Forgot your password?
typodupeerror

Comment: Key stretching with PBKDF2 (Score 1) 175

by tepples (#48227131) Attached to: Passwords: Too Much and Not Enough

a CPU that can manage a trillion hashes per second (easy)

A trillion (10^12) hashes per second can still check only 100 million (10^8) passwords per second if checking each requires 5000 rounds of PBKDF2. In the common PBKDF2 built on HMAC, each round is two hashes, making a 5000-round PBKDF2 take 10,000 (10^4) hashes.

Comment: The cost of great security is severe inconvenience (Score 1) 175

by tepples (#48227071) Attached to: Passwords: Too Much and Not Enough

There are infinite varieties of ways to inject a delay between login attempts, or lock out the console/IP entirely, after N failed attempts. N should be on the order of 10

At which point you may be on the wrong side of the tradeoff between security and convenience. If you have 100 subscribers behind a proxy with a single public IPv4 address, and ten of them forget one password, good luck fielding customer support calls for all of them.

Comment: Re:Computers: They can respond fast -and- slow (Score 1) 175

by tepples (#48227023) Attached to: Passwords: Too Much and Not Enough

Things like Facebook Connect, OpenID Connect and Mozilla Persona (BrowserID) are better than passwords [and] easy on the user when implemented right

The problem comes when well-known sites don't implement it right, such as by implementing only Facebook Connect and nothing else. The Huffington Post, for example, requires each commenter to have a valid subscription to mobile phone service and give a globally unique number capable of receiving SMS to Facebook.

Comment: Not all web sites offer HTTPS (Score 4, Insightful) 155

by tepples (#48226863) Attached to: Verizon Injects Unique IDs Into HTTP Traffic
And lose access to several websites. Slashdot, for example, redirects HTTPS hits to HTTP for non-subscribers because ad networks have been slow to implement HTTPS. And a lot of shared web hosts don't support HTTPS because their policies haven't been updated in the six months since the last major Server Name Indication-ignorant desktop web browser (IE on Windows XP) reached end of support in April. But HTTPS support is the second biggest reason I stopped going to TV Tropes in favor of All The Tropes (after licensing).

Comment: SIM, CSIM, USIM (Score 1) 84

by tepples (#48226297) Attached to: AT&T Locks Apple SIM Cards On New iPads

I thought Verizon and Sprint used CDMA which required something other than a SIM.

According to Wikipedia, CDMA2000 can use a CSIM (CDMA2000 subscriber identity module). But unlike GSM and its successors (UMTS, HSPA, and LTE), CDMA2000 makes use of a CSIM optional, and CDMA2000 with CSIM is more common in Asia than in North America, where Verizon and Sprint have traditionally programmed the subscriber identity directly into the handset. But a single UICC card can act as a removable user identity module for all three cellular flavors: SIM for GSM, CSIM for CDMA2000, and USIM for UMTS, HSPA, and LTE.

Comment: Google doesn't support this (Score 1) 148

by tepples (#48226233) Attached to: Isaac Asimov: How Do People Get New Ideas?

If your book or film or artwork is truly original, it should stand on its' own.

You skipped music.

What kind of search?

Oh for the good old days of justf***inggoogleforit.

I have Google Play Sound Search installed on my Nexus 7 tablet. But it supports only known commercial recordings, not my own singing or piano playing. Shazam has the same limit.

So what should Harrison have done

Not published it.

That'd be fine if the accidental ripoff had been pointed out before All Things Must Pass went gold. Otherwise it would have involved an expensive recall, withdrawing copies that had already been shipped to stores.

Comment: How can newcomer avoid being blindsided? (Score 1) 148

by tepples (#48214971) Attached to: Isaac Asimov: How Do People Get New Ideas?

You can never be sure, especially if you're a newcomer to the field, that someone hasn't plowed that field before.

So what should a newcomer to a creative field do to avoid being blindsided and bankrupted by incumbent owners of exclusive rights? If there are no good steps that a newcomer can take, then this impossibility has a chilling effect on people even trying to become a newcomer to a creative field.

How many times have you heard someone who isn't in tech come up to you and say "I've got this great idea ..." and they haven't even bothered to do the most cursory search, which would have revealed that it's not original at all?

What kind of search?

Obviously you can't do this [an alternate-point-of-view adaptation of a culturally significant work]

This is a form of creativity of which society currently disapproves through its elected representatives. How does it benefit society for society to disapprove of this?

you pays your money (or in this case, sweat equity) and you takes your chances.

Why the subject-verb disagreement? Are you quoting (or paraphrasing) a work of which I am not aware? Even so, I don't understand how to ensure that I avoid attorney's fees, statutory damages, and other ways of losing even more than the sweat equity that I had invested.

Harrison admits to having thought "Why didn't I realise?" when others started pointing out the similarity between the two songs

So what should Harrison have done instead to ensure that he realized his having accidentally made such a blatant ripoff before publishing it and thereby opening himself to infringement lawsuits?

I'd rather just believe that it's done by little elves running around.

Working...