Go through your text, and everywhere where it says "password" change it to say "passphrase."
The password-setting step, where you have the user initialize their password, should also say "don't re-use the same passphrase that you use somewhere else." Just say it. (If users want to ignore it, fine. You can't help people who don't want to be helped.)
This doesn't fix all the problems, but it fixes the most, in the smallest amount of time/effort. One of your interns can do all this in a single morning.
...
After that, make sure you're hashing, but use something already invented for this job rather than trying to figure it out yourself. (This might not be a job for an intern, though I bet it could, at some places.)
Congratulations, your site is now better than the other 99.9%. We'll revisit and update these decisions in a century or two, when you're considered to be better than only about 90%.
If you trust the alternative root, then it can't forge the entire tree, because it's not forging anything at all. It's protecting you from forgery. (And also, it won't be an alternative root, either; it'll just be the root.)
Let's all hope that this ends up not happening. It'd be an extremely minor improvement which only prevents any serious improvement from ever happening.
If the government is going to use force here, then it should be that any interstate commerce in TV must use standards. Why demand a free-as-in-beer app when you can just demand free-as-in-speech specs? That would get us all plenty of free-as-in-beer apps anyway, except that you get as many are needed, until everyone agrees it's competitive enough. Don't like Company X's TV player? Try Company Y's, or this one on githib, or write your own. A week after specs are published, you're going to have way better stuff available than any app Comcast is ever going to make for your Roku, which will be the next thing for you to be constantly bitching about (assuming you're still using the Roku when the app comes out).
If you're not going to force the use of standards, then don't bother using force at all. Why go to so much trouble just to do it wrong? You're setting us up so that when we tire of this next failure, the cable companies will be able to say "but we did what you want! It's not fair to make us change again!"
Protocols and interoperability are what have value. Stop stressing implementations so much. Doing things is fucking trivial, compared to figuring out what to do and being allowed to do it. Freedom gets you diversity, which gets you performance. Does anyone really still pretend to not know this?
Let's suppose we lived in that world. It's 2036, and sending a letter costs $10. Are you better off than you were in 1996 (when it cost 32 cents), or worse off?
We might be better off. Sure, it costs thirty times as much, but you might be having to do it less than a thirtieth as often. I'll admit my memory is foggy, but I'm pretty sure that every damn month I was having to mail multiple bill payments. That crap is over, and we're all happier for it, aren't we? Nowdays, I'm snailmailing infrequently enough that I don't even know if it's something I do twice a year, or once every two years, or what. It's getting hard to measure, but one thing's for sure: it ain't much.
$10 for a letter would be ok, if you almost never had to use it. And aren't we heading that way? Isn't nearly every instance (I'm trying to be open to there being some exceptions, though I'm actually drawing a blank right now) where you can't use email, a situation where you view the requirement as being a consequence of someone else's fuckup, incompetence, anachronism, etc? (e.g. this AC's idea that "my financial records where I need physical copies for tax audit purposes" is a feature of snailmail, rather than a defect in government's information-provenance-verification procedures.)
I'm not even necessarily advocating the death of USPS. Maybe they'll "rightsize" to fit the country's communications needs, such that they are the ones charging $10 to deliver a letter. It wouldn't be so bad, if overall, we still end up spending less.
Here, I'll start you off with some premium grade-A smokey music. Nope, that's not marijuana (though if that's your thing, it should still work out for you). Inhale again and you'll realize it's mesquite. I suppose the two are similar, because smelling this music gives me the munchies, except I don't wanna settle for anything less than slow-fuckin'-cooked brisket.
Name one country that doesn't mind its military bases being photographed every couple of months and being published for anyone to look at.
If Google is photographing your bases and publishing it, the problem isn't that they published it. The problem is that Google was able to successfully photograph it.
If Google can photograph your base, then your adversary can too. And Google is almost certainly doing things in the nicest way possible, obeying laws, not generally willing to put up with planes being shot down as merely an inevitable cost of business, etc. A real adversary doesn't have those constraints.
Attempting to censor Google is symptom-treating, and really, it's to a comical degree. It's way out there; this isn't merely "slightly stupid." This totally reeks of closing barns doors after horses have gotten out... except that there will be an update in a few months and of course they'll want that blurred too,because they still haven't closed the barn door. It's more like they just don't want people talking about the barn door, that they have already decided they're never going to close.
YOUR HORSES ARE OUT, NUMBNUTS!!! WE ARE LOOKING AT YOUR BARN DOOR BECAUSE IT'S HYSTERICALLY FUNNY THAT YOU KEEP LEAVING IT OPEN, not because we want to steal your horses, which aren't in the barn anyway. If the horses were really still in the barn, then you would have shot down the photographer.
And maybe what both parties need to get out of the trench warfare that they currently have as well.
Maybe, but maybe not.
The parties only hear two language: votes and money. Whatever they're doing, appears to be working for them (contrary to what you suggest, that they change). You write that it's bad, but on election day I think they are going to hear that what they did was good.
You're giving a treat to the dog (and saying "bad dog") every time he barks, and kicking him (and saying "good dog") whenever he sits and cutely wags his tail. Guess what kind of dog you're going to have.
The only good news I'm seeing in this election, is that somewhere around 10-15% of voters have finally decided to stop actively supporting and approving them, compared to single digits in previous years. But a strong majority still approves, applauds, and rewards.
I think the election night numbers are going to show: Clinton and Trump were excellent choices, America's top two favorites. Prove me wrong, America. I don't care what you say to me; I'm watching to see what you say to them and everyone else.
Captain Terrell and Chekov both got Ceti-Eeled. While Chekov got out alive, I'd like to hear you explain to Terrell's widow how Khan didn't bear any responsibility for what happened.
The taxpayers, for both the cost of Reliant, and the cost of Genesis, which was wasted in an uncontrolled "test."
If he'd focused his revenge on just Kirk, that'd be one thing, but as Kirk himself pointed out, there was a lot of totally senseless collateral damage.
Fuck Khan. This one asshole set sapiens-superior relations back decades.
But suppose, just hypothetically, Khan hadn't repaid Captian Kirk's hospitality by attempting to steal his ship and murder him. Would you hate him then?
Lack of security is a pain in someone's ass too. What we need, is to merge these two asses. One ass: all the pain. Then you can get the correct tradeoffs.
When they talk about the "user experience" they mean someone who is buying ads, not the person who is posting "Look what Hillary Trump said last night" every day. Think in terms of Facebook's customers.
Knowing who is talking to whom is an important part of Facebook's marketing. Look at how Facebook targets and consider item #19 in that article. It's not just about who you are, it's about who you know. Whether you think this is a good idea for Facebook or not, it is what they do.
User A and user B are friends in real life, use Whatsapp, and have Facebook accounts -- but they're not "friends" on Facebook (maybe they only use Facebook for work, or something like that). (Or maybe they don't have Facebook accounts, but Facebook has profiles on them gathered by "like" buttons, and has some way to deliver ads to at least one of them.) They communicate with each other using Whatsapp. This lets Facebook connect the two profiles, even though within Facebook alone, they are unconnected. The result: Now user A can see shopping ads for user B's upcoming birthday.
Saying you compete with someone, isn't the same as saying you're the same kind of business. e.g. courier bikes, courier pigeons, telegrams and email can all compete with one another, but work differently and might have really good reasons for being regulated differently.
(BTW, I'm not taking a position about how Uber should or shouldn't be regulated; I'm just saying that there is nothing about their reaction which implies they're admitting anything.)
Oh, so you're manually inspecting the self signed certificate every time you visit your website? If not, then how do you know nobody is intercepting your communication, making your self signed certificate as useless as having no encryption at all.
No, and he didn't imply that. Here are several situations, in increasing order of security.
1) The connection is not encrypted or signed. No certs exist. Nobody knows who they're talking to. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, while they can't impersonate, can at least read what everyone is saying. No warning.(?!)
2) The connection is encrypted, but with unknown parties' public keys. Certs exist but are essentially worthless. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, can't read anything. DANGER! DANGER! FREAK OUT!!
3) The connection is encrypted, and if you believe certain faceless parties who are totally unaccountable to you and who you don't know anything about, you think you probably know the other side's identity. Active attackers can't do anything, unless they're active enough to coerce or trick the CA. Passive attackers can't read anything. No warning.
4) The connection is encrypted just like above, but the CA pinky-swears that they really tried hard to make sure. Green URL bar.
5) As case 3 or 4, but multiple CAs, which might be hard for a single attacker to simultaneously coerce or trick, have all signed the cert. We don't have this in our browsers yet; it's early 1990s level tech that we're still waiting for.
6) As case 3 but the user has verified the identity through a different channel. No trusted introducer was needed. The cert need not be signed at all, or might be signed by the user himself. No warning, but also no green URL bar. (Yet, this is the very best-possible case, definitely more secure than any other.)
See anything wrong here? Scenarios 1 and 2 have their warning severities reversed. (And there's also a UI defect at high degrees of security, too, but that's less important.) This trains the use to think of warnings as not necessarily meaning increased severity or risk. A user will adjust to this by ignoring warnings. This is bad communication, and it's making us all a little stupider.
What you should do is add your known self signed certificate to your local certificate store, which means that the warnings will stop
He's talking about a situation where it's not known. Adding it to the local store would be inappropriate. That would be an attempt to treat scenario 2 as scenario 6, just to get around a UI bug. It'd be much better to just fix the bug.
Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.
Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.
For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.
Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.
A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.
The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"
The group of nerds chooses the latter, opting to not have the bugs fixed.
Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?
I wish they still made those Warwick Davis Leprechaun movies. They could totally have an olympics one, where he dissolves some gold thief in the pool. OMFG, gold thief! The Leprechaun could be in the olympics, and he's pissed that other contestants are winning "his" gold medals. It's perfect; the movie writes itself.
But the last two (no, the last three, but especially the "Hood" ones) totally sucked, so I understand why they don't make 'em anymore. My friends and I were so pissed that the "Hood" ones sucked; within just a few minutes of trying to get over our disappointment after watching the first one, were were making up limerick-raps way better than anything in the movie. Those bastards put in so little effort in the end, and why they made "back 2 tha hood" I can't begin to imagine. Sigh.
So anyway, Warwick, tell your agent that you're up for doing another, but only if they'll do a good job, like in Leprechaun 3 (total classic, best of the series!).
Okay, why do you think that insisting on being able to make an emergency phone call is stupid or evil?
(As other people have pointed out, one of the aspects of this story is that nobody's ability to make the call is seriously impaired. They can go outside or use wires, so it's a non-issue anyway. But that's not what we're talking about, so I'm going to answer your question.)
The stupid/evil is in the "insisting" part. Nobody is doing anything to the insister; the insister is making up a NEW thing that is suddenly "owed" to them, a pseudo-right which previously did not exist. If I'm minding my own business and you forcefully impose a new requirement on me, that's simple aggression. Nobody should ever have to tolerate that, and a big part of the purpose of government is to stomp on the people who get caught doing it.
You have the right to try to make a phone call with your equipment, but nobody ever had the right for it to necessarily work. There are so many reasons it might not work, that it will never be something that anyone will ever be able to take for granted. It will never be an entitlement. Your phone's performance will never be someone else's responsibility. We, all together with everything we have, will never have the power to make sure phones always work.
OTOH, the bar owner, sure as fuck, has the right to use metal construction! He also had the right to open a bar 50 years ago when you didn't have a cell phone. He has the right to open a bar 50 miles from the nearest cell tower, or to open a bar in a city which has cell towers fairly nearby but with iffy performance. He has the right to exist even if you forgot to charge your phone or if you left your phone at home. As long as he's not doing anything to you, your phone's problems shouldn't be his problem.
So while on the face of it, the insistance is clearly evil, I try to allow the stupid-out instead, simply because so many people don't think about rights, ethics, power relationships, etc.
...
Let's make up a tear-jerker (this thread needs more FUN). Your wife, kids, ten very cute puppies, the nicest nun in history and that celebrity that everyone thinks is a cool guy in real life, all have an acute problem which is easily treated. All it takes to help them, is that a magic syllable be uttered over a phone to another person. Alas, if it doesn't get done, they will burn to death, screaming in agony in front of you. You're at the bar with your family and puppies, the nun and the celebrity, when suddenly you get a whiff of smoke. Your wife chuckles, "Uh oh, it's happening again. Better make the call." You smirk, and say "Yes, dear," as you reach for your phone. It's routine.
No signal.
Oh, shit.
So you think about stepping outside, but there was a $5 cover charge and there's no re-entry. There's a landline phone behind the bar too, but you don't want to impose on the bartender, as he looks somewhat busy. The reasons don't really matter, but the point is that you hesitate, and ultimately take no effective action. They burn to death: your wife cursing you in her final seconds, the kids and puppies begging you to do something to save them, a look of betrayed trust in their eyes. The nun insincerely forgives you, and the celebrity says "wait until my fans hear how you let me die!"
You live the rest of your life sad and alone, your soul forever wounded, haunted by the terrible memory. Their fat, melting! Their skin, cracking! Their bones, smouldering like charcoal! The horror!
Later, once you figure out that the building contained metal construction, you can call the owner an asshole. I am ok with you doing that. "You should have realized that sometimes customers like to make phone calls! You don't serve food here. What if someone wanted to order a pizza? Or what if someone's family has a rare spontaneous combustion condition huh? ASSHOLE!!" That's your opinion
I had no idea, until I scrolled down and read more comments. There are really people who look at making emergency phone calls as a positive right, where they think someone is doing something bad to them, if they're unable.
They're not joking, they're just stupid or evil (as usual, it's hard to tell the difference).
"But what if there is a terrorist attack!?!" has rapidly become the new "wont somebody think of the children?!?" in ridiculous arguments either for or against something.
You mean, it's almost as though the person you're replying to must have been joking? Huh, that's a weird thought.
You forgot the S in my Galaxy S4: I don't know what that S means either. (Or the X in Nexus 5X, but everyone usually agrees that X and Z never mean anything, whereas S has just the hint of legitimacy, that it might mean something.)
(The answer: Samsung doesn't know what it means either; they just copied it from Apple.;-)
This is a bad idea, as those of us who are old enough to remember, all know.
Back in the 1980s, before we had internet-connected PCs in our pockets, we had to use different tech to play Pokemon Go. It involved using an electronic resonator which stimulated the pineal gland. This allowed people to see into the pokemon universe, so you knew where they were. There were some problems, though.
The biggest problem was that the resonator did not merely allow you to see; it also allowed you to be seen by the pokemons. Even the magicarp where somewhat dangerous, and it just got worse from there. There were maulings and even some deaths.
A relatively minor problem (then; but in today's context it matters more) is that the pineal stimulation also somehow made people really horny. If sex offenders can't use computers to see the pokemons, then they're going to play with resonators, so you're going to have horny sex offenders hanging out at the lures. Who thought this was a good idea?! For fuck's sake, you want these people to be using the Internet version. Good grief!
They made a movie about it (though they couldn't get the Pokemon licensing, so everything's renamed).
Slashdot Mirror
Go through your text, and everywhere where it says "password" change it to say "passphrase."
The password-setting step, where you have the user initialize their password, should also say "don't re-use the same passphrase that you use somewhere else." Just say it. (If users want to ignore it, fine. You can't help people who don't want to be helped.)
This doesn't fix all the problems, but it fixes the most, in the smallest amount of time/effort. One of your interns can do all this in a single morning.
...
After that, make sure you're hashing, but use something already invented for this job rather than trying to figure it out yourself. (This might not be a job for an intern, though I bet it could, at some places.)
Congratulations, your site is now better than the other 99.9%. We'll revisit and update these decisions in a century or two, when you're considered to be better than only about 90%.
If you trust the alternative root, then it can't forge the entire tree, because it's not forging anything at all. It's protecting you from forgery. (And also, it won't be an alternative root, either; it'll just be the root.)
Let's all hope that this ends up not happening. It'd be an extremely minor improvement which only prevents any serious improvement from ever happening.
If the government is going to use force here, then it should be that any interstate commerce in TV must use standards. Why demand a free-as-in-beer app when you can just demand free-as-in-speech specs? That would get us all plenty of free-as-in-beer apps anyway, except that you get as many are needed, until everyone agrees it's competitive enough. Don't like Company X's TV player? Try Company Y's, or this one on githib, or write your own. A week after specs are published, you're going to have way better stuff available than any app Comcast is ever going to make for your Roku, which will be the next thing for you to be constantly bitching about (assuming you're still using the Roku when the app comes out).
If you're not going to force the use of standards, then don't bother using force at all. Why go to so much trouble just to do it wrong? You're setting us up so that when we tire of this next failure, the cable companies will be able to say "but we did what you want! It's not fair to make us change again!"
Protocols and interoperability are what have value. Stop stressing implementations so much. Doing things is fucking trivial, compared to figuring out what to do and being allowed to do it. Freedom gets you diversity, which gets you performance. Does anyone really still pretend to not know this?
Let's suppose we lived in that world. It's 2036, and sending a letter costs $10. Are you better off than you were in 1996 (when it cost 32 cents), or worse off?
We might be better off. Sure, it costs thirty times as much, but you might be having to do it less than a thirtieth as often. I'll admit my memory is foggy, but I'm pretty sure that every damn month I was having to mail multiple bill payments. That crap is over, and we're all happier for it, aren't we? Nowdays, I'm snailmailing infrequently enough that I don't even know if it's something I do twice a year, or once every two years, or what. It's getting hard to measure, but one thing's for sure: it ain't much.
$10 for a letter would be ok, if you almost never had to use it. And aren't we heading that way? Isn't nearly every instance (I'm trying to be open to there being some exceptions, though I'm actually drawing a blank right now) where you can't use email, a situation where you view the requirement as being a consequence of someone else's fuckup, incompetence, anachronism, etc? (e.g. this AC's idea that "my financial records where I need physical copies for tax audit purposes" is a feature of snailmail, rather than a defect in government's information-provenance-verification procedures.)
I'm not even necessarily advocating the death of USPS. Maybe they'll "rightsize" to fit the country's communications needs, such that they are the ones charging $10 to deliver a letter. It wouldn't be so bad, if overall, we still end up spending less.
Try bandcamp.
Here, I'll start you off with some premium grade-A smokey music. Nope, that's not marijuana (though if that's your thing, it should still work out for you). Inhale again and you'll realize it's mesquite. I suppose the two are similar, because smelling this music gives me the munchies, except I don't wanna settle for anything less than slow-fuckin'-cooked brisket.
If Google is photographing your bases and publishing it, the problem isn't that they published it. The problem is that Google was able to successfully photograph it.
If Google can photograph your base, then your adversary can too. And Google is almost certainly doing things in the nicest way possible, obeying laws, not generally willing to put up with planes being shot down as merely an inevitable cost of business, etc. A real adversary doesn't have those constraints.
Attempting to censor Google is symptom-treating, and really, it's to a comical degree. It's way out there; this isn't merely "slightly stupid." This totally reeks of closing barns doors after horses have gotten out... except that there will be an update in a few months and of course they'll want that blurred too,because they still haven't closed the barn door. It's more like they just don't want people talking about the barn door, that they have already decided they're never going to close.
YOUR HORSES ARE OUT, NUMBNUTS!!! WE ARE LOOKING AT YOUR BARN DOOR BECAUSE IT'S HYSTERICALLY FUNNY THAT YOU KEEP LEAVING IT OPEN, not because we want to steal your horses, which aren't in the barn anyway. If the horses were really still in the barn, then you would have shot down the photographer.
Hitler is already a proven election-winner. That's not a fair alternative to Trump. Put up a more hypothetical name, please.
Maybe, but maybe not.
The parties only hear two language: votes and money. Whatever they're doing, appears to be working for them (contrary to what you suggest, that they change). You write that it's bad, but on election day I think they are going to hear that what they did was good.
You're giving a treat to the dog (and saying "bad dog") every time he barks, and kicking him (and saying "good dog") whenever he sits and cutely wags his tail. Guess what kind of dog you're going to have.
The only good news I'm seeing in this election, is that somewhere around 10-15% of voters have finally decided to stop actively supporting and approving them, compared to single digits in previous years. But a strong majority still approves, applauds, and rewards.
I think the election night numbers are going to show: Clinton and Trump were excellent choices, America's top two favorites. Prove me wrong, America. I don't care what you say to me; I'm watching to see what you say to them and everyone else.
Seriously? I'll answer your question with a list:
If he'd focused his revenge on just Kirk, that'd be one thing, but as Kirk himself pointed out, there was a lot of totally senseless collateral damage.
Fuck Khan. This one asshole set sapiens-superior relations back decades.
Khan was an asshole. Granted.
But suppose, just hypothetically, Khan hadn't repaid Captian Kirk's hospitality by attempting to steal his ship and murder him. Would you hate him then?
Lack of security is a pain in someone's ass too. What we need, is to merge these two asses. One ass: all the pain. Then you can get the correct tradeoffs.
When they talk about the "user experience" they mean someone who is buying ads, not the person who is posting "Look what Hillary Trump said last night" every day. Think in terms of Facebook's customers.
Knowing who is talking to whom is an important part of Facebook's marketing. Look at how Facebook targets and consider item #19 in that article. It's not just about who you are, it's about who you know. Whether you think this is a good idea for Facebook or not, it is what they do.
User A and user B are friends in real life, use Whatsapp, and have Facebook accounts -- but they're not "friends" on Facebook (maybe they only use Facebook for work, or something like that). (Or maybe they don't have Facebook accounts, but Facebook has profiles on them gathered by "like" buttons, and has some way to deliver ads to at least one of them.) They communicate with each other using Whatsapp. This lets Facebook connect the two profiles, even though within Facebook alone, they are unconnected. The result: Now user A can see shopping ads for user B's upcoming birthday.
The advertiser has a good products experience.
No, they're not dropping that veneer.
Saying you compete with someone, isn't the same as saying you're the same kind of business. e.g. courier bikes, courier pigeons, telegrams and email can all compete with one another, but work differently and might have really good reasons for being regulated differently.
(BTW, I'm not taking a position about how Uber should or shouldn't be regulated; I'm just saying that there is nothing about their reaction which implies they're admitting anything.)
No, and he didn't imply that. Here are several situations, in increasing order of security.
1) The connection is not encrypted or signed. No certs exist. Nobody knows who they're talking to. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, while they can't impersonate, can at least read what everyone is saying. No warning.(?!)
2) The connection is encrypted, but with unknown parties' public keys. Certs exist but are essentially worthless. An active attacker on the network between the two parties, can proxy and impersonate each side. A passive attacker, someone who just gets copies of the traffic, can't read anything. DANGER! DANGER! FREAK OUT!!
3) The connection is encrypted, and if you believe certain faceless parties who are totally unaccountable to you and who you don't know anything about, you think you probably know the other side's identity. Active attackers can't do anything, unless they're active enough to coerce or trick the CA. Passive attackers can't read anything. No warning.
4) The connection is encrypted just like above, but the CA pinky-swears that they really tried hard to make sure. Green URL bar.
5) As case 3 or 4, but multiple CAs, which might be hard for a single attacker to simultaneously coerce or trick, have all signed the cert. We don't have this in our browsers yet; it's early 1990s level tech that we're still waiting for.
6) As case 3 but the user has verified the identity through a different channel. No trusted introducer was needed. The cert need not be signed at all, or might be signed by the user himself. No warning, but also no green URL bar. (Yet, this is the very best-possible case, definitely more secure than any other.)
See anything wrong here? Scenarios 1 and 2 have their warning severities reversed. (And there's also a UI defect at high degrees of security, too, but that's less important.) This trains the use to think of warnings as not necessarily meaning increased severity or risk. A user will adjust to this by ignoring warnings. This is bad communication, and it's making us all a little stupider.
He's talking about a situation where it's not known. Adding it to the local store would be inappropriate. That would be an attempt to treat scenario 2 as scenario 6, just to get around a UI bug. It'd be much better to just fix the bug.
Maybe they're our guys, maybe they're not.
Country A is full of citizens, businesses, and government orgs which routinely depend on working computers and networks. Country B is similar, but a little behind, because they're not as wealthy.
Both countries' citizens, businesses and government orgs pretty much run the same code. Same OSes, same big applications, etc.
For the most part, everyone's computers run pretty badly, and outages and various fuckup are frequent. Criminals in both countries are very happy with the situation. Both countries have a pretty easy time with espionage, but a nearly impossible problem with counter-espionage. Everyone can attack, but hardly anyone seems to be able to defend.
Well, they're about the same, but not exactly. In Country B, due to the lower tech, more people use cash, more things are done low-techy, etc. Computer crime isn't quite as easy there. Fewer government systems (both civilian and military) are vulnerable to cyber-attack simple because they're not as computerized. Fewer businesses depend on networks. The airlines' schedules in Country B are run by a guy who has a big notebook, but Country A has an airline schedule that's run in some datacenter.
A group of nerdy people figure out part of the problem with everyone's fucked up computers. Turn out, there are bugs in popular software. Sometimes the symptoms just happen (bad luck) and sometimes they are exploited by adversaries.
The nerds have to make a decision: "Do we tell software industry about the bugs and have them fixed, so that everyone (both our country and the other country) get a defense advantage? Or do we not talk about the bugs, thereby preserving everyone's attack advantage?"
The group of nerds chooses the latter, opting to not have the bugs fixed.
Tell me this: judging from the nerds' actions, which country do you infer they working for? Who has more to win or lose from the computers continuing to work so badly?
I wish they still made those Warwick Davis Leprechaun movies. They could totally have an olympics one, where he dissolves some gold thief in the pool. OMFG, gold thief! The Leprechaun could be in the olympics, and he's pissed that other contestants are winning "his" gold medals. It's perfect; the movie writes itself.
But the last two (no, the last three, but especially the "Hood" ones) totally sucked, so I understand why they don't make 'em anymore. My friends and I were so pissed that the "Hood" ones sucked; within just a few minutes of trying to get over our disappointment after watching the first one, were were making up limerick-raps way better than anything in the movie. Those bastards put in so little effort in the end, and why they made "back 2 tha hood" I can't begin to imagine. Sigh.
So anyway, Warwick, tell your agent that you're up for doing another, but only if they'll do a good job, like in Leprechaun 3 (total classic, best of the series!).
By defining "own" a thing that doesn't exist, you reduced the expressive power of language. That has negative utility.
In other words: even if you're right, that's a totally fuckwitted thing to do.
"Own" has meaning that is independent of whether or not you having permanently secured the asset from all possible attacks.
(As other people have pointed out, one of the aspects of this story is that nobody's ability to make the call is seriously impaired. They can go outside or use wires, so it's a non-issue anyway. But that's not what we're talking about, so I'm going to answer your question.)
The stupid/evil is in the "insisting" part. Nobody is doing anything to the insister; the insister is making up a NEW thing that is suddenly "owed" to them, a pseudo-right which previously did not exist. If I'm minding my own business and you forcefully impose a new requirement on me, that's simple aggression. Nobody should ever have to tolerate that, and a big part of the purpose of government is to stomp on the people who get caught doing it.
You have the right to try to make a phone call with your equipment, but nobody ever had the right for it to necessarily work. There are so many reasons it might not work, that it will never be something that anyone will ever be able to take for granted. It will never be an entitlement. Your phone's performance will never be someone else's responsibility. We, all together with everything we have, will never have the power to make sure phones always work.
OTOH, the bar owner, sure as fuck, has the right to use metal construction! He also had the right to open a bar 50 years ago when you didn't have a cell phone. He has the right to open a bar 50 miles from the nearest cell tower, or to open a bar in a city which has cell towers fairly nearby but with iffy performance. He has the right to exist even if you forgot to charge your phone or if you left your phone at home. As long as he's not doing anything to you, your phone's problems shouldn't be his problem.
So while on the face of it, the insistance is clearly evil, I try to allow the stupid-out instead, simply because so many people don't think about rights, ethics, power relationships, etc.
...
Let's make up a tear-jerker (this thread needs more FUN). Your wife, kids, ten very cute puppies, the nicest nun in history and that celebrity that everyone thinks is a cool guy in real life, all have an acute problem which is easily treated. All it takes to help them, is that a magic syllable be uttered over a phone to another person. Alas, if it doesn't get done, they will burn to death, screaming in agony in front of you. You're at the bar with your family and puppies, the nun and the celebrity, when suddenly you get a whiff of smoke. Your wife chuckles, "Uh oh, it's happening again. Better make the call." You smirk, and say "Yes, dear," as you reach for your phone. It's routine.
No signal.
Oh, shit.
So you think about stepping outside, but there was a $5 cover charge and there's no re-entry. There's a landline phone behind the bar too, but you don't want to impose on the bartender, as he looks somewhat busy. The reasons don't really matter, but the point is that you hesitate, and ultimately take no effective action. They burn to death: your wife cursing you in her final seconds, the kids and puppies begging you to do something to save them, a look of betrayed trust in their eyes. The nun insincerely forgives you, and the celebrity says "wait until my fans hear how you let me die!"
You live the rest of your life sad and alone, your soul forever wounded, haunted by the terrible memory. Their fat, melting! Their skin, cracking! Their bones, smouldering like charcoal! The horror!
Later, once you figure out that the building contained metal construction, you can call the owner an asshole. I am ok with you doing that. "You should have realized that sometimes customers like to make phone calls! You don't serve food here. What if someone wanted to order a pizza? Or what if someone's family has a rare spontaneous combustion condition huh? ASSHOLE!!" That's your opinion
FTFY.
Holy shit, I take it back. Mod me down.
I had no idea, until I scrolled down and read more comments. There are really people who look at making emergency phone calls as a positive right, where they think someone is doing something bad to them, if they're unable.
They're not joking, they're just stupid or evil (as usual, it's hard to tell the difference).
You mean, it's almost as though the person you're replying to must have been joking? Huh, that's a weird thought.
You forgot the S in my Galaxy S4: I don't know what that S means either. (Or the X in Nexus 5X, but everyone usually agrees that X and Z never mean anything, whereas S has just the hint of legitimacy, that it might mean something.)
(The answer: Samsung doesn't know what it means either; they just copied it from Apple. ;-)
This is a bad idea, as those of us who are old enough to remember, all know.
Back in the 1980s, before we had internet-connected PCs in our pockets, we had to use different tech to play Pokemon Go. It involved using an electronic resonator which stimulated the pineal gland. This allowed people to see into the pokemon universe, so you knew where they were. There were some problems, though.
The biggest problem was that the resonator did not merely allow you to see; it also allowed you to be seen by the pokemons. Even the magicarp where somewhat dangerous, and it just got worse from there. There were maulings and even some deaths.
A relatively minor problem (then; but in today's context it matters more) is that the pineal stimulation also somehow made people really horny. If sex offenders can't use computers to see the pokemons, then they're going to play with resonators, so you're going to have horny sex offenders hanging out at the lures. Who thought this was a good idea?! For fuck's sake, you want these people to be using the Internet version. Good grief!
They made a movie about it (though they couldn't get the Pokemon licensing, so everything's renamed).
I don't buy it. (Semi-spoilers) Considering what Bester was able to do to Garibaldi in season 4, I think telepaths do have the means.
Very serious question; I really don't understand. What does "install a profile" mean? I have never heard of this.