For example, there are plenty of two-factor auth solutions (from vendors who haven't been pwnt yet).
Which cost money to implement.
These days, using the user's mobile device itself as one factor -- storing a stong random key on it, and adding a user-select PIN -- is a great answer, becaus people notice when they lose their phone.
Which requires that either the person volunteer his personal phone for that or that the company issue him a company phone that supports that.
Again, which costs money.
You'll never make users smarter, but you can make that not matter.
It's not that the users aren't smart. It's that management and the people setting up the systems do not understand security.
On most modern systems, it costs nothing to go from crap security (allowing 5 character dictionary words as a password) to better security (16 character passwords with some complexity).
The problem is that it is always easier to go with the worse security. No matter how easy you make the better security.
And every day you don't get cracked (or know that you were) is reinforcement of the bad security practices.
I'm just amazed that you were able to get that concept through their heads. I've been in similar situations where "let us not make this too difficult" trumps real security every time.
How much does a decent password cost? Nothing. How much does NOT using that same password everywhere cost? Nothing. Yet we constantly see cracks where the crappy password was used on multiple, critical systems.
Not really. It does cost more than NO security but not much more. Example, how much does it cost you to have a decent password instead of Password1?
Businesses have a strong profit motive. The people who run businesses are greedy.
Yes and yes. But that isn't the core of the problem. Greedy people can have the best security. They don't want criminals to take their money.
They will sacrifice everything, including security related expenses in order to boost profits in some way.
In some case you are probably correct. In other cases the company/person will increase the security to keep the assets out of the hands of the criminals.
In my experience, the problem with security is Pavlovian. If you do something insecure, once, and nothing bad happens... Particularly if it was just a little bit easier to skip the security. Such as typing in a 5 character dictionary word rather than a 16 character password. It doesn't take much to be "easier".
And as long as nothing bad is happening, people will "learn" that they're "secure" and what they are doing is "right" and anyone who is advocating real security just doesn't understand the situation. That's Pavlovian. The reward is the slightly easier administration.
If management does not understand real security, there aren't many ways to get them to change. They already KNOW they're doing it "right".
Two other points about Buffet: as has been mentioned, he's free to give what he thinks is his "fair share" to the government, but he chooses not to.
Yeah, that sounds logical. Why don't we just cut the tax rate to 0% and everyone can give whatever they feel is appropriate? Who needs a tax code if everyone can give what they want?
Secondly, part of Buffet's business is capitalizing on businesses that must sell because they cannot pay inheritance taxes.
And yet inheritance taxes have been cut to their lowest point in years. Isn't that what "estate planning" is for? You want to reward people for failing to plan for death? When everyone knows that they will, eventually, die?
Some more things: we need to be very careful when discussing this that we say things like "lower percentage" instead of "less tax." Make no mistake - he may be paying a lower percentage than his secretary, but he pays WAY MORE.
And you think you've just said something insightful?
The problem is that a lower percentage (even if it is more money) is LESS of a burden than a higher percentage (even if less money).
When you only make $30K a year, 20% is a lot to you. When you make $30M a year, 15% is LESS of a burden.
Secondly, investing is a big driver in the economy, and higher capital gains taxes have often led to slowing the economy.
Two fallacies there:
1. History would disagree with you. The US economy grew faster when the capital gains tax was higher.
2. We're talking about the US economy. Investing in a company that hires overseas workers has a lesser effect on the US economy than hiring US workers. Even through the capital gains would be the same.
Will this improve low test scores, or be another case where spending more money does not produce a better educational outcome?
That depends entirely upon the software/content that the kids will be running.
Otherwise it will only be a distraction.
Also, has the school invested in some means of recovering these when they are stolen from the kids? Or is it a distraction toy that also makes them a target for crime?
More advanced features which we'll use on the regular will still be accessible and not really all that different from Windows 7, so what's with the complaining?
Again. Because Microsoft is changing the default behaviour in the new product. And the new default behaviour will be LESS effective for the users of the traditional Windows systems (desktops and laptops).
For typical sales guys which live in Outlook they'll actually be more effective as the things they use readily will be easily accessible.
So you say. Maybe you're right. Maybe Microsoft got it wrong all those years ago when it dropped that interface style with the early versions of Windows.
Seriously... what's with all the idiotic hate on this?
Microsoft is only changing the DEFAULT window manager to be more consumer / tablet friendly. Good for them.
Because Microsoft is changing the default behaviour in the new product. And the new default behaviour will be LESS effective for the users of the traditional Windows systems (desktops and laptops).
Here's an idea. Why not leave the DEFAULT behaviour as it is already and add a new OPTION to change it to the tablet-friendly format for those who want it that way?
Next up on Ask Slashdot: I just got permission to buy the biggest fleet of trucks on the east coast... and I was wondering if anyone on Slashdot had any ideas what I should do with them.
Followed by, The company I work for just purchased 10,000 acres of land on the east coast and I was wondering if anyone on Slashdot had any idea what we should do with it.
From the consumer's point of view, what's the point of downloading faster than one can listen?
Most of the systems out there already download faster than you can watch / listen to the content.
But they still have issues where there are delays and the play-back has to pause and "buffer" more content.
Simply put, the longer the download process is (all the way down to receiving the packets a microsecond before playing them) the more likely it is that something will cause packets to be lost or delayed and the system will have to interrupt the customer and "buffer" more data.
With higher speeds, if you can download a 2 hour movie in 10 minutes you won't see any Internet-based delays for an hour and fifty minutes. Which makes for a better "customer experience".
1. She's talking about gig connections from your home to your ISP.
2. She's mixing wired and wireless.
3. She mixes gig and 100Mb/s.
4. $40 for 100Mb / $70 for gig is NOT a lot of money.
5. She's wrong. Computers today CAN handle a gig connection.
6. So what if the cheap router/firewall/whatever you have cannot handle a gig connection (it can probably handle a 100Mb/s connection)? That's the easiest piece for the consumer to replace.
7. The apps that would use it TODAY are things like streaming media. Getting the WHOLE movie or song or whatever 100x faster means fewer delays from the consumer's point of view (perception).
If I could get gig speeds here in Seattle for under $100 I would certainly do it.
You'll still have a lot of residual heat energy, as it can take a long time for energy acquired from sunlight to be dissipated at night.
That part of the discussion is about after the tank has cooled. When it is "dug in". And from TFA, this works best in the 300-400m range. Otherwise the enemy would have to miss the tanks driving up less than half a klick away.
Look at your car. Does it "spew exhaust all over the place"? No, it is directed...
The exhaust goes out the exhaust pipe. And then it rises and spreads out because of the air currents. In other words, it spews exhaust all over the place.
Putting the magical invisibility armour on the FRONT of the tank is NOT going to do anything hide the massive amounts of heat pouring out the BACK of the tank. It's physics.
If the panels are actively cooled as well as heated, you could have the cooler panels masking the outgassing source to let it dissipate in the air before leaving the blanket.
Yeah. That's why I said that it is probably limited by the amount of freon the tank carries. Any electrical system trying to do that would need some place to dump its own heat.
But basically the main point is that you can no longer see a giant tank shaped thing clearly using night vision, as most a few odd sources of heat that could be small mammals...
Only if it is already cold (and then anyone can glue a cow shaped heating pad to it).
Any other situation and you run into the laws of thermodynamics.
You cannot destroy heat. You need something colder to absorb it or You need some way of moving it away.
The student needs to work to find out how he/she learns best for each subject and apply that/those technique(s).
Technology can help. When virtual reality is possible, the student can learn history by "being there". Or he/she could watch a movie about it today. But that requires that the content (movie) be available along with the technology to view it (the laptop). Handing out laptops without content only leads to games of minesweeper.
And this isn't even addressing whether the students have Internet access away from school.
Or whether the school has the support structure in place to handle the hardware breakage and software problems that will happen.
I'm speaking as someone who used to pay the license fees for shareware that I used.
With GPL'd software, I can contribute DIRECTLY to the people writing the code. And I have done so.
And I will do so in the future.
Now, some people will think that I'm the stupid one for paying for something that they're getting "free" (without paying in this case).
So what? What do I care what they think? Why should I care about which license they think is "better" or "more free" or whatever else? Why should I spend any more of my time trying to convince them if they don't see the situation in the same way I do?
There will ALWAYS be a segment of the population that thinks that they're smarter or whatever because they don't pay for something they use.
The root cause of this infection would make any OS vulnerable, from mainframe z to openbsd server
Exactly. And I see it every day.
Just because you THINK you can "admin" a workstation (or a few workstations for your immediate family) does NOT mean that you know how to correctly administer a server.
That this "virus" has any traction is just more evidence of that.
To understand this, consider a key exchange between Alice and Bob, where Bob sends his Diffie-Hellman public key to Alice. Lucifer, the adversary, could tamper with this key exchange as follows:
They need to stick to established naming conventions to make their work easier to understand.
The malicious cracker is named "Mallory". Not "Lucifer".
The key characteristics of a TEA message is that an attacker can neither hide a TEA transmission from other nodes within radio range, nor can it modify the content of the TEA without being detected.
That's a problem. In THEORY, those characteristics exist for ALL wireless packets. If Alice transmits, Bob sees the transmission (if within range). Mallory has to resort to a means of interrupting the transmission or canceling the request or just being the MITM for clients that are at the edge of the wireless coverage area.
While I got your pointless argument on the size of the brains dictating the age or maturity of the speaker...
Bzzzt! Wrong answer.
My point was that if someone understands something when they're in the 5th grade then they probably have the same understand (or a more complete understanding) when they're an adult.
Unless they have some kind of brain trauma.
So claiming that a large number of adults have a limited understanding of something means that when they were in the 5th grade their understanding of that material was as limited (if not more so).
And actually moralistic means exactly what I intended. To concern one's self with moral upstanding or concerns (ergo, Morality).
And yet learning math (to be an engineer) is not a moral issue. Why would math be moral or immoral?
The fact you totally disregarded the point of this entire discussion and went hyper-conservative on spelling and grammar to provide a straw-man, then decided to be cute and form some type of high-brow commentary on metaphors regarding skull sizes and some simpleton knee-jerk relational hypothesis on maturity based on age (weak as it was) without any citations or facts to back up said absurd statements, especially regarding the original fact that you are still trying to displace with a tangent argument, is frankly not meeting the morals of someone who cares.
Check it, folks. That is ONE sentence there.
And, again, the point was that if an adult does not understand something then it cannot (logically) follow that he understood it when he was in the 5th grade (unless he underwent some brain trauma).
If I have Abraham Lincoln's skull from when he was 12... he would never have reached the age of 21. Therefore, I cannot possess two skulls from him at two different ages.
Mocking your grammatical misadventures is similar to that. If you have the skills to form grammatically correct sentence structures, that means that you had learned them in the past. If you lack those skills, that means you did not learn them in the past. Or you have brain trauma.
So, asking a 5th grader to make a career choice (or evaluating the importance of education) is stupid. The kid in 5th grade lacks all the following years of experience and knowledge that she/he would gain from school and life in those years.
We should really be looking at providing employment opportunities for those who don't fit into school, as well as those who do.
And a means of completing the education process that was interrupted/abandoned the first time.
Maybe you couldn't adapt to school when you were 15. Is that going to limit you for the rest of your life? Why not provide some means of helping people improve their lives?
Why not? Because that same "authoritarian thought" comes into play. People who are, economically, barely above the drop-outs will fight any attempts to provide "un-earned" help to those below them (economically). Just in case they end up equal to or below the drop-outs.
Slashdot Mirror
Which cost money to implement.
Which requires that either the person volunteer his personal phone for that or that the company issue him a company phone that supports that.
Again, which costs money.
It's not that the users aren't smart. It's that management and the people setting up the systems do not understand security.
On most modern systems, it costs nothing to go from crap security (allowing 5 character dictionary words as a password) to better security (16 character passwords with some complexity).
The problem is that it is always easier to go with the worse security. No matter how easy you make the better security.
And every day you don't get cracked (or know that you were) is reinforcement of the bad security practices.
I'm just amazed that you were able to get that concept through their heads. I've been in similar situations where "let us not make this too difficult" trumps real security every time.
How much does a decent password cost? Nothing.
How much does NOT using that same password everywhere cost? Nothing.
Yet we constantly see cracks where the crappy password was used on multiple, critical systems.
Not really. It does cost more than NO security but not much more. Example, how much does it cost you to have a decent password instead of Password1?
Yes and yes. But that isn't the core of the problem. Greedy people can have the best security. They don't want criminals to take their money.
In some case you are probably correct. In other cases the company/person will increase the security to keep the assets out of the hands of the criminals.
In my experience, the problem with security is Pavlovian. ...
If you do something insecure, once, and nothing bad happens
Particularly if it was just a little bit easier to skip the security. Such as typing in a 5 character dictionary word rather than a 16 character password. It doesn't take much to be "easier".
And as long as nothing bad is happening, people will "learn" that they're "secure" and what they are doing is "right" and anyone who is advocating real security just doesn't understand the situation. That's Pavlovian. The reward is the slightly easier administration.
If management does not understand real security, there aren't many ways to get them to change. They already KNOW they're doing it "right".
Hence all the recent cracks.
All this talk of cutting taxes to create jobs ... the taxes have been cut and cut and cut again. Now they are at the lowest point in decades.
Yet the jobs are not being created in the USofA.
The people arguing for cutting taxes to create jobs are incorrectly conflating wealth / income / job-creation.
They are NOT the same.
Yeah, that sounds logical. Why don't we just cut the tax rate to 0% and everyone can give whatever they feel is appropriate? Who needs a tax code if everyone can give what they want?
And yet inheritance taxes have been cut to their lowest point in years. Isn't that what "estate planning" is for? You want to reward people for failing to plan for death? When everyone knows that they will, eventually, die?
And you think you've just said something insightful?
The problem is that a lower percentage (even if it is more money) is LESS of a burden than a higher percentage (even if less money).
When you only make $30K a year, 20% is a lot to you.
When you make $30M a year, 15% is LESS of a burden.
Two fallacies there:
1. History would disagree with you. The US economy grew faster when the capital gains tax was higher.
2. We're talking about the US economy. Investing in a company that hires overseas workers has a lesser effect on the US economy than hiring US workers. Even through the capital gains would be the same.
That depends entirely upon the software/content that the kids will be running.
Otherwise it will only be a distraction.
Also, has the school invested in some means of recovering these when they are stolen from the kids? Or is it a distraction toy that also makes them a target for crime?
Again. Because Microsoft is changing the default behaviour in the new product. And the new default behaviour will be LESS effective for the users of the traditional Windows systems (desktops and laptops).
So you say. Maybe you're right. Maybe Microsoft got it wrong all those years ago when it dropped that interface style with the early versions of Windows.
Because Microsoft is changing the default behaviour in the new product. And the new default behaviour will be LESS effective for the users of the traditional Windows systems (desktops and laptops).
Here's an idea. Why not leave the DEFAULT behaviour as it is already and add a new OPTION to change it to the tablet-friendly format for those who want it that way?
I totally believe the submitter's question.
Next up on Ask Slashdot: ... and I was wondering if anyone on Slashdot had any ideas what I should do with them.
I just got permission to buy the biggest fleet of trucks on the east coast
Followed by,
The company I work for just purchased 10,000 acres of land on the east coast and I was wondering if anyone on Slashdot had any idea what we should do with it.
Happens all the time!
TFA is nothing but name dropping and unsupportable claims.
Yeah. Right. Check your dates. If you were using .NET in 2001 ...
You can write secure code in almost any language. It is up to the skill of the coder. Look at the various *BSD's out there.
Most of the systems out there already download faster than you can watch / listen to the content.
But they still have issues where there are delays and the play-back has to pause and "buffer" more content.
Simply put, the longer the download process is (all the way down to receiving the packets a microsecond before playing them) the more likely it is that something will cause packets to be lost or delayed and the system will have to interrupt the customer and "buffer" more data.
With higher speeds, if you can download a 2 hour movie in 10 minutes you won't see any Internet-based delays for an hour and fifty minutes. Which makes for a better "customer experience".
The problem is that TFA was not correctly edited.
1. She's talking about gig connections from your home to your ISP.
2. She's mixing wired and wireless.
3. She mixes gig and 100Mb/s.
4. $40 for 100Mb / $70 for gig is NOT a lot of money.
5. She's wrong. Computers today CAN handle a gig connection.
6. So what if the cheap router/firewall/whatever you have cannot handle a gig connection (it can probably handle a 100Mb/s connection)? That's the easiest piece for the consumer to replace.
7. The apps that would use it TODAY are things like streaming media. Getting the WHOLE movie or song or whatever 100x faster means fewer delays from the consumer's point of view (perception).
If I could get gig speeds here in Seattle for under $100 I would certainly do it.
I wonder if you can specify the IP address range of the "proxies" you'd want.
First off, to see if any machines that you're responsible for have been cracked.
Secondly, penetration tests. Why bother with SQL injections and such if you can just rent half a dozen pre-cracked boxen there.
That part of the discussion is about after the tank has cooled. When it is "dug in". And from TFA, this works best in the 300-400m range. Otherwise the enemy would have to miss the tanks driving up less than half a klick away.
The exhaust goes out the exhaust pipe. And then it rises and spreads out because of the air currents. In other words, it spews exhaust all over the place.
Putting the magical invisibility armour on the FRONT of the tank is NOT going to do anything hide the massive amounts of heat pouring out the BACK of the tank. It's physics.
Yeah. That's why I said that it is probably limited by the amount of freon the tank carries. Any electrical system trying to do that would need some place to dump its own heat.
Only if it is already cold (and then anyone can glue a cow shaped heating pad to it).
Any other situation and you run into the laws of thermodynamics.
You cannot destroy heat.
You need something colder to absorb it
or
You need some way of moving it away.
But if you turn off the engine, you don't have a heat signature anyway. No need for infrared camouflage. Regular camouflage netting will do.
I don't think a tank's exhaust works like that. I think it kind of spews all over the place.
Which gets back to the original point. What to do with the heat?
Anyone could glue a cow-shaped heating pad onto the side of a cold tank.
Nope. That's what drones are for.
It used to be helicopters that were the "tank killers".
Then it was the A-10.
Now (and into the foreseeable future) it is unmanned drones.
Tanks are expensive and drones are cheap.
Tanks produce a LOT of heat.
That excess heat has to go somewhere. Otherwise you'll see very HOT cows moving towards you at 40 mph.
Yet checking TFA produces:
I'm thinking that this will later be shown to be extremely limited by the amount of freon carried by the tank.
The student needs to work to find out how he/she learns best for each subject and apply that/those technique(s).
Technology can help. When virtual reality is possible, the student can learn history by "being there". Or he/she could watch a movie about it today. But that requires that the content (movie) be available along with the technology to view it (the laptop). Handing out laptops without content only leads to games of minesweeper.
And this isn't even addressing whether the students have Internet access away from school.
Or whether the school has the support structure in place to handle the hardware breakage and software problems that will happen.
I think the difference in this "outrage" is whether the dead are "them" or not.
1 potential threat to even one of "us"
is worth far more than
1,000's of actual injuries or deaths to "them".
I'm speaking as someone who used to pay the license fees for shareware that I used.
With GPL'd software, I can contribute DIRECTLY to the people writing the code. And I have done so.
And I will do so in the future.
Now, some people will think that I'm the stupid one for paying for something that they're getting "free" (without paying in this case).
So what? What do I care what they think? Why should I care about which license they think is "better" or "more free" or whatever else? Why should I spend any more of my time trying to convince them if they don't see the situation in the same way I do?
There will ALWAYS be a segment of the population that thinks that they're smarter or whatever because they don't pay for something they use.
Exactly. And I see it every day.
Just because you THINK you can "admin" a workstation (or a few workstations for your immediate family) does NOT mean that you know how to correctly administer a server.
That this "virus" has any traction is just more evidence of that.
From the article you linked to:
They need to stick to established naming conventions to make their work easier to understand.
The malicious cracker is named "Mallory". Not "Lucifer".
That's a problem. In THEORY, those characteristics exist for ALL wireless packets. If Alice transmits, Bob sees the transmission (if within range). Mallory has to resort to a means of interrupting the transmission or canceling the request or just being the MITM for clients that are at the edge of the wireless coverage area.
Bzzzt! Wrong answer.
My point was that if someone understands something when they're in the 5th grade then they probably have the same understand (or a more complete understanding) when they're an adult.
Unless they have some kind of brain trauma.
So claiming that a large number of adults have a limited understanding of something means that when they were in the 5th grade their understanding of that material was as limited (if not more so).
And yet learning math (to be an engineer) is not a moral issue. Why would math be moral or immoral?
Check it, folks. That is ONE sentence there.
And, again, the point was that if an adult does not understand something then it cannot (logically) follow that he understood it when he was in the 5th grade (unless he underwent some brain trauma).
If I have Abraham Lincoln's skull from when he was 12 ... he would never have reached the age of 21. Therefore, I cannot possess two skulls from him at two different ages.
Mocking your grammatical misadventures is similar to that. If you have the skills to form grammatically correct sentence structures, that means that you had learned them in the past. If you lack those skills, that means you did not learn them in the past. Or you have brain trauma.
So, asking a 5th grader to make a career choice (or evaluating the importance of education) is stupid.
The kid in 5th grade lacks all the following years of experience and knowledge that she/he would gain from school and life in those years.
And a means of completing the education process that was interrupted/abandoned the first time.
Maybe you couldn't adapt to school when you were 15. Is that going to limit you for the rest of your life? Why not provide some means of helping people improve their lives?
Why not? Because that same "authoritarian thought" comes into play. People who are, economically, barely above the drop-outs will fight any attempts to provide "un-earned" help to those below them (economically). Just in case they end up equal to or below the drop-outs.
I'm offering THREE skulls here.
What's your offer?
(hint: normal people offer US dollars)
(hint #2: look up "moralistic". It does not mean what you think it does.)