For the first sentence in my post, depending on how you apply the rules you may get something like tabrtchbs or Tabrt"CHBS" or the like... it's much shorter, and it's easier to memorize. And if the security of such a standard approach isn't good enough, you can apply your own extra rules, such letter substitutions, arbitrarily inserted characters, change the order of the word or what letter you pick from each word, etc.
So you're saying that it's easier to memorize 'T@Br7"CH8S"' than 'correct horse battery staple'?
Yes, that's essentially what I would suggest-- replacing passwords with a standardized public-key system. But we need to develop a system for key management whereby the keys are kept secure from attackers, while being very accessible by the authorized users, and being very difficult for authorized users to lose access accidentally.
The thing is, with a good password manager, there's no reason to have a weak password, even for the sites that you aren't worried about.
Depends on what constitutes a "good password manager". I would say that for this to be true, I'd need a "good password manager" that was easily and transparently accessible on any platform that can access the internet, without installing anything, and without exposing my password to others. Otherwise, I can think of plenty of reasons why I'd want to be able to remember my passwords.
Just for example, let's say I want to log into my Netflix account on my friend's Roku box so that we can watch a movie. If I don't have any other devices handy, how do I get my password from my password manager?
Yeah, I try to make this point all the time. I run into IT people and companies whose idea of a "strong password" is something like: have 8 characters, one capital letter, one number, and one symbol/punctuation-mark, and rotated every few months without repeating for the past 5 passwords.
You know what people do? They rotate through the following passwords: Password1!, Password2!, Password3!, Password4!, Password5!
Actually, if you think about it, standardizing on those kinds of requirements is kind of dumb, since it limits the combinations of different passwords people can use. If an attacker knows these requirements, and wants to attempt a brute-force attack, he start by ruling out anything with fewer than 8 characters, and any combination lacking in symbols, capital letters, etc. Now, that doesn't cut out that many possible combinations, but you can start by ruling out short words, assume that the first letter will be capital, assume that the numbers will be at the end, and there's a good chance the whole thing ends in an exclamation mark. I've seen a lot of passwords, and it's always an exclamation mark at the end.
And then there's always someone who pops up with the clever advice of substituting symbols for letters. "The password 'password' is completely insecure. Instead, use 'P@ssw0rd!'. Hackers can't guess your password if it has symbols, numbers, and punctuation!" Ummm... no. those kinds of substitutions have been included in dictionary attacks for a long time now. "P@ssw0rd!" is not a strong password.
The "correcthorsebatterystaple" is actually pretty good advice at this point, all things considered.
That's a problem with that website, but there's no way to help that. You can still use "correcthorsebatterystaple" in websites with sensible password requirements. Different sites having different password requirements is only really a problem if you're reusing passwords, which you're kind of not supposed to do anyhow.
Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.
Unless the poem is in your dictionary, I suppose. In that case, the attacker could just take the poem and use the first letter in every word, and include that in their dictionary. But "correct horse battery staple" is not particularly vulnerable to brute-force dictionary attacks because there are far more words in the English language than their are letters. So if you were going to brute-force passwords, it'd be easier to guess 7 random letters than 7 random words, even with a complete dictionary of words.
Password managers don't really solve the problem. Many of them aren't really cross platform (by which I mean, they sync with and are accessible by all your programs/browsers for all of your devices), and as he recognizes, there will be some passwords that you can't store in the manager (e.g. the password to the manager itself, and for the devices that access your password manager). Beyond that, I didn't see any recognition anywhere that there are at least some services that you might want to access somewhere where you don't have access to a password manager. For example, the selling point of both webmail and services like Dropbox are that you can access your data on another person's computer. Are you going to want to download, install, and sign into a password manager on another person's computer.
So yes, password actually do need to be both memorable and strong.
However, I'd agree with him that really, passwords need to die. Or not actually die completely, but most sites should not require their own password. What we really need is some kind of standardized identity management system-- like you know how you can sign onto various sites using either your Facebook or Google+ sign-on? Like that, but standardized. We need a true single-sign-on solution that is easy to manage, hard to screw up and lose your identity permanently, and usable everywhere.
This has been obvious for well over a decade, but we can't do it because we don't create standards anymore. For any solution, Microsoft wants to have their solution, Facebook wants theirs, Google wants to do it their own way, and Apple wants to do something different from all the rest. Each company pretty much wants a solution that will benefit themselves and screw over their competitors. None are really focused on creating the best solution for social/economic/computing progress, and if they were, it would still be impossible to get others on board. So that's the real problem. Unwillingness to create standards.
Who said they couldn't handle the risk? They're certainly handling the consequences.
My point is, the OP was arguing that it was wrong to assign responsibility to these celebrities because the celebrities knowingly performed a risk/benefit analysis and determined that the risk was worth the benefit. I'm saying that's a weak argument, since we don't always absolve people of responsibility when they perform a risk/benefit analysis and determine that the risk is low. On the contrary, when people actually understand the risks that they're taking, we're usually more likely to assign responsibility when those risks are realized.
That's not to say that we should assign responsibility/blame to the celebrities, but at this point, what is there to be done? You can try to catch the people who committed crimes, and you can try to prosecute those people for those crimes. Aside from that, if you want to know how to avoid having something like this happening to you, I have some very simple and obvious advice.
And related... there should be the ability for me to restrict where my email is access to/from and where it was sent from. I'm not going to Russia -- so why can't I block all access to my account from Russia?
Yeah, it's not quite a solution to spam, but I've had periods where I get a lot of spam in Cyrillic or Chinese/Japanese characters, and it would have been nice to be able to at least say, "If the email isn't using the Latin alphabet, treat it as suspect because I don't read any languages that use any other alphabets."
I've always thought part of the key to putting a dent in spam would be to make cryptographic email signatures ubiquitous. Then we could check the signature against a valid authority, and if an authority is vouching for too many spammers, then you yank its status as "a valid authority". Then it becomes the authority's job to self-police. Of course, getting people onboard with something like that is impossible.
Now how does your solution in checking "origin" compare with something like SPF? What is it checking the origin against?
And what if one of your friends goes to Russia on vacation and wants to send you an email?
I think this is a helpful perspective-- it's not about blame, it's about advice.
It's not your fault if you have your personal photos stolen, but that doesn't change what my advice would be to anyone who is concerned: If you don't want someone to see your nude photos, don't allow nude photos to exist.
And on a side note, I don't think the idea is correct that these celebrities did an effective risk/benefit analysis and found that the benefits outweighed the risk. First, because I'm dubious about the benefits of keeping nude photos of yourself. Second, and more importantly, because I don't think the risk is small.
The OP claims, "a vanishly small proportion of [nude photos] get stolen in security breaches of cloud storage," but I would wonder if we have any data on that. Maybe it happens all the time, but we just don't hear about it because the victims aren't celebrities. Not being a celebrity means both: (a) even if the photos were stolen, there's a much smaller chance that the victim would ever find out; and (b) even if the photos were stolen and the victim found out, there's a much smaller chance the general public would ever hear about it. The OP even acknowledges, "usually the far greater risk is that the recipient will forward the image to other people until it gets out of control," which essentially has the same effect. So even if you aren't concerned about cloud breaches, you should still be concerned about the photos being seen by people other than the intended recipients. (Actually, this is an important issue, since we don't know that all of the leaked photos came from a security breach, and some of them may have been leaked by the recipient forwarding the image to others).
But aside from all that, there's still another problem with this argument: even in cases where people have done a risk/benefit analysis and determined that there's a low risk, we still don't exempt people from the responsibility of that risk. Imagine that I invest all my money in a company that is, by all accounts, a safe investment. After some period of time, that company fails and I lose my investment. That stinks. I calculated my risk, and had no way of knowing that my investment was going to have bad results. It may be true that no one would blame me, but that doesn't mean that I can expect to get my money back. Someone might reasonably say to me, "That's bad luck, but you knew there was a risk when you bought the stock. It was a small risk, but a risk none the less, and you took that risk knowingly."
All in all, I think we need to stop trying to figure out blame, and figure out how to proceed. My advice to anyone out there is, if you can't handle the risk of someone seeing your nude photos, then don't take nude photos. Certainly don't store them online.
Yeah, I keep seeing people talk about how cell phone carriers are going to get screwed by VoIP apps and SMS-replacement apps, which makes me wonder, has nobody looked at the carrier's websites in a couple of years?
Carriers have started changing their plans to have unlimited talk/text, charging for data bandwidth instead. They're moving their own voice service to VoIP. You may have an old-style plan grandfathered in, and the carriers may still have some other specialty plan with limited talk/text for a little cheaper, but the plans that they're actively advertising are all unlimited talk/text. IIRC, this has been the case for over a year.
If you send a message to someone on facebook messenger, they might not get it until they log in to facebook on their computer next week
Only if they don't have the Facebook Messenger app or the Facebook app on their phone. And following that logic, they might not have the Whatsapp app on their phone, in which case I guess they'll never get your message.
I don't see how disallowing someone to check their messages except on their cell phone is a "feature".
I think Facetime allows you to make real-time voice calls, whereas Youtube doesn't. I'm pretty sure that's what people mean by VoIP. Voice over IP: Real-time voice-based conversations over an IP network.
As far as I know, it does not need to be able to connect to the analog POTS network to be considered VoIP, but as with many terms, the precise details might depend on who you ask.
However, it occurs to me that Washington and Jefferson are still venerated across the political spectrum despite being unelectable today.
I'd put that in a different category altogether. People like Washington and Jefferson are quasi-mythological figures at this point. Almost everyone admires them for reasons that may even be fictional (Washington can't tell lies?), while very few would actually condone their ownership of slaves-- except maybe on the grounds that we should judge them in their historical context as opposed to judging them against our current social mores.
And I don't think it's necessarily that Democrats don't admire some historical figures. I'm just saying their rhetoric doesn't include the appeal to authority of those figures. They don't seem to feel the same need to invoke them in debates, to claim that we should do something *because* a historical figure said it was the right thing to do. There isn't the same sense of "[whichever historical figure] said [x], and he was a great man who was smarter than we are today, so we should follow that advice."
I could be wrong-- I haven't done a statistical analysis of this or anything-- but that's my sense. So because of this kind of appeal to authority, if an opponent can demonstrate that those same authority figures would disagree with what Republicans are saying, then it *is* sort of damning. If I say "We should do [x, y, and z] because Ronald Reagan said so," you may or may not find that argument compelling. However, if that is the basis of my argument, and then you say, "Well actually, I have quotes where Reagan said [x, y, and z] are all bad ideas," then you pretty well blew my argument out of the water.
My memory of it was that it kind-of-sort-of worked most of the time. Kind of. It was a bit slow-going and there were some characters it would be finicky about recognizing some characters. Of course, that was over 10 years ago now, and I don't actually remember very well. I just remember being disappointed that it didn't work as well as I'd hoped.
I don't doubt that part of the problem was my awful handwriting. I've spent most of my life typing, and my handwriting was barely legible when I was practicing it. I've always thought that part of the value of using computers is that I didn't need the kind of coordination and practice necessary for neat handwriting, so I have my doubts about any handwriting recognition solution. If you make me trace out individual letters with my finger onto a screen the size of my watch, I think it's going to get messy.
Personally, I'd be fine with a wider watch. It's not like I need articulation on my forearm. Think "Less like a watch, more like a pip-boy."
Obviously, the trick would be to make it thin, lightweight, and comfortable enough that people would actually wear it. But even if you just made it the width of a standard cell phone keyboard, you could have one-hand operation at roughly twice the width of a standard watch. the extra width should even allow you to spread the components out over a larger area, allowing for a thinner device.
Does anyone else remember Palm devices having a little handwriting recognition box at the bottom, with the Graffiti? Hopefully this system does a better job at recognizing handwriting, but it's hardly a novel idea. I'm half expecting that next, someone is going to release a groundbreaking new smartwatch with a physical keyboard that looks like a casio watch.
Not that I object to drawing on old approaches in designing new products, but I can't help but roll my eyes if Microsoft is going to try to claim that this is innovative. Off the top of my head, it seems like we've had 4 different methods for text input: physical keyboards, virtual keyboards, handwriting recognition, and speech recognition. Each has problems that are fairly well understood. Speech recognition has gotten better in the past couple years, and Swype-style virtual keyboards (analyzing shape rather than simply button pressing) is fairly innovative, but I'm not seeing how this is actually a new thing, other than implementing it on a watch.
Seriously, starting to experiment with uncertain approaches in a time of crisis is about the most stupid thing that can be done.
Not necessarily. If you have limited resources and a solution that's certain to work, then yes, it's kind of dumb to waste resources by experimenting with solutions that are unlikely to work. However, if you're having a crisis and you have no solution that's certain to work, then it may be smarter to "leave no stone unturned" and test any approach that seems like it might yield results, so long as you're pretty sure it won't make the problem worse.
If something better had been found in centuries of research into medical methods, then it would be the standard-approach.
Again, this is pretty silly. First of all, modern medicine really has only been around for a couple of hundred years. Before that, "medicine" wasn't much better than witch doctors. So when you say "centuries", it's only just barely accurate. And during those centuries, we've seen countless innovations, and we continue to see developments of better medical methods of various kinds. There's no reason to say, "Let's stop trying to innovate in medicine. If there were any room for improvement, we would have found it already."
The assertion made by this meme isn't any more apt than trying to claim all modern Democratic presidents could be mistaken for Republicans because the Democrats were on the wrong side of history by being the pro-slavery party while the Republicans made abolition a key plank.
I'm not sure it's the same thing, since Democrats aren't holding up those pro-slavery candidates as heroes who share their views. Yes, cultural views shift over time, but the Republicans are generally claiming that their views are timeless and traditional. They want to claim that they believe all the same things as "the founding fathers", Lincoln, Eisenhower, and Reagan, as though all of these people believed the same thing, and they were all tapping into some kind of universal truth that modern Republicans also have unique access to.
So the meme isn't meant to argue that opinions shouldn't shift over time, but only to point out some absurdity in some of the Republican rhetoric.
Well it's a bit difficult to know for sure. There are kooky people who are rightfully dismissed, who then harbor resentment for being shut-down in the conversation. Then there are people who make a good point, but are dismissed for emtional/political/irrational reasons, and who are rightfully upset that their objections go unheeded.
In a conversation when someone is being dismissed, we tend to see anyone who disagrees with us as the former, and anyone who agrees with us as the latter. How to tell the difference is a real philosophic problem. Of course, you're right that either way, dismissing someone's argument is not equivalent to censorship. Worse is when people claim it's a violation of a the first amendment. It's not censorship to dismiss and disregard another person's opinion; it's only censorship to use some kind of force/leverage to punish someone into silence.
They argue this would be too difficult to do, which I think is baloney.
I think what they probably mean is, it'd be difficult for them to be able to provide this kind of metadata without risking legal/PR trouble. To make sure that they could provide your metadata without revealing information that could possibly open themselves to criminal prosecution or civil suits would require that they pay lawyers to review the whole process. And then they'd need to spend a lot of time internally figuring out whether they want to spin the whole thing for PR purposes, or if seeing your metadata is too scary the be released at all without a PR nightmare.
And that's a bunch of work to satisfy one reporter. Doing that opens to floodgates for them to have everyone request it. So now, they have to review their entire data collection policy and create policies for who can get access to what. That's a lot of work.
I'm not saying they're right to provide access to customer data to the government while denying customers access to their own data. I'm just suggesting that they're probably not lying when they say it's difficult. You just have to know what they mean by "difficult".
That brings me to my thesis: real genuine genius is only interesting to people equipped to break it down and understand how it's novel. And that has a lot more to do with field-specific domain knowledge than intelligence.
I think that's only really true when you're talking about writing a character who is supposed to be a field-specific genius, regarding whether that character is saying actual genius things.
So for example, if you want to have a character that's a medical genius (e.g. Dr. House), then it might be hard to come up with medical deductions that are actually genius, and it's probably not worthwhile because almost none of your audience will know the difference. In cases like that, I don't mind writers coming up with some medical technobabble. The most I'd hope for is that it's somewhat plausible and doesn't sound stupid to a layman.
However, I don't think that this means you have to be a genius to appreciate smart writing. You can appreciate an extremely well written character without being able to write good characters yourself. It's possible you could even write a very good character without understanding why it's such good writing. And even relatively stupid people can appreciate a comedic genius pulling together a brilliant joke.
So I think that was part of what was behind the statement, "I'm happy to suspend disbelief for a good show." I'll accept some silly technobabble in a good show. I enjoyed House, and I don't care one bit if some of the medical jargon is wrong. But if it's a stupid show and the technobabble is noticeably stupid even to a layman, that's when there's a problem.
I don't trust the usual sites, the first ones I found via Google. I suspect (and found) that at least some of them are directly affiliated with ISPs, and I further suspect that traffic to those addresses is probably prioritized, so people will think they're getting a good deal.
I just wanted to point out that they're not necessarily trying to trick you by running these speed tests. For one thing, if they wanted to trick you, they could always just compile a list of popular test sites and prioritize/uncap that traffic.
But it's actually somewhat valid for ISPs to provide tests that, in a sense, are biased. Let's say you have a Verizon connection. Verizon may want to provide a testing mechanism to make sure you're getting the advertised connection to their network, to make sure things are operating properly. If you have a slow connection to Slashdot, for example, that might just mean that Slashdot is slow. It might mean that your route to Slashdot has been saturated somehow, and that might not be Verizon's fault. There are a lot of things that could possibly go wrong that could cause your connection to Slashdot to be bad, and Verizon can't rely on that as a good test.
So what Verizon would want to do is provide a test that simply confirms that your connection to their network is running at advertised speeds, which would mean testing between your home computer and another machine on their network. If that is operating at advertised speeds, but your connection to some endpoint is slow, then the problem is probably between Verizon's network and the endpoint, and not between you and Verizon's network.
Slashdot Mirror
For the first sentence in my post, depending on how you apply the rules you may get something like tabrtchbs or Tabrt"CHBS" or the like... it's much shorter, and it's easier to memorize. And if the security of such a standard approach isn't good enough, you can apply your own extra rules, such letter substitutions, arbitrarily inserted characters, change the order of the word or what letter you pick from each word, etc.
So you're saying that it's easier to memorize 'T@Br7"CH8S"' than 'correct horse battery staple'?
Yes, and it's brilliant the way that we've used SSNs as both an identifier and a form of authentication.
Yes, that's essentially what I would suggest-- replacing passwords with a standardized public-key system. But we need to develop a system for key management whereby the keys are kept secure from attackers, while being very accessible by the authorized users, and being very difficult for authorized users to lose access accidentally.
The thing is, with a good password manager, there's no reason to have a weak password, even for the sites that you aren't worried about.
Depends on what constitutes a "good password manager". I would say that for this to be true, I'd need a "good password manager" that was easily and transparently accessible on any platform that can access the internet, without installing anything, and without exposing my password to others. Otherwise, I can think of plenty of reasons why I'd want to be able to remember my passwords.
Just for example, let's say I want to log into my Netflix account on my friend's Roku box so that we can watch a movie. If I don't have any other devices handy, how do I get my password from my password manager?
Yeah, I try to make this point all the time. I run into IT people and companies whose idea of a "strong password" is something like: have 8 characters, one capital letter, one number, and one symbol/punctuation-mark, and rotated every few months without repeating for the past 5 passwords.
You know what people do? They rotate through the following passwords: Password1!, Password2!, Password3!, Password4!, Password5!
Actually, if you think about it, standardizing on those kinds of requirements is kind of dumb, since it limits the combinations of different passwords people can use. If an attacker knows these requirements, and wants to attempt a brute-force attack, he start by ruling out anything with fewer than 8 characters, and any combination lacking in symbols, capital letters, etc. Now, that doesn't cut out that many possible combinations, but you can start by ruling out short words, assume that the first letter will be capital, assume that the numbers will be at the end, and there's a good chance the whole thing ends in an exclamation mark. I've seen a lot of passwords, and it's always an exclamation mark at the end.
And then there's always someone who pops up with the clever advice of substituting symbols for letters. "The password 'password' is completely insecure. Instead, use 'P@ssw0rd!'. Hackers can't guess your password if it has symbols, numbers, and punctuation!" Ummm... no. those kinds of substitutions have been included in dictionary attacks for a long time now. "P@ssw0rd!" is not a strong password.
The "correcthorsebatterystaple" is actually pretty good advice at this point, all things considered.
That's a problem with that website, but there's no way to help that. You can still use "correcthorsebatterystaple" in websites with sensible password requirements. Different sites having different password requirements is only really a problem if you're reusing passwords, which you're kind of not supposed to do anyhow.
Unless you're talking about something that I'm not getting, it's not susceptible to a dictionary attack. The individual words may be, but a brute force attack would still need to guess all of those words in that order.
Unless the poem is in your dictionary, I suppose. In that case, the attacker could just take the poem and use the first letter in every word, and include that in their dictionary. But "correct horse battery staple" is not particularly vulnerable to brute-force dictionary attacks because there are far more words in the English language than their are letters. So if you were going to brute-force passwords, it'd be easier to guess 7 random letters than 7 random words, even with a complete dictionary of words.
Password managers don't really solve the problem. Many of them aren't really cross platform (by which I mean, they sync with and are accessible by all your programs/browsers for all of your devices), and as he recognizes, there will be some passwords that you can't store in the manager (e.g. the password to the manager itself, and for the devices that access your password manager). Beyond that, I didn't see any recognition anywhere that there are at least some services that you might want to access somewhere where you don't have access to a password manager. For example, the selling point of both webmail and services like Dropbox are that you can access your data on another person's computer. Are you going to want to download, install, and sign into a password manager on another person's computer.
So yes, password actually do need to be both memorable and strong.
However, I'd agree with him that really, passwords need to die. Or not actually die completely, but most sites should not require their own password. What we really need is some kind of standardized identity management system-- like you know how you can sign onto various sites using either your Facebook or Google+ sign-on? Like that, but standardized. We need a true single-sign-on solution that is easy to manage, hard to screw up and lose your identity permanently, and usable everywhere.
This has been obvious for well over a decade, but we can't do it because we don't create standards anymore. For any solution, Microsoft wants to have their solution, Facebook wants theirs, Google wants to do it their own way, and Apple wants to do something different from all the rest. Each company pretty much wants a solution that will benefit themselves and screw over their competitors. None are really focused on creating the best solution for social/economic/computing progress, and if they were, it would still be impossible to get others on board. So that's the real problem. Unwillingness to create standards.
Who said they couldn't handle the risk? They're certainly handling the consequences.
My point is, the OP was arguing that it was wrong to assign responsibility to these celebrities because the celebrities knowingly performed a risk/benefit analysis and determined that the risk was worth the benefit. I'm saying that's a weak argument, since we don't always absolve people of responsibility when they perform a risk/benefit analysis and determine that the risk is low. On the contrary, when people actually understand the risks that they're taking, we're usually more likely to assign responsibility when those risks are realized.
That's not to say that we should assign responsibility/blame to the celebrities, but at this point, what is there to be done? You can try to catch the people who committed crimes, and you can try to prosecute those people for those crimes. Aside from that, if you want to know how to avoid having something like this happening to you, I have some very simple and obvious advice.
And related ... there should be the ability for me to restrict where my email is access to/from and where it was sent from. I'm not going to Russia -- so why can't I block all access to my account from Russia?
Yeah, it's not quite a solution to spam, but I've had periods where I get a lot of spam in Cyrillic or Chinese/Japanese characters, and it would have been nice to be able to at least say, "If the email isn't using the Latin alphabet, treat it as suspect because I don't read any languages that use any other alphabets."
I've always thought part of the key to putting a dent in spam would be to make cryptographic email signatures ubiquitous. Then we could check the signature against a valid authority, and if an authority is vouching for too many spammers, then you yank its status as "a valid authority". Then it becomes the authority's job to self-police. Of course, getting people onboard with something like that is impossible.
Now how does your solution in checking "origin" compare with something like SPF? What is it checking the origin against?
And what if one of your friends goes to Russia on vacation and wants to send you an email?
Care to share your ideas?
I think this is a helpful perspective-- it's not about blame, it's about advice.
It's not your fault if you have your personal photos stolen, but that doesn't change what my advice would be to anyone who is concerned: If you don't want someone to see your nude photos, don't allow nude photos to exist.
And on a side note, I don't think the idea is correct that these celebrities did an effective risk/benefit analysis and found that the benefits outweighed the risk. First, because I'm dubious about the benefits of keeping nude photos of yourself. Second, and more importantly, because I don't think the risk is small.
The OP claims, "a vanishly small proportion of [nude photos] get stolen in security breaches of cloud storage," but I would wonder if we have any data on that. Maybe it happens all the time, but we just don't hear about it because the victims aren't celebrities. Not being a celebrity means both: (a) even if the photos were stolen, there's a much smaller chance that the victim would ever find out; and (b) even if the photos were stolen and the victim found out, there's a much smaller chance the general public would ever hear about it. The OP even acknowledges, "usually the far greater risk is that the recipient will forward the image to other people until it gets out of control," which essentially has the same effect. So even if you aren't concerned about cloud breaches, you should still be concerned about the photos being seen by people other than the intended recipients. (Actually, this is an important issue, since we don't know that all of the leaked photos came from a security breach, and some of them may have been leaked by the recipient forwarding the image to others).
But aside from all that, there's still another problem with this argument: even in cases where people have done a risk/benefit analysis and determined that there's a low risk, we still don't exempt people from the responsibility of that risk. Imagine that I invest all my money in a company that is, by all accounts, a safe investment. After some period of time, that company fails and I lose my investment. That stinks. I calculated my risk, and had no way of knowing that my investment was going to have bad results. It may be true that no one would blame me, but that doesn't mean that I can expect to get my money back. Someone might reasonably say to me, "That's bad luck, but you knew there was a risk when you bought the stock. It was a small risk, but a risk none the less, and you took that risk knowingly."
All in all, I think we need to stop trying to figure out blame, and figure out how to proceed. My advice to anyone out there is, if you can't handle the risk of someone seeing your nude photos, then don't take nude photos. Certainly don't store them online.
Yeah, I keep seeing people talk about how cell phone carriers are going to get screwed by VoIP apps and SMS-replacement apps, which makes me wonder, has nobody looked at the carrier's websites in a couple of years?
Carriers have started changing their plans to have unlimited talk/text, charging for data bandwidth instead. They're moving their own voice service to VoIP. You may have an old-style plan grandfathered in, and the carriers may still have some other specialty plan with limited talk/text for a little cheaper, but the plans that they're actively advertising are all unlimited talk/text. IIRC, this has been the case for over a year.
If you send a message to someone on facebook messenger, they might not get it until they log in to facebook on their computer next week
Only if they don't have the Facebook Messenger app or the Facebook app on their phone. And following that logic, they might not have the Whatsapp app on their phone, in which case I guess they'll never get your message.
I don't see how disallowing someone to check their messages except on their cell phone is a "feature".
I would say... Facetime yes, Youtube no...?
I think Facetime allows you to make real-time voice calls, whereas Youtube doesn't. I'm pretty sure that's what people mean by VoIP. Voice over IP: Real-time voice-based conversations over an IP network.
As far as I know, it does not need to be able to connect to the analog POTS network to be considered VoIP, but as with many terms, the precise details might depend on who you ask.
However, it occurs to me that Washington and Jefferson are still venerated across the political spectrum despite being unelectable today.
I'd put that in a different category altogether. People like Washington and Jefferson are quasi-mythological figures at this point. Almost everyone admires them for reasons that may even be fictional (Washington can't tell lies?), while very few would actually condone their ownership of slaves-- except maybe on the grounds that we should judge them in their historical context as opposed to judging them against our current social mores.
And I don't think it's necessarily that Democrats don't admire some historical figures. I'm just saying their rhetoric doesn't include the appeal to authority of those figures. They don't seem to feel the same need to invoke them in debates, to claim that we should do something *because* a historical figure said it was the right thing to do. There isn't the same sense of "[whichever historical figure] said [x], and he was a great man who was smarter than we are today, so we should follow that advice."
I could be wrong-- I haven't done a statistical analysis of this or anything-- but that's my sense. So because of this kind of appeal to authority, if an opponent can demonstrate that those same authority figures would disagree with what Republicans are saying, then it *is* sort of damning. If I say "We should do [x, y, and z] because Ronald Reagan said so," you may or may not find that argument compelling. However, if that is the basis of my argument, and then you say, "Well actually, I have quotes where Reagan said [x, y, and z] are all bad ideas," then you pretty well blew my argument out of the water.
My memory of it was that it kind-of-sort-of worked most of the time. Kind of. It was a bit slow-going and there were some characters it would be finicky about recognizing some characters. Of course, that was over 10 years ago now, and I don't actually remember very well. I just remember being disappointed that it didn't work as well as I'd hoped.
I don't doubt that part of the problem was my awful handwriting. I've spent most of my life typing, and my handwriting was barely legible when I was practicing it. I've always thought that part of the value of using computers is that I didn't need the kind of coordination and practice necessary for neat handwriting, so I have my doubts about any handwriting recognition solution. If you make me trace out individual letters with my finger onto a screen the size of my watch, I think it's going to get messy.
Personally, I'd be fine with a wider watch. It's not like I need articulation on my forearm. Think "Less like a watch, more like a pip-boy."
Obviously, the trick would be to make it thin, lightweight, and comfortable enough that people would actually wear it. But even if you just made it the width of a standard cell phone keyboard, you could have one-hand operation at roughly twice the width of a standard watch. the extra width should even allow you to spread the components out over a larger area, allowing for a thinner device.
Does anyone else remember Palm devices having a little handwriting recognition box at the bottom, with the Graffiti? Hopefully this system does a better job at recognizing handwriting, but it's hardly a novel idea. I'm half expecting that next, someone is going to release a groundbreaking new smartwatch with a physical keyboard that looks like a casio watch.
Not that I object to drawing on old approaches in designing new products, but I can't help but roll my eyes if Microsoft is going to try to claim that this is innovative. Off the top of my head, it seems like we've had 4 different methods for text input: physical keyboards, virtual keyboards, handwriting recognition, and speech recognition. Each has problems that are fairly well understood. Speech recognition has gotten better in the past couple years, and Swype-style virtual keyboards (analyzing shape rather than simply button pressing) is fairly innovative, but I'm not seeing how this is actually a new thing, other than implementing it on a watch.
Seriously, starting to experiment with uncertain approaches in a time of crisis is about the most stupid thing that can be done.
Not necessarily. If you have limited resources and a solution that's certain to work, then yes, it's kind of dumb to waste resources by experimenting with solutions that are unlikely to work. However, if you're having a crisis and you have no solution that's certain to work, then it may be smarter to "leave no stone unturned" and test any approach that seems like it might yield results, so long as you're pretty sure it won't make the problem worse.
If something better had been found in centuries of research into medical methods, then it would be the standard-approach.
Again, this is pretty silly. First of all, modern medicine really has only been around for a couple of hundred years. Before that, "medicine" wasn't much better than witch doctors. So when you say "centuries", it's only just barely accurate. And during those centuries, we've seen countless innovations, and we continue to see developments of better medical methods of various kinds. There's no reason to say, "Let's stop trying to innovate in medicine. If there were any room for improvement, we would have found it already."
The assertion made by this meme isn't any more apt than trying to claim all modern Democratic presidents could be mistaken for Republicans because the Democrats were on the wrong side of history by being the pro-slavery party while the Republicans made abolition a key plank.
I'm not sure it's the same thing, since Democrats aren't holding up those pro-slavery candidates as heroes who share their views. Yes, cultural views shift over time, but the Republicans are generally claiming that their views are timeless and traditional. They want to claim that they believe all the same things as "the founding fathers", Lincoln, Eisenhower, and Reagan, as though all of these people believed the same thing, and they were all tapping into some kind of universal truth that modern Republicans also have unique access to.
So the meme isn't meant to argue that opinions shouldn't shift over time, but only to point out some absurdity in some of the Republican rhetoric.
Well it's a bit difficult to know for sure. There are kooky people who are rightfully dismissed, who then harbor resentment for being shut-down in the conversation. Then there are people who make a good point, but are dismissed for emtional/political/irrational reasons, and who are rightfully upset that their objections go unheeded.
In a conversation when someone is being dismissed, we tend to see anyone who disagrees with us as the former, and anyone who agrees with us as the latter. How to tell the difference is a real philosophic problem. Of course, you're right that either way, dismissing someone's argument is not equivalent to censorship. Worse is when people claim it's a violation of a the first amendment. It's not censorship to dismiss and disregard another person's opinion; it's only censorship to use some kind of force/leverage to punish someone into silence.
They argue this would be too difficult to do, which I think is baloney.
I think what they probably mean is, it'd be difficult for them to be able to provide this kind of metadata without risking legal/PR trouble. To make sure that they could provide your metadata without revealing information that could possibly open themselves to criminal prosecution or civil suits would require that they pay lawyers to review the whole process. And then they'd need to spend a lot of time internally figuring out whether they want to spin the whole thing for PR purposes, or if seeing your metadata is too scary the be released at all without a PR nightmare.
And that's a bunch of work to satisfy one reporter. Doing that opens to floodgates for them to have everyone request it. So now, they have to review their entire data collection policy and create policies for who can get access to what. That's a lot of work.
I'm not saying they're right to provide access to customer data to the government while denying customers access to their own data. I'm just suggesting that they're probably not lying when they say it's difficult. You just have to know what they mean by "difficult".
That brings me to my thesis: real genuine genius is only interesting to people equipped to break it down and understand how it's novel. And that has a lot more to do with field-specific domain knowledge than intelligence.
I think that's only really true when you're talking about writing a character who is supposed to be a field-specific genius, regarding whether that character is saying actual genius things.
So for example, if you want to have a character that's a medical genius (e.g. Dr. House), then it might be hard to come up with medical deductions that are actually genius, and it's probably not worthwhile because almost none of your audience will know the difference. In cases like that, I don't mind writers coming up with some medical technobabble. The most I'd hope for is that it's somewhat plausible and doesn't sound stupid to a layman.
However, I don't think that this means you have to be a genius to appreciate smart writing. You can appreciate an extremely well written character without being able to write good characters yourself. It's possible you could even write a very good character without understanding why it's such good writing. And even relatively stupid people can appreciate a comedic genius pulling together a brilliant joke.
So I think that was part of what was behind the statement, "I'm happy to suspend disbelief for a good show." I'll accept some silly technobabble in a good show. I enjoyed House, and I don't care one bit if some of the medical jargon is wrong. But if it's a stupid show and the technobabble is noticeably stupid even to a layman, that's when there's a problem.
I don't trust the usual sites, the first ones I found via Google. I suspect (and found) that at least some of them are directly affiliated with ISPs, and I further suspect that traffic to those addresses is probably prioritized, so people will think they're getting a good deal.
I just wanted to point out that they're not necessarily trying to trick you by running these speed tests. For one thing, if they wanted to trick you, they could always just compile a list of popular test sites and prioritize/uncap that traffic.
But it's actually somewhat valid for ISPs to provide tests that, in a sense, are biased. Let's say you have a Verizon connection. Verizon may want to provide a testing mechanism to make sure you're getting the advertised connection to their network, to make sure things are operating properly. If you have a slow connection to Slashdot, for example, that might just mean that Slashdot is slow. It might mean that your route to Slashdot has been saturated somehow, and that might not be Verizon's fault. There are a lot of things that could possibly go wrong that could cause your connection to Slashdot to be bad, and Verizon can't rely on that as a good test.
So what Verizon would want to do is provide a test that simply confirms that your connection to their network is running at advertised speeds, which would mean testing between your home computer and another machine on their network. If that is operating at advertised speeds, but your connection to some endpoint is slow, then the problem is probably between Verizon's network and the endpoint, and not between you and Verizon's network.