I think we need a secondary moderation system just for XKCD links. Bonus points for digging up something highly relevant from the archives. Minus points for finding a tenuous connection to today's strip.
It isn't clear to me why this is a failure, or a negative result if you prefer. Granted, the carbon didn't sink to the bottom of the ocean, but it was still removed from the water, which should allow the water to absorb additional CO2 from the air. It seems to me that, so long as the CO2 is pulled from the atmosphere, it's still an effective means of combating warming.
While unemployment is rising rapidly in the US the only area to increase the number of jobs is the US government itself. And the people receiving the stimulus money are the giant investment banks...
They're getting *some of* the money. A lot of it is going other places, too. Our organization (a medium-sized non-profit safety-net healthcare provider) is getting nearly half a million from the ARRA. The catch? It has to be used to retain or add jobs. Easy enough; we've been wondering how we're going to keep staffing up. (To clarify, we're getting this money because we already are a Federally-Qualified Health Center receiving Section 330 funding. It's not available to just any healthcare provider.)
In my splinter of the space-time continuum, people were CONSIDERABLY outraged about the bail-out monies. The bonuses are insult to injury, from what I can tell.
I don't think it's fair when it's today's comic.;-) It only works if you happen to dig up a *coincidentally* relevant comic from months or years prior.
(Someday, Red Spiders will be topical, I just know it!)
Well they don't know which of the digits in the password should be incremented. If there are more than three of them they will run out of guesses.
But then *you* have to keep track of which of the sets of digits that appear to be simply appended to the passphrase are the incremented ones, and what number you're on. Again, you have to remember something... or write it down on a post-it stuck to your monitor.
But (and this is obvious if you'd thought about it) that doesn't matter, if they got hold of one password they could change it to whatever they wanted. Password expiry doesn't help at all in that case, the game is lost.
What password expiry does help with is passwords that are compromised, but where the hacker wishes to keep that a secret and use the compromised account to gain access and gather information in ways that are not detected, more than once over a period of time. That's really the only point to it. If someone just wants to pwn your account or network in a single incidence, then it only matters how difficult it is for them to obtain a working password, and password expiry doesn't affect the issue one way or t'other (except insofar as it makes it easier for someone with physical access to go shoulder-surfing for post-its).
Nothing is 100% secure. Stopping people having their password set to madison or whatever their girlfriend's name (or better any word which could be dictionary attacked) is makes things more secure because it stops dictionary attacks. Making sure passwords are long and not all lower case letters makes things more secure because it makes brute force attacks take much longer. E.g. find a zip password brute forcer and compare how long it takes to crack a n character password with all the character classes in the Microsoft rule vs a n character password which is just lower case letters, for reasonable n. Even if you have local access to the zip file and can try combinations really quickly, you can quickly get to the point where unless you are the NSA you won't have enough machines to crack the password before it expires.
But if your system locks someone out if they try more than X number of times, that puts a damper on brute-force attacks, too.
OpenMRS benefited from last year's SoC, and is on the list this year, too. Millions of people around the world are getting health care that's assisted by OpenMRS.
I realize no one method is going to be perfect for everyone, but Scantron is very bad for people like my father, who has crippling arthritis, and me, who has mild-but-occasionally-awful arthritis.
Here in LA County we're using the Inkavote system, which involves an optical scanner, but the mechanics of marking your ballot are very similar to punch cards. You don't have to press as hard, though, and the stylus makes a VERY dark mark. Always a perfect circle, too.
Until the last couple elections, we just put our ballots into a collection box, but now they have us put them in the reader ourselves... no one ever touches your ballot except you (unless a recount happens).
What are you talking about? Democracy is that most people did not want Harper and his reform buddies leading us, especially acting like he had a strong mandate. This is the idiot who wanted us to go to Iraq because Americans are our friends and if they jump of a cliff we should join them. The same Americans who couldn't be bothered to say thanks when we took in a bunch of them into our households on 9/11 because they were to paranoid to let them land in their own country. They also didn't bother thanking us for all the other help we gave them as well. Unless you mean that we should just put Harper and friends against the wall?
Canada is like the US's parents or something... we almost *never* hear you argue in front of us. This is a revelation!
(I'd just be feeding the ignorant American stereotype if I said "BTW who's Harper?" wouldn't I?)
One of the massive historical problems folks need to solve is "vote selling", which is enabled whenever a voter can prove how they voted to someone else.
Doesn't any place that permits absentee ballots greatly weaken their resistance to vote selling?
You could sell your vote via absentee, that's true, but the person who you're selling your vote to has to not only see how you marked your ballot, but also watch you place it in the envelope, seal it, and put it in a non-retrievable postal collection point. If they don't do the last step, you can just hang onto your ballot, take it with you to the polls on election day, turn it in as a spoiled ballot, and vote however you want to.
So yes, it's feasible (and there are anecdotal cases especially of spouses requiring their SOs to get an absentee ballot for exactly this reason), but it would be fairly difficult to do on any significant scale.
You are correct. The proposal I'm putting forward (where a voter needs to serially scan perhaps millions of votes) is - at least in principle - just too expensive for vote selling.
I may be misunderstanding what you proposed, but if it's possible for any individual voter to work back from the key on their registration card and what they know their vote was to identify it in a multicast, couldn't they use that then to prove to their employer/spouse/mob boss "Look, there's my vote, give me my money/protection/nookie"?
... And I could give you a corrupt poll official that seems honest, but isn't.
But he's not alone. Ever. The vote-counting procedures are very carefully set up to ensure that. Furthermore, most of that activity (if not all of it) is open to observation by the general public.
(ballots are a matter of public record, and absentee ones are not usually anonymous)
Really? When I've voted absentee (I was living overseas for six months) the ballot itself had no identifying information, just like a provisional ballot (which I've had to use several times, because it took me THREE TRIES and a call to the Registrar-Recorder to change my registration last time I moved). You request an absentee ballot using the detachable post card on your sample ballot, then they send you an envelope and a ballot. the envelope has your identifying info on it, so they can verify they get exactly one ballot for each person who requested one, and *then* they open it up and count your vote. Once the ballot is separated from the envelope, they no longer have any way of recording who *you* voted for.
There's also several people involved in the process of reconciling your envelope and removing your ballot, and they're required to be from different parties. IIRC, it's a public process, so anyone can go and observe if they want to.
You can just assume that jurors can't prejudice themselves.
They can prejudice each other, though.
If the jurors have prejudices you need to deal with it.
No, you don't; you can actually get a retrial (in the event of a conviction) if you can show that the jury (or some part of it) was prejudiced against you.
Take an example like "assumes facts not in evidence". This is excellent it allows the attorneys to be aware a juror is assuming a fact not in evidence and address it.
Hm. But, what if the juror is assuming a fact not in evidence that would lead the witness to testify in a way that was more damaging to the defendant than normally allowed by rules of evidence and testimony... for example, because the witness is also making the same assumption, even though they don't have any direct knowledge of that information?
And what if the defense attorney *is* incompetent, so they don't catch it and object?
Should another juror be allowed to object on their behalf, maybe?
See, it gets ridiculous. Switch it around and make it the prosecution that's incompetent. Now should the defendant get a better chance at acquittal because the jury gave the witness an opportunity to say something that made them look better, in violation of the rules of testimony?
The rules of evidence and testimony have, for the most part, evolved over a loooong time due to actual real-life experience that showed how things could be prejudiced against or in favor of the defendant, and out of a desire to make it difficult to bring hearsay or circumstantial evidence into the courtroom. They're complicated, but I think it's a leap to say they're *unnecessarily* complicated until you've really delved into them and watched how they work in a lot of real-life situations. Before you can re-make a system, you need to know what it does and how *and why* it does what it does.
IANAL... I've probably studied just barely enough law to know what I don't know about it. It makes me reluctant to decide that we can do away with or circumvent wide swaths of our current system without a whole lot more study of the matter.
I have to believe Comcast is telling the truth and some kind of malware is to blame.
Malware where? On their installation CD? Because this is a list only of Comcast accounts... so the malware would either have to be targeting Comcast users on their own computers (so, the installation CD provided by the ISP) or it's getting the info from Comcast's computers... which would mean that they're storing passwords in plaintext.
Too bad I already hunted down the list and verified that my account isn't on it. Well, not that they'd get me anyway, especially since that little trick to show me the wrong url in my navigation bar doesn't work with my browser.
If they do it the way shown above, it does "work," for very low values of work. Your navigation bar would say www.comcast.net.etc.hacksite.com/resetpassword.php, because that would be the REAL URL.
Not completely secure if the attacker knows your hash function but I longer low hangng fruit
Or you could just use the last five words as your secret passphrase, and no one would ever get it because it's apparently a totally random combination of words and letters.
Slashdot Mirror
Obligatory WHOOSH.
http://xkcd.com/562/
Poor car!
I think we need a secondary moderation system just for XKCD links. Bonus points for digging up something highly relevant from the archives. Minus points for finding a tenuous connection to today's strip.
Gangs are also imaginary beings and somehow we manage to work past that and charge the humans inside them.
Gangs are not legal entities specifically designed to insulate the humans inside them from responsibility for their actions.
Craving Craving Crustaceans?
It isn't clear to me why this is a failure, or a negative result if you prefer. Granted, the carbon didn't sink to the bottom of the ocean, but it was still removed from the water, which should allow the water to absorb additional CO2 from the air. It seems to me that, so long as the CO2 is pulled from the atmosphere, it's still an effective means of combating warming.
Except that animals exhale CO2.
My grandma has no chance of hacking anything, she's dead.
(Both of them are, actually.)
While unemployment is rising rapidly in the US the only area to increase the number of jobs is the US government itself. And the people receiving the stimulus money are the giant investment banks ...
They're getting *some of* the money. A lot of it is going other places, too. Our organization (a medium-sized non-profit safety-net healthcare provider) is getting nearly half a million from the ARRA. The catch? It has to be used to retain or add jobs. Easy enough; we've been wondering how we're going to keep staffing up. (To clarify, we're getting this money because we already are a Federally-Qualified Health Center receiving Section 330 funding. It's not available to just any healthcare provider.)
In my splinter of the space-time continuum, people were CONSIDERABLY outraged about the bail-out monies. The bonuses are insult to injury, from what I can tell.
Oblig. linky
I don't think it's fair when it's today's comic. ;-) It only works if you happen to dig up a *coincidentally* relevant comic from months or years prior.
(Someday, Red Spiders will be topical, I just know it!)
Well they don't know which of the digits in the password should be incremented. If there are more than three of them they will run out of guesses.
But then *you* have to keep track of which of the sets of digits that appear to be simply appended to the passphrase are the incremented ones, and what number you're on. Again, you have to remember something... or write it down on a post-it stuck to your monitor.
But (and this is obvious if you'd thought about it) that doesn't matter, if they got hold of one password they could change it to whatever they wanted. Password expiry doesn't help at all in that case, the game is lost.
What password expiry does help with is passwords that are compromised, but where the hacker wishes to keep that a secret and use the compromised account to gain access and gather information in ways that are not detected, more than once over a period of time. That's really the only point to it. If someone just wants to pwn your account or network in a single incidence, then it only matters how difficult it is for them to obtain a working password, and password expiry doesn't affect the issue one way or t'other (except insofar as it makes it easier for someone with physical access to go shoulder-surfing for post-its).
Nothing is 100% secure. Stopping people having their password set to madison or whatever their girlfriend's name (or better any word which could be dictionary attacked) is makes things more secure because it stops dictionary attacks. Making sure passwords are long and not all lower case letters makes things more secure because it makes brute force attacks take much longer. E.g. find a zip password brute forcer and compare how long it takes to crack a n character password with all the character classes in the Microsoft rule vs a n character password which is just lower case letters, for reasonable n. Even if you have local access to the zip file and can try combinations really quickly, you can quickly get to the point where unless you are the NSA you won't have enough machines to crack the password before it expires.
But if your system locks someone out if they try more than X number of times, that puts a damper on brute-force attacks, too.
Yes, they should be a lot cheaper, so that any ol' whoever can get one for the server in their basement.
OpenMRS benefited from last year's SoC, and is on the list this year, too. Millions of people around the world are getting health care that's assisted by OpenMRS.
I realize no one method is going to be perfect for everyone, but Scantron is very bad for people like my father, who has crippling arthritis, and me, who has mild-but-occasionally-awful arthritis.
Here in LA County we're using the Inkavote system, which involves an optical scanner, but the mechanics of marking your ballot are very similar to punch cards. You don't have to press as hard, though, and the stylus makes a VERY dark mark. Always a perfect circle, too.
Until the last couple elections, we just put our ballots into a collection box, but now they have us put them in the reader ourselves... no one ever touches your ballot except you (unless a recount happens).
Franklin in Michigan
Is this some recount situation I haven't heard of previously, or did you mean Franken in Minnesota?
What are you talking about? Democracy is that most people did not want Harper and his reform buddies leading us, especially acting like he had a strong mandate.
This is the idiot who wanted us to go to Iraq because Americans are our friends and if they jump of a cliff we should join them. The same Americans who couldn't be bothered to say thanks when we took in a bunch of them into our households on 9/11 because they were to paranoid to let them land in their own country. They also didn't bother thanking us for all the other help we gave them as well.
Unless you mean that we should just put Harper and friends against the wall?
Canada is like the US's parents or something... we almost *never* hear you argue in front of us. This is a revelation!
(I'd just be feeding the ignorant American stereotype if I said "BTW who's Harper?" wouldn't I?)
One of the massive historical problems folks need to solve is "vote selling", which is enabled whenever a voter can prove how they voted to someone else.
Doesn't any place that permits absentee ballots greatly weaken their resistance to vote selling?
You could sell your vote via absentee, that's true, but the person who you're selling your vote to has to not only see how you marked your ballot, but also watch you place it in the envelope, seal it, and put it in a non-retrievable postal collection point. If they don't do the last step, you can just hang onto your ballot, take it with you to the polls on election day, turn it in as a spoiled ballot, and vote however you want to.
So yes, it's feasible (and there are anecdotal cases especially of spouses requiring their SOs to get an absentee ballot for exactly this reason), but it would be fairly difficult to do on any significant scale.
You are correct. The proposal I'm putting forward (where a voter needs to serially scan perhaps millions of votes) is - at least in principle - just too expensive for vote selling.
I may be misunderstanding what you proposed, but if it's possible for any individual voter to work back from the key on their registration card and what they know their vote was to identify it in a multicast, couldn't they use that then to prove to their employer/spouse/mob boss "Look, there's my vote, give me my money/protection/nookie"?
... And I could give you a corrupt poll official that seems honest, but isn't.
But he's not alone. Ever. The vote-counting procedures are very carefully set up to ensure that. Furthermore, most of that activity (if not all of it) is open to observation by the general public.
Ha! My preferred candidate is named 'NEMESIS'!!!! My votes stay!!!!
You voted for Daphne?
(ballots are a matter of public record, and absentee ones are not usually anonymous)
Really? When I've voted absentee (I was living overseas for six months) the ballot itself had no identifying information, just like a provisional ballot (which I've had to use several times, because it took me THREE TRIES and a call to the Registrar-Recorder to change my registration last time I moved). You request an absentee ballot using the detachable post card on your sample ballot, then they send you an envelope and a ballot. the envelope has your identifying info on it, so they can verify they get exactly one ballot for each person who requested one, and *then* they open it up and count your vote. Once the ballot is separated from the envelope, they no longer have any way of recording who *you* voted for.
There's also several people involved in the process of reconciling your envelope and removing your ballot, and they're required to be from different parties. IIRC, it's a public process, so anyone can go and observe if they want to.
You can just assume that jurors can't prejudice themselves.
They can prejudice each other, though.
If the jurors have prejudices you need to deal with it.
No, you don't; you can actually get a retrial (in the event of a conviction) if you can show that the jury (or some part of it) was prejudiced against you.
Take an example like "assumes facts not in evidence". This is excellent it allows the attorneys to be aware a juror is assuming a fact not in evidence and address it.
Hm. But, what if the juror is assuming a fact not in evidence that would lead the witness to testify in a way that was more damaging to the defendant than normally allowed by rules of evidence and testimony... for example, because the witness is also making the same assumption, even though they don't have any direct knowledge of that information?
And what if the defense attorney *is* incompetent, so they don't catch it and object?
Should another juror be allowed to object on their behalf, maybe?
See, it gets ridiculous. Switch it around and make it the prosecution that's incompetent. Now should the defendant get a better chance at acquittal because the jury gave the witness an opportunity to say something that made them look better, in violation of the rules of testimony?
The rules of evidence and testimony have, for the most part, evolved over a loooong time due to actual real-life experience that showed how things could be prejudiced against or in favor of the defendant, and out of a desire to make it difficult to bring hearsay or circumstantial evidence into the courtroom. They're complicated, but I think it's a leap to say they're *unnecessarily* complicated until you've really delved into them and watched how they work in a lot of real-life situations. Before you can re-make a system, you need to know what it does and how *and why* it does what it does.
IANAL... I've probably studied just barely enough law to know what I don't know about it. It makes me reluctant to decide that we can do away with or circumvent wide swaths of our current system without a whole lot more study of the matter.
I have to believe Comcast is telling the truth and some kind of malware is to blame.
Malware where? On their installation CD? Because this is a list only of Comcast accounts... so the malware would either have to be targeting Comcast users on their own computers (so, the installation CD provided by the ISP) or it's getting the info from Comcast's computers... which would mean that they're storing passwords in plaintext.
Too bad I already hunted down the list and verified that my account isn't on it. Well, not that they'd get me anyway, especially since that little trick to show me the wrong url in my navigation bar doesn't work with my browser.
If they do it the way shown above, it does "work," for very low values of work. Your navigation bar would say www.comcast.net.etc.hacksite.com/resetpassword.php, because that would be the REAL URL.
Not completely secure if the attacker knows your hash function but I longer low hangng fruit
Or you could just use the last five words as your secret passphrase, and no one would ever get it because it's apparently a totally random combination of words and letters.
I think he was trying to drop hints about what he uses as his mother's maiden name.