But I wouldn't trust a positive result that much. If it says your computer is clean, it probably is, if it says it isn't, you'd better take another look at it before formating.
So, the idea is that programmers that aren't comeptent enough to choose a good authentication library will implement that and discover they are not competent?
If you are going to change your authentication routines, why would you just put an alarm instead of making them secure?
In that case, what you are detecting is really that the usernames are leaked and not the passwords.
That's why I'm not sure about it. The article got me thinking about how unused usernames could leak. At most sites they are simply public data, but even if not published outright this is way more likely to lead to false positives than a real security breach detection. And false positives make people lenient.
Besides, as I said, it does not detect the most likely situations where your passwords may leak.
It's an interesting and intriguing idea, yeah. But I still didn't settle on "good".
How is an attacker supposed to get such passwords? He certainly can't phish them or get them in transit or while in memory. We are protecting against the password database leaking, but then, it's a set of salted hashes, so it's useless for the attacker... Unless it's something so easy to crack that you can be sure that it'll get cracked, but then, you are probably receiving several login attempts with those passwords already.
The problem is if your embossing machine require parallel ports, rather than RS-232, since nobody seems to use those anymore. I cannot think how to help you, there.
You just get a USB paralell port. Problem solved.
Now, WTF is that driver doing that it can't be rewritten into something more functional (current computers have a bit more memory to throw at it than the 94 ones), more stable (because you are putting everything at the userspace, where it belongs - the kernel stuff is jut the paralell port driver, that's already done) and simpler (because you are using a modern language, or at least a modern set of libraries) today?
My tablet has a keyboard, Open Office, LaTeX in case I want to use it, GEDA, because you know, writting documents is not the end all be all task, several different programming environmnets, a web server, and quite a lot of other things that I don't even remember that exist untill I need them. I only couldn't still make PostgreSQL run, because Asus compiled their kernel without shared memory support. SQLite runs well, but converting things is a pain.
I don't know why nobody is talking about the MS market. What I know is that I'm not talking about it because it's a combination of:
- Too obvious to get people of guard. Software developers are taking the needed precautions about it. - Too ridiculous to continue long term. If MS wants to close Windows, it's themselves that they are killing, not me. Something open will take their place fast. - Somewhat convenient. If they don't close Windows, it's just a very nice optional way to distribute software.
When compared to Secure Boot, for example, it's easy to decide what to fight and what to ignore.
Ok, it's on the title, you are asking why Disney got with EA. But when you post stuff with such generic terms, it's hard to discover that you are not talking about EA going with Disney.
Yes, it does, and the new launcher also sucks. An Aero-like interface is optional, but now that computers are finaly fit for it and can actualy save power using it, MS is discontinuing it...
(Here comes a very nice thank-you, MS, for suffering all the adoption problems at the conversion from CPU bounded GUIs to GPU bounded ones. The free software could ride on that to create great environments... I just don't understand why you don't want any of the fruits of that prior suffering.)
Nah, WinFS was in the next version of Windows since Win95, and they never had to replace the search because of that. Why Vista was different?
There is some reason why they decided to rewrite everything. But it's way more likely to be because of.Net, Wine, or marketing demands than because of WinFS.
People should remember just how terrible Americans are at keeping a secret.
That's not limited to the US... And I oppened the thread to say "Duh, what do you think all those operations* for intercepting all domestic communications were about?", but them I got to your comment. Yeah, there is no better place to keep a secret than open at the media.
* Everybody was talking about them just a few years ago. Even here. I remember something called "carnivorous", but it wasn't the only one.
The dialog box is better than simply showing the password without remembering you. But you were complaining that clicking to show the password is too much work, while proposing an idea that'll make everybody stop and click before working with passwords in any way, hidden or not.
Always showing the password is a very bad idea, but your original one is actualy worse. Clicking for displaying is still the best option, and not showing the password at all comes in a nice second place.
The goal of DRM is to own the channel, not it's contents. The content owners are being played.
It's to make your data useless unless you buy a phone from the market owner, your computer useless unless you buy your OS from the stack writer, and your hardware and the rest of your software from a companies that are his partner.
Oh, and it's also to make documents not leak, to the police, the press of to those pesky hackers on the Internet.
Bad is a subjective concept, and DRM can't be it (at least, not for everybody). The following are objective characteristics that do apply to all forms of DRM:
1 - It doesn't disturb pirates in any way 2 - It destroys value for your paying customers 3 - It makes the communication channels proprietary
Slashdot Mirror
No, but if you can you should disable pasword authentication.
It's a nice filter. If apache isn't using shared memory, you are ok. If it is, well, research further.
Hey, great tool, thanks.
But I wouldn't trust a positive result that much. If it says your computer is clean, it probably is, if it says it isn't, you'd better take another look at it before formating.
So, the idea is that programmers that aren't comeptent enough to choose a good authentication library will implement that and discover they are not competent?
If you are going to change your authentication routines, why would you just put an alarm instead of making them secure?
It's probably more like a fire alarm in a concrete building that goes out every time someones fires a match or smoke a cigarrete.
That's why I'm not sure about it. The article got me thinking about how unused usernames could leak. At most sites they are simply public data, but even if not published outright this is way more likely to lead to false positives than a real security breach detection. And false positives make people lenient.
Besides, as I said, it does not detect the most likely situations where your passwords may leak.
Depending on how you define "open source", the Raspberry PI has it.
The alarm will reach them when you try to use the fake passwords to access their servers.
It's an interesting and intriguing idea, yeah. But I still didn't settle on "good".
How is an attacker supposed to get such passwords? He certainly can't phish them or get them in transit or while in memory. We are protecting against the password database leaking, but then, it's a set of salted hashes, so it's useless for the attacker... Unless it's something so easy to crack that you can be sure that it'll get cracked, but then, you are probably receiving several login attempts with those passwords already.
Or, in other words, they were socialized.
That's how capitalism works. Mostly everything gets socialized, positive or negative.
You just get a USB paralell port. Problem solved.
Now, WTF is that driver doing that it can't be rewritten into something more functional (current computers have a bit more memory to throw at it than the 94 ones), more stable (because you are putting everything at the userspace, where it belongs - the kernel stuff is jut the paralell port driver, that's already done) and simpler (because you are using a modern language, or at least a modern set of libraries) today?
Yep, that was my tought.
My tablet has a keyboard, Open Office, LaTeX in case I want to use it, GEDA, because you know, writting documents is not the end all be all task, several different programming environmnets, a web server, and quite a lot of other things that I don't even remember that exist untill I need them. I only couldn't still make PostgreSQL run, because Asus compiled their kernel without shared memory support. SQLite runs well, but converting things is a pain.
Now, what does Windows RT do that I'm missing?
I don't know why nobody is talking about the MS market. What I know is that I'm not talking about it because it's a combination of:
- Too obvious to get people of guard. Software developers are taking the needed precautions about it.
- Too ridiculous to continue long term. If MS wants to close Windows, it's themselves that they are killing, not me. Something open will take their place fast.
- Somewhat convenient. If they don't close Windows, it's just a very nice optional way to distribute software.
When compared to Secure Boot, for example, it's easy to decide what to fight and what to ignore.
Ok, it's on the title, you are asking why Disney got with EA. But when you post stuff with such generic terms, it's hard to discover that you are not talking about EA going with Disney.
That's great news. So, they really want to commit suicide?
Yes, it does, and the new launcher also sucks. An Aero-like interface is optional, but now that computers are finaly fit for it and can actualy save power using it, MS is discontinuing it...
(Here comes a very nice thank-you, MS, for suffering all the adoption problems at the conversion from CPU bounded GUIs to GPU bounded ones. The free software could ride on that to create great environments... I just don't understand why you don't want any of the fruits of that prior suffering.)
Nah, WinFS was in the next version of Windows since Win95, and they never had to replace the search because of that. Why Vista was different?
There is some reason why they decided to rewrite everything. But it's way more likely to be because of .Net, Wine, or marketing demands than because of WinFS.
That's not limited to the US... And I oppened the thread to say "Duh, what do you think all those operations* for intercepting all domestic communications were about?", but them I got to your comment. Yeah, there is no better place to keep a secret than open at the media.
* Everybody was talking about them just a few years ago. Even here. I remember something called "carnivorous", but it wasn't the only one.
The dialog box is better than simply showing the password without remembering you. But you were complaining that clicking to show the password is too much work, while proposing an idea that'll make everybody stop and click before working with passwords in any way, hidden or not.
Always showing the password is a very bad idea, but your original one is actualy worse. Clicking for displaying is still the best option, and not showing the password at all comes in a nice second place.
Yeah, they used the default interaction style, like everybody else.
Except of course to the Ubuntu team, that has a worse case of NIH than even Microsoft, comparable only to Gnome's.
But you'd like to click ok in a dialog box before it?
The goal of DRM is to own the channel, not it's contents. The content owners are being played.
It's to make your data useless unless you buy a phone from the market owner, your computer useless unless you buy your OS from the stack writer, and your hardware and the rest of your software from a companies that are his partner.
Oh, and it's also to make documents not leak, to the police, the press of to those pesky hackers on the Internet.
Bad is a subjective concept, and DRM can't be it (at least, not for everybody). The following are objective characteristics that do apply to all forms of DRM:
1 - It doesn't disturb pirates in any way
2 - It destroys value for your paying customers
3 - It makes the communication channels proprietary
Yeah, Android/Linux is quite popular, what's your point? GNU/Linux is still an OS with a Linux kernel and the most central userland tools being GNU.
Yes, so why can we not simply send the SASS to the browser?