This is probably BS, but I'll bite anyway. Why would "your dad" purchase VHS tapes "in bulk" - is he taping every episode of his favorite shows? Is there a "pirating for seniors" effort we could start to help people like this?
What the government would prefer is an orderly cash flow from the millions sheeple who register so they can spend it on something else.
It's not like any local police department will ever get involved in enforcement of unlicensed drones. They already have the tools they need to deal with nuisance situations, of which "being a dangerous ass with a drone" is just a particular type.
>> It won't force anybody to register
They won't go after consumers, any more than asking consumers to "please pay your state sales tax for things you bought online" ever worked. Instead, they'll focus on the points of sale, so you'll have to kick in your fee when you buy the drone, and part of the fee registration process will allow the government to hit you up for renewals, etc.
Here's what it looks like from the cheap seats these days.
Question #1: Which political party are people from your country and socioeconomic background most likely to support once they have attained citizenship?
a) Democrat
b) Republican
c) Independent or Other
If you answered "a" in Question #1, you're all good - c'mon in! (Or should I say, "feel free to stay, amigo.") If you answered "b" or "c" prepare to sit the better part of a decade in an obscure queue, punctuated with long in-person visits to official offices and annual threats of deportation.
>> What is the actual risk from user enumeration, especially on a site not about a medical condition?
It can tell you whether or not the default admin user is still present. It can also suggest what some of the other admin accounts are, since they are often the lowest numbered accounts on WordPress. (e.g., if you delete default admin - user #1 - your new admin is often the name of user #2). It's also a lot of fun for social engineering, particularly if you can crack or create a "mere contributor account" and then convince one of the admins (ferreted out through user enumeration) to promote you to an editor.
(Remember that WordPress user enumeration isn't classic user enumeration, where you can simply tell if a username is in user or not - it's literally the ability to say "give me user #1, 2, 3....100".)
>> And how can it be prevented? Do you really want to allow two users to have the same username?
On a system like WordPress, you always tell the user "yep, I just created that account" during user registration but you use the email address already on file for the existing to send an alert to the first registered user saying "hey, someone just tried to recreate your account - was that you"?
>> If a user sends a private message to a nonexistent user, what error message strikes the best balance between security and usability?
Most WordPress systems I've seen don't use comments or PMs or any of that overhead - they're mostly single-user (or all admin) systems for "read only" content. In those cases (most cases?) the dial should be set to "no one needs to know the list of usernames on these systems."
>> Is this a problem of WordPress, or just a popular CMS?
User enumeration is ON by default in WordPress and it's baked into the design. (There are plug-ins to disable it but most people don't use them.) This is pretty unique among LMSs. WordPress's architecture (which allows the use of old plug-ins) also frequently seems to lead to the reintroduction of helper files that have old vulnerabilities, two of which happen to frequently be "directory browsing" or "internal path disclosure". As for keeping old software up-to-date, that's a problem that all LMS's have to deal with, but there's usually enough on these other WordPress-specific issues on a target site to give your average security person a place to dig in.
About 95% of the WordPress sites I've run across have allowed user enumeration, exposed internal paths, or had old software that could be exploited. So...I'd probably say that "25% of all websites are WordPress" really means "at least 24% of all websites are insecure".
>> They're happy to sell existing antibiotics, but they're not interested in researching and developing new ones."They're happy to sell existing antibiotics, but they're not interested in researching and developing new ones."
Said a guy who hasn't been paying attention to the way drugs get developed in the US? (New drugs can be patented and sold for outrageous amounts of money.) Or maybe the professor just needs to switch to a different university that knows how to monetize his work.
Besides, isn't the market for antibiotics shrinking now that they are no longer routinely prescribed for minor ailments?
>> questions are all written in advance in the committee-based interview process, and anyone could potentially ask any kind of question. The twenty-two year old secretary could ask the interviewee [TOPIC], even if she has no idea what she even said
>> Could it be that the US system of government is completely dysfunctional, and the Canadian one isn't?
I could agree that is the case. (My original answer was in response to a Dutch citizen asking me about US government.)
However, it will be a cold day in hell before the US models anything it does on Canada. Our entire model right now is prefaced on giving large contracts to the well-connected, and sprinkling just enough largess on the populace to ensure they keep mindlessly voting for the incumbent D or R in the home districts both parties have gerrymandered around core demographics.
>> you don't like to let your government meddle in affairs like (list)
The basic reason we don't want the government to meddle in these things is that they never do a good job. Some examples from your list:
>> basic health care
The US Veterans care system, our largest national health care provider, is a horrible mess.
>> integration of minorities
The result of bussing and other government policies triggered a massive flight to the suburbs and created today's deadly urban ghettos.
>> housing regulations
See what rent controls in NYC and SFC have done to drive out the lower and middle classes.
>> public welfare
Today the US government has a system that discourages people from getting "entry level" jobs because what they make won't even make up for the benefits they'd leave behind if they had no job.
>> anything that touches income (taxes, minimum wage)
When our money is spent as poorly as it is, yes, the focus should be on cleaning that up FIRST, rather than asking for any more taxes.
And just jacking the minimum wage is the wrong thing to do to fix the "entry level" jobs issue; concentrating on a sliding scale of benefits that didn't penalize people for working would be a better approach.
For those without a sense of humor, I was referring to questions like #43: "In this work, what were this person’s main activities? Please give details. For example: prepared legal documents, installed residential plumbing, guided fishing parties, made wood furniture products, taught mathematics"
It's 40 pages of fill in the square with nitpicky crap like "so what DID you do at your job as a COMPUTER EN-GINEER." That's 40 pages per person. No wonder Canadians hate it.
This could be Anonymous's way of "Jack Welshing" its own ranks (thinning the weakest 10%). Have nothing better to do in the middle of the day than hang out in public at a "teach-in"? You're fired!
If you have an issue with people using graph paper and pencils to pretend to kill magical creatures no one can see in a world all players agree is a shared fantasy, I hope you remain ignorant of the degree of photo-realistic violence video games have been achieved in the last twenty years.
Young grasshopper, there is much I could teach you.
When effective marketing organizations lay out plans to get people to buy a product, they design around a concept called a "sales funnel" and map out the mental state of potential buyers in various states. These states include (at a high level) learning about whether or not they have a need, deciding they need a solution, deciding what solutions they are going to purchase, and deciding to pull the trigger on their preferred solution.
Marketing organizations set up interactions designed to nudge buyers down the funnel at all stages, including the stages I listed: "do I have a problem" (often helped along by planted news stories with statistics like 74% of all health care companies fell prey to whatever) and "what solutions are available for this" (often helped along by seeding if not outright buying off a "trusted" reviewer or analyst). Throw in a couple of advertisements that reinforce the exposure of this or that brand name (which is also backed up by psychology), and suddenly you're another sheep buying Oracle.
No, we need federal rent-a-cops grabbing people's junk to demonstrate "what your tax dollars are paying for." When tax dollars silently disappear into the banks of the well-connected, the ranks of the Tea Party (on the right) and Bernie supporters (on the left) tend to swell.
Slashdot Mirror
>> When my dad stops buying VHS tapes in bulk
This is probably BS, but I'll bite anyway. Why would "your dad" purchase VHS tapes "in bulk" - is he taping every episode of his favorite shows? Is there a "pirating for seniors" effort we could start to help people like this?
>> What millenials REALLY want is affordable practical realistic proper housing
And we gave it to you via the housing crash and the lowest mortgage rates in history.
>> What you really need is ENFORCEMENT
What the government would prefer is an orderly cash flow from the millions sheeple who register so they can spend it on something else.
It's not like any local police department will ever get involved in enforcement of unlicensed drones. They already have the tools they need to deal with nuisance situations, of which "being a dangerous ass with a drone" is just a particular type.
>> It won't force anybody to register
They won't go after consumers, any more than asking consumers to "please pay your state sales tax for things you bought online" ever worked. Instead, they'll focus on the points of sale, so you'll have to kick in your fee when you buy the drone, and part of the fee registration process will allow the government to hit you up for renewals, etc.
Why did you have to bring curry into this?
>> Irish Aviation Authority announced that it will have its drone registry up and running by December 21st
In the US, this would take seven years and $15B to build. And then it still wouldn't work.
“The only thing that saves us from the bureaucracy is its inefficiency.”
I blame SeaSpray.
Here's what it looks like from the cheap seats these days.
Question #1: Which political party are people from your country and socioeconomic background most likely to support once they have attained citizenship?
a) Democrat
b) Republican
c) Independent or Other
If you answered "a" in Question #1, you're all good - c'mon in! (Or should I say, "feel free to stay, amigo.") If you answered "b" or "c" prepare to sit the better part of a decade in an obscure queue, punctuated with long in-person visits to official offices and annual threats of deportation.
>> What is the actual risk from user enumeration, especially on a site not about a medical condition?
It can tell you whether or not the default admin user is still present. It can also suggest what some of the other admin accounts are, since they are often the lowest numbered accounts on WordPress. (e.g., if you delete default admin - user #1 - your new admin is often the name of user #2). It's also a lot of fun for social engineering, particularly if you can crack or create a "mere contributor account" and then convince one of the admins (ferreted out through user enumeration) to promote you to an editor.
(Remember that WordPress user enumeration isn't classic user enumeration, where you can simply tell if a username is in user or not - it's literally the ability to say "give me user #1, 2, 3....100".)
>> And how can it be prevented? Do you really want to allow two users to have the same username?
On a system like WordPress, you always tell the user "yep, I just created that account" during user registration but you use the email address already on file for the existing to send an alert to the first registered user saying "hey, someone just tried to recreate your account - was that you"?
>> If a user sends a private message to a nonexistent user, what error message strikes the best balance between security and usability?
Most WordPress systems I've seen don't use comments or PMs or any of that overhead - they're mostly single-user (or all admin) systems for "read only" content. In those cases (most cases?) the dial should be set to "no one needs to know the list of usernames on these systems."
>> Is this a problem of WordPress, or just a popular CMS?
User enumeration is ON by default in WordPress and it's baked into the design. (There are plug-ins to disable it but most people don't use them.) This is pretty unique among LMSs. WordPress's architecture (which allows the use of old plug-ins) also frequently seems to lead to the reintroduction of helper files that have old vulnerabilities, two of which happen to frequently be "directory browsing" or "internal path disclosure". As for keeping old software up-to-date, that's a problem that all LMS's have to deal with, but there's usually enough on these other WordPress-specific issues on a target site to give your average security person a place to dig in.
About 95% of the WordPress sites I've run across have allowed user enumeration, exposed internal paths, or had old software that could be exploited. So...I'd probably say that "25% of all websites are WordPress" really means "at least 24% of all websites are insecure".
>> They're happy to sell existing antibiotics, but they're not interested in researching and developing new ones."They're happy to sell existing antibiotics, but they're not interested in researching and developing new ones."
Said a guy who hasn't been paying attention to the way drugs get developed in the US? (New drugs can be patented and sold for outrageous amounts of money.) Or maybe the professor just needs to switch to a different university that knows how to monetize his work.
Besides, isn't the market for antibiotics shrinking now that they are no longer routinely prescribed for minor ailments?
>> questions are all written in advance in the committee-based interview process, and anyone could potentially ask any kind of question. The twenty-two year old secretary could ask the interviewee [TOPIC], even if she has no idea what she even said
Did you just tell us that you work for CNBC?
>> Could it be that the US system of government is completely dysfunctional, and the Canadian one isn't?
I could agree that is the case. (My original answer was in response to a Dutch citizen asking me about US government.)
However, it will be a cold day in hell before the US models anything it does on Canada. Our entire model right now is prefaced on giving large contracts to the well-connected, and sprinkling just enough largess on the populace to ensure they keep mindlessly voting for the incumbent D or R in the home districts both parties have gerrymandered around core demographics.
>> you don't like to let your government meddle in affairs like (list)
The basic reason we don't want the government to meddle in these things is that they never do a good job. Some examples from your list:
>> basic health care
The US Veterans care system, our largest national health care provider, is a horrible mess.
>> integration of minorities
The result of bussing and other government policies triggered a massive flight to the suburbs and created today's deadly urban ghettos.
>> housing regulations
See what rent controls in NYC and SFC have done to drive out the lower and middle classes.
>> public welfare
Today the US government has a system that discourages people from getting "entry level" jobs because what they make won't even make up for the benefits they'd leave behind if they had no job.
>> anything that touches income (taxes, minimum wage)
When our money is spent as poorly as it is, yes, the focus should be on cleaning that up FIRST, rather than asking for any more taxes.
And just jacking the minimum wage is the wrong thing to do to fix the "entry level" jobs issue; concentrating on a sliding scale of benefits that didn't penalize people for working would be a better approach.
For those without a sense of humor, I was referring to questions like #43: "In this work, what were this person’s main activities? Please give details. For example: prepared legal documents, installed residential plumbing, guided fishing parties, made wood furniture products, taught mathematics"
>> problems threaten to taint the App Store's years-long reputation as being high quality and malware free
So, we can agree that Apple's application vetting process is and always was bullshit, right?
A sample of the actual 61-question census can be found here:
http://www23.statcan.gc.ca/imd...
It's 40 pages of fill in the square with nitpicky crap like "so what DID you do at your job as a COMPUTER EN-GINEER." That's 40 pages per person. No wonder Canadians hate it.
>> tourism, reef monitoring and anti-terrorism
What about anti-tourism? I'll bet there's be a market for that too.
This could be Anonymous's way of "Jack Welshing" its own ranks (thinning the weakest 10%). Have nothing better to do in the middle of the day than hang out in public at a "teach-in"? You're fired!
That usually works out well, right?
>> This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors.
This was the best part of the article, since it basically tells us this is just some professor's blog.
If you have an issue with people using graph paper and pencils to pretend to kill magical creatures no one can see in a world all players agree is a shared fantasy, I hope you remain ignorant of the degree of photo-realistic violence video games have been achieved in the last twenty years.
Young grasshopper, there is much I could teach you.
When effective marketing organizations lay out plans to get people to buy a product, they design around a concept called a "sales funnel" and map out the mental state of potential buyers in various states. These states include (at a high level) learning about whether or not they have a need, deciding they need a solution, deciding what solutions they are going to purchase, and deciding to pull the trigger on their preferred solution.
Marketing organizations set up interactions designed to nudge buyers down the funnel at all stages, including the stages I listed: "do I have a problem" (often helped along by planted news stories with statistics like 74% of all health care companies fell prey to whatever) and "what solutions are available for this" (often helped along by seeding if not outright buying off a "trusted" reviewer or analyst). Throw in a couple of advertisements that reinforce the exposure of this or that brand name (which is also backed up by psychology), and suddenly you're another sheep buying Oracle.
Are you keeping up now?
>> Save a few tax dollars?
No, we need federal rent-a-cops grabbing people's junk to demonstrate "what your tax dollars are paying for." When tax dollars silently disappear into the banks of the well-connected, the ranks of the Tea Party (on the right) and Bernie supporters (on the left) tend to swell.
>> Why don't they just start allowing subliminal adverts in 1 or 2 frames again?
Too easy to pick out and beat on in social media in our digital age.