Try looking up the word and its use throughout history?
I looked it up in a dictionary. That's where most people go to find the definition of a word.
Try looking up laws in your area regulating various professions?
See which professions are regulated and which aren't? Almost universally in the western world, medicine and law are regulated professions. Being a "software engineer" or a professor at a school are not.
"Some professions are regulated" does not imply "Professions must be regulated".
I'll toss in a recommendation for Xenoblade. I couldn't really get into Xenoblade X, and I haven't started Xenoblade 2 yet, but the first one is one of the best RPGs I've ever played.
Technically, nothing is an infinite resource, but sand is just about the closest you'll find on Earth. Silicon and Oxygen are about 3/4 of the Earth's crust.
"Professional" means "you get paid to do this", and nothing else. He's not an math prof, so he's an amateur.
No, "professional" means you're a member of a government-regulated "profession". A lawyer who isn't practicing is still a professional.
As is an electrician, a doctor, an engineer (the one that drives a train engine), a contractor, a pilot, etc.
Things that aren't professionals include professors, software "engineers", most other engineers (they're weakly and not universally regulated), and athletes.
Care to provide a citation for any of that? The closest definition here has "learned profession" as originally referring to theology, law, and medicine.
How do you think the Senate confirms people? Answer: voting.
The Hatch Act is about elections. The Senate vote to confirm a nominee is not an election.
If a Republican is "violating laws" by saying Trump should be re-elected *GASP*... why is Biden allowed to say we should vote for judicial nominees because of their political affiliation?
"We" don't vote for federal judges.
If you can't understand the difference, there's not much point to any attempt at reasonable discussion.
Well, I'm not an expert on these things, but I think I'd use https, filter the user input, hash and salt the submitted password, start logging, load and escape the fields from the user database, and compare.
I've highlighted the time when the password is plain text.
You would think that by now, not storing (or if possible even transmitting) passwords in plain text would be common sense or something that they teach in school.
It has to be in plain text somewhere along the path. How else would you pass it to the hashing algorithm?
How else would you propose sending your password to a remote service for authentication? There are other such methods, but they're significantly more complex.
What he was doing was barely within the lines of "stalking". It was simply online "stalking". Sending them messages, hitting them up on Tinder, and such. Nothing in real life and all of it easily blocked if desired.
You mean all these emails I've been getting for 20+ years are figments of my imagination?
Now the marketing people (literally usually college grads on their first job) have been raised with the shit-hole the web has become, and it is normal. No qualms about shoving 3 or 4 more pieces of crap on the webpage.
Now? I think you're completely forgetting MySpace and Geocities.
Nikola alleges that Tesla infringes on three of its patents: fuselage design, a wraparound windshield on a semi truck and a mid-entry door.
Well, two of these pretty much are the product of wind tunnel testing, aren't they? Pretty much why every sedan looks identical these days?
And, um, moving the location of a door? Is this a patentable invention?
These are design patents, so "inventiveness" doesn't really enter the debate. One question that will come up is how functional are the elements in the patent? Design patents must be on purely non-functional aspects; effectively, design patents are more like trademarks than utility patents. If the first two are because they're the most aerodynamic shape, they would be functional elements that can't be covered by design patents. The design patent on the location of the door is more likely to be valid, depending on whether or not there's a functional advantage to it.
What about Joe Biden telling everyone to vote against Robert Bork -a judicial nominee- because Bork wasn't a democrat?
Huh? Federal judges aren't elected, they're nominated by the president and confirmed by the senate. A senator telling other senators how to vote in the senate has absolutely nothing to do with the Hatch Act.
Everyone talks about "change". Nobody wants change for change sake.
Are you sure about that? How many people voted for Trump because he would be different from previous presidents, without any regard for whether he would be better or worse?
So how is this "random salt" recovered when you need to check the password's validity?
In addition to what others have said about each password having a random salt stored alongside, you can combine the salt with another string that's stored in a secure hardware module. This string is the same for all passwords, but it can only be accessed by the application. This makes determining passwords even more difficult for someone who gets a copy of the database, since they don't have the entire string that was passed to the hashing algorithm.
Because computer scientists think they're funny, they call the secure string a "pepper".
I always wondered why we don't hash client-side *and* server side. Then the password would be the result of a hash, as you say, and it would also be stored properly.
Because it would only be stronger than really weak passwords. While the result of a SHA1 hash is stronger than "password", knowing the exact length of the password greatly reduces the number of possible passwords, therefore making it easier to brute force.
It's also much more difficult to identify/verify a source that you only ever communicate with via email.
In this particular case, it's not as if the journalists were presenting false information from an unconfirmed source. The only actual difference is that they used the pseudonym instead of "company spokesman". The problem would be if the pseudonym was being presented as an independent expert that was recommending the company.
Slashdot Mirror
there is a difference between a user password, and a salted hash. one is safer than another to transmit.
What makes you think that sending a password that looks like a hash is safer than sending a password that doesn't look like a hash?
Try looking up the word and its use throughout history?
I looked it up in a dictionary. That's where most people go to find the definition of a word.
Try looking up laws in your area regulating various professions? See which professions are regulated and which aren't? Almost universally in the western world, medicine and law are regulated professions. Being a "software engineer" or a professor at a school are not.
"Some professions are regulated" does not imply "Professions must be regulated".
It's in the word itself. Professing is all about declaring something publicly
Yes, I saw "occupation one professes to be skilled in" as part of the origin of the word.
and that being recognized officially.
I don't see that anywhere.
I'll toss in a recommendation for Xenoblade. I couldn't really get into Xenoblade X, and I haven't started Xenoblade 2 yet, but the first one is one of the best RPGs I've ever played.
Sand isn't an infinite ressource
Technically, nothing is an infinite resource, but sand is just about the closest you'll find on Earth. Silicon and Oxygen are about 3/4 of the Earth's crust.
"Professional" means "you get paid to do this", and nothing else. He's not an math prof, so he's an amateur.
No, "professional" means you're a member of a government-regulated "profession". A lawyer who isn't practicing is still a professional. As is an electrician, a doctor, an engineer (the one that drives a train engine), a contractor, a pilot, etc.
Things that aren't professionals include professors, software "engineers", most other engineers (they're weakly and not universally regulated), and athletes.
Care to provide a citation for any of that? The closest definition here has "learned profession" as originally referring to theology, law, and medicine.
How do you think the Senate confirms people? Answer: voting.
The Hatch Act is about elections. The Senate vote to confirm a nominee is not an election.
If a Republican is "violating laws" by saying Trump should be re-elected *GASP* ... why is Biden allowed to say we should vote for judicial nominees because of their political affiliation?
"We" don't vote for federal judges.
If you can't understand the difference, there's not much point to any attempt at reasonable discussion.
It shouldn't be called the gig economy, it should be called the "I got mine" economy. I'm also partial to the "screw you" economy.
I don't think it's a "gig economy" thing. The "Me Generation" has been around for decades.
At which point the salted hash becomes the password, and nothing has changed.
Well, I'm not an expert on these things, but I think I'd use https, filter the user input, hash and salt the submitted password, start logging, load and escape the fields from the user database, and compare.
I've highlighted the time when the password is plain text.
You would think that by now, not storing (or if possible even transmitting) passwords in plain text would be common sense or something that they teach in school.
It has to be in plain text somewhere along the path. How else would you pass it to the hashing algorithm?
Plaintext. Holy hell! Plaintext!
How else would you propose sending your password to a remote service for authentication? There are other such methods, but they're significantly more complex.
Why do they have the fucking passwords!?
This question was answered in the discussion yesterday.
What he was doing was barely within the lines of "stalking". It was simply online "stalking". Sending them messages, hitting them up on Tinder, and such. Nothing in real life and all of it easily blocked if desired.
You mean all these emails I've been getting for 20+ years are figments of my imagination?
Now the marketing people (literally usually college grads on their first job) have been raised with the shit-hole the web has become, and it is normal. No qualms about shoving 3 or 4 more pieces of crap on the webpage.
Now? I think you're completely forgetting MySpace and Geocities.
Well, two of these pretty much are the product of wind tunnel testing, aren't they? Pretty much why every sedan looks identical these days?
And, um, moving the location of a door? Is this a patentable invention?
These are design patents, so "inventiveness" doesn't really enter the debate. One question that will come up is how functional are the elements in the patent? Design patents must be on purely non-functional aspects; effectively, design patents are more like trademarks than utility patents. If the first two are because they're the most aerodynamic shape, they would be functional elements that can't be covered by design patents. The design patent on the location of the door is more likely to be valid, depending on whether or not there's a functional advantage to it.
What about Joe Biden telling everyone to vote against Robert Bork -a judicial nominee- because Bork wasn't a democrat?
Huh? Federal judges aren't elected, they're nominated by the president and confirmed by the senate. A senator telling other senators how to vote in the senate has absolutely nothing to do with the Hatch Act.
Find a conservative who doesn't break the law. That will be news!
What? Sorry, the noise of the "sanctuary city" around me drowned out what you were saying. What was that again?
To the contrary, ICE requiring local law enforcement to assist them is what has been ruled unconstitutional.
Everyone talks about "change". Nobody wants change for change sake.
Are you sure about that? How many people voted for Trump because he would be different from previous presidents, without any regard for whether he would be better or worse?
Is Argon2 considered ready for prime time yet, or is it still in the early adopter phase?
So how is this "random salt" recovered when you need to check the password's validity?
In addition to what others have said about each password having a random salt stored alongside, you can combine the salt with another string that's stored in a secure hardware module. This string is the same for all passwords, but it can only be accessed by the application. This makes determining passwords even more difficult for someone who gets a copy of the database, since they don't have the entire string that was passed to the hashing algorithm.
Because computer scientists think they're funny, they call the secure string a "pepper".
PIN numbers
Sorry, lost all credibility right there.
A string of 32 random hexadecimal digits is stronger than "password123", but it's weaker than a strong password.
I always wondered why we don't hash client-side *and* server side. Then the password would be the result of a hash, as you say, and it would also be stored properly.
Because it would only be stronger than really weak passwords. While the result of a SHA1 hash is stronger than "password", knowing the exact length of the password greatly reduces the number of possible passwords, therefore making it easier to brute force.
It's also much more difficult to identify/verify a source that you only ever communicate with via email.
In this particular case, it's not as if the journalists were presenting false information from an unconfirmed source. The only actual difference is that they used the pseudonym instead of "company spokesman". The problem would be if the pseudonym was being presented as an independent expert that was recommending the company.