Well, let's try it the other way. "Assume your institution will never leak your hash, and rate limits at exactly the thresholds you find appropriate."
"OK. I'm going to keep using mittens22 as my password and sleep like a baby." It doesn't make for much of a discussion.
You're probably right that password handling is more important than password choice, but just as sysadmins ultimately can't make their users choose good passwords, users can't make their sysadmins handle them correctly. "Vote with your feet" counts for something, but not when it's your workplace, and you don't always know how badly your passwords are being mismanaged behind the scenes. So you do what you can.
The remedy for a compromised database of hashed passwords is: do not use the same credentials in several places.
Well, that takes care of part of the problem. However, in that scenario, a good password could (if your institution at least does good hashing) mean more time between database compromise and the compromise of your account - time in which you could change your password.
AdFree is effective and simple, and I would recommend it for pretty much anyone, but for more aggressive control I like DroidWall. It's a front end for iptables, and grants network access on a UID basis. Since each app is given a UID, this effectively means it works on a per-app basis, and it lists app names in the interface.
Fair warning: While whitelisting is a superior strategy to blacklisting, it can bite you by blocking core functionality like updates, and it's not always clear what needs to be unblocked to restore functionality. Fortunately it does logging, so you can turn on logging, perform the action that's not working, and check the log to see what hit the firewall.
It does entail some work, at least while you're still breaking in your phone, which is why I recommend it only if you're feeling "aggressive". AdFree is easy and practical.
I think "fatal" means the wound is the cause of death, regardless of whether death was a certain outcome of the wound. I'm less sure about "mortally wounded", but I take it to mean exactly the same thing, with the slightly different connotation that the speaker is asserting that the wound is certain to be fatal, although he may not know for sure. I definitely wouldn't take, "He's mortally wounded," to mean, "I think he might pull through if we can get him to a doctor."
"Fatally wounding" does not necessarily mean "it could have lived", but it does leave room for that interpretation. Of course, I think he was just illustrating the distinction, not attempting to make the first stab in an etymological knife fight.
They definitely do it. My girlfriend just bought a Fusion (marketed by AT&T as a pay-as-you-go thing) with the sole intention of ditching the sim card that came with it and using it on her existing AT&T voice only plan. Suddenly they tell her she has a data plan, and she's going to pay for it monthly. We're still working out exactly how to react to that, but yeah, they're apparently serious about it.
Honestly, when I heard the term, I thought the character was joking. It dawned on me a few minutes later that perhaps that was intended to be the actual name of the stuff, but I was too busy watching blue people ride dragons through canyons to be upset about it.
I can't speak for developer goals, but that's not why I use it. I use it so that I never have to have a root shell open, which I might carelessly leave open, which is a small (depending on context) security vulnerability, and a large safety problem, since I could (again, carelessly) type the next few commands as root by accident.
Anyway, making any program setuid root increases the chances that anyone that can run it could get unlimited root access. sudo in particular has a history of problems with the "limited access" use case. It tends to give away more root than you might think, especially if the user is inclined to persist at trying to get it.
I'll grant that if you trust someone not to try to exploit your system, but you just don't think they need full root access, sudo is a convenient way to give them just what they need. I disagree that that's the "whole point", though. My policy is not to give out sudo privileges (however limited) to anyone I wouldn't trust with full root access.
I agree with the sentiment that preventing autocomplete is stupid behavior. I find it mildly offensive that the browser enforces this, without option to turn it off, since it is supposed to be acting on my behalf. "Fix it yourself" is generally not a very helpful answer. However, in this case, I eventually did fix it myself (after I read how).
There are bookmarklets floating around which will force autocomplete for a page, but you have to load the page, then hit the bookmarklet, and it's not (that I've seen) a 100% solution. Better than nothing, though, and it works as a non-admin user.
Ultimately, to remove this behavior, I ended up altering a system file. I have to edit it again every time I upgrade Firefox, but that's part of the documentation for my system, now. On Gentoo, running FF 3.6.20, the file is/usr/lib/xulrunner-1.9.2/components/nsLoginManager.js. There is a function named "_isAutocompleteDisabled". Alter it to unconditionally return false, and the effect is that autocomplete is never disabled.
That's just my system, and I obviously use a pretty old version of Firefox. If you figure out where the current version of Firefox keeps the equivalent files on your OS of choice, and grep around for "isAutocompleteDisabled", I think you'll likely find the right place to hack the newest versions.
I am very pleased with the results. Autocomplete is no longer conditionaly, and I am never bothered by a site's attempt to prevent it. On the other hand, I'd be even more pleased to find a solution which is as effective, but stays within the confines of "normal" user configuration - an extension, or greasemonkey script, what-have-you.
This topic got me thinking about it, so I installed CUPS. I have a crappy little android phone. It doesn't even run CyanogenMod. I have a debian chroot environment on the sdcard. CUPS installed, and the service started, and localhost:631 shows the usual page. I haven't added a printer, yet, but I'll try to test that part out soon.
So my direct answer to your last question is that not a lot of porting is necessary. CUPS seems to work. Why isn't it part of the base system? Why doesn't every app have a "print" button? Either they ought to or the answer eludes me at this hour.
I will throw out the caveat that really only network printers are compatible with this setup. There is an obvious problem when you look at a printer, the accompanying USB cable, and a phone. But then, I don't think a lot of people have just a printer and a phone. If your USB printer is attached to a computer, the computer can take care of the network end of things. (More CUPS.)
I have to disagree. I saw that strip first, and I got it, and I appreciated the concept of the joke, and generally I appreciate Dilbert... but that's just not funny. Later, when I saw the XKCD panel with the comment about rolling a die, I laughed, because it's funny. Subjective, though, I guess.
Well... no, it doesn't. I'm not a physicist, but I assume they've got a bit more backing up the uncertainty principle than, "We can't seem to get these two measurements at the same time, therefore no one ever will." (Note that I think you're less wrong than the post to which you replied, but more worth correcting on this somewhat philosophical point.)
Good points. I mean, they sounded pretty good when Penn and Teller were making them. I don't think you parroted them correctly, though.
Penn made the point that if we treat animals with the same respect and rights as people (which PETA seeks), it would make sense to give them the same responsibilities, and cited obscenity and sanitation codes as an example, which most animals would be completely unprepared to follow. I'm fairly sure PETA doesn't go around saying animals should have to obey our laws, though.
"Bullshit!" is a great show, I think, but it sounds like you watched an episode, half-remembered it, and regurgitated what you remembered as the main points.
(Oh, it looks like PETA was season 2, episode 1, if anyone else wants to check it out.)
In the bathroom, I might be showering, shaving, or shitting, but I'm not just sitting around wishing I had something to do until my official bathroom time is up. I'm busy. I'm pretty sure that's normal. The old idea of a TV or phone or microwave in the bathroom is comical, but that is not actually my favorite room in the house to hang out.
Wait... I didn't see this gem:
[...] you will soon be able to stop taking your mobile computer of choice into the bathroom [...]
Exactly what I thought. Autism diagnosis rates are going up. Shockingly, if you put two people who like to analyze things in charge of a kid, they might be more likely to get him diagnosed. It could be true and have nothing to do with genetics, and very little to do with autism.
That's assuming the "theory" (hypothesis?) isn't just completely made up sensationalist crap, which most of the high-rated comments so far suggest it is. I haven't read TFA, but I don't think it looks worthwhile at this point.
Perhaps it is about propriety. My understanding is that you won't get in trouble for downloading (personal gain), but for uploading (giving to the community). If someone really thinks that sharing content with others is morally or ethically a good thing to do, then it stands to reason that giving up the practice because of intimidation just wouldn't be, well, proper.
Not that every torrenter is a saint. The motivation might just be "fuck the man", which amounts to the same thing in a perverse way. Of course, there's always ignorance. The fact that an activity is a bad idea doesn't seem to prevent large numbers of people from engaging in it. (Smoking, any number of bad driving habits, unprotected sex, being belligerent to police, posting compromising photos online, developing in Flash...)
But I have to admit feeling some kind of line is crossed with a system that can (as the article stated) scan a physical barcode of something in front of you and start fetching it in moments.
Really? *whips out phone* Wow, cool! I had no idea Transdroid had a built in bar code scanner. Thanks!
You and I are at a bar. You look away, and I pour my beer all over you. You turn to me, see that my glass is suddenly empty, there's no one else around, etc. You accuse me of pouring a beer on you.
"Nope. God did it." Since you can't disprove that, both of our hypotheses are a matter of faith, and therefore equally valid, right?
(Answer: No. One is supported by evidence, while the other has no evidence, therefore one hypothesis is more likely. Whether the other can be disproven is irrelevant to that fact.)
That's not surprising at all. Here, am I talking politics or electronics?
"Just spend enough to make it work. What's the most common solution? Let's do that."
"I want to spend as much money as necessary to get what I'm told is the best and shiniest system possible."
Then there are the Linux libertarians: disgusted by the major parties, trying hard (sometimes too hard) not to become cynical about their tiny minority. "Of course it's a viable solution! People will get it someday..."
Slashdot Mirror
Well, let's try it the other way. "Assume your institution will never leak your hash, and rate limits at exactly the thresholds you find appropriate."
"OK. I'm going to keep using mittens22 as my password and sleep like a baby." It doesn't make for much of a discussion.
You're probably right that password handling is more important than password choice, but just as sysadmins ultimately can't make their users choose good passwords, users can't make their sysadmins handle them correctly. "Vote with your feet" counts for something, but not when it's your workplace, and you don't always know how badly your passwords are being mismanaged behind the scenes. So you do what you can.
The remedy for a compromised database of hashed passwords is: do not use the same credentials in several places.
Well, that takes care of part of the problem. However, in that scenario, a good password could (if your institution at least does good hashing) mean more time between database compromise and the compromise of your account - time in which you could change your password.
AdFree is effective and simple, and I would recommend it for pretty much anyone, but for more aggressive control I like DroidWall. It's a front end for iptables, and grants network access on a UID basis. Since each app is given a UID, this effectively means it works on a per-app basis, and it lists app names in the interface.
Fair warning: While whitelisting is a superior strategy to blacklisting, it can bite you by blocking core functionality like updates, and it's not always clear what needs to be unblocked to restore functionality. Fortunately it does logging, so you can turn on logging, perform the action that's not working, and check the log to see what hit the firewall.
It does entail some work, at least while you're still breaking in your phone, which is why I recommend it only if you're feeling "aggressive". AdFree is easy and practical.
I think "fatal" means the wound is the cause of death, regardless of whether death was a certain outcome of the wound. I'm less sure about "mortally wounded", but I take it to mean exactly the same thing, with the slightly different connotation that the speaker is asserting that the wound is certain to be fatal, although he may not know for sure. I definitely wouldn't take, "He's mortally wounded," to mean, "I think he might pull through if we can get him to a doctor."
"Fatally wounding" does not necessarily mean "it could have lived", but it does leave room for that interpretation. Of course, I think he was just illustrating the distinction, not attempting to make the first stab in an etymological knife fight.
They definitely do it. My girlfriend just bought a Fusion (marketed by AT&T as a pay-as-you-go thing) with the sole intention of ditching the sim card that came with it and using it on her existing AT&T voice only plan. Suddenly they tell her she has a data plan, and she's going to pay for it monthly. We're still working out exactly how to react to that, but yeah, they're apparently serious about it.
Honestly, when I heard the term, I thought the character was joking. It dawned on me a few minutes later that perhaps that was intended to be the actual name of the stuff, but I was too busy watching blue people ride dragons through canyons to be upset about it.
Always the libertarian argument:
Always?
I can't speak for developer goals, but that's not why I use it. I use it so that I never have to have a root shell open, which I might carelessly leave open, which is a small (depending on context) security vulnerability, and a large safety problem, since I could (again, carelessly) type the next few commands as root by accident.
Anyway, making any program setuid root increases the chances that anyone that can run it could get unlimited root access. sudo in particular has a history of problems with the "limited access" use case. It tends to give away more root than you might think, especially if the user is inclined to persist at trying to get it.
I'll grant that if you trust someone not to try to exploit your system, but you just don't think they need full root access, sudo is a convenient way to give them just what they need. I disagree that that's the "whole point", though. My policy is not to give out sudo privileges (however limited) to anyone I wouldn't trust with full root access.
I agree with the sentiment that preventing autocomplete is stupid behavior. I find it mildly offensive that the browser enforces this, without option to turn it off, since it is supposed to be acting on my behalf. "Fix it yourself" is generally not a very helpful answer. However, in this case, I eventually did fix it myself (after I read how).
There are bookmarklets floating around which will force autocomplete for a page, but you have to load the page, then hit the bookmarklet, and it's not (that I've seen) a 100% solution. Better than nothing, though, and it works as a non-admin user.
Ultimately, to remove this behavior, I ended up altering a system file. I have to edit it again every time I upgrade Firefox, but that's part of the documentation for my system, now. On Gentoo, running FF 3.6.20, the file is /usr/lib/xulrunner-1.9.2/components/nsLoginManager.js. There is a function named "_isAutocompleteDisabled". Alter it to unconditionally return false, and the effect is that autocomplete is never disabled.
That's just my system, and I obviously use a pretty old version of Firefox. If you figure out where the current version of Firefox keeps the equivalent files on your OS of choice, and grep around for "isAutocompleteDisabled", I think you'll likely find the right place to hack the newest versions.
I am very pleased with the results. Autocomplete is no longer conditionaly, and I am never bothered by a site's attempt to prevent it. On the other hand, I'd be even more pleased to find a solution which is as effective, but stays within the confines of "normal" user configuration - an extension, or greasemonkey script, what-have-you.
We seem to love us some comma splices, though. :P
[...]there is precedent for impeaching a government official after leaving office.
Did I miss a distinction?
This topic got me thinking about it, so I installed CUPS. I have a crappy little android phone. It doesn't even run CyanogenMod. I have a debian chroot environment on the sdcard. CUPS installed, and the service started, and localhost:631 shows the usual page. I haven't added a printer, yet, but I'll try to test that part out soon.
So my direct answer to your last question is that not a lot of porting is necessary. CUPS seems to work. Why isn't it part of the base system? Why doesn't every app have a "print" button? Either they ought to or the answer eludes me at this hour.
I will throw out the caveat that really only network printers are compatible with this setup. There is an obvious problem when you look at a printer, the accompanying USB cable, and a phone. But then, I don't think a lot of people have just a printer and a phone. If your USB printer is attached to a computer, the computer can take care of the network end of things. (More CUPS.)
I have to disagree. I saw that strip first, and I got it, and I appreciated the concept of the joke, and generally I appreciate Dilbert ... but that's just not funny. Later, when I saw the XKCD panel with the comment about rolling a die, I laughed, because it's funny. Subjective, though, I guess.
Well ... no, it doesn't. I'm not a physicist, but I assume they've got a bit more backing up the uncertainty principle than, "We can't seem to get these two measurements at the same time, therefore no one ever will." (Note that I think you're less wrong than the post to which you replied, but more worth correcting on this somewhat philosophical point.)
As someone who fucked up at work yesterday (and heard about it today), I smiled at this comment. :)
Some other problem controls granting capabilities.
Was that a Freudian slip (s/problem/program/) or did I mis-parse that sentence?
So, unless Oklahoma is in unrecoverable ruins, that's Kohath: 1, pclminion: 0.
I couldn't stop seeing that, either. Frankly, it would have been more interesting, and I'm not much of a biology enthusiast.
Good points. I mean, they sounded pretty good when Penn and Teller were making them. I don't think you parroted them correctly, though.
Penn made the point that if we treat animals with the same respect and rights as people (which PETA seeks), it would make sense to give them the same responsibilities, and cited obscenity and sanitation codes as an example, which most animals would be completely unprepared to follow. I'm fairly sure PETA doesn't go around saying animals should have to obey our laws, though.
"Bullshit!" is a great show, I think, but it sounds like you watched an episode, half-remembered it, and regurgitated what you remembered as the main points.
(Oh, it looks like PETA was season 2, episode 1, if anyone else wants to check it out.)
In the bathroom, I might be showering, shaving, or shitting, but I'm not just sitting around wishing I had something to do until my official bathroom time is up. I'm busy. I'm pretty sure that's normal. The old idea of a TV or phone or microwave in the bathroom is comical, but that is not actually my favorite room in the house to hang out.
Wait ... I didn't see this gem:
[...] you will soon be able to stop taking your mobile computer of choice into the bathroom [...]
What the hell?
Jr. only has to walk as far as the nearest neighbor's house, where he will find a USB phone charger.
Assuming you've managed to find all the USB chargers in the house.
Exactly what I thought. Autism diagnosis rates are going up. Shockingly, if you put two people who like to analyze things in charge of a kid, they might be more likely to get him diagnosed. It could be true and have nothing to do with genetics, and very little to do with autism.
That's assuming the "theory" (hypothesis?) isn't just completely made up sensationalist crap, which most of the high-rated comments so far suggest it is. I haven't read TFA, but I don't think it looks worthwhile at this point.
Perhaps it is about propriety. My understanding is that you won't get in trouble for downloading (personal gain), but for uploading (giving to the community). If someone really thinks that sharing content with others is morally or ethically a good thing to do, then it stands to reason that giving up the practice because of intimidation just wouldn't be, well, proper.
...)
Not that every torrenter is a saint. The motivation might just be "fuck the man", which amounts to the same thing in a perverse way. Of course, there's always ignorance. The fact that an activity is a bad idea doesn't seem to prevent large numbers of people from engaging in it. (Smoking, any number of bad driving habits, unprotected sex, being belligerent to police, posting compromising photos online, developing in Flash
But I have to admit feeling some kind of line is crossed with a system that can (as the article stated) scan a physical barcode of something in front of you and start fetching it in moments.
Really? *whips out phone* Wow, cool! I had no idea Transdroid had a built in bar code scanner. Thanks!
You and I are at a bar. You look away, and I pour my beer all over you. You turn to me, see that my glass is suddenly empty, there's no one else around, etc. You accuse me of pouring a beer on you.
"Nope. God did it." Since you can't disprove that, both of our hypotheses are a matter of faith, and therefore equally valid, right?
(Answer: No. One is supported by evidence, while the other has no evidence, therefore one hypothesis is more likely. Whether the other can be disproven is irrelevant to that fact.)
That's not surprising at all. Here, am I talking politics or electronics?
"Just spend enough to make it work. What's the most common solution? Let's do that."
"I want to spend as much money as necessary to get what I'm told is the best and shiniest system possible."
Then there are the Linux libertarians: disgusted by the major parties, trying hard (sometimes too hard) not to become cynical about their tiny minority. "Of course it's a viable solution! People will get it someday..."