Hell yes. 80 bones for a good keyboard? I could care less about the whole blank thing, but the 5 different levels of force? I'm all over that ( like Paris on a cheeseburger ).
Now if it comes apart and I can clean it in the dishwasher...mmmm.
Holy crap! I hope this is supposed to be funny. You do realize that by pre-encrypting the password you effectively make the crypted password in the database a plaintext password?
I wasn't here to give a class on website security, I was here to make a point. If you can't connect the dots, that's your problem, not mine. Further, it does not make it a plain text password: It makes it a hash of a password that is not well protected. The difference being you can't log into someone else's site with it like you could with a plain text password.
Which in your javascript MD5 scheme above is the same as a plaintext password.
See, md5 is what's called "One way encryption". You can't not get back to a password once you've encrypted it with md5.
Now, even if you are using a different method for the javascript encryption, you still need to get the plaintext password back on the server to encrypt it again with the same method used in the database hash so that you can compare to two hashes to make sure they match.
Er...no you don't. You are too hung up on plain text passwords. Ignore them. The trick is to get the client to present a sequence of data that the server is expecting from this user.
My original point remains: Most backends don't store plain text passwords.
Login credentials are often stored unencrypted on the server side, leaving your password open for compromise by any legitimate admin of that site or anyone who manages to hack into it.
You're speaking out your ass: Most places that store login information encrypt it before it hits the database. Even more paranoia can be had if you have someone like me who uses javascript to md5 the password before sending it over the wire.
So at best, an admin will have access to a hash of your password.
Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.
I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.
Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".
And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.
Great, so the shows are going to be portable ( pipe dream? I don't doubt the possibility, I doubt the IP laywers will let it happen ). What about decent shows?
Yes it was. I spent most of the time in the theator thinking why am i the only one who feels physical pain when someone opens their mouth?
The acting stank. I can't fault the actors, there are several good ones in this movie. It can only be the director. There were several times when it seems like they took the first take.
The love scenes were, as he said, amazingly bad. Bad enough that I was embarrased for them and lucas. Again, no one in the theator seemed to notice.
Why do driod have to talk amongst each other? They are ROBOTS, couldn't they, you know, wifi it or soemthing?
Seriously, think about it for a moment: If it's completely anonymous, then how can we count the nodes. By counting a node, we now know where it is, virtually speaking, and can translate that into a physical location.
So either we don't know where all the nodes are, or this isn't really anonymous.
You really only get one side from this story. I'm no fan at censorships at University, but the guy was really asking for it. After being told repeatedly by his administration that this was a no-go (and we don't have the full story on why this was a no-go) he did it anyways. It's insubordination, more than anything else. If he had worked in less confrontational manner, who knows what he might have been able to acheive.
There were a lot of companies telling him no, but not because it wasn't academic.
Quite frankly, we need more people like this guy to do what he did. He likely knew he'd be in a shit load of trouble, but he also knew that it was the right thing to do.
Helps that it got the media's attention on the problem, not that they'll understand it.
I don't think you apprecaite what it means to train the wage monkey's at walmart this. I am not referring to 1, 2 or even a storeful. I am talking about training this technique to ALL the clerks at ALL the walmarts across the country.
Can you imagine the problems you'd run into? The hassles you'd cause customers when the clerks failed to get them to auth themselves. Oh, the scanner is broken? Have to wait to buy a movie then...for a few days.
The logistics of this are staggering, nevermind the privacy and fair use aspects of it.
...what you are saying is you want to force another procedure on a wage slave who will, in all likelyhood mess it up royally ( because of being the affore mentioned wage slave ).
Right. You know, I'm all for worrying about my rights, but I think, at least in this, we are being far to paraniod for our own good. And in the process, giving your average walmart worker far too much credit.
But..but..he doesn't *have* full control over development. People can fork off at any time; that's not control. He steers his branch where he wants, and people build on top of that; that's not complete control either.
As much as I hate to say it, the truth of the matter is this: Linux essentially belongs to everyone in that we can all make our own forks if we feel it necessary. Linus simply directs the pack of juiced up monkeys in the development, but if enough people lost faith in him, a new fork would be started.
It's very sensitive to latency and dropped packets, but it's not a bandwidth hog. In fact, I can fit at least 50 calls through a t1 using ulaw ( uncompressed voice codec ). Using gsm, that number jumps to over 200.
Why is anything relating to beer considered Slashdot material, yet something relating to rights of products purchased over the internet not slashdot material when it references wine?
"Until the baby boomers start retiring" isn't all that long from now. The "whole slew" of software and services are in development as we speak from both MS proprietary competitors and the FOSS world.
Wiser heads will prevail before hubris utterly destroys them.
There's optimism, and then there's fantasy land. Wiser heads almost never prevail. PHBs prevail. While the wiser heads are banging their heads agains the wall.
What IS in danger is the "nobody gets fired for buying MS" mentality
No it isn't. And it won't be for a very long time. At least until the baby boomers begin retiring, then who knows? Let me tell you why: Software. If I am a dental office, for example, my choices for office programs are all windows based. And even if I somehow manage to find a practice management software that ISN'T windows based, I'm still screwed if I want to take xrays.
This isn't isolated. This is common. For the momentum to shift away from MS a whole slew of software and services will have to come out that replace the much needed functionality of the windows anchored software packages. Which won't happen with the baby boomers being in charge and being close enough to retirement that they don't want to start anything so large of a project.
MS has a huge warchest. This always comes up when people start speculating that MS is going down. I don't think people fully comprehend what this money will do for MS.
It will allow them to go through a complete denial cycle. When they finally realize that their business model and software is flawed, they will still have plenty left to turn it around.
The only way MS would be in any danger is if they somehow lost all that money. And the only real way I can see that happening is through legal actions. Multiple. With big payouts. Then, when MS starts to go through their "problem phase", they won't have enough cash to see them through their denial cycle, and they could potentially flop at that point. Potentially. Keep in mind, however, that there is so much momentum behind them, that'd be a remote possibility, even then.
MS is a reality we will have to deal with for a long time. I applaud the folks working on Mono, they at least grasp this concept.
Slashdot Mirror
keyboard really worth the high price tag?
Hell yes. 80 bones for a good keyboard? I could care less about the whole blank thing, but the 5 different levels of force? I'm all over that ( like Paris on a cheeseburger ).
Now if it comes apart and I can clean it in the dishwasher...mmmm.
Holy crap! I hope this is supposed to be funny. You do realize that by pre-encrypting the password you effectively make the crypted password in the database a plaintext password?
I wasn't here to give a class on website security, I was here to make a point. If you can't connect the dots, that's your problem, not mine. Further, it does not make it a plain text password: It makes it a hash of a password that is not well protected. The difference being you can't log into someone else's site with it like you could with a plain text password.
Which in your javascript MD5 scheme above is the same as a plaintext password.
See, md5 is what's called "One way encryption". You can't not get back to a password once you've encrypted it with md5.
Now, even if you are using a different method for the javascript encryption, you still need to get the plaintext password back on the server to encrypt it again with the same method used in the database hash so that you can compare to two hashes to make sure they match.
Er...no you don't. You are too hung up on plain text passwords. Ignore them. The trick is to get the client to present a sequence of data that the server is expecting from this user.
My original point remains: Most backends don't store plain text passwords.
Well, for 1) The girls at suicide girls are usually pretty hot.
And 2) ( this is a biggy ) They are FUCKING CRAZY
Login credentials are often stored unencrypted on the server side, leaving your password open for compromise by any legitimate admin of that site or anyone who manages to hack into it.
You're speaking out your ass: Most places that store login information encrypt it before it hits the database. Even more paranoia can be had if you have someone like me who uses javascript to md5 the password before sending it over the wire.
So at best, an admin will have access to a hash of your password.
Not that I particularly apprecaite idiot crackers making my work harder, but you gotta figure they'll be cringing at this rather blunt and clumsy attempt at extortion{sp}.
I mean, is it really that much harder to make a virus that silently installs itself and listens for key strokes, then sends those back to you through a few cracked proxies? And there you go: account numbers and passwords.
Idiots. If they do try to collect on this, they'll be caught, we'll find it's a couple of dumb as fuck kids who thought it'd be cool to "have a couple hundred bucks".
And while I'm on that, 200 bucks? If you are really trying to get money, why not charge 20 bucks? For 200 bucks, most people are likely to seek outside help. For 20 bucks, people are more likely to just fork it over. I'd bet you'd have a greater ROI with the lower charge.
Great, so the shows are going to be portable ( pipe dream? I don't doubt the possibility, I doubt the IP laywers will let it happen ). What about decent shows?
to Jamie: It wasn't THAT bad
Yes it was. I spent most of the time in the theator thinking why am i the only one who feels physical pain when someone opens their mouth?
The acting stank. I can't fault the actors, there are several good ones in this movie. It can only be the director. There were several times when it seems like they took the first take.
The love scenes were, as he said, amazingly bad. Bad enough that I was embarrased for them and lucas. Again, no one in the theator seemed to notice.
Why do driod have to talk amongst each other? They are ROBOTS, couldn't they, you know, wifi it or soemthing?
then how do we know there are a hundred nodes?
Seriously, think about it for a moment: If it's completely anonymous, then how can we count the nodes. By counting a node, we now know where it is, virtually speaking, and can translate that into a physical location.
So either we don't know where all the nodes are, or this isn't really anonymous.
Seriously. How many times does Lucas get to kick us in the nuts before we finally decide enough is enough?
"He really didn't mean Episode 1&2, and especially Jar Jar. He really does love me. We deserved what we got from Ep 1&2"
You really only get one side from this story. I'm no fan at censorships at University, but the guy was really asking for it. After being told repeatedly by his administration that this was a no-go (and we don't have the full story on why this was a no-go) he did it anyways. It's insubordination, more than anything else. If he had worked in less confrontational manner, who knows what he might have been able to acheive.
There were a lot of companies telling him no, but not because it wasn't academic.
Quite frankly, we need more people like this guy to do what he did. He likely knew he'd be in a shit load of trouble, but he also knew that it was the right thing to do.
Helps that it got the media's attention on the problem, not that they'll understand it.
I don't think you apprecaite what it means to train the wage monkey's at walmart this. I am not referring to 1, 2 or even a storeful. I am talking about training this technique to ALL the clerks at ALL the walmarts across the country.
Can you imagine the problems you'd run into? The hassles you'd cause customers when the clerks failed to get them to auth themselves. Oh, the scanner is broken? Have to wait to buy a movie then...for a few days.
The logistics of this are staggering, nevermind the privacy and fair use aspects of it.
...what you are saying is you want to force another procedure on a wage slave who will, in all likelyhood mess it up royally ( because of being the affore mentioned wage slave ).
Right. You know, I'm all for worrying about my rights, but I think, at least in this, we are being far to paraniod for our own good. And in the process, giving your average walmart worker far too much credit.
They think Microsoft may have had the Pentagon place backdoors into Windows to be used in times of war.
You forgot the quotes around "in times of war".
And hey, aren't we at war with terrorism?
But..but..he doesn't *have* full control over development. People can fork off at any time; that's not control. He steers his branch where he wants, and people build on top of that; that's not complete control either.
As much as I hate to say it, the truth of the matter is this: Linux essentially belongs to everyone in that we can all make our own forks if we feel it necessary. Linus simply directs the pack of juiced up monkeys in the development, but if enough people lost faith in him, a new fork would be started.
...that slashdot will stop linking to them?
Not trying to troll, but what's the point of linking to a story when most of your readership can't/won't subscribe to read it?
Mind clueing me into an app that uses less than 13Kbps ( http://www.voip-info.org/wiki-Codecs )?
It's very sensitive to latency and dropped packets, but it's not a bandwidth hog. In fact, I can fit at least 50 calls through a t1 using ulaw ( uncompressed voice codec ). Using gsm, that number jumps to over 200.
Why is anything relating to beer considered Slashdot material, yet something relating to rights of products purchased over the internet not slashdot material when it references wine?
Erm...I did.
http://openvpn.net/
I was worried there for a second.
Ok, no I wasn't.
"Until the baby boomers start retiring" isn't all that long from now. The "whole slew" of software and services are in development as we speak from both MS proprietary competitors and the FOSS world.
Realistically, we're looking at 10-15 years.
Wiser heads will prevail before hubris utterly destroys them.
There's optimism, and then there's fantasy land. Wiser heads almost never prevail. PHBs prevail. While the wiser heads are banging their heads agains the wall.
What IS in danger is the "nobody gets fired for buying MS" mentality
No it isn't. And it won't be for a very long time. At least until the baby boomers begin retiring, then who knows? Let me tell you why: Software. If I am a dental office, for example, my choices for office programs are all windows based. And even if I somehow manage to find a practice management software that ISN'T windows based, I'm still screwed if I want to take xrays.
This isn't isolated. This is common. For the momentum to shift away from MS a whole slew of software and services will have to come out that replace the much needed functionality of the windows anchored software packages. Which won't happen with the baby boomers being in charge and being close enough to retirement that they don't want to start anything so large of a project.
MS has a huge warchest. This always comes up when people start speculating that MS is going down. I don't think people fully comprehend what this money will do for MS.
It will allow them to go through a complete denial cycle. When they finally realize that their business model and software is flawed, they will still have plenty left to turn it around.
The only way MS would be in any danger is if they somehow lost all that money. And the only real way I can see that happening is through legal actions. Multiple. With big payouts. Then, when MS starts to go through their "problem phase", they won't have enough cash to see them through their denial cycle, and they could potentially flop at that point. Potentially. Keep in mind, however, that there is so much momentum behind them, that'd be a remote possibility, even then.
MS is a reality we will have to deal with for a long time. I applaud the folks working on Mono, they at least grasp this concept.
Oh my god, that DOES look like it.
God, you wacky bastard, you've been reading too much slashdot.
Seriously.
You are in a dark room. You see exits to the north, south and west.
Wish I had mod points ( and hadn't posted inthis discussion ), that makes perfect sense.
Thank you