Nah, teach them Magic: the Gathering. Time-tested fun game and unlike Robot Turtles, it *is* Turing complete!
For anybody who missed it; this is extremely tongue-in-cheek; while MtG can in fact be made Turing complete, it requires an extremely complicated initial state involving a lot of cards and rule edge-cases that many players will never see.
Of course, now that I think about it, the suggestion has some merit after all. M:tG is not a good game for teaching programming, but it *does* have logic elements - coming up with things like infinite mana combos and such is fun even when they're utterly impractical - and it is, in fact, fun. The same third-grade teacher who gave us logic grid puzzles as assignments (I'm sure there's a better name for them, but I haven't seen one in years) also taught any kid who was interested to play M:tG (with Beta cards, no less... I wonder if she still has those?)
My third-grade teacher assigned us grid logic puzzles (initially simple 4x4 grids, later things up to 10x10x10) which, although not very computational (they're more analogous to Sudoku) were very much logic puzzles, and figuring out the correct algorithm to solve them by was critical to success in a reasonable timeframe without guesswork.
Of course, it was the same year (I was 8) that I came home to find a 3-inch-thick book "Learning Microsoft QuickBasic" on my desk, with a 5.25" floppy in the back containing the DOS-based "IDE" for it. I didn't even ask about it; I just read the intro, stuck the disk in my 386, and coded up Hello, World! Looking back now, the programs I wrote for that thing were garbage... but as a kid, it was the coolest thing. I could make the computer do something, of my own design! I knew programming would be a part of my life forevermore, and it has. Not the biggest part, not even always a major part, but always there.
Star Conflict offers pretty great space combat, if you can stomach its "Free"2Play model and unlock progression. It's the only game following that model which I can, and despite not having spent any money on it at all (I'd gladly have bought the game, if that were possible to do for a single, reasonable, all-content-unlocked price) I'm about halfway through the progression after a little over two weeks. It's fun enough that I don't mind, which is saying a lot for me.
Also, for what it's worth, the joy of adventure and puzzle-solving in the Myst games never wore off for me. I can see how it would happen for many people, though.
Batch / CMD is a Turing-complete scripting language, Command Prompt is a command line present in RT, and it supports full scripting capability. Powershell scripts are another Turing-complete scripting language, Powershell is another command line present in RT, and it supports all of its standard scripting features (which are Turing-complete) but not the ability to make arbitrary use of the.NET framework (although you can bypass those restrictions either through various clever hacks that have been published online, or simply by running the jailbreak script).
Hmm, Sticky Notes is in my Start list but it's 4 places down. My guess is that it remembers that I've launched Notepad instead in the past, and now places it higher in the search results. Interesting (and well-designed, if that's indeed how it works).
Well, it is a bit cheaper than a (new) iPad, and those can't run legacy (in the sense you meant, which would here mean OS X) apps either. It also offers other advantages over an iPad, such as a full file browser, Windows networking support, a full desktop-mode web browser (including Flashplayer) in addition to the mobile-interface browser, and a standard (USB3, even) USB host port.
Purely on a spec-sheet comparison, it's a good buy next to the iPad. If Microsoft's marketing division managed to remove their heads from their asses this time (dubious but possible) and actually shows people why they might want such a tablet, I can see it becoming a modest success in this generation (no more than that, I think, but it could get that far) and put MS on the path to doing better next gen.
With that said, I really don't expect to see it. MS will be lucky if this one isn't an abject failure like the last. It would help a lot if they'd stop wasting dev resources on intentionally crippling the OS...
"Once it runs Linux...?" Um, are you suggesting that you aren't competent to put a Linux install image onto a flashdrive and just install it yourself? It's an x86 PC. Slightly weird form-factor, but the driver requirements are probably much the same as they were for the original Surface Pro, which runs Linux quite nicely.
Oh, there is one extra step: follow the well-documented and relatively simple process to disable secure boot. Then run the installer. Wow, that was hard!
Actually, the "play media files from a mapped Windows share" part works fine on RT; it fully supports Windows Networking including Homegroups, and its media player app is capable of playing files from the network. However, it's true that installing things like MPC or VLC is not currently possible (there's a VLC app coming soon-ish, but it won't be the desktop version).
Jailbreaking allows RT to run any.NET 4.x binary unmodified, and allows re-compiled native Win32 programs to run as well. There's even a (slow and not fully compatible, as you'd expect) dynamic recompilation layer that somebody on XDA hacked together for running some x86 programs (mostly targets old games for support).
Erm, what? The Xbox line is very solidly supported, as are their mice, keyboards, and webcams. They don't manufacture their own phones (yet) but even WP7 is still supported (though it probably won't get any future updates), never mind WP8.
If MS were as quick to abandon hardware as you claim, there wouldn't *be* a "Surface [Pro] 2". What universe are you from?
The really silly thing (for MS) is that if they remove the lockdown restrictions on RT (or you jailbreak it, same thing) then you could run that.NET 4.x app on RT as well. It works fine; not even a recompile is needed (for.NET).
But MS won't do that, apparently, further crippling the capabilities of an otherwise nice device except for the bare handful of people who bother to jailbreak.
What can you do with the RT command line? Well, full scripting (in CMD, PS scripts are restricted), remote access (Powershell), advanced configuration (all the standard Windows CLI tools are there), and - if jailbroken - anything you want.
What is the USB port good for? All the many thousands of devices that use drivers which Windows has built-in support for. Gamepads, cameras, webcams, microphones, wired keyboards and mice, media players, phones, headsets, flashdrives, USB hard drives, printers, cellular modems, etc. There's a ton of stuff it works with.
The Pro? Sure. Too bad Android tends to run pretty awfully on x86 - bad driver support and too many ARM-only apps - but you can do it. BlueStacks fixes the driver support issue (because you're running on the Windows drivers that are obviously exactly correct for Microsoft's own hardware) but you lose some more app support.
RT? Nope, not at present. There are "jailbreak" hacks to let you run normal Win32 software, but it still has to be recompiled to ARM. BlueStacks / JarOfBeans / etc. aren't available. The bootloader is locked, so you can't just install Android directly (not that Android is generally designed to be installed that way anyhow). There has been talk of using the jailbreak to make an NT driver that loads Linux, essentially using NT as the bootloader, but it's a pretty huge project and nobody has made any real progress on it so far as I know.
Close; it was actually Cedega (a commercial and somewhat closed fork of Wine that focused on game support; these days Wine is better than Cedega at most games) on Linux and Cider (Cedega for Apple) on OS X. The Cider port is still active (and I think it's actually a port, i.e. they recompiled the game client through Cider rather than using Cider as a translation layer the way Wine/Cedega are usually used) but the official advice for running Eve on Linux these days is "just install it in Wine." They found there weren't enough Linux players to make it worthwhile to provide commercial support, but there's plenty of unofficial support and the game runs well.
Lend your game library. Not your games. If I could lend a ame to a friend, that friend could play a game while I played a different game (you know, as if I lent him the CD/DVD that the game runs off of, back when that's how people ran games). Steam doesn't let you do that.
Ironically, considering your claim of how "gentle" Steam DRM is, most other DRM platforms actually *do* let you do that. Possibly with only a limited number of people (just like Steam) but not for a limited time, and they certainly don't put restrictions on playing *other* games at the same time.
Fuck Valve and their DRM anyhow. Until I can re-sell a Steam game, it isn't mine. If I paid money for that, I'd be an idiot. Fortunately, there are a reasonable number of game developers out there who are in fact willing to sell me a game.
Not sure if serious, but you *sound* like an idiot.
Hit Win + type "not" and hit Enter. Same as on every Windows version since Vista. If you are (or were) still navigating a menu to launch programs, you're an idiot. I can bring up a program faster than the Start animation (fade in or slide in, depending on Windows version) completes.
I read his post and subject line as saying "it's taken this long to catch up to what MS had in the mid 90s?" and in some ways I think he's right. NTFS is far from the be-all-and-end-all of filesystems, but the post I responded to asked "what's so fantastic about NTFS" so I answered. By the way, did you simply forget to address transparent encryption, or did you not have an answer to it?
Also, ADS is scarcely a security nightmare (no more than, say, symlinks... in fact, less; you can't do trivial TOCTOU attacks with an ADS) although it would be nice if Microsoft had made it easier to show them on file data (it's possible, just harder than it should be). As for why they're a feature, you really have to ask? The ability to keep multiple named, associated, and separate data streams on a single file system entry isn't of obvious use to you? Take the perks of custom extended attributes (which are harder to read under Windows than ADS are, so much for "security nightmare" FUD) and then allow arbitrary length and the ability to open file descriptors to those streams directly.
The problem isn't who pays, it's who calls the shots.
But, since you were either incapable of that basic bit of reading comprehension or chose to intentionally attempt to make this a politics issue, nothing you say is worth paying attention to anyhow.
Filesystem-level transparent compression, transparent encryption, extended attributes, alternate data streams, integrity levels, multiple ACLs, at least some level of snapshotting, etc. Plus a bunch of stuff that all decent FSes should have, like journaling (not as good as newer FSes, though), symlinks, hardlinks, support for really large (though not ZFS-scale large) volumes, support for really long file and path names, support for many weird characters (prepend \\?\ to a Windows path to use them, as that bypasses Win32 "correction" of path names; just be aware you might not be able to open the file from a Win32 application anymore), and a few other things.
For its age, NTFS is very good. It is rather old though; there should be better options now (and there arguably are, at least for many use cases). It's not particularly fast, for example, and while you can use it with POSIX permissions (see the Subsystem for Unix Applications in Windows), it's not really built for it (NT only supports one "Owner" which may be a user or a group; SUA has to tack the other ownership info on as an extended attribute). I believe it also still lacks copy-on-write, which is a shame.
What part of "deep-space probe" looks like "satellite" to you? I mean, can you actually read? You can write well enough, I see, but can you *read* English?
See, this is why people who don't understand radiation shouldn't talk about it.
4.5 billion years of half-life means that the decay rate - the actual process that emits radiation - is so absurdly slow that the material itself is just not dangerous. The dangerous stuff is, almost by definition, the stuff with *short* half-lives. A gram of material with a millisecond half-life will release more radiation in one second than a kilo of U-238 will in a century, assuming they undergo the same types of decay. Secondary decay of the uranium will be a bigger problem, and still not much of one.
In fact, people have incorporated U-238 into everything from building bricks for houses to the glaze on pottery. Let me make that clear for you again: people have built houses out of material containing uranium ore. They have then lived out their natural lives - and sometimes the lives of several generations of a family - in those houses.
Calling it "spewing poison" is bullshit of the first degree. It's probably more dangerous to eat bananas (which contain radioactive potassium isotopes, in tiny amounts, but with much shorter half-lives) than it is to have U-238 all around you. Even pure, enriched U-235, while not something you'd want to hold in your hand, is not particularly dangerous to handle so long as you keep it away from neutron guns or reflectors, and below critical mass.
Close enough. The fastest and easist way to crack MD5 is actually absurdly easy: do a Google search for the digest. It works shockingly often (partially because Google has indexed a bunch of password dumps, effectively acting as a huge rainbow table for us). A completely unsalted MD5 password can be broken in a fraction of a second, almost guaranteed.
I mean, from a really pedantic point of view, you're right... but from a real-world one, not really. MD5 as a password verifier is only slightly more secure than rot13 at this point.
The "on the phone" and "in the context of some arbitrary application" points are the big ones, here. On a PC, remote arbitrary code execution is usually considered a game-over event, because PC apps are usually not sandboxed and the user running them usually has way too many permissions already. That is *slowly* changing - between UAC on Windows, browsers getting sandboxes, and the various sandboxed app stores for PC operating systems, it's better than it was - but in general, people still often really aren't that interested in exploits that already require code execution. Phone OSes, on the other hand, were built with sandboxing in mind from the start, and do not expect the attacker to be able to attack other apps. When that's possible, especially when it's something that the attacker may be able to use for other purposes (like a password, which is frequently re-used elsewhere), that is a threat.
With that said, I agree, this is serious slow-news-day grade of/. post. I mean, I'm a security guy and generally quite interested in this stuff, and all I could register out of it was a rather bored "ho, hum, I wonder if they'd hire us for a security review...?"
SRP has a huge problem, though: there's no really good way to handle registration. In theory, SRP is great; a way to securely (in every way that matters) verify that two parties have the same password for a user even over a completley insecure network. In practice, it gets used very little because if you've solved the key distribution problem - that is, if you have a way to *get* that password to both parties, securely - then you've also solved the issue of securely logging in (in almost every situation). For basically every online service, the requirement that the user be able to establish an account / password remotely means that they're already using TLS, at which point the greatest advantage of SRP - the ability to use it over an insecure network - becomes irrelevant. If TLS isn't secure, it's too late already. If it is, then just use it; there's no meaningful advantage to SRP at that point.
Slashdot Mirror
Nah, teach them Magic: the Gathering. Time-tested fun game and unlike Robot Turtles, it *is* Turing complete!
For anybody who missed it; this is extremely tongue-in-cheek; while MtG can in fact be made Turing complete, it requires an extremely complicated initial state involving a lot of cards and rule edge-cases that many players will never see.
Of course, now that I think about it, the suggestion has some merit after all. M:tG is not a good game for teaching programming, but it *does* have logic elements - coming up with things like infinite mana combos and such is fun even when they're utterly impractical - and it is, in fact, fun. The same third-grade teacher who gave us logic grid puzzles as assignments (I'm sure there's a better name for them, but I haven't seen one in years) also taught any kid who was interested to play M:tG (with Beta cards, no less... I wonder if she still has those?)
My third-grade teacher assigned us grid logic puzzles (initially simple 4x4 grids, later things up to 10x10x10) which, although not very computational (they're more analogous to Sudoku) were very much logic puzzles, and figuring out the correct algorithm to solve them by was critical to success in a reasonable timeframe without guesswork.
Of course, it was the same year (I was 8) that I came home to find a 3-inch-thick book "Learning Microsoft QuickBasic" on my desk, with a 5.25" floppy in the back containing the DOS-based "IDE" for it. I didn't even ask about it; I just read the intro, stuck the disk in my 386, and coded up Hello, World! Looking back now, the programs I wrote for that thing were garbage... but as a kid, it was the coolest thing. I could make the computer do something, of my own design! I knew programming would be a part of my life forevermore, and it has. Not the biggest part, not even always a major part, but always there.
Star Conflict offers pretty great space combat, if you can stomach its "Free"2Play model and unlock progression. It's the only game following that model which I can, and despite not having spent any money on it at all (I'd gladly have bought the game, if that were possible to do for a single, reasonable, all-content-unlocked price) I'm about halfway through the progression after a little over two weeks. It's fun enough that I don't mind, which is saying a lot for me.
Also, for what it's worth, the joy of adventure and puzzle-solving in the Myst games never wore off for me. I can see how it would happen for many people, though.
Batch / CMD is a Turing-complete scripting language, Command Prompt is a command line present in RT, and it supports full scripting capability. .NET framework (although you can bypass those restrictions either through various clever hacks that have been published online, or simply by running the jailbreak script ).
Powershell scripts are another Turing-complete scripting language, Powershell is another command line present in RT, and it supports all of its standard scripting features (which are Turing-complete) but not the ability to make arbitrary use of the
Hmm, Sticky Notes is in my Start list but it's 4 places down. My guess is that it remembers that I've launched Notepad instead in the past, and now places it higher in the search results. Interesting (and well-designed, if that's indeed how it works).
Well, it is a bit cheaper than a (new) iPad, and those can't run legacy (in the sense you meant, which would here mean OS X) apps either. It also offers other advantages over an iPad, such as a full file browser, Windows networking support, a full desktop-mode web browser (including Flashplayer) in addition to the mobile-interface browser, and a standard (USB3, even) USB host port.
Purely on a spec-sheet comparison, it's a good buy next to the iPad. If Microsoft's marketing division managed to remove their heads from their asses this time (dubious but possible) and actually shows people why they might want such a tablet, I can see it becoming a modest success in this generation (no more than that, I think, but it could get that far) and put MS on the path to doing better next gen.
With that said, I really don't expect to see it. MS will be lucky if this one isn't an abject failure like the last. It would help a lot if they'd stop wasting dev resources on intentionally crippling the OS...
"Once it runs Linux...?" Um, are you suggesting that you aren't competent to put a Linux install image onto a flashdrive and just install it yourself? It's an x86 PC. Slightly weird form-factor, but the driver requirements are probably much the same as they were for the original Surface Pro, which runs Linux quite nicely.
Oh, there is one extra step: follow the well-documented and relatively simple process to disable secure boot. Then run the installer. Wow, that was hard!
Actually, the "play media files from a mapped Windows share" part works fine on RT; it fully supports Windows Networking including Homegroups, and its media player app is capable of playing files from the network. However, it's true that installing things like MPC or VLC is not currently possible (there's a VLC app coming soon-ish, but it won't be the desktop version).
Jailbreaking allows RT to run any .NET 4.x binary unmodified, and allows re-compiled native Win32 programs to run as well. There's even a (slow and not fully compatible, as you'd expect) dynamic recompilation layer that somebody on XDA hacked together for running some x86 programs (mostly targets old games for support).
64GB is the baseline model of the Pro; the high-end one has 512GB and 8GB of RAM.
You may want to watch out before calling other people "moron" there...
Erm, what? The Xbox line is very solidly supported, as are their mice, keyboards, and webcams. They don't manufacture their own phones (yet) but even WP7 is still supported (though it probably won't get any future updates), never mind WP8.
If MS were as quick to abandon hardware as you claim, there wouldn't *be* a "Surface [Pro] 2". What universe are you from?
The really silly thing (for MS) is that if they remove the lockdown restrictions on RT (or you jailbreak it, same thing) then you could run that .NET 4.x app on RT as well. It works fine; not even a recompile is needed (for .NET).
But MS won't do that, apparently, further crippling the capabilities of an otherwise nice device except for the bare handful of people who bother to jailbreak.
What can you do with the RT command line? Well, full scripting (in CMD, PS scripts are restricted), remote access (Powershell), advanced configuration (all the standard Windows CLI tools are there), and - if jailbroken - anything you want.
What is the USB port good for? All the many thousands of devices that use drivers which Windows has built-in support for. Gamepads, cameras, webcams, microphones, wired keyboards and mice, media players, phones, headsets, flashdrives, USB hard drives, printers, cellular modems, etc. There's a ton of stuff it works with.
The Pro? Sure. Too bad Android tends to run pretty awfully on x86 - bad driver support and too many ARM-only apps - but you can do it. BlueStacks fixes the driver support issue (because you're running on the Windows drivers that are obviously exactly correct for Microsoft's own hardware) but you lose some more app support.
RT? Nope, not at present. There are "jailbreak" hacks to let you run normal Win32 software, but it still has to be recompiled to ARM. BlueStacks / JarOfBeans / etc. aren't available. The bootloader is locked, so you can't just install Android directly (not that Android is generally designed to be installed that way anyhow). There has been talk of using the jailbreak to make an NT driver that loads Linux, essentially using NT as the bootloader, but it's a pretty huge project and nobody has made any real progress on it so far as I know.
Close; it was actually Cedega (a commercial and somewhat closed fork of Wine that focused on game support; these days Wine is better than Cedega at most games) on Linux and Cider (Cedega for Apple) on OS X. The Cider port is still active (and I think it's actually a port, i.e. they recompiled the game client through Cider rather than using Cider as a translation layer the way Wine/Cedega are usually used) but the official advice for running Eve on Linux these days is "just install it in Wine." They found there weren't enough Linux players to make it worthwhile to provide commercial support, but there's plenty of unofficial support and the game runs well.
Lend your game library. Not your games. If I could lend a ame to a friend, that friend could play a game while I played a different game (you know, as if I lent him the CD/DVD that the game runs off of, back when that's how people ran games). Steam doesn't let you do that.
Ironically, considering your claim of how "gentle" Steam DRM is, most other DRM platforms actually *do* let you do that. Possibly with only a limited number of people (just like Steam) but not for a limited time, and they certainly don't put restrictions on playing *other* games at the same time.
Fuck Valve and their DRM anyhow. Until I can re-sell a Steam game, it isn't mine. If I paid money for that, I'd be an idiot. Fortunately, there are a reasonable number of game developers out there who are in fact willing to sell me a game.
Not sure if serious, but you *sound* like an idiot.
Hit Win + type "not" and hit Enter. Same as on every Windows version since Vista. If you are (or were) still navigating a menu to launch programs, you're an idiot. I can bring up a program faster than the Start animation (fade in or slide in, depending on Windows version) completes.
I read his post and subject line as saying "it's taken this long to catch up to what MS had in the mid 90s?" and in some ways I think he's right. NTFS is far from the be-all-and-end-all of filesystems, but the post I responded to asked "what's so fantastic about NTFS" so I answered. By the way, did you simply forget to address transparent encryption, or did you not have an answer to it?
Also, ADS is scarcely a security nightmare (no more than, say, symlinks... in fact, less; you can't do trivial TOCTOU attacks with an ADS) although it would be nice if Microsoft had made it easier to show them on file data (it's possible, just harder than it should be). As for why they're a feature, you really have to ask? The ability to keep multiple named, associated, and separate data streams on a single file system entry isn't of obvious use to you? Take the perks of custom extended attributes (which are harder to read under Windows than ADS are, so much for "security nightmare" FUD) and then allow arbitrary length and the ability to open file descriptors to those streams directly.
... you read the subject line of this thread, right? That little box over where you type stuff?
The problem isn't who pays, it's who calls the shots.
But, since you were either incapable of that basic bit of reading comprehension or chose to intentionally attempt to make this a politics issue, nothing you say is worth paying attention to anyhow.
Filesystem-level transparent compression, transparent encryption, extended attributes, alternate data streams, integrity levels, multiple ACLs, at least some level of snapshotting, etc. Plus a bunch of stuff that all decent FSes should have, like journaling (not as good as newer FSes, though), symlinks, hardlinks, support for really large (though not ZFS-scale large) volumes, support for really long file and path names, support for many weird characters (prepend \\?\ to a Windows path to use them, as that bypasses Win32 "correction" of path names; just be aware you might not be able to open the file from a Win32 application anymore), and a few other things.
For its age, NTFS is very good. It is rather old though; there should be better options now (and there arguably are, at least for many use cases). It's not particularly fast, for example, and while you can use it with POSIX permissions (see the Subsystem for Unix Applications in Windows), it's not really built for it (NT only supports one "Owner" which may be a user or a group; SUA has to tack the other ownership info on as an extended attribute). I believe it also still lacks copy-on-write, which is a shame.
What part of "deep-space probe" looks like "satellite" to you? I mean, can you actually read? You can write well enough, I see, but can you *read* English?
See, this is why people who don't understand radiation shouldn't talk about it.
4.5 billion years of half-life means that the decay rate - the actual process that emits radiation - is so absurdly slow that the material itself is just not dangerous. The dangerous stuff is, almost by definition, the stuff with *short* half-lives. A gram of material with a millisecond half-life will release more radiation in one second than a kilo of U-238 will in a century, assuming they undergo the same types of decay. Secondary decay of the uranium will be a bigger problem, and still not much of one.
In fact, people have incorporated U-238 into everything from building bricks for houses to the glaze on pottery. Let me make that clear for you again: people have built houses out of material containing uranium ore. They have then lived out their natural lives - and sometimes the lives of several generations of a family - in those houses.
Calling it "spewing poison" is bullshit of the first degree. It's probably more dangerous to eat bananas (which contain radioactive potassium isotopes, in tiny amounts, but with much shorter half-lives) than it is to have U-238 all around you. Even pure, enriched U-235, while not something you'd want to hold in your hand, is not particularly dangerous to handle so long as you keep it away from neutron guns or reflectors, and below critical mass.
Close enough. The fastest and easist way to crack MD5 is actually absurdly easy: do a Google search for the digest. It works shockingly often (partially because Google has indexed a bunch of password dumps, effectively acting as a huge rainbow table for us). A completely unsalted MD5 password can be broken in a fraction of a second, almost guaranteed.
I mean, from a really pedantic point of view, you're right... but from a real-world one, not really. MD5 as a password verifier is only slightly more secure than rot13 at this point.
The "on the phone" and "in the context of some arbitrary application" points are the big ones, here. On a PC, remote arbitrary code execution is usually considered a game-over event, because PC apps are usually not sandboxed and the user running them usually has way too many permissions already. That is *slowly* changing - between UAC on Windows, browsers getting sandboxes, and the various sandboxed app stores for PC operating systems, it's better than it was - but in general, people still often really aren't that interested in exploits that already require code execution. Phone OSes, on the other hand, were built with sandboxing in mind from the start, and do not expect the attacker to be able to attack other apps. When that's possible, especially when it's something that the attacker may be able to use for other purposes (like a password, which is frequently re-used elsewhere), that is a threat.
With that said, I agree, this is serious slow-news-day grade of /. post. I mean, I'm a security guy and generally quite interested in this stuff, and all I could register out of it was a rather bored "ho, hum, I wonder if they'd hire us for a security review...?"
SRP has a huge problem, though: there's no really good way to handle registration. In theory, SRP is great; a way to securely (in every way that matters) verify that two parties have the same password for a user even over a completley insecure network. In practice, it gets used very little because if you've solved the key distribution problem - that is, if you have a way to *get* that password to both parties, securely - then you've also solved the issue of securely logging in (in almost every situation). For basically every online service, the requirement that the user be able to establish an account / password remotely means that they're already using TLS, at which point the greatest advantage of SRP - the ability to use it over an insecure network - becomes irrelevant. If TLS isn't secure, it's too late already. If it is, then just use it; there's no meaningful advantage to SRP at that point.