Forgot your password?
typodupeerror

Comment: No password can survive an offline attack (Score 1) 85

by Todd Knarr (#48226261) Attached to: Passwords: Too Much and Not Enough

Offline, the attacker can if all else fails brute-force the password. No password is complex enough to survive a brute-force attack. With the growth in computing power, including the ability to apply GPUs and specialized hardware to the task, search space size alone isn't enough protection. The only protection, as noted, is detecting the leak of the password database early so users can change passwords before the offline attack has yielded usable results. Alternatively, the authentication system can employ two-factor authentication so that the password alone isn't enough to compromise the account.

For on-line attacks, I'd argue the number given's too large. A properly-designed on-line system should be designed with rate-throttling and account-locking mechanisms, and with those in place a password should only need to survive at most maybe 10 attempts before even the correct password won't access the account. Those mechanisms can be applied to all current systems right now.

The biggest hole isn't the password itself, it's the password-recovery system. Why bother with either an offline or on-line attack on the password when you can initiate password recovery and change the password on the target account to one you know?

Comment: Re:No FDTI (Score 1) 464

by Khyber (#48225747) Attached to: FTDI Removes Driver From Windows Update That Bricked Cloned Chips

"they just grabbed an existing microcontroller design and added an extra module or two to it"

AND somehow implemented a feature-size shrink on top of that, with another mask. Did you even read the tear-down?

They didn't grab shit. This was a new FABRICATION MADE AS A COUNTERFEIT.

I've got the semiconductor experience to tell you that for a fact.

Comment: Can't have your cake and eat it too (Score 1) 369

by wickerprints (#48224073) Attached to: Employers Worried About Critical Thinking Skills

Corporations want you to be smart enough to do your job, but not so smart as to challenge them on salary, outsourcing, or mismanagement. Be a well-behaved cog in the machine. Well, you can't have it both ways. If you want your obedient and unquestioning slave labor from India, you can't expect them to have critical thinking skills. If you want your creative, forward-thinking, initiative-taking workers to move your company forward, you better treat them with the respect they deserve and reward them commensurately with the value they bring, or else they will go elsewhere.

What companies have been doing for ages is pit the former group against the latter. The latest incarnation of this phenomenon is to hire loads of H1B workers to depress wages and squeeze the talented people out of the job market until they become willing to work for less money. But they still get treated like crap, so they eventually get disgruntled and leave, but from the company's perspective, hopefully not before some of the magic they brought rubs off on the slave labor. Problem with that is the companies are realizing that this doesn't work so well in the long run.

Comment: Re:Gabe Newell is perhaps the biggest driver of th (Score 2) 63

by jedidiah (#48224043) Attached to: PCGamingWiki Looks Into Linux Gaming With 'Port Reports'

> I don't use Windows because I'm "forced to", I use it because it works well, everything runs on it, it supports just about everything in the PC business, and its cost is so low, it might as well be free.

I have known plenty of people that use Windows because they think they are forced into it. This idea goes all the way back to the 80s.

They would still think that way if not for tablets. Tablets look just different enough to the untrained eye to get people off of their "must be DOS compatible" fixation.

That wedge helps undermine the longstanding FUD that average people need to run WinDOS so they can run unecessarily bloated applications that are really meant for professional secretaries.

Windows is still a malware magnet. This is enough of a motivation for "average people" to seek out alternatives.

Comment: Re:Gabe Newell is perhaps the biggest driver of th (Score 3, Interesting) 63

by jedidiah (#48223969) Attached to: PCGamingWiki Looks Into Linux Gaming With 'Port Reports'

> If lowering the price to $0 doesn't work, you can only point fingers at yourself.

Yeah. It's not like there are no other factors involved like a 30 year entrenched monopoly or zero companies that are doing any real marketing for the product or the fact that the company that "does everything right" can't manage to get past 10% market share.

Although none of that really matters. I just care about the AAA titles that play as well (or better) on Linux as they do on Windows. I don't have to put up with an inferior monopoly product just to play a cool game.

If Gabe feeling threatened by Microsoft can cause the 20+ year association between WinDOS and games to shatter then that's a win for all of us.

I know gamers that would dump Windows tomorrow if they could.

Comment: Re:No FDTI (Score 1) 464

by Dahan (#48223933) Attached to: FTDI Removes Driver From Windows Update That Bricked Cloned Chips

You very clearly didn't see the die exposure article.

The counterfeit chip is in fact WAY more complex. It's not off the shelf, so to speak. They custom-modified. It's obvious once you start looking at the physical silicon.

Oh, Khyber, Khyber... when will stop pretending to know things? It's "off the shelf" in the sense that they didn't have to design anything... they just grabbed an existing microcontroller design and added an extra module or two to it. tibit didn't say that it was cheaper because it's less complex; he said it's cheaper because, "Whoever packages it didn't have to do all the silicon and driver R&D." Just like there are software libraries that a software developer can grab and use without having to do a lot of work, there are hardware libraries that hardware designers can grab and use without having to do a lot of work. You need to do some AES encryption? No need to design that yourself; grab an AES core. You need to do some low-pass digital filtering? Get a filter core. There's even a site that has open-source hardware cores you can use: OpenCores

Comment: Re:What is critical thinking? (Score 2) 369

by jedidiah (#48223903) Attached to: Employers Worried About Critical Thinking Skills

...and this is all fine so long as you apply the approved checklist.

> They do the same thing over again and expect something completely different to happen.

That's the perfect megacorp employee. They just need to follow the checklist and all is good. A critical thinker might question the checklist and that would be considered very bad.

If this were from some rag in Silicon Valley, it would be less absurd. The companies in that area actually do need real employees rather than trained monkeys.

Comment: Re:What is critical thinking? (Score 3, Insightful) 369

by jedidiah (#48223823) Attached to: Employers Worried About Critical Thinking Skills

The idea that the Wall Street Journal and the corporations they represent are worried about "critical thinking skills" is just laughable. Those kinds of corporations actively discourage independent thinking. They want everyone to be a trained monkey so that they can devalue your labor and replace you easily.

The LAST thing they want are people with hard to replace cognitive skills or tribal knowledge.

They want COGS.

Comment: Not new, it's been here for years (Score 1) 594

The Jack-in-the-Box I regularly stopped at for breakfast on the way to work had kiosks for ordering back in '08 or so. Made it convenient if you knew what you wanted and didn't need anything special, I could punch my order in in a quarter the time it took the counter guy to take it. Saved my time, saved the next customer's time, and freed up the counter guy to handle people who had problems with their orders or had a special order. If this was related to the minimum wage hike, they wouldn't've been doing it 6 years ago.

Comment: Re:Steering? (Score 1) 130

by Khyber (#48222371) Attached to: How To Beat Online Price Discrimination

" It's like offering cheaper drinks on ladies night. Just because you aren't part of what ever group that they offer a discount to, doesn't make it false advertising."

No, that makes it discrimination.

Let's take two people and have them shop on the internet right next to each other so they can see the other persons screen. Same computer systems, same browser, same store. Everything is the same, down to having never bought anything from the store so there is no prior business relationship incentive in play. There is only one difference - one person is logged in, the other is not.

They go to the same item. The person logged in is told $4.99. The person not logged in is told $6.99

You can bet money the person not logged in, having no logically-based disadvantage versus the other person, is not going to be happy about that at all.

Comment: Re:Sorry They're Changing (Score 1) 464

by Khyber (#48222301) Attached to: FTDI Removes Driver From Windows Update That Bricked Cloned Chips

"So buy through their designated supply channel and QC what you receive to ensure its provenance."

You fail at logistics too, it seems. When you get down to it, the only way to guarantee authenticity is to rip the thing apart yourself (costing money) and analyzing it against a known-real sample from the company. Then to top it off, I'm DESTROYING potentially usable product to ensure that I've got real stuff. Now I'm losing more money.

There is NOTHING that stops shipment swaps. Even the best logistics places have this happen all the time.

"Consistency requires you to be as ignorant today as you were a year ago." -- Bernard Berenson

Working...