Still, that represents a 4% increase in temperature, and also a completely new theory on why superconductors actually work.
So watching a news-worthy video is illegal eh? Sounds like part of the plot from the first episode of Black Mirror.
Well, to me it's a combination of how patents are used and the fact too many vague, overly broad and (in the case of software) patents on general ideas rather than specific implementations are granted.
If less nonsense patents were approved, or if there was a second class of patents (for software etc) that had an extremely short term, most of the problems of patent trolling would go away.
There's nothing wrong with an inventor being able to protect an actual physical invention (without protected you'll be immediately priced out by cheap knock-offs), but no-one should be able to protect just a vague idea.
Patents are supposed to protect specific implementations, not vague ideas. If I patent a widget making machine, someone else can build a different machine that makes widgets in a different way and that's fine. Software patents are the equivalent of patenting the idea of a machine that makes widgets.
Driverless cars will also need to deal with completely different road signage in different countries too. I'd guess it'd just use GPS to work out what country it's in and follow the appropriate driving side/speed limits/road sign rules etc. (it needs to use GPS to know where it's going anyway).
HTML5? You don't need HTML5 to animate a few divs moving around, hell it'd be easy enough to make something that works as far back as IE6.
The problem is that there are billions of existing USB devices and cables that will need adapters and new cables to work with new Type-C devices. It’s a lot like when Apple released the Lightning connector, but on an even grander scale.
What problem? My existing micro-usb devices won't need adapters, new devices with Type-C connectors will come with Type-C to Type-A cables, and when desktops/laptops start to come with Type-C connectors I'll just buy some new cables.
It's the same situation when micro-usb replaced mini-usb, I don't remember there being a problem on a "grand scale" then either.
If the attacker is performing the attack "offline" then you've already lost the security battle. That's the point. If you lose your password database, assume the passwords are all broken, no matter whether you have "must have 3.2 uppercase and 4.35 lowercase letters, 0.6 special characters and as many numbers as you like, so long as it doesn't start or end with a number" rules or let them use plain English sentences.
The point is a decent password scheme will make brute force attacks a lot more difficult. Relying only on "never getting hacked" isn't a good policy, so taking a complete approach to security as a whole (such as also coming up with a better password scheme) will always be better than only concentrating on one aspect. Coming up with a password scheme that is both more secure and easy to remember is one of the big unsolved IT security problems of course.
A hashed " " is as meaningful as a hashed "a" so "cat dog run fast" is better than a very random 8-char password.
Not quite, according to Randall 4 common words has an entropy of 44 bits (as long as they are chosen randomly). 8 random characters (uppercase, lowercase, numbers) has around 47.6 bits of entropy. If you have GPU that can chew through hundreds of millions of hashes a second (the record is 350 billion/sec for a 25 GPU cluster) you'd still ideally want more entropy than that though.
You are making a lot of assumptions there; but, ok, I guess...
There are no assumptions here, it's well known that a high percentage of users reuse the same password for multiple sites, including their email. Therefore if you crack an average user's account on a site you've got a good chance of also having their email address password. Obviously having control of someone's email is ground zero as far as getting account credentials is concerned, but even if they use a different password for email there could be connected sites (such as the Sony example in the link) that many users use the same login for, so a breach in a "low importance" service could expose users on more important service from the same company.
Your "solution" is poorly thought out and is why nobody does it that way
Most sites at least switch to a captcha after several failed logins too.
You should still only allow a certain number of failed login attempts for a given username. Sure it's rare to brute force via an online login, but it's worth doing to protect a user's account. Sure it sucks for that individual user to have the small possibility of being locked out their account temporarily, but it's not as bad as losing their account and also discourages any hacker from hammering your server and sending your entire site down in an actual DOS.
So, how does cracking a password on one site gain you any knowledge whatsoever as to where, in the vastness of the internet, that it was used again?
The email address they used to register is the obvious one. They may also have connected social media accounts to whatever site got hacked.
I fully understood what he put forth and repeatedly stated that it had no relation to the context of my original statement.
Sorry Desler you can't just say I was only talking about dictionary attacks on rate limited login portals, so no-one is allowed to talk about anything else, if you're going to mention dictionary attacks then attacking hashes will always be part of that discussion whether you want it to be or not.
Indeed, although whatever hashing scheme you have, having a password that's findable in a dictionary attack will always be much quicker than one that needs to be completely brute forced.