Exactly, that's very well put.

Dr_Barnowl puts it very well too. I'm taking his example of a 6 digit password here. IIRC someone (maybe at Google?) did research that most users will sit for around a second on a login before they start wondering if it's broken, so that gives you a whole second -- billions of processor cycles -- to run anything you want on the single password. An attacker doesn't have the luxury of spending that much time on a single password. For example, a million seconds (000000-999999 @ 1s each) is about a week and a half. Parallelism helps attackers, really quite a bit -- a single Nvidia GeForce GTX690 has 3072 cores which means that with all cores running you can cut that down to 5 minutes with one graphics card which is why you don't want your hash to be easily run on hugely parallel hardware. The important thing is that trying billions of possibilities in parallel is only something an attacker ever would do. That means you want to make the hash function too big to fit into a GPU core's cache, use instructions that a GPU can't process, lock in some way etc etc.

I thought you weren't a crypto expert?

No, making it easier to run multiple instances of a hash, especially on a CPU, doesn't benefit a legitimate user very much but it hugely benefits an attacker. The problem is the different workload that someone storing and verifying passwords has compared to someone who is trying to crack a long list of them. All but the biggest web services will be dealing with roughly one login at a time (ie. you're usually finished with the previous login before the next user tries to login) whereas people attacking will be trying to run as many hashes as possible as quickly as possible to find any matches.

For password storage, you want a really unwieldy hashing algorithm that runs slowly and expensively (in terms of I/O, memory and processing) because you want to punish an attacker for running it so many times. An algorithm that's too memory hungry or esoteric to run on something like a GPU core is all to the good right now.

I'm not sure about a stream of minor complaints from each new starter. I think this can so easily become "we did it differently at my last place" and you need some experience of how it works at the new place too before you can start fixing it. There will be low hanging fruit that's immediately obvious on their first day but given you've managed to avoid burning the place down so far, it's not as if you're sitting around waiting for your new hires to tell how it's done.

I think the key words are "in a constructive way". For example, it seems like this guy's instinct after he (at least thinks he has) tanked a phone interview is to make an anonymous blogspot account and complain how he had too much warning to know if he was free, not enough warning to prepare for the interview and how he can't type and use a phone at the same time. I don't know anything else about him but so far it just doesn't scream "asset" to me.

Depending on how many years ago it was it might well have changed. In my experience, they're pretty quick to stop paying JSA now. The latest rules for sanctions came into force October 22 2012 and they can stop your benefit for up to three years.

You should test this theory by making another account.

Well, if you really think so. It seems a bit of a stretch to me. A denier is just someone who denies something. The first stage of grief is denial -- but not in the sense that they're denying the Holocaust.

Oh no, that's reference to climate change 'deniers', in that they deny climate change.

There certainly is such a thing as a Holocaust Denier (although even then I personally wouldn't have associated the Nazis with Holocaust *denial* as such) but they deny a separate thing.

There was a good point made that only people who aren't thought of as smart have anything to gain by joining MENSA. For example, if you found out Stephen Hawking was a member of MENSA you might just about manage a "well, figures" but if you found out Sarah Palin was in it you'd go "wow, never expected that".

Even then, I didn't realise he made a Nazi reference.

Ridiculously ambitious guarantees are common from small companies in lots of industries. You'll find sole trader carpenters who'll happily slap 200 year guarantees on house repairs because why not? It sounds good and they probably won't be around for it.

I'm not sure we mean the same things by "Goodwining"

Flashcrashes usually end when the exchange halts trading. I don't recognise "...and then quickly recovers", I do recognise "[someone pulls the plug and then] the SEC undoes transactions to protect..."

The thing that gets me about this story is the sheer number of "I was born following my GPS into a desert, you merely adopted it" comments that say "you obviously/clearly/etc haven't driven in Australia" Is it all the same guy?