HTTP also "seals" the message inside the protocol's encapsulation
The encapsulation for an HTTP message is the bounds of physical paper (which grows in size to fit the contents, of course). It's not hidden from view at all.
HTTPS is not even just a lined envelope. It's more like writing in secret code - the message itself is still plainly visible.
The blinking cursor is readable enough. Explanatory text in full size and color is taken to mean literally text to most dumb end users, and they'll keep clicking next to it and hitting backspace. The search suggestions are only that - suggestions. You don't strictly need to see them either.
In real-world use, this site will presumably be linked to by article body text to define jargon in the article, so the search UI is very secondary.
Crowd-sourced with Reddit-style voting. Unlike Urban Dictionary, I assume they have some way of reviewing and taking overriding action. This also means that Boaty McBoatface-style answers will be caught.
That's called a "wordmark". It's a logo or brand formed primarily out of stylized letters and symbols. Creative license is sometimes taken with the letterforms.
Just because it can be typed on a keyboard does not mean it should be taken literally.
They scared off every single user with their awful UI. Nobody could figure out what it was. It was a kitchen sink for your screen. The protocol was probably fine (federated XMPP with some nice extensions).
If you want the Win95 kernel, by all means have it.
Not every release of Windows is an improvement over the last, but if you're going to say that the move to an NT kernel was wasted effort, I don't know what to say. I can't think of a single OS that makes security improvements without progressively tweaking the UI or improving the performance of the kernel. Not a single alternative. People's needs change as computing changes.
none of that really NECESSITATED a new version of Windows
You're right....if they were in the business of doing things for free. Generally people expect to be paid for their work.
Windows 95 was DOS-based. The move to an NT-based OS was one of the biggest improvements in consumer OS history. Do you not remember how often Windows 95/98/ME crashed? Even if it's the fault of hardware drivers, the OS can and should be hardened against that.
All your "cloud" data (email, voice, whatever) is unencrypted on the server side
Not all cloud data is like this. Many require your password in order to decode the decryption key. At least plenty of online backup services adhere to this - if you forget your password and don't have a backup of your encryption key, your cloud data is useless.
there's no statistical difference between a pool of employees, and a pool of random people who bought their own health insurance
Not really true. A pool of random people (prior to ACA) don't all buy insurance - and the reasons they don't have a lot to do with how high premiums are for those that do.
There's always a chance that the hashes have been leaked, via SQL injection, hack or whatever. It's part of layered security - you can make everyone reset their passwords, but you are potentially leaking a password that a user has used elsewhere.
There are web sites that do lockouts by time, but not many. But usually the time block can be gone around by passing a CAPTCHA.
Forcing higher entropy for brute-forcing. Brute forcing happens successfully when people have bad passwords - ones that are susceptible to things like dictionary attacks. Forcing numbers and such will at least increase the search space for all/most passwords.
I was using abbreviated names, so August would not. I had May, but not Mar. - not a word I use often. Still, it was just a joke. Any good password-rules system should reject a 4-digit number sequence between 1900 and 2100 just to be safe. Dates are really not good passwords (unless the date has nothing to do with you).
One of my student loans just implemented really bad (forced) 2-factor authentication. You log in, it pops up a login box that says it may (not even definite) send you a code by email. If you dismiss the box, the code is never sent and you see the login form again. If you click the OK button correctly, it takes at least 5-6 minutes for the email to arrive, and if you request another one while waiting it invalidates the first one you were waiting on. And they don't necessarily even arrive in the order you requested them.
Or worse, have broken lockouts. There's one site I'm thinking of, where I get 3 tries before a lockout. But it doesn't reset after a successful login. If I make one wrong try then a correct login each month, it locks me out in 3 months.
HTTP also "seals" the message inside the protocol's encapsulation
The encapsulation for an HTTP message is the bounds of physical paper (which grows in size to fit the contents, of course). It's not hidden from view at all.
HTTPS is not even just a lined envelope. It's more like writing in secret code - the message itself is still plainly visible.
The blinking cursor is readable enough. Explanatory text in full size and color is taken to mean literally text to most dumb end users, and they'll keep clicking next to it and hitting backspace. The search suggestions are only that - suggestions. You don't strictly need to see them either.
In real-world use, this site will presumably be linked to by article body text to define jargon in the article, so the search UI is very secondary.
Crowd-sourced with Reddit-style voting. Unlike Urban Dictionary, I assume they have some way of reviewing and taking overriding action. This also means that Boaty McBoatface-style answers will be caught.
That's called a "wordmark". It's a logo or brand formed primarily out of stylized letters and symbols. Creative license is sometimes taken with the letterforms.
Just because it can be typed on a keyboard does not mean it should be taken literally.
This is what you get when you demand kill switches for robots.
They scared off every single user with their awful UI. Nobody could figure out what it was. It was a kitchen sink for your screen. The protocol was probably fine (federated XMPP with some nice extensions).
That may or may not be what Google Wave attempted to do. I never did quite figure it out.
Email was not designed to be "instant messaging". Relying on it to be such a system is just ridiculous.
Depending on the time, place, and network, you could say the same for SMS.
If you want the Win95 kernel, by all means have it.
Not every release of Windows is an improvement over the last, but if you're going to say that the move to an NT kernel was wasted effort, I don't know what to say. I can't think of a single OS that makes security improvements without progressively tweaking the UI or improving the performance of the kernel. Not a single alternative. People's needs change as computing changes.
Can't you take a joke?
Why stop at 10%?
Of course not, AMERICANS can be traitors; too.
FTFY
Depends on where your typo is. It's not like IP addresses are picked at random out of the entire address space.
none of that really NECESSITATED a new version of Windows
You're right....if they were in the business of doing things for free. Generally people expect to be paid for their work.
Windows 95 was DOS-based. The move to an NT-based OS was one of the biggest improvements in consumer OS history. Do you not remember how often Windows 95/98/ME crashed? Even if it's the fault of hardware drivers, the OS can and should be hardened against that.
I sure remember. I had 32MB of RAM at that time and Active Desktop used half of it when it was enabled.
All your "cloud" data (email, voice, whatever) is unencrypted on the server side
Not all cloud data is like this. Many require your password in order to decode the decryption key. At least plenty of online backup services adhere to this - if you forget your password and don't have a backup of your encryption key, your cloud data is useless.
there's no statistical difference between a pool of employees, and a pool of random people who bought their own health insurance
Not really true. A pool of random people (prior to ACA) don't all buy insurance - and the reasons they don't have a lot to do with how high premiums are for those that do.
There's always a chance that the hashes have been leaked, via SQL injection, hack or whatever. It's part of layered security - you can make everyone reset their passwords, but you are potentially leaking a password that a user has used elsewhere.
There are web sites that do lockouts by time, but not many. But usually the time block can be gone around by passing a CAPTCHA.
Forcing higher entropy for brute-forcing. Brute forcing happens successfully when people have bad passwords - ones that are susceptible to things like dictionary attacks. Forcing numbers and such will at least increase the search space for all/most passwords.
I've had it go either way - up or down. Or not change at all - getting stuck permanently on Weak.
I was using abbreviated names, so August would not. I had May, but not Mar. - not a word I use often. Still, it was just a joke. Any good password-rules system should reject a 4-digit number sequence between 1900 and 2100 just to be safe. Dates are really not good passwords (unless the date has nothing to do with you).
CAPTCHA is only engaged upon failure.
One of my student loans just implemented really bad (forced) 2-factor authentication. You log in, it pops up a login box that says it may (not even definite) send you a code by email. If you dismiss the box, the code is never sent and you see the login form again. If you click the OK button correctly, it takes at least 5-6 minutes for the email to arrive, and if you request another one while waiting it invalidates the first one you were waiting on. And they don't necessarily even arrive in the order you requested them.
Rainbow tables are useless when every password in the system is salted differently.
have short (i.e. 3 fails) lockouts
Or worse, have broken lockouts. There's one site I'm thinking of, where I get 3 tries before a lockout. But it doesn't reset after a successful login. If I make one wrong try then a correct login each month, it locks me out in 3 months.