After all, you're a barbarian without manners.:) Sadly, for a lot of people, they're actually correct.
IMO the Japanese seem a totally different people culturally from the rest of the world. I'm from an Asian country (not Japan) and we're probably still closer to "western" than Japanese.
As the joke goes, when the Japanese go to the football/baseball stadium to watch a game, the stadium is cleaner AFTER they leave;).
But if they think you're Japanese and you don't behave appropriately/properly you get the "treatment" (a friend had a whole train-car load of people glare/stare at her because she was eating in public or breaking one of the other unwritten rules).
They take seniority quite seriously there. Someone I know went to Japan and was in a meeting with a bunch of Japanese. And the airconditioning wasn't working properly so it was very warm. After about 10 minutes or so the most senior Japanese guy there takes off his coat. 10 minutes later, the next most senior guy takes off his coat. Then 10 minutes later the third-most senior takes off his coat, so on and so forth till the most junior! In contrast in the workplace cultures I've been in, we don't normally wear coats, but if we did I bet in that situation after the most senior guy takes off his coat, the rest of us would soon take ours off (assuming we hadn't already done so first;) ).
I'd imagine this password was specifically generated to make the user think about what he was accessing and is likely not indicative of some structured system.
That's still a system. And if they do something similar for everyone that means there is a pattern that's possibly bruteforceable.
Whereas if you had a system that involved 30 random characters derived from/dev/urandom even if that's not true random and a password got leaked most attackers would try other ways for cracking the other stuff that's protected by other passwords (they could still keep trying the usual brute forcing, but they're unlikely to succeed unless they know something about urandom that the rest of the world don't:) ).
It does rely on SSL certs not to change, which I find odd, given that SSL certs tend to be replaced
Cert expiration is little to do with security. The main reason why SSL certs expire is so that CAs can make money (that many think they don't deserve to make;) ).
IMO having to issue and reinstall certs regularly causes more security problems.
If a hacker can get hold of a webserver's SSL private keys, the hacker can likely get whatever else that webserver has or can access. Changing the SSL cert regularly won't help.
Most ssh servers never have their keys changed. If one day they change, it usually means something significant has happened.
In contrast many websites due to a combination of cert expiration and CDN services end up having multiple certs. If a webservice has 2 or more different SSL certs and every year or so keeps changing them[1], how is a user going to know whether the certificates really belong to that webservice? Because some random CA in the browser says so? And how does the user know that the webservice has decided which CA to use?
So self-signed certs can actually be safer. What are the odds that the first time you login to your bank someone is doing a MITM attack on you? If you survive that window, if the cert ever changes it means something has gone wrong. If you're paranoid for your "first time" you could try making connections to the bank on different days and from different places/ISPs (or even via VPN services/Tor) and then checking the fingerprints, or even asking the bank about it.
[1] FWIW I use Certificate Patrol on Firefox and that's why I know that some services have multiple CAs for their certs and rotate them. Whether this is correct or not, I have no way of telling. So in my opinion the CA system doesn't really increase security.
To me it shows a great lack of discretion by the Guardian or at least David Leigh. Even if passwords are temporary you do not leak them to the public. It potentially provides clues to others on how passwords are constructed, and the security systems used (it might not apply to wikileaks, but it certainly applies to many organizations).
Journalists change names of sources/interviewees/places all the time, the same should apply for passwords.
I am a firm believer that once there is a loss of trust, anything that company touches should be black holed.
Really? Do you still trust Verisign and Verisign owned companies (e.g. Thawte)? Verisign have screwed up, and worse also do ethically dubious stuff ( http://en.wikipedia.org/wiki/Verisign#Controversies ).
BTW Symantec now owns Verisign's CA stuff not sure how much you trust Symantec but they certainly have screwed up before.
How about Mozilla? Or the other browser makers who have bundled CNNIC's (China Gov) CA certs in their browsers.
How about Entrust? They have signed CNNIC's CA cert, so even if you remove CNNIC's cert, an MITM by China might still work as long as your browser trusts Entrust.
I personally use Certificate Patrol, so if something is signed by CNNIC and it's a Chinese Gov site, it's no big deal, but if google/gmail is signed by CNNIC I'd get warned.
BTW I'm not that worried about the Chinese Gov - since I don't live there or work there, just using China because it's a popular bogeyman (with some justification since they certainly do bad stuff;) ).
I know, which is why I said "That William Shakespeare".
Despite all that, people still take "the works" seriously - part of certain exams. Create new works based on it. Get inspired by it. etc
Just because something is written down doesn't mean anything special.
And just because the above is true doesn't mean that nothing is special.
I don't really care much for Shakespeare but I'm not one who tries to convince Shakespeare fans that it's all nothing special because it's just words, and words that could have been changed over the years, and also because we don't know who is really the author of any particular sentence or word.
Your point is about the same as saying that you can't attribute Shakespeare's works to "That William Shakespeare" because you can't be sure whether each and every line was written by him. And what the book/work is about, the plot/story etc doesn't even matter, or come into consideration.
Same goes for any other work by any author that has been handed down via copies over the ages.
While you're at it, you should tell historians to switch to a different career.
There is a difference between approval and allowing. When you are booting up a Civilization/Culture from scratch you will have to go through some pretty ugly bits.
You're clearly one of those ignorant who mock without even having read the Bible properly.
15 If a slave has taken refuge with you, do not hand them over to their master. 16 Let them live among you wherever they like and in whatever town they choose. Do not oppress them.
You could choose to interpret that as foreign slaves only. But if you run to another town/country who is going to be able to figure the difference in those days? Not like they had passports or photo ID. In case you're wondering they were barely into the Iron Age at that time, so good luck with doing the ball and chain slavery stuff;).
Yes the master could give the slave a huge beating if the master ever caught up with the slave, but even then if he screws up and say the slave loses a tooth, the slave gets to go free, or the master gets punished for killing the slave (I see possible interpretations of the law that indicate death could be a punishment).
There were usually a few main reasons you were a slave: a) you couldn't support yourself (despite supposedly being able to glean: http://www.bible-history.com/isbe/G/GLEANING/ ) b) you lost a war - that usually sucked in those days. c) you were a child whose parents were both slaves.
What do you propose people do in a time without birth control? Give prisoners, slaves, children of slaves full privileges? Who is going to feed them or give them land? There was no "Green Revolution" back then. Already in these relative times of plenty you still have people in the US grumbling about "evil socialism" and socialized healthcare taking their money.
Many of the laws deal with the world when stuff fails. In those days a lot of wars was genocide whether you liked it or not. If you didn't wipe the enemy out, if they ever got the chance, they would come back and wipe you out. There was no stuff like the "Geneva Convention". In fact it was not unheard of for victors to "salt the earth" so that even those who escape would have a harder time growing crops in that area.
Even today you have something similar with some naive people saying in effect that because the workers in China are being exploited, they should lose their jobs. Who is going to feed those workers then?
If you or someone else can propose a practical alternative that would have worked better back in those days, go ahead and post it. I or others might have a good time laughing at the results.
There have been many peoples/cultures with long histories. And from what I see the Jews certainly have a high number of Nobel laureates per capita. Same goes for top mathematicians, musicians, actors, bankers.
Like it or not, the "bunch of lies/bullshit" sure seems to have made a difference for the Jews. Even if by now many of them no longer believe it.
Show me a superior ""bunch of lies/bullshit" or "Truth" or "Truthiness" that would have worked better.
Confucianism? It has its merits, but by objective measures it's still inferior don't you think?
"Modern Science"? Where's the syllabus for domesticating humans?
So go ahead think about it harder.
As I said and say again: when you are booting up a Civilization/Culture from scratch you will have to go through some pretty ugly bits.
The literal name of the place: http://en.wikipedia.org/wiki/Yam_Suph
The names of places change over the years.
New York City used to be called New Amsterdam: http://en.wikipedia.org/wiki/New_Amsterdam And that's like only 400 years ago.
A lot of clueless people go about saying stuff in the Bible is false or has to be metaphor.
Sure there are some mistakes, plenty of metaphor and plenty of inconvenient unpleasantness. But if you bother to use your brains and take the time, there's enough truth that should give some pause. People like to criticize the Bible for having bits of slavery (but not notice there aren't that many penalties for a slave that runs away heck there's even Deuteronomy 23:15). Guess what those are laws dealing with the imperfect world when things fail.
Lastly, there's not much difference genetically between the Jews, the other Semites and the rest of the world. But the Jews sure have a lot more Nobel prizewinners per capita. So that "pack of lies" has made some difference in their lives hasn't it?
I'd love to suggest that you and apparently 99% of others on Slashdot would try to understand something before talking about it, but that looks like a lost cause.
Try to understand? As in smoke the same shit the Mozilla developers have been smoking?
They should just do it the way the more sane insane people do it. Have two version "numbers". One for the technical folk and one for "the rest of the world".
This is starting to look a bit like the US Budget fiasco: even if they finally make the right decision, it might be too late, since everyone has seen how crazy/incompetent/stupid they are.
In a socialist "safety net" country I can see how financial fraud shouldn't be as big a deal.
But in a country with no/minimal "safety nets", having lots of people swindled out of their life savings means the odds of those people dying prematurely go up a lot.
When winter comes by and you can no longer afford heating or even shelter and food, you'd might just die.
The thing is, executing the swindlers doesn't help keep the swindled alive either. But regular consistent execution of swindlers would reduce the number of swindlers - they might decide to pick a safer line of "work".
Slashdot Mirror
After all, you're a barbarian without manners. :)
Sadly, for a lot of people, they're actually correct.
IMO the Japanese seem a totally different people culturally from the rest of the world. I'm from an Asian country (not Japan) and we're probably still closer to "western" than Japanese.
As the joke goes, when the Japanese go to the football/baseball stadium to watch a game, the stadium is cleaner AFTER they leave ;).
But if they think you're Japanese and you don't behave appropriately/properly you get the "treatment" (a friend had a whole train-car load of people glare/stare at her because she was eating in public or breaking one of the other unwritten rules).
They take seniority quite seriously there. Someone I know went to Japan and was in a meeting with a bunch of Japanese. And the airconditioning wasn't working properly so it was very warm. After about 10 minutes or so the most senior Japanese guy there takes off his coat. 10 minutes later, the next most senior guy takes off his coat. Then 10 minutes later the third-most senior ;) ).
takes off his coat, so on and so forth till the most junior! In contrast in the workplace cultures I've been in, we don't normally wear coats, but if we did I bet in that situation after the most senior guy takes off his coat, the rest of us would soon take ours off (assuming we hadn't already done so first
I'd imagine this password was specifically generated to make the user think about what he was accessing and is likely not indicative of some structured system.
That's still a system. And if they do something similar for everyone that means there is a pattern that's possibly bruteforceable.
Whereas if you had a system that involved 30 random characters derived from /dev/urandom even if that's not true random and a password got leaked most attackers would try other ways for cracking the other stuff that's protected by other passwords (they could still keep trying the usual brute forcing, but they're unlikely to succeed unless they know something about urandom that the rest of the world don't :) ).
From a sociopathic POV it's great to have someone else pay for your marketing ;).
It does rely on SSL certs not to change, which I find odd, given that SSL certs tend to be replaced
Cert expiration is little to do with security. The main reason why SSL certs expire is so that CAs can make money (that many think they don't deserve to make ;) ).
IMO having to issue and reinstall certs regularly causes more security problems.
If a hacker can get hold of a webserver's SSL private keys, the hacker can likely get whatever else that webserver has or can access. Changing the SSL cert regularly won't help.
Most ssh servers never have their keys changed. If one day they change, it usually means something significant has happened.
In contrast many websites due to a combination of cert expiration and CDN services end up having multiple certs. If a webservice has 2 or more different SSL certs and every year or so keeps changing them[1], how is a user going to know whether the certificates really belong to that webservice? Because some random CA in the browser says so? And how does the user know that the webservice has decided which CA to use?
So self-signed certs can actually be safer. What are the odds that the first time you login to your bank someone is doing a MITM attack on you? If you survive that window, if the cert ever changes it means something has gone wrong. If you're paranoid for your "first time" you could try making connections to the bank on different days and from different places/ISPs (or even via VPN services/Tor) and then checking the fingerprints, or even asking the bank about it.
[1] FWIW I use Certificate Patrol on Firefox and that's why I know that some services have multiple CAs for their certs and rotate them. Whether this is correct or not, I have no way of telling. So in my opinion the CA system doesn't really increase security.
To me it shows a great lack of discretion by the Guardian or at least David Leigh. Even if passwords are temporary you do not leak them to the public. It potentially provides clues to others on how passwords are constructed, and the security systems used (it might not apply to wikileaks, but it certainly applies to many organizations).
Journalists change names of sources/interviewees/places all the time, the same should apply for passwords.
Sufficient credit is indistinguishable from wealth.
, Those Type "A", sociopath fuckers will be wiped from the planet in a hail of lead and fire.
You sure are delusional.
History has shown that those sociopathic fuckers and their armies[1] are the ones who will be doing the wiping out.
[1] The majority of people follow orders and/or do whatever everyone else around them is doing. Good pawns for the sociopathic leaders.
I am a firm believer that once there is a loss of trust, anything that company touches should be black holed.
Really? Do you still trust Verisign and Verisign owned companies (e.g. Thawte)? Verisign have screwed up, and worse also do ethically dubious
stuff ( http://en.wikipedia.org/wiki/Verisign#Controversies ).
BTW Symantec now owns Verisign's CA stuff not sure how much you trust Symantec but they certainly have screwed up before.
How about Mozilla? Or the other browser makers who have bundled CNNIC's (China Gov) CA certs in their browsers.
How about Entrust? They have signed CNNIC's CA cert, so even if you remove CNNIC's cert, an MITM by China might still work as long as your browser trusts Entrust.
I personally use Certificate Patrol, so if something is signed by CNNIC and it's a Chinese Gov site, it's no big deal, but if google/gmail is signed by CNNIC I'd get warned.
BTW I'm not that worried about the Chinese Gov - since I don't live there or work there, just using China because it's a popular bogeyman (with some justification since they certainly do bad stuff ;) ).
And in the ultimate ironic hypocracy, the person in charge of G+ and responsible for the real name policy is Vic Gundrota.
Hypocracy - rule by hypocrites?
That's why fixing this bug will help more for plausible deniability than Truecrypt's "feature": https://bugs.launchpad.net/ubuntu/+bug/148440
When "everyone" has an encrypted partition/file whether they use it or not, it's much easier to deny using it.
I know, which is why I said "That William Shakespeare".
Despite all that, people still take "the works" seriously - part of certain exams. Create new works based on it. Get inspired by it. etc
Just because something is written down doesn't mean anything special.
And just because the above is true doesn't mean that nothing is special.
I don't really care much for Shakespeare but I'm not one who tries to convince Shakespeare fans that it's all nothing special because it's just words, and words that could have been changed over the years, and also because we don't know who is really the author of any particular sentence or word.
To me it wouldn't be a very convincing argument.
The difference between Steve Jobs and the wannabes is Steve Jobs is an asshole with taste.
The wannabes can only emulate the asshole bit. And that is why they fail.
How do you hire people with taste if you yourself have no taste? It takes a lot more effort, esp with lots of lying assholes around.
Your point is about the same as saying that you can't attribute Shakespeare's works to "That William Shakespeare" because you can't be sure whether each and every line was written by him. And what the book/work is about, the plot/story etc doesn't even matter, or come into consideration.
Same goes for any other work by any author that has been handed down via copies over the ages.
While you're at it, you should tell historians to switch to a different career.
There is a difference between approval and allowing. When you are booting up a Civilization/Culture from scratch you will have to go through some pretty ugly bits.
You're clearly one of those ignorant who mock without even having read the Bible properly.
Otherwise you would realize that despite the passages in the Bible dealing with slavery, there isn't very much punishment proscribed for slaves that run away (go look for it - the "State" doesn't care). In fact:
http://www.biblegateway.com/passage/?search=Deuteronomy+23%3A15-16&version=NIV
15 If a slave has taken refuge with you, do not hand them over to their master. 16 Let them live among you wherever they like and in whatever town they choose. Do not oppress them.
You could choose to interpret that as foreign slaves only. But if you run to another town/country who is going to be able to figure the difference in those days? Not like they had passports or photo ID. In case you're wondering they were barely into the Iron Age at that time, so good luck with doing the ball and chain slavery stuff ;).
Yes the master could give the slave a huge beating if the master ever caught up with the slave, but even then if he screws up and say the slave loses a tooth, the slave gets to go free, or the master gets punished for killing the slave (I see possible interpretations of the law that indicate death could be a punishment).
There were usually a few main reasons you were a slave:
a) you couldn't support yourself (despite supposedly being able to glean: http://www.bible-history.com/isbe/G/GLEANING/ )
b) you lost a war - that usually sucked in those days.
c) you were a child whose parents were both slaves.
What do you propose people do in a time without birth control? Give prisoners, slaves, children of slaves full privileges? Who is going to feed them or give them land? There was no "Green Revolution" back then. Already in these relative times of plenty you still have people in the US grumbling about "evil socialism" and socialized healthcare taking their money.
Many of the laws deal with the world when stuff fails. In those days a lot of wars was genocide whether you liked it or not. If you didn't wipe the enemy out, if they ever got the chance, they would come back and wipe you out. There was no stuff like the "Geneva Convention". In fact it was not unheard of for victors to "salt the earth" so that even those who escape would have a harder time growing crops in that area.
Even today you have something similar with some naive people saying in effect that because the workers in China are being exploited, they should lose their jobs. Who is going to feed those workers then?
If you or someone else can propose a practical alternative that would have worked better back in those days, go ahead and post it. I or others might have a good time laughing at the results.
There have been many peoples/cultures with long histories. And from what I see the Jews certainly have a high number of Nobel laureates per capita. Same goes for top mathematicians, musicians, actors, bankers.
Like it or not, the "bunch of lies/bullshit" sure seems to have made a difference for the Jews. Even if by now many of them no longer believe it.
Show me a superior ""bunch of lies/bullshit" or "Truth" or "Truthiness" that would have worked better.
Confucianism? It has its merits, but by objective measures it's still inferior don't you think?
"Modern Science"? Where's the syllabus for domesticating humans?
So go ahead think about it harder.
As I said and say again: when you are booting up a Civilization/Culture from scratch you will have to go through some pretty ugly bits.
The literal name of the place: http://en.wikipedia.org/wiki/Yam_Suph
The names of places change over the years.
New York City used to be called New Amsterdam: http://en.wikipedia.org/wiki/New_Amsterdam
And that's like only 400 years ago.
A lot of clueless people go about saying stuff in the Bible is false or has to be metaphor.
Sure there are some mistakes, plenty of metaphor and plenty of inconvenient unpleasantness. But if you bother to use your brains and take the time, there's enough truth that should give some pause. People like to criticize the Bible for having bits of slavery (but not notice there aren't that many penalties for a slave that runs away heck there's even Deuteronomy 23:15). Guess what those are laws dealing with the imperfect world when things fail.
Lastly, there's not much difference genetically between the Jews, the other Semites and the rest of the world. But the Jews sure have a lot more Nobel prizewinners per capita. So that "pack of lies" has made some difference in their lives hasn't it?
A blindfold?
Ah but who earned more for themselves and continued earning more?
Not one in a hundred wifi routers get updated over their life span.
Uh if they really don't get updated what's the difference between -stable and this proposal?
The whole point about this proposal is something keeps getting updated for years or even longer.
Uh that's why this is a problem. If the report is true, it's no longer a good benchmark, but a skewed one.
When you take out a loan to buy a computer, it's called a debt, and you are usually considered poor.
When you take out a loan to buy a big company it's called leverage, and you are usually considered rich.
When you take out a country with a loan or millions, it's called a bailout.
Call me cynical. but Facebook already knows the result, this is just another way to gather even more information from their users.
I'd love to suggest that you and apparently 99% of others on Slashdot would try to understand something before talking about it, but that looks like a lost cause.
Try to understand? As in smoke the same shit the Mozilla developers have been smoking?
No thanks.
They should just do it the way the more sane insane people do it. Have two version "numbers". One for the technical folk and one for "the rest of the world".
This is starting to look a bit like the US Budget fiasco: even if they finally make the right decision, it might be too late, since everyone has seen how crazy/incompetent/stupid they are.
First the version number is important so we bump it up a few notches. Now it's not?
I hope they don't write code while smoking whatever it is they are smoking before coming up with such ideas.
In a socialist "safety net" country I can see how financial fraud shouldn't be as big a deal.
But in a country with no/minimal "safety nets", having lots of people swindled out of their life savings means the odds of those people dying prematurely go up a lot.
When winter comes by and you can no longer afford heating or even shelter and food, you'd might just die.
The thing is, executing the swindlers doesn't help keep the swindled alive either. But regular consistent execution of swindlers would reduce the number of swindlers - they might decide to pick a safer line of "work".