>> Giant yellow Israeli scorpions live in the deserts of the Middle East and grow to about 4 inches long. >>
Its a little known fact that giant yellow Israeli scorpions and giant yellow Arab scorpions can actually be told apart, using the following field science experiments: 1) Make jokes about it. If you're still living, it was Israeli. 2) Shoot a missile at it from an open field. Wait 20 minutes. If you're still living, it was Arab. 3) Induce the scorpion to sting someone. This isn't very hard for either variety. Take care, both are pretty lethal. Turn on the television. If Kofi Annan is condemning the scorpion, it is Israeli. 4) Leave the scorpion alone in a room with $1 billion of UN food aid, marked "Do not touch -- earmarked for poor scorpion orphans". If the room is empty when you return and the scorpion's swiss bank account registered a transaction, it was Arab. 5) I'll leave this to your imagination, but suffice it to say that Israeli scorpions have a distinctive use for their pinchers. Really, you're probably better off just asking him to sting you -- it will hurt less.
>> Who wants to be hit on in a game while in the middle of a battle? >>
Typically the tanks. If you're not getting hit you don't have sufficient rage generation to maintain aggro over the DPS. Then clothies start to die, the raid wipes, and its ALL YOUR FAULT just because you couldn't keep up with the mage who fired off Arcane Power and then two trinkets in succession on the pull.
I'm guessing, and this is a shot in the dark, that high school in the 1950s saw a lot less of Shangri f'ing La. First, their names would be something like Steve and Nancy, and their idea of scandalous transgression would probably be holding hands in a lascivious manner.
I had to review something like a dozen of these for work last year (the technology incubator I work at went on a blogging kick and tried to pitch the idea to all of our client companies). Xoops was far and away my favorite, mostly because it was one of the only ones I could get working in under an hour. It also had an attractive layout out of the box and had modules for blogs/forums/news posts, which were essentially everything our clients had on their wishlists. Installing RedHatCMS, by comparison, is painful enough to be the subject of a Japanese game show* except the episode would have to last about three weeks.
* "HAHA! Stupid contestant, your version of Tomcat is incompatible! Your punishment is having to wipe your machine and start over!" Which would be bloody close to what kept happening in real life, too, since after you botched an install of the thing the quickest way to get the next install working without causing compatibility issues was to reinstall Linux from CD.
I got my current job on the expectation that I'd be doing mostly non-engineering work. My main day to day function is being a research, to the extent that I introduce myself as one rather than give my actual title (because people wonder "Then WTF are you doing in front of the computer all day"). In any given workweek I might do PR presentations, translate documents, interpret for clients, hold an internal lecture about SEO, help the web team out a bit, or actually do some research/programming. And you know what? It doesn't matter to me. I'm still getting the same salary we agreed on and I'm still working the (absurdly low) number of hours they request from me. My thought is if they're paying me for my brain and my time then they can use both however they want to, within reason.
Everyone knows only Chloey gets to touch the protocols. Tony, Michelle, and Edgar have all THOUGHT they could initiate a protocol... and we know what happened to them. I don't care if Raistlin is the demigod of supercool or whatever he is, you just don't mess with the protocols. Its like a computerized Hand of Vecna -- great if you Vecna, great way to get yourself killed if you're anyone else.
... they DO end up with less stench on them at the top of the ride than at the bottom, since convervation of mass means that the stuff suffocating me had to come from somewhere...
Alternative to the promotion
on
World Firefox Day
·
· Score: 5, Funny
If you want to be known for all eternity as someone who did not spam your friends and family, post here and be immortalized on Slashdot and the will-someday-be-omniscient Google Cache.
Hmm, actually, a passphrase of decent length with both spaces, upper case characters, and punctuation -- thats not too bad. Now all you need to do is vary casing and throw in some l33tness -- Th1s 1s y0ur administrat3r, 0p3n up!
Ah, you're right. Its unlikely to be a practical deterrent to this method, though. N is so much greater than M that its effectively still O(N), just with a slightly nastier constant. Sure, if you have 100 developers it takes 100 times as long... but you were already burning through a couple tends of thousands of words to check, and since the process doesn't have to be realtime you've got all the time in the world. As long as you don't go polynomial with regards to N you're fine-and-dandy.
He's thinking "Hey, how would you know whether the password was insecure or not without looking at it?", and has correctly identified the fact that you shouldn't be able to work backwards from a hash to the password. However, he failed to take into account the fact that you could come up with a list of N bad passwords (say, 40,000 words pulled from a dictionary or something similar) and check them against all the passwords you have in O(N+M) time, where M is the number of accounts you need to check (constant time to hash a password, constant time to mark that hash location as "bad, collides with known bad password foo" in a hash table, constant time to lookup each password hash within your hash table and test for badness).
You could also do an O(M) search by taking any suite of password hacking tools you want, allocating them X amount of processor resources (say, 5 minutes CPU time each), and then letting them loose. Anybody whose password gets broken gets locked. In previous discussions some folks have noted that their organizations perform this check on a routine basis.
1) Visually inspect one known-good piece of equipment. At my organization, for reasons which are beyond me, they're printed on every laptop (along with my username and static IP address). They're also frequently printed on the physical network card. So if a computer is in a physically non-secure location (guest-accessible computer, laptop stolen, laptop taken in for repairs by Geek Squad instead of IT, laptop taken home, etc etc) thats a vulnerability.
2) Socially engineer a wireless mac address. Go to any location frequented by the workers at your target institution -- say, the cafe across the street during lunch hour. Open a wireless hotspot with a name like "Roadkill Cafe Wirless Network" and don't require any sort of authenticiation. Take mac addresses off the logs, then return to the target institution and try until you find one that works. (Hopefully they don't have their wireless addresses and their wired addresses be the same... but I've seen it done before, by lazy IT types).
3) Call and ask somebody. "*ring ring* Hiya, Suzy, this is Bob in IT. We're having some problem with the router covering your workgroup. Have you noticed any problems? No? Thats great. We put through some fixes on our end and I need to be sure that they took. Could you please hit your windows key and R at the same time? Type in command, hit enter. See a big black box? Type in "getmac". Yeah, I know, its funny to say Get Mac on a windows machine, those quirky programmers, what can I say. OK, could you read me the group of numbers and letters with the dashes in them that you see on the first line? OK, thats what I'm showing on this end too. Thanks Suzy, you're all set. If you have any problems you know who to call."
4) Sniff it out of the air (again with the wireless vulnerabilities).
5) If you can compromise any machine on the network "arp -a " gets you the MAC address of anybody you can see. I'm fairly certain you can accomplish this via ActiveX control (a quick Google found one), and also fairly certain you can not do it by Java applet.
Obviously, these are intended to tell you what you need to look out for securing your network, not for breaking into someone else's. Now if you'll excuse me I have to explain to a boss on why the whole "mac address printed on the laptop" is unwise.
I think its a scientific impossibility, not a legal one. You could always just set up a trust and/or foundation for yourself. Foundations can and do survive the initiator by decades without getting eaten up by later generations -- take a look at the Ford Foundation, etc. Granted, you'd have to be super-mega rich to make it work, but hey, the question is whether its possible rather than whether its achievable for the average working stiff.
>>
How many several-hundred-year-old organizations can one find right now? Damn few.
>>
The Catholic Church, as a corporate body and as its several dioceses. Several Protestant churches. Many universities in America and Europe. Lloyds Bank (of England). Wells Fargo. For that matter, any number of banking or insurance concerns in America or Europe.
The modern world has plenty of structures which are organized for perpetuity.
Suppose you offer $100 a click for an ad to get your brand name in the customer's eye but which also never generates clicks (it would be difficult to actually do, but just suppose). Google will notice your ad, despite the potential to generate $100 if anyone clicks on it, is generating them no revenue, and its "Quality Score" will suffer. Then they'll drop it from the rotation even if the #2 guy is only bidding a quarter a click, but with a 5% CTR. It will be the same for CPA ads -- if your web page can't complete the sale and get Google paid they will give your space to someone who can.
I'm an AdSense advertiser (hawking my program to make bingo cards for teachers -- there is no other form of advertising which makes any sense for this niche at all) and I *clean up* on some of my keywords because I have a CTR of around 5-20% (for some words) and some advertisers who have inexpertly targetted their ad are offering twice as much but for a click through rate which is likely much lower. On the flip side, I also have some words which aren't well targetted but which are dirt cheap, and its a good day when I hit 1% on them. (My conversion rate to trial downloads is about 10% either way, ironically.)
Slashdot Mirror
... they are not allowed to douse the servers in gas.
According to Wikipedia, USD$1,000,000,000 [needs source].
I hear there is this small shop nobody has ever heard of that makes some kind of chat client with dragons in it. But what would I know, I'm a Windows guy.
>>
Giant yellow Israeli scorpions live in the deserts of the Middle East and grow to about 4 inches long.
>>
Its a little known fact that giant yellow Israeli scorpions and giant yellow Arab scorpions can actually be told apart, using the following field science experiments:
1) Make jokes about it. If you're still living, it was Israeli.
2) Shoot a missile at it from an open field. Wait 20 minutes. If you're still living, it was Arab.
3) Induce the scorpion to sting someone. This isn't very hard for either variety. Take care, both are pretty lethal. Turn on the television. If Kofi Annan is condemning the scorpion, it is Israeli.
4) Leave the scorpion alone in a room with $1 billion of UN food aid, marked "Do not touch -- earmarked for poor scorpion orphans". If the room is empty when you return and the scorpion's swiss bank account registered a transaction, it was Arab.
5) I'll leave this to your imagination, but suffice it to say that Israeli scorpions have a distinctive use for their pinchers. Really, you're probably better off just asking him to sting you -- it will hurt less.
>>
Who wants to be hit on in a game while in the middle of a battle?
>>
Typically the tanks. If you're not getting hit you don't have sufficient rage generation to maintain aggro over the DPS. Then clothies start to die, the raid wipes, and its ALL YOUR FAULT just because you couldn't keep up with the mage who fired off Arcane Power and then two trinkets in succession on the pull.
Oh, hit on. Nevermind.
I'm guessing, and this is a shot in the dark, that high school in the 1950s saw a lot less of Shangri f'ing La. First, their names would be something like Steve and Nancy, and their idea of scandalous transgression would probably be holding hands in a lascivious manner.
I guess they needed more intelligent design.
I had to review something like a dozen of these for work last year (the technology incubator I work at went on a blogging kick and tried to pitch the idea to all of our client companies). Xoops was far and away my favorite, mostly because it was one of the only ones I could get working in under an hour. It also had an attractive layout out of the box and had modules for blogs/forums/news posts, which were essentially everything our clients had on their wishlists. Installing RedHatCMS, by comparison, is painful enough to be the subject of a Japanese game show* except the episode would have to last about three weeks.
* "HAHA! Stupid contestant, your version of Tomcat is incompatible! Your punishment is having to wipe your machine and start over!" Which would be bloody close to what kept happening in real life, too, since after you botched an install of the thing the quickest way to get the next install working without causing compatibility issues was to reinstall Linux from CD.
You might have, thought you were clever, using Anonymous Coward, but your use of 15 commas, in a single paragraph, no less, gives the game away.
I got my current job on the expectation that I'd be doing mostly non-engineering work. My main day to day function is being a research, to the extent that I introduce myself as one rather than give my actual title (because people wonder "Then WTF are you doing in front of the computer all day"). In any given workweek I might do PR presentations, translate documents, interpret for clients, hold an internal lecture about SEO, help the web team out a bit, or actually do some research/programming. And you know what? It doesn't matter to me. I'm still getting the same salary we agreed on and I'm still working the (absurdly low) number of hours they request from me. My thought is if they're paying me for my brain and my time then they can use both however they want to, within reason.
... why did no one tell Dick Cheney?
Next time, please
don't post from your
cellphone.
Everyone knows only Chloey gets to touch the protocols. Tony, Michelle, and Edgar have all THOUGHT they could initiate a protocol... and we know what happened to them. I don't care if Raistlin is the demigod of supercool or whatever he is, you just don't mess with the protocols. Its like a computerized Hand of Vecna -- great if you Vecna, great way to get yourself killed if you're anyone else.
... they DO end up with less stench on them at the top of the ride than at the bottom, since convervation of mass means that the stuff suffocating me had to come from somewhere...
China is a police state.
If you want to be known for all eternity as someone who did not spam your friends and family, post here and be immortalized on Slashdot and the will-someday-be-omniscient Google Cache.
In Soviet Russia, you follow Slashdot's advice. (Yeah, I know, I borked the meme. But really, the point is to NOT want to go to Soviet Russia, right?)
Hmm, actually, a passphrase of decent length with both spaces, upper case characters, and punctuation -- thats not too bad. Now all you need to do is vary casing and throw in some l33tness -- Th1s 1s y0ur administrat3r, 0p3n up!
Ah, you're right. Its unlikely to be a practical deterrent to this method, though. N is so much greater than M that its effectively still O(N), just with a slightly nastier constant. Sure, if you have 100 developers it takes 100 times as long... but you were already burning through a couple tends of thousands of words to check, and since the process doesn't have to be realtime you've got all the time in the world. As long as you don't go polynomial with regards to N you're fine-and-dandy.
He's thinking "Hey, how would you know whether the password was insecure or not without looking at it?", and has correctly identified the fact that you shouldn't be able to work backwards from a hash to the password. However, he failed to take into account the fact that you could come up with a list of N bad passwords (say, 40,000 words pulled from a dictionary or something similar) and check them against all the passwords you have in O(N+M) time, where M is the number of accounts you need to check (constant time to hash a password, constant time to mark that hash location as "bad, collides with known bad password foo" in a hash table, constant time to lookup each password hash within your hash table and test for badness).
You could also do an O(M) search by taking any suite of password hacking tools you want, allocating them X amount of processor resources (say, 5 minutes CPU time each), and then letting them loose. Anybody whose password gets broken gets locked. In previous discussions some folks have noted that their organizations perform this check on a routine basis.
1) Visually inspect one known-good piece of equipment. At my organization, for reasons which are beyond me, they're printed on every laptop (along with my username and static IP address). They're also frequently printed on the physical network card. So if a computer is in a physically non-secure location (guest-accessible computer, laptop stolen, laptop taken in for repairs by Geek Squad instead of IT, laptop taken home, etc etc) thats a vulnerability.
2) Socially engineer a wireless mac address. Go to any location frequented by the workers at your target institution -- say, the cafe across the street during lunch hour. Open a wireless hotspot with a name like "Roadkill Cafe Wirless Network" and don't require any sort of authenticiation. Take mac addresses off the logs, then return to the target institution and try until you find one that works. (Hopefully they don't have their wireless addresses and their wired addresses be the same... but I've seen it done before, by lazy IT types).
3) Call and ask somebody. "*ring ring* Hiya, Suzy, this is Bob in IT. We're having some problem with the router covering your workgroup. Have you noticed any problems? No? Thats great. We put through some fixes on our end and I need to be sure that they took. Could you please hit your windows key and R at the same time? Type in command, hit enter. See a big black box? Type in "getmac". Yeah, I know, its funny to say Get Mac on a windows machine, those quirky programmers, what can I say. OK, could you read me the group of numbers and letters with the dashes in them that you see on the first line? OK, thats what I'm showing on this end too. Thanks Suzy, you're all set. If you have any problems you know who to call."
4) Sniff it out of the air (again with the wireless vulnerabilities).
5) If you can compromise any machine on the network "arp -a " gets you the MAC address of anybody you can see. I'm fairly certain you can accomplish this via ActiveX control (a quick Google found one), and also fairly certain you can not do it by Java applet.
Obviously, these are intended to tell you what you need to look out for securing your network, not for breaking into someone else's. Now if you'll excuse me I have to explain to a boss on why the whole "mac address printed on the laptop" is unwise.
... means everyone gets to see your machine compromised?
>> How many several-hundred-year-old organizations can one find right now? Damn few. >>
The Catholic Church, as a corporate body and as its several dioceses. Several Protestant churches. Many universities in America and Europe. Lloyds Bank (of England). Wells Fargo. For that matter, any number of banking or insurance concerns in America or Europe.
The modern world has plenty of structures which are organized for perpetuity.
I'm an AdSense advertiser (hawking my program to make bingo cards for teachers -- there is no other form of advertising which makes any sense for this niche at all) and I *clean up* on some of my keywords because I have a CTR of around 5-20% (for some words) and some advertisers who have inexpertly targetted their ad are offering twice as much but for a click through rate which is likely much lower. On the flip side, I also have some words which aren't well targetted but which are dirt cheap, and its a good day when I hit 1% on them. (My conversion rate to trial downloads is about 10% either way, ironically.)
Caviar!