Slashdot Mirror

ArsTechnica has a decent review, even though its still beta

Bernie can actually run against Trump; if the Superdelegates believe in earnest that Hillary can't beat Trump and Bernie can, they'll side with Bernie.

I don't think any of them have it all on-target. Trump is a disaster; Hillary is at least stable (she's been Secretary of State for a decade), but won't take important forward action; and Bernie *will* take forward action, but has no idea how, and has a lot of breaking ideas.

We're facing a Technical Renaissance-Revolution problem at this point. Our technology paradigm is about to shift dramatically. We always have constant job reduction by technical progress (fewer employees to make the same thing), and this reduces the cost (and price) of goods and moves buying power to consumer hands, resulting in more purchasing and new, replacement employment, thus stabilizing the unemployment level. If we suddenly move the pace of advancement up (e.g. "automation"), one of two things happens: the pace of new job creation stays close to the pace of job elimination (technical renaissance: the entire country, from poor to rich, all get *extremely* wealthy); or the pace of new job creation falls sharply behind, creating high unemployment and a collapsed economy (technical revolution, e.g. the Industrial Revolution).

Bernie is correct on implementing a universal basic income, and not all there on *how* to do it. He doesn't have the reasoning for it (he's crying out against the rich and rallying for the poor, rather than looking at the economic threats on the horizon). Because of this, he's misinterpreting the problem space and installing damage (pushing toward a Technical Revolution).

In essence, to lean a TRR to a Technical Renaissance, you need to slow transitional unemployment and speed up replacement employment. Replacement employment is a natural process: while some 50,000 jobs are created each month, several million people leave the labor force (retirement, etc.) and enter the labor force (graduate college) in that same time span. That means the upper end of current employment falls off, reducing the pressure on a shrinking job market in a given profession; new skilled labor enters the market, and is adapted (with lag) to the changes. Thus speeding up replacement employment only requires keeping the consumer market healthy enough to buy jobs, which is in part accomplished *by* slowing transitional unemployment.

Well-designed UBI plans such as a Citizen's Dividend (universal social security) provide both of these. The non-wage income increases the buying power of the consumer base by increasing their effective take-home per dollar: rather than your employer spending $1 to employ you and you take home $0.60, your employer spends $1 and you take home $0.85 (at the lowest end, this can be greater than unity). This helps reduce wage-labor costs. For example, an employee paid $80,000 and married in a two-adult household would take home approximately $63,000 today; and, under my plan, you could pay that same employee around $64,000 and he'd *still* take home more. This effect is highly-pronounced at the lowest wage levels, where minimum-wage workers enjoy ~50% take-home increases without a wage raise.

Bernie's plans include minimum wage raises, among other things. In a stable economy, a minimum-wage increase concentrates wealth into a small subset of low-wage workers: you lose some minimum-wage jobs as the middle- and lower-class become poorer, and roll the difference into fewer hands in the lower class, thus those who didn't lose their jobs come out financially better off. In a TRR situation, a minimum-wage raise increases the cost of human labor relative to the cost of low-labor alternatives: we replace these people with machines.

In today

From what I gather, Hillary tried to get permission to use a secure mobile device to access her email but was denied. Condolezza Rice was able to use a BlackBerry but the NSA phased those out with no solution for Hillary. She was expected to read email on a laptop or desktop computer in a secure office, something rather difficult for someone who is frequently traveling.

According to several articles, Hillary spent a lot of effort to get a secure smart phone to use like Obama's BlackBerry. The NSA refused. Later they wanted her to use this beast. It was not a user friendly or very useable device. It was based on late 1990s and early 2000s technology, about 10 years out of date.

As I recall, the IT budget for the State Department was quite limited and they used antiquated equipment since the Republican House controlled the purse strings.

Here are a few quotes from the articles I linked to above:

"After the NSA turned down her request for a secure smartphone for email, and her staff determined that the existing State Department technology infrastructure was nonexistent for such tasks, Clinton ultimately decided to get down to work by installing her own fully functional email server and tying it into her own BlackBerry for email."

"Reid wrote that each time they asked the NSA what solution they had worked up to provide a mobile device to Obama, "we were politely told to shut up and color.""

"Clinton chose not to use a laptop or desktop computer that could have provided her access to email in her office, according to the summary."

"Mills also asked about waivers provided during the Bush administration to then-Secretary of State Condoleezza Rice for her staff to use BlackBerrys in their secure offices. But the NSA had phased out such waivers due to security concerns."

Basically there weren't any options but to use a laptop or desktop computer in her office for email, not a very good option for someone who is frequently outside of the office.

It looks like she was screwed no matter what she did if she wanted to access her email away from her office.

Can we at least get some data on the number of people who drown in their cars vs. a floating Teslas.

Surveillance systems are always abused in this way.

It's all marketing hype and mere armchair statistics.

Fortune doesn't know how to do the math, I don't know how to do the math, Musk doesn't know how to do the math, but perhaps a few readers of this comment could do the math.

It would take 275 million miles of autonomous driving to have any confidence at all that an autonomous car is safer than a human driver.

Ars Technica reported on it, and if you want to see the math, the RAND corporation, who are kind of experts at the math, have a detailed report available, which explains the math.

Basically, while the marketing engine can claim that autonomous driving is safer, it's not even possible to have any proof of it within any reasonable level of statistical confidence.

I mean, sure, we try to make driving safer, and assisted driving may help, but please, let's be realistic about where we're at.

TP-Link is not known for smart decisions. They were the first to interpret the new FCC regs as a big F-U to the open source community:

http://arstechnica.com/informa...

It's a shame - I have one of their devices serving my guest network pretty much flawlessly (using openwrt, of course). Never again.

It is impossible that this was a mistake by Oracle and their law firm. It's very normal that corporations learn proprietary information during a big suit like this, and there are all sorts of rules pertaining to how it can be used and who has a right to see it. Without these rules legal actions would be used all the time to find out how the competition is doing internally.

Take a look at the letter that Google's law firm sent to the judges in the case. It's short and does not contain too much legalese. It refers to the relevant case law and asks the judge for sanctions. They are going after both Oracle and their law firm, and accuse them abusing the courts and not respecting the judges.

Accordingly, Google respectfully requests permission to file a motion for a finding of contempt and the imposition of sanctions, including but not limited to: an Order precluding further access by Ms. Hurst to Google and third-party confidential information; an Order requiring all of Oracle’s counsel to sign undertakings under the Protective Order, reinforcing the importance of the Order; an award of Google’s attorneys’ fees and costs necessitated by Oracle’s and its counsel’s violations of the Protective Order; and such other relief as the Court deems appropriate.

This is the legal way of asking the judge to throw the book and Oracle and it's lawyers. Asking to have the Oracle legal team sign a document saying they will obey the law in the future makes them look really, really bad. Asking that Hurst not be allowed to see information means she can't continue to work on the case. If her law firm is looking for a scapegoat for loosing, she just got a target on her back. This sanction could end her career, so it is not likely it will be granted. Still, findings of contempt are very serious and have significant longer term impact. It boils down to how far the judges think that Oracle's law firm went over the line and how much they disrespected the judges and the law. People sitting on the bench take this very seriously so it could be a big deal.

Both Chrome and Firefox are available on iOS. Apple's restriction is that browsers must use WebKit. This was not a problem for Chrome, but Firefox had to be repackaged with WebKit.

http://arstechnica.com/apple/2...
https://en.wikipedia.org/wiki/...

Most of the articles on this dispute aren't getting too deep into what's going on, but here's some more information...

1. Spotify's current app allows users to subscribe through the app, using Apple's billing system, which gives Apple of cut. User's can also subscribe on the Spotify website, which bypasses Apple's cut.

2. Spotify is not allowed to advertise through the app that users can subscribe on a website outside the app. Spotify and Apple have had a dispute over this in the past, but Spotify chose to do as Apple asked, and removed all in-app subscription advertising targeted at iPhone users.

3. Spotify is now trying to submit a new version of their app that offers no in-app subscription method, period, and also has no advertising or instructions on how a user can get a subscription. Spotify is assuming that even with no in-app advertising or instructions, users will figure out that they can subscribe on the website.

4. Apple is claiming that this is still breaking the rules, and thus is rejecting the new version of the app. Spotify is claiming that this doesn't break the rules, and that Apple is just going to keep rejecting the new version of the app as long as they can so that users are stuck using the older version of the app that still has in-app purchases, from which Apple gets a cut.

It looks as though the "offers no in-app subscription method, period" is a bit misleading - according to Ars Technica, Spotify replaced the link with automatically sending you an email that you could use to sign up.

Happened over 10 years ago in Lafayette, LA. But it was a City vs AT&T and Cable.

https://en.wikipedia.org/wiki/...

http://arstechnica.com/tech-po...

But first of all, did anyone really expect "him" to come out and admit that this is merely a front for the Russian intelligence services running an active measures operation against a presidential candidate they don't like to aid the one they do? That's like expecting from Snowden come out and explain his relations to the FSB prior to boarding a plane to Moscow and especially afterwards.

The man claimed to have easily discovered a 0-day in a proprietary and not public piece of software very likely written in C# and JavaScript using IDA and WinDbg.

In addition, the Vice has found out his romanian is far from being good enough for a native speaker. And this prepared FAQ has a much better English than his prior conversations.

More information on this affair:

• DNC Hacker Denies Russian Link, Says Attack Was His ‘Personal Project'
• Shiny Object? Guccifer 2.0 and the DNC Breach - a more technical analysis from ThreatConnect.
• Guest editorial: The DNC hack and dump is what cyberwar looks like --- why this whole thing is not funny and should be taken seriously

Lemons every fucking one is a lemon. Again only morons buy piece of shit electric cars. Thankfully natural selection will take their idiocy out of the gene pool.

The link supporting the assertion that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." is not supported by the linked article. In the first place, the article is only about San Bernardino, not Paris. Second, it only says that authorities were trying to get access to encrypted data. In the San Bernardino case, there was encrypted data because the iPhone encrypts by default but there was no evidence released that the encrypted data contained anything relevant to the case. No article is linked about Paris. My understanding there was that French officials basically said that the terrorists must have encrypted there communication because they didn't detect anything. They offered no proof that encryption had been used. The assertion was like the one in San Bernardino - the suspects had used some encryption in the course of their regular use of technology, as most people do, but there was no definite statement that the encrypted communication had actually been used to plot attacks. Ars Technica reports no evidence of encryption being used.

The Paris attackers did NOT use encryption!
They used burner phones.
The TLA's just tried to use encryption as the reason why their spy machines didn't detect squat, and to try force new encryption laws down peoples throats.

Why does Microsoft have such an obsessive hard-on for Skype?

I'm sure it has nothing at all to do with Skype's longstanding status as the NSA's wet dream [pdf warning].

Use your mighty "grasp" and tell me the magic something that physically stops me from arranging the lights in my photo studio.

I told you (it was two lines, c'mon) that your precious EEs can have all the money they want, just find a delivery that doesn't rely on a big game of pretend ownership. Same goes for your $500 pills. In fact, that might be your saving move when those pesky $2 substitutions are discovered.

Ars has a better article, and has a map of which states are collaborators.

Sorry dude, the most efficient way for cars to handle a closing lane is to use all the available space and zipper with the next adjacent lane as near to the closure as possible. Those people are doing it right, and you are doing it wrong by merging a mile early and leaving that lane unused. See all the the guidance given or this study [PDF] or this one.

This might also be a good time to consider civility and not calling people 'dickheads'. Consider that even if you were right and they were wrong about the proper way to merge, that would just mean they were mistaken, nothing more.

Sure, but Google Chrome allows you to disable Javascript and force click-to-play for flash.

Last I checked, there is no such thing as "click to play" for HTML5 in Google Chrome.

http://arstechnica.com/informa...

I would say it's an oversight, except Google is an advertising company.

Encrypt all the files!!!

No exceptions.

They'll just lock you away until you tell them the passwords.

USA! USA! USA!

They'll do that to the first few.

Then people will wise up and it won't happen anymore.

Arm yourself or become a victim of your own government.

Encrypt all the files!!!

No exceptions.

They'll just lock you away until you tell them the passwords.

USA! USA! USA!

It's about how ridiculously easy it is for hackers to pwn your laptop and watch you over your webcam. The "community" that does that sort of thing has become pretty sophisticated in their tools.

Yeah the government could be watching me too. But while I oppose that on philosophical grounds, I don't personally do anything that might interest the government. Hackers OTOH are less discriminating, and it's easier to just eliminate the possibility of compromising pictures or even blackmail by covering the camera with some tape. The 1 cent it'll cost you is the cheapest insurance you can buy.

Closer to saving $0.005 per unit. Yes less than a penny. That jack might cost you $0.05 or a little more if you were to buy a one off, but in the 10,000s that Apple purchases them in bulk they are super cheap.

It's just a dumbass move by a dumbass company who is totally out of touch with the end user.

Also even at $100k, Apple pisses that 100 times over every single morning. It's nothing.

It isn't a cost-saving measure, you insufferable twit.

It is mostly about making the next iPhone waterproof. Yes, there are waterproof 3.5 mm jacks; but they are all necessarily much bigger (in all dimensions) than the non-waterproof kind (which are already almost too "thick" for current smartphones). And "bigger" (and especially THICKER) is obviously the last thing a smartphone designer (regardless of Brand) wants to be...

But due to its design, Apple can waterproof a Lightning connector much easier than a 3.5mm jack. So the Lightning conn can stay; but the analog headphone jack must go.

I am not sure whether Apple will just ship a Lightning Headset with that iPhone, and either include or sell a Lightning "DACJACK"(tm) for those who want to use old-Skool analog phones; or whether they will just start leveraging Bluetooth 5, but more likely, that will have to wait at least one more product-cycle.

http://arstechnica.com/busines...

SMS is notoriously unsecure. The encryption is only between the phone and the tower. A hacker could potentially intercept the message anywhere else along the transmission route. To truly be secure, it has to be end-to-end encryption, like SSL on websites. Apple sort of has the right idea with iMessage, except they manage the end-to-end keys themselves so they (or a hacker who breaks into their servers) could potentially read your messages. It needs to be done using keys generated and stored only on the endpoint device. (Which has the obvious drawback of past messages becoming unreadable if you lose your device. The keys should be backed up onto another personal device, but because people are lazy/foolish/ignorant Apple decided to back it up on their servers.)

And even end-to-end encryption isn't completely secure. There are apps out there which when installed on your phone will surreptitiously forward a copy of all your text messages to someone else. Likewise, if you lose your phone (unheard of I know, but it happens) your security is blown. In particular, for people with Android phones, 2FA for Google accounts via SMS is just 1FA. If a thief steals your phone, it's already got access to your Google accounts. And now they're going to 2FA validate you're you by sending a text to the phone in the thief's possession?

This is the same reason I switched from Google's Authenticator 2FA app to Authy. Authenticator just runs - it assumes your phone is secure and always in your possession. Yes you can and should put a password on your phone, but sometimes you do hand your phone unlocked to other people so they can use it, or a thief can steal it from your hands while it's unlocked and you're using it. Authy at least requires you to enter a PIN or password each time you use it.

Definitely don't LOOK Faraday shielded.

Best article I could find on what they are/how they work: http://arstechnica.com/gadgets/2014/10/i-let-yondr-lock-my-smartphone-in-a-sock-so-i-could-live-in-the-moment/

They seem to basically be a cell-phone sized sleeve with a "security tag" style locking mechanism.

For example, see the article http://arstechnica.com/cars/20...

You mean like opening their own delivery service?

http://www.fox13news.com/news/...
http://arstechnica.com/informa...

Blindy following directions are never a good idea. You should have some overview over the land you are travelling through.
http://arstechnica.com/cars/20...

So you're saying that I can't play Nintendo games on my Playstation

You would be able to, except Nintendo messed that up by being late to notice a detail that Sony snuck into its publishing contract when the "Super Disc" peripheral for the Super NES was under development. This caused Nintendo to kill the Play Station, a second-source Super NES made by Sony with a built-in CD-ROM drive analogous to Sharp's Twin Famicom. Sony retooled it without a cart slot under the code name PSX, and the PSX project resulted in the PlayStation console that Sony put out in 1995. (The name "PSX" can still be seen in the "PS-X EXE" header in every PlayStation 1 game executable.)

or listen to CDs on my tape deck?

I've listened to CDs on a tape deck several times. One way is to use a CD player to make a private reproduction of the CD on cassette pursuant to 17 USC 1008. The other is to connect the CD's line-level audio output to a tape adapter. There is no analogous process for software because the execution models differ so much between platforms that an automated process run by the end user cannot bridge them lawfully and efficiently.* So are you suggesting that most people are supposed to buy and carry a MacBook, an iPhone or iPad, an Android phone or tablet with Google Play, and a Windows Phone? Because that's the only way to run the exclusive applications of all six platforms that I mentioned.

* I said "efficiently", and emulation usually isn't very efficient. I also said "lawfully", and the mobile operating systems I mentioned (iOS, Android with Google Play, and Windows Mobile 10) aren't readily available to the public for use in emulators. The Android components in AOSP are, but a lot of apps either depend on Google Play Services that aren't in AOSP or aren't available outside Google Play Store.

Indeed, research is a bit part of what NASA does - and IMHO, it should be bigger. I agree with Buzz Aldrin that NASA should revert to the earlier NACA model.

Good job TVA finally bringing another nuclear reactor online. It's clean, it's safe, and it's advanced.

Shame on slashdot "editor" BeauHD for adding in the unrelated story about renewable energy overtaking natural gas.
DID YOU BOTHER TO READ THE SUBMITTED ARTICLE???

Seriously nice article today about Sourceforge and Slashdot Media all improving must have missed that there are people running the show who can't read.
http://arstechnica.com/informa...

E

Love that these folks came up with this and have it running in the U.S.:

http://arstechnica.com/informa...

Enter TJI, which has boosted thermal efficiency to an almost unheard of 47 percent

http://arstechnica.com/cars/20...

And on that note there's apparently a Flash 0-day out there that's being actively attacked with the patch scheduled for tomorrow at the earliest.

So, uh, yeah.

To correct your metaphor you'd need to distinguish the vehicles on the road by brand, not by their capabilities.

The government, that maintains the roads, gives priority to the buses, which it also runs, how is that? For another, the government, which wants everybody to pay tolls electronically (to make it easier to track citizens' movements), gives priority to cars that have E-ZPass installed.

The problem with Internet Service Provision is lack of competition. Adding more and more regulation only helps the incumbents ward off would-be challengers.

I've always viewed the entire net neutrality debate as a (hopefully) temporary sideshow while/until we fix the larger problem of lack of competition. The only reason (e.g.) Comcast is able to pull the shenanigans that they are is because we can't go anywhere else.

The problem is, such regulation impedes competition — the more "reasonable regulations", that the governments — Federal and lesser alike — throw at the ISPs, the harder it is to unseat the incumbents. Comcast CEO plays golf with Obama — do you suppose, Obama-appointed FCC-commissioner(s) will be equally fair to Comcast and a challenger?

The less free the market — and government officials deciding, what the owner can do with his cables, is unquestionably reducing freedom — the harder it is for Capitalism's usual forces to work their magic.

I think I'd have more reservations about the OLED panel than anything else - mostly because of aging.

Ars Technica's review of the Samsung Galaxy TabPro S seems to really put a fear in the panel from the get-go - the screen dims quickly, uses screensavers, etc. All in a kinda-sorta nudging way to say it's going to be dead in a couple of years.

And the brighter you crank it up, the shorter its lifespan. I think in the end it feels like it'll be pock-marked from use in less time than an SSD takes to die, or before the batteries go.

C'mon, it's 2016. Where is compression?

Well, it has been part of HFS+ since Snow Leopard (2005). Where have you been?

So, I would imagine that the new FS will support it as well.

I was hopiing Apple would license ZFS

ZFS is under CDDL and would not even need to be "licensed" in the usual sense — it is free for anybody to take. "Too free" for certain zealots, in fact, which is why it was not part of Linux kernel for a while — until the supposed "license incompatibility" myths got debunked.

Even Linux now offers ZFS — Apple would've had a much easier time porting it, because MacOS is already FreeBSD-based and the FreeBSD-project had ZFS available "out of the box" for several major releases spanning many years.

What did Apple find lacking about ZFS, that would justify creating their own, is, indeed, a mystery. Probably, a case of the Not Invented Here Syndrome. Sad...

In 5 years you may not be able to buy a dumb TV anymore, as manufacturers are shifting away from them. It's rather onerous to buy a dumb TV now, unless you want to order one online and deal with returning the first couple that show up broken. Go to any big box store and look at the big screen display televisions they have hooked up. Almost every one of them is internet enabled and some of them are internet required. As in, if you turn on your TV and it can't phone home to the mother ship, you aren't watching anything today. Not even from your DVD player.

A TV is no longer an appliance that you buy, own, and use as you see fit. Having a TV in your home is quickly becoming a "service" that you must license and rent from a company like Samsung. Of course Samsung won't send you a monthly bill like the cable company does; they'll get their cut through the device itself, with always-on microphones, viewer analysis that would make the Neilsen ratings people cream their pants, unskippable advertising, and constant spying on your household to monetize you. This isn't tinfoil hat stuff, it's been evolving for a few years already.

The masses will accept these Telescreen devices because the price goes down a couple hundred dollars. And the manufacturers will stop making televisions that don't do this shit. Give it a few years and trying to buy a dumb TV that doesn't require internet access will get you blank stares or laughed out of the store like you'd get if you tried to buy a CRT television today. You and I, who want to buy a TV without any of these "features," will be relegated to poking around at garage sales hoping to find one that still works.

There IS a new filesystem. http://arstechnica.com/apple/2...

Has Xbox won a generation yet? The PlayStation 2 soundly beat the original Xbox, and the underpowered Wii beat the more powerful Xbox 360 in all regions. Early Xbox One sales were marred by loss of goodwill from #dealwithit, and the PlayStation 4 is reportedly beating its competition nearly two to "One" after two years.

Re "Their corprate first attitude, has basically sold/given all the spectrum to organizations which hate the idea of individuals not having to be locked into paying monthly extortion.."
The idea is just to stay with local gov approved provider(s) no matter the low speed or lack of any local network investment. With ever more gov regulations its back to POTS, costly last mile partial networks of optical or coax from your gov approved monopoly or cozy duopoly network provider.

How a group of neighbors created their own Internet service (Nov 2, 2015) http://arstechnica.com/informa...

No, it's not that there is more than one. It's the same one. Knowledge of the relationship isn't new. It was mentioned in this article from 2012 and specifically points out any case would be assigned to another judge.

For LinkedIn, the problem with the credentials that were leaked by hackers is that they were not stored securely with proper salt. Within a few days of starting on it, security researchers cracked 78% of the passwords resulting in almost 50 million unique passwords. Attackers undoubtedly did the same over the years since the breach. This gave attackers millions of actual passwords to use in future attacks. As for how Netflix and Facebook can tell you are using the same password, they could get the list of cracked passwords that users are using from the breaches, matching them with email addresses of their own users then hash the password using the algorithm they use along with the salt for that user and compare it to the user's current password hash.

Here's a blog post about the cracking effort:
https://blog.korelogic.com/blog/2016/05/19/linkedin_passwords_2016
And here's an article about why this is so bad:
http://arstechnica.com/security/2016/06/how-linkedins-password-sloppiness-hurts-us-all/

At least in the case of the MySpace and LinkedIn leaks, the passwords themselves were posted online, so it'd be fairly trivial for Netflix et al. to run the lists through their hashing algorithm and see if it gets any hits against their users.

LinkedIn was employing a fast hashing algorithm with no salt back in 2012 when their database was stolen. Which is about one step better than plaintext, given that an attacker can hit it at full speed and can crack them en masse because of the lack of salt.

MySpace apparently began employing doubled-salted hashes in 2013, but the login credentials that leaked were ones that hadn't been used past that time, so MySpace hadn't been able to update them to be more secure since it sounds like they were employing simple hashing prior to that.

As for Tumblr, they said they employed hash+salt on the database that was leaked, so it should indeed take awhile before anything besides commonly-used passwords start showing up from it.

Odd that I switched to a new AT&T "Unlimited Plan" which gives me 22GB of data before throttling me down to the stone age and now Ericcson is predicting 22GB will be what everyone needs in a few years. Not 20GB, not 25GB. What's so special about the 22GB amount? http://arstechnica.com/busines...

#1. But I can't remember all those passwords.
  - use a password manager

#2. But I like the formula I use. It's my name + the website name.
  - no. Just use a password manager

#3. How will I know that my password isn't in a dictionary list?
  - use a password manager and have it generate random passwords

#4. But I cannot remember long passwords.
  - use a password manager

Also, "ieatkale88" can now be cracked in the same number of tries as "iloveyou" or "pAsswOrd" because they are now all added to common dictionaries.

Once you publish your "secure" password someone will add it to a dictionary.

http://arstechnica.com/security/2016/06/how-linkedins-password-sloppiness-hurts-us-all/