encourages financial institutions to deny Internet gambling transactions
So the gambling sites will move offshore. The banks and credit card companies will not want to lose that massive source of transactions, and will find a way to continue those transactions. There is no explicit restriction on them.
There's too much money at stake here.
Re:If all most of them are doing is surfing the ne
on
Deploying Windows Updates?
·
· Score: 2, Insightful
Yeah... good one.
Let me put your proposal in other terms:
Me: "My car is running rough." You: "Buy another car!"
How about we make useful proposals to this guy before swapping out all his technology.
Actually that is kinda what happened in NZ recently - kinda funny, but also pertinant.
The core is that an earthquate happened in the alutians earlier this year in the night. The early warning system went off - some govt official here look at it and decided the risk was too low, and ignored it.
Somehow information about the earthquake and "possible" wave was picked up byoverseaspress and reported as roughly a "tsunami is heading for the east coast of NZ".
Overseas people began calling NZers they knew on the east coast telling them to run for the hills. The locals did (at about 5:30am), grabbing their neighbours and dogs.
In the end the govt official was right - there was no tsunami. Be nice if they told someone.
Anyway, point is that calling someone *did* work. People overseas called NZ and the word spread *fast*. I don't know whether it was fast enough to be useful, but there's something in there thats useful. Dont call people here - broadcast the news on the internet and news. *Someone* listening will know people in the affected area and the mass phone calls will start.
You have a good point - A timed lockout is required to stop brute force, but wont hinder a user (who needs to wait 60 seconds after every 3 tries).
However that wont stop a DoS on an account. If DoS is the goal, the hacker has a process that keeps entering your ID with a bad password. Probably a better solution there is after 10 bad tries - lock that IP out for an hour.
How many times have banks/people lost money due to weak passwords? vs How many times have backs/people lost money due to social engineering?
Forcing people to have crazy passwords may reduce the number of times that password is cracked (from near zero to nearer zero). But stopping social engineering will have a *far* greater impact - because its actually pretty common for people to hand over their passwords and account details to nigerians or email from pay pal.
So its not about the size of your password. For example: PIN codes are pretty secure, but they are only 4 digits. The reason: You need the card and you get 3 tries before the card is swallowed. 16 digit pins with alpha numeric would *reduce* the security because many people will write their pin on their card or keep it with their card.
For a bank - any simple 8 letter word will do for a password. A bank just needs to be sure you can't have more than 3 tries before your account is locked out.
And that holds true for any authentication system. Lock your users out (so they have to come to you) after 3 tries.
Let me relay my experiences. The company I work for has a s/w package with a reasonable amount of documentation, which we used to provide on the CD only, in online viewing form only - installed with the app.
We were continually asked if we had printed documentation.
So we created it. Guess what - no-one ordered it (and it was very cheap). So we dropped a printable version on the CD. Again - no-one printed it.
Everyone wants to know you *can* provide printed documentation. No-one actually *wants* to use printed documentation. Its like a check box that they have to be able to tick when ordering your software.
We put in 100% wireless at one when we moved. Saved us a bundle of time, but there were dead spots all over the place. Lots of people had laptops and moved around with them - some offices had good connectivity, some didn't. In hindsight, we didn't have enough access points to provide good coverage. We eventually switched to wired due to user frustration.
In the next office we learnt. Fewer people have laptops and move around. Everyone fixed is wired. Laptops have the option and using IBM's s/w on the thinkpads, they seamlessly switch when you unplug to move (in fact, some choose to stay wireless all the time). We carefully chose the locations of the APs by testing. Throughput is down but not noticeably so.
What to learn:
Think of access points in terms of distance between them and coverage as well as number of people connecting. And figure this out by testing, not by reading manuals. Walk the floor with a laptop and test every office, nook and cranny - there are lots of unexpected dead spots.
Security is not a problem - WPA is a piece of cake to set up and (as yet) unbroken.
the average TiVo household makes "something like" 357 clicks per day. With 4.4 million households, this works out to be over a half a billion clicks every single year. No wonder my fast forward button wore off on my remote
[Pendantic flag] ummm..... I make it 573,342,000,000 clicks a year, or half a trillion. Unless he's english. Poor poms - no wonder they dont have many billionaires.
130305 clicks per remote. And I bet 90% are FFWD. [/Pendantic flag]
Dropping the 2.[odd] convention was a terrible move.
As with all OS's and, indeed, all software, you need to apply regular fixes to keep ahead of the hackers out there.
But right now we have a situation where these regular fixes are included with first release of features, which is dangerous, and major mods to existing features, which is also dangerous. Software rots - its a continually changing beast with interconnections and interdependencies (often very subtle) that are continually breaking.
Standard practise of doing the absolute minimum possible at any time to the released software is a great way to ensure stability. And having your development branch mixed with the live branch just ain't the way.
I've raised this before, and it has been pointed out that some of the 2.6 releases are labelled as stable. Crap. This is a dev branch. I've had that stable branch do weird things to USB drives and X11.
Dont get me wrong - we *need* to have our devs adding cool features and I really like where 2.6 has gone. But they need a sandbox.
Please please please can we have a 2.7 and lets focus on stabilising 2.6. No new features.
Works a treat - for $NZ10 - $15 (depending on order size) delivered. The guy even brings it into the house and drops the bags in the kitchen.
The website is very well thought out too. It saves frequently purchased items so after a couple of shops, you can do a shop by zipping through your list rather than scanning the whole inventory.
Disturbing to think of Abdul's private family vacation snapshots being bored over in the hunt for Terrorist Activities
Scarey, but that is exactly what happened in NZ. Ahmed Zaoui (actually a peaceful algerian cleric/polition overthrown by a military junta) has been chased around the world by the French govt who backed the junta. He was convicted in abstenita in Belgium and France in what have been labelled 'unsafe trials', and therefore labelled a 'Terrorist' (TM). Proof of this included his family holiday photos of his wife and kids which sometimes had famous buildings in the background - our (idiotic) secret service saw those as proving he was casing them in preperation for blowing them up.
Much smarter to use one of these residential windmills. This actually creates power so the savings are higher. And the costs are similar and it wont run down in a year or two.
And the problem with that is that all batteries have a lifespan. You might be able to pay it off in (as the parent suggests) say 5 years. But since it charges and discharges every day, 5 years equates to over 1800 cycles.
I'm a NZ mythtv owner/user. There are no good locations (that I know of anyway) for TV listings. All reliable systems currently rely on scraping either Sky (the subscriber channels) or TV1,2,3,4 websites.
Its pretty ugly, but the scrapers are impressive and do their job well. The pick of the bunch is written by Riven. Its a.Net app that runs in Mono.
My suspicion is that these guys are using Riven's work, or they have inked a deal with Sky. It is extremely unlikly they have inked a deal with any of the free to air channels due to ad-skipping. I understand that requests have been made to Sky in the past, which were rebuffed.
This would provide the most amazing trolling database ever. Can you imagine the glee within the govt at being able to freely scan every file "owned" by every member of the public.
And dont think it wont happen because the Patriot act permits data trolling without telling the user (go and talk to you public library - they have to hand over data about you and they are not allowed to tell you).
Can you imagine the conversation...
GW: I need access you your Live Drive for anyone named 'ahmed' or 'abbus' or 'abdul' or... hell just give me it all! BillG: sure - if you can call off your anti-trust watchdogs GW: consider it done. What is anti-trust anyway??
Wrong mentality dude. The planners for a project must get the plans/decisions and thinking done about a project well in advance of the aviliability of the team. Otherwise the edgy team will be ready, and no-one will be sure whats in it.
Personally I'd have had this conversation a while ago. That way, when the dapper implementation team hit the 'send' button, everything will be in place to get started on edgy.
In Europe, RoHS (restriction of hazardous waste) laws come into effect in June (or is it July) this year. Any electronics imported after that date will need to comply wrt hazardous materials - so this means all electronics will need to be on new manufacturing lines with lead free components. And its not just lead - preservatives in plastics among others.
List of main culprits is here (Look for "six substances" link).
List is:
Lead - Pb Mercury - Hg Cadmium - Cd Hexavalent Chromium Cr (VI) Polybrominated biphenyls - PBB Polybrominated diphenyl ethers - PBDE
Has anyone actually got any user friendly UI's to this yet? Freenet, as it previously stood, was a pain. Uploading files was aweful. Fetching files was worse. The browser interface was a waste of time.
Modern Java virtual machines can actually be more efficient than native code in many situations. The old criticism of Java, that it is slow, and a CPU/memory hog relative to native compiled code, was definitely valid back in the 90s, but is much less-so now. Check out some recent benchmarks involving Java if you don't believe me.
People (well, specifically java developers) have been saying this for years. But users of Java Apps have been saying these apps are hogs. Who do you believe? Personally - I believe the user - the experience is that despite benchmarks showing java is as fast as or faster than naticve C++.... its a PIG.
Yes there is a distro you can do this with - Knoppmyth.
And by the way - this topic sounds very exciting, but lots of people are running myth on quiet EPIA mobos. Check out mythtv's hardware database. Its not new or even hard.
1. Buy mobo, case, HDD, encoder card, DVD. Or buy oneofthese pre-built ones 2. Plug it all in. 3. Insert knoppmyth CD. 4. install 5. ??? 6. profit... errr... I mean watch TV.
Slashdot Mirror
So the gambling sites will move offshore. The banks and credit card companies will not want to lose that massive
source of transactions, and will find a way to continue those transactions. There is no explicit restriction on them.
There's too much money at stake here.
Yeah... good one.
Let me put your proposal in other terms:
Me: "My car is running rough."
You: "Buy another car!"
How about we make useful proposals to this guy before swapping out
all his technology.
Actually that is kinda what happened in NZ recently - kinda funny, but also pertinant.
The core is that an earthquate happened in the alutians earlier this year in the night. The early warning system went off - some govt official here look at it and decided the risk was too low, and ignored it.
Somehow information about the earthquake and "possible" wave was picked up by overseas press and reported as roughly a "tsunami is heading for the east coast of NZ".
Overseas people began calling NZers they knew on the east coast telling them to run for the hills. The locals did (at about 5:30am), grabbing their neighbours and dogs.
In the end the govt official was right - there was no tsunami. Be nice if they told someone.
Anyway, point is that calling someone *did* work. People overseas called NZ and the word spread *fast*. I don't know whether it was fast enough to be useful, but there's something in there thats useful. Dont call people here - broadcast the news on the internet and news. *Someone* listening will know people in the affected area and the mass phone calls will start.
From the parents PDF:
Like thats going to stop a hacker for all of a few minutes.
Bizarre. WEPs shortcomings have been known for years.
You have a girlfriend. And she cleans your house.
Your not from around here are you?
You have a good point - A timed lockout is required to stop
brute force, but wont hinder a user (who needs to wait 60 seconds after
every 3 tries).
However that wont stop a DoS on an account. If DoS is the goal,
the hacker has a process that keeps entering your ID with a bad
password. Probably a better solution there is after 10 bad tries -
lock that IP out for an hour.
Anyone dealing with this? How are you doing it?
How many times have banks/people lost money due to weak passwords?
vs
How many times have backs/people lost money due to social engineering?
Forcing people to have crazy passwords may reduce the number of
times that password is cracked (from near zero to nearer zero).
But stopping social engineering will have a *far* greater impact -
because its actually pretty common for people to hand over their
passwords and account details to nigerians or email from pay pal.
So its not about the size of your password. For example: PIN codes
are pretty secure, but they are only 4 digits. The reason: You need the card
and you get 3 tries before the card is swallowed. 16 digit pins with
alpha numeric would *reduce* the security because many people will write
their pin on their card or keep it with their card.
For a bank - any simple 8 letter word will do for a password. A bank just needs
to be sure you can't have more than 3 tries before your account is locked
out.
And that holds true for any authentication system.
Lock your users out (so they have to come to you) after 3 tries.
Its neat that they did it.
Let me relay my experiences.
The company I work for has a s/w package with a reasonable amount of documentation,
which we used to provide on the CD only, in online viewing form only - installed
with the app.
We were continually asked if we had printed documentation.
So we created it. Guess what - no-one ordered it (and it was very cheap).
So we dropped a printable version on the CD.
Again - no-one printed it.
Everyone wants to know you *can* provide printed documentation.
No-one actually *wants* to use printed documentation.
Its like a check box that they have to be able to tick when ordering
your software.
We have several offices.
We put in 100% wireless at one when we moved. Saved us a bundle of time, but there were dead spots all over the place. Lots of people had laptops and moved around with them - some offices had good connectivity, some didn't. In hindsight, we didn't have enough access points to provide good coverage. We eventually switched to wired due to user frustration.
In the next office we learnt. Fewer people have laptops and move around. Everyone fixed is wired. Laptops have the option and using IBM's s/w on the thinkpads, they seamlessly switch when you unplug to move (in fact, some choose to stay wireless all the time). We carefully chose the locations of the APs by testing. Throughput is down but not noticeably so.
What to learn:
Think of access points in terms of distance between them and coverage as well as number of people connecting. And figure this out by testing, not by reading manuals. Walk the floor with a laptop and test every office, nook and cranny - there are lots of unexpected dead spots.
Security is not a problem - WPA is a piece of cake to set up and (as yet) unbroken.
So it can work.
... unless you can accept the compromises, like not being able to use it in a lit room.
I have an LCD panel and a projector. The projector is a good one, but is just not bright enough to use in the daytime without pulling the blinds.
The panel is **waaaaaayyyyyy** brighter, and while much smaller, is used during the day or early evening.
[Pendantic flag]
ummm..... I make it 573,342,000,000 clicks a year, or half a trillion. Unless he's english. Poor poms - no wonder they dont have many billionaires.
130305 clicks per remote. And I bet 90% are FFWD.
[/Pendantic flag]
Dropping the 2.[odd] convention was a terrible move.
As with all OS's and, indeed, all software, you need to apply regular fixes to keep ahead of the hackers out there.
But right now we have a situation where these regular fixes are included with first release of features, which is dangerous, and major mods to existing features, which is also dangerous. Software rots - its a continually changing beast with interconnections and interdependencies (often very subtle) that are continually breaking.
Standard practise of doing the absolute minimum possible at any time to the released software is a great way to ensure stability. And having your development branch mixed with the live branch just ain't the way.
I've raised this before, and it has been pointed out that some of
the 2.6 releases are labelled as stable. Crap. This is a dev branch. I've had that stable branch do weird things to USB drives and X11.
Dont get me wrong - we *need* to have our devs adding cool features and I really like where 2.6 has gone. But they need a sandbox.
Please please please can we have a 2.7 and lets focus on stabilising
2.6. No new features.
Works a treat - for $NZ10 - $15 (depending on order size) delivered. The guy even brings it into the house and drops the bags in the kitchen.
The website is very well thought out too. It saves frequently purchased items so after a couple of shops, you can do a shop by zipping through your list rather than scanning the whole inventory.
Signed
One happy, and very lazy, customer.
Scarey, but that is exactly what happened in NZ. Ahmed Zaoui (actually a peaceful algerian cleric/polition overthrown by a military junta) has been chased around the world by the French govt who backed the junta. He was convicted in abstenita in Belgium and France in what have been labelled 'unsafe trials', and therefore labelled a 'Terrorist' (TM). Proof of this included his family holiday photos of his wife and kids which sometimes had famous buildings in the background - our (idiotic) secret service saw those as proving he was casing them in preperation for blowing them up.
Much smarter to use one of these residential windmills. This actually creates power so the savings are higher. And the costs are similar and it wont run down in a year or two.
If the batteries were:
They say that they use:
But backup batteries are rarely cycled. These suckers are just going to die before you get a chance to repay your investment.
I'm a NZ mythtv owner/user. There are no good locations (that I know of anyway) for TV listings. All reliable systems currently rely on scraping either Sky (the subscriber channels) or TV1,2,3,4 websites.
.Net app that runs in Mono.
Its pretty ugly, but the scrapers are impressive and do their job well. The pick of the bunch is written by Riven. Its a
My suspicion is that these guys are using Riven's work, or they have inked a deal with Sky. It is extremely unlikly they have inked a deal with any of the free to air channels due to ad-skipping. I understand that requests have been made to Sky in the past, which were rebuffed.
This would provide the most amazing trolling database ever. Can you imagine the glee within the govt at being able to freely scan every file "owned" by every member of the public.
... hell just give me it all!
And dont think it wont happen because the Patriot act permits data trolling without telling the user (go and talk to you public library - they have to hand over data about you and they are not allowed to tell you).
Can you imagine the conversation...
GW: I need access you your Live Drive for anyone named 'ahmed' or 'abbus' or 'abdul' or
BillG: sure - if you can call off your anti-trust watchdogs
GW: consider it done. What is anti-trust anyway??
Personally I'd have had this conversation a while ago. That way, when the dapper implementation team hit the 'send' button, everything will be in place to get started on edgy.
I'm sorry, thats been patented.
You need to pay a licensing fee or purchase
an official Cat Chaser(tm) if you want to play
with your cat.
In Europe, RoHS (restriction of hazardous waste) laws come into effect in June (or is it July) this year. Any electronics imported after that date will need to comply wrt hazardous materials - so this means all electronics will need to be on new manufacturing lines with lead free components. And its not just lead - preservatives in plastics among others.
List of main culprits is here (Look for "six substances" link).
List is:
Lead - Pb
Mercury - Hg
Cadmium - Cd
Hexavalent Chromium Cr (VI)
Polybrominated biphenyls - PBB
Polybrominated diphenyl ethers - PBDE
Has anyone actually got any user friendly UI's to this yet?
Freenet, as it previously stood, was a pain. Uploading files was aweful. Fetching files was worse. The browser interface was a waste of time.
People (well, specifically java developers) have been saying this for years. But users of Java Apps have been saying these apps are hogs. Who do you believe? Personally - I believe the user - the experience is that despite benchmarks showing java is as fast as or faster than naticve C++.... its a PIG.
unless, of course, you go through anonymizer.com :-)
And by the way - this topic sounds very exciting, but lots of people are running myth on quiet EPIA mobos. Check out mythtv's hardware database. Its not new or even hard.
1. Buy mobo, case, HDD, encoder card, DVD. Or buy one of these pre-built ones
2. Plug it all in.
3. Insert knoppmyth CD.
4. install
5. ???
6. profit... errr... I mean watch TV.