A lot of sites with tough password policies are too self important... Most of the things i'm signed up to online i don't particularly care if they get cracked, and so use weak and easily remembered passwords for them if possible.
Requiring the site name in the password is stupid, anyone launching a brute force attack will simply take that (and any other policy requirements) into account, eg if you know the password policy requires mixed case and minimum length of 8 then you don't need to try all lowercase passwords or anything shorter than 8.
Similarly locking out after a number of guesses is dangerous, that means an attacker who doesn't know your password can still cause a denial of service against your account, and its utterly ineffective against most brute force attacks as they will go after a huge number of usernames using a small number of passwords rather than the other way round.
A few KB saved by an end user on a high speed connection isn't much, but... A few KB multiplied by millions of users accessing a single site soon adds up. And it's also of benefit to those on slow or metered connections.
Development is a fixed cost which remains the same irrespective of how many copies the game sells...
And this is largely why games and software in general are moving towards a free model. Publishers always got greedy, and would continue charging high prices long after the development costs were recovered resulting in extremely high profit margins, and this creates resentment among the customers.
Other things like DRM schemes also create resentment, there are plenty of angry customers who paid full price for a game only to be unable to play it, or have to find a cracked version. This usually causes people to go directly for the cracked version and skip the broken paid version. Where a game is distributed free there is no reason to try and discourage copying (the opposite infact), and if a user downloads a free game only to find it doesn't work they will usually just delete it and forget about it rather than feeling sore about the loss of what to many people is a significant amount of money.
And finally software moves towards a free model because it can... Hardware and services require not only up front development costs, but also ongoing costs for every unit sold whereas software can be infinitely replicated. A lot of software can also be reused, there are lots of ready made game engines out there including free ones and most publishers will reuse code and other assets from one game to the next.
The problem is that hardcore gamers are a niche, these freemium games attract a much large audience and are therefore far more profitable. Also consider multiplayer games, the more players you have the more attractive the game looks, having the game available for free will bring in a lot more players.
Only GnuTLS is not a default part of Linux, its an optional library used by some packages... Most packages seem to use OpenSSL instead, some offer a choice at compile time but most distros build for openssl by default.
How does regulation help if someone breaks into your house and steals a big pile of USD that you keep under your bed? That's basically what's happened with bitcoin, organisations not taking due diligence with their coins and having them stolen.
The constant threat of lawsuits is extremely damaging to society as a whole.. Not just in the workplace, but everywhere. People file lawsuits for all kinds of stupid things, like tripping over a loose paving stone or scolding themselves on a cup of coffee.
What ever happened to personal responsibility?
Everyone now has to pay, not just the cost of the lawsuits but the cost of organisations trying to cover their asses to reduce the number of lawsuits. This results in higher prices, higher taxes, and a much higher risk of your job being outsourced to asia where companies don't have to pay for these risks.
Working as a team cuts both ways... If the owners of the company are busy playing golf and rolling around in cash while the low level employees are on minimum wage while being watched and lorded over then it certainly doesn't feel like a team. If you treat employees well then they will feel some level of loyalty to the company and are far more likely to work harder.
And on another matter, regular breaks are key... You can't concentrate on the same thing for hours on end, especially something which is mundane... Someone who *appears* to be working non stop is probably doing so far less efficiently, making more mistakes and having their mind constantly wandering to other subjects because their slave masters can't see what they're thinking about.
Secure your internal network too, don't rely solely on your border devices... All it takes is one pinhole and you're totally screwed. Treat every device as if it was directly connected to the internet, use secure protocols, disable unnecessary features and choose wisely when buying devices. If you then want to hide these devices behind a firewall *as well* then more power to you, but never rely totally on a firewall because eventually they will fail you one way or another.
This is far more troublesome for people who *do* run servers... If you are getting abusive users from a mobile ISP, how do you ban those users? Block the IP and you block every customer of that isp.
Actually, ipv6 adoption seems to be higher in the US than anywhere else in the world... I run a bunch of dual stack websites, and v6 accounts for about 15% of american traffic and considerably less from other countries.
Or just use a dedicated box for gaming... Not having other crap installed/running will improve gaming performance and reduce other potential compatibility problems too.
The NSA hurt the economy by leaning on american companies to provide backdoors... Considering the scale, had this not been leaked by snowden it would have been leaked by someone else sooner or later. You now have a situation where people no longer trust american companies, and will work hard to break free of any dependence on them. They hurt the economy by spying on trading partners and allies.
Make us less safe?
Less safe from who? Most terrorist groups hate the government, and they only generally hate the people because they think the people have some kind of say over the government... As they come to realise that the people dislike the government as much as they do it may actually make the average guy on the street *more* safe as he is no longer a target.
Continuing development of the original won't be terribly useful when the majority of users have moved on to the new incompatible proprietary version...
By continuing development you will have to reinvent the wheel to duplicate any changes in the proprietary version, reverse engineer to work out any incompatibilities and if you continue releasing your code under the same terms the proprietary version can always take your changes for free while you have to expend significant efforts to replicate theirs.
Plus a proprietary version is likely to have a much bigger marketing budget, and thus the lions share of end users, and with proprietary changes making it ever harder to use the original open version.
There will also be logs of the GET requests (as there seems to be from the article), and if a database backup triggers logs then you could always extract data from the filesystem directly, or from other backups...
Second hand smoke is extremely harmful, the smoker has a filter but those nearby don't...
And i explicitly said "directly harm"... someone sitting in front of me injecting heroin or snorting coke isn't having any immediate effect on me. If he later goes and robs someone because he's desperate for more drugs that's an indirect side effect, and while addiction to drugs is certainly a cause of crime there are other causes too.
Tell me, when you smoke, do you do it in private / entirely away from non smokers, or do you do it in public where others may inhale the fumes?
I suffer from very bad asthma, and inhaling smoke can easily trigger an attack (not just tobacco smoke, other kinds of smoke too), this is not "some far off time" but rather a risk of serious and immediate health problems which i face every day. When it was legal to smoke in bars here, i would simply avoid any establishment which allowed smoking. Now people smoke in the street and i have to be very careful where i go, if someone walking infront of me is smoking it can often cause me severe breathing difficulties and i generally have to cross the street to walk past a bar now (since everyone stands outside to smoke).
Also enjoying smoking is worse than addiction in many ways... Enjoying something which knowingly harms others is abhorrent, while enjoying something which you know is harmful basically amounts to self harm - and people get put in mental hospitals for this.
Smoking does harm to anyone who's physically close enough to inhale the fumes... At least someone who's injecting heroin, snorting cocaine or taking pills etc doesn't directly harm anyone by such actions.
Slashdot Mirror
A lot of sites with tough password policies are too self important... Most of the things i'm signed up to online i don't particularly care if they get cracked, and so use weak and easily remembered passwords for them if possible.
Requiring the site name in the password is stupid, anyone launching a brute force attack will simply take that (and any other policy requirements) into account, eg if you know the password policy requires mixed case and minimum length of 8 then you don't need to try all lowercase passwords or anything shorter than 8.
Similarly locking out after a number of guesses is dangerous, that means an attacker who doesn't know your password can still cause a denial of service against your account, and its utterly ineffective against most brute force attacks as they will go after a huge number of usernames using a small number of passwords rather than the other way round.
How are liability laws not government regulation?
Most of the safety mechanisms in todays cars are transparent to the user and do not inconvenience them in any way...
A few KB saved by an end user on a high speed connection isn't much, but...
A few KB multiplied by millions of users accessing a single site soon adds up.
And it's also of benefit to those on slow or metered connections.
Development is a fixed cost which remains the same irrespective of how many copies the game sells...
And this is largely why games and software in general are moving towards a free model. Publishers always got greedy, and would continue charging high prices long after the development costs were recovered resulting in extremely high profit margins, and this creates resentment among the customers.
Other things like DRM schemes also create resentment, there are plenty of angry customers who paid full price for a game only to be unable to play it, or have to find a cracked version. This usually causes people to go directly for the cracked version and skip the broken paid version. Where a game is distributed free there is no reason to try and discourage copying (the opposite infact), and if a user downloads a free game only to find it doesn't work they will usually just delete it and forget about it rather than feeling sore about the loss of what to many people is a significant amount of money.
And finally software moves towards a free model because it can... Hardware and services require not only up front development costs, but also ongoing costs for every unit sold whereas software can be infinitely replicated. A lot of software can also be reused, there are lots of ready made game engines out there including free ones and most publishers will reuse code and other assets from one game to the next.
The problem is that hardcore gamers are a niche, these freemium games attract a much large audience and are therefore far more profitable.
Also consider multiplayer games, the more players you have the more attractive the game looks, having the game available for free will bring in a lot more players.
Only GnuTLS is not a default part of Linux, its an optional library used by some packages... Most packages seem to use OpenSSL instead, some offer a choice at compile time but most distros build for openssl by default.
How does regulation help if someone breaks into your house and steals a big pile of USD that you keep under your bed?
That's basically what's happened with bitcoin, organisations not taking due diligence with their coins and having them stolen.
A tamper coating like that will get gradually damaged just through normal wear and tear...
The constant threat of lawsuits is extremely damaging to society as a whole.. Not just in the workplace, but everywhere. People file lawsuits for all kinds of stupid things, like tripping over a loose paving stone or scolding themselves on a cup of coffee.
What ever happened to personal responsibility?
Everyone now has to pay, not just the cost of the lawsuits but the cost of organisations trying to cover their asses to reduce the number of lawsuits. This results in higher prices, higher taxes, and a much higher risk of your job being outsourced to asia where companies don't have to pay for these risks.
Working as a team cuts both ways... If the owners of the company are busy playing golf and rolling around in cash while the low level employees are on minimum wage while being watched and lorded over then it certainly doesn't feel like a team. If you treat employees well then they will feel some level of loyalty to the company and are far more likely to work harder.
And on another matter, regular breaks are key... You can't concentrate on the same thing for hours on end, especially something which is mundane... Someone who *appears* to be working non stop is probably doing so far less efficiently, making more mistakes and having their mind constantly wandering to other subjects because their slave masters can't see what they're thinking about.
Most of us have cellphones which we can use to make personal calls and even access the internet...
Secure your internal network too, don't rely solely on your border devices... All it takes is one pinhole and you're totally screwed.
Treat every device as if it was directly connected to the internet, use secure protocols, disable unnecessary features and choose wisely when buying devices. If you then want to hide these devices behind a firewall *as well* then more power to you, but never rely totally on a firewall because eventually they will fail you one way or another.
This is far more troublesome for people who *do* run servers...
If you are getting abusive users from a mobile ISP, how do you ban those users?
Block the IP and you block every customer of that isp.
Actually, ipv6 adoption seems to be higher in the US than anywhere else in the world... I run a bunch of dual stack websites, and v6 accounts for about 15% of american traffic and considerably less from other countries.
Or just use a dedicated box for gaming... Not having other crap installed/running will improve gaming performance and reduce other potential compatibility problems too.
Hurt the economy?
The NSA hurt the economy by leaning on american companies to provide backdoors... Considering the scale, had this not been leaked by snowden it would have been leaked by someone else sooner or later. You now have a situation where people no longer trust american companies, and will work hard to break free of any dependence on them.
They hurt the economy by spying on trading partners and allies.
Make us less safe?
Less safe from who? Most terrorist groups hate the government, and they only generally hate the people because they think the people have some kind of say over the government... As they come to realise that the people dislike the government as much as they do it may actually make the average guy on the street *more* safe as he is no longer a target.
If only we could always use what served our needs, and never had to interoperate with others...
Continuing development of the original won't be terribly useful when the majority of users have moved on to the new incompatible proprietary version...
By continuing development you will have to reinvent the wheel to duplicate any changes in the proprietary version, reverse engineer to work out any incompatibilities and if you continue releasing your code under the same terms the proprietary version can always take your changes for free while you have to expend significant efforts to replicate theirs.
Plus a proprietary version is likely to have a much bigger marketing budget, and thus the lions share of end users, and with proprietary changes making it ever harder to use the original open version.
There will also be logs of the GET requests (as there seems to be from the article), and if a database backup triggers logs then you could always extract data from the filesystem directly, or from other backups...
Second hand smoke is extremely harmful, the smoker has a filter but those nearby don't...
And i explicitly said "directly harm"... someone sitting in front of me injecting heroin or snorting coke isn't having any immediate effect on me. If he later goes and robs someone because he's desperate for more drugs that's an indirect side effect, and while addiction to drugs is certainly a cause of crime there are other causes too.
But why would someone with admin level access want to scrape the website rather than just take a backup of the database?
Tell me, when you smoke, do you do it in private / entirely away from non smokers, or do you do it in public where others may inhale the fumes?
I suffer from very bad asthma, and inhaling smoke can easily trigger an attack (not just tobacco smoke, other kinds of smoke too), this is not "some far off time" but rather a risk of serious and immediate health problems which i face every day.
When it was legal to smoke in bars here, i would simply avoid any establishment which allowed smoking. Now people smoke in the street and i have to be very careful where i go, if someone walking infront of me is smoking it can often cause me severe breathing difficulties and i generally have to cross the street to walk past a bar now (since everyone stands outside to smoke).
Also enjoying smoking is worse than addiction in many ways...
Enjoying something which knowingly harms others is abhorrent, while enjoying something which you know is harmful basically amounts to self harm - and people get put in mental hospitals for this.
Smoking does harm to anyone who's physically close enough to inhale the fumes...
At least someone who's injecting heroin, snorting cocaine or taking pills etc doesn't directly harm anyone by such actions.