stingwray

I'm actually in NYC for about two months and HOPE falls over those weekends which is why I'll have a look. I'm looking at CCC this year and Defcon next year hopefully. I'll bare in mind that it might be a little too political then! :-p

I won't be making it to Defcon this year but probably next year all being well. However it is looking increasingly like I'll be attending The Next Hope in NYC this year. Anyone planning on getting to this?

Although websites are good, I find that books can really be a cut above the rest. In which case I recommend: C++ Primer - http://www.amazon.co.uk/C-Primer-Stanley-B...6563&sr=8-1 and Effective C++ - http://www.amazon.co.uk/Effective-Specific...6622&sr=1-1 C++ Primer is very much a reference although you could read it cover to cover if you want. However Effective C++ is just a brilliant book which you really must read cover to cover. Not because what you learn in the beginning of it is need for later parts (in fact it pretty much references things all over the place which is a little annoying at times), but because what you will learn you will need later in your designs and implementations. You'll also pick up better practises which will make you a better programmer later. Both are well worth the cost and through Amazon they are pretty damn cheap.

Sounds like you have got a pretty packed week ahead, hope you enjoy our country.

Personally I like the look of the HP Mini 11 and the Sony W Series, if your wanting to spend a decent bit of money on it. Otherwise you don't seem to be able to go wrong with a Dell Mini 9 or 10. If your going to be using it for any decent amount of time, look for a screen with a resolution greater than 1024x600, as personally I find that the most limiting factor of netbooks. ION graphs is a great bonus if you can get it.

Regexs are very lean, especially if used correctly, certainly no more intensive than the other methods that you have specified if doing the same job. This is also the beauty of perl, there are so many ways of doing things (admittedly it can be a bad thing as well), also Perl is an interpreted language, if you want out and out speed you should be using something like C++. Newlines are never more than 1 Byte, you might have a carriage return on a system, but that is an additional special character. Of course thats ascii with unicode slightly different. I never use chomp() as I dislike the function and they way it is used. Almost always I will match on what I want with a regex and just ignore the end.

I use Avast Free on my Windows machine, mainly to shut up the security console from telling me that I'm not protected all the time and that I'm going to get AIDs. I can't remember the last time that I had a virus. I'm vaguely more worried about malware and such from browsing the internet, but most of the browsers do a decent job of prevent that or warning you before now, and you'd never guess, there are free applications which will search and remove malware and spyware as well! So wait a minute, if I can get all the tools that I need for free, but they are just not bundled as one, why should I be paying someone the privilege for bundling it all together? In my opinion paying for AV protection packs is for the idiots that can't use a computer and people who are tool lazy to administer their computer properly.

Actually, if you use 10 character long password and 62 characters to produce it from you have 62^10 possible passwords, which is a lot less than 10^62. It doesn't matter whether Linux and Mac OSX have other PRNG, Python uses its own Mersenne Twister implementation in C. The difference would be in seeding the PRNG, which your letting the operating system do in its default way, which for the majority of systems is the current time, which is an extremely poor seed. An example of how this is done slightly better is in TrueCrypt which takes input from mouse movements to help randomize the seed. 'papapapa' is only an example, there are many others which are easily equatable. If you want to come back onto Maths, the chances of two characters coming up next to each other are 1/(62^2), Now 1/(62^2)*62^10 is not a trival number to reduce the number of possible tries. Plus I have the added benefit that you also don't allow three/four/five same characters in a row, so I can remove even more! Coding something to remove bad passwords wouldn't be hard or intricate to get good results, a good password has a high amount of entropy between characters, just don't accept password below a threshold, which should the user want, could be changed. I wouldn't worry about shoulder surfing, the user has to worry about that and given that 99% of all passwords breaking comes from attacking the hash its not really a problem anyway. I don't know why your say "Sorry for wasting your time,", I'm trying to help you make your software better. If you would rather produce poor quality software then please ignore all my comments.

You need to understand random number and pseudo random number generators more before thinking this is a good idea. Start with the python documentation. Python Doc - Random In particular, you need to look at: So there is nothing random about your program and could very easily be repeatable. Also it makes generating list of passwords completely pointless as the PRNG is deterministic. Also, as an Attacker, thanks for removing all passwords with the same character next to each other, this cuts the size of my dictionary and brute force attacks considerably. A password with two characters next to each other is not a bad password. A bad password would be 'papapapa' where 'oP9nn7Ae' is miles better.

I think we're starting at OpenTech today and then probably moving on to other exciting things. Come down if you can!

Right, well the day is nearly upon us. I'm working tomorrow, but I'll hopefully be leaving a little early, god knows I've deserve it. I'll probably make my way to the pub for about 7:30 rather than going to Trocadero first, depends on my mood. As for Saturday, I looked at the Open Tech 2009 schedule and to be frank, it looks really crap, there was absolutely nothing there that made me think I want to go. So I'd love to find something else to do on Saturday. Looking forward to meeting a few of you.

Its not even most, you have to handle all sorts of encodings to be really safe.

Disk IO sucks really badly on Virtual machines generally, which means something like a File server is a bad thing to virtualize. Also as you don't want to make it suck even more, I wouldn't run virtual machine images across a network. Really the host machine should have decent local storage in a RAID setup that provides protection, the file server should have the same, but then can keep snapshots of the virtual machines backed up.

Erm, same thing, the right hardware is the one that has good drivers written for it.

You might want to offer equity in the company as compensation for initial services, you just have to be careful to specify the amount of time spent before receiving the equity and also how long they must hold the equity for. This means that anybody coming on board would be in it for the long run and have a vested interest in the company succeeding. However getting that all right is very difficult. It sounds like your going to want to be bringing more than just a developer on board, almost CTO level, with obviously practical skills as little of the initial work will be management. So you'll need someone with a good range of skills and be able to think outside the box. Startups are great fun but a lot of work, all the best with yours. If you don't know about it already, check out "This week in start ups" by Jason Calcanis, you'll definitely find useful information from it even if its not your first start up.