I agree with you. But the solution is to change business practices so that bribery isn't as common. Bribery has the same economic downsides as a tax but doesn't produce any public good.
Taxis used to be like the wild west. You sometimes didn't even know the fare before the trip started. And the vehicles weren't maintained. Another - still valid - reason in large cities is to artificially limit the supply due to a finite amount of roadway. This is a legitimate reason. This is a classic example of "tragedy of the commons." Yes it's a tax. The same as a carbon tax or a parking tax or any of the other things that could be free but we choose to tax because it makes society as a whole better off.
Now it may be that our current regulations are outdated now and we need to revise the regulatory system. Another way to break the taxi industry monopoly is self-driving cars and a structure like ZipCar. You just summon your self-driving car from the pool. Of course this brings back the problems of streets being clogged with self-driving cars. And there is exactly one solution. Tax them until the price rises so that demand = supply of roadway. Of course in my solution, you can tax parking more heavily freeing up additional traffic lanes
Breaking the law as a means of protest is valid. But there are consequences. Primarily you go to jail and then a sympathetic press publicizes your case and public opinion changes. Then the law changes. I don't see any Uber execs turning themselves into police, asking to be taken into custody in order to draw attention to the issue. If you think that the right to have unregulated taxis is in any way similar to things like universal suffrage, though, there's probably not an intelligent conversation to be had.
Neither can Android run *all* Android applications! Go the Play store some day and it will show you which of your devices are compatible with the app. Sometimes none of your devices are compatible. Maybe a particular Blackberry device doesn't run as many Android apps as an Android device but it runs a lot of them. And Android devices don't run QNX apps. I would always dislike it when there wasn't a native Blackberry version of an application and I had to use the Android version. But even your rejoinders prove my point. The original post stated that Blackberry wasn't "compatible with anything." I pointed out all the things that it is compatible with. The responses are to add some nuance to my statement. But still you can run almost anything in the Amazon App Store on a Blackberry so calling it "not compatible with anything" is just silly.
Of course there is a disclaimer for things they don't control. But the fact is that Android apps run quite well. You can install the Amazon store using Blackberry World. You can side-load any Android apps that you want. There is also another disclaimer that comes up whenever you run an Android app with a reminder that they have an inferior security model. Don't take my word for it, go Google the disclaimer. I had a Z10 for years and ran any Android app that I wanted. They were a bit slow. But otherwise everything worked.
Seriously? There are real BB fans out there. I'm one of them ( and not an AC ). I changed from a Blackberry Z/10 to a Nexus/6 when my company got bought and the acquiring organization wouldn't support the device. (Mobile Iron doesn't support Blackberry). The Nexus/6 is *way* better for things like going on Facebook, buying movie tickets, and every other non-productive activity. But when it came to getting stuff done, the Blackberry Hub was really the ultimate in UI design. BBRY isn't going to do well because most companies are going to BYOD. And if somebody has to fork out $500 of their own money for a device and has to choose between one that is great for personal use and marginal for business use and one that is great for business use and marginal for personal use, they will always choose the former. I also hear that BES is really hard to maintain. I have no first-hand experience. But I will certainly switch back to Blackberry if it becomes a possibility for me. If I want an Android device for recreation, I would rather use a tablet.
This is funny. But is also, unfortunately, -1 WRONG. QNX can run all Android applications and has for quite some time now. They aren't as nice as native apps, but they all run.
If one party gets away with breaking the law due to paying a bribe and another party gets prosecuted for the same offense due to not paying up, the solution isn't to drop the prosecution against the guilty party without the forethought to pay a bribe. It's to prosecute all of the law breakers. I hope that the police in my town are working on this in proportion to how much of a problem it's causing.
This is a loaded question to which you already know the answer. If I'm already going someplace, I'm allowed to take a friend or colleague with me. They can be nice enough to offer me some gas money. If I drive them somewhere that I didn't intend to otherwise go, I'm running a taxi service. There are grey areas all the time with people personally known to you that might run afoul of some interpretations of taxi regulations. When you start driving strangers to places that you wouldn't otherwise be going in exchange for money, it's a clear violation. The fact that some grey area may exist doesn't in any way make blatantly illegal activities any less illegal.
These devices certainly can leak incriminating information. But since most of us are law-abiding it is way more likely that our mobile devices will provide exonorating evidence than incriminating. The government has gotten good at using the information offensively. The private sector just isn't as skilled yet in defensive use. If your wife comes up dead, you are always the first suspect. If you can really show that you were in Cleveland on business that day, probably saves the hassle of a trial. If the government wants to hold you on terrorism charges, cell tower data becomes meaningless. The criminals will eventually get good at faking this data. Hire a courier to carry a package across town, pay in cash. Bury your phone in the box and you've got an alibi. But for most of us most of the time, our activities are innocent and documenting that fact is probably a net benefit.
The article is (as expected) light on details since this is newly disclosed. I've had machines where the BIOS would require confirmation from a connected PS/2 keyboard before certain changes were written. Added a need for physical access in order to write anything to SMM. All the terms have changed but it seems the same principle here. If I can update the firmware, I can keep a machine compromised forever.
Somebody would do a study saying the the high temperature is a sexist way to get women to show more skin. You just can't win in these situations. And I see nothing wrong with the work sweater. I'm a guy and I often carry one. Also on airplanes I'm always freezing in long pants and sleeves, although I see plenty of people in shorts.
The proof that turning it off over the weekend will save money is this. Imagine that they turned it off for some arbitrarily long time (say a century). Would that save money? Of course. How about for half a century. Et cetera. You have to pay to cool it back down again and that offsets some of the savings of letting the temperature rise. The question really is where the break-even point comes in. If you let the temperature rise back to ambient and then immediately cool down to desired temperature, that should be an approximately break-even time. Anything longer and you are ahead. Anything shorter and well you really haven't turned it off!
The job of executive leadership is to tell a nice story and not let facts get in the way. The job of engineering is make factual decisions without letting the nice story get in the way. It's much easier to get people to believe things they *want* to believe. Yeah a lot of the stories are thin and many people see right through them. But remember, in corporate communications, you have four groups of people.
Those who want to know the truth and have the acumen to figure it out. Nothing to say to them as they already know. Those who don't want to know the truth but could figure it out. They aren't going to listen. Those who want the truth but don't have the skills to unearth it. They will hang on your every word. Those who have neither the skills nor the desire. I have no idea hos they manage to keep getting paid.
Engineers and programmers aren't good at saying yes until they know how, often to our own detriment. I may not know *how* I'm going to meet payroll (Said in the first person, but I've never had one to meet) but that doesn't mean I'm not determined and confident that I will find a way.
Whoosh! The portion of the thread is entirely humor starting with the NO CARRIER joke. I hate it when that happens. But the good news is that if the SSDs are that big, you can make a giant RAM disk out of virtual memory.
The current Tesla goes almost 300 miles on a single charge. So they are getting pretty close to gas cars. Maybe not yet good enough for fleet vehicles like a taxi that runs 24 hours a day. But I don't *want* to drive more than 300 miles in one day. My body will be tired and sore. So for *most* of us the range is plenty. To your other point, yeah, we can't afford one. But if the Model Three really comes in at $35k, that may be the tipping point.
As EVs get to the point where you can do a full day of driving between charges, I imagine what we will be seeing are charging stations at hotels and restaurants. People will stay in restaurants longer so they get a fuller charge. They probably won't be buying convenience store food items like coffee and candy bars. This will probably mean people spending longer sitting at restaurants so they'll need to have more tables and more parking. Hopefully they can buy the abandoned gas station next door for this purpose.
CTRL-ALT-DEL is handled in a very special way by the BIOS. And that propagates all the way up to the OS. ctrl-shift-esc will also bring up the task manager (in one key combination). If the machine isn't responding, you hit ctrl-alt-del. If the OS is healthy enough to bring up a task manager, it can do so. Otherwise, the BIOS will reboot the machine.
Being able to interact with the freedom to not worry about consequences is what the internet provides for me - otherwise I must be restrained in what I say for fear of the impact, now or in the future.
Fair enough. But this isn't the *intent* of most social media. You might behave responsibly in this situation but, in general, whenever this is allowed, it becomes a feeding frenzy for trolls. Facebook used to have a real names policy and still pretty much does for normal people. It's why all of the moms are on there an comfortable. Gaming sites (Steam, et cetera) don't have this and the environment is one of unrestrained teenagers.
It's getting harder and harder to have a profile you can walk away from and that's not necessarily a bad thing. It means you have to be much more careful expressing unpopular views, but this may actually be good for those views. Triggering negative reactions isn't a great way to get your point across.
The only real time you need anonymity is fighting oppressive regimes and, in that case, you have a much different problem set.
I don't know of any online password managers implemented this way. They keep the backup of your encrypted password file and keep it synchronized. When you need to use a password, you download that file, decrypt it, and then automatically fill in the password field. If implemented the way you describe, I would agree to avoid them. But the ones mentioned in this thread, as far as I know (and other commenters seem to think so as well), don't work that way. They are simply a better version of the process you described and accessible to more people.
I wish that I hadn't commented so that I could mod the parent up. The reason we are in this situation is that the uniform application of the same level of security to different targets. There are *two* targets to think about. The web site operator and you. Unless you are a member of a clandestine state organization, a public figure, or wealthy enough to buy Dice and return/. to the glory days, you really aren't a target. If you are, there isn't information here to help you. Most web sites aren't a direct target. AMC isn't so worried about somebody hacking into their web site and using my account to buy a movie ticket. However, they *should* be concerned that their password database is somehow exfiltrated and cracked. Now anybody reusing a password is a potential victim of financial fraud and will be mad at AMC (even though they shouldn't have used the same password somewhere important). So they make you use something ridiculous. I am not enough of a target to be worth a targeted attack. However there are a lot of low-value targets like me. Put us all together and it is worthwhile so we need enough protection that we can't be aggregated. Hence when you look at encryption (and here is a similar case), the important part is that successfully circumventing on person's security doesn't compromise others. Key loggers and such are effective because you can compromise a lot of machines at once via malware. Then script out the money-stealing part. Password managers ( if reasonably well implemented) don't change this. For that you need some sort of challenge/response or OTP mechanism. But the password manager protects you from the situation where the *server* get hacked. Keep your client machines secure and you are safe from that vector. Password managers are an improvement over not having them which was the original thesis of the article. They aren't a complete solution for high-security situations. It's like locking your door. If a web site *thinks* they need to be more secure than can be done with passwords, have them issue smart cards to their users!
Sending a text message and calling it two-factor authentication is actually pretty good. Probably an order of magnitude better than just a weak password alone. Not sure why you are so dismissive. I realize it may not help against a targeted attack. But it is pretty effective against keyloggers on the client and mitigates damage if the server gets hacked revealing the password hashes (which might as well not be hashed if the passwords are weak). If nothing else, the text message technique adds a certain number (usually six) of random digits to the end of the password, turning a weak password into (effectively) a strong one. Smart cards are better from a technology perspective. The RSA-style tokens as well (costs $10 million to get the seed data which is at least a barrier). But they have the disadvantage that you have to have one card/token per authentication domain. The text message version you can have one phone to rule them all. There's a limit to how many of these authentication devices we can all keep around. For banking, can the smart card readers present in pretty much every laptop these days be used to verify that I'm in possession of the card that they issued me? If so, there's an easy solution for banking. Can probably be extended to other transactions types as well. This is somewhat long-winded but I felt compelled to discuss in a bit more detail when an otherwise deserving +4 is so dismissive of the text messaging layer.
A (well implemented) online password manager is just an encrypted database of your passwords using a simple piece of software. Just gets backed up for you for free. And usually has some clever tools to make it easier to get the data in to the password fields. There's already a more detailed explanation in this thread of how they work. Pretty much how your system does but more convenient.
The opposite of "online privacy," in many cases, is "personal brand value." I'm not sure that maximizing privacy online makes a lot of sense for most people.
Slashdot Mirror
I agree with you. But the solution is to change business practices so that bribery isn't as common. Bribery has the same economic downsides as a tax but doesn't produce any public good.
Taxis used to be like the wild west. You sometimes didn't even know the fare before the trip started. And the vehicles weren't maintained. Another - still valid - reason in large cities is to artificially limit the supply due to a finite amount of roadway. This is a legitimate reason. This is a classic example of "tragedy of the commons." Yes it's a tax. The same as a carbon tax or a parking tax or any of the other things that could be free but we choose to tax because it makes society as a whole better off. Now it may be that our current regulations are outdated now and we need to revise the regulatory system. Another way to break the taxi industry monopoly is self-driving cars and a structure like ZipCar. You just summon your self-driving car from the pool. Of course this brings back the problems of streets being clogged with self-driving cars. And there is exactly one solution. Tax them until the price rises so that demand = supply of roadway. Of course in my solution, you can tax parking more heavily freeing up additional traffic lanes Breaking the law as a means of protest is valid. But there are consequences. Primarily you go to jail and then a sympathetic press publicizes your case and public opinion changes. Then the law changes. I don't see any Uber execs turning themselves into police, asking to be taken into custody in order to draw attention to the issue. If you think that the right to have unregulated taxis is in any way similar to things like universal suffrage, though, there's probably not an intelligent conversation to be had.
Neither can Android run *all* Android applications! Go the Play store some day and it will show you which of your devices are compatible with the app. Sometimes none of your devices are compatible. Maybe a particular Blackberry device doesn't run as many Android apps as an Android device but it runs a lot of them. And Android devices don't run QNX apps. I would always dislike it when there wasn't a native Blackberry version of an application and I had to use the Android version. But even your rejoinders prove my point. The original post stated that Blackberry wasn't "compatible with anything." I pointed out all the things that it is compatible with. The responses are to add some nuance to my statement. But still you can run almost anything in the Amazon App Store on a Blackberry so calling it "not compatible with anything" is just silly.
Of course there is a disclaimer for things they don't control. But the fact is that Android apps run quite well. You can install the Amazon store using Blackberry World. You can side-load any Android apps that you want. There is also another disclaimer that comes up whenever you run an Android app with a reminder that they have an inferior security model. Don't take my word for it, go Google the disclaimer. I had a Z10 for years and ran any Android app that I wanted. They were a bit slow. But otherwise everything worked.
Seriously? There are real BB fans out there. I'm one of them ( and not an AC ). I changed from a Blackberry Z/10 to a Nexus/6 when my company got bought and the acquiring organization wouldn't support the device. (Mobile Iron doesn't support Blackberry). The Nexus/6 is *way* better for things like going on Facebook, buying movie tickets, and every other non-productive activity. But when it came to getting stuff done, the Blackberry Hub was really the ultimate in UI design. BBRY isn't going to do well because most companies are going to BYOD. And if somebody has to fork out $500 of their own money for a device and has to choose between one that is great for personal use and marginal for business use and one that is great for business use and marginal for personal use, they will always choose the former. I also hear that BES is really hard to maintain. I have no first-hand experience. But I will certainly switch back to Blackberry if it becomes a possibility for me. If I want an Android device for recreation, I would rather use a tablet.
This is funny. But is also, unfortunately, -1 WRONG. QNX can run all Android applications and has for quite some time now. They aren't as nice as native apps, but they all run.
If one party gets away with breaking the law due to paying a bribe and another party gets prosecuted for the same offense due to not paying up, the solution isn't to drop the prosecution against the guilty party without the forethought to pay a bribe. It's to prosecute all of the law breakers. I hope that the police in my town are working on this in proportion to how much of a problem it's causing.
This is a loaded question to which you already know the answer. If I'm already going someplace, I'm allowed to take a friend or colleague with me. They can be nice enough to offer me some gas money. If I drive them somewhere that I didn't intend to otherwise go, I'm running a taxi service. There are grey areas all the time with people personally known to you that might run afoul of some interpretations of taxi regulations. When you start driving strangers to places that you wouldn't otherwise be going in exchange for money, it's a clear violation. The fact that some grey area may exist doesn't in any way make blatantly illegal activities any less illegal.
These devices certainly can leak incriminating information. But since most of us are law-abiding it is way more likely that our mobile devices will provide exonorating evidence than incriminating. The government has gotten good at using the information offensively. The private sector just isn't as skilled yet in defensive use. If your wife comes up dead, you are always the first suspect. If you can really show that you were in Cleveland on business that day, probably saves the hassle of a trial. If the government wants to hold you on terrorism charges, cell tower data becomes meaningless. The criminals will eventually get good at faking this data. Hire a courier to carry a package across town, pay in cash. Bury your phone in the box and you've got an alibi. But for most of us most of the time, our activities are innocent and documenting that fact is probably a net benefit.
The article is (as expected) light on details since this is newly disclosed. I've had machines where the BIOS would require confirmation from a connected PS/2 keyboard before certain changes were written. Added a need for physical access in order to write anything to SMM. All the terms have changed but it seems the same principle here. If I can update the firmware, I can keep a machine compromised forever.
Somebody would do a study saying the the high temperature is a sexist way to get women to show more skin. You just can't win in these situations. And I see nothing wrong with the work sweater. I'm a guy and I often carry one. Also on airplanes I'm always freezing in long pants and sleeves, although I see plenty of people in shorts.
The proof that turning it off over the weekend will save money is this. Imagine that they turned it off for some arbitrarily long time (say a century). Would that save money? Of course. How about for half a century. Et cetera. You have to pay to cool it back down again and that offsets some of the savings of letting the temperature rise. The question really is where the break-even point comes in. If you let the temperature rise back to ambient and then immediately cool down to desired temperature, that should be an approximately break-even time. Anything longer and you are ahead. Anything shorter and well you really haven't turned it off!
The job of executive leadership is to tell a nice story and not let facts get in the way. The job of engineering is make factual decisions without letting the nice story get in the way. It's much easier to get people to believe things they *want* to believe. Yeah a lot of the stories are thin and many people see right through them. But remember, in corporate communications, you have four groups of people. Those who want to know the truth and have the acumen to figure it out. Nothing to say to them as they already know. Those who don't want to know the truth but could figure it out. They aren't going to listen. Those who want the truth but don't have the skills to unearth it. They will hang on your every word. Those who have neither the skills nor the desire. I have no idea hos they manage to keep getting paid. Engineers and programmers aren't good at saying yes until they know how, often to our own detriment. I may not know *how* I'm going to meet payroll (Said in the first person, but I've never had one to meet) but that doesn't mean I'm not determined and confident that I will find a way.
Whoosh! The portion of the thread is entirely humor starting with the NO CARRIER joke. I hate it when that happens. But the good news is that if the SSDs are that big, you can make a giant RAM disk out of virtual memory.
If you have 64GB of RAM, you can cache the entire SSD. Then you won't have to issue TRIM commands!
The current Tesla goes almost 300 miles on a single charge. So they are getting pretty close to gas cars. Maybe not yet good enough for fleet vehicles like a taxi that runs 24 hours a day. But I don't *want* to drive more than 300 miles in one day. My body will be tired and sore. So for *most* of us the range is plenty. To your other point, yeah, we can't afford one. But if the Model Three really comes in at $35k, that may be the tipping point.
As EVs get to the point where you can do a full day of driving between charges, I imagine what we will be seeing are charging stations at hotels and restaurants. People will stay in restaurants longer so they get a fuller charge. They probably won't be buying convenience store food items like coffee and candy bars. This will probably mean people spending longer sitting at restaurants so they'll need to have more tables and more parking. Hopefully they can buy the abandoned gas station next door for this purpose.
CTRL-ALT-DEL is handled in a very special way by the BIOS. And that propagates all the way up to the OS. ctrl-shift-esc will also bring up the task manager (in one key combination). If the machine isn't responding, you hit ctrl-alt-del. If the OS is healthy enough to bring up a task manager, it can do so. Otherwise, the BIOS will reboot the machine.
Being able to interact with the freedom to not worry about consequences is what the internet provides for me - otherwise I must be restrained in what I say for fear of the impact, now or in the future.
Fair enough. But this isn't the *intent* of most social media. You might behave responsibly in this situation but, in general, whenever this is allowed, it becomes a feeding frenzy for trolls. Facebook used to have a real names policy and still pretty much does for normal people. It's why all of the moms are on there an comfortable. Gaming sites (Steam, et cetera) don't have this and the environment is one of unrestrained teenagers. It's getting harder and harder to have a profile you can walk away from and that's not necessarily a bad thing. It means you have to be much more careful expressing unpopular views, but this may actually be good for those views. Triggering negative reactions isn't a great way to get your point across. The only real time you need anonymity is fighting oppressive regimes and, in that case, you have a much different problem set.
She should have had a personal Twitter handle and one for her business. Mixing the two together doesn't make much sense.
I don't know of any online password managers implemented this way. They keep the backup of your encrypted password file and keep it synchronized. When you need to use a password, you download that file, decrypt it, and then automatically fill in the password field. If implemented the way you describe, I would agree to avoid them. But the ones mentioned in this thread, as far as I know (and other commenters seem to think so as well), don't work that way. They are simply a better version of the process you described and accessible to more people.
I wish that I hadn't commented so that I could mod the parent up. The reason we are in this situation is that the uniform application of the same level of security to different targets. There are *two* targets to think about. The web site operator and you. Unless you are a member of a clandestine state organization, a public figure, or wealthy enough to buy Dice and return /. to the glory days, you really aren't a target. If you are, there isn't information here to help you. Most web sites aren't a direct target. AMC isn't so worried about somebody hacking into their web site and using my account to buy a movie ticket. However, they *should* be concerned that their password database is somehow exfiltrated and cracked. Now anybody reusing a password is a potential victim of financial fraud and will be mad at AMC (even though they shouldn't have used the same password somewhere important). So they make you use something ridiculous. I am not enough of a target to be worth a targeted attack. However there are a lot of low-value targets like me. Put us all together and it is worthwhile so we need enough protection that we can't be aggregated. Hence when you look at encryption (and here is a similar case), the important part is that successfully circumventing on person's security doesn't compromise others. Key loggers and such are effective because you can compromise a lot of machines at once via malware. Then script out the money-stealing part. Password managers ( if reasonably well implemented) don't change this. For that you need some sort of challenge/response or OTP mechanism. But the password manager protects you from the situation where the *server* get hacked. Keep your client machines secure and you are safe from that vector. Password managers are an improvement over not having them which was the original thesis of the article. They aren't a complete solution for high-security situations. It's like locking your door. If a web site *thinks* they need to be more secure than can be done with passwords, have them issue smart cards to their users!
Sending a text message and calling it two-factor authentication is actually pretty good. Probably an order of magnitude better than just a weak password alone. Not sure why you are so dismissive. I realize it may not help against a targeted attack. But it is pretty effective against keyloggers on the client and mitigates damage if the server gets hacked revealing the password hashes (which might as well not be hashed if the passwords are weak). If nothing else, the text message technique adds a certain number (usually six) of random digits to the end of the password, turning a weak password into (effectively) a strong one. Smart cards are better from a technology perspective. The RSA-style tokens as well (costs $10 million to get the seed data which is at least a barrier). But they have the disadvantage that you have to have one card/token per authentication domain. The text message version you can have one phone to rule them all. There's a limit to how many of these authentication devices we can all keep around. For banking, can the smart card readers present in pretty much every laptop these days be used to verify that I'm in possession of the card that they issued me? If so, there's an easy solution for banking. Can probably be extended to other transactions types as well. This is somewhat long-winded but I felt compelled to discuss in a bit more detail when an otherwise deserving +4 is so dismissive of the text messaging layer.
A (well implemented) online password manager is just an encrypted database of your passwords using a simple piece of software. Just gets backed up for you for free. And usually has some clever tools to make it easier to get the data in to the password fields. There's already a more detailed explanation in this thread of how they work. Pretty much how your system does but more convenient.
The opposite of "online privacy," in many cases, is "personal brand value." I'm not sure that maximizing privacy online makes a lot of sense for most people.