Hacker Newsnew | comments | show | ask | jobs | submit | ohgodthecat's comments login

I believe that the salt is able to prevent rainbow tables because of storage capacity, as rainbow tables are quite large.

That makes the pre-generation of these rainbow tables quite impossible, especially with how long many salts are.

Now of course you can start generation when you have the salt but that doesn't really make any difference between just cracking the passwords as you go.

Whether or not it would have helped LinkedIN I can't really say but it probably would have been a bit better as people woulnd't have been able to compare the list to known passwords as quickly (but probably not much of a difference there if they knew the salt).


This is correct. Salt just defeats rainbow tables. They could still be pre-generated for high-value usernames, though.

Some say that this is most useful in giving the company a more sizeable window in which to react (e.g. force password changes).


I see xkcd's passphrase is correcthorsebatterystaple and think that it is the wrong way to do it.

The memorization of that password would work much better than a simple passphrase like that.

I.E. the actual password would be:

    "That's a battery staple. Correct!"
And I don't believe that people will easily be able to crack that even with the minimal randomness that has been put in with current techniques. Sure if natural language cracking becomes popular you may have to become a little more creative like using a made up word or name or a number but even your example if no one knows what your password is:

    "My Phone number is (123) 546-8794."
should be sufficient for a very hard to crack password. And again is many times better than a simple dictionary passphrase with a few words combined.


You don't have to go into about:config to disable it all you have to do is click the little 9 boxes in the upper right of the newtab page.


Why do you avoid it, because it is proprietary?

Because mathematica is actually really a pretty great math program.


Yeah, mostly because it is proprietary and crashes often (Mathematica 8 especially).

The vast majority of students in my program are non-programmers. The only 'programming language' they know is mathematica which I think is a real shame.

Worse than that is that most of them have developed a dependence on Mathematica; without it they are severely limited in what they can do. We are provided with free copies (student version), but once we graduate will have to pay the full price if we want to continue using it.

I guess I just don't like having my abilities to solve problems tied to an expensive, closed source program. I do admit, it is very powerful.


> The only 'programming language' they know is mathematica which I think is a real shame.

Mathematica is a real functional programming language. It's a lisp with CamelCase builtins and consistent naming. And that's without any of its math goodness. It has superb documentation and a huge standard library. If you master it, you can master any lisp with a simple translator. matlab is a toy by comparison.


A key concepts beyond Mathematica are pattern matching and rule-based programming, but not a functional programming.

Yes, it has lambdas and first-class functions, but that's it. What about closures, for example? Therefore one would better not call Mathematica "a real functional programming language".

BTW, rule-based paradigm and pattern matching is a standard feature of languages from Lisp family, e.g. Scheme. From that point of view Mathematica is not something unique.


It is a feature of those systems, but not the foundation.

Mathematica is a term-rewriting system. This is a fundamentally different model of computation from the lambda calculus.

There are many practical consequences of this, in terms of the design of individual language constructs, and in how the language is used generally.


There are many practical consequences of this, in terms of the design of individual language constructs, and in how the language is used generally.

That's interesting. Can you say what some of these consequences are?


The order of evaluation is a bit different than Lisp. It's perhaps more like programming mostly with Lisp macros.


Have you used Sage? It's not as tight as Mathmatica, but it's pretty solid and easy to jump in if you know python.


At university in the "signal processing" lecture, I solved all exercises in Python while most students used MatLab (which was recommended by the lecturer). I just did it because I like Python, and expected my solutions to be clumsier and more "lowlevel". But when we compared our programs, I was surprised that MatLab didn't offer any more useful building blocks (libraries/functions) than Python, at least for our tasks at hand. And the Python code was quite clear, but that's probably a matter of taste.

If it's about programming and math, Python really plays its strengths: Clean syntax, functional programming features, numpy, sympy, linalg, etc.


Julia looks promising as a Matlab replacement: http://julialang.org/


And JavaScript is looking good for casual numerical analysis, mostly because you can very easily create UIs with dynamic plots that you can publish.


I really don't understand this kind of aversion to proprietary programs. Mathematica is a high quality program with excellent documentation (I cannot comment on crashes - it never crashed on my but I'm not using it that extensively). Maintaining and improving such product takes a lot of effort that should be paid for. Student version is really inexpensive at $139 - most books cost comparable sums of money. Once you get a job with real income, you can either ask your employer to buy it for you or can afford to buy it yourself.

As author(s) of Mathics will surely discover very soon, the devil is in details. There are lots of corner cases and improvement opportunities that takes many man-years to implement. It may seem easy to get 50% of functionality quickly; getting the other half is much trickier.


The general problem with proprietary software in sciences (not just math) is that it cuts the chain of replicability and confirmability. Unless you have the source (in a human-readable form) and have the right to compile it on your own, this is a shaky ground to rely scientifiy results on.

This is not an issue if you use that software for dicovering stuff. But it is a huge problem for e.g. mathematical proofs, or statistical analysis in other fields.

Note that I'm not saying that proprietary software has more bugs. But it's a problem if your result depends on using a black-box whose creators hide their implementation from you. Also, even if your may read their code, this is worthless unless you are allowed to compile your own version from that.

Also note that the same issue exists with hardware, but the question whether your processor adds and multiplies correctly is on a totally different level than whether complex algorithms have been implemented correctly.


Do you think the world would be better off if Mathematica, Matlab, SPSS etc didn't exist?

In reality, they make experiments more repeatable, not less. The real offender is the in-house, proprietary software developed by individual research groups. It is almost never open sourced. And it is far more likely to be riddled with bugs.

Computer experiments are just that: experiments. Any real researcher employs multiple methods to confirm their results.


> Do you think the world would be better off if Mathematica, Matlab, SPSS etc didn't exist?

No, but I will celebrate a decent open source alternative, which is what the root was probably suggesting as well. Mathematica is great as an entry software - much like MS Word for word processing. But having LibreOffice is good.


I'm all for open source.

I just don't think the reproducibility of experiments is a valid argument against commercial scientific software.

It's an age-old purist argument. In the meantime, people have been getting stuff done. And without those tools, the "huge problem" would be even huge-er.

The real problem isn't reproducibility, it is extensibility. The development agenda isn't under your control. So if you get to the edge of a field, you might find you hit a wall.


> The real problem isn't reproducibility, it is extensibility

I think its both. Extensibility is obviously an issue. But so is extensibility, I will give two reasons for it:

1. Easy reproducibility is necessary for extensibility. Firstly, academia is not very good at publishing their tools or their codebases. We have given so much weight to the concept behind the implementations and not the implementations themselves, that most people skip publishing implementations. What it means is that the next research group now has to start from scratch in implementing the concepts before they can think of extending the work. Reproducibility is not only to verify previously reported results, but also to create a starting point for further work. Secondly, given that the tools that the researcher is using is proprietary, the trend is to make it closed source. It may be because the tool is not ubiquitous and hence the researcher sees no point in distributing his/her implementations - or because he had not followed any guidelines (or in case of Matlab and Mathematica - they didn't exist/were-not-popular). He might not be sure about his implementations, and hence cannot publish them.

2. Reproducibility has always been the base for science. I don't need to trust the work a random researcher that I don't personally know. I can just verify his/her findings myself. The requirement of commercial software creates a huge monetary barrier in this. It is wasteful of me to buy a licence for a simple verification that I am not planning to extend. Given that non-academic licenses of most of these softwares are insanely expensive, it makes this verification to be confined to researchers from big research groups in large companies.


At least mathematicas notebook-format and matlabs .m is plain text and in worst case readable enough to convert to another language.

Not being plain text is usually my biggest gripe with proprietary software, they don't cooperate with source control systems and are completely useless without the software.


Yeah, but the standard (non-student) version is much more expensive. $2,495.00



us$139 can be pretty steep for students in third world countries.


I can't run Mathematica code at home without paying a licence. I can't run it at work without convincing my employer to pay the licence. Actually, I can't run a single line of Mathematica code right now. I can't share it with my friends (to edit, modify, etc).

One of Mathematica's authors offers an unexpected non-solution to that:


"You know it's only $139 for students for the full Mathematica, and if you're not a student you can always pirate it."

Wolfram is aware of that issue, they haven't found a solution.


"But we're still trying to figure out the best ways to make Mathematica as a language be as fully open as possible"

When given the tradeoff between keeping their company running and risk losing language integrity, they rather keep the company running. That's fine for me, but that means that in the meantime I'd use something else. Mathics might change that.


They did try to solve that with the Home edition version, it is a bit more than 2x more expensive than the student version but it does solve running mathematica for cheaper as long as you aren't using it for work.


I have tried open-source (octave,mathics) and closed-source (matlab, mathematica, maple) and I can say that nothing comes close to mathematica. In our physics lab, mathematica has truly changed our entire workflow, making it a lot simpler to focus on the real crux of the problem; instead of dawdling around in symbolic manipulation.

I'm not sure what they are using in undergraduate courses, but I think the toolchain by Wolfram has really advanced the way scientists work. It's far from perfect, but it is an amazing tool.


That seems kind of shady, I mean sure it sucks that it happens and it is kind of bad to have it as your top post but publishing just because you don't want it to be the latest post kinda downplays the publicity factor of being honest about what happened.


I'm sure j_s's comment was meant as tongue-in-cheek and not as an actual criticism. I have every confidence that eastdakota's response (http://news.ycombinator.com/item?id=4066982) indicating that it was just a coincidence is true.


If you can use python libraries there are a few libraries which allow you to use R functions through python, so that may be an option.


Here they are:

http://rpy.sourceforge.net/rpy2.html http://rpy.sourceforge.net/rpy.html


He describes his pacemaker here: http://news.ycombinator.com/item?id=3735443


I think the masonry style (like pinterest) layout is the wrong way to do something like this.

You want a CV kind of website to be easy to follow these just seem all over the place.


Well third party javascript makes a lot of people money how do you propose we get around their buying power?

Also what would the limits be of third party javascript be? Would it be allowed on the domain level so people could still use CDN's and other things easily such as cdn1.example.com, etc... if so It probably could be okay then people could use CNAME or A records to link to their legitimate third party javascript like analytics and ads and it could take away a lot of the possibility of malicious third party javascript.

The web however would probably have to change a bit because a lot of websites use third party javascript depending on your definition of it such as google's 1e100 domain and other such cdn measures that aren't necessarily served from a domain record.


Well then you get other problems such as dirty oil (unless you have a good seal). The biggest problem I see is that it lasts as long as the shortest lifespan of all the components then you get to go through buying a new one or the mess of replacing that part.



Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact