That was more a comment on typical human nature which results in people choosing dictionary based passwords.
Also, it depends on the cost factor as well, obviously. I don't recall seeing an indication of what it was.
Either way, it would be fairly reasonable to try, say, the top 30000 common dictionary passwords (and other common passwords) on each hash in the table. According to http://openwall.info/wiki/john..., you can do about 1000 bcrypt hashes per second on a single core of an i7 3k series. So you can try all 30000 dictionary passwords in 30 seconds on a single core. If you ran say, 1 million passwords, it would take 30 million seconds, which is 347 days. Now if you can rent a single of these cores for say, $25 a month (which I think is conservative but it's hard to find cloud compute based on a specific processor), you would need 12 of them for a month, which would cost $300.
Magnified by my suspicion (completely not based on any scientific study) that:
People with weaker passwords that would be found using the dictionary attack are:
- More likely to reuse their passwords elsewhere
- Less likely to pay attention to news like this
- Less likely to actually change their password other places if they do find out about this
you will have at least some payoff.
I mean, if something legitimately looked like it would make it possible to purchase google.com, for example, and it was a reputable site, then I would try it. Not because I would want to do evil, and not because I intend to cause harm. But only because I'm curious and would assume that it doesn't actually work, and the small part (ok, bigger than I'd like to think) of me that relates to this comic would be compelled to point out to the reputable vendor that something was obviously wrong with their site as I would expect to complete the transaction and not actually end up owning google.com.
The surprise for this guy was probably that the transaction actually went through and some reputable system actually believed him to own the domain.
"Positive ratings post immediately; negative ratings are queued in a private inbox for 48 hours in case of disputes. If you haven’t registered for the site, and thus can’t contest those negative ratings, your profile only shows positive reviews."
So, first of all, this punishes users for registering for the site. Given this information, I wonder if it will dissuade people from registering in the first place. On the other hand, assuming that they publish reviews attached to positive ratings immediately, I foresee people leaving negative text with positive ratings to work around this.
"On top of that, Peeple has outlawed a laundry list of bad behaviors, including profanity, sexism and mention of private health conditions."
I'm curious as to how they intend to outlaw these behaviours. I doubt that they are hand reviewing the reviews. So if my private health condition is mentioned then, presumably I have to somehow monitor the site for awareness of it, and then file a complaint *after* personal details have been disclosed.
On the other hand, this is a site that has not been launched yet and it has been in at least three major news outlets and we're talking about it on slashdot. I suppose we fell into the publicity trap hook, line and sinker.
Well... you can still brute force a lot of the passwords if you have the hash and the salt.
Now if they encrypted the hashes then that might make for harder work.
Hmmm, that's a different situation then. I wonder how far you can traverse with this.
Well, it calls attention to something that I certainly wasn't sure about.
Obviously, I have an ethernet port exposed in a building, I would certainly expect that if somebody applied current it would probably kill the switch.
What I wouldn't have been certain about was what other impact it might have.
The experiment showed that not only was the switch killed, but also another laptop connected to the switch, and not just that laptop, but also the external hard drive connected to the laptop.
So the risk of an open ethernet port isn't just your network infrastructure, but also other connections down the line.
I don't find it particularly surprising, however I wouldn't have been certain.
The real story is OS X and somehow Apple getting signed code wrong. Maybe some folks had a connection that was super slow and had trouble getting XCode directly from Apple.
However, presumably, the people using XCode are developers. And somehow, they managed to install software that was presumably not properly signed.
Which really makes one worry about the state of mobile development.
On the other hand, the fact that one could build apps, compile them a little bit different and slip them into the app store is a little concerning. Maybe it was the fake XCode author, maybe it was the app developer, but obviously something isn't being sniffed out right during app vetting.
The challenge sometimes is figuring out what a child does not like something. Does he/she not like computers because the only exposure has been boring/mundane things?
Does he/she not like sports because he/she was put in a league with kids more advanced and was not able to keep up?
Does he/she not like math because the teacher didn't like math and didn't compel an interest?
I can't count the number of times I've sat down to dinner with my kids and they have declared they don't like something we're eating before they've had a fair opportunity to experience it. We generally make them try at least a little bit, and more often than not, they end up eating all of it because it turns out they actually do like it.
I completely agree that sometimes the kid really isn't interested in computers. But sometimes it is worth trying to figure out if the kid doesn't like computers because of computers, and not because of an uncomfortable social situation at a camp.
What is most interesting about twitter is that so many people interact with twitter technology on a daily business without even knowing it. Bootstrap is everywhere and beyond twitter.com is the most influential technology that twitter has built for the web.
If you read the summary more closely, you will see that it says "Earlier this year, it was announced that Microsoft would make Office 365 ProPlus available to all NYC students, and that Google would make its CS First program available to 100K NYC students who participate in after-school programs." The summary is misleading because it attempts to draw a connection between something that isn't necessarily there.
Microsoft is making Office 365 available to NYC students, but that seems to be part of an earlier, separate announcement. Making Office available is potentially helpful to students who can use it to write papers, spreadsheets etc etc. There is nothing to suggest it has to do with CS education apart from the link the summary makes.
And, while I do agree that in general, simply putting more computer equipment in schools won't make students smarter or improve learning (duh), I believe that in the case of computer science, it is useful to have computers available in class for students to use. Not to suggest that a lot of computer science learning cannot be done without computers, for the most part, students, especially at the high school level, are more likely to be engaged if they actually get to write software and see it run.
So the title says counting on whereas the summary says hopes to raise. These headlines that are misleading are beginning to annoy me more and more.
On the other hand, you could say they filtered out those who were not biased.
I would think it would be reasonable to have some jurors who can acknowledge that sexism exists in tech, and then decide whether sexism was at play in this particular case.
In the same way, if the decision to be made was whether or not a slashdot poster had a normal social life, it would not be fair to only consider the opinions of people who believed that all posters on slashdot were basement dwellers. Then you have to prove two things: one, that it is possible that slashdot posters can have normal social lives, and two that the poster in question had a normal social life.
On the other hand, you are right in saying that you also don't want only people who believe that all slashdot posters have normal social lives and have to prove the contrary point that not only do not all slashdot posters have normal social lives, but in this particular case as well, the slashdot user did not have a normal social life.
Instead, I think ideally, you want jurors who are open to the idea that it is possible that some slashdot users have active social lives and also possible that some slashdot users are basement dwellers and actively avoid face to face interaction with others. Then you are left to look at the facts and decide what was reality in that particular case.
Again, I'm not saying this did or did not happen in Pao's case. I haven't really read enough to make an informed decision. She does seem a bit narcissistic when she claims that "Pao also said she believes it would be nearly impossible for lawyers to find jurors who weren't familiar with her high-profile case in the Internet age". Maybe her circles are different and she is very isolated, but I would suspect that there are large numbers of people who haven't the faintest clue who she is, let alone are familiar with her case.
Her claim is that "I saw how hard it was going to be to win when every potential juror who expressed a belief that sexism exists in tech — a belief that is widely recognized and documented — was not allowed to serve on the jury,"
I don't think I'm somebody who knee-jerk jumps to discrimination. However, if they were filtering out jurors who believe that sexism exists in tech, that certainly seems to be unfair, IMO. Most people certainly would not consider it fair if a gay person was filing a discrimination suit and jurors who believe that discrimination against gay people exists were excluded from sitting on the jury.
I'm not necessarily saying that was the case here, and I haven't read enough to have a strong opinion on whether the case had merit or not. But if those allegations are true then that certainly stands in the way of a fair trial and should be fixed.
The article does say '"I am now moving on, paying Kleiner Perkins’ legal costs and dropping my appeal," Pao wrote. "My experience shows how difficult it is to address discrimination through the court system."'
Now, it is possible that she is paying the legal costs out of the goodness of her heart, but given the second statement indicating that she doesn't believe the decision to be just, I doubt it.
We all like praise, but a hike in our pay is the best kind of ways.