I think the worst advice I've seen is when people recommend using some algorithm to make long painful "good" passwords that are variations of each other.
Someone who uses:
mysecr1tword4gawker.com for fun and
mysecr1tword4mybank.com for their bank isn't that much safer than if they had just used the same password for both.
If passwords were cracked by humans, like in the movies, with one very intelligent person focussing on one password: true.
However, passwords are not cracked by humans, they're cracked by algorithms. Do the algorithms calculate: "delete the string gawker.com and substitute the string mybank.com and then try this on all the possible banks where target might have an account? Dubious."
...IMHO OpenID is the best idea. You only need to put your trust in 1 identity provider - where it's worth the effort to set up a good password and 2-factor auth.
Single-point failure.
You've now put your trust in a system that you don't actually control, which is a high-enough value target that it IS worth an intelligent attack, by humans, instead of a dumb attack by robots. And using techniques more sophisticated than "random trial and error of commonly used phrases".
Today computers offer keychains like Gnome Keyring and KWallet for Linux, and often offer a password-generating tools, browsers also remember the passwords. Creating a complex 30 character password and keeping in the browser takes 4 clicks, creating a complex password and keeping it in the keyring and browser takes 8-9 clicks, creating a stupid password that anyone can crack takes thinking, 6-7 keystrokes and then having to remember it. Laziness is no excuse when you're encouraged to be even more lazy with the complex ones.
Well, yes. Of course, this means you now have a single-point failure mode for ALL of your accounts now; somebody sneaks into your browser, and your complex passwords are all useless.
And it doesn't help, because when the sites you have to log into vary their URL and you have to log in to their site and your browser doesn't know which password to use, you're toast.
Your browser burps, and you're toast.
Your keychain freezes, and you're toast.
You're accessing from some other system, and you're locked out of everything.
If only all the systems would have the same requirements for passwords, I would be able to deal with even those requirements, and come up with a system that gives me a different password on every system.
Unfortunately, the systems are all different. One system I log into says I have to begin and end with a letter. Another says I CAN'T end with a letter or number. Another says I have to include a symbol character, but not at the beginning or end, and only from the set of nine symbols !@#$^&*() --OK, so why not %? Why not or ? Another system says I have to --
I can't come up with a system, because so far EVERY system I've come up with gets broken by one or another "requirement" for what's not allowed.
If Anonymous is made up of random people who care about the issue of the moment, how do you investigate them over time?
This question begins with "if", which is to say, an unsupported hypothesis. That implies a complementary"if" hypothesis, "On the other hand, if Anonymous is NOT made up of random people...".
Is there any particular reason to think that "Anonymous" isn't always primarily the same handful of people? Since you don't know who they are, how do you know that they aren't the same?
The article says that "a number of Assage's wealthy friends" pledged the $317,000 bail-- the summary is vastly inaccurate saying "Michael Moore" posted the bail.
Actually: "The BBC says bail was set at 200,000 British pounds — about $317,000. A number of Assange's wealthy friends appeared in court today to pledge the funds."
So, Moore put up six percent of the bail-- but publically claims he "posted Julian Assage's Bail". Gosh.
"most technologically advanced" - err, by what standard? It doesn't even appear to have legs or be able to walk.
Um, what use would legs or the ability to walk be for a robot that is built for use the International Space Station, a facility that has neither gravity nor a planetary surface to walk on?
In any case, there are versions of Robonaut with planetary-surface mobility-- take a look at the Robonaut site; there's one on the front page: http://robonaut.jsc.nasa.gov/
It appears to be decades behind the stuff coming out of Japan.
Which space-qualified zero-gravity robot from Japan dating to "decades" back might you be referring to?
One presumes that you meant to say General Motors' (or General Motors's if you prefer) NASA Robot On Tour.
So, Robonaut is now credited to General Motors, and Robert Ambrose and the Robonaut group at NASA Johnson Space Center don't even get a shout out anymore?
Excellent. Don't stop there; There are a lot of other useless keys on my way-too-big keyboard as well. There are 127 keys on the keyboard in front of me right now. By my count, over 40 of these are little buttons that are used so rarely that they could be easily removed and replaced by key combinations with no loss in functionality
In my dream world, every programmer would be required to spend one day a week working on the help desk, just to get a chance to see what is important to the actual people who use the software.
The article seems to be detailing diplomacy as usual.
I hear this a lot, and I find it overly cynical.
Imagine an article describing someone being brutally murdered. Picture...
That's fine, but the cables in question aren't about people being murdered, brutally or otherwise. (Possibly other cables, but not the ones discussed in this article). The ones under discussion in the article are about diplomats making offers like "we will give your country fifty million dollars in foreign aid to support project xx if you do yy action that supports the U.S. policy"
But the summary in the article is very inaccurate. The actual article refernced makes a lot of innuendo, but doesn't actually show any "bullying and manipulating" at all. It says that US diplomats were asked to find evidence of "UN treaty circumvention" and "deals between nations." Well, yes, that seems to be something diplomats should do. And it suggested that the US made some offers of foreign aid in response to countries doing what we want. Well, yes, that's how foreign aid works. The article seems to be detailing diplomacy as usual.
1. Attack Amazon's infrastructure from their home computer 2. Post about it on twitter 3. Make videos of the attack and blog 4. Try to recruit sidekicks 5. Brag about it on IRC and the interwebs.
The only way to do security of this type effectively IS the way other countries (like Israel) do it - and that is with profiling
Except that Israel does not use profiling for airport security.
Israeli security experts have repeatedly emphasized that, in their view, profiling is an open invitation to terrorism. Terrorists need only to find out what profile is being used, and then they're in; they just use a terrorist that doesn't fit the profile. Profiling fails.
The Israelis use questioning. 100% questioning.
The US, on the other hand, does use profiling. The last time I was detained for detailed questioning (because, for reasons beyond my control, I'd bought a one-way ticket at the last minute-- a profiling flag), every other person in the group was a middle-Eastern or Indian male. It was pretty darn obvious what the profile was.
I'm not comfortable with the government keeping tabs on each citizen, where they go, who they talk to, and who they may be related to. That is what the Israeli profiling will bring to our country, and it is just as wrong as these scanners.
Exactly. The Israeli method is to do detailed questioning (they call it "interviewing") of every passenger. Not just the ones "profiled" according to some prejudice-- ever one.
Do you really think that it's less of an invasion of privacy to give the government the mandate to have their agents ask detailed questions of everybody who wants to travel, with no limitation on what subjects are fair game for questioning, and if you answer "wrong" you get detained (for how long?) for further questioning?
This would mean saying "goodbye privacy" for anybody who wants to travel. Actually, I'd rather have them scan my junk.
"...The recipients include the engineer behind the digital camera, the Intel team that designed the first computer microprocessor, and the inventor of the adhesive 'super glue.'”
This is a problem with English, in which the terminology "radiation" is a very broad term, and more importantly it's a problem with the popular understanding of "radiation". But, yes, the general terms "radiate" "radiation" "irradiate" can apply to electromagnetic, particulate, and even sound radiation of all wavelengths.
What is most interesting about the images is that the millimeter wave images show passengers in the background, not just the passenger being scanned. Apparently they just irradiate the whole area.
Slashdot Mirror
that Flash was 'as good as dead"?
I think the worst advice I've seen is when people recommend using some algorithm to make long painful "good" passwords that are variations of each other.
Someone who uses:
mysecr1tword4gawker.com
for fun and
mysecr1tword4mybank.com
for their bank isn't that much safer than if they had just used the same password for both.
If passwords were cracked by humans, like in the movies, with one very intelligent person focussing on one password: true.
However, passwords are not cracked by humans, they're cracked by algorithms. Do the algorithms calculate: "delete the string gawker.com and substitute the string mybank.com and then try this on all the possible banks where target might have an account? Dubious."
...IMHO OpenID is the best idea. You only need to put your trust in 1 identity provider - where it's worth the effort to set up a good password and 2-factor auth.
Single-point failure.
You've now put your trust in a system that you don't actually control, which is a high-enough value target that it IS worth an intelligent attack, by humans, instead of a dumb attack by robots. And using techniques more sophisticated than "random trial and error of commonly used phrases".
Today computers offer keychains like Gnome Keyring and KWallet for Linux, and often offer a password-generating tools, browsers also remember the passwords. Creating a complex 30 character password and keeping in the browser takes 4 clicks, creating a complex password and keeping it in the keyring and browser takes 8-9 clicks, creating a stupid password that anyone can crack takes thinking, 6-7 keystrokes and then having to remember it. Laziness is no excuse when you're encouraged to be even more lazy with the complex ones.
Well, yes. Of course, this means you now have a single-point failure mode for ALL of your accounts now; somebody sneaks into your browser, and your complex passwords are all useless.
And it doesn't help, because when the sites you have to log into vary their URL and you have to log in to their site and your browser doesn't know which password to use, you're toast.
Your browser burps, and you're toast.
Your keychain freezes, and you're toast.
You're accessing from some other system, and you're locked out of everything.
Doesn't help against phishing, either.
If only all the systems would have the same requirements for passwords, I would be able to deal with even those requirements, and come up with a system that gives me a different password on every system.
Unfortunately, the systems are all different. One system I log into says I have to begin and end with a letter. Another says I CAN'T end with a letter or number. Another says I have to include a symbol character, but not at the beginning or end, and only from the set of nine symbols !@#$^&*() --OK, so why not %? Why not or ? Another system says I have to --
I can't come up with a system, because so far EVERY system I've come up with gets broken by one or another "requirement" for what's not allowed.
If Anonymous is made up of random people who care about the issue of the moment, how do you investigate them over time?
This question begins with "if", which is to say, an unsupported hypothesis. That implies a complementary"if" hypothesis, "On the other hand, if Anonymous is NOT made up of random people...".
Is there any particular reason to think that "Anonymous" isn't always primarily the same handful of people? Since you don't know who they are, how do you know that they aren't the same?
How does that help Assange when he was denied bail?
He was granted bail.
The article says that "a number of Assage's wealthy friends" pledged the $317,000 bail-- the summary is vastly inaccurate saying "Michael Moore" posted the bail.
Actually: "The BBC says bail was set at 200,000 British pounds — about $317,000. A number of Assange's wealthy friends appeared in court today to pledge the funds."
So, Moore put up six percent of the bail-- but publically claims he "posted Julian Assage's Bail". Gosh.
Seriously, what are "hackers" going to do with my account? It's not even under my real name.
In answer to your question: they will post links to spam and malware.
Most people tend to use the same username and password for every site they register on, and their email.
Obligitory xkcd here: xkcd.com/972
They didn't qualify their description with the term "space-qualified" as you have.
Perhaps they didn't. Nevertheless, Robonaut is a space robot. Legs are not useful in a space robot.
This fact is all over the web, try a google search.
"most technologically advanced" - err, by what standard? It doesn't even appear to have legs or be able to walk.
Um, what use would legs or the ability to walk be for a robot that is built for use the International Space Station, a facility that has neither gravity nor a planetary surface to walk on?
In any case, there are versions of Robonaut with planetary-surface mobility-- take a look at the Robonaut site; there's one on the front page: http://robonaut.jsc.nasa.gov/
It appears to be decades behind the stuff coming out of Japan.
Which space-qualified zero-gravity robot from Japan dating to "decades" back might you be referring to?
One presumes that you meant to say General Motors' (or General Motors's if you prefer) NASA Robot On Tour.
So, Robonaut is now credited to General Motors, and Robert Ambrose and the Robonaut
group at NASA Johnson Space Center don't even get a shout out anymore?
Maybe a link to their 2000 IEEE Intelligent Systems article?
Excellent.
Don't stop there; There are a lot of other useless keys on my way-too-big keyboard as well.
There are 127 keys on the keyboard in front of me right now. By my count, over 40 of these are little buttons that are used so rarely that they could be easily removed and replaced by key combinations with no loss in functionality
So, I take it you didn't actually read the article being cited.
Number one: ignoring users.
In my dream world, every programmer would be required to spend one day a week working on the help desk, just to get a chance to see what is important to the actual people who use the software.
The article seems to be detailing diplomacy as usual.
I hear this a lot, and I find it overly cynical.
Imagine an article describing someone being brutally murdered. Picture...
That's fine, but the cables in question aren't about people being murdered, brutally or otherwise. (Possibly other cables, but not the ones discussed in this article). The ones under discussion in the article are about diplomats making offers like "we will give your country fifty million dollars in foreign aid to support project xx if you do yy action that supports the U.S. policy"
But the summary in the article is very inaccurate. The actual article refernced makes a lot of innuendo, but doesn't actually show any "bullying and manipulating" at all. It says that US diplomats were asked to find evidence of "UN treaty circumvention" and "deals between nations." Well, yes, that seems to be something diplomats should do. And it suggested that the US made some offers of foreign aid in response to countries doing what we want. Well, yes, that's how foreign aid works.
The article seems to be detailing diplomacy as usual.
1. Attack Amazon's infrastructure from their home computer .
2. Post about it on twitter
3. Make videos of the attack and blog
4. Try to recruit sidekicks
5. Brag about it on IRC and the interwebs
...
6. ???
7. Profit!
There have been some rather funny cases where a mod has been +5 Troll and similar mods. Well, at least they give me a giggle :)
I don't see anything contradictory about that-- ia post can be a troll, but a very very good one.
These works have been forgotten about a long time ago.
That statement is factually incorrect.
They should have been in public domain since nobody is profiting from them anymore.
That statement is factually incorrect.
http://www.amazon.com/Brainwave-Greatest-Masterpiece-Science-Grandmaster/dp/0743474864
The only way to do security of this type effectively IS the way other countries (like Israel) do it - and that is with profiling
Except that Israel does not use profiling for airport security.
Israeli security experts have repeatedly emphasized that, in their view, profiling is an open invitation to terrorism. Terrorists need only to find out what profile is being used, and then they're in; they just use a terrorist that doesn't fit the profile. Profiling fails.
The Israelis use questioning. 100% questioning.
The US, on the other hand, does use profiling. The last time I was detained for detailed questioning (because, for reasons beyond my control, I'd bought a one-way ticket at the last minute-- a profiling flag), every other person in the group was a middle-Eastern or Indian male. It was pretty darn obvious what the profile was.
I'm not comfortable with the government keeping tabs on each citizen, where they go, who they talk to, and who they may be related to. That is what the Israeli profiling will bring to our country, and it is just as wrong as these scanners.
Exactly. The Israeli method is to do detailed questioning (they call it "interviewing") of every passenger. Not just the ones "profiled" according to some prejudice-- ever one.
Do you really think that it's less of an invasion of privacy to give the government the mandate to have their agents ask detailed questions of everybody who wants to travel, with no limitation on what subjects are fair game for questioning, and if you answer "wrong" you get detained (for how long?) for further questioning?
This would mean saying "goodbye privacy" for anybody who wants to travel. Actually, I'd rather have them scan my junk.
"...The recipients include the engineer behind the digital camera, the Intel team that designed the first computer microprocessor, and the inventor of the adhesive 'super glue.'”
http://blogs.voanews.com/breaking-news/2010/11/17/obama-honors-scientists-and-engineers/
"millimeter wave isn't radiation. . ."
It is radiated.
This is a problem with English, in which the terminology "radiation" is a very broad term, and more importantly it's a problem with the popular understanding of "radiation". But, yes, the general terms "radiate" "radiation" "irradiate" can apply to electromagnetic, particulate, and even sound radiation of all wavelengths.
What is most interesting about the images is that the millimeter wave images show passengers in the background, not just the passenger being scanned. Apparently they just irradiate the whole area.