×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

Doomsday Clock Could Move

mattpalmer1086 Re:*Yawn* (145 comments)

So if a minute comes off, it's just fear mongering. And if one or two goes on? We pat ourselves on the back and ignore it? Seems like we get to ignore it in both cases!

Good point about climate change though. I also noticed they had moved beyond just the nuclear threat. I suppose it is called the Domesday clock, not the "Nuclear Threat Clock", but I kind of agree it should stick with what it was established for.

(btw: I think climate change is a real threat, but there are lots of existential threats other than nuclear weapons and climate change.)

about a week ago
top

Doomsday Clock Could Move

mattpalmer1086 Re:*Yawn* (145 comments)

The clock has actually moved back and forth over the years. Why do *you* think a minute will come off this year?

about a week ago
top

Doomsday Clock Could Move

mattpalmer1086 Re: The doomsday clock should be renamed. (145 comments)

No idea who the researchers are, and I don't have an agenda. I linked to Wikipedia!

I have read about some of these studies before, on the web, and in fairly lay publications like New Scientist. I have no idea if they are wrong, true, or just some vast liberal conspiracy by left-leaning scientists to irritate their conservative colleagues!

I was only prompted to reply because the original poster saw it as political "fear" propoganda from "the left", and I saw it quite differently. Which made me think of these studies... make of them what you will!

about a week ago
top

Doomsday Clock Could Move

mattpalmer1086 Re:The doomsday clock should be renamed. (145 comments)

It's interesting reading your response to this. I saw it as "clever people try to assess big problems facing us, and communicate it in a way most people can easily understand". You saw it as fear mongering by the left.

Interestingly, there have been several studies that link political ideologies with fear-response. For example, see:

http://en.wikipedia.org/wiki/B...

Conservative people tend to have a higher disgust response, be more aggressive, and more resistant to change or things that appear threatening. Liberals tend to be not as frightened by apparent danger and more accepting of possibly disruptive change.

Of course, this may be completely wrong, but it does tally with my (entirely unscientific) experience.

about a week ago
top

The Paradoxes That Threaten To Tear Modern Cosmology Apart

mattpalmer1086 Re:Seems... facile (231 comments)

IANAP, but my admittedly also very shallow understanding, is that when we're talking about the energy of the "vaccuum", we mean "energy associated with space itself".

A vaccuum is typically defined by the absence of matter in a volume of space (but not necessarily light or other energy). But let's exclude those too - there is no matter or electromagnetic radiation at all.

Even with those exclusions, at a fundamental level space appears to be a seething maelstrom of quantum particles popping in and out of existence. There seems to be some energy associated with "empty" space.

  Some people posit that the vaccuum (i.e. space as we know it) may be "unstable" - that the particular energy it possesses could be lower than it is - and that we're just caught on a local bump in the energy landscape. If the vaccuum ever "fell off" that bump to a lower level, it would apparently spread at the speed of light across the entire universe from wherever it started, destroying everything that currently exists, and leaving behind... I don't know what. More vaccuum, but with a much lower energy associated with it, and with lots of new matter and energy created by the release of the vaccuum energy. Probably.

Anway, happy for a real physicist to correct me on some or all of the above - that's just my very lay understanding of what is meant by vaccuum energy.

about a week ago
top

Blade Runner 2 Script Done, Harrison Ford Says "the Best Ever"

mattpalmer1086 Re:Doubt it (299 comments)

Interesting thesis, but I don't buy it. Audience were not discovering technology for the first time, and it was not the first time cinema explored it. One of the most classic sci fi films ever was Metropolis, made in the 1920s. There were some very good sci fi films made in that era (and some very bad ones too).

In fact, Blade runner didn't appeal to audiences much when it was released. It has become a classic afterwards, probably because it's based on a quality story and the acting, direction, music and atmosphere of the film are great. And because Ridley got rid of the annoying voice over, which the movie execs mandated so the dumb audience could understand it. Not a passionate audience, note, or at least, that's not how the movie industry saw the audience and the films they were creating for them.

about a month and a half ago
top

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

mattpalmer1086 Re: Birthday paradox? (334 comments)

I put it in quotes because it is not a genuine paradox.

about 2 months ago
top

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

mattpalmer1086 Re:Birthday paradox? (334 comments)

Wrong, nothing to do with being modulo some number. It's the permutations of pairs that gives rise to it.

about 2 months ago
top

Aliens Are Probably Everywhere, Just Not Anywhere Nearby

mattpalmer1086 Re:Birthday paradox? (334 comments)

Mod parent up, wish I had mod points.

This is exactly right. It's the number of permutations of pairs that gives rise to the birthday "paradox". Nothing to do with being modulo some number.

about 2 months ago
top

eBay Compromised

mattpalmer1086 Re:Would be 100 million as fast as hashcat claims (193 comments)

Hmmm... I got my performance stats from a different web site. But the performance table on oclHashcat's fron page says 11231M c/s for SHA256. That's eleven billion a second, admittedly using 8 GPUs, but in the ballpark of my original post.

If crypt is iterating SHA256 110,000 times, that sounds fairly good. I've been looking at scrypt, which is explicitly designed to resist hardware based attacks.

about 8 months ago
top

eBay Compromised

mattpalmer1086 Re:3,963 years per password (193 comments)

Well, I would dispute those calculations a bit, but I accept that good long per-account salting forces each password to be cracked individually. I assume that the salt is compromised along with the password (or they won't be cracked at all).

Even randomly selected passwords from all alphanumeric characters only gives us about 6 bits of entropy per character. Most passwords are shorter than 10 characters, the average is more like 7. This only gives us 42 bits of entropy per password, assuming complete random selection from that space.

But - users don't randomly select from that space, and modern password crackers don't simply try all possible letter permutations, although they can successfully do this for passwords which are less than 7 characters. They exploit the patterns and techniques which users use to select passwords, using rules engines, password dictionaries, markov chains and all sorts of clever magic.

Run this on GPUs using hashcat, which for SHA256 can check about 3 billion hashes a second. A small cluster of 4 of these machines can then easily check over 10 billion hashes a second. You can now rent Amazon EC2 instances with GPUs. In a minute you can check 600 billion hashes, admittedly for a single password at a time.

Salted hashes are now crackable even for quite reasonable passwords, if the hash algorithm can be run on modern GPUs, and assuming the attacker has the salt as well.

about 8 months ago
top

eBay Compromised

mattpalmer1086 Re:Hash algorithm? Static salt like eBay Japan? (193 comments)

It's not particularly the strength of the hash that worries me, it's the speed of it. If they're using something like SHA256 - strong, but fast - then I'd be worried.

about 8 months ago
top

C++ and the STL 12 Years Later: What Do You Think Now?

mattpalmer1086 Re:Why use it? (435 comments)

Good point. I checked out http://www.stroustrup.com/appl... and I can see they're mostly all quite demanding applications. I guess they deserve a demanding language :) But yes, fair enough. There are plenty of times getting the most out of what you have is going to be important.

I once worked on Java code which ran on the most ludicrously limited hardware. It was like treacle. I spent a lot of time tuning that code. Logging was the worst offendor, but some poor algorithms lurked in there too. Garbage collection was quite noticeable, even after rewriting to minimise it as much as possible.

about 8 months ago
top

C++ and the STL 12 Years Later: What Do You Think Now?

mattpalmer1086 Re:Why use it? (435 comments)

Fair enough... I'm pretty ignorant on how CUDA or OpenCL is programmed. What is it about C++ that makes it a good fit?

about 8 months ago
top

C++ and the STL 12 Years Later: What Do You Think Now?

mattpalmer1086 Re:Computational code (435 comments)

Yes, I can see that sort of code would benefit a lot. Not an area I've done much work in, but I guess a lot of people are. I'm actually really interested in code that performs well - I spend quite a lot of time profiling and tuning. Some of the things Martin Thomson has done in Java land are pretty cool. Check out http://lmax-exchange.github.io... and http://mechanical-sympathy.blo...

about 8 months ago
top

C++ and the STL 12 Years Later: What Do You Think Now?

mattpalmer1086 Re:Why use it? (435 comments)

Sure, resource handling in C++ is one of the examples I do give of the sheer power and beauty of what you can do with the language. I used it extensively even back then. I also remember some of the issues I encountered in passing them around safely were a big lesson in the complexities, pitfalls (and opportunities) that lurk in the language. It was enormous fun, but I think I've probably been more effective in less demanding languages.

about 8 months ago
top

C++ and the STL 12 Years Later: What Do You Think Now?

mattpalmer1086 Why use it? (435 comments)

I had the most fun ever with C++ back when the original story ran. But it was too complex, too big and yet lacking standard ways of doing really very common things. Every library took a different approach. No standard libraries to do pretty much anything you wanted to in the real world. And it was always possible to shoot both feet off at once while doing something you thought was obvious and/or designed to make your code safer. Incredibly slow to compile. Compilers never supported the full C++ spec, or supported different bits of it on different platforms.

The trouble is, I can't see any compelling reason to use it for anything much these days. Maybe the latest C++ is better - but given what I know of the language I suspect the main criticisms I have of it must be still valid.

Use cases where you need that insane low level of power and control while retaining a high level language syntax are not common at all.

Can anyone give an example of where C++ really shines these days over other languages?

about 8 months ago
top

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

mattpalmer1086 Re:Is this different than a "secret salt"? (277 comments)

It looks like a message authentication code, but it isn't. Hash(Key || data) is vulnerable to a length extension attack.

about 10 months ago
top

NYU Group Says Its Scheme Makes Cracking Individual Passwords Impossible

mattpalmer1086 Re:really? (277 comments)

I think we need a "Misleading" category.

Without the salts, the hashes are essentially uncrackable, if the salts aren't incredibly short. So don't waste your time trying to crack these.

Salts are not secrets. They are usually stored right alongside the account details in the password database.

If your solution is to make the salt secret, you're not using salts anymore. Per-account salts protect against pre-computation attacks and do not need to remain secret to provide this protection. They are a cheap and effective defense for this purpose.

If you want to keep your salts secret, they are technically called "keys", and are expensive and difficult to manage securely.

about 10 months ago
top

Is Whitelisting the Answer To the Rise In Data Breaches?

mattpalmer1086 Re:We're adopting this at work... (195 comments)

The software running on the POS is completely known and controlled. In a big organisation there are lots of them, so you want to be able to update over the network. Updates are tested and bundled with any whitelist updates required. It's the perfect environment for whitelisting.

I'm curious why think it won't work on a POS with remote updates?

about a year ago

Submissions

mattpalmer1086 hasn't submitted any stories.

Journals

mattpalmer1086 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?