Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.
Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.
The secret service typically won't be involved unless there's $5,000 worth of damages; and to get to that figure they generally need someone complaining that the response to the exceeding of authorized damages was >= $5,000. I'd be surprised if the Apple store hadn't complained.
IANAL, but I believe your employer is obligated to provide you with a safe working environment, doubly so with regards to your membership in protected classes. If an employer permits a hostile working environment, especially one that unduly affects people who are members of protected classes (in this case, women) it is a form of illegal discrimination and you most certainly do have recourse.
You can't hire the KKK, let them turn your workplace into a de facto Klan meeting, and let them intimidate or harm new employees who happen to be non-white or non-protestant. The employer is responsible for that. If they weren't, the provisions against workplace discrimination in the CRA would be very hard to enforce, because this is precisely how it would be done (hell, this is roughly how it was done during many years of Jim Crow).
You have to realize that in the cases that prompted this legislation - Blackwater and other defense contractors - you have employers recruiting cowboy-mentality young men, arming them with weapons, and teaching them that might-makes-right and that not all people have rights that you are obligated to respect. They create an environment where human rights abuses are tolerated if not encouraged, and this extends all the way down to their own workers and sexual assault.
The internet wasn't being used by nearly as many people in the 1990s, especially the early to mid-90s, as it is today. It is hard to compare across decades without pausing to realize that. A lot of the differences have to do with the amount of business and commerce that happens on the internet, as well as the work done by AOL (and to a lesser extent massive ISPs like Earthlink) to market the internet for the masses.
Most of the people I knew on the internet used IRC, but that's clear selection bias: most of the people I knew who used the internet I knew via the internet, and met via IRC. Not everyone used it regularly, but in other communities (mailing lists, and the like) people generally knew what IRC was and how to connect to it. Lots of communities had and have IRC servers. Slashnet, anyone?
The trouble with relying on QoS is that this won't help a lot of users (particularly not-the-fastest DSL users) when someone, say, joins a torrent: the incoming requests will end up swamping the DSL modem's uplink. That is, the congestion is not between the client and the AP, it's between your next-hop and your modem. Your wireless AP's QoS controls are helpless to regulate this traffic. Slowing down the traffic between the AP and the client will maybe discourage your neighbor from attempting to use the line on the torrent, but it won't have a significant effect on decreasing the traffic to the DSL line, and if you start dropping more packets per QoS policy, it will just result in more retransmissions.
This all gets a lot easier when everyone has significantly faster lines, but ultimately this is not a problem that current technology does a great job of solving. Specifically, this gets easier (but is still a far cry from solved) when the bandwidth of the wireless fabric is about the same as the bandwidth of the ISP uplink.
It is also worth pointing out that even if your neighbors don't share your internet connection, if their wireless AP shares your channel they share your wireless bandwidth. But that is the wireless fabric bandwidth, which tends to be more abundant.
The variable could contain a newline and then set an arbitrary HTTP header (set-cookie, for instance) or it could redirect the user to anywhere on the internet, including reflexive XSS attacks on arbitrary sites, etc.
i'm saying wouldn't it be better to have your testicles inside your body and evolve sperm that develop at a higher temperature? its pretty ridiculous to have such an important organ dangling outside unprotected. i never understood why.
Here's a hint: we got to where we are via random mutation and natural selection, not design.
You're both wrong. There are two things that can kill: power, and frequency.
To get from being healthy and alive to cooked requires a change in energy as lots of chemical bonds need to be destroyed. This requires work to be done, and the rate at which work is done is power. This is the traditional killer in most electrocutions. I say it's the power and not the work that kills, because if the power is low enough, you can probably survive indefinitely. Power is current*voltage, and it's measured in watts. A static shock is easily 10kV - air doesn't breakdown and conduct until you've got 3 million volts/meter, so the 5mm static shock you might get when you rub your feet on the carpet is around 15kV. But you didn't move all that much charge with that action, so the current is necessarily very low, as is the power.
If you want to know how fast a microwave will cook a hotdog, a great place to start is the power rating (watts) of the microwave. If you want to know how fast an electric oven will get to temperature, the right place to start is the power rating (watts) of the microwave. You two are arguing over whether it's the 120V that kills the hotdog or the 10A that kills the hotdog, when it's very clearly the product (1020W) that does it. That's why the wattage of the microwave is a selling point.
Frequency: You actually don't need to cook someone to kill them, which means without that much work/power it's possible to kill someone. The trick is inducing cardiac arrest. The frequency turns out to be much more important than the total work done. Tasers don't do much work, for instance, but they have killed people. Someone with more of a background in the electrochemistry of the nervous system and the heart could probably chime in more on this.
Everyone knows drives are most vulnerable when the heads are engaged, and the spinning platters should cause a single destructive action to potentially spread to the entire circumference. Why not do a write operation to the entire disk and hit it with a hammer during the write? Do that properly and the heads should go flying off in pieces into the platters, and the platters spinning with the loose head material should ensure nothing survives.
In practice, I'd run the sniffer on the machine if there was already one there. The absence of the sniffer revealing traffic does not mean there is no traffic, but if the sniffer shows traffic it's a safe bet it's real.
Frankly I've yet to hear of any rootkits that would let the sniffer still work and not show the compromised traffic, I think it's more of an in-theory than in-practice. Because I mean, I suspect users who know how to operate sniffers are an edge case for botnet authors. If you've got the sniffer on the machine and can easily run it, why not?
A fine alternative is setting up a span port (monitor port) on the switch. I work with managed switches all day, so I'm spoiled in this regard - I don't really think that's an option for the OP however, linksys switches tend to be pretty dumb.
One needn't compromise a router in order to gain access to it. They can be given access, after all.
There are thousands of network engineers and similar who work for ISPs, who routinely capture traffic as part of their jobs. It takes only one of them to disregard the rules/the law/their job and run a longer trace, or to run a trace to capture one specific thing and inadvertently capture passwords. Or worse yet, it takes only one of them to have their credentials or machines personally compromised.
It might be a bit farfetched, but once you start working in this business and you see how many engineers have pretty advanced credentials, you realize that any one of them could become a determined attacker and do quite a bit of damage -- or, a sufficiently determined attacker could get a job as a network engineer.
Perhaps what browsers should do is have a separate class of errors for whenever there's a password field in the form. Given how often people google, comment on blogs, or what-have-you, I'm not about to tolerate an additional click for every POST. But I will tolerate an additional click for every POST where one of the fields was a password.
I thought the whole deal with libraries is that they get mapped into the local process space. I certainly don't have a 'libc', 'gtk,' or 'libffmpeg' process running, yet I'm running processes that use that library. Where is the context switching to, exactly?
If you had meant system calls, I don't think there are many (any?) things that are implemented as system calls that could have been implemented as cheap library calls, in other OS, unless I'm missing something.
If political activism is allowed in Egypt, it may unfortunately mean a conversion from a relatively secular government to an Islamic government which will be even less tolerant toward the Coptic Christian minority.
The same could have been said regarding Iraq under Saddam Hussein. Except Mubarak gets billions and Hussein got deposed and hung. What's the difference? The major ones I can think of involve Hussein wanting to default on Iraq's national debt and ideologically aligning himself against Israel.
Do you and others truly prefer secular tyrants to religious states that offer much more democracy and freedom of expression? I can understand siding with Mubarak and Hussein, or I can understand siding with the Brotherhood in Egypt and al-Sadr in Iraq, but if you side with one and not the other clearly there are significant motivating factors beyond this question of secular versus religious and democratic versus tyrannical rule.
There will probably be digital standard definition broadcasts as well. ATSC supports standard definition resolutions as well, which are especially useful for when a broadcaster multiplexes multiple streams into a single channel.
I don't think this contradicts anything - you are allocated a/48 prefix, but that gives you 16 bits for subnets and 64 bits for hosts in each subnet you create. The idea is you have 64 bits for the host and, if you're working within 1/48, 16 bits for the network identifier. This lets people move subnets more easily (as only the prefix would need to change) and simplifies routing tables.
I never asserted that allocations were only/64s - that would be crazy and very obviously wrong - but I do believe that hosts are always 64 bits. Wikipedia for Subnetwork seems to state that you can subnet further, but you'll tend to run into problems because of the stateless autoconfiguration features - which are a core part of IPv6 - requiring a/64 bit prefix for the network.
Why do people spend so much time saying the Palestinians should forsake violence and adopt non-violent tactics and yet spend so little time saying that the Israelis (Mossad, IDF, et. al) should forsake violent tactics and adopt non-violent tactics?
The reality is that dispossession of poor Palestinians dates back to the first time Ottoman deeds were sold in the early 20th century, the mass dispossession of Palestinians dates back to 1947, and the occupation of very large Palestinian population centers dates back to 1967. The majority of Palestinians for a majority of those decades were pretty nonviolent, and the first intifada was characterized by only symbolic violence (stonethrowing) which was met with lethal force, and it's only in the last decade and a half now that we've seen organized Palestinians resist in ways that *aren't* nonviolent.
I think a sad reality is that most of the world who is suffering resists nonviolently every day, and most of the world is absolutely blind to the suffering.
I would argue that those who are concerned about offshoring (and that should be all of us in IT) should be looking towards unions. Unions are a way for workers voices to come together and be heard at the table. There are quite a few jobs that can't yet easily be offshored, and if we had an industry-wide union and thought it made (economic, political, practical) sense we could do something like demand that no more than N% of jobs be outsourced, and if they don't listen to us, ALL union workers could walk out.
To put it another way, you are implying that a union *must* attempt to alter their wages, and nothing else, and that it must attempt to raise the wages. Well, the way it should be, in my opinion, is that the union should be working for what we want: maybe that's higher wages because we think we can do that and keep our jobs, or maybe it's just a contract and a guarantee we won't be thrown out at the end of the fiscal year, or maybe it's just ergonomic chairs. The union should be working for what the workers want - if you think what the workers want isn't a productive thing to get, in a democratic union you can convince workers and make your argument rationally and if the majority agrees with you, well, hey, that's democracy.
To say nothing of the fact that workers should be responding to a globalized workforce with a globalized union! People should be paid and treated fairly, and I suspect there are a lot of workers in Mumbai who would benefit from the entire industry being union.
Now it's true that many unions aren't democratic and consequently don't really represent the workers. A lot of this is intentional and has to do with the Taft-Hartley act neutering the unions. But don't throw the baby out with the bathwater!
Frankly, what I would like to see, and what has even LESS chance to get set in than getting rid of the electoral college, is a test that must be taken when one votes that has basic principles of civics.
Slashdot Mirror
Yes, but slowing down a brute force attacker by a factor of the cardinality of the set of unique salts will almost certainly be a huge win, especially if the salts chosen are long enough where salt-collisions are rare to nonexistent. 6.5 million accounts were compromised; requiring someone to have 6.5 million times as much compute resources to compromise all passwords is nothing to sneeze at.
Of course, salts don't help you in the case where a well determined attacker isn't after 6.5 million accounts but rather just one specific account, but that's not what they are intended to help with.
The secret service typically won't be involved unless there's $5,000 worth of damages; and to get to that figure they generally need someone complaining that the response to the exceeding of authorized damages was >= $5,000. I'd be surprised if the Apple store hadn't complained.
IANAL, but I believe your employer is obligated to provide you with a safe working environment, doubly so with regards to your membership in protected classes. If an employer permits a hostile working environment, especially one that unduly affects people who are members of protected classes (in this case, women) it is a form of illegal discrimination and you most certainly do have recourse.
You can't hire the KKK, let them turn your workplace into a de facto Klan meeting, and let them intimidate or harm new employees who happen to be non-white or non-protestant. The employer is responsible for that. If they weren't, the provisions against workplace discrimination in the CRA would be very hard to enforce, because this is precisely how it would be done (hell, this is roughly how it was done during many years of Jim Crow).
You have to realize that in the cases that prompted this legislation - Blackwater and other defense contractors - you have employers recruiting cowboy-mentality young men, arming them with weapons, and teaching them that might-makes-right and that not all people have rights that you are obligated to respect. They create an environment where human rights abuses are tolerated if not encouraged, and this extends all the way down to their own workers and sexual assault.
The internet wasn't being used by nearly as many people in the 1990s, especially the early to mid-90s, as it is today. It is hard to compare across decades without pausing to realize that. A lot of the differences have to do with the amount of business and commerce that happens on the internet, as well as the work done by AOL (and to a lesser extent massive ISPs like Earthlink) to market the internet for the masses.
Most of the people I knew on the internet used IRC, but that's clear selection bias: most of the people I knew who used the internet I knew via the internet, and met via IRC. Not everyone used it regularly, but in other communities (mailing lists, and the like) people generally knew what IRC was and how to connect to it. Lots of communities had and have IRC servers. Slashnet, anyone?
The trouble with relying on QoS is that this won't help a lot of users (particularly not-the-fastest DSL users) when someone, say, joins a torrent: the incoming requests will end up swamping the DSL modem's uplink. That is, the congestion is not between the client and the AP, it's between your next-hop and your modem. Your wireless AP's QoS controls are helpless to regulate this traffic. Slowing down the traffic between the AP and the client will maybe discourage your neighbor from attempting to use the line on the torrent, but it won't have a significant effect on decreasing the traffic to the DSL line, and if you start dropping more packets per QoS policy, it will just result in more retransmissions. This all gets a lot easier when everyone has significantly faster lines, but ultimately this is not a problem that current technology does a great job of solving. Specifically, this gets easier (but is still a far cry from solved) when the bandwidth of the wireless fabric is about the same as the bandwidth of the ISP uplink. It is also worth pointing out that even if your neighbors don't share your internet connection, if their wireless AP shares your channel they share your wireless bandwidth. But that is the wireless fabric bandwidth, which tends to be more abundant.
Gold lost all intrinsic value when society gained the ability to metalwork with harder, more durable metals than gold. Why tie a currency to it?
This ARPANET thing has been going just fine without the government getting involved. Let's keep it that way!
The variable could contain a newline and then set an arbitrary HTTP header (set-cookie, for instance) or it could redirect the user to anywhere on the internet, including reflexive XSS attacks on arbitrary sites, etc.
Here's a hint: we got to where we are via random mutation and natural selection, not design.
You're both wrong. There are two things that can kill: power, and frequency.
To get from being healthy and alive to cooked requires a change in energy as lots of chemical bonds need to be destroyed. This requires work to be done, and the rate at which work is done is power. This is the traditional killer in most electrocutions. I say it's the power and not the work that kills, because if the power is low enough, you can probably survive indefinitely. Power is current*voltage, and it's measured in watts. A static shock is easily 10kV - air doesn't breakdown and conduct until you've got 3 million volts/meter, so the 5mm static shock you might get when you rub your feet on the carpet is around 15kV. But you didn't move all that much charge with that action, so the current is necessarily very low, as is the power.
If you want to know how fast a microwave will cook a hotdog, a great place to start is the power rating (watts) of the microwave. If you want to know how fast an electric oven will get to temperature, the right place to start is the power rating (watts) of the microwave. You two are arguing over whether it's the 120V that kills the hotdog or the 10A that kills the hotdog, when it's very clearly the product (1020W) that does it. That's why the wattage of the microwave is a selling point.
Frequency: You actually don't need to cook someone to kill them, which means without that much work/power it's possible to kill someone. The trick is inducing cardiac arrest. The frequency turns out to be much more important than the total work done. Tasers don't do much work, for instance, but they have killed people. Someone with more of a background in the electrochemistry of the nervous system and the heart could probably chime in more on this.
Everyone knows drives are most vulnerable when the heads are engaged, and the spinning platters should cause a single destructive action to potentially spread to the entire circumference. Why not do a write operation to the entire disk and hit it with a hammer during the write? Do that properly and the heads should go flying off in pieces into the platters, and the platters spinning with the loose head material should ensure nothing survives.
In practice, I'd run the sniffer on the machine if there was already one there. The absence of the sniffer revealing traffic does not mean there is no traffic, but if the sniffer shows traffic it's a safe bet it's real. Frankly I've yet to hear of any rootkits that would let the sniffer still work and not show the compromised traffic, I think it's more of an in-theory than in-practice. Because I mean, I suspect users who know how to operate sniffers are an edge case for botnet authors. If you've got the sniffer on the machine and can easily run it, why not? A fine alternative is setting up a span port (monitor port) on the switch. I work with managed switches all day, so I'm spoiled in this regard - I don't really think that's an option for the OP however, linksys switches tend to be pretty dumb.
Or a freezer!
One needn't compromise a router in order to gain access to it. They can be given access, after all.
There are thousands of network engineers and similar who work for ISPs, who routinely capture traffic as part of their jobs. It takes only one of them to disregard the rules/the law/their job and run a longer trace, or to run a trace to capture one specific thing and inadvertently capture passwords. Or worse yet, it takes only one of them to have their credentials or machines personally compromised.
It might be a bit farfetched, but once you start working in this business and you see how many engineers have pretty advanced credentials, you realize that any one of them could become a determined attacker and do quite a bit of damage -- or, a sufficiently determined attacker could get a job as a network engineer.
Not if you use troy (or standard) ounces for both.
Where's the BBC story that's mentioned? I think the editors left a link out.
Perhaps what browsers should do is have a separate class of errors for whenever there's a password field in the form. Given how often people google, comment on blogs, or what-have-you, I'm not about to tolerate an additional click for every POST. But I will tolerate an additional click for every POST where one of the fields was a password.
Library calls cause context switches?
I thought the whole deal with libraries is that they get mapped into the local process space. I certainly don't have a 'libc', 'gtk,' or 'libffmpeg' process running, yet I'm running processes that use that library. Where is the context switching to, exactly?
If you had meant system calls, I don't think there are many (any?) things that are implemented as system calls that could have been implemented as cheap library calls, in other OS, unless I'm missing something.
If political activism is allowed in Egypt, it may unfortunately mean a conversion from a relatively secular government to an Islamic government which will be even less tolerant toward the Coptic Christian minority.
The same could have been said regarding Iraq under Saddam Hussein. Except Mubarak gets billions and Hussein got deposed and hung. What's the difference? The major ones I can think of involve Hussein wanting to default on Iraq's national debt and ideologically aligning himself against Israel.
Do you and others truly prefer secular tyrants to religious states that offer much more democracy and freedom of expression? I can understand siding with Mubarak and Hussein, or I can understand siding with the Brotherhood in Egypt and al-Sadr in Iraq, but if you side with one and not the other clearly there are significant motivating factors beyond this question of secular versus religious and democratic versus tyrannical rule.
There will probably be digital standard definition broadcasts as well. ATSC supports standard definition resolutions as well, which are especially useful for when a broadcaster multiplexes multiple streams into a single channel.
I don't think this contradicts anything - you are allocated a /48 prefix, but that gives you 16 bits for subnets and 64 bits for hosts in each subnet you create. The idea is you have 64 bits for the host and, if you're working within 1 /48, 16 bits for the network identifier. This lets people move subnets more easily (as only the prefix would need to change) and simplifies routing tables.
I never asserted that allocations were only /64s - that would be crazy and very obviously wrong - but I do believe that hosts are always 64 bits. Wikipedia for Subnetwork seems to state that you can subnet further, but you'll tend to run into problems because of the stateless autoconfiguration features - which are a core part of IPv6 - requiring a /64 bit prefix for the network.
In general? AFAIK there are no exceptions. Am I wrong?
Why do people spend so much time saying the Palestinians should forsake violence and adopt non-violent tactics and yet spend so little time saying that the Israelis (Mossad, IDF, et. al) should forsake violent tactics and adopt non-violent tactics?
The reality is that dispossession of poor Palestinians dates back to the first time Ottoman deeds were sold in the early 20th century, the mass dispossession of Palestinians dates back to 1947, and the occupation of very large Palestinian population centers dates back to 1967. The majority of Palestinians for a majority of those decades were pretty nonviolent, and the first intifada was characterized by only symbolic violence (stonethrowing) which was met with lethal force, and it's only in the last decade and a half now that we've seen organized Palestinians resist in ways that *aren't* nonviolent.
I think a sad reality is that most of the world who is suffering resists nonviolently every day, and most of the world is absolutely blind to the suffering.
I would argue that those who are concerned about offshoring (and that should be all of us in IT) should be looking towards unions. Unions are a way for workers voices to come together and be heard at the table. There are quite a few jobs that can't yet easily be offshored, and if we had an industry-wide union and thought it made (economic, political, practical) sense we could do something like demand that no more than N% of jobs be outsourced, and if they don't listen to us, ALL union workers could walk out.
To put it another way, you are implying that a union *must* attempt to alter their wages, and nothing else, and that it must attempt to raise the wages. Well, the way it should be, in my opinion, is that the union should be working for what we want: maybe that's higher wages because we think we can do that and keep our jobs, or maybe it's just a contract and a guarantee we won't be thrown out at the end of the fiscal year, or maybe it's just ergonomic chairs. The union should be working for what the workers want - if you think what the workers want isn't a productive thing to get, in a democratic union you can convince workers and make your argument rationally and if the majority agrees with you, well, hey, that's democracy.
To say nothing of the fact that workers should be responding to a globalized workforce with a globalized union! People should be paid and treated fairly, and I suspect there are a lot of workers in Mumbai who would benefit from the entire industry being union.
Now it's true that many unions aren't democratic and consequently don't really represent the workers. A lot of this is intentional and has to do with the Taft-Hartley act neutering the unions. But don't throw the baby out with the bathwater!
Frankly, what I would like to see, and what has even LESS chance to get set in than getting rid of the electoral college, is a test that must be taken when one votes that has basic principles of civics.
They tried that already: http://en.wikipedia.org/wiki/Literacy_tests