I think the contribution of Nielsen's idea, if any, is to remind us all that security always involves tradeoffs. You're right that masking passwords provides some protection--most security measures, even the inane ones, provide some protection. You know, someone really could hide a bomb in their shoe.
But of course that is not the end of the story. Nielsen, and others such as Bruce Schneier, want us to ask how much security the solution provides, what the costs are, and whether it provides a good tradeoff. If shoulder surfing is relatively rare, and the possible harm for the site in question is small, and the costs are relatively large (lost customers etc), then maybe a site or program shouldn't mask passwords even if they provide some security.
Sure, Jakob Nielsen may be wrong about the tradeoff in this case, and may not have enough evidence to back up his arguments, but I would argue that pointing out that the solution provides a nonzero amount of security does not resolve the question.
Have you heard of IP over DNS? The DNStunnel software sends IP packets as TXT records over a real DNS, the client sends data in the request itself. Since these are real resolvable DNS records, proxying port 53 won't work. When I tried this software, I could only get a single stream over the tunnel, so I ran SSH over the DNStunnel and used ssh to forward a TCP port that I then ran OpenVPN on. This actually works, but it is very slow. And I can imagine that people would eventually find out because the wifi provider's DNS cache will fill up with IP data.
"Registrar" would make more sense, but check out this provision of the copyright code (17 U.S.C. 701):
All administrative functions and duties under this title, except as otherwise specified, are the responsibility of the Register of Copyrights as director of the Copyright Office of the Library of Congress. The Register of Copyrights, together with the subordinate officers and employees of the Copyright Office, shall be appointed by the Librarian of Congress, and shall act under the Librarian's general direction and supervision.
So it seems that the copyright act itself refers to her as the Register of Copyrights. The Oxford English Dictionary contains this use as "register, n. 2":
a. The keeper of a register; a REGISTRAR. (In common use c 1580-1800.)
Here's how it works on my Nokia N95 (and the Nokia phones I've used before that): When I am on a call, and have another call on hold, I hit the "Options" menu item and select "Conference".
I've tried conferencing 4 calls (with a total of 5 parties on the call). But I know that some networks limit this to 2 calls.
(If I call someone else while on a call, the phone automatically puts the original call on hold.)
Merging calls is a standard feature of GSM. Every GSM phone I have owned can do it with all the GSM networks here in Denmark. I'm sure it's possible for the network to turn it off, charge extra for the service, or simply not bother to implement it in the first place. But the feature does not require special integration between a GSM phone and the network.
There's also Oracle Rdb, a product for OpenVMS that, as far as I understand, is quite different from the regular Oracle database. More details at Wikipedia.
Reminds me of a story of a Supreme Court oral argument once, where a Justice made a reference to the First Amendment. The lawyer arguing the case replied, "Your Honor, you know, and I know, that when it says, 'Congress shall make no law,' it actually means, 'Congress may make some law.' "
Here in Denmark, many contract phones are SIM-locked so that you can only use it with the carrier you bought it from. But consumer protection law dictate that they have to provide the unlock code after 6 months.
Most carriers add special entries to phone menus and reset the home page for the browser, but do not cripple any functionality.
Most of our members have came from slashdot through my sig link, so I guess that helped us get members that were above average in terms of writing and discussion skills.
I use it everytime I fly SAS from Copenhagen to Shanghai, and it's not that expensive IMHO. Around $30 for the entire 11-hour flight, and there are cheaper per-hour pricing options available.
I can echo that. I live in Denmark and almost every international transfer that Danes perform, apart from credit card purchases, use the SWIFT system. Western Union and similar companies have very little market share, mostly because they're quite expensive compared to using SWIFT. For example, I recently transferred $100 to one of my US bank accounts using SWIFT to cover the account charges. I think the smallest SWIFT I ever did was £30 to the UK for some miscellaneous fees.
Windows Embedded. Used for all kinds of devices, including cars, network attached storage, cash registers, phones and thin clients. And according to this page at MSDN, Windows Embedded OS's can act as an access point, though nobody seems to have built a product around this yet.
Exactly. The mainland government has rarely, if ever, called Taiwan a "renegade" province. Only Western media do that. What they do say is that "since ancient times, Taiwan has been an inalienable part of China" and statements to that effect.
There are no federal laws against murder. There are no federal laws against kidnapping.
Try 18 USC 1111 (murder, punishable by death or by imprisonment for life) and 18 USC 1201 (kidnapping, punishable by imprisonment for any number of years or for life, or by death if someone dies). These are federal laws.
Actually, I experience is that Windows XP does not have very good plug-and-play support. Too many devices require a driver from the cd instead of having the driver built-in to the OS, as is most often the case with Mac OS X or Linux.
That only applies to those 188 counties (and Kofi Annan). And in principle those countries still had the right to build nuclear weapons prior to signing the treaty; they sign the treaty in return for a promise that signatories that already have nuclear weapons will never use them against them, and in exchange for help to build civilian nuclear power programs.
$30k is a lot of gadgets, so you must choose wisely!
Actually, if you have a lot of money, I would think that you don't have to choose so wisely. You would have to choose wisely if you can afford only a few gadgets.
(Note that the EU conventions are not law per-se, but all countries agree to implement them in national law, so it comes to the same thing.)
The standard English term is EU directives, which have to be implemented in national law. Some directives also allow specific changes to be made by national legislatures, for example the size of fines.
On the other hand, EU regulations are law and need not be implemented in national law.
Slashdot Mirror
I think the contribution of Nielsen's idea, if any, is to remind us all that security always involves tradeoffs. You're right that masking passwords provides some protection--most security measures, even the inane ones, provide some protection. You know, someone really could hide a bomb in their shoe.
But of course that is not the end of the story. Nielsen, and others such as Bruce Schneier, want us to ask how much security the solution provides, what the costs are, and whether it provides a good tradeoff. If shoulder surfing is relatively rare, and the possible harm for the site in question is small, and the costs are relatively large (lost customers etc), then maybe a site or program shouldn't mask passwords even if they provide some security.
Sure, Jakob Nielsen may be wrong about the tradeoff in this case, and may not have enough evidence to back up his arguments, but I would argue that pointing out that the solution provides a nonzero amount of security does not resolve the question.
Have you heard of IP over DNS? The DNStunnel software sends IP packets as TXT records over a real DNS, the client sends data in the request itself. Since these are real resolvable DNS records, proxying port 53 won't work. When I tried this software, I could only get a single stream over the tunnel, so I ran SSH over the DNStunnel and used ssh to forward a TCP port that I then ran OpenVPN on. This actually works, but it is very slow. And I can imagine that people would eventually find out because the wifi provider's DNS cache will fill up with IP data.
Here's how it works on my Nokia N95 (and the Nokia phones I've used before that): When I am on a call, and have another call on hold, I hit the "Options" menu item and select "Conference".
I've tried conferencing 4 calls (with a total of 5 parties on the call). But I know that some networks limit this to 2 calls.
(If I call someone else while on a call, the phone automatically puts the original call on hold.)
Merging calls is a standard feature of GSM. Every GSM phone I have owned can do it with all the GSM networks here in Denmark. I'm sure it's possible for the network to turn it off, charge extra for the service, or simply not bother to implement it in the first place. But the feature does not require special integration between a GSM phone and the network.
There's also Oracle Rdb, a product for OpenVMS that, as far as I understand, is quite different from the regular Oracle database. More details at Wikipedia.
Reminds me of a story of a Supreme Court oral argument once, where a Justice made a reference to the First Amendment. The lawyer arguing the case replied, "Your Honor, you know, and I know, that when it says, 'Congress shall make no law,' it actually means, 'Congress may make some law.' "
How does this count as wireless? You have to stick a wire down your toilet...
Here in Denmark, many contract phones are SIM-locked so that you can only use it with the carrier you bought it from. But consumer protection law dictate that they have to provide the unlock code after 6 months.
Most carriers add special entries to phone menus and reset the home page for the browser, but do not cripple any functionality.
Hm...
I use it everytime I fly SAS from Copenhagen to Shanghai, and it's not that expensive IMHO. Around $30 for the entire 11-hour flight, and there are cheaper per-hour pricing options available.
I can echo that. I live in Denmark and almost every international transfer that Danes perform, apart from credit card purchases, use the SWIFT system. Western Union and similar companies have very little market share, mostly because they're quite expensive compared to using SWIFT. For example, I recently transferred $100 to one of my US bank accounts using SWIFT to cover the account charges. I think the smallest SWIFT I ever did was £30 to the UK for some miscellaneous fees.
Windows Embedded. Used for all kinds of devices, including cars, network attached storage, cash registers, phones and thin clients. And according to this page at MSDN, Windows Embedded OS's can act as an access point, though nobody seems to have built a product around this yet.
Excel and VBA.
Exactly. The mainland government has rarely, if ever, called Taiwan a "renegade" province. Only Western media do that. What they do say is that "since ancient times, Taiwan has been an inalienable part of China" and statements to that effect.
Try 18 USC 1111 (murder, punishable by death or by imprisonment for life) and 18 USC 1201 (kidnapping, punishable by imprisonment for any number of years or for life, or by death if someone dies). These are federal laws.
(Still, you are kind of right; these laws only apply within the special maritime and territorial jurisdiction of the United States, but your statement that there are no federal laws against murder or kidnapping are a little misleading.)
Did anyone else think that the project had broken down?
Actually, I experience is that Windows XP does not have very good plug-and-play support. Too many devices require a driver from the cd instead of having the driver built-in to the OS, as is most often the case with Mac OS X or Linux.
nettverkskort = network card
Well, if you are a small country with no nukes, it's probably better than nothing. ;-)
That only applies to those 188 counties (and Kofi Annan). And in principle those countries still had the right to build nuclear weapons prior to signing the treaty; they sign the treaty in return for a promise that signatories that already have nuclear weapons will never use them against them, and in exchange for help to build civilian nuclear power programs.
$30k is a lot of gadgets, so you must choose wisely!
Actually, if you have a lot of money, I would think that you don't have to choose so wisely. You would have to choose wisely if you can afford only a few gadgets.
Exactly. But all governments restrict the real-world travel of other countries' citizens (most of them anyway).
There's already IPAC, which supported several candidates financially in the 2004 US election.
The standard English term is EU directives, which have to be implemented in national law. Some directives also allow specific changes to be made by national legislatures, for example the size of fines.
On the other hand, EU regulations are law and need not be implemented in national law.