There's a reasonable summary from our co-defendant, a Mr. Tarrant Eightyfour

A site I run is allegedly on the complaint (see sig) and our user population seem to be competing to see who can get their names added to it.

I'm part of the team that run banniNation.com which is a news aggregation site with a fairly similar model to slashhdot.

While we haven't been officially served, our site and business are listed in the original complaint along with the handle of a user who mentioned Mr. Rakofsky.

We've got an official statement of sort at http://www.bannination.com/s/lawsuit and there's a link from there to a very level headed discussion about it. This definitely doesn't just affect bloggers and has further implications around the right to anonymous speech and the liability of service providers.

If I set up something like password_x = SHA1(password_(x-1) + SALT) I really can't see how that would be an issue unless it exposes some weakness in SHA1.

Still the bcrypt solution below looks a lot better

Thanks - will look into that

Yeah, I was thinking about doing that on my site in light of the gawker crack.

Logins are relatively rare events on the server, so I could do something like 1000 SHA-1's with a salt on each iteration. That'd mean

a) It'd take 1000 times longer to crack (obviously this is a constant war between me and the adversary)
b) If i build my own salting implementation on top of sha-1 I doubt I could end up with anything less secure than SHA1 but hopefully it'll require custom software to actually do the exploit.

I've routinely had employers that let me buy a new laptop every couple of years and expense it. That way I get something I'm happy with and the get a more satisfied employee.

I think it was called "Computer Studies" where I went to high school, and it was largely a waste of time. My teacher told me there wasn't any point in me showing up, and i just submitted the assignments and got an A.

The interesting stuff was part of our pure mathematics course. We were handed a simple example of how RSA encryption works and asked to encrypt/decrypt a few messages, break stuff with short keys and explain why it was infeasible at longer key lengths. That's how it should be done!

They did only seem to eliminate domestic roaming charges, and while that's appreciated it doesn't address the larger issue.

I'm kind of at a loss for why T-Mobile can't introduce an "our-network-only" roaming option. A good amount of the time when I'm in europe i never leave TMo's network, yet i still take it in the ass if i use my US sim card.