I think many people wait until after the first snow before they put snow tires on their car. Changing tires is a nuisance, especially if you only have one set of rims, and snow tires run rough and get crappy mileage on dry roads.
The pre-funded pension is only one part of the problem (also, accounting does not work as simply as you seem to think). The problem is threefold (at least):
1. The pension mandate (from Congress), as already mentioned; 2. The USPS is forced by Congress to run unprofitable postal offices and routes; 3. The USPS cannot set its own rates (they are set by, surprise surprise, Congress).
Either the USPS is a public service, in which case it should be reintegrated into the government and divorced of the need to make a profit, or else it is a business and it should be able to set its own rates and terms for doing so.
You cannot have it both ways and get everything you want, which is exactly what Congress has done to them.
Most sites (don't know about hotmail for sure) only let you enter alphanumeric characters. That's 26 (lower case) + 26 (upper case) + 10 (digits) = 62 characters, or about 6 bits of entropy per 8-bit byte.
For a 160-bit hash like SHA-1, that's 26 characters. For a 256-bit hash like SHA-256 or GOST, that's 42 characters. For a 512-bit hash like SHA-512 or Whirlpool, that's 85 characters.
No secure hash (by the current standards) would limit the password space to 16 characters (that would be a 96-bit hash, roughly).
The magnitude of market share is meaningful to a buyer, although the exact number is not. If I'm going to buy a new device or a piece of software, I'm generally going to want it to have some kind of ecosystem, so that I can get support, accessories, and upgrades not only now but also down the road. This desire is strongly correlated with price, of course; a $1 app is throwaway if I don't get support; a $600 phone is not.
Never mind people who buy products because "everybody" has them, regardless of rational reasons for doing so.
You are confusing the Transportation Security Administration (TSA) with the Department of Homeland Security (DHS), its parent agency. Also, the Coast Guard has not been "absorbed" into anything. Its civilian leadership changed hands from the Department of Defense (DOD) to the DHS, but that was just a bureaucratic shuffling; most of the civilian personnel stayed the same, since the DHS was a newly created department with no staffing of its own yet. All of the military personnel (the officers and enlisted men/women) remained entirely the same, and apart from the issuer of their paychecks, would not have noticed any changes. To lump them in with the glorified rent-a-cops of the TSA is a bit disrespectful, if you ask me.
The preamble is not a mandate, it is a statement of purposes. It does not override the rest of the document, which makes it pretty clear that the government's ability to end "needless suffering" is pretty limited.
No encryption scheme is "proven impossible to break" because no (usable) encryption scheme is unbreakable (if you consider a random stream to be encryption, then in that case it would be unbreakable, but it would be useless). The one-time pad is only proven to be perfectly secure from an information theoretic perspective, which simply means that the only way to break it is through brute force. However, brute force still remains a viable option: if you can guess the key, you can decrypt the information. For that reason, when OTP is used in practice, the data is often obfuscated (by being padded, compressed, or even encrypted with another, less-secure cipher) before being encrypted.
To be fair, it looks like Wikipedia has this wrong, too.
Does anyone realize that IQ scores are normalized with respect to age? The IQ of an average anybody is 100. That statement is no more an insult to Americans than it is a compliment to Indians. In fact, it reflects how poorly the speaker understands IQ.
GP was talking about 80 character passwords (not 8), which even if we assume a low entropy of 2 bits per character still gives you 160 bits of entropy. If you throw odd spellings, capitalizations, number substitutions, and in-jokes into the mix, you can significantly increase that number, but 160 bits still puts you well above
... what any attacker with finite resources could brute-force in any conceivable amount of time.
Let X and Y be independent and identically distributed distributions.
You are making the false assumption that those 80 hours are worked at a single employer. If someone is paying you minimum wage, chances are pretty damn good that you will never work more than 40 hours per week for them, or that if you do, it will only happen once and then you'll be looking for a new job (they are legally required to pay it, but they can still fire you). In order to get more than 40 hours, you will have to work multiple jobs, and they won't pay overtime, either. Even so, you're lucky if you can get two 40 hour jobs; many places will only allow you to work 30-35 so you qualify as "part time" and don't have to receive benefits. Of course, you're really lucky to get any job, nonetheless two jobs, with ~10% unemployment.
So that's $580 per week and $30,160 per year. Subtract $2300 for SS and Medicare. If you have no kids and are under 25, your standard deduction is $5800 and you do not qualify for the earned income credit. So subtract $850 for the 10% bracket and $2380 for the 15% bracket. Might as well take another 5% for state taxes, so there's another $1508 gone. You're left with $23,122 per year, $1926 per month, or $444 per week.
That's still not too shabby, but you'll probably be working 16 hour days to do it. Factor in time for commuting, eating, hygiene, etc. and you'll be living on ~4 hours of sleep each night (and if you're really lucky, your sleep time will actually be at night). I hope that doesn't take a toll on your health, because the aforementioned lack of benefits is going to make any trips to the doctor rather fiscally unpleasant. If you're really lucky, you can save a couple hundred dollars each month, and that may help you out with emergencies. Also, try not to do any back-breaking work, because your employer probably won't have long-term disability insurance or a retirement plan in case you develop a permanent, debilitating injury.
An 8 character password using ASCII printable characters only has 5,595,818,096,650,401 possibilities
GP was talking about 80 character passwords (not 8), which even if we assume a low entropy of 2 bits per character still gives you 160 bits of entropy. If you throw odd spellings, capitalizations, number substitutions, and in-jokes into the mix, you can significantly increase that number, but 160 bits still puts you well above
Length does not increase entropy.
Yes it does.
Let X and Y be independent and identically distributed distributions. Let H>=1 be the entropy of each variable (iid = same entropy). Let Z be the concatenation of X and Y. Then p(Z) = p(X) * p(Y). The entropy of Z is:
Since 2H > H, increasing the length of the string increased its entropy.
This is true if you pick ASCII characters at random, provided that longer passwords aren't transformed into a lower entropy version, such as by truncating or breaking into chunks and XORing them.
You may be able to make the case that using whole phrases instead of particular subphrases has (slightly) lower entropy by being more likely to be chosen by an adversary, but I would still say that, as a general rule, you can't go wrong by making your password longer.
Valve, the company that makes Steam, is also a software developer (Portal, Half Life, Left 4 Dead, Team Fortress, etc.) but the vast majority of games available on Steam are not Valve products.
Insofar as Steam practices regional discrimination, it is undoubtedly required by the game producers and erstwhile distributors. If a game is restricted to you on Steam, it is probably also restricted on all other digital distribution services, and you might not be able to buy it in a physical store either. I'm sure Valve would love to sell you the product, but the decision is not up to them.
Of course, if they follow this practice with their own software, too, then you would be right to fault them for it.
There is no such as a "private certificate". Certificates are inherently meant to be public. A certificate establishes identity. What was leaked is a private key.
Any innovation that would allow for an exponential addition of channels to the existing infrastructure would be a gold mine.
And this is why they're failing. They're innovating for the 1980s. We don't live in Back to the Future, we live in the actual future, which didn't exactly pan out the way most people expected it to. No one truly wants 1000 channels: what they want is choice, but the only way anyone could fathom it was by increasing the number of channels. Well, we've been there and done that. Nine-tenths of the channels available in my guide never get watched by anyone in my house, even guests.
Before the Internet even came on the scene, people were talking about a la carte pricing (pay only for the channels you want), but the cable companies fought tooth and nail against it (despite already having the framework in place: if you didn't pay for HBO or Showtime, you didn't get them). I know there are non-technical reasons for this, but as I already said, it's not the 1980s anymore. The cable companies aren't some small upstarts that must grovel at the table of big media, they are the primary route of access for large swaths of people (and have local government-granted monopolies to boot). They need to realize that their consumers dictate their business model, not their suppliers. Otherwise, they're going to "innovate" themselves out of business.
If someone pestered you, repeatedly for a long period of time, to commit a crime, you might just do it. You might do it out of curiosity, you might just do it to shut the other guy up. That doesn't mean you were predisposed to commit the crime, which is the standard established by the Supreme Court in Sorrells (1930) and upheld by Jacobsen (1992).
Also, remember that we're talking about attempted terrorist activity. Once upon a time, you had to actually commit the crime before you could be arrested for it. Nowadays, you can be goaded into thinking about a crime by the police, and then jailed for said thinking. If that doesn't strike you as a perverse way to run a "justice" system, then well you've forgotten the meaning of the word.
I don't mind late replies; some of the better discussions take place after everyone has calmed down.
I think, upon re-reading your posts, that I extrapolated a larger meaning than you had intended. For essentially creating a strawman and attacking you for it, I apologize.
However, I'm still left with the sense that you think everyone lives in a house with some land (1/5 of an acre is around 8700 square feet; I'm assuming that doesn't include the house's foundation), that everyone owns their house (a lease rarely grants you the right to tear up the yard to make a garden), that local ordinances do not prevent them from gardening (people have been fined and even threatened with jail time for gardening in their own lawns when prohibited from doing so), and that everyone is physically capable of gardening (a task which is hard on the knees and back).
Even assuming all that were not the case (which rules out the "majority" of people), you are still ignoring the greatest source of external costs of gardening: fertilizer. You could divide your yard into plots, I suppose, and practice intelligent crop rotation; but that would be more difficult, require a greater time investment, and result in lower yields (which brings us back to the point of the original article). It also requires good soil to start with (yet another condition that often doesn't match what people really have).
As I said before, I'm not against gardening; I just don't think it's a solution on nearly the scale you claim.
I know not everybody can do this, but a majority of first-world citizens could easily have their own gardens during the growing season.
No, no, no.
Literally more than 80% of the United States population (never mind Europe) lives in areas classified as "urban". You cannot grow a garden if you don't even have a yard; and the meager half-an-acre most suburbanites have may be enough to grow a few plants, but the most use one could get from that is a couple of salads a year, and some herbs.
They're just too lazy.
Or, you know, they work in the day to pay the piper. That suburban house-with-land wasn't free, after all, and the bank won't take "I've decided to do subsistance farming with my life" as an excuse for not paying your mortgage (nor will the government for not paying your taxes).
You are implicitly promulgating the great myth that somehow we can return to subsistence farming, either in part or in whole, and sustain the current population. The two are mutually exclusive. But who are you to tell 90% of the country's population to up and die so that you can live in a (hypothetical) ecotopia?
I'm not saying that more people couldn't grow gardens, or that it would be a bad thing, but it will never be more than a hobby; the overall economic and environmental impact will be negligible (and could swing either way: people are not uniformly intelligent, informed, and competent).
Slashdot Mirror
I think many people wait until after the first snow before they put snow tires on their car. Changing tires is a nuisance, especially if you only have one set of rims, and snow tires run rough and get crappy mileage on dry roads.
The pre-funded pension is only one part of the problem (also, accounting does not work as simply as you seem to think). The problem is threefold (at least):
1. The pension mandate (from Congress), as already mentioned;
2. The USPS is forced by Congress to run unprofitable postal offices and routes;
3. The USPS cannot set its own rates (they are set by, surprise surprise, Congress).
Either the USPS is a public service, in which case it should be reintegrated into the government and divorced of the need to make a profit, or else it is a business and it should be able to set its own rates and terms for doing so.
You cannot have it both ways and get everything you want, which is exactly what Congress has done to them.
Most sites (don't know about hotmail for sure) only let you enter alphanumeric characters. That's 26 (lower case) + 26 (upper case) + 10 (digits) = 62 characters, or about 6 bits of entropy per 8-bit byte.
For a 160-bit hash like SHA-1, that's 26 characters.
For a 256-bit hash like SHA-256 or GOST, that's 42 characters.
For a 512-bit hash like SHA-512 or Whirlpool, that's 85 characters.
No secure hash (by the current standards) would limit the password space to 16 characters (that would be a 96-bit hash, roughly).
Still no native NFS/LDAP/Kerberos support
It's called Active Directory.
I think you missed the point. The parent's comment was not necessarily supporting Assange; the response definitely was.
We may not like the current system, but it is the current system and until we change it we have to live with it.
There seems to be quite a bit of debate about that particular point.
The magnitude of market share is meaningful to a buyer, although the exact number is not. If I'm going to buy a new device or a piece of software, I'm generally going to want it to have some kind of ecosystem, so that I can get support, accessories, and upgrades not only now but also down the road. This desire is strongly correlated with price, of course; a $1 app is throwaway if I don't get support; a $600 phone is not.
Never mind people who buy products because "everybody" has them, regardless of rational reasons for doing so.
If you thought Janet Napolitano was bad, you should meet Jan Brewer.
You are confusing the Transportation Security Administration (TSA) with the Department of Homeland Security (DHS), its parent agency. Also, the Coast Guard has not been "absorbed" into anything. Its civilian leadership changed hands from the Department of Defense (DOD) to the DHS, but that was just a bureaucratic shuffling; most of the civilian personnel stayed the same, since the DHS was a newly created department with no staffing of its own yet. All of the military personnel (the officers and enlisted men/women) remained entirely the same, and apart from the issuer of their paychecks, would not have noticed any changes. To lump them in with the glorified rent-a-cops of the TSA is a bit disrespectful, if you ask me.
The preamble is not a mandate, it is a statement of purposes. It does not override the rest of the document, which makes it pretty clear that the government's ability to end "needless suffering" is pretty limited.
You could also point to the irony of becoming a public servant because you were inspired by someone who derided "public service" every chance she got.
Just as in real-world politics, software conservatism and liberalism are radically different world views
Is that a joke?
Good, Fast, Cheap...Pick at most Two.
FTFY
I've seen plenty of software in the "none of the above" category.
No encryption scheme is "proven impossible to break" because no (usable) encryption scheme is unbreakable (if you consider a random stream to be encryption, then in that case it would be unbreakable, but it would be useless). The one-time pad is only proven to be perfectly secure from an information theoretic perspective, which simply means that the only way to break it is through brute force. However, brute force still remains a viable option: if you can guess the key, you can decrypt the information. For that reason, when OTP is used in practice, the data is often obfuscated (by being padded, compressed, or even encrypted with another, less-secure cipher) before being encrypted.
To be fair, it looks like Wikipedia has this wrong, too.
Somewhere between "injured kid" and "government regulation" lies "parental involvement," I guarantee you.
Does anyone realize that IQ scores are normalized with respect to age? The IQ of an average anybody is 100. That statement is no more an insult to Americans than it is a compliment to Indians. In fact, it reflects how poorly the speaker understands IQ.
Proofreading FTW.
GP was talking about 80 character passwords (not 8), which even if we assume a low entropy of 2 bits per character still gives you 160 bits of entropy. If you throw odd spellings, capitalizations, number substitutions, and in-jokes into the mix, you can significantly increase that number, but 160 bits still puts you well above
... what any attacker with finite resources could brute-force in any conceivable amount of time.
Let X and Y be independent and identically distributed distributions.
Should be "random variables".
You are making the false assumption that those 80 hours are worked at a single employer. If someone is paying you minimum wage, chances are pretty damn good that you will never work more than 40 hours per week for them, or that if you do, it will only happen once and then you'll be looking for a new job (they are legally required to pay it, but they can still fire you). In order to get more than 40 hours, you will have to work multiple jobs, and they won't pay overtime, either. Even so, you're lucky if you can get two 40 hour jobs; many places will only allow you to work 30-35 so you qualify as "part time" and don't have to receive benefits. Of course, you're really lucky to get any job, nonetheless two jobs, with ~10% unemployment.
So that's $580 per week and $30,160 per year. Subtract $2300 for SS and Medicare. If you have no kids and are under 25, your standard deduction is $5800 and you do not qualify for the earned income credit. So subtract $850 for the 10% bracket and $2380 for the 15% bracket. Might as well take another 5% for state taxes, so there's another $1508 gone. You're left with $23,122 per year, $1926 per month, or $444 per week.
That's still not too shabby, but you'll probably be working 16 hour days to do it. Factor in time for commuting, eating, hygiene, etc. and you'll be living on ~4 hours of sleep each night (and if you're really lucky, your sleep time will actually be at night). I hope that doesn't take a toll on your health, because the aforementioned lack of benefits is going to make any trips to the doctor rather fiscally unpleasant. If you're really lucky, you can save a couple hundred dollars each month, and that may help you out with emergencies. Also, try not to do any back-breaking work, because your employer probably won't have long-term disability insurance or a retirement plan in case you develop a permanent, debilitating injury.
Sounds great.
GP was talking about 80 character passwords (not 8), which even if we assume a low entropy of 2 bits per character still gives you 160 bits of entropy. If you throw odd spellings, capitalizations, number substitutions, and in-jokes into the mix, you can significantly increase that number, but 160 bits still puts you well above
Yes it does.
Let X and Y be independent and identically distributed distributions. Let H>=1 be the entropy of each variable (iid = same entropy).
Let Z be the concatenation of X and Y. Then p(Z) = p(X) * p(Y). The entropy of Z is:
H(Z) = E[log(p(Z))] = E[log(p(X) * p(Y))] = E[log(p(X)) + log(p(Y))] = E[log(p(X))] + E[log(p(Y))] = H + H = 2H
Since 2H > H, increasing the length of the string increased its entropy.
This is true if you pick ASCII characters at random, provided that longer passwords aren't transformed into a lower entropy version, such as by truncating or breaking into chunks and XORing them.
You may be able to make the case that using whole phrases instead of particular subphrases has (slightly) lower entropy by being more likely to be chosen by an adversary, but I would still say that, as a general rule, you can't go wrong by making your password longer.
Valve, the company that makes Steam, is also a software developer (Portal, Half Life, Left 4 Dead, Team Fortress, etc.) but the vast majority of games available on Steam are not Valve products.
Insofar as Steam practices regional discrimination, it is undoubtedly required by the game producers and erstwhile distributors. If a game is restricted to you on Steam, it is probably also restricted on all other digital distribution services, and you might not be able to buy it in a physical store either. I'm sure Valve would love to sell you the product, but the decision is not up to them.
Of course, if they follow this practice with their own software, too, then you would be right to fault them for it.
There is no such as a "private certificate". Certificates are inherently meant to be public. A certificate establishes identity. What was leaked is a private key.
Any innovation that would allow for an exponential addition of channels to the existing infrastructure would be a gold mine.
And this is why they're failing. They're innovating for the 1980s. We don't live in Back to the Future, we live in the actual future, which didn't exactly pan out the way most people expected it to. No one truly wants 1000 channels: what they want is choice, but the only way anyone could fathom it was by increasing the number of channels. Well, we've been there and done that. Nine-tenths of the channels available in my guide never get watched by anyone in my house, even guests.
Before the Internet even came on the scene, people were talking about a la carte pricing (pay only for the channels you want), but the cable companies fought tooth and nail against it (despite already having the framework in place: if you didn't pay for HBO or Showtime, you didn't get them). I know there are non-technical reasons for this, but as I already said, it's not the 1980s anymore. The cable companies aren't some small upstarts that must grovel at the table of big media, they are the primary route of access for large swaths of people (and have local government-granted monopolies to boot). They need to realize that their consumers dictate their business model, not their suppliers. Otherwise, they're going to "innovate" themselves out of business.
If someone pestered you, repeatedly for a long period of time, to commit a crime, you might just do it. You might do it out of curiosity, you might just do it to shut the other guy up. That doesn't mean you were predisposed to commit the crime, which is the standard established by the Supreme Court in Sorrells (1930) and upheld by Jacobsen (1992).
Also, remember that we're talking about attempted terrorist activity. Once upon a time, you had to actually commit the crime before you could be arrested for it. Nowadays, you can be goaded into thinking about a crime by the police, and then jailed for said thinking. If that doesn't strike you as a perverse way to run a "justice" system, then well you've forgotten the meaning of the word.
I don't mind late replies; some of the better discussions take place after everyone has calmed down.
I think, upon re-reading your posts, that I extrapolated a larger meaning than you had intended. For essentially creating a strawman and attacking you for it, I apologize.
However, I'm still left with the sense that you think everyone lives in a house with some land (1/5 of an acre is around 8700 square feet; I'm assuming that doesn't include the house's foundation), that everyone owns their house (a lease rarely grants you the right to tear up the yard to make a garden), that local ordinances do not prevent them from gardening (people have been fined and even threatened with jail time for gardening in their own lawns when prohibited from doing so), and that everyone is physically capable of gardening (a task which is hard on the knees and back).
Even assuming all that were not the case (which rules out the "majority" of people), you are still ignoring the greatest source of external costs of gardening: fertilizer. You could divide your yard into plots, I suppose, and practice intelligent crop rotation; but that would be more difficult, require a greater time investment, and result in lower yields (which brings us back to the point of the original article). It also requires good soil to start with (yet another condition that often doesn't match what people really have).
As I said before, I'm not against gardening; I just don't think it's a solution on nearly the scale you claim.
I know not everybody can do this, but a majority of first-world citizens could easily have their own gardens during the growing season.
No, no, no.
Literally more than 80% of the United States population (never mind Europe) lives in areas classified as "urban". You cannot grow a garden if you don't even have a yard; and the meager half-an-acre most suburbanites have may be enough to grow a few plants, but the most use one could get from that is a couple of salads a year, and some herbs.
They're just too lazy.
Or, you know, they work in the day to pay the piper. That suburban house-with-land wasn't free, after all, and the bank won't take "I've decided to do subsistance farming with my life" as an excuse for not paying your mortgage (nor will the government for not paying your taxes).
You are implicitly promulgating the great myth that somehow we can return to subsistence farming, either in part or in whole, and sustain the current population. The two are mutually exclusive. But who are you to tell 90% of the country's population to up and die so that you can live in a (hypothetical) ecotopia?
I'm not saying that more people couldn't grow gardens, or that it would be a bad thing, but it will never be more than a hobby; the overall economic and environmental impact will be negligible (and could swing either way: people are not uniformly intelligent, informed, and competent).