Slashdot Mirror

I suppose we could invent a new standard specifically for linking to XKCD references. Even though it violates the spirit of that comic here's a standard HTML link for that thing.

Obligatory XKCD

I smell another CF like shill ... you are either less intelligent than an eight year old, or a liar ... If you are so ignorant you can't understand that, well, see the 8 year old analogy above.

Don't be the first to throw a punch if you can't take one in return.

It sounds like you don't really know what entrapment is, and can't be bothered to learn. COINTELPRO and Mockingbird were about propaganda, not really prosecution. Now if you don't mind, I need to find a water slide.

I find that a grand majority of people are absolutely unintelligent. They're not very capable of logical reasoning; complicated abstract thought is foreign to them; and they're highly unaware.

But of course, you are different, right? Relevant xkcd: http://xkcd.com/610.

Anybody on Slashdot who doesn't know who she is ... get the fuck out, because you're on the wrong website.

You might try wrapping your head around this: obligatory XKCD.

And you're going to demonstrate your independence by reiterating a weak pun that's well worn enough to have both a Wikipedia entry (which notes its "shrill and excessive use") and an XKCD already in place?

Exactly. The smart people will believe it's too expensive or not the right time to raise kids while the stupid people will fuck for fun and then have a bunch of kids. Soon there won't be any smart people left and the problem will be solved.

Obligatory: http://xkcd.com/603/

XKCD ridicules the notion that dumb people reproduce more than smart people, and claims that it is "wrong". But is it? I cannot find any reference for birth-rate-by-IQ, but here is a reference for birth-rate-by-income that shows that women in households with income below $10K have nearly twice the birthrate of women in households with income above $75K. Income is not IQ, but they are highly correlated.

It isn't clear if the birthrate-by-income is corrected for age, so it could be skewed because the poor women are younger, while more of the rich women are past childbearing age.

Exactly. The smart people will believe it's too expensive or not the right time to raise kids while the stupid people will fuck for fun and then have a bunch of kids. Soon there won't be any smart people left and the problem will be solved.

Obligatory: http://xkcd.com/603/

a testing company, like Underwriter's Labs is for physical goods

A single testing company, like UL? Now, don't get me wrong - I've every bit as much confidence in UL's certifications as I have in TUV's. Or Det Norske Veritas'. Or BASEEFA's. But in the real world, one certifying company is just not going to cut it. And it doesn't, as the above list of the certifying authorities (with whom I have had to deal with often enough to remember their names) suggests.

There's an XKCD for that. xkcd.com/927/

Actually, the situation isn't quite as bleak - for hardware - as 927 suggests. There are widely applicable standards organisations for many things (I can add IDEST to the above list!) which are fairly well established in those fields, and which consequently have troubles with people counterfeiting their trademarks to falsely claim approvals that they don't have. But it's not a single unitary authority. And I doubt that one code-tester agency "to rule them all and in the lightness bind them" would happen for software either. Several bodies ... yes, but not one. Which is part of the jockying for position that Red Hat, Mandriva, Debian, Slackware and a few others are indulging in. (There's little point in differentiating amongst, for example, the Debian derivatives. At this level.)

http://xkcd.com/793/

AIDS

I don't want directions.

The program itself is just an executable jar you have to configure, comes bundled with a tomcat if I remember correctly

uh I mean tomcat server not this

In re-reading my last post I notice my tone got a bit testy among other things - I apologize, as I do for the tardiness of reply due to stuff getting in the way.

Aaargh, I hate those kinds of color-coded graphs; they're pretty, but with having a good bit of red-green color blindness... I mean, peanut butter is green. Well, isn't it? [grin] I found this, first result, which gives the same numbers in an easier to see and grasp way - I hope you'll find it OK: http://www.cbpp.org/cms/?fa=view&id=1258 and there are others. A while back, Randall Munroe over at xkcd.com put together his money chart, which I found illuminating. http://xkcd.com/980/

I don't dispute these figures at all, but I thank you for pointing them out.

What I refer to, tho, is the stuff that doesn't so easily show up, often because it's obscure - weird labeling, inclusion as an innocuously-named line-item in some bill, what have you. I just did a search on "corporate welfare" - dive in anywhere, really. The Cato Institute, whence comes the fine graph you present on income distribution, seems to show up a lot, as does cbpp.org. Did I have the time to get into it now, I'd want to get at more of the source data, much of which comes from government. I don't advance any particular search result as proof, but maybe evidence, and certainly entry for further delving.

Corporate stuff comes in many flavors, going back to the no-tax wild-catting during WWII to things I see in my area such as "If you don't cut our taxes in half, we're moving to $some_place_else." (The latter is considered by most to be entirely proper business practice; I can say only that it often leaves a bad taste in my mind. We've seen examples of how some of this works externally and internally going back to United Fruit and others over a hundred years ago, to the Seven Sisters from the '50s to present day, and so on. As some big companies become multi-national, some of these are becoming, trans-national, and wielding power greater than many nations. It's just business. The ramifications for policy and taxation in any one country get more problematic at best.)

Re automation - no, don't mean it Luddite-way. I just think there are some real shifts in the making. Best I can reckon, the U.S. never fully recovered just from the automation stuff starting in the automotive industry. Yes, new jobs are created by new technologies. My contention is that increasingly there will be fewer of those new jobs than those displaced - and that this combines with the simple reality that an increasing number of people will be at their own limits of being able to be educated and trained to do the new jobs, let alone possess the basic blend of abilities needed for service jobs such as burger-flipping (robotic, soon) or janitor work. (Funny, that; in hospital I saw the cleaning ladies work hard and well, but they were trained by someone who doesn't know shit from Shinola - simple, easy, quick, and _effective_ areas are missed, because the training idiot is functionally blind to what cleaning is and why it's to be done. If the robots that eventually take over much basic cleaning aren't properly programmed, that situation will not change. I'd hazard to guess that both of us have seen plenty of examples of things designed and built or programmed that are obviously not used by their vendors, because they just don't work well or easily.)

"Such government programs tend to work in the short term; but they fail in the long term as people learn how to game the system." Absolutely. Concur. Agree. Right on.

Re Congress. Nope, not central planning. Their responsibility for levies, taxes, budgets does have a bit of effect in that direction, but that's not the point. The point is they've been avoiding some issues while fiddling the numbers here and there, gaming the system for the advantage of themselves, their party, and their funders, rather than for the good of

http://xkcd.com/908/

http://xkcd.com/927/

Let me go back to the last discussion we had here about Apple's lightning connectors and find all the people who said a reversible connector was too difficult to manufacture, expensive, and fragile for anything but overpriced shiny hipster fanboi Apple gear...

Also, olbig. XKCD

Too lazy to link to xkcd?

... because what we always need is another standard.

Ummm...

The Cautionary Ghost has shown me the future of "literally."

http://xkcd.com/1108/

I haven't given up on "begging the question" and people who say "further" because they think the uuuuurrrr makes them sound more erudite - as if they had their tea pinkies up in the air...

At this rate, I wouldn't even be surprised if we ended up having to worry about not enough men attending university in the coming years.

Obligatory XKCD

What's not clear in "high-speed access to the new servers"? Or are you assuming all servers are on the other side of the internet?

Don't trip over the cable.

That's why government agencies often botch this kind of thing (and they aren't the only ones).

Yeah, government used to do a better job, but then we decided that government should be run like a business.

I blame that treasonous bastard Reagan. We did elect him, though, so I guess the majority of voters got what we asked for.

OK, looks like you're a friend of Ison but before you go on a date with Jupiter, maybe you should first talk to those who knew Shoemaker-Levy 9.

We make stuff for phones! Like apps and stickers! We want to hire you to write on our computers. We can offer you a bunch of paychecks!

English is a very big dictionary. AND I didn't say to use three nouns, but rather three words, I just happened to use nouns for this example. It could have been Mongoose Tokyo Nicolette.

http://rumkin.com/tools/password/passchk.php

For my original example, it shows it has 110 bits of entropy using only 26 set (non-capitalized) and 134 bits using three Capital Letters. My suggestion is that you go back and look at what entropy means regarding password strength. Granted, if you could guess three random words and run brute force against that password hash, it doesn't seem likely that you'd catch the password in any meaningful length of time. Then again, password hacking MY personal password would be much easier with the Hammer Technique http://xkcd.com/538/

Ultimately, no password is secure if you can't remember it without writing it down. And re-using the same password for all the systems you access is the worst possible choice one can make. The question then becomes, how important is the information being secured by passwords? Do you want to secure your pet's health records with 156 bit entropy random/pseudo random passwords, or will 1234abcd work just fine?

So, how many 100 bit entropy passwords can you remember without resorting to something like LastPass or writing them down?

xkcd

Researcher translation: https://xkcd.com/678/

If we start with the asumption that that passwords must be memorized somewhat, we are better remembering things with an attached meaning than something random, and those meanings make usually bad passwords. But, we don't need to remember all passwords, there are password managers for making and storing a bunch of meaningless, secure passwords, and for the keys you must remember (the password manager one at the very least) there are some mnemonic tricks that can help to have safe enough passwords.

Please tell me no one is surprised by the general conclusion (haven't we been here a time or ten before?) of these studies. Add to this the corporate or government attitude demonstrated so equivalently here, the lack of effective computer security training, including a complete failing of organizations to have or heaven forbid enforce policies about password practices and you've got a pretty pickle.

Sadly, it took the recent Adobe compromise, to get me to finally start using a password wallet and use different passwords for each Internet service I use. Have to admit I was stunned, by the number of accounts I had when I got through most of the sites I access.

After hearing a few disturbing stories from my wife, about how computer security and passwords are treated at her place of work, I stepped up my training for her and her co-workers that will listen. Based on what I've heard from her the choice of poor passwords is the least of our troubles.

• Passwords on sticky notes on monitors.
• Passwords shared with co-workers, that have not been granted access.
• System does not require default password to be changed.
• Default password is a known pattern.
• Techs routinely ask users for passwords
• Co-workers say, "Just give them your password".
• And so on . . .

Unless the underlying problem of poor culture surrounding computer security is changed and an understanding of the associated risks is cultivated, it won't matter one whip whether users can choose "Good Passwords TM".

Works for me, but, I also played way too much Kerbal Space Program. I think XKCD described it best: http://xkcd.com/1291/ at least in the alt text:
"Shoot for the Moon. If you miss, you'll end up co-orbiting the Sun alongside Earth, living out your days alone in the void within sight of the lush, welcoming home you left behind."

http://xkcd.com/936/

http://xkcd.com/936/

Might as well post the other traditional obligatory here too. After all, we all know that the launch code isn't the most important field any more!

Actually, what they did was a bit different.

Imagine having a study where you have 400 kids. Half are controls and get no vaccine, and half are experimental and get the vaccine.

However, this isn't just two groups of 200 kids - these are 40 groups of ten kids each. For the first pair of control/experimental groups you check for cancer, for the next one you check for heart damage, for the next one you check for liver damage, and so on.

So, suppose you get to one group and you find that 3 of the 10 experimental kids have been hit by cars, and none of the control kids were. You run the numbers and it turns out that this has greater than 95% significance so you publish a study demonstrating that vaccines cause kids to be run over by cars.

The problem with this sort of logic is that you really did 20 separate experiments at once, and you found that one of them reached some conclusion with 95% confidence. Well, 95% confidence means that you only have a 1/20 chance of reaching a conclusion due to chance alone, so it shouldn't be surprising that if you do 20 experiments you find something "significant."

http://xkcd.com/882/

Somebody's been reading xkcd's What If series...specifically this one from within the last week.

OBXKCD http://xkcd.com/1170/

Of course not, the AIVD is here with us! Ik weet dat jullie meeluisteren!

XKCD has the last word on this subject

> wake up sheeple!

Shh! Quiet

Like this?

This one is directly relevant : http://xkcd.com/1297/

But this one is also relevant http://xkcd.com/1295/ given how many news sites mindlessly repeated the news "ISON disintegrated" when it was apparent in SOHO Lascar C3 imagery that that hadn't happened by 5 hours post-perihelion (see this at 2318 UTC)

This one is directly relevant : http://xkcd.com/1297/

But this one is also relevant http://xkcd.com/1295/ given how many news sites mindlessly repeated the news "ISON disintegrated" when it was apparent in SOHO Lascar C3 imagery that that hadn't happened by 5 hours post-perihelion (see this at 2318 UTC)

Oblig XKCD

Swiftkey

And as we've seen even parodied in cartoon, a pipe wrench can beat the shit out of most crypto.

For those that don't know.

To be fair, the pipe wrench has to be applied to what's between the keyboard and chair (not to the mathematics).

How a black bag operation works.

I think you're missing that this is what Schneier is talking about.

I do not know if that would be faster/better to do 'join' statement over multiple huge data tables compared to nested queries

Using a joined query instead of nested means that you are hitting the database once per transaction instead of 5, 10, 50 times. The company where I work has an outsourced application that will hit our database first for the top 2000 records, then hit it again and again for each filter that the user applies, one query per filter. In every transaction there's a minimum of two hits on the DB. Multiply this by about 6,000 operations per minute coming in from all around the state, and it's a bandwidth headache. A better way would be if the program hit the database once on boot to ensure the table headings are updated, then have the user set up the filters s/he needs and execute a single joined query.

why would GET & POST requests be involved in security?

Although both can be susceptible to an injection attack, it's simply easier using GET over POST. It can be partially explained by xkcd and it's related explanation. Using POST will allow for more parsing in the back end to be able to sanitize the user's input, thereby reducing the chances of a successful injection attack. With GET it's considerably harder to sanitize the URL before it hits the processing script. When working with security, you want to make decisions that increase the difficulty of the attack vector. Just the difference between GET & POST alone isn't enough for security, but it is a good first step in seeing if a candidate understands the difference and can comprehend how the difference can matter from a security standpoint.