Comment Re:So what? (Score 1) 948
Besides, much of alternative medicine is already legal.
Legal for you, as an individual, to practice? Yes. Legal for a medical professional to prescribe to you? Doubtful.
Besides, much of alternative medicine is already legal.
Legal for you, as an individual, to practice? Yes. Legal for a medical professional to prescribe to you? Doubtful.
Ask the brave members of SEAL Team Six.
I wish that I could, except that in his rush to claim credit for the death of OBL he outed them and most of them are now dead, killed in a retaliatory strike against their helicopter (according to Obama anyway). The circumstance can be speculated on endlessly but the fact remains, Obama, for political gain, exposed the identity of our service members and put them at increased risk. There was no need to mention which team from which branch of the military completed the mission as this is typically considered classified military information.
You've got to be careful with statements like this. You can't just say "[The dollar] is worth less-and-less every day" without saying less of what.
Perhaps I should of quoted what I was responding to, that would of cleared up any confusion. The parent was asking if the dollar is in a bubble why is it buying you less-and-less gold when it should be buying you more-and-more? The original argument being that gold was in a bubble. My reply was, as you read, the dollar was in a bubble which is deflating/bursting and thus worth less-and-less every day (when compared to gold).
A dollar today may buy me less gasoline than it would have bought yesterday, but it still clears exactly the same amount of debt off my mortgage that it would have yesterday (for sake of example ignore interest here)
I'd like to ignore it but you can't remove a fundamental part of the process for sake of an example and still be describing the same thing. The reason there is interest attached to the loan is (partly/mostly) because of the depreciation of the value of the dollar over time. They know it will be worth less when you pay it back which is why they want you to pay back more than you borrowed. The extra covers inflation and allows them to profit off the loan.
wever Camping and Survival Skills, don't really make you a good leader. It just means you can fend for yourself better (This is a good trait, however it doesn't make you a leader, it may just make him a more effective servant.
You miss one key point. Knowing you can fend for yourself without relying on others and being confident in that fact is the first step on the way to becoming a leader. That confidence and self-assuredness is necessary in becoming an authority, necessary to yourself. One who is not confident in himself cannot effectively lead.
Ah, no. "The Vote" consists only of voters. You are making an assumption that abstaining from voting is the same as a vote against. It is not the same.
Way to use an irrelevant point to avoid the argument. I made no such assumption. My point was that although the percentages of african-americans (referred to as AA's henceforth for brevity) voting for Gore and those voting for Obama from the pool of AA votes may be consistent, that does not prove that racism didn't have a significant impact on the election. As I pointed out above, if a much larger percentage of AA's voted in this election than in previous ones, than this influx of new voters may be attributed to racism. If it was a large enough change, it could have had a significant impact on the election. Although the new voters voted in a similar pattern (i.e. mostly Democrat) as existing ones, the fact they chose to vote this time may be a racial edge Obama received in the election.
What you mean is "96 and 98% of american black voters" voted for the Democrat
Unfortunately, using only percentages clouds the real facts. 90% for Gore and 96% for Obama might be consistent (6% increase is big especially considering how close it is to unanimous) if the total number of people represented in both cases is the same (which I doubt). Using entirely made-up numbers: say there are 1,000,000 african-americans in America and 50% of them voted in Gore's election and 90% of those who voted, chose Gore. Then say, out of those same 1,000,000 african-americans, 90% of them voted in Obama's election and 96% of those who voted, chose Obama. This means Gore would have received 45% of the African-American vote and Obama would have received 93%. Would you still say the results are consistent?
Uhm, forgive me if this seems like a silly question, but... Why would the attacker have to query each record individually?
Because the databases are remote (from Server A) and the DB servers are locked down and will only allow one record queries.
That's not really feasible. Presumably if they have access to the passwords they also have access to the salts. In the end the legitimate application requires access to both, so if they've compromised the application they can probably get both.
It seems perfectly feasible to me.
1) A part of the salt is static and hidden in application code. This means even in the DB of salts is compromised, deduction of the missing piece is still required (as well as knowledge of its existence).
2) In a example setup there are three servers, the Application/Authentication server that is accepting login requests (Server A), the Database server hosting the DB of password hashes (Server B), and the Database server hosting the DB of the password salts (Server C).
3) The servers are configured so that Server A can communicate with the outside world and servers B and C. Server B can only communicate with Server A. Server C can only communicate with Server A.
In this setup the only server than can be remotely compromised is Server A which does not have direct access to either the list of hashes or the list of salts. In order to get this information an attacker would have to take control of Server A and query both databases, one record at-a-time. The search/index key in both databases would be the username, so the attacker would also need the complete list of usernames as well.
Now, I dreamed up this scenario in about 5-10 minutes. Please explain why it's unfeasible and assume security is high priority consideration.
f I have two million salted passwords, then I need to hash the dictionary word two million times.
And if the salts were different on every password were secured separately from the password list, you'd have to try and deduce the salt first, two million times.
Salting only protects you from precomuted "rainbow" brute force methods which means if you have a big enough table your password is cracked in seconds to minutes rather than oh I don't know what is the average for your typical password? Hour, day..two days? week tops...? Does this difference really mean anything substaintial to the vicitim?
Now I may be wrong, but that would only be the case if the salt was stored with the hashes, correct? Which to me seems rather dumb (from a security perspective, not a performance one). To maximize the benefit of salts, the password hashed and their associated salts should be stored in two different databases, running on different servers so that a hacker would have to compromise both to get access to the list. Lock down the Salt DB server so that's it's only able to communicate with the Hash DB server (and nothing else) and will only return one hash request at a time to it.
On the flip side, if you don't reuse your passwords, you're never going to remember how to access all 200 sites that require it.
That's only if you do it without thinking about it first (i.e. use 200 random passwords). It's very easy to come up with your own system of starting with a base password then add things to the end (or beginning) that makes it unique for the particular site (i.e. using an abbreviation of the site name). You can even do this with different levels of base passwords (in case you are paranoid of a hacker specifically targeting you) one secure and one insecure. If you think that is still hard to remember, you can actually write down the modifications you made to the base word (without writing down the base word) and still be secure (this is usually to conform to ridiculous password requirements that, once published, makes the entire system less secure). It's not hard, it just requires a little thought and prior planning.
I really think they're harping about the "cyber" part of it because there's a paper trail for them to be held liable for.
There, fixed that for ya.
How many NASA managers does it take to screw in a lightbulb? "That's a known problem... don't worry about it."