Right, we need password-authenticated key agreements to become more common place, which are based on a zero-knowledge password proof. There are even IEEE and RFC standards.

What is the hold up here? Implementation is harder than simple password comparison?

How is the Auth1 scheme described above susceptible to offline dictionary attacks?

I'm assuming both client and server then exchange the Auth1 value to know if they can trust the other side: server would check for correct password, client would check for non-MITM server.

The supposed MITM would attempt to offline brute force the Passhash as they now know the inputs to the HMAC, and they know the correct Auth1 value?

But pairing the bluetooth smart (bluetooth LE or low energy) can suck with the current Android release. Almost always need to re-sync the HR monitor before a workout. Perhaps a software update can make it better, or devices need a firmware update.

Features? It's great to have the server manage groups so when a new user of Team X gets added, all of Team X shows up in their roster. File transfer is simpler and more secure using XMPP+TLS than requiring the "cloud". Persistent chat rooms (ala IRC channels) are a great way to keep people collaborating. Even IDEs like Intellij can help collaboration by sending "File Z line N" code pointers or diffs that show up right next to the code your team is working on.

That and by using OTR or trusting your own server to not log chats protects privacy. But does anyone care about privacy anymore?

See: http://science.slashdot.org/co...

Homomorphic encryption has been the Holy Grail of cloud computing since the term was coined. Yet until it has large toolchain support, why suffer with the extra hassle?

And since I shouldn't store the keys in the cloud, for every instance that uses some encrypted disk, I need to manually login then provide the key and passphrase.

Seems difficult to use encrypted storage in the cloud...

But does the syntax even work? ~* seems to be a string operator matching the $remote_addr to a CIDR notation subnet. Will nginx match that properly?

As a logged in user, I still get Classic view, but on a narrow but tall vertical monitor, Beta comments are completely unreadable for me. Thus, when beta hits, I will be a summary-only reader. (And might finally get around to creating an account on reddit.)

I've not yet tried it with FF 29, works great on FF 28.

I've not figured out a way to highlight the current tab, but I use another way to show me which tab I'm on. I disable the close button (X) on all tabs except for the current one, so I can look to the far right of my tab list for the (X) as I have tabs on the right.

With a vertical monitor, my tab width is small, but I can show many tabs without scrolling (about 70 un-collapsed).

How could you possibly use Chrome with that many tabs and not have tabs on the side?

I routinely have 50-100 tabs open in Firefox, memory usage is great, even with a bunch of add-ons, from versions 26-28. Granted, some of my add-ons help reduce overall resources by blocking cookies and scripts. Also 'click to play' is a necessity so Flash only loads on the few sites I allow.

That's why we have ctrl+T or ctrl+N, it's your choice.

Also try Ghostery and Disconnect if you want to block known advertising sites. It lets through all the requests to cloud providers like //ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js and such which track you, but if you also run Cookie Monster and Referrer Control, they don't get much.

I would love a noscript/request policy like addon that would allow me to substitute "common" shared resources, like jquery or bootstrap, from a local cache.

While that sentiment is accurate, no one wants to pay for decommissioning old reactors. Say we build a bunch of modern reactors, in 50 years will anyone want to pay for decommissioning them?

How? The client also responds to the heartbeat?