It seems to me that a huge danger of a population study like this is that they can't easily allow for things that *cause* people to be underweight. For instance, many people with cancer will lose weight because of their disease (or because of chemo.) So if you measure their weight, find it "below average" and then they die, it doesn't mean that the lower weight increased the death risk. It means that the thing that killed them first caused weight loss. That's going to make lower weight in general look riskier all the way up from underweight to overweight.
Very likely not. Look closely at the pictures. She's not really "frozen" at age two. Her body is a mismash of toddler and teenage features. She will likely face many problems in the future. If she reaches the age of 30, it is very likely she will face many of the aging problems the rest of us do.
The trouble with this is that too often "erring on the side of security" means decreasing usability in ways that prompt users to do things to make matters even worse. For instance, requiring strong passwords coupled with monthly password expiration supposedly makes things more secure, but *actually* causes users to write down their current password, making things *less* secure in reality.
Hidden password fields are a great example of that. They cause users to make more password entry errors. This promoted the growth of password recovery systems, which are often based on stupidly insecure "secret questions" which are a far, far worse security issue than shoulder surfing.
Malware can pull passwords out of asterisk hidden entry fields just fine. In Windows, this is actually easier than trying to do a screen-grab, which requires OCR.
So after they go to the trouble of spoofing my IP and cloning my MAC address, what then? They get to see the password attempts echo without asterisks. But that doesn't do them a damn bit of good, because the asterisks are there to keep them from shoulder surfing.
1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside. Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.
I only log into my bank from my den. There are two windows. Neither has line of site from off my property.
2) How many times have you typed in your password while somebody was looking at your screen eg. to show somebody something on a protected website. This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.
The only people who are ever present when I log into my bank are my wife or my son. One has the bank password already. The other is six.
3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg. teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.
I would never log into my bank account in such a situation.
4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux
You can capture any form entry in Windows using userspace code if you know the right tricks. It isn't even particularly difficult. If you have physical access to the machine, it is hacked, and not echoing passwords does nothing.
For certain situations, not echoing passwords creates no added security at all.
There are many situations where "over the shoulder" attacks are simply not possible. For one, it assumes that the person in question is entering the password in a public (or semipublic) place. For people logging in to sites in their own homes, this sort of attack is exceedingly unlikely. Now given that password entry failures generally lead to insecure password recovery methods like "secret questions", the current state of things is not good.
The trouble is that most applications are designed for public computer labs not private homes.
One of the most irritating things is the way many websites, especially financial websites, are designed with no thought to the difference between use in a public setting and use in a private setting. For instance, I only ever use my banking website from one place, my den, which is physically secure, yet I have to suffer through all sorts of crap designed to make sure my account doesn't get compromised in a public setting. (The most annoying being automatic log outs for non-use.)
Masking passwords, logging off the user on non-use after ten minutes, and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security. Websites should allow for this.
It is the same as the reason some men are drunks, some drink in moderation, and some are tee-totalers. It is the same reason that some men are 300 pound lard asses who eat twinkees all day while others eat healthy. It is because people vary according to their ability to forgo pleasure to avoid long-term negative consequences.
Speaking as someone who has always used the appropriate birth-control, including, for a couple significant periods with condoms, those who think that the reduction in pleasure caused by them are in complete and utter denial.
There doesn't need to be "something else going on". It is simple: Condoms reduce pleasure. Some men are less able to forgo pleasure to avoid danger. Engaging in psychobabble about how men are "overestimating the reduction in sensitivity" is a sure way to utterly fail to solve the problem. It's like claiming that the candy and soda don't taste that much better when fighting teen obesity.
I love this quote: He warns that the corporate giants will 'only fear competition from other established giants... when applied to Google and Amazon, two companies that were either nonexistent or minuscule 15 years ago.
The real question: One reason for needing a new liver is alcohol. So the question is not necessarily whether Jobs deserves one more than a cop who gets shot in the liver saving a hostage. The question is whether someone like Jobs, who has contributed to society and lost his liver through no fault of his own, and a homeless (but non-criminal) alcoholic who destroyed his with over-indulgence, should both be treated equally.
My group started implementing code reviews this month. To get in the swing of things, we decided to do a test review of existing foundation code, stuff that had been in the product for many months, had gone through multiple QA cycles, and had been shipped to the customer as part of the first "production" release.
In the first hour-long review, we found a number of significant issues, and one full-blown bug.
They probably thought that by releasing the PSP Go without a UMD drive while not discontinuing the PSP 3000, which does have the UMD drive, they were giving consumers a choice.
Plus, if you are really trying to push the boundaries, it is much easier to do so on a single platform. Developing for multiple platform generally means taking the least common denominator approach, doing only what you can do on all platforms and pushing the boundaries on none of them.
Dunno about my Kindle, but I have an eReader. I've been reading it on the train, daily, about an hour a day. I have not recharged the battery in two weeks. It is about a tenth the weight of my Asus eee 901 and about a quarter the thickness. I can also read the screen in direct sunlight.
People who say "can't you just use a netbook" have very clearly never used an eInk device to read a book.
The whole "see every character typed" amuses me massively. The very first time I ever did anything like IRC or IM was way back in the eighties, when I chatted with friends using Apple ][+ software and 300 baud modems. The software was too primitive to do it line-by-line. I found it interesting because more of a person's personality came through. It seemed more like text coming from real human beings when you could see them back-space, and the characters came through in a non-regular fashion.
Slashdot Mirror
It seems to me that a huge danger of a population study like this is that they can't easily allow for things that *cause* people to be underweight. For instance, many people with cancer will lose weight because of their disease (or because of chemo.) So if you measure their weight, find it "below average" and then they die, it doesn't mean that the lower weight increased the death risk. It means that the thing that killed them first caused weight loss. That's going to make lower weight in general look riskier all the way up from underweight to overweight.
Very likely not. Look closely at the pictures. She's not really "frozen" at age two. Her body is a mismash of toddler and teenage features. She will likely face many problems in the future. If she reaches the age of 30, it is very likely she will face many of the aging problems the rest of us do.
The trouble with this is that too often "erring on the side of security" means decreasing usability in ways that prompt users to do things to make matters even worse. For instance, requiring strong passwords coupled with monthly password expiration supposedly makes things more secure, but *actually* causes users to write down their current password, making things *less* secure in reality.
Hidden password fields are a great example of that. They cause users to make more password entry errors. This promoted the growth of password recovery systems, which are often based on stupidly insecure "secret questions" which are a far, far worse security issue than shoulder surfing.
You mean the average users that have their passwords written on post-it notes stuck to their monitors, making all of these measures moot?
Malware can pull passwords out of asterisk hidden entry fields just fine. In Windows, this is actually easier than trying to do a screen-grab, which requires OCR.
If someone can break into my house, all they have to do is install a keylogger. None of the security measures here would prevent that.
So after they go to the trouble of spoofing my IP and cloning my MAC address, what then? They get to see the password attempts echo without asterisks. But that doesn't do them a damn bit of good, because the asterisks are there to keep them from shoulder surfing.
1) If I look outside my office window, I can see about 48 office windows (without standing up) and all of them have the lights on and it's dusk outside. Give me a dSLR and a decent set of long distance lenses and I'll prove you wrong.
I only log into my bank from my den. There are two windows. Neither has line of site from off my property.
2) How many times have you typed in your password while somebody was looking at your screen eg. to show somebody something on a protected website. This happens a lot to tech people as we have to authenticate to solve an issue while somebody is standing next to me waiting for me to fix it.
The only people who are ever present when I log into my bank are my wife or my son. One has the bank password already. The other is six.
3) How many times have you given a presentation where your screen view (but not your keyboard input) goes worldwide (eg. teleconference) or over a set of wires that you know haven't been tampered with (conference room) - again, logging in to your webmail or so to find a copy of your presentation.
I would never log into my bank account in such a situation.
4) How difficult is it to create a script that takes screenshots - how difficult is it to create a script that captures keyboard entry as well. Answer: the first can be done in userspace (and in the hands of an experienced script kiddie would be unnoticed), the latter usually has to go as a request to a driver, kernel or other layer that requires admin rights. This is true for Windows, Mac and (depending on your GUI) Linux
You can capture any form entry in Windows using userspace code if you know the right tricks. It isn't even particularly difficult. If you have physical access to the machine, it is hacked, and not echoing passwords does nothing.
For certain situations, not echoing passwords creates no added security at all.
Actually, no. It's more like saying that there's no point in locking your car if it is in your garage.
Shoulder surfing implies public setting. In a private setting, password masking does not help security at all and hinders usability.
There are many situations where "over the shoulder" attacks are simply not possible. For one, it assumes that the person in question is entering the password in a public (or semipublic) place. For people logging in to sites in their own homes, this sort of attack is exceedingly unlikely. Now given that password entry failures generally lead to insecure password recovery methods like "secret questions", the current state of things is not good.
The trouble is that most applications are designed for public computer labs not private homes.
One of the most irritating things is the way many websites, especially financial websites, are designed with no thought to the difference between use in a public setting and use in a private setting. For instance, I only ever use my banking website from one place, my den, which is physically secure, yet I have to suffer through all sorts of crap designed to make sure my account doesn't get compromised in a public setting. (The most annoying being automatic log outs for non-use.)
Masking passwords, logging off the user on non-use after ten minutes, and other such security methods do not actually decrease the chance of compromise significantly when the user has physical security. Websites should allow for this.
The main reason is fear that the licensing restrictions will be misunderstood and the company will become liable for a lawsuit for breaking it.
Nah...just sociological denial at its finest.
Yes, I understand what you said. I just have never heard of any one who actually acted like that and thus think you are full of crap.
Er...what? Do you seriously know of any man who can't have sex with a condom but wants to!?
It is the same as the reason some men are drunks, some drink in moderation, and some are tee-totalers. It is the same reason that some men are 300 pound lard asses who eat twinkees all day while others eat healthy. It is because people vary according to their ability to forgo pleasure to avoid long-term negative consequences.
Speaking as someone who has always used the appropriate birth-control, including, for a couple significant periods with condoms, those who think that the reduction in pleasure caused by them are in complete and utter denial.
There doesn't need to be "something else going on". It is simple: Condoms reduce pleasure. Some men are less able to forgo pleasure to avoid danger. Engaging in psychobabble about how men are "overestimating the reduction in sensitivity" is a sure way to utterly fail to solve the problem. It's like claiming that the candy and soda don't taste that much better when fighting teen obesity.
I love this quote: He warns that the corporate giants will 'only fear competition from other established giants ... when applied to Google and Amazon, two companies that were either nonexistent or minuscule 15 years ago.
The real question: One reason for needing a new liver is alcohol. So the question is not necessarily whether Jobs deserves one more than a cop who gets shot in the liver saving a hostage. The question is whether someone like Jobs, who has contributed to society and lost his liver through no fault of his own, and a homeless (but non-criminal) alcoholic who destroyed his with over-indulgence, should both be treated equally.
I gather you don't own a laptop. (Since laptops choose size, weight and power consumption over storage.)
Add "weight" to that list.
My group started implementing code reviews this month. To get in the swing of things, we decided to do a test review of existing foundation code, stuff that had been in the product for many months, had gone through multiple QA cycles, and had been shipped to the customer as part of the first "production" release.
In the first hour-long review, we found a number of significant issues, and one full-blown bug.
They probably thought that by releasing the PSP Go without a UMD drive while not discontinuing the PSP 3000, which does have the UMD drive, they were giving consumers a choice.
Plus, if you are really trying to push the boundaries, it is much easier to do so on a single platform. Developing for multiple platform generally means taking the least common denominator approach, doing only what you can do on all platforms and pushing the boundaries on none of them.
Dunno about my Kindle, but I have an eReader. I've been reading it on the train, daily, about an hour a day. I have not recharged the battery in two weeks. It is about a tenth the weight of my Asus eee 901 and about a quarter the thickness. I can also read the screen in direct sunlight.
People who say "can't you just use a netbook" have very clearly never used an eInk device to read a book.
The whole "see every character typed" amuses me massively. The very first time I ever did anything like IRC or IM was way back in the eighties, when I chatted with friends using Apple ][+ software and 300 baud modems. The software was too primitive to do it line-by-line. I found it interesting because more of a person's personality came through. It seemed more like text coming from real human beings when you could see them back-space, and the characters came through in a non-regular fashion.