"Problem I always have with biometric identification is that it lacks something that passwords have: I can change my password, but I can't change my fingerprints"
Good point.
Howabout the other one: you can't use different passwords."*
If someone scans your iris at a bar so you can prove you're not a terrorist, and allowed to drink there, then the bar has enough info to get into your workplace. A policeman who scans your hand to check your identity by the side of the road has enough information to board a plane in your name. (not so bad if you're a passenger, worse if you're the pilot)
Combine that with the "biometrics can't fail" attitude that everyone is promiting, and the "computers can't fail" attitude that everyone's always had, and you get chaos.
( * anyone who says "use fingerprints for one, iris-scan for another, and speech-recognition for a third, remember that we'd be lucky if even one of those technolgies worked reliably.)
Or just type upper-set and unicode characters into a password form, and bathe in the warm glow of false-security, as you don't realise the application silently deleted everything not \w and converted everything to lowercase.
"The real problem is the forced password changes every 90 days (for me), and the half-dozen (at least) passwords I have to change every time."
Yep, password-expiration policies make for some really crap passwords. Think of a good password. It's easy to remember because you've used it everyday for years. And you get used to typing it, so it doesn't matter if it's a really long password, or if it has odd characters.
Add a policy of "you've had that password almost a week now, you need to change it to satisfy these 25 rules", and the passwords go to pot. Think of a password (not easy), and by the time you've started to remember it without calling the helpdesk or writing it down, you have to change it again to another one you don't remember.
Forcing people to use numbers and symbols on a web-page password is even worse. It's a web page, you're probably not going to visit more than once a year, yet they demand a unique and difficult password. Nevermind writing it down in an encrypted text file, I change computers more often than I visit some web-sites (amazon) where I have passwords. I probably have about 5 different accounts at most places, simply because they insisted on abnormal passwords.
"However, I often heard by experts that power from wind cannot be more than 20% or else the fluctuations become problematic."
So either: (a) Install energy storage (warehouses full of fuel cells), the method being developed at the moment (b) Install energy storage (pumped hydroelectric) is being used already at loads of places, and does wonders for the reliability of your grid. (c) Do whatever the danish do... they have something like 90%+ wind-power and seem to manage
"One of the cartoons implied that the military and police frequency get unused most of the time and the public should get access to those frequencies. It's shortsighted and stupid. The 1% of the time where the police or military need the frequency is important enough to demand they have full access to it"
Yet we don't build special roads for the police to travel on, they just use the existing ones and people move over for them. Why would it be any different for radio? (The roads are surely more important for emergency vehicles than radio-channels are?)
"www.crack-locater.com tries to get you to install a couple of.xpi extensions into Mozilla... I naturally clicked "Cancel", so I couldn't tell you what they did..."
The page includes a 1x1pixel iframe, with CSS visiblility set to hidden, referencing:
http://stat4.z-stat.com/cl.html
That will give you a javascript prompt "sorry your browser is not Win32 compatible", then it will try to launch an XPI installer, and then it will try to send a windows executable file "application/exe, do you want to run or save"
Specifically, it uses the line <iframe src=/download_plugin.exe></iframe>
if navigator.platform != 'Win32' then it will display the non-windows "error message"
If your browser is running on Win32, it will use an OBJECT tag to send you a.cab (cabinet, an installer archive?) file, plus it will attempt to open a popup window at install.xxxtoolbar.com, and will attempt to place it at a location well off-screen. When I tried downloading that file without the correct referer field, it returned a blank page with javascript to try and close the window.
if InstallTrigger.updateEnabled() is true, it will attempt to send you an XPI file, otherwise it will check to see if you're running netscape 4 and set document.location to a file called netscape_install.exe
The installer file itself is located at: http://www.xxxtoolbar.com/ist/softwares/v3.0/ ist_n etscape.xpi
Actually, it turns out that the XPI file contains a Windows executable called istinstall_netscape.exe, along with an install.js javascript file which installs and runs the executable. Presumably the Windows nature of this program is the reason the webpage displays its own error message when it detects a non-Windows system.
Obviously, I have no interest in finding out what plugin.exe does if you chose to decomplile it, and I'm not sure I've got any programs which will look in the.cab file. I assume they attempt to run the same Windows exectuable in different ways, from within different packages.
So while there're XPI files to be had, it looks like there's fun for all the browser families at sites like that, and I hope internet explorer is as good as dealing with it as mozilla was.
"Take the getting a free gun at the bank scene. In fact, the bank would give you a voucher that could be used at a gun store, once all the regular checks were done. The scene was completely staged"
Staged in what way? Michael Moore writes on his site that the bank was indeed a licensed arms dealer, and had all the necessaries on-site to do background-checks and issue firearms.
Moore also claims that the only prior arrangement with the bank was phoning to ask permission to film. Do you have anything to suggest it wasn't so? From what I understand, you're saying that the bank was somehow used as a film-set, where they convinced the people in the bank to do something highly irregular (if they normally give a voucher, why would they hand over a weapon on-site) just because Moore asks them to?
Now, most of the documentation about that film is fairly clear and easy to read, and I didn't notice anything suspicious about it. So it will take more than a claim of "but it was staged" if your ideas are to carry more weight than the film-maker involved. Perhaps some evidence would be a good start?
"
When you see me going in to the bank and walking out with my new gun in "Bowling for Columbine" - that is exactly as it happened. Nothing was done out of the ordinary other than to phone ahead and ask permission to let me bring a camera in to film me opening up my account. I walked into that bank in northern Michigan for the first time ever on that day in June 2001, and, with cameras rolling, gave the bank teller $1,000 - and opened up a 20-year CD account. After you see me filling out the required federal forms ("How do you spell Caucasian?") - which I am filling out here for the first time - the bank manager faxed it to the bank's main office for them to do the background check. The bank is a licensed federal arms dealer and thus can have guns on the premises and do the instant background checks (the ATF's Federal Firearms database--which includes all federally approved gun dealers--lists North Country Bank with Federal Firearms License #4-38-153-01-5C-39922).
Within 10 minutes, the "OK" came through from the firearms background check agency and, 5 minutes later, just as you see it in the film, they handed me a Weatherby Mark V Magnum rifle" - Reference.
"Privacy is a big issue here. What's to stop me from hooking a $30 voice activated phone recorder to the line and record all of your conversations?"
F.F.S.! People still use email for conversations. You know, where you send plaintext to your ISP, through the mailservers of a load of people you don't know, to the mailserver of someone you don't trust.
And we're worried about privacy of phones? (hint: text-searching is easier on peoples' emails)
No, encryption isn't used. I've never once received a PGP-signed or encrypted email from someone that I didn't specifically set-up their email programs myself.
If you want to chat securely on the internet, download PGPFone. It's obsolete, unsupported, and non-free, so we need a good replacement. If anyone knows a good replacement, just email it to yourself, I'll be listening.
Information minister Blunkett has said that there'll be a GBP 2500 penalty on anyone refusing to register for the ID card. That sounds like it would stop a lot of people from engaging in commerce. (Specifically, those who won't have any money left)
Do you have 2,500 pounds ($4470) to spare, or would you choose to be marked?
"I for one would like to know just how much benefit the extra $45,845.02 gets you after being able to get something similar with this ($39.99) and this ($114.99) and maybe some duct tape or super glue."
You're assumuming its primary mission is to drive around houses taking photos.
Perhaps it's primary mission is transferring lots of $40K checks from the taxpayer to someone's company?
"Anybody that actually says either of those words [kibibyte and gibibyte] in my presence is getting bitchslapped, no doubt, and probably sent packing during the next set of layoffs."
Many thanks. Could you include the people who divide by 1000000 in their programs to get MB, amongst those to be laid-off.
"Who the fuck do you think created the atmosphere of fear? It was the people who crashed the planes, you fucking moron! Should the media have glossed over the single most important event in American history in years?"
Reporting it is one thing. Talking about it every minute of the last 3 years in a breathless "PANIC!!! TERROR!!!" tone is something else entirely.
"I would make the case to you that the atmosphere of fear was created on September 11th"
Ok, but by who, and why?
We know there was a government waiting for an opportunity to wage war, waiting for a spark which they could use to justify it.
We know that most people received news of this event through the TV stations. We know that the TV coverage was extremely biased, and often inaccurate. (this for news after the event, not on the day)
Also, much of the information available to people after that came from the US government. Most of what people hear or remember came from their president. Indeed, many of the people interviewed on TV were either soldiers or government, and often this wasn't pointed-out by the shows doing the interviewing. See fair.org for some more analysis of that.
So while the event itself might have been distressing, the "climate of fear" is more likely to have been caused by the constant television coverage in the last 3 years detailing exactly what people should be terrified of, and how afraid they should feel.
What other actual events (as opposed to news stories) have induced a climate of terror? Stories have either been (a) about the government "you must be terrified because we're going to make a law to keep you safe", or (b) referring to Sept11th itself "post-9/11...". Neither of these refers to an actual event, they cause a climate of fear which would not otherwise exist, and arguably doesn't need to exist.
And what's happened since then? Routine arrests of troublemakers have been shown as "potential terrorist attacks", anything loosely related to terrorism has been reported at length, and of course, there's news of the two wars. And we don't confuse casualties in war with acts of terrorism. The most real fear we've seen was caused by one guy shooting people in washington, and nothing to do with 9/11. How come gun-owners aren't creating a "climate of fear"? Maybe because the television isn't telling the population to panic about that.
In the UK recently, a bag of flour was thrown at the prime minster at work. It was reported in the newspapers as a "bomb hoax that could have killed everyone in the building". With reporting like that, who needs terrorists?
"I'd be suprised if they're looking for anything more specific than a list of IPs to compare to traffic logs on the VoteHere site. "Correlation between traffic at site a and site b" would be plenty with the right judge."
Yep, nothing like the AOL proxy's IP-address appearing on both lists, to convince a judge who neither knows what an IP address is, nor what AOL is, nor what a proxy is.
(And yes, that's about the level of experience for expert witnesses as well)
"The dog problem is easy to fix. Create HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\CabinetState\Use Search Asst as a new String Value and use the value "no"."
That's easy to fix? I guess I should stop complaining about having to edit text files to change things in linux...
Slashdot Mirror
"It just doesn't matter. It still going to be written on a yellow sticky and stuck on the screen."
So set somebody's password to "don't forget to pick up the kids from school", and don't let them change it.
The next person to get an account gets a password of "phone message from john"
Why bother? Just open a website.
"Problem I always have with biometric identification is that it lacks something that passwords have: I can change my password, but I can't change my fingerprints"
Good point.
Howabout the other one: you can't use different passwords."*
If someone scans your iris at a bar so you can prove you're not a terrorist, and allowed to drink there, then the bar has enough info to get into your workplace. A policeman who scans your hand to check your identity by the side of the road has enough information to board a plane in your name. (not so bad if you're a passenger, worse if you're the pilot)
Combine that with the "biometrics can't fail" attitude that everyone is promiting, and the "computers can't fail" attitude that everyone's always had, and you get chaos.
( * anyone who says "use fingerprints for one, iris-scan for another, and speech-recognition for a third, remember that we'd be lucky if even one of those technolgies worked reliably.)
"Allow non-standard ascii into the password."
Or just type upper-set and unicode characters into a password form, and bathe in the warm glow of false-security, as you don't realise the application silently deleted everything not \w and converted everything to lowercase.
"The real problem is the forced password changes every 90 days (for me), and the half-dozen (at least) passwords I have to change every time."
Yep, password-expiration policies make for some really crap passwords. Think of a good password. It's easy to remember because you've used it everyday for years. And you get used to typing it, so it doesn't matter if it's a really long password, or if it has odd characters.
Add a policy of "you've had that password almost a week now, you need to change it to satisfy these 25 rules", and the passwords go to pot. Think of a password (not easy), and by the time you've started to remember it without calling the helpdesk or writing it down, you have to change it again to another one you don't remember.
Forcing people to use numbers and symbols on a web-page password is even worse. It's a web page, you're probably not going to visit more than once a year, yet they demand a unique and difficult password. Nevermind writing it down in an encrypted text file, I change computers more often than I visit some web-sites (amazon) where I have passwords. I probably have about 5 different accounts at most places, simply because they insisted on abnormal passwords.
"However, I often heard by experts that power from wind cannot be more than 20% or else the fluctuations become problematic."
So either:
(a) Install energy storage (warehouses full of fuel cells), the method being developed at the moment
(b) Install energy storage (pumped hydroelectric) is being used already at loads of places, and does wonders for the reliability of your grid.
(c) Do whatever the danish do... they have something like 90%+ wind-power and seem to manage
Do a search on "Dinorwig" for more info on pumped hydro, or the danish site for wind power.
"One of the cartoons implied that the military and police frequency get unused most of the time and the public should get access to those frequencies. It's shortsighted and stupid. The 1% of the time where the police or military need the frequency is important enough to demand they have full access to it"
Yet we don't build special roads for the police to travel on, they just use the existing ones and people move over for them. Why would it be any different for radio? (The roads are surely more important for emergency vehicles than radio-channels are?)
"www.crack-locater.com tries to get you to install a couple of .xpi extensions into Mozilla... I naturally clicked "Cancel", so I couldn't tell you what they did..."
/ prompt.p hp?event_type=onload&retry=3&account_id=133735&rec urrence=always&adid=a1057165573
.cab (cabinet, an installer archive?) file, plus it will attempt to open a popup window at install.xxxtoolbar.com, and will attempt to place it at a location well off-screen. When I tried downloading that file without the correct referer field, it returned a blank page with javascript to try and close the window.
/ ist_n etscape.xpi
.cab file. I assume they attempt to run the same Windows exectuable in different ways, from within different packages.
The page includes a 1x1pixel iframe, with CSS visiblility set to hidden, referencing:
http://stat4.z-stat.com/cl.html
That will give you a javascript prompt "sorry your browser is not Win32 compatible", then it will try to launch an XPI installer, and then it will try to send a windows executable file "application/exe, do you want to run or save"
Specifically, it uses the line
<iframe src=/download_plugin.exe></iframe>
And:
http://install.xxxtoolbar.com/ist/scripts
if navigator.platform != 'Win32' then it will display the non-windows "error message"
If your browser is running on Win32, it will use an OBJECT tag to send you a
if InstallTrigger.updateEnabled() is true, it will attempt to send you an XPI file, otherwise it will check to see if you're running netscape 4 and set document.location to a file called netscape_install.exe
The installer file itself is located at:
http://www.xxxtoolbar.com/ist/softwares/v3.0
Actually, it turns out that the XPI file contains a Windows executable called istinstall_netscape.exe, along with an install.js javascript file which installs and runs the executable. Presumably the Windows nature of this program is the reason the webpage displays its own error message when it detects a non-Windows system.
Obviously, I have no interest in finding out what plugin.exe does if you chose to decomplile it, and I'm not sure I've got any programs which will look in the
So while there're XPI files to be had, it looks like there's fun for all the browser families at sites like that, and I hope internet explorer is as good as dealing with it as mozilla was.
Staged in what way? Michael Moore writes on his site that the bank was indeed a licensed arms dealer, and had all the necessaries on-site to do background-checks and issue firearms.
Moore also claims that the only prior arrangement with the bank was phoning to ask permission to film. Do you have anything to suggest it wasn't so? From what I understand, you're saying that the bank was somehow used as a film-set, where they convinced the people in the bank to do something highly irregular (if they normally give a voucher, why would they hand over a weapon on-site) just because Moore asks them to?
Now, most of the documentation about that film is fairly clear and easy to read, and I didn't notice anything suspicious about it. So it will take more than a claim of "but it was staged" if your ideas are to carry more weight than the film-maker involved. Perhaps some evidence would be a good start?
"the prototype suit weighs only 21 kilograms -- on Earth"
Indeed, anywhere.
"Privacy is a big issue here. What's to stop me from hooking a $30 voice activated phone recorder to the line and record all of your conversations?"
F.F.S.! People still use email for conversations. You know, where you send plaintext to your ISP, through the mailservers of a load of people you don't know, to the mailserver of someone you don't trust.
And we're worried about privacy of phones? (hint: text-searching is easier on peoples' emails)
No, encryption isn't used. I've never once received a PGP-signed or encrypted email from someone that I didn't specifically set-up their email programs myself.
If you want to chat securely on the internet, download PGPFone. It's obsolete, unsupported, and non-free, so we need a good replacement. If anyone knows a good replacement, just email it to yourself, I'll be listening.
"he complains about how he couldn't intall it on his hot-rodded PC"
or his normal PC
or his bare-bones PC
or his laptop...
Information minister Blunkett has said that there'll be a GBP 2500 penalty on anyone refusing to register for the ID card. That sounds like it would stop a lot of people from engaging in commerce. (Specifically, those who won't have any money left)
Do you have 2,500 pounds ($4470) to spare, or would you choose to be marked?
"I for one would like to know just how much benefit the extra $45,845.02 gets you after being able to get something similar with this ($39.99) and this ($114.99) and maybe some duct tape or super glue."
You're assumuming its primary mission is to drive around houses taking photos.
Perhaps it's primary mission is transferring lots of $40K checks from the taxpayer to someone's company?
This one?
What use is memory, Mr Anderson, if it doesn't leak?
"i don't understand...was i supposed to email her a new mouse??"
But if she can't receive her emails because her mouse doesn't work, how will she receive the mouse you emailed?
DCC the new mouse.
"Anybody that actually says either of those words [kibibyte and gibibyte] in my presence is getting bitchslapped, no doubt, and probably sent packing during the next set of layoffs."
Many thanks. Could you include the people who divide by 1000000 in their programs to get MB, amongst those to be laid-off.
"Who the fuck do you think created the atmosphere of fear? It was the people who crashed the planes, you fucking moron! Should the media have glossed over the single most important event in American history in years?"
Reporting it is one thing. Talking about it every minute of the last 3 years in a breathless "PANIC!!! TERROR!!!" tone is something else entirely.
"The FBI only gets involved when they have solid evidence that there is a loss of over $50,000"
Yet they didn't raid those responsible for SQL server, which caused a $900 million loss?
"I would make the case to you that the atmosphere of fear was created on September 11th"
Ok, but by who, and why?
We know there was a government waiting for an opportunity to wage war, waiting for a spark which they could use to justify it.
We know that most people received news of this event through the TV stations. We know that the TV coverage was extremely biased, and often inaccurate. (this for news after the event, not on the day)
Also, much of the information available to people after that came from the US government. Most of what people hear or remember came from their president. Indeed, many of the people interviewed on TV were either soldiers or government, and often this wasn't pointed-out by the shows doing the interviewing. See fair.org for some more analysis of that.
So while the event itself might have been distressing, the "climate of fear" is more likely to have been caused by the constant television coverage in the last 3 years detailing exactly what people should be terrified of, and how afraid they should feel.
What other actual events (as opposed to news stories) have induced a climate of terror? Stories have either been (a) about the government "you must be terrified because we're going to make a law to keep you safe", or (b) referring to Sept11th itself "post-9/11...". Neither of these refers to an actual event, they cause a climate of fear which would not otherwise exist, and arguably doesn't need to exist.
And what's happened since then? Routine arrests of troublemakers have been shown as "potential terrorist attacks", anything loosely related to terrorism has been reported at length, and of course, there's news of the two wars. And we don't confuse casualties in war with acts of terrorism. The most real fear we've seen was caused by one guy shooting people in washington, and nothing to do with 9/11. How come gun-owners aren't creating a "climate of fear"? Maybe because the television isn't telling the population to panic about that.
In the UK recently, a bag of flour was thrown at the prime minster at work. It was reported in the newspapers as a "bomb hoax that could have killed everyone in the building". With reporting like that, who needs terrorists?
"If you have this problem, it can be recovered: boot your windows 2k/xp/2003 cd | go into the recovery console | run "fixmbr""
In soviet russia, you use Windows boot disks to repair a linux computer.
"I'd be suprised if they're looking for anything more specific than a list of IPs to compare to traffic logs on the VoteHere site. "Correlation between traffic at site a and site b" would be plenty with the right judge."
Yep, nothing like the AOL proxy's IP-address appearing on both lists, to convince a judge who neither knows what an IP address is, nor what AOL is, nor what a proxy is.
(And yes, that's about the level of experience for expert witnesses as well)
"The dog problem is easy to fix.e ntVersion\Explorer\CabinetState\Use Search Asst as a new String Value and use the value "no"."
Create HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr
That's easy to fix? I guess I should stop complaining about having to edit text files to change things in linux...
Can you do google image search?