Um, why not treat the SSNs the same way you do passwords, and add a salt? store something like "$salt$H(SSN + salt)" ?
Obviously, what length of salt, and the actual hash algorithm you use, along with the way you construct the cleartext to hash, will vary. But adding some kind of salting to the hashing of SSNs should make brute forcing harder. (admittedly, if you only want 1 person's SSN, you only need the 10^9 hashes for that given salt.)
Consider something like PBKDF2 (a Password-Based Key Derivation Function) that makes going from password to key sloooooow (eg, 5 seconds).
Sure, you can parallelise this, but if you're trying to make this hard.
On the other hand - if all you need is to have a function of the form getEmployeeBySSN(s : SSN) : EmployeeObject then why not keep the SSNs serverside, and just use a synthetic (sequence-generated) primary key on remote copies (missing out the SSNs entirely).
IRIX software was (is?) licensed by the MAC address of the inbuilt ethernet interface. The serial codes to activate the app were generated to be locked to a given MAC. Apparently, you could change it in the PROM, but it was a pretty effective deterrent. I suspect that the MAC address may be shared between all the interfaces (nodes), like older Sparc systems.
Maybe I'm missing something here, but if all of the "normal folk" (chinese political journalists, whistleblowers, etc) decided "Right-O, let's throw in the towel, stop writing and go work at McDonalds" wouldn't the child pornographers just carry on using the network - the technology is "free and open", so surely there's nothing "we" could do to stop them. And, if there was some kind of/.-style moderation added to freenet (I'm not saying there should be) surely the pornographers would go "ha ha, I'm not upgrading. screw you!". So, then they'd be running their own "fork" of freenet. So, as far as I can tell the only thing we can do is for people to voluntarily stop using it - but that isn't going to get rid of the child pornographers. Maybe I'm not awake, but I can't see that there's anything to "trade" off ??
Solution to that at the college I helped out at was to put the proxy between us and the router (ie, two network cards in the proxy server) and set up bridging. Then use iptables to redirect connections to the upstream proxies (that are not from authorised servers - prepending some -j ACCEPT rules is an easy solution to that) to our local (Dansguardian+Squid) proxy, thereby foiling any attempts to access the upstream proxies in an unauthorised manner.
Ladies and Gentleman, on behalf of Captain Temptest and his crew may we welcome you aboard Routine Scientific Survey Flight Nine.
Before we enter into an outgoing take-off scenario it is space fleet command regulations that we take you through emergency procedures.
Firstly, may we respectfully point out that the use of all audio visual recording devices, including flash photography, is strictly prohibited on board this flight.
Secondly, may we point out the emergency exits. They are located here, here and here.
In the event of cabin decompression, oxygen masks will come down from the overhead compartments. Place them over your mouth and nose and breathe normally.
Finally the POLARITY REVERSAL DRILL. If you look below you/ahead, you will see the Klystron Generator.
On it is marked "KLYSTON GENERATOR. DANGER. DO NOT REVERSE POLARITY"
Polarity is reversal is a very dangerous procedure that's why we tell you not to do it. However, in the unlikely event of entering a polarity reversal situation, we ask you to follow this simple drill:
there's also NAS in UNIX too, btw. I can't remember any windows solutions off of my head, but the Apples let you play music (from iTunes, etc) over a network to remote Airport stations (which have sound jacks on 'em) - so it's gotta be possible in the real world.
Perhaps they should get those guys from the Sony WEGA advert to come along (you know, the advert where the sound man from the film comes along to thank you for listening to their film on a Sony WEGA system and then the whole film crew come out and shake hands with Joe Sixpack and family, and at the end you see them all sat around behind the sofa watching the film with them?)
Now that actually is not the answer that I had in mind, because the book that I got this problem out of wants you to do it in base eight; but don't panic, base eight is just like base ten really.
If you're missing two fingers. Shall we have a go at it? Hang on.
*continues quoting tom lehrer*
You can't take three from two, Two is less than three, So you look at the four in the eights place. Now that's really four eights, So you make it three eights, Regroup, and you change an eight to eight ones, And you add them to the two, And you get one-two base eight, Which is ten base ten, And you take away three, that's seven.
Now instead of four in the eights place You've got three, 'cause you added one, That is to say, eight, to the two, But you can't take seven from three, So you look at the sixty-fours.
Sixty-four? how did sixty-four get into it? I hear you cry. Well, sixty-four is eight squared, don't you see? (well, you ask a silly question, and you get a silly answer.)
From the three you then use one To make eight ones, And you add those ones to the three, And you get one-three base eight, Or, in other words, In base ten you have eleven, And you take away seven, And seven from eleven is four. Now go back to the sixty-fours, And you're left with two, And you take away one from two, And that leaves...?
Now, let's not always see the same hands. One, that's right! Whoever got one can stay after the show and clean the erasers.
Hooray for new math, New-hoo-hoo-math, It won't do you a bit of good to review math. It's so simple, So very simple, That only a child can do it!
Come back tomorrow night. we're gonna do fractions. Now I've often thought I'd like to write a mathematics text book because I have a title that I know will sell a million copies. I'll call it tropic of calculus.
Also, one might consider using the "Forgotten Password" function on the site in order to set a new password without revealing the old password, thereby allowing you to access the site without giving away your old password and enabling you to remove the MD5 hash of your old password from the server (although it's likely to be backed up).
At my college I've been told that teachers are not allowed to email students (or generally keep in contact with them) due to LEA (Local Education Authority) rules and regulations.. not even to post-compulsary ("sixth form") students.
Slashdot Mirror
What about a sonic screwdriver? I've seen The Doctor use that in self defence before...
I'd have said "Today, I was once again toying with the idea of ..." :)
Actually, that does make sense.
Eg, "sudo ip addr add 192.168.38.1/24 dev eth0" would add the address 192.168.38.1 with the subnet mask 255.255.255.0.
192.168.38.x/24 specifies the subnet, x=0 is the subnet identifier, x=255 is the broadcast address, everything in-between is a host.
HTH YMMV HAND :)
Um, why not treat the SSNs the same way you do passwords, and add a salt? store something like "$salt$H(SSN + salt)" ?
Obviously, what length of salt, and the actual hash algorithm you use, along with the way you construct the cleartext to hash, will vary. But adding some kind of salting to the hashing of SSNs should make brute forcing harder. (admittedly, if you only want 1 person's SSN, you only need the 10^9 hashes for that given salt.)
Consider something like PBKDF2 (a Password-Based Key Derivation Function) that makes going from password to key sloooooow (eg, 5 seconds).
Sure, you can parallelise this, but if you're trying to make this hard.
On the other hand - if all you need is to have a function of the form getEmployeeBySSN(s : SSN) : EmployeeObject then why not keep the SSNs serverside, and just use a synthetic (sequence-generated) primary key on remote copies (missing out the SSNs entirely).
Hope that wasn't too much of a ramble.
You are amanfromMars and ICMFP
Somehow, the first image that came to mind after reading that involved physically throwing a comms rack. I suspect this may not be what you meant :P.
:P.
I guess our definitions of "a LAN" vary
PIPEX are looking to be bought out. Maybe by tiscali.
Get a real ISP, like Black Cat Networks or Andrews and Arnold Ltd. Alternatively, UKFSN (an Enta.net reseller) are pretty good, if you're tighter around the pocket.
[Captcha: protests]
I think you'll find that's AMD64 and x86_64 - IA64 is the Itanium RISC architecture.
I'm sure this is probably redundant/offtopic or something, but I thought it was funny. Yay me!
(My "checkout" word was "retracts" - how appropriate!)
IRIX software was (is?) licensed by the MAC address of the inbuilt ethernet interface. The serial codes to activate the app were generated to be locked to a given MAC. Apparently, you could change it in the PROM, but it was a pretty effective deterrent. I suspect that the MAC address may be shared between all the interfaces (nodes), like older Sparc systems.
Maybe I'm missing something here, but if all of the "normal folk" (chinese political journalists, whistleblowers, etc) decided "Right-O, let's throw in the towel, stop writing and go work at McDonalds" wouldn't the child pornographers just carry on using the network - the technology is "free and open", so surely there's nothing "we" could do to stop them. And, if there was some kind of /.-style moderation added to freenet (I'm not saying there should be) surely the pornographers would go "ha ha, I'm not upgrading. screw you!". So, then they'd be running their own "fork" of freenet. So, as far as I can tell the only thing we can do is for people to voluntarily stop using it - but that isn't going to get rid of the child pornographers. Maybe I'm not awake, but I can't see that there's anything to "trade" off ??
*chortle*
They'd want to use shorthand?? (Stenography==shorthand, Steganography==hidden messages)
What about the risks of DHMO poisoning? Check out http://www.dhmo.org/ ;)
Solution to that at the college I helped out at was to put the proxy between us and the router (ie, two network cards in the proxy server) and set up bridging. Then use iptables to redirect connections to the upstream proxies (that are not from authorised servers - prepending some -j ACCEPT rules is an easy solution to that) to our local (Dansguardian+Squid) proxy, thereby foiling any attempts to access the upstream proxies in an unauthorised manner.
:)
Email me if you want more detail of this setup
Like so?...
Ladies and Gentleman, on behalf of Captain Temptest and his crew may we welcome you aboard Routine Scientific Survey Flight Nine.
Before we enter into an outgoing take-off scenario it is space fleet command regulations that we take you through emergency procedures.
Firstly, may we respectfully point out that the use of all audio visual recording devices, including flash photography, is strictly prohibited on board this flight.
Secondly, may we point out the emergency exits. They are located here, here and here.
In the event of cabin decompression, oxygen masks will come down from the overhead compartments. Place them over your mouth and nose and breathe normally.
Finally the POLARITY REVERSAL DRILL. If you look below you/ahead, you will see the Klystron Generator.
On it is marked "KLYSTON GENERATOR. DANGER. DO NOT REVERSE POLARITY"
Polarity is reversal is a very dangerous procedure that's why we tell you not to do it. However, in the unlikely event of entering a polarity reversal situation, we ask you to follow this simple drill:
you know... where you compare something/someone to Adolf Hitler/the Nazi party and then the discussion promptly ends? (see Usenet)
there's also NAS in UNIX too, btw. I can't remember any windows solutions off of my head, but the Apples let you play music (from iTunes, etc) over a network to remote Airport stations (which have sound jacks on 'em) - so it's gotta be possible in the real world.
Perhaps they should get those guys from the Sony WEGA advert to come along (you know, the advert where the sound man from the film comes along to thank you for listening to their film on a Sony WEGA system and then the whole film crew come out and shake hands with Joe Sixpack and family, and at the end you see them all sat around behind the sofa watching the film with them?)
Ciao.
So, really, the problem is with *multiprogramming*, NOT *multitasking*, then? ;)
heh heh.
Now that actually is not the answer that I had in mind, because the book that I got this problem out of wants you to do it in base eight; but don't panic, base eight is just like base ten really.
If you're missing two fingers. Shall we have a go at it? Hang on.
*continues quoting tom lehrer*
You can't take three from two,
Two is less than three,
So you look at the four in the eights place.
Now that's really four eights,
So you make it three eights,
Regroup, and you change an eight to eight ones,
And you add them to the two,
And you get one-two base eight,
Which is ten base ten,
And you take away three, that's seven.
Now instead of four in the eights place
You've got three,
'cause you added one,
That is to say, eight, to the two,
But you can't take seven from three,
So you look at the sixty-fours.
Sixty-four? how did sixty-four get into it? I hear you cry.
Well, sixty-four is eight squared, don't you see?
(well, you ask a silly question, and you get a silly answer.)
From the three you then use one
To make eight ones,
And you add those ones to the three,
And you get one-three base eight,
Or, in other words,
In base ten you have eleven,
And you take away seven,
And seven from eleven is four.
Now go back to the sixty-fours,
And you're left with two,
And you take away one from two,
And that leaves...?
Now, let's not always see the same hands.
One, that's right!
Whoever got one can stay after the show and clean the erasers.
Hooray for new math,
New-hoo-hoo-math,
It won't do you a bit of good to review math.
It's so simple,
So very simple,
That only a child can do it!
Come back tomorrow night. we're gonna do fractions.
Now I've often thought I'd like to write a mathematics text book because I have a title that I know will sell a million copies. I'll call it tropic of calculus.
See http://kitschy-kitschy-coo.com/columns/2005/1/17/ for an explanation
http://methlabs.org/forums/login.php?do=lostpw you can recover your password there
Yeah, it's also known as a "Book of Synonyms", eg http://www.amazon.com/exec/obidos/tg/detail/-/0446 313106/002-4403523-3097628?v=glance this dictionary of synonyms and anyonyms.
Also, one might consider using the "Forgotten Password" function on the site in order to set a new password without revealing the old password, thereby allowing you to access the site without giving away your old password and enabling you to remove the MD5 hash of your old password from the server (although it's likely to be backed up).
At my college I've been told that teachers are not allowed to email students (or generally keep in contact with them) due to LEA (Local Education Authority) rules and regulations.. not even to post-compulsary ("sixth form") students.