The whole point of salt is to mitigate a dictionary attack. With your approach it would only take one dictionary attack to obtain the salt, and then another one (using the obtained salt) to obtain the password. Thus, you have merely doubled the amount of computation required to obtain the password. In most security philosophies, increasing the required computation by a polynomial factor does not make it more secure.
"first inventor to file, rather than the first to invent" sounds like code for "prior art no longer matters". Think about this for a minute. You invent something. You try to use it. You get sued into oblivion because someone else filed first. Or how about this one: You invent something. You don't believe in patents, so you give it to the world for free. Someone files and locks it down. Or how about this one: You are sued for doing something that everyone has been doing for fifty years. When you try to defend yourself, your defense is struck down because prior art no longer matters--you didn't file first.
Some people might think that disproving lunacy is actually news.
Calling religion lunacy is like beating up an old dying grandma. Everyone knows she cannot hit back with any significant force. If you want to do something impressive, try showing that society would be better off without religion, or that people with conviction are less content overall. Now That would be like whipping the old grandma at a knitting or cookie-backing contest.
There are two ways to stop deep packet inspection: The technical way (encryption) and the political way (net neutrality). What baffles me is why all the geeks have given up on the technical solution and are now pushing for a political solution. The best argument I've yet heard for giving up on the technical solution is that politicians *might* ban encryption, and the best argument I've heard for pursuing the political solution is that we *might* get lucky with a law based on principle instead of one that guarantees that ISPs and governments can do deep packet inspection for "legitimate" reasons. Can someone please enlighten me as to why we continue to give up on the technical solution?
Open source protects one's time investment. If you are going to spend your valuable time learning to use some software, do you really want the organization that developed it to have the power to say "now you must pay us money to continue using your own skills, or to get newer features, or to use it on a new platform, or to integrate with some service, etc."? Long ago, I helped to develop the software that eventually became PAF, and I will tell you not to use it. Why? Because it has been abandoned. I have the source code, but I cannot legally distribute it, nor can I add new features or fix all the problems that bother me with it. I've tried to persuade them to let me, but there is way too much red tape. Any time spent learning to use PAF or any other proprietary software is time spent chaining yourself to the whims of an organization that will certainly have different priorities than you. No, don't use some polished-up proprietary piece of software. Spend your time learning an open source product. Even if you learn software of lesser quality, at least you develop a talent that fully belongs to you.
Ooh, PlasticSCM is free (as in beer, but not as in liberty) for up to fifteen users for a lifetime!
Git is free. (period). Why do we even put these on the same chart?
So, you trust the corporations to just take it from here? I'm sure they'll do fine, but only as long as Mozilla stays right where it is at, ready to eat their lunch the very second they stop innovating and try to lock their customers down.
So one guy lost faith--why is this headlin news?
on
Desktop Linux Is Dead
·
· Score: 1
So maybe Linux will camp out in the server and smart-phone markets for a while. Maybe vendors don't believe in Linux on the desktop yet. Whose to say it will never move into that market? Commercial products die when they lack the market share to support the salaries of the programmers. Free software lives until the last guy stops donating his time. We are nowhere near that. Linux continues to make a phenomenal difference to me, and I will continue to contribute as long as it keeps the ideals of freedom. Small != dead.
Allowing people to remain anonymous to readers, but insisting that they give you identification you can use to trace them if they violate the TOS, seems a reasonable compromise.
So you're saying it's okay to say things you don't want your mom to hear, but nothing should be kept from the people that run corporations or governments. IMHO, I'm not convinced there is a need to compromise. Let's keep real anonymity.
Wait! I've got a brilliant solution! "if (filesize some_size) use_old_system() else use_bit_torrent()". Yeah, I know, I'm a genius. That's why I make the big bucks.
Your analogy has many flaws. Hackers do not enter your computer. Exploits are not typical methods of entry. Your home is not a service intentionally placed on the web for others to use. Let me see if I can fix it...
Suppose you post a mentally-handicapped guard at your castle gate. When you are gone, your enemy hands him a scroll with instructions and says "These are from your boss. He wants you to do them right away." The instructions tell him to ransack your bed-chamber and run your underwear up the flag-pole. The guard obeys. Who is to blame?
Discovering an exploit hardly makes him responsible for it. Let's put the blame where it belongs, probably either sloppy coding practices, or high pressure from clueless management to develop software quickly.
So if the Library of Congress says jail-breaking is okay, and the DMCA says it's not, which one takes precedence in U.S. law?
(You do not need to point out that this is Slashdot, not a legal firm. I do not expect all responses to be from lawyers. I will not take any responses to be authoritative. Heretofore therefore nonesuch nevertheless notwithstanding and yadda yadda.)
In the US, we pay for each text message that we receive... Imagine if your ISP allowed only 100 emails per month, unsolicited email would not be tolerated.
Why do you pay for this "service"? By your own argument, wouldn't the world be a better place if we let the spammers make people pay for useless text messages? What a great way to tell people, "Hey! you're being exploited by a business that preys upon the ignorant."
Someone else might just pick up his idea, fix the problems, and publish it himself.
I don't see the problem. The first publication will always have the earliest time stamp. If people really try to fudge time-stamps, we could check the time-stamps in Google's cache and see who is lying, or in the worst case resort to some formal time-stamping system for publications. If scientist A presents an idea, but it contains a technical flaw, and scientist B fixes it, then everything is working perfectly. Let the scientific community decide which of them deserves acclaim. Scientist A is still free to ask trusted colleagues to review his paper before he publishes it. All I'm saying is that he shouldn't be forced to.
Slashdot let's you publish first, and be reviewed later. The peer-review system used by scientists forces them to work on their papers until someone finally "mods" it acceptable. Imagine how much faster science could advance if we had a system that actually let scientists focus on research, let people trained in technical writing do the reporting, and let Google design a post-publication moderation system to sort out the useful advances from the career posturing. Science could learn a lot from Slasdot. It is simply ignorant that we continue to put up huge barriers to publication.
Are you saying there is nothing wrong with charging a corporation for something that is none of its business? I'm no corporate sympathizer, but in my mind, that still seems to be a violation of something. What do you call that thing, if not a right? Perhaps it's an "expectation of being treated fairly". Can corporations have an "expectation of being treated fairly"? If so, how does that differ from a...right?
It naturally follows that the ISPs should have a say in how much total money should be spent on copyright enforcement. Otherwise it's taxation without representation....or is that exclusively an 18th century American concept?
Every quality song that is released to the public domain makes a future where it will be slightly more difficult for the RIAA to survive. Is there be a more noble cause anywhere on this planet?
...encourage people to post content then basically look away until someone complains about it.
Yeah, and the constitution should also be held responsible for encouraging Copyright violations with this ridiculous "freedom of speech" notion. Surely the right to distribute my works while still telling everyone what they are allowed to do with it is the most inherent and inalienable right of them all./sarcasm
I admin a phone system in Idaho, a one party consent state. Basically, we can record anything without warning, even calls from two-party consent states.
"According to California court case Kearney v. Salomon Smith Barney, Inc. (July 13, 2006) if someone from a one party notification state calls into a two party state such as California, then the two party notification law outweighs the one party notification law."
This is the very heart of the whole issue. NN is on the table simply because competition in the ISP business is dead. So why not solve the problem directly by breaking up ISPs that have market dominance in particular regions? Because there's no way our gov't would ever pull that off? Okay, I guess we need NN then.
Then I propose that we refer to it as a "hands-off market", since the term "free market" falsely implies a maximization of freedom. Then we can continue to debate about how to implement a freedom-maximizing market without falling into this rut where confused people say "no, free is bad, we need less free".
Slashdot Mirror
Not if you encrypt the salt using the password.
The whole point of salt is to mitigate a dictionary attack. With your approach it would only take one dictionary attack to obtain the salt, and then another one (using the obtained salt) to obtain the password. Thus, you have merely doubled the amount of computation required to obtain the password. In most security philosophies, increasing the required computation by a polynomial factor does not make it more secure.
"first inventor to file, rather than the first to invent" sounds like code for "prior art no longer matters". Think about this for a minute. You invent something. You try to use it. You get sued into oblivion because someone else filed first. Or how about this one: You invent something. You don't believe in patents, so you give it to the world for free. Someone files and locks it down. Or how about this one: You are sued for doing something that everyone has been doing for fifty years. When you try to defend yourself, your defense is struck down because prior art no longer matters--you didn't file first.
Some people might think that disproving lunacy is actually news.
Calling religion lunacy is like beating up an old dying grandma. Everyone knows she cannot hit back with any significant force. If you want to do something impressive, try showing that society would be better off without religion, or that people with conviction are less content overall. Now That would be like whipping the old grandma at a knitting or cookie-backing contest.
There are two ways to stop deep packet inspection: The technical way (encryption) and the political way (net neutrality). What baffles me is why all the geeks have given up on the technical solution and are now pushing for a political solution. The best argument I've yet heard for giving up on the technical solution is that politicians *might* ban encryption, and the best argument I've heard for pursuing the political solution is that we *might* get lucky with a law based on principle instead of one that guarantees that ISPs and governments can do deep packet inspection for "legitimate" reasons. Can someone please enlighten me as to why we continue to give up on the technical solution?
Open source protects one's time investment. If you are going to spend your valuable time learning to use some software, do you really want the organization that developed it to have the power to say "now you must pay us money to continue using your own skills, or to get newer features, or to use it on a new platform, or to integrate with some service, etc."? Long ago, I helped to develop the software that eventually became PAF, and I will tell you not to use it. Why? Because it has been abandoned. I have the source code, but I cannot legally distribute it, nor can I add new features or fix all the problems that bother me with it. I've tried to persuade them to let me, but there is way too much red tape. Any time spent learning to use PAF or any other proprietary software is time spent chaining yourself to the whims of an organization that will certainly have different priorities than you. No, don't use some polished-up proprietary piece of software. Spend your time learning an open source product. Even if you learn software of lesser quality, at least you develop a talent that fully belongs to you.
Ooh, PlasticSCM is free (as in beer, but not as in liberty) for up to fifteen users for a lifetime! Git is free. (period). Why do we even put these on the same chart?
So, you trust the corporations to just take it from here? I'm sure they'll do fine, but only as long as Mozilla stays right where it is at, ready to eat their lunch the very second they stop innovating and try to lock their customers down.
So maybe Linux will camp out in the server and smart-phone markets for a while. Maybe vendors don't believe in Linux on the desktop yet. Whose to say it will never move into that market? Commercial products die when they lack the market share to support the salaries of the programmers. Free software lives until the last guy stops donating his time. We are nowhere near that. Linux continues to make a phenomenal difference to me, and I will continue to contribute as long as it keeps the ideals of freedom. Small != dead.
You know you can send texts to people via email right now for free, pretty much.
Then why isn't there a smart-phone app that helps people text for free via this mechanism? (or is there?)
Allowing people to remain anonymous to readers, but insisting that they give you identification you can use to trace them if they violate the TOS, seems a reasonable compromise.
So you're saying it's okay to say things you don't want your mom to hear, but nothing should be kept from the people that run corporations or governments. IMHO, I'm not convinced there is a need to compromise. Let's keep real anonymity.
Wait! I've got a brilliant solution! "if (filesize some_size) use_old_system() else use_bit_torrent()". Yeah, I know, I'm a genius. That's why I make the big bucks.
Your analogy has many flaws. Hackers do not enter your computer. Exploits are not typical methods of entry. Your home is not a service intentionally placed on the web for others to use. Let me see if I can fix it...
Suppose you post a mentally-handicapped guard at your castle gate. When you are gone, your enemy hands him a scroll with instructions and says "These are from your boss. He wants you to do them right away." The instructions tell him to ransack your bed-chamber and run your underwear up the flag-pole. The guard obeys. Who is to blame?
Aussie Student Responsible For Twitter Exploit
Discovering an exploit hardly makes him responsible for it. Let's put the blame where it belongs, probably either sloppy coding practices, or high pressure from clueless management to develop software quickly.
So if the Library of Congress says jail-breaking is okay, and the DMCA says it's not, which one takes precedence in U.S. law?
(You do not need to point out that this is Slashdot, not a legal firm. I do not expect all responses to be from lawyers. I will not take any responses to be authoritative. Heretofore therefore nonesuch nevertheless notwithstanding and yadda yadda.)
In the US, we pay for each text message that we receive... Imagine if your ISP allowed only 100 emails per month, unsolicited email would not be tolerated.
Why do you pay for this "service"? By your own argument, wouldn't the world be a better place if we let the spammers make people pay for useless text messages? What a great way to tell people, "Hey! you're being exploited by a business that preys upon the ignorant."
Someone else might just pick up his idea, fix the problems, and publish it himself.
I don't see the problem. The first publication will always have the earliest time stamp. If people really try to fudge time-stamps, we could check the time-stamps in Google's cache and see who is lying, or in the worst case resort to some formal time-stamping system for publications. If scientist A presents an idea, but it contains a technical flaw, and scientist B fixes it, then everything is working perfectly. Let the scientific community decide which of them deserves acclaim. Scientist A is still free to ask trusted colleagues to review his paper before he publishes it. All I'm saying is that he shouldn't be forced to.
Slashdot let's you publish first, and be reviewed later. The peer-review system used by scientists forces them to work on their papers until someone finally "mods" it acceptable. Imagine how much faster science could advance if we had a system that actually let scientists focus on research, let people trained in technical writing do the reporting, and let Google design a post-publication moderation system to sort out the useful advances from the career posturing. Science could learn a lot from Slasdot. It is simply ignorant that we continue to put up huge barriers to publication.
Corporations should have zero rights.
Are you saying there is nothing wrong with charging a corporation for something that is none of its business? I'm no corporate sympathizer, but in my mind, that still seems to be a violation of something. What do you call that thing, if not a right? Perhaps it's an "expectation of being treated fairly". Can corporations have an "expectation of being treated fairly"? If so, how does that differ from a ...right?
It naturally follows that the ISPs should have a say in how much total money should be spent on copyright enforcement. Otherwise it's taxation without representation. ...or is that exclusively an 18th century American concept?
Nearly all of those proprietary apps are themselves clones.
...often of what was originally FOSS software. How's that for a vicious circle?
Further, they often even derived from the same source code ...until the GPL became a popular way to prevent that.
Every quality song that is released to the public domain makes a future where it will be slightly more difficult for the RIAA to survive. Is there be a more noble cause anywhere on this planet?
...encourage people to post content then basically look away until someone complains about it.
Yeah, and the constitution should also be held responsible for encouraging Copyright violations with this ridiculous "freedom of speech" notion. Surely the right to distribute my works while still telling everyone what they are allowed to do with it is the most inherent and inalienable right of them all. /sarcasm
I admin a phone system in Idaho, a one party consent state. Basically, we can record anything without warning, even calls from two-party consent states.
Really? That's not what http://en.wikipedia.org/wiki/Telephone_recording_laws says
"According to California court case Kearney v. Salomon Smith Barney, Inc. (July 13, 2006) if someone from a one party notification state calls into a two party state such as California, then the two party notification law outweighs the one party notification law."
What other service provider?
This is the very heart of the whole issue. NN is on the table simply because competition in the ISP business is dead. So why not solve the problem directly by breaking up ISPs that have market dominance in particular regions? Because there's no way our gov't would ever pull that off? Okay, I guess we need NN then.
Then I propose that we refer to it as a "hands-off market", since the term "free market" falsely implies a maximization of freedom. Then we can continue to debate about how to implement a freedom-maximizing market without falling into this rut where confused people say "no, free is bad, we need less free".