I've used a half-dozen two-factor auth solutions between different finance sites and different employers in the past 5 years, and non of them have used my phone. I see that from email providers, as it's the cheapest possible solution (which, still, far better than no solution). I wouldn't use anything phone-based for banking, to be sure, as malware targeting phones is so damn common (plus physical theft of the phone happens), but that's just me.
Two-factor auth is a big win, of course. For anything financial, and for work accounts, the whole idea of strong passwords should be abandoned in favor of well-designed two-factor solutions.
How many people do per-user salting of the password hash? It's an important best practice to defeat rainbow tables. If you have thousand of passwords stolen, despite your best efforts, the least you can do is make it non-trivial to guess each one.
Mostly, though, encrypt your stored credentials in some way that requires an attacker to compromise two unrelated machines to get anything of value. Even a simple AES encryption with a hard-coded key is a win, as it's actually pretty tough (for a non-insider) to figure out he needs to either hack the source code repo, or somehow find the key in the object, on disk or in-memory. That's not impossible, but practically it limits the threat to malicious insiders, and malicious governments.
Administrators should be responsible for closing failing schools and get fired when they don't,
And when the administrator claims no schools are failing? When the administrators competitive salary is determined by the number of schools he's in charge of? If the administration is great in the first place, there won't be any failing schools.
If it were easy to choose between school systems (via a voucher system or something more), then you could tell the failing schools because parents would move their kids out of them. When there's no "market" pressure, you need something to help force the issue.
Sure, a bad metric gets gamed, but it still beats no metric at all! And the schools really do include with teachers and admins who really do suck, and really were counting on the lack of any metric to just coast through life at our kids' expense.
That's how science works. The predictions of the current model fail - the equations don't balance. You'll get many competing hypotheses each with its own suggestion for a new something that makes the equations balance. There were quite a few ideas for "dark matter" including a few "we just got gravity wrong" ideas.
The was no doubt at all that something was missing in established theory about galaxies and gravity - too much data to argue with. It's not like someone just invented dark matter out of the blue, then went looking for a use for it! There was no reason at the time to prefer any particular hypothesis.
Then the CMBR data gave us a fairly accurate measurement of the ratio of dark matter to matter in the universe long ago, and removed any doubt that it must be cold dark matter of some sort - not c or near-c particles, not a different theory of gravity, those ideas were falsified by the new data And in fact only the WIMP theory of dark matter accurately predicted the new measurement.
Dark energy is still early in this curve. There's no doubt about the data: there's something we don't know about the universe at very large scale, and it's the dominant effect at that scale. There are a bunch of hypotheses about what it might be, but that's about it right now.
Sorry, "HTTPS everywhere", not "-only" - it tries HTTPS first, which helps with a bunch of sites so you don't have to bookmark the https version specifically, but still falls back to HTTP when needed.
Everyone should use that plugin in normal browsing IMO - it will drive traffic to HTTPS, and really there's no reason for non-HTTPS sites anymore Slashdot are you listening, you HTTP-only weenies?
"HTTPS only" is a plug-in, on by default in the Tor Browser Bundle. The Tor dev team is really focused on making the browsing experience as normal as possible to encourage use over strong security by default. JS is enabled by default, for example (noscript is the other plug-in bundled, but I think it's turned off by default - haven't looked at Tor for a few years).
I understand the desire of the Tor team to encourage many people to use Tor for normal, legal browsing, and ultimately that's the best security: when use of Tor is not itself a red flag. But it makes the default Tor install much softer than it would otherwise be.
It's a very well known problem that "A players hire A players, but B players hire C players", and not just in engineering. The best want to work with the best, but the nervous-that-they're-not-the-best want to work with the mediocre. So most companies large enough to have formal hiring processes are at least aware of the problem, and are trying to cope.
The real problem IMO is "how can you create a standardized test to measure critical thinking", because our school system is helpless without it (and for all the complaints of teaching to the test, we need some objective way to find schools that aren't working).
Plus, the whole structure of school is around training manufacturing workers. You may not learn math, but for damn sure you're learn to sit for 30 minutes, move form task to task when the bell rings, rush to the bathroom during designated windows, and so on - all great for the manufacturing jobs that were the best jobs most people could get in most of the 20th century. But it's a new millennium now, and manufacturing is the past. We need a classroom in which student are given time to think, to stare off into space while the subconscious works on the problem - but how to distinguish that from daydreaming and doing nothing? It will take a lot of change to schools, that's for sure.
Way to miss the point: you do it for yourself, because you know what's right, and you enjoy doing what's right. Character is "doing what's right when no one is looking". The example was more of an Easter egg, though.
I'm sure the SJW label was originally intended as satire, but Poe's Law works both ways. There have been "Social Justice" conferences and groups related to social media for a while now, and I've certainly seen people, apparently sincere, self-identify as "warriors for social justice" on forums.
If you're not going in harm's way, you shouldn't call yourself a "warrior" of any kind. Malala Yousafzai got shot for daring to advocate that girls should be taught to read. The Canadian parliament attracted a shooter for giving her Canadian citizenship (or so it's presumed -the timing suggests it strongly).
Internet death threats from pathetic losers just aren't the same thing as taking on the Taliban. The risk may be non-0, but iit's problebly lower than the risk of driving to the event.
you think we should simply stop trying to protect anyone from harassment and bullying because clearly it's their own fault for being sensitive
When the "offended" person is a self-righteous Western middle-class person with an entitlement complex? You betcha. You have it better than 99% of people who have ever lived - stop looking for reasons to be offended, and start realizing how wonderful things are for you.
The Nobel Peace Prize* was just awarded to a genuine warrior for social justice. Want to be a real SJW? Go someplace where it's illegal to teach girls to read, and get shot at for trying. Want to complain on the internet about your hurt feelings because someone on the internet offended you? Don't be too surprised when people tell you to be less sensitive. And go donate to Room to Read, to help those actually making a difference in social justice.
*A dubious prize in many years, but for once I'm quite impressed by their choice.
The end-user sees the IT person as nothing more than an electronic janitor who's sole purpose is to clean up the messes that they, the user, were too careless or too inept to prevent from happening in the first place. Thus, they don't bother to learn how to do things properly, they don't learn how to keep from getting a virus, they don't learn how to do even the simplest of things because "That's IT's job. I shouldn't have to know computers!"
That's the service they pay for, not having to "learn computers". IT is the data janitors. Most actual janitors don't despise the people they clean for, you know (of course, most actual janitors don't get hassled constantly either).
"Classified" is a vague term, but computers holding "confidential" materials were affected (secret and above is a whole different world of computing). The machines were rootkitted by a foreign-owned company, and that rootkit phoned home. The DoJ was not amused.
If they brick many US government computers, and it was deliberate they're in deep. The DoJ isn't so vigorous for consumer protection, but screw with government computers, especially those holding confidential information, and they get quite upset.
Bad analogy. If this was deliberate, which seems likely, there's no legal loophole which lets you destroy someone else stuff. With a court order you can go after unsold inventory with a vengeance, but not consumer gear.
None of which will matter if they end up bricking government PCs, no matter what their excuse is.
Sony was slapped with a fine so large the shareholders winced. The CEO resigned. The DoJ said they got the benefit of the doubt that the effect on government computers was unintended, but if Sony didn't learn the DoJ would simply... end... Sony America.
The NSA disagrees: all email ever sent is stored now, in their datacenters, next to the recordings of every voice call for the past decade. Your tax dollars at work..
That's good info, but they do push their annoying-as-fuck unneeded "improvements" by default. I'm tired of it - I've migrated my important email to Outlook.com now, and I'm sorting out my personal email now (harder to change as I search history more there than the financial stuff).
I've said it before on/., but I'll repeat it: Outlook.com doesn't suck. Gmail was the only sane answer 12 years ago, but my how times have changed.
Through the class-action lawsuit settlement, one presumes. This is pretty far over the line, and is likely criminal if it breaks any US government gear.
In the Sony rootkit fiasco, the DoJ made it clear that the only reason Sony would continue to exist in America was the presumption that the damage to government computers wasn't intentional. This was clearly intentional.
If they work, I don't care. The scumbags bricking devices are the problem.
Indeed. This will end badly for whoever thought this was clever. You'd think companies would have learned from the Sony rootkit fiasco, but no.
FTDI just bought a ticket to the "fuck with the DoJ lottery". If they happen to brick anything used by the US Government for any official purpose, they're a winner! Who's that at the door, Ed McMahon with a giant check? No, it's the the DoJ with a giant fine! You may also have won: "being made an example of", with complementary federal prison time!
The power to tax is the power to destroy, and I rather suspect that's the goal here: to limit the access of the masses to Western culture in a way that won't spark rebellion. Depressing, really.
I've used a half-dozen two-factor auth solutions between different finance sites and different employers in the past 5 years, and non of them have used my phone. I see that from email providers, as it's the cheapest possible solution (which, still, far better than no solution). I wouldn't use anything phone-based for banking, to be sure, as malware targeting phones is so damn common (plus physical theft of the phone happens), but that's just me.
Two-factor auth is a big win, of course. For anything financial, and for work accounts, the whole idea of strong passwords should be abandoned in favor of well-designed two-factor solutions.
How many people do per-user salting of the password hash? It's an important best practice to defeat rainbow tables. If you have thousand of passwords stolen, despite your best efforts, the least you can do is make it non-trivial to guess each one.
Mostly, though, encrypt your stored credentials in some way that requires an attacker to compromise two unrelated machines to get anything of value. Even a simple AES encryption with a hard-coded key is a win, as it's actually pretty tough (for a non-insider) to figure out he needs to either hack the source code repo, or somehow find the key in the object, on disk or in-memory. That's not impossible, but practically it limits the threat to malicious insiders, and malicious governments.
Administrators should be responsible for closing failing schools and get fired when they don't,
And when the administrator claims no schools are failing? When the administrators competitive salary is determined by the number of schools he's in charge of? If the administration is great in the first place, there won't be any failing schools.
If it were easy to choose between school systems (via a voucher system or something more), then you could tell the failing schools because parents would move their kids out of them. When there's no "market" pressure, you need something to help force the issue.
Sure, a bad metric gets gamed, but it still beats no metric at all! And the schools really do include with teachers and admins who really do suck, and really were counting on the lack of any metric to just coast through life at our kids' expense.
ST:TNG settled 2 things for geeks: the pronunciation of "data", and the phrasing "data is".
But, it makes the equations balance...
That's how science works. The predictions of the current model fail - the equations don't balance. You'll get many competing hypotheses each with its own suggestion for a new something that makes the equations balance. There were quite a few ideas for "dark matter" including a few "we just got gravity wrong" ideas.
The was no doubt at all that something was missing in established theory about galaxies and gravity - too much data to argue with. It's not like someone just invented dark matter out of the blue, then went looking for a use for it! There was no reason at the time to prefer any particular hypothesis.
Then the CMBR data gave us a fairly accurate measurement of the ratio of dark matter to matter in the universe long ago, and removed any doubt that it must be cold dark matter of some sort - not c or near-c particles, not a different theory of gravity, those ideas were falsified by the new data And in fact only the WIMP theory of dark matter accurately predicted the new measurement.
Dark energy is still early in this curve. There's no doubt about the data: there's something we don't know about the universe at very large scale, and it's the dominant effect at that scale. There are a bunch of hypotheses about what it might be, but that's about it right now.
Sorry, "HTTPS everywhere", not "-only" - it tries HTTPS first, which helps with a bunch of sites so you don't have to bookmark the https version specifically, but still falls back to HTTP when needed.
Everyone should use that plugin in normal browsing IMO - it will drive traffic to HTTPS, and really there's no reason for non-HTTPS sites anymore Slashdot are you listening, you HTTP-only weenies?
"HTTPS only" is a plug-in, on by default in the Tor Browser Bundle. The Tor dev team is really focused on making the browsing experience as normal as possible to encourage use over strong security by default. JS is enabled by default, for example (noscript is the other plug-in bundled, but I think it's turned off by default - haven't looked at Tor for a few years).
I understand the desire of the Tor team to encourage many people to use Tor for normal, legal browsing, and ultimately that's the best security: when use of Tor is not itself a red flag. But it makes the default Tor install much softer than it would otherwise be.
It's a very well known problem that "A players hire A players, but B players hire C players", and not just in engineering. The best want to work with the best, but the nervous-that-they're-not-the-best want to work with the mediocre. So most companies large enough to have formal hiring processes are at least aware of the problem, and are trying to cope.
The real problem IMO is "how can you create a standardized test to measure critical thinking", because our school system is helpless without it (and for all the complaints of teaching to the test, we need some objective way to find schools that aren't working).
Plus, the whole structure of school is around training manufacturing workers. You may not learn math, but for damn sure you're learn to sit for 30 minutes, move form task to task when the bell rings, rush to the bathroom during designated windows, and so on - all great for the manufacturing jobs that were the best jobs most people could get in most of the 20th century. But it's a new millennium now, and manufacturing is the past. We need a classroom in which student are given time to think, to stare off into space while the subconscious works on the problem - but how to distinguish that from daydreaming and doing nothing? It will take a lot of change to schools, that's for sure.
Way to miss the point: you do it for yourself, because you know what's right, and you enjoy doing what's right. Character is "doing what's right when no one is looking". The example was more of an Easter egg, though.
I'm sure the SJW label was originally intended as satire, but Poe's Law works both ways. There have been "Social Justice" conferences and groups related to social media for a while now, and I've certainly seen people, apparently sincere, self-identify as "warriors for social justice" on forums.
If you're not going in harm's way, you shouldn't call yourself a "warrior" of any kind. Malala Yousafzai got shot for daring to advocate that girls should be taught to read. The Canadian parliament attracted a shooter for giving her Canadian citizenship (or so it's presumed -the timing suggests it strongly).
Internet death threats from pathetic losers just aren't the same thing as taking on the Taliban. The risk may be non-0, but iit's problebly lower than the risk of driving to the event.
you think we should simply stop trying to protect anyone from harassment and bullying because clearly it's their own fault for being sensitive
When the "offended" person is a self-righteous Western middle-class person with an entitlement complex? You betcha. You have it better than 99% of people who have ever lived - stop looking for reasons to be offended, and start realizing how wonderful things are for you.
The Nobel Peace Prize* was just awarded to a genuine warrior for social justice. Want to be a real SJW? Go someplace where it's illegal to teach girls to read, and get shot at for trying. Want to complain on the internet about your hurt feelings because someone on the internet offended you? Don't be too surprised when people tell you to be less sensitive. And go donate to Room to Read, to help those actually making a difference in social justice.
*A dubious prize in many years, but for once I'm quite impressed by their choice.
The end-user sees the IT person as nothing more than an electronic janitor who's sole purpose is to clean up the messes that they, the user, were too careless or too inept to prevent from happening in the first place. Thus, they don't bother to learn how to do things properly, they don't learn how to keep from getting a virus, they don't learn how to do even the simplest of things because "That's IT's job. I shouldn't have to know computers!"
That's the service they pay for, not having to "learn computers". IT is the data janitors. Most actual janitors don't despise the people they clean for, you know (of course, most actual janitors don't get hassled constantly either).
It's more like "is there anything else we can try to save Detroit from the evil non-Detroit manufacturers". Sadly, there's no saving Detroit.
"Classified" is a vague term, but computers holding "confidential" materials were affected (secret and above is a whole different world of computing). The machines were rootkitted by a foreign-owned company, and that rootkit phoned home. The DoJ was not amused.
Now that's a good problem to occupy the attention of Google's "UI designers", who clearly have nothing useful to do with their time!
If they brick many US government computers, and it was deliberate they're in deep. The DoJ isn't so vigorous for consumer protection, but screw with government computers, especially those holding confidential information, and they get quite upset.
Bad analogy. If this was deliberate, which seems likely, there's no legal loophole which lets you destroy someone else stuff. With a court order you can go after unsold inventory with a vengeance, but not consumer gear.
None of which will matter if they end up bricking government PCs, no matter what their excuse is.
Sony was slapped with a fine so large the shareholders winced. The CEO resigned. The DoJ said they got the benefit of the doubt that the effect on government computers was unintended, but if Sony didn't learn the DoJ would simply ... end ... Sony America.
The NSA disagrees: all email ever sent is stored now, in their datacenters, next to the recordings of every voice call for the past decade. Your tax dollars at work..
That's good info, but they do push their annoying-as-fuck unneeded "improvements" by default. I'm tired of it - I've migrated my important email to Outlook.com now, and I'm sorting out my personal email now (harder to change as I search history more there than the financial stuff).
I've said it before on /., but I'll repeat it: Outlook.com doesn't suck. Gmail was the only sane answer 12 years ago, but my how times have changed.
Through the class-action lawsuit settlement, one presumes. This is pretty far over the line, and is likely criminal if it breaks any US government gear.
In the Sony rootkit fiasco, the DoJ made it clear that the only reason Sony would continue to exist in America was the presumption that the damage to government computers wasn't intentional. This was clearly intentional.
If they work, I don't care. The scumbags bricking devices are the problem.
Indeed. This will end badly for whoever thought this was clever. You'd think companies would have learned from the Sony rootkit fiasco, but no.
FTDI just bought a ticket to the "fuck with the DoJ lottery". If they happen to brick anything used by the US Government for any official purpose, they're a winner! Who's that at the door, Ed McMahon with a giant check? No, it's the the DoJ with a giant fine! You may also have won: "being made an example of", with complementary federal prison time!
I've had banks screw that up, is the thing. Wells Fargo, is there no paperwork you can't get wrong?
The power to tax is the power to destroy, and I rather suspect that's the goal here: to limit the access of the masses to Western culture in a way that won't spark rebellion. Depressing, really.