Wait a minute... we're all taught that it's not nice to think critically about others. Being critical is bad! Critical thinking fosters racism, sexism, and all sorts of other isms! Be a generous thinker and make the world a better place!
Maybe these 4th graders would perform better if someone simply SHOWED them how to determine which of 6 fertilizers is better. Maybe a class called "Lab" would be appropriate to fix this deficiency.
Yes... because after that, they would know exactly how to determine which of those 6 fertilizers is better in each of those lighting situations.
Really... I was frustrated with this back when I was in grade 4; teachers encouraged learning specific processes to solve specific problems, and most kids couldn't figure out what to do when stuck in an unfamiliar situation. This wasn't all that surprising, considering grade 4 is about the age where this kind of reasoning ability starts to develop, given a favourable development environment. I remember struggling with basic maths in grade 4, but having no difficulties (other than mathematical errors) completing the problem solving steps. I went socratic on my classmates who didn't have a clue where to begin.
Maybe these 4th graders would perform better if someone simply SHOWED them how to question the steps of the process, and ask about parts they didn't understand, instead of pretending they already knew everything about it that was worth their time understanding and focus instead on getting the "winning answer". And yes, s/4th graders/humanity/.
While it's nice that Comcast is standing up to them, if you read through you'll find that it's four porn companies. In other words, they're not standing up (in this case, at least) to any of the MAFIAA members.
True, but precedent doesn't care who the parties in the case were. If Comcast succeeds, this argument can be used in the future just as effectively against Comcast's overlords.
Oh, I never said it was an MD5 collision; it was an old-style crypt collision -- but other than the probability of finding one, the logic still holds for any hashing algorithm -- that's the point of a hash, that you can't reverse the hash to arrive at a single value, which implies multiple values that can create that hash.
What I'd actually like to see in a hashing algorithm is something a bit more weighted, that attempts to distribute the length of strings that will hash to that value. This does mean that short passwords will be potentially easy to crack, but if you enforce a min length with such an algorithm, you minimize the risk of collision while failing to create a two-way hash.
Is it? ANY hash is guaranteed to have collisions, and most of them are not going to be short dictionary words. Personally, I'd be much more surprised if the collision was with a password that was not random and decently long, as that's a much smaller sample space.
It's an interesting situation -- provincially the western provinces tend to vote closer to liberal than to conservative (NDP has strong support in some areas) -- but western provinces traditionally vote conservative federally because they've felt that they have no real voice in a Liberal parliament, that tended to cater to Ontario interests primarily, with just a nod to everyone else (note that the Maritimes tend to get ignored by ALL governments).
As for the Quebec vs Alberta/BC animosity -- I think much of that is actually aimed at a few relatively specific things: 1) subsidies vs voting power, 2) the Liberal party, 3) the BQ and PQ, but only in how it relates to item 1. The main beef all around is that the government is spending "undue amounts" of taxpayer money on special interests that don't benefit the voting majority, and often divide the country more than fostering healthy multiculturalism.
However, other than a few Conservative strongholds (mostly districts that have a LARGE proportion of people and money that is 1st gen Canadian), I think you'll find that the west and Quebec have pretty similar views on the running of their own governments, distinct society, the fostering of multiculturalism, special interests, and the waste of government resources. All we need to do now is find some resource in Quebec that's really valuable, and maybe Ontario will no longer feel like it's acting like a geriatric Alpha Male to the other provinces (except the Maritimes, who need to discover unobtanium or something similar themselves in order to get themselves heard).
This is no representative democracy -- corporations and private interest groups aren't people.
How about we stop letting *groups* lobby? Instead, it's up to individuals, and they get their names named. If we see "Joe Canuck, CEO of AmericanIPImports lobbied government for providing personal information to US IP counterparts with no oversight", it may just affect his career.
We need more insight into the people behind the lobbies, and they need more accountability.
Now this won't stop lobby trading or "fall guy" lobbying, and it may have a negative impact on people lobbying for unpopular but necessary changes, but we have swung so far away from personal accountability in politics that it's time to inject a bit again.
Great... so instead of one password per site, someone just needs to log into your DropBox account and crack your (hopefully fairly strong) KeePass password, and they get everything -- not just all your passwords, but what sites they're for and what the associated usernames are. All sitting out there on a public server 24x7.
Back in the day I used to use crypt to generate my passwords (with salt, of course). I figured anyone cracking my passwd files would at least get a chuckle out of it:D
Plus, it does wonders for confusing people who are looking at a database of plaintext passwords that are all in crypt format;)
There are 95 ASCII characters, which makes 95**8 = 6,634,204,312,890,625 possible 8 character passwords. At one million checks per second a brute force attack will take 6,634,204,312 seconds (210 years).
There's a fad going around right now to use ridiculously slow password hashing algorithms on the web, which the poster apparently has bought into:
On a state of the art COTS computer, the algorithm should take at the very least 0.1 second (100 milliseconds) when implemented in software, preferably more.
If you do this you're opening your site up to an easy DoS attack - a few 10s of login requests per second will slow your server to a crawl. The place where slow hashing algorithms ought to be used is exactly the opposite of where they're used today: encryption of local files, where the user actually has to remember the password, unlike web passwords where you can just use 32 random characters and let your local browser remember it (preferably with the browser's password file encrypted with a slow hash).
While the gist of your argument is true, the argument about 210 years to complete a brute force attack is fairly obviously false. It will take 210 years for a brute force attack to traverse the entire set of options on a single hash.
However, when you scale up to millions of hashes and add some limited intelligence to the brute force method, you'll likely find thousands of passwords within minutes. With more computationally difficult algorithms, this "minutes" timeframe can become "days" or "weeks" or even longer, as the number of hashes being analysed significantly increases the amount of cycles required to force a match. Because of this, there comes a sample size threshold that it is impractical to batch force beyond. THIS is the deal with computational complexity. If you're dealing with a targeted attack on a single hash, well hey-- it's a crap shoot unless you have more information to help you crack the password.
every password hash is bruteforceable -- it's only a matter of time.
Notice I didn't say every _password_ -- as nobody really cares* about your original password; they just care about being able to enter a password that will generate your hash. I recently ran a test and discovered that one of my passwords generates the same md5crypt as "swordfish" -- even though the password was a decently long string of random characters.
So the short story here is that your password is only as strong as the verification mechanism plus security used by the server.
*this assumes that you don't re-use passwords; figuring out the original password can be very useful to attack specific users as opposed to specific services.
With a strong hashing function, you'll post your/etc/shadow on the web and still sleep like a baby at night.
That's going a bit far... if the hashing function is known and a password in the list is known, the rest of the variables can usually be filled in pretty quickly. At that point, a brute force attack against the rest of the hashes will only be limited by the speed at which the attack can be performed -- which is the point of what's being argued in the original article (not just that md5crypt is bad, but that any replacement should be system-configurable (so that it's harder to guess the algorithm and algorithm settings/salt used) and computationally expensive (which most web servers are NOT going to like -- but as sites like LinkedIn allow you to stay logged in via cookie anyway, I can't see how it's that much of an issue).
Interestingly, Venezuela hasn't traditionally worked this way; while the data will undoubtedly be biased, we should at least be able to get real scientific data out of this "grand experiment". Unlike other communist dictatorships, Chavez gives the scientific community a lot of leeway -- which is probably one of the reasons why the country is doing better than all the other communist dictatorships have done. After all, just think about the fact that he implicitly announced that they have a violent firearm problem -- in other dictatorships, you'd hear that there's the odd enemy of the state, but for the most part, people are happy and well-behaved, and this new firearm ban shouldn't really affect people at all (after all... YOU don't have a gun do you -- or are you a capitalist terrorist?).
Actually, this could be interesting, as long as we can get reliable statistics... if gun-related violent crime rates stay the same, that'll answer the question once and for all, and everyone trying to disarm citizens in other countries won't have a leg to stand on. If it DOES work, then maybe its time for people to think more creatively about weaponry, and possibly move away from firearms to weapons that are either more generic, or more specialized.
I can see the next step after this being shoot-to-kill directives for enforcement witnessing a crime in progress with any non-regulated participants brandishing firearms.
If you think that's draconian, you should try to install a supported version of OS X on non-supported hardware!
Seriously, use whatever you'd like. But based solely on the reasoning you presented here, you should probably put on a helmet before you leave the basement each morning.
Draconian: I don't think that word means what you think it means.
MS Windows licensing is draconian: MS hoards access. Apple licensing is NOT draconian. They tell you what they want you to do, and leave it up to you to behave yourself. Comparing third party driver support of the OS to intentional crippling of the OS is a false comparison.
Look at it this way: you could compare Apple's stance to Harley Davidson not offering support for choppers built with HD bikes as the base, nor Honda cycles with HD parts jury-rigged onto them.
Whereas with MS, it's that every time you want to modify your Harley, you must first get permission from MS. The situation we're discussing here is the equivalent of saying that from now on, engines will be locked to the controlling system first installed on them -- so you won't be able to take an engine out of a Harley and drop it in a Honda.
You sound really stupid yourself, considering that the technical issues are irrelevant to Microsoft's abuse of monopoly. The problem is Microsoft using their monopoly position to force vendors to ship computers with only Microsoft approved keys. Secure boot is a valid and useful feature, but preloading keys will have profound anti-competetive effects.
Actually, preloading keys prior to sale without a big disclaimer on the box will open MS to massive lawsuits. People will be buying a "Windows box" while under the false impression they're buying a personal computer with Windows bundled.
I think this would actually shake itself out pretty quickly. My guess is that the end result would be that the MS key gets installed during the "first use" process, and not as part of the build and ship process. The lawsuit will still happen, but it will take longer.
The next step of course will be either a) the MS key being leaked, or b) UEFI being jailbroken. Goodbye bootkit protection.
That's a big assumption -- but this is likely the scenario for discount desktop PCs. It'll basically mean that low-end desktop PCs will be cheaper with Win 8 on them than without. Netbooks on the other hand will likely be just fine, as will tablets, servers, high-end PCs, PCs using other architectures, etc.
Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux.
Really? Even hardware manufacturers like, say, Apple? Even for hardware that doesn't use UEFI? Or does that sentence really mean that consumers will have the option to purchase machines that are locked down to the OS bundled on them?
This train of thought seems to make a whole bunch of leaps of faith to come to dire conclusions. I can't really see people running racks of servers with OSes on the hypervisor binding all EFI loaders to Windows 8.
I think the real story here is that "Common discount consumer-grade desktop PCs will be locked to the bundled OEM OS, unless third party access is granted a la MS/Red Hat."
In other words, it's not really that big of a story, and will be excellent news for potential bootkit victims everywhere (at home and in an office deployment).
While at a gut level, I think I agree with you, your logic is flawed.
Morality has something to do with it when YOU have morality. Saying "I'm throwing my moral code out the window because others don't abide by it" doesn't fly.
If you're really saying "I see that those who don't have a moral code have the life I want, so I'm going to abandon my moral code too and become like them" then your argument is perfectly correct.
Some people value their morals more than their privilege to entertainment though, and for them, your argument doesn't work. Instead of shelling out $100/month to be entertained by TV shows, they choose to shell out $30/month to gain access to Project Gutenberg and Youtube (and other free offeringx) and add to this entertainment by going for walks, hanging out with friends, spending even MORE money to make and eat tasty food, etc.
Oh, and you're wrong about HBO: they care about you. You're an untapped revenue stream. You care about them too: they're a tapped luxury entertainment stream.
Actually, this could probably be done without recording anything... just have a needle trigger hooked up to an audio compressor tube. If the needle jiggles too much, it trips the recording device.
Of course, in this case it would be impossible to tell if it was really a gunshot that set it off, as you'd never record the gunshot (or other loud noise) itself.
Indeed... make a thicker lexan composite, and someone will just make a custom bullet designed to go through it, or hit it with regular ammunition often enough to cause it to crumble. To me, the biggest part of real security is not the part that directly stops the attacks, but the part that returns things to normal operation after the attack. Targeted obscurity is what you put on the other side -- if you have fewer people who know where the attack surface is, you will have fewer hits in the first place.
Remember: obscurity is no substitute for security, but it IS the first line of defence. Anyone who tells you otherwise is trying to mislead you.
Should the details of the latest stealth aircraft technology be publicly disclosed so voters can make informed decisions? The latest in radar-absorbing paint, if it exists in a usable form? Nuclear weapon design details (the important details, not the general info that's already public)? Every detail of the President's personal security? Come on. Some things are relevant enough to the political process that voters must be informed. Other things are not, and secrecy is critically important for some of them.
The answer to the first one anyway is "yes" -- assuming that it's not your country who's working on it. While all the security companies have a US presence, most are global in scope, and a sizeable portion of their customers are not in the US.
Even if all of this were possible to simulate on our dinky little home computers, the time and effort it would take to actually build anything interesting would be far too much for almost every body.
The whole idea is that it only has to be done once, and only one assembler algorithm has to be produced. You wouldn't store a literal representation of the molecule and resulting substances, only a much lighter-weight symbolic representation, as is done with bmpmapping currently on advanced videogames.
And as I implied in my original post, you'd definitely not be able to get much more advanced than a single celled object (which, as you point out, is plenty advanced already). Creating an entire block of wood, atom by atom or molecule by molecule would run into significant limits, not the least of which would be that you'd need at least one atom on the storage medium to represent every atom or molecule in the object being built.
Wait a minute... we're all taught that it's not nice to think critically about others. Being critical is bad! Critical thinking fosters racism, sexism, and all sorts of other isms! Be a generous thinker and make the world a better place!
Maybe these 4th graders would perform better if someone simply SHOWED them how to determine which of 6 fertilizers is better. Maybe a class called "Lab" would be appropriate to fix this deficiency.
Yes... because after that, they would know exactly how to determine which of those 6 fertilizers is better in each of those lighting situations.
Really... I was frustrated with this back when I was in grade 4; teachers encouraged learning specific processes to solve specific problems, and most kids couldn't figure out what to do when stuck in an unfamiliar situation. This wasn't all that surprising, considering grade 4 is about the age where this kind of reasoning ability starts to develop, given a favourable development environment. I remember struggling with basic maths in grade 4, but having no difficulties (other than mathematical errors) completing the problem solving steps. I went socratic on my classmates who didn't have a clue where to begin.
Maybe these 4th graders would perform better if someone simply SHOWED them how to question the steps of the process, and ask about parts they didn't understand, instead of pretending they already knew everything about it that was worth their time understanding and focus instead on getting the "winning answer". And yes, s/4th graders/humanity/.
While it's nice that Comcast is standing up to them, if you read through you'll find that it's four porn companies. In other words, they're not standing up (in this case, at least) to any of the MAFIAA members.
True, but precedent doesn't care who the parties in the case were. If Comcast succeeds, this argument can be used in the future just as effectively against Comcast's overlords.
Oh, I never said it was an MD5 collision; it was an old-style crypt collision -- but other than the probability of finding one, the logic still holds for any hashing algorithm -- that's the point of a hash, that you can't reverse the hash to arrive at a single value, which implies multiple values that can create that hash.
What I'd actually like to see in a hashing algorithm is something a bit more weighted, that attempts to distribute the length of strings that will hash to that value. This does mean that short passwords will be potentially easy to crack, but if you enforce a min length with such an algorithm, you minimize the risk of collision while failing to create a two-way hash.
Is it? ANY hash is guaranteed to have collisions, and most of them are not going to be short dictionary words. Personally, I'd be much more surprised if the collision was with a password that was not random and decently long, as that's a much smaller sample space.
It's an interesting situation -- provincially the western provinces tend to vote closer to liberal than to conservative (NDP has strong support in some areas) -- but western provinces traditionally vote conservative federally because they've felt that they have no real voice in a Liberal parliament, that tended to cater to Ontario interests primarily, with just a nod to everyone else (note that the Maritimes tend to get ignored by ALL governments).
As for the Quebec vs Alberta/BC animosity -- I think much of that is actually aimed at a few relatively specific things: 1) subsidies vs voting power, 2) the Liberal party, 3) the BQ and PQ, but only in how it relates to item 1. The main beef all around is that the government is spending "undue amounts" of taxpayer money on special interests that don't benefit the voting majority, and often divide the country more than fostering healthy multiculturalism.
However, other than a few Conservative strongholds (mostly districts that have a LARGE proportion of people and money that is 1st gen Canadian), I think you'll find that the west and Quebec have pretty similar views on the running of their own governments, distinct society, the fostering of multiculturalism, special interests, and the waste of government resources. All we need to do now is find some resource in Quebec that's really valuable, and maybe Ontario will no longer feel like it's acting like a geriatric Alpha Male to the other provinces (except the Maritimes, who need to discover unobtanium or something similar themselves in order to get themselves heard).
This is no representative democracy -- corporations and private interest groups aren't people.
How about we stop letting *groups* lobby? Instead, it's up to individuals, and they get their names named. If we see "Joe Canuck, CEO of AmericanIPImports lobbied government for providing personal information to US IP counterparts with no oversight", it may just affect his career.
We need more insight into the people behind the lobbies, and they need more accountability.
Now this won't stop lobby trading or "fall guy" lobbying, and it may have a negative impact on people lobbying for unpopular but necessary changes, but we have swung so far away from personal accountability in politics that it's time to inject a bit again.
What you do makes sense for a $10/month server -- as long as you mention what you're doing in your privacy statement.
When your infrastructure costs $10,000/month or more to manage however, it would make sense to isolate the authentication servers.
Great... so instead of one password per site, someone just needs to log into your DropBox account and crack your (hopefully fairly strong) KeePass password, and they get everything -- not just all your passwords, but what sites they're for and what the associated usernames are. All sitting out there on a public server 24x7.
How strong is your KeePass password?
Back in the day I used to use crypt to generate my passwords (with salt, of course). I figured anyone cracking my passwd files would at least get a chuckle out of it :D
Plus, it does wonders for confusing people who are looking at a database of plaintext passwords that are all in crypt format ;)
Oh, those were the days....
There are 95 ASCII characters, which makes 95**8 = 6,634,204,312,890,625 possible 8 character passwords. At one million checks per second a brute force attack will take 6,634,204,312 seconds (210 years).
There's a fad going around right now to use ridiculously slow password hashing algorithms on the web, which the poster apparently has bought into:
If you do this you're opening your site up to an easy DoS attack - a few 10s of login requests per second will slow your server to a crawl. The place where slow hashing algorithms ought to be used is exactly the opposite of where they're used today: encryption of local files, where the user actually has to remember the password, unlike web passwords where you can just use 32 random characters and let your local browser remember it (preferably with the browser's password file encrypted with a slow hash).
While the gist of your argument is true, the argument about 210 years to complete a brute force attack is fairly obviously false. It will take 210 years for a brute force attack to traverse the entire set of options on a single hash.
However, when you scale up to millions of hashes and add some limited intelligence to the brute force method, you'll likely find thousands of passwords within minutes. With more computationally difficult algorithms, this "minutes" timeframe can become "days" or "weeks" or even longer, as the number of hashes being analysed significantly increases the amount of cycles required to force a match. Because of this, there comes a sample size threshold that it is impractical to batch force beyond. THIS is the deal with computational complexity. If you're dealing with a targeted attack on a single hash, well hey-- it's a crap shoot unless you have more information to help you crack the password.
every password hash is bruteforceable -- it's only a matter of time.
Notice I didn't say every _password_ -- as nobody really cares* about your original password; they just care about being able to enter a password that will generate your hash. I recently ran a test and discovered that one of my passwords generates the same md5crypt as "swordfish" -- even though the password was a decently long string of random characters.
So the short story here is that your password is only as strong as the verification mechanism plus security used by the server.
*this assumes that you don't re-use passwords; figuring out the original password can be very useful to attack specific users as opposed to specific services.
With a strong hashing function, you'll post your /etc/shadow on the web and still sleep like a baby at night.
That's going a bit far... if the hashing function is known and a password in the list is known, the rest of the variables can usually be filled in pretty quickly. At that point, a brute force attack against the rest of the hashes will only be limited by the speed at which the attack can be performed -- which is the point of what's being argued in the original article (not just that md5crypt is bad, but that any replacement should be system-configurable (so that it's harder to guess the algorithm and algorithm settings/salt used) and computationally expensive (which most web servers are NOT going to like -- but as sites like LinkedIn allow you to stay logged in via cookie anyway, I can't see how it's that much of an issue).
How do the two of you feel about split personality disorder? Do the voices tell you it doesn't exist?
Interestingly, Venezuela hasn't traditionally worked this way; while the data will undoubtedly be biased, we should at least be able to get real scientific data out of this "grand experiment". Unlike other communist dictatorships, Chavez gives the scientific community a lot of leeway -- which is probably one of the reasons why the country is doing better than all the other communist dictatorships have done. After all, just think about the fact that he implicitly announced that they have a violent firearm problem -- in other dictatorships, you'd hear that there's the odd enemy of the state, but for the most part, people are happy and well-behaved, and this new firearm ban shouldn't really affect people at all (after all... YOU don't have a gun do you -- or are you a capitalist terrorist?).
Actually, this could be interesting, as long as we can get reliable statistics... if gun-related violent crime rates stay the same, that'll answer the question once and for all, and everyone trying to disarm citizens in other countries won't have a leg to stand on. If it DOES work, then maybe its time for people to think more creatively about weaponry, and possibly move away from firearms to weapons that are either more generic, or more specialized.
I can see the next step after this being shoot-to-kill directives for enforcement witnessing a crime in progress with any non-regulated participants brandishing firearms.
If you think that's draconian, you should try to install a supported version of OS X on non-supported hardware!
Seriously, use whatever you'd like. But based solely on the reasoning you presented here, you should probably put on a helmet before you leave the basement each morning.
Draconian: I don't think that word means what you think it means.
MS Windows licensing is draconian: MS hoards access. Apple licensing is NOT draconian. They tell you what they want you to do, and leave it up to you to behave yourself. Comparing third party driver support of the OS to intentional crippling of the OS is a false comparison.
Look at it this way: you could compare Apple's stance to Harley Davidson not offering support for choppers built with HD bikes as the base, nor Honda cycles with HD parts jury-rigged onto them.
Whereas with MS, it's that every time you want to modify your Harley, you must first get permission from MS. The situation we're discussing here is the equivalent of saying that from now on, engines will be locked to the controlling system first installed on them -- so you won't be able to take an engine out of a Harley and drop it in a Honda.
(yes, I was tired of car analogies)
You sound really stupid yourself, considering that the technical issues are irrelevant to Microsoft's abuse of monopoly. The problem is Microsoft using their monopoly position to force vendors to ship computers with only Microsoft approved keys. Secure boot is a valid and useful feature, but preloading keys will have profound anti-competetive effects.
Actually, preloading keys prior to sale without a big disclaimer on the box will open MS to massive lawsuits. People will be buying a "Windows box" while under the false impression they're buying a personal computer with Windows bundled.
I think this would actually shake itself out pretty quickly. My guess is that the end result would be that the MS key gets installed during the "first use" process, and not as part of the build and ship process. The lawsuit will still happen, but it will take longer.
The next step of course will be either a) the MS key being leaked, or b) UEFI being jailbroken. Goodbye bootkit protection.
That's a big assumption -- but this is likely the scenario for discount desktop PCs. It'll basically mean that low-end desktop PCs will be cheaper with Win 8 on them than without. Netbooks on the other hand will likely be just fine, as will tablets, servers, high-end PCs, PCs using other architectures, etc.
Once Windows 8 is released, hardware manufacturers will be forced to ship machines that refuse to run any software that is not explicitly approved by Microsoft — and that includes competing operating systems like Linux.
Really? Even hardware manufacturers like, say, Apple? Even for hardware that doesn't use UEFI? Or does that sentence really mean that consumers will have the option to purchase machines that are locked down to the OS bundled on them?
This train of thought seems to make a whole bunch of leaps of faith to come to dire conclusions. I can't really see people running racks of servers with OSes on the hypervisor binding all EFI loaders to Windows 8.
I think the real story here is that "Common discount consumer-grade desktop PCs will be locked to the bundled OEM OS, unless third party access is granted a la MS/Red Hat."
In other words, it's not really that big of a story, and will be excellent news for potential bootkit victims everywhere (at home and in an office deployment).
While at a gut level, I think I agree with you, your logic is flawed.
Morality has something to do with it when YOU have morality. Saying "I'm throwing my moral code out the window because others don't abide by it" doesn't fly.
If you're really saying "I see that those who don't have a moral code have the life I want, so I'm going to abandon my moral code too and become like them" then your argument is perfectly correct.
Some people value their morals more than their privilege to entertainment though, and for them, your argument doesn't work. Instead of shelling out $100/month to be entertained by TV shows, they choose to shell out $30/month to gain access to Project Gutenberg and Youtube (and other free offeringx) and add to this entertainment by going for walks, hanging out with friends, spending even MORE money to make and eat tasty food, etc.
Oh, and you're wrong about HBO: they care about you. You're an untapped revenue stream. You care about them too: they're a tapped luxury entertainment stream.
Actually, this could probably be done without recording anything... just have a needle trigger hooked up to an audio compressor tube. If the needle jiggles too much, it trips the recording device.
Of course, in this case it would be impossible to tell if it was really a gunshot that set it off, as you'd never record the gunshot (or other loud noise) itself.
Anyway, no security is bulletproof.
Indeed... make a thicker lexan composite, and someone will just make a custom bullet designed to go through it, or hit it with regular ammunition often enough to cause it to crumble. To me, the biggest part of real security is not the part that directly stops the attacks, but the part that returns things to normal operation after the attack. Targeted obscurity is what you put on the other side -- if you have fewer people who know where the attack surface is, you will have fewer hits in the first place.
Remember: obscurity is no substitute for security, but it IS the first line of defence. Anyone who tells you otherwise is trying to mislead you.
Should the details of the latest stealth aircraft technology be publicly disclosed so voters can make informed decisions? The latest in radar-absorbing paint, if it exists in a usable form? Nuclear weapon design details (the important details, not the general info that's already public)? Every detail of the President's personal security? Come on. Some things are relevant enough to the political process that voters must be informed. Other things are not, and secrecy is critically important for some of them.
The answer to the first one anyway is "yes" -- assuming that it's not your country who's working on it. While all the security companies have a US presence, most are global in scope, and a sizeable portion of their customers are not in the US.
Even if all of this were possible to simulate on our dinky little home computers, the time and effort it would take to actually build anything interesting would be far too much for almost every body.
The whole idea is that it only has to be done once, and only one assembler algorithm has to be produced. You wouldn't store a literal representation of the molecule and resulting substances, only a much lighter-weight symbolic representation, as is done with bmpmapping currently on advanced videogames.
And as I implied in my original post, you'd definitely not be able to get much more advanced than a single celled object (which, as you point out, is plenty advanced already). Creating an entire block of wood, atom by atom or molecule by molecule would run into significant limits, not the least of which would be that you'd need at least one atom on the storage medium to represent every atom or molecule in the object being built.