Granted this is just an interesting concept at the moment, however I think Microsoft may have something worthwhile here. The only thing is lacking (or missing rather) is a tactile interface - so that one could "feel" virtual objects.
I'll be paying attention to this, because I think this could be a game changer.
It's probably more than just a concept. They're marketing it like it will be out for holiday season 2015. It looks like they view this as the "killer app" for Windows 10. The closing of the ad shows both the Windows 10 and Microsoft logos in sequence.
I wonder how it'll play with an HP Sprout or a 3-D printer.
Better yet, tell everyone it's when the taser is fired, but activate it when the device is removed from holster/ pocket. It probably would only work once, but that once might be worth it.
Yeah Steam locos are really in the "rare, but not gone" category. Though I guess that applies to a lot of these sounds. Another rare, but not completely gone: the scrape of a phonograph needle across an LP.
Most places have an off switch for the fountains. It costs an extra $million, but these people can afford it./jk, but you know what I mean. Sometimes you want to look at the view, and other times LA is covered in smog and the fountains look nice.
Several weeks later, a meeting took place between Google executives and Connecticut Attorney General George Jepsen. The same morning the meeting took place, MPAA's Perrelli was informed about it by two attorneys at the AG's office, who offered to send Google's presentation to Perrelli. Jepsen reached out to the MPAA, seeking demands that he could press against Google.
The article makes clear that many AG offices seem to be favoring the MPAA side, even after hearing from Google. I'd be really interested to see a survey of who's funding election campaigns for all state AGs in the country. Follow the money and see what shows up.
Maybe, as long as the sentence isn't a quotation from anything online or exceeds 50 characters or so. Dictionary attacks use entire phrases now, but they still don't go beyond a character limit that's fairly low compared to entire sentences.
Some additional password fuzzing techniques to consider. - Putting nums or special characters between syllables in words, not just between the words. - Using multiple specials/nums between each word. - Strange uses of spaces and punctuation. - There are 2 additional ways to encode alpha characters as numbers besides 1337-speak. Use alternate means. - use puns or homophones to make your phrase less likely to match a dictionary.
As far as the OP, there are some things that your company can do to improve security without completely abandoning the passwords. They may find some of these more palatable: - Instead of sending new password direct to user, send an access code to the user's manager. User has to request the access code from the manager, then use the code to login to the site that gives them their temporary password. This has the additional advantage of bringing to manager's attention which employees are particularly bad at remembering their passwords, and who probably need more attention to assure they don't have any sticky note reminders on their desktop. - Rather than use full 2-factor authentication, just enable a standard password locker software to install on each employee's computer and give them a flash drive to host their password file. This is a lot cheaper than buying customized smart cards or key dongles, and is significantly more secure than what you have now, especially if they use the random PW generators that most lockers make available.
I wouldn't use 1 PB as the benchmark. Only half of the drives in the sample made it that long. but 3 TB per year means 33 years to even reach 100 TB. It's pretty likely your entire computer will be obsolete by then, even if Moore's law bottoms out in the next decade or so.
Speaking of using misleading statements, you should make clear that NIH article states that THC does impair, although with the disclaimer that pot smokers tend to be able to compensate for their impairment:
"Detrimental effects of cannabis use vary in a dose-related fashion, and are more pronounced with highly automatic driving functions than with more complex tasks that require conscious control, whereas with alcohol produces an opposite pattern of impairment. Because of both this and an increased awareness that they are impaired, marijuana smokers tend to compensate effectively while driving by utilizing a variety of behavioral strategies. "
This bears out some of the anecdotal evidence from LEOs in the thread above.
For a very drunk person a curve in the road or a traffic light turning yellow constitutes "something unusual" occurring. Weaving in and out of lane or running a light is a pretty sure indicator and will get you pulled over by any cop that sees you. The breath test is really just the extra bit of "scientific" evidence to back-up the officer's initial probable cause. Or another way of looking at it, the DWI charge is just an enhancement of the actual crime of failing to maintain a lane or running a red light.
Of course, when they set up sobriety checkpoints and they stop you without probable cause, they also catch the folks who aren't particularly impaired but have have alcohol on their breath and fall above the magic 0.10 or 0.08 blood alcohol threshold.
The thing is that alcohol is proven to impair most people's driving, in many cases severely - to the point where it's worth catching them before they drive erratically and risk other peoples' safety. You can argue whether 0.08 BAP is too low, but there should be some threshold. For pot, the evidence is less clear. The THC threshold in Washington's law is most likely a political bone thrown to conservatives who abhor the idea of legalization in the first place.
Yeah, there's just as much risk from outside distractions as from the driver's innate reaction time. As others have stated, the big risk from drunks is that they tend to misjudge their abilities (so incompetent they don't realize they're incompetent) and fail to adjust to their impaired condition.
Yeah, playing is a matter of performing a known task. No reaction time required because you can plan your moves ahead.
The danger in driving is that you have to react to the unexpected. Anything that slows your reaction time down or delays the start of the reaction, whether you're drunk, texting or just looking in the rear-view mirror, is a risk. I don't know the evidence for measurement of reaction times when high or stoned, so I won't comment on the reasonableness of the law.
Comcast provides DNS registry service for their business customers, so their mail relays damn well better support mail coming from a domain that they registered (or at least acted as the middle-man for a real registrar).
A lot of assumptions in both of these models. And climate change is only one failure mode of civilization that could be applicable here. 1) Global Thermonuclear War 2) Global Pandemic 3) extinction event (meteor/volcanic eruption) 4) mass civil uprisings from the 99%
This type of device _would_ be viable for specific locations where survival becomes an issue - say refugee camps or other civilian groups in war zones/famine zones, etc.
You're assuming that an apocalyptic event would take hundreds (or at least dozens) of years before people were able to figure out how to turn these things on. There are plenty of plausible situations where the infrastructure of civilization is gone, but the relics could still work - given enough power (massive global "super-Ebola" outbreak, for example).
OTOH, you don't want to have to spend a lot of time post-apocalypse maintaining one of these. The necessity of scrounging for acid-free paper or building and maintaining a lead-acid battery and generating infrastructure make this more of a tool for groups who already have power and/or paper available for other needs.
Trusting in Bitcoin to avoid civil forfeiture is like trusting in TOR to avoid NSA or FBI surveillance. It's necessary but not sufficient by itself. The same kind of network analysis that the NSA does from telecom and ISP metadata can be done with transfers between Bitcoin wallets and location-based data between the computers handling the transfer.
IT isn't "overhead", it's what keeps modern businesses running. If an IT dept. is being treated as overhead or janitors, that means that business is just treading water on existing tech and is failing to take advantage of new capabilities. If you're in IT and being treated like a janitor, you probably don't want to invest in the company stock plan.
OTOH, I've also run into some IT departments where the development teams think they are gods and treat the test teams and operations teams with the same condescension that comes from PHBs. "Teamwork" is such an inane term, but if you don't treat your co-workers with respect (at least outside of your inner thoughts) it has an erosive effect on your company's success. This applies both to the IT user who f-s up their computer AND to the guy who has to deal with that user both to fix the immediate issue and (with luck) educate the user just enough to prevent future disasters.
Yeah, if they reorganize the "PC Settings" into categories where we have to read the minds of the MS development team to figure out what category the applet runs under,it'll be another C-F. How many IT folks here _don't_ switch the current control panel to "Classic" view on Win Server 2003/2008 or Win7? Don't force folks into an extra layer of memorization to figure out how to get to the WIndows Services dialog, etc.
Actually, if this is truly a private company, he's in clear violation of Federal anti-corruption laws. At least that's what they keep hammering at us in the corporate "pin the liability on the employee" training.
From my POV the more likely explanation is that "private" security firm is an NSA front. I doubt this company would get much business outside the US, with so many NSA ties already known. So my guess is that they use it to funnel NSA technologies and data to other government agencies that can't obtain them (legally) by other means..
Slashdot Mirror
Granted this is just an interesting concept at the moment, however I think Microsoft may have something worthwhile here. The only thing is lacking (or missing rather) is a tactile interface - so that one could "feel" virtual objects.
I'll be paying attention to this, because I think this could be a game changer.
It's probably more than just a concept. They're marketing it like it will be out for holiday season 2015. It looks like they view this as the "killer app" for Windows 10. The closing of the ad shows both the Windows 10 and Microsoft logos in sequence.
I wonder how it'll play with an HP Sprout or a 3-D printer.
Better yet, tell everyone it's when the taser is fired, but activate it when the device is removed from holster/ pocket. It probably would only work once, but that once might be worth it.
Yeah Steam locos are really in the "rare, but not gone" category. Though I guess that applies to a lot of these sounds. Another rare, but not completely gone: the scrape of a phonograph needle across an LP.
Well, we still get coil whine on many GPU's, so it's still around. Just not as noticeable.
Yeah, it's not just the ringer, but the pulsing sound of the rotary dial itself that's gone. Touch tones even on the analog phones.
Most places have an off switch for the fountains. It costs an extra $million, but these people can afford it. /jk, but you know what I mean. Sometimes you want to look at the view, and other times LA is covered in smog and the fountains look nice.
I can just see them asking the seller "who the f--- is this Persson guy anyway?" OTOH, if they have kids of a certain age, they know.
Google is lobbying the AG's themselves, but they seem to be on the defensive. From Ars: http://arstechnica.com/tech-po...
Several weeks later, a meeting took place between Google executives and Connecticut Attorney General George Jepsen. The same morning the meeting took place, MPAA's Perrelli was informed about it by two attorneys at the AG's office, who offered to send Google's presentation to Perrelli. Jepsen reached out to the MPAA, seeking demands that he could press against Google.
The article makes clear that many AG offices seem to be favoring the MPAA side, even after hearing from Google. I'd be really interested to see a survey of who's funding election campaigns for all state AGs in the country. Follow the money and see what shows up.
Maybe, as long as the sentence isn't a quotation from anything online or exceeds 50 characters or so. Dictionary attacks use entire phrases now, but they still don't go beyond a character limit that's fairly low compared to entire sentences.
Some additional password fuzzing techniques to consider.
- Putting nums or special characters between syllables in words, not just between the words.
- Using multiple specials/nums between each word.
- Strange uses of spaces and punctuation.
- There are 2 additional ways to encode alpha characters as numbers besides 1337-speak. Use alternate means.
- use puns or homophones to make your phrase less likely to match a dictionary.
As far as the OP, there are some things that your company can do to improve security without completely abandoning the passwords. They may find some of these more palatable:
- Instead of sending new password direct to user, send an access code to the user's manager. User has to request the access code from the manager, then use the code to login to the site that gives them their temporary password. This has the additional advantage of bringing to manager's attention which employees are particularly bad at remembering their passwords, and who probably need more attention to assure they don't have any sticky note reminders on their desktop.
- Rather than use full 2-factor authentication, just enable a standard password locker software to install on each employee's computer and give them a flash drive to host their password file. This is a lot cheaper than buying customized smart cards or key dongles, and is significantly more secure than what you have now, especially if they use the random PW generators that most lockers make available.
I wouldn't use 1 PB as the benchmark. Only half of the drives in the sample made it that long. but 3 TB per year means 33 years to even reach 100 TB. It's pretty likely your entire computer will be obsolete by then, even if Moore's law bottoms out in the next decade or so.
Speaking of using misleading statements, you should make clear that NIH article states that THC does impair, although with the disclaimer that pot smokers tend to be able to compensate for their impairment:
"Detrimental effects of cannabis use vary in a dose-related fashion, and are more pronounced with highly automatic driving functions than with more complex tasks that require conscious control, whereas with alcohol produces an opposite pattern of impairment. Because of both this and an increased awareness that they are impaired, marijuana smokers tend to compensate effectively while driving by utilizing a variety of behavioral strategies. "
This bears out some of the anecdotal evidence from LEOs in the thread above.
For a very drunk person a curve in the road or a traffic light turning yellow constitutes "something unusual" occurring. Weaving in and out of lane or running a light is a pretty sure indicator and will get you pulled over by any cop that sees you. The breath test is really just the extra bit of "scientific" evidence to back-up the officer's initial probable cause. Or another way of looking at it, the DWI charge is just an enhancement of the actual crime of failing to maintain a lane or running a red light.
Of course, when they set up sobriety checkpoints and they stop you without probable cause, they also catch the folks who aren't particularly impaired but have have alcohol on their breath and fall above the magic 0.10 or 0.08 blood alcohol threshold.
The thing is that alcohol is proven to impair most people's driving, in many cases severely - to the point where it's worth catching them before they drive erratically and risk other peoples' safety. You can argue whether 0.08 BAP is too low, but there should be some threshold. For pot, the evidence is less clear. The THC threshold in Washington's law is most likely a political bone thrown to conservatives who abhor the idea of legalization in the first place.
And of course the Pizza Hut and Papa John's drivers are absolutely safe by comparison...
Yeah, there's just as much risk from outside distractions as from the driver's innate reaction time. As others have stated, the big risk from drunks is that they tend to misjudge their abilities (so incompetent they don't realize they're incompetent) and fail to adjust to their impaired condition.
Yeah, playing is a matter of performing a known task. No reaction time required because you can plan your moves ahead.
The danger in driving is that you have to react to the unexpected. Anything that slows your reaction time down or delays the start of the reaction, whether you're drunk, texting or just looking in the rear-view mirror, is a risk. I don't know the evidence for measurement of reaction times when high or stoned, so I won't comment on the reasonableness of the law.
OTOH, Comcast business class accounts use Outlook/Exchange, so maybe you just need to point to their Exchange servers instead.
Comcast provides DNS registry service for their business customers, so their mail relays damn well better support mail coming from a domain that they registered (or at least acted as the middle-man for a real registrar).
In other words, you're advocating to restore the original works...
A lot of assumptions in both of these models. And climate change is only one failure mode of civilization that could be applicable here.
1) Global Thermonuclear War
2) Global Pandemic
3) extinction event (meteor/volcanic eruption)
4) mass civil uprisings from the 99%
This type of device _would_ be viable for specific locations where survival becomes an issue - say refugee camps or other civilian groups in war zones/famine zones, etc.
You're assuming that an apocalyptic event would take hundreds (or at least dozens) of years before people were able to figure out how to turn these things on. There are plenty of plausible situations where the infrastructure of civilization is gone, but the relics could still work - given enough power (massive global "super-Ebola" outbreak, for example).
OTOH, you don't want to have to spend a lot of time post-apocalypse maintaining one of these. The necessity of scrounging for acid-free paper or building and maintaining a lead-acid battery and generating infrastructure make this more of a tool for groups who already have power and/or paper available for other needs.
Trusting in Bitcoin to avoid civil forfeiture is like trusting in TOR to avoid NSA or FBI surveillance. It's necessary but not sufficient by itself. The same kind of network analysis that the NSA does from telecom and ISP metadata can be done with transfers between Bitcoin wallets and location-based data between the computers handling the transfer.
This.
IT isn't "overhead", it's what keeps modern businesses running. If an IT dept. is being treated as overhead or janitors, that means that business is just treading water on existing tech and is failing to take advantage of new capabilities. If you're in IT and being treated like a janitor, you probably don't want to invest in the company stock plan.
OTOH, I've also run into some IT departments where the development teams think they are gods and treat the test teams and operations teams with the same condescension that comes from PHBs. "Teamwork" is such an inane term, but if you don't treat your co-workers with respect (at least outside of your inner thoughts) it has an erosive effect on your company's success. This applies both to the IT user who f-s up their computer AND to the guy who has to deal with that user both to fix the immediate issue and (with luck) educate the user just enough to prevent future disasters.
...says the junior PFK under the BOFH's tutelage.
Yeah, if they reorganize the "PC Settings" into categories where we have to read the minds of the MS development team to figure out what category the applet runs under,it'll be another C-F. How many IT folks here _don't_ switch the current control panel to "Classic" view on Win Server 2003/2008 or Win7? Don't force folks into an extra layer of memorization to figure out how to get to the WIndows Services dialog, etc.
Actually, if this is truly a private company, he's in clear violation of Federal anti-corruption laws. At least that's what they keep hammering at us in the corporate "pin the liability on the employee" training.
From my POV the more likely explanation is that "private" security firm is an NSA front. I doubt this company would get much business outside the US, with so many NSA ties already known. So my guess is that they use it to funnel NSA technologies and data to other government agencies that can't obtain them (legally) by other means..