And any system worth its salt (crypto-hashing joke) won't allow that many attempts against any external or internal authenticator and will NEVER expose its password hashes.
Seriously, if someone has your password hash, it's game over anyway and it doesn't matter if it takes 2 weeks or 2 months to guess the passwords. And if they don't, then you shouldn't be letting them try several BILLION attempts at guessing a password anyway.
Well said. However, there are a number of systems not worth that much salt, that are still used --- I saw a cheap NAS box on our network that was attacked by a highly distributed botnet that was using simple password lists to reach it. Yep, you log in to those little things, and people will try.
And having said that, I think full pass phrases are more the go. I mean, what's it going to cost us? Disk space? RAM? Do the math. A long pass phrase such as "There is nothing quite so worth doing, said the dishwasher, as simply messing about with spacecraft." will be harder to match with hash tables, word lists or odometer attacks. And if you choose one sufficiently bizarre, you might even remember it.
...if you don't know you're product, you aren't a good sales rep, just another lizard in a suit.
That's quite true, and the solution many technical sales groups try is to pair a salesman and a high-end technical architect. It's a technique developed during boom times and not all that great at the rest of the time.
It sort of works like this:
1. Sales rep inflates potential sales figures for sales pipeline to increase his base income.
2. Salesman does not meet his inflated targets in 1 year, gets fired, goes to another company; rinse and repeat.
3. Everyone starts looking at salesman's pre-sales guy with an eyebrow up, thinking "Are you still here?"
There is no traditional item 4 for pre-sales guy.
Moral: stay the hell out of pre-sales, no matter what they offer you. It's a trap, there is no cake at the end, and I've seen this happen a number of times (often to me, and I'm glad to say I'm over it.)
That's how it is, right? We have a never-ending string of robberies and murders, and the best solution we've found is to have a police force, which helps reduce the problem, but adds the problem of a neverending string of police abuse. So we make rules to restrict the police, but........
Thing is, we all want police. We want them to be good police. I would rather we didn't have enough than that we couldn't depend on the ones we have to uphold the law, evenly and without prejudice.
It's generally considered (at least among ISP salesmen) that it's colocation if you're sharing your virtual server with someone else's virtual server on a common piece of hardware.
Virtual servers are good, you get a lot of benefits such as low MTTR and easy scalability. But 1RU servers are relatively inexpensive, too -- you can run a single virtual image on your own individual server if you like, everything is negotiable. A variant use of the term is rack-level colocation; your server, their rack.
Someday the sea will come crashing in. Depend on it.
The more I see the travesty of copyright panic unfolding, the preservation of the rich entitlements, the more I think of the Maginot Line. http://en.wikipedia.org/wiki/Maginot_line
You want to kill copyright? Buy yourself a guitar.
The PCI-E OCZ I'm running does effective 750MB/s RW. From the bios boot it looks like it's an internal RAID stripe set of 55GB chunks. Clever. The fast R/W I believe is mostly due to its bypassing the SATA bottlenecks. There are times when I wonder if it isn't just RAM with an internal battery, though. Dunno, but the combination is lightning fast.
Well, I've got an OCZ SSD (non-hybrid) booting from a PCI-E slot and I'm rapt with it. Deadly fast. And you can disable swapping or move the swapfile to another drive if you can't add sufficient RAM (I'm running comfortably on 16gb, high-end gamer, no real point to a swap file) then you're limiting the overall write activity your SSD incurs. This is good. O/S and game content is largely read-only, so it's not going to write itself to death as many early SSD's tended to do.
The one thing I've noticed about "computer-stupid" people of any age group is that they're unwilling to click on anything unknown or just test something. It's like they've lost the capacity for experimental play and refuse to learn on their own.
It could also be that people are becoming more sophisticated, not less -- how much of our security habits and attitudes are being driven by fear of clicking a hyperlink that could lead to identity theft?
People don't like their identities stolen. It's them.
"Look, if I ask you what time it is, don't tell me how to build a clock!"
(Attributed to Groucho Marx, from an silent-era film comedy short. He was lost, in a boat, in a storm, and wanted directions to the harbour. The harbour master was telling him how to plot a course over the radio. His boat was the Damfino. Sorry, I can't remember any more of the filmography, or the title.)
But I've used that line many times in the 40 or so years I've been in the IT industry.
Slashdot Mirror
And any system worth its salt (crypto-hashing joke) won't allow that many attempts against any external or internal authenticator and will NEVER expose its password hashes.
Seriously, if someone has your password hash, it's game over anyway and it doesn't matter if it takes 2 weeks or 2 months to guess the passwords. And if they don't, then you shouldn't be letting them try several BILLION attempts at guessing a password anyway.
Well said. However, there are a number of systems not worth that much salt, that are still used --- I saw a cheap NAS box on our network that was attacked by a highly distributed botnet that was using simple password lists to reach it. Yep, you log in to those little things, and people will try.
And having said that, I think full pass phrases are more the go. I mean, what's it going to cost us? Disk space? RAM? Do the math. A long pass phrase such as "There is nothing quite so worth doing, said the dishwasher, as simply messing about with spacecraft." will be harder to match with hash tables, word lists or odometer attacks. And if you choose one sufficiently bizarre, you might even remember it.
That's quite true, and the solution many technical sales groups try is to pair a salesman and a high-end technical architect. It's a technique developed during boom times and not all that great at the rest of the time.
It sort of works like this:
1. Sales rep inflates potential sales figures for sales pipeline to increase his base income.
2. Salesman does not meet his inflated targets in 1 year, gets fired, goes to another company; rinse and repeat.
3. Everyone starts looking at salesman's pre-sales guy with an eyebrow up, thinking "Are you still here?"
There is no traditional item 4 for pre-sales guy.
Moral: stay the hell out of pre-sales, no matter what they offer you. It's a trap, there is no cake at the end, and I've seen this happen a number of times (often to me, and I'm glad to say I'm over it.)
Not reading any further.
That's how it is, right? We have a never-ending string of robberies and murders, and the best solution we've found is to have a police force, which helps reduce the problem, but adds the problem of a neverending string of police abuse. So we make rules to restrict the police, but....... .
Thing is, we all want police. We want them to be good police. I would rather we didn't have enough than that we couldn't depend on the ones we have to uphold the law, evenly and without prejudice.
Beware the Deadly Cupcake!!!
Dear Al Qaeda reader,
Have a cake on us.
Yours,
MI6
"Hey, that was our site!"
Hmm. "The Brain from Planet Arous". On the shelf...
I want a DNA computer that can decide I need new teeth regrown, then show my body how to do it.
It's generally considered (at least among ISP salesmen) that it's colocation if you're sharing your virtual server with someone else's virtual server on a common piece of hardware.
Virtual servers are good, you get a lot of benefits such as low MTTR and easy scalability. But 1RU servers are relatively inexpensive, too -- you can run a single virtual image on your own individual server if you like, everything is negotiable. A variant use of the term is rack-level colocation; your server, their rack.
This measure is ... horrible.
Someday the sea will come crashing in. Depend on it.
The more I see the travesty of copyright panic unfolding, the preservation of the rich entitlements, the more I think of the Maginot Line. http://en.wikipedia.org/wiki/Maginot_line
You want to kill copyright? Buy yourself a guitar.
(Come to think of it, I think my watch has more RAM than the entire installed base of Xerox Data Systems machines.)
The PCI-E OCZ I'm running does effective 750MB/s RW. From the bios boot it looks like it's an internal RAID stripe set of 55GB chunks. Clever. The fast R/W I believe is mostly due to its bypassing the SATA bottlenecks. There are times when I wonder if it isn't just RAM with an internal battery, though. Dunno, but the combination is lightning fast.
Well, I've got an OCZ SSD (non-hybrid) booting from a PCI-E slot and I'm rapt with it. Deadly fast. And you can disable swapping or move the swapfile to another drive if you can't add sufficient RAM (I'm running comfortably on 16gb, high-end gamer, no real point to a swap file) then you're limiting the overall write activity your SSD incurs. This is good. O/S and game content is largely read-only, so it's not going to write itself to death as many early SSD's tended to do.
I think the cheaters probably have a much more rewarding career ahead of them with an organisation such as the CIA or ASIO.
Brrr. A guy could catch his death of philosophy here.
This place is full of Quantum; it's everywhere you look
It's in the halls of Physicists, and pages of a book.
"There has to be a fallacy!" the comment summarised,
And if we care to challenge that, we aren't very wise?
First-person experience, here -- "In 400 metres, exit left to Proposed Western Freeway." -- Garman Nuvi.
"Well, I can't say I've actually been missing it, really..."
That's for you to find out as soon as you have invented/created Adamantium.
You can farm that stuff on the Isle of Quel'Danas.
Oh, for mod points...
The one thing I've noticed about "computer-stupid" people of any age group is that they're unwilling to click on anything unknown or just test something. It's like they've lost the capacity for experimental play and refuse to learn on their own.
It could also be that people are becoming more sophisticated, not less -- how much of our security habits and attitudes are being driven by fear of clicking a hyperlink that could lead to identity theft?
People don't like their identities stolen. It's them.
"Look, if I ask you what time it is, don't tell me how to build a clock!"
(Attributed to Groucho Marx, from an silent-era film comedy short. He was lost, in a boat, in a storm, and wanted directions to the harbour. The harbour master was telling him how to plot a course over the radio. His boat was the Damfino. Sorry, I can't remember any more of the filmography, or the title.)
But I've used that line many times in the 40 or so years I've been in the IT industry.
More like the RIAA today.
This presumes you have a laptop, of course, but I can't imagine a programmer without one at this point.
"Anonymous" as a targetable group? There's sort of an interesting semantic fan-out here. It's kind of like calling a movie "Closed For Repairs".