Okay. I'm a Security Engineer by day. I've seen a lot of ways to come up with strong passwords, but one of my favorite methods to come up with relatively strong passwords that are unlikely to be shared. Try the following algorithm...
1. Come up with a phrase that is meaningful only to you -- not a quote from a book or movie. For example, lets say that your first dog's name was Samael and that you have never told anyone that you thought Samael was a reincarnation the infamous hell-hound Kerberos. Yes, he was a bastard!
2. So a sample phrase might be:
"Samael, Vigilant Guardian of the Gates of Hell"
Take the first character of each word.
'svgotgoh'
Not a bad start. You have eight characters there.
3. Now you want to make sure that you never share this password with anyone, or if you do it should look sufficiently random that they couldn't remember it after using it once. Only you remember it because you have the generating phrase.
How do we do that? Take the previous phrase and make it obscene nonsense. That means introduce some strange and fantastically improbable obscene twist to it. Something that you would never tell your friend or cubemate. Try this on for size.
"Samael, Vigilant Guardian F***s Me Silly At The Gates of Hell!"
That gives us:
SVGFMSATGOH, an 11 character passphrase, much better.
4. Okay, so I used all caps there for a reason. Feel free to intermix capitals, that will increase entropy by selecting from a larger character set. Come up with an easy rule like capitalizing the first letter in the subject and object of the sentence. So 'S' in Samael and the the 'F' from, well, this is a family geek site;-)
That leaves us with 'SvgFmsatgoh'. Looking pretty entropic.
5. Feel free to add entropy by including special symbols in your password. An easy way to do that is to convert the obvious characters to hacker symbols. 5's for S's. 0's for O's. etc...
5vgFmsatg0h
6. Now you have a damnned fine password of relatively high entropy. '5vgFmsatg0h'
Please, please don't use this example password on your site. Everyone who reads Slashdot may try it.
7. Do a sanity check on your password. Avoid strings of words that begin with the same character. Avoid obvious patterns like abcdefghi etc.
8. A real problem with most institutions these days is that they force you to change your password every 30 days. Good for security, but bad for passwords. Many don't allow you to recycle the last ten passwords or use a password sufficiently like the previous one (or ten).
So after designing a really nice password like this you are forced to toss it after 30 days. What's a good geek to do?
I'd come up with a high-quality password like this and only use it as a 'passphrase'. Something that protects your SSH keys or the contents of your flash drive.
9. I'm a big proponent of SSH RSA/DH login instead of anything that uses passwords anymore. Passwords suck. Use the above algorithm as a passphrase that encrypts your flash drive collection of private ssh keys. Use ssh-agent.
10. If you must use passwords, have a little proggy on your flash drive that generates relatively secure ones quickly and easily. Something like . It's not great, but then I believe I said passwords suck.
What I'm saying is that it has taken long for someone to do SOMETHING - even if it is stupid. At least, you know, EVERYONE isn't sitting on their asses twiddling their thumbs.
I'll we have to do now is await the Slashdot map pack and HL2:DM will be complete.
Features:
A special capture-the-flag level featuring SCO on one side and Slashdot on the other!
Level set in Soviet Russia where the lag complains about the players!
Level set in North Korea where only old people use gravity guns!
One level so complex that it can only be run by a Beowulf cluster of sentient supercomputer overlords!
A level made in the post-9/11 era!
And, of course, the bonus Underpants Gnomes level created by CowboyNeal.
Ok, this is off-topic, but, that microsoft ad . .
on
Tracking Your Taxes
·
· Score: 1
my god
I was just looking around at some comments when OUT OF THE BLUE I HEAR THIS ENORRMOUSLY LOUD HONKING SOUND and I just about have a heart attack.
Slashdot, please, for the love of ZOD, remove that ad! Thank you.
I don't usually like responding to my own posts, but I forgot to add something.
Whatever software RAID setup you choose, install the test failure driver in the kernel. That way you can force a simulated failure and make sure the system takes a licking and keeps on ticking.
The general consensus among linux kernel engineers and software RAID users is:
1. As long as the onboard SATA chip is well supported on your linux kernel, use the onboard chip.
2. Don't worry about the "hardware RAID" built into the motherboard. You don't have to use it. In fact, most people bypass it.
3. Use the non-BIOS SATA driver for your motherboard. Some motherboards have two different chips. Mine (an Epox 8RDA+Pro nForce Ultra2/400) uses both the common Silicon Image SIL3114 which supports 4 SATA drives and an additional 2 SATA drives provided by the onboard nForce 2 Ultra Gigabit MCP chipset. Quite nice for RAID and I still have normal PATA IDE drives 0 - 3.
4. Quite often the SATA RAID hardware only supports RAID 0,1 and 10 (or 01 depending). If you're looking for RAID 5 then you'll have to buy a more expensive outboard solution. The problem with outboard solutions are that they will eat into your PCI bandwidth. If you will be using PCI-X then you will probably also be paying significantly more for your outboard solution. Most people have a ton of CPU lying around, so handing off the I/O doesn't really buy you that much.
5. When it comes down to it you might as well just use software RAID because you have more control over it. You can use the onboard SATA controllers which allow you to take advantage of the increased on-motherboard bandwidth as well as having a significantly less expensive solution.
6. Another advantage to using Linux software RAID is that you don't have to learn a new RAID management system everytime you upgrade your machine and controller. You can also connect to your machine remotely and manage your raid system through a firewall. Sometimes you can do that with your hardware RAID system and sometimes you need to manage it from the BIOS itself.
7. Once you get comfortable with software RAID you can experiment with mixing and matching various I/O systems underneath it. One of the things I'd like to play with would be using software RAID with Firewire 800 external drives in a pseudo-SCSI arrangement.
8. The LVM2 system doesn't need software RAID, but it works very nicely with it none-the-less and gives you snapshot support etc.
9. Personally, I'm going for RAID 10 (striped mirroring) because drives have gotten very inexpensive and I don't mind burning a few more to get higher I/O rates. Remember, if you go with a mixture of RAID 0 and 1 then you want a striping over mirroring -- that way if you have a single drive failure the array keeps going.
Have fun and don't use RAID instead of backups. Backups save the stuff that you deleted intentionally but need to recover.
The only germs on my keyboard are my own. Although, I suppose this gives brothers and sisters of the future a reason to stay away from their sibling(s') keyboard: Keyboard Cooties
The spokeswoman then pointed out that all X-Boxes and their respective Dev Kits are set to explode on Easter of 2007, so, you know, you can still make games, it just wouldn't be easy trying to do it with bits of fried circuitry and flaming controller cords.
Slashdot Mirror
Okay. I'm a Security Engineer by day. I've seen a lot of ways to come up with strong passwords, but one of my favorite methods to come up with relatively strong passwords that are unlikely to be shared. Try the following algorithm...
;-)
1. Come up with a phrase that is meaningful only to you -- not a quote from a book or movie. For example, lets say that your first dog's name was Samael and that you have never told anyone that you thought Samael was a reincarnation the infamous hell-hound Kerberos. Yes, he was a bastard!
2. So a sample phrase might be:
"Samael, Vigilant Guardian of the Gates of Hell"
Take the first character of each word.
'svgotgoh'
Not a bad start. You have eight characters there.
3. Now you want to make sure that you never share this password with anyone, or if you do it should look sufficiently random that they couldn't remember it after using it once. Only you remember it because you have the generating phrase.
How do we do that? Take the previous phrase and make it obscene nonsense. That means introduce some strange and fantastically improbable obscene twist to it. Something that you would never tell your friend or cubemate. Try this on for size.
"Samael, Vigilant Guardian F***s Me Silly At The Gates of Hell!"
That gives us:
SVGFMSATGOH, an 11 character passphrase, much better.
4. Okay, so I used all caps there for a reason. Feel free to intermix capitals, that will increase entropy by selecting from a larger character set. Come up with an easy rule like capitalizing the first letter in the subject and object of the sentence. So 'S' in Samael and the the 'F' from, well, this is a family geek site
That leaves us with 'SvgFmsatgoh'. Looking pretty entropic.
5. Feel free to add entropy by including special symbols in your password. An easy way to do that is to convert the obvious characters to hacker symbols. 5's for S's. 0's for O's. etc...
5vgFmsatg0h
6. Now you have a damnned fine password of relatively high entropy. '5vgFmsatg0h'
Please, please don't use this example password on your site. Everyone who reads Slashdot may try it.
7. Do a sanity check on your password. Avoid strings of words that begin with the same character. Avoid obvious patterns like abcdefghi etc.
8. A real problem with most institutions these days is that they force you to change your password every 30 days. Good for security, but bad for passwords. Many don't allow you to recycle the last ten passwords or use a password sufficiently like the previous one (or ten).
So after designing a really nice password like this you are forced to toss it after 30 days. What's a good geek to do?
I'd come up with a high-quality password like this and only use it as a 'passphrase'. Something that protects your SSH keys or the contents of your flash drive.
9. I'm a big proponent of SSH RSA/DH login instead of anything that uses passwords anymore. Passwords suck. Use the above algorithm as a passphrase that encrypts your flash drive collection of private ssh keys. Use ssh-agent.
10. If you must use passwords, have a little proggy on your flash drive that generates relatively secure ones quickly and easily. Something like . It's not great, but then I believe I said passwords suck.
Good Luck.
This tape will self-destruct in 5 seconds.
Since when did Cannibus make you stupid?
only a couple decades away from popping everyone in little red pods . . .
You're welcome :)
Damnit! you beat me!
I, for one, welcome our new Martian overlords.
......what?
Because no one wants to deal with making super sizes of McDonalds super sized value meals for the giants.
What I'm saying is that it has taken long for someone to do SOMETHING - even if it is stupid. At least, you know, EVERYONE isn't sitting on their asses twiddling their thumbs.
All I can say about this is:
Thank, God. It sure took long enough.
I just don't see why 20 year old videogames no longer being made are somehow more. . . criminal than murder or rape.
Don't these guys have anything better to do? Like tracking down murderers and rapists, for instance?
Make it NOT look like froofy pastel crap that makes people violently ill! That's a good first step.
Who watches the watchers watching the watchers?
Precisely!
I'll we have to do now is await the Slashdot map pack and HL2:DM will be complete. Features: A special capture-the-flag level featuring SCO on one side and Slashdot on the other! Level set in Soviet Russia where the lag complains about the players! Level set in North Korea where only old people use gravity guns! One level so complex that it can only be run by a Beowulf cluster of sentient supercomputer overlords! A level made in the post-9/11 era! And, of course, the bonus Underpants Gnomes level created by CowboyNeal.
my god
I was just looking around at some comments when OUT OF THE BLUE I HEAR THIS ENORRMOUSLY LOUD HONKING SOUND and I just about have a heart attack.
Slashdot, please, for the love of ZOD, remove that ad! Thank you.
I don't usually like responding to my own posts, but I forgot to add something.
Whatever software RAID setup you choose, install the test failure driver in the kernel. That way you can force a simulated failure and make sure the system takes a licking and keeps on ticking.
Good luck...
The general consensus among linux kernel engineers and software RAID users is:
1. As long as the onboard SATA chip is well supported on your linux kernel, use the onboard chip.
2. Don't worry about the "hardware RAID" built into the motherboard. You don't have to use it. In fact, most people bypass it.
3. Use the non-BIOS SATA driver for your motherboard. Some motherboards have two different chips. Mine (an Epox 8RDA+Pro nForce Ultra2/400) uses both the common Silicon Image SIL3114 which supports 4 SATA drives and an additional 2 SATA drives provided by the onboard nForce 2 Ultra Gigabit MCP chipset. Quite nice for RAID and I still have normal PATA IDE drives 0 - 3.
4. Quite often the SATA RAID hardware only supports RAID 0,1 and 10 (or 01 depending). If you're looking for RAID 5 then you'll have to buy a more expensive outboard solution. The problem with outboard solutions are that they will eat into your PCI bandwidth. If you will be using PCI-X then you will probably also be paying significantly more for your outboard solution. Most people have a ton of CPU lying around, so handing off the I/O doesn't really buy you that much.
5. When it comes down to it you might as well just use software RAID because you have more control over it. You can use the onboard SATA controllers which allow you to take advantage of the increased on-motherboard bandwidth as well as having a significantly less expensive solution.
6. Another advantage to using Linux software RAID is that you don't have to learn a new RAID management system everytime you upgrade your machine and controller. You can also connect to your machine remotely and manage your raid system through a firewall. Sometimes you can do that with your hardware RAID system and sometimes you need to manage it from the BIOS itself.
7. Once you get comfortable with software RAID you can experiment with mixing and matching various I/O systems underneath it. One of the things I'd like to play with would be using software RAID with Firewire 800 external drives in a pseudo-SCSI arrangement.
8. The LVM2 system doesn't need software RAID, but it works very nicely with it none-the-less and gives you snapshot support etc.
9. Personally, I'm going for RAID 10 (striped mirroring) because drives have gotten very inexpensive and I don't mind burning a few more to get higher I/O rates. Remember, if you go with a mixture of RAID 0 and 1 then you want a striping over mirroring -- that way if you have a single drive failure the array keeps going.
Have fun and don't use RAID instead of backups. Backups save the stuff that you deleted intentionally but need to recover.
It's not simple gamma adjusting. It's HDR. Big difference. http://www.daionet.gr.jp/~masa/rthdribl/index.html
Star Wars: Rated PG-13 for Sci-Fi Violence and Immense, Childlike Stupidity.
The only germs on my keyboard are my own. Although, I suppose this gives brothers and sisters of the future a reason to stay away from their sibling(s') keyboard: Keyboard Cooties
virial? Does that mean that the site is manly?
Reason #4: The Three-Breasted Whore of Eroticon 7
The spokeswoman then pointed out that all X-Boxes and their respective Dev Kits are set to explode on Easter of 2007, so, you know, you can still make games, it just wouldn't be easy trying to do it with bits of fried circuitry and flaming controller cords.
This is the funniest thing I've read since Hilary Clinton's "Living History." And that was insanely funny. No, seriously. I'm not being sarcastic.