It's a small package, with no dependencies on Wine, only on packages that I already had installed on Ubuntu 11.04 64-bit. It works quite smoothly. The only hitch is that it tries to use the notification area, which doesn't exist in Ubuntu 11.04's Unity interface.
Google offers a number of applications for Linux, and has repositories for current versions of Ubuntu. Google claims to use OS X and their own rebranded version of Google internally more than they use Windows, so it's only surprising that there was a delay in releasing a Linux client.
In fairness to the person using the club, it only takes a couple of seconds to put it on, and routines tend to be all-or-nothing: if you look around and try to assess whether your current surroundings justify using the club, you're likely to fall out of the habit of using it at all.
I've been wanting to visit Arcosanti, by the way. It sounds like a crazy utopian scheme, but with something to it. I've wondered if Soleri was an influence on the design of the Marine Towers in Chicago.
Given that a major election year issue was that the Bush administration had used deceit to justify an invasion of Iraq, and that most anti-war activists looked to the Democratic Party for leadership, it was at best perverse for the Democratic Party to run a candidate who campaigned on his status as a Vietnam War veteran and who advocated invading Syria and Iran.
My theory is that the Democratic Party leadership intended to lose, rather than win and become discredited by the DP's unwillingness to stop the war at the height of popular opposition to it, and the DP leadership concentrated on using the election campaign to deflect and disorganize the anti-war movement, while trying to maintain just enough credibility to challenge the Republicans later.
The assumptions Google+ makes about "real names" don't even apply for that many people in Mountain View, California, let alone the full range of people in the global Internet culture. Just for one example, it's common for Javanese people to have just one name, not a first and last name, as in the case of an important figure in modern Indonesian history, Sukarno. That's his entire name.
People already know to protect their wallets, and are immediately suspicious if someone's going through their wallet.
If you've got a strong password, written on a sticky on your monitor, then any of a few dozen people could easily see it. If it's in your wallet, it's difficult for someone to see, even if they know where you keep it. If it's in an encrypted file, like a password safe, on a flash drive, then even if someone steals the flash drive, they'll probably never get it. And if you're in New York, a hacker in Los Angeles can't do any of those things.
It's not about perfection. It's about risk reduction. The biggest improvement would be to get typical users to use stronger passwords, and their wallets are safe enough. A typical pickpocket wants the $100 in cash and maybe the credit card, and wouldn't have any use for the password for a workplace LAN. The users with passwords that are valuable enough that someone would steal their wallets specifically to get their passwords have bigger security concerns. And there is still the famous $5 wrench.
Substituting numbers for letters is common and predictable. Dictionary attacks check for that. Your example passwords are no stronger than they would be if you didn't substitute numbers for letters.
This is Google we're talking about. This service must have thousands of users already, if not tens of thousands; the numbers will be multiplied many times over when it's a fully open beta, and more when it's fully released.
So what's the RIAA going to do? Subpoena the music lists for all the tens or hundreds of thousands of users, and send investigators to each home, to check whether there's a CD for each album, or a record of a download license from Amazon or eMusic or iTunes or some other service? Even in the unlikely event that a judge authorized it, the effort would bankrupt the recording industry.
The RIAA has mostly targetted people who distribute music, and has met with surprisingly little success. Google's service only allows access to the music by the person who uploaded it, so individual users would not be likely targets.
The worst case scenario is that Google cancels the service.
I probably should have written, "tutorials", as that's really what I've looked for -- at various times, I've gone looking for tutorials and free textbooks for several programming languages and so on, and generally been able to find several for whichever language or tool I wanted to learn about, but I hadn't found much of use for PowerShell. The documentation you point out reminds me of Linux man pages, which I use frequently, but I can scarcely imagine using man pages alone to learn how to write shell scripts. There's a very detailed man page for rsync, for example, but someone had to tell me that rsync was useful for backing up files, before I knew to look at it. Someone gave an example of a single line of code in PowerShell to batch rename files; I don't believe I could have come up with that in 45 minutes without some introduction to PowerShell.
I just tried searching for PowerShell tutorials again, and found some book recommendations. I should probably just suck it up and pay $30 for something in print.
While it's true that those are means to solve the problem, except for PowerShell, none of those are available by default in Windows 7, and documentation for PowerShell or the Windows command line is not nearly as easy to find as documentation on Perl, etc.
It's an illustration of the difference in OS philosophies: Windows allows you to tweak things; Linux assumes you will tweak things. (OS X can be tweaked, but you have to go around to the back and find the access panel behind the shrub, next to the air conditioner.)
People keep arguing about the merits and failings of the Linux desktop. But in server space, Linux is very strong. Where I work, we deal with a mix of about 80% Linux servers, 20% Windows, so the two have to work together. Even the staffers who specialize in Windows Server administration tend to say that they wish the Windows systems were as flexible and easy to work with as the Linux systems.
Just imagine how FLOSS would flourish if the people bootlegging proprietary products were applying their resourcefulness to developing FLOSS, to the benefit of all.
No. Police don't arrest someone every time a crime appears to have been committed, nor do prosecutors prosecute every person arrested for a crime. They have discretion, and limited resources, and more apparent crimes than they can afford to investigate or prosecute. If the crime appears to be minor, and the victim doesn't want to press charges, or there's no victim, the police are likely to ignore it. What prosecutors actually prosecute is a policy decision -- which often means, a political decision.
Allegedly, Swartz broke into a computer closet in order to download documents you can download from a Website, and he downloaded a lot of them. Why would he go to that much trouble?
Supposedly, MIT and JSTOR didn't press want to press charges, but the state of Massachusetts is pressing charges anyway. Why?
Some of the speculation here is that it's because Swartz was threatening to the government. I just read some of his articles; it seemed like good stuff from a moderate left. Left of the Democratic party? Sure, but so are thousands of activists, academics, and journalists. What's extraordinary about Swartz that would call for active persecution?
I keep voting for the candidates who promise not to murder any innocent people. They don't seem to win the elections, though -- not above the municipal level, anyway.
I'm not talking about religion, per se; I'm talking about mysticism.
I'm an atheist, but I've studied religious texts and met religious thinkers, and encountered many that I found intelligent, insightful, and wise; it seemed to me that much of what they refer to as religion or spirituality were alternate ways of describing material reality. Importantly, they were trying to understand the world around them.
Mysticism is not about understanding the world. It's a matter of fetishizing a lack of understanding. And, if you read the article, you'd have noticed that Rohrer described himself as an atheist, and none of the other people involved had any religious beliefs ascribed to them. Rohrer set up a scenario, in which people would encounter things that other people created, without any way to find out why they'd created them, in order to recreate a sense of mysticism. In other words, the entire point of the exercise is to destroy meaning and prevent understanding. It's an absurdity.
The problem is that it isn't always at hand. It may die, or you may lose it or get robbed while on vacation, or you may forget it, or it may be in the laundry
The point of a mobile phone is that it's always at hand -- barring misfortune, of course. The encrypted password safe on my phone is a copy of the database on my computer. There are a variety of ways to sync those files -- the most straightforward of which is simply to connect a phone to a computer via USB, and copy the file.
And, of course, to be of much use it must be quick and easy to use, which means these things are almost never behind a complex password. Seriously, do you have a password like Pz3vHkr7#w for your password safe, or a short and simple word or number? Remember that no chain is stronger than the weakest link:
My master password is actually longer than that example, and I've got an additional password to lock the phone. It takes me perhaps two seconds to type the two passwords and access my password safe. I believe people seriously underestimate their ability to memorize and use randomly generated passwords.
One thing Troy Hunt's article pointed out was that less than 1% of the passwords in the database were randomly generated. That is far, far too low, and I think people are overestimating the security risks of recording passwords and underestimating the security risks of using weak passwords. Your dozen co-workers may be able to see the sticky on your monitor, but the other six billion people in the world can't see it; you can cut that dozen down by quite a bit if you just put the sticky in a desk drawer.
Also, "no chain is stronger than the weakest link" doesn't apply when you're using the strategy of defense-in-depth.
That fits my experience. I expect people are much better at remembering a random string of characters than they expect to be. It seems like a good subject for an experiment.
Problem #1: people don't have random password generators conveniently at hand when they need to create passwords. OS designers should make sure that good random password generator applets are installed by default and obvious. Designers of systems that require passwords should remind users to use random password generators, and suggest where they may be found in popular GUIs. Not every interface can offer that information, but certainly websites could, and if enough do, the information will get around.
Problem #2: people get the EXTREMELY BAD ADVICE that they should not write down passwords. They should be advised to write down their password and put it somewhere safe and out of sight, like their wallet.
Apparently whether they are classified as Homo neanderthalensis or Homo sapiens neanderthalensis is still debated by anthropologists. Neanderthal: Classification
I'd say, given that they were at least very similar to modern humans and there was at least some interbreeding, that it's easiest to just call them humans,
Slashdot Mirror
I'm not the most clued-in person around, but I'm still surprised that I've never heard of Airbnb before, given that I live in San Francisco.
It's a small package, with no dependencies on Wine, only on packages that I already had installed on Ubuntu 11.04 64-bit. It works quite smoothly. The only hitch is that it tries to use the notification area, which doesn't exist in Ubuntu 11.04's Unity interface.
Google offers a number of applications for Linux, and has repositories for current versions of Ubuntu. Google claims to use OS X and their own rebranded version of Google internally more than they use Windows, so it's only surprising that there was a delay in releasing a Linux client.
I'd love to see a remake of that game -- overhaul the graphics, maybe tweak the gameplay a little but not too much, but keep all the writing.
In fairness to the person using the club, it only takes a couple of seconds to put it on, and routines tend to be all-or-nothing: if you look around and try to assess whether your current surroundings justify using the club, you're likely to fall out of the habit of using it at all.
I've been wanting to visit Arcosanti, by the way. It sounds like a crazy utopian scheme, but with something to it. I've wondered if Soleri was an influence on the design of the Marine Towers in Chicago.
Given that a major election year issue was that the Bush administration had used deceit to justify an invasion of Iraq, and that most anti-war activists looked to the Democratic Party for leadership, it was at best perverse for the Democratic Party to run a candidate who campaigned on his status as a Vietnam War veteran and who advocated invading Syria and Iran.
My theory is that the Democratic Party leadership intended to lose, rather than win and become discredited by the DP's unwillingness to stop the war at the height of popular opposition to it, and the DP leadership concentrated on using the election campaign to deflect and disorganize the anti-war movement, while trying to maintain just enough credibility to challenge the Republicans later.
Google staffers need to read this: Falsehoods Programmers Believe About Names
The assumptions Google+ makes about "real names" don't even apply for that many people in Mountain View, California, let alone the full range of people in the global Internet culture. Just for one example, it's common for Javanese people to have just one name, not a first and last name, as in the case of an important figure in modern Indonesian history, Sukarno. That's his entire name.
People already know to protect their wallets, and are immediately suspicious if someone's going through their wallet.
If you've got a strong password, written on a sticky on your monitor, then any of a few dozen people could easily see it. If it's in your wallet, it's difficult for someone to see, even if they know where you keep it. If it's in an encrypted file, like a password safe, on a flash drive, then even if someone steals the flash drive, they'll probably never get it. And if you're in New York, a hacker in Los Angeles can't do any of those things.
It's not about perfection. It's about risk reduction. The biggest improvement would be to get typical users to use stronger passwords, and their wallets are safe enough. A typical pickpocket wants the $100 in cash and maybe the credit card, and wouldn't have any use for the password for a workplace LAN. The users with passwords that are valuable enough that someone would steal their wallets specifically to get their passwords have bigger security concerns. And there is still the famous $5 wrench.
Substituting numbers for letters is common and predictable. Dictionary attacks check for that. Your example passwords are no stronger than they would be if you didn't substitute numbers for letters.
A meaningful password is an insecure password.
This is Google we're talking about. This service must have thousands of users already, if not tens of thousands; the numbers will be multiplied many times over when it's a fully open beta, and more when it's fully released.
So what's the RIAA going to do? Subpoena the music lists for all the tens or hundreds of thousands of users, and send investigators to each home, to check whether there's a CD for each album, or a record of a download license from Amazon or eMusic or iTunes or some other service? Even in the unlikely event that a judge authorized it, the effort would bankrupt the recording industry.
The RIAA has mostly targetted people who distribute music, and has met with surprisingly little success. Google's service only allows access to the music by the person who uploaded it, so individual users would not be likely targets.
The worst case scenario is that Google cancels the service.
Okay, there is a lot of documentation there.
I probably should have written, "tutorials", as that's really what I've looked for -- at various times, I've gone looking for tutorials and free textbooks for several programming languages and so on, and generally been able to find several for whichever language or tool I wanted to learn about, but I hadn't found much of use for PowerShell. The documentation you point out reminds me of Linux man pages, which I use frequently, but I can scarcely imagine using man pages alone to learn how to write shell scripts. There's a very detailed man page for rsync, for example, but someone had to tell me that rsync was useful for backing up files, before I knew to look at it. Someone gave an example of a single line of code in PowerShell to batch rename files; I don't believe I could have come up with that in 45 minutes without some introduction to PowerShell.
I just tried searching for PowerShell tutorials again, and found some book recommendations. I should probably just suck it up and pay $30 for something in print.
At least he didn't use Papyrus.
While it's true that those are means to solve the problem, except for PowerShell, none of those are available by default in Windows 7, and documentation for PowerShell or the Windows command line is not nearly as easy to find as documentation on Perl, etc.
It's an illustration of the difference in OS philosophies: Windows allows you to tweak things; Linux assumes you will tweak things. (OS X can be tweaked, but you have to go around to the back and find the access panel behind the shrub, next to the air conditioner.)
People keep arguing about the merits and failings of the Linux desktop. But in server space, Linux is very strong. Where I work, we deal with a mix of about 80% Linux servers, 20% Windows, so the two have to work together. Even the staffers who specialize in Windows Server administration tend to say that they wish the Windows systems were as flexible and easy to work with as the Linux systems.
"Why are we still moving towards it?!" screeched Luke, pubescently.
Just imagine how FLOSS would flourish if the people bootlegging proprietary products were applying their resourcefulness to developing FLOSS, to the benefit of all.
That makes sense.
No. Police don't arrest someone every time a crime appears to have been committed, nor do prosecutors prosecute every person arrested for a crime. They have discretion, and limited resources, and more apparent crimes than they can afford to investigate or prosecute. If the crime appears to be minor, and the victim doesn't want to press charges, or there's no victim, the police are likely to ignore it. What prosecutors actually prosecute is a policy decision -- which often means, a political decision.
I cannot make sense of this.
Allegedly, Swartz broke into a computer closet in order to download documents you can download from a Website, and he downloaded a lot of them. Why would he go to that much trouble?
Supposedly, MIT and JSTOR didn't press want to press charges, but the state of Massachusetts is pressing charges anyway. Why?
Some of the speculation here is that it's because Swartz was threatening to the government. I just read some of his articles; it seemed like good stuff from a moderate left. Left of the Democratic party? Sure, but so are thousands of activists, academics, and journalists. What's extraordinary about Swartz that would call for active persecution?
I keep voting for the candidates who promise not to murder any innocent people. They don't seem to win the elections, though -- not above the municipal level, anyway.
I'm not talking about religion, per se; I'm talking about mysticism.
I'm an atheist, but I've studied religious texts and met religious thinkers, and encountered many that I found intelligent, insightful, and wise; it seemed to me that much of what they refer to as religion or spirituality were alternate ways of describing material reality. Importantly, they were trying to understand the world around them.
Mysticism is not about understanding the world. It's a matter of fetishizing a lack of understanding. And, if you read the article, you'd have noticed that Rohrer described himself as an atheist, and none of the other people involved had any religious beliefs ascribed to them. Rohrer set up a scenario, in which people would encounter things that other people created, without any way to find out why they'd created them, in order to recreate a sense of mysticism. In other words, the entire point of the exercise is to destroy meaning and prevent understanding. It's an absurdity.
The problem is that it isn't always at hand. It may die, or you may lose it or get robbed while on vacation, or you may forget it, or it may be in the laundry
The point of a mobile phone is that it's always at hand -- barring misfortune, of course. The encrypted password safe on my phone is a copy of the database on my computer. There are a variety of ways to sync those files -- the most straightforward of which is simply to connect a phone to a computer via USB, and copy the file.
And, of course, to be of much use it must be quick and easy to use, which means these things are almost never behind a complex password.
Seriously, do you have a password like Pz3vHkr7#w for your password safe, or a short and simple word or number? Remember that no chain is stronger than the weakest link:
My master password is actually longer than that example, and I've got an additional password to lock the phone. It takes me perhaps two seconds to type the two passwords and access my password safe. I believe people seriously underestimate their ability to memorize and use randomly generated passwords.
One thing Troy Hunt's article pointed out was that less than 1% of the passwords in the database were randomly generated. That is far, far too low, and I think people are overestimating the security risks of recording passwords and underestimating the security risks of using weak passwords. Your dozen co-workers may be able to see the sticky on your monitor, but the other six billion people in the world can't see it; you can cut that dozen down by quite a bit if you just put the sticky in a desk drawer.
Also, "no chain is stronger than the weakest link" doesn't apply when you're using the strategy of defense-in-depth.
That fits my experience. I expect people are much better at remembering a random string of characters than they expect to be. It seems like a good subject for an experiment.
I find the ability to have an encrypted password safe always at hand more than makes up for the inconvenience of typing in my master password.
Problem #1: people don't have random password generators conveniently at hand when they need to create passwords. OS designers should make sure that good random password generator applets are installed by default and obvious. Designers of systems that require passwords should remind users to use random password generators, and suggest where they may be found in popular GUIs. Not every interface can offer that information, but certainly websites could, and if enough do, the information will get around.
Problem #2: people get the EXTREMELY BAD ADVICE that they should not write down passwords. They should be advised to write down their password and put it somewhere safe and out of sight, like their wallet.
Apparently whether they are classified as Homo neanderthalensis or Homo sapiens neanderthalensis is still debated by anthropologists. Neanderthal: Classification
I'd say, given that they were at least very similar to modern humans and there was at least some interbreeding, that it's easiest to just call them humans,