The information in your tax account is probably far more damaging than just your password and that is stored in plain text. If you don't trust them with your password, why the hell do you trust them with all that other information?
Tax offices usually have to deal with a wide variety of enquiries, some of which may not be done over the phone. Passwords/secret phrases can be a nightmare over the phone, especially for someone non-technical, having plain text passwords allows you to verify that a granny who says "21 primrose hill" is their password when it's stored as "21 Primrose-hill".
My bank (Barclays) doesn't use encrypted passwords, they use the "say the 8th and 6th letters of your password" system plus chip + pin to verify you. As they're a high priority target for phising, key logging and MITM, it is actually far safer to do this then force the entire password the whole time.
TLDR: password hashing is an (easy) additional layer of security but it comes with its own drawbacks, isn't the be-all and end-all to security and isn't needed if security measures are strong enough.
Power companies frequently report people to the police for suspicious usage (ie if you're running lots of heat lamps).
They're watching your usage patterns a lot more than you realise. Heck some power companies will turn down your air conditioning.
It's like banning someone from a shopping mall because they're carrying weapons. You may not be liable for crimes they commit with those weapons but you still want to prevent it.
That'll actually make things worse. It'll mean that every company has no choice but to to pursue infringers or risk losing the copyright. An indie studio who can't afford to sue people (especially when the awards would be small or not paid)? They're fucked.
The new atoms seem pretty much designed for Windows 8 tablets. Lower power, cooler, much cheaper, they'll fix a whole load of problems with a core i5 based tablet. It won't be as fast but it'll run office, skype, a browser, 1080p vids and angry birds.
So it's a value that's well within random fluctuation levels? Meanwhile, how's the reliability, memory usage, compatibility, performance outside of that single game?
Lots of people think this is stupid... Until it happens to them.
You underestimate how valuable a sanity check on a project can be. Someone who can tell you that they're using the right software, the right methods for some things, that using xyz for abc isn't a good idea and that 123 would be better suited to it. They can get professional feedback on designs and processes etc.
Yeah a full time consultant working for a month then providing advice when needed is better but they also cost a large amount of money.
CGI/special effects company that wanted to branch out into web development gave me an 'interview' about a drupal development job. Got there, they talked to me about the 'job' (they wanted a drupal based booking system). Spent the next hour talking about how I'd go about implementing it, why it was possible under Drupal and commented on some prototypes they'd drawn out. Generally felt like the 'interview' was going well, agency afterwards said they'd been really impressed with me and would 'certainly' get in contact.
Naturally I never heard from them again and I then realised I had wasted an afternoon driving to this place to give them a valuable consultation session that they didn't have to pay a penny for. Was naive in retrospect but I've been poor interviewee in the past (incredibly shy which a lot of people mistake for lack of interest/motivation) and was a bit too keen to impress.
It's illegal in the UK to offer an interview when there's no job available but it's next to impossible to prove (they just say a client backed out or they decided to go a different direction).
The teacher thing of "in their own time with their own materials" is misleading. Teachers are paid and expected to do work out of school hours as part of their salary. Also, if a teacher decides to create and market their own teaching materials or write about a new teaching method, they have access to lots of classes of kids with which to test their product on. They could be getting paid by the state to do research that will ultimately only benefit them, using other people's children as Guinea pigs.
Why exactly should something being automated stop it from being a crime?
It's the responsibility of the creator of an algorithm to ensure that measures are taken to make sure it obeys the law. If someone creates a robotic hedge trimmer that then decides that people's necks also need trimming and runs amok, should the creator get away with it because it was down to his algorithm doing it automatically?
A newspaper could quite easily use that principle to do front pages of "numerous reports that politician xyz secretly sacrifices goats to a pagan fertility goddess!".
A lie doesn't become true if it's repeated enough.
Duress doesn't mean "if you don't sign it you're fired/expelled/sued". If it did it would be illegal for someone to sign and accept formal warnings or bad performance reviews (along with thousands of other types of contracts).
If I see someone go around my house, checking all the doors and windows for ones that are unlocked or able to be forced open I'm not going to think "that's fine, I'm happy with the quality of my security", I'm going to call the police.
If someone is running unauthorised scans on your server, you've got to assume hostile intentions.
The problem with SSDs is not that they fail. It's that they fail completely without warning (or at least mine did), no have no chance to do emergency backups, order a replacement and no way of running repair utilities to reconstruct some of the files.
I've had HDDs die but never complete data loss out of the blue like with the OCZ Vertex 2.
The loophole in that if you pull into a car park and claim you were just idling, it's near impossible to prove otherwise.
This isn't just a "America is a police state!!!11" thing, these laws are incredibly common throughout different countries. The main justification is that Too many drunk drivers pull this off and even if you do it "legitimately", sleeping behind the wheel of a car is generally considered a bad thing to do, even when it isn't running.
"hnnng wazzat thing that's really uncomfortable, can't I move it"
*click*
"heehee it almost feels like this car is rolling down this sloped car park, I drank way too much!"
Because lots of drunk drivers would use the loophole of claiming not to be driving the vehicle when the police found them to try to escape prosecution.
You are not allowed to operate a vehicle when drunk. Starting the car is operating it.
She could've drunkenly removed the handbrake or put it into gear, or she could've just been flat out lying (the reason this is a specific definition of DUI is to prevent drunk drivers pulling into a car park and claiming they never drove the car anywhere).
As for your second, completely made up example. Why exactly is your car being broken into something the police need to rush to? There's no crime in progress, there's no risk to life, it's unlikely they'll catch the guy whether they arrive 10 minutes or 2 days after. Your second example is a crime in progress with a realistic chance of catching the person committing it.
Slashdot Mirror
People actually need to work with tax data, it has to be decrypt-able by tax office staff otherwise what's the point in it?
The information in your tax account is probably far more damaging than just your password and that is stored in plain text. If you don't trust them with your password, why the hell do you trust them with all that other information?
Tax offices usually have to deal with a wide variety of enquiries, some of which may not be done over the phone. Passwords/secret phrases can be a nightmare over the phone, especially for someone non-technical, having plain text passwords allows you to verify that a granny who says "21 primrose hill" is their password when it's stored as "21 Primrose-hill".
My bank (Barclays) doesn't use encrypted passwords, they use the "say the 8th and 6th letters of your password" system plus chip + pin to verify you. As they're a high priority target for phising, key logging and MITM, it is actually far safer to do this then force the entire password the whole time.
TLDR: password hashing is an (easy) additional layer of security but it comes with its own drawbacks, isn't the be-all and end-all to security and isn't needed if security measures are strong enough.
Power companies frequently report people to the police for suspicious usage (ie if you're running lots of heat lamps). They're watching your usage patterns a lot more than you realise. Heck some power companies will turn down your air conditioning.
Phone companies can and do throw people off of their services for breaking their ToS.
It's like banning someone from a shopping mall because they're carrying weapons. You may not be liable for crimes they commit with those weapons but you still want to prevent it.
When you use electricity to power your porn, that porn doesn't pass through the electricity company to get to you.
An ISP absolutely has the right to refuse letting some stuff pass through their servers if they want.
That'll actually make things worse. It'll mean that every company has no choice but to to pursue infringers or risk losing the copyright. An indie studio who can't afford to sue people (especially when the awards would be small or not paid)? They're fucked.
The new atoms seem pretty much designed for Windows 8 tablets. Lower power, cooler, much cheaper, they'll fix a whole load of problems with a core i5 based tablet. It won't be as fast but it'll run office, skype, a browser, 1080p vids and angry birds.
So it's a value that's well within random fluctuation levels? Meanwhile, how's the reliability, memory usage, compatibility, performance outside of that single game?
I didn't get the job but I did come out of it with 50 picarats!
Lots of people think this is stupid... Until it happens to them.
You underestimate how valuable a sanity check on a project can be. Someone who can tell you that they're using the right software, the right methods for some things, that using xyz for abc isn't a good idea and that 123 would be better suited to it. They can get professional feedback on designs and processes etc.
Yeah a full time consultant working for a month then providing advice when needed is better but they also cost a large amount of money.
CGI/special effects company that wanted to branch out into web development gave me an 'interview' about a drupal development job. Got there, they talked to me about the 'job' (they wanted a drupal based booking system). Spent the next hour talking about how I'd go about implementing it, why it was possible under Drupal and commented on some prototypes they'd drawn out. Generally felt like the 'interview' was going well, agency afterwards said they'd been really impressed with me and would 'certainly' get in contact.
Naturally I never heard from them again and I then realised I had wasted an afternoon driving to this place to give them a valuable consultation session that they didn't have to pay a penny for. Was naive in retrospect but I've been poor interviewee in the past (incredibly shy which a lot of people mistake for lack of interest/motivation) and was a bit too keen to impress.
It's illegal in the UK to offer an interview when there's no job available but it's next to impossible to prove (they just say a client backed out or they decided to go a different direction).
The teacher thing of "in their own time with their own materials" is misleading. Teachers are paid and expected to do work out of school hours as part of their salary. Also, if a teacher decides to create and market their own teaching materials or write about a new teaching method, they have access to lots of classes of kids with which to test their product on. They could be getting paid by the state to do research that will ultimately only benefit them, using other people's children as Guinea pigs.
Why exactly should something being automated stop it from being a crime?
It's the responsibility of the creator of an algorithm to ensure that measures are taken to make sure it obeys the law. If someone creates a robotic hedge trimmer that then decides that people's necks also need trimming and runs amok, should the creator get away with it because it was down to his algorithm doing it automatically?
That's legalising libel through weasel words.
A newspaper could quite easily use that principle to do front pages of "numerous reports that politician xyz secretly sacrifices goats to a pagan fertility goddess!".
A lie doesn't become true if it's repeated enough.
He was given a second chance.
Then he ran a vulnerability scanner on their server.
Duress doesn't mean "if you don't sign it you're fired/expelled/sued". If it did it would be illegal for someone to sign and accept formal warnings or bad performance reviews (along with thousands of other types of contracts).
If I see someone go around my house, checking all the doors and windows for ones that are unlocked or able to be forced open I'm not going to think "that's fine, I'm happy with the quality of my security", I'm going to call the police.
If someone is running unauthorised scans on your server, you've got to assume hostile intentions.
The problem with SSDs is not that they fail. It's that they fail completely without warning (or at least mine did), no have no chance to do emergency backups, order a replacement and no way of running repair utilities to reconstruct some of the files.
I've had HDDs die but never complete data loss out of the blue like with the OCZ Vertex 2.
The loophole in that if you pull into a car park and claim you were just idling, it's near impossible to prove otherwise.
This isn't just a "America is a police state!!!11" thing, these laws are incredibly common throughout different countries. The main justification is that Too many drunk drivers pull this off and even if you do it "legitimately", sleeping behind the wheel of a car is generally considered a bad thing to do, even when it isn't running.
"hnnng wazzat thing that's really uncomfortable, can't I move it" *click* "heehee it almost feels like this car is rolling down this sloped car park, I drank way too much!"
People do stupid things when drunk.
By that argument, drunk driving in general is fine unless you hurt someone.
How exactly is turning on a car not operating the vehicle when drunk?
If you're drunk you cannot be trusted to "just leave it in park"
Because lots of drunk drivers would use the loophole of claiming not to be driving the vehicle when the police found them to try to escape prosecution.
You are not allowed to operate a vehicle when drunk. Starting the car is operating it.
She could've drunkenly removed the handbrake or put it into gear, or she could've just been flat out lying (the reason this is a specific definition of DUI is to prevent drunk drivers pulling into a car park and claiming they never drove the car anywhere).
As for your second, completely made up example. Why exactly is your car being broken into something the police need to rush to? There's no crime in progress, there's no risk to life, it's unlikely they'll catch the guy whether they arrive 10 minutes or 2 days after. Your second example is a crime in progress with a realistic chance of catching the person committing it.