Your only evidence that he didn't cheat is the kid's Mom says he didn't cheat.
Even without the tweet, you still have some authority at MS (whether human admins or automatic detectors) that detected cheating and acted on it. Evidence for the defense? Mom says he didn't cheat. Sorry, this one goes to the pro's. I can even imagine a not-too-tech-savvy Mom having no clue HOW he could cheat and thus believing that he could not have cheated.
"He was just sitting there pressing buttons. Nobody came over and helped him. How could he have cheated?"
Autostereograms (aka random dot stereograms, some made by Magic Eye) only work because you CAN control convergence and focus separately. Yes, it can be easier further away and some people don't seem to be able to do it, but it WORKS.
The 3D used in Avatar was beautiful, and in many other gimmicky films that project stuff into your lap, it WORKS. Is it perfect? No, of course not. You can see depth, but you can't move your head and look "behind" something. If you tilt your head wearing polarized glasses, the images blur and the illusion fails. Saying that 3D doesn't "work" because of this is like saying movies in general don't "work" because there are 24 still images flickering every second instead of constant smooth motion like in the real world.
Walter Murch sounds like the kind of guy who still goes around saying bumble bees can't fly...
I find fault with the house analogy. It's common knowledge that you are not supposed to walk into someone's house uninvited. Websites are, for the most part, specifically designed as public spaces for any visitors. It is a very rare case in which a legitimate website actually invites you to access it.
A better analogy would be if AT&T got a giant billboard labeled "AT&T Customer Registration Data for AT&T customer use only" which listed all the information.
I know my analogy isn't perfect, but it's far closer to the reality of a web site than a house.
Actually, they can't. I don't have a landline, so I'm not in the phone directory.
They can, however, access public records and I got many letters congratulating me on my house purchase last year and offer to insure/protect/refinance my mortgage. They couldn't tell that I paid cash and don't have a mortgage which made their attempts to like like the were from someplace important all the more laughable. That was a minor nuisance, but at least they COULD NOT CALL ME! The fact that I own a house makes for pretty poor marketing data outside of pest control and lawn service fliers.
Facebook is a much richer and more intrusive source of advertising info. Primary email? Have some spam! Mobile number? IM offers! ASL? Creepy! If I hadn't white-walled my facebook account already, this would have done it.
I agree that trading info for stuff is a perfectly valid market transaction. However, the user's information was being shared without the user's explicit consent and with no value to the user. I recognize that the USER isn't the OWNER of that information, facebook is, but I suspect most people don't realize that. "You gave facebook this information?" "Yes, but they are abusing it!" "Do you understand the verb 'gave'?"
I simply do not trust facebook's application vetting process to work well enough to keep the information away from people with malicious intent.
Is that sarcasm? Hard to tell because some people think Mars is worthwhile...
Going to Mars has no practical benefit to anyone on Earth outside of the few people employed by NASA.
The flip side of these bad science movies is that it keeps people thinking that going to Mars is not an utterly ridiculous waste of resources. If you debunk all the bad science, people might realize that and NASA would lose some funding. It's the dreams that keep their money coming in...
Actually, the quote I find with regards to removing illegitimate copies of "1984" is: "We are changing our systems so that in the future we will not remove books from customers’ devices in these circumstances."
These are, of course, entirely different circumstances. Perhaps "these circumstances" are only if a person who doesn't own the rights to a book tries to sell it and the removal results in irony. Perhaps the circumstances are specific to "1984" alone. Removing a book sold by the legitimate rights' holder due to content is totally different...
Anyway, their statement about not removing books is probably just as valid as their privacy policy...
I have an antenna and get the local stations in HD (which is brilliant) and I can watch ESPN3 and ESPN through the Internet, as well as all the other online services. I do have NetFlix for movies and instant. I also have an HDHomeRun to make HD tuners available to any computer on my network.
We actually DID miss cable this weekend when the CBS NFL game we wanted to watch wasn't the one scheduled for this "region." Of course, it wouldn't have been on regular cable either. It would have been the basic cable package PLUS whatever sports package. Conservatively, the ability to watch those extra couple shows I don't see (and miss) would cost over $1000 per year.
Thinking about what I can get for that $1000 feels great, and pays for the drinks when I have to go to a sports bar.
I've convinced a couple light-TV users to ditch cable, buy a computer that'll hook up to their HD TV, and pocket the difference. There hasn't been a complaint or regret yet.
This is the worst kind of tautological argument I've heard, and it gets repeated so often on slashdot... You only get what AV doesn't catch? Exactly, just like vaccines never stop what actually makes you sick.
It's called "herd immunity." The reason those old viruses aren't still infecting lots of people is because lots of people have protection against those old viruses and they can no longer spread effectively. You are fairly safe against those old viruses, even if you are completely unprotected, just like you are most like safe from whooping cough even if you are not vaccinated. The disease doesn't have enough hosts to spread effectively. Once people start refusing vaccinations, those diseases can return (again like whooping cough).
I've seen many email viruses in my time, but they have largely stopped BECAUSE so many people have email scanners running. All of the major web mail services scan for viruses without alerting you every time it blocks one...
New threats emerge and there will ALWAYS be lag time between the first reported infections and the definition updates. Some people will get stung during that initial spread. That spread only stops because the virus definitions start blocking it. Again, you are probably safe because most other people are using AV software that is blocking it before it gets to you.
Are you safer against viruses with AV software? Absolutely. Are you MUCH safer? That's debatable. However, your attitude towards AV is harmful to the herd in general and to the people you are advising in particular. Are some AV packages better and some that are almost useless? Of course. Some things that claim to be AV are just scams themselves. None of that changes the fact that good AV software exists and is beneficial to the users.
Personally, for home users, I generally regard "good" as simple and free. My words of "NEVER pay for AV" has saved at least two of the people I assist from falling for those web scams. "I was tempted to follow the link, but I remembered what you said and I called you first." I can't guess how must time, embarrassment, money, and potentially other fraudulent charges that advice saved them.
My last name is, in fact, _UCK, but it's not pronounced like "fuck." I say how it's pronounced and people say "oh, I thought it was like..." and then they blush. Apparently, no one can think of any OTHER four letter words that end in "uck" though there are many.
Letters other than F: B, D, G, H, L, M, P, R, S, T, Y 12 letters, almost half the alphabet, create valid words for ?uck.
Right, we did it because the terrorists have scared the bejeezus out of us (or at least our officials). Terrorists have us scared, ergo they won. You know, by causing terror?
When I put on my tin foil hat, I realize that this event and others like the one in Boston are just terrorists probing us for weaknesses and testing the security of their communications. Surely, there are THOUSANDS of odd objects that are in weird places that no one ever reacts to at all. You want to make sure your lines of communication are secure? Leave a harmless toy somewhere are start talking about it as though it was a bomb. If the authorities go bonkers, you've been tapped.
More or less... I read "astrobiology finding that will impact the search for evidence of extraterrestrial life" as exactly that with the implied addition of "we found a promising target for a future mission! So we'll be needing to keep our jobs and get some more funding, tenkyuvedymuch."
With brute force (as this very likely was) it doesn't matter how many hashes you have to crack. You hash every combination up to 6 characters and check for it in the table. Doing this once solves for ALL the passwords length = 6. If you wanted to find the hash for just one password, it would take anywhere from 0 to 49 minutes, probably averaging about half that. Cracking one password doesn't take substantially less time than cracking N passwords...
Of course, this whole article is silly. Why pay $2 when you can download rainbow tables for free?
Firefox, greasemonkey add-on, and FBPurity. The "FB" stands for "Fluff Busting" not "facebook" for legal reasons...
It blocks app messages, groups joined, events attended, everything. You can whitelist some things that you might want to see and create your own list of blocked words if you want. It's the only thing that makes facebook vaguely usable in my book...
Because, mature as it is, they keep adding bells and whistles. Each new version comes out with some new capability, and some of the new capabilities have exploitable bugs. You have to keep up with the current patch levels to reduce your chances of getting pwned by opening a.DOC file. Eventually, Microsoft stops patching and supporting the old version that did everything you needed, but that old version still has security flaws.
You get stuck in a cycle of updating just so you have a version that is officially supported...
I think the cap needs to be a lot lower than $500. Frankly, I never go over my minutes or texts, so I would set my limit at about $10 over my normal bill.
The point I was trying to make is not that there should be a One-Size-Fits-All cap, but a cap that, by FCC regulation, could be set to anything the consumer chose. I'd want to know right away if I went even a smidgen over my normal usage because I'm like that. A business person who makes lots of overseas calls and travels would set much higher limits...
I was looking for this post because I wanted to make it.:)
I was thinking that a mandatory user-definable bill-cap would a good way to go with this. The default would be set at, oh, 50% more than your no-extra-charges bill. You would have the option of raising your cap permanently or temporarily.
Your phone would just say "You have reached your pre-set spending limit. You must raise this limit before any further additional fee services will be available from this phone."
It seems like something that should exist, but my search skills fail me right now...
A work-around is to save the same data into three different encrypted files and give each person the files that were encrypted for the other two. Zip 'em up with a text file explaining it and says "Your password is:..."
Maybe it isn't technically as secure because the friend could steal the brother's copy of the friend's data, but given distance or trust, it still requires the kind of consensus you seek.
Having passwords accessible in some fashion for family in the event of death is good, but not considered very often. Write them down, or put them on a thumb drive in a safe... I knew most of my Dad's passwords when he died quite unexpectedly. It simplified a lot of the financial issues.
Maybe it is a general security problem, but banks will let you do things online with a password that you'd need certified court documents and a death certificate to do in person: transfer money between accounts, pay utilities from the account. Anything that has online, recurring payments needs to be dealt with (eg NetFlix).
My plan, as yet unimplemented, is to put all that stuff in an encrypted TrueCrypt file (on a thumb drive or unprotected PC) and give my family the password to that file.
I was wrong. I can't reply to everyone who pointed it out, but in the cool light of morning it was obvious even to me that I was completely wrong. That's my first post to/. that makes me long for a "retract" button:)
A sort of "load leveling" of the mirrors is still applicable, or maybe for large, non-security packages (office, gimp)... But the cost/benefit on that is even questionable.
Frankly, if the people who run large repositories AND write the software that accesses it (ie Ubuntu) aren't building in that functionality, it's a pretty safe bet that it's not worth it.
Not quite... The difference is that you could download from any or ALL of the trusted peers (currently known as "mirror sites") at the same time. Seems a bit better than trying to pick from a list of mirrors that might be close to you or using the "random mirror" link. If one mirror was down or slow, it would barely be noticed on the downloader's end.
Also, once a machine downloaded and installed the patch it could then announce back to the tracker that it can be a seed as it is no longer vulnerable. So, the tracker would only show seeds, and the downloading system would only announce that it was a seed AFTER it installed the patch.
Why are you making the assumption that "noone really cares yet to work on it?" These security flaws were found very VERY fast in the code, I suspect because there are many people who want to look it over and, perhaps, work on it.
Slashdot Mirror
Your only evidence that he didn't cheat is the kid's Mom says he didn't cheat.
Even without the tweet, you still have some authority at MS (whether human admins or automatic detectors) that detected cheating and acted on it. Evidence for the defense? Mom says he didn't cheat. Sorry, this one goes to the pro's. I can even imagine a not-too-tech-savvy Mom having no clue HOW he could cheat and thus believing that he could not have cheated.
"He was just sitting there pressing buttons. Nobody came over and helped him. How could he have cheated?"
Autostereograms (aka random dot stereograms, some made by Magic Eye) only work because you CAN control convergence and focus separately. Yes, it can be easier further away and some people don't seem to be able to do it, but it WORKS.
The 3D used in Avatar was beautiful, and in many other gimmicky films that project stuff into your lap, it WORKS. Is it perfect? No, of course not. You can see depth, but you can't move your head and look "behind" something. If you tilt your head wearing polarized glasses, the images blur and the illusion fails. Saying that 3D doesn't "work" because of this is like saying movies in general don't "work" because there are 24 still images flickering every second instead of constant smooth motion like in the real world.
Walter Murch sounds like the kind of guy who still goes around saying bumble bees can't fly...
No no, to beat them with the wooden end you would have to hold it by the antenna and then it wouldn't work at all!
I find fault with the house analogy. It's common knowledge that you are not supposed to walk into someone's house uninvited. Websites are, for the most part, specifically designed as public spaces for any visitors. It is a very rare case in which a legitimate website actually invites you to access it.
A better analogy would be if AT&T got a giant billboard labeled "AT&T Customer Registration Data for AT&T customer use only" which listed all the information.
I know my analogy isn't perfect, but it's far closer to the reality of a web site than a house.
Actually, they can't. I don't have a landline, so I'm not in the phone directory.
They can, however, access public records and I got many letters congratulating me on my house purchase last year and offer to insure/protect/refinance my mortgage. They couldn't tell that I paid cash and don't have a mortgage which made their attempts to like like the were from someplace important all the more laughable. That was a minor nuisance, but at least they COULD NOT CALL ME! The fact that I own a house makes for pretty poor marketing data outside of pest control and lawn service fliers.
Facebook is a much richer and more intrusive source of advertising info. Primary email? Have some spam! Mobile number? IM offers! ASL? Creepy!
If I hadn't white-walled my facebook account already, this would have done it.
I agree that trading info for stuff is a perfectly valid market transaction. However, the user's information was being shared without the user's explicit consent and with no value to the user. I recognize that the USER isn't the OWNER of that information, facebook is, but I suspect most people don't realize that.
"You gave facebook this information?"
"Yes, but they are abusing it!"
"Do you understand the verb 'gave'?"
I simply do not trust facebook's application vetting process to work well enough to keep the information away from people with malicious intent.
Is that sarcasm? Hard to tell because some people think Mars is worthwhile...
Going to Mars has no practical benefit to anyone on Earth outside of the few people employed by NASA.
The flip side of these bad science movies is that it keeps people thinking that going to Mars is not an utterly ridiculous waste of resources. If you debunk all the bad science, people might realize that and NASA would lose some funding. It's the dreams that keep their money coming in...
Or they might mod you down because your post is complete devoid of useful or interesting content...
I would, however, give you a +1 Ironic Sig.
They redacted that statement later...
Actually, the quote I find with regards to removing illegitimate copies of "1984" is: "We are changing our systems so that in the future we will not remove books from customers’ devices in these circumstances."
These are, of course, entirely different circumstances. Perhaps "these circumstances" are only if a person who doesn't own the rights to a book tries to sell it and the removal results in irony. Perhaps the circumstances are specific to "1984" alone. Removing a book sold by the legitimate rights' holder due to content is totally different...
Anyway, their statement about not removing books is probably just as valid as their privacy policy...
I second this.
I have an antenna and get the local stations in HD (which is brilliant) and I can watch ESPN3 and ESPN through the Internet, as well as all the other online services. I do have NetFlix for movies and instant. I also have an HDHomeRun to make HD tuners available to any computer on my network.
We actually DID miss cable this weekend when the CBS NFL game we wanted to watch wasn't the one scheduled for this "region." Of course, it wouldn't have been on regular cable either. It would have been the basic cable package PLUS whatever sports package. Conservatively, the ability to watch those extra couple shows I don't see (and miss) would cost over $1000 per year.
Thinking about what I can get for that $1000 feels great, and pays for the drinks when I have to go to a sports bar.
I've convinced a couple light-TV users to ditch cable, buy a computer that'll hook up to their HD TV, and pocket the difference. There hasn't been a complaint or regret yet.
This is the worst kind of tautological argument I've heard, and it gets repeated so often on slashdot... You only get what AV doesn't catch? Exactly, just like vaccines never stop what actually makes you sick.
It's called "herd immunity." The reason those old viruses aren't still infecting lots of people is because lots of people have protection against those old viruses and they can no longer spread effectively. You are fairly safe against those old viruses, even if you are completely unprotected, just like you are most like safe from whooping cough even if you are not vaccinated. The disease doesn't have enough hosts to spread effectively. Once people start refusing vaccinations, those diseases can return (again like whooping cough).
I've seen many email viruses in my time, but they have largely stopped BECAUSE so many people have email scanners running. All of the major web mail services scan for viruses without alerting you every time it blocks one...
New threats emerge and there will ALWAYS be lag time between the first reported infections and the definition updates. Some people will get stung during that initial spread. That spread only stops because the virus definitions start blocking it. Again, you are probably safe because most other people are using AV software that is blocking it before it gets to you.
Are you safer against viruses with AV software? Absolutely. Are you MUCH safer? That's debatable. However, your attitude towards AV is harmful to the herd in general and to the people you are advising in particular. Are some AV packages better and some that are almost useless? Of course. Some things that claim to be AV are just scams themselves. None of that changes the fact that good AV software exists and is beneficial to the users.
Personally, for home users, I generally regard "good" as simple and free. My words of "NEVER pay for AV" has saved at least two of the people I assist from falling for those web scams. "I was tempted to follow the link, but I remembered what you said and I called you first." I can't guess how must time, embarrassment, money, and potentially other fraudulent charges that advice saved them.
Try the Symantec Removal Tool. Yep, there's a tool they make specfically to remove the "software."
http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Heheh, you are SURPRISINGLY close :)
My last name is, in fact, _UCK, but it's not pronounced like "fuck." I say how it's pronounced and people say "oh, I thought it was like ..." and then they blush. Apparently, no one can think of any OTHER four letter words that end in "uck" though there are many.
Letters other than F: B, D, G, H, L, M, P, R, S, T, Y
12 letters, almost half the alphabet, create valid words for ?uck.
Or, you could drop a few dollars on a vanity domain name. I own the .org domain for my last name (it's a four letter last name, so that was lucky).
The other option is gmail, which allows you to use webmail and/or an email client like Thunderbird.
Right, we did it because the terrorists have scared the bejeezus out of us (or at least our officials). Terrorists have us scared, ergo they won. You know, by causing terror?
When I put on my tin foil hat, I realize that this event and others like the one in Boston are just terrorists probing us for weaknesses and testing the security of their communications. Surely, there are THOUSANDS of odd objects that are in weird places that no one ever reacts to at all. You want to make sure your lines of communication are secure? Leave a harmless toy somewhere are start talking about it as though it was a bomb. If the authorities go bonkers, you've been tapped.
That's just what I was going to say!
More or less... I read "astrobiology finding that will impact the search for evidence of extraterrestrial life" as exactly that with the implied addition of "we found a promising target for a future mission! So we'll be needing to keep our jobs and get some more funding, tenkyuvedymuch."
With brute force (as this very likely was) it doesn't matter how many hashes you have to crack. You hash every combination up to 6 characters and check for it in the table. Doing this once solves for ALL the passwords length = 6. If you wanted to find the hash for just one password, it would take anywhere from 0 to 49 minutes, probably averaging about half that. Cracking one password doesn't take substantially less time than cracking N passwords...
Of course, this whole article is silly. Why pay $2 when you can download rainbow tables for free?
Firefox, greasemonkey add-on, and FBPurity. The "FB" stands for "Fluff Busting" not "facebook" for legal reasons...
It blocks app messages, groups joined, events attended, everything. You can whitelist some things that you might want to see and create your own list of blocked words if you want. It's the only thing that makes facebook vaguely usable in my book...
http://www.fbpurity.com/
Because, mature as it is, they keep adding bells and whistles. Each new version comes out with some new capability, and some of the new capabilities have exploitable bugs. You have to keep up with the current patch levels to reduce your chances of getting pwned by opening a .DOC file. Eventually, Microsoft stops patching and supporting the old version that did everything you needed, but that old version still has security flaws.
You get stuck in a cycle of updating just so you have a version that is officially supported...
I think the cap needs to be a lot lower than $500. Frankly, I never go over my minutes or texts, so I would set my limit at about $10 over my normal bill.
The point I was trying to make is not that there should be a One-Size-Fits-All cap, but a cap that, by FCC regulation, could be set to anything the consumer chose. I'd want to know right away if I went even a smidgen over my normal usage because I'm like that. A business person who makes lots of overseas calls and travels would set much higher limits...
I was looking for this post because I wanted to make it. :)
I was thinking that a mandatory user-definable bill-cap would a good way to go with this. The default would be set at, oh, 50% more than your no-extra-charges bill. You would have the option of raising your cap permanently or temporarily.
Your phone would just say "You have reached your pre-set spending limit. You must raise this limit before any further additional fee services will be available from this phone."
How hard is that?
It seems like something that should exist, but my search skills fail me right now...
A work-around is to save the same data into three different encrypted files and give each person the files that were encrypted for the other two. Zip 'em up with a text file explaining it and says "Your password is: ..."
Maybe it isn't technically as secure because the friend could steal the brother's copy of the friend's data, but given distance or trust, it still requires the kind of consensus you seek.
Having passwords accessible in some fashion for family in the event of death is good, but not considered very often.
Write them down, or put them on a thumb drive in a safe... I knew most of my Dad's passwords when he died quite unexpectedly. It simplified a lot of the financial issues.
Maybe it is a general security problem, but banks will let you do things online with a password that you'd need certified court documents and a death certificate to do in person: transfer money between accounts, pay utilities from the account. Anything that has online, recurring payments needs to be dealt with (eg NetFlix).
My plan, as yet unimplemented, is to put all that stuff in an encrypted TrueCrypt file (on a thumb drive or unprotected PC) and give my family the password to that file.
I was wrong. I can't reply to everyone who pointed it out, but in the cool light of morning it was obvious even to me that I was completely wrong. That's my first post to /. that makes me long for a "retract" button :)
A sort of "load leveling" of the mirrors is still applicable, or maybe for large, non-security packages (office, gimp)... But the cost/benefit on that is even questionable.
Frankly, if the people who run large repositories AND write the software that accesses it (ie Ubuntu) aren't building in that functionality, it's a pretty safe bet that it's not worth it.
Not quite... The difference is that you could download from any or ALL of the trusted peers (currently known as "mirror sites") at the same time. Seems a bit better than trying to pick from a list of mirrors that might be close to you or using the "random mirror" link. If one mirror was down or slow, it would barely be noticed on the downloader's end.
Also, once a machine downloaded and installed the patch it could then announce back to the tracker that it can be a seed as it is no longer vulnerable. So, the tracker would only show seeds, and the downloading system would only announce that it was a seed AFTER it installed the patch.
Why are you making the assumption that "noone really cares yet to work on it?"
These security flaws were found very VERY fast in the code, I suspect because there are many people who want to look it over and, perhaps, work on it.