I maintain a small announcement list for about 200 mostly highly tech-savvy people. We've been around for 25+ years on a range of different platforms, and are currently using a hosting platform with Linux and mailman (as opposed to the previous home Linux box and majordomo), but we still occasionally get spamblocked. It's text-format mail, no automated verification, and it's possible that some mailbox services are blocking us silently instead of bouncing, but most of the bouncegrams I get these days claim that the recipient's mailbox is full (maybe true, sometimes not), or the usual things you get when somebody moves and their forwarding breaks. Occasionally I get a burst of greymail-grams. The site that seems to do the most silent drops is pobox.com, which is annoying because it's where I do my own mail, so I have to have a couple of duplicate subscriptions of my own just in case it's cranky again.
If the sender uses an image in the email to bug the recipient, then it's a web bug. If the sender doesn't keep track of who opens the image, then it's not a web bug.
If the image is 1x1 in the same color as the background, it's pretty much guaranteed that the sender is using it as a web bug, because about the only other thing you can do with images like that is try to tweak kerning or fill in a table entry that gets misaligned if you don't, or something like that.
Twitter's web page constantly tells me it thinks I'm not receiving its emails correctly, and offers to send me more test emails, because they're using web bugs, and I use an email client that shows me email as text, not as HTML, and they so thoroughly assume that everybody uses buggable web mail that they don't even include a URL link saying "Please click this in a browser to confirm we got your email correct." And the banner on their web page that offers to send me a test email doesn't have a choice for "Yes, I'm receiving it just fine, stop whining." Idiots.
If you were paying attention back when the TSA started telling people to take their shoes off, it wasn't because of the Shoe Bomber incident, which hadn't happened yet. It was because a lot of mens' shoes have metal shanks in them and were setting off the metal detectors, and they didn't want the lines getting held up sending people back to run their shoes through the X-Ray machine.
At first it was a "Please take off your shoes" request, but if you knew you had non-metallic shoes they didn't force you to take them off (I tended to wear Teva sandals, and lots of people in Hawaii wear flipflops, especially inter-island.) Or sometimes they'd yell at you for not doing it, and they really dislike being challenged by anyone, such as being told "If it were actually a TSA rule, it'd be on the sign", which often got me an honest response of "we can take you in the back room and search through all your stuff long enough that you'll miss your flight, so obey orders or we'll do that."
Then a few airports started saying "Everybody must take your shoes off, it's ALWAYS been the rule", because it's easier to have the grunts think it's always been the rule than have them actually have to think or do different things for different people (and realistically, a lot of travellers don't realize they have metal in their shoes, and sometimes there's just a bit of metal like shoelace hole reinforcers in sneakers, so it only sets it off if the metal detectors are turned up high and not if they're set lower.)
Then the shoe-bomber idiot did his thing, and after that the TSA started making everybody take off their shoes, and then they started making videos for people to watch when they're stuck in unreasonably long lines, which dishonestly tell people that the shoe rule was made for our safety.
If you were paying attention back when the TSA started telling people to take their shoes off, it wasn't because of the Shoe Bomber incident, which hadn't happened yet. It was because a lot of mens' shoes have metal shanks in them and were setting off the metal detectors, and they didn't want the lines getting held up sending people back to run their shoes through the X-Ray machine.
At first it was a "Please take off your shoes" request, but if you knew you had non-metallic shoes they didn't force you to take them off (I tended to wear Teva sandals, and lots of people in Hawaii wear flipflops, especially inter-island.)
Then a few airports started saying "Everybody must take your shoes off, it's ALWAYS been the rule", because it's easier to have the grunts think it's always been the rule than have them actually have to think or do different things for different people (and realistically, a lot of travellers don't realize they have metal in their shoes, and sometimes there's just a bit of metal like shoelace hole reinforcers in sneakers, so it only sets it off if the metal detectors are turned up high and not if they're set lower.)
Then the shoe-bomber idiot did his thing, and after that the TSA started making everybody take off their shoes, and then they started making videos for people to watch when they're stuck in unreasonably long lines, which dishonestly tell people that the shoe rule was made for our safety.
Yes, I've met a few decent people working for the TSA, but the vast majority have been bullies. Whether they started out as bullies who couldn't find better jobs, or who consider the SHOUTING to be one of the benefits, or whether they started out as average people put into confrontational jobs with bullies for supervisors and start bullying people habitually, they're still bullies.
I'm a Libertarian, but characterizing the Greens as a one-issue party is quite inaccurate. They care about a whole lot of things besides the environment, and are generally aligned with Progressives on most issues.
The corporations and right-wing think-tanks who originally funded the Tea Party talked about the debt and deficit a lot (though they waited until Bush was about to be out of office to do it), but they've tried very hard to attract the right-wing crazy people as well, using them to attack the Democrats while providing deniability for the Republicans who can pretend that all that Birther racism has nothing to do with them.
If I'm being extra-cynical, I'd say that keeping the deficit hawks and the crazy people off on the right margin instead of having a centrist anti-deficit group was deliberate.
Some genetic test results are interesting but aren't something you can do much about; others are things you should pay attention to. 23&me says I've got a higher-than-average risk of Type 1 Diabetes (dodged that) and a lower risk of Type 2 (which tends to develop in middle age and is strongly influenced by diet.) If it were the other way around, I'd hopefully be a lot more serious about diet and exercise than I am currently. (Like most American adults, I need to lose weight, but at least I don't need to be taking insulin or the various things they give you before that to keep my blood sugars in line.)
On the other hand, I'm apparently also at risk for male pattern baldness (who'd have guessed?) Not much I can do about that besides wear hats.
I know some people whose DNA testing results said they were more or less sensitive to commonly-used medicines, which says that if they end up taking them they should let their doctors know so they can adjust dosages or choose alternative drugs.
Believe me, if the CIA is beaming high-powered radio signals at your RNG to bias the output, you've got more serious problems than just a good RNG can fix... (What's the frequency, Kenneth?)
OTOH, if a 60 Hz or 120 Hz signal can bias your generator, that's a much different problem.
Absolutely correct - you can't trust the hardware if you can't see it. Via and Pi are probably ok; people are rather more paranoid about Intel. Audio hardware can be useful (but you have to be sure what it'll do if there's no microphone plugged in.)
And as far as your signature line goes, it's really annoying how hard it's been to tell headlines in the NYT or WSJ from headlines in The Onion lately, especially about politics.
Yes, the entropy pools could be very similar. But if you're doing anything cryptographically strong, you're going to take the input and run it through a hash function, so on average a one-bit change in the input will change half the bits in the output. If you got the same SSL cert both times, none of the input bits were different.
If your attacker knows the state of your entropy pool when you start, and knows you're only changing a few bits of input, he can model the PRNG's behaviour to try all the different values of those input bits, and probably get lucky about guessing the output.
If you don't trust the server not to play with the clock on your VM, you can't trust the server not to steal your data wholesale.
But there really does need to be a mechanism for the server to feed high-quality randomness to the VM, whether it's through a device driver or a well-known address on the box or something, and it needs to be available at or just after boot time on the VM.
Yes, Diehard can't tell you if a random number stream is good enough for cryptographic use. But if it tells you that the stream is not good, then it's not good enough for crypto.
Also, while you should use cryptographic whitening techniques for actual crypto use, you shouldn't do that for your Diehard input, because that'll hide any flaws Diehard could have found. There are other kinds of whitening that can make sense (e.g. if you get long runs of the same bit because you're sampling the hardware faster than it changes, you'll want to compress those before doing Diehard.)
Hardly; I was getting questions about "one of your coworkers said you were involved in a libertine party?" (Hey, if people were having libertine parties, nobody was inviting me:-)
I know the LP and their range of crazies quite well; most of the anarchists are also pacifists (though some are gun nuts), the Kochtopus had funded much of the 1980 presidential campaign (I forget which one of them was the VP candidate) and were funding Cato, and a lot of them were still leftover Barry Goldwater fans who opposed the Vietnam draft, or hippies who believed in the free market. We hadn't had the quasi-Republican takeover that's happened since 9/11 (too many people freaked out about Muslim Terrorists Attacking America, sigh.)
Back in the 80s, you didn't need a polygraph for a vanilla Secret or Top Secret clearance, and I didn't have any of the spooky clearances or DEA clearances so I don't know what they did. I don't think the nuke people needed them either, but we didn't do nukes. I think the only particular lifestyle restriction I had was that I couldn't travel to communist countries without notifying the Feds first.
Yup. I was a defense contractor back in the 80s. While you couldn't be gay in the uniformed military, you could still have a security clearance and be a contractor or in the NSA or CIA - but you couldn't be in the closet, because that might be used for blackmail, especially in states where it was still illegal to be gay. So there were some famous researchers who'd had to come out to their families.
They asked about a lot of other things; they didn't mind that some of my coworkers had used drugs back in college and then stopped, but they really freaked out when one guy said he'd smoked dope, liked it, and might well do it again:-) (It took an extra six months for his clearance to come through.) And they really cared a lot about people who had relatives in Communist countries, not because they were worried that Cousin Ivan might have corrupted you into being a Commie, but because the KGB might threaten to kill your grandma if you didn't give them the secret plans. In my case, they asked a bunch of questions one year about my involvement in the Libertarian Party, because some of them weren't quite familiar with the concept that there were more than two political parties (plus the Commies, and they'd kind of forgotten about George Wallace.)
A friend of mine in the Air Force had a buddy who'd put down that his previous job experience included working at a candy store back home in the Bronx, and the guy who ran the place said he'd never heard of him. Had to have his dad go tell Cousin Luigi that it was the Feds checking on his security clearance for the service, not anybody checking into the numbers game that might or might not have been running out of the back room.
He was betting that he wouldn't get caught trying to play with counterfeit chips, and that whoever provided him with them wouldn't try to blackmail him later. He definitely lost the first bet...
gambling-pro-archie-karas-charged-defrauding-casino - The article doesn't say how he was marking the cards, but Archie Karas was arrested at his home in Las Vegas for cheating at an Indian Casino near San Diego. (The article also doesn't say why state police were involved; the casino's on an Indian reservation, and casinos are allowed to operate there because it's not subject to state jurisdiction, though California's tried to cheat the local tribes on that for years because they want a cut of the gambling take.)
You might or might not get to keep your winnings if you get caught card counting. The people who make a lot of money doing it work in teams, because it's easier to cover up having some people doing the grunt work of counting and some being the dumb lucky high roller who collects the winnings by playing at the table where their team member indicates the odds are good. Also, if you're actually making a lot of money, you're winning chips, not cash, and you've got to get the casino to let you trade them back in for cash, which they might not do if they've caught you, even if they're not actually mobsters who are going to beat you up.
Casinos also cheat if they don't let you count cards at blackjack, or if they've rigged the slot machines to have even worse odds than they're supposed to, or if they claim that the machine is "broken" and stiff the customer when it pays out a jackpot it wasn't supposed to (even if it was broken, as occasionally happens.)
If you're counting cards in blackjack, that's not cheating, it's just playing to win, and the casino doesn't like it when people do that, so they'll whine about it being cheating and kick you out if they catch you. If you're counting cards in poker, and trying to find which player is the sucker and what their tell is when they've got a good or bad hand, that's not cheating, it's part of the game, because it's a game of skill, not just chance. And faking your own tell may be card sharping, but it's not cheating, nor is having a pretty girl accomplice flirting with the sucker as long as she's not telling you what cards he has.
But if you're marking the cards? Yeah, that's cheating. So is keeping an ace up your sleeve, or using a mirror to look at your opponents' cards, or dealing from the bottom of the deck if you're the dealer, or putting a magnet behind the roulette wheel.
And loading your opponent's six-shooter with blanks for the gunfight that'll happen if he catches you cheatin'? That's way cheating.
Some people are going to win a lot, some are going to lose a lot, most are going to lose a bit or occasionally win a bit. On average, you're going to lose, but the odds aren't overwhelming, just steady. The casinos need to have enough people winning that suckers will go in feeling like they'll get lucky, and unlike lotteries, that means that the odds aren't overwhelming.
Blackjack is just you against the house - a dumb player's going to get the standard odds and lose a bit, a good card counter can beat the house, but needs to play a good social engineering game to cover it up if they want to make significant money.
But poker's you against the other players, with the house raking off a cut of the pot. If you're better at it than the other players, you can beat them, and statistics isn't going to tell the house much because it's as much about predicting what how good the other players' hands are as predicting what cards are left in the deck, plus you might have a steady advantage because some of the other players are dumb about probability and you're not, or because you've got more nerve than they do when you're right.
I can't just say "so don't be greedy when you're cheating", because the reason you're cheating is that you're greedy, but you can't be too greedy or it'll be obvious. But yeah, this idiot was lucky he was being greedy in France, where he only had to deal with fines and jail, rather than Las Vegas where he might get beaten up by the mob, or the Old Wild West where he'd end up as the subject of a country music song with gunfights involved.
Cider's not distilled, just fermented. After you've done that, distilling is optional (or freeze-concentration - you leave it out in the cold and keep skimming the non-alcoholic ice off the top until what's left has concentrated into applejack, though I haven't actually tried that.) Basically you just take some good juice, add an appropriate yeast, stick a fermentation lock on top and wait a week. Yum!
I've only made one batch of beer, and it was from a kit that did basically all the work for you (it has a malt-hops syrup that you ferment.) Once I've used up a bit more of it, I'll try a small batch of with a somewhat more authentic method. (If I'd known there were kits for brewing a gallon at a time, I'd have started brewing years ago; homebrew used to be a 5-gallon-and-up activity, which is way more beer than I can consume before it's gone bad, and you need to do a few experimental batches before you've got anything you can dependably bring to a party, unless you're a college student with friends who'll drink anything they can get.)
Why do it? Same reason it's worth baking your own bread on occasion, you get to experiment, make something tasty, and have fun.
Slashdot Mirror
I maintain a small announcement list for about 200 mostly highly tech-savvy people. We've been around for 25+ years on a range of different platforms, and are currently using a hosting platform with Linux and mailman (as opposed to the previous home Linux box and majordomo), but we still occasionally get spamblocked. It's text-format mail, no automated verification, and it's possible that some mailbox services are blocking us silently instead of bouncing, but most of the bouncegrams I get these days claim that the recipient's mailbox is full (maybe true, sometimes not), or the usual things you get when somebody moves and their forwarding breaks. Occasionally I get a burst of greymail-grams. The site that seems to do the most silent drops is pobox.com, which is annoying because it's where I do my own mail, so I have to have a couple of duplicate subscriptions of my own just in case it's cranky again.
If the sender uses an image in the email to bug the recipient, then it's a web bug. If the sender doesn't keep track of who opens the image, then it's not a web bug.
If the image is 1x1 in the same color as the background, it's pretty much guaranteed that the sender is using it as a web bug, because about the only other thing you can do with images like that is try to tweak kerning or fill in a table entry that gets misaligned if you don't, or something like that.
Twitter's web page constantly tells me it thinks I'm not receiving its emails correctly, and offers to send me more test emails, because they're using web bugs, and I use an email client that shows me email as text, not as HTML, and they so thoroughly assume that everybody uses buggable web mail that they don't even include a URL link saying "Please click this in a browser to confirm we got your email correct." And the banner on their web page that offers to send me a test email doesn't have a choice for "Yes, I'm receiving it just fine, stop whining." Idiots.
If you were paying attention back when the TSA started telling people to take their shoes off, it wasn't because of the Shoe Bomber incident, which hadn't happened yet. It was because a lot of mens' shoes have metal shanks in them and were setting off the metal detectors, and they didn't want the lines getting held up sending people back to run their shoes through the X-Ray machine.
At first it was a "Please take off your shoes" request, but if you knew you had non-metallic shoes they didn't force you to take them off (I tended to wear Teva sandals, and lots of people in Hawaii wear flipflops, especially inter-island.) Or sometimes they'd yell at you for not doing it, and they really dislike being challenged by anyone, such as being told "If it were actually a TSA rule, it'd be on the sign", which often got me an honest response of "we can take you in the back room and search through all your stuff long enough that you'll miss your flight, so obey orders or we'll do that."
Then a few airports started saying "Everybody must take your shoes off, it's ALWAYS been the rule", because it's easier to have the grunts think it's always been the rule than have them actually have to think or do different things for different people (and realistically, a lot of travellers don't realize they have metal in their shoes, and sometimes there's just a bit of metal like shoelace hole reinforcers in sneakers, so it only sets it off if the metal detectors are turned up high and not if they're set lower.)
Then the shoe-bomber idiot did his thing, and after that the TSA started making everybody take off their shoes, and then they started making videos for people to watch when they're stuck in unreasonably long lines, which dishonestly tell people that the shoe rule was made for our safety.
If you were paying attention back when the TSA started telling people to take their shoes off, it wasn't because of the Shoe Bomber incident, which hadn't happened yet. It was because a lot of mens' shoes have metal shanks in them and were setting off the metal detectors, and they didn't want the lines getting held up sending people back to run their shoes through the X-Ray machine.
At first it was a "Please take off your shoes" request, but if you knew you had non-metallic shoes they didn't force you to take them off (I tended to wear Teva sandals, and lots of people in Hawaii wear flipflops, especially inter-island.)
Then a few airports started saying "Everybody must take your shoes off, it's ALWAYS been the rule", because it's easier to have the grunts think it's always been the rule than have them actually have to think or do different things for different people (and realistically, a lot of travellers don't realize they have metal in their shoes, and sometimes there's just a bit of metal like shoelace hole reinforcers in sneakers, so it only sets it off if the metal detectors are turned up high and not if they're set lower.)
Then the shoe-bomber idiot did his thing, and after that the TSA started making everybody take off their shoes, and then they started making videos for people to watch when they're stuck in unreasonably long lines, which dishonestly tell people that the shoe rule was made for our safety.
Yes, I've met a few decent people working for the TSA, but the vast majority have been bullies. Whether they started out as bullies who couldn't find better jobs, or who consider the SHOUTING to be one of the benefits, or whether they started out as average people put into confrontational jobs with bullies for supervisors and start bullying people habitually, they're still bullies.
On the other hand, watching TV directly at abc.com has annoying commercial breaks :-)
If it's a for-profit propaganda organization masquerading as a non-profit education, then it's a lot like the original....
I'm a Libertarian, but characterizing the Greens as a one-issue party is quite inaccurate. They care about a whole lot of things besides the environment, and are generally aligned with Progressives on most issues.
The corporations and right-wing think-tanks who originally funded the Tea Party talked about the debt and deficit a lot (though they waited until Bush was about to be out of office to do it), but they've tried very hard to attract the right-wing crazy people as well, using them to attack the Democrats while providing deniability for the Republicans who can pretend that all that Birther racism has nothing to do with them.
If I'm being extra-cynical, I'd say that keeping the deficit hawks and the crazy people off on the right margin instead of having a centrist anti-deficit group was deliberate.
Some genetic test results are interesting but aren't something you can do much about; others are things you should pay attention to. 23&me says I've got a higher-than-average risk of Type 1 Diabetes (dodged that) and a lower risk of Type 2 (which tends to develop in middle age and is strongly influenced by diet.) If it were the other way around, I'd hopefully be a lot more serious about diet and exercise than I am currently. (Like most American adults, I need to lose weight, but at least I don't need to be taking insulin or the various things they give you before that to keep my blood sugars in line.)
On the other hand, I'm apparently also at risk for male pattern baldness (who'd have guessed?) Not much I can do about that besides wear hats.
I know some people whose DNA testing results said they were more or less sensitive to commonly-used medicines, which says that if they end up taking them they should let their doctors know so they can adjust dosages or choose alternative drugs.
Believe me, if the CIA is beaming high-powered radio signals at your RNG to bias the output, you've got more serious problems than just a good RNG can fix... (What's the frequency, Kenneth?)
OTOH, if a 60 Hz or 120 Hz signal can bias your generator, that's a much different problem.
Absolutely correct - you can't trust the hardware if you can't see it. Via and Pi are probably ok; people are rather more paranoid about Intel. Audio hardware can be useful (but you have to be sure what it'll do if there's no microphone plugged in.)
And as far as your signature line goes, it's really annoying how hard it's been to tell headlines in the NYT or WSJ from headlines in The Onion lately, especially about politics.
Yes, the entropy pools could be very similar. But if you're doing anything cryptographically strong, you're going to take the input and run it through a hash function, so on average a one-bit change in the input will change half the bits in the output. If you got the same SSL cert both times, none of the input bits were different.
If your attacker knows the state of your entropy pool when you start, and knows you're only changing a few bits of input, he can model the PRNG's behaviour to try all the different values of those input bits, and probably get lucky about guessing the output.
If you don't trust the server not to play with the clock on your VM, you can't trust the server not to steal your data wholesale.
But there really does need to be a mechanism for the server to feed high-quality randomness to the VM, whether it's through a device driver or a well-known address on the box or something, and it needs to be available at or just after boot time on the VM.
Yes, Diehard can't tell you if a random number stream is good enough for cryptographic use. But if it tells you that the stream is not good, then it's not good enough for crypto.
Also, while you should use cryptographic whitening techniques for actual crypto use, you shouldn't do that for your Diehard input, because that'll hide any flaws Diehard could have found. There are other kinds of whitening that can make sense (e.g. if you get long runs of the same bit because you're sampling the hardware faster than it changes, you'll want to compress those before doing Diehard.)
Hardly; I was getting questions about "one of your coworkers said you were involved in a libertine party?" (Hey, if people were having libertine parties, nobody was inviting me :-)
I know the LP and their range of crazies quite well; most of the anarchists are also pacifists (though some are gun nuts), the Kochtopus had funded much of the 1980 presidential campaign (I forget which one of them was the VP candidate) and were funding Cato, and a lot of them were still leftover Barry Goldwater fans who opposed the Vietnam draft, or hippies who believed in the free market. We hadn't had the quasi-Republican takeover that's happened since 9/11 (too many people freaked out about Muslim Terrorists Attacking America, sigh.)
Back in the 80s, you didn't need a polygraph for a vanilla Secret or Top Secret clearance, and I didn't have any of the spooky clearances or DEA clearances so I don't know what they did. I don't think the nuke people needed them either, but we didn't do nukes. I think the only particular lifestyle restriction I had was that I couldn't travel to communist countries without notifying the Feds first.
Yup. I was a defense contractor back in the 80s. While you couldn't be gay in the uniformed military, you could still have a security clearance and be a contractor or in the NSA or CIA - but you couldn't be in the closet, because that might be used for blackmail, especially in states where it was still illegal to be gay. So there were some famous researchers who'd had to come out to their families.
They asked about a lot of other things; they didn't mind that some of my coworkers had used drugs back in college and then stopped, but they really freaked out when one guy said he'd smoked dope, liked it, and might well do it again :-) (It took an extra six months for his clearance to come through.) And they really cared a lot about people who had relatives in Communist countries, not because they were worried that Cousin Ivan might have corrupted you into being a Commie, but because the KGB might threaten to kill your grandma if you didn't give them the secret plans. In my case, they asked a bunch of questions one year about my involvement in the Libertarian Party, because some of them weren't quite familiar with the concept that there were more than two political parties (plus the Commies, and they'd kind of forgotten about George Wallace.)
A friend of mine in the Air Force had a buddy who'd put down that his previous job experience included working at a candy store back home in the Bronx, and the guy who ran the place said he'd never heard of him. Had to have his dad go tell Cousin Luigi that it was the Feds checking on his security clearance for the service, not anybody checking into the numbers game that might or might not have been running out of the back room.
He was betting that he wouldn't get caught trying to play with counterfeit chips, and that whoever provided him with them wouldn't try to blackmail him later. He definitely lost the first bet...
gambling-pro-archie-karas-charged-defrauding-casino - The article doesn't say how he was marking the cards, but Archie Karas was arrested at his home in Las Vegas for cheating at an Indian Casino near San Diego. (The article also doesn't say why state police were involved; the casino's on an Indian reservation, and casinos are allowed to operate there because it's not subject to state jurisdiction, though California's tried to cheat the local tribes on that for years because they want a cut of the gambling take.)
You might or might not get to keep your winnings if you get caught card counting. The people who make a lot of money doing it work in teams, because it's easier to cover up having some people doing the grunt work of counting and some being the dumb lucky high roller who collects the winnings by playing at the table where their team member indicates the odds are good. Also, if you're actually making a lot of money, you're winning chips, not cash, and you've got to get the casino to let you trade them back in for cash, which they might not do if they've caught you, even if they're not actually mobsters who are going to beat you up.
Casinos also cheat if they don't let you count cards at blackjack, or if they've rigged the slot machines to have even worse odds than they're supposed to, or if they claim that the machine is "broken" and stiff the customer when it pays out a jackpot it wasn't supposed to (even if it was broken, as occasionally happens.)
If you're counting cards in blackjack, that's not cheating, it's just playing to win, and the casino doesn't like it when people do that, so they'll whine about it being cheating and kick you out if they catch you. If you're counting cards in poker, and trying to find which player is the sucker and what their tell is when they've got a good or bad hand, that's not cheating, it's part of the game, because it's a game of skill, not just chance. And faking your own tell may be card sharping, but it's not cheating, nor is having a pretty girl accomplice flirting with the sucker as long as she's not telling you what cards he has.
But if you're marking the cards? Yeah, that's cheating. So is keeping an ace up your sleeve, or using a mirror to look at your opponents' cards, or dealing from the bottom of the deck if you're the dealer, or putting a magnet behind the roulette wheel.
And loading your opponent's six-shooter with blanks for the gunfight that'll happen if he catches you cheatin'? That's way cheating.
Some people are going to win a lot, some are going to lose a lot, most are going to lose a bit or occasionally win a bit. On average, you're going to lose, but the odds aren't overwhelming, just steady. The casinos need to have enough people winning that suckers will go in feeling like they'll get lucky, and unlike lotteries, that means that the odds aren't overwhelming.
Blackjack is just you against the house - a dumb player's going to get the standard odds and lose a bit, a good card counter can beat the house, but needs to play a good social engineering game to cover it up if they want to make significant money.
But poker's you against the other players, with the house raking off a cut of the pot. If you're better at it than the other players, you can beat them, and statistics isn't going to tell the house much because it's as much about predicting what how good the other players' hands are as predicting what cards are left in the deck, plus you might have a steady advantage because some of the other players are dumb about probability and you're not, or because you've got more nerve than they do when you're right.
I can't just say "so don't be greedy when you're cheating", because the reason you're cheating is that you're greedy, but you can't be too greedy or it'll be obvious. But yeah, this idiot was lucky he was being greedy in France, where he only had to deal with fines and jail, rather than Las Vegas where he might get beaten up by the mob, or the Old Wild West where he'd end up as the subject of a country music song with gunfights involved.
Cider's not distilled, just fermented. After you've done that, distilling is optional (or freeze-concentration - you leave it out in the cold and keep skimming the non-alcoholic ice off the top until what's left has concentrated into applejack, though I haven't actually tried that.) Basically you just take some good juice, add an appropriate yeast, stick a fermentation lock on top and wait a week. Yum!
I've only made one batch of beer, and it was from a kit that did basically all the work for you (it has a malt-hops syrup that you ferment.) Once I've used up a bit more of it, I'll try a small batch of with a somewhat more authentic method. (If I'd known there were kits for brewing a gallon at a time, I'd have started brewing years ago; homebrew used to be a 5-gallon-and-up activity, which is way more beer than I can consume before it's gone bad, and you need to do a few experimental batches before you've got anything you can dependably bring to a party, unless you're a college student with friends who'll drink anything they can get.)
Why do it? Same reason it's worth baking your own bread on occasion, you get to experiment, make something tasty, and have fun.