If you're interested in guitar, it's worth looking at some music from West Africa. A lot of music from that region (at least a lot of what gets exported as "world music") relies heavily on guitar. Maybe the renaissance of the guitar just won't happen in the US / Western Europe.
This is a clever idea. I really don't want this to come off as discouraging because I love stuff like this.
That said...
This shows the limitations of relying on orthography as a proxy for phonetics, especially in a language like English where the spelling is such a disaster.
In my mind, "eoptoesw" and "quwyh" are not pronounceable as English.
And is "twutinn" pronounced too-tin or am I supposed to pronounce the "w" somehow? And if I remember my password is too-tin, how do I know it wasn't spelled tootin or twotin or twotinn or tutinn or tutin or...
At the very least, you should consider which consonant clusters can occur at the beginning, middle and end of words. They can't all occur everywhere. Then I'd try to eliminate as many homophones as possible. That might get you a lot closer to truly pronounceable and non-ambiguous passwords.
I don't know if anyone will read this at this point, but if you're going to proof-of-concept an exploit, please make that clear in the title or have an opt-in step with an explanation of what it will do like the EFF uses on https://panopticlick.eff.org/
I do not appreciate being tricked into running your exploit proof of concept, especially when you put content in it that I otherwise would not have clicked.
> Attackers use programs that try all words in a password dictionary, which is typically just a file of commonly used words in a given written language. These programs will even use combinations of these words, and permutations based on common replacements of letters with numbers or symbols
The author then goes on to say...
> Compare the password "B5s9z-Qx" with the password "SophisticatedpwsRock!!".... The first would be 72⁸, or 722,204,136,308,736 possible passwords. This would take a desktop PC roughly 3 days to crack. Compare that with our second password, which would be 72²² or 72,663,267,215,268,556,211,671,874,973,277,863,542,784, that’s a lot of possibilities.
This is a contradiction. A 10-letter word does not add as much entropy as 10 random characters. If you assume it does, you will cripple your security.
Seems like you decided to quote the article, yet ignore the actual advice.
>Password length is 99% of password security. Password complexity is a distant second when it comes to modern password security.
He doesn't say to use a common 10 letter word with no complexity, which you infer with your comment. It's also comparing 72^8 with 72^22. The point of the article is that length trumps complexity. Not sure how you came to your conclusion.
My point is that 72^8 and 72^22 is an invalid comparison to determine the relative strength of those passwords.
B5s9z-Qx is 72^8
SophisticatedpwsRock!! is something like number_of_common_words^2 + 26^3 + 10^2. In other words, two common words, three lowercase letters and two symbols.
They give a guesses_log10 of 8 for "B5s9z-Qx" and 12.76155 for "SophisticatedpwsRock!!". In other words, the latter is stronger, but it's not 72^14 times stronger. That's where the article messes up.
An attacker isn't going to crack "SophisticatedpwsRock!!" by trying 72^22 options. Just like an attacker isn't going to crack "password" by trying 72^8 or even 26^8 options. They're going to try 1000 or so options of super common passwords for "password" and some combination of dictionary words, abbreviations, symbols, common transformations, etc for "SophisticatedpwsRock!!". This makes the search space much, MUCH smaller than 72^22.
>My point is that 72^8 and 72^22 is an invalid comparison to determine the relative strength of those passwords.
That's fair, but you're talking about directly attempting to crack as opposed to rainbow tables, which I believe was the authors intention, mapping the full key space. In this case, the exponents still hold.
>Do not follow this advice on passwords.
Additionally, maybe your first comment's point wasn't well articulated, since the author's work has proven true in your own tests for the passwords given, length trumps complexity. I would also argue that he doesn't say anywhere do not use complexity, he specifically points out however that banks use complexity as a mask of security while limiting length.
"Internationalization" is 20 letters long, but it will be cracked in seconds by even a moderately sophisticated attacker. (zxcvbn gives it guesses_log10 of 4.34708)
The only way to measure password strength is to estimate the number of guesses necessary to crack the password. That means figuring out how many possible passwords could have been chosen for whatever method you are using to pick your password. In the case of "SophisticatedpwsRock!!", the method is something like: common adjective with a common transformation (capitalization), relatively common abbreviation, common noun with a common transformation, common punctuation, common punctuation. The number of possible passwords using that pattern is what you should be interested in, because that is how the attacked is going to get your password, not by trying every possible combination of characters.
For a simple example, the passwords "i like salt" and "you like pepper" should be considered equally strong (or equally weak as the case may be) since they follow the same pattern for generation. Any system of determining password strength which gives them significantly different strengths is misleading. In this case, if we followed the method the author used, we would say "you like pepper" is 26^4 times stronger, which is absurd. (zxcvbn by comparison gives them both almost the same rating: guesses_log10 of approximately 8.)
You cannot take a password picked by one method (common words) and score based on another method (characters). Passwords are only as strong as the easiest possible way to guess them. If you generate 8 random characters and they happen to spell "password", your password is still weak because it can be guessed by a much easier method than going through every combination of 8 characters.
Find the easiest way to approach guessing a password and see how many tries it would take using that method. That will give you the strength of the password. Counting characters will not.
>"Internationalization" is 20 letters long, but it will be cracked in seconds by even a moderately sophisticated attacker. (zxcvbn gives it guesses_log10 of 4.34708)
Literally nothing to do with the article and an absurd choice for a password to make your (misguided) point. Length does trump complexity, however once again I'll repeat, the article doesn't say complexity doesn't matter. It does. It says it does.
Sorry my man, I think you missed the point of the article entirely. I also think your knowledge about how passwords are cracked in the wild is off base. Your theoretical thought experiment here isn't how it's done. Also the Dropbox password calculator you provided proves it. Every single character added to a decent password adds guesses_log10 assuming moderate complexity.
English is spoken by over a billion people. Many of those people, even ones who are native speakers, have accents that are nearly incomprehensible to American English speakers. There are even debates about whether some dialects of English are actually separate languages at this point.
With respect, is this not proving the opposite point?!
If my accent is incomprehensible to the American English speaker, it is crazy for me to talk!!!
We need to communicate. My American founder has the strongest capability, for this extremist challenge. Every second I am taking from him, is one second he is not communicating.
I obviously can't tell you how YC will respond to your video, but I find it very unlikely your accent is incomprehensible if your American cofounder said it was fine.
If you fall closer to the second example, then American English speakers may have trouble understanding you clearly, but if you fall closer to the first, then I can't see anyone having a legitimate problem understanding you.
But again, I'm just trying to address actual comprehensibility issues. I can't say whether YC will respond positively or negatively.
Put simply: It matters because taste is not the only criteria used to select which seafood to buy.
One might make a choice based on mercury content, environmental friendliness, dietary restrictions (medical or philosophical), to support (or abstain from supporting) a particular industry, or something else entirely.
To allow fraud which can't be detected on the palate is to deny buyers their freedom to choose based on any criteria other than taste.
It is not up to the producer what criteria buyers use when choosing their purchases.
Also, if the consumer shouldn't care, the producer shouldn't either. If the producer thinks it shouldn't matter what it says on the label, well then... no harm in putting the right thing on the label, right? No? I guess it matters then.
Why land? Fuel makes up a very small percent of the launch cost of a rocket. Landing also allows a much better experience for cargo and crew return, and it makes it possible to bring equipment to other planets or moons.
Why vertical? Vertical landing is much more flexible. You can land on a barge at sea. You can land on the launchpad itself. You can land on a planet or moon with no atmosphere.
> You can land on a planet or moon with no atmosphere.
IE: Mars, the ultimate SpaceX goal, which has just enough atmosphere to be annoying but not nearly enough to make parachutes work, so they had to find another way to land a big enough payload to transport 100 tons of stuff there
The advantage to powered landings is they work well for delicate stuff like people. Or in space X's case they are landing a really light shell and have a really powerful engine already attached.
I feel like there is a [Citation Needed] for that Wikipedia quote.
All existing landers used an aeroshell and parachute sequence, but that doesn't mean it's impossible to land with just Rockets. The aeroshell/parachute method is used because it allows landers to come straight in from a Hoffman transfer orbit, bleed off all that extra speed and land with the least amount of fuel required. But it's way to risky for a manned lander, as the landing date (and location) are locked in months ahead of time with no option for an abort or delay.
A manned lander is likely to aerobreak into a stabke Mars parking orbit first. Allowing the crew can check the lander, check the weather at the landing site and detach from a reusable transfer module. From low Mars orbit, they are going much slower and need to disperse much less energy.
You could just throw Rockets and fuel at the problem. Or wings might be far more attractive than a parachute for slowing down in the upper atmosphere (though, any wings would have to be massive to actually glide all the way down to the lower atmosphere or land)
In either case they use heat shields so the post heat shield second stage will be at the same velocity. Mars has ~0.6% of earths atmosphere, and ~40% the gravity so a heat shields going to hit terminal velocity at ~66 times earths terminal velocity. This only get's worse as you scale up due to mass vs surface area issues. Parachute can bleed off 80+% of that speed for little additional weight unlike wings which would need to survive supersonic retry heating making parachutes a no brainier. http://pics-about-space.com/re-entry-nasa-mars-landers?p=3#i... 1km/sec = 2,236.94 MPH.
Starting from a circular Mars orbit rather than Hoffman transfer would put their initial entry speed closer to 7000mph.
> Parachute can bleed off 80+% of that speed for little additional weight unlike wings which would need to survive supersonic retry heating making parachutes a no brainier.
Sure, Parachutes make a lot of sense for a one way trip.
But Parachutes are a consumable, one which would be really hard to manufacture on Mars (compared to rocket fuel, which just requires water, carbon dioxide and electricity). Also the size of the parachute gets ridiculously large for larger spacecraft.
If you are planning to make a rocket which shuttles people or cargo (or fuel) between Mars' surface and low Mars orbit, then it makes a whole lot more sense to just manufacture the extra fuel on Mars rather than trying to manufacture parachutes on Mars or shipping extra parachutes to Mars.
As for wings, you don't really want to use them for the subsonic phase. I'm not really sure how viable the idea is, but you want to use them to prolong your trip through the upper atmosphere, where the atmosphere is thinner. This allows you to stretch out all that supersonic atmospheric heating over a much longer time period, at a much slower rate than what your heat shield can dissipate.
Retractable or reconfigurable wings might be needed so you can maximize lift in the upper atmosphere then minimise drag through the supersonic to subsonic transition.
If you are sending stuff back up then parachutes are reusable, but heat shields are not. There might be an argument if you where landing thousands of rockets a day and had giant city's on mars. But, by that point you can just make more.
Depends on the heat shield. The Space Shuttle's heat shield was designed for reuse (though in practice the tiles were so fragile that they needed extensive checks and occasional replacement before each reentry).
I notice that Spacex have designed their ablative heat shield to which can withstand hundreds of reentries to Earth without any replacement or refurbishment. Still technically a consumable, but I really doubt anyone is happy with re-packing and re-using the same reentry parachutes hundreds of times.
And that's reentries to Earth, where the entry velocity is 17,000mph and the atmosphere is 100 times thicker. Such a heatsheild can probably withstand thousands of Mars reentries at just 7000mph before replacement.
Well, they're landing a really light shell with a really powerful engine for now, on Earth.
Mars is gonna be a different story, considering the Red Dragon mission in 2018 (with already existing infrastructure, since the Red Dragon will basically be a Dragon 2 capsule and the S1 for the mission will be a Falcon Heavy) is gonna have the heaviest payload ever landed on mars with a semi-empty Dragon 2, and all the missions after that will probably try to land at least one MCT, which would be heavier of a Dragon 2 by itself, with some cargo...
Luckily the MCT will have an even more powerful engine, and Mars's lighter gravity will probably help!
No, but the cool thing is, SpaceX is using their first stage landings to do research that will advance their goals on Mars.
In order to land large payloads on Mars, SpaceX is going to have to do something that, up until recently, has never been done before. They're going to have to fire a rocket engine 'backwards' in an atmosphere (albeit a thin one) while travelling at supersonic speeds. This will be necessary in order to slow down enough to actually land (parachutes don't buy you much on Mars).
This 'supersonic retropropulsion' is something that has been modeled a lot, but is really hard to actually test. You would need to get a rocket up to supersonic speeds, in the thin upper stages of Earth's atmosphere (where the conditions are close to that of Mars) and have it fire its engines backwards. As luck would have it, that's exactly what the Falcon 9 first stage does during its reentry burn. The data they are collecting now will be invaluable in designing their Mars bound spacecraft.
No it won't, but they're definitely gonna reuse the tech they're developing to land the S1 on Earth to land the MCT on Mars
And to land the BFR S1 on Earth, which I'd guess would be a bit too much for parachutes even with Earth's relatively thick atmosphere, if what people have been saying on Reddit is right
I don't think they're a source of materials used in the project (my first guess) because they can be found quite far away from the site, are present across varied terrain, and lack road access and indicators of work (eg tailings). Such uniformity in natural features always piques my interest. Will just be one of those endless mysteries of the desert, I suppose.
Those look a lot like creosote rings [1]. Creosote's native to southern Nevada and grows in clonal colonies that end up looking like rings, and that looks like a nice wide place where water would gather.
https://www.youtube.com/watch?v=BvVe1iKltAw
https://www.youtube.com/watch?v=gINDDDo3do8
https://www.youtube.com/watch?v=TW1s84p17ec
https://www.youtube.com/watch?v=cimqPFZvo4c
https://www.youtube.com/watch?v=A7My5IpEzVM
https://www.youtube.com/watch?v=HhL_asWgVTg
https://www.youtube.com/watch?v=r4-uq8cTF7o