25 years at least before the software architects and hardware designers are heavily "farmed" from cheap labour shops, but eventually that will be the reality we're faced with.
That's why you should spend the next 5 years of your development job getting training to do design, and the next 5 years of your design job getting training to do overseas project management. Hopefully by then you will have advanced to the point of being in senior management, then you cash out and sit happy when the building starts to crumble.
Are you kidding? From the article: "Steven Spielberg turned Dick's tale "Minority Report" into his darkest flick yet."
Uh... let's recap. In 1993 Spielberg directed a film called Schindler's List. A little darker than Minority Report. I won't mention the content of "Schindler's List" for fear of invoking Godwin's Law, but suffice it to say that a movie featuring mounds of burning bodies and people shot for sport just might be a dark movie.
I named my save game file "Mortar", only to find in horror that this because my "name" in the game, and all villagers, NPCs, etc, addressed me as "Mortar", and not "Link" as I would have vastly, vastly preferred.
When my wife started her save game using her (feminine) name, only to find that her character would be addressed by this name, she was fairly upset with me for not warning her!
Note to RPG developers: when allowing us to pick a name, let us know it will be used as our name in the game!
MECC's Number Munchers (simple math)
Popcap's Typer Shark (typing, spelling)
Popcap's BookWorm (spelling, word creation)
Microsoft's Age of Empires (history)
Where in the ** is Carmen Sandiego (geography)
There are TONS of educational games from funbrain.com, learningplanet.com, gamequarium.com, and many, many more.
If you really are interested in investigating WebSphere... let me know and I can probably get you in touch with some evaluation licensed software. (Note that however I do not work for IBM Sales!)
They'll just use it to pay their lawyers as they continue to support the MPAA and RIAA assault on freedom (DMCA, etc).
Re:Looks like an interesting book.
on
Hacking the XBox
·
· Score: 1
Yes you can modify it, but under the DMCA you can't tell anyone else how to modify it. You can hack your XBox to use a braille keyboard to help your sister, but you can't post a document telling other people how to do it.
Ah, yes. That's a good analogy. To continue it, I expect the RIAA's war against P2P networks to be just as successful as the government's war against drugs.
Ah, by that you must mean that the RIAA will imprison millions of otherwise nonviolent offenders, at great expense, turning them into violent criminals through the wonder which is our prison system's "rehabilitiation" program.
Now I wish I hadn't responded to this article so I could use my mod points on your comment. I suspected this might be the case... but why then when you move across the street in my town sometimes you can keep your number, but move across the wrong street and you can't? And I'm not talking changing area codes or phone companies, you have to get a new number with a different XXX (ZZZ-XXX-YYYY).
... what about the impact such a precedent sets for e-mail addresses? Let's say that I was using the e-mail address 'MORTAR_COMBAT@earthlink.net' because I had Earthlink as an ISP. But I want to change to MSN as an ISP but keep my e-mail address. Imagine the problems it would cause if the government required both that Earthlink must allow me to take my e-mail address with me, and that MSN must now host that e-mail address?
What's really the difference here between telling the cell phone companies "screw your prefix-based infrastructures, be able to accept anyone's phone numbers on your system" and telling ISPs "screw your silly notions of IP address blocks, be able to accept anyone's IP address on your system".
I have a block of static IPs from my ISP. If I change ISPs, according to the logical conclusion of this ruling, I should be able to keep my block of IP addresses.
Doesn't that raise any alarm bells? Doesn't that just sound preposterous, insane?
"Oh," you say. "But we have DNS! You just point your DNS to your new IP addresses (and reconfigure all your machines, etc). There is no DNS for phone numbers! So there!"
Uh... we _do_ have DNS for phone numbers. It's called "The Telephone Book", also known as "Directory Assistance" or "411", etc. Maybe we should be working on a better way to dial people up based on unchanging things like their names, kept and distributed much in the same way as DNS. You register your name with the phone company as your registrar and they assign you a phone number out of the block of phone numbers they have available. Anyone dialing "MORTAR COMBAT 123" would first hit a global registry (if the local registry didn't have a cache hit) saying that "Oh, Verizon is the registrar for "MORTAR COMBAT 123" at this time, and the request hits Verizon's registry which 'dials' the current physical phone number. Perhaps you pay a fee to the global registrar (through your local registrar) for this registration service.
If you change telephone providers, you should change phone numbers because provider infrastructure is set up based on rules of blocks of numbers. Following this path of 'take your number with you' leads into a nasty den of big, big trouble for IP addresses and ISPs because the law will make no distinction based on "technical difficulties" which it doesn't understand.
A phone number isn't some ethereal label -- it is a formatted number in which prefixes mean something significant, and upon which billions of dollars of infrastructure has been built.
Well, when I go to buy, say, a new processor, and one store has it for $199 and the other has it for $200, I'm going to buy the $199 for the sole reason of being able to answer "Oh, 100-something dollars" to my wife's question of "How much did that stupid thing COST?" instead of having to say "200 dollars".
Slashdot Mirror
Looks like yet another case of Microsoft abusing their monopoly position to dump money into a new market.
IE.
XBox.
MSN Messenger.
All these products, Microsoft offers below marginal cost (or in this case, gives away money for a free product) by subsidizing the new product with money gained from a monopoly.
Open and shut case, slam dunk, etc, etc.
Think "just read article with security implications" and "has no sense of humor" and you'll be describing me.
There is a possible change to the above inkblot generation described.
Instead of basing the inkblot generation solely upon the user name (and of course a server key), it could also base it upon the user name and the time at which the inkblot was generated (or other random input at the time), and then save the inkblots for the user (or at least the inputs to the inkblot generator). This would have the advantage of a malicious user not being able to study a particular user's "inkblot output" by generating the user's inkblot on a different machine, even if the server key was stolen.
A big problem with this inkblot algorithm altogether is that given a particular inkblot, there really are a more finite number of possible answers for a given inkblot. Given enough time and enough different brains looking at the inkblots, a list of 100 or so possible passwords could be attempted.
I agree that this inkblot strategy _does_ help in "brute force" attempts, since the passwords are more complex than "password" which is good. However, what happens when computers can recognize inkblots? Then a computer program could be written to attack one of these inkblot passwords without human "brain" power.
/etc/passwd would not change ONE iota. It is the login mechanisms that would change. They would use the same library interface to /etc/passwd without a single line of code changing, or a single change in /etc/passwd.
/etc/passwd if "myuser" and "mypass" are a valid user, same as always.
For example, the KDE login, instead of having just a login and password prompt, would have a login prompt, you enter your login and it enters "password gathering mode". KDE (or more appropriately the auth_inkblot library) generates inkblots based on the login (thus we get the same inkblot each time for the same login, very important, and it should probably be cached to save the CPU) and as you type in the password prompt, the inkblots cycle through (one each after 2 characters). Then KDE asks
1. Tech firms move tech support jobs to cheap labour shops.
2. Tech firms move software and hardware test jobs to cheap labour shops.
3. Tech firms move software and hardware development jobs to cheap labour shops.
4. Tech firms move software and hardware design jobs to cheap labour shops.
5. Tech firms move project management jobs to cheap labour shops.
6. Cheap labour shops will soon realise that they do not need the tech firm at all, which by now has been reduced to a corporate headquarters.
We are currently rushing headlong with #1, and inching forward with #2. But I can almost guarantee that as #1's cost savings are shown, soon #2 will start gaining huge ground. And as #2's cost savings are shown, #3 will start gaining huge ground, and so on.
It will probably be another 25 years at least before the software architects and hardware designers are heavily "farmed" from cheap labour shops, but eventually that will be the reality we're faced with.
That's why you should spend the next 5 years of your development job getting training to do design, and the next 5 years of your design job getting training to do overseas project management. Hopefully by then you will have advanced to the point of being in senior management, then you cash out and sit happy when the building starts to crumble.
That, sir, made my freakin' day.
A couple of suggestions which in my opinion are "off the beaten path" comedy:
Grosse Pointe Blank (the humor in contract killing)
Very Bad Things (who knew dead hookers and amputation could be so funny)
Cut down on Star Wars you must.
Are you kidding? From the article: "Steven Spielberg turned Dick's tale "Minority Report" into his darkest flick yet."
Uh... let's recap. In 1993 Spielberg directed a film called Schindler's List. A little darker than Minority Report. I won't mention the content of "Schindler's List" for fear of invoking Godwin's Law, but suffice it to say that a movie featuring mounds of burning bodies and people shot for sport just might be a dark movie.
My wife is taking the BAR exam at the end of this month. Anything she should really concentrate on?
Thanks.
3. You know the stereotype but thought "that couldn't possibly happen to me".
thanks for making me cry.
and not with laughter.
sometimes that joke really pisses me off.
I named my save game file "Mortar", only to find in horror that this because my "name" in the game, and all villagers, NPCs, etc, addressed me as "Mortar", and not "Link" as I would have vastly, vastly preferred.
When my wife started her save game using her (feminine) name, only to find that her character would be addressed by this name, she was fairly upset with me for not warning her!
Note to RPG developers: when allowing us to pick a name, let us know it will be used as our name in the game!
Here are some suggested curriculum:
MECC's Number Munchers (simple math)
Popcap's Typer Shark (typing, spelling)
Popcap's BookWorm (spelling, word creation)
Microsoft's Age of Empires (history)
Where in the ** is Carmen Sandiego (geography)
There are TONS of educational games from funbrain.com, learningplanet.com, gamequarium.com, and many, many more.
If you really are interested in investigating WebSphere... let me know and I can probably get you in touch with some evaluation licensed software. (Note that however I do not work for IBM Sales!)
They'll just use it to pay their lawyers as they continue to support the MPAA and RIAA assault on freedom (DMCA, etc).
Yes you can modify it, but under the DMCA you can't tell anyone else how to modify it. You can hack your XBox to use a braille keyboard to help your sister, but you can't post a document telling other people how to do it.
You create a 'server group' and add clones to it with mouse clicks. Viola, instant-on, growable/shrinkable massively scalable J2EE container.
Maybe this guy is trying to use the "Free except the documentation" JBoss and getting lost in the API set?
Ah, yes. That's a good analogy. To continue it, I expect the RIAA's war against P2P networks to be just as successful as the government's war against drugs.
Ah, by that you must mean that the RIAA will imprison millions of otherwise nonviolent offenders, at great expense, turning them into violent criminals through the wonder which is our prison system's "rehabilitiation" program.
Now I wish I hadn't responded to this article so I could use my mod points on your comment. I suspected this might be the case... but why then when you move across the street in my town sometimes you can keep your number, but move across the wrong street and you can't? And I'm not talking changing area codes or phone companies, you have to get a new number with a different XXX (ZZZ-XXX-YYYY).
as well for land lines
There are MANY areas where I live (southeastern US) where you cannot move so far as across the street and still keep your land phone number.
... what about the impact such a precedent sets for e-mail addresses? Let's say that I was using the e-mail address 'MORTAR_COMBAT@earthlink.net' because I had Earthlink as an ISP. But I want to change to MSN as an ISP but keep my e-mail address. Imagine the problems it would cause if the government required both that Earthlink must allow me to take my e-mail address with me, and that MSN must now host that e-mail address?
What's really the difference here between telling the cell phone companies "screw your prefix-based infrastructures, be able to accept anyone's phone numbers on your system" and telling ISPs "screw your silly notions of IP address blocks, be able to accept anyone's IP address on your system".
I have a block of static IPs from my ISP. If I change ISPs, according to the logical conclusion of this ruling, I should be able to keep my block of IP addresses.
Doesn't that raise any alarm bells? Doesn't that just sound preposterous, insane?
"Oh," you say. "But we have DNS! You just point your DNS to your new IP addresses (and reconfigure all your machines, etc). There is no DNS for phone numbers! So there!"
Uh... we _do_ have DNS for phone numbers. It's called "The Telephone Book", also known as "Directory Assistance" or "411", etc. Maybe we should be working on a better way to dial people up based on unchanging things like their names, kept and distributed much in the same way as DNS. You register your name with the phone company as your registrar and they assign you a phone number out of the block of phone numbers they have available. Anyone dialing "MORTAR COMBAT 123" would first hit a global registry (if the local registry didn't have a cache hit) saying that "Oh, Verizon is the registrar for "MORTAR COMBAT 123" at this time, and the request hits Verizon's registry which 'dials' the current physical phone number. Perhaps you pay a fee to the global registrar (through your local registrar) for this registration service.
If you change telephone providers, you should change phone numbers because provider infrastructure is set up based on rules of blocks of numbers. Following this path of 'take your number with you' leads into a nasty den of big, big trouble for IP addresses and ISPs because the law will make no distinction based on "technical difficulties" which it doesn't understand.
A phone number isn't some ethereal label -- it is a formatted number in which prefixes mean something significant, and upon which billions of dollars of infrastructure has been built.
the GPL should be the only license EVER
he actually mentions that the GNU system runs on a couple of BSD kernels as a point of pride.
Well, when I go to buy, say, a new processor, and one store has it for $199 and the other has it for $200, I'm going to buy the $199 for the sole reason of being able to answer "Oh, 100-something dollars" to my wife's question of "How much did that stupid thing COST?" instead of having to say "200 dollars".