Hacker Newsnew | comments | show | ask | jobs | submit | vivekian2's comments login

On an unrelated note, sad to see altdevblogaday has gone away :( Sure the pages are cached somewhere, but the posts always made for interesting reading.

Couldn't agree more. It went away shortly after I discovered it, and although there's a lot of awesome information in the archives, it's a shame no new content is being added.

The best deal I have found in store is at Costco where for $49 you get a 24 pack of Mach 3 razors.

http://www.costco.com/Gillette-MACH3-Turbo-Cartridges-24-Cou...

-----


I love Wunderlist especially because it works on my work Linux desktop, home Macbook, iPhone and what not.

I wonder what does this entail for users like me? Is MS going to leave the app as it is or is it going to be integrated into something else?

-----


Its amazing how we think the grass is greener. I have been doing systems programming for the past 7 years and have been thinking about moving over to JS based web development for the past few months.

-----


Actually both of you are right. You need a break from what you have been doing from a long time. Perhaps exchanging your jobs with one another might help. :)

-----


Agreed. I think we humans just need change every now and then. Even when the problems and tools we use to solve those problems never change, we still somehow get upset with the tools or the problems.

-----


Really?

Making sure that the financial needs of your loved ones are met if you do depart in a sudden manner, is the most selfless thing you can do. It has nothing to do about making you feel happy, it has everything to do with being pragmatic so that they have one less thing to worry about.

-----


Not dying and living life is both selfish and (one hopes) better for your loved ones.

But that's hard. It means you have to be healthy. Reduce stress. Spend quality time with people.

Filling out a will is an easy escape.

Doing the best for yourself and loved ones is hard. The second half of the article touches on this.

-----


Every Saturday, I would step out to do grocery at 10:00am and tune into 88.5FM KQED which would be playing 'Car Talk'. I instantly warmed to the humor and banter the hosts expressed. They were top notch diagnostics as well. No doubt about it, Tom will be deeply missed. RIP.

-----


You bet. Sometimes I feel a lot of these homepages were lost to page ranks and our quest to search everything on Google.

-----


I think what I really miss is reading web pages which were truly written from the heart. I remember even as far as back in 2005, for a search like "unrequited love", Google's top hit would be a link to a physics Phd's home page who had written about his multiple experiences of being declared 'just a friend' and how to get past being rejected over and over again.

Jump to today and the Google search yields following the obvious wikipedia link, is a whole bunch of wikihow, nytimes, urban dictionary and youtube links.

Those personal web pages with an intellectually rich content have just been lost to the dark internet.

-----


Or you could just feed "sha1 <password>" to the duckduckgo.com search box and it will give the result.

-----


Some people have this thing against sending their private passwords in plaintext to third-party websites...

-----


You're sending the hash, not the password.

DDG supports SSL: https://www.duckduckgo.com/

If you want coverage, generate a few hundred thousand SHA1 hashes along with your password.

Actually, running a trickle query of random SHA1 hashes from your box might be a fun exercise, along with a trickle query of random word tuples (bonus points for using Markov chains to generate statistically probable tuples).

-----


If you search for 'sha1 foo', that's being sent across the network to DDG's servers. And sure, if you're using SSL then it's not going across in plain text, but it's decrypted and handled on their servers in plain text; it'll probably even end up in logs and/or tracking databases somewhere. You're giving DDG your password.

-----


A hash is not a password.

At worst you're giving the attacker a hash target to try brunting. He still has to brute it, and that takes time. Select your plaintext from a large enough keyspace and it's astronomical time.

I'll need to review their policy more closely, but DDG claim fairly minimal tracking. At best someone might be able to correlate hash lookup with some IP space. That's a long way from handing over passwords. And as I already indicated, you could cradled the queries to make the search space much larger.

-----


No, no, no. You're 100% completely misunderstanding this.

When you search for 'sha1 foo', that query ("sha1 foo") goes up to the server. They know your password is "foo" and that you're attempting to "sha1" it. They don't have a hash, they take that data and perform the hash, then send that down to you.

-----


Boggle.

OK, gotchya.

I guess I'm just too damned used to using systems that, you know, have useful tools installed locally (or can get them there really damned fast). Including SHA1 and MD5 hash generators.

And I was all worked up to tell you how wrong you were still being.

All because I couldn't fathom the possibility let alone reason anyone would need a third-party site to compute their hashes for them.

Silly me, my error.

-----


Well presumably you've already changed your LinkedIn password, so what's not to send?

-----


Challenge accepted (although this is pretty crude)

curl -s -d q="sha1 password" http://duckduckgo.com | w3m -T text/html | grep '\w\+\{32\}'

-----


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: