It's not like a bunch of government workers are going to be running over to freshmeat to get their software
And all I have to say is, why the fuck not? freshmeat not good enough for them? They have to spend taxpayer's money to get the same stuff at an inflated cost?
How do you generate/remember the password for the database?
Don't tell anybody, but the password for the database is 'password'!
Actually, the database is just a text file in colon-separated-values format (ala/etc/passwd) in the form of "place:username:password", except that it's gpg encrypted. And I have a little perl script that helps me manage it (adding entries, listing entries, etc).
1) You're limiting the randomness of the characters. You'll have 10+26+26 possible characters for your password.
Awwww, 62 possible characters not enough for you? There's nothing stopping me from throwing in other characters, if I cared that much. With a 32 character password, there are 2.27265788449675e+57 possible passwords. Even with only 6 characters, that's still 56,800,235,584 possible passwords.
2) The rand function may not be all that good, depending on implementation. For example, some rand()'s may use the clock as the seed to the function. If you know the time that the password was generated you can determine the password.
Actually, perl's rand() is quite good. It uses/dev/random (on linux at least), so it gets entropy from the system (keys being hit, mouse movements, etc), not the clock. Try running this script:
#!/usr/bin/perl my %hash; while (1) {
my $rand = rand;
$hash{$rand}++;
last if ($hash{$rand} > 1); } print "$_ => $hash{$_}\n" for (keys %hash); print "Got a dupe!\n";
And tell me how long it takes you to get a duplicate. I've never actually managed to get one:)
3) The passwords are difficult to remember, making it more likely that it will end up on a post-it.
That's where the encrypted database comes in. No post-its here.
4) Blah blah blah
I'm sorry, are you trying to argue that I might as well just use 'password' just because you can brute force 'BnWK4529IdpFA04LAjdT88Wgk3xnwo3h'? (not my real password btw) Get real. My passwords are strong passwords, I don't care if you can brute force it by trying all 2.27265788449675e+57 combinations. It's still better than 'password', which can be guessed in 2 seconds.
Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted. -- Fun.
BTW, where are the forms of entertainment (TV, cable, movies) that show a thinking protagonist solving complex problems? All I see is "reality" TV.
JOHN DOE!! Ha!
(for those that don't know, the tv show "John Doe" is about an amnesiac who woke up one day and pretty much knows everything except who he is. It's a pretty good show; he uses his massive intellect to help the police solve crimes, while trying to discover who he is. Ok, my summary does the show no justice whatsoever, but at least I enjoy watching it)
While the researchers do say on a few occasions, correctly, that lead is a toxin which may be affecting children, it appears as if they correctly realize that their study is correlative and cannot be directly linked, therefore, to causation.
So basically what you're saying is that stupidity causes lead poisoning?
perhaps we shouldn't reward people who break laws [by hacking] by giving them a job?
If that person is reformed, why not? They'll have a hard enough time finding a job with a criminal record, at least they should be able to get jobs in areas where they've proven themselves competent.
Of course, if the person is a repeat offender and they've proven themselves untrustworthy, that's a different can of worms. But if it's just one offence, and they've subsequently cleaned up their act, then what's the problem?
For example, if he traveled back 200 years but remained in the same position, he would have appeared not in Wall Street but in space to quickly die in a vaccuum. The comfort of Earth would literally be billions of miles away.
Obviously, if he is sophisticated enough to have a time machine, his time machine must be sophisticated enough to correct for the motion of the planets.
If the time machine wasn't that sophisticated, how else do you explain this guy traveling back in time and not winding up in the vacuum? HUH?!?
There are various machines around that let you deposit money onto your OneCard, but there is no "university-approved network" of stores that accept the OneCard as payment.
The OneCard is primarily used for borrowing books from the library, and for operating the photocopiers/printers on campus, and there is exactly one vending machine on campus that allows you to pay with your OneCard.
As for people living in residence who have meal plans (like me), there's a separate card for that, provided by Aramark. To get into our dorms, we have keys. Laundry is coin-operated. The OneCard has absolutely nothing to do with the on-campus residences.
For most finals and midterms, we're required to show our onecards and/or driver's licenses as photo ID, but the OneCards aren't swiped through a card reader or anything, it's just photo ID, nothing more.
There are restricted areas on campus that you can access by swiping your OneCard and punching in a secret code, but as a first year undergrad, I don't have access to any of those places so I can't say what it's like (though for most of the places that aren't top-secret nuclear research facilities, it's almost trivially easy to get in by walking in when somebody else walks out -- we're friendly here in Canada, generally we hold the door open for people we don't know).
So, if you're a student at a school that uses Blackboard, do you feel more secure now that the DMCA has tried to stop you from learning about its security flaws?
Gee, I dunno. This is Canada, there is no DMCA here (as far as I know, anyway). Hopefully some Canadian security researcher will hear about this, and continue the research here...
... what we really need is a way to block images with specific dimensions; most ads come in two specific sizes, the "wide narrow banner" and the "big fat box", both of which can be seen on Slashdot.
Apple and Microsoft fighting over which one gets to own Universal is truly a fight of Good vs. Evil.
Apple has their "Rip, Mix, Burn" attitude towards fair use: fair use is, well, fair. Apple wants you to buy CDs and then put that legal music onto your iPod. Apple is Good.
Microsoft is pushing DRM. To Microsoft, "fair use" is treated as piracy. If Microsoft buys Universal, you'll be able to play music CDs in your computer, but only in Windows and only with Windows Media Player 9. And you wouldn't be able to rip the CDs, either. Microsoft is Evil.
Unfortunately, Microsoft has much deeper pockets than Apple, so I can't see how Apple could ever seriously hope to purchase Universal is Microsoft is truly interested in it. But, I hope to God that Apple does purchase it, because if they don't, the whole music industry will really go to shit (if you think it's shit now, you ain't seen nothing yet).
Re:Terms of service for beer?
on
OpenPGP Meetup
·
· Score: 1
You'd think with all the talent out there someone would have written a quick CGI to do this, rather than using a commercial service (meetup.com).
Well, there is Biglumber, which I rather like; it's just a shame that they didn't use it.
Re:So can someone explain these things?
on
OpenPGP Meetup
·
· Score: 1
Why is this important? Why should I care?
A plaintext email can easily be read by anybody who wants to read it, and emails aren't at all hard to spoof, either. PGP provides a way of verifying that the email you are reading was in fact written by the person who claims to have written it (assuming it's signed and you trust their key), and that nobody else read it inbetween his writing it and your reading it (assuming it's encrypted).
Sure, it might not matter much to you if John Q. Hax0r reads your correspondence with your mother, but for some people, it's very, very important to ensure that privacy is maintained. Politics and big business come to mind (two corrupt business men would want to keep their corporate crimes a secret, so they'd naturally encrypt their emails to each other -- ok, bad example...). It's surprising how few people have actually adopted this, though.
A better example would be, never ever ever install a piece of software unless it's PGP signature verifies properly, and you trust that the key used to sign it is valid. If not, then it could very easily be trojaned or tampered with in some other way. Unfortunately, not all developers sign their work.
In an ideal world, all email would be encrypted & signed, then you wouldn't have to worry so much about your online privacy:)
Slashdot Mirror
It's not like a bunch of government workers are going to be running over to freshmeat to get their software
And all I have to say is, why the fuck not? freshmeat not good enough for them? They have to spend taxpayer's money to get the same stuff at an inflated cost?
And just think, if no leap seconds were added since 1972, you'd be having your Noon Lunch at 11:59:38!
:)
That works out to a 0.7 second/year loss. At that rate, noon would beome midnight in 60,000 years (if my calculations are right).
I don't know about you, but I think the inversion of noon and midnight is something to be avoided
How do you generate/remember the password for the database?
/etc/passwd) in the form of "place:username:password", except that it's gpg encrypted. And I have a little perl script that helps me manage it (adding entries, listing entries, etc).
Don't tell anybody, but the password for the database is 'password'!
Actually, the database is just a text file in colon-separated-values format (ala
1) You're limiting the randomness of the characters. You'll have 10+26+26 possible characters for your password.
/dev/random (on linux at least), so it gets entropy from the system (keys being hit, mouse movements, etc), not the clock. Try running this script:
:)
Awwww, 62 possible characters not enough for you? There's nothing stopping me from throwing in other characters, if I cared that much. With a 32 character password, there are 2.27265788449675e+57 possible passwords. Even with only 6 characters, that's still 56,800,235,584 possible passwords.
2) The rand function may not be all that good, depending on implementation. For example, some rand()'s may use the clock as the seed to the function. If you know the time that the password was generated you can determine the password.
Actually, perl's rand() is quite good. It uses
#!/usr/bin/perl
my %hash;
while (1)
{
my $rand = rand;
$hash{$rand}++;
last if ($hash{$rand} > 1);
}
print "$_ => $hash{$_}\n" for (keys %hash);
print "Got a dupe!\n";
And tell me how long it takes you to get a duplicate. I've never actually managed to get one
3) The passwords are difficult to remember, making it more likely that it will end up on a post-it.
That's where the encrypted database comes in. No post-its here.
4) Blah blah blah
I'm sorry, are you trying to argue that I might as well just use 'password' just because you can brute force 'BnWK4529IdpFA04LAjdT88Wgk3xnwo3h'? (not my real password btw) Get real. My passwords are strong passwords, I don't care if you can brute force it by trying all 2.27265788449675e+57 combinations. It's still better than 'password', which can be guessed in 2 seconds.
Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted. -- Fun.
Most of the people I know with a clue have an algorithm for coming up with their password. I do.
.. 9); .. "Z"); .. "z"); .. $ARGV[0]);
:)
Indeed. This is my algorithm:
#!/usr/bin/perl
push @chars, (0
push @chars, ("A"
push @chars, ("a"
print $chars[int rand @chars] for (1
print "\n";
Usually I pick the maximum allowable length for the password I'm generating.
How do I remember these passwords? I have an encrypted database
BTW, where are the forms of entertainment (TV, cable, movies) that show a thinking protagonist solving complex problems? All I see is "reality" TV.
JOHN DOE!! Ha!
(for those that don't know, the tv show "John Doe" is about an amnesiac who woke up one day and pretty much knows everything except who he is. It's a pretty good show; he uses his massive intellect to help the police solve crimes, while trying to discover who he is. Ok, my summary does the show no justice whatsoever, but at least I enjoy watching it)
While the researchers do say on a few occasions, correctly, that lead is a toxin which may be affecting children, it appears as if they correctly realize that their study is correlative and cannot be directly linked, therefore, to causation.
:)
So basically what you're saying is that stupidity causes lead poisoning?
(sorry, couldn't resist
perhaps we shouldn't reward people who break laws [by hacking] by giving them a job?
If that person is reformed, why not? They'll have a hard enough time finding a job with a criminal record, at least they should be able to get jobs in areas where they've proven themselves competent.
Of course, if the person is a repeat offender and they've proven themselves untrustworthy, that's a different can of worms. But if it's just one offence, and they've subsequently cleaned up their act, then what's the problem?
And when will we see the cure for old?
For example, if he traveled back 200 years but remained in the same position, he would have appeared not in Wall Street but in space to quickly die in a vaccuum. The comfort of Earth would literally be billions of miles away.
Obviously, if he is sophisticated enough to have a time machine, his time machine must be sophisticated enough to correct for the motion of the planets.
If the time machine wasn't that sophisticated, how else do you explain this guy traveling back in time and not winding up in the vacuum? HUH?!?
(just kidding)
it's a Weekly World News story. Y'know like the crazy magazines in the MiB movie.
Best investigative journalism on the planet!
There is actually TWO whole vending machines that allow you to pay with your OneCard.
Really? Where?
There's one in CAB, in the vending machine area. I've never seen another.
As MS's server logs flood with people using Mozilla on Linux try to slashdot windowsupdate :)
We have the most difficult encryption technique available to protect our meal plans: BarCode
Interesting, my Aramark meal card has a magnetic strip, no barcode.
My irrelevant rant?
Maybe readers who go to schools that use such a system can expand on how that system is used.
It would have been irrelevant if jamie hadn't asked for it.
I'm a student at the University of Alberta, and I have one of these OneCards.
There are various machines around that let you deposit money onto your OneCard, but there is no "university-approved network" of stores that accept the OneCard as payment.
The OneCard is primarily used for borrowing books from the library, and for operating the photocopiers/printers on campus, and there is exactly one vending machine on campus that allows you to pay with your OneCard.
As for people living in residence who have meal plans (like me), there's a separate card for that, provided by Aramark. To get into our dorms, we have keys. Laundry is coin-operated. The OneCard has absolutely nothing to do with the on-campus residences.
For most finals and midterms, we're required to show our onecards and/or driver's licenses as photo ID, but the OneCards aren't swiped through a card reader or anything, it's just photo ID, nothing more.
There are restricted areas on campus that you can access by swiping your OneCard and punching in a secret code, but as a first year undergrad, I don't have access to any of those places so I can't say what it's like (though for most of the places that aren't top-secret nuclear research facilities, it's almost trivially easy to get in by walking in when somebody else walks out -- we're friendly here in Canada, generally we hold the door open for people we don't know).
So, if you're a student at a school that uses Blackboard, do you feel more secure now that the DMCA has tried to stop you from learning about its security flaws?
Gee, I dunno. This is Canada, there is no DMCA here (as far as I know, anyway). Hopefully some Canadian security researcher will hear about this, and continue the research here...
Sigh...BitTorrent needs a standard web-of-trust system...
.torrent files?
How about we just gpg sign the
... what we really need is a way to block images with specific dimensions; most ads come in two specific sizes, the "wide narrow banner" and the "big fat box", both of which can be seen on Slashdot.
Double of nothing is still nothing. Sorry.
They can't.
Maybe not, but if they find out that you do it, they'll charge you $97.8 billion
Apple and Microsoft fighting over which one gets to own Universal is truly a fight of Good vs. Evil.
Apple has their "Rip, Mix, Burn" attitude towards fair use: fair use is, well, fair. Apple wants you to buy CDs and then put that legal music onto your iPod. Apple is Good.
Microsoft is pushing DRM. To Microsoft, "fair use" is treated as piracy. If Microsoft buys Universal, you'll be able to play music CDs in your computer, but only in Windows and only with Windows Media Player 9. And you wouldn't be able to rip the CDs, either. Microsoft is Evil.
Unfortunately, Microsoft has much deeper pockets than Apple, so I can't see how Apple could ever seriously hope to purchase Universal is Microsoft is truly interested in it. But, I hope to God that Apple does purchase it, because if they don't, the whole music industry will really go to shit (if you think it's shit now, you ain't seen nothing yet).
You'd think with all the talent out there someone would have written a quick CGI to do this, rather than using a commercial service (meetup.com).
Well, there is Biglumber, which I rather like; it's just a shame that they didn't use it.
Why is this important? Why should I care?
:)
A plaintext email can easily be read by anybody who wants to read it, and emails aren't at all hard to spoof, either. PGP provides a way of verifying that the email you are reading was in fact written by the person who claims to have written it (assuming it's signed and you trust their key), and that nobody else read it inbetween his writing it and your reading it (assuming it's encrypted).
Sure, it might not matter much to you if John Q. Hax0r reads your correspondence with your mother, but for some people, it's very, very important to ensure that privacy is maintained. Politics and big business come to mind (two corrupt business men would want to keep their corporate crimes a secret, so they'd naturally encrypt their emails to each other -- ok, bad example...). It's surprising how few people have actually adopted this, though.
A better example would be, never ever ever install a piece of software unless it's PGP signature verifies properly, and you trust that the key used to sign it is valid. If not, then it could very easily be trojaned or tampered with in some other way. Unfortunately, not all developers sign their work.
In an ideal world, all email would be encrypted & signed, then you wouldn't have to worry so much about your online privacy
As an act of civil disobedience, I shall only download music from now on.
If they want my money, they can set up a pay-per-download service.
Am I the only one who reads IDE environment and cringes at the redundancy? It's the same as people saying they need a NIC card for their computer.
Hey yeah, that's like when I was at the bank and I needed to know my personal PIN identification number!