yeah i know, I made this joke once or twice already and got the +5 funny, thought it wouldnt hurt to try for a third. Then again the previous two posts about it were much more legnthly and funny, I guess I'm too tired to give a shit.
Yes, but when mgmt doesnt understand why SSL is important and you can run a packet sniffer you get to see the passwords. Windows will only show the hash, but I'm sure I could rainbow table them if I was that interested.
that asumes that 1. I've got a PFY and 2. everyone is in the same office. Everyone is scattered all over the US. Guess I could email them the.reg but that would go against what I've been saying all this time about opening attachments.
no group policy, not in a domain environment. Wishing we were but joined the company after several years without a real sysadmin and all was done adhoc. working on vpns to get things straight but everyone seems to be happy with the old system. at least i got them off pop and onto mapi with rpc over https. sure its not *nix but its better than plain text passwords.
The company I work for has a password policy like this:
1. Must contain at least 8 characters
2. Must contain at least 2 lowercase letters
3. Must contain at least 2 capital letters
4. Must contain at least 2 numbers
Since a lot of people cant grok this we start to see passwords like 34erdfCV. If you are using a QWERTY keyboard take a look at that password and tell me whats wrong with it.
Since I saw this article in a MS Security newsletter I've started using passphrases. Here is an example of my Windows Server 2003 administrator login (local only, not going to help you). "Rent is due on the 5th". Now I see many comments already talking about how that is so much harder to type than "34erdfCV" but I beg to differ. For me at least it is much easier to type a coherent sentense than a bunch of random letters and numbers.
This password is not only easy to type, but it is very secure. I'm sure some mathematician is going to come down on my with a bunch of stats about how I'm wrong and what not but just the fact that the LM hash is not stored when you use a password larger than 14 characters helps significantly. Sure you can tell windows not to store a LM hash by editing the registry but do you really expect all employees of a mid size company to follow directions that start out like "Click Start, then Run. Type 'regedit' and click OK"?
Now of course this isn't going to defend you against the ol' linux bootdisk trick, or that awesome "NT Password Recovery" bootdisk, which is basically linux which allows you to overwrite the password, but thats what NTFS and encryption is for. And if you've got physical access all bets are off anyway. At least you know they wont be able to run a rainbow table lookup on your LM hash and figure it out in a few seconds.
Also, passphrases are easier to remember, harder to guess, harder to figure out by watching someone type them, and if your really that dense you can just pick up a book off your shelf, turn to a page, type in the first sentense and remember the book and page number.
And there is an added bonus to having a passphrase over 14 characters that you are all completely missing here. When the hot chick in accounting sees you keying in some enormously long password she will think your smart and savy and will want to have hot sex with you right there in the server room.
Well, maybe not the hot chick and sex part.
Now, what would be a good long slashdot post without a question for you to ponder. If you havent figured yet I'm the sysadmin at this company and am trying my hardest to find a way to "sell" this passphrase idea. It seems that the easiest thing to do in IT is configure complex servers and firewalls and support ID10T's. The hard part is "selling" common sense stuff like SSL and passphrases.
"You mean we're going to have to add an 's' to the end of 'http', do you really expect 100 people to change their bookmarks! They've been using those bookmarks all year!"
"Really you should not be making more than a few hundred thumb movements a day, so that does not amount to that many words when you think about it."
We can only hope that with Tivo's new SDK some developer will write a patch to the widely successful "thumbs-up / thumbs-down" system which is causing us all so much pain.
I for one welcome our new bird flicking Tivo overlords.
Trackpads don't work for you because your fingers are too cold. This is a result of you being dead. I hate for you to find out this way, but its true. You've been dead for a while now. There was actually a slashdot story on it, maybe you missed it? It was duped twice. Seems you died after a 36 hour starcraft session at a cybercafe. As your body lay there lifeless, your soul has been carying on and seriously the slashdot posts from the after life are kinda freaking us out here. If you dont mind, just walk towards the bright light and leave us alone. Oh, and give a word up to big J.
I was thinking about this a while ago. I remember accidently downloading the UK version of the Ali G movie over a year ago because it was labeled as some other movie. I started to watch it and thought to myself "this isn't movie X?!", but I stuck around for the first 5 minutes to see what it was, and that first 5 minutes got me hooked. For the next few months I was raving to my friends how cool this Ali G guy was. Well, fast forward a year and now everone's talking about him here in the states. Spiffy.
So back to my point, I was browsing BTEFNET or TVTorrents and accidently downloaded some Kevin Smith show, which wasnt that bad. See, in my infinate lazyness I read it as King of the Hill. Dont as how, it was very late. Anyway I gave the show a try because I was bored as hell and you know what, it wasnt THAT bad. Sure, I'll never get that 20 mins of my life back but its not like I was going to do something productive anyway.
Then the light turned on, what if some marketoids caught on to this concept and started flooding the Bit Torrent channels with falsly named episodes of some popular show in order to promote the pilot of some new show. (Not like this could actually happen on most BT sites considering the moderation and what not, maybe it'll work on Kazaa).
Anyway, that just brought me back to "why the hell do people mislabel movies on Kazaa anyway?". Personally I dont really care because had it not been for a mislabeled movie I would have totally missed out on that Ali G goodness, and trust me the UK version of the movie is MUCH better.
that last part speaks to me. I'm feeling the same way. ST:ENT is getting better but after hearing all the ST bashing on/. I'm wondering if I should give another series a shot and see what all the comotion is about, however, I'm too far behind to get into any other series except for BSG and even then I'll spend the next few weeks trying to get the last 9 eps off bit torrent. I think I'll just ride this out.
What's that supposed to mean? Did they finally start doing some character development in the fourth season?
Yes, they did. Last Episode we learned that Hoshi was kicked out of Starfleet Academy for breaking a superiors arm after he tried to break up an underground poker game she was running.
Hoshi and Trip get stuck in a decon chamber for most the Ep. and spend some time getting to know eachother (no, not like Flox and vulcan-chick get to know eachother)
Anyway, download the last few eps, you wont be disapointed.
To think I actually went into preferences and unchecked disable sigs just to see this. Just to see what all the fuss was about. And now I'm no better than the rest of these mornons commenting on your sig.
No, I'm not going to mirror the sig. Your going to have to enable sigs to see it too, and feel stupid when you did.
But I take offense to the idea that just because BSG discovered that handheld style camera movements makes for a more dramatic show makes it worthy of being presented as "reinventing" science fiction. Take away the handheld camera style and you're still left with your traditional sci-fi drama.
Ok whats with this handheld camera style anyway? All of the sudden a ton of shows seem like they're being filmed by 12 year olds with cheap mini-dv cams and being edited in iMovie (no offense to iMovie, I'm sure its wonderful software).
The Shield, 24, Lost, *insert random cop show*. Now SCI-FI?
At least now when an independent artist tries to put together a piece with a low budget it wont look so crappy in comparison anymore (technical not artistic)
Yeah I know but I'm a fan of both the television character and the real-life writer. I know he would turn it down in a heartbeat but I'm just talking about what would make good trek IMHO. I'd actually rather see Wil get the part in the movie with Sally Field he really wanted though.
Oh yeah, and other dude's right about william FUCKING shatner
I'd rather see a guest apearance by Wil Wheaton as Weasley Crusher and the Traveler than Riker and Diana. Would make for more interesting TV. I never really bought the whole Riker Diana thing anyway, or wasn't she with Worf for a while?
Anyway, if you havent already, check out Just A Geek.
PS: No, I'm not Wil or related
Re:Blurring the lines between cut scenes and gamin
on
More On PS3 and Xbox 2
·
· Score: 1
I did this in the first unreal, second level, when you walk outside the ship onto the beautiful planet complete with birds, waterfalls, grass, and even a sort of bunny/deer sorta thing. I spend about 15 minutes just wandering around going "OMG this is beautiful". This was 1998 on the Voodoo 2.
PS: Same thing happened with Unreal 2. Epic sure knows how to make beautiful games. Oh, and more recently Crytek with their Far Cry game. I spent most of the demo swimming with the fish, checking out the birds.
Slashdot Mirror
Hopefully this time Wil Wheaton will be in it and they won't cut him out.
oldversion.com, get aim 4.8. been on this version with AIM+ for years. no ads, no spyware, all the features.
yeah i know, I made this joke once or twice already and got the +5 funny, thought it wouldnt hurt to try for a third. Then again the previous two posts about it were much more legnthly and funny, I guess I'm too tired to give a shit.
Thats ok, I had a friend tell me he paid $1 for a "50 cent" ring tone. Where is the logic in that?
Yes, but when mgmt doesnt understand why SSL is important and you can run a packet sniffer you get to see the passwords. Windows will only show the hash, but I'm sure I could rainbow table them if I was that interested.
that asumes that 1. I've got a PFY and 2. everyone is in the same office. Everyone is scattered all over the US. Guess I could email them the .reg but that would go against what I've been saying all this time about opening attachments.
no group policy, not in a domain environment. Wishing we were but joined the company after several years without a real sysadmin and all was done adhoc. working on vpns to get things straight but everyone seems to be happy with the old system. at least i got them off pop and onto mapi with rpc over https. sure its not *nix but its better than plain text passwords.
The company I work for has a password policy like this:
1. Must contain at least 8 characters
2. Must contain at least 2 lowercase letters
3. Must contain at least 2 capital letters
4. Must contain at least 2 numbers
Since a lot of people cant grok this we start to see passwords like 34erdfCV. If you are using a QWERTY keyboard take a look at that password and tell me whats wrong with it.
Since I saw this article in a MS Security newsletter I've started using passphrases. Here is an example of my Windows Server 2003 administrator login (local only, not going to help you). "Rent is due on the 5th". Now I see many comments already talking about how that is so much harder to type than "34erdfCV" but I beg to differ. For me at least it is much easier to type a coherent sentense than a bunch of random letters and numbers.
This password is not only easy to type, but it is very secure. I'm sure some mathematician is going to come down on my with a bunch of stats about how I'm wrong and what not but just the fact that the LM hash is not stored when you use a password larger than 14 characters helps significantly. Sure you can tell windows not to store a LM hash by editing the registry but do you really expect all employees of a mid size company to follow directions that start out like "Click Start, then Run. Type 'regedit' and click OK"?
Now of course this isn't going to defend you against the ol' linux bootdisk trick, or that awesome "NT Password Recovery" bootdisk, which is basically linux which allows you to overwrite the password, but thats what NTFS and encryption is for. And if you've got physical access all bets are off anyway. At least you know they wont be able to run a rainbow table lookup on your LM hash and figure it out in a few seconds.
Also, passphrases are easier to remember, harder to guess, harder to figure out by watching someone type them, and if your really that dense you can just pick up a book off your shelf, turn to a page, type in the first sentense and remember the book and page number.
And there is an added bonus to having a passphrase over 14 characters that you are all completely missing here. When the hot chick in accounting sees you keying in some enormously long password she will think your smart and savy and will want to have hot sex with you right there in the server room.
Well, maybe not the hot chick and sex part.
Now, what would be a good long slashdot post without a question for you to ponder. If you havent figured yet I'm the sysadmin at this company and am trying my hardest to find a way to "sell" this passphrase idea. It seems that the easiest thing to do in IT is configure complex servers and firewalls and support ID10T's. The hard part is "selling" common sense stuff like SSL and passphrases.
"You mean we're going to have to add an 's' to the end of 'http', do you really expect 100 people to change their bookmarks! They've been using those bookmarks all year!"
Insight from other admins very welcome.
Someone should write a Firefox extension to block these on Slashdot.
I've been playing with it and have to agree, very nice
"Really you should not be making more than a few hundred thumb movements a day, so that does not amount to that many words when you think about it."
We can only hope that with Tivo's new SDK some developer will write a patch to the widely successful "thumbs-up / thumbs-down" system which is causing us all so much pain.
I for one welcome our new bird flicking Tivo overlords.
Trackpads don't work for you because your fingers are too cold. This is a result of you being dead. I hate for you to find out this way, but its true. You've been dead for a while now. There was actually a slashdot story on it, maybe you missed it? It was duped twice. Seems you died after a 36 hour starcraft session at a cybercafe. As your body lay there lifeless, your soul has been carying on and seriously the slashdot posts from the after life are kinda freaking us out here. If you dont mind, just walk towards the bright light and leave us alone. Oh, and give a word up to big J.
I was thinking about this a while ago. I remember accidently downloading the UK version of the Ali G movie over a year ago because it was labeled as some other movie. I started to watch it and thought to myself "this isn't movie X?!", but I stuck around for the first 5 minutes to see what it was, and that first 5 minutes got me hooked. For the next few months I was raving to my friends how cool this Ali G guy was. Well, fast forward a year and now everone's talking about him here in the states. Spiffy.
So back to my point, I was browsing BTEFNET or TVTorrents and accidently downloaded some Kevin Smith show, which wasnt that bad. See, in my infinate lazyness I read it as King of the Hill. Dont as how, it was very late. Anyway I gave the show a try because I was bored as hell and you know what, it wasnt THAT bad. Sure, I'll never get that 20 mins of my life back but its not like I was going to do something productive anyway.
Then the light turned on, what if some marketoids caught on to this concept and started flooding the Bit Torrent channels with falsly named episodes of some popular show in order to promote the pilot of some new show. (Not like this could actually happen on most BT sites considering the moderation and what not, maybe it'll work on Kazaa).
Anyway, that just brought me back to "why the hell do people mislabel movies on Kazaa anyway?". Personally I dont really care because had it not been for a mislabeled movie I would have totally missed out on that Ali G goodness, and trust me the UK version of the movie is MUCH better.
I'm pretty sure the 3 streems are for current.channel & current.channel-1 & current.channel+1 so you can channel surf without BUFFERING...
that always made me laugh too. but what do you think about "php coders"?
so true.
Your looking for this documentary Dot Com. And yes, that movie bombed too.
that last part speaks to me. I'm feeling the same way. ST:ENT is getting better but after hearing all the ST bashing on /. I'm wondering if I should give another series a shot and see what all the comotion is about, however, I'm too far behind to get into any other series except for BSG and even then I'll spend the next few weeks trying to get the last 9 eps off bit torrent. I think I'll just ride this out.
>at least the new series has Hoshi
What's that supposed to mean? Did they finally start doing some character development in the fourth season?
Yes, they did. Last Episode we learned that Hoshi was kicked out of Starfleet Academy for breaking a superiors arm after he tried to break up an underground poker game she was running.
Hoshi and Trip get stuck in a decon chamber for most the Ep. and spend some time getting to know eachother (no, not like Flox and vulcan-chick get to know eachother)
Anyway, download the last few eps, you wont be disapointed.
To think I actually went into preferences and unchecked disable sigs just to see this. Just to see what all the fuss was about. And now I'm no better than the rest of these mornons commenting on your sig.
No, I'm not going to mirror the sig. Your going to have to enable sigs to see it too, and feel stupid when you did.
But I take offense to the idea that just because BSG discovered that handheld style camera movements makes for a more dramatic show makes it worthy of being presented as "reinventing" science fiction. Take away the handheld camera style and you're still left with your traditional sci-fi drama.
Ok whats with this handheld camera style anyway? All of the sudden a ton of shows seem like they're being filmed by 12 year olds with cheap mini-dv cams and being edited in iMovie (no offense to iMovie, I'm sure its wonderful software).
The Shield, 24, Lost, *insert random cop show*. Now SCI-FI?
At least now when an independent artist tries to put together a piece with a low budget it wont look so crappy in comparison anymore (technical not artistic)
Yeah I know but I'm a fan of both the television character and the real-life writer. I know he would turn it down in a heartbeat but I'm just talking about what would make good trek IMHO. I'd actually rather see Wil get the part in the movie with Sally Field he really wanted though.
Oh yeah, and other dude's right about william FUCKING shatner
I'd rather see a guest apearance by Wil Wheaton as Weasley Crusher and the Traveler than Riker and Diana. Would make for more interesting TV. I never really bought the whole Riker Diana thing anyway, or wasn't she with Worf for a while?
Anyway, if you havent already, check out Just A Geek.
PS: No, I'm not Wil or related
I did this in the first unreal, second level, when you walk outside the ship onto the beautiful planet complete with birds, waterfalls, grass, and even a sort of bunny/deer sorta thing. I spend about 15 minutes just wandering around going "OMG this is beautiful". This was 1998 on the Voodoo 2.
PS: Same thing happened with Unreal 2. Epic sure knows how to make beautiful games. Oh, and more recently Crytek with their Far Cry game. I spent most of the demo swimming with the fish, checking out the birds.
Now if we can just get them off IRC we'll really be cookin'!