The classified competition developed new models to make money, newspapers didn't.
For example, eBay takes a percentage of the sale, Google uses adwords and doesn't directly charge for the service, and craigslist gives their services away to 90% of the market to boost popularity and name recognition, then charges for job listings in the top markets.
Three different strategies that work extremely well, and all of them give the service away for free either initially, to the majority of their visitors, or completely (relying on ad revenue). Not one of them is behind a paywall (except craigslist for select services in select areas).
The craigslist strategy is particularly viable for newspapers. They could easily set themselves back up as "the place to go" for job postings and they wouldn't have to change much of the way they do business. The fail to do that though, and it shows.
That's how you adapt, and the Times, as well as most traditional media companies, haven't figured it out. Cable news seems to have a pretty good strategy - it's a free add-on to their broadcast (which generates ad revenue) that is designed to add value to their TV show. They don't make much money on the site itself, but it gives people more reason to watch, and that increases revenue.
The main problem is that internet advertising sucks.
Tell that to Google, and the companies who use their AddWords services.
95% of Google's profit (and it's a LOT of profit) comes from add revenues, and you hear time and time again how people have to stop their adwords advertising because they can't keep up with the demand it generates.
And yet, Google adwords are hardly noticeable on Google's site or any site that displays adwords (unless they are obnoxious about it, but hey that's kind of a hint there). How can this be? Ultra effective yet unobtrusive and not annoying? It goes against all the Laws of Internet Marketing!
Internet advertising doesn't suck. Idiotic advertising sucks, and it will not generate much revenue. Unfortunately, conventional advertising on the internet also happens to be idiotic advertising. You would think a company like the NY Times could figure that out, but alas they cannot.
It may make dictionary attacks more effective but it will completely destroy brute force methods.
Actually it requires brute force to use a dictionary attack on a pass phrase - it only takes 8 all-lowercase words to surpass a 20 character password (with symbols and numbers and capitols and all that shit) in un-crackability.
Using the 50,000 words in a common college vocabulary, a 7 word pass phrase has 7^32 permutations. Add in capitalization and punctuation, and it jumps up to 1^35. A 20 character password has 9^33 permutations. If you're paranoid you can use substitution (numbers, symbols, caps) on your 7 word pass phrase, and dictionary attacks are impossible - which just leaves traditional brute force methods. Say your 7 word sentence has 36 characters, and you're looking at 1.5^61 permutations for the standard brute force attack. The substituted pass phrase is harder to remember, but not as hard as your average 20 character password. Without the substitution the brute force on that pass phrase is 3^51, by the way.
A 7 word passphrase is more secure than a 20 character password, no matter how you look at it, and it's incredibly easy to remember.
A 7 word sentence using dictionary words is close to the security of a 20 character password(7^32 vs 9^33). Just adding capitalization and punctuation bumps that up another 3 orders of magnitude. It's also pretty easy to make and remember 10+ word sentences, which is over 9^46 permutations.
Hehe, password must be 6 characters long, but can't be more than 8.
Since I use a password structure with minor variations that is much longer than 10 characters, creating passwords on sites like that is a real pain. I'm always having to reset them, which just screws up all your security.
Real security requires you to balance out risks, figure out who is the main threat and make passwords to combat that.
That is exactly right.
The security in any system is only as strong as the weakest members, and the end user is almost always the weakest member of the security question. So before you can do anything, you need to strengthen the security that the users themselves practice. You need a comprehensive training program for all your employees - and it has to be a good one. You've got to make the security problem relevant to them before you'll be able to get any real behavior change.
Once you've done that, you need to implement sane policies that a reasonable individual can handle. Just because you have developed a system to memorize a random 20 character password at the drop of the hat doesn't mean your end users have (in fact, they almost certainly have not). Requiring a 20 character password with four upper and four lower case characters, four numbers, and four symbols (yeah, you get a whole 4 characters that you can make whatever you want!) that changes every month is not going to work, ever.
I worked at a National Guard armory on an army base for a while (I was a civilian contractor) and the problem with security that didn't take the users into account was glaringly obvious. The security there was intense - access cards that were bio-metrically linked to the individual (via fingerprint), an 8 digit PIN number for the card access, and a 10-15 character passwords that had to have 2 upper and lower characters, 2 numbers and 2 symbols in case you locked out your card with the wrong PIN.
You couldn't just unlock your PIN. If you locked it out, you needed to set a new one. To do this you had to scan your fingerprint at the issuing office. Your PIN could not be the same as any of the last 10-15 PINs you used, I don't remember the exact number. Since this was a constant problem, if you locked your card out you could expect to spend a half hour to an hour unlocking it. The password was a backup - you could get on to your system with your password. The trouble was nobody used their password, so unless they had it on a sticky they couldn't use it to get in to their system.
The PIN numbers were changed so frequently people started putting them on stickies on their monitor. Then they'd step out and forget their access card in the machine. Now you have zero security. None, nadda, zilch. For all your system does to keep it secure, you can just walk in to almost any empty but open office and find a card in a machine with the correct PIN stickied to the monitor.
You must design your security system to the limits of your users, not to the limits of the technology.
I'm personally a big fan of pass-phrases. It doesn't matter if you use dictionary words in a pass phrase, you're looking at 50,000+ possibilities for each word in the phrase, so for a 5 word passphrase you're looking at about 3^20 permutations. Add in capital letters and punctuation and it is more like 1^25 permutations. Compared to 9^20 for the 20 character password I described above, and that's not too far off. Most places recognize that a 20 character password will never work, and they generally use at most a 15 character password. Without any of the lost-options caused by adding restrictions (so many of x, y, or z type digit) that's 3^15 permutations, a hell of a lot less than the much easier to remember 5 word pass-phrase.
So you can have your insane levels of security if you're smart about it. If someone wants to use their daughter's birthday, "Shelly's birthday is on July the 20'th" is nearly uncrackable and extremely easy to remember.
The only way to limit sharing of passwords is to: a.) give them a secure and convenient way to do the same thing, b.) educate them about why they should not be sharing their passwords amongst themselves and make it relevant to them personally, and c.) enforce the policy with serious conse
Actually on the equator you'll get almost zero direct light coming through the window at high noon - the sun is directly over head, blocked by your fucking roof. You'll be sitting in a highly shaded area, and glare will probably not be a problem.
The worst places for glare are northern climates in the winter time. Thanks to the high reflectivity of the snow you can get a ton of light coming in through a window regardless of what time it is. Many visitors are surprised to find out that sunglasses are absolutely mandatory when there is three feet of snow on the ground. It's not an association people often make.
I also wouldn't classify any European countries as "near the equator". "Nearer than most of the western world" I would buy, but even southern Greece is 2000-3000 miles away (2,000 miles is the difference between 9 months of snow in a year and 0 months of snow in a year in the US - it's a lot).
When the threat is mitigated, do we finally get to reduce the threat level to blue or green? What are the criteria for actually reaching that?:P
Holy shit, they actually put a blue and a green into the scale? That was foolish, those are never attainable. Being a large country in a fairly envious position, there will always be at least some credible threat, so based on their own descriptions it should never drop below yellow.
Why? For having principles? Nobody told them to take it down, they took it down because they did not approve of what he was doing. Frankly, if I were them I'd shut down the server too.
The guy running the site sounds like a real asshole, and not the kind of person I'd want using my services. Apparently he's been kicked off several other hosts as well.
More than likely they were not permitted to share the fact that the US Gov had sent the request until after a certain event or time period.
In other words, they could be completely truthful in both cases: They may have shut down the server directly because they received the request - maybe they didn't want to take the liability, or maybe they just love their country and hate these kinds of assholes and wanted them off their site. They may also have been prevented from divulging the request due to its nature and sensitivity.
This would lead to the situation where they shut it down completely of their own accord, yet could not divulge exactly why they took it down until well after the fact.
The reason the server was shut down -- I assume -- is because they were notified that they were serving such information and they had two choices A) read every single blog posting and verify that no more of that information is on that server or B) shut it down and be safe.
You're forgetting the third option:
C) The owners love their country and are pissed off that someone is using their service to host anti-American content.
Companies are owned by people, and people have opinions and the right to act on them. I would not be surprised if this were part of the decision making process (though money can get people to turn a blind eye to things they find distasteful).
Here, let me help you out a bit, I'll bold the key points since your reading comprehension sucks balls.
If the FBI came to me and told me one of my hosts had bomb making info on it, I'd shut it down too regardless if it was foreign or domestic host, or just even a p0wn.
I can't see any reason to have that info on a web site. It's not like you're going to make a bigger bomb than the US has. You're just going to get some dumb-ass to blow his hand off.
There is no such thing as illegal information in the US. You can be held responsible if certain things happen directly because you posted certain types of information, but there very specific rules about what kinds of information this applies to - generally it must relate to causing direct harm to US soldiers or other similar personnel. If the people cannot be harmed by the information, though, there is nothing to stop you from posting it.
What the GP described and Burst.Net demonstrated was the individual right of the host to not display information they do not approve of. This is individuals censoring their own equipment.
The second key element you missed was that the Government's request was 100% voluntary. Burst.Net did not even have to give them the information requested if they did not want to.
Yeah, the US is really oppressive, I can totally see it now.
Also there are plenty of other reason besides righteous rebellion against a corrupt government that you might want to know about explosives.
There are tons of websites that show you how to build explosives. You can even go to college for it, it's a legitimate engineering discipline.
Every barrel of oil that spills costs the company $1000 in fines. That's already enough incentive to justify spending several billion dollars on a cleanup, with no other government intervention necessary.
By the way, have you ever tried to do anything at 5,000 feet below sea level? It's pretty damn hard to do anything, let alone execute complex engineering tasks. People die at less than 300 feet.
Given that the government is at the very least culpable in the spill (the MMS signed off on all safety equipment - the rig can't operate without it), I can't see how you can say the government saved us here. All of the actions initiated by the government aside from the Coast Guard have resulted in far more harm than would have been caused if they had simply let people get at it.
We had offers for help from foreign countries on day 1, and by at most day 5 it was abundantly clear that we could use all the help we get, yet it took Obama a month and a half to lift the Jones act (which he can do in emergencies), yet he didn't. That was 100% a failure of the government. BP even has ships that would be illegal for them to bring in, that's how fucked up it is. Obama issues a moratorium on drilling for no sound scientific reason (all of the scientists he claimed advised him gave no such advise), which will cause more economic damage to the region than the spill since there will be no restitution for the moratorium losses. Local governments can't get permission to build barriers to protect their coast lines for months after the spill, why? Who knows.
In every case where the federal government has been involved, with the exception of the Coast Guard (which is really only acting as a final say in what BP does, and lending support for the cleanup), things have gotten worse directly because of the governments actions. If the government had not gotten involved beyond the Coast Guard and the fine structure that is already in place, the entire Gulf Coast would be much better off than it is today.
Especially considering each machine already weighs over 2 tons. You aren't going to get a 2,000 ton machine on a ship and have any room for anything else on it.
On another note, I think your whole thesis is completely wrong- a centrifuge should be able to separate out oil from water regardless of whatever dispersants are in it. Centrifuges separate based on density. As long as you don't just sit there and let the water stand for awhile before you try to remove the oil, the dispersants should not have an effect.
Indeed, the biggest problem the centrifuges have is the heavy, sticky mouse. It's a hydrolized oil/water mix caused by the oil and water mixing at great pressure. I don't think the problem is that the centrifuge action cannot separate it, it's that it can't get it to pump through the system to get to the centrifuge. It's basically exactly what the dispersants are designed to prevent.
Slashdot Mirror
Steve Jobs is not an engineer.
He only plays one on TV. :)
Libertarians are for a much bigger government than anarchists, they're just for a much, much smaller government than we have now.
They actually want pretty much the size of government this country started out with back in the 1780's.
It's a lot more than nothing, but a lot less than what we have.
The classified competition developed new models to make money, newspapers didn't.
For example, eBay takes a percentage of the sale, Google uses adwords and doesn't directly charge for the service, and craigslist gives their services away to 90% of the market to boost popularity and name recognition, then charges for job listings in the top markets.
Three different strategies that work extremely well, and all of them give the service away for free either initially, to the majority of their visitors, or completely (relying on ad revenue). Not one of them is behind a paywall (except craigslist for select services in select areas).
The craigslist strategy is particularly viable for newspapers. They could easily set themselves back up as "the place to go" for job postings and they wouldn't have to change much of the way they do business. The fail to do that though, and it shows.
That's how you adapt, and the Times, as well as most traditional media companies, haven't figured it out. Cable news seems to have a pretty good strategy - it's a free add-on to their broadcast (which generates ad revenue) that is designed to add value to their TV show. They don't make much money on the site itself, but it gives people more reason to watch, and that increases revenue.
The main problem is that internet advertising sucks.
Tell that to Google, and the companies who use their AddWords services.
95% of Google's profit (and it's a LOT of profit) comes from add revenues, and you hear time and time again how people have to stop their adwords advertising because they can't keep up with the demand it generates.
And yet, Google adwords are hardly noticeable on Google's site or any site that displays adwords (unless they are obnoxious about it, but hey that's kind of a hint there). How can this be? Ultra effective yet unobtrusive and not annoying? It goes against all the Laws of Internet Marketing!
Internet advertising doesn't suck. Idiotic advertising sucks, and it will not generate much revenue. Unfortunately, conventional advertising on the internet also happens to be idiotic advertising. You would think a company like the NY Times could figure that out, but alas they cannot.
It may make dictionary attacks more effective but it will completely destroy brute force methods.
Actually it requires brute force to use a dictionary attack on a pass phrase - it only takes 8 all-lowercase words to surpass a 20 character password (with symbols and numbers and capitols and all that shit) in un-crackability.
Using the 50,000 words in a common college vocabulary, a 7 word pass phrase has 7^32 permutations. Add in capitalization and punctuation, and it jumps up to 1^35. A 20 character password has 9^33 permutations. If you're paranoid you can use substitution (numbers, symbols, caps) on your 7 word pass phrase, and dictionary attacks are impossible - which just leaves traditional brute force methods. Say your 7 word sentence has 36 characters, and you're looking at 1.5^61 permutations for the standard brute force attack. The substituted pass phrase is harder to remember, but not as hard as your average 20 character password. Without the substitution the brute force on that pass phrase is 3^51, by the way.
A 7 word passphrase is more secure than a 20 character password, no matter how you look at it, and it's incredibly easy to remember.
How about think about a sentence, and use that?
A 7 word sentence using dictionary words is close to the security of a 20 character password(7^32 vs 9^33). Just adding capitalization and punctuation bumps that up another 3 orders of magnitude. It's also pretty easy to make and remember 10+ word sentences, which is over 9^46 permutations.
Pass-phrases are the shit.
I've actually never come accross a system like that.
That or my passwords have simply never been duplicated (I r awesome!).
Hehe, password must be 6 characters long, but can't be more than 8.
Since I use a password structure with minor variations that is much longer than 10 characters, creating passwords on sites like that is a real pain. I'm always having to reset them, which just screws up all your security.
I'm amazed at the number of people who insist on using their usernames, the word 'password' or some variation thereof as their password.
I'm not, it's easy to remember.
Real security requires you to balance out risks, figure out who is the main threat and make passwords to combat that.
That is exactly right.
The security in any system is only as strong as the weakest members, and the end user is almost always the weakest member of the security question. So before you can do anything, you need to strengthen the security that the users themselves practice. You need a comprehensive training program for all your employees - and it has to be a good one. You've got to make the security problem relevant to them before you'll be able to get any real behavior change.
Once you've done that, you need to implement sane policies that a reasonable individual can handle. Just because you have developed a system to memorize a random 20 character password at the drop of the hat doesn't mean your end users have (in fact, they almost certainly have not). Requiring a 20 character password with four upper and four lower case characters, four numbers, and four symbols (yeah, you get a whole 4 characters that you can make whatever you want!) that changes every month is not going to work, ever.
I worked at a National Guard armory on an army base for a while (I was a civilian contractor) and the problem with security that didn't take the users into account was glaringly obvious. The security there was intense - access cards that were bio-metrically linked to the individual (via fingerprint), an 8 digit PIN number for the card access, and a 10-15 character passwords that had to have 2 upper and lower characters, 2 numbers and 2 symbols in case you locked out your card with the wrong PIN.
You couldn't just unlock your PIN. If you locked it out, you needed to set a new one. To do this you had to scan your fingerprint at the issuing office. Your PIN could not be the same as any of the last 10-15 PINs you used, I don't remember the exact number. Since this was a constant problem, if you locked your card out you could expect to spend a half hour to an hour unlocking it. The password was a backup - you could get on to your system with your password. The trouble was nobody used their password, so unless they had it on a sticky they couldn't use it to get in to their system.
The PIN numbers were changed so frequently people started putting them on stickies on their monitor. Then they'd step out and forget their access card in the machine. Now you have zero security. None, nadda, zilch. For all your system does to keep it secure, you can just walk in to almost any empty but open office and find a card in a machine with the correct PIN stickied to the monitor.
You must design your security system to the limits of your users, not to the limits of the technology.
I'm personally a big fan of pass-phrases. It doesn't matter if you use dictionary words in a pass phrase, you're looking at 50,000+ possibilities for each word in the phrase, so for a 5 word passphrase you're looking at about 3^20 permutations. Add in capital letters and punctuation and it is more like 1^25 permutations. Compared to 9^20 for the 20 character password I described above, and that's not too far off. Most places recognize that a 20 character password will never work, and they generally use at most a 15 character password. Without any of the lost-options caused by adding restrictions (so many of x, y, or z type digit) that's 3^15 permutations, a hell of a lot less than the much easier to remember 5 word pass-phrase.
So you can have your insane levels of security if you're smart about it. If someone wants to use their daughter's birthday, "Shelly's birthday is on July the 20'th" is nearly uncrackable and extremely easy to remember.
The only way to limit sharing of passwords is to: a.) give them a secure and convenient way to do the same thing, b.) educate them about why they should not be sharing their passwords amongst themselves and make it relevant to them personally, and c.) enforce the policy with serious conse
Actually on the equator you'll get almost zero direct light coming through the window at high noon - the sun is directly over head, blocked by your fucking roof. You'll be sitting in a highly shaded area, and glare will probably not be a problem.
The worst places for glare are northern climates in the winter time. Thanks to the high reflectivity of the snow you can get a ton of light coming in through a window regardless of what time it is. Many visitors are surprised to find out that sunglasses are absolutely mandatory when there is three feet of snow on the ground. It's not an association people often make.
I also wouldn't classify any European countries as "near the equator". "Nearer than most of the western world" I would buy, but even southern Greece is 2000-3000 miles away (2,000 miles is the difference between 9 months of snow in a year and 0 months of snow in a year in the US - it's a lot).
Seriously has nobody seen a globe before? Obligatory xkcd: http://xkcd.com/753/
What is this "putty"? I'm guessing you're not talking about the stuff that comes in the little egg? It's not right?
(I kid! I kid! I don't use it though)
The 2010's called, they said fuck you.
(Man this decade is a real asshole already, and it's not even 7 months old yet!)
It wasn't the bomb making recipies, dumbass, it was the al-Qaeda communications going on between users.
Do you really think the government cares about bomb making information on the net? You can get a college degree in explosives for christ's sake!
I don't think bomb making was the reason the fed was interested.
Just a guess, but I'd think they'd care a hell of a lot more about the al-Qaeda communications going on on the site.
Nothing more than a hunch, but it makes sense given everything you said.
Dumbass.
Source links?
Holy shit, how stupid are you?
FTFA:
The source links are in the damn summary.
When the threat is mitigated, do we finally get to reduce the threat level to blue or green? What are the criteria for actually reaching that? :P
Holy shit, they actually put a blue and a green into the scale? That was foolish, those are never attainable. Being a large country in a fairly envious position, there will always be at least some credible threat, so based on their own descriptions it should never drop below yellow.
Why? For having principles? Nobody told them to take it down, they took it down because they did not approve of what he was doing. Frankly, if I were them I'd shut down the server too.
The guy running the site sounds like a real asshole, and not the kind of person I'd want using my services. Apparently he's been kicked off several other hosts as well.
More than likely they were not permitted to share the fact that the US Gov had sent the request until after a certain event or time period.
In other words, they could be completely truthful in both cases: They may have shut down the server directly because they received the request - maybe they didn't want to take the liability, or maybe they just love their country and hate these kinds of assholes and wanted them off their site. They may also have been prevented from divulging the request due to its nature and sensitivity.
This would lead to the situation where they shut it down completely of their own accord, yet could not divulge exactly why they took it down until well after the fact.
The reason the server was shut down -- I assume -- is because they were notified that they were serving such information and they had two choices A) read every single blog posting and verify that no more of that information is on that server or B) shut it down and be safe.
You're forgetting the third option:
C) The owners love their country and are pissed off that someone is using their service to host anti-American content.
Companies are owned by people, and people have opinions and the right to act on them. I would not be surprised if this were part of the decision making process (though money can get people to turn a blind eye to things they find distasteful).
Information should never be illegal.
Here, let me help you out a bit, I'll bold the key points since your reading comprehension sucks balls.
If the FBI came to me and told me one of my hosts had bomb making info on it, I'd shut it down too regardless if it was foreign or domestic host, or just even a p0wn.
I can't see any reason to have that info on a web site. It's not like you're going to make a bigger bomb than the US has. You're just going to get some dumb-ass to blow his hand off.
There is no such thing as illegal information in the US. You can be held responsible if certain things happen directly because you posted certain types of information, but there very specific rules about what kinds of information this applies to - generally it must relate to causing direct harm to US soldiers or other similar personnel. If the people cannot be harmed by the information, though, there is nothing to stop you from posting it.
What the GP described and Burst.Net demonstrated was the individual right of the host to not display information they do not approve of. This is individuals censoring their own equipment.
The second key element you missed was that the Government's request was 100% voluntary. Burst.Net did not even have to give them the information requested if they did not want to.
Yeah, the US is really oppressive, I can totally see it now.
Also there are plenty of other reason besides righteous rebellion against a corrupt government that you might want to know about explosives.
There are tons of websites that show you how to build explosives. You can even go to college for it, it's a legitimate engineering discipline.
In other words, you're an idiot.
Every barrel of oil that spills costs the company $1000 in fines. That's already enough incentive to justify spending several billion dollars on a cleanup, with no other government intervention necessary.
By the way, have you ever tried to do anything at 5,000 feet below sea level? It's pretty damn hard to do anything, let alone execute complex engineering tasks. People die at less than 300 feet.
Given that the government is at the very least culpable in the spill (the MMS signed off on all safety equipment - the rig can't operate without it), I can't see how you can say the government saved us here. All of the actions initiated by the government aside from the Coast Guard have resulted in far more harm than would have been caused if they had simply let people get at it.
We had offers for help from foreign countries on day 1, and by at most day 5 it was abundantly clear that we could use all the help we get, yet it took Obama a month and a half to lift the Jones act (which he can do in emergencies), yet he didn't. That was 100% a failure of the government. BP even has ships that would be illegal for them to bring in, that's how fucked up it is. Obama issues a moratorium on drilling for no sound scientific reason (all of the scientists he claimed advised him gave no such advise), which will cause more economic damage to the region than the spill since there will be no restitution for the moratorium losses. Local governments can't get permission to build barriers to protect their coast lines for months after the spill, why? Who knows.
In every case where the federal government has been involved, with the exception of the Coast Guard (which is really only acting as a final say in what BP does, and lending support for the cleanup), things have gotten worse directly because of the governments actions. If the government had not gotten involved beyond the Coast Guard and the fine structure that is already in place, the entire Gulf Coast would be much better off than it is today.
In other words, fuck you asshole.
Especially considering each machine already weighs over 2 tons. You aren't going to get a 2,000 ton machine on a ship and have any room for anything else on it.
The Costners' tech scales.
No, it doesn't.
On another note, I think your whole thesis is completely wrong- a centrifuge should be able to separate out oil from water regardless of whatever dispersants are in it. Centrifuges separate based on density. As long as you don't just sit there and let the water stand for awhile before you try to remove the oil, the dispersants should not have an effect.
Indeed, the biggest problem the centrifuges have is the heavy, sticky mouse. It's a hydrolized oil/water mix caused by the oil and water mixing at great pressure. I don't think the problem is that the centrifuge action cannot separate it, it's that it can't get it to pump through the system to get to the centrifuge. It's basically exactly what the dispersants are designed to prevent.