I think George III (well, British constitutional historians anyway) were pleasantly surprised by the electoral college system. Very few people outside the United States know that the president is not actually elected by the people.
Of course, the same is effectivly true in the UK where the people vote for a ruling *party* and that party chooses (has already chosen by the time the vote takes place) its leader, but with all the talk of "democracy" in the US, there is a mistaken impression that the president is there through the popular ballot box. He's not.
I'm a big fan of Clay, and I'm on his NEC mailing list (I read his article when it came in today), but I think this piece has some unusually (for him) shaky arguments in it.
What I'd like to see is his site as a blog that we could then discuss his essays on. He wouldn't have to take any notice of what we said, but seeing as he's big into online communities and communication networks, you think he might be into the idea.
Stroke order (or "kaikijun" - as we're so damn correct in this thread) is in fact pretty easy.
But for a very few characters that are particularly tricky (like "kanarazu": it's not "kokoro" with a slash through it), just about all others are easy to guess after about a year of study I'd say. This is because the majority of kanji are comprised of repetitive components that follow simple rules (like "kuchi", "yama", "ito" and the like).
Mind you, my university course contained one shuji class a week, which helps a great deal to understand kakijun, but even if you don't have that benefit I really don't think it's as big a deal as you make out.
My Word (ha ha ha wot a pun), the Infomation Commissioner is living in the stone age!
Section 2 of the email/text complaint form is hilarious:
"Please note
If there is more than one sender please list the details on a separate piece of paper
In most instances we cannot pursue a complaint if we are unable to identify the sender
If the sender is based outside the UK they are not subject to this legislation.
If the sender is based outside the EU, they are not subject to the EU Directive on which this legislation is based. "
It then asks for names, email addresses and web sites from the offending mail. But the one thing that might give them some kind of chance of tracking down the sender - the HEADER - isn't mentioned. Even if it was, being in MS Word, it would be a bit tricky to supply.
Did it say "This product will only be supported for one year" on the box? Or was it just at the end of the press release, surrounded in marketbabble?
You're right - it *is* important. Most companies seek to talk down bad news, but where they owe a duty of care to their customers it pays to make things clear, and I don't think RedHat did that very well.
In particular, while Red Hat did put out the EOL statement reasonably early, they did not say what was going to happen to Red Hat Linux until Nov 3rd this year, when they sent out an email in which they casually mentioned that "Red Hat does not plan to release another product in the Red Hat Linux line."
Until then, many people thought that they had simply put a 12-month cap on updates for each release and were preparing themselved for a 12-month cycle. They didn't think the free version was going to go altogether. This was also before Fedora was announced, BTW.
I also think the media also overlooked the support issues somewhat. At the time 9 came out, I don't remember any journos writing articles saying "RedHat 9 is out... cool, but support will hit the buffers next year, look out!" Most of the coverage was just re-hashed RedHat press releases.
STOP wasting money and resources on using incresingly sophisticated anti-spam techniques. Re-direct this money into basic education for users, including short courses on:
While I agree with your "arms race" analogy, you completely miss the point with your answer to the problem.
Spammers spam because they MAKE MONEY DOING IT. The way they make money is to generate actual sales (or traffic, or leads etc.) from the spam. This means that a tiny minority of people LEGITIMATELY click on the links! The cost to the spammer of sending out 10 million emails is so low that even if it converts a handful of sales they can turn a profit.
So unless you're confusing spam with worm/virus infected email, then educating users to recognise spam would do utterly naff all to cure the problem.
The only thing you can really do is to consolidate them all to one registrar.
But then to prevent getting into the situation again, you should impose some "rules" - which is what I did:
1. All new domains must be registerd with the "approved" registrar, by you. You will not deal with any domains that are not.
2. Any domains you are taking over must transfer to the approved registrar before you will commit to managing them.
3. Any transfer away from the approved registrar automatically relieves you of any responsibility for managing the domain after that.
If clients complain, explain that the work involved in juggling multiple registrars is too much. If they insist, then negotiate a higher management rate for their domain to cover your costs.
> Why are people still capitalizing "Internet", for that matter?
OK that's easy. Because the use of the word "Internet" in this context is a proper noun. You capitalise "Pacific ocean", you capitalise "Joe Shmo, the baker", so you capitalise Internet.
It's important to use the capital "i" to avoid confusion since it can also be used as a common noun to mean "any set of networks interconnected with routers." The Internet is the largest internet in the world (i.e. it's unique), and is therefore capitalised.
Do you ever wonder why there are people like Osama Bin Laden around? How do they justify what they do? Why do so many people in the world agree with their actions? I'll tell you why - because they see America doing it, so they fight back in the same way!
For god's sake this has got absolutely nothing to do with "socialism" (whatever you mean by that). If you think it's OK to flout international law, then what are you going to do if North Korea tries to assassinate George Bush because they don't think he's a good thing? Say that it's OK for America to do it but not them?
If that's your idea of moral superiority then we're all going to hell pretty fast.
Re:Too many passwords - so I write 'em down!
on
Real Security?
·
· Score: 1
That's six passwords/ids for ONE account.
I have approximately 20 accounts of various kinds, with various numbers of access codes.
We are NOT just talking about shell accounts here - mostly web-based things like bank accounts.
I agree that's probably a good way to go about things. But it seems to me that in too many cases simply having an access policy on everything is just an excuse not to think about security at all.
I would propose only having logins to systems that need them, and then only at a level of security that's appropriate.
That would mean first making an assessment of whether the data being protected by the system was sensitive. If it's not, then simply apply a username with no password. If it is, then determine the level of strength of security that should be applied.
All security best practice that I've ever known starts from looking at what you want to protect FIRST, then applying the level of security you need, not just throwing access controls in all directions just because you can. Because if you do, security actually suffers.
Oh, and if the excuse for an access policy is because sensitive data COULD be uploaded to a system at some point, then that implies you don't even know what your systems are being used for - always a good sign... NOT.
Re:People can make them whatever they like.
on
Real Security?
·
· Score: 1
> You use the same password on different systems. It is already compromised.
In theory yes, but in practice if you never tell anyone what that password is, assuming it's reasonably secure then you've minimised your exposure to an acceptable level in my opinion.
I'd rather keep one or two passwords safe in my head than have to remember 50, or worse still, write them all down somewhere.
Re:People can make them whatever they like.
on
Real Security?
·
· Score: 1
> 6 years ago i memorized a 16 character string > of random characters, i use it for everything, > the first 8 for less important things, just in > case.
OK, so what do you do when the system you are creating an account on demands a username or password mask that does not fit your scheme (e.g. max five letters, must contain four numbers)? What if it requires more than one password (e.g. PIN number or the like) that's on a different scheme as well (e.g. four numbers only) etc. What about security questions ("where did you go to school?" etc.)
Do you have stock responses for all these scenarios too?
Re:Too many passwords - so I write 'em down!
on
Real Security?
·
· Score: 1
It's far easier to remember logins if they are all the same format. If you're subject to arbitrary access schema, it's almost impossible.
What if each member of your staff could choose their own system:
Joe Shmo: username and password: username maximum five letters (no other characters), password has to consist of at least three numbers and is case sensitive.
Julie Smith: account no, PIN and password: the password has to be a minimum of 10 characters, one of which must be upper case. The PIN is 5 numbers only.
Peter Foo: account no, PIN, one of six security questions the user can choose, rotating randomly.
Katie Bar: user ID, PIN, password and one of three security questions of which the user must choose from a fixed list, and cannot make up their own.
etc. etc.
That's what my problem is!
Too many passwords - so I write 'em down!
on
Real Security?
·
· Score: 4, Insightful
I have to remember not one, not two, but SIX different passwords, PIN numbers and security questions simply to access my frikin' bank account online. And I currently have about 12 online accounts of various kinds, most of which impose their own rules to what they want for access (some systems allow numbers in passwords, others don't, some have a minimum of 8 characters, others 10, etc. etc.)
So what do I (and presumably everyone else) do? I write them down somewhere. How much LESS secure is that than having one (or maybe three at most) username/password combinations that I never write down or tell anyone?
So I called my bank a few weeks ago and told them that if I signed a disclaimer, would they allow me to go from six pass/PIN/IDs to just a username and password of my choosing? No no no! Far too insecure.
So would they indemnify me if my notebook was stolen and my account was accessed without my permission? No no no! I'm responsible for my passwords and should not divulge them to anyone!
But nobody can reliably remember SIX things to log in to one account, as well has having to remember all the other usernames/passwords, etc. they might have.
So, I've closed my account with them. Because I think they're too damn insecure.
If you're implying that America somehow exports democracy and social justice to the rest of world, would you care to explain how and to whom?
What about Cuba, or Nicaragua, for instance? What about Honduras? How about Haiti and Guatemala?
All those countries have experienced what you describe, and worse, against them and their national sovereignty. So if North Korea's doing it - they probably just see themselves as going with the flow!
I case you doubt what I say, lets take this little story about Nicaragua as an example:
20 years ago, Nicaragua was on the receiving end of covert operations, assassinations, funding of guerrilla groups and illegal importation of weapons, etc. all perpetrated by the United States. It was on the receiving end of what most people would call terrorism.
Nicaragua responded not by bombing Washington, but by taking it to the World Court, presenting a case for which they had no problem putting together evidence for.
The World Court accepted their case and ruled in their favour. It condemned what it called the 'unlawful use of force' (which basically means international terrorism) by the United States, and ordered the United States to terminate their aggression and to pay massive reparations.
The United States dismissed the court judgment and announced that it would henceforth not accept the jurisdiction of the court. So Nicaragua then went to the UN Security Council which considered a resolution calling on all states to observe international law. No one was mentioned but everyone understood who was being talked about. But the United States vetoed the resolution.
The US therefore now stands as the only state on record which has both been condemned by the World Court for international terrorism and has vetoed a Security Council resolution calling on states to observe international law.
And you think North Korea is bad?
So - Nicaragua then went to the General Assembly where there is technically no veto but a negative US vote amounts to a veto. It passed a similar resolution with only the United States, Israel, and El Salvador opposed.
The following year they went to the General Assembly again, and this time the United States could only rally Israel to the cause, so two votes opposed to observing international law.
At that point, Nicaragua couldn't do anything lawful. It tried all the measures. They don't work in a world that is ruled by force.
So, um, how does the United States export democracy? How does it help to promote world peace exactly? And how much do you know about what the US government is doing overseas?
I'm not saying people SHOULD ignore the resource issues, or trying to justify anything. I'm just saying that for 80% of people it really doesn't matter that Word takes 5 seconds to start up, or 15 seconds to open a big spreadsheet - if OO takes longer, I'm betting they STILL won't care.
Why do I think this? Because I've worked in companies with 10,000 desktops or more, I know the spec of those machines, and the only time I hear about speed issues is when the user's got bored of waiting because the app's crashed.
I have long been shocked and offended by the use of the terms "male" and "female" in relation to electrical connectors.
The disgusting implication is that these things have genitals, and when they come together they have "sex".
It is an abomination designed by Satan to corrupt young minds to regard everything in terms of lustful conjoinments and to ignore the word of the Lord - who much prefers the terms "master" and "slave."
Slashdot Mirror
I think George III (well, British constitutional historians anyway) were pleasantly surprised by the electoral college system. Very few people outside the United States know that the president is not actually elected by the people.
Of course, the same is effectivly true in the UK where the people vote for a ruling *party* and that party chooses (has already chosen by the time the vote takes place) its leader, but with all the talk of "democracy" in the US, there is a mistaken impression that the president is there through the popular ballot box. He's not.
I'm a big fan of Clay, and I'm on his NEC mailing list (I read his article when it came in today), but I think this piece has some unusually (for him) shaky arguments in it.
What I'd like to see is his site as a blog that we could then discuss his essays on. He wouldn't have to take any notice of what we said, but seeing as he's big into online communities and communication networks, you think he might be into the idea.
I know, I'll mail him. Where's his public key?
> Stroke order (or "kaikijun" - as we're so damn correct
Nooo! I meant to type KAKIJUN.
Serves me right.
Stroke order (or "kaikijun" - as we're so damn correct in this thread) is in fact pretty easy.
But for a very few characters that are particularly tricky (like "kanarazu": it's not "kokoro" with a slash through it), just about all others are easy to guess after about a year of study I'd say. This is because the majority of kanji are comprised of repetitive components that follow simple rules (like "kuchi", "yama", "ito" and the like).
Mind you, my university course contained one shuji class a week, which helps a great deal to understand kakijun, but even if you don't have that benefit I really don't think it's as big a deal as you make out.
> I've not really tried to encrypt files on unix > beyond in transit method such as ssh.
You haven't lived! The thrill of using GNUPG knows no bounds.
> PGP's freeware version comes with a "Create Self Decrypting Archive"
:-)
Win32 only I believe though. At least, last I tried it didn't ask me what target platform the executable should be compiled to
My Word (ha ha ha wot a pun), the Infomation Commissioner is living in the stone age!
Section 2 of the email/text complaint form is hilarious:
"Please note
If there is more than one sender please list the details on a separate piece of paper
In most instances we cannot pursue a complaint if we are unable to identify the sender
If the sender is based outside the UK they are not subject to this legislation.
If the sender is based outside the EU, they are not subject to the EU Directive on which this legislation is based. "
It then asks for names, email addresses and web sites from the offending mail. But the one thing that might give them some kind of chance of tracking down the sender - the HEADER - isn't mentioned. Even if it was, being in MS Word, it would be a bit tricky to supply.
Sigh, what a waste of space.
Did it say "This product will only be supported for one year" on the box? Or was it just at the end of the press release, surrounded in marketbabble?
You're right - it *is* important. Most companies seek to talk down bad news, but where they owe a duty of care to their customers it pays to make things clear, and I don't think RedHat did that very well.
In particular, while Red Hat did put out the EOL statement reasonably early, they did not say what was going to happen to Red Hat Linux until Nov 3rd this year, when they sent out an email in which they casually mentioned that "Red Hat does not plan to release another product in the Red Hat Linux line."
Until then, many people thought that they had simply put a 12-month cap on updates for each release and were preparing themselved for a 12-month cycle. They didn't think the free version was going to go altogether. This was also before Fedora was announced, BTW.
I also think the media also overlooked the support issues somewhat. At the time 9 came out, I don't remember any journos writing articles saying "RedHat 9 is out... cool, but support will hit the buffers next year, look out!" Most of the coverage was just re-hashed RedHat press releases.
While I agree with your "arms race" analogy, you completely miss the point with your answer to the problem.
Spammers spam because they MAKE MONEY DOING IT. The way they make money is to generate actual sales (or traffic, or leads etc.) from the spam. This means that a tiny minority of people LEGITIMATELY click on the links! The cost to the spammer of sending out 10 million emails is so low that even if it converts a handful of sales they can turn a profit.
So unless you're confusing spam with worm/virus infected email, then educating users to recognise spam would do utterly naff all to cure the problem.
The only thing you can really do is to consolidate them all to one registrar.
But then to prevent getting into the situation again, you should impose some "rules" - which is what I did:
1. All new domains must be registerd with the "approved" registrar, by you. You will not deal with any domains that are not.
2. Any domains you are taking over must transfer to the approved registrar before you will commit to managing them.
3. Any transfer away from the approved registrar automatically relieves you of any responsibility for managing the domain after that.
If clients complain, explain that the work involved in juggling multiple registrars is too much. If they insist, then negotiate a higher management rate for their domain to cover your costs.
>if aliens existed and were advanced enough to
> send us signals, they would in all probability
> have mastered the use of nano-technology
There is a unshakable conviction that *all* extra-terrestrial intelligence must be hugely more advanced than our own.
Completely illogical of course, but I prefer that attitude to the reverse.
> It reminds me of Visual Studio .NET; it sort of misses the point.
;-)
And you don't miss a chance for a quick troll, do you
> Why are people still capitalizing "Internet", for that matter?
OK that's easy. Because the use of the word "Internet" in this context is a proper noun. You capitalise "Pacific ocean", you capitalise "Joe Shmo, the baker", so you capitalise Internet.
It's important to use the capital "i" to avoid confusion since it can also be used as a common noun to mean "any set of networks interconnected with routers." The Internet is the largest internet in the world (i.e. it's unique), and is therefore capitalised.
Hope that helps.
I tried both and went with IPCop simply becuase I found it easier to use and it seemed to have more features. That was about six months ago though.
I once spent an entire weekend trying to explain the difference between analogue and digital to my Mum.
I failed. It's incredibly difficult when you just can't get any analogy she can undertand to hold up long enough for it to make sense to her.
Do you ever wonder why there are people like Osama Bin Laden around? How do they justify what they do? Why do so many people in the world agree with their actions? I'll tell you why - because they see America doing it, so they fight back in the same way!
For god's sake this has got absolutely nothing to do with "socialism" (whatever you mean by that). If you think it's OK to flout international law, then what are you going to do if North Korea tries to assassinate George Bush because they don't think he's a good thing? Say that it's OK for America to do it but not them?
If that's your idea of moral superiority then we're all going to hell pretty fast.
That's six passwords/ids for ONE account.
I have approximately 20 accounts of various kinds, with various numbers of access codes.
We are NOT just talking about shell accounts here - mostly web-based things like bank accounts.
I agree that's probably a good way to go about things. But it seems to me that in too many cases simply having an access policy on everything is just an excuse not to think about security at all.
I would propose only having logins to systems that need them, and then only at a level of security that's appropriate.
That would mean first making an assessment of whether the data being protected by the system was sensitive. If it's not, then simply apply a username with no password. If it is, then determine the level of strength of security that should be applied.
All security best practice that I've ever known starts from looking at what you want to protect FIRST, then applying the level of security you need, not just throwing access controls in all directions just because you can. Because if you do, security actually suffers.
Oh, and if the excuse for an access policy is because sensitive data COULD be uploaded to a system at some point, then that implies you don't even know what your systems are being used for - always a good sign... NOT.
> You use the same password on different systems. It is already compromised.
In theory yes, but in practice if you never tell anyone what that password is, assuming it's reasonably secure then you've minimised your exposure to an acceptable level in my opinion.
I'd rather keep one or two passwords safe in my head than have to remember 50, or worse still, write them all down somewhere.
> 6 years ago i memorized a 16 character string
> of random characters, i use it for everything,
> the first 8 for less important things, just in
> case.
OK, so what do you do when the system you are creating an account on demands a username or password mask that does not fit your scheme (e.g. max five letters, must contain four numbers)? What if it requires more than one password (e.g. PIN number or the like) that's on a different scheme as well (e.g. four numbers only) etc. What about security questions ("where did you go to school?" etc.)
Do you have stock responses for all these scenarios too?
It's far easier to remember logins if they are all the same format. If you're subject to arbitrary access schema, it's almost impossible.
What if each member of your staff could choose their own system:
Joe Shmo: username and password: username maximum five letters (no other characters), password has to consist of at least three numbers and is case sensitive.
Julie Smith: account no, PIN and password: the password has to be a minimum of 10 characters, one of which must be upper case. The PIN is 5 numbers only.
Peter Foo: account no, PIN, one of six security questions the user can choose, rotating randomly.
Katie Bar: user ID, PIN, password and one of three security questions of which the user must choose from a fixed list, and cannot make up their own.
etc. etc.
That's what my problem is!
I have to remember not one, not two, but SIX different passwords, PIN numbers and security questions simply to access my frikin' bank account online. And I currently have about 12 online accounts of various kinds, most of which impose their own rules to what they want for access (some systems allow numbers in passwords, others don't, some have a minimum of 8 characters, others 10, etc. etc.)
So what do I (and presumably everyone else) do? I write them down somewhere. How much LESS secure is that than having one (or maybe three at most) username/password combinations that I never write down or tell anyone?
So I called my bank a few weeks ago and told them that if I signed a disclaimer, would they allow me to go from six pass/PIN/IDs to just a username and password of my choosing? No no no! Far too insecure.
So would they indemnify me if my notebook was stolen and my account was accessed without my permission? No no no! I'm responsible for my passwords and should not divulge them to anyone!
But nobody can reliably remember SIX things to log in to one account, as well has having to remember all the other usernames/passwords, etc. they might have.
So, I've closed my account with them. Because I think they're too damn insecure.
If you're implying that America somehow exports democracy and social justice to the rest of world, would you care to explain how and to whom?
What about Cuba, or Nicaragua, for instance? What about Honduras? How about Haiti and Guatemala?
All those countries have experienced what you describe, and worse, against them and their national sovereignty. So if North Korea's doing it - they probably just see themselves as going with the flow!
I case you doubt what I say, lets take this little story about Nicaragua as an example:
20 years ago, Nicaragua was on the receiving end of covert operations, assassinations, funding of guerrilla groups and illegal importation of weapons, etc. all perpetrated by the United States. It was on the receiving end of what most people would call terrorism.
Nicaragua responded not by bombing Washington, but by taking it to the World Court, presenting a case for which they had no problem putting together evidence for.
The World Court accepted their case and ruled in their favour. It condemned what it called the 'unlawful use of force' (which basically means international terrorism) by the United States, and ordered the United States to terminate their aggression and to pay massive reparations.
The United States dismissed the court judgment and announced that it would henceforth not accept the jurisdiction of the court. So Nicaragua then went to the UN Security Council which considered a resolution calling on all states to observe international law. No one was mentioned but everyone understood who was being talked about. But the United States vetoed the resolution.
The US therefore now stands as the only state on record which has both been condemned by the World Court for international terrorism and has vetoed a Security Council resolution calling on states to observe international law.
And you think North Korea is bad?
So - Nicaragua then went to the General Assembly where there is technically no veto but a negative US vote amounts to a veto. It passed a similar resolution with only the United States, Israel, and El Salvador opposed.
The following year they went to the General Assembly again, and this time the United States could only rally Israel to the cause, so two votes opposed to observing international law.
At that point, Nicaragua couldn't do anything lawful. It tried all the measures. They don't work in a world that is ruled by force.
So, um, how does the United States export democracy? How does it help to promote world peace exactly? And how much do you know about what the US government is doing overseas?
Clearly very little I think.
I'm not saying people SHOULD ignore the resource issues, or trying to justify anything. I'm just saying that for 80% of people it really doesn't matter that Word takes 5 seconds to start up, or 15 seconds to open a big spreadsheet - if OO takes longer, I'm betting they STILL won't care.
Why do I think this? Because I've worked in companies with 10,000 desktops or more, I know the spec of those machines, and the only time I hear about speed issues is when the user's got bored of waiting because the app's crashed.
I have long been shocked and offended by the use of the terms "male" and "female" in relation to electrical connectors.
The disgusting implication is that these things have genitals, and when they come together they have "sex".
It is an abomination designed by Satan to corrupt young minds to regard everything in terms of lustful conjoinments and to ignore the word of the Lord - who much prefers the terms "master" and "slave."