Comment Re:More gaslighting (Score 1) 135
This!!
A trillion times this!!!
This!!
A trillion times this!!!
Leveraged or Hostile takeover - Larry wouldn't have a say in the matter.
Don't forget that Oracle wouldn't even exist if it hadn't copied (verbatim) IBM's database source code as their baseline when they first started out.
Fuck Oracle.
According to the EU supreme court, APIs are *NOT* copyrightable.
End of discussion.
If SCotUS declares oppositely, Google can shift the rest of their operations to the EU and thumb their noses @ Oracle, SCotUS and Trump.
The only thing that was replicated was the API - API's are *NOT* copyrightable.
https://arstechnica.com/tech-p...
https://www.osnews.com/story/2...
Neither are programming languages...
https://www.cnet.com/news/prog...
https://www.neowin.net/news/eu...
Sorry Oracle - you're fucked.
You mean linking to corrections to Trump's lying.
How do you tell if Trump is lying?
Either his mouth is wide-open, duck-lips flapping or fingers furiously trying to type at more than 3 letters per minute on Twitter.
You can find the source for the topic of this post at the folowing site: https://pages.nist.gov/800-63-...
The updates are broken down into 3 sections, with section “b” being the most relevant to this e-mail.
https://pages.nist.gov/800-63-...
https://pages.nist.gov/800-63-...
https://pages.nist.gov/800-63-...
Extract from section 63b:
When processing requests to establish and change memorized secrets, verifiers SHALL compare the prospective secrets against a list that contains values known to be commonly-used, expected, or compromised. For example, the list MAY include (but is not limited to):
Passwords obtained from previous breach corpuses.
Dictionary words.
Repetitive or sequential characters (e.g. ‘aaaaaa’, ‘1234abcd’).
Context specific words, such as the name of the service, the username, and derivatives thereof.
If the chosen secret is found in the list, the CSP or verifier SHALL advise the subscriber that they need to select a different secret, SHALL provide the reason for rejection, and SHALL require the subscriber to choose a different value.
*Verifiers SHALL implement a throttling mechanism that effectively limits the number of failed authentication attempts an attacker can make on the subscriber’s account as described in Section 5.2.2.*
*Verifiers SHOULD NOT impose other composition rules (e.g., mixtures of different character types) on memorized secrets.*
*Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically) and SHOULD only require a change if the subscriber requests a change or there is evidence of compromise of the authenticator.*
Forcing password changes just to change the passwords also contributes to this security “fallacy”, that in fact does more to weaken our security than anything else.
When both of these are combined, we should find that the rules are in several ways, much like the TSA at airports, good security theater that causes no end of grief for travelers, yet does almost nothing to make people safer or more secure.
As a follow up, I saw an article in the Wall Street Journal regarding this topic.
https://www.wsj.com/articles/t...
That may be pay-walled, so another variant from Gizmodo.
http://gizmodo.com/the-guy-who...
Interesting to find out that the “supposed” strong password rules were developed by a bureaucrat with very little knowledge about computer security.
Finally, a previous paper I composed as an attempt to point out the fallacy of those laughably weak "strong password rules" several years ago.
You know, every time I see people asking for the ability to enforce "strong" password rules like the above, I have to laugh.
Those kinds of rules actually reduce the safety and "strength" of the passwords.
It wouldn't surprise me at all if those "recommendations" came directly from the NSA with the express purpose of making brute-force cracking of the passwords so much easier for them.
Let's do a little math here.
Start with a typical 8 character password requirement - with 95 printable characters in the ascii character set, we subtract 1 for the "space" character, leaving us with 94 character "options" for each of the 8 spaces.
So now, we do the math, 94 characters for each of the 8 positions gives us just a little over 6 quadrillion possibilities.
Now, we start to add in the "rules".
1 uppercase - means 1 space has only 26 possibilities
1 lowercase - means 1 space has only 26 possibilities
1 numeric - means 1 space has only 10 possibilities
1 special - means 1 space has only 32 possibilities
Let's say that we put all of our "rule" characters in the first 4 positions just to make the "math" simpler
4 positions with 94 possibilities gives us 78,074,896 or just over 78 million possibilities
4 positions following the "strength" rules gives us 216,320 or not even a quarter of a million possibilities.
According to my math allowing every possible character in every possible position of the password gives us a 360 times stronger password than the "strong" password character set.
If we extend that to the full 8 characters, where 4 positions allow the full ascii printable set of 94 characters, then multiply by the characters available for the remaining "strong" rule base, gives us a maximum entropy value of only 17 billion possibilities from the original 6 quadrillion possibilities. 17 billion goes into 6 quadrillion 349 times.
Keeping the full character set available for all 8 spaces nets us a 349 times stronger password or 349 times greater entropy pool from which to draw from.
Add in rules like the number of times a character can be used in the password, or dictionary word validation only weekens the passwords even more, by further reducing the entropy pool.
If we truly want strong "authentication", then we need to forget passwords and switch to passphrases and throw out those silly rules that make it easier for the rogue alphabet agencies and hackers to break in.
It seems Discovery was off to a rocky start, delayed by almost 30 minutes, as for some reason, 60 Minutes was still airing with "Star Trek Discovery" overlaid through CBS's all access app and site.
Get rid of all Democraps and Republicunts and America would be a much better place.
You are correct - I missed that one, and I even recall Sun's announcement about them... Bitrot in the synapses is my only excuse...
Data stored digitally on your computer is the equivalent of your own memory.
Encrypting it keeps others out of it.
5th amendment protects against self-incrimination, period.
This trumped up charge needs to be dropped.
The judge needs to be de-benched and sent to prison for being a constitutional terrorist.
The prisoner should sue the City, the district attorney's office and the judge for everything they have for wrongful imprisonment, falsifying charges, and basic ass-hattery.
DC has reversed it's decision, and decided that the community can use the Symbol of Hope on the memorial.
Alert! Alert! Sarcasm overuse detected!! (at least I hope that's the case).
"Intelligence without character is a dangerous thing." -- G. Steinem