This type of article gets posted on slashdot every few months and the answer is the same: password security is lame.
With the password security requirements evolving due to things like sophisticated distributed computing brute force cracking, it has arrived at the point where people literally cannot remember passwords anymore. Therefore, because they are mandated to use passwords that are in compliance they do the only reasonable thing they can to comply to get their jobs done, they write the passwords down somewhere.
Oh but my friend, true Capitalism requires an actual free market... I fully support free markets where companies have incentive to innovate to produce better quality goods and services for a more competitive price based on consumer and market demand. That's real Capitalism.
Wow, HP buys MicroFocus COBOL? Forget NodeJS and Ruby on Rails folks! Coming soon the new software panacea: Object Oriented COBOL for Cloud Computing Applications. I can hardly contain my excitement.
Oh Nintendo, you missed a golden opportunity here. We have already had Subway Surfers and Temple run for years now. Have you considered either Super Mario RPG or Mario Party? Heck, Mario Kart would even make sense. Square Enix figured out that you could make Final Fantasy into a decent touch-screen app.
I'd love a darker series Colonists crash landing on an alien planet disconnected from the rest of the federation Losing most of their technology. Finding out they're not alone and there is a semi-hostile primitive species there. Then they have to struggle, how hard do they try and stick with the prime directive, and non-interference, how does it impact their own survival.
So basically you want to watch LOST but set in the Star Trek universe? Why not make it a planet full of zombies and then you can call it "Walking Dead: Lost in Space"? Starfleet crash lands on an alien planet stranded with no communication. On the planet, they discover a planet full of zombies. Cobbling together the spare parts from their shuttlecraft they erect an encampment with a solar powered force field. During ever episode they try to sneak out of the encampment to search for food and supplies meanwhile the zombies continue to try to figure out how to penetrate the force field to eat the humans as food. Later on in the series they find a planet that is composed of tachyon particles that they learn they can combine with scrap metal and jute to form a communications device to transmit SOS messages in hopes that someone will find them. I think you're onto something here...
I would say GenX used 'all of the above' things you cite as excuses to disengage from politics and focus only on money.
How do you know this wasn't a clever strategic maneuver? Let me paint a picture for you, you're the cultural minority and the majority is irrational with many beliefs based on a nothing resembling reason and you can't negotiate with them. They are hateful, warmongering, bigots in positions of great power. What do you do?
Still, the cynicism has done a vast amount of damage.
No, it has sought to undo damage done by questioning irrational mob mentality. You should be thankful for this because the country would be even worse if this were allowed to go on unabated. You'll actually see this some day. Do you really enjoy getting in a war every 5-10 years? Neither do I.
It has allowed the truly authority-minded to build a vast police state and turn the military empire toward revanchism and worse
You're largely referring to old white males (50-65) many of which are religious extremist bigots
Are you joking? The Boomers were a generation of blind trust in authority? Try reading some history once in a while. A quick look at the 60's might be a good place for you to start. Mass organization to protest the war, fight for civil rights, fight for women's rights, etc.
Yes I'm aware that there was a segment of the Baby Boomer population that we typically refer to as "Hippies" that were engaged in these activities but they were very much the minority. In fact, I very much enjoy music from that period. Unfortunately, the "Hippee Movement" was all but silenced in the 70's. There just wasn't enough of you and quite frankly you lacked the skills endure "the good fight". Generation X had to pick up the torch being smaller than the Baby Boomer generation and paved the way for Millenials to continue to introduce more rational and reasonable thinking into this country. We know better what type of cultural challenges are in front of us and how to deal with them more effectively. The evidence is in the data that you can easily look up in Gallup Polls and at Pew Research Center.
Your type of thinking is called black and white thinking. You're basically making the claim that because one hippee existed in the Baby Boomer generation that the entire generation was composed of "hippees". Nope, sorry. The majority of the Baby Boomer generation was not that demographic. It was the people that brought you the Business Roundtable, The US Chamber of Commerce, TV Evangelism in the 80's and Fox News.
There is merit that this small segment got different perspectives out there but the future generations pushed the football forward.
It's in the US national spirit to distrust authority
You might be able to say that about the framers of the Constitution fleeing from British rule. However, the Silent Generation and the Baby Boomers sure don't see it that way. Have you had a Baby Boomer manager? The rhetoric is "trust me, do exactly what I say and I'll reward you appropriately." There is no better way to become the adversary of a baby boomer than expressing skepticism of their authority.
You're probably Generation X or younger. Generation X broke the trend of blind obedience and trust in government and social institutions. We had a lot of motivation like McCarthyism, Vietnam, etc. We looked at the horrors of the blind obedience to the Third Reich. In recent times, we've watched the US Chamber of Commerce buy our politicians to write pro Laissez Faire policies that benefit them without considering the (sometimes devastating) side effects of those policies. The Millenials have continued that trend. I understand your perspective and agree but regardless we need to acknowledge that we have quite a fragmented culture with wildly varying belief systems and this propaganda would be useful against certain segments depending on the agenda.
1) If you totaled up all the money spent on trying to make code pristine in code reviews, you probably could have solved world hunger
2) You can have all the pristine code you like, but if it doesn't work, it's absolutely worthless. It's a big, shiny you know what.
Summary: this discussion and my post consequently are a complete and utter waste of time that I can now never get back.:P
Maybe it's because I don't live on the West Coast but I have yet to see or even hear about one of these platforms. Where I work, writing a SQL query flies over the heads of the majority of product managers and business analysts. QA requires a lot of hand-holding. I'm old enough to remember the days when the non-techies tried to write software platforms hacking VBA in Excel and Access and that turned out really well.
This is not a new promise. It's been made before and it seems this article is slanted towards one particular product the one I haven't heard of. I know people have been customizing CMS's with clever hacking to make them work for purposes they weren't intended like WordPress and Joomla and so forth but it's not anywhere near what it needs to be to meet real, ever increasing business needs. Heck, for all the progress that HTML5, CSS, Javascript/ECMAScript and all the MVC/MVVM tool stacks that sit on top of them, for most cutting edge companies, it still ain't good enough. They want the sun, the moon and the stars. If hard-core development tool stacks can't deliver it, these lo code/no code solutions sure as heck can't come close.
Next thing you know, Google will be sued for crawling the internet with its automated spider to keep a database of sites you can search for. Some people just don't understand how the internet works. If you put stuff up on a billboard with blinky neon lights, people are going to see it. That's why you don't put your personal info on one.
As Calvin once said, "You know how Einstein got bad grades as a kid? Well mine are even worse!"
This is of course quite amusing as I'm sure you are referring to the comic strip Calvin and Hobbes. But did you know said comic strip is a satire around two characters that represent two prominent historical figures with two very different philosophical points of view:
If you read into their differences of opinions on many things related to society, you'll find relevance to this topic. We can't really understand why our society and culture values things and whether those things are appropriate today or ever even were rational to begin with if we don't understand the roots of where that thinking came from. The comic strip of course is more digestible in popular culture instead of having read comparably dry historical text but understanding the true historical context is very important especially as we evolve our values and ideas forward into the future.
This question is irrelevant. The only thing of value is value. Producing value with the least amount of work is efficient. It's just math. See: LEAN, Toyota Production System, etc.
A lazy person does the least amount of work necessary to do a job
Yep and that concept is counter-intuitive in America to the substantially sized group of people who have roots in Puritanism. In the extreme cases, Puritanism would say digging a ditch with a spoon is a better use of one's time than than usage of a back hoe. You'll find that this value placed on back-breaking manual labor has its roots in religion the extreme cases of which are the Amish and the Mennonites. It's that mentality that is whining about "lazy" people and how they had to walk to school up and down a mountain in the snow barefoot when they were younger. If anyone is interested in reading more about this just look up Max Weber in your history book: https://en.wikipedia.org/wiki/.... He studied this quite a bit. This is why history is important folks!
More "intelligent" (perhaps more aware is a better term?) people tends to realize things existentially. They tend to ask questions like "what is the point of this task?" as well as many other things. When they really consider the possible rational, logical answers to these questions, they arrive at interesting conclusions some of which erode their motivation to do certain things but spark their interest in things that are more purposeful.
A great example is Alan Watts in his famous talk "Life is a Hoax": https://www.youtube.com/watch?.... It is absolutely amazing that he talks about this in the 70's and it's still pretty accurate all the way to the present day, at least from an American perspective.
Unfortunately, many of the tasks society demands of us are very much inefficient, nearly pointless, a waste of one's time and energy or are not clearly connected with a motivating purpose. The person who is interested in doing "interesting" things, usually involving more usage of ye old cranium, tend to gravitate towards things that aren't of interest to the majority of society.
The less intelligent/aware people on the other hand, they can be convinced to be motivated by things that just aren't even remotely true but may appeal to a more primitive or emotional side of them. These people tend to lack the cognitive skills especially critical thinking to be able to do the categorization effectively. They are the "oooh shiny" people or the people that think by working hard doing menial tasks they are going to score points in the afterlife with the deity they pray to at their local mythological worship center each week. On an intellectual level, you might find these people rather annoying with their inconsistent, irrational thoughts running around in their minds but I see them as a blessing. Because they are ignorant and willing to do things that no rational, reasonably intelligent human being would ever do, that creates a pocket of society for the more intellectual people to do their thing. If intellectual things were as popular as cleavage on celebrity magazines then there would be fierce competition over who gets the opportunity to have intellectual pursuits.
If you're going through a PCI or Sarbanes-Oxley certification process you're going to have to get all of those checkboxes marked on the auditors' spreadsheets, whether or not they make sense.
You hit the nail on the head. PCI and SOX audits aren't going to get you good security. Just because you read XYZ in a security book is a good practice doesn't mean you're going to get good security either. These things might get you slightly better security. What's really going to get you good security is to hire a firm to do a real penetration test. That's the only way you find out and then from those results you can actually identify the measures that need to really be taken to truly increase your security. You will never no how secure you really are until you put yourself to the real test.
I've been reading these articles about password security for 15 years on slashdot primarily. The TL;DR on passwords is that they are just not a panacea for security. Europe realized this quite awhile ago AFAIK, smart card readers are still being used as a means to do muti-factor authentication for people on networks and the internet, etc. It's a lot more convenient than remembering a password that is a gagillion number of characters long with a password policy that makes it impossible to create a password that could be remembered. Therefore people either write it on a sticky under the keyboard. They might try storing it in KeyPass or something but the average user that is computer illiterate finds this cumbersome.
Why hasn't the United States figured this out yet for the most part? Because we're backwards and naive. I'm American and I can honestly say we are backwards in regards to certain things. I hope we improve and I think we eventually will.
Furthermore, passwords are not secure because passwords are based on mathematical algorithms, specifically one way hashing algorithms. On the surface, one might think the concept of a "one way hash" means a password is un-crackable. Nay. It just makes it more difficult requiring brute force attacks and clever things like rainbow tables. All things based on math can be defeated it's just a question of how much computing power is required to do it. What we've seen is the evolution of hashing algorithms that are based on larger size cipher blocks and all that does in reality is pushes the carrot out farther but it doesn't mean it's unbreakable.
Multi-factor authentication improves security remarkably more than password policies. So much in fact the benefits of password policies are infintessimal by comparison. Furthermore, multi-factor authentication when done well is much less cumbersome to the legitimate user resulting in a win/win on security and ease of use. Where it doesn't meet the win/win/win criteria is cost and I suspect that's the primary reason adoption has been relatively slow in America. News flash: good security costs money and isn't free.
A Skype call that talks about subversive overthrow of the US Government will look no different than a Skype call talking about Aunt Martha's cookie recipe, yet the latter is clearly a violation of several federal laws of patent and DMCA.
I hear Aunt Martha is on the FBI's top wanted list. She's pretty dangerous. We need to keep a close eye on her.
Slashdot Mirror
combined with the sawtooth wave which is similar to a string instrument or a brass horn.
POKE 54276, 33
This type of article gets posted on slashdot every few months and the answer is the same: password security is lame.
With the password security requirements evolving due to things like sophisticated distributed computing brute force cracking, it has arrived at the point where people literally cannot remember passwords anymore. Therefore, because they are mandated to use passwords that are in compliance they do the only reasonable thing they can to comply to get their jobs done, they write the passwords down somewhere.
Try the 5 Why's technique on this one
Why are security breaches happening? Because people write their passwords down.
Why do people write their passwords down? So they can do their job.
The rest is an exercise for the IT and compliance administrators. Remember, use common sense. It's not hard
We lost the combination to the air shield? Quick! Someone check their luggage! It might be the same combination.
are you the only real capitalist in there?
Oh but my friend, true Capitalism requires an actual free market... I fully support free markets where companies have incentive to innovate to produce better quality goods and services for a more competitive price based on consumer and market demand. That's real Capitalism.
It's not out yet but you can grab the beta with NPM using npm install angular2: https://www.npmjs.com/package/...
In this day and age, a device with telnet and no password is fundamentally a defective product.
If you're really a lawyer, you should start a class action lawsuit against the offending companies for gross negligence.
Wow, HP buys MicroFocus COBOL? Forget NodeJS and Ruby on Rails folks! Coming soon the new software panacea: Object Oriented COBOL for Cloud Computing Applications. I can hardly contain my excitement.
Oh Nintendo, you missed a golden opportunity here. We have already had Subway Surfers and Temple run for years now. Have you considered either Super Mario RPG or Mario Party? Heck, Mario Kart would even make sense. Square Enix figured out that you could make Final Fantasy into a decent touch-screen app.
I'd love a darker series Colonists crash landing on an alien planet disconnected from the rest of the federation Losing most of their technology. Finding out they're not alone and there is a semi-hostile primitive species there. Then they have to struggle, how hard do they try and stick with the prime directive, and non-interference, how does it impact their own survival.
So basically you want to watch LOST but set in the Star Trek universe? Why not make it a planet full of zombies and then you can call it "Walking Dead: Lost in Space"? Starfleet crash lands on an alien planet stranded with no communication. On the planet, they discover a planet full of zombies. Cobbling together the spare parts from their shuttlecraft they erect an encampment with a solar powered force field. During ever episode they try to sneak out of the encampment to search for food and supplies meanwhile the zombies continue to try to figure out how to penetrate the force field to eat the humans as food. Later on in the series they find a planet that is composed of tachyon particles that they learn they can combine with scrap metal and jute to form a communications device to transmit SOS messages in hopes that someone will find them. I think you're onto something here...
I would say GenX used 'all of the above' things you cite as excuses to disengage from politics and focus only on money.
How do you know this wasn't a clever strategic maneuver? Let me paint a picture for you, you're the cultural minority and the majority is irrational with many beliefs based on a nothing resembling reason and you can't negotiate with them. They are hateful, warmongering, bigots in positions of great power. What do you do?
Still, the cynicism has done a vast amount of damage.
No, it has sought to undo damage done by questioning irrational mob mentality. You should be thankful for this because the country would be even worse if this were allowed to go on unabated. You'll actually see this some day. Do you really enjoy getting in a war every 5-10 years? Neither do I.
It has allowed the truly authority-minded to build a vast police state and turn the military empire toward revanchism and worse
You're largely referring to old white males (50-65) many of which are religious extremist bigots
Are you joking? The Boomers were a generation of blind trust in authority? Try reading some history once in a while. A quick look at the 60's might be a good place for you to start. Mass organization to protest the war, fight for civil rights, fight for women's rights, etc.
Yes I'm aware that there was a segment of the Baby Boomer population that we typically refer to as "Hippies" that were engaged in these activities but they were very much the minority. In fact, I very much enjoy music from that period. Unfortunately, the "Hippee Movement" was all but silenced in the 70's. There just wasn't enough of you and quite frankly you lacked the skills endure "the good fight". Generation X had to pick up the torch being smaller than the Baby Boomer generation and paved the way for Millenials to continue to introduce more rational and reasonable thinking into this country. We know better what type of cultural challenges are in front of us and how to deal with them more effectively. The evidence is in the data that you can easily look up in Gallup Polls and at Pew Research Center.
Your type of thinking is called black and white thinking. You're basically making the claim that because one hippee existed in the Baby Boomer generation that the entire generation was composed of "hippees". Nope, sorry. The majority of the Baby Boomer generation was not that demographic. It was the people that brought you the Business Roundtable, The US Chamber of Commerce, TV Evangelism in the 80's and Fox News.
There is merit that this small segment got different perspectives out there but the future generations pushed the football forward.
It's in the US national spirit to distrust authority
You might be able to say that about the framers of the Constitution fleeing from British rule. However, the Silent Generation and the Baby Boomers sure don't see it that way. Have you had a Baby Boomer manager? The rhetoric is "trust me, do exactly what I say and I'll reward you appropriately." There is no better way to become the adversary of a baby boomer than expressing skepticism of their authority.
You're probably Generation X or younger. Generation X broke the trend of blind obedience and trust in government and social institutions. We had a lot of motivation like McCarthyism, Vietnam, etc. We looked at the horrors of the blind obedience to the Third Reich. In recent times, we've watched the US Chamber of Commerce buy our politicians to write pro Laissez Faire policies that benefit them without considering the (sometimes devastating) side effects of those policies. The Millenials have continued that trend. I understand your perspective and agree but regardless we need to acknowledge that we have quite a fragmented culture with wildly varying belief systems and this propaganda would be useful against certain segments depending on the agenda.
I have two things to say about code style nazis:
1) If you totaled up all the money spent on trying to make code pristine in code reviews, you probably could have solved world hunger
2) You can have all the pristine code you like, but if it doesn't work, it's absolutely worthless. It's a big, shiny you know what.
Summary: this discussion and my post consequently are a complete and utter waste of time that I can now never get back. :P
Obligatory XKCD: https://xkcd.com/974/
Companies Are ______ With Fewer ______.
Cards against Humanity: Developer Edition?
Maybe it's because I don't live on the West Coast but I have yet to see or even hear about one of these platforms. Where I work, writing a SQL query flies over the heads of the majority of product managers and business analysts. QA requires a lot of hand-holding. I'm old enough to remember the days when the non-techies tried to write software platforms hacking VBA in Excel and Access and that turned out really well.
This is not a new promise. It's been made before and it seems this article is slanted towards one particular product the one I haven't heard of. I know people have been customizing CMS's with clever hacking to make them work for purposes they weren't intended like WordPress and Joomla and so forth but it's not anywhere near what it needs to be to meet real, ever increasing business needs. Heck, for all the progress that HTML5, CSS, Javascript/ECMAScript and all the MVC/MVVM tool stacks that sit on top of them, for most cutting edge companies, it still ain't good enough. They want the sun, the moon and the stars. If hard-core development tool stacks can't deliver it, these lo code/no code solutions sure as heck can't come close.
Next thing you know, Google will be sued for crawling the internet with its automated spider to keep a database of sites you can search for. Some people just don't understand how the internet works. If you put stuff up on a billboard with blinky neon lights, people are going to see it. That's why you don't put your personal info on one.
history fag.
Quoting the movie Idiocracy I take it?
As Calvin once said, "You know how Einstein got bad grades as a kid? Well mine are even worse!"
This is of course quite amusing as I'm sure you are referring to the comic strip Calvin and Hobbes. But did you know said comic strip is a satire around two characters that represent two prominent historical figures with two very different philosophical points of view:
John Calvin: https://en.wikipedia.org/wiki/...
Thomas Hobbes: https://en.wikipedia.org/wiki/...
If you read into their differences of opinions on many things related to society, you'll find relevance to this topic. We can't really understand why our society and culture values things and whether those things are appropriate today or ever even were rational to begin with if we don't understand the roots of where that thinking came from. The comic strip of course is more digestible in popular culture instead of having read comparably dry historical text but understanding the true historical context is very important especially as we evolve our values and ideas forward into the future.
Do thinkers have less active jobs?
This question is irrelevant. The only thing of value is value. Producing value with the least amount of work is efficient. It's just math. See: LEAN, Toyota Production System, etc.
A lazy person does the least amount of work necessary to do a job
Yep and that concept is counter-intuitive in America to the substantially sized group of people who have roots in Puritanism. In the extreme cases, Puritanism would say digging a ditch with a spoon is a better use of one's time than than usage of a back hoe. You'll find that this value placed on back-breaking manual labor has its roots in religion the extreme cases of which are the Amish and the Mennonites. It's that mentality that is whining about "lazy" people and how they had to walk to school up and down a mountain in the snow barefoot when they were younger. If anyone is interested in reading more about this just look up Max Weber in your history book: https://en.wikipedia.org/wiki/.... He studied this quite a bit. This is why history is important folks!
More "intelligent" (perhaps more aware is a better term?) people tends to realize things existentially. They tend to ask questions like "what is the point of this task?" as well as many other things. When they really consider the possible rational, logical answers to these questions, they arrive at interesting conclusions some of which erode their motivation to do certain things but spark their interest in things that are more purposeful.
A great example is Alan Watts in his famous talk "Life is a Hoax": https://www.youtube.com/watch?.... It is absolutely amazing that he talks about this in the 70's and it's still pretty accurate all the way to the present day, at least from an American perspective.
Unfortunately, many of the tasks society demands of us are very much inefficient, nearly pointless, a waste of one's time and energy or are not clearly connected with a motivating purpose. The person who is interested in doing "interesting" things, usually involving more usage of ye old cranium, tend to gravitate towards things that aren't of interest to the majority of society.
The less intelligent/aware people on the other hand, they can be convinced to be motivated by things that just aren't even remotely true but may appeal to a more primitive or emotional side of them. These people tend to lack the cognitive skills especially critical thinking to be able to do the categorization effectively. They are the "oooh shiny" people or the people that think by working hard doing menial tasks they are going to score points in the afterlife with the deity they pray to at their local mythological worship center each week. On an intellectual level, you might find these people rather annoying with their inconsistent, irrational thoughts running around in their minds but I see them as a blessing. Because they are ignorant and willing to do things that no rational, reasonably intelligent human being would ever do, that creates a pocket of society for the more intellectual people to do their thing. If intellectual things were as popular as cleavage on celebrity magazines then there would be fierce competition over who gets the opportunity to have intellectual pursuits.
Wait until Google Fiber and Verizon FIOS are widely available.
If you're going through a PCI or Sarbanes-Oxley certification process you're going to have to get all of those checkboxes marked on the auditors' spreadsheets, whether or not they make sense.
You hit the nail on the head. PCI and SOX audits aren't going to get you good security. Just because you read XYZ in a security book is a good practice doesn't mean you're going to get good security either. These things might get you slightly better security. What's really going to get you good security is to hire a firm to do a real penetration test. That's the only way you find out and then from those results you can actually identify the measures that need to really be taken to truly increase your security. You will never no how secure you really are until you put yourself to the real test.
I've been reading these articles about password security for 15 years on slashdot primarily. The TL;DR on passwords is that they are just not a panacea for security. Europe realized this quite awhile ago AFAIK, smart card readers are still being used as a means to do muti-factor authentication for people on networks and the internet, etc. It's a lot more convenient than remembering a password that is a gagillion number of characters long with a password policy that makes it impossible to create a password that could be remembered. Therefore people either write it on a sticky under the keyboard. They might try storing it in KeyPass or something but the average user that is computer illiterate finds this cumbersome.
Why hasn't the United States figured this out yet for the most part? Because we're backwards and naive. I'm American and I can honestly say we are backwards in regards to certain things. I hope we improve and I think we eventually will.
Furthermore, passwords are not secure because passwords are based on mathematical algorithms, specifically one way hashing algorithms. On the surface, one might think the concept of a "one way hash" means a password is un-crackable. Nay. It just makes it more difficult requiring brute force attacks and clever things like rainbow tables. All things based on math can be defeated it's just a question of how much computing power is required to do it. What we've seen is the evolution of hashing algorithms that are based on larger size cipher blocks and all that does in reality is pushes the carrot out farther but it doesn't mean it's unbreakable.
Multi-factor authentication improves security remarkably more than password policies. So much in fact the benefits of password policies are infintessimal by comparison. Furthermore, multi-factor authentication when done well is much less cumbersome to the legitimate user resulting in a win/win on security and ease of use. Where it doesn't meet the win/win/win criteria is cost and I suspect that's the primary reason adoption has been relatively slow in America. News flash: good security costs money and isn't free.
A Skype call that talks about subversive overthrow of the US Government will look no different than a Skype call talking about Aunt Martha's cookie recipe, yet the latter is clearly a violation of several federal laws of patent and DMCA.
I hear Aunt Martha is on the FBI's top wanted list. She's pretty dangerous. We need to keep a close eye on her.