Hello,
If most sites were using bcrypt with a decent work factor or another similar algorithm you would probably never crack more than a tiny, tiny fraction of a password database. We know how to prevent this. It is best summarized in PBKDF type algorithms, bcrypt and others. Use it. This stuff works.
Inquiring minds need to know.
Only, this is exactly how you WOULD do it if you were to use a botnet component in an information warfare strategy. I direct you to the excellent work of Charlie Miller.. who worked for the NSA and has DONE this type of work before (information warfare against foreign governments). Much of his paper is just plain logic/reason as well. Think about it. Especially with the stolen certificates. If I have stolen certs those are BIG playing cards. Like sitting on golden 0-days. You don't whip those out until you are ready to play hard. Once you reveal your hand (that you have the stolen certs) the certs get revoked and the cleanup begins. So you don't play those cards till the time is right. It is impossible to say if a government entity is behind it, but if it IS behind it this is when and how you would do it. Plausible deniability, etc. And, if our govt is NOT behind this they are still not going to complain about it. Also, it would take fairly significant resources.. probably a few million dollars to operate, build and run a botnet like this and keep is quiet. Using compartmentalization, each team / group of people isolated from the others, etc.
Thank about it
Good thing for you most large governments have the root CAs in their pocket and can easily Man in The Middle most SSL transparently, unless the user is superbly vigilant.
Except, that is not true. There are commercial proxies that make it very easy to own users that are using SSL. It just costs money. All the IT administrators have to do is install the proxies certificate authority cert in the list of trusted certificates and transparent man in the middle can be done with ease and the user will never be the wiser. The tools to do this can be developed by anyone with a little knowledge of SSL and some time, as well. This is a major fallacy. It is only difficult for organizations that are lazy and or can't afford the proper tools to do it. So it is easier to fight it administratively than pony up for the commercial tools to do it.
Your gps device is capable of measurements nearly that precise. You just have to let it sit there a while. You let it collect data for a long time and then voila, find the center spot of all the GPS coordinates that got recorded (it will jump around) and you have an incredibly accurate measure.
Surely at least one poor individual out there knows every nuance of the language.
You can get cheap FPGA boards these days too. The only barriers most people will face is motivation and the knowledge of what to learn and when to learn it. The trick is to optimize happiness and earningsat the intersection of the two that best fit the lifestyle choices you probably don't know you will have to make earlier in your career
I concur with the parent. I recently purchased and read through all four of his most popular novels: Elantris and the Mistborn Trilogy. Sanderson's default writing style is actually shorter and less descriptive... but then for first books you don't always get the luxury of killing an entire forest to describe a bedroom.
That said I have read the annotations for most of his books, Brandon's blog posts regarding his writing (cruise to his website and read up if your remotely interested) and the entire WoT series again. I have decided that with the amount of information Jordan left behind (plot) a writer of Sanderson's talent can pull it off. Sanderson has a much shorter paragraph length on average and his stories had great potential plot wise, he just chose to keep the stories shorter, though he has the vision of the grand epic. The real challenge will be nailing the details and tying up all of the plot threads on a coherent manner. The writing style, I think, Sanderson probably fell into after a few months of writing. Since Sanderson has already managed reasonably complex plots and seems to be keeping it all together (based on his blog posts) I hold high hopes for the completion of this series.
This is a series I started reading in early high school and have treasured to this day. Some books are better than others, but this series is THE epic fantasy story of the last 20 years. It is more of a brute force presence in the fantasy fiction world than something someone did decades ago like Tolkien. Jordan has defined an entire decade of writers and readers that have had to come to terms with his stories when they contemplate the fantasy epic. When an author sits down and thinks of a plot and story for a fantasy epic it is, in my opinion, Tolkien and Jordan that you struggle with: how do you do something different? How do you spin threads of a story of epic length while making the same old good triumphs of evil (epicly!) enjoyable? There are a lot of other great writers in the epic fantasy space and I don't mean to reduce it to the two most well known.... but they are where they are for a reason.
Anyhow... my rambling is done. I highly recommend Elantris and or the Mistborn trilogy. Though I suspect that most of us that have been eagerly waiting have already begun studying up on the man to finish up Jordan's legacy.
Wait.... you just replied to yourself. Buddy you need to take it easy. These self held discussions on the merits of goat breeds are a little frightening.
Yeah, you can fool it but you would definitely end up inflating the data. Properly done crypto should leave the data completely indistinguishable from random noise. If I can determine your data is encrypted and somehow different from random noise then you have implemented your cryptography improperly. However, if you scan a disk and, using statistical frequency analysis, find bits of random noise floating around that is not a common event. Compressed files are pretty easy to test for, even though they do start approaching noise in their randomness compared to a regular file format like HTML. Basically in order to attain proper cryptographic properties you can't cheat and use some method of crypto that is not random. What you could do is properly spread out the random data enough and intersperse it with regular patterns to make it resemble something else. You would basically end up with a data hiding routine. Small messages are the easiest to hide. Ala steganography. A lot of work has been done in that arena.
I realize you may have known some or all of this (crypto and the breaking of it is just fancy statistics for the most part!) Just elaborating on the idea a bit for others. I work in infosec so I love crypto
You need to be.
Yes there is ageism at some companies... maybe even in general. You don't want to work at those places because you will likely be treated like a drone anyway. If you are truly passionate about computer science go for it. Become a lethal ninja of the computing sciences. You will probably have to work harder than the whiz kid peers you will meet in college, but you are older and wiser. Go in there, expand your brain, kick ass and just ignore everyone that says this is crazy (it kind of is).
You may have to work harder than a lot of people in the industry to make up for your lack of experience, but if you really love doing this you won't really notice. Just go for it. If you have little holding you down in terms of financial obligations (family, mortgage) you are even better off. If you work hard and show your value you can find good work in this industry. And if your previous experience can be applied to a specific industry you have a huge leg up
So to paraphrase Duke Nuke'em -- Fuck emm all, let god sort it out. This is a great time to be in school with the recession as well...
I have been around the block a couple of times by now and you will definitely encounter ageism from time to time. I just ignore it and show my worth and that is that.
As a frequent traveler it is easy to begin to obsess over bags a bit. You basically live with these things and they are like a portable house to you. How convenient, comfortable and easy they make your life is important. And from an absolute perspective things like airport security are a non event. So what if it takes me an extra 3 minutes? Even if it took an extra 3 minutes and you took 100 flights / year that is only a mere 300 minutes! Well convenience in travel matters. There is something nice about slipping through everything as quickly as possible and being on about your business. The central focus of all of these activities is your bag. I am a minimalist. I just have a big bag with a few pockets and I just dump stuff into it. Sturdy and strong so I know it won't fall apart and the rest is trim, but I still compartmentalize things meticulously to deal with airport security.
Side rant: It is all a bunch of bullshit security theater, but I have learned first hand that it is not wise to make a big deal of it. Being followed and harassed by a TSA supervisor threatening to have you arrested is OH so entertaining. I one day, rightly, pointed out a particular rule of theirs to a screening agent who was doing something he should not have been doing and the situation ended with me barely avoiding being arrested and followed by an overzealous supervisor who was quietly stalking behind me and listened to me muttering rather unkind things about the TSA. He then proceeded to flip out telling me not to say another word! Check your ideals of privacy and freedom at the door of the airport. A good bag just makes this process easier.
"I've seen it. It's rubbish." -- Marvin the Paranoid Android
