"I'd say that was a pretty good move on their part, given that I've since ordered lots of more obscure components from them."

Same here, I didn't know they existed before, but now I have placed 4 orders with them.

It's not an advice, it's an opinion.
Opinions are like... (etc.)

I love it, really, but has anyone else noticed that using a Raspberry Pi (instead of any Linux platform at all) is the greatest way to get publicity for your computer controlled hardware project?

Brewing controlled by an HP netbook would never have made the headlines.

This is a prime example of cognitive dissonance, IMHO. We all know we have no more than a little over 80 years to live. Instead of confronting ourselves with the enormity of this fact we think of reasons to make it less bad. Oh, I'd get bored anyway...

Making a public spectacle may very well backfire.

Absolutely, that's the classic 'game in the middle' attack!

How could they have missed that?

Incomplete? OK, I'll give you the power supply, but my Raspi is never going to have a screen/keyboard or mouse. We you planning to replace your PC with it or something?

The whole 'teaching' idea is quite absurd. You can program on a standard PC just as wel or even better.

The main point of the Pi for me is that it's incredibly cheap. It has GPIO ports that no other PC's have (to my knowledge).

Also, you can change its personality completely by just swapping the SD card. I can't remember the last device I could do that with so easily.

That Maastricht discovery is based on an fMRI scanner. AFAIK these scanners are hugely expensive as well as hugely huge. That kind of limits the usefulness in the near future.

Another one for my quote book...

Think about it. 6 million unsalted password hashes without matching use data. If this is real password data, how big is the chance that someone would find their password in there?

Perhaps as big as the chance that you get a Google hit when you search for your password?

AFAIK all we have is:
- Someone posting a list claiming it's from LinkedIn
- Some people confirming that the hash of their LinkedIn password is on that list

That doesn't really prove anything, right?
- People tend to pick similar passwords
- People use the same password on different sites

I read this in some blog, but I already had my doubts then.

Hmm, funny, that's exactly how I described my system last wednesday in an earlier thread on the subject. The added complexity is not a problem at all, the extra password is only stored in the authentication server (which runs on a different system than the database contaning the hashed passwords.

No, it's a good idea to force users to have different types of characters in their passwords. That's exactly because of this kind of thing. The way to break hashed passwords is to use a precomputed rainbow table. That's typically a list of all possible passwords of a certain length range with the matching hashes. If you have that, cracking is easy, just a quick lookup.

Now, the problem with rainbow tables is that they are pretty big (starting with hundreds of GB's). That's big, but not that big these days. If users limit themselves to lower case alfa characters you have a pretty manageable diamond table. But if you have to account for punctuation marks, numbers and upper case characters their size explodes.

But thats still not good enough. Anyone worth their salt uses a salt. A random string of characters that you store with the password that's used to seed the hash with. A long enough salt makes using rainbow tables impossible because the space required to store them would be humongous. In an application of mine I have also added a system wide salt that is not stored in the database. If anyone gets their hands on the database data, but not the code, they'll have an extra problem to figure out.

So you're back to brute forcing, which is going to take you a very long time with 6 million passwords.

Unfortunately for the LinkedIn people, someone forgot their salt, so the passwords can be cracked fairly easily if someone has the required rainbow table.

But how much is an Arduino with ethernet and SD card storage? To name but a few features. (The answer is $13 + $40 + $25, that's $78 total, nowhere near $25 for a Pi model B)

Can I run an Apache server on that Arduino? Can I program it in PHP/Python/Perl etc, etc. Because I can with the Pi. (I own both)

An Arduino is a great device that can beat a Pi in many applications, but the same goes the other way around.

Right, I've been smelling a rat all along but I couldn't put my finer on it. That NEST thing doesn't seem so special at all. They seem to be milking this patent thing for all the publicity it's worth.