What about the user who uses 11elephant82 as their password? Are they doomed as well?

It will happen easily. The only thing that isn't *ever* happening is people using strong passwords relative to current and projected cost per transistor.

Yes this is just punting responsibility for keeping a secret. Whether punted to physical keys, operating system keychain, TPM circuits or manual startup inputs all of these things do a better job than tens of thousands to millions of hashes stored in the clear on disk.

Regardless password does not need to be accessible to machine holding the database offering some (small) protection against theft while still being much better than nothing (e.g. hashed passwords with a proven track record of epic fail after epic fail)

I'm afraid to, daily commute to Langley is taking its toll.

Occasionally I hear people making statements like this and while practically useful *at best* language is a dangerous assumption.

Additionally complexity of a middle tier just for security sake could well provide additional avenues of attack that may not be available in a globally less complex solution but it all depends on specifics of the implementation.

The reason why *at best* is wrong an attacker able to compromise the application, middle or data tier is almost always able to exert complete control over the environment... just not immediately or on demand.

At any tier an attacker may record data persistently over time compromising user credentials and data as they login and use the system... you don't need to select * from users when attackers already have copies of your data mirrored to them over time or are able to impersonate any number of users.

Better than delusions of safety.

Data tier could be made to offer functionally same level of security as an application specific middle tier with view based access and or procedure driven access. Not uncommon to run into systems where user accounts are unable to touch any real table.

What is the practical effect on a password list when rainbow tables are taken off the table?

Yes much easier everyone gets that...so what ... what does this actually mean in the real world?

Say I have a password list with 10000 accounts, they are all salted.. I'm still going to be able to recover thousands of passwords without much effort... still adds up to epic failure with or without salts.

Symmetric keys are a much better idea than the dangerous delusion too many people seem to be subscribing to that clear text storage of salted password hashes affords users any meaningful protection.

Nope this counts only as tweaking integrity of a single factor.

It again depends entirely on intent whether it is criminal, or simply tort.
If the girl knew the boy was likely to do it because he was mentally unstable, she'd likely be brought up on some sort of manslaughter charge.
If it couldn't be shows that she had any expectation of it actually happening, the best anyone could likely hope for would be damages in a wrongful death civil suit.

The situation is really pretty analogous.

You literally have no fucking idea what you're talking about.

There's no legality involved with your piece of hardware using unlicensed bits in a protocol field. None. Zero. Nada.
There's no legality involved with a device driver talking to your hardware. None. Zero. Nada.

Legality didn't even enter the picture until FTDI wrote malicious software that disabled end-user devices. Were this a mistake, they could be off the hook by replacing them, by civil court order if necessary. Since it was intentional, that makes it criminal as well.

I have a good friend there right now. There have been 2 attempts on her where she had to physically fight someone off of her, and the first 2 days of reception were sexual assault awareness classes where they're instructed to stay out of the dark and not go anywhere on-base that they're not familiar with or get into any cars they're not familiar with. No shit. On a US army base.

Can we throw everyone in the South in jail now? Oh wait, Canada. Darn.

Seriously, this is just nuts. Are people really this easily scared into giving ground on basic rights?

There's tonnes of evidence to back him up. You know, unless you believe in magic every effect _does_ in fact have a cause...

The big ones I can think of are Cadence SPB, Ansys HFSS, Ansys Fluent, Dassault Solidworks, Dassault Abaqus, Rocscience RS3D, Agilent ADS, Bently Microstation, PTV Vision, Intel Fortran, and Xilinx ISE.

There are more, but those are the ones I can think of we use the most off the top of my head.

all you have to do is keep redefining "Middle Class". How's that old Steinbeck quote about temporarily inconvenienced millionaires go again?

is to tax the owners of the kiosks and give the money (in the form of "Basic Income") to the people put out of work. There's all sorts of justifications for this ( The intrinsic worth of humanity, the fact that earths natural resources existed before your granddad came along and claimed them, etc). But it mostly boils down to one simple question: Do you have the cojones to let people die miserable deaths from starvation and the elements? If you do, fine. Welcome to psychopathy.

Now, as for the hard stuff (e.g. controlling prices and inflation) there are plenty of ways to do that. They're hard, and require effort. You can't wave a magic wand of +1 Ayn Rand's magic laissez faire and have it work out. It requires active participation in the economic well being of an entire populace. It also requires abandoning economic principles (not "moral principles") that aren't working. It means continuously striving to improve and control powerful trends and forces. It's not the sorta thing you figure out with a stupid /. post like mine (or yours, for that matter).

It's a good thing this is the only time in recorded history labor practices have ever been abused. Whoo. Dodged that bullet.

Jokes aside, the assumption is that there are many, many more of these abuses going on, and that their aggregation is what depresses wages. I suppose the argument could be made that these are few and far between, but then there's no real harm in harsh punishments, is there?

Not just sexual harassment. It's safer for a supermodel to walk down MLK in your favorite large city naked than a homely woman to walk from one end of Fort Hood to the other, wearing ACUs after dark.
When soldiering becomes less of a duty and more of a way to delay starting out your life of dismal poverty, you start making the wrong kind of army.

One quibble,
There is a difference between a ballistic sneeze droplet and an able-to-be-supported-by-simple-air-pressure-differences aerosol droplets.
The latter shows no evidence of being able to successfully transmit Ebola. If it could, this epidemic would probably be over now with massive reductions in populations world-wide.
It's one thing to have someone sneeze in your face and you get infected, and an entirely different one to have someone get infected on the other side of the plane simply because you breathed.

Brilliant :)