GitHub issue attachments

Holy Molly!  Finally, one of the two things that I’ve been missing a lot from GitHub saw the light of day.  From now on, GitHub issues can have attachments.  So far, they are limited to only image types, but that’s enough for the majority of the situations.  Because that’s what you need the most – a screenshot illustrating the problem.

Now, if only one could open up project issue tracker to general public without playing around with the API, GitHub would be complete and absolutely perfect.  But something tells me that’s just a question of time.  So, waiting …

The passwords are officially obsolete

Slashdot is reporting the story:

a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric. Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete. In a test, the researcher’s system was able to generate 348 billion NTLM password hash checks per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM for example, would fall in just six minutes

[…]

Gosney’s cluster cranks out more than 77 million brute force attempts per second against MD5crypt.

One of my favorite comments to the story:

So now that passwords as a system is officially broken, can we please move on to something better? Something that wasn’t invented to allow soldiers standing watch in the middle of the night to tell their mates from their enemies, but is actually designed for computers?

Solutions?  Well, for remote connectivity, I’ve been using SSH with key-based authentication.  For the websites, Google seems to be leading the 2-way authentication progress, with a combination of password and a one-time code via SMS.  These aren’t perfect, but they seem to be better than just a password.

Microsoft has failed

Microsoft has failed

Microsoft is largely irrelevant to computing of late, the only markets they still play in are evaporating with stunning rapidity. Their long history of circling the wagons tighter and tighter works decently as long as there is not a credible alternative, and that strategy has been the entirety of the Microsoft playbook for so long that there is nothing else now. It works, and as the walls grow higher, customer enmity builds while the value of an alternative grows. This cycle repeats as long as there is no alternative. If there is, everything unravels with frightening rapidity.

Read the whole thing – it’s a really good summary of where Microsoft stands today.