Why can't lawmakers spend a little time on the real source of the problem - go after the Wifi vendors that have made it easy to accidentally broadcast all of your communications in the clear (or with nearly useless WEP encryption). And for websites that allow you to send passwords and other sensitive information in plaintext.
The problem isn't what Google will do with that data, but is what someone else may do with it as he sits outside your house, collecting passwords and account numbers culled from your emails.
Where I work the whole Cisco fiasco put the fear of god into the high level suits. The fall out is a huge and cumbersome process for getting approval to use FOSS tools... even though we arn't modifying or distributing them. It's to the point where it's less headache to _buy_ something than go through the lengthly FOSS approval process.
What was the Cisco fiasco? My company uses Opensource tools routinely and I've never even heard of the Cisco fiasco.
I think it's compared to an software or engineering company. Techies like to dick around with these things more than GP's examples and your examples.
Even software and engineering companies have administrative assistants, finance people, marketing people and the like that prefer not to dick around with these things.
Sure, a 3 man Linux consulting firm might get away with mandating LibreOffice (until they need to submit a proposal in MS-Word format or open a customer's MS-Word RFP with embedded graphics and AutoShapes), but a 50 person office is going to have a much harder time of it.
The consumer _DOES_ have a choice here. By buying a chrome book they are choosing... duh... chrome.
Would you say that same thing about Windows and IE? It would be right for Microsoft to disable any other browser than IE because after all, the consumer has a choice, and can get a Mac OS X (Safari), Linux (Firefox) or Chromebook (Chrome) based on their favorite browser. Heh.
The problem that existed in windows was that there was no real alternative to Windows in consumer market at the time of Microsoft anti-trust hearings.
Really? This was the time there was several Linux distros sold off the shelfs in stores! And yes, you could get computers without Windows.
I think it's hard to make the argument that it's the same thing when you can buy an entire Google Chromebook for about the same price as Windows 7.
You're talking about a country where cheesecake has to carry a dairy-allergy warning and where chocolate bars that are clearly made with peanuts carry a label that they "may contain nuts."
How would you write the law to make it better? Would you write it to say "You only need to label allergens on products where it's not obvious that the product contains those allergens". Then how do you define obvious? You might think that a product pictured with a whipped cream topping obviously contains dairy. But the lactose intolerant individual that grew up eating non-dairy containing Cool-Whip his entire life may not find it so obvious.
It seems much more consistent to say "Any products containing these common allergens must be labeled as such", then there's no ambiguity and someone who didn't realize that frozen Kung Pao chicken is commonly made with peanuts doesn't suffer a life threatening response to a food that 'everyone knows' contains peanuts (except a person unfamiliar with that food). So yeah, a warning about a peanut allergy on a jar of peanut butter is redundant, but how to do you decide what's obvious and what's not?
Well, the problem is in your first line - "surgical center". Of course they'll be less willing to train because they have other work to do. IT's a necessary evil these days for everything, and users are often forced to use computers because it's a required part of their job.
The "surgical center" has nothing to do it - surgical center office workers aren't different than those in other industries... it doesn't matter whether he said "warehouse office", "non profit childcare center", or "space center mission control", people in all of those companies all have other work to do, just want to get their job done, and don't want to learn something new.
"The problem with solutions other the MS Office is that you will have issues with interacting with people outside your company."
This old lie again.
No you dont. WE have been on Open Office/Libre Office for over 3 years now here and have ZERO problems "interacting with people outside your company". WE can save as office format and read office format.
In fact we have less problems than one of our customers who is still on Office 2003.
You must have pretty lightweight document/spreadsheet needs when sharing documents externally. I use Libreoffice at home but regularly need to remote desktop into a Windows machine at work to use MS Office because Libreoffice doesn't always work well with Office documents and spreadsheets. Word Docs aren't always formatted correctly and if I want to print it at home, I need to fix it up, or if I make edits and send it to someone else, they'll sometimes need to fix up the doc. Likewise, many spreadsheets don't even work at all with Libreoffice (for example, I can't complete an expense report spreadsheet required by our Finance Department because none of the macros work). We send and receive documents from external agencies, and I just can't see using LibreOffice to save a document when I don't know what it's going to look like on the other end.
Here's some of the challenges LibreOffice has with MS Office docs:
If your entire office is on LibreOffice, I can see it working well within the office, but once you start sharing documents with external partners, I'm really surprised you've had zero problems.
$675K @ $30/hour is 22,500 hours of labor to pay it back. That's 937 days at 24 hours/day, or 2.5 years. Or, working 40 hours/week, that's nearly 11 years of labor.
I see that you are only counting the labor required to repay debts (so ignoring expenses such as food, etc.). But tell me, are the taxes suspended for those who are paying off their debts? That's at least 20%+ extra, bringing it up to 13.2+ years.
Considering he may have to pay for food and shelter, that sounds like the rest of his life assuming $30/hour income.
I ignored taxes, living expenses, etc to keep it simple, but I tried to overestimate his fresh-out-of-college income to try to make up for it -- he's probably not going to be making $60K/year in his first job.
Looking for facts on the original infractions, I googled and found this. An excerpt:
Suing Tenenbaum were Sony Corp. (6758) and its Arista Records, Warner Music Group’s Warner Bros. and Atlantic labels and Vivendi SA’s (VIV) Universal Music Group. They said he made songs available on various sites including Napster, Morpheus, Kazaa and LimeWire, distributing songs to millions of other people. He continued after being sent a letter from the record companies, and blamed sisters, houseguests and even burglars, the companies said.
“Tenenbaum undertook these actions even though he was fully aware that they were illegal,” the record companies said. “In fact, his own father warned him that individuals were being sued for such conduct but he did not stop.”
I don't think anyone is disputing that he did the crime, but the question is whether or not the punishment fits the crime. $675K @ $30/hour is 22,500 hours of labor to pay it back. That's 937 days at 24 hours/day, or 2.5 years. Or, working 40 hours/week, that's nearly 11 years of labor.
What are the "real" damages to the recording industry? Especially when that same set of songs likely had dozens (or hundreds, or even thousands) of free download sources, they they weren't downloaded from Mr Tenenbaum, they would have been downloaded from someone else.
Its time to start impeaching judges. They are no longer working for the good of the american people.
Wouldn't it be more efficient to not elect (and/or reelect) the legislators that allowed such exorbitant damage amounts to be legal? No need for a drawn out and expensive impeachment process, just make it clear to legislators that regardless of how much money corporations pay them, if they pass laws favoring those corporations over normal citizens, they will soon be out of office and replaced by someone that represents those who elect him.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence
To be fair that is not the xkcd scheme. 4 random words is the xkcd scheme. 4 words that are part of a common pre-existing phrase is not.
Your critisism with the xkcd scheme is sort of like criticising by observing that users are lazy, and rather than pick 4 random words... they'll just pick two. Again... not that's not the xkcd scheme.
That's exactly my criticism, I even said so when I said "users are lazy and rather than...", but thanks for spelling out exactly what I just said.
When this comic came out, I had 4 anonymous printouts of it in my mailbox from users implying that our password complexity requirements are worthless, yet if we relaxed the requirements and let used pick 4 random words, they still wouldn't pick 4 random words.
Password reuse is a problem, but I'd also like to see websites stop storing unencrypted, reversibly encrypted, and unsalted hashes of passwords, that would go a long way to preventing a website database breach from automatically being a password breach.
You did not account for the spaces which makes 8. You can also remove the spaces altogether. It is not a matter of "IF" a password can be cracked it is if your policy requires it to be changed before that can reasonably happen. So what makes more sense for a network administrator to employ; 1. 8+ character password with minimum 1 upper, 1 lower, 1 digit, and 1 special character changed every 45 days (which would result in something like $rfVBgt5). OR 2. 17+ character password with minimum 1 upper, 1 number, 1 lower and 2 special changed every 45 days which would be "This chicken tastes like shit!"
Take your grammar rules and apply them. Even if you were to take the fact that the words come from the dictionary, you would have to break it within the password change cycle. Shorten the password life to 15 days and require that the fist letter be different for the last 2 passwords and you still give users reasonable security without being crazy.
I have 2 red cars and one black. You like my black car.
People can remember that.
I ignored the spaces, since they only add one bit of entropy - either you have spaces or you don't.
Shorten the password life to 15 days and require that the fist letter be different for the last 2 passwords and you still give users reasonable security without being crazy.
Are you really saying that a 15 day password lifetime is reasonable? Some of my users don't even log in for 15 days, their password may be expired before they even return to a place where they can use a computer.
If you tell users "The first letter has to differ from your last 2 passwords", they'll prepend A, B, C, etc to their password.
Once you start adding rules like "1 upper, 1 lower, 1 digit, and 1 special character changed", then you're getting away from the simplicity of the whole XKCD scheme. And you're not adding much complexity to the password since most people will capitalize the first word, and stick a digit and special character on the end.
I am not sure how you consider this a 5 character password. The breakdown in usage is
...
A lot more than 5.. That are 14 unique characters in that phrase.
Because there are 5 unique tokens:
this chicken tastes like shit ! (actually 6 tokens including this special character).
But I don't think it's true to say that each token is drawn from a pool of 50,000. These are common english words that probably exist in a dictionary of 1000 common words. A strong password would use less common words:
the aforementioned fowl has a sapidity analogous to excrement
but you really don't want a complete sentence since grammar rules could be used to brute force it, so just put the words together without proper grammatical structure:
...It's too bad there's no way for two hosts to authenticate on a pre-shared key system with a public half and private half for each key, so bob and alice trade public keys and can communicate safely even if eve has both public keys....
I'm not sure what problem you think you're solving with public key cryptography, but it still doesn't remove the password problem. Most people will still want their key to be protected by a passphrase (or some other method that keeps anyone with access to the computer from using it), so passwords won't go away even if everyone uses cryptographic keys to identify themselves.
The problem I have with that comic is that the "strong" password is lowercase only.
Sure, its 28 characters, but its still lowercase only. That makes it a lot weaker, no? I personally use a 17 character long password (for anything important) at this time, being somewhat random and including lowercase, uppercase, numbers and special characters. If there is one thing I have seen from hashtables, its that adding in special characters makes it a lot harder, and sometimes outside the realm of possible. Never mind that if you know the person is using special characters, you still gonna have a lot longer time cracking, if you know he is only using words, with the help of dictionary attacks you gonna run through them a lot faster.
Oh, and the way I manage to remember my long password is that I take the short, I assume random, passwords that I have been forced to remember for a few years, like for school, and add those together with a special character in between. Makes it very doable to remember.
I think the point is that even with all lower case, it's still "good enough" and far better than a shorter password. Mixed case (assuming you capitalize the first letter of each word to keep it easy to remember) only adds one bit of entropy.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
The present invention includes a mobile device which provides the user with the ability to schedule a meeting request from the mobile device itself. The mobile device creates an object representative of the meeting request and assigns the object a global identification number which uniquely identifies the object to other devices which encounter the object. In addition, the mobile device in accordance with one aspect of the present invention provides a property in the object which is indicative of whether the meeting request has already been transmitted. In this way, other devices which encounter the meeting request are capable of identifying it as a unique meeting request, and of determining whether the meeting request has already been transmitted, in order to alleviate the problem of duplicate meeting request transmissions.
Is that really patentable? Assigning a unique ID to a meeting request to alleviate duplicate requests? How can that not be obvious to someone "skilled in the art"?
Is there any other solution that's more obvious? "Hey Joe, I keep getting duplicate meeting requests from your Palm Pilot. Oh noooooos! Hey, I know, I'll send each meeting request in a different color, then if you get two purple ones you'll know it's a dupe".
Why the hell would anyone drive more just because the price of fuel is lower? People drive largely because they have to, not because they want to.
I would insert an analogy here, but the fact of the matter is I have several thousand in mind right now, and it's proving impossible to choose between them.
That depends on whether you mean in the short-term or long term. In the short term, someone may not drive more just because their car uses half as much gas, but in the long term, they may consider moving to that nice big house 20 miles from work since it won't cost them any more in fuel than their current house 10 miles from work and it's only extra 20 minutes/day commuting.
1200km/50l is easily done, just pick up ANY VW TDI, say from 2009 on. even my piddly tdi jetta does this
everyone else I know is getting 1400km/50l or better.
as for 300km/50l there's a host of cars I had that did this, form the ford focus to the toyota prius, i've driven about a dozen different cars that get this mileage on a regular basis.
don't believe me, check out the VW sites where drivers are posting their own experiences and do 46mpg or better on a regular basis.
But the non-diesel VW doesn't get 300km/50l so why are you claiming that diesel gives 4 times better mileage? For around the same price as a VW TDI, you can get a Prius C and get over 1000km/50l
No one forces you to sit at your desk when the lamp is on.
But people are forced to drive more when driving a more fuel efficient car?
There may be something to that - when I drive my car to work, it's only 10 miles (and 30 minutes) by freeway, but when I ride my much more fuel efficient bike, it takes me 12 miles (and 60 minutes) by bike to get to the same destination.
I do not have the money for a car to drive to work and a car to drive longer ranges.
Why would you want to own an internal combustion engine if you don't need to - use your electric car for commuting, and rent a gasoline fueled car (or fuel cell car, or maybe a generator-trailer that you hook up to your own electric car for longer trips)
My commute is around 10 miles by car (12 miles by bike). I choose to bike or take transit, but if I really wanted to drive, a Nissan Leaf would be very practical for my commute, and I have easy access to Zip Car or City Car Share cars when I need something with longer range.
High fuel taxes on diesel, because 18-wheelers are business assets and gov't loves to tax business, since it's hidden from the consumer.
I don't know where you live, but in the USA, Diesel is only taxed around 5 cents on average higher than gasoline (54.6 cents/gallon versus 49.5 -- but it varies by state... in pennsylvania, for example, diesel is taxed 13 cents more than gasoline, but that's still only around 3% higher)
So that 1.25% differential hardly seems enough to sway someone from one fuel to another, especially given the greater efficiency and higher energy density that comes with Diesel.
If the purpose of taxing trucks is to pay for the road infrastructure that they use, they should be paying much higher taxes. Road damage roughly increases with the cube of the weight of a vehicle. To cover its wear and tear costs, a 40,000 pound truck (which weighs 10 times more than a 4,000 pound car) should be paying 1000 times more in taxes than the car.
So trucks are being subsidized by lower taxes than they'd otherwise pay for the infrastructure they depend on.
If you push the green button (you *did* watch the video, right?) the drive is instantly erased. So... the '$5 wrench technique' of decryption is no longer possible: you can be forced to give your password, yes; but it won't matter, since the drive will be unrecoverably deleted. Who knows when that was done, or even if it *had* been done? Perhaps the drive was new, and you hadn't gotten around to putting anything on it yet?
Doesn't a second, hidden encrypted volume also do this (with the added advantage that you don't actually have to hit the Self-destruct button, you only need to say that you did it)? When the guys with the wrench come, you tell them, "Hey, I already deleted the data - the decryption key is L0lCatzAreCr@zyC00l". Which decrypts an empty partition (or one that's full of your LolCats collection)
(I typed my real passphrase above, but I'm not worried since Slashdot has a filter that automatically masks passwords into "*******************").
You're not beholden to a de-facto monopoly for your internet service. Have you got any neighbours within wifi distance with whom you could share the costs of satellite broadband? In the UK there are even grants available for setting up community broadband service.
Depending on what you use it for, Satellite Broadband may be worse than a slow (even very slow) DSL connection. I generally use interactive sessions (rdp, ssh, etc over VPN - though I can bypass the VPN and go directly via ssh if I need to)
I'd gladly take a 200 kbit DSL connection with 150msec of latency over a Satellite connection with 1000 msec or more of latency. (though I'm much more happy with my 15mbit connection with 60msec of latency (which is still higher than I'd like, but completely tolerable))
I recently got cable TV after 3 years without cable (because it came bundled for "free" with new high speed internet service).
I watched 2 TV shows, and haven't turned the cable box on since then (4 weeks ago). After the free trial of cable service, I'll be sending the cable box back.
I've gotten completely spoiled by Netflix streaming and DVD's. Ads are annoying - they are loud, inane, and cause too much interruption in what I'm trying to watch.
I have 130 channels to choose from, but got tired of wading through the junk (how many home shopping channels does one need!?) to find something worthwhile to watch. And why isn't there an easy way to say "Show me only subscribed channels" - I hate scrolling through the program guide and finding a show that I want to watch, only being told "Sorry, you're not subscribed to this channel, contact us at 1-800-pay-more to subscribe!".
Netflix has its faults (like a lackluster streaming catalog), but it's $15/month well spent.
I'm not saying the industry should stop showing ads, I'm just saying that if they want me to view their content, they need to find a better way to let me pay for it other than interrupting my shows with ads. I'm not wedded to the TV, I'm perfectly willing to move to other forms of entertainment - if there's nothing on TV to watch, the Internet gives me endless possibilities for time wasting.
Why can't lawmakers spend a little time on the real source of the problem - go after the Wifi vendors that have made it easy to accidentally broadcast all of your communications in the clear (or with nearly useless WEP encryption). And for websites that allow you to send passwords and other sensitive information in plaintext.
The problem isn't what Google will do with that data, but is what someone else may do with it as he sits outside your house, collecting passwords and account numbers culled from your emails.
Where I work the whole Cisco fiasco put the fear of god into the high level suits. The fall out is a huge and cumbersome process for getting approval to use FOSS tools... even though we arn't modifying or distributing them. It's to the point where it's less headache to _buy_ something than go through the lengthly FOSS approval process.
What was the Cisco fiasco? My company uses Opensource tools routinely and I've never even heard of the Cisco fiasco.
I think it's compared to an software or engineering company. Techies like to dick around with these things more than GP's examples and your examples.
Even software and engineering companies have administrative assistants, finance people, marketing people and the like that prefer not to dick around with these things.
Sure, a 3 man Linux consulting firm might get away with mandating LibreOffice (until they need to submit a proposal in MS-Word format or open a customer's MS-Word RFP with embedded graphics and AutoShapes), but a 50 person office is going to have a much harder time of it.
The consumer _DOES_ have a choice here. By buying a chrome book they are choosing... duh... chrome.
Would you say that same thing about Windows and IE? It would be right for Microsoft to disable any other browser than IE because after all, the consumer has a choice, and can get a Mac OS X (Safari), Linux (Firefox) or Chromebook (Chrome) based on their favorite browser. Heh.
The problem that existed in windows was that there was no real alternative to Windows in consumer market at the time of Microsoft anti-trust hearings.
Really? This was the time there was several Linux distros sold off the shelfs in stores! And yes, you could get computers without Windows.
I think it's hard to make the argument that it's the same thing when you can buy an entire Google Chromebook for about the same price as Windows 7.
You're talking about a country where cheesecake has to carry a dairy-allergy warning and where chocolate bars that are clearly made with peanuts carry a label that they "may contain nuts."
How would you write the law to make it better? Would you write it to say "You only need to label allergens on products where it's not obvious that the product contains those allergens". Then how do you define obvious? You might think that a product pictured with a whipped cream topping obviously contains dairy. But the lactose intolerant individual that grew up eating non-dairy containing Cool-Whip his entire life may not find it so obvious.
It seems much more consistent to say "Any products containing these common allergens must be labeled as such", then there's no ambiguity and someone who didn't realize that frozen Kung Pao chicken is commonly made with peanuts doesn't suffer a life threatening response to a food that 'everyone knows' contains peanuts (except a person unfamiliar with that food). So yeah, a warning about a peanut allergy on a jar of peanut butter is redundant, but how to do you decide what's obvious and what's not?
Well, the problem is in your first line - "surgical center". Of course they'll be less willing to train because they have other work to do. IT's a necessary evil these days for everything, and users are often forced to use computers because it's a required part of their job.
The "surgical center" has nothing to do it - surgical center office workers aren't different than those in other industries... it doesn't matter whether he said "warehouse office", "non profit childcare center", or "space center mission control", people in all of those companies all have other work to do, just want to get their job done, and don't want to learn something new.
"The problem with solutions other the MS Office is that you will have issues with interacting with people outside your company."
This old lie again.
No you dont. WE have been on Open Office/Libre Office for over 3 years now here and have ZERO problems "interacting with people outside your company". WE can save as office format and read office format.
In fact we have less problems than one of our customers who is still on Office 2003.
You must have pretty lightweight document/spreadsheet needs when sharing documents externally. I use Libreoffice at home but regularly need to remote desktop into a Windows machine at work to use MS Office because Libreoffice doesn't always work well with Office documents and spreadsheets. Word Docs aren't always formatted correctly and if I want to print it at home, I need to fix it up, or if I make edits and send it to someone else, they'll sometimes need to fix up the doc. Likewise, many spreadsheets don't even work at all with Libreoffice (for example, I can't complete an expense report spreadsheet required by our Finance Department because none of the macros work). We send and receive documents from external agencies, and I just can't see using LibreOffice to save a document when I don't know what it's going to look like on the other end.
Here's some of the challenges LibreOffice has with MS Office docs:
http://help.libreoffice.org/Common/About_Converting_Microsoft_Office_Documents
If your entire office is on LibreOffice, I can see it working well within the office, but once you start sharing documents with external partners, I'm really surprised you've had zero problems.
$675K @ $30/hour is 22,500 hours of labor to pay it back. That's 937 days at 24 hours/day, or 2.5 years. Or, working 40 hours/week, that's nearly 11 years of labor.
I see that you are only counting the labor required to repay debts (so ignoring expenses such as food, etc.). But tell me, are the taxes suspended for those who are paying off their debts? That's at least 20%+ extra, bringing it up to 13.2+ years.
Considering he may have to pay for food and shelter, that sounds like the rest of his life assuming $30/hour income.
I ignored taxes, living expenses, etc to keep it simple, but I tried to overestimate his fresh-out-of-college income to try to make up for it -- he's probably not going to be making $60K/year in his first job.
http://verydemotivational.memebase.com/2012/01/24/demotivational-posters-killing-michael/
Looking for facts on the original infractions, I googled and found this. An excerpt:
Suing Tenenbaum were Sony Corp. (6758) and its Arista Records, Warner Music Group’s Warner Bros. and Atlantic labels and Vivendi SA’s (VIV) Universal Music Group. They said he made songs available on various sites including Napster, Morpheus, Kazaa and LimeWire, distributing songs to millions of other people. He continued after being sent a letter from the record companies, and blamed sisters, houseguests and even burglars, the companies said.
“Tenenbaum undertook these actions even though he was fully aware that they were illegal,” the record companies said. “In fact, his own father warned him that individuals were being sued for such conduct but he did not stop.”
I don't think anyone is disputing that he did the crime, but the question is whether or not the punishment fits the crime. $675K @ $30/hour is 22,500 hours of labor to pay it back. That's 937 days at 24 hours/day, or 2.5 years. Or, working 40 hours/week, that's nearly 11 years of labor.
What are the "real" damages to the recording industry? Especially when that same set of songs likely had dozens (or hundreds, or even thousands) of free download sources, they they weren't downloaded from Mr Tenenbaum, they would have been downloaded from someone else.
Its time to start impeaching judges. They are no longer working for the good of the american people.
Wouldn't it be more efficient to not elect (and/or reelect) the legislators that allowed such exorbitant damage amounts to be legal? No need for a drawn out and expensive impeachment process, just make it clear to legislators that regardless of how much money corporations pay them, if they pass laws favoring those corporations over normal citizens, they will soon be out of office and replaced by someone that represents those who elect him.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence
To be fair that is not the xkcd scheme. 4 random words is the xkcd scheme. 4 words that are part of a common pre-existing phrase is not.
Your critisism with the xkcd scheme is sort of like criticising by observing that users are lazy, and rather than pick 4 random words... they'll just pick two. Again... not that's not the xkcd scheme.
That's exactly my criticism, I even said so when I said "users are lazy and rather than...", but thanks for spelling out exactly what I just said.
When this comic came out, I had 4 anonymous printouts of it in my mailbox from users implying that our password complexity requirements are worthless, yet if we relaxed the requirements and let used pick 4 random words, they still wouldn't pick 4 random words.
Password reuse is a problem, but I'd also like to see websites stop storing unencrypted, reversibly encrypted, and unsalted hashes of passwords, that would go a long way to preventing a website database breach from automatically being a password breach.
You did not account for the spaces which makes 8. You can also remove the spaces altogether. It is not a matter of "IF" a password can be cracked it is if your policy requires it to be changed before that can reasonably happen. So what makes more sense for a network administrator to employ;
1. 8+ character password with minimum 1 upper, 1 lower, 1 digit, and 1 special character changed every 45 days (which would result in something like $rfVBgt5).
OR
2. 17+ character password with minimum 1 upper, 1 number, 1 lower and 2 special changed every 45 days which would be "This chicken tastes like shit!"
Take your grammar rules and apply them. Even if you were to take the fact that the words come from the dictionary, you would have to break it within the password change cycle. Shorten the password life to 15 days and require that the fist letter be different for the last 2 passwords and you still give users reasonable security without being crazy.
I have 2 red cars and one black.
You like my black car.
People can remember that.
I ignored the spaces, since they only add one bit of entropy - either you have spaces or you don't.
Shorten the password life to 15 days and require that the fist letter be different for the last 2 passwords and you still give users reasonable security without being crazy.
Are you really saying that a 15 day password lifetime is reasonable? Some of my users don't even log in for 15 days, their password may be expired before they even return to a place where they can use a computer.
If you tell users "The first letter has to differ from your last 2 passwords", they'll prepend A, B, C, etc to their password.
Once you start adding rules like "1 upper, 1 lower, 1 digit, and 1 special character changed", then you're getting away from the simplicity of the whole XKCD scheme. And you're not adding much complexity to the password since most people will capitalize the first word, and stick a digit and special character on the end.
I am not sure how you consider this a 5 character password. The breakdown in usage is
A lot more than 5.. That are 14 unique characters in that phrase.
Because there are 5 unique tokens:
this
chicken
tastes
like
shit
! (actually 6 tokens including this special character).
But I don't think it's true to say that each token is drawn from a pool of 50,000. These are common english words that probably exist in a dictionary of 1000 common words. A strong password would use less common words:
the aforementioned fowl has a sapidity analogous to excrement
but you really don't want a complete sentence since grammar rules could be used to brute force it, so just put the words together without proper grammatical structure:
aforementioned fowl sapidity analogous excrement
But, of course, this makes it harder to memorize
...It's too bad there's no way for two hosts to authenticate on a pre-shared key system with a public half and private half for each key, so bob and alice trade public keys and can communicate safely even if eve has both public keys....
I'm not sure what problem you think you're solving with public key cryptography, but it still doesn't remove the password problem. Most people will still want their key to be protected by a passphrase (or some other method that keeps anyone with access to the computer from using it), so passwords won't go away even if everyone uses cryptographic keys to identify themselves.
The problem I have with that comic is that the "strong" password is lowercase only.
Sure, its 28 characters, but its still lowercase only.
That makes it a lot weaker, no? I personally use a 17 character long password (for anything important) at this time, being somewhat random and including lowercase, uppercase, numbers and special characters. If there is one thing I have seen from hashtables, its that adding in special characters makes it a lot harder, and sometimes outside the realm of possible.
Never mind that if you know the person is using special characters, you still gonna have a lot longer time cracking, if you know he is only using words, with the help of dictionary attacks you gonna run through them a lot faster.
Oh, and the way I manage to remember my long password is that I take the short, I assume random, passwords that I have been forced to remember for a few years, like for school, and add those together with a special character in between. Makes it very doable to remember.
I think the point is that even with all lower case, it's still "good enough" and far better than a shorter password. Mixed case (assuming you capitalize the first letter of each word to keep it easy to remember) only adds one bit of entropy.
My problem with the xkcd scheme is that users are lazy and rather than pick 4 random words, they'll pick 4 words that are easy to remember in sequence: "haveityourway" "darksideofthemoon" "thesearenothtedroidsyourelookingfor", so with a phrase dictionary and some grammar rules, you still have a good chance at brute-forcing some user's passwords.
Here's the patent in question:
http://www.google.com/patents/about?id=L-ELAAAAEBAJ&dq=6,370,566
The present invention includes a mobile device which provides the user with the ability to schedule a meeting request from the mobile device itself. The mobile device creates an object representative of the meeting request and assigns the object a global identification number which uniquely identifies the object to other devices which encounter the object. In addition, the mobile device in accordance with one aspect of the present invention provides a property in the object which is indicative of whether the meeting request has already been transmitted. In this way, other devices which encounter the meeting request are capable of identifying it as a unique meeting request, and of determining whether the meeting request has already been transmitted, in order to alleviate the problem of duplicate meeting request transmissions.
Is that really patentable? Assigning a unique ID to a meeting request to alleviate duplicate requests? How can that not be obvious to someone "skilled in the art"?
Is there any other solution that's more obvious? "Hey Joe, I keep getting duplicate meeting requests from your Palm Pilot. Oh noooooos! Hey, I know, I'll send each meeting request in a different color, then if you get two purple ones you'll know it's a dupe".
Why the hell would anyone drive more just because the price of fuel is lower? People drive largely because they have to, not because they want to.
I would insert an analogy here, but the fact of the matter is I have several thousand in mind right now, and it's proving impossible to choose between them.
That depends on whether you mean in the short-term or long term. In the short term, someone may not drive more just because their car uses half as much gas, but in the long term, they may consider moving to that nice big house 20 miles from work since it won't cost them any more in fuel than their current house 10 miles from work and it's only extra 20 minutes/day commuting.
Cheap car transportation feeds suburban sprawl.
of course it's true you moron.
1200km/50l is easily done, just pick up ANY VW TDI, say from 2009 on.
even my piddly tdi jetta does this
everyone else I know is getting 1400km/50l or better.
as for 300km/50l there's a host of cars I had that did this, form the ford focus to the toyota prius, i've driven about a dozen different cars that get this mileage on a regular basis.
don't believe me, check out the VW sites where drivers are posting their own experiences and do 46mpg or better on a regular basis.
and then there's this from 2008 - http://www.wired.com/autopia/2008/09/vws-prius-killi/
But the non-diesel VW doesn't get 300km/50l so why are you claiming that diesel gives 4 times better mileage? For around the same price as a VW TDI, you can get a Prius C and get over 1000km/50l
No one forces you to sit at your desk when the lamp is on.
But people are forced to drive more when driving a more fuel efficient car?
There may be something to that - when I drive my car to work, it's only 10 miles (and 30 minutes) by freeway, but when I ride my much more fuel efficient bike, it takes me 12 miles (and 60 minutes) by bike to get to the same destination.
I do not have the money for a car to drive to work and a car to drive longer ranges.
Why would you want to own an internal combustion engine if you don't need to - use your electric car for commuting, and rent a gasoline fueled car (or fuel cell car, or maybe a generator-trailer that you hook up to your own electric car for longer trips)
My commute is around 10 miles by car (12 miles by bike). I choose to bike or take transit, but if I really wanted to drive, a Nissan Leaf would be very practical for my commute, and I have easy access to Zip Car or City Car Share cars when I need something with longer range.
High fuel taxes on diesel, because 18-wheelers are business assets and gov't loves to tax business, since it's hidden from the consumer.
I don't know where you live, but in the USA, Diesel is only taxed around 5 cents on average higher than gasoline (54.6 cents/gallon versus 49.5 -- but it varies by state... in pennsylvania, for example, diesel is taxed 13 cents more than gasoline, but that's still only around 3% higher)
http://www.api.org/Oil-and-Natural-Gas-Overview/Industry-Economics/~/media/21EBD0B62EBA42B1965EE82EFFB6585D.ashx
http://www.api.org/Oil-and-Natural-Gas-Overview/Industry-Economics/~/media/A375B82CC4184656A093C6168A1DD08E.ashx
So that 1.25% differential hardly seems enough to sway someone from one fuel to another, especially given the greater efficiency and higher energy density that comes with Diesel.
I'm not sure it's fair to say that trucks are undertaxed. Commercial trucks make up 12.5 percent of all registered vehicles, but paid 36.5 percent of total highway-user taxes in 2006.
If the purpose of taxing trucks is to pay for the road infrastructure that they use, they should be paying much higher taxes. Road damage roughly increases with the cube of the weight of a vehicle. To cover its wear and tear costs, a 40,000 pound truck (which weighs 10 times more than a 4,000 pound car) should be paying 1000 times more in taxes than the car.
So trucks are being subsidized by lower taxes than they'd otherwise pay for the infrastructure they depend on.
If you push the green button (you *did* watch the video, right?) the drive is instantly erased. So... the '$5 wrench technique' of decryption is no longer possible: you can be forced to give your password, yes; but it won't matter, since the drive will be unrecoverably deleted. Who knows when that was done, or even if it *had* been done? Perhaps the drive was new, and you hadn't gotten around to putting anything on it yet?
Doesn't a second, hidden encrypted volume also do this (with the added advantage that you don't actually have to hit the Self-destruct button, you only need to say that you did it)? When the guys with the wrench come, you tell them, "Hey, I already deleted the data - the decryption key is L0lCatzAreCr@zyC00l". Which decrypts an empty partition (or one that's full of your LolCats collection)
(I typed my real passphrase above, but I'm not worried since Slashdot has a filter that automatically masks passwords into "*******************").
You're not beholden to a de-facto monopoly for your internet service. Have you got any neighbours within wifi distance with whom you could share the costs of satellite broadband? In the UK there are even grants available for setting up community broadband service.
Depending on what you use it for, Satellite Broadband may be worse than a slow (even very slow) DSL connection. I generally use interactive sessions (rdp, ssh, etc over VPN - though I can bypass the VPN and go directly via ssh if I need to)
I'd gladly take a 200 kbit DSL connection with 150msec of latency over a Satellite connection with 1000 msec or more of latency. (though I'm much more happy with my 15mbit connection with 60msec of latency (which is still higher than I'd like, but completely tolerable))
I recently got cable TV after 3 years without cable (because it came bundled for "free" with new high speed internet service).
I watched 2 TV shows, and haven't turned the cable box on since then (4 weeks ago). After the free trial of cable service, I'll be sending the cable box back.
I've gotten completely spoiled by Netflix streaming and DVD's. Ads are annoying - they are loud, inane, and cause too much interruption in what I'm trying to watch.
I have 130 channels to choose from, but got tired of wading through the junk (how many home shopping channels does one need!?) to find something worthwhile to watch. And why isn't there an easy way to say "Show me only subscribed channels" - I hate scrolling through the program guide and finding a show that I want to watch, only being told "Sorry, you're not subscribed to this channel, contact us at 1-800-pay-more to subscribe!".
Netflix has its faults (like a lackluster streaming catalog), but it's $15/month well spent.
I'm not saying the industry should stop showing ads, I'm just saying that if they want me to view their content, they need to find a better way to let me pay for it other than interrupting my shows with ads. I'm not wedded to the TV, I'm perfectly willing to move to other forms of entertainment - if there's nothing on TV to watch, the Internet gives me endless possibilities for time wasting.