So to play Devil's Advocate, if you know that you've got a loser (either because new evidence comes to light or just by the way that the trial is moving), you think that they should continue to waste taxpayer money in order to avoid a fine rather than cutting their (and the taxpayer) losses and dismissing the case?
Some people don't follow the news, but incidentally, the bill requiring the changeover was passed in late 2005. If $1.50/month were saved to buy a converter box from the day that the bill was passed, he'd already have one by now.
For almost anything requiring a picture ID (in the US), a US passport is accepted--probably for the very reasons you discuss.
The truth is, most of these businesses would take any glossy card with your picture and the same name as is on the credit card. When I flash my ID, they barely glance at it. There's no strict checking of any sort, unless I'm buying something with an age restriction.
Which leads me to another point--it'd probably be horribly easy to create a fake passport which would pass these lame ID checks. Passports are used for ID considerably less often than driver's licenses. There may be extra scrutiny from the unfamiliarity, but the likelihood that they'd spot a forgery is probably much lower.
I'm routinely asked for a picture ID when I use my card. Strictly speaking, that's the store's prerogative. But per the merchant's agreement, they cannot require a picture ID to complete a credit card purchase. The cashiers aren't taught this, and even the managers either don't seem to know or care.
It's a minor thing, but at the movie theater, I tend to buy my tickets at the automatic kiosk (~$10) and then buy a drink (~$3). The automatic kiosk never asks for my ID, but they always ask for the lower-priced charge. And they give me hell if I've forgotten my ID.
The 7-pass wipe is a commonly repeated myth. There are two ways that the DoD accepts for hard drive end-of-life:
1) For drives with only unclassified information, you must clear (or sanitize[1]) the data. This is ambiguous, though some agencies use a 3-pass multi-pattern method. Recent versions of the document (I can't remember the title) reference a table from the Defense Security Service which includes examples of methods. This is probably where the three-pass method comes from (outside of degaussing or destruction, the only way to sanitize according to this document is to overwrite with a character, its complement, and then a random character--thus three passes.)
2) For drives with classified information, destruction of the physical media is the only acceptable means of disposal according to the DoD.
[1] Clearing and sanitizing have become somewhat synonymous in their usage, these days, so if you work for the government, you're probably best off using the method which is more thorough.
One of the nice things about OpenID is that a provider can use any sort of authentication they wish--it doesn't have to be username/password. This means that your average Joe can use username and password, and be no worse off than if they were using that same password on every site (actually, they'll be better off, because there are fewer points of failure where the password can be read.) More security-conscious people can use providers with better solutions like one-time passwords, secure tokens, etc.
3) Trusting all your authentication credentials to a browser is fine, unless someone else uses your PC without your permission. The browser will just as happily fill in the forms for them as it does for you.
Well, Firefox can require the use of a master password each time you try to fill in the box. But the larger issue for most people is that they can't ever log in from another computer. There are times when I want to log into a secure site at work--if I rely solely on my home computer's password manager, I will not be able to do this.
Then there's the danger of losing your password database.
I think that OpenID is a neat idea (web-wide, common authentication) which was horribly implemented (log in as a URL, etc.) and which has a steep-enough learning curve to prevent most people from bothering.
I wonder how long you'll be without your notebook while the battery is replaced. And how long they'll support these notebooks. And how much it will cost.
Batteries already cost quite a bit, and they're claiming that these batteries will last for 5 years. Will they even still be replacing batteries in these ancient computers that far into the future?
I wasn't aware that the BSDs ponied up the money to certify their software. And considering that revisions also have to be certified, that's a lot to deal with. Where did you read that most of the BSDs were certified?
I said "setting it to the boundaries." I explicitly included the February case because it's possibly a less obvious boundary.
The boundaries would obviously be Dec 31 on the previous year, Jan 1 on the leap year (though it's hard to envision code on which these would break, they should be tested), Dec 31 of the leap year, and Jan 1 of the next year.
In fact, it might even be reasonable to test the first and last day of every month of the leap year. Addition errors could occur at any point.
Clocks set ahead? Leap year is a really well-known edge case. There's no acceptable reason that setting the date to the boundaries in a leap year (including February 29, and the day before, and the day after) shouldn't be part of the standard tests.
"Bricked" means "turned the hardware into a brick." It means, literally, that the hardware cannot be used for its intended purpose anymore. If you were able to reinstall, your hardware was not bricked.
It worked just fine, though some apparently Apple restricts you to only doing this once per year. That's a strange restriction, and I really can't fathom a reason for it.
I agree that it's all very silly. I no longer buy from DRM-encumbered digital downloads, and I only buy physical media upon-which I can exercise my fair-use rights. That said, of all of the digital download DRM schemes out there, Apple's is really one of the most lenient. That said, it's kinda like saying that stabbing yourself in the fleshy part of the arm is one of the better ways to stab yourself.
I still have my AppleTV, but it didn't take long to exceed its capacity. So I started storing my television shows on my computer. A couple of computers (and iPods, for that matter) later, I've moved my stuff around so much and dropped and reauthorized stuff to the point where the shows I bought when I first got my AppleTV are, for all practical purposes, gone forever unless I want to re-buy them.
How does this happen? I thought that content purchased from the iTMS were tied to your account, which you can pretty much authorize to 5 computers at a time. You can deauth at any point, either from the computer itself, or from their website.
Unless you've switched accounts, I don't see how your content would be unplayable.
That's absurd. The system is a honeypot. It cannot be accessed directly--you must log in to the host system to do gain access. No accounts are allowed through SSH to the jailed host, but passwords are logged for the sole purpose of gathering information on the botnet. The jail has no users other than root, and root is not permitted to log in through SSH. Hell, strictly speaking, root isn't allowed to log in at all--the jail mechanism doesn't count as a login.
It's about as secure as you can make a system which listens on TCP ports.
Unfortunately, this is often too hard for your users.
What's really scary is that I'm starting to see really good passwords coming through (I modified the OpenSSH source to log the password sent for one of my jails.) I'm seeing passwords that have no particular rhyme or reason (in other words, they're either random or are generated through an obfuscated scheme.) I have to assume that they're passwords which were harvested in some way. It really makes me wonder where they're getting them.
Most paper will be readable in 30 years. Will your digital documents?
Microsoft Word dropped support for old document formats fairly recently, so even if you've still got a medium which is readable (cdroms in 30 years? Probably not...) you've got to worry about the file format.
If there were a technological means to fight spam, we wouldn't need the legislation.
What's needed is actual enforcement. Spammers make money because people buy their wares. Where there's money changing hands, there's a trail you can follow. The problem is seemingly that no one wants to follow that trail.
Slashdot Mirror
So to play Devil's Advocate, if you know that you've got a loser (either because new evidence comes to light or just by the way that the trial is moving), you think that they should continue to waste taxpayer money in order to avoid a fine rather than cutting their (and the taxpayer) losses and dismissing the case?
Wow. That's pretty sad.
Some people don't follow the news, but incidentally, the bill requiring the changeover was passed in late 2005. If $1.50/month were saved to buy a converter box from the day that the bill was passed, he'd already have one by now.
For almost anything requiring a picture ID (in the US), a US passport is accepted--probably for the very reasons you discuss.
The truth is, most of these businesses would take any glossy card with your picture and the same name as is on the credit card. When I flash my ID, they barely glance at it. There's no strict checking of any sort, unless I'm buying something with an age restriction.
Which leads me to another point--it'd probably be horribly easy to create a fake passport which would pass these lame ID checks. Passports are used for ID considerably less often than driver's licenses. There may be extra scrutiny from the unfamiliarity, but the likelihood that they'd spot a forgery is probably much lower.
No joke.
I'm routinely asked for a picture ID when I use my card. Strictly speaking, that's the store's prerogative. But per the merchant's agreement, they cannot require a picture ID to complete a credit card purchase. The cashiers aren't taught this, and even the managers either don't seem to know or care.
It's a minor thing, but at the movie theater, I tend to buy my tickets at the automatic kiosk (~$10) and then buy a drink (~$3). The automatic kiosk never asks for my ID, but they always ask for the lower-priced charge. And they give me hell if I've forgotten my ID.
The 7-pass wipe is a commonly repeated myth. There are two ways that the DoD accepts for hard drive end-of-life:
1) For drives with only unclassified information, you must clear (or sanitize[1]) the data. This is ambiguous, though some agencies use a 3-pass multi-pattern method. Recent versions of the document (I can't remember the title) reference a table from the Defense Security Service which includes examples of methods. This is probably where the three-pass method comes from (outside of degaussing or destruction, the only way to sanitize according to this document is to overwrite with a character, its complement, and then a random character--thus three passes.)
2) For drives with classified information, destruction of the physical media is the only acceptable means of disposal according to the DoD.
[1] Clearing and sanitizing have become somewhat synonymous in their usage, these days, so if you work for the government, you're probably best off using the method which is more thorough.
Exactly.
One of the nice things about OpenID is that a provider can use any sort of authentication they wish--it doesn't have to be username/password. This means that your average Joe can use username and password, and be no worse off than if they were using that same password on every site (actually, they'll be better off, because there are fewer points of failure where the password can be read.) More security-conscious people can use providers with better solutions like one-time passwords, secure tokens, etc.
3) Trusting all your authentication credentials to a browser is fine, unless someone else uses your PC without your permission. The browser will just as happily fill in the forms for them as it does for you.
Well, Firefox can require the use of a master password each time you try to fill in the box. But the larger issue for most people is that they can't ever log in from another computer. There are times when I want to log into a secure site at work--if I rely solely on my home computer's password manager, I will not be able to do this.
Then there's the danger of losing your password database.
I think that OpenID is a neat idea (web-wide, common authentication) which was horribly implemented (log in as a URL, etc.) and which has a steep-enough learning curve to prevent most people from bothering.
Frankly, I don't trust other computers. I try my best not to log on to online services when I'm not using a trusted computer.
I'm sure as hell not going to plug a USB drive with my password database into an untrusted computer.
I wonder how long you'll be without your notebook while the battery is replaced. And how long they'll support these notebooks. And how much it will cost.
Batteries already cost quite a bit, and they're claiming that these batteries will last for 5 years. Will they even still be replacing batteries in these ancient computers that far into the future?
I wasn't aware that the BSDs ponied up the money to certify their software. And considering that revisions also have to be certified, that's a lot to deal with. Where did you read that most of the BSDs were certified?
I said "setting it to the boundaries." I explicitly included the February case because it's possibly a less obvious boundary.
The boundaries would obviously be Dec 31 on the previous year, Jan 1 on the leap year (though it's hard to envision code on which these would break, they should be tested), Dec 31 of the leap year, and Jan 1 of the next year.
In fact, it might even be reasonable to test the first and last day of every month of the leap year. Addition errors could occur at any point.
Yeah. If you re-read what I wrote, I said there's no good reason that it's not a part of the standard tests.
Clocks set ahead? Leap year is a really well-known edge case. There's no acceptable reason that setting the date to the boundaries in a leap year (including February 29, and the day before, and the day after) shouldn't be part of the standard tests.
After all the hell that people give Microsoft for not supporting a 9 year old OS? Yeah, right.
Besides, I know people who still have first generation iPods.
Indeed. It's a good, general policy.
Yeah, but that's like saying, "He killed me. Not to the point of death, but ...."
"Bricked" means "turned the hardware into a brick." It means, literally, that the hardware cannot be used for its intended purpose anymore. If you were able to reinstall, your hardware was not bricked.
The last time I had this issue, I used the steps here:
http://www.macworld.com/article/49193/2006/01/deauthorall.html
also: http://drcorner.wordpress.com/2008/08/04/deauthorizing-all-the-pcs-on-your-itunes-account/
It worked just fine, though some apparently Apple restricts you to only doing this once per year. That's a strange restriction, and I really can't fathom a reason for it.
I agree that it's all very silly. I no longer buy from DRM-encumbered digital downloads, and I only buy physical media upon-which I can exercise my fair-use rights. That said, of all of the digital download DRM schemes out there, Apple's is really one of the most lenient. That said, it's kinda like saying that stabbing yourself in the fleshy part of the arm is one of the better ways to stab yourself.
I still have my AppleTV, but it didn't take long to exceed its capacity. So I started storing my television shows on my computer. A couple of computers (and iPods, for that matter) later, I've moved my stuff around so much and dropped and reauthorized stuff to the point where the shows I bought when I first got my AppleTV are, for all practical purposes, gone forever unless I want to re-buy them.
How does this happen? I thought that content purchased from the iTMS were tied to your account, which you can pretty much authorize to 5 computers at a time. You can deauth at any point, either from the computer itself, or from their website.
Unless you've switched accounts, I don't see how your content would be unplayable.
That's absurd. The system is a honeypot. It cannot be accessed directly--you must log in to the host system to do gain access. No accounts are allowed through SSH to the jailed host, but passwords are logged for the sole purpose of gathering information on the botnet. The jail has no users other than root, and root is not permitted to log in through SSH. Hell, strictly speaking, root isn't allowed to log in at all--the jail mechanism doesn't count as a login.
It's about as secure as you can make a system which listens on TCP ports.
Unfortunately, this is often too hard for your users.
What's really scary is that I'm starting to see really good passwords coming through (I modified the OpenSSH source to log the password sent for one of my jails.) I'm seeing passwords that have no particular rhyme or reason (in other words, they're either random or are generated through an obfuscated scheme.) I have to assume that they're passwords which were harvested in some way. It really makes me wonder where they're getting them.
Most paper will be readable in 30 years. Will your digital documents?
Microsoft Word dropped support for old document formats fairly recently, so even if you've still got a medium which is readable (cdroms in 30 years? Probably not...) you've got to worry about the file format.
You know, everyone gets all up in arms about using paper. Do none of you realize that paper is a renewable resource?
If there were a technological means to fight spam, we wouldn't need the legislation.
What's needed is actual enforcement. Spammers make money because people buy their wares. Where there's money changing hands, there's a trail you can follow. The problem is seemingly that no one wants to follow that trail.
No enforcement? Practically no law.