All of this assuming a twit user who's intentionally trying to pick something weak.
"something better" is more likely trust relationships or automated secret management in the form of tight password manager integration. I don't think it unlikely to see this in the next 10 years. Some people have it today. You might say a 64 character random unicode string is still a password, but it's getting tough to distinguish it from a more arbitrary shared secret.
Yes, mandatory character classes reduce the entropy of the password, but password attacks are not random and most passwords are not random. If you use a 2^16 character set for the password on an 8-character password, yes, a user might pick a random number between 1 and 340282366920938463463374607431768211456 and render it in printable and non-printable unicode but more than likely they'll pick "alicebob".
Removing the combinations comprised solely of a single character class means that yes, the attacker doesn't need to guess the smaller set of passwords, but it also means that no password is within that smaller set.
Password managers and solutions for the hundreds of unique passwords users have is a separate issue. There are a lot of issues around passwords, none of which can be looked at in isolation. Password management and character classes are two parts.
E.g., the specific details as to why a password policy is put in place has to do in part with what the specific technology supports. This NIST guideline means that software should be supporting better methods. 10 years from now, one would hope they're universal, but one would also hope that in 10 years passwords will be replaced with something better.
Leave the interpretation of NIST and its relevance to your organization to the Infosec team. Infosec is very aware NIST exists.
If you'd rather not, you can go explain to auditors, customers and executives about your "bullshit" theory.
Realistically, you'll probably just include some mixed case and a number in a password rather than fight this battle, it's much less effort. The news here from an infosec standpoint is that NIST is getting sane about this stuff. No doubt because of the decades of feedback from infosec professionals.
Personally, I disagree with the position on mandatory character classes, but fortunately it's a "SHOULD NOT" and not a "MUST", nor is NIST a rule, it's a guideline. For certain types of passwords and certain types of leaks, mandatory character classes increase the space *required* to break a password. It doesn't matter that 'ahwfovuu' could be randomly generated from upper/lower/symbols/numbers etc, when it could be brute forced with only one character class.
OTOH, I regularly sat on calls and stated flat out to customers that we do not and would not do arbitrary password expiration, regardless of standards. I would highlight it as a point where we're not compliant and would not be compliant. As dumb as it sounds, this statement would appear on reports up to the top.
I'm not looking forward to smart-ass developers raising this as a "counterargument" to why Infosec should bend policies because their favourite password generator tool doesn't support mandatory character classes.
"If you are a true master, you should be able to explain concepts in a way that even a child can understand. "
This isn't needed to be a master in a field and it isn't necessary unless you're speaking to novices or people outside the field. Sagan, Hawking or Feynman are good examples of this. Einstein was a real aberration, where even some of his papers were written with disarming clarity.
For Trump, I think you're mixing this up with the Dunning Kruger effect, where a person's inability to understand what's going on around them makes them think they have a better understanding than the experts.
"True, it's the only smartphone on which you can't install an application unless approved by the phone manufacturer. Nobody had that idea before."
Other phones at the time didn't let you install an application, updates, ringtones or anything unless approved by the TELCO.
So yep, opening it up to the manufacturer to sell you apps was a huge move forward. It meant strong-arming the telcos with overwhelming demand else they wouldn't carry Apple's new little product.
The assertion of em drive is not based on theory, but alleged observation.
Conflicting measurements are evidence of experimental error. China's trying a new experiment, hopefully their measurements agree with some others. I think we both expect the outcome to be "no thrust".
It looks like a fun experiment. Not sure why they feel it's worth investigating, but maybe it's related to another project and not a high cost item for them.
If it works, you can propose your unicorn attractor constant.
In the case of Brown, there's lying witnesses, which isn't fake news. In Rathergate, CBS was duped by a fake source, and people were fired over what happened.
In 2005 you couldn't just come up with the idea to create a fake article about it on a fake news website and spread it on Twitter and Facebook.
No, the "fake news" of the last few months has been the fabricated news pupping up hysterical memes so as to generate millions of dollars in ad revenue. It's genuinely fake. The people writing it don't even believe it.
"Denver Guardian is Denver's oldest news source and one of the longest running daily newspapers published in the United States. With a focus on local content, the Guardian thrives to maintain a non-partisan newsroom making our content the most reliable source available in print and across the web. "
They're what Mac users use because in the interest of ease-of-use, they have no home or end keys, but have two-extra modifier keys (Fn and Cmd). Ctrl-a => home (Windows), Ctrl-e => end, Ctrl-k => shift-end, delete.
I think some of these keys derive from ancient Unix days. Jobs being reluctant to even put arrow keys on the Mac. They are basic and have been around forever, but only if you're a Mac user or ancient Unix guy.
It distracted kids in schools and got used for bullying etc. It also got picked up by people who wanted to talk to kids in schools, which is not good either. Yik Yak blocked the app at schools in the U.S....
"As for how the blocks will affect Yik Yak’s user growth, the company isn’t concerned, saying that the app is still doing “very well” at colleges and the publicly cited user numbers have been grossly under-reported."
I would guess the kids who used it and were blocked, graduated as kids who forgot it existed.
The T420 (which I'm using heavily as a lab machine (16G RAM, 512G SSD, 1TB HDD, + empty ultrabay) has a CPU which runs a bit hot and has poor battery life. The T430 changed the keyboard layout, but better CPU, the T440 has an insanely bad touchpad design with no physical buttons. This meant for a while if you wanted a reasonable touchpad and keyboard on a Thinkpad, you had to look backwards to the T420.
Compared to other manufacturers though, the T440 and T450 at least have home/end/ins/del/pgup/pgdn and prtsc reachable without fn-key combinations, Why they put prtsc next to ctl is beyond me though, but at least they stopped screwing with the design for a while, refined the T430 design instead (grouping function keys by 4s etc.) and they didn't follow the Apple to put the power button next to backspace.
...now the T460 threw out the ins key... I think for an oversized delete and oversized escape next to all their already undersized function keys. "Improvements". Maybe they'll fix it in the T470...
Awesome, I'll add it to my list to check out. I'm not thrilled about the keyboard layout, but there isn't a manufacturer left who respects keyboard layouts. Apple and Lenovo used to be good about it, but those days are over.
Having working sound, volume controls, 3d support, wifi, touchpad w. multi-touch, Bluetooth, suspend, hibernate (and resume), etc, etc. is another matter.
For me, having a keyboard which doesn't mix up Fn and Ctrl (with no abilty to remap), or disposes of home/end/pgup/pgdn in favour of putting prtscr next to Ctrl, or forward/back buttons over the arrow keys, keeps function keys as function keys and possibly has a mouse with three buttons... these are the difference between an crappy Linux laptop and an ok Linux laptop.
Give it 8h battery life (genuine 8h, not pretend 8h), upgradable RAM, upgradable storage, and a high resolution display with good viewing angles, HDMI out (or similar)... then we're talkign a great Linux laptop.
This might only be the XPS13 or circa 2011 Thinkpads.
I'm in a major North American city and Google maps has almost no data on the construction in town. Some of it weeks after it began.
I also don't trust Google maps for traffic. They seem to mark a route "Red" as heavy traffic faster than Apple maps, to the point that I ignore their statements on traffic density... the roads are usually not as bad as they say they are.
Apple maps are quicker to read, faster to load, give me better traffic. OpenStreetmap gives me better detail on streets, walking paths, geography and cycling paths. Google maps are better than all of these at finding addresses, and nobody has anything better than Google Streetview.
We can't forget that Apple is making money, and a lot of money, selling phones. You're paying for that mapping sofware. Google is an advertising company, they make money selling your location and other information about you. The privacy reasons keep my feet out of Google as much as possible, but the alternatives have advantages.
It's a ridiculous sentence, but it was a teaser to go into a discussion on valence electrons... the editors left the statement in like it was some kind of conclusion, rather than the beginning of the article.
No, I'm only commenting on the counter-culture draw to anti-environmentalism.
I agree, scepticism is important for science. If you deny AGW claims and you're a scientist, you're in a very small minority. That doesn't mean you're not a good scientist. You will be scrutinized more carefully, but that's not a bad thing.
There's decades of more nuanced materials on AGW. These documentaries or docudramas are not scientific papers, and they're not where most geeks get their info.
"a fallacious and unscientific idea that man is solely responsible for climate change."
"I thought you would be smarter than that. I was wrong."
The idea that man is soley responsible for climate change is absolutely a fallacious and unscientific idea. You're the only one talking about it.
What's interesting here, is that there's a willful and direct stupidity. I mean, the post infers something ludicrous from something that wasn't said, then attacks that argument. It's a straw man, followed up with an ad hominem.
"people with IDs as low as yours sounding like the morons who blame society for all of man's ills"
There's another ad hominem, with a vague and nebulous claim of something which wasn't said.
There's no sense, logic or even evidence of basic reading comprehension behind this anonymous post.
Climate change denial seems to be a generational thing.
When I was growing up, environmentalism meant conservationism. Mowing your lawn and not littering were ways to particpate.
Then people started talking about acid rain, eutrophication of the great lakes and the ozone layer. It was counter-culture, clearly against the industry establishment. Youth supported these initiatives for awareness and change. Those that didn't, weren't an organized opposition. Industries reduced sulpherous emisions, successfully addressing the dead lakes and dead trees from acid rain. Sulphates in soaps were controlled, bringing back Lake Erie from being a stew of algae. Chloroflorcarbons were controlled to address the ozone layer.
Then came the next generation. Global warming became a more serious issue, atmospheric carbon dioxide being observed as the cause. It wasn't as localized as the other issues, and not as easy to address as the ozone issues. Environmentalism was mainstream. Suddenly being anti-environmentalist was the "alternative". "open your eyes" was the call to action "big environment money" was the real cause. Supporting environmentalism was supporting the mainstream government.
The environmental movement was successful because it achieved results on a global scale. Not because it's part of a big moneyed establishment conspiracy. It's embarrassing to be on a site with so many of these anti-environmental twits.
Sometimes I think the only way to get them on-board is to make environmentalism look like some alternative viewpoint being suppressed by a self-serving government conspiracy. Like starting stories that the government is taxing hard-working people, subsidizing oil and gas to increase atmospheric carbon so that real-estate speculators can get a windfall return on investments in the Ozarks.
Beating these people over the head with mainstream movies? it only supports the "big environment" theory.
If I didn't need virtual machines, I wouldn't have the software I need to use 32G of RAM. E.g., simulating HA clusters, front-ends, backends, different clients etc.
So yes, VMs. Otherwise I would be fine on an 8G Macbook with a 128G SSD. (4G if I wasn't lazy about closing tabs).
The magic mouse is great. Scrolling left and right and a convenient scroll is worth the weird right-click, short-ish battery life and the reboots when Bluetooth goes haywire.
Ok, Apple sucks, but they suck less than the competition.
Slashdot Mirror
Alicebob, ALICEbob, aliceBob, aliceBOB, ALICEBoB, AliceBob....
But then, we're talking about systems which usually require three character classes, so more likely:
AliceBob!, Alic3bob, AliceB0b, Alice1Bob, alice-Bob, Alice!bob, alice4Bob....
All of this assuming a twit user who's intentionally trying to pick something weak.
"something better" is more likely trust relationships or automated secret management in the form of tight password manager integration. I don't think it unlikely to see this in the next 10 years. Some people have it today. You might say a 64 character random unicode string is still a password, but it's getting tough to distinguish it from a more arbitrary shared secret.
Yes, mandatory character classes reduce the entropy of the password, but password attacks are not random and most passwords are not random. If you use a 2^16 character set for the password on an 8-character password, yes, a user might pick a random number between 1 and 340282366920938463463374607431768211456 and render it in printable and non-printable unicode but more than likely they'll pick "alicebob".
Removing the combinations comprised solely of a single character class means that yes, the attacker doesn't need to guess the smaller set of passwords, but it also means that no password is within that smaller set.
Password managers and solutions for the hundreds of unique passwords users have is a separate issue. There are a lot of issues around passwords, none of which can be looked at in isolation. Password management and character classes are two parts.
E.g., the specific details as to why a password policy is put in place has to do in part with what the specific technology supports. This NIST guideline means that software should be supporting better methods. 10 years from now, one would hope they're universal, but one would also hope that in 10 years passwords will be replaced with something better.
Leave the interpretation of NIST and its relevance to your organization to the Infosec team. Infosec is very aware NIST exists.
If you'd rather not, you can go explain to auditors, customers and executives about your "bullshit" theory.
Realistically, you'll probably just include some mixed case and a number in a password rather than fight this battle, it's much less effort. The news here from an infosec standpoint is that NIST is getting sane about this stuff. No doubt because of the decades of feedback from infosec professionals.
Personally, I disagree with the position on mandatory character classes, but fortunately it's a "SHOULD NOT" and not a "MUST", nor is NIST a rule, it's a guideline. For certain types of passwords and certain types of leaks, mandatory character classes increase the space *required* to break a password. It doesn't matter that 'ahwfovuu' could be randomly generated from upper/lower/symbols/numbers etc, when it could be brute forced with only one character class.
OTOH, I regularly sat on calls and stated flat out to customers that we do not and would not do arbitrary password expiration, regardless of standards. I would highlight it as a point where we're not compliant and would not be compliant. As dumb as it sounds, this statement would appear on reports up to the top.
I'm not looking forward to smart-ass developers raising this as a "counterargument" to why Infosec should bend policies because their favourite password generator tool doesn't support mandatory character classes.
"The issue is that users didn't want to learn a new interface"
No. My issues with the ribbon are:
"If you are a true master, you should be able to explain concepts in a way that even a child can understand. "
This isn't needed to be a master in a field and it isn't necessary unless you're speaking to novices or people outside the field. Sagan, Hawking or Feynman are good examples of this. Einstein was a real aberration, where even some of his papers were written with disarming clarity.
For Trump, I think you're mixing this up with the Dunning Kruger effect, where a person's inability to understand what's going on around them makes them think they have a better understanding than the experts.
BSD is free like the Grimm fairytales.
Sometimes you're shared the stories and you're allowed to reshare them, e.g. from Gutenberg. Sometimes you're not. E.g. from Disney.
BSD gives you the freedom to take it, modify it, distribute it and not allow the recipient the same benefit.
"Free as in beer" doesn't imply the knowledge nor right to start a brewery and produce your own. It's ridiculous to say Linux is free as in beer.
"All this tells us is that Verio/NTT.net is a crappy hosting provider, not that Giuliani has done anything wrong."
He outsourced to a 2-bit shop with no recognition of the reputational risk. That's a security fail.
"True, it's the only smartphone on which you can't install an application unless approved by the phone manufacturer. Nobody had that idea before."
Other phones at the time didn't let you install an application, updates, ringtones or anything unless approved by the TELCO.
So yep, opening it up to the manufacturer to sell you apps was a huge move forward. It meant strong-arming the telcos with overwhelming demand else they wouldn't carry Apple's new little product.
The assertion of em drive is not based on theory, but alleged observation.
Conflicting measurements are evidence of experimental error. China's trying a new experiment, hopefully their measurements agree with some others. I think we both expect the outcome to be "no thrust".
It looks like a fun experiment. Not sure why they feel it's worth investigating, but maybe it's related to another project and not a high cost item for them.
If it works, you can propose your unicorn attractor constant.
In the case of Brown, there's lying witnesses, which isn't fake news. In Rathergate, CBS was duped by a fake source, and people were fired over what happened.
In 2005 you couldn't just come up with the idea to create a fake article about it on a fake news website and spread it on Twitter and Facebook.
No, the "fake news" of the last few months has been the fabricated news pupping up hysterical memes so as to generate millions of dollars in ad revenue. It's genuinely fake. The people writing it don't even believe it.
https://en.wikipedia.org/wiki/List_of_fake_news_websites
This is an example of a well-shared fake news story on a fake news site: http://web.archive.org/web/20161107053425/http://denverguardian.com/2016/11/05/fbi-agent-suspected-hillary-email-leaks-found-dead-apparent-murder-suicide/?utm_content=buffer013fc
"Denver Guardian is Denver's oldest news source and one of the longest running daily newspapers published in the United States. With a focus on local content, the Guardian thrives to maintain a non-partisan newsroom making our content the most reliable source available in print and across the web. "
The Denver Guardian isn't a real newspaper.
https://en.wikipedia.org/wiki/Denver_Guardian
I don't think you know what "fake news" is.
They're what Mac users use because in the interest of ease-of-use, they have no home or end keys, but have two-extra modifier keys (Fn and Cmd). Ctrl-a => home (Windows), Ctrl-e => end, Ctrl-k => shift-end, delete.
Cmd-a => Ctrl-a.
https://support.apple.com/en-us/HT201236
I think some of these keys derive from ancient Unix days. Jobs being reluctant to even put arrow keys on the Mac. They are basic and have been around forever, but only if you're a Mac user or ancient Unix guy.
It distracted kids in schools and got used for bullying etc. It also got picked up by people who wanted to talk to kids in schools, which is not good either. Yik Yak blocked the app at schools in the U.S....
https://techcrunch.com/2014/03/13/amid-vicious-bullying-threats-of-violence-anonymous-social-app-yik-yak-shuts-off-access-to-u-s-middle-high-school-students/
"As for how the blocks will affect Yik Yak’s user growth, the company isn’t concerned, saying that the app is still doing “very well” at colleges and the publicly cited user numbers have been grossly under-reported."
I would guess the kids who used it and were blocked, graduated as kids who forgot it existed.
An interesting keyboard hack came up for the T430 : http://www.thinkwiki.org/wiki/...
The T420 (which I'm using heavily as a lab machine (16G RAM, 512G SSD, 1TB HDD, + empty ultrabay) has a CPU which runs a bit hot and has poor battery life. The T430 changed the keyboard layout, but better CPU, the T440 has an insanely bad touchpad design with no physical buttons. This meant for a while if you wanted a reasonable touchpad and keyboard on a Thinkpad, you had to look backwards to the T420.
Compared to other manufacturers though, the T440 and T450 at least have home/end/ins/del/pgup/pgdn and prtsc reachable without fn-key combinations, Why they put prtsc next to ctl is beyond me though, but at least they stopped screwing with the design for a while, refined the T430 design instead (grouping function keys by 4s etc.) and they didn't follow the Apple to put the power button next to backspace.
...now the T460 threw out the ins key... I think for an oversized delete and oversized escape next to all their already undersized function keys. "Improvements". Maybe they'll fix it in the T470...
Awesome, I'll add it to my list to check out. I'm not thrilled about the keyboard layout, but there isn't a manufacturer left who respects keyboard layouts. Apple and Lenovo used to be good about it, but those days are over.
Running the kernel is no problem.
Having working sound, volume controls, 3d support, wifi, touchpad w. multi-touch, Bluetooth, suspend, hibernate (and resume), etc, etc. is another matter.
For me, having a keyboard which doesn't mix up Fn and Ctrl (with no abilty to remap), or disposes of home/end/pgup/pgdn in favour of putting prtscr next to Ctrl, or forward/back buttons over the arrow keys, keeps function keys as function keys and possibly has a mouse with three buttons... these are the difference between an crappy Linux laptop and an ok Linux laptop.
Give it 8h battery life (genuine 8h, not pretend 8h), upgradable RAM, upgradable storage, and a high resolution display with good viewing angles, HDMI out (or similar)... then we're talkign a great Linux laptop.
This might only be the XPS13 or circa 2011 Thinkpads.
I'm in a major North American city and Google maps has almost no data on the construction in town. Some of it weeks after it began.
I also don't trust Google maps for traffic. They seem to mark a route "Red" as heavy traffic faster than Apple maps, to the point that I ignore their statements on traffic density... the roads are usually not as bad as they say they are.
Apple maps are quicker to read, faster to load, give me better traffic. OpenStreetmap gives me better detail on streets, walking paths, geography and cycling paths. Google maps are better than all of these at finding addresses, and nobody has anything better than Google Streetview.
We can't forget that Apple is making money, and a lot of money, selling phones. You're paying for that mapping sofware. Google is an advertising company, they make money selling your location and other information about you. The privacy reasons keep my feet out of Google as much as possible, but the alternatives have advantages.
It's a ridiculous sentence, but it was a teaser to go into a discussion on valence electrons... the editors left the statement in like it was some kind of conclusion, rather than the beginning of the article.
No, I'm only commenting on the counter-culture draw to anti-environmentalism.
I agree, scepticism is important for science. If you deny AGW claims and you're a scientist, you're in a very small minority. That doesn't mean you're not a good scientist. You will be scrutinized more carefully, but that's not a bad thing.
There's decades of more nuanced materials on AGW. These documentaries or docudramas are not scientific papers, and they're not where most geeks get their info.
The idea that man is soley responsible for climate change is absolutely a fallacious and unscientific idea. You're the only one talking about it.
What's interesting here, is that there's a willful and direct stupidity. I mean, the post infers something ludicrous from something that wasn't said, then attacks that argument. It's a straw man, followed up with an ad hominem.
There's another ad hominem, with a vague and nebulous claim of something which wasn't said.
There's no sense, logic or even evidence of basic reading comprehension behind this anonymous post.
Climate change denial seems to be a generational thing.
When I was growing up, environmentalism meant conservationism. Mowing your lawn and not littering were ways to particpate.
Then people started talking about acid rain, eutrophication of the great lakes and the ozone layer. It was counter-culture, clearly against the industry establishment. Youth supported these initiatives for awareness and change. Those that didn't, weren't an organized opposition. Industries reduced sulpherous emisions, successfully addressing the dead lakes and dead trees from acid rain. Sulphates in soaps were controlled, bringing back Lake Erie from being a stew of algae. Chloroflorcarbons were controlled to address the ozone layer.
Then came the next generation. Global warming became a more serious issue, atmospheric carbon dioxide being observed as the cause. It wasn't as localized as the other issues, and not as easy to address as the ozone issues. Environmentalism was mainstream. Suddenly being anti-environmentalist was the "alternative". "open your eyes" was the call to action "big environment money" was the real cause. Supporting environmentalism was supporting the mainstream government.
The environmental movement was successful because it achieved results on a global scale. Not because it's part of a big moneyed establishment conspiracy. It's embarrassing to be on a site with so many of these anti-environmental twits.
Sometimes I think the only way to get them on-board is to make environmentalism look like some alternative viewpoint being suppressed by a self-serving government conspiracy. Like starting stories that the government is taxing hard-working people, subsidizing oil and gas to increase atmospheric carbon so that real-estate speculators can get a windfall return on investments in the Ozarks.
Beating these people over the head with mainstream movies? it only supports the "big environment" theory.
Maybe the $120 model shares the O and 0 keys.
If I didn't need virtual machines, I wouldn't have the software I need to use 32G of RAM. E.g., simulating HA clusters, front-ends, backends, different clients etc.
So yes, VMs. Otherwise I would be fine on an 8G Macbook with a 128G SSD. (4G if I wasn't lazy about closing tabs).
The magic mouse is great. Scrolling left and right and a convenient scroll is worth the weird right-click, short-ish battery life and the reboots when Bluetooth goes haywire.
Ok, Apple sucks, but they suck less than the competition.