If users are selecting randomly from the set of possible passwords of a given length then adding more rules would reduce the average crack time.
However by and large users don't do that. The trouble with having passwords like "at least one capital letter" is it has a habbit of translating into "exactly one capital letter in the first position" in the eyes of the users. Similar things apply to numbers and symbols, people are far more likely to put them at the end than in the middle. By ruling out the obvious places to put capitals/numbers/symbols you may improve the quality of the worst passwords in your system.
The problem is this is a domain registrar we are talking about. They have the ability to hold his domain hostage (yes he may eventually be able to force it out of their hands through ICANN dispute resoloution processes but such processes are slow).
So it may be prudent to work on getting the domain transferred away before poking network soloutions too hard.
Hulu is offered on the Console, but once you launch it (which requires an initial download) you get told it can only be used in the US - WTF!?
Presumablly this oddity is a result of Nintendo treating the US and canada as one market but the companies that control licensing of TV shows treating them as two seperate markets.
with the exception of Pokemon (which bizarely remains a handheld-only experience)
There have been pokemon games on non-handheld consoles but it seems like they never managed to figure out how to make the process of finding wild pokemon work in a 3D environment. Colleseum and XD worked arround this with shadow pokemon and poke-spots which kinda worked but were very different from the normal pokemon experience. Battle revolution didn't bother to provide the player with a means of collecting pokemon at all other than a handful of pokemon available for transfer to DS carts through unlocking items in an in-game store (and got terrible reviews because of it).
It will be interesting to see what happens if and when they release a pokemon game for the wii-u.
For example, you could have Pokemon on the Wii U with special things to find that you can then transfer to X and Y on the 3DS (things you cant get just by playing X and Y alone)
They have done it before. If you wanted to get all the non-event pokemon in the GBA generation then you needed a gamecube, a GBA-GCN cable and various games (mainly colleseum and XD but there were a few individual pokemon that needed other games).
I wonder why they didn't do something similar for the wii, while you can get a few pokemon through battle revoloution none are unique to that game (though I belive it may be the easiest way to get a surfing pikachu in that generation). There are rumours of a new pokemon game for the wii u, it will be interesting to see what if any reward you get from playing it.
I hear plenty of people complaining that their real world throughput at peak times is much lower than their sync speed. That means that either the servers or some part of the network between the user and the server is overloaded.
Cellphone like internet prices suck but they suck less than not having internet access at all or actually using cellular/satellite services. So sadly in the absense of fixed line competition they may well get away with this.
Equally by making traffic prices for services off their network artificially high they can force people to buy the services that are on the network (either because they own those services or because those services are paying them for the privilage of being unmetered or whatever).
When you are building a completely new network or first introducing broadband onto a phone network unlimited traffic makes a lot of sense. Most of your costs at that point are per subscriber not per unit of data and when building a completely new backbone it makes sense to make sure it has plenty of spare capacity.
Then years down the line your network starts creaking at the seams. What you thought was plenty of capacity when you built the network no longer is. You start thinking about a major upgrade to your obsolete (but still fuctional) gear but then you look at why you need that upgrade and discover that it's a relatively small proportion of users who are using most of the traffic. Do you make everyone pay for the upgrade or do you try and place it on the heavy users only?
Having said that this case seems to have swung the balance between "charging for connections" and "charging for data" too far in the opposite direction. Having data prices high enough that people have to balance the cost of installing security updates against the risk of not installing them is almost certainly not a good thing.
Many countries have lots of ISPs but i'm not aware of anywhere with more than a handful of "last mile connectivity" providers. At least in the UK the bulk of the costs for a small ISP is paying BT (or one of the handful of competitors operating in any given locality) for the connctions between end user and ISP NOT paying for the upstream connections to the internet.
This is probably because they want the signature checker to fit in the CD boot loader. For historical reasons [mit.edu], bootable CDs imitate a floppy during the initial boot process, and contain an image of a 1.44MB floppy with a FAT file system.
Bootable CDs can emulate a floppy during boot but that is not the only supported boot method.
This process is so retro that the initial program loaded is executed in 16-bit X86 mode.
That's just PC BIOS booting in general though, not really much different from booting off any other media. It does mean your first state bootloader has to be small though
Debian don't sign the binary packages directly (they do sign source packages but that is more as a conviniance to users who get a source package from somewhere other than the repo). Both the upload and download sides of things are now protected by GPG signatures but the two systems are seperate and one is much newer than the other
The "upload" (developer--->repo) side of things is secured by a signature on the "changes" file which describes the upload. The changes file in turn contains secure hashes* of the files that are being uploaded. It has been this way for as long as I can remember**.
the "download" (repo--->user) side of things is secured by signatures on the "Release" files. The release files contain secure hashes of the "Packages" files which in turn contain secure Hashes of the files in the repo. This system was introduced with debian etch (released in 2007 though testing users would have had the functionlity earlier).
* At least md5, usually also sha1 and sha256. AIUI if multiple hashes are present they are all required to match.
Once average speeds hit an acceptable point (probably no more than a year or two off),
The thing is what matters is not so much the average speed as the speed of the slowest user you don't want to lose. In particular it's worth considering that
1: People often don't buy the fastest connection available to them 2: The people who are stuck on the slowest connections right now are also often the people with the least hope for a better connection in the future. A handful of communities have taken matters into their own hands but it remains to be seen if this will become a wider trend.
Once average speeds hit an acceptable point (probably no more than a year or two off), all 'static' content (ie non-video) will be rendered on the server, merged with advertising content, and then sent out to the user as a solid block, probably an imagemap with hotspot data, a second 'reactive' image and some javascript so it all gels and has feedback.
Some sites may try it but I would expect the degredation in user experiance and the additional server costs to make it a net loss for site operators. Have you noticed that most websites still use third party ad-servers despite the fact that doing so makes it much easier to block ads? This suggests to me that as much as website operators talk about evading ad-blockers it isn't a top priority for them.
The "This note is legal tender for all debts, both public and private" is only on paper currency
The notice on the note doesn't really matter much. What matters is what the law says at the time of the transaction (for example the fact an old note says "gold certificate" on it does not mean it can be exchanged for gold anymore).
you can't necessarily pay them in pennies, either.
From a quick search it seems that all US coins are legal tender for debts of any ammount in the US. So if you pay your US restaurant bill in US pennies they can't sue you for non-payment. Other countries vary.
Exchanges doesn't buy and sell any BTCs. Other people buy and sell them through the exchanges.
True
So the exchanges can't become "dry".
False.
Exchanges usually have active offers offering to provide dollars in exchange for bitcoins and orders offering to provide bitcoins in exchange for dollars. When someone wants to sell their bitcoins quickly they offer to sell them at a price slightly below the current market price and hence activate the existing buy orders. Likewise when someone wants to buy bitcoins quickly they offer to buy them at a price slightly above the current market price and hence activate the existing sell orders.
However if someone comes along with a very big order to sell bitcoins regardless of price they can drain all the buy orders out of the market. Likewise if they come along with a very big order to buy bitcoins regardless of price they can drain all the sell orders out of the market.
If they sold it all at once on MT gox they would clean out the order book but only by a factor of 2 or so. Not sure how large a proportion of the bitcoin markget gox makes up nowadays.
I think it's fair to say they could certainly cause a sharp downward price shock but it's unlikely they could make it impossible for others to trade by this method.
However, there are many, many other devices out there aside from IE on XP that don't support SNI.
Afaict the only significant browsers that don't support SNI are the default browser on old versions of andriod and internet explorer on windows XP.
Yeah i'm sure there are lots of browsers built into things like games consoles, smart TVs etc that don't support it but those browsers tend to be shitty enough in other ways that people don't use them much.
I run XP professional x64 edtion on my office desktop at uni and my experiance has been generally pretty good
I did run into a few issues 1: the NI mydaq software flat out refused to install 2: the Data translation DT9816 worked with the low level APIs but not the high level APIs. 3: I had an add-in realtek network card (the machine is on two networks, the uni network and a private network for test equipment etc) that kept dropping the connection yet worked fine in other machines with other versions of windows. Strangely the onboard NIC (which claimed to be the same chipset) worked fine.
Other than that though pretty much everything worked. I was especially surprised that the old HP scanner I had worked and that when I replaced the failing graphics card not only were there drivers for XP proffessional x64 edition but those drivers had been updated a couple of days before I installed them.
You don't need to wipe the device to unlock the bootloader and root.
Do you have a source for that claim? all the tutorials i've seen and the message on the device itself when I followed one of them clearly stated that unlocking the bootloader on the nexus 7 will wipe the data/settings area on the device.
You can install third-party applications that will read/dev/usb.
AIUI without root apps can read the raw block device but not write it. Do you have a source to the contary.
Well to root the device afaict you need to connect up a PC and if you have a PC connected you can get the data off through either MTP or the backup functionality.
People buying retail copies don't get any downgrade rights at all. Nor do people buying home editions through any channel People buying OEM copies of proffessional/ultimate get downgrade rights but historically were only allowed to downgrade by one version, currently they are allowing downgrading by two versions but we don't know if things will stay that way. Also MS only sometimes allows pre-downgraded sales sometimes so you may have to do the downgrade yourself. MS also doesn't supply media/keys for downgrading, so you have to use existing media/keys and this may involve activating over the phone every time you reinstall. People buying volume licenses get the ability to downgrade to pretty much whatever version they like and activation is not a problem.
So big buisnesses will be fine. Home and small buisness users are likely to find things harder.
Many urban planners are discussing the opposite - ban inefficient, private use vehicles from cities and provide better cycling infrastructure. Wins all round. Except for lazy people.
I think you are missing quite a few categories of people who would lose.
1: People who want/need to take more stuff with them when they travel than a bike can reasonablly carry. Plumbers, electricians, builders, many types of service technicians. People going shopping for large items or bulk groceries. 2: People who need to leave the metropolis and travel to rural areas where public transport sucks and will always suck. Maybe some kind of car club could work for this but the ones i've seen are hellishly expensive. 3: People who need to travel further than it's practical to bike at hours when public transport is poor or nonexistant. 4: People trying to travel distances further than it's practical to bike in directions other than the ones fast public transport runs in. 5: People in a hurry, while there are a handful of cities that are so congested that cars are slower than bikes or public transport they are by far the exception.
You could try and run a general car ban with exceptions for people who really needed a vehicle but I think you would find it very hard to do satisfactorily
Slashdot Mirror
Tic-tac-toe is simple enough that a human can reasonablly learn the perfect strategy.
It'll take 20 minutes for him to find a password that works, and he'll have to write it down to remember it. Problem solv... oh, wait...
And even then he might come up with a way of permuting the word that your checking tool doesn't know about but the real crackers do.
If users are selecting randomly from the set of possible passwords of a given length then adding more rules would reduce the average crack time.
However by and large users don't do that. The trouble with having passwords like "at least one capital letter" is it has a habbit of translating into "exactly one capital letter in the first position" in the eyes of the users. Similar things apply to numbers and symbols, people are far more likely to put them at the end than in the middle. By ruling out the obvious places to put capitals/numbers/symbols you may improve the quality of the worst passwords in your system.
The problem is this is a domain registrar we are talking about. They have the ability to hold his domain hostage (yes he may eventually be able to force it out of their hands through ICANN dispute resoloution processes but such processes are slow).
So it may be prudent to work on getting the domain transferred away before poking network soloutions too hard.
Hulu is offered on the Console, but once you launch it (which requires an initial download) you get told it can only be used in the US - WTF!?
Presumablly this oddity is a result of Nintendo treating the US and canada as one market but the companies that control licensing of TV shows treating them as two seperate markets.
with the exception of Pokemon (which bizarely remains a handheld-only experience)
There have been pokemon games on non-handheld consoles but it seems like they never managed to figure out how to make the process of finding wild pokemon work in a 3D environment. Colleseum and XD worked arround this with shadow pokemon and poke-spots which kinda worked but were very different from the normal pokemon experience. Battle revolution didn't bother to provide the player with a means of collecting pokemon at all other than a handful of pokemon available for transfer to DS carts through unlocking items in an in-game store (and got terrible reviews because of it).
It will be interesting to see what happens if and when they release a pokemon game for the wii-u.
For example, you could have Pokemon on the Wii U with special things to find that you can then transfer to X and Y on the 3DS (things you cant get just by playing X and Y alone)
They have done it before. If you wanted to get all the non-event pokemon in the GBA generation then you needed a gamecube, a GBA-GCN cable and various games (mainly colleseum and XD but there were a few individual pokemon that needed other games).
I wonder why they didn't do something similar for the wii, while you can get a few pokemon through battle revoloution none are unique to that game (though I belive it may be the easiest way to get a surfing pikachu in that generation). There are rumours of a new pokemon game for the wii u, it will be interesting to see what if any reward you get from playing it.
I hear plenty of people complaining that their real world throughput at peak times is much lower than their sync speed. That means that either the servers or some part of the network between the user and the server is overloaded.
Cellphone like internet prices suck but they suck less than not having internet access at all or actually using cellular/satellite services. So sadly in the absense of fixed line competition they may well get away with this.
Equally by making traffic prices for services off their network artificially high they can force people to buy the services that are on the network (either because they own those services or because those services are paying them for the privilage of being unmetered or whatever).
This stuff gets obsolete in 5 years or less
Which is where things get interesting.
When you are building a completely new network or first introducing broadband onto a phone network unlimited traffic makes a lot of sense. Most of your costs at that point are per subscriber not per unit of data and when building a completely new backbone it makes sense to make sure it has plenty of spare capacity.
Then years down the line your network starts creaking at the seams. What you thought was plenty of capacity when you built the network no longer is. You start thinking about a major upgrade to your obsolete (but still fuctional) gear but then you look at why you need that upgrade and discover that it's a relatively small proportion of users who are using most of the traffic. Do you make everyone pay for the upgrade or do you try and place it on the heavy users only?
Having said that this case seems to have swung the balance between "charging for connections" and "charging for data" too far in the opposite direction. Having data prices high enough that people have to balance the cost of installing security updates against the risk of not installing them is almost certainly not a good thing.
Many countries have lots of ISPs but i'm not aware of anywhere with more than a handful of "last mile connectivity" providers. At least in the UK the bulk of the costs for a small ISP is paying BT (or one of the handful of competitors operating in any given locality) for the connctions between end user and ISP NOT paying for the upstream connections to the internet.
This is probably because they want the signature checker to fit in the CD boot loader. For historical reasons [mit.edu], bootable CDs imitate a floppy during the initial boot process, and contain an image of a 1.44MB floppy with a FAT file system.
Bootable CDs can emulate a floppy during boot but that is not the only supported boot method.
This process is so retro that the initial program loaded is executed in 16-bit X86 mode.
That's just PC BIOS booting in general though, not really much different from booting off any other media. It does mean your first state bootloader has to be small though
Debian don't sign the binary packages directly (they do sign source packages but that is more as a conviniance to users who get a source package from somewhere other than the repo). Both the upload and download sides of things are now protected by GPG signatures but the two systems are seperate and one is much newer than the other
The "upload" (developer--->repo) side of things is secured by a signature on the "changes" file which describes the upload. The changes file in turn contains secure hashes* of the files that are being uploaded. It has been this way for as long as I can remember**.
the "download" (repo--->user) side of things is secured by signatures on the "Release" files. The release files contain secure hashes of the "Packages" files which in turn contain secure Hashes of the files in the repo. This system was introduced with debian etch (released in 2007 though testing users would have had the functionlity earlier).
* At least md5, usually also sha1 and sha256. AIUI if multiple hashes are present they are all required to match.
Once average speeds hit an acceptable point (probably no more than a year or two off),
The thing is what matters is not so much the average speed as the speed of the slowest user you don't want to lose. In particular it's worth considering that
1: People often don't buy the fastest connection available to them
2: The people who are stuck on the slowest connections right now are also often the people with the least hope for a better connection in the future. A handful of communities have taken matters into their own hands but it remains to be seen if this will become a wider trend.
Once average speeds hit an acceptable point (probably no more than a year or two off), all 'static' content (ie non-video) will be rendered on the server, merged with advertising content, and then sent out to the user as a solid block, probably an imagemap with hotspot data, a second 'reactive' image and some javascript so it all gels and has feedback.
Some sites may try it but I would expect the degredation in user experiance and the additional server costs to make it a net loss for site operators. Have you noticed that most websites still use third party ad-servers despite the fact that doing so makes it much easier to block ads? This suggests to me that as much as website operators talk about evading ad-blockers it isn't a top priority for them.
The "This note is legal tender for all debts, both public and private" is only on paper currency
The notice on the note doesn't really matter much. What matters is what the law says at the time of the transaction (for example the fact an old note says "gold certificate" on it does not mean it can be exchanged for gold anymore).
you can't necessarily pay them in pennies, either.
From a quick search it seems that all US coins are legal tender for debts of any ammount in the US. So if you pay your US restaurant bill in US pennies they can't sue you for non-payment. Other countries vary.
Exchanges doesn't buy and sell any BTCs. Other people buy and sell them through the exchanges.
True
So the exchanges can't become "dry".
False.
Exchanges usually have active offers offering to provide dollars in exchange for bitcoins and orders offering to provide bitcoins in exchange for dollars. When someone wants to sell their bitcoins quickly they offer to sell them at a price slightly below the current market price and hence activate the existing buy orders. Likewise when someone wants to buy bitcoins quickly they offer to buy them at a price slightly above the current market price and hence activate the existing sell orders.
However if someone comes along with a very big order to sell bitcoins regardless of price they can drain all the buy orders out of the market. Likewise if they come along with a very big order to buy bitcoins regardless of price they can drain all the sell orders out of the market.
If they sold it all at once on MT gox they would clean out the order book but only by a factor of 2 or so. Not sure how large a proportion of the bitcoin markget gox makes up nowadays.
I think it's fair to say they could certainly cause a sharp downward price shock but it's unlikely they could make it impossible for others to trade by this method.
However, there are many, many other devices out there aside from IE on XP that don't support SNI.
Afaict the only significant browsers that don't support SNI are the default browser on old versions of andriod and internet explorer on windows XP.
Yeah i'm sure there are lots of browsers built into things like games consoles, smart TVs etc that don't support it but those browsers tend to be shitty enough in other ways that people don't use them much.
I run XP professional x64 edtion on my office desktop at uni and my experiance has been generally pretty good
I did run into a few issues
1: the NI mydaq software flat out refused to install
2: the Data translation DT9816 worked with the low level APIs but not the high level APIs.
3: I had an add-in realtek network card (the machine is on two networks, the uni network and a private network for test equipment etc) that kept dropping the connection yet worked fine in other machines with other versions of windows. Strangely the onboard NIC (which claimed to be the same chipset) worked fine.
Other than that though pretty much everything worked. I was especially surprised that the old HP scanner I had worked and that when I replaced the failing graphics card not only were there drivers for XP proffessional x64 edition but those drivers had been updated a couple of days before I installed them.
You don't need to wipe the device to unlock the bootloader and root.
Do you have a source for that claim? all the tutorials i've seen and the message on the device itself when I followed one of them clearly stated that unlocking the bootloader on the nexus 7 will wipe the data/settings area on the device.
You can install third-party applications that will read /dev/usb.
AIUI without root apps can read the raw block device but not write it. Do you have a source to the contary.
Well to root the device afaict you need to connect up a PC and if you have a PC connected you can get the data off through either MTP or the backup functionality.
It really depends on how you are getting windows.
People buying retail copies don't get any downgrade rights at all. Nor do people buying home editions through any channel
People buying OEM copies of proffessional/ultimate get downgrade rights but historically were only allowed to downgrade by one version, currently they are allowing downgrading by two versions but we don't know if things will stay that way. Also MS only sometimes allows pre-downgraded sales sometimes so you may have to do the downgrade yourself. MS also doesn't supply media/keys for downgrading, so you have to use existing media/keys and this may involve activating over the phone every time you reinstall.
People buying volume licenses get the ability to downgrade to pretty much whatever version they like and activation is not a problem.
So big buisnesses will be fine. Home and small buisness users are likely to find things harder.
Many urban planners are discussing the opposite - ban inefficient, private use vehicles from cities and provide better cycling infrastructure. Wins all round. Except for lazy people.
I think you are missing quite a few categories of people who would lose.
1: People who want/need to take more stuff with them when they travel than a bike can reasonablly carry. Plumbers, electricians, builders, many types of service technicians. People going shopping for large items or bulk groceries.
2: People who need to leave the metropolis and travel to rural areas where public transport sucks and will always suck. Maybe some kind of car club could work for this but the ones i've seen are hellishly expensive.
3: People who need to travel further than it's practical to bike at hours when public transport is poor or nonexistant.
4: People trying to travel distances further than it's practical to bike in directions other than the ones fast public transport runs in.
5: People in a hurry, while there are a handful of cities that are so congested that cars are slower than bikes or public transport they are by far the exception.
You could try and run a general car ban with exceptions for people who really needed a vehicle but I think you would find it very hard to do satisfactorily
The problem is that won't tell you the difference between a long cable of the right size and a short cable that is too thin.