Yeah, that is nice. Problem is usability goes down. I use adblock, but noscript and flashblock gets pretty bothersome after a while - and the one in a billion sites they protect against that adblock doesn't already block seems to be well within the capabilities of my anti-virus.
The solution is never being perfectly safe, it's being as safe as you can without unduly compromising usability.
That's quite a non sequitur there. Whether the device is mobile or not is irrelevant, as is whether you are home or not. What matters is whether people can see you type in your password. Someone shouldersurfing in your living room is just as bad as someone doing it at the office, or in the subway, or in a library.
We all know you shouldn't log in to a sensitive site from an internet café or similar due to the risk of unfriendly intercepts, and mobile devices have their own security risk (low physical security - they can snatch it while you're logged in and bypass your security all together). This means that if you DO have to log in to a sensitive site from a mobile device it's a security risk to do so around people anyway; totally unrelated to the length of your password.
I'd recommend excusing yourself and heading to the restroom and doing it there, if you can't just find a gap between people and put yourself with your back to a wall. If you can't deal with this then that's your problem, but a longer password does nothing to protect you from the REAL dangers of logging in at a physically insecure location.
Is the way the US act on a global scale a valid concern for personal freedom as a concept? Definitely. Is it an actual problem for MY personal freedom? Not really - at the pace things move it's fairly sure I'll be long dead and buried by the time it could theoretically come to that.
And that's assuming that a country that can't even keep themselves stable right now would somehow manage to get every other major power on the planet to agree with them and do as they want.
To summarize: Are they trying to influence the world? Sure. In many ways. Are they succeeding? In a few ways. Problem? Not really.
Which isn't ever likely to be an issue for your hotmail password. While there are some leaks of password hashes now and then out there on the net, they are pretty rare compared to how many sites that require you to authorize. Saying that your hotmail password has to protect against offline cracking is a bit like saying your car should protect you from meteor strikes.
I'd compare it to learning English if you're (like me) not a native English speaker. It simply opens up opportunities, gives you a chance to interact with a global community without having to learn a hundred different local languages (or use a thousand different smaller sites, in the facebook case), and generally is a tool that can be incredibly useful if you decide to leverage it.
While I am less than thrilled with the way they run their business the fact that one in seven people globally are on there makes it indispensable to have a facebook account, even though I personally barely use it. There have been people I've met that have given me their facebook url for me to contact them with simply because they don't use e-mail or IM systems much, and these days even phones aren't all that popular around here. Getting cut off from that would mean being cut off from a significant subset of human interaction in the modern age.
Having said that, I do hope some better service comes along and overtakes them with a more secure and better functioning system, but given that the average user couldn't care less as long as farmville works it's not very likely. Diaspora for instance sounds great, but it won't go viral any time soon. There's no incentive to make the change for people who don't care about the security aspect.
I don't mind being on a watch list in the US, because I have absolutely no intention of ever going near the place. The majority of facebook users are NOT american, so it's not really a big deal.
Just saying, your argument holds true just as well for slashdot as it does for facebook. There is (allegedly) ads here as well, and I'm certainly not being paid or paying for the time I spend here.
It would be incredibly useful, since if I wanted to call someone I'd look for them under the name I actually knew them by, not whatever was on their birth certificate.
Personally I've got five names, three first names, two last names. I use one first and one last on facebook and on my mailbox and in most catalogues and so on. Lately though some companies have taken to making it more convenient for the customer by automatically getting my data from my personal number that I have to enter to pay per credit or get billed or whatever, and so they send the bill/product/messages to my address as it's listed in the government data bases. This confuses the fuck out of the postman, especially since most label printing software doesn't seem to handle it too well which leads to the names being given in arbitrary order (lastname, firstname firstname firstname otherlastname was a particular favourite of mine) and sometimes truncated to show only a few of the names, sometimes just the first names, sometimes just one of the last names...
All in all I've had to argue my case three times now over bills that never reached me because of this. On the other hand I've actually twice received physical mail that was addressed to one of my internet handles, because apparently my more "public" internet handle is not quite so hard to track down as random permutations of my "official" name.
To summarize, if it's usability you want then it's greatly preferred to give people control over what they want to be known as, rather than leave it to the official registered version. In the real world names are not unique identifiers, and all systems need to account for the fact that we do indeed use nicknames and variations. When they stop doing this, the systems collide with reality, and failure happens.
If you can make 100 billion incorrect guesses in a second to a remote webpage, there's really only two things to say:
1. I want your internet connection. 2. Password strength is not the critical flaw of that particular site - rather they should look into some way of not letting people try 100 billion passwords in a second without getting delayed/locked out.
Sure. But 99% of users will use a COMMON pattern, which means adding even a few more bits would account for the vast majority if users. It's educating those people to use a better system that would drastically increase the overall web security.
Think of it like this... if we convince some guy who uses Pin3c0ne34! as a password to use curtains carrot lollipop analbeads instead, then that's not going to make as much of a difference as convincing someone that uses password as a password to use hippo nice boss awful. If you make someone that has a meh password get a great password, 10 out of 10 horrible passwords will still be cracked in the first second, and the majority of hackers won't even spend the computing power go after the meh, because they wouldn't need to.
If you shift a bunch of the bad password users to good passwords, then the hackers would have to attack the meh to get the same level of results, thus increasing their time investment drastically!
So sure, if you use an obscure variant of a simple scheme, you're likely quite safe. It's like using a foreign front door lock - no local thief is likely to be able to bump it, because they don't carry blanks for that lock since it's so unusual. But while that might work for your personal security it does nothing for the overall security state of the neighbourhood.
SOME banks have extremely lousy standards. Maybe even MOST banks. Personally I chose my bank based on this since I almost exclusively interact with my bank online, and I made sure to tell the banks that failed to live up to basic usability standards when I tested them exactly why I was closing my accounts.
It might be inconvenient to switch banks, but except for a small amount of fringe cases it's definitely doable. Put that one time effort in comparison to the increased risk and headaches of constantly being exposed to a crappy security/login system, and I think you'll notice as I did that over the long run you're better off making the switch.
If someone is able to pay attention while you type your password, then your problem is physical security - not password length. Using that as an argument is arguing for security through obscurity, which is generally not the best choice. Better then to remove the asshole that's shoulder-surfing, or wait to access your account until you're in a private location.
Not really - access should not be measured by IP since a personal account should only be accessed by ONE person, regardless of IP. So five attempts from five different IPs should count exactly the same as five attempts from the same IP.
Well yes, that is quite obviously the reason. The real question is why they chose such a dumb word for it... I mean, "piracy". Pirates have been symbols of cool adventures for pretty much ever, and I doubt anyone but the most dull greysuited "normals" actually get discouraged by it.
No, if they wanted to discourage youths from copyright infringement, they should call it "Accounting" or something. If that got traction they'd probably see drastic reductions in piracy over night. Not teenager wants to be caught accounting.
The size of the effect was some 280000 voters that would otherwise have stayed home, according to the article. While percentually that might not be a large effect over the size of the population, it is definitely a worthwhile difference. Depending on how these people vote and what districts they are in that could potentially have an actual effect on the result of an election. (Granted, I am not very familiar with the us system for elections, but from what I understand the result in individual areas are to some degree more important than the overall percentages.)
And if you mean to critique something like that, perhaps you should consider that most people on here have no idea about the deeper workings of statistics, and try to phrase it accordingly? Because it definitely sounded entirely as if you implied that large sample groups were less accurate than small ones.
It seems the latter is meant as a dig at statistics, but if it is you seem to be confused. The problem with statistics isn't that you can find statistical significance in large groups, quite the opposite - that's when statistics actually do work very well. The problem is that if you have a sample group SMALL enough, you're likely to have problems choosing a representative group and won't get an accurate result... Having a.39% difference is actually quite a big thing in a group of 61 million, since it will be a very accurate number, and shows a proven, actual, effect.
Fair point, a case of misunderstanding. Next time, you try to make clear when you decide to change what you're arguing about in the middle of a thread, and I promise I'll try to double check so I don't miss it.
Okay, you definitely got me on misuse of vocabulary with devolving, my bad. I won't bother making excuses for that, that's on me.
However much of your current argument falls entirely on the fact that the premise was that these critters in specific were not originated on earth. Not that all life on earth came from outside or not, that I agree entirely is a non-conclusive and bla bla, but it's a completely different argument. The argument made was that the hardiness of these critters indicated that they (or as you put it an ancestor of theirs) came to the planet through space.
I feel I've made quite a strong argument for why that's not a theory to lend any credence to.
No, I just don't get how it's better than my traditional methods of slipping her a roofie and letting her wake up in the dungeon I dug out under my garage where she'll be spending the rest of her unnatural life.
Sure. So let's avoid speculating on life on other planets. We know life on our planet exists, that it evolves, and that this particular little critter is on earth, and shares the same biological makeup as other life on the planet.
So the simplest explanation as you put it, still says we should assume it's terrestrial in origin. Anything else would require more assumptions, and less likely events.
Or Aliexpress to be exact... and pretty much clicked the first thing that made me say WTF. Okay that's a lie, it was one of the three things on the first screen that made me go WTF. Here you go:
To quote the link that brought me to that page: "Don't bother with traditional methods of finding a partner. Pop a pair of Brain Wave Cat Ears on the head of the one you love, and if they twitch... they like you!"
I'm pretty sure they'd twitch all right... and I'm not talking about the ears. Twitch and run away.
True. Bet's let's simplify that for you by reducing it to opposing hypothesis:
Your hypothesis is that an alien species incredibly hardy travelled through space to land on earth, managed to survive by competing with the existing lifeforms, but somehow slowly devolved into a microscopic eight legged bear.
Assumptions made: There is life in space, such life travels, it somehow found this particular tiny speck in the outer parts of the galaxy, it wasn't hardy enough to trump other life on earth, it is similar enough to other life on earth that we can't tell the difference scientifically other than by its hardiness... I'll take a break here, feel free to go on by yourself as an exercise in critical thinking.
Opposing hypothesis is that somehow a species on earth evolved to be extraordinarily hardy.
Assumptions made: Evolution is real.
Now, let's apply Occam's razor here, and cut away the hypothesis that makes the most assumptions. What's left? Sanity!
Oh, and as a bonus point, personally I'd make the assumption that tiny eight legged bears that scientists finds fascinating enough to pay to bring to fucking space for experiments have probably been researched quite a lot in every other possible way, and found to be quite in line with current understanding of what a terrestrial being is.
Surely you've noticed that they go in alphabetical order, right? Which is a lot like numbers, except with letters. Which I'd hope most people are familiar with.
Not that I'm defending their naming scheme, I think it's pretty silly myself, but it's definitely not as hard to get as people seem to want to imply it is.
Slashdot Mirror
Yeah, that is nice. Problem is usability goes down. I use adblock, but noscript and flashblock gets pretty bothersome after a while - and the one in a billion sites they protect against that adblock doesn't already block seems to be well within the capabilities of my anti-virus.
The solution is never being perfectly safe, it's being as safe as you can without unduly compromising usability.
That's quite a non sequitur there. Whether the device is mobile or not is irrelevant, as is whether you are home or not. What matters is whether people can see you type in your password. Someone shouldersurfing in your living room is just as bad as someone doing it at the office, or in the subway, or in a library.
We all know you shouldn't log in to a sensitive site from an internet café or similar due to the risk of unfriendly intercepts, and mobile devices have their own security risk (low physical security - they can snatch it while you're logged in and bypass your security all together). This means that if you DO have to log in to a sensitive site from a mobile device it's a security risk to do so around people anyway; totally unrelated to the length of your password.
I'd recommend excusing yourself and heading to the restroom and doing it there, if you can't just find a gap between people and put yourself with your back to a wall. If you can't deal with this then that's your problem, but a longer password does nothing to protect you from the REAL dangers of logging in at a physically insecure location.
Is the way the US act on a global scale a valid concern for personal freedom as a concept? Definitely. Is it an actual problem for MY personal freedom? Not really - at the pace things move it's fairly sure I'll be long dead and buried by the time it could theoretically come to that.
And that's assuming that a country that can't even keep themselves stable right now would somehow manage to get every other major power on the planet to agree with them and do as they want.
To summarize:
Are they trying to influence the world? Sure. In many ways.
Are they succeeding? In a few ways.
Problem? Not really.
Which isn't ever likely to be an issue for your hotmail password. While there are some leaks of password hashes now and then out there on the net, they are pretty rare compared to how many sites that require you to authorize. Saying that your hotmail password has to protect against offline cracking is a bit like saying your car should protect you from meteor strikes.
I'd compare it to learning English if you're (like me) not a native English speaker. It simply opens up opportunities, gives you a chance to interact with a global community without having to learn a hundred different local languages (or use a thousand different smaller sites, in the facebook case), and generally is a tool that can be incredibly useful if you decide to leverage it.
While I am less than thrilled with the way they run their business the fact that one in seven people globally are on there makes it indispensable to have a facebook account, even though I personally barely use it. There have been people I've met that have given me their facebook url for me to contact them with simply because they don't use e-mail or IM systems much, and these days even phones aren't all that popular around here. Getting cut off from that would mean being cut off from a significant subset of human interaction in the modern age.
Having said that, I do hope some better service comes along and overtakes them with a more secure and better functioning system, but given that the average user couldn't care less as long as farmville works it's not very likely. Diaspora for instance sounds great, but it won't go viral any time soon. There's no incentive to make the change for people who don't care about the security aspect.
I don't mind being on a watch list in the US, because I have absolutely no intention of ever going near the place. The majority of facebook users are NOT american, so it's not really a big deal.
A slashdot user?
Just saying, your argument holds true just as well for slashdot as it does for facebook. There is (allegedly) ads here as well, and I'm certainly not being paid or paying for the time I spend here.
It would be incredibly useful, since if I wanted to call someone I'd look for them under the name I actually knew them by, not whatever was on their birth certificate.
Personally I've got five names, three first names, two last names. I use one first and one last on facebook and on my mailbox and in most catalogues and so on. Lately though some companies have taken to making it more convenient for the customer by automatically getting my data from my personal number that I have to enter to pay per credit or get billed or whatever, and so they send the bill/product/messages to my address as it's listed in the government data bases. This confuses the fuck out of the postman, especially since most label printing software doesn't seem to handle it too well which leads to the names being given in arbitrary order (lastname, firstname firstname firstname otherlastname was a particular favourite of mine) and sometimes truncated to show only a few of the names, sometimes just the first names, sometimes just one of the last names...
All in all I've had to argue my case three times now over bills that never reached me because of this. On the other hand I've actually twice received physical mail that was addressed to one of my internet handles, because apparently my more "public" internet handle is not quite so hard to track down as random permutations of my "official" name.
To summarize, if it's usability you want then it's greatly preferred to give people control over what they want to be known as, rather than leave it to the official registered version. In the real world names are not unique identifiers, and all systems need to account for the fact that we do indeed use nicknames and variations. When they stop doing this, the systems collide with reality, and failure happens.
If you can make 100 billion incorrect guesses in a second to a remote webpage, there's really only two things to say:
1. I want your internet connection.
2. Password strength is not the critical flaw of that particular site - rather they should look into some way of not letting people try 100 billion passwords in a second without getting delayed/locked out.
Sure. But 99% of users will use a COMMON pattern, which means adding even a few more bits would account for the vast majority if users. It's educating those people to use a better system that would drastically increase the overall web security.
Think of it like this... if we convince some guy who uses Pin3c0ne34! as a password to use curtains carrot lollipop analbeads instead, then that's not going to make as much of a difference as convincing someone that uses password as a password to use hippo nice boss awful. If you make someone that has a meh password get a great password, 10 out of 10 horrible passwords will still be cracked in the first second, and the majority of hackers won't even spend the computing power go after the meh, because they wouldn't need to.
If you shift a bunch of the bad password users to good passwords, then the hackers would have to attack the meh to get the same level of results, thus increasing their time investment drastically!
So sure, if you use an obscure variant of a simple scheme, you're likely quite safe. It's like using a foreign front door lock - no local thief is likely to be able to bump it, because they don't carry blanks for that lock since it's so unusual. But while that might work for your personal security it does nothing for the overall security state of the neighbourhood.
SOME banks have extremely lousy standards. Maybe even MOST banks. Personally I chose my bank based on this since I almost exclusively interact with my bank online, and I made sure to tell the banks that failed to live up to basic usability standards when I tested them exactly why I was closing my accounts.
It might be inconvenient to switch banks, but except for a small amount of fringe cases it's definitely doable. Put that one time effort in comparison to the increased risk and headaches of constantly being exposed to a crappy security/login system, and I think you'll notice as I did that over the long run you're better off making the switch.
If someone is able to pay attention while you type your password, then your problem is physical security - not password length. Using that as an argument is arguing for security through obscurity, which is generally not the best choice. Better then to remove the asshole that's shoulder-surfing, or wait to access your account until you're in a private location.
Not really - access should not be measured by IP since a personal account should only be accessed by ONE person, regardless of IP. So five attempts from five different IPs should count exactly the same as five attempts from the same IP.
Well yes, that is quite obviously the reason. The real question is why they chose such a dumb word for it... I mean, "piracy". Pirates have been symbols of cool adventures for pretty much ever, and I doubt anyone but the most dull greysuited "normals" actually get discouraged by it.
No, if they wanted to discourage youths from copyright infringement, they should call it "Accounting" or something. If that got traction they'd probably see drastic reductions in piracy over night. Not teenager wants to be caught accounting.
The size of the effect was some 280000 voters that would otherwise have stayed home, according to the article. While percentually that might not be a large effect over the size of the population, it is definitely a worthwhile difference. Depending on how these people vote and what districts they are in that could potentially have an actual effect on the result of an election. (Granted, I am not very familiar with the us system for elections, but from what I understand the result in individual areas are to some degree more important than the overall percentages.)
And if you mean to critique something like that, perhaps you should consider that most people on here have no idea about the deeper workings of statistics, and try to phrase it accordingly? Because it definitely sounded entirely as if you implied that large sample groups were less accurate than small ones.
It seems the latter is meant as a dig at statistics, but if it is you seem to be confused. The problem with statistics isn't that you can find statistical significance in large groups, quite the opposite - that's when statistics actually do work very well. The problem is that if you have a sample group SMALL enough, you're likely to have problems choosing a representative group and won't get an accurate result... Having a .39% difference is actually quite a big thing in a group of 61 million, since it will be a very accurate number, and shows a proven, actual, effect.
There is quite a simple analysis actually, based on the very simple and statistically true test:
Did a politician claim to have an opinion?
If yes: It was paid for.
If no: Now accepting offers.
Fair point, a case of misunderstanding. Next time, you try to make clear when you decide to change what you're arguing about in the middle of a thread, and I promise I'll try to double check so I don't miss it.
Okay, you definitely got me on misuse of vocabulary with devolving, my bad. I won't bother making excuses for that, that's on me.
However much of your current argument falls entirely on the fact that the premise was that these critters in specific were not originated on earth. Not that all life on earth came from outside or not, that I agree entirely is a non-conclusive and bla bla, but it's a completely different argument. The argument made was that the hardiness of these critters indicated that they (or as you put it an ancestor of theirs) came to the planet through space.
I feel I've made quite a strong argument for why that's not a theory to lend any credence to.
No, I just don't get how it's better than my traditional methods of slipping her a roofie and letting her wake up in the dungeon I dug out under my garage where she'll be spending the rest of her unnatural life.
Sure. So let's avoid speculating on life on other planets. We know life on our planet exists, that it evolves, and that this particular little critter is on earth, and shares the same biological makeup as other life on the planet.
So the simplest explanation as you put it, still says we should assume it's terrestrial in origin. Anything else would require more assumptions, and less likely events.
Or Aliexpress to be exact... and pretty much clicked the first thing that made me say WTF. Okay that's a lie, it was one of the three things on the first screen that made me go WTF. Here you go:
http://www.aliexpress.com/item/Emperorship-necomimi-cat-ears-cat/622965849.html
To quote the link that brought me to that page: "Don't bother with traditional methods of finding a partner. Pop a pair of Brain Wave Cat Ears on the head of the one you love, and if they twitch... they like you!"
I'm pretty sure they'd twitch all right... and I'm not talking about the ears. Twitch and run away.
True. Bet's let's simplify that for you by reducing it to opposing hypothesis:
Your hypothesis is that an alien species incredibly hardy travelled through space to land on earth, managed to survive by competing with the existing lifeforms, but somehow slowly devolved into a microscopic eight legged bear.
Assumptions made: There is life in space, such life travels, it somehow found this particular tiny speck in the outer parts of the galaxy, it wasn't hardy enough to trump other life on earth, it is similar enough to other life on earth that we can't tell the difference scientifically other than by its hardiness... I'll take a break here, feel free to go on by yourself as an exercise in critical thinking.
Opposing hypothesis is that somehow a species on earth evolved to be extraordinarily hardy.
Assumptions made: Evolution is real.
Now, let's apply Occam's razor here, and cut away the hypothesis that makes the most assumptions. What's left? Sanity!
Oh, and as a bonus point, personally I'd make the assumption that tiny eight legged bears that scientists finds fascinating enough to pay to bring to fucking space for experiments have probably been researched quite a lot in every other possible way, and found to be quite in line with current understanding of what a terrestrial being is.
Surely you've noticed that they go in alphabetical order, right? Which is a lot like numbers, except with letters. Which I'd hope most people are familiar with.
Not that I'm defending their naming scheme, I think it's pretty silly myself, but it's definitely not as hard to get as people seem to want to imply it is.
No, it takes you to a picture of two cinnamon buns with a pencil shoved through them.