Somebody has identified it as Croatia. There is 35cm (1 foot) difference between high tide and low tide at Split today - and those are Spring Tides!. Next Friday it will be 16cm (6") (The Med doesn't have much in the way of tides).
130 posts • joined 27 Nov 2013
" you cannot enter complex alphanumeric passphrases on a touchscreen"
Err, why not? I can enter almost all the characters on my phone that I can on my keyboard.
My most important passphrase has about 77 bits of entropy (I can be that precise because of the way I generated it). I enter it on my phone. (It actually only consists of lower-case ASCII, but length is more important than character set, and Password123! is not a secure password.)
A suborned employee is not (in any real sense) "the vendor". A suborned employee is just a mechanism for how the external attacker places in the code in the product.
"The vendor as creator" was my initial thought on reading the headline - I thought it was a debugging tool that was left in place in the release. However, debugging tools don't tend to conceal their access to C&C servers like this....
Quote: A source familiar with the matter says Marketo has made a "substantial donation" to a charity chosen by Travis Pebble
That's fairly classy if true. I can't decide whether not trumpeting about it is even classier, or whether it indicates it's not true, but they want some of the brownie points anyway.
Quote: distance per unit time is velocity and has nothing to do with either thrust or power
You have misunderstood what the OP wrote. What he actually said is: "power is distance moved per unit time multiplied by force" (which is correct). There was a parenthetical remark after "time", but it didn't end the definition of power.
No, I'm afraid not. If all the missing matter mass is the form of baryons (protons and neutrons) there would have been rather more fusion going on just after the big bang. The result would have been rather more Helium and Lithium in the universe.
I remember a talk given by Professor Sir Herman Bondi in the 80's where he was asked about the missing mass problem (actually, "missing light"). His preferred solution was "bricks". Dust (aka "soot") is too visible in long wavelengths; enough Jupiter sized-objects would show up at other wavelengths. Things the size of a brick (about 1kg) would solve the problem nicely.
... but we now either need something *really* exotic, or our fundamental theories are wrong. I keep hoping we can get rid of "Dark Energy" and replace it with a new theory of gravitation.
The justification was that it meant that the prosecution for possessing real images wouldn't have to prove (beyond reasonable doubt) that the lightly photoshopped image was originally a real image rather than a entirely constructed.
I can see that argument, but it also makes me uncomfortable that images whose creation have involved no harm to anyone are illegal.
That shows a *profound* misunderstand of what "salting" means. The salt is stored in the database along with the hashed password. It is not, in any way, intended to be secret.
The point is that different users will have different salts, and what is stored in the database is the hash of the salt+password. This means that the attacker must try common passwords for each individual user (well, individual salt), and can't just hash all the common passwords once, and then look up each user's hashed password in that list.
IMHO it is better to only allow updates to be done by a dealer.
The trouble is, that people won't take it into a dealer to get it updated. That leaves vulnerabilities lying around waiting to be exploited. OTA updates are the only way to get them done on a timely basis.
Car manufacturers are very excised at the moment about how to do this securely (*). (Updates which are properly signed, and update kernels which are *very* carefully written are about as good as it gets.)
* Source: Meetings I have attended, jobs I have been offered.
"Or, maybe even more to the point, will be able to handle jobs that are ten times more complicated in the same time" - err, probably not.
If you are doing finite element modelling in four dimensions (three space + time), then a factor of 10 will not even allow you to half the mesh size.
>> And, from what I read about Linux, more than ever seems to be going into that kernel too.
> no, just systemd and wayland. I'm sticking with FreeBSD.
FreeBSD is not Linux - it's an entirely separate operating system (although they are both Posix compatible).
This will be similar in principle to Shamir secret sharing, where you give n people shares of your secret (or more plausibly, write the shares onto n smartcards), and it then requires k of them to come together to recreate the original secret. The magic of the algorithm ensures that if only k-1 collude dishonestly with an attacker, the attacker is no better off than trying to brute force the secret from scratch.
See http://joshworth.com/dev/pixelspace/pixelspace_solarsystem.html. It is subtitled "A Tediously Accurate Map of the Solar System". It's not that accurate - it lines all the planets up in straight line, and has a lot of extra text to relieve the monotony. It is very tedious if you try to scroll all the way through (I gave up)
@Naselus : ""I actually missed the part that the attack produced by Google needs to meddle with both sides - "good" and "bad" of the collision." You missed it because it doesn't 'need' to. "
That is seriously wrong. The attack absolutely *does* need to fiddle with both sides. Fiddling with only one side is not a collision attack, it is a pre-image attack - and nobody has demonstrated a pre-image attack against even MD5 yet.
@Hans 1 You are almost right *but* what they can do is get
000011100010001xxxxxxx0001000111001100[...] to equal the hash of 000011111010001yyyyyyy0001000111001100[...], where x and y can be anything.
This is the difference between a collision (which we now have), and a second pre-image attack (which we don't have - yet).
I don't think building from source is all that hard. What is hard is deterministically building from source. Thus given the same source files, you end up with the same (bit-wise identical) executable.
There are a lot of tools that make that hard these days; there are good reasons, but it's not desirable in open source security software.
"This way they can find out from the electoral register who can be bothered to vote, and target their junk mail accordingly" - That's not right. Each party will buy a marked up electoral register indicating who voted after the election. The trouble is that doesn't appear until some time after the election, and they want to know who to send somebody round to with a "don't forget to vote" postcard.
Sadly, that story is almost *certainly* apocryphal. In particular, Shackleton would have been very unlikely to write "Safe return doubtful." - that would be much too negative for him.
- although all the team that Shackleton was leading survived, there were three deaths on the team laying supply depots that Shackleton's team was supposed to reach after the pole.
- I'm not convinced that Worsley was *the* best dead-reckoning navigator ever. Captain Bligh was pretty good too (for all his other faults). (But yeah. If I was stuck in a 22' lifeboat with the nearest accessible human habitation 800 miles away across the stormiest ocean in the world, with a target only 100 miles long, he's the man I'd want to do the navigating.)
Biting the hand that feeds IT © 1998–2019