His parents were rich. Not as rich as he is now, but rich enough that his mother was on the board of directors for the Audobon society where she convinced a fellow board-member, the CEO of IBM, to give her son that first crucial contract that made history.
2. J Jonah Jameson can be brusque or opportunistic, but also shows a shred of decency on many occasions.
According to an interview I read about a decade ago Murdoch personally agreed to publish Fight Club despite it practically condemning everything he has done. Just saying...
that was an unintended action, not a premeditated decision and certainly not one that was geared at making them money nor one that indicates a change in their advertising model.
Unintentional or premeditated it doesn't make a bit of difference to the person who gets outed. Which is why I originally said, "Don't you think it's a bit naive to rely on google not ever making an error?" At this point I think you've earned the fanboi label and should no longer be taken seriously.
they can still access their account from whatever device they are actually using, such as their computer at work, or the iPhone they are carrying on them
Ah, so now you've changed from the general case to this specific case. The vast, vast majority of users who need to log into a system have only one system from which to do it from.
Your entire argument fails on that singlular premise.
It's true. There should be no repercussions for yelling derogatory names at a complete stranger who is just doing his job.
The "repercussion" you get for yelling at a cop is different from yelling at anyone else then that is pretty much textbook abuse of authority. Cussing someone out is not against the law.
In reality, what is considered effective security implementation is security implementation designed to prevent high probability events, without hurting the business in the process.
No. Your focus on "high probability" is misguided. That's a minimum requirement, not the end. Effective security is a trade off of cost for coverage. The huge gaping flaw in your argument here is that:
Locking out an account is practically the same as locking out a device as far as the user is concerned. You've failed to address that point twice now, despite being directly questioned on it. So I am pretty sure you understand it, but just don't want to admit it.
So, ultimately your argument comes down to increased complexity and increased cost in order to reduce your coverage with no other practical benefits. That's not just bad security, that's bad engineering in general.
Like Google automatically publishing your private gmail contacts list when you first created a social network profile on their system? Is that the kind of history you are basing that belief on?
That's all fine and dandy except for a few points:
o A society that thinks keeping track of our innocence should be a priority is rabidly paranoid. o A database is many orders of magnitude easier to fake than DNA evidence. One "delete" and that exculpatory evidence is gone.
You certainly don't stop them by locking a legitimate account, or you are making a denial of service trivially easy.
It depends on what's more valuable - easy access to the account or protecting what's inside the account. Plus it isn't like a DOS happens in isolation, the user gets locked out and calls the support desk.. Chances are he's going to do exactly the same thing if you lock out the computer he's on or you lock out his account.
There is no forest there though since your example applies only to Facebook. Try giving an actual example of how such leakage might occur on G+ and then people would probably pay attention.
You are going to have to do better than that. Do you claim that google will never show users sexually themed ads? Do you claim that google will never explicitly explain why they are show you an ad?
What exactly is your belief that none of this could ever happen based on?
On this we will disagree. If you aren't prepared for the extreme case then your security is, pretty much by definition, ineffective.
If your security defenses, alarms, and neighbors don't detect 6000 uninvited burglars in your front lawn, then that would mean you were totally impotent.
That's a ridiculous analogy. Seriously.
All dictionary attacks are brute force attacks.
That point was directed your claim that there aren't enough IP addresses to perform a brute force attack one per IP address.
At which point you are at the same practical result - the only node the user cares about - the one in his hands - is locked out.
What's that? No it's not. Not once they fix their mistake.
So, help me out here, how do they "fix their mistake" when the computer they are using has been locked out?
I am so sick to death of damn near every mobile tech researcher and every media outlet of any form tying everything to the frikkin' iPhone for no damn good reason.
If you need publicity and you can't figure out a way to make your product fight terrorists or pedophiles, then go with an iphone app.
IP address is not just a free form field a computer can change to whatever it wants -- the IP address you want to use actually has to be routable, otherwise it's useless.
Botnets. Plus you presume a simple brute-force attack rather than a dictionary attack or something even more specific to the target account like names of family members.
The only way that makes any sense at all is if the attack source is on the LAN; which means either an internal system has already been compromised, or you have an insider attacking through an inefficient method (trying brute force, when there are much simpler and more successful methods).
Neither are reasons to dismiss such a straightforward vulnerability.
As for someone playing with MAC addresses.... it's called Port Security or 802.1x authentication, esp. in the case of wireless.
At which point you are at the same practical result - the only node the user cares about - the one in his hands - is locked out.
I really don't see a practical use to selectively locking out a device versus simply locking down the account. In either case you've got a user who can't get logged in and is almost certainly going to require a call to the support desk. So selective lockout has minimal benefit but comes with your choice of increased risk or increased complexity and overhead. Certainly not a flaw worthy of bolded, all-caps.
Why? mp3's are small. Just get yourself a portable player with an 80GB (or larger) hard drive and you'll be set for months of uninterrupted music.
Maybe I'm missing something, but I don't see any practical value to this service. Maybe if it let you stuff blurays into it, that would be something. But just dinky little music files? Especially when it transcodes it to mp3 so you can't ever get the original back out? What good is that?
Since Google does not do that kind of advertising, I would think it is not an issue.
Forest and trees man. Why is that when you give an example, so many people can't do anything but focus on the particulars of that one specific example? Instead of the church and the gays, a Montague secretly dating a Capulet? Or a guy who works for Ford but happens to to be a camaro nut at home?
The issue is detrimental leakage of information between circles. When you put all of your eggs in one basket you are just asking for them to bump around and maybe even crack open a few when you least want them to.
Virtually every other OS out there, including Windows NT, just adopted the BSD stack,
Nope, never did, never will. First it was a port of the Spider Systems stack and then it was replaced with something homegrown. FWIW, I know the Spider stack pretty well from a long-defunct HPC unix variant I used to support (actually, I've tried hard to forget it, Spider was a real PITA).
Then don't post "gay circle" stuff to your "church circle" friends.
Don't you think it's a bit naive to rely on google not ever making an error with the circle stuff for such a life-altering issue? What if one day all the church circle people get an ad for an AIDS test or a gaycation cruise and it says it was selected for them because their friend likes that stuff?
So I have to ask. Why would you knowingly join a social network and want to stay anonymous? Isn't that counter-intuitive?
Because we all have multiple social circles and some of them are toxic to each other. That evangelical Christian probably doesn't want anyone from his church finding out that he's gay.
I don't even see whats wrong with being a tribalist.
That's good. At least you aren't afraid to correctly self-identify. I think that you'll find that a LOT of discussions that you have will be far more simple and direct if you just spell out that you have a tribalist world view at the start.
Because it isn't about being justified, it's about being effective. Creating more terrorists is not an effective way to stop terrorism. Revenge at all costs is pretty much the definition of not level-headed.
The fact that you would rather watch your countrymen die at the hands of a terrorist than to watch the terrorist die is extremely bothersome.
Yep, straight out of the tribalist playbook, give up all pretense of rational argument. All I've ever talked about was the killing of innocents. I don't think there is anything more that I can contribute to this discussion.
If that's your mentality, then we're completely justified in terrorizing Afghanistan because they attacked our innocents on 9/11 first.
It's not a desire it's an observation.
Lets see how you feel about that after your friends and family end up being the ones killed. No thanks. I'd rather their innocents die than mine.
Yep, you are a tribalist. That's usually how these arguuments play out. The thing is, tribalism is pretty much in opposition of basic american ideals like egalitarianism.
Proposed solution: following a standard that limits loudness would remove the strategic advantage of loudness. What will happen: the standard would be ignored.
Nah, instead the RIAA will use it as a marketing campaign to re-release their entire back-catalog with the original dynamic range as yet another "remastered" edition that every fan must buy. Meanwhile, they will screw something else up so that the new releases are still flawed in some other way, just so that they can go ahead and fix that problem in another 10 years and re-sell us all the same music again.
Slashdot Mirror
1. Bill Gates
His parents were rich. Not as rich as he is now, but rich enough that his mother was on the board of directors for the Audobon society where she convinced a fellow board-member, the CEO of IBM, to give her son that first crucial contract that made history.
2. J Jonah Jameson can be brusque or opportunistic, but also shows a shred of decency on many occasions.
According to an interview I read about a decade ago Murdoch personally agreed to publish Fight Club despite it practically condemning everything he has done. Just saying...
that was an unintended action, not a premeditated decision and certainly not one that was geared at making them money nor one that indicates a change in their advertising model.
Unintentional or premeditated it doesn't make a bit of difference to the person who gets outed. Which is why I originally said, "Don't you think it's a bit naive to rely on google not ever making an error?" At this point I think you've earned the fanboi label and should no longer be taken seriously.
Well, to be fair, the head of the Texas Board of Education did say "If there's evolution, how do you account for the spics and negroes?"
I googled for that quote, leaving off the last four words and got one hit - your post. Got a cite?
they can still access their account from whatever device they are actually using, such as their computer at work, or the iPhone they are carrying on them
Ah, so now you've changed from the general case to this specific case. The vast, vast majority of users who need to log into a system have only one system from which to do it from.
Your entire argument fails on that singlular premise.
It's true. There should be no repercussions for yelling derogatory names at a complete stranger who is just doing his job.
The "repercussion" you get for yelling at a cop is different from yelling at anyone else then that is pretty much textbook abuse of authority. Cussing someone out is not against the law.
In reality, what is considered effective security implementation is security implementation designed to prevent high probability events, without hurting the business in the process.
No. Your focus on "high probability" is misguided. That's a minimum requirement, not the end. Effective security is a trade off of cost for coverage. The huge gaping flaw in your argument here is that:
Locking out an account is practically the same as locking out a device as far as the user is concerned. You've failed to address that point twice now, despite being directly questioned on it. So I am pretty sure you understand it, but just don't want to admit it.
So, ultimately your argument comes down to increased complexity and increased cost in order to reduce your coverage with no other practical benefits. That's not just bad security, that's bad engineering in general.
History is what I have to base this belief on.
Like Google automatically publishing your private gmail contacts list when you first created a social network profile on their system? Is that the kind of history you are basing that belief on?
That's all fine and dandy except for a few points:
o A society that thinks keeping track of our innocence should be a priority is rabidly paranoid.
o A database is many orders of magnitude easier to fake than DNA evidence. One "delete" and that exculpatory evidence is gone.
You certainly don't stop them by locking a legitimate account, or you are making a denial of service trivially easy.
It depends on what's more valuable - easy access to the account or protecting what's inside the account. Plus it isn't like a DOS happens in isolation, the user gets locked out and calls the support desk.. Chances are he's going to do exactly the same thing if you lock out the computer he's on or you lock out his account.
There is no forest there though since your example applies only to Facebook. Try giving an actual example of how such leakage might occur on G+ and then people would probably pay attention.
You are going to have to do better than that.
Do you claim that google will never show users sexually themed ads?
Do you claim that google will never explicitly explain why they are show you an ad?
What exactly is your belief that none of this could ever happen based on?
The existence of extreme examples
On this we will disagree. If you aren't prepared for the extreme case then your security is, pretty much by definition, ineffective.
If your security defenses, alarms, and neighbors don't detect 6000 uninvited burglars in your front lawn, then that would mean you were totally impotent.
That's a ridiculous analogy. Seriously.
All dictionary attacks are brute force attacks.
That point was directed your claim that there aren't enough IP addresses to perform a brute force attack one per IP address.
At which point you are at the same practical result - the only node the user cares about - the one in his hands - is locked out.
What's that? No it's not. Not once they fix their mistake.
So, help me out here, how do they "fix their mistake" when the computer they are using has been locked out?
I am so sick to death of damn near every mobile tech researcher and every media outlet of any form tying everything to the frikkin' iPhone for no damn good reason.
If you need publicity and you can't figure out a way to make your product fight terrorists or pedophiles, then go with an iphone app.
IP address is not just a free form field a computer can change to whatever it wants -- the IP address you want to use actually has to be routable, otherwise it's useless.
Botnets. Plus you presume a simple brute-force attack rather than a dictionary attack or something even more specific to the target account like names of family members.
The only way that makes any sense at all is if the attack source is on the LAN; which means either an internal system has already been compromised, or you have an insider attacking through an inefficient method (trying brute force, when there are much simpler and more successful methods).
Neither are reasons to dismiss such a straightforward vulnerability.
As for someone playing with MAC addresses.... it's called Port Security or 802.1x authentication, esp. in the case of wireless.
At which point you are at the same practical result - the only node the user cares about - the one in his hands - is locked out.
I really don't see a practical use to selectively locking out a device versus simply locking down the account. In either case you've got a user who can't get logged in and is almost certainly going to require a call to the support desk. So selective lockout has minimal benefit but comes with your choice of increased risk or increased complexity and overhead. Certainly not a flaw worthy of bolded, all-caps.
That is... a sane network login server application would tarpit the network device attempting to login, not lock the account itself.
How do you propose to stop an attacker who changes IP and/or MAC addresses with every new password attempt?
I'd love to try it out
Why? mp3's are small. Just get yourself a portable player with an 80GB (or larger) hard drive and you'll be set for months of uninterrupted music.
Maybe I'm missing something, but I don't see any practical value to this service. Maybe if it let you stuff blurays into it, that would be something. But just dinky little music files? Especially when it transcodes it to mp3 so you can't ever get the original back out? What good is that?
Since Google does not do that kind of advertising, I would think it is not an issue.
Forest and trees man. Why is that when you give an example, so many people can't do anything but focus on the particulars of that one specific example? Instead of the church and the gays, a Montague secretly dating a Capulet? Or a guy who works for Ford but happens to to be a camaro nut at home?
The issue is detrimental leakage of information between circles. When you put all of your eggs in one basket you are just asking for them to bump around and maybe even crack open a few when you least want them to.
Virtually every other OS out there, including Windows NT, just adopted the BSD stack,
Nope, never did, never will. First it was a port of the Spider Systems stack and then it was replaced with something homegrown. FWIW, I know the Spider stack pretty well from a long-defunct HPC unix variant I used to support (actually, I've tried hard to forget it, Spider was a real PITA).
http://www.kuro5hin.org/story/2001/6/19/05641/7357
Then don't post "gay circle" stuff to your "church circle" friends.
Don't you think it's a bit naive to rely on google not ever making an error with the circle stuff for such a life-altering issue? What if one day all the church circle people get an ad for an AIDS test or a gaycation cruise and it says it was selected for them because their friend likes that stuff?
So I have to ask. Why would you knowingly join a social network and want to stay anonymous? Isn't that counter-intuitive?
Because we all have multiple social circles and some of them are toxic to each other. That evangelical Christian probably doesn't want anyone from his church finding out that he's gay.
I don't even see whats wrong with being a tribalist.
That's good. At least you aren't afraid to correctly self-identify. I think that you'll find that a LOT of discussions that you have will be far more simple and direct if you just spell out that you have a tribalist world view at the start.
>$350,000 per household
Citation needed or shut the fuck up.
citation
So what if its an observation?
Because it isn't about being justified, it's about being effective.
Creating more terrorists is not an effective way to stop terrorism.
Revenge at all costs is pretty much the definition of not level-headed.
The fact that you would rather watch your countrymen die at the hands of a terrorist than to watch the terrorist die is extremely bothersome.
Yep, straight out of the tribalist playbook, give up all pretense of rational argument. All I've ever talked about was the killing of innocents. I don't think there is anything more that I can contribute to this discussion.
If that's your mentality, then we're completely justified in terrorizing Afghanistan because they attacked our innocents on 9/11 first.
It's not a desire it's an observation.
Lets see how you feel about that after your friends and family end up being the ones killed. No thanks. I'd rather their innocents die than mine.
Yep, you are a tribalist. That's usually how these arguuments play out. The thing is, tribalism is pretty much in opposition of basic american ideals like egalitarianism.
Proposed solution: following a standard that limits loudness would remove the strategic advantage of loudness.
What will happen: the standard would be ignored.
Nah, instead the RIAA will use it as a marketing campaign to re-release their entire back-catalog with the original dynamic range as yet another "remastered" edition that every fan must buy. Meanwhile, they will screw something else up so that the new releases are still flawed in some other way, just so that they can go ahead and fix that problem in another 10 years and re-sell us all the same music again.