Are we sure passwords are stupid? They're certainly annoying when compared to using certificates or biometrics or whatever. Isn't the problem here more that passwords that are hard to crack are also hard to remember and also that password reuse is bad (m'kay).

I read an excellent article by Dennis Forbes recently who suggested a browser-based mechanism to deal with this. Basically, never send your password to the recipient (whether it's Gawker or your bank). When you type into a HTML password field, hash the password you type in with your username and the domain of the site as a salt and then submit that. That way no-one (including the site owner) has any chance to store or intercept your plaintext password.

Now if you use the same username everywhere, you might want to avoid "12345" as a password, but a single complex password could be used for all your sites without worry. It would be a different hash sent to (and stored by) each site, it would be immune to rainbow table attacks and if you use a good password it would also be secure against brute force attacks.

http://blog.yafla.com/input_typepassword_Needs_To_Grow_Up/

If browser developers were smart, they'd let you generate or enter a complex UID (generate it on your PC browser and then provide it to your iPhone, laptop, work PC and so on...) and salt with that as well. That way your passwords would work across multiple machines (if you used the same browser password) but it would add huge additional complexity to a brute-forcing attempt because now they need the domain (easy), your username (easy), your site password (hard) and your browser password (hard). So an attacker couldn't login to your accounts even if they beat your password out of you unless they were using one of your devices. Conversely, if they stole one of your devices, they'd still need to crack your site password.

Not that I'm pro-copyright (certainly not in its current form) but I think the difference here is that in the case of a chef (for example) you are paying for the restaurant, possibly the name of the chef and the fact that your meal was cooked by the "artist". If you get a copy of a CD, it's an exact replica of the original and indistinguishable in every way. Unless you like cover art there is zero added value.

For it to be the same thing, you'd need to be talking about live shows and I'm sure that just like most fans of Heston Blumenthal would rather eat at The Fat Duck than The Obese Mallard (a tribute restaurant in Hereford) I think most fans of Metallica would rather see James and co at the O2 Arena than catch Metal Licker doing a set at the Dog and Handgun in Milton Keynes.

The reason there is an issue in these modern times is that there are now methods for precisely duplicating copyrighted works that simply didn't exist when the laws (and the whole concept) came about. Each meal prepared by a top chef is a unique, crafted object...each copied Blu-Ray is just a copied Blu-Ray.

Surely an even better idea would be some kind of read-only VMWare Appliance (or similar). User clicks a link on their desktop which launches a program that checks the VMWare image hasn't been tampered with (CRC and md5 or something like) and then boots a basic Linux VM which opens a kiosk-mode browser that goes straight to your online banking. Couple that with a proper two-factor hardware token and that should be good enough for most things. If the VM/Browser had draconian checks on things like SSL certificates and DNSSEC, that would be even better.

There would probably be some possibility of an attack at the Hypervisor level I guess, but you'd still have the other forms of protection as well.

Surely BackTrack needs a mention. One stop shop for Penetration Testing, Ethical Hacking, Security Analysis and pretty much anything else security-related. It might not qualify as a fully-blown "distro" depending on your definition, but it's a lot more customised than your standard "Clonebuntu" variants.

If you are even remotely interested in Network Security or Penetration Testing, it's a really invaluable tool.

"This file contains random-looking data and we suspect it to contain encrypted data with direct relevance to an ongoing National Security investigation. Please provide the decryption keys for the file '/dev/urandom' immediately or face 5 years in jail!"

Although, perhaps someone could write a tool that replaces /dev/random with some kind of encrypted device volume? Interesting...

No-one is gonna read this far down, but what the hell :)

The Return To Zork one might not be a glitch so much as just evil designers, but if you made a slight mistake on the FIRST SCREEN (cut instead of dig the plant) then you're blocked from completion of the game, but you don't find out until much (much) later!

Dark Age of Camelot is a still-breathing MMO that got roundly whooped by WoW despite having probably the best PvP of any MMO to date. The bane of this game was the sheer number and scale of Line-Of-Sight and NPC-pathing problems. It made certain situations in the game almost unplayable.

There were also a lot of questionable decisions made by the design team that led to some interesting game dynamics. Anyone who's played will remember the MoC3/RR5 Sorc combo, the Large Shield blockrate against Dual-Wield and various other fun bits and pieces.

Still loved that game though...