Dad of two; Java and web developer.
125 stories
·
0 followers

leah blogs: Ken Thompson's Unix password

2 Comments and 11 Shares

Somewhere around 2014 I found an /etc/passwd file in some dumps of the BSD 3 source tree, containing passwords of all the old timers such as Dennis Ritchie, Ken Thompson, Brian W. Kernighan, Steve Bourne and Bill Joy.

Since the DES-based crypt(3) algorithm used for these hashes is well known to be weak (and limited to at most 8 characters), I thought it would be an easy target to just crack these passwords for fun.

Well known tools for this are john and hashcat.

Quickly, I had cracked a fair deal of these passwords, many of which were very weak. (Curiously, bwk used /.,/.,, which is easy to type on a QWERTY keyboard.)

However, kens password eluded my cracking endeavor. Even an exhaustive search over all lower-case letters and digits took several days (back in 2014) and yielded no result. Since the algorithm was developed by Ken Thompson and Robert Morris, I wondered what’s up there. I also realized, that, compared to other password hashing schemes (such as NTLM), crypt(3) turns out to be quite a bit slower to crack (and perhaps was also less optimized).

Did he really use uppercase letters or even special chars? (A 7-bit exhaustive search would still take over 2 years on a modern GPU.)

The topic came up again earlier this month on The Unix Heritage Society mailing list, and I shared my results and frustration of not being able to break kens password.

Finally, today this secret was resolved by Nigel Williams:

From: Nigel Williams <<a href="mailto:nw@retrocomputingtasmania.com">nw@retrocomputingtasmania.com</a>>
Subject: Re: [TUHS] Recovered /etc/passwd files

ken is done:

ZghOT0eRm4U9s:p/q2-q4!

took 4+ days on an AMD Radeon Vega64 running hashcat at about 930MH/s
during that time (those familiar know the hash-rate fluctuates and
slows down towards the end).

This is a chess move in descriptive notation, and the beginning of many common openings. It fits very well to Ken Thompson’s background in computer chess.

I’m very happy that this mystery has been solved now and I’m pleased of the answer.

[Update 16:29: fix comment on chess.]

NP: Mel Stone—By Now

Read the whole story
careyhimself
65 days ago
reply
Christchurch, New Zealand
popular
65 days ago
reply
Share this story
Delete
2 public comments
beslayed
42 days ago
reply
.
jepler
66 days ago
reply
ha!
Earth, Sol system, Western spiral arm

Differentiation and Integration

6 Comments and 14 Shares
"Symbolic integration" is when you theatrically go through the motions of finding integrals, but the actual result you get doesn't matter because it's purely symbolic.
Read the whole story
careyhimself
290 days ago
reply
Christchurch, New Zealand
Share this story
Delete
5 public comments
satadru
288 days ago
reply
This feels like a variant of ay of several classic Sidney Harris cartoons. (I say that approvingly.)
New York, NY
davidar
289 days ago
reply
Nondeterministic integration: start -> ask an oracle -> differentiate the answer provided by the oracle to verify it matches what you were trying to integrate -> done!
jepler
290 days ago
reply
OH NO
Earth, Sol system, Western spiral arm
Covarr
290 days ago
reply
This is why I never got past calculus. It wasn't too difficult, just too annoying.
Moses Lake, WA
alt_text_bot
290 days ago
reply
"Symbolic integration" is when you theatrically go through the motions of finding integrals, but the actual result you get doesn't matter because it's purely symbolic.
cjheinz
290 days ago
Note tho, that to computers, integration is easy - just total some shit up, whereas differentiation - find the instantaneous rate of a change of a function - is hard. This is very evident when you use the Minsky economics systems dynamics program.
duerig
290 days ago
Ah. But the trick with computational integration is that you are totaling an *infinite* amount of shit up. :)

Peak performance: How retailers used Google Cloud during Black Friday/Cyber Monday

1 Share

At Google Cloud, we work with businesses in a range of industries, and we’ve seen nearly every business experience peak events when their online traffic skyrockets. For retailers, their peak events are Black Friday and Cyber Monday (or BFCM)—the period right after Thanksgiving in the U.S., when holiday shopping starts. The weekend kicks off the all-important holiday shopping season of November and December, when an estimated20% of all annual retail sales occur.

During an average day, online retail sales in the U.S. total about $1.4 billion,CNET reports. In contrast, on Black Friday 2018, U.S. online sales totaled $6.22 billion (up 24% from 2017). Cyber Monday 2018 sales surged to $7.9 billion (up 19% from 2017)—the biggest online sales day ever in the U.S., according toAdobe Analytics.  

Traffic to retailers’ mobile and shopping apps surges to levels unmatched during the rest of the year, and availability or scalability issues can result in millions of dollars of lost sales. Every year, there are well-publicized retail website crashes, so avoiding downtime—along with the accompanying reputation damage, unhappy customers and stressed, overworked IT teams—is particularly important for retailers.

We know that a solid technology infrastructure is the foundation for retailers to stay ahead of demand and succeed during this busy season. Beyond that, though, support for that infrastructure is essential. Support isn’t just activated if something goes wrong. Support for an event like Black Friday and Cyber Monday involves preparation well ahead of time, and includes testing, architecture reviews, capacity planning, operational drills, and war rooms during the event itself. We took a prescriptive approach to BFCM support, setting expectations and ownership early (more than six months ahead), to understand what each retail customer needed, both on their side and from our team.  

We’ll go through the steps that helped our retail customers have a fruitful and disaster-free season. These steps can generally help you prepare for your own peak event. We’ll also describe how one large-scale retail platform in particular—Shopify—had a successful BFCM using Google Cloud.  

Preparing to support retailers on Black Friday/Cyber Monday

We started planning for Black Friday and Cyber Monday for our retail customers in the spring of 2018 to align with their typical preparation timeline. We formed a task force composed of representatives from Google Cloud’s Professional Services, Customer Engineering,Support,Customer Reliability Engineering (CRE), and Product and Engineering teams. We met regularly to strategize, develop tactics, and execute on those tactics with the goal of making sure Google team members and our GCP retail customers were well-prepared.

We focused on a few key technology areas where planning could help prevent any issues.

1. Early capacity planning

As early as May 2018, our account teams began reaching out to GCP retail customers. We discussed high-level planning, such as their particular holiday shopping objectives and the infrastructure capacity they might need to meet those goals.

We worked closely with retailers to review their architectures and advise on techniques to forecast and plan for increases in capacity before Black Friday, since scalability is essential when planning for traffic spikes. We conducted tests across teams and services, and stress-tested systems to uncover any constraints or weaknesses and remediate as needed. Those tailored preparations paid off across the board. With GCP capacity status firmly green—available—throughout Black Friday and Cyber Monday, shoppers visiting our retail customers’ sites could make their purchases without running into a slow or unresponsive site.

2. Reliability testing

Identifying potential reliability issues in a “pre-mortem” (an important component of CRE) was another preemptive step we took. Early on, our CRE team partnered with our retail customers to analyze the reliability of their infrastructures, and run through tabletop exercises to see how well-prepared the customer was in the face of a failure. In some cases, the Professional Services team helped perform load testing to make sure retailers’ platforms could handle expected levels of peak traffic, and in others we encouraged regular load testing and evaluation. And given how important mobile commerce has become, we also tested the performance and reliability of customers’ mobile apps. We also employed Apigee’s API monitoring tools to ensure API stability. We’ve seen APIs become more important in retail technology, since they allow more flexible, microservice-based e-commerce sites.


3. Operational war rooms

“What could possibly go wrong?”

That’s the million-dollar question to ask before a big IT event. We got together with our retail customers’ IT and engineering teams to explore and test for possible worst-case scenarios, like an entire site crash. We created a central Black Friday/Cyber Monday war room staffed with senior-level, experienced Googlers from the Professional Services, Support, and Site Reliability Engineering (SRE) teams. This team of first responders was prepared to use real-time communications to stay connected and address any problems as soon as they arose. This was in addition to understanding customer and vendor integrations and making sure escalation paths were defined ahead of time, so that customer expectations were clear for various channels.

During that weekend, we doubled the number of on-call support staff available to retail customers. In some cases, we placed account teams on-site at GCP and Apigee retail customer locations to help as needed. We monitored whether any retail customers were starting to have reliability or latency problems. If something needed to be triaged, the war room team kicked into action, tackling issues and advising on next steps. The Google war room team also had direct, open access to Google engineers and executives for additional support.

Apigee team members kept a close eye on API traffic during the Black Friday period. The number of API calls for Apigee’s customers (excluding those who host the platform on-premises) grew 95% compared to the same span of time in 2017. Peak API traffic running through Apigee more than doubled, from 48,000 transactions per second (TPS) to 108,000 TPS this year, and the platform remained 99.999% available.

How retailers sailed through Black Friday and Cyber Monday

One of our retail partners, Shopify, is an e-commerce platform supporting more than 600,000 independent retailers. The complexity of managing all those storefronts makes predicting holiday site traffic and sales spikes even more challenging. Shopify provides a platform with 99.98% uptime, and calls BFCM their annual “World Cup” event.

Shopify’s platform is made up of many internal services and interaction points with third-party providers, such as payment gateways and shipping carriers. Each of those dependencies has to be reliable and perform well for BFCM to go off without a hitch.

In 2017, on Black Friday and Cyber Monday, only about 10% of Shopify’s stores ran on GCP. The rest were hosted from their own data center. In 2018, Shopify went all-in on GCP as its infrastructure provider, with 100% of its retailers running on our platform.

Shopify was an early adopter of Docker containers and now usesGoogle Kubernetes Engine as itscontainer management system, along with theCloud Storage unified object storage service.

Shopify Production Engineers began working side-by-side with Google’s BFCM team months before the holiday shopping season. We collaborated on capacity planning so Shopify would have the right capacity buffer needed to accommodate an even bigger peak load than they had in 2017, and helped diagnose and fix potential performance problems, such as network latency.

During the rest of the year, our Shopify account team stayed highly engaged with Shopify engineers on Slack, Google Hangouts Chat, and other real-time communications tools. For Black Friday and Cyber Monday, we increased our communication further and dispatched Googlers to Shopify’s own war room in Toronto.

“As we went into BFCM 2018, we no longer had data center capacity to fall back on,” says Camilo Lopez, Director of Production Engineering at Shopify. “But we were confident that with Google Cloud, we had the extra support and strong technology foundation needed for a successful Black Friday and Cyber Monday. The big event came and went without incident. Our merchants collectively sold over$1.5 billion USD in merchandise that weekend,up from $1 billion in 2017.”

This BFCM weekend was a record breaker for Shopify, with a peak of nearly 11,000 orders created per minute and around 100,000 requests per second being served for extended periods during the weekend. Overall, most system metrics followed a pattern of 1.8 times what they were in 2017.

Cloud planning and support make for stress-free events  

By following the above strategies, you can be ready for whatever comes your way, whether it’s a huge, unanticipated traffic spike or a major uptick in sales you count on every year. And that brings benefits for customers and your IT teams. After this year’s successful BFCM, a staff member from one of our newer retailers sent us a note of thanks and remarked that 2018 was the first time in years that he was able to enjoy Thanksgiving dinner with his family.

To achieve your own low-stress peak events, plan and prepare before the event. Consider how your service might fail, how you’d detect these failures, and how you’d react to them. Perform tests to find potential weaknesses. Choose good measures of your customers’ experience, and closely monitor your infrastructure during the event. Do a post-mortem immediately afterwards to make the next big event is even smoother. Find out more here on adopting these strategies for your organization.

And of course, our GCP support team is here to help during these events, both planned and unplanned. If you have a large event where we can help, get in touch with your Technical Account Manager, or your Google Cloud account team.

Read the whole story
careyhimself
337 days ago
reply
Christchurch, New Zealand
Share this story
Delete

The Gamification of Rhetoric

1 Comment and 14 Shares

I posted a thought earlier on Twitter today and I’ll repost it here in non-tweet form:

It’s really frustrating to me that more people don’t understand that racist/alt-right people have gamified their rhetoric; they’re not interested in discussion, they’re slapping down cards from a “Debate: The Gathering” stack, and the only goal is taking heads.

They gamify their rhetoric because essentially this shit is a low-stake game for them, whereas for other people it’s their actual lives. That’s an advantage they have. If they lose, they shuffle their cards and go on to the next thing. If others lose, their life takes a hit.

And because their rhetorical strategy is essentially card-based, actual knowledge of issues is unimportant and probably a hinderance. They don’t want or need to understand the issues that affect others, they just need you to play their game so they can win.

I don’t have time anymore to diddle about with children who think other people’s lives are some sort of turn-based game, especially when all they want is to hurt other people. And it bothers me more people, especially those with power, don’t understand this shit.

I’m not going to tell people not to engage with these chuckleheads. But don’t engage with them on their terms. Engage with them on your own. One, they hate that, and two, it exposes what they’re doing as a pointless, hateful exercise, and them as awful people.

In sum: Understand what these folks are doing. Refuse to play along. And if you choose, point out to others the hollowness of their game. Because their “game” is to hurt other people, and then go on to the next target. Their game is other people’s lives.

Read the whole story
careyhimself
496 days ago
reply
Christchurch, New Zealand
popular
496 days ago
reply
Share this story
Delete
1 public comment
WorldMaker
494 days ago
reply
Also, gamified rhetoric is easier to automate, easier to scale, than honest/empathic/actual debate. You aren't going to get far in most FPSes if you spend so much time on individual one-on-one matches and ignoring the vast scale of the mob surrounding you. Get to higher ground first if you are going to snipe; learn when you sometimes should bring an automatic weapon to a large scale battle.
Louisville, Kentucky

The United States of Guns

2 Comments and 9 Shares

Like many of you, I read the news of a single person killing at least 10 people in Santa Fe, Texas today. While this is an outrageous and horrifying event, it isn’t surprising or shocking in any way in a country where more than 33,000 people die from gun violence each year.

America is a stuck in a Groundhog Day loop of gun violence. We’ll keep waking up, stuck in the same reality of oppression, carnage, and ruined lives until we can figure out how to effect meaningful change. I’ve collected some articles here about America’s dysfunctional relationship with guns, most of which I’ve shared before. Change is possible — there are good reasons to control the ownership of guns and control has a high likelihood of success — but how will our country find the political will to make it happen?

An armed society is not a free society:

Arendt offers two points that are salient to our thinking about guns: for one, they insert a hierarchy of some kind, but fundamental nonetheless, and thereby undermine equality. But furthermore, guns pose a monumental challenge to freedom, and particular, the liberty that is the hallmark of any democracy worthy of the name — that is, freedom of speech. Guns do communicate, after all, but in a way that is contrary to free speech aspirations: for, guns chasten speech.

This becomes clear if only you pry a little more deeply into the N.R.A.’s logic behind an armed society. An armed society is polite, by their thinking, precisely because guns would compel everyone to tamp down eccentric behavior, and refrain from actions that might seem threatening. The suggestion is that guns liberally interspersed throughout society would cause us all to walk gingerly — not make any sudden, unexpected moves — and watch what we say, how we act, whom we might offend.

We’re sacrificing America’s children to “our great god Gun”:

Read again those lines, with recent images seared into our brains — “besmeared with blood” and “parents’ tears.” They give the real meaning of what happened at Sandy Hook Elementary School Friday morning. That horror cannot be blamed just on one unhinged person. It was the sacrifice we as a culture made, and continually make, to our demonic god. We guarantee that crazed man after crazed man will have a flood of killing power readily supplied him. We have to make that offering, out of devotion to our Moloch, our god. The gun is our Moloch. We sacrifice children to him daily — sometimes, as at Sandy Hook, by directly throwing them into the fire-hose of bullets from our protected private killing machines, sometimes by blighting our children’s lives by the death of a parent, a schoolmate, a teacher, a protector. Sometimes this is done by mass killings (eight this year), sometimes by private offerings to the god (thousands this year).

The gun is not a mere tool, a bit of technology, a political issue, a point of debate. It is an object of reverence. Devotion to it precludes interruption with the sacrifices it entails. Like most gods, it does what it will, and cannot be questioned. Its acolytes think it is capable only of good things. It guarantees life and safety and freedom. It even guarantees law. Law grows from it. Then how can law question it?

Roger Ebert on the media’s coverage of mass shootings:

Let me tell you a story. The day after Columbine, I was interviewed for the Tom Brokaw news program. The reporter had been assigned a theory and was seeking sound bites to support it. “Wouldn’t you say,” she asked, “that killings like this are influenced by violent movies?” No, I said, I wouldn’t say that. “But what about ‘Basketball Diaries’?” she asked. “Doesn’t that have a scene of a boy walking into a school with a machine gun?” The obscure 1995 Leonardo Di Caprio movie did indeed have a brief fantasy scene of that nature, I said, but the movie failed at the box office (it grossed only $2.5 million), and it’s unlikely the Columbine killers saw it.

The reporter looked disappointed, so I offered her my theory. “Events like this,” I said, “if they are influenced by anything, are influenced by news programs like your own. When an unbalanced kid walks into a school and starts shooting, it becomes a major media event. Cable news drops ordinary programming and goes around the clock with it. The story is assigned a logo and a theme song; these two kids were packaged as the Trench Coat Mafia. The message is clear to other disturbed kids around the country: If I shoot up my school, I can be famous. The TV will talk about nothing else but me. Experts will try to figure out what I was thinking. The kids and teachers at school will see they shouldn’t have messed with me. I’ll go out in a blaze of glory.”

In short, I said, events like Columbine are influenced far less by violent movies than by CNN, the NBC Nightly News and all the other news media, who glorify the killers in the guise of “explaining” them. I commended the policy at the Sun-Times, where our editor said the paper would no longer feature school killings on Page 1. The reporter thanked me and turned off the camera. Of course the interview was never used. They found plenty of talking heads to condemn violent movies, and everybody was happy.

Jill Lepore on the United States of Guns:

There are nearly three hundred million privately owned firearms in the United States: a hundred and six million handguns, a hundred and five million rifles, and eighty-three million shotguns. That works out to about one gun for every American. The gun that T. J. Lane brought to Chardon High School belonged to his uncle, who had bought it in 2010, at a gun shop. Both of Lane’s parents had been arrested on charges of domestic violence over the years. Lane found the gun in his grandfather’s barn.

The United States is the country with the highest rate of civilian gun ownership in the world. (The second highest is Yemen, where the rate is nevertheless only half that of the U.S.) No civilian population is more powerfully armed. Most Americans do not, however, own guns, because three-quarters of people with guns own two or more. According to the General Social Survey, conducted by the National Policy Opinion Center at the University of Chicago, the prevalence of gun ownership has declined steadily in the past few decades. In 1973, there were guns in roughly one in two households in the United States; in 2010, one in three. In 1980, nearly one in three Americans owned a gun; in 2010, that figure had dropped to one in five.

A Land Without Guns: How Japan Has Virtually Eliminated Shooting Deaths:

The only guns that Japanese citizens can legally buy and use are shotguns and air rifles, and it’s not easy to do. The process is detailed in David Kopel’s landmark study on Japanese gun control, published in the 1993 Asia Pacific Law Review, still cited as current. (Kopel, no left-wing loony, is a member of the National Rifle Association and once wrote in National Review that looser gun control laws could have stopped Adolf Hitler.)

To get a gun in Japan, first, you have to attend an all-day class and pass a written test, which are held only once per month. You also must take and pass a shooting range class. Then, head over to a hospital for a mental test and drug test (Japan is unusual in that potential gun owners must affirmatively prove their mental fitness), which you’ll file with the police. Finally, pass a rigorous background check for any criminal record or association with criminal or extremist groups, and you will be the proud new owner of your shotgun or air rifle. Just don’t forget to provide police with documentation on the specific location of the gun in your home, as well as the ammo, both of which must be locked and stored separately. And remember to have the police inspect the gun once per year and to re-take the class and exam every three years.

Australia’s gun laws stopped mass shootings and reduced homicides, study finds:

From 1979 to 1996, the average annual rate of total non-firearm suicide and homicide deaths was rising at 2.1% per year. Since then, the average annual rate of total non-firearm suicide and homicide deaths has been declining by 1.4%, with the researchers concluding there was no evidence of murderers moving to other methods, and that the same was true for suicide.

The average decline in total firearm deaths accelerated significantly, from a 3% decline annually before the reforms to a 5% decline afterwards, the study found.

In the 18 years to 1996, Australia experienced 13 fatal mass shootings in which 104 victims were killed and at least another 52 were wounded. There have been no fatal mass shootings since that time, with the study defining a mass shooting as having at least five victims.

From The Onion, ‘No Way To Prevent This,’ Says Only Nation Where This Regularly Happens:

At press time, residents of the only economically advanced nation in the world where roughly two mass shootings have occurred every month for the past eight years were referring to themselves and their situation as “helpless.”

But America is not Australia or Japan. Dan Hodges said on Twitter a few years ago:

In retrospect Sandy Hook marked the end of the US gun control debate. Once America decided killing children was bearable, it was over.

This can’t be the last word on guns in America. We have to do better than this for our children and everyone else whose lives are torn apart by guns. But right now, we are failing them miserably, and Hodges’ words ring with the awful truth that all those lives and our diminished freedom & equality are somehow worth it to the United States as a society.

Tags: guns   USA
Read the whole story
careyhimself
572 days ago
reply
Christchurch, New Zealand
popular
572 days ago
reply
Share this story
Delete
2 public comments
tedgould
546 days ago
reply
Collection of articles about gun violence in America. I find especially interesting the idea that gun rights effectively lower the value of freedom of speech.
Texas, USA
cjheinz
575 days ago
reply
#gunsense

A link is a promise.

1 Share

A few years ago, I came across a "content curation" service that billed itself as the easiest way to share your "thought leadership." You'd enter a few search terms, hook up your Twitter account, and start sharing articles.

It was a very generous definition of "content curation." But describing it as thought leadership was laughable.

That said, leadership communications can absolutely include sharing and commenting on useful resources and thought-provoking perspectives you find. That's especially true when you share with care (and due attribution!) and offer your own reflections on what you're linking to.

But a lot of people don't. There's a school of thought out there that stresses post frequency, clicks likes and shares over things that may be less easy to measure but have far greater impact — like attention, trust and authority.

And some folks I would have thought would know better are churning out links to the most shameless clickbait in the name of "thought leadership." I wrote about this a few years ago — but if anything, the problem just seems to be getting worse.

So let's be clear about something: a link is a promise.

When you share a link, we're taking your word for it on what we'll find when we get there.

Share a link that turns out to be clickbait… or a mediocre regurgitation of advice we've all read a thousand times before… and you're breaking that promise.

Share a headline that promises an exciting story about one thing… but only deals with that one thing in passing… and you're breaking that promise.

Share a story that turns out to be a hoax, or wildly exaggerated, or just plain not worth a reader's time… and you're breaking that promise.

Break enough promises, and you'll start breaking relationships. And no number of clicks, likes or shares is worth that.

?Photo by JJ Ying on Unsplash

The post A link is a promise. appeared first on Rob Cottingham.

Read the whole story
careyhimself
646 days ago
reply
Christchurch, New Zealand
Share this story
Delete
Next Page of Stories