Achieve the Four Modernizations.

TMI

  • Presse or Pichet
  • SF or LA
  • What keeps you up at night?: Sex
  • Where's your hairiest square inch?: My immortal soul
  • No legs and a million dollars or A million legs and no dollars

more »

Mar 27, 2013 Mike commented on Reinforce Your Passwords, People.
rubus @17: Unless they have that list of hashes that accompanies a list of account names. Say, from having hacked into your bank. Or Amazon. Or whoever. These sorts of password losses happen all the time. It's not clear how often it happens and goes unreported, but the sheer volume of reported incidents should make you want to have a secure password. If your bank loses your login name and password hash, the only thing standing between your bank account and the crackers who got your information is the strength of your password. 'wisebit subur will' is going to keep your cash a damn sight safer than 'c00k13'
Mar 27, 2013 Mike commented on Reinforce Your Passwords, People.
bitwise @2:

Right now I use 15 character unique random alphanumeric passwords for everything, but what happens in 10 years when processors are powerful enough to brute force 15 character hashes? Do we start using 25 character hashes instead? Why is moving this increasingly infeasible line the correct solution when we should be investigating methods of authentication that do not require users to memorize long random strings?


Because increasing password length exponentially increases the amount of time it takes to crack it, while processor speed increases are linear. A 15 character passphrase that isn't a common phrase taken from a book or otherwise predictable (your kid's full name, for instance) is very secure, even more so if you mix case, add numbers, add symbols, or otherwise increase the number of guesses required for each character in the phrase.

Using zxcvbn as an estimator (one of the better strength estimators available): cracking a 14 character, all lowercase password like 'port star cows' through brute force takes something on the order of 10 years when working back from the hash. Capitalizing each word or adding a comma or a number takes the time to centuries. Part of this depends on the hashing algorithm used to create the password hashes - some are quicker to crack than others, and many companies still foolishly use those ones.

On the other hand, Will's example @1, 'c00k13', takes less than a fifth of a second, in part because it's an example of a technique that crackers like Hashcat explicitly check for - leetspeak replacement. What's more, his reply @10 is equally silly. Translating an obscure word from a foreign language into another language just gets you another, perhaps less-obscure, perhaps shorter word in a different foreign language, not more security. If you took "forest" and translated it into French, then German, then Spanish, and back into English, you (ideally) get 'forest' back and the password cracker doesn't need to know that you spent some time with Google Translate before entering 'forest.' And if you left it in German, you'd have 'wald,' which is a) not harder to guess because you started with 'forest' and b) much shorter than 'forest' and computationally much easier to crack. And finally, the dictionaries that password crackers use aren't the Oxford English Dictionary, they're collections of passwords that people have used in the past, which is a very different thing, and means that his 'pierogie3' suggestion is potentially extremely common, since people all over the world use computers, passwords, and the internet.

That's the point of the xkcd comic - length trumps complexity. Most password cracking these days is done working back from the hash using brute force, so increasing the number of guesses required is the way to go.

To illustrate the numbers: the search space for a password of one character that only accepts lowercase alphabetic characters is 26. So the maximum guesses required for a computer are 26. If the password is 2 characters long, the maximum guesses required is 702 (26*26 for a 2 character password, + 26 for a possible 1 character password - the cracker doesn't know the length of the password). If the password is 3 characters, it's 18,300. For 4 character,s it's 475,254. At 10 characters it's more than 146 trillion guesses. That's actually not huge - it only takes about 10 hours to crack that password using a moderately powerful setup. But when you get to 15 characters, it takes 555 years. If you're really worried, bitwise, add another character. That jumps you to 144 centuries. And that's with only lowercase characters. Source: Gibson.

For most people, a tool like LastPass is a great way to ensure that you're secure. It means that no single security breach renders any of your other sites vulnerable, and it lets you generate passwords that aren't vulnerable to brute force approaches.
More...
Mar 26, 2013 Mike commented on T-Mobile Ditches Phone Contracts Altogether.
I'm on T-Mobile's prepaid plan that costs $30/mo for 100 minutes of talk and unlimited text and data. I bought my phone straight from Google, so it's unlocked and I can take it to sprint or an MVNO if I want. 100 minutes of talk per month isn't quite enough for me, so I use Talkatone to place all my calls as VOIP calls using my unlimited data instead of my meager talk allowance. And since I'm on a prepaid plan with no contract, I can stop any time I find a better deal.

T-Mo is not perfect - their coverage isn't good outside of urban areas and isn't Verizon-level even in cities, and their service isn't great. But at no other major provider can you get a $30/mo plan like I have, and most MVNOs have restrictions that I don't like, so I'm sticking with T-Mo for now.
Feb 23, 2013 Mike commented on Google Glass Could Be for Sale By the End of This Year.
Yes, Fnarf, we've met. And you seemed pleasant, knowledgeable, polite and impolite in entertaining proportions, and well worth hanging out with. It was at a Questionland meetup, which is perhaps not coincidental, because Questionland was really the medium where those characteristics were best rewarded. It's convenient that you mention your status there, which was well earned. On Slog, however, I've much more often found you to be hateful, still knowledgeable but in an insufferably smug way, often condescending even when not addressing Will, possessed of a faith in your own correctness that I typically associate with blowhards and zealots, and with a seemingly unquenchable desire to render yourself indistinguishable from Will by tussling with him as often as you can stomach. You also respond poorly to disagreement and seem incapable of agreeing to disagree, which I realize is probably somewhere near the root of your furious loathing of Will, who is congenitally incapable of agreeing with anybody on anything other than his own merits.

For what it's worth, I've met Will, too, and I agree 100% with your assessments of him. I would choose a repeat of my single in-person experience with you a thousand times before considering a repeat of even ten seconds of any of my unfortunately many in-person experiences with Will. But my agreement with you, and my having met you and enjoyed your company, doesn't alter my assessment of your conduct here. Even on questions like the probably year-old discussion of porn watching in libraries, where it's not hard to see the merits of both sides of the argument, you angrily, condescendingly advanced your own opinion as the only reasonable choice. I recall another instance (although unfortunately not the topic - the behavior was what stands out) where you turned angrily on Matt from Denver for the crime of taking a position that differed from yours, and you expressed stunned surprise that somebody who you had found so agreeable was capable of disagreeing with you, and then you vented your spleen all over him while he remained resolutely polite. Yeesh, come on.

What have you ever done to me, Fnarf? Nothing. But what you've done to your public persona here is pretty ugly. You clearly can be a contributor of great merit, but you're not our pope, and nobody owes you agreement. Nobody, with the possible exception of you, needs to be saved from Will's online presence. I was once asked if either you or Will could exist without the other, and my sad answer was that I'm not sure. That really blows. I wish I had remembered Questionland, because that place was pretty excellent proof that you're almost unimaginably better without Will around, but Questionland is gone and Slog is still around.
More...
Feb 22, 2013 Mike commented on Google Glass Could Be for Sale By the End of This Year.
People still take Fnarf seriously? Folks, his chief intellectual nemesis is Will in Seattle. He spends 95% of his time on Slog beating up the tiniest midget there is. This is not a titan of cutting edge thought, this is a guy with problems picking on a guy with even more problems. He is one degree less ridiculous than Will. Ignore them both.
Dec 22, 2012 Mike commented on Responsible Gun Owner: Twenty Dead Children a "Drop In the Ocean".
If the FBI knocks on your door who will stand up for you? You? With what? Truth?


So in your world, when the FBI knocks at your door, you answers alone, with guns blazing?

Truth isn't a bulletproof vest


Neither is a gun.

and it certainly wont stop a bulldozer.


Believe it or not, this is the first time I've considered the old "guns vs. bulldozers" problem, but I suspect truth has stopped more bulldozers than guns have.

Peacefully protest, great, but for how long?


So your problem with peaceful protest is that you get tired of it eventually? How does a gun help with that? Or do you just see peaceful protest as an inconvenient waiting period before you get to shoot at bulldozers with a feeling of justification?

But to turn your construct around: what do you think has done a better job of safeguarding liberty? A free press, or the right to bear arms? If you think it's the right to bear arms, then maybe you can illustrate for us how liberty somehow still remains in the many countries that don't provide a right to bear arms.
More...
Nov 21, 2012 Mike commented on Boy Nerds Are Still Trying to Tell Girl Nerds That They're Not Real Nerds.
Young nerds find solace in community. Because it's their refuge from scorn and rejection, they can become fiercely protective of that community. When they see people who they identify as part of the communities that scorned and rejected them co-opting the things that they like, they react poorly. Is that smart? No. Is it sad? Yes. Is there irony in them rejecting people who aren't good enough to fit in to their idea of their community? Sure. It's both understandable and lamentable.
Nov 14, 2012 Mike commented on Woman Dies After Being Denied an Abortion.
Matt, there's a firefox extension floating around someplace that collapses the comments of people you choose. Somebody made it a couple of years back so they could tune out the Will & Fnarf circus. You could download it, install it, and just add people who feed trolls so you don't have to sit through one side of a conversation with a mental deficient. Just a thought I've entertained on occasion (but haven't yet acted on - I usually just stop reading the comments after the second instance).
Nov 13, 2012 Mike commented on Atlas Shrugged Fan Fantasizes About an Election-Day McDonald's Showdown with the Takers.
It's blowhardy enough, but not nearly windbaggy enough for a Randian monologue.
Nov 8, 2012 Mike commented on Hey Seattle Times...? How'd That Political Advertising Experiment Work Out for You?.
Nothing like a little confirmation bias to start the day.
 

All contents © Index Newspapers, LLC
1535 11th Ave (Third Floor), Seattle, WA 98122
Contact | Privacy Policy | Terms of Use | Takedown Policy