I may have read to much H.P. Lovecraft and Charlie Stross, but when I first read the headline, my initial reading was that Russia would be given shoggoths to Syria. That would have been interesting. It will be interesting to see if any deal does go through, and the fact that Syria wants these is interesting given that the rebels have had little access to aircraft. Syria probably wants it to help prevent intervention in the ongoing civil war.

If there was life there that escaped the current destruction it had to have left millions (or billions) of years ago (since the star has been a white dwarf for a long time and has been being obnoxious to its inner planets for a long time also). That means they would have likely colonized near space (not at all limited to our own solar system). Keep in mind that even the Voyager probes, which aren't even designed to go to other stars will reach nearest stars on the order of 100,000 years. And systems using ion drives and deliberately timed gravity assists could put that in the range of 30,000 years for something to spread out, or a few hundred with nuclear drives of the right type. See for example the summary here http://www.universetoday.com/15403/how-long-would-it-take-to-travel-to-the-nearest-star/.But of course we see no sign of anyone from a nearby system doing much.

Moreover, if they've had millions of years to spread out, that means that projects like Dyson spheres and ring worlds are obvious things to do. Systematic searches have been done and we're very certain we don't see any Dyson spheres in 300 parsecs (about 1000 light years) http://home.fnal.gov/~carrigan/infrared_astronomy/Fermilab_search.htm. While we can't be as certain, near ring worlds would likely have been noticed by Kepler. Other forms of engineering projects on that scale would be noticed, especially because this is in our back yard. This makes it unlikely.

In this case, the extremely close nature of the system, and the system's current state means that we can make with a high confidence much higher than just "we saw nothing."

I'm not sure what you mean by this. The presence of a delay doesn't interfere with noticing things. It isn't like it is 1 second goes by, wait a 150 years, and then another 1 second goes by. There's just a fixed 150 year delay (just as there's an 8 minute delay from the sun).

These white dwarfs are only 150 light years away. So if any life managed to get off planet and spread out we would have noticed the resulting civilization. We'll probably never know for sure if there was life or even intelligent life on any of these planets because they've been so torn apart by the tidal forces (and very likely anything left on them died out millions of years ago). I wonder if in a few billion years, there might be some other nearby just beginning race looking out to the remains of our solar system and reaching very similar conclusions.

This point is really valid. The really relevant issue is the EROEI URL:http://en.wikipedia.org/wiki/EROEI the energy return on energy investment. If this number is much greater than 1 (e.g. gas, some oil, some coal, nuclear) then we get energy out. If this ratio is close to 1 or less than 1, then an energy source is only useful as a storage mechanism. There's a lot of carbon resources left but where the extraction and processing energy would be very high, so the EROEI will be effectively small.

USA-193 was in much lower orbit with the orbit already decaying so most of the debris burned up. In contrast, the Chinese test was in a stable orbit at the upper end of LEO and so produced a lot more long-term debris. That's not to say that USA-193 was at all a remotely good thing, but it was not nearly as bad.

I agree that there is no excuse not to use bcrypt.

You can do basically attempt all 8 character passwords in a few minutes per user on modern hardware (the salt adds 0 computation complexity, but as you say, it forces you to actually have to do the calculation instead of doing a lookup).

The worst case scenario is a Kessler syndrome event http://en.wikipedia.org/wiki/Kessler_syndrome. In this situation, a bad collision in low Earth orbit creates enough debris to trigger a series of collisions, each creating an expanding debris cloud. This could take most LEO satellites in a matter of days, and would render much of LEO effectively unusable for years. Part of the problem is that while there are a lot of possible orbits, the set of orbits which are both cheap to get to and practically useable is a much smaller set. And those orbits are almost precisely the orbits with a lot of debris. Right now, satellite are required to be able to move to either graveyard orbits or to be safely disposed in the atmosphere, but there are a lo of older satellites that were launched before any such requirement. And even with such plans, launches inevitably produce a few debris items with each launch, and satellites occasionally shed things. The early Delta rockets were very bad at producing a lot of debris, which contributed much of the current problem. Thee 2007 Chinese satellite test http://en.wikipedia.org/wiki/2007_Chinese_anti-satellite_missile_test very much didn't help matters, and produced a massive still expanding cloud of debris. On the bright side, non-LEO orbits like geostat are still clean.

Also, the whole point is that key derivation is slow. Of course the "secret from which keys are derived" is available (it is necessarily so; it's stored, along with the cost factor, as part of bcrypt's output, for example). But the fact that you have to through 2^N iterations, where N is usually >= 10, throws a meaningful speedbump in front of high-speed cracking. Now instead of brute forcing any given 7-character alphanumeric case-sensitive passwords in ~half an hour, it'll take you > 20 days on average.

This is completely orthogonal to the fact that salted hashed passwords have never been an appropriate means to store a password. http://codahale.com/how-to-safely-store-a-password/

The key derivation functions can be literally several orders of magnitude harder to brute force. And their difficulty can be chosen with simple parameters, with sane defaults. There is really no comparison between a singly salted hashed password and bcrypt/scrypt.

Check out table 1 in this paper to get a sense: https://www.tarsnap.com/scrypt/scrypt.pdf

Assuming the cracker has access to the salt and a GPU, the only thing keeping users safe now is the entropy inherent in the passwords they chose.

It doesn't have to be like that. Instead of plugging in Good Salted Hashed Password Library, you can plug in Bcrypt Library or Scrypt Library *and protect even the users who chose bad passwords*.

The size of the salt is relevant only insofar as you want to be sure that each user has their own unique salt. The salt is stored in plaintext (or, I suppose, it could be encrypted, but then the decryption key must then be stored in an accessible place). The point is that the crackers must be assumed to have recovered the salts.

So now those salts protect you against pre-computed hashes. The cracker has to attempt each password individually. But most people use one of the few thousand most common passwords. And inexpensive modern hardware lets you attempt billions of SHA hashes per second. So... Salted and hashed does very little for you at this point.

Instead of salting and hashing, use a key derivation function (e.g., bcrypt, scrypt).

And yet, with no extra effort on Living Social's part -- simply by choosing a bcrypt library instead of a custom hash/salt scheme -- even a user with a weak password would be protected.

So, sure, I might agree with you, but that doesn't absolve Living Social.

Why is it "fortunate" that the passwords were hashed and salted? Unless they've used key derivation functions (e.g., bcrypt, scrypt) and are actually under-selling their sophistication, this seems Very Bad for their customers.

Yes, now that what has happened has been clarified, it is clear that all of this (including TFA) were not describing the situation accurately. The analysis I gave rests on the now shown to be incorrect premise that Apple was the one doing this.