Or you could do like I did - served up a custom 404 that I copied from a windows error page on the net... it's fun to look in the logs (so much so that I also made a fake directory listing page to serve up to make them feel like they struck paydirt once in a while).
what i'm trying to get you to understand (among other people who have apparently also been wasting their breaths) is that "security by obscurity" has an accepted meaning, and that not all security measures fit that meaning
I'm well aware of it - and I think it belongs in the trashbin, along with "best practices" (which is an excuse not to fix things because they're "good enough" - which is why Gates used it so often when people complained about the suckiness of Windows - "we use industry best practices."). Falling back on the "accepted meaning" rather than taking the opportunity to explore preconceptions is an "argument from authority" - same as religious people do with the bible. Nothing wrong with that, but it doesn't mean I have to go along with it, hmmm:-)
Concealing your password (as opposed to sticking it on a post-it or in your signature) is very much "security through obscurity."
That you can't understand that all security ultimately is based on something concealed is sad - it means you'll believe that things like biometrics are secure, when they're not (and they're also very much based on hiding something, both at the design and implementation levels, as well as the user level. If I have the information needed to duplicate your fingerprint, or the information on the data stream between the fingerprint reader and the rest of the system as well as the information on how to insert data into that stream, and the datastream that would result from your fingerprint, your data is mine).
There is no such thing as something that is 100% secure, but every bit of hiding (obscuring) information helps.
1. Small businesses that don't already have a website probably haven't got a clue as to what they want. You'll burn up lots of time being unproductive.
2. Pretty much everyone knows someone who can "make web pages" - whether it's their kid or a relative or a friend of a friend. You won't learn enough in 3 months to even begin to differentiate yourself from them.
3. The original poster isn't going to be able to go from zero to competitive - ever. This is a moving target, already super-saturated, and people are literally "giving it away for free to build up their 'portfolio' " after blowing $$$$ on a year or two at a useless technical college diploma mill;
4. Before expecting to make money on craigslist, why not check out the competition on craigslist - they're all super-cheap. And check out the businesses looking for someone - they're also all super-cheap. There's a reason they're both on craigslist - they're both super-cheap.
The world is full of people who thought that they could buy a computer and make money at home. It didn't work 20 years ago for all those "I'll do resumes for other people", and it's not working for people who don't have the skill and think that they can be competitive in 2 to 3 months. (Hint - you won't be, not in 2 to 3 years).
Honestly - would you pay someone with no experience when you can get people to work for free for 3 months at a time because all those "diploma mills" are looking for "job experience placements"?
You'll make more money ghost-writing student term papers (desperate students will pay real money to keep from having to repeat a course). Of course, it depends on your ability to research a vast number of subjects and churn out 2,000 to 50,000 words in a week.
Rule #3: All security is ultimately "security through obscurity."
I was contemplating giving a reasoned argument as to why this is wrong, but really can't be bothered when you're so clearly a moron who parrots out whatever internet meme happens to have lodged in your pinheaded mind this week. If you think all security is basically useless, do the world a favor and run everything as root while having no password set on your systems at all. There are plenty of kind folks out there who will help you learn just how amazingly wrong you are.
Silly me, thinking people can actually read... where did I ever say that passwords aren't needed? Also, I'm not parroting an internet meme - I'm challenging it, because it's led to a fake sense of security. If you think that passwords are sufficient to secure everything, then you must believe that 2-factor identification is a dumb idea or overkill.
Security by obscurity is useful only as preliminary defense line to stall an attacker until he gathers enough information about your systems to begin targeted attack.
... once I know enough about your system, you have a problem. If I know, for example, the hashing algorithm, I can begin a slow attack using rainbow tables targeting that hash size/characteristics, going from the most likely to the least likely characters. I don't even need to come up with YOUR password - just something that hashes to the same value.
If, on the other hand, you don't know what hash algorithm I'm using, or even what the characteristics of the passphrase are. For example, it may have to be exactly 12 characters, no more, no less, and x number of failures instead directs you to a honeypot, so you don't even know you didn't break in - keeping the knowledge that you failed to break in from you is great "security through obscurity" because it's proactive, and lets the target gather information to attack the attacker.
It's a lot better security than letting you know you failed to guess the passphrase, but it depends on obscurity - you cannot know that such a system is in place or it won't work.
Yes the keys or passwords are "obscure" but they _have_ to be, and that's not what people mean when they use that word.
The industry attempt to re-define "obscurity" is stupid, because it hides a few simple facts For one thing, how many people have secret passwords that are actually secret, in that they are obscure, rather than something personal, like the name of their pet, their birthday, or their kid?
Passwords are a classic example of the failure of "security through obscurity" - look under your co-workers keyboards for the post-its as just one example. Another is broken hashing algorithms, or attacks using rainbow tables, where, as long as you know the hashing algorithm, you can mount a much more effective attack.
ALL security needs something to be obscured - hidden - to be successful. The more you hide, the better.
If you still don't "get it", think of DDoS attacks - the only thing an attacker needs to know is what service you're trying to access. They don't need your password, your user name, just the "doorway" - and their DDoS is like sticking crazy glue in the lock to that door. If you can't use it when you want to, how is that "secure"?
It's one reason to change the default url for admin logins in CMS systems (while leaving a bogus one that looks like the original. In larger systems, you'd also use a separate, unknown, IP).
By your own definition the design in every case is flawed because it requires something be kept secret / obscure. So my statement stands.
Too many people believe that you can make something 100% secure, when that's been proven to be impossible in every case. If you can either break it, or prevent the people who are depend on it from using it, it's broken.
Doesn't matter how secure even your quantum-entangled communications channel is to 3rd-party decryption if, by interfering through the act of observing, no information is transmitted to anyone.
The fact is that keys only work when the pin lengths are not known. You can also open a lock without the key (or any key) - just search for MIT Guide to Lock Picking.
It's not "nonsense" for physical security, for hashed passwords, one-time pads, or for biometric security (and biometric is the biggest joke of all). Given enough knowledge and physical access, ALL security can be defeated, either by gaining access or denying the recipient access, or both.
In fact, say I wanted to break into your house, I may have seen you use a physical key to open the front door and walk in and I may have even memorized the pattern of teeth on the key, but it does me no good if I don't have a key of my own to open the door with. There is certainly no obscurity in that security.
Once you have the pattern, you no longer need a key of your own - you just go and get one manufactured. Or you take a blank and you file it down. How do you think a locksmith can make a key to a lock they don't have the original key to? You just bring the door handle/lockset to them, and they can do it from the pins.
Or if they want to change the key (for example, after someone's been fired or quit) they don't need an all-new barrel - they just move a few pins around and cut a new set of keys to the new pattern.
Of course. The best local exploit is a screwdriver and a spare moment or two.
Some quick contrarian rules:
Rule #1: There is no such thing as 100% secure. Even 100% bug-free cannot be considered 100% secure. It may work according to the design, and the design can be 100% correct today, but today is not tomorrow.
Rule #2: The more complicated layers of security you add, the more security holes you add. For those into car analogies, security always ends up being bolted on, like bondo dent filler, because you can't anticipate every future accident scenario. Anyone who claims otherwise is either a charlatan, a snake-oil salesman, a liar, or just plain deluded. Those who claim "you can't add security later" are liars. Those who use unix as an example don't know history - unix originally had zero security.
Rule #3: All security is ultimately "security through obscurity." If you believe open is more secure, please post your account info, including cc numbers, banking info, user names and passwords, to help make them "more secure". I'd say just email them to me, but "more eyes" and all that:-)
I see no reason for special rules, (and a lot of danger in allowing special rules) for electronic devices or social media.
The prohibition of talking about the trial should be enough. If you can't convince a jury to adhere to that rule you have no hope of making any device or social rules stick either. More rules are not the answer.
The problem is that people don't take things they heard in one context and apply it in other contexts where they've developed habits.
Picking your nose is a major turn-off. And yet, look how many men you see picking their noses in the "privacy" of their cars (and not-so-private places). They know it's embarrassing to be caught picking their noses, and yet not only do they do it while driving, but you can catch the "magic finger" slowly making its way down from the nose, until, quick as a lizard catching a bug, ZAP! out flicks the tongue.
Seriously - some of you guys look like you're doing an Arnold Schwarzenegger imitation of that scene in Total Recall where he has to pull an almost golf-ball-sized tracking device out of his head through his nose.
Same goes with changing the roll of toilet paper. Or not drinking out of the bag of milk. Or changing the bag of milk when it's empty.
It's the same with people and facebook or twitter. They can be so in the habit of doing it that they just don't make the connection to how it's inappropriate during a trial, even when told.
If you still believe "force of habit" is just an expression, look at how many smokers have on occasion lit up a second smoke while they still have one going... under a no-smoking sign.... in a hospital... when they're there for a smolking-related illness!
Jurors not only need to be told - they need to, as a precaution, be pro-active by disabling their own accounts. It's better than having to bring clean underwear because the judge has you hauled in outside the presence of the other jurors for a "talking to".
Why would anyone want to partner with Canonical, who abandoned their attempt to make an "Android Execution Environment" a couple of years ago because they couldn't make it work, when they can get the real deal?
Once you receive the initial notice, demand that they state the legal theory behind your alleged infringement. They're going to have to at some point anyway.
They probably won't back down right away, but shining light into the dirty cracks is a good thing. It makes the cockroaches^Wcopyright trolls scoot around all over the place, so they're more likely to make a mistake and you can stomp on them.
It takes years for a case to make its way through the courts - let them try to get an injunction first if they're serious. The most likely event is they'll ignore you instead of continuing, once they realize that you know the law is on your side.
And if they continue, you introduce them to Ms. Barbara Streisand Effect. Worked out okay in the end for the whole Righthaven mess:-)
1. Send copy of the law to the company, along with a demand for the particulars of the legal theory of how, in light of the law, you are infringing;
2. Let them sue;
3. Find others they've threatened
3. Since they knew the lawsuit was invalid, go for special damages in a class action.
Copyright does not protect the idea for a game, its name or title, or the method or methods for playing it. Nor does copyright protect any idea, system, method, device, or trademark material involved in developing, merchandising, or playing a game. Once a game has been made public, nothing in the copyright law prevents others from developing another game based on similar principles. Copyright protects only the particular manner of an author's expression in literary, artistic, or musical form.
Material prepared in connection with a game may be subject to copyright if it contains a sufficient amount of literary or pictorial expression. For example, the text matter describing the rules of the game or the pictorial matter appearing on the gameboard or container may be registrable.
If your game includes any written element, such as instructions or directions, the Copyright Office recommends that you apply to register it as a literary work. Doing so will allow you to register all copyrightable parts of the game, including any pictorial elements. When the copyrightable elements of the game consist predominantly of pictorial matter, you should apply to register it as a work of the visual arts.
The deposit requirements will vary, depending on whether the work has been published at the time of registration. If the game is published, the proper deposit is one complete copy of the work. If, however, the game is published in a box larger than 12" x 24" x 6" (or a total of 1,728 cubic inches) then identifying material must be submitted in lieu of the entire game. (See âoeidentifying materialâ below.) If the game is published and contains fewer than three threedimensional elements, then identifying material for those parts must be submitted in lieu of those parts. If the game is unpublished, either one copy of the game or identifying material should be deposited.
Identifying material deposited to represent the game or its three-dimensional parts usually consists of photographs, photostats, slides, drawings, or other two-dimensional representations of the work. The identifying material should include as many pieces as necessary to show the entire copyrightable content of the work, including the copyright notice if it appears on the work. All pieces of identifying material other than transparencies must be no less than 3" x 3" in size, and not more than 9" x 12", but preferably 8" x 10". At least one piece of identifying material must, on its front, back, or mount, indicate the title of the work and an exact measurement of one or more dimensions of the work.
Most people don't know the law, so they fold when they get the C&D.
So you're free to make your own version of Risk or Tetris - but when you write up the rules, you have to use your own words to describe them - you can't just cut-n-pasta the original rules. The rules aren't protected - only their physical expression is (font, layout, artwork).
People are surprised that there's no copyright to a game name or movie title - but that's why you can see 3-4 movies with the same name and different decades at IMDB, and there's no copyright infringement.
(b) In no case does copyright protection for an original work of authorship extend to any idea, procedure, process, system, method of operation, concept, principle, or discovery, regardless of the form in which it is described, explained, illustrated, or embodied in such work.
This is why you can't copyright the rules of a game - just the artwork, etc.
2. People can repost your post without your permission under certain circumstances without breaking your copyright.
And public events, like concerts - are you seriously suggesting that the person organizing that should have to put everyone in a circle just to keep them updated?
Why not? Once G+ is into beta, there will be an API that you'll be able to pretty much automate it.
And a hangout sounds ideal for a big event - let people drop in and out of the hangout at will, and yack with each other.
So join it. If you need an invite, email barbara dot hudson at gmail dot com. You probably won't be surprised at how many slashdotters are already there.
One of the negatives of facebook is the abundance of spammy "business" accounts, and the fake user accounts that business creates to try to generate buzz.
As for events, just start a new circle for that event. Or even a hangout.
Google+ doesn't have much of a community as of yet, just a bunch of accounts without a lot of activity.
I would have agreed with you a few days ago... but then again, I only got my G+ account 6 days ago. Today? Already more active than Failbook... people who wouldn't touch facebook except "well, my family is on it" (pretty much the only reason I ever look there) are flocking to G+. It's only a matter of time before the rest follow, and Facebook knows that.
Slashdot Mirror
Or you could do like I did - served up a custom 404 that I copied from a windows error page on the net ... it's fun to look in the logs (so much so that I also made a fake directory listing page to serve up to make them feel like they struck paydirt once in a while).
I'm well aware of it - and I think it belongs in the trashbin, along with "best practices" (which is an excuse not to fix things because they're "good enough" - which is why Gates used it so often when people complained about the suckiness of Windows - "we use industry best practices."). Falling back on the "accepted meaning" rather than taking the opportunity to explore preconceptions is an "argument from authority" - same as religious people do with the bible. Nothing wrong with that, but it doesn't mean I have to go along with it, hmmm :-)
12: to conceal
Concealing your password (as opposed to sticking it on a post-it or in your signature) is very much "security through obscurity."
That you can't understand that all security ultimately is based on something concealed is sad - it means you'll believe that things like biometrics are secure, when they're not (and they're also very much based on hiding something, both at the design and implementation levels, as well as the user level. If I have the information needed to duplicate your fingerprint, or the information on the data stream between the fingerprint reader and the rest of the system as well as the information on how to insert data into that stream, and the datastream that would result from your fingerprint, your data is mine).
There is no such thing as something that is 100% secure, but every bit of hiding (obscuring) information helps.
1. Small businesses that don't already have a website probably haven't got a clue as to what they want. You'll burn up lots of time being unproductive.
2. Pretty much everyone knows someone who can "make web pages" - whether it's their kid or a relative or a friend of a friend. You won't learn enough in 3 months to even begin to differentiate yourself from them.
3. The original poster isn't going to be able to go from zero to competitive - ever. This is a moving target, already super-saturated, and people are literally "giving it away for free to build up their 'portfolio' " after blowing $$$$ on a year or two at a useless technical college diploma mill;
4. Before expecting to make money on craigslist, why not check out the competition on craigslist - they're all super-cheap. And check out the businesses looking for someone - they're also all super-cheap. There's a reason they're both on craigslist - they're both super-cheap.
The world is full of people who thought that they could buy a computer and make money at home. It didn't work 20 years ago for all those "I'll do resumes for other people", and it's not working for people who don't have the skill and think that they can be competitive in 2 to 3 months. (Hint - you won't be, not in 2 to 3 years).
Honestly - would you pay someone with no experience when you can get people to work for free for 3 months at a time because all those "diploma mills" are looking for "job experience placements"?
You'll make more money ghost-writing student term papers (desperate students will pay real money to keep from having to repeat a course). Of course, it depends on your ability to research a vast number of subjects and churn out 2,000 to 50,000 words in a week.
Silly me, thinking people can actually read ... where did I ever say that passwords aren't needed? Also, I'm not parroting an internet meme - I'm challenging it, because it's led to a fake sense of security. If you think that passwords are sufficient to secure everything, then you must believe that 2-factor identification is a dumb idea or overkill.
If, on the other hand, you don't know what hash algorithm I'm using, or even what the characteristics of the passphrase are. For example, it may have to be exactly 12 characters, no more, no less, and x number of failures instead directs you to a honeypot, so you don't even know you didn't break in - keeping the knowledge that you failed to break in from you is great "security through obscurity" because it's proactive, and lets the target gather information to attack the attacker.
It's a lot better security than letting you know you failed to guess the passphrase, but it depends on obscurity - you cannot know that such a system is in place or it won't work.
The industry attempt to re-define "obscurity" is stupid, because it hides a few simple facts For one thing, how many people have secret passwords that are actually secret, in that they are obscure, rather than something personal, like the name of their pet, their birthday, or their kid?
Passwords are a classic example of the failure of "security through obscurity" - look under your co-workers keyboards for the post-its as just one example. Another is broken hashing algorithms, or attacks using rainbow tables, where, as long as you know the hashing algorithm, you can mount a much more effective attack.
ALL security needs something to be obscured - hidden - to be successful. The more you hide, the better.
If you still don't "get it", think of DDoS attacks - the only thing an attacker needs to know is what service you're trying to access. They don't need your password, your user name, just the "doorway" - and their DDoS is like sticking crazy glue in the lock to that door. If you can't use it when you want to, how is that "secure"? It's one reason to change the default url for admin logins in CMS systems (while leaving a bogus one that looks like the original. In larger systems, you'd also use a separate, unknown, IP).
Too many people believe that you can make something 100% secure, when that's been proven to be impossible in every case. If you can either break it, or prevent the people who are depend on it from using it, it's broken.
Doesn't matter how secure even your quantum-entangled communications channel is to 3rd-party decryption if, by interfering through the act of observing, no information is transmitted to anyone.
The fact is that keys only work when the pin lengths are not known. You can also open a lock without the key (or any key) - just search for MIT Guide to Lock Picking.
It's not "nonsense" for physical security, for hashed passwords, one-time pads, or for biometric security (and biometric is the biggest joke of all). Given enough knowledge and physical access, ALL security can be defeated, either by gaining access or denying the recipient access, or both.
Your "contrary example" actually proves my point.
Once you have the pattern, you no longer need a key of your own - you just go and get one manufactured. Or you take a blank and you file it down. How do you think a locksmith can make a key to a lock they don't have the original key to? You just bring the door handle/lockset to them, and they can do it from the pins.
Or if they want to change the key (for example, after someone's been fired or quit) they don't need an all-new barrel - they just move a few pins around and cut a new set of keys to the new pattern.
Of course. The best local exploit is a screwdriver and a spare moment or two.
Some quick contrarian rules:
Rule #1: There is no such thing as 100% secure. Even 100% bug-free cannot be considered 100% secure. It may work according to the design, and the design can be 100% correct today, but today is not tomorrow.
Rule #2: The more complicated layers of security you add, the more security holes you add. For those into car analogies, security always ends up being bolted on, like bondo dent filler, because you can't anticipate every future accident scenario. Anyone who claims otherwise is either a charlatan, a snake-oil salesman, a liar, or just plain deluded. Those who claim "you can't add security later" are liars. Those who use unix as an example don't know history - unix originally had zero security.
Rule #3: All security is ultimately "security through obscurity." If you believe open is more secure, please post your account info, including cc numbers, banking info, user names and passwords, to help make them "more secure". I'd say just email them to me, but "more eyes" and all that :-)
The problem is that people don't take things they heard in one context and apply it in other contexts where they've developed habits.
Picking your nose is a major turn-off. And yet, look how many men you see picking their noses in the "privacy" of their cars (and not-so-private places). They know it's embarrassing to be caught picking their noses, and yet not only do they do it while driving, but you can catch the "magic finger" slowly making its way down from the nose, until, quick as a lizard catching a bug, ZAP! out flicks the tongue.
Seriously - some of you guys look like you're doing an Arnold Schwarzenegger imitation of that scene in Total Recall where he has to pull an almost golf-ball-sized tracking device out of his head through his nose.
Same goes with changing the roll of toilet paper. Or not drinking out of the bag of milk. Or changing the bag of milk when it's empty.
It's the same with people and facebook or twitter. They can be so in the habit of doing it that they just don't make the connection to how it's inappropriate during a trial, even when told.
If you still believe "force of habit" is just an expression, look at how many smokers have on occasion lit up a second smoke while they still have one going ... under a no-smoking sign .... in a hospital ... when they're there for a smolking-related illness!
Jurors not only need to be told - they need to, as a precaution, be pro-active by disabling their own accounts. It's better than having to bring clean underwear because the judge has you hauled in outside the presence of the other jurors for a "talking to".
Lenovo is selling a 55" Android Ice Cream Sandwich TV
Why would anyone want to partner with Canonical, who abandoned their attempt to make an "Android Execution Environment" a couple of years ago because they couldn't make it work, when they can get the real deal?
You can do the first two steps yourself.
Once you receive the initial notice, demand that they state the legal theory behind your alleged infringement. They're going to have to at some point anyway.
They probably won't back down right away, but shining light into the dirty cracks is a good thing. It makes the cockroaches^Wcopyright trolls scoot around all over the place, so they're more likely to make a mistake and you can stomp on them.
It takes years for a case to make its way through the courts - let them try to get an injunction first if they're serious. The most likely event is they'll ignore you instead of continuing, once they realize that you know the law is on your side.
And if they continue, you introduce them to Ms. Barbara Streisand Effect. Worked out okay in the end for the whole Righthaven mess :-)
1. Send copy of the law to the company, along with a demand for the particulars of the legal theory of how, in light of the law, you are infringing;
2. Let them sue;
3. Find others they've threatened
3. Since they knew the lawsuit was invalid, go for special damages in a class action.
The government says as much: http://www.copyright.gov/fls/fl108.html
Most people don't know the law, so they fold when they get the C&D.
So you're free to make your own version of Risk or Tetris - but when you write up the rules, you have to use your own words to describe them - you can't just cut-n-pasta the original rules. The rules aren't protected - only their physical expression is (font, layout, artwork).
People are surprised that there's no copyright to a game name or movie title - but that's why you can see 3-4 movies with the same name and different decades at IMDB, and there's no copyright infringement.
Just want to point out that you are perpetuating a common misconception - two, actually.
1. Not everything you post is automatically copyrightable.
For example, if you posted "1+1=2", that is not subject to copyright. It is neither original nor creative, as well as being a non-copyrightable fact.
Also, things that are trivial are not copyrightable. Look at the whole linux header files debate.
Then there's this HUGE hole - people think that they can protect an idea by copyright, when copyright doesn't allow it:
This is why you can't copyright the rules of a game - just the artwork, etc.
2. People can repost your post without your permission under certain circumstances without breaking your copyright.
Fair use is just one example. Libraries and archives are another. In Canada, news media can repost it under section 29.2 of the Canadian Copyright Act without compensation as long as they provide attribution.
Why not? Once G+ is into beta, there will be an API that you'll be able to pretty much automate it.
And a hangout sounds ideal for a big event - let people drop in and out of the hangout at will, and yack with each other.
So join it. If you need an invite, email barbara dot hudson at gmail dot com. You probably won't be surprised at how many slashdotters are already there.
One of the negatives of facebook is the abundance of spammy "business" accounts, and the fake user accounts that business creates to try to generate buzz.
As for events, just start a new circle for that event. Or even a hangout.
I would have agreed with you a few days ago ... but then again, I only got my G+ account 6 days ago. Today? Already more active than Failbook ... people who wouldn't touch facebook except "well, my family is on it" (pretty much the only reason I ever look there) are flocking to G+. It's only a matter of time before the rest follow, and Facebook knows that.
I must be having a blonde day - this is the sort of article that just screams "Streisand Effect."
Too bad I used up my mod points earlier today, so consider yourself +1 Funny.
This is not news. Yes, google sought a green light from sun. So what? Dalvik is not Java, which is an insurmountable hurdle.
My name, email and home address are all over the net, and have been for years. I'm still alive.