You can honestly not think of any reason why a strong password is not always required?
Once the password gets too complex, I believe people become more likely to (1) write it down and (2) use the same strong password for everything. Those may or may not be more of a problem than a weak password, depending on your attack profiles. Certainly they are less of a problem than the ten most common passwords.
Two-factor authentication helps. Text message verification helps. IP-based verification helps. Security questions help. It's about reducing the possibility of compromise. You can't actually prevent all compromise, although physical tokens like synchronized pre-seeded RNG generators not connected to the net aren't terrible at it, for example.
I'm in favor of major copyright reform, but let's not stick our heads in the sand. The copyright law needs to change, but the pirate bay is violating it. The pirate bay is *designed* to facilitate the illegal copying of copy-protected works. They are trying to get around being criminally liable by not storing the files themselves, basically turning themselves into a search engine of Illegally copied works.
It turns out judges are not morons. And the law can punish people even if they don't hold a copied file on their own machine. Just like it can prosecute someone even if they just hand a wrench to a co-conspirator in a murder case.
As to freedom, yes, there are limits on your freedom in order to protect the economic well-being of others. And there should be--that's why society works. Those limits are in the wrong places, and we should fix them. But in the meantime, the law shouldn't be ignored, because when de facto laws and de jure laws differ, it gives more power to government and takes away freedom. Realize that for every day the pirate bay is running, the intelligence services of the world gather data on many thousands of people who can be prosecuted or blackmailed at will--and they have another vector through which to transfer malicious code in the meantime.
Did A German Nuclear Plant Intentionally Leak Radioactive Waste?
Asking this 30 years later and expecting a definitive answer? Seriously?
"Intentionally leaking radioactive waste" is (hopefully!) not so small in a person's memories that the passage of time will severely undermine one's ability to recall whether it occurred. Also, one would hope that nuclear reactors would be required to keep records of their activities indefinitely, so any records that existed thirty years ago should still exist...
The only issue is former employees who have since died or suffer from dementia, etc...
I don't know enough about the smallpox virus, but is it something where we can just map the genome and destroy the real-world copies, then recreate it if we ever need to?
If so, storing it on a USB stick instead of in a test tube might reduce the risk of accidentally killing a few million people.
But yet a Chinese IP "attacking" their systems is grounds enough to start a war with China.
Strange world you Americans live in.
It depends what they're doing with the "attacks." A cyberattack that kills people can obviously be grounds for war.
Nobody is saying a cyberattack is enough to provoke a nuclear response. But if you don't want to get hit and the world has no policemen, you learn to defend yourself and you learn to hit back, until you both realize that it's more productive not to fight.
Your response doesn't need to be the same kind of hit the other person used--it just has to hurt them enough to show them it is unprofitable to continue. (But not so much that they must retaliate because of public demand).
Sure it still sucks, but show me something better and that will suck too.
For Science and Math and a lot of facts, it is much better. But for propaganda, it's much worse. The encyclopaedia entry on a given politician did not used to be made by that politician's intern or PR firm.
But on the other side, consider the productivity cost of having the wrong test scores assigned to kids. While test scores are far from perfect, that kind of wholesale inaccuracy can impact productivity for a generation.
I don't doubt that GM crops are safe. But what about the dirty tricks companies play, such as patenting a gene sequence? Or writing contracts that forbid farmers from harvesting seed, forcing them to buy new seed each time? Or deliberately modifying the genome so the plants are fine with respect to food, but don't produce viable seeds?
Are those things really in society's interest?
Sometimes.
And they're not all "dirty tricks," although some of them are really, deeply inappropriate.
Big companies that spend billions on research legitimately should be able to patent their discoveries for a while in order to fund the research. That's the whole idea of patents. The case law on patentable subject matter is a real mess at best, and more realistically is intellectually dishonest. (More out of frustration with the existing rules than out of any real intent to be evil.)
The contracts are perfectly fine when there is competition--the problem arises when one company has too much market power and abuses it, creating contracts of adhesion in an anti-trust monopolistic way.
As to modifying the plants so they don't produce viable seeds, the LAST thing we want is lots of GMO activity where the plants have the potential to reproduce on their own. Bioengineering is a field of incredible potential and incredible danger. It may give us the opportunity to grow new trees that can handle our warmed planet--but it also risks creating invasive species that never existed in nature.
1. Because there is a distinction between data-mining user information and browsing user profiles as an individual.
2. Because the person did not hold a copyright in any of the material which he scraped and uploaded to another site. The terms of service at the second site require him to only upload material he has a right to upload. He violated their terms of service. I am sure that is why the material is now down. https://osf.io/p9ixw/
Interestingly, though, okcupid's/profile is not blocked in their robots.txt.
The difference is that doing this would put Google maps drivers in danger.
Just like when the CIA sent spies disguised as vaccine workers, and set back the effort to eliminae smallpox worldwide.
It is also use of Google's Trademarks as part of a government surveillance program--this reinforces the notion that Google itself and the American tech sector in general is not only replying to subpoenas, but is actually complicit in warrantless mass surveillance. It is harmful to Google's business reputation.
Napoleon was the best general in the world because he bought the Newspapers. Propaganda is a weapon of war and a way to shape society and opinion.
Manipulating trending topics is essentially a violation of the neutrality that people expect from their data providers. (And that we require from common carriers. Facebook is basically a common carrier at this point--how many hundreds of millions of messages, articles, advertisements, events, etc... go through Facebook?)
Secret investigations are often necessary for a time to allow law enforcement investigations to proceed.
Right up until the moment when you take someone to court. If you don't disclose how evidence was obtained, then there is nothing to prevent en masse violation of the Constitution--no matter how good your intentions or how bad the people you are going after.
This is a basic practice of learning. You can try to make a couple of great works in a lifetime but take forever to finish a work, or you can be prolific and learn how to make lots of works, including a bunch of great ones. A few people get away with the "a couple of great works" thing. (IIRC, Picasso did this). But most people learn more by jumping in.
The study I remember on this involved learning to make pottery. If group A tries to make every bowl perfect and group B makes a lot of bowls, then after a few weeks group B produces much better bowls.
There are obviously limits and variables on this--a master builder cares more about his product and may build more slowly than your average builder, for example. And in rare cases, maybe jumping into the wrong software project is worse than learning nothing at all. But in general, working is better than not working.
The problem is if someone's browser overrides that setting, for example.
Some people find darker backgrounds easier on the eyes--there is less light emitted so it is not as big a change from ambient indoor light.
However, studies have shown that black text on a white background results in easier focus, so there are some people where black-on-white is better than white-on-black. https://ux.stackexchange.com/q...
Conclusion: if you can afford (or benefit significantly from) user customization, pick the least offensive default based on market research but leave both options available. If you don't, some of your users will migrate to another search engine.
How do you find a vulnerability without actually testing it?
It almost shouldn't matter in this case. It does, but it shouldn't. When you bring felony charges for basic pen testing, people who find a system is vulnerable are not going to report it. Even if they shouldn't have been snooping around in the first place, isn't it better if they're willing to report the vulnerability before someone does real damage?
Basic SQL injection vulnerabilities are so trivial to guard against these days that it is the person who spec'd or coded the system who should be facing severe punishment, not the person who ran a penetration test. It is very much like leaving a ballot box unguarded and unlocked at a polling place, and then arresting the person who lifts up the lid and says "hey, someone left this unlocked!" Sure, he shouldn't have been checking, but he's not the one who dropped the ball and you don't arrest him for it.
In a worse case, this could have been done easily by a random tech guy barely out of high school, a malicious government, a ransomware operator, or anyone who wanted to steal the election. Many people love this kind of soft target. The local government should be thanking their lucky stars it was done by someone who reported it instead of using it to elect the candidate slate of their choice.
as low end machines where all 32 bit until just a few years ago so many are still in use.netbooks embedded etc.
I guess it's a good thing debian isn't killing off 32 bit support isn't it?
Did you try reading the summary? It says right there, minimum 686 class. Not that they're killing 32 bit support.
He did read the summary. The summary states that Debian will be dropping support for "older, 32-bit processors." There should not have been a comma. The comma makes "older" and "32-bit" coordinate adjectives rather than having "older" modify "32-bit." It is written as if the 32-bit processors are the older processors. And while technically both adjectives apply and it is ambiguous, the implication of a normal reading would be that 32-bit processor support was being discontinued.
Unless you read the whole summary and happened to know which of the processor families have a 32-bit architecture. But many people aren't going to bother when the first sentence says they're discontinuing support for "older, 32-bit processors."
This is more of an issue (in some ways) for litigation. Criminal information will be public for a long time yet; there is too much interest in being able to run background checks. It would be great if we had better laws allowing records to be expunged after a certain number of years, but too many upper-middle-class people have so little exposure to law enforcement (or have such limited time) that they use "has an arrest record" as a proxy for "will be a bad employee/tenant/etc..."
But on the civil side, one of the benefits of most settlements, mediations, and arbitrations is that the result is secret rather than public. The bigger benefit is that it is so much faster than having to go to court, which can take years to resolve issues you should be able to hash out in less than six months.
And then there is the national security and "under seal" stuff, which should probably have a default expiry date for the seal any time something is filed under seal.
Why aren't patents owned or funded by the federal government in the public domain? Can anyone justify why the Bayh-Dole Act gives universities control of patents generated by federally funded research? If NASA, NSF, or some other government agency gives a grant to a university to do research, the university owns the patents and they must be licensed by the public. Can anyone justify this? I'm glad to see patents in the public domain, but it's not nearly enough.
There are legitimate policy reasons for it, although it would also be legitimate to have outright dedication to the public domain, for example; it's a policy choice where people can come down either way.
Notably, the inventions go into the public domain in a few decades anyway, and the grants are helping to fund science education, so the public is still getting a significant benefit. It also keeps more labs interested: Universities are less likely to hesitate to apply for a grant, patent royalties may help subsidize education even long after the grant is spent, etc...
Finally, this means labs are sometimes able to combine government grants with private funding, which would not be the case if the University did not know it would get the patent rights.
"More than 98% of the Google account credentials in this research turned out to be bogus," Google said.
In unrelated news, security researchers discovered today that 'bogus' is the most common password in the universe. They theorize it may have something to do with accidentally allowing Keanu Reeves near a phone booth.
They were up front about the fact that a name would have to be approved before it was applied to the ship.
Boaty MacBoatface was obviously never going to be approved. Whatever snowball's chance in hell it might have had despite its deep irreverence toward Her Majesty's navy was eliminated by the fact that it's calling a ship a boat.
The problem is it's New York Real Estate, money, and political capital. You are *sixteen miles* from the Tappan Zee and thirty miles from the West Side Highway. It makes zero sense to have any risk of a meltdown someplace where real estate is that expensive, the population is that large, and a major chunk of the world economy goes through that population's daily business.
Slashdot Mirror
You can honestly not think of any reason why a strong password is not always required?
Once the password gets too complex, I believe people become more likely to (1) write it down and (2) use the same strong password for everything. Those may or may not be more of a problem than a weak password, depending on your attack profiles. Certainly they are less of a problem than the ten most common passwords.
Two-factor authentication helps. Text message verification helps. IP-based verification helps. Security questions help. It's about reducing the possibility of compromise. You can't actually prevent all compromise, although physical tokens like synchronized pre-seeded RNG generators not connected to the net aren't terrible at it, for example.
I'm in favor of major copyright reform, but let's not stick our heads in the sand. The copyright law needs to change, but the pirate bay is violating it. The pirate bay is *designed* to facilitate the illegal copying of copy-protected works. They are trying to get around being criminally liable by not storing the files themselves, basically turning themselves into a search engine of Illegally copied works.
It turns out judges are not morons. And the law can punish people even if they don't hold a copied file on their own machine. Just like it can prosecute someone even if they just hand a wrench to a co-conspirator in a murder case.
As to freedom, yes, there are limits on your freedom in order to protect the economic well-being of others. And there should be--that's why society works. Those limits are in the wrong places, and we should fix them. But in the meantime, the law shouldn't be ignored, because when de facto laws and de jure laws differ, it gives more power to government and takes away freedom. Realize that for every day the pirate bay is running, the intelligence services of the world gather data on many thousands of people who can be prosecuted or blackmailed at will--and they have another vector through which to transfer malicious code in the meantime.
Asking this 30 years later and expecting a definitive answer? Seriously?
"Intentionally leaking radioactive waste" is (hopefully!) not so small in a person's memories that the passage of time will severely undermine one's ability to recall whether it occurred. Also, one would hope that nuclear reactors would be required to keep records of their activities indefinitely, so any records that existed thirty years ago should still exist...
The only issue is former employees who have since died or suffer from dementia, etc...
For the love of Dog, compress it! tar cvfz / tar xvfz, how hard can it be ?
And maybe drop the verbose flag...
I don't know enough about the smallpox virus, but is it something where we can just map the genome and destroy the real-world copies, then recreate it if we ever need to?
If so, storing it on a USB stick instead of in a test tube might reduce the risk of accidentally killing a few million people.
But yet a Chinese IP "attacking" their systems is grounds enough to start a war with China.
Strange world you Americans live in.
It depends what they're doing with the "attacks." A cyberattack that kills people can obviously be grounds for war.
Nobody is saying a cyberattack is enough to provoke a nuclear response. But if you don't want to get hit and the world has no policemen, you learn to defend yourself and you learn to hit back, until you both realize that it's more productive not to fight.
Your response doesn't need to be the same kind of hit the other person used--it just has to hurt them enough to show them it is unprofitable to continue. (But not so much that they must retaliate because of public demand).
Sure it still sucks, but show me something better and that will suck too.
For Science and Math and a lot of facts, it is much better. But for propaganda, it's much worse. The encyclopaedia entry on a given politician did not used to be made by that politician's intern or PR firm.
Therefore, only those who could afford a mobile device with a cache of wikipedia could cheat...
This may help on some tests, but limits the effectiveness of nationwide tweets where "the answer to question n is three," etc...
But on the other side, consider the productivity cost of having the wrong test scores assigned to kids. While test scores are far from perfect, that kind of wholesale inaccuracy can impact productivity for a generation.
I don't doubt that GM crops are safe. But what about the dirty tricks companies play, such as patenting a gene sequence? Or writing contracts that forbid farmers from harvesting seed, forcing them to buy new seed each time? Or deliberately modifying the genome so the plants are fine with respect to food, but don't produce viable seeds?
Are those things really in society's interest?
Sometimes.
And they're not all "dirty tricks," although some of them are really, deeply inappropriate.
Big companies that spend billions on research legitimately should be able to patent their discoveries for a while in order to fund the research. That's the whole idea of patents. The case law on patentable subject matter is a real mess at best, and more realistically is intellectually dishonest. (More out of frustration with the existing rules than out of any real intent to be evil.)
The contracts are perfectly fine when there is competition--the problem arises when one company has too much market power and abuses it, creating contracts of adhesion in an anti-trust monopolistic way.
As to modifying the plants so they don't produce viable seeds, the LAST thing we want is lots of GMO activity where the plants have the potential to reproduce on their own. Bioengineering is a field of incredible potential and incredible danger. It may give us the opportunity to grow new trees that can handle our warmed planet--but it also risks creating invasive species that never existed in nature.
1. Because there is a distinction between data-mining user information and browsing user profiles as an individual.
2. Because the person did not hold a copyright in any of the material which he scraped and uploaded to another site. The terms of service at the second site require him to only upload material he has a right to upload. He violated their terms of service. I am sure that is why the material is now down. https://osf.io/p9ixw/
Interestingly, though, okcupid's /profile is not blocked in their robots.txt.
The difference is that doing this would put Google maps drivers in danger.
Just like when the CIA sent spies disguised as vaccine workers, and set back the effort to eliminae smallpox worldwide.
It is also use of Google's Trademarks as part of a government surveillance program--this reinforces the notion that Google itself and the American tech sector in general is not only replying to subpoenas, but is actually complicit in warrantless mass surveillance. It is harmful to Google's business reputation.
They're not exactly the highest professional or unbiased quasi news entity either.
But that does not mean they're wrong.
Napoleon was the best general in the world because he bought the Newspapers. Propaganda is a weapon of war and a way to shape society and opinion.
Manipulating trending topics is essentially a violation of the neutrality that people expect from their data providers. (And that we require from common carriers. Facebook is basically a common carrier at this point--how many hundreds of millions of messages, articles, advertisements, events, etc... go through Facebook?)
Secret investigations are often necessary for a time to allow law enforcement investigations to proceed.
Right up until the moment when you take someone to court. If you don't disclose how evidence was obtained, then there is nothing to prevent en masse violation of the Constitution--no matter how good your intentions or how bad the people you are going after.
Your memory is very faulty. Picasso produced thousands of works.
So maybe he was the example on the other side of the story I read. Either way, the point stands.
This is a basic practice of learning. You can try to make a couple of great works in a lifetime but take forever to finish a work, or you can be prolific and learn how to make lots of works, including a bunch of great ones. A few people get away with the "a couple of great works" thing. (IIRC, Picasso did this). But most people learn more by jumping in.
The study I remember on this involved learning to make pottery. If group A tries to make every bowl perfect and group B makes a lot of bowls, then after a few weeks group B produces much better bowls.
There are obviously limits and variables on this--a master builder cares more about his product and may build more slowly than your average builder, for example. And in rare cases, maybe jumping into the wrong software project is worse than learning nothing at all. But in general, working is better than not working.
How do we know it's a link if it's the same color as the text? The whole point of hypertext is that links are called out visually.
CSS can be used to change the followed link color. http://www.w3schools.com/css/c...
The problem is if someone's browser overrides that setting, for example.
Some people find darker backgrounds easier on the eyes--there is less light emitted so it is not as big a change from ambient indoor light.
However, studies have shown that black text on a white background results in easier focus, so there are some people where black-on-white is better than white-on-black. https://ux.stackexchange.com/q...
Conclusion: if you can afford (or benefit significantly from) user customization, pick the least offensive default based on market research but leave both options available. If you don't, some of your users will migrate to another search engine.
How do you find a vulnerability without actually testing it?
It almost shouldn't matter in this case. It does, but it shouldn't. When you bring felony charges for basic pen testing, people who find a system is vulnerable are not going to report it. Even if they shouldn't have been snooping around in the first place, isn't it better if they're willing to report the vulnerability before someone does real damage?
Basic SQL injection vulnerabilities are so trivial to guard against these days that it is the person who spec'd or coded the system who should be facing severe punishment, not the person who ran a penetration test. It is very much like leaving a ballot box unguarded and unlocked at a polling place, and then arresting the person who lifts up the lid and says "hey, someone left this unlocked!" Sure, he shouldn't have been checking, but he's not the one who dropped the ball and you don't arrest him for it.
In a worse case, this could have been done easily by a random tech guy barely out of high school, a malicious government, a ransomware operator, or anyone who wanted to steal the election. Many people love this kind of soft target. The local government should be thanking their lucky stars it was done by someone who reported it instead of using it to elect the candidate slate of their choice.
as low end machines where all 32 bit until just a few years ago so many are still in use.netbooks embedded etc.
I guess it's a good thing debian isn't killing off 32 bit support isn't it?
Did you try reading the summary? It says right there, minimum 686 class. Not that they're killing 32 bit support.
He did read the summary. The summary states that Debian will be dropping support for "older, 32-bit processors." There should not have been a comma. The comma makes "older" and "32-bit" coordinate adjectives rather than having "older" modify "32-bit." It is written as if the 32-bit processors are the older processors. And while technically both adjectives apply and it is ambiguous, the implication of a normal reading would be that 32-bit processor support was being discontinued.
Unless you read the whole summary and happened to know which of the processor families have a 32-bit architecture. But many people aren't going to bother when the first sentence says they're discontinuing support for "older, 32-bit processors."
So his mistake is perfectly understandable.
This is more of an issue (in some ways) for litigation. Criminal information will be public for a long time yet; there is too much interest in being able to run background checks. It would be great if we had better laws allowing records to be expunged after a certain number of years, but too many upper-middle-class people have so little exposure to law enforcement (or have such limited time) that they use "has an arrest record" as a proxy for "will be a bad employee/tenant/etc..."
But on the civil side, one of the benefits of most settlements, mediations, and arbitrations is that the result is secret rather than public. The bigger benefit is that it is so much faster than having to go to court, which can take years to resolve issues you should be able to hash out in less than six months.
And then there is the national security and "under seal" stuff, which should probably have a default expiry date for the seal any time something is filed under seal.
Why aren't patents owned or funded by the federal government in the public domain? Can anyone justify why the Bayh-Dole Act gives universities control of patents generated by federally funded research? If NASA, NSF, or some other government agency gives a grant to a university to do research, the university owns the patents and they must be licensed by the public. Can anyone justify this? I'm glad to see patents in the public domain, but it's not nearly enough.
There are legitimate policy reasons for it, although it would also be legitimate to have outright dedication to the public domain, for example; it's a policy choice where people can come down either way.
Notably, the inventions go into the public domain in a few decades anyway, and the grants are helping to fund science education, so the public is still getting a significant benefit. It also keeps more labs interested: Universities are less likely to hesitate to apply for a grant, patent royalties may help subsidize education even long after the grant is spent, etc...
Finally, this means labs are sometimes able to combine government grants with private funding, which would not be the case if the University did not know it would get the patent rights.
"More than 98% of the Google account credentials in this research turned out to be bogus," Google said.
In unrelated news, security researchers discovered today that 'bogus' is the most common password in the universe. They theorize it may have something to do with accidentally allowing Keanu Reeves near a phone booth.
They were up front about the fact that a name would have to be approved before it was applied to the ship.
Boaty MacBoatface was obviously never going to be approved. Whatever snowball's chance in hell it might have had despite its deep irreverence toward Her Majesty's navy was eliminated by the fact that it's calling a ship a boat.
You don't call a ship a boat. A boat is little. A ship is big. See, e.g., http://www.marineinsight.com/t...
The problem is it's New York Real Estate, money, and political capital. You are *sixteen miles* from the Tappan Zee and thirty miles from the West Side Highway. It makes zero sense to have any risk of a meltdown someplace where real estate is that expensive, the population is that large, and a major chunk of the world economy goes through that population's daily business.