It seems National Center for Missing and Exploited Children has a database of hashes, or "fingerprints" of known child porn images. When you use Gmail, it checks attachments against a database of viruses and also apparently against this CP database.

A distinction can be made here. What the database does NOT do is any kind of image analysis to see if the picture LOOKS like child porn. It checks only against known, reported child porn, apparently.

> who I guess are better at "lobbying" the FCC, where "lobbying" probably means effectively mailing them giant boxes of cash).

They mailed checks to Wheeler, made out to "Obama campaign". Obama then appointed Wheeler.
Bundlers like Wheeler only have to report the amount as "over $500,000", so we don't know the exact number but it's likely to be a few million dollars.
http://www.opensecrets.org/pre...

DES is the encryption standard which is the basis of what for many years was the most common type of hash.
For DES-based hashing, as used in .htpasswd files, the least significant bits of the first eight characters are used as a 56-bit key. This key (the users password) is used to encrypt a null bytes, 25 times. crypt(3) accepts a two-character salt, but uses only the lowest six bits of each character, so it's a 12 bit salt and a 56 bit password (maximum).

crypt(3) can also support better hash algorthims by passing salt values such as $1$xxxxxxxx$ or $5$xxxxxxxxxxxx$

Neither of the two links in TFS mentioned what kind of hash was being used. Does anyone happen to know? If it was the old fashioned DES hash as commonly used in .htpasswd, it may well be plaintext. If it was crypt('$5$xxxxxxxxxxxx' SHA, it's only a concern for people who chose very bad passwords.

I agree you're not going to teach someone to be a hacker / cracker unless they have that innate talent and interest. That's true for a lot things. Athletics certainly involves some things that can't be taught. You CAN start with a strong, athletic kid who knows nothing about about football and TEACH him the game, the techniques, and the skills. Same thing with cracking. Starting with a cunning, devious kid who knows little about computers, you can teach them to look for unvalidated input, etc. the same way a con man can learn new cons.

Further, I regularly teach programmers who aren't naturally devious important basics - always validate input carefully, never use eval(), always multiple argument form of system() if it's used at all, don't write your own encryption, etc. What they learn may not be enough to keep me from hacking their systems, but it can certainly make it a whole lot harder.

Have a look through the nine online cyber security courses offered by TEEX I think you'll find they cover some good stuff, especially the more advanced courses. TEEX is part of the Texas A&M system and the courses are approved by DHS, do they demonstrate that a university system CAN provide some good education in this area, with courses approved by the relevant concern government agency.

Before I saw the TEEX courses, I expected them to suck. I was pleasantly surprised.

> > active directory

> I see now - fully trusted hosts, potential malware ridden with no way to keep it off other than hoping the antivirus
> updates arrive before the malware, and a closed system where you have to guess at the legitimate traffic to boot.

Yep, welcome to office networking. In a government office, throw in a few DOS terminals and other systems that haven't seen a security update since 1982.

I should emphasize strange traffic being investigated doesn't mean anyone gets in trouble. The head of security cut off my network port once when he detected something weird. I explained what I was doing. He pointed out a security concern, and we agreed to a compromise configuration we could both live with.

Let's consider the last piece of malware I dealt with. It searched the network for shared storage and did nasty things on the storage. The REAL storage server is used by thousands of people, so it gets many, many requests per minute. Sorting out legitimate use of the storage vs something suspicious would be nearly impossible. The honeypot storage, on the other hand, gets NO legitimate traffic. Any traffic to the honeypot is worth investigation. That makes it a much more reliable way to find malware or other traffic sources that merit investigation.

Same with the active directory, the mail server, the database ...
Do you have any idea how much traffic a corporate mail server can get? Looking for suspicious connections is worse than a needle in a haystack. An otherwise unused machine with the mail ports open quickly flags strange behaviour for investigation.

Did you forget to look at that page before linking to it?
Iron Dome, fully deployed in November 2012, is a system for intercepting medium-range rockets. Count the number of ROCKET fatalities after November 2012. For that matter, look at the number after they STARTED deploying Iron Dome in the first location compared to before they had iron dome.

Iron Dome is not designed to defend against snipers, flu, mortars, or insults. It defends against rockets.

His argument is based on looking at contrails and comparing them to his guess as to the best angle of intercept, then theorizing about what might happen. What actually HAS happened is that thousands of rockets have been fired at Israel and no-one has been killed by them.

Emacs bindings and light weight, eh? Maybe nobody who cares about light weight is accustomed to emacs and vice versa.

There are assorted plugins to integrate vim and other vi-like editors with web browsers. So I might be using vim keystrokes to write this. Alternatively, a vim plugin can also call lynx. I'm not sure why you'd want to do the latter. The former might be handy if just avoid accidentally ending your posts like this. :wq

I'd agree with others who have said local elections are very important. My local fire, police, schools, roads, and job opportunities are more important to me than whatever Washington did today.

I think you've missed the largest difference that online voting might make. Retired people are over-represented in local elections because they take the time to vote, more often than working-age people do. Online voting might make that more balanced or even swing the other way. Retirement age people also have the majority of the money and therefore influence through political donations.

Along the same lines, traditional voting methods mean only people who care enough to take the time to vote do so. (Unless a politician has a pizza party on the voting bus and pays each voter $10 to get on board.) Online voting, if it takes just a few seconds, MIGHT increase the number of votes by people who can't be bothered to take a few minutes to get involved. That could be good or bad. Personally, I think that if you don't know the name of the incumbent, you probably aren't informed enough to make an informed vote and I'd prefer you choose not to vote that time around. I'd hope that everyone gets informed, but if someone isn't interested enough to know what's on the ballot ahead of time, I don't see a need to encourage them to vote anyway.

That's true. On the other hand, normal people are merely annoyed by this. We're also annoyed by the TSA; Senators are accustomed to walking right through. Security is there to protect them, the VIP. The ranking Senator from wherever is likely to be the type of personality that can't believe it someone did it to THEM. "How dare you! Don't you know who I am!" I wouldn't be surprised if a senator or two did something stupid when so greatly offended.

> This is also why the only way we get any changes in gun legislation is if someone shoots one of their kids.
That, and the fact that the numbers show EVERY instance of reactive gun legislation since 1940 has always been counter-productive. It works much better for the politicians to retain it as a campaign issue rather than ending up line the UK, with TWICE as much violent crime after they actually banned guns.