The real issue isn't so much the hashing algorithm used than it is the bloggers.
An adaptive algorithm (one that can be made to go slower by tuning the number of cycles) such as bcrypt, and as opposed to sha, is arguably much better.
In the end, however, the real problem is the huge number of self-proclaimed experts with an opinion ranging from wrong to hopelessly wrong -- and a very big mouth. It wouldn't matter much if they were at least partially right (apart from the facts that, yes, do hash, and yes, do salt), but computer security is one of those fields where nearly no one actually understands what they're talking about. Don't believe me? Have the next security experts you meet explain encryption to you for a few good laughs.
I like to compare this to PHP/MySQL. The MySQL module has been deprecated in favor of MySQLi for so long I dare not even think about it. Yet, pretty much every tutorial/answer out there uses the mysql_*() set of functions including, of all places, Stack Overflow. So here we are, with newbie coders learning from horrific examples, and then viewing spaghetti code bases like WordPress as best practice. And then they write their own PHP/MySQL tutorial on their own blog, and the 5 years later some newbie reads it, perpetuating the vicious circle. The next step is the same PHP/MySQL newbie wanting to secure his app, learning from poor examples and advices, and propagating them in the exact same way.
Anyway, the "use sha to hash passwords" BS and the inane salting strategies that invariably accompany them are here to stay for a long time, because the Internet has a very, very, very, very long memory.
A simple rule of thumb is: The more a result relies on population studies, especially ones conducted with any kind of selection process or worse selection process plus the actual modification of the data according to some heuristic or correction process, where the study itself is conducted from the beginning to confirm some given hypothesis, the more likely it is that the result (when published) is bullshit that will eventually, possibly decades later, turn out to be completely wrong. If you have enough places for a thumb to be subtly placed on the scales and the owner of the thumb has any sort of vested or open interest in the outcome, it is even odds or better that a teensy bit of pressure will be applied, quite possibly without even the intention of the researcher. Confirmation bias is not necessarily "fraud" -- it is just bad science, science poorly done.
The more interesting aspect of this is how economic facts are so rooted, mainstream and rehashed, using this very same process, that they become political ideology... Sad world...
Summary mentions the myth of the ivy league drop out...
Dare I ask? What about the myth of the grad student who has a stellar career in the midst of the biggest college/university fee hike --and possibly the shittiest economy-- in history?
Anyone care to tell them that their lifetime salary bump for having their degree will not necessarily pay for the debt they took on early in life, since the career prospects for many of them will be flipping burgers or waiting at restaurants anyway? (Don't laugh, most of you have been served at least once by a lawyer or PhD. It occasionally pays better.
They (and especially the most indignant among them) should be happy to pay a little more to keep the work local; after all, they're demanding that others do it.
Yeah, but will they fork $299 to get a 7" Android tablet, instead of $399 for a 10" iPad 2?
"low cost Chinese labor and looser environmental regulations"
Those aren't the only factors. The fact of the matter is that pretty much everything is clustered in SE Asia nowadays, and that the labor market is a lot more dynamic. Need slightly shorter screws? Call the factory down the street, they'll start arriving within the next hour. Changed the specs for your unibody case? The factory downtown will deliver new ones the same day. Need a new assembly plant? Build it and staff it by next week. Everything is done locally, reducing ETA and shipping costs in the process. These things also count tremendously.
This is definitely hurting US tech companies because many excellent techies getting good salaries are leaving the US and setting up their own companies either in their home countries or in some other immigration-friendly (...).
So, you decide what works in US's national interests? Keeping people like me away from that country, or giving us an incentive to set up companies of our own? And if you claim that I'm a minority, that's an irrelevant argument. A very useful minority is still being alienated.
So true... I was advised in no uncertain terms that I was playing on a level field with Mexican goat herders. The US is losing entrepreneurs and scientists, one unimpressed candidate immigrant at the time.
Why should a privileged third party -- other than the market maker -- be entitled to making a buck as joe and jack complete their trade? Where does this third party add the slightest value?
That said, "things cost money" is not really a great argument for or against patents (or copyrights), but rather a simple statement of economics: would consumers and companies save money if they never had to pay for copies or licenses? Yes. Is that a reasonable argument for abolishing IP protection? No.
According to the RIAA/MPAA, your iPod is worth $8 billion. So their math is somewhat bunk, to put it mildly... Is that reasonable argument for abolishing IP protection? Not really indeed.
That said, it may be worth reminding that IP protection was introduced to protect publishers rather than authors. Before Gutenberg, it was dubious for anyone to claim a cut when a monk spent days or weeks manually copying a work so the original could move on to the next monastery. Movable type turned this process over its head. The nascent publishing industry, following the footsteps of Bossius in Venice (in 1492), lobbied hard to obtain artificial monopolies on whichever works they published. (Which, btw, publishers didn't necessarily own back then, since everything was deemed public domain the instant it ever got published.)
As for patent protection, it might have been useful from the Renaissance when it first appeared, to around when they nearly shut down the patent office on grounds that "everything that can be invented has been invented" (Duell, 1899). It's one thing to patent the wireless telegraph or the telephone, in a time where a fraction of the population has the skillset needed to understand how either works. It's another to patent algorithms, genes or -- the worst offenders of all -- processes and concepts as broad as one-click buying or designs, in a time where everyone and his dog can competently discuss the very same processes and concepts around a beer at the local pub.
A very subjective test is missing as part of the patent application process. As in, if it's trivial or obvious or easy enough to reverse-engineer for someone in the field, then it's arguably not patent-worthy. If I hypothetically come up with an algorithm that implements peer-to-peer contact sharing, I should not be entitled to patent the whole concept, and deny competition to come up with their own implementation. I should not even be entitled to a patent on my own implementation, since it would at best be laying down a thought process that no one but the most self-important prick would ever think he's the only person to be able to ever come up with it. On the contrary, good on them if they come up with their own version of the same thing or the exact same thing with a few mild differences -- I could then feed on their own ideas, for everyone's benefit.
Is that reasonable argument for strongly reforming if not abolishing IP protection? I would think so, except to the above-mentioned self-important prick.
Whichever the real cost of patent trolling is, I'd wager it's a drop in a bucket compared to the cost of bailing out banksters, or the cost of waging dubious wars. It doesn't make it any less relevant, mind you, but it seems to me that the latter two are much larger, lower hanging fruits.
I had hopes for haiku too when I originally ran into it, wondering if there might be any OSS version of BeOS in the making. But the project looked like it was going nowhere back then. And to be very frank, it stil looks like it.
Plus, the paradigm has shifted tremendously in the past few years. By the time it ships, assuming it ever does, chances are that touch interfaces will have become so mainstream that a new desktop OS will seem irrelevant.
I think that Cuban is wrong when he dismisses arguments that high frequency traders are providing markets with liquidity, clearly they are. And I think that software bugs in trading programs would sound primarily in reduced profits for their operators.
*Cough* - Remember the flash crash? If anything, it showed that HFT is the market. Trading volumes have grown exponentially since derivatives and HFT went mainstream. It's not going to end well.
Plus, how HFT screws casual traders is absolutely abject. Joe wants to sell X for $9.99, Jack wants to buy it at $10.01. Instead of letting Joe and Jack do their trade normally, allowing Joe to pocket an extra $0.02, the algo (which is located at the market maker's premesis, to get the info in advance) discovers Joe's price by issuing tiny trades, and buys at $10 from Joe. It then immediately sells to Jack at $10.01, discovering his price in the same manner. People should be running around with pitchforks over this.
The results are spread on a gazillion ad-littered pages whose content are shorter than this text field. Even the print page has ads on it and only includes the current page you're viewing. How do I mod article -1?
MySQL is the last thing I think of, personally. It sucks as soon as you make it ACID compliant and start hitting it with thousands of concurrent requests. You're much better off with PostgreSQL.
Nobody is supposed to try to have a family and kids, and/or work their entire lives and try to retire off a job paying $11 an hour. THAT idea is repulsive. This country rewards people who get off their tails and think outside their self-imposed boxes (mental prison cells) and try to achieve something better. (...)
Where did the idea EVER come from you that unicorns gallop down rainbows while crapping skittles?
In the real world, individuals don't have skills in such high demand that they can flip jobs like you seem to be doing. Normal people have the career prospects of being on minimum wage until they retire. Typically, they put on just enough debt to remain in debt slavery until they die. HR managers aren't exactly banging at their door with a better offer.
You have got to try.
Easy? No. Nobody promised easy. Just that it can be done if someone is willing to try.
Settling for less than that is the problem. Too many people peak at those low plateau jobs and never reach higher.
In the real world, many people fail miserably when they start a business, and they lose part or all of their savings in the process -- or their family's savings. Many of those that fail come out so wrecked that they just never bounce back. If your retirement savings are $250 at age 60, I'd wager you're probably happy you didn't lose it all at age 40. Because for every person you know who made it rich, you know another who tried just as hard and made it in the street.
I disagree wholeheartedly with most of what you wrote.
The thing you get right is that it no longer is possible to know every fact about everything. The last known person to have done so was Pic de la Morandière and that was over 150 years ago.
With respect to fields involving increasing specialized knowledge nowadays, however, I simply beg to differ. The real issue is an inflation of know-how that adds little if anything to the pool of relevant knowledge. It occurs because, for all of history since the ancient Greeks including today, there have always been more scientists alive in any given year than there have been in recorded history. Chew on this fact for a moment, and consider how to train their higher level peers, we require them to come up with an original research thesis.
Most published work and research are simply rehashing obvious consequences of things long known. Rare indeed, is the study that pops out because it identifies an edge case where the results contradict what is expected. Recall, as an example, the study that suggested neutrinos might go faster than light. Physicists the world over instantly heard of it. Subsequent refinements eventually debunked the initial results as a measurement error. Sum of additional knowledge? Big fat zero: nothing goes faster than light. The same, boring and century old theory of relativity.
It's not all bad, mind you: something interesting occasionally does comes out of this farce. For instance, a study on how an erection works can lead to insights in how to engineer structures. This makes the whole process tolerable and, in a sense, interesting for the curious.
To argue that every little fact counts, however, is lunacy. You need to discriminate, synthesize, retain key elements, and off you go. You're a specialist. And to hell with the bozo who is so neck deep studying eye retina that he forgets it is a brain outlet. He has nothing interesting to tell you beyond implementation details.
Now, I've absolutely no clue whether the next 10 years will yield a strong AI. I haven't followed AI in a while, preferring good old history. I do know two things, however. Firstly, that a strong AI is around the corner since about 1950. Secondly, that mathematicians stormed the field of cognitive science and linguistics roughly 20 years ago, ignoring the established quacks such as Chomsky and turning the field upside down. Fast forward 10 years, and we were training robots to train other robots to do tasks. This was inconceivable 10 years earlier. Who knows... Not you, nor I.
"In government, many people have the power to stop things happening but almost nobody has the power to make things happen. The system has the engine of a lawn mower and the brakes of a Rolls Royce."
Slashdot Mirror
The real issue isn't so much the hashing algorithm used than it is the bloggers.
An adaptive algorithm (one that can be made to go slower by tuning the number of cycles) such as bcrypt, and as opposed to sha, is arguably much better.
In the end, however, the real problem is the huge number of self-proclaimed experts with an opinion ranging from wrong to hopelessly wrong -- and a very big mouth. It wouldn't matter much if they were at least partially right (apart from the facts that, yes, do hash, and yes, do salt), but computer security is one of those fields where nearly no one actually understands what they're talking about. Don't believe me? Have the next security experts you meet explain encryption to you for a few good laughs.
I like to compare this to PHP/MySQL. The MySQL module has been deprecated in favor of MySQLi for so long I dare not even think about it. Yet, pretty much every tutorial/answer out there uses the mysql_*() set of functions including, of all places, Stack Overflow. So here we are, with newbie coders learning from horrific examples, and then viewing spaghetti code bases like WordPress as best practice. And then they write their own PHP/MySQL tutorial on their own blog, and the 5 years later some newbie reads it, perpetuating the vicious circle. The next step is the same PHP/MySQL newbie wanting to secure his app, learning from poor examples and advices, and propagating them in the exact same way.
Anyway, the "use sha to hash passwords" BS and the inane salting strategies that invariably accompany them are here to stay for a long time, because the Internet has a very, very, very, very long memory.
A simple rule of thumb is: The more a result relies on population studies, especially ones conducted with any kind of selection process or worse selection process plus the actual modification of the data according to some heuristic or correction process, where the study itself is conducted from the beginning to confirm some given hypothesis, the more likely it is that the result (when published) is bullshit that will eventually, possibly decades later, turn out to be completely wrong. If you have enough places for a thumb to be subtly placed on the scales and the owner of the thumb has any sort of vested or open interest in the outcome, it is even odds or better that a teensy bit of pressure will be applied, quite possibly without even the intention of the researcher. Confirmation bias is not necessarily "fraud" -- it is just bad science, science poorly done.
The more interesting aspect of this is how economic facts are so rooted, mainstream and rehashed, using this very same process, that they become political ideology... Sad world...
Summary mentions the myth of the ivy league drop out...
Dare I ask? What about the myth of the grad student who has a stellar career in the midst of the biggest college/university fee hike --and possibly the shittiest economy-- in history?
Anyone care to tell them that their lifetime salary bump for having their degree will not necessarily pay for the debt they took on early in life, since the career prospects for many of them will be flipping burgers or waiting at restaurants anyway? (Don't laugh, most of you have been served at least once by a lawyer or PhD. It occasionally pays better.
Then what would you prefer that animators use instead of Flash for their web animations?
Who cares about these animations? They're only used in obtrusive ads.
Actually, I merely mixed up Google products. They all seemed to be called Nexus.
Do you think their aren't manufacturing hubs like the in the US?
Sure there are. But for producing consumer electronics en mass, wouldn't you agree that the action is at the other end of the Pacific?
There should be a rule on Slashdot that no paywall links are allowed to be posted. How can we comment on an article that we cannot see?
Copy the URL, google it, and bypass the paywall by clicking the result from there:
http://www.google.com/search?q=http://www.nytimes.com/2012/06/28/technology/google-and-others-give-manufacturing-in-the-us-a-try.html
(Or $299 to get a player like the cheaper apple tv.)
They (and especially the most indignant among them) should be happy to pay a little more to keep the work local; after all, they're demanding that others do it.
Yeah, but will they fork $299 to get a 7" Android tablet, instead of $399 for a 10" iPad 2?
"low cost Chinese labor and looser environmental regulations"
Those aren't the only factors. The fact of the matter is that pretty much everything is clustered in SE Asia nowadays, and that the labor market is a lot more dynamic. Need slightly shorter screws? Call the factory down the street, they'll start arriving within the next hour. Changed the specs for your unibody case? The factory downtown will deliver new ones the same day. Need a new assembly plant? Build it and staff it by next week. Everything is done locally, reducing ETA and shipping costs in the process. These things also count tremendously.
http://news.slashdot.org/story/12/06/04/1147201/what-struck-earth-in-775
http://omacl.org/Anglo/part2.html
And I'm sure other scientists had considered that same hypothesis before anyone here. Scientists, shame on you: your field is every more fucked up.
This is definitely hurting US tech companies because many excellent techies getting good salaries are leaving the US and setting up their own companies either in their home countries or in some other immigration-friendly (...).
So, you decide what works in US's national interests? Keeping people like me away from that country, or giving us an incentive to set up companies of our own? And if you claim that I'm a minority, that's an irrelevant argument. A very useful minority is still being alienated.
So true... I was advised in no uncertain terms that I was playing on a level field with Mexican goat herders. The US is losing entrepreneurs and scientists, one unimpressed candidate immigrant at the time.
Why should a privileged third party -- other than the market maker -- be entitled to making a buck as joe and jack complete their trade? Where does this third party add the slightest value?
That said, "things cost money" is not really a great argument for or against patents (or copyrights), but rather a simple statement of economics: would consumers and companies save money if they never had to pay for copies or licenses? Yes. Is that a reasonable argument for abolishing IP protection? No.
According to the RIAA/MPAA, your iPod is worth $8 billion. So their math is somewhat bunk, to put it mildly... Is that reasonable argument for abolishing IP protection? Not really indeed.
That said, it may be worth reminding that IP protection was introduced to protect publishers rather than authors. Before Gutenberg, it was dubious for anyone to claim a cut when a monk spent days or weeks manually copying a work so the original could move on to the next monastery. Movable type turned this process over its head. The nascent publishing industry, following the footsteps of Bossius in Venice (in 1492), lobbied hard to obtain artificial monopolies on whichever works they published. (Which, btw, publishers didn't necessarily own back then, since everything was deemed public domain the instant it ever got published.)
As for patent protection, it might have been useful from the Renaissance when it first appeared, to around when they nearly shut down the patent office on grounds that "everything that can be invented has been invented" (Duell, 1899). It's one thing to patent the wireless telegraph or the telephone, in a time where a fraction of the population has the skillset needed to understand how either works. It's another to patent algorithms, genes or -- the worst offenders of all -- processes and concepts as broad as one-click buying or designs, in a time where everyone and his dog can competently discuss the very same processes and concepts around a beer at the local pub.
A very subjective test is missing as part of the patent application process. As in, if it's trivial or obvious or easy enough to reverse-engineer for someone in the field, then it's arguably not patent-worthy. If I hypothetically come up with an algorithm that implements peer-to-peer contact sharing, I should not be entitled to patent the whole concept, and deny competition to come up with their own implementation. I should not even be entitled to a patent on my own implementation, since it would at best be laying down a thought process that no one but the most self-important prick would ever think he's the only person to be able to ever come up with it. On the contrary, good on them if they come up with their own version of the same thing or the exact same thing with a few mild differences -- I could then feed on their own ideas, for everyone's benefit.
Is that reasonable argument for strongly reforming if not abolishing IP protection? I would think so, except to the above-mentioned self-important prick.
Whichever the real cost of patent trolling is, I'd wager it's a drop in a bucket compared to the cost of bailing out banksters, or the cost of waging dubious wars. It doesn't make it any less relevant, mind you, but it seems to me that the latter two are much larger, lower hanging fruits.
I had hopes for haiku too when I originally ran into it, wondering if there might be any OSS version of BeOS in the making. But the project looked like it was going nowhere back then. And to be very frank, it stil looks like it.
Plus, the paradigm has shifted tremendously in the past few years. By the time it ships, assuming it ever does, chances are that touch interfaces will have become so mainstream that a new desktop OS will seem irrelevant.
I think that Cuban is wrong when he dismisses arguments that high frequency traders are providing markets with liquidity, clearly they are. And I think that software bugs in trading programs would sound primarily in reduced profits for their operators.
*Cough* - Remember the flash crash? If anything, it showed that HFT is the market. Trading volumes have grown exponentially since derivatives and HFT went mainstream. It's not going to end well.
Plus, how HFT screws casual traders is absolutely abject. Joe wants to sell X for $9.99, Jack wants to buy it at $10.01. Instead of letting Joe and Jack do their trade normally, allowing Joe to pocket an extra $0.02, the algo (which is located at the market maker's premesis, to get the info in advance) discovers Joe's price by issuing tiny trades, and buys at $10 from Joe. It then immediately sells to Jack at $10.01, discovering his price in the same manner. People should be running around with pitchforks over this.
Wouldn't a HFT box work around the previous three suggestions by buying put/call orders?
Per anum.
The results are spread on a gazillion ad-littered pages whose content are shorter than this text field. Even the print page has ads on it and only includes the current page you're viewing. How do I mod article -1?
MySQL is the last thing I think of, personally. It sucks as soon as you make it ACID compliant and start hitting it with thousands of concurrent requests. You're much better off with PostgreSQL.
Show me benchmarks vs Oracle, PostgreSQL or SQLServer. Spare me the comparison with MySQL or some other toy.
Nobody is supposed to try to have a family and kids, and/or work their entire lives and try to retire off a job paying $11 an hour. THAT idea is repulsive. This country rewards people who get off their tails and think outside their self-imposed boxes (mental prison cells) and try to achieve something better. (...)
Where did the idea EVER come from you that unicorns gallop down rainbows while crapping skittles?
In the real world, individuals don't have skills in such high demand that they can flip jobs like you seem to be doing. Normal people have the career prospects of being on minimum wage until they retire. Typically, they put on just enough debt to remain in debt slavery until they die. HR managers aren't exactly banging at their door with a better offer.
You have got to try.
Easy? No. Nobody promised easy. Just that it can be done if someone is willing to try.
Settling for less than that is the problem. Too many people peak at those low plateau jobs and never reach higher.
In the real world, many people fail miserably when they start a business, and they lose part or all of their savings in the process -- or their family's savings. Many of those that fail come out so wrecked that they just never bounce back. If your retirement savings are $250 at age 60, I'd wager you're probably happy you didn't lose it all at age 40. Because for every person you know who made it rich, you know another who tried just as hard and made it in the street.
I disagree wholeheartedly with most of what you wrote.
The thing you get right is that it no longer is possible to know every fact about everything. The last known person to have done so was Pic de la Morandière and that was over 150 years ago.
With respect to fields involving increasing specialized knowledge nowadays, however, I simply beg to differ. The real issue is an inflation of know-how that adds little if anything to the pool of relevant knowledge. It occurs because, for all of history since the ancient Greeks including today, there have always been more scientists alive in any given year than there have been in recorded history. Chew on this fact for a moment, and consider how to train their higher level peers, we require them to come up with an original research thesis.
Most published work and research are simply rehashing obvious consequences of things long known. Rare indeed, is the study that pops out because it identifies an edge case where the results contradict what is expected. Recall, as an example, the study that suggested neutrinos might go faster than light. Physicists the world over instantly heard of it. Subsequent refinements eventually debunked the initial results as a measurement error. Sum of additional knowledge? Big fat zero: nothing goes faster than light. The same, boring and century old theory of relativity.
It's not all bad, mind you: something interesting occasionally does comes out of this farce. For instance, a study on how an erection works can lead to insights in how to engineer structures. This makes the whole process tolerable and, in a sense, interesting for the curious.
To argue that every little fact counts, however, is lunacy. You need to discriminate, synthesize, retain key elements, and off you go. You're a specialist. And to hell with the bozo who is so neck deep studying eye retina that he forgets it is a brain outlet. He has nothing interesting to tell you beyond implementation details.
Now, I've absolutely no clue whether the next 10 years will yield a strong AI. I haven't followed AI in a while, preferring good old history. I do know two things, however. Firstly, that a strong AI is around the corner since about 1950. Secondly, that mathematicians stormed the field of cognitive science and linguistics roughly 20 years ago, ignoring the established quacks such as Chomsky and turning the field upside down. Fast forward 10 years, and we were training robots to train other robots to do tasks. This was inconceivable 10 years earlier. Who knows... Not you, nor I.
"In government, many people have the power to stop things happening but almost nobody has the power to make things happen. The system has the engine of a lawn mower and the brakes of a Rolls Royce."