Comment Re:Looks fabricated (Score 1) 291
Ruby needs all the help it can get. 19 years later and it's only marginally more popular than Delphi. And that language has been moribund for around a decade.
Ruby needs all the help it can get. 19 years later and it's only marginally more popular than Delphi. And that language has been moribund for around a decade.
I've done C# programming for 6 years and have never had any issues finding documentation and examples from MSDN. Do you have a specific example of what you have been unable to find documentation on?
But what are you going to offer to sweeten the deal?
The sad part is the submission had it spelled correctly. "Creato" was all timothy.
The "Name 2" was to "That's not to mention that a lot of people do like Gnome3, but those who don't tend to not acknowledge that they exist." It wasn't saying to Name 2 other DEs.
WGL and AGL are the Windows and Apple (respectively) are the glue APIs that allow you to setup and work with an OpenGL context and surfaces.
There is no such thing as "AppleGL". There is AppKit which contains classes to set up the OpenGL contexts and surfaces and GLKit for constructing textures, etc.
And how exactly are you going to have more sway than a couple of multi-billion dollar conglomerates?
Unless they are developing on the target tablet then it is...
Unless who is developing on the tablet? And how is one going to actually develop on the tablet? It's basically a fixed function device that only runs a single application. Furthermore, the act of "developing on the target tablet" does not fall under GNOME's mark's goods and services.
Your initial post in this thread exposed the fact that you don't know what the fuck a hash is, and thus don't know what the fuck you're talking about.
That's weird. My initial post nor the post I responded to said anything about hashes. My initial post was responding to someone talking about using a dictionary attack to get someone's password. I presume you falsely think my "initial post" was the one in response to AC-x which it wasn't. I also very much do know what a hash is. You and him seem to have a reading comprehension problem since you failed to understand my post. The point of my post was to say that, yes, having a password hash which you can use to try to recreate the original password does defeat what I stated, but that is tautological. If you can do an end run around the authentication protections it is no different than, as I said in an analogy, to having someone's PIN to their phone. I never once stated that having a hash was the same as having a plaintext password nor was their any such implication. Him stating that I believed the two were the same is basically a false presumption on his part by failing to understand my analogy.
You should have simply stopped posting, but here you are, digging deeper and deeper, committing more and more errors. You couldn't even quote a post properly.
I only messed up a quote once out of more than a dozen posts. Yeah, I totally don't know how to quote properly. Oh wait, I do.
Do you have an actual argument or just stupid ad homs like AC-x?
I would mod you up if I had points. I'm glad some people actually bothered to read and comprehend the context of my posts. Thank you!
At this point I will simply give up because I can't win when being bombarded by all these people twisting my words and taking me out of context.
Maybe you should read the book I mentioned.
And that changes the fact that you redefined dictionary attack how?
You keep trying to defend a point beyond exhaustion.
Yes, because I was not wrong. Dictionary attacks are still dictionary attacks even if the attacker does not have password hashes. A dictionary attack simply means that the attacker has a list of dictionary words that can be used to try to guess the user's password. Nothing more.
Lay off on the aspergers.
Don't have it. Nice ad hom, though.
Did you read his whole post?
This of course assumes the administrators are paying close enough attention to notice in short order when the database has been compromised
I also said this as well. Of course if you have no clue that you were attacked you can't employ such a measure. Isn't that quite an obvious implication? Secondly, there is no way any single website can prevent password reuse, so as such both him and I both acknowledged that was another weakness. As he also said:
It also ignores the issue that most users use the same username and password across multiple sites, such that a pair compromised on one site and invalidated as described would still be valid on another site.
Should be "Notice how neither that quote or even the rest of the article makes any mention".
And here is an article on Dictionary Attacks by Jeff Atwood. Notice how nowhere in the article does he mention anything about already having password hashes? And here is the original article from Wired about the very dictionary attack used against Twitter which is the context of Jeff's article. Here is a nice relevant quote:
The intrusion began unfolding Sunday night, when GMZ randomly targeted the Twitter account belonging to a woman identified as "Crystal." He found Crystal only because her name had popped up repeatedly as a follower on a number of Twitter feeds. "I thought she was just a really popular member," he said.
Using a tool he authored himself, he launched a dictionary attack against the account, automatically trying English words. He let the program run overnight, and when he checked the results Monday morning at around 11:00 a.m. Eastern Time, he found he was in Crystal’s account.
Notice how that quote or even the rest of the article makes any mention of the attacker already having hashes yet it was still called a dictionary attack.
IP banning is less effective against a DDoS using a botnet of thousands of compromised home PCs.
Already mentioned in another post. At that point, you just lock the account entirely and just ignore any and all further login attempts into you can get in contact with the account holder and work out things from there. It's an inconvenience for them, but much better than a breach.
Someone who wants to keep a legit user from being able to use the service could just log in a few times with an incorrect password and then repeat a few minutes later. Each IP would DDoS a separate user.
Better they be kept out of the service for some period of time versus their account being breached. You can also get around this by some sort of whitelisting mechanism paired with a two-factor authentication.
It's amusing how everyone is telling me that my ideas are bad yet they are basic security measures that almost every decent website and service use. I can even name drop Jeff Atwood to back me up as well:
Limiting the number of login attempts per user is security 101. If you don't do this, you're practically setting out a welcome mat for anyone to launch a dictionary attack on your site, an attack that gets statistically more effective every day the more users you attract. In some systems, your account can get locked out if you try and fail to log in a certain number of times in a row. This can lead to denial of service attacks, however, and is generally discouraged. It's more typical for each failed login attempt to take longer and longer, like so:
http://blog.codinghorror.com/d...
And even Bruce Schneier agrees and quotes the very same article:
Bad Password Security at Twitter
Twitter fell to a dictionary attack because the site allowed unlimited failed login attempts:
Cracking the site was easy, because Twitter allowed an unlimited number of rapid-fire log-in attempts.
Coding Horror has more, but -- come on, people -- this is basic stuff.
http://www.schneier.com/blog/a...
So are you guys going to tell me how Jeff Atwood and Bruce Schneier are idiots and don't know anything despite the fact that what I said is basically parroting their own suggestions?
"Take that, you hostile sons-of-bitches!" -- James Coburn, in the finale of _The_President's_Analyst_
