Sufficient salt defeats rainbow tables, but doesn't change the fact that most user-chosen passwords are crackable without tremendous effort.
Agreed, which is why you have to also nip the problem in the bud, before the password gets accepted by the system. Minimum length requirements, password complexity requirements, etc. Which goes hand-in-hand with using 16-32 bits of salt.
(Currently, if the attacker has $10,000 and a copy of the hash, any password under 8 characters is doable in less then a week. Even randomly generated passwords that can still be typed on the standard keyboard. If it's in a dictionary, or comprised of multiple words strung together, it's even easier and can be done in less then a few hours.)
Make sure you use something 128+ bit (preferably 256+ bit). Some functions, especially those covered from RFC 3268 would be preferred.
It is not always true that the higher bit version of an encryption function is stronger then the lower bit version. Specifically in AES-128 vs AES-256, but can apply to other algorithms.
(Basically, when they designed AES-256, they flubbed the key scheduling portion compared to AES-128. Which makes AES-256 weaker then it should be.)
None for the near future. And CA certs expire after a year.
That varies by vendor. Most offer 1/2/3 year options for the certificate.
But your point stands, the choice you make today will be revisited in 1-3 years anyway. At which point you can redo your risk assessment and change things.
The only issue here would be backwards secrecy as an older cipher might have a weakness that allows an attacker to read traffic streams a few years down the road. The question is - do you care? The second question is - have you secured other methods of obtaining the same data? Encryption is like a fence pole, it does nothing unless the rest of the fence is there to prevent intrusion.
(Which is why the OP needs to read books like Secrets and Lies so that they can do better risk analysis.)
GTA3:SA takes a lot of what was in GTA3, improves it, expands upon the concept, and then blows the doors out. There's a lot more sandbox play in San Andreas then there was in the original GTA.
I played GTA3:SA a year or two ago, and finally played GTA3 this year. GTA3 was only so-so in comparison to San Andreas. (And I hope to get a chance to play GTA3:VC next month if I have time. That is rumored to be pretty good.)
GTA4, in comparison, went for the "realistic" side and isn't as fun as the GTA3 series was.
I like South Park but Bevis & Butthead never did much for me.
B&B struck me as something that I'd probably only find funny while baked out of my head, on an acid trip, or after a lobotomy. Or maybe really really drunk.
SP, while often offensive, was generally more of a thinking comedy. It wasn't just a series of T&A or fart jokes. Between the cultural references, the double meanings, and attempting to address social issues in whacked out ways. If they targeted something that was personal to you, you had to stop and ask yourself why you were specifically offended.
Having played Duke Nukem 3D within the past few years - it was a very good game for the time it was released. Basically DOOM plus the ability to aim up/down and a modest amount of 3D'ness to the level design. Watching the Javascript version of DOOM reminds me why I found Duke Nukem 3D to be more enjoyable.
It also had a number of good one liners and some very memorable level designs. And the quirky weapons were a lot of fun. The freeze ray + kicking your opponent. The shrink ray + stomping on the wee little piggies. Throwing pipe bombs and using the detonator, or setting up laser tripwires to take out opponents.
(If you have the original CDs, there are updated texture packs that you can get along with an open source engine to run the game.)
Given that IMAP was first RFC'd back in 1986 and has been around for as long as POP3 (more or less), there's no reason why Seamonkey would not have IMAP support. And if it does, no reason that it should not work with GMail.
Unless GMail is doing some sort of non-standard IMAP. (There's been some talk on the Thunderbird users support group this week of Yahoo! doing non-standard IMAP things, so it's possible.)
I just archive by year now. The annual folders generally only have 3-6k messages and it's not hard to narrow things down by year.
Plus it makes it easier to archive infrequently instead of having to stay constantly on top of it. Procrastinate for a few months and it's still only a 1 or 2 step operation to sweep all the old email into the proper folder.
I get lazier as the search tools get better. I would go by decade, but even Thunderbird has issues once you get up into the tens of thousands of messages in a single folder.
(And most other mail clients fall over and die past a few thousand messages in a folder.)
The whole meta-mod system has been basically non-functional for years that I stopped bothering. It used to be worth doing and you could counteract bad moderation. Then they changed it up, changed how it was presented, etc.
GP mentioned Windows. The Windows Server license that runs on 16 cores is really, really "out there" for home users. So we can assume that he is talking about a home OS, and for a home PC 16 cores really is "out there".
Well... I was curious. The major cost in a multi-CPU setup is generally the motherboard. Enthusiast boards are typically in the $150-$250 range, dual-CPU boards are generally in the $400-$550 range (Tyan Thunder n3600T). The 2.8GHz Opteron 6-core CPUs are around $310 each, with slightly slower 2.6GHz 6-core (2435) units at $200.
So a 12-core dual-CPU Opteron setup isn't all that far out there, at least not for an enthusiast. You're looking at paying an extra $500-$800 for the 2nd CPU and more RAM.
The 2.6 8-core Opteron CPUs are $1000 each. The slightly slower 2.4GHz 8-core Opteron (6136) are about $700 each. Those are still bit out there. Since the 12-core Opterons are much lower speed, I didn't bother pricing them.
It does now, but slashdot seems really, really mod point starved as of late. Some discussions there looks like there's almost no one to mod, and when they do get mod points it's 5 now compared to 15 before.
OTOH, I now get mod points (for the past few months) almost every day, in sets of 5. That's up from only getting mod points about once a month or every 2-3 months.
Honestly, the market is continuing to succeed in SPITE of him, not because of him.
Which mirrors how I feel about CCP developers. EVE succeeds in spite of the best efforts of the CCP developers to torpedo it.
(Release a new feature, but it's buggy and barely works, or it's unbalanced. Instead of fixing it, they release another new shiny. Then maybe 4 release cycles later they'll finally get around to doing a small round of cosmetic bug fixes.)
I still think that the main reason that EVE is still afloat is that it is an unique game with no direct competitors.
PvP servers in MMOs are generally cess-pools in chat. It goes with the territory marking.
Which is one of the reasons I always liked WoW's PvP, because other then the standard emotes, there was no easy way to talk trash to the other side. (Although some people have figured out how to shout in Orcish in a way that it translates into semi-legible english for the other team. It at least required a bit of effort.)
Cata sold quite well, but:
- The launch event was lackluster at best
- Cross-realm random dungeon groups are a huge turn-off
- Questing has been turned into a solo-experience through phasing and quest design
Plus Blizzard is in money-grubbing mode the past 2 years and keeps trying to find more and more things that they can charge a fee for. All of the trading card game items. The non-combat pets that can only be bought for real money, etc.
Not to mention the whole RealID fiasco from last summer.
Rift doesn't do that. Instead you pick an archetype, and then can pick and chose form the available souls to craft a class to fit your play style and goals. The game even lets you swap these with little pain. That really opened up the game and made it feel much more like a pen-and-paper game then most MMO's.
Which is also one of the reasons why WoW beat EQ2.
In EQ2, you would pick a major class at level 6 (after 2-3 hours of play). Then you'd pick again at 10, and refine your choice at 20 (if you didn't betray to the other faction). It was touted, at the time of release, as being a more natural progression. The problem was that at level 30, you'd realize you never wanted to be a Coercer and what you really wanted to be was a Shadow Knight. Back you go to level 1, to level up a new character.
In WoW, you pick early, but most classes can fulfill a variety of roles just be re-specializing where you put points in your talent tree. So you could be a priest that heals, or you could fulfill the damage dealer role. Or, had you picked druid, you could perform as a tank, a healer, a ranged caster damage dealer, or as a melee damage dealer. Which meant that if you got bored with your primary role, you could re-spec and try out the secondary role - without having to go grind up a new character from level 1.
I followed pretty much the exact same progression, played EQ for a few years (Kunark had just shipped), then moved to EQ2 then to WoW.
EQ2 could have been great and was actually a reasonable bug-free launch. But the game still suffered from trying to be hard-mode like EQ1 while being more accessible. The biggest issues with EQ2 was that it was a *tiny* world compared to EQ1, and there were zone lines everywhere. The gryphon flights in the Commonlands and the lowbie area outside of Qeynos were just horribly placed.
WoW won out because it was an open world and Blizzard got 95% of the decisions right. I spent my first two weeks in the game thinking "oooh, that's a nice touch" about various elements and there were very few rough edges.
But the problem with SSDs is apparently the norm is to die hard with ZERO warning or chance to back up data!
At the moment, I blame that on shoddy firmware design.
It's still a very young technology - and all those corporations that have jumped into the SSD market don't have much experience. Which means you have a lot of people writing firmware with the approach of "if it works, ship it".
Intel, I mostly trust to write good firmware. Some of the other folks, I don't.
(There's no technical reason why MLC shouldn't also go read-only at end-of-life.)
Heck, as much as I loved it, I'd like to see someone reboot Reboot. Vastly better CGI today, and lots more fodder for the silly puns and inside jokes. Having the characters show up in a casual game would be awesome.
Yes but part of the fun was the campy CGI...
Which also made it possible to not take itself very seriously. If it were to get updated visuals and ultra-realistic CGI, it would probably also have to take itself a lot more seriously - which would not be good.
You can get away with a lot more "out there" things if your graphics are cartoon-like instead of life-like. As a similar example - WoW's graphics allow them to do things like steam engines, rocket cars, gnomish / goblin inventions. If WoW had more realistic graphics, ala Conan or RIFT, a lot of those inventions would look horridly out of place.
I suspect it's not the dev team that are behind decisions like these. After all, they have an interest in keeping the franchise alive, not milking it for short term gain.
Given that four or five key developers left IW last spring (2010), probably the only ones left are either those who can't get work elsewhere, or the suck-ups that are yes-men.
I think the game being 7 years old and people realizing that the sun hasn't burnt out yet and have decided to venture outside once again is what has caused a "caused a ~12% decrease in player population since Cataclysm release".
Given that I haven't played in 3 months (I'm part of that 12%).
- Random dungeons are an exercise in frustration because you'll get grouped with people who don't give a shit, who want to be carried, or who are actively out to grief the group. At best, you can/ignore them. But you can't/ignore more then 50 people and there are a few thousand more griefers just like that person out there. There's no reputation system and no way to/ignore entire guilds or servers. My luck was about 1/5 to 1/4 of dungeon groups being a disaster-in-progress.
- When they put in the RFD (random for dungeon) system, they broke the old LFG tool that would let you assemble a group from your own server faction. So you end up having to put together a group the old way, by whispering everyone in your friends list or asking in guild chat.
- "Phasing". Back in Wrath, they added the concept of phasing which changes the zone as you progress through content. Great concept, but it locks you out from being able to play along side people who have not progressed that far through the quest. The two of you step into an area, and you see entirely different mobs, NPCs and quests. You can't help them, they can't help you - which means that questing becomes a very solo experience unless you constantly coordinate all of your questing with your friends.
- Crappy PvP rewards. I played a *lot* of PvP back in '07. Back then, if you kept at it, you would eventually earn the points required to get the top end PvP gear just by doing battlegrounds. Now, unless you are in a highly rated arena team, you aren't allowed to touch the top-end PvP gear. Well guess how that works out in practice? The rich get richer and the poor stay poor. The top-end teams from the previous season with the top-end gear dominate the arena season at the start, buy the new top-end gear, then proceed to use that advantage to win matches for the rest of the season (keeping their rating up, and forcing the late-comers to have a rating below what is needed to buy the gear). If you don't like arenas (most people don't), you're left trying to survive in world/battleground PvP with gear that is 1-2 seasons behind the power curve.
- Splintered community. Between RFD and solo quests - there's pretty much no need to be friendly with other people. You can be an asshole in groups, and because it's a bunch of random people from other servers that you'll never see again, get away with it with no repercussions on your own server. Having too many servers is also a problem. A lot of servers are pretty much dead at certain times of the day.
WoW has really changed over the past 5 years. It used to be much more community-oriented with people helping or hindering each other. Now it feels a lot more like a FPS where you only group up for things that personally benefit you and you don't need the other players for the rest of the time.
Slashdot Mirror
Sufficient salt defeats rainbow tables, but doesn't change the fact that most user-chosen passwords are crackable without tremendous effort.
Agreed, which is why you have to also nip the problem in the bud, before the password gets accepted by the system. Minimum length requirements, password complexity requirements, etc. Which goes hand-in-hand with using 16-32 bits of salt.
(Currently, if the attacker has $10,000 and a copy of the hash, any password under 8 characters is doable in less then a week. Even randomly generated passwords that can still be typed on the standard keyboard. If it's in a dictionary, or comprised of multiple words strung together, it's even easier and can be done in less then a few hours.)
Make sure you use something 128+ bit (preferably 256+ bit). Some functions, especially those covered from RFC 3268 would be preferred.
It is not always true that the higher bit version of an encryption function is stronger then the lower bit version. Specifically in AES-128 vs AES-256, but can apply to other algorithms.
(Basically, when they designed AES-256, they flubbed the key scheduling portion compared to AES-128. Which makes AES-256 weaker then it should be.)
None for the near future. And CA certs expire after a year.
That varies by vendor. Most offer 1/2/3 year options for the certificate.
But your point stands, the choice you make today will be revisited in 1-3 years anyway. At which point you can redo your risk assessment and change things.
The only issue here would be backwards secrecy as an older cipher might have a weakness that allows an attacker to read traffic streams a few years down the road. The question is - do you care? The second question is - have you secured other methods of obtaining the same data? Encryption is like a fence pole, it does nothing unless the rest of the fence is there to prevent intrusion.
(Which is why the OP needs to read books like Secrets and Lies so that they can do better risk analysis.)
GTA3:SA takes a lot of what was in GTA3, improves it, expands upon the concept, and then blows the doors out. There's a lot more sandbox play in San Andreas then there was in the original GTA.
I played GTA3:SA a year or two ago, and finally played GTA3 this year. GTA3 was only so-so in comparison to San Andreas. (And I hope to get a chance to play GTA3:VC next month if I have time. That is rumored to be pretty good.)
GTA4, in comparison, went for the "realistic" side and isn't as fun as the GTA3 series was.
I like South Park but Bevis & Butthead never did much for me.
B&B struck me as something that I'd probably only find funny while baked out of my head, on an acid trip, or after a lobotomy. Or maybe really really drunk.
SP, while often offensive, was generally more of a thinking comedy. It wasn't just a series of T&A or fart jokes. Between the cultural references, the double meanings, and attempting to address social issues in whacked out ways. If they targeted something that was personal to you, you had to stop and ask yourself why you were specifically offended.
Looks decent, if average. At least they shipped something.
I'll probably pick it up off of Steam if it ever goes on sale for say $20 or so.
Having played Duke Nukem 3D within the past few years - it was a very good game for the time it was released. Basically DOOM plus the ability to aim up/down and a modest amount of 3D'ness to the level design. Watching the Javascript version of DOOM reminds me why I found Duke Nukem 3D to be more enjoyable.
It also had a number of good one liners and some very memorable level designs. And the quirky weapons were a lot of fun. The freeze ray + kicking your opponent. The shrink ray + stomping on the wee little piggies. Throwing pipe bombs and using the detonator, or setting up laser tripwires to take out opponents.
(If you have the original CDs, there are updated texture packs that you can get along with an open source engine to run the game.)
It's a weird world we live in, but I'm surprised no one in China has yet thought about selling organs from cheaply produced Nigerian babies.
Well the main issue would whether the cheap humans have the genetic / antibody match to be a suitable donor for the expensive human.
Why a Kidney (Street Value: $3,000) Sells for $85,000
Poor Pakistanis Donate Kidneys for Money
Since it's not a legalized trade, prices will vary wildly.
Given that IMAP was first RFC'd back in 1986 and has been around for as long as POP3 (more or less), there's no reason why Seamonkey would not have IMAP support. And if it does, no reason that it should not work with GMail.
Unless GMail is doing some sort of non-standard IMAP. (There's been some talk on the Thunderbird users support group this week of Yahoo! doing non-standard IMAP things, so it's possible.)
I just archive by year now. The annual folders generally only have 3-6k messages and it's not hard to narrow things down by year.
Plus it makes it easier to archive infrequently instead of having to stay constantly on top of it. Procrastinate for a few months and it's still only a 1 or 2 step operation to sweep all the old email into the proper folder.
I get lazier as the search tools get better. I would go by decade, but even Thunderbird has issues once you get up into the tens of thousands of messages in a single folder.
(And most other mail clients fall over and die past a few thousand messages in a folder.)
The whole meta-mod system has been basically non-functional for years that I stopped bothering. It used to be worth doing and you could counteract bad moderation. Then they changed it up, changed how it was presented, etc.
Has it been fixed?
GP mentioned Windows. The Windows Server license that runs on 16 cores is really, really "out there" for home users. So we can assume that he is talking about a home OS, and for a home PC 16 cores really is "out there".
Well... I was curious. The major cost in a multi-CPU setup is generally the motherboard. Enthusiast boards are typically in the $150-$250 range, dual-CPU boards are generally in the $400-$550 range (Tyan Thunder n3600T). The 2.8GHz Opteron 6-core CPUs are around $310 each, with slightly slower 2.6GHz 6-core (2435) units at $200.
So a 12-core dual-CPU Opteron setup isn't all that far out there, at least not for an enthusiast. You're looking at paying an extra $500-$800 for the 2nd CPU and more RAM.
The 2.6 8-core Opteron CPUs are $1000 each. The slightly slower 2.4GHz 8-core Opteron (6136) are about $700 each. Those are still bit out there. Since the 12-core Opterons are much lower speed, I didn't bother pricing them.
It does now, but slashdot seems really, really mod point starved as of late. Some discussions there looks like there's almost no one to mod, and when they do get mod points it's 5 now compared to 15 before.
OTOH, I now get mod points (for the past few months) almost every day, in sets of 5. That's up from only getting mod points about once a month or every 2-3 months.
(I've never seen a pack of 15 mod points.)
Honestly, the market is continuing to succeed in SPITE of him, not because of him.
Which mirrors how I feel about CCP developers. EVE succeeds in spite of the best efforts of the CCP developers to torpedo it.
(Release a new feature, but it's buggy and barely works, or it's unbalanced. Instead of fixing it, they release another new shiny. Then maybe 4 release cycles later they'll finally get around to doing a small round of cosmetic bug fixes.)
I still think that the main reason that EVE is still afloat is that it is an unique game with no direct competitors.
PvP servers in MMOs are generally cess-pools in chat. It goes with the territory marking.
Which is one of the reasons I always liked WoW's PvP, because other then the standard emotes, there was no easy way to talk trash to the other side. (Although some people have figured out how to shout in Orcish in a way that it translates into semi-legible english for the other team. It at least required a bit of effort.)
Cata sold quite well, but:
- The launch event was lackluster at best
- Cross-realm random dungeon groups are a huge turn-off
- Questing has been turned into a solo-experience through phasing and quest design
Plus Blizzard is in money-grubbing mode the past 2 years and keeps trying to find more and more things that they can charge a fee for. All of the trading card game items. The non-combat pets that can only be bought for real money, etc.
Not to mention the whole RealID fiasco from last summer.
Rift doesn't do that. Instead you pick an archetype, and then can pick and chose form the available souls to craft a class to fit your play style and goals. The game even lets you swap these with little pain. That really opened up the game and made it feel much more like a pen-and-paper game then most MMO's.
Which is also one of the reasons why WoW beat EQ2.
In EQ2, you would pick a major class at level 6 (after 2-3 hours of play). Then you'd pick again at 10, and refine your choice at 20 (if you didn't betray to the other faction). It was touted, at the time of release, as being a more natural progression. The problem was that at level 30, you'd realize you never wanted to be a Coercer and what you really wanted to be was a Shadow Knight. Back you go to level 1, to level up a new character.
In WoW, you pick early, but most classes can fulfill a variety of roles just be re-specializing where you put points in your talent tree. So you could be a priest that heals, or you could fulfill the damage dealer role. Or, had you picked druid, you could perform as a tank, a healer, a ranged caster damage dealer, or as a melee damage dealer. Which meant that if you got bored with your primary role, you could re-spec and try out the secondary role - without having to go grind up a new character from level 1.
Absolutely none. I do use multiple accounts, and I do use multiple monitors and PC's. But I do not use bots.
As much fun as it was to be my own little mini mission-running or mining fleet with (3) accounts, after a while it got to be too much.
And yet... I want to login and play again.
I followed pretty much the exact same progression, played EQ for a few years (Kunark had just shipped), then moved to EQ2 then to WoW.
EQ2 could have been great and was actually a reasonable bug-free launch. But the game still suffered from trying to be hard-mode like EQ1 while being more accessible. The biggest issues with EQ2 was that it was a *tiny* world compared to EQ1, and there were zone lines everywhere. The gryphon flights in the Commonlands and the lowbie area outside of Qeynos were just horribly placed.
WoW won out because it was an open world and Blizzard got 95% of the decisions right. I spent my first two weeks in the game thinking "oooh, that's a nice touch" about various elements and there were very few rough edges.
Though in truth I think OpenOffice is a far better name than LibreOffice.
Personally, I always disliked the "OpenOffice.org" moniker (it had to have ".org" tacked on due to a trademark dispute or something).
LibreOffice as a project title is fine in my book.
But the problem with SSDs is apparently the norm is to die hard with ZERO warning or chance to back up data!
At the moment, I blame that on shoddy firmware design.
It's still a very young technology - and all those corporations that have jumped into the SSD market don't have much experience. Which means you have a lot of people writing firmware with the approach of "if it works, ship it".
Intel, I mostly trust to write good firmware. Some of the other folks, I don't.
(There's no technical reason why MLC shouldn't also go read-only at end-of-life.)
Heck, as much as I loved it, I'd like to see someone reboot Reboot. Vastly better CGI today, and lots more fodder for the silly puns and inside jokes. Having the characters show up in a casual game would be awesome.
Yes but part of the fun was the campy CGI...
Which also made it possible to not take itself very seriously. If it were to get updated visuals and ultra-realistic CGI, it would probably also have to take itself a lot more seriously - which would not be good.
You can get away with a lot more "out there" things if your graphics are cartoon-like instead of life-like. As a similar example - WoW's graphics allow them to do things like steam engines, rocket cars, gnomish / goblin inventions. If WoW had more realistic graphics, ala Conan or RIFT, a lot of those inventions would look horridly out of place.
I suspect it's not the dev team that are behind decisions like these. After all, they have an interest in keeping the franchise alive, not milking it for short term gain.
Given that four or five key developers left IW last spring (2010), probably the only ones left are either those who can't get work elsewhere, or the suck-ups that are yes-men.
I think the game being 7 years old and people realizing that the sun hasn't burnt out yet and have decided to venture outside once again is what has caused a "caused a ~12% decrease in player population since Cataclysm release".
/ignore them. But you can't /ignore more then 50 people and there are a few thousand more griefers just like that person out there. There's no reputation system and no way to /ignore entire guilds or servers. My luck was about 1/5 to 1/4 of dungeon groups being a disaster-in-progress.
Given that I haven't played in 3 months (I'm part of that 12%).
- Random dungeons are an exercise in frustration because you'll get grouped with people who don't give a shit, who want to be carried, or who are actively out to grief the group. At best, you can
- When they put in the RFD (random for dungeon) system, they broke the old LFG tool that would let you assemble a group from your own server faction. So you end up having to put together a group the old way, by whispering everyone in your friends list or asking in guild chat.
- "Phasing". Back in Wrath, they added the concept of phasing which changes the zone as you progress through content. Great concept, but it locks you out from being able to play along side people who have not progressed that far through the quest. The two of you step into an area, and you see entirely different mobs, NPCs and quests. You can't help them, they can't help you - which means that questing becomes a very solo experience unless you constantly coordinate all of your questing with your friends.
- Crappy PvP rewards. I played a *lot* of PvP back in '07. Back then, if you kept at it, you would eventually earn the points required to get the top end PvP gear just by doing battlegrounds. Now, unless you are in a highly rated arena team, you aren't allowed to touch the top-end PvP gear. Well guess how that works out in practice? The rich get richer and the poor stay poor. The top-end teams from the previous season with the top-end gear dominate the arena season at the start, buy the new top-end gear, then proceed to use that advantage to win matches for the rest of the season (keeping their rating up, and forcing the late-comers to have a rating below what is needed to buy the gear). If you don't like arenas (most people don't), you're left trying to survive in world/battleground PvP with gear that is 1-2 seasons behind the power curve.
- Splintered community. Between RFD and solo quests - there's pretty much no need to be friendly with other people. You can be an asshole in groups, and because it's a bunch of random people from other servers that you'll never see again, get away with it with no repercussions on your own server. Having too many servers is also a problem. A lot of servers are pretty much dead at certain times of the day.
WoW has really changed over the past 5 years. It used to be much more community-oriented with people helping or hindering each other. Now it feels a lot more like a FPS where you only group up for things that personally benefit you and you don't need the other players for the rest of the time.