That is probably true in this case, but is not necessarily true in all cases. Imagine, for example, that the password is encrypted with the email address as its key, and the email address is hashed. Upon login, a hash lookup is done for the email address, and the encrypted password is decrypted and compared to the one sent. Or alternatively, the password is stored both encrypted as mentioned, and hashed, so that logins are done by 2 hash checks.
Either scenario would allow the user to retrieve the password without the host or an attacker being able to see what the associated email or password is.
I'm pretty sure the hosting provider would require an unencrypted/unhashed copy of your email address.
in a manner which brings attention to the issue, but does not disrupt normal operations.
They put a really low bar to get around their block, just disable javascript reload and keep reading! At least that was my first thought when I viewed it and with konqueror it's an easy menu option to disable javascript for the current window. Now it looks like they disabled editing for every english wikipedia article, and that you can't get around.
Or just hit ESC before it redirects. Then again it's the clueless people that they want to make aware of these congressional bills.
There's no reason for saying that. IPv6 is just another cyber space, there's nothing fancy, new, with it, it should be commonly accepted as something we MUST have, right now.
Except that it's not. There are billions of addresses - entire A blocks - locked up in early-adopter organizations that could be made available. For example, the US Post Office doesn't really need it's own A block. Nor do most organizations who own them. And B blocks? Thousands are unneeded. My old university has a B block and it's ridiculous...it's all behind a firewall except for a few numbers anyway. For most orgs, it's just that the money that these big blocks could be sold for doesn't exceed the cost of renumbering to 10.x internally. It will someday soon.
We're years away from ipv4 exhaustion.
It's ironic that the reason some companies like Comcast are moving to IPv6 on their infrastructure, is so they can sell the IPv4 blocks. It's certainly not to provide better customer connectivity.
Why wait for the next version of Windows? Windows newer than XP has supported IPv6 out of the box (XP just involves a driver install), Linux has supported v6 out of the box for over 10 years, OS X supports it out of the box, Android supports it out of the box, lots of Apple hardware Just Works with v6, etc. Just setting the router to send RAs should see most of the clients on an average network automatically start to use v6, no need to upgrade the OS or reconfigure it.
Supporting it and supporting it well are two different things. Aside from the OS, you also have to consider whether your apps support it. Do you know of a an antivirus, host IDS software, and security scanner that fully supports IPv6? That's the number one reason many large businesses and DOD are forgoing IPv6.
Couldn't they trace the serial number on the returned box, match that up to the iTunes account used to activate the missing iPad, and nail the perps that way?
More than likely they'd nail someone who bought it off eBay.
Okay, you you wrote something on your own time. Good for you for taking the initiative. Now stop being a greedy prima dona about it already. If you hold it hostage then you look like an ass and it will bite you in the long run. I doubt it's fully done and all the bugs worked out. Offer what you have done already to your boss as a demo of what the program might do for them, and either suggest they either get a real programmer to finish it or pay you to finish it with the understanding that your talents are limited. Don't expect to get paid for time already invested. Lots of free lancers rough out a demo to pitch for a later sale.
Seriously, take the high road here. Try not to point out that you otherwise "have lots of downtime" which to me translates as "you are disposable and don't take any initiative".
The reality is that DOD has issued a Secure Technical Implementation Guide (STIG) that must be followed if you are trying to get a Designated Approving Authority (DAA) to issue an Approval To Operate (ATO). Actually implementing a secure architecture and getting approval for sensitive unclass, much less classified is a whole different issue.
I guarantee that approval means the user will not have Android market access and will not be able to arbitrarily install applications. Depending on the setup, an approved android phone may very well have less capability than a Blackberry.
Or some old versions of Samba, which defaulted to be more primary than existing infrastructure . User just meant to share a folder and suddenly all the office systems can't authenticate. Oops.
And apparently improperly configured Windows machines. You shouldn't be running WINS anymore and the clients should even be trying to use WINS lookups.
64-bit windows requires no-execute on data pages (DEP), so there's no route you can cause data corruption and end up with executable code unless you have code running in the kernel to change the flags on the pages in memory.
If this is a theoretical exploit, the authors of it may not be that familiar with 64-bit Windows 7, or are running on a developer machine they explicitly disabled DEP.
Close but not quite. 64-bit Vista and newer enable DEP for 64-bit programs by default but it can be disabled. It still provides no assurance that the program properly marks its pages. I've seen too many programs that just mark everything as executable to avoid DEP issues. Given how many issues Safari had with DEP on Vista64 (typical of their programs for Windows), it wouldn't surprise me if Apple did that.
Of course they would. They translate the x-ray or non-visible spectrum into a visible color scale, and play with it until it looks nice, then use photoshop and artistic license to come up with something to sell to the public.
They even admit it. The description on the video download page says:
This movie presents a visualization of the star-forming region known as S106. This unique three-dimensional view illustrates and emphasizes that many of the objects contained within astronomical images are not at the same distance, but, in fact, spread across light-years of space. The Hubble image is augmented with additional field-of-view from the Subaru Infrared Telescope. The stars and the lobes of glowing gas from the Hubble/Subaru two-dimensional image have been separated and sculpted using both scientific knowledge and artistic license to create the depth in the movie. Of note, the relative distances between stars and the nebula have been greatly compressed. The format of this movie is a standard "2D" presentation and does not require a 3D screen or 3D glasses.
Correct but my comment was about attitude control of an aircraft requiring the use of gyros. You can't use GPS to detect if your aircraft is rolling or even upside-down
Yes you can. I use several systems which calculate pitch and roll from GPS. It's two antenna and the receiver looks at the time of flight differences between the sat received signals. Absolute accuracy of the position and differential correct is irrelevant. The $3,000 off the shelf marine setup is accurate with within 1 degree pitch with a 6-foot spread between the antenna. The $30,000 setup is accurate to 0.05 degrees. The $1,500 mems based accelerometer is amazing accurate for gyro based positioning.
Wikipedia mentions that designers specifically omitted cutting edge tech because of platform having a single engine (a single point of critical failure) as well as being designed for deep penetration behind enemy lines. It's not so much a "cost", as "how much of our top secret tech can be copied from this". That means things from skin materials to shape to optics to software.
Something like this is nearly impossible to put a real price tag on, because frankly, it doesn't have one. We're talking about balance of power, something you cannot measure with money alone.
You can put a rough price on it. The DOD put XX dollars into developing a specific technology, lets say the coatings, to gain the technological edge for an estimated period of time. Once that edge is lost due to the enemy figuring out how to defeat or copy it, then you can figure you spent XX dollars over XX amount of time.
This is the reason that spying is so costly to the US economy. We spend billions on technology, and countries like China find it far cheaper to spy and steal the tech instead of develop it themselves.
>Given how long the US would need to get enough firepower within range of those batteries,
Depending on version, Tomahawks have a range of up to 1500 miles and travel about 550 mph. There are plenty deployed within on US Navy ships both on and under the Arabian and Med seas. So max time from someone saying go to impact is about 3 hours. US fighters travel much faster and could launch and strike in probably less than an hour.
From Wikipedia: The Dunning–Kruger effect is a cognitive bias in which unskilled people make poor decisions and reach erroneous conclusions, but their incompetence denies them the metacognitive ability to recognize their mistakes. The unskilled therefore suffer from illusory superiority, rating their ability as above average, much higher than it actually is, while the highly skilled underrate their own abilities, suffering from illusory inferiority. Dunning-Kruger Effect
Study was done in 99, so they are only 12 years late on this one.
So that explains why 85% of drivers consider their driving skills to be above average.
This study would be a lot more believable if they didn't use phrases like " users of monopoly software" and actually linked to the test they gave.
(For the record, I'm not an IE user either. But the article isn't too far from spelling Microsoft with a dollar sign)
And perhaps they could give the error margins for their results. I'd put money on the error margin being a lot bigger than differences in the user group results.
The reason college athletes have higher GPAs is they generally don't take demanding courses and often are taking the minimum credit load to be considered full time, whereas the folks taking engineering courses have a harder course load.
This may be true for some sports, but not for all.
Most people don't think of track when they think college sports. Most people think of the major pro sports like basketball, football, baseball, etc. For the actual statistics, I'll refer you to the USA Today study at http://www.usatoday.com/sports/college/2008-11-18-majors-graphic_N.htm. I don't really like how they aggregated the date , but it is interesting to put your mouse over each block and see the individual college stats.
It really should be an embarrassment to the colleges that bill themselves as technical schools, that virtually none of their athletes have a technical major. Athletic scholarships are a travesty in my opinion. A scholarship should be based on your potential to excel at your chosen major and your financial situation. Not whether you'll give the school bragging rights for having a winning team (which encourages alumni donations).
In tests the Pinto ruptured the gas tank every single time in rear end crashes as slow as 30mph, often resulting in a fire. Most vehicles did not do this. This was due to a design flaw that had nothing between the tank and the bolts sticking out on the rear differential, which most cars had. Yes the problem was real.
Ford caught so much grief because the it came out that they knew about this flaw and decided the potential cost of lawsuits was lower than the cost to recall and fix the issue.
Clothing yes, lingerie not so much. Women buy sexy lingerie so they can imagine they are sexy as well. Why else would 250-lb women be buying thongs instead of comfortable panties? Keep in mind I've seen way to many whale tales sticking out of frumpy sweat pants.
Athletic scholarships at American universities are almost entirely funded by alumni. These athletic scholarships aren't taking away any money from academic scholarships.
stop shitting up education for future generations.
I'm just curious how you're coming to this conclusion. How are athletes "shitting up" education? Are they somehow bringing everyone else down? Is the quality of education suffering at universities with high power athletic teams? Are more academically qualified applicants really being turned down? I think not; at a typical American public university with 20-40k students, maybe 500 of them are athletes. That's a pretty small percentage.
Because those Universities pour a disproportionate amount of money into the athletic facilities. Money that could be better spent towards technical facilities. It's sad that the sports programs are basically advertising for the university. They really should be competing and advertising the quality of their education programs rather than their ability to field a competitive football team.
You're assuming that all college athletes a) don't care about academics, b) are worse students than the average non-athlete and c) all aspire to be professional athletes. This is only true for high profile sports programs, such as football and basketball. You're also assuming that somehow, athletes deny better academically qualified applicants. At my undergrad university, a NCAA D1 school, the average athlete GPA and graduation rate was higher than the school average.
The reason college athletes have higher GPAs is they generally don't take demanding courses and often are taking the minimum credit load to be considered full time, whereas the folks taking engineering courses have a harder course load. There are plenty of exceptions where the student is using the athletic scholarship as a means of getting an education, but it is very rare to someone on an athletic scholarship majoring in anything but a liberal arts or a fluff business degree.
With the addition of spew carcinogens out the pipe. Yes, even in ultra low sulfur mix.
Citation needed since you're full of shit. Diesel produced more carbon in the output (the black cloud you sometimes see) but it has far less toxic components than burning gasoline. That's why diesels don't require a catalytic converter.
Hydrogen is just an intermediate form of energy storage, and a very poor one at that since it takes up 6x as much room as an energy equivalent amount of gasoline. Why not just take the electricity or natural gas that is the original source of the hydrogen and use that?
What we really need is better battery technology so that electric vehicles have a decent range. Good luck finding an electric charging station halfway across Montana.
Slashdot Mirror
That is probably true in this case, but is not necessarily true in all cases. Imagine, for example, that the password is encrypted with the email address as its key, and the email address is hashed. Upon login, a hash lookup is done for the email address, and the encrypted password is decrypted and compared to the one sent. Or alternatively, the password is stored both encrypted as mentioned, and hashed, so that logins are done by 2 hash checks.
Either scenario would allow the user to retrieve the password without the host or an attacker being able to see what the associated email or password is.
I'm pretty sure the hosting provider would require an unencrypted/unhashed copy of your email address.
It's already been shown that molten metals and rocks in layers can be charged like batteries. Is it no surprise that they conduct? http://www.popsci.com/technology/article/2010-04/molten-metal-batteries-could-store-extra-juice-power-grid
They put a really low bar to get around their block, just disable javascript reload and keep reading! At least that was my first thought when I viewed it and with konqueror it's an easy menu option to disable javascript for the current window. Now it looks like they disabled editing for every english wikipedia article, and that you can't get around.
Or just hit ESC before it redirects. Then again it's the clueless people that they want to make aware of these congressional bills.
There's no reason for saying that. IPv6 is just another cyber space, there's nothing fancy, new, with it, it should be commonly accepted as something we MUST have, right now.
Except that it's not. There are billions of addresses - entire A blocks - locked up in early-adopter organizations that could be made available. For example, the US Post Office doesn't really need it's own A block. Nor do most organizations who own them. And B blocks? Thousands are unneeded. My old university has a B block and it's ridiculous...it's all behind a firewall except for a few numbers anyway. For most orgs, it's just that the money that these big blocks could be sold for doesn't exceed the cost of renumbering to 10.x internally. It will someday soon.
We're years away from ipv4 exhaustion.
It's ironic that the reason some companies like Comcast are moving to IPv6 on their infrastructure, is so they can sell the IPv4 blocks. It's certainly not to provide better customer connectivity.
Why wait for the next version of Windows? Windows newer than XP has supported IPv6 out of the box (XP just involves a driver install), Linux has supported v6 out of the box for over 10 years, OS X supports it out of the box, Android supports it out of the box, lots of Apple hardware Just Works with v6, etc. Just setting the router to send RAs should see most of the clients on an average network automatically start to use v6, no need to upgrade the OS or reconfigure it.
Supporting it and supporting it well are two different things. Aside from the OS, you also have to consider whether your apps support it. Do you know of a an antivirus, host IDS software, and security scanner that fully supports IPv6? That's the number one reason many large businesses and DOD are forgoing IPv6.
Couldn't they trace the serial number on the returned box, match that up to the iTunes account used to activate the missing iPad, and nail the perps that way?
More than likely they'd nail someone who bought it off eBay.
Okay, you you wrote something on your own time. Good for you for taking the initiative. Now stop being a greedy prima dona about it already. If you hold it hostage then you look like an ass and it will bite you in the long run. I doubt it's fully done and all the bugs worked out. Offer what you have done already to your boss as a demo of what the program might do for them, and either suggest they either get a real programmer to finish it or pay you to finish it with the understanding that your talents are limited. Don't expect to get paid for time already invested. Lots of free lancers rough out a demo to pitch for a later sale.
Seriously, take the high road here. Try not to point out that you otherwise "have lots of downtime" which to me translates as "you are disposable and don't take any initiative".
The reality is that DOD has issued a Secure Technical Implementation Guide (STIG) that must be followed if you are trying to get a Designated Approving Authority (DAA) to issue an Approval To Operate (ATO). Actually implementing a secure architecture and getting approval for sensitive unclass, much less classified is a whole different issue.
I guarantee that approval means the user will not have Android market access and will not be able to arbitrarily install applications. Depending on the setup, an approved android phone may very well have less capability than a Blackberry.
Or some old versions of Samba, which defaulted to be more primary than existing infrastructure . User just meant to share a folder and suddenly all the office systems can't authenticate. Oops.
And apparently improperly configured Windows machines. You shouldn't be running WINS anymore and the clients should even be trying to use WINS lookups.
64-bit windows requires no-execute on data pages (DEP), so there's no route you can cause data corruption and end up with executable code unless you have code running in the kernel to change the flags on the pages in memory.
If this is a theoretical exploit, the authors of it may not be that familiar with 64-bit Windows 7, or are running on a developer machine they explicitly disabled DEP.
Close but not quite. 64-bit Vista and newer enable DEP for 64-bit programs by default but it can be disabled. It still provides no assurance that the program properly marks its pages. I've seen too many programs that just mark everything as executable to avoid DEP issues. Given how many issues Safari had with DEP on Vista64 (typical of their programs for Windows), it wouldn't surprise me if Apple did that.
Nah, NASA wouldn't do anything that sleazy.....
Of course they would. They translate the x-ray or non-visible spectrum into a visible color scale, and play with it until it looks nice, then use photoshop and artistic license to come up with something to sell to the public.
They even admit it. The description on the video download page says:
This movie presents a visualization of the star-forming region known as S106. This unique three-dimensional view illustrates and emphasizes that many of the objects contained within astronomical images are not at the same distance, but, in fact, spread across light-years of space. The Hubble image is augmented with additional field-of-view from the Subaru Infrared Telescope. The stars and the lobes of glowing gas from the Hubble/Subaru two-dimensional image have been separated and sculpted using both scientific knowledge and artistic license to create the depth in the movie. Of note, the relative distances between stars and the nebula have been greatly compressed. The format of this movie is a standard "2D" presentation and does not require a 3D screen or 3D glasses.
Correct but my comment was about attitude control of an aircraft requiring the use of gyros. You can't use GPS to detect if your aircraft is rolling or even upside-down
Yes you can. I use several systems which calculate pitch and roll from GPS. It's two antenna and the receiver looks at the time of flight differences between the sat received signals. Absolute accuracy of the position and differential correct is irrelevant. The $3,000 off the shelf marine setup is accurate with within 1 degree pitch with a 6-foot spread between the antenna. The $30,000 setup is accurate to 0.05 degrees. The $1,500 mems based accelerometer is amazing accurate for gyro based positioning.
Wikipedia mentions that designers specifically omitted cutting edge tech because of platform having a single engine (a single point of critical failure) as well as being designed for deep penetration behind enemy lines. It's not so much a "cost", as "how much of our top secret tech can be copied from this". That means things from skin materials to shape to optics to software.
Something like this is nearly impossible to put a real price tag on, because frankly, it doesn't have one. We're talking about balance of power, something you cannot measure with money alone.
You can put a rough price on it. The DOD put XX dollars into developing a specific technology, lets say the coatings, to gain the technological edge for an estimated period of time. Once that edge is lost due to the enemy figuring out how to defeat or copy it, then you can figure you spent XX dollars over XX amount of time.
This is the reason that spying is so costly to the US economy. We spend billions on technology, and countries like China find it far cheaper to spy and steal the tech instead of develop it themselves.
Besides, I'm pretty skeptical that Iran would sink an oil carrier off their coast. The environmental and political fallout would be tremendous.
>Given how long the US would need to get enough firepower within range of those batteries,
Depending on version, Tomahawks have a range of up to 1500 miles and travel about 550 mph. There are plenty deployed within on US Navy ships both on and under the Arabian and Med seas. So max time from someone saying go to impact is about 3 hours. US fighters travel much faster and could launch and strike in probably less than an hour.
From Wikipedia:
The Dunning–Kruger effect is a cognitive bias in which unskilled people make poor decisions and reach erroneous conclusions, but their incompetence denies them the metacognitive ability to recognize their mistakes. The unskilled therefore suffer from illusory superiority, rating their ability as above average, much higher than it actually is, while the highly skilled underrate their own abilities, suffering from illusory inferiority.
Dunning-Kruger Effect
Study was done in 99, so they are only 12 years late on this one.
So that explains why 85% of drivers consider their driving skills to be above average.
This study would be a lot more believable if they didn't use phrases like " users of monopoly software" and actually linked to the test they gave.
(For the record, I'm not an IE user either. But the article isn't too far from spelling Microsoft with a dollar sign)
And perhaps they could give the error margins for their results. I'd put money on the error margin being a lot bigger than differences in the user group results.
The reason college athletes have higher GPAs is they generally don't take demanding courses and often are taking the minimum credit load to be considered full time, whereas the folks taking engineering courses have a harder course load.
This may be true for some sports, but not for all.
Most people don't think of track when they think college sports. Most people think of the major pro sports like basketball, football, baseball, etc. For the actual statistics, I'll refer you to the USA Today study at http://www.usatoday.com/sports/college/2008-11-18-majors-graphic_N.htm. I don't really like how they aggregated the date , but it is interesting to put your mouse over each block and see the individual college stats.
It really should be an embarrassment to the colleges that bill themselves as technical schools, that virtually none of their athletes have a technical major. Athletic scholarships are a travesty in my opinion. A scholarship should be based on your potential to excel at your chosen major and your financial situation. Not whether you'll give the school bragging rights for having a winning team (which encourages alumni donations).
In tests the Pinto ruptured the gas tank every single time in rear end crashes as slow as 30mph, often resulting in a fire. Most vehicles did not do this. This was due to a design flaw that had nothing between the tank and the bolts sticking out on the rear differential, which most cars had. Yes the problem was real.
Ford caught so much grief because the it came out that they knew about this flaw and decided the potential cost of lawsuits was lower than the cost to recall and fix the issue.
Clothing yes, lingerie not so much. Women buy sexy lingerie so they can imagine they are sexy as well. Why else would 250-lb women be buying thongs instead of comfortable panties? Keep in mind I've seen way to many whale tales sticking out of frumpy sweat pants.
on average we have a sexual thought about every 20 seconds or so. That's the way we're made.
Wrong. http://www.snopes.com/science/stats/thinksex.asp
Athletic scholarships at American universities are almost entirely funded by alumni. These athletic scholarships aren't taking away any money from academic scholarships.
stop shitting up education for future generations.
I'm just curious how you're coming to this conclusion. How are athletes "shitting up" education? Are they somehow bringing everyone else down? Is the quality of education suffering at universities with high power athletic teams? Are more academically qualified applicants really being turned down? I think not; at a typical American public university with 20-40k students, maybe 500 of them are athletes. That's a pretty small percentage.
Because those Universities pour a disproportionate amount of money into the athletic facilities. Money that could be better spent towards technical facilities. It's sad that the sports programs are basically advertising for the university. They really should be competing and advertising the quality of their education programs rather than their ability to field a competitive football team.
You're assuming that all college athletes a) don't care about academics, b) are worse students than the average non-athlete and c) all aspire to be professional athletes. This is only true for high profile sports programs, such as football and basketball. You're also assuming that somehow, athletes deny better academically qualified applicants. At my undergrad university, a NCAA D1 school, the average athlete GPA and graduation rate was higher than the school average.
The reason college athletes have higher GPAs is they generally don't take demanding courses and often are taking the minimum credit load to be considered full time, whereas the folks taking engineering courses have a harder course load. There are plenty of exceptions where the student is using the athletic scholarship as a means of getting an education, but it is very rare to someone on an athletic scholarship majoring in anything but a liberal arts or a fluff business degree.
With the addition of spew carcinogens out the pipe. Yes, even in ultra low sulfur mix.
Citation needed since you're full of shit. Diesel produced more carbon in the output (the black cloud you sometimes see) but it has far less toxic components than burning gasoline. That's why diesels don't require a catalytic converter.
Hydrogen is just an intermediate form of energy storage, and a very poor one at that since it takes up 6x as much room as an energy equivalent amount of gasoline. Why not just take the electricity or natural gas that is the original source of the hydrogen and use that?
What we really need is better battery technology so that electric vehicles have a decent range. Good luck finding an electric charging station halfway across Montana.