Because activist judges, traitorous bureaucrats and a complicit media are teaming up to interfere.
Trump really needs to get Jacksonian. He needs to tell the courts fuck you and the horse you rode in on if you can't do your fucking jobs and rule on the letter of the law and its execution, make all the rulings you like they will not be enforced or obeyed. Judges are not entitled to speculate about secret agendas behind laws and executive actions, they get to rule on the content of the law itself being constitutional and if enforcement and/or execution complies with that content.
Trump needs to deal with these leakers and insubordinates. If I were at this point I would go ahead and create a outright culture of fear and terror among the civil servant class. There is just no other option. I'd start offering rewards for information leading to leakers and insubordinates, an if you see something say something campaign. Even the unions can't stop firings for cause, I would make these as public as possible, so as to damage their future job prospects. Hopefully eventually the stress of knowing they will found and fired with prejudice sooner or later will drive the people who are not on board to quit on their own. Those that can't or won't toe the line would want to quit before their careers are harmed.
Explosive small enough to conceal inside a laptop case might not be able to do much damage to the plane if surrounded by a bunch of luggage to absorb the engergy. They might for example require the suicide attacker to place them against a vulnerable part of the aircraft like a window.
There are so many jobs where a degree is objectively not required or is at best only a loose correlation with being qualified that many employers will quickly drop that in favor of a demonstration of expertise.
I mostly won't hire someone without a degree unless they have lots of excellent work history, a name in industry etc. Why because trying to hire a 20 something for an entry level professional position often the first one they have held is hard. Even an entry level professional position is still a professional position. I don't want babysit this person and I don't want to have to pay some supervisor to stand over them and do it either.
They are supposed to be professional they are supposed to know how to solve problems, following directions and procedures that have been laid out, locate other resources as required etc. Having completed college degree from a private college with a decent reputation or a major state university save for a handful across the country with a reputation of being the worst party schools strongly suggests this person can do that or will be able to after just a little mentoring. It highly correlated actually.
This is what subsidized guaranteed loans get you! It does not get you "access for all" it gets you steadily rising costs divorced from the rest of the market and inflation until even the state can't afford to "make college affordable." We are seeing the same crap going on in health care.
The simple fact there is high percentage of people who if at 18 years of age with no assets are allowed to borrow 1/2 a million even at 2 or 3 percent APR, will never be able to return the principle let alone settle the debt. This uncontrolled cost structure will simply bankrupt our state and federal student loan programs.
Quite honestly if someone at 18 could borrow a 1/2 million I would probably be better advice to lever in on capital investing in the form of stock portfolio than for education.
The ONLY answer is to eliminate loan subsidies and force colleges to deliver an suitable education product at a price people can afford.
So the real issue is we need to stop subsidizing labor! The ubers and wallmarts of the world need to pay the real cost of bringing the workers on which they depend to market. The rest of society (major urban areas in particular) need to accept the resulting costs being passed on to them or the disappearance of products and services from the market place.
Get rid of the subsidized housing, and public transport! I think morally we as a society are obligated to feed people but it should pretty much stop there. Wages will go up when McDonald's discovers it can't hire anyone to work in its SF stores because none can afford to live near by and none can afford to get to work unless they are bettered paid. The big business money in SF will discover they have raise wages too because they won't be able to attract talent to a city where you can't buy lunch for less than $50, an train ride to work is $35 each way on their 120K salary.
labor absolutely is a commodity and it needs to be freed form all the government distortions around it so it can be sold that way. At the national level it needs to be treated like any other product, companies should be taxed on the hours they pay workers for over seas. They are simply importing labor.
Those people STILL HAVE NO USE and probably NO ACCESS to paper plane ticket, unless they are literally going to the airport to buy one at the airline counter where they could still be easily issued an e-ticket!
Think for a second great aunt Tilly is going to go to her travel agent or make a reservation by phone (voice). They can then and in fact do provide here with an e-ticket and the reservation number. Hell even if they have to mail of fax her, the travel documents it can still just have an e-ticket number printed on it that she can read off at the check-in counter using the same process the rest of us use.
I meant it when I said there is no reason anyone needs a paper ticket. Considering all the classes of people you mention I still can't see a use case for any of them being given a 'traditional' airline ticket. My mother has some in he scarp book for her travels as a child that is the only time I have even seen paper tickets (I am in my mid thirties). These things only even exist today for the people that go out of their way to get them.
law of large numbers. Pick an aircraft with 140+ seats all sold someone is going to have problems with the device. It will be disruptive.
That said the article is about tickets, which are NOT boarding passes. For those who don't fly often let me explain: I can't remember EVER having a paper plane ticket. e-tickets have been a thing since the 90's even non-computery types usually use e-tickets because that is what their travel agent or secretary does for them. The general public usually books online. and you guessed is issued an e-ticket, which is really just a reservation number/code. They then just show up at the check-in counter and provide their name, destination airport, and the reservation number if they know it and the customer service person looks it up and prints them a boarding pass.
Boarding passes not tickets are what the TSA scans, and what the airline either rips (small carriers that server county airports and the like still do this) or scans at the gate, so they have an accurate passenger manifest and ensure nobody gets on the wrong flight.
Assuming this is talking about tickets and not boarding passes than I would say the time to retire paper ticketing infrastructure was a long time ago as its not useful and I can't think of really any reason why anyone anywhere needs to use. On the other hand paper boarding passes are nice. They are much faster to scan than trying to guess what distance your cell phone screen needs to be held at so they can read the QR code. I really wish people would not do that. When you use those dumb wallet apps or even the airlines own app you are holding up the line, you are THAT GUY and I hate you!
Additionally after a long week onsite somewhere when I am on my way home I'd like to be able to watch the airlines movies streamed over wifi to my phone or read a book with the kindle app and not fear that a dead battery is going to complicate getting on my connecting flight! Its nice to know I can just pull that paper pass out of my pocket and go, even if I have drained my phone watching "Die Hard 14 - People are still leaving piles of money in strange places" on the plane.
Clinton did no such thing. He used a bunch of creative accounting and CBO assumptions that proved to be untrue. The only way those 10 year projections panned out is if the dot comedy continued indefinitely. Arguably Clinton's early economic successes are owed to us not being pulled into any major conflicts and an sensible management (for which he was of course voted out of office) Bush Sr.
Bush Jr probably would have done all right but 9/11 happened. We decided to fight wars in Afghanistan, and less sensibly in Iraq. Obama, and I say this as a detractor, never had a chance. With those two conflicts raging and the collective reluctance to change our China policy there was no way any outcome but massive debt growth was every possible.
Well ultimately the President does not write the budget he offers a suggested one to Congress where they write the real budget, with the work spread across a number of standing Committees controlled (in the parliamentary sense and usually the majority of seats sense) by the majority party.
Under Obama/Pelosi/Reid the Democrats simply did not bother to do one of their most basic jobs of authoring a damn budget. They punted over and over again with "Continuing Resolutions" No I am not naive I know the Rs would not have voted for it either but you can't blame them for not voting on a package that never existed not really.
What was even sadder is we basically got the same CR crap once the House was back in Republican control. Would Obama have signed a Republic budget, probably not but than you can't blame him for not signing a bill that was never sent to his desk, not really.
The problem of course is macro-economics isn't actually much of a science. Unlike micro-economics you mostly can't test anything because you don't have a control. Credible is defined as a bunch of people who went to the same schools agree with you, well no surprise there, its how indoctrination works. I am not even saying its deliberate. People embrace ideas offered to them by people they respect. I have plenty of opinions about computer science I know I inherited from who I considered to be my better professors while in school. Its far more difficult for me to evaluate challenges to those ideas in an unbiased way. However at least those things are somewhat testable in the real world.
I used to believe in free trade but the reality is that its a race to the bottom. Until every trade partner has essentially the same cost structure in terms of worker protections, environmental protections, entitlements, etc capital flees to where it will be most productive for its owner. Specialization isn't really a thing outside situations where one nation is geographically sitting on a large amount of some required natural resource as an input to some process. What free trade will do is probably spread the wealth around the world. Well as an American I am actually pretty happy with wealth being highly concentrated right here, thank you very much. Maybe that is a moral failure on my part, I don't know. Its hard to really feel guilty about wanting the best for my family and friends though. I suspect in those other places if the shoe was on the other foot many of the people there would feel and act the same way I do.
It's like you bought that doohickie at Kohl's a couple weeks ago, now you get the bill and decide to not pay it.
No its like you got the bill and decide rather than pay it you're just going to do a balance transfer to another credit card with a higher limit. Yes the money is already spent, no that does not mean cutting spending in the future isn't a path to filling in the hole.
Just because I am watching Netflix on my Phone does not mean I am looking at it on its 6" screen. I might have it plugged into the HDMI port on the TV in my hotel room. Do that a lot actually.
I am cool with this but only if there is a way to select the standard version.
No people should not be allowed to sue foreign governments for this type of attack. Its not a job for the courts. The Executive should treat attacking a US Citizen on our on soil and act of war however. This sort of thing out to trigger an immediate response, at the very least cessation of all foreign aide to the nation in question and a banking sanctions against the government.
Send a strong and clear message this WONT be tolerated!
I work with a lot of veterans and I have a number of active duty friends, in various services. I can tell you exactly none of them would look to Rambo as role model for being a good soldier. Its also true that they are committed to defending this country, they have to be face death; so yes they enjoy a bit flag waving and they occasional phallic weapons system display. Finally names like this are fun, and they bring some levity to what otherwise would probably some hard stuff to carrier around mentally. I don't see anything wrong with it. In fact I think its a good thing for the rest of society.
We need to remember the reason you have a military is to kill people and break things. Its what they do at their core. Sometimes that is the only way to deal with people who don't like us and seek to cause us harm. Which is not say they can't be effective at delivering food stuffs and building sanitation systems when the situation calls for that but they might not actually be the best tool for that job. A chisel might work as a flat head screw driver but its not safe for the operator, not good the chisel, and has lots of potential to damage the surrounding work. We need to remember what the military is for and let that inform how we direct resources to it and where we deploy it for what tasks. Naming a grenade launcher something that clearly indicates what its for anti-personnel isn't really so bad.
That is the problem with all this technology though isn't it? Whenever our knowledge of chemistry and physics advances we tend to weaponize it first. Than we find the civilian applications and the tech trickles out. Once its out its often not all that hard to re-weaponize it.
Think of all the commercial space business today. None would exists without standing on work down for the V2 rocket program. The heavy lifting, pun intended, was done by militarizes for killing people. Now there is a lot of access. Could Elon must go crazy one day and say with a hand full in inner circle people have one of those things come crashing down on top of the pentagon maybe packed with lithium:-)? I don't know the answer to that but it does not seem impossible.
Similarly could just about any state actor and perhaps some large organized crime groups like the cartels or ISIS arrange to capture nuclear material from the medical industry and build a dirty bomb, at least on a small scale? I think the answer is probably yes.
Yea that seems like it could go really badly for the operators if the winds are blowing the wrong way. Sounds like this thing would have produced quite a bit of fallout. Even though you probably wont get direct effects from the initial detonation, Its not hard to imagine some pretty hazardous dust blowing back on your position from where this thing lands a couple miles away a short time later. Better make sure the target is down wind.
That protects individual accounts but not the organization. A lot of attacks consist of collect as many username (or likely usernames) as possible. That might be e-mail address harvesting, pulling them out of document metadata for stuff published online etc. Maybe there is a corporate contact list avalible and you know its firstInitialLastName for usernames via some other method. Next the attacker will select two or three likely password, ${SportsTeam}2017! that just won, Winder2017!, ${COPR}Sucks123! and try those on all the user names.
So you now need to also manage authentication events from a single source, which is hard for web apps especially on B2B apps because heck 50 clients might be behind a NAT and appear to come form the same source. You can't use things like UserAgent + IP either because they are all using corporate laptops with the same browser...
For a lot of sites rate limiting like what you suggests is actually not trivial. Yes you can put in some generous upper limits like not more than 100 auth requests per 5min for a single IP or something but that still lets an attacker work thru a strategy like the one I laid out pretty quickly.
When I was on a corporate security we actually used to suggest this! You could gbe disciplined if you were caught with a password on a sticky note attached to monitor or under a keyboard but we told people it was okay to write them down if they must provided they keep it in their wallet or purse. This was our official policy.
Why?
Most people notice a wallet or purse missing almost immediately! Certainly within hours. Which is still on the pretty good end of compromised password detection. We simply told them if you choose to do this you need to add corporate security to the top of your list of who to contact when your wallet goes missing, the same way you'd call your CC company. Someone on the CIRT team would change your password or simply lock your account if you are unable to participate in the change process at that time.
The reality is unless you allow weak passwords they are going to get written down, so best enable people to do that as safely as possible. I know people still hate mandatory password rotation here but honestly its a good control if done properly. Lets say like not more often than every six weeks, and at least every 12. Its still a good detective control, will cause a compromised account to be noticed eventually or the attacker will lose access. It will still ensure unused accounts are eventually locked out (admittedly a last login audit could do this one too).
You fight the subsitition rules with some effectiveness and still keep your memory sane if you make up some slightly more complex rules for your own use like:
a gets replaced with @ unless it the second occurrence in the word.
o gets replaced with 0 only if its the fist occurrence.
7 always replaces t
5 replaces s only if two ss appear consecutively
and so on. If you make up a ruleset like that or write it down somewhere than you can still probably get a way with using combinations of dictionary words for a little long. Kali contains a pretty popular password dictionary called rockyou that has most of these words applied, its always worth a quick grep over that to make sure what you selected ain't in that list.
If you have upper- and lower-case letters, numbers, and symbols then each character is one from a set of 80, so a random 8-character password from this set contains 50 bits of entropy (2^50 possible combinations). To store all such passwords in a rainbow table would require 2^54 bytes (8 petabytes) of storage. I doubt that most hackers have that much space.
They don't and they don't need it. In fact it would require more storage in most cases because of salts.
8 chars or so is about the tipping point where it takes longer to search the storage for a hash mach than it does just to generate the hashes on the fly and see if they match, using a gang a GPU units. That said 8 chars of truly random pick 80 selections will still stand up pretty damn well. Most folks doing password cracking are still using dictionary based attacks. Granted they 20 gig dictionaries with ever Latin root language word and all common char substitution with other 'rules' as well but its not a true brute force.
I think difficult to type is probably anti-security actually when it comes to password managers. It means almost certainly you going to be moving the plain text from your password manager to your clipboard which multiple processes have access to read.
Assuming Network app A has an RCE but is running unprivileged its not going to able to read memory of your Password Manager, or Network app B you are entering your password into. So if app A is pwned and app B has a different password app B is still secure. Unless app B's password ends up in the shared clipboard that app A can read.
I submit that facebook and mySpace are quite different. facebook is much much more about interaction, and mySpace was a lot more about publishing. To that end its hard to extricate yourself from facebook. When your friends put out invitations as facebook events, when your relatives check their E-mail once a month but their facebook messages ten times a day, when all the photos your wife have been stored their for 10 years, its hard to leave.
Actually even today's kids use FB not the way their parents do but they still regularly login which is what the ad men care about so FB is just fine going forward even if the interactions change.
Which is precisely why we need to use the old common law definition of rape. Which requires either a whiteness or a whiteness immediately after the fact who can testify to distress and injury that occurred. Rape is a very very serious crime and it should prosecuted and punished most severely!
People need to understand though that if you either don't physically resist or there isn't a whiteness to the fact that you did not have any choice or both than its not rape. Which is not say it can't be a lessor crime like sexual assault, simple assault, blackmail, you name it just not rape and the severity of consequences that carries for whom we otherwise have only your word is a perpetrator.
Slashdot Mirror
he's delivering exactly nothing
Because activist judges, traitorous bureaucrats and a complicit media are teaming up to interfere.
Trump really needs to get Jacksonian. He needs to tell the courts fuck you and the horse you rode in on if you can't do your fucking jobs and rule on the letter of the law and its execution, make all the rulings you like they will not be enforced or obeyed. Judges are not entitled to speculate about secret agendas behind laws and executive actions, they get to rule on the content of the law itself being constitutional and if enforcement and/or execution complies with that content.
Trump needs to deal with these leakers and insubordinates. If I were at this point I would go ahead and create a outright culture of fear and terror among the civil servant class. There is just no other option. I'd start offering rewards for information leading to leakers and insubordinates, an if you see something say something campaign. Even the unions can't stop firings for cause, I would make these as public as possible, so as to damage their future job prospects. Hopefully eventually the stress of knowing they will found and fired with prejudice sooner or later will drive the people who are not on board to quit on their own. Those that can't or won't toe the line would want to quit before their careers are harmed.
Explosive small enough to conceal inside a laptop case might not be able to do much damage to the plane if surrounded by a bunch of luggage to absorb the engergy. They might for example require the suicide attacker to place them against a vulnerable part of the aircraft like a window.
There are so many jobs where a degree is objectively not required or is at best only a loose correlation with being qualified that many employers will quickly drop that in favor of a demonstration of expertise.
I mostly won't hire someone without a degree unless they have lots of excellent work history, a name in industry etc. Why because trying to hire a 20 something for an entry level professional position often the first one they have held is hard. Even an entry level professional position is still a professional position. I don't want babysit this person and I don't want to have to pay some supervisor to stand over them and do it either.
They are supposed to be professional they are supposed to know how to solve problems, following directions and procedures that have been laid out, locate other resources as required etc. Having completed college degree from a private college with a decent reputation or a major state university save for a handful across the country with a reputation of being the worst party schools strongly suggests this person can do that or will be able to after just a little mentoring. It highly correlated actually.
This is what subsidized guaranteed loans get you! It does not get you "access for all" it gets you steadily rising costs divorced from the rest of the market and inflation until even the state can't afford to "make college affordable." We are seeing the same crap going on in health care.
The simple fact there is high percentage of people who if at 18 years of age with no assets are allowed to borrow 1/2 a million even at 2 or 3 percent APR, will never be able to return the principle let alone settle the debt. This uncontrolled cost structure will simply bankrupt our state and federal student loan programs.
Quite honestly if someone at 18 could borrow a 1/2 million I would probably be better advice to lever in on capital investing in the form of stock portfolio than for education.
The ONLY answer is to eliminate loan subsidies and force colleges to deliver an suitable education product at a price people can afford.
So the real issue is we need to stop subsidizing labor! The ubers and wallmarts of the world need to pay the real cost of bringing the workers on which they depend to market. The rest of society (major urban areas in particular) need to accept the resulting costs being passed on to them or the disappearance of products and services from the market place.
Get rid of the subsidized housing, and public transport! I think morally we as a society are obligated to feed people but it should pretty much stop there. Wages will go up when McDonald's discovers it can't hire anyone to work in its SF stores because none can afford to live near by and none can afford to get to work unless they are bettered paid. The big business money in SF will discover they have raise wages too because they won't be able to attract talent to a city where you can't buy lunch for less than $50, an train ride to work is $35 each way on their 120K salary.
labor absolutely is a commodity and it needs to be freed form all the government distortions around it so it can be sold that way. At the national level it needs to be treated like any other product, companies should be taxed on the hours they pay workers for over seas. They are simply importing labor.
Those people STILL HAVE NO USE and probably NO ACCESS to paper plane ticket, unless they are literally going to the airport to buy one at the airline counter where they could still be easily issued an e-ticket!
Think for a second great aunt Tilly is going to go to her travel agent or make a reservation by phone (voice). They can then and in fact do provide here with an e-ticket and the reservation number. Hell even if they have to mail of fax her, the travel documents it can still just have an e-ticket number printed on it that she can read off at the check-in counter using the same process the rest of us use.
I meant it when I said there is no reason anyone needs a paper ticket. Considering all the classes of people you mention I still can't see a use case for any of them being given a 'traditional' airline ticket. My mother has some in he scarp book for her travels as a child that is the only time I have even seen paper tickets (I am in my mid thirties). These things only even exist today for the people that go out of their way to get them.
law of large numbers. Pick an aircraft with 140+ seats all sold someone is going to have problems with the device. It will be disruptive.
That said the article is about tickets, which are NOT boarding passes. For those who don't fly often let me explain: I can't remember EVER having a paper plane ticket. e-tickets have been a thing since the 90's even non-computery types usually use e-tickets because that is what their travel agent or secretary does for them. The general public usually books online. and you guessed is issued an e-ticket, which is really just a reservation number/code. They then just show up at the check-in counter and provide their name, destination airport, and the reservation number if they know it and the customer service person looks it up and prints them a boarding pass.
Boarding passes not tickets are what the TSA scans, and what the airline either rips (small carriers that server county airports and the like still do this) or scans at the gate, so they have an accurate passenger manifest and ensure nobody gets on the wrong flight.
Assuming this is talking about tickets and not boarding passes than I would say the time to retire paper ticketing infrastructure was a long time ago as its not useful and I can't think of really any reason why anyone anywhere needs to use. On the other hand paper boarding passes are nice. They are much faster to scan than trying to guess what distance your cell phone screen needs to be held at so they can read the QR code. I really wish people would not do that. When you use those dumb wallet apps or even the airlines own app you are holding up the line, you are THAT GUY and I hate you!
Additionally after a long week onsite somewhere when I am on my way home I'd like to be able to watch the airlines movies streamed over wifi to my phone or read a book with the kindle app and not fear that a dead battery is going to complicate getting on my connecting flight! Its nice to know I can just pull that paper pass out of my pocket and go, even if I have drained my phone watching "Die Hard 14 - People are still leaving piles of money in strange places" on the plane.
Clinton did no such thing. He used a bunch of creative accounting and CBO assumptions that proved to be untrue. The only way those 10 year projections panned out is if the dot comedy continued indefinitely. Arguably Clinton's early economic successes are owed to us not being pulled into any major conflicts and an sensible management (for which he was of course voted out of office) Bush Sr.
Bush Jr probably would have done all right but 9/11 happened. We decided to fight wars in Afghanistan, and less sensibly in Iraq. Obama, and I say this as a detractor, never had a chance. With those two conflicts raging and the collective reluctance to change our China policy there was no way any outcome but massive debt growth was every possible.
Well ultimately the President does not write the budget he offers a suggested one to Congress where they write the real budget, with the work spread across a number of standing Committees controlled (in the parliamentary sense and usually the majority of seats sense) by the majority party.
Under Obama/Pelosi/Reid the Democrats simply did not bother to do one of their most basic jobs of authoring a damn budget. They punted over and over again with "Continuing Resolutions" No I am not naive I know the Rs would not have voted for it either but you can't blame them for not voting on a package that never existed not really.
What was even sadder is we basically got the same CR crap once the House was back in Republican control. Would Obama have signed a Republic budget, probably not but than you can't blame him for not signing a bill that was never sent to his desk, not really.
credible economist
The problem of course is macro-economics isn't actually much of a science. Unlike micro-economics you mostly can't test anything because you don't have a control. Credible is defined as a bunch of people who went to the same schools agree with you, well no surprise there, its how indoctrination works. I am not even saying its deliberate. People embrace ideas offered to them by people they respect. I have plenty of opinions about computer science I know I inherited from who I considered to be my better professors while in school. Its far more difficult for me to evaluate challenges to those ideas in an unbiased way. However at least those things are somewhat testable in the real world.
I used to believe in free trade but the reality is that its a race to the bottom. Until every trade partner has essentially the same cost structure in terms of worker protections, environmental protections, entitlements, etc capital flees to where it will be most productive for its owner. Specialization isn't really a thing outside situations where one nation is geographically sitting on a large amount of some required natural resource as an input to some process. What free trade will do is probably spread the wealth around the world. Well as an American I am actually pretty happy with wealth being highly concentrated right here, thank you very much. Maybe that is a moral failure on my part, I don't know. Its hard to really feel guilty about wanting the best for my family and friends though. I suspect in those other places if the shoe was on the other foot many of the people there would feel and act the same way I do.
It's like you bought that doohickie at Kohl's a couple weeks ago, now you get the bill and decide to not pay it.
No its like you got the bill and decide rather than pay it you're just going to do a balance transfer to another credit card with a higher limit. Yes the money is already spent, no that does not mean cutting spending in the future isn't a path to filling in the hole.
Just because I am watching Netflix on my Phone does not mean I am looking at it on its 6" screen. I might have it plugged into the HDMI port on the TV in my hotel room. Do that a lot actually.
I am cool with this but only if there is a way to select the standard version.
No people should not be allowed to sue foreign governments for this type of attack. Its not a job for the courts. The Executive should treat attacking a US Citizen on our on soil and act of war however. This sort of thing out to trigger an immediate response, at the very least cessation of all foreign aide to the nation in question and a banking sanctions against the government.
Send a strong and clear message this WONT be tolerated!
I work with a lot of veterans and I have a number of active duty friends, in various services. I can tell you exactly none of them would look to Rambo as role model for being a good soldier. Its also true that they are committed to defending this country, they have to be face death; so yes they enjoy a bit flag waving and they occasional phallic weapons system display. Finally names like this are fun, and they bring some levity to what otherwise would probably some hard stuff to carrier around mentally. I don't see anything wrong with it. In fact I think its a good thing for the rest of society.
We need to remember the reason you have a military is to kill people and break things. Its what they do at their core. Sometimes that is the only way to deal with people who don't like us and seek to cause us harm. Which is not say they can't be effective at delivering food stuffs and building sanitation systems when the situation calls for that but they might not actually be the best tool for that job. A chisel might work as a flat head screw driver but its not safe for the operator, not good the chisel, and has lots of potential to damage the surrounding work. We need to remember what the military is for and let that inform how we direct resources to it and where we deploy it for what tasks. Naming a grenade launcher something that clearly indicates what its for anti-personnel isn't really so bad.
That is the problem with all this technology though isn't it? Whenever our knowledge of chemistry and physics advances we tend to weaponize it first. Than we find the civilian applications and the tech trickles out. Once its out its often not all that hard to re-weaponize it.
Think of all the commercial space business today. None would exists without standing on work down for the V2 rocket program. The heavy lifting, pun intended, was done by militarizes for killing people. Now there is a lot of access. Could Elon must go crazy one day and say with a hand full in inner circle people have one of those things come crashing down on top of the pentagon maybe packed with lithium :-)? I don't know the answer to that but it does not seem impossible.
Similarly could just about any state actor and perhaps some large organized crime groups like the cartels or ISIS arrange to capture nuclear material from the medical industry and build a dirty bomb, at least on a small scale? I think the answer is probably yes.
Yea that seems like it could go really badly for the operators if the winds are blowing the wrong way. Sounds like this thing would have produced quite a bit of fallout. Even though you probably wont get direct effects from the initial detonation, Its not hard to imagine some pretty hazardous dust blowing back on your position from where this thing lands a couple miles away a short time later. Better make sure the target is down wind.
Really? You don't think lots of people say clock in all about the same time in the morning, all return from lunch around 1pm, etc?
ha.
That protects individual accounts but not the organization. A lot of attacks consist of collect as many username (or likely usernames) as possible. That might be e-mail address harvesting, pulling them out of document metadata for stuff published online etc. Maybe there is a corporate contact list avalible and you know its firstInitialLastName for usernames via some other method. Next the attacker will select two or three likely password, ${SportsTeam}2017! that just won, Winder2017!, ${COPR}Sucks123! and try those on all the user names.
So you now need to also manage authentication events from a single source, which is hard for web apps especially on B2B apps because heck 50 clients might be behind a NAT and appear to come form the same source. You can't use things like UserAgent + IP either because they are all using corporate laptops with the same browser...
For a lot of sites rate limiting like what you suggests is actually not trivial. Yes you can put in some generous upper limits like not more than 100 auth requests per 5min for a single IP or something but that still lets an attacker work thru a strategy like the one I laid out pretty quickly.
storing them in their wallet or purse
When I was on a corporate security we actually used to suggest this! You could gbe disciplined if you were caught with a password on a sticky note attached to monitor or under a keyboard but we told people it was okay to write them down if they must provided they keep it in their wallet or purse. This was our official policy.
Why?
Most people notice a wallet or purse missing almost immediately! Certainly within hours. Which is still on the pretty good end of compromised password detection. We simply told them if you choose to do this you need to add corporate security to the top of your list of who to contact when your wallet goes missing, the same way you'd call your CC company. Someone on the CIRT team would change your password or simply lock your account if you are unable to participate in the change process at that time.
The reality is unless you allow weak passwords they are going to get written down, so best enable people to do that as safely as possible. I know people still hate mandatory password rotation here but honestly its a good control if done properly. Lets say like not more often than every six weeks, and at least every 12. Its still a good detective control, will cause a compromised account to be noticed eventually or the attacker will lose access. It will still ensure unused accounts are eventually locked out (admittedly a last login audit could do this one too).
You fight the subsitition rules with some effectiveness and still keep your memory sane if you make up some slightly more complex rules for your own use like:
a gets replaced with @ unless it the second occurrence in the word.
o gets replaced with 0 only if its the fist occurrence.
7 always replaces t
5 replaces s only if two ss appear consecutively
and so on. If you make up a ruleset like that or write it down somewhere than you can still probably get a way with using combinations of dictionary words for a little long. Kali contains a pretty popular password dictionary called rockyou that has most of these words applied, its always worth a quick grep over that to make sure what you selected ain't in that list.
If you have upper- and lower-case letters, numbers, and symbols then each character is one from a set of 80, so a random 8-character password from this set contains 50 bits of entropy (2^50 possible combinations). To store all such passwords in a rainbow table would require 2^54 bytes (8 petabytes) of storage. I doubt that most hackers have that much space.
They don't and they don't need it. In fact it would require more storage in most cases because of salts.
8 chars or so is about the tipping point where it takes longer to search the storage for a hash mach than it does just to generate the hashes on the fly and see if they match, using a gang a GPU units. That said 8 chars of truly random pick 80 selections will still stand up pretty damn well. Most folks doing password cracking are still using dictionary based attacks. Granted they 20 gig dictionaries with ever Latin root language word and all common char substitution with other 'rules' as well but its not a true brute force.
I think difficult to type is probably anti-security actually when it comes to password managers. It means almost certainly you going to be moving the plain text from your password manager to your clipboard which multiple processes have access to read.
Assuming Network app A has an RCE but is running unprivileged its not going to able to read memory of your Password Manager, or Network app B you are entering your password into. So if app A is pwned and app B has a different password app B is still secure. Unless app B's password ends up in the shared clipboard that app A can read.
School Children in the year 2200 will probably be reading about the Martian Potato famine.
I submit that facebook and mySpace are quite different. facebook is much much more about interaction, and mySpace was a lot more about publishing. To that end its hard to extricate yourself from facebook. When your friends put out invitations as facebook events, when your relatives check their E-mail once a month but their facebook messages ten times a day, when all the photos your wife have been stored their for 10 years, its hard to leave.
Actually even today's kids use FB not the way their parents do but they still regularly login which is what the ad men care about so FB is just fine going forward even if the interactions change.
Which is precisely why we need to use the old common law definition of rape. Which requires either a whiteness or a whiteness immediately after the fact who can testify to distress and injury that occurred. Rape is a very very serious crime and it should prosecuted and punished most severely!
People need to understand though that if you either don't physically resist or there isn't a whiteness to the fact that you did not have any choice or both than its not rape. Which is not say it can't be a lessor crime like sexual assault, simple assault, blackmail, you name it just not rape and the severity of consequences that carries for whom we otherwise have only your word is a perpetrator.