This land is your land (AT&T), this land is my land (Verizon) From (Chevron) California, to the (J.P. Morgan) New York Island From the redwood (West Fraser Timber)forest, to the gulf stream (BP)waters This land was made for you (Monsanto) and me (Archer-Daniels-Midland)
As I was walking a ribbon of (Cintra-Zachry) highway I saw above me an endless (American-Airlines) skyway I saw below me a (Alcoa )golden valley This land was made for you (Microsoft) and me (Apple)
Uh, what? The time to stop this is BEFORE it is made. Once it's made, it may not show up turned on at consumers houses, but instead will be at Walmart and stores. Once it's built in to TVs, even if turned off by default, it's just a simple switch your cable company/TV firmware has to flip before it's on.
Or, to prove Godwin s law.
Don't even let your government talk about making large labor camps with lots of incinerators, once you reach that point it is already too late and your government needs replaced.
Computers are far more efficient at cracking password then people are at remembering them. Simply put, it's a math problem. Computers are much better at math then we are.
Other systems have the problem of being too simple, aka the program just checks an unsalted MD5 hash of a local file/database. Or too complex, Vendor1 validates passwords this way and Vendor2 validates passwords that way, and all this crap has to work together.
Any new system should use some kind of password API, like http://www.openwall.com/phpass/ for example, that handles the encoding and decoding of passwords and different types of password in the same database.
"Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of Many-Core- and other platforms through ATI-Stream, Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols. "
4. Weeding out 'bad' passwords when the user tries to set them with a good password policy.
A good portion of any large account database can be hacked almost instantly because of common passwords and simple plain dictionary attacks. This is the low hanging fruit that can be easily farmed by any 2-bit cracker with a GPU in short order these days.
Yes, it's easier for a hacker to attack your accounts if he knows there will be at least 9 symbols, some letters, some numbers, and maybe a symbol or two, but that is a much higher baseline then 'Password1'.
The problem with what your recommending is a huge percent of the systems out there have the password database on the same computer or the application uses SQL to directly query the password database. Almost every SQL injection attack that dumps passwords could be stopped if the password checking function used stored procedures with a user that could not run regular queries even if the DB is on the same server.
>Also, in a majority of cases, if you can obtain password hashes, you may just take whatever was protected by that hash. Like sending spam from email accounts?
>Fully random ASCII characters have 6.57 bits of entropy. Yes, Fully random ASCII for true fully random, but the chances of people using fully random 14 digit characters is... unlikely. It's more like 1.7 or less for the average users password. People cannot remember passwords that long. People don't type passwords that long and random correctly (people type patterns well). The helldesk will be unlocking accounts all day.
You're wrong about the nature of most password hash captures. They are more along the lines of http://xkcd.com/327/ then a full access root to a system. Even these days SQL injections are all too common, and character sets being used incorrectly still lead to surprising results.
Not always true. Sometimes an exploit only allows a person access to the authentication database, not a full DB or root exploit. Too many people reuse passwords.
There problem is there is still tons of old sites that have MD5 storing passwords. Then there is the second problem of password reuse. Username/Password reuse is the more dangerous of the two, because it can render an account on a system with strong passwords where then local attacks can be attempted.
Once processors stop costing between $100 and $1000, maybe. There are plenty of CPUs on boards with chips, like the Atom, which also sells to the manufactures for $32 each. The problem is we're stapling something expensive to something unreliable. Not a good combo.
Really, there are a lot of mom/pop stores out there, you just don't see them as retail stores anymore. Service is where the money is, not sales. Customers are tired of Dell, Best Buy, $Big Name Vendor$ fucking them over and are looking for people they can trust to tell them the truth about their equipment and provide decent service. I know plenty of people who think Dell and BB are curse words.
There's no real market need for 100 motherboard models, it's just motherboard companies with a need to differentiate themselves.
If there was no real market for 100 models, then their wouldn't be all the motherboard companies trying to differentiate themselves. It's called competition, it happens in open markets. It allows me to choose a manufacture that gives a good product, with a good warranty, and good customer service practices, and I can get the features I want.
OEMs are the one's that are most happy when they can chip the $5 off. They're the ones who face the most risk when something goes wrong with the board. Currently if a MB goes bad in one of the warrantied Dells around here, dell comes out, switches out the board, and puts the ram, processor, and everything else back in the case. With the next gen, they're also carting back a $500 i7 too.
You're not working around enough computers is all.
I've replaced just about every manufacture of Intel and AMD board I can think of. Intel, Gigabyte, MSI, Tyan, Supermicro, Asus, Abit, XFX, etc. They all fail. Hundreds over the years. The only thing I've seen fail more is power supplies and processors. The number of processors I've seen fail (without the MB going out at the same time to catastrophic failure) I could count on both hands. Processors on the other hand seem to be the most stable and least likely item to fail in the case.
CPU power is upgrading so slowly that there's no reason for a lot of people to upgrade. If your board goes bad, for a lot of models it's not hard to find a OEM replacement at a decent price. Switch the board out and your back running. With Intels new plan, if your board dies out of warranty, a replacement is cost of board+processor. Might as well get a whole new computer, which is exactly what they want.
And yes, a lot of customers just replace boards or keep warranties. Getting a new computer in a business is a lot more then just the expense of the hardware. Re-installation of licensed software and migration of files is not cheap.
Na, this is Intel pissed off at builders sticking i3's in nice boards because the 3's are more then good enough for most workloads. They want us to pay 100-300 more minimum for i5/i7s.
You're thinking about it backwards. If your board fails, now you also have to replace your CPU.. ouch that could be expensive, better get that extended warranty to make Dell happy. Your mainboard is much more likely to fail then the processor ever is. And yes, I've upgraded my processor more then once when a customers box has failed and they decided to get a new computer after the board failed in their old one and they wanted the newest fastest.
Good motherboards aren't. I've upgraded my computer many times recently by adding a CPU with more GHz's and cores, for very little, just picking the right auctions online, or being around the right friends.
Also, you hit the nail on the head with Intel. Their CPUs really do last a long time. One can be passed on many boards before it dies or is too slow to be worthwhile. So what do they do? Tie the CPU to the 3rd weakest component in the computer (HDD and power supply are 1 and 2). CPU's just don't fail often.
I just wonder if someone will point some anti-trust fingers at them again.
I can't tell you how many times I've started with a new mainboard with one of the slower processors in it, then over time as I've found good deals (cheap) on a faster processor, traded them up. Have a 3GHz Dual core that would have cost some crazy shit, like $500 when it came out for $25. Now they'd want a MB replacement? That's crazy, switching out MBs on Windows ends up with windows freaking out if you don't have the right hard disk drivers, or if WGA doesn't like what's going on. What a pain in the ass. Intel is just eating this shit up. Mainboards go bad much more often then processors, they stand to make shitloads off this.
I think his complaint was there are a lot of shitty abstractions in use that happen to import a kitchen sink and bathroom in when you only need a bedroom, he just didn't realize it. Most of that slowness is due to the fact that hard drives and flash in small devices is still many times slower then the speed of the processors. I think.Net was bigger then a W95 install. Stick a fast SSD with high IOPS and you kick even the lightest weight OS from '98 out the door.
The other thing he fails to state is that the OS from '98 will die a hot death on the net today. You do use up a bit more processing time verifying that your input isn't trying to kill you.
Slashdot Mirror
No, I'm sure the big V operates daily on a far lower base then this. We just don't get to hear about it very often.
And once the cameras are built in to the actual screen, or the TV has the mic?
Fuck that, the time to throw a fit is now before everything comes from the factory with a camera and mic.
This land is your land (AT&T), this land is my land (Verizon)
From (Chevron) California, to the (J.P. Morgan) New York Island
From the redwood (West Fraser Timber)forest, to the gulf stream (BP)waters
This land was made for you (Monsanto) and me (Archer-Daniels-Midland)
As I was walking a ribbon of (Cintra-Zachry) highway
I saw above me an endless (American-Airlines) skyway
I saw below me a (Alcoa )golden valley
This land was made for you (Microsoft) and me (Apple)
Uh, what? The time to stop this is BEFORE it is made. Once it's made, it may not show up turned on at consumers houses, but instead will be at Walmart and stores. Once it's built in to TVs, even if turned off by default, it's just a simple switch your cable company/TV firmware has to flip before it's on.
Or, to prove Godwin s law.
Don't even let your government talk about making large labor camps with lots of incinerators, once you reach that point it is already too late and your government needs replaced.
Computers are far more efficient at cracking password then people are at remembering them. Simply put, it's a math problem. Computers are much better at math then we are.
Thats how Linux (unix in general?) does it
$algo$salt$password_hash
Other systems have the problem of being too simple, aka the program just checks an unsalted MD5 hash of a local file/database. Or too complex, Vendor1 validates passwords this way and Vendor2 validates passwords that way, and all this crap has to work together.
Any new system should use some kind of password API, like http://www.openwall.com/phpass/ for example, that handles the encoding and decoding of passwords and different types of password in the same database.
http://code.google.com/p/pyrit/
"Pyrit allows to create massive databases, pre-computing part of the IEEE 802.11 WPA/WPA2-PSK authentication phase in a space-time-tradeoff. Exploiting the computational power of Many-Core- and other platforms through ATI-Stream, Nvidia CUDA and OpenCL, it is currently by far the most powerful attack against one of the world's most used security-protocols. "
I'd suggest a long key.
Anyways, what's its $2a$08$ rate? How about scrypt?
http://en.wikipedia.org/wiki/Crypt_(Unix)#Blowfish-based_scheme
4. Weeding out 'bad' passwords when the user tries to set them with a good password policy.
A good portion of any large account database can be hacked almost instantly because of common passwords and simple plain dictionary attacks. This is the low hanging fruit that can be easily farmed by any 2-bit cracker with a GPU in short order these days.
Yes, it's easier for a hacker to attack your accounts if he knows there will be at least 9 symbols, some letters, some numbers, and maybe a symbol or two, but that is a much higher baseline then 'Password1'.
The problem with what your recommending is a huge percent of the systems out there have the password database on the same computer or the application uses SQL to directly query the password database. Almost every SQL injection attack that dumps passwords could be stopped if the password checking function used stored procedures with a user that could not run regular queries even if the DB is on the same server.
>Also, in a majority of cases, if you can obtain password hashes, you may just take whatever was protected by that hash.
Like sending spam from email accounts?
>Fully random ASCII characters have 6.57 bits of entropy.
Yes, Fully random ASCII for true fully random, but the chances of people using fully random 14 digit characters is... unlikely. It's more like 1.7 or less for the average users password. People cannot remember passwords that long. People don't type passwords that long and random correctly (people type patterns well). The helldesk will be unlocking accounts all day.
You're wrong about the nature of most password hash captures. They are more along the lines of http://xkcd.com/327/ then a full access root to a system. Even these days SQL injections are all too common, and character sets being used incorrectly still lead to surprising results.
Not always true. Sometimes an exploit only allows a person access to the authentication database, not a full DB or root exploit. Too many people reuse passwords.
There problem is there is still tons of old sites that have MD5 storing passwords. Then there is the second problem of password reuse. Username/Password reuse is the more dangerous of the two, because it can render an account on a system with strong passwords where then local attacks can be attempted.
Once processors stop costing between $100 and $1000, maybe. There are plenty of CPUs on boards with chips, like the Atom, which also sells to the manufactures for $32 each. The problem is we're stapling something expensive to something unreliable. Not a good combo.
Really, there are a lot of mom/pop stores out there, you just don't see them as retail stores anymore. Service is where the money is, not sales. Customers are tired of Dell, Best Buy, $Big Name Vendor$ fucking them over and are looking for people they can trust to tell them the truth about their equipment and provide decent service. I know plenty of people who think Dell and BB are curse words.
There's no real market need for 100 motherboard models, it's just motherboard companies with a need to differentiate themselves.
If there was no real market for 100 models, then their wouldn't be all the motherboard companies trying to differentiate themselves. It's called competition, it happens in open markets. It allows me to choose a manufacture that gives a good product, with a good warranty, and good customer service practices, and I can get the features I want.
OEMs are the one's that are most happy when they can chip the $5 off. They're the ones who face the most risk when something goes wrong with the board. Currently if a MB goes bad in one of the warrantied Dells around here, dell comes out, switches out the board, and puts the ram, processor, and everything else back in the case. With the next gen, they're also carting back a $500 i7 too.
You're not working around enough computers is all.
I've replaced just about every manufacture of Intel and AMD board I can think of. Intel, Gigabyte, MSI, Tyan, Supermicro, Asus, Abit, XFX, etc. They all fail. Hundreds over the years. The only thing I've seen fail more is power supplies and processors. The number of processors I've seen fail (without the MB going out at the same time to catastrophic failure) I could count on both hands. Processors on the other hand seem to be the most stable and least likely item to fail in the case.
No, I think you both missed the point.
CPU power is upgrading so slowly that there's no reason for a lot of people to upgrade. If your board goes bad, for a lot of models it's not hard to find a OEM replacement at a decent price. Switch the board out and your back running. With Intels new plan, if your board dies out of warranty, a replacement is cost of board+processor. Might as well get a whole new computer, which is exactly what they want.
And yes, a lot of customers just replace boards or keep warranties. Getting a new computer in a business is a lot more then just the expense of the hardware. Re-installation of licensed software and migration of files is not cheap.
You wouldn't consider upgrading till your mainboard died. Well, then, you'd pretty much have to.
Na, this is Intel pissed off at builders sticking i3's in nice boards because the 3's are more then good enough for most workloads. They want us to pay 100-300 more minimum for i5/i7s.
You're thinking about it backwards. If your board fails, now you also have to replace your CPU.. ouch that could be expensive, better get that extended warranty to make Dell happy. Your mainboard is much more likely to fail then the processor ever is. And yes, I've upgraded my processor more then once when a customers box has failed and they decided to get a new computer after the board failed in their old one and they wanted the newest fastest.
Good motherboards aren't. I've upgraded my computer many times recently by adding a CPU with more GHz's and cores, for very little, just picking the right auctions online, or being around the right friends.
Also, you hit the nail on the head with Intel. Their CPUs really do last a long time. One can be passed on many boards before it dies or is too slow to be worthwhile. So what do they do? Tie the CPU to the 3rd weakest component in the computer (HDD and power supply are 1 and 2). CPU's just don't fail often.
I just wonder if someone will point some anti-trust fingers at them again.
I can't tell you how many times I've started with a new mainboard with one of the slower processors in it, then over time as I've found good deals (cheap) on a faster processor, traded them up. Have a 3GHz Dual core that would have cost some crazy shit, like $500 when it came out for $25. Now they'd want a MB replacement? That's crazy, switching out MBs on Windows ends up with windows freaking out if you don't have the right hard disk drivers, or if WGA doesn't like what's going on. What a pain in the ass. Intel is just eating this shit up. Mainboards go bad much more often then processors, they stand to make shitloads off this.
I think his complaint was there are a lot of shitty abstractions in use that happen to import a kitchen sink and bathroom in when you only need a bedroom, he just didn't realize it. Most of that slowness is due to the fact that hard drives and flash in small devices is still many times slower then the speed of the processors. I think .Net was bigger then a W95 install. Stick a fast SSD with high IOPS and you kick even the lightest weight OS from '98 out the door.
The other thing he fails to state is that the OS from '98 will die a hot death on the net today. You do use up a bit more processing time verifying that your input isn't trying to kill you.