Use PasswordMaker. It does the same thing but with a master password added as well and you can customize the output alphabet.

By and large, though, the exact technique outlined in xkcd doesn't work. It's not enough bits of entropy. It's better than the approach it's comparing to, but the assumption of 1000 password guesses per second is not accurate for offline cracking, which is what we're worried about. A good password cracking rig can crack 100 billion passwords per second if they're encrypted using something like NTLM (which many Windows networks use in addition to their primary hash for backwards compatibility) or md5 or the SHA family. Only things like scrypt, bcrypt, and PBKDF are reasonable. If they don't use one of those (which for web sites you likely don't know), you should assume 100 billion guesses per second. And then instead of xkcd's approach resulting in 53 years to crack, the correct time is about a half an hour.

That said, we can fix that by increasing the number of words to five or six to be on the safe side. Once we do that, we have a reasonable margin of safety. So it's not that the approach can't be tweaked, but at the time Schneier was writing about this, it was clear that the approach as described could be cracked relatively quickly.

So, we had a long period where ISPs were classified as Information Services rather than Telecommunication Services. This allowed them to not have to be treated as common carriers and thus not have to be neutral or share their lines. They loved that and this decision is an attempt to bring that back. But why on earth would the courts allow this classification when it's so clearly a lie? Why did they let them be classified this way for a decade?

An Information Service is a service you pay so that they will themselves provide you with information. For example, if you subscribe to a stock ticker service which provides you with information about what stocks have sold at what prices, that's an Information Service. A Telecommunications Service is a service you pay so that they will connect you to a network where you can contact other parties which may be distant from you and communicate with them. For example, a telephone company. It's very, very clear that no one signs up for an ISP to get information from the ISP. We sign up to use the internet to communicate with servers the vast majority of which are not owned or operated by the ISP. When Comcast attempted to argue that they shouldn't be classified as a Telecommunications service, they cited the fact that they provided information to customers because they ran DNS servers. The idea that most customers are paying their ISP primarily because they want DNS service is laughable. So why is the FCC even allowed to classify these services as something they aren't?

And that'll work great until you get big enough that the ISPs think that you're big enough that it's worth shaking you down for extra dough and then they'll claim that they need extra money to carry your traffic. Comcast literally starting shaking down Level 3 demanding money for the traffic which was being sent to their users. If they'll go after backbone providers, I promise you that having a "commercial grade pipe" isn't going to make a difference.

So, we're quoting verbatim from The Washington Times as if it were a trustworthy news source and describing harassment victims as "Social Justice Warriors" now? What the hell? Is Slashdot an alt-right mouthpiece?

Hmm, I'm going to guess "at regional bottling plants run by different bottling companies who franchise from PepsiCo", because that is in fact how it actually works. There is no one factory which makes the Pepsi for the whole country. Heck, most large metropolitan areas have their own bottling plant which uses the local water, so there's not even usually one source per state.

Perhaps you've confused your regional Pepsi bottler for the only source of Pepsi in the US because you don't understand what's going on at all.

Allowing an anonymous login for an FTP server is tantamount to putting up a sign which says "take the files". If you don't understand why, just follow this link. If you did, in fact, follow that link, congratulations: you just downloaded a file from an FTP server using an anonymous login. It's such an accepted thing that your web browser just did that process for you without bothering to ask if you were okay with it. You've now done the same thing he was accused of doing without even knowing you were doing it.

Putting files on a public FTP server with an anonymous login is exactly the same as putting those files on a public HTTP server without requiring user credentials. The only difference is which protocol is being used.

In addition to requiring all encryption products in the future must have backdoors, it also requires that all encryption software from the past already have been backdoored unless you want to have to brute-force it in response to a court order to "render technical assistance".

If passed, this would open up a novel new extortion attack where you intentionally use non-backdoored software to encrypt some data, thoroughly delete the unencrypted versions, create a lawsuit where that data is part of discovery, and then get your opponent in the lawsuit (who is conspiring with you) to ask the court to order the company which distributed the encryption tool to render the technical assistance needed to decrypt. Thus the company will be on the hook for the cost of all the needed electricity to run all the CPUs or GPUs to brute-force the encryption key, except that you conveniently offer that if they can help work out a settlement in the lawsuit (i.e. pay you or your conspirator), then maybe the lawsuit can be dropped, thus vacating the court order.

Last night I figured out how to extort money out of big tech companies if the Feinstein-Burr bill becomes law. It requires that any company which has provided encryption technology render technical assistance in order to provide unencrypted versions of information in response to court orders.
So, here's what you do:
1) Choose a company which provides any existing encryption products which don't have backdoor and will host data for you in some form. Good choices might be Apple, Google, or Microsoft. For Microsoft you can use their BitLocker product to encrypt things. For Apple or Google, you can just use OpenSSL's command line to do the encrypting. There are likely some other companies that would work, but those are the first which come to mind.
2) Find a co-conspirator who is willing to sue you.
3) Create some key piece of information which is relevant to the potential court case.
4) Choose an amount of money which is quite large, but is within the potential budget of the company.
5) Do some calculations like this spread sheet does: https://docs.google.com//1hsvO2RBXWYxMMMCaDx5CASPy2l/edit (although I'm not sure these numbers are correct because I'm not sure they account for the efficiency of doing this with GPUs instead of CPUs) to figure out how long the key will have to be to be in order to cost the target amount of money. Assuming their figures are correct, then 86 bits would be the correct answer.
6) Choose an encryption function which uses more bits than that. So let's go with 128-bit AES for this example.
7) Encrypt the key piece of information with it.
8) Make a second file which contains notes about what algorithm is used and contains all but your target number of bits of the key. So in this case, 128-86 yields 42, so we put the first 42 bits of the key in the file.
9) On the storage provided by your target company, store the encrypted data and the unencrypted second file.
10) Ensure that all other copies of the data and the key have been completely and utterly destroyed, but keep references to its existence.
11) Proceed with the lawsuit and have your co-conspirator find out about the file in discovery.
12) Have them obtain a court order requiring the target company render technical assistance. Now, to comply with the court order, they must spend approximately $10 million dollars to brute force the remaining bits of the key.
13) Offer to have talks about settling the lawsuit, but only if the company is also involved in those talks.
14) Hint that this could all go away for a much smaller amount, like only $100,000 especially if the target company were willing to pay.
15) Once they pay up, drop the lawsuit thus vacating the court order.

And if you undo the rot-13 on your own, you've committed a DMCA violation and Slashdot can sue you. No, I'm not kidding about that. Legally, they could. There are no requirements in the DMCA that a technological measure which control access to a copyrighted work need to be non-trivial to defeat. Even when it's just rot-13, bypassing it is a violation of the DMCA.

He also said that they don't understand loops and conditionals. I think that the author is pretty clear that web development isn't CS, based on several of the other articles he linked to (like, this one). But students who have a solid understanding of programming and are used to consulting reference material for how particular commands or functions work would be highly unlikely to be stymied by IMG tags if they were to try to create some. It's not exactly a complex concept. People who have trouble with IMG tags would be people who aren't used to looking at code carefully or ones who think that computers "understand" things. Neither of those should be the case for anyone who has had a reasonable computer science education.

Yeah, we used to teach our kids LOGO and BASIC back in the 80s and early 90s. Now we teach them MS Word, Powerpoint, and Internet Explorer and how to upload videos to YouTube (which is "learning multimedia" in much that same way that the other things are "learning computer science"). We used to do those things. I learned LOGO and BASIC in my elementary school in the early 80s. But you don't find them done any more.

Being a skilled programmer doesn't necessarily mean being a skilled teacher, especially when it comes to the basics of programming. It can actually be quite difficult for someone to teach to others the things which come easiest to them. However, your overall point that we don't have a surplus of skilled computer science educators is true. But even without that, forcing at least a little basic computer programming on kids, even with unskilled teachers, is a lot better than letting them do without. I'm pretty sure that the teacher who taught me Logo in 2nd grade and BASIC in 3rd didn't understand very much about programming beyond the range of those courses. (I suspect this partially based on, for example, that when I asked when you would use GOSUB instead of GOTO, they didn't have a clear answer). But they were effective at teaching that basic material and that was a great start. I think that the article this was about illustrates this well, as I have trouble believing that Vietnam has a much greater quantity of skilled computer scientists teaching in its schools than the USA does.

What's happened is that the national standard for computing education in this country (which have been adopted by most states) are set by a board of specialists who all specialize in the use of computers in education. They don't specialize in computer science. There are no computer scientists on the board at all. As such, they recommend that teachers teach the sort of skills which make the computer useful in reinforcing learning in other subjects because that's what they specialize in. So, for example, they might recommend that students learn how to use spreadsheets in middle school because it helps them in analyzing experimental data in middle school science. Or they might recommend that students learn how to browse the web because it helps them practice reading and study skills. But they don't recommend learning programming because it is outside of their specialty and they likely don't understand how programming can be used to reinforce learning in other subjects (which I would argue that it can be used very effectively to do so for many subjects, especially math and science).

If we want to change this, we need to get state level boards of education to adopt different standards. That's how change will happen.

The HDCP side would most definitely not require that. It's a stream cipher, so aside from any buffering you might do if your HDCP solution was software rather than hardware (which would actually still seem pretty difficult to do even with a fairly stompy processor), it needs less than a kilobyte. The other side, who knows?