Hmmm. Frankly, the guy sounds like a bit of a loon on the subject, which is a very common problem when brilliant, accomplished people in one field who are used to being "the smartest guy in the room" try to tackle problems in a related field which lies just outside the area of their expertise. (I'm looking at you, Slashdot.)
Every technical field has its jargon that's incomprehensible to outsiders. It doesn't mean the people who use it are crazy. Complex problems require complex descriptions; not everything can be reduced to a sound bite.
If it's visible as a slick on the surface, it's probably flowing out much faster than the natural rate. There's a hell of a big range between "natural seepage" and "as fast as one of the biggest well blowouts in history."
No. It would only stir up the hivenest, generate a few angry replies, and nothing would happen.
I'm rather hoping for someone more influential to pick it up and raise some interest in the issue.
So you think complaining about it on Slashdot is more likely to get the result you want? Really? My guess is that anyone who works on the project who sees your post is likely to think, Here's someone who can't be bothered to follow the most basic procedures, so hell with it, why should we care what they say they want? It's like dealing with your computer-illiterate friend who calls you up for free tech support but refuses to understand the difference between the monitor and the hard drive.
I know, it's an article of faith with you, and there's no point in trying to change your mind with facts. Arguing economics with Republicans is like arguing biology with creationists.
1. They won't collect as much money as they say they will, because taxes generally hurt economic growth and/or cause people to hide money and
[citation needed]
Note: any reference to the Soviet Union or other communist countries is a red (hah!) herring and will be disregarded, because there is an enormous difference between raising income taxes by a few percent -- especially when, as now, they're at historically low levels -- and the government taking total control of the economy.
2. even if they got as much money as they expect, it won't help because congress always raises spending even more than the amount they get in new taxes. Always. Every single time. It's a historical fact. Let me repeat it again: every time they raise taxes, they raise spending even more, so they still will have deficit spending and won't have enough for the telescope.
Prove it. Seriously. You've made an extraordinary claim, give some extraordinary proof. Show historical data for every tax increase in history which indicates that deficit spending increases more than the amount of revenue raised. (Hint: you can't.) Also, has it not occurred to you that if there is increased spending, NASA might be one of the things we'd spend more money on?
Actually, I think I know the answer to that. You're an antigovernment fanatic, but you still want the government to spend money on things you think are cool, so in your mind "government spending" is bad stuff like feeding hungry people. Thus you are completely incapable of believing that any extra tax dollars could go to building a space telescope. Thanks for providing yet another example of the right-wing disconnect from reality.
Re:such is the life of a bump hunter
on
No Higgs Just Yet
·
· Score: 3, Funny
"What did you get your PhD in?"
"Bump hunting."
Makes it sound like you had much more fun in grad school than most people do, somehow...
Three years ago is forever in security terms. "Pwn2Own doesn't test Linux," in present tense, is a true statement; and knowing the relative vulnerability of Leopard, Vista, and Ubuntu 7 tells you next to nothing about how Lion, Windows 7, and Ubuntu 11 stack up against each other today.
I get your point fine; I just disagree with it. Yes, sysadmin work is a very large field with specialized skillsets. So are programming, and medicine, and all kinds of other technical fields. Does this mean there's no such thing as an average programmer, or average physician, or what-have-you? I maintain that the traits which make a good X are to be found in a broad range among people who choose any of these careers, with most X's falling in the middle of that range. Yeah, in your example, if you decide on a Windows system, you hire Bob, and if you decide on a *nix system you hire Joe -- but in either case, odds are you're getting someone who's competent, but not particularly brilliant. It makes sense to keep this in mind when making the initial platform decision.
Right. Every sysadmin is a special snowflake. [rolls eyes]
Everyone has different strengths and weaknesses, the good sysadmins identify their own weaknesses. The poor syadmins ignore them. Good sysadmins adapt to changing environments, poor sysadmins change environments to suit them.
All of which is true, none of which changes the fact that in every job, there a few people who are very good at the job, a few who are very bad, and a whole bunch in the middle. Sysadmin work isn't so different from any other technical job as to change this.
I think russotto wasn't calling TFA Microsoft propaganda, but rather calling WrongSizeGlass' "Macs are only secure because they're less popular" comment Microsoft propaganda. Which it is, of course. Any argument that relies on security-through-obscurity is wrong, no matter how you try to dress it up. WrongSizeGlass and the zillion other posters who repeat this tired canard may not realize they're propagandizing for Microsoft, but that's what they're doing, sure enough. They should at least demand payment for their services.
Windows server looked after by a good sysadmin == secure. Mac server looked after by bad sysadmin == insecure.
As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.
Yes, of course. But the relevant question for businesses deciding what kind of server setup to use is, "If this system is looked after by an average sysadmin, how secure will it be relative to our other choices?" Because in real life, no matter how much you tell yourself you only hire top-notch people (or, if you're the sysadmin, tell yourself you're top-notch) most servers and networks are going to have admins who are neither the best nor the worst, but somewhere in the middle.
ACLU? I watch them. They do some good things - but overall, the ACLU is anti-church, anti-family, anti-white, and anti-establishment. It's good that they are there, sometimes, but I really detest them. Having the ACLU around is like having an unpredictable watch dog in your home. You just never know when the damned dog will turn around and bite YOU!
No you don't. If you actually watched them, you'd know that nothing you say about them is true (except maybe the "anti-establishment" part -- but since when is that a bad thing?) Instead, you're just lazily regurgitating tired anti-ACLU propaganda that has nothing to do with the actual organization, and which makes their job, protecting the rights of Americans, that much harder. Too bad, but they'll keep defending your rights whether you deserve it or not.
It boils down to how many planets do you want to have in the solar system. Most honest attempts at a scientific definition that includes Pluto also include a handful of other known bodies. That's fine, 8 planets, 9 planets, 14 planets... who cares right? The problem is that modern theory predicts dozens of Pluto-like bodies in the outer solar system, and having 70+ planets listed is seen as extremely awkward, especially when only a handful of them would be scientifically interesting as individual bodies (as opposed to a class of bodies like the predicted objects in the outer Oort cloud would be).
Fair enough, but why should we want an arbitrary upper bound on the number of planets? Awkwardness isn't really an issue except for elementary school kids memorizing lists; we have these things called "computers" now that are remarkably good at keeping track of large amounts of information. If there are a bunch of planets floating around out there in the dim outer reaches of the Solar System, fine -- we'll get to them we develop the technology to make it possible. And I don't see why they should be any less scientifically interesting, individually or as a class, than the ones closer in.
If we do want a distinction that creates a memorizable list, just redefine "inner planet" to mean "any planet whose orbit lies within or crosses that of Neptune." That will include Pluto, and if there were anything Neptune-sized or bigger out there, we'd probably know about it already. That way kids can still learn My Very Excellent Mother Just Served Us Nine Pizzas, and astronomers can continue studying bodies orbiting the Sun wherever they occur without wasting their time jumping through rhetorical hoops.
FWIW, my comment was intended to be humorous too -- or rather, as I suspect AC's was, to make a serious point in a humorous way. I may have been a bit too acidic.
The reason for my annoyance is that I see an awful lot posters on/. name-checking some well-known logical fallacy in response to someone else's post without actually understanding what the fallacy in question is (and isn't), and it's become a kind of shorthand for dismissing arguments without actually paying attention to what they're saying. Really, it's a fallacy in and of itself, and probably ought to have a name... The confusion between ad hominem and simple insults is a particularly common example; others include straw man, slippery slope, post hoc ergo propter hoc, and no true Scotsman.
If you want to dismantle someone's argument on the basis that it's ad hominem, fine, but show how this is the case, don't just assert it. And as with any other technical jargon, if you don't actually understand what the jargon means, it's best not to use it at all.
Or maybe you've forgotten that ~150 years of history have happened since then. Including the major political realignment of the 20th century in which the Democratic and Republican parties pretty much completely switched constituencies and positions.
Insult != ad hominem. For example, if I were to say, "You're an idiot, therefore I conclude you're confusing an insult with an ad hominem argument," that would be an example of the ad hominem fallacy. On the other hand, if I were to say, "You're confusing an insult with an ad hominem argument, therefore I conclude you're an idiot," that would not. Since I don't like making fallacious arguments, I will restrict myself to the following statement:
You're confusing an insult with an ad hominem argument, therefore I conclude you're an idiot.
out of 10 people, 1 person pays almost the entire bill, 4 people pay a little bit, and the remaining 5 pay nothing at all
This is a classic Big Lie, which has been repeated so often that not only does the right wing now treat it as gospel, but the left wing is starting to let it slide in debates. In reality, when you look at the total tax burden (not just the narrowly defined "federal income tax," which does not include the FICA taxes that everyone with a paycheck pays) of federal, state, and local taxes, poor people pay an equal or higher percentage of their income in taxes than rich people do. You can argue all day about whether you think this is a good thing or not, but as the saying goes, "Everyone is entitled to their own opinion, but not to their own facts."
You cannot talk about government spending, on science or anything else, without also talking about politics, since arguments about where and how much the government should spend money are pretty much what politics is. Sorry if you consider a simple presentation of the facts to be "political bias," but it's absurd to pretend that the subject can be discussed apolitically.
Point. I suppose I should have said "dictionary attack" rather than "brute-force attack," since what I was thinking of was trying common names and words (or, in the long-password scenario, common lines like "it was the best of times", "to be or not to be", "fourscore and seven years ago", etc.) rather than just random ASCII. As far as the hash length vs. string length goes, even if it's stored hashed, the plaintext has to be processed at some point. Once upon a time, there was a real cost to the number of bytes allocated for a string, but that time is long gone.
"It was the best of times, it was the worst of times"
As your actual password? It is a lot easier to remember than 1wtb0t1wtw0t!, and if you have any kind of lockout policy no script is going to ever guess it.
That's a damn good point. It's not like modern systems can't afford the few extra tens of bytes. Arbitrary character limits made a certain amount of sense in the days when data storage and transmission were expensive and there was a real cost to using large strings, but we're long past the days when a password that's any shorter than a novel is going to cost any more, in practical terms, than "password123".
Now, there are certain phrases that would best be avoided in creating such passwords, and particularly famous opening lines are among them, since it would be reasonable to try such lines in a brute-force attack. But I'll bet most users could come up with one- or two-sentence passwords that they would find easy to remember, but which attackers would be very unlikely to guess.
Exactly. Having reasonable policies such as "passwords may not consist solely of names or common dictionary words" strengthens security; going further than that and insisting that all passwords must consist of strings such as "kjf83i3n!mnc_79d" weakens security, because it practically begs people to write their passwords down. Similarly, requiring users to change their passwords every month will result in nothing but the use of weak passwords and/or constant tech support requests from users who can't log in.
Today working in the public sector is profitable, it comes with various perks - the workers are famous, they are swamped by armies of lobbyists, who are working on behalf of those, who are being regulated/taxed/subsidized based on the decisions made in the public sector.
The vast, vast majority of public sector workers are not elected officials. Conflating a Senator or Representative with the clerk who makes sure your grandmother gets her Social Security check is so absurd that it makes it difficult to take anything you have to say seriously.
Slashdot Mirror
Hmmm. Frankly, the guy sounds like a bit of a loon on the subject, which is a very common problem when brilliant, accomplished people in one field who are used to being "the smartest guy in the room" try to tackle problems in a related field which lies just outside the area of their expertise. (I'm looking at you, Slashdot.)
Every technical field has its jargon that's incomprehensible to outsiders. It doesn't mean the people who use it are crazy. Complex problems require complex descriptions; not everything can be reduced to a sound bite.
If it's visible as a slick on the surface, it's probably flowing out much faster than the natural rate. There's a hell of a big range between "natural seepage" and "as fast as one of the biggest well blowouts in history."
I read that line in GPP's post and thought, "that analogy may be more accurate than you know ..."
No. It would only stir up the hivenest, generate a few angry replies, and nothing would happen.
I'm rather hoping for someone more influential to pick it up and raise some interest in the issue.
So you think complaining about it on Slashdot is more likely to get the result you want? Really? My guess is that anyone who works on the project who sees your post is likely to think, Here's someone who can't be bothered to follow the most basic procedures, so hell with it, why should we care what they say they want? It's like dealing with your computer-illiterate friend who calls you up for free tech support but refuses to understand the difference between the monitor and the hard drive.
Have you bothered to look at what Obama has done during his short time in office? It dwarfs what Reagan and the Bushes did.
Well, clearly you haven't, because what you claim is completely false.
http://en.wikipedia.org/wiki/National_debt_by_U.S._presidential_terms
I know, it's an article of faith with you, and there's no point in trying to change your mind with facts. Arguing economics with Republicans is like arguing biology with creationists.
1. They won't collect as much money as they say they will, because taxes generally hurt economic growth and/or cause people to hide money and
[citation needed]
Note: any reference to the Soviet Union or other communist countries is a red (hah!) herring and will be disregarded, because there is an enormous difference between raising income taxes by a few percent -- especially when, as now, they're at historically low levels -- and the government taking total control of the economy.
2. even if they got as much money as they expect, it won't help because congress always raises spending even more than the amount they get in new taxes. Always. Every single time. It's a historical fact. Let me repeat it again: every time they raise taxes, they raise spending even more, so they still will have deficit spending and won't have enough for the telescope.
Prove it. Seriously. You've made an extraordinary claim, give some extraordinary proof. Show historical data for every tax increase in history which indicates that deficit spending increases more than the amount of revenue raised. (Hint: you can't.) Also, has it not occurred to you that if there is increased spending, NASA might be one of the things we'd spend more money on?
Actually, I think I know the answer to that. You're an antigovernment fanatic, but you still want the government to spend money on things you think are cool, so in your mind "government spending" is bad stuff like feeding hungry people. Thus you are completely incapable of believing that any extra tax dollars could go to building a space telescope. Thanks for providing yet another example of the right-wing disconnect from reality.
"What did you get your PhD in?"
"Bump hunting."
Makes it sound like you had much more fun in grad school than most people do, somehow ...
Wow. Thanks for proving why it's impossible to have a rational discussion about the relative security of different OS's.
Three years ago is forever in security terms. "Pwn2Own doesn't test Linux," in present tense, is a true statement; and knowing the relative vulnerability of Leopard, Vista, and Ubuntu 7 tells you next to nothing about how Lion, Windows 7, and Ubuntu 11 stack up against each other today.
I get your point fine; I just disagree with it. Yes, sysadmin work is a very large field with specialized skillsets. So are programming, and medicine, and all kinds of other technical fields. Does this mean there's no such thing as an average programmer, or average physician, or what-have-you? I maintain that the traits which make a good X are to be found in a broad range among people who choose any of these careers, with most X's falling in the middle of that range. Yeah, in your example, if you decide on a Windows system, you hire Bob, and if you decide on a *nix system you hire Joe -- but in either case, odds are you're getting someone who's competent, but not particularly brilliant. It makes sense to keep this in mind when making the initial platform decision.
There is no such thing as an average sysadmin.
Right. Every sysadmin is a special snowflake. [rolls eyes]
Everyone has different strengths and weaknesses, the good sysadmins identify their own weaknesses. The poor syadmins ignore them. Good sysadmins adapt to changing environments, poor sysadmins change environments to suit them.
All of which is true, none of which changes the fact that in every job, there a few people who are very good at the job, a few who are very bad, and a whole bunch in the middle. Sysadmin work isn't so different from any other technical job as to change this.
I think russotto wasn't calling TFA Microsoft propaganda, but rather calling WrongSizeGlass' "Macs are only secure because they're less popular" comment Microsoft propaganda. Which it is, of course. Any argument that relies on security-through-obscurity is wrong, no matter how you try to dress it up. WrongSizeGlass and the zillion other posters who repeat this tired canard may not realize they're propagandizing for Microsoft, but that's what they're doing, sure enough. They should at least demand payment for their services.
Windows server looked after by a good sysadmin == secure.
Mac server looked after by bad sysadmin == insecure.
As always, it's up to the people running it. Is any OS inherently secure, no, definitely not when there is a complete idiot looking after it.
Yes, of course. But the relevant question for businesses deciding what kind of server setup to use is, "If this system is looked after by an average sysadmin, how secure will it be relative to our other choices?" Because in real life, no matter how much you tell yourself you only hire top-notch people (or, if you're the sysadmin, tell yourself you're top-notch) most servers and networks are going to have admins who are neither the best nor the worst, but somewhere in the middle.
ACLU? I watch them. They do some good things - but overall, the ACLU is anti-church, anti-family, anti-white, and anti-establishment. It's good that they are there, sometimes, but I really detest them. Having the ACLU around is like having an unpredictable watch dog in your home. You just never know when the damned dog will turn around and bite YOU!
No you don't. If you actually watched them, you'd know that nothing you say about them is true (except maybe the "anti-establishment" part -- but since when is that a bad thing?) Instead, you're just lazily regurgitating tired anti-ACLU propaganda that has nothing to do with the actual organization, and which makes their job, protecting the rights of Americans, that much harder. Too bad, but they'll keep defending your rights whether you deserve it or not.
It boils down to how many planets do you want to have in the solar system. Most honest attempts at a scientific definition that includes Pluto also include a handful of other known bodies. That's fine, 8 planets, 9 planets, 14 planets... who cares right? The problem is that modern theory predicts dozens of Pluto-like bodies in the outer solar system, and having 70+ planets listed is seen as extremely awkward, especially when only a handful of them would be scientifically interesting as individual bodies (as opposed to a class of bodies like the predicted objects in the outer Oort cloud would be).
Fair enough, but why should we want an arbitrary upper bound on the number of planets? Awkwardness isn't really an issue except for elementary school kids memorizing lists; we have these things called "computers" now that are remarkably good at keeping track of large amounts of information. If there are a bunch of planets floating around out there in the dim outer reaches of the Solar System, fine -- we'll get to them we develop the technology to make it possible. And I don't see why they should be any less scientifically interesting, individually or as a class, than the ones closer in.
If we do want a distinction that creates a memorizable list, just redefine "inner planet" to mean "any planet whose orbit lies within or crosses that of Neptune." That will include Pluto, and if there were anything Neptune-sized or bigger out there, we'd probably know about it already. That way kids can still learn My Very Excellent Mother Just Served Us Nine Pizzas, and astronomers can continue studying bodies orbiting the Sun wherever they occur without wasting their time jumping through rhetorical hoops.
FWIW, my comment was intended to be humorous too -- or rather, as I suspect AC's was, to make a serious point in a humorous way. I may have been a bit too acidic.
The reason for my annoyance is that I see an awful lot posters on /. name-checking some well-known logical fallacy in response to someone else's post without actually understanding what the fallacy in question is (and isn't), and it's become a kind of shorthand for dismissing arguments without actually paying attention to what they're saying. Really, it's a fallacy in and of itself, and probably ought to have a name ... The confusion between ad hominem and simple insults is a particularly common example; others include straw man, slippery slope, post hoc ergo propter hoc, and no true Scotsman.
If you want to dismantle someone's argument on the basis that it's ad hominem, fine, but show how this is the case, don't just assert it. And as with any other technical jargon, if you don't actually understand what the jargon means, it's best not to use it at all.
Or maybe you're just bad at history.
Or maybe you're just hoping everyone else is.
Or maybe you've forgotten that ~150 years of history have happened since then. Including the major political realignment of the 20th century in which the Democratic and Republican parties pretty much completely switched constituencies and positions.
Or maybe you're just a moron.
Ad hominem attacks: good as logic since 2001!
Insult != ad hominem. For example, if I were to say, "You're an idiot, therefore I conclude you're confusing an insult with an ad hominem argument," that would be an example of the ad hominem fallacy. On the other hand, if I were to say, "You're confusing an insult with an ad hominem argument, therefore I conclude you're an idiot," that would not. Since I don't like making fallacious arguments, I will restrict myself to the following statement:
You're confusing an insult with an ad hominem argument, therefore I conclude you're an idiot.
out of 10 people, 1 person pays almost the entire bill, 4 people pay a little bit, and the remaining 5 pay nothing at all
This is a classic Big Lie, which has been repeated so often that not only does the right wing now treat it as gospel, but the left wing is starting to let it slide in debates. In reality, when you look at the total tax burden (not just the narrowly defined "federal income tax," which does not include the FICA taxes that everyone with a paycheck pays) of federal, state, and local taxes, poor people pay an equal or higher percentage of their income in taxes than rich people do. You can argue all day about whether you think this is a good thing or not, but as the saying goes, "Everyone is entitled to their own opinion, but not to their own facts."
You cannot talk about government spending, on science or anything else, without also talking about politics, since arguments about where and how much the government should spend money are pretty much what politics is. Sorry if you consider a simple presentation of the facts to be "political bias," but it's absurd to pretend that the subject can be discussed apolitically.
Point. I suppose I should have said "dictionary attack" rather than "brute-force attack," since what I was thinking of was trying common names and words (or, in the long-password scenario, common lines like "it was the best of times", "to be or not to be", "fourscore and seven years ago", etc.) rather than just random ASCII. As far as the hash length vs. string length goes, even if it's stored hashed, the plaintext has to be processed at some point. Once upon a time, there was a real cost to the number of bytes allocated for a string, but that time is long gone.
Why not just allow
"It was the best of times, it was the worst of times"
As your actual password? It is a lot easier to remember than 1wtb0t1wtw0t!, and if you have any kind of lockout policy no script is going to ever guess it.
That's a damn good point. It's not like modern systems can't afford the few extra tens of bytes. Arbitrary character limits made a certain amount of sense in the days when data storage and transmission were expensive and there was a real cost to using large strings, but we're long past the days when a password that's any shorter than a novel is going to cost any more, in practical terms, than "password123".
Now, there are certain phrases that would best be avoided in creating such passwords, and particularly famous opening lines are among them, since it would be reasonable to try such lines in a brute-force attack. But I'll bet most users could come up with one- or two-sentence passwords that they would find easy to remember, but which attackers would be very unlikely to guess.
Exactly. Having reasonable policies such as "passwords may not consist solely of names or common dictionary words" strengthens security; going further than that and insisting that all passwords must consist of strings such as "kjf83i3n!mnc_79d" weakens security, because it practically begs people to write their passwords down. Similarly, requiring users to change their passwords every month will result in nothing but the use of weak passwords and/or constant tech support requests from users who can't log in.
Today working in the public sector is profitable, it comes with various perks - the workers are famous, they are swamped by armies of lobbyists, who are working on behalf of those, who are being regulated/taxed/subsidized based on the decisions made in the public sector.
The vast, vast majority of public sector workers are not elected officials. Conflating a Senator or Representative with the clerk who makes sure your grandmother gets her Social Security check is so absurd that it makes it difficult to take anything you have to say seriously.