No only if they would string up temp lines in the after math while they dig a new trench, but then the housing contractors will just dig it back up
Don't worry, The trench guys will get 'em back when they nick someone's buried gas line and blow up a house or apartment building. They'll be using the same bad utility maps as the builders, after all.
I think that's just a shortened version of "anecdotes in previous posts about employees having their keyboards surreptitiously removed as a means of revoking system access."
And how in hell is best practices to allow an employee to come in to work and receive a pay-check for a week after they would have a good chance of guessing that they are already fired. Best security is not to remove a network account, but to not allow them in the building.
That might tip 'em off too, if suddenly the locks are changed/keycard doesn't work/receptionist presses panic button . . .
I think you miss the point. When Joe Sixpack doesn't have to pay for Product X, he doesn't care whether Product X costs $10 or $10,000,000.
Health insurers pass the cost on to employers, who have to keep paying the increased premiums to keep their employees happy. If Joe Sixpack had to pay for their own health insurance, then he would object when they doubled the premiums to cover those $10,000,000 products that could have been bought in a free market for $10.
Maybe you've been out of the job market for a while, but where are these happy employees?
But its still on her device - so she still can do all those things. If she syncs her phone/ipad with itunes, she even has her own back up of the app and can reinstall it just fine.
TFA points out that it could still stop working with an iOS update.
Then it's not a smartphone. Even my old Nokia with Symbian 60 had task switching. RTFM
If he only needs to task-switch to read an ad that appears in another app . . . ? I'd guess that if he'd wanted to do it for a truly useful (to him) purpose, he would have been willing to put that kind of effort in it. But if seeing an ad reqires TFM?
Nepomuk and akonadi, whatever the hell they are, seem to break KMail for me. Sometimes just for a few minutes, sometimes until a reboot, sometimes for an entire version.
Now, I'm sure I could google around a little more than I have already and possibly figure it out what they're for, but frankly I don't care. They appeared at some point after KDE 4 (at least that's when I learned of their existence) and promptly started crashing and breaking things and bringing up system crash feedback dialogs. Really? If they worked properly -- that is to say, I wasn't aware of them -- I'd be just fine. But I'm not interested in beta testing an email client/contact organizer.
Complaining doesn't seem to help. The KDE forums are full of KMail bugs that are "unreproducible" according to the developers.
The system default email client really should "just work". If newer technology isn't quite ready for prime time, then don't use it until it is. Email is a pretty mature class of application, and doesn't really need to be on the bleeding edge of anything. Sure, it's free. But that was no reason to break it.
The one for my email - trillions of years. Dumb sites emailing me my own private data means it needs to be secure.
Having a locked mailbox to prevent anyone from reading your postcards might be considered a false sense of security. Not that the lock is a bad idea, it's just that something else that's also important may have been overlooked.
I once engineered my answers so I could remember them...
Mother's Maiden name : Brown
Favourite colour : Brown
First Pet's Name : Brown
I thought I was clever once by using bogus answers to these "security questions" so that they'd be harder to guess by a third party using publicly available data. Turns out they were also harder to guess by me, too, since there were several years and a couple moves between creation and needing it.
What system would allow someone to make thousands of attempts per second to login?
That's not the problem. The problem is that the lists of user logins and corresponding hashed passwords get in the wrong hands, whether it be due to bad design and/or coding, insecure software, or unfaithful servants. When you have that list, you run brute force against it to get the actual passwords.
And even that isn't the "real" problem, so much as the dependency on passwords, and for that matter, the dependency on passwords that are generated by non-security experts that are mostly out of control of the entity/service trying to secure them. When a user gets to pick their password, which is probably the only way one can be generated that the user can remember, he or she is creating a password to prevent people from doing just what the OP suggested: breaking into his/her yahoo/linkedin/facebook/etc. account. The user is not creating a password for the purposes of making the service's password table harder to crack should it leak out. The user is probably unaware of this kind of attack, and really ins't qualified to defend against it anyway, being almost certainly out of his or her area of expertise.
When a bank rents you a safe deposit box, they don't depend on you to build your own lock and key.
I don't have a good solution to the problem, but I do think that we're trying to solve the wrong one.
Doctors sometimes use COWs (computer on wheels) in patient rooms instead of notepads and pocket references (or memory). This practice seems to be waning, since tablets and tablet applications have improved. And the pocket reference has already mostly given way to PDAs and now smartphones. Real hospital-grade COWs are hundreds of dollars, but if you feel it improves your health and productivity then it's not any more ridiculous than a high quality chair that suits your posture.
Don't have them in Belgium. How do they work if you bring your own bag (like a rucksack), is there a tare function?
And what if you don't use a bag at all - if I'm with the hoglet I just shove stuff in his chariot.
I don't think it has a user-controlled tare function, but I've never used one when I brought my own bags. Mostly because I can't get the 5 cents-per-bag credit without going to a human cashier. But all the ones I've used have a flat bottom in the bagging area to which the rack holding the store bags is mounted -- the whole business: platform, rack, bags and all get weighed together. So it works the same whether you place an item in the sack or just set it there on the platform.
Now it must zero itself at some point after you take your stuff -- with or without bags -- and before the next customer starts loading up.
If I were gonna use my own sack, pack, or whatever to carry out my purchases, I'd just set it down next to the scale and scoop everything in after the transaction completed. It would slow the process down, though, so it's not an ideal solution.
The scale on the self-checkout doesn't do any sort of sanity check; it just makes sure the weight changes after scanning an item to ensure you've placed it in the bagging area.
I never shopped in a Target with a self-checkout, but I have used some at Home Depot and grocery stores. Those bitch at me if I put something too long and narrow in the bag and part of the weight is supported by leaning on the register part. Since the weight does change, but not by as much as expected, this occasionally requires human intervention to override the weight check.
I would think that this would be a standard practice, since doing the UPC switch would be almost trivial at a self-check -- you can do it without removing stickers or pasting new ones on at all. For instance -- and this is just one example of many possible scenarios -- just scan one cheap item 4 times while putting 3 pricier ones and the cheap one in the bag.
But again, as I say, I have never used one in Target, so I could not testify under oath that they do any intelligent weight checking there.
With the "self-checkout" machines popping up everywhere so stores can cut down on employee costs, I'd be shocked if anyone noticed.
I assume he replaced the barcodes with UPCs for cheaper, but similar products so that a cashier wouldn't be particularly suspicious, particularly if it's a line of products with which they're not familiar. The self check might actually be harder to get by than a human, since those have a scale on the bagging side.
If that defense is even needed. As far as I know they aren't any laws against pretending to be interested in things. The PI wasn't impersonating an officer of the law, or serviceman, or other things that actually ARE illegal. I don't know of any laws against saying you are interested in a house if you really aren't. It would also be tough to "prove" the PI wasn't really interested either. The burden of proof is not on the presumed innocent person, but on the person making the accusation to prove guilt.
If the only admissible evidence in prosecuting a crime is the accused's voluntary confession, then it would indeed be quite a burden for the accuser.
Pretty sure it isn't illegal to pretend interest in buying someone's house. All they would have to do is say the PI truly was interested, but then didn't like the price. How are you going to "prove" he wasn't interested in the house? Regardless pretending you are interested in buying a house when you aren't may be dishonest, but not necessarily illegal. It wasn't like the PI was claiming to be a cop or serviceman or something you could actually get into trouble for impersonating.
I dunno. It's only plausible deniability if there's no way to prove that the PI wasn't acting on behalf of the MPAA. But I assume he was paid for the job. And someone told him to do it. If there's a potential crime, records can be subpoenaed, people can be called to testify. At this point, and if TV court drama hasn't lied to me, I'd think that keeping up the "I was just looking for a house" premise would become perjury and/or obstruction of justice, etc.
And, all other things being equal, this rule would be broken once out of every 26^3 days (or whatever Enigma's keyspace was). Going from that probability to guaranteeing that it won't adds virtually no information at all.
You'd think I'd eventually learn not to use examples on Slashdot . . .
It makes it weaker by a half. Which is definitely a lot. That roughly halves the time that it would take to crack and doubles the likelihood of randomly guessing the password. The only thing going for it is that you don't know that it's only lower case letters.
The only thing going for it is that you don't know that it's only lower case letters.
I think this is a very important point that lots of people overlook.
By prescribing the use of various character classes, you are actually weakening the password.
A proper password should allow the use of those classes, but not prescribe them.
In WWII, the Germans wanted their cipher system to be as uncrackable as possible. Therefore, they forbid using the same key two days in a row (among other things). Therefore, the British codebreakers knew at least one thing about the code: the key was different than yesterday. They had other rules, too. And every rule reduced the amount of brute-forcing the British had to do. Of course, learning the Germans' key strategy required the deaths of many Bothans. The password requirements of most websites, on the other hand, are broadcast to anyone who cares.
Slashdot Mirror
No only if they would string up temp lines in the after math while they dig a new trench, but then the housing contractors will just dig it back up
Don't worry, The trench guys will get 'em back when they nick someone's buried gas line and blow up a house or apartment building. They'll be using the same bad utility maps as the builders, after all.
what are "keyboard stories" called in American?
I think that's just a shortened version of "anecdotes in previous posts about employees having their keyboards surreptitiously removed as a means of revoking system access."
And how in hell is best practices to allow an employee to come in to work and receive a pay-check for a week after they would have a good chance of guessing that they are already fired. Best security is not to remove a network account, but to not allow them in the building.
That might tip 'em off too, if suddenly the locks are changed/keycard doesn't work/receptionist presses panic button . . .
I think you miss the point. When Joe Sixpack doesn't have to pay for Product X, he doesn't care whether Product X costs $10 or $10,000,000.
Health insurers pass the cost on to employers, who have to keep paying the increased premiums to keep their employees happy. If Joe Sixpack had to pay for their own health insurance, then he would object when they doubled the premiums to cover those $10,000,000 products that could have been bought in a free market for $10.
Maybe you've been out of the job market for a while, but where are these happy employees?
Employers Push Higher Health Insurance Costs Onto Workers
Employees Get Pinched: Health Insurance Costs More
Workers paying more for health insurance as costs rise
New State-By-State Report: Employer Health Insurance Premiums Increased 50 Percent From 2003 to 2010; Employees' Share of Premiums Increased 63 Percent
Employers shift health insurance costs onto workers
But its still on her device - so she still can do all those things. If she syncs her phone/ipad with itunes, she even has her own back up of the app and can reinstall it just fine.
TFA points out that it could still stop working with an iOS update.
Then it's not a smartphone. Even my old Nokia with Symbian 60 had task switching. RTFM
If he only needs to task-switch to read an ad that appears in another app . . . ? I'd guess that if he'd wanted to do it for a truly useful (to him) purpose, he would have been willing to put that kind of effort in it. But if seeing an ad reqires TFM?
SMS to phone
coming to a computer near you, for everything
I have a wireless service that doesn't seem to work with anyone's SMS notification system, and I assume my provider's not the only one like this.
Nepomuk and akonadi, whatever the hell they are, seem to break KMail for me. Sometimes just for a few minutes, sometimes until a reboot, sometimes for an entire version.
Now, I'm sure I could google around a little more than I have already and possibly figure it out what they're for, but frankly I don't care. They appeared at some point after KDE 4 (at least that's when I learned of their existence) and promptly started crashing and breaking things and bringing up system crash feedback dialogs. Really? If they worked properly -- that is to say, I wasn't aware of them -- I'd be just fine. But I'm not interested in beta testing an email client/contact organizer.
Complaining doesn't seem to help. The KDE forums are full of KMail bugs that are "unreproducible" according to the developers.
The system default email client really should "just work". If newer technology isn't quite ready for prime time, then don't use it until it is. Email is a pretty mature class of application, and doesn't really need to be on the bleeding edge of anything. Sure, it's free. But that was no reason to break it.
And only got the response: "That's the kinda thing an idiot would have on his luggage."
When there's a master key out there issued by the TSA, I wonder how much it matters anyway.
The one for my email - trillions of years. Dumb sites emailing me my own private data means it needs to be secure.
Having a locked mailbox to prevent anyone from reading your postcards might be considered a false sense of security. Not that the lock is a bad idea, it's just that something else that's also important may have been overlooked.
I once engineered my answers so I could remember them ...
Mother's Maiden name : Brown Favourite colour : Brown First Pet's Name : Brown
I thought I was clever once by using bogus answers to these "security questions" so that they'd be harder to guess by a third party using publicly available data. Turns out they were also harder to guess by me, too, since there were several years and a couple moves between creation and needing it.
What system would allow someone to make thousands of attempts per second to login?
That's not the problem. The problem is that the lists of user logins and corresponding hashed passwords get in the wrong hands, whether it be due to bad design and/or coding, insecure software, or unfaithful servants. When you have that list, you run brute force against it to get the actual passwords.
And even that isn't the "real" problem, so much as the dependency on passwords, and for that matter, the dependency on passwords that are generated by non-security experts that are mostly out of control of the entity/service trying to secure them. When a user gets to pick their password, which is probably the only way one can be generated that the user can remember, he or she is creating a password to prevent people from doing just what the OP suggested: breaking into his/her yahoo/linkedin/facebook/etc. account. The user is not creating a password for the purposes of making the service's password table harder to crack should it leak out. The user is probably unaware of this kind of attack, and really ins't qualified to defend against it anyway, being almost certainly out of his or her area of expertise.
When a bank rents you a safe deposit box, they don't depend on you to build your own lock and key.
I don't have a good solution to the problem, but I do think that we're trying to solve the wrong one.
Teach them what can be made with fertilizer.
That sounds more like an agriculture class than a chemistry class...
Well, you gotta clear that land of pesky boulders and buildings before farming it.
Doctors sometimes use COWs (computer on wheels) in patient rooms instead of notepads and pocket references (or memory). This practice seems to be waning, since tablets and tablet applications have improved. And the pocket reference has already mostly given way to PDAs and now smartphones. Real hospital-grade COWs are hundreds of dollars, but if you feel it improves your health and productivity then it's not any more ridiculous than a high quality chair that suits your posture.
I have a theory that says young people have a better grasp of cost-benefit analysis.
You might think so from just this one data point. Or you might think that the perceived costs and benefits are different for different people.
Don't have them in Belgium. How do they work if you bring your own bag (like a rucksack), is there a tare function?
And what if you don't use a bag at all - if I'm with the hoglet I just shove stuff in his chariot.
I don't think it has a user-controlled tare function, but I've never used one when I brought my own bags. Mostly because I can't get the 5 cents-per-bag credit without going to a human cashier. But all the ones I've used have a flat bottom in the bagging area to which the rack holding the store bags is mounted -- the whole business: platform, rack, bags and all get weighed together. So it works the same whether you place an item in the sack or just set it there on the platform.
Now it must zero itself at some point after you take your stuff -- with or without bags -- and before the next customer starts loading up.
If I were gonna use my own sack, pack, or whatever to carry out my purchases, I'd just set it down next to the scale and scoop everything in after the transaction completed. It would slow the process down, though, so it's not an ideal solution.
The scale on the self-checkout doesn't do any sort of sanity check; it just makes sure the weight changes after scanning an item to ensure you've placed it in the bagging area.
I never shopped in a Target with a self-checkout, but I have used some at Home Depot and grocery stores. Those bitch at me if I put something too long and narrow in the bag and part of the weight is supported by leaning on the register part. Since the weight does change, but not by as much as expected, this occasionally requires human intervention to override the weight check.
I would think that this would be a standard practice, since doing the UPC switch would be almost trivial at a self-check -- you can do it without removing stickers or pasting new ones on at all. For instance -- and this is just one example of many possible scenarios -- just scan one cheap item 4 times while putting 3 pricier ones and the cheap one in the bag.
But again, as I say, I have never used one in Target, so I could not testify under oath that they do any intelligent weight checking there.
You could be even more ambitious at the Self Serve check-outs! (especially here in Australia)
Don't those have scales on the bagging side in Australia? They do here in the US.
With the "self-checkout" machines popping up everywhere so stores can cut down on employee costs, I'd be shocked if anyone noticed.
I assume he replaced the barcodes with UPCs for cheaper, but similar products so that a cashier wouldn't be particularly suspicious, particularly if it's a line of products with which they're not familiar. The self check might actually be harder to get by than a human, since those have a scale on the bagging side.
If that defense is even needed. As far as I know they aren't any laws against pretending to be interested in things. The PI wasn't impersonating an officer of the law, or serviceman, or other things that actually ARE illegal. I don't know of any laws against saying you are interested in a house if you really aren't. It would also be tough to "prove" the PI wasn't really interested either. The burden of proof is not on the presumed innocent person, but on the person making the accusation to prove guilt.
If the only admissible evidence in prosecuting a crime is the accused's voluntary confession, then it would indeed be quite a burden for the accuser.
Fuck the **AA
Sing it!
Pretty sure it isn't illegal to pretend interest in buying someone's house. All they would have to do is say the PI truly was interested, but then didn't like the price. How are you going to "prove" he wasn't interested in the house? Regardless pretending you are interested in buying a house when you aren't may be dishonest, but not necessarily illegal. It wasn't like the PI was claiming to be a cop or serviceman or something you could actually get into trouble for impersonating.
I dunno. It's only plausible deniability if there's no way to prove that the PI wasn't acting on behalf of the MPAA. But I assume he was paid for the job. And someone told him to do it. If there's a potential crime, records can be subpoenaed, people can be called to testify. At this point, and if TV court drama hasn't lied to me, I'd think that keeping up the "I was just looking for a house" premise would become perjury and/or obstruction of justice, etc.
the key was different than yesterday
And, all other things being equal, this rule would be broken once out of every 26^3 days (or whatever Enigma's keyspace was). Going from that probability to guaranteeing that it won't adds virtually no information at all.
You'd think I'd eventually learn not to use examples on Slashdot . . .
It makes it weaker by a half. Which is definitely a lot. That roughly halves the time that it would take to crack and doubles the likelihood of randomly guessing the password. The only thing going for it is that you don't know that it's only lower case letters.
Weaker by half? So one less bit, right?
The only thing going for it is that you don't know that it's only lower case letters.
I think this is a very important point that lots of people overlook.
By prescribing the use of various character classes, you are actually weakening the password.
A proper password should allow the use of those classes, but not prescribe them.
In WWII, the Germans wanted their cipher system to be as uncrackable as possible. Therefore, they forbid using the same key two days in a row (among other things). Therefore, the British codebreakers knew at least one thing about the code: the key was different than yesterday. They had other rules, too. And every rule reduced the amount of brute-forcing the British had to do. Of course, learning the Germans' key strategy required the deaths of many Bothans. The password requirements of most websites, on the other hand, are broadcast to anyone who cares.