This got a lot of publicity but it doesn't really add all that much security. Supposing you choose 4 words from a dictionary of 200k (roughly the order of magnitude of the OED), you arrive at about 70 bits of entropy. Conversely, choosing a 10-character password from a 62 letter alphabet (a-zA-Z0-9) yields 59 bits of entropy- the difference is only a factor of 1024. Attackers aren't so dumb as to just try choosing random characters- they have very good priors on how common any particular character sequence is in the typical password and will mix and match entire words, with or without leetspeak substitutions, etc.
Of course no matter how rigorous your policy, it all goes out the window once your users type the same password into some other random site.
Complexity matters mainly if your attacker gains offline access to your hashes. Far and away the main source of password compromise is non-uniqueness (using the same password elsewhere). This is actually the main benefit of forcing a periodic password change. Graphical and gesture passwords are horribly insecure from shoulder surfers.
If you can, support as many factors as possible. Multiple factors gives your users flexibility- they may not always be able to receive an SMS or have a card reader handy. TPM-based virtual smart cards are super handy for remote auth from a domain-joined device- no cards or readers required.
Can't believe that to be the case, because that would mean the people in charge of Tesla's Marketing Department are complete morons - never has a new car salesman tried to "steer" a potential sale to their competitors.
Remember - most dealerships sell multiple makes. If one of their makes gives the dealership more kickback - the dealership pushes that make. Also, dealerships sell many models. They push the models they want - instead of simply answering questions, informing the consumer, and helping the consumer into an appropriate configuration. Finally - dealerships make a ton of money on "add ons". If a particular model has fewer available after sale add ons available - a dealership will avoid that model. This is all before considering the profits they make on service. Can't sell oil changes to Tesla buyers - so let's push the BMW or Porsche instead... Look. Tactics like these laws are simply fear. Dealerships suck. Everyone knows they suck. The only people I know who defend dealerships are people who work there.
Don't apply for a dev job. Assuming there was sufficient math in your PhD apply for a data science or data analyst role, which will include a fair share of programming but also mentally engaging work. Hiring managers for these roles look for people that have strong analytical skills and the ability to learn new things (proof: you have a PhD). What languages you know is secondary in these roles to how well you dig in to a problem and deliver insights.
Gotchas more than quirks:
- the day you realize you put a side effect in an assert() call.
- the day you realize GCC, maybe it was V2, not sure this is still an issue, exploits extra bits of precision in the Intel FPU, *only if* optimizations are enabled, which causes certain iterative floating point algorithms (eg SVD) to fail to converge.
In both cases everything works great in debug builds but goes to hell in release builds and it's incredibly painful to get to root cause.
for sure the first site I'd attack is obscure registrar namecheap...
Some details here: http://en.wikipedia.org/wiki/P...
NCMEC uses PhotoDNA which is a fuzzy hash that can detect altered images.
http://en.wikipedia.org/wiki/P...
Yes, most likely GOOG is using the same thing everyone else uses- the NCMEC standard is PhotoDNA:
http://en.wikipedia.org/wiki/P...
This.
+1000. The OP has embedded hardware skills which is a relatively rare skill-set- the barrier to entry is for sure a lot higher than basic software programming. My advice would be to leverage the hardware skillset into some new embedded programming domain (learn new hardware-specific tricks). There's little-to-no value in reinventing yourself as a generic programmer.
It's like Dave Ramsey says: if you're broke, then eat "beans and rice, rice and beans." It's easy and cheap, even in a dorm.
1. Rice cookers are like $10-20. Get one with a steamer tray. It doesn't have a burner and can't start a fire, so tell your RA to fuck off.
2. Buy rice at the Asian store. It'll cost $1/lb for good Jasmine rice (brown rice only, you'll need the nutrients). (You don't have an Asian store? My ass. Or try the Mexican store. You don't have a Mexican store, either? Shut the fuck up and stop lying. Open your eyebulbs; they're everywhere.)
3. Buy bullion cubes and/or soup base (it comes in a jar) for flavor. You can get that stuff cheap at the Asian store.
4. Buy beans in a can from Save-a-Lot/Aldi/cheapo-store. I like navy beans and fava beans. There're a few dozen other kinds. Get what's cheap. One can a day, minimum.
5. Put the rice, soup base/bullion/soup mix and water in the rice cooker and press the button. Add the beans when it's done. Enjoy.
6. If you're feeling rich, chicken or sausage or burger patties go in the steamer tray.
7. The Asian store will also have cheap noodles that the rice cooker will cook just fine. Cheaper than ramen. (You still need the beans, or you'll eventually get something nasty like beri-beri.)
8. Oatmeal and raisins make a good, fast breakfast. (Add sugar packets and creamers from wherever other people get coffee.)
9. You'll also need to add some vitamin C every once in while to prevent scurvy. Any fruit or fruit juice will do. Tea made from fresh pine needles (actual pine trees only) will do in a pinch. I like raisins, apples, bananas, and oranges, which are all usually cheap enough.
You can actually live on that stuff for months at a time without dying. The soup base/bullion and occasional noodles and meat will keep you from committing suicide.
"May your future be limited only by your dreams." -- Christa McAuliffe