This seems like a good idea, except that it could still allow a "mob rule" effect. I would contend that having Facebook employees metamoderate, at least in disputed cases, would be a more effective approach overall. Your approach, however, could easily seed the system.
That is why the metamoderation is done by Facebook employees, who should be familiar with the TOS. It should work itself out eventually, with obvious abusers being given low reputations so that they are never asked to moderate again.
This is a much more difficult problem than it seems at first glance. Some other posters have already pointed out the problem of the "jury of your peers" concept with the example of the country Turkey. A similar problem arises if it is simply approached as "what is considered offensive in the host country" (in this case, the USA, since Facebook is based in the USA). Heck, there are pictures of my daughter in her soccer uniform that would be banned in Saudi Arabia because you can see her knees, never mind her ankles. Scandalous!
It is difficult to conform to all nations' "sensibilities" with regard to what is "inappropriate" without falling to the harshest restrictions, such as Sharia law or the Thai ban on any criticism of the Thai royal family.
Spotted Kangaroo (message 35830238 in this thread) has an interesting idea with using "trustworthy" members. I'm not sure how that "trustworthyness" would be calculated other than using a metamoderation system similar to Slashdot's. By using supposedly trustworthy members, and then allowing the Facebook staff to "metamoderate", especially in the instance of appeals against complaints, I think it could work reasonably well. It would take a while and considerable effort for shill accounts to build up enough "trustworthyness" to be able to have any impact since the shill accounts would have to show activity and not just longevity.
I like the "jury" system, though. It's better than letting people comment only on topics about which they have strong feelings. Given the large number of churches that use Facebook as the electronic bulletin board for their youth groups, I could see a disproportionate number of people moderating pro GLBT groups and pages down because it offends their beliefs. We need a random selection mechanism that still works fairly, such as trusting people to list languages understood honestly. I'd be useless in moderating a page in Turkish, for example.
Just a few thoughts. I hope that if someone notices a flaw in my reasoning that you could post a polite explaination of the flaw and propose a better solution. I'm not interested in the $100, so I thought I'd just toss a few ideas out for folks to use.
T-Mobile is the only provider that I've found in the USA that does not truncate the high bit on text messages. I can send text messages in Chinese and Japanese with my unlocked iPhone on T-Mobile. AT&T and Sprint clip the high bit. I hope AT&T won't screw up T-Mobile's network.
The real plan is more subtle and the real goal is more insidious.
The ultimate goal is to make Islam the dominant religion in the world, and make sharia law the primary legal system.
The plan is to destabilize economies or just let them fall apart on their own (such as in many African countries today) and then move in with massive quantities of money to build infrastructure, revitalize the economy, etc. all in the name of Islam. The Islamic benefactors will then be viewed as benefactors and will gain influential positions in government, eventually in positions where they can enact their legal "reforms" to bring the country's laws closer and closer to sharia law and bring society closer to their ideal as defined by Islam. It will be a slow process so as not to cause alarm, though in smaller and less influential countries the changes may be done more rapidly because, I hate to say, the majority of the world simply won't care what happens to some really, really poor African country that is not even a tiny blip on the economic or political radar.
Read the quote that Schneier had about one Al Quaeda "dollar" spent "defeating" millions of US dollars. The point is to cause economic instability and then have Islamic "benefactors" come in and save the day, at the cost of altering our culture to meet their requirements.
I'll leave it as an exercise for the reader to explore the potential implications that this could have on US, Mexican, and Canadian societies. (Canada and Mexico will eventually be targets, my friends - they're just going after us first because we have more economic and political power, but I doubt they'll be satisfied until they control everything, and Canada and Mexico both have so much to offer that they should be fairly high on the list of next targets.)
In China, they already have pre-nudie-scanner airport-like security at the train stations - at least for the longer distance trains like Hong Kong to Guangzhou or to Shenzhen. They don't have these in the Guangzhou Metro yet, though. I've seen these at long distance bus stations too (HK to GZ again, for example).
They even have them at the entrances to certain museums, the Guangzhou Science Center (which is an amazing science museum), and other similar attractions. No taking off your shoes, though. You just pass your bags through the x-ray machine and walk through the metal detector just like at an airport, but no metal-detector wand and pat-down like at the airports.
(posted again because it seems the first time didn't work.)
I guess the reverse is true too given the number of slashdotters who claim no Facebook use.
There is a difference between precognition and predestination. There is a difference between knowing what someone will do (precognition) and making it such that the individual has no choice in the matter and will do what you have predetermined that the individual will do (predestination).
The Bible makes it clear that everything is predestined.
That is one major problem that most people have with Christianity. If you take the Bible to its logical conclusion, God created a certain number of souls for the ultimate purpose of subjecting them to eternal torment. Is this a loving and kind god?
One part is old - imitating the web browser error page, specifically the IE error page. I've had many a chuckle when running Galleon or some other Linux browser and seeing it pop up a well-imitated IE error page.
The new part on this one is that they're checking which browser it is and making sure the error page matches the browser.
Yes, these exist.
I'm sure they have been in the US for years, but as I live in a small town in the US the only place I've ever seen these is in China. They are 3D (usually "in your face" type of 3D) with additional effects such as air jets, water sprays, and one even had a little rubber hose activated by air to simulate a snake under your chair. The most creative one also had several devices in the seats themselves to simulate being hit or touched by various things. It was rather strange, and it really freaked out my colleagues. My kids (two of whom were with me in Guangzhou on the trip) really enjoyed it.
For those of you who are saying 3D is a gimmick, you should try these so-called 4D movies.
As Senator Graham is one of my senators, I have contacted his office regarding this matter.
For those of you who contact your senators or representatives, please try to be civil. If you have appropriate qualifications in the field (advanced degrees, etc.), please politely offer your assistance to your senator's staff to help them understand the technical complexities of the proposal. That is exactly what I have done, and I have had significant success with this approach with Senator Jim DeMint. I am on his "call list" and I occasionally receive calls from his office when proposals like this come up and I am asked for my input on the matter. (I have not received a call on this one, so I will contact Senator DeMint's office once I've had a chance to read the bill. Often they do not recognize that there is a "computer security" component to a bill such as this - they just think "ID card" and do not think of the databases behind the cards.)
If you are polite and you have appropriate qualifications that your senator or representative will recognize, you may have an opportunity to have a positive influence in the process. Remember, though, that your senators and representatives are people who have fears, egos, and agendas just like everyone else. Show them that you want to work WITH them.
If you honestly cannot bring yourself to assist your senator or representative for whatever reason you have, then please at least be polite in your letters. An angry letter filled with vitriol and profanity will only alienate the recipient from your viewpoint.
This does NOT work on Sprint devices. I own one, and it came without any password by default, but with very clear instructions urging the user to set one and showing the user how to set one. (The MiFi device itself is great, by the way - please don't let Verizon's poor handling of the initial configuration turn you away from a wonderfully useful device.)
I agree with you, and with Nickodeemus and the other who all say that you should change the password ASAP, but the point I was trying to make (and apparently did not) was that to the average person, not the technically adept person, the long string of numbers appears to be a completely random string and seems perfectly strong.
The only reason I cracked this thing several months ago was that I did some recon on "MiFi" online first and discovered the manufacturer and the range of ESNs assigned, then I noticed pictures that had the last part of the password blanked out and I saw that the first part matched the first part of the ESN range for the manufacturer.
Numbers of that length would be decent passwords if they were not predictable. They never should have used the ESN. Even if they did something simple like HASHING the ESN it would have worked, because you normally can't see the ESN unless you've already attached to the device. That way, they still would have had a unique password for each device (the hash of the ESN instead of the ESN) but it would not be so easily predictable.
Such is life, I guess.
This article is NOT pointless, especially when you consider that the password is the ESN. That greatly narrows down the possible values because the first part of the ESN is assigned by manufacturer.
Also, it is NOT pointless because the average person will look at that long string of seemingly random numbers, and the strings are different for each unit because the string is the ESN of the chip, and will think that it is a secure, randomly generated number.
The length of the password itself is good. It is the fact that several of the digits are predictable, thus significantly reducing the number of values you need to try, that makes this significant. The average person will not know this and will THINK that it is secure.
My own testing: average time to break (on units that I had legal permission to scan, of course) was just over four minutes after forcing a reset.
This article is a wake-up call to companies that are issuing these things that they need to fix those passwords.
Clinton's only going to bring BACK cigars. They can get Cuban cigars in China. I brought some American cigars for a friend one time and he asked me about Cuban cigars, and it took the next 20 minutes to explain the embargo and why you cannot buy Cuban cigars in the USA. (I do not smoke, but he does.)
Marlboros are very popular over there, by the way, so if you have Chinese colleagues in China who smoke, bring a carton of Marlboros and you'll do well.
Pointing out that this bug dates back to 1993 is a very important part of the story, because it shows that even with their careful reviews of the code that things can still slip by.
Supposedly, Microsoft performed a review of all of the code used in Vista and Windows 7. This is not a slam against Microsoft, but an illustration that something as complex as Windows will always have security flaws no matter how hard you try to fix things after the fact. You cannot add security as a feature. It needs to be included from the initial design.
I was just surprised that they gave me a receipt. I still have the receipt just because I thought it was so funny. (I knew enough not to laugh at the customs officer, however.)
Other countries do this for far less important things.
I was crossing the border between Hong Kong and the mainland (yes, they still have standard border crossings there even though they are the same country now) and I was stopped for an APPLE. Not a computer, a piece of fruit. My traveling companion took a few bites of an apple that she brought from the hotel and then wrapped it up and handed it to me to carry for her while we were juggling our luggage.
I was stopped at the border and briefly questioned by the customs guy. He said I couldn't bring the apple into China and he gave me a receipt for one apple. I didn't bother trying to retrieve the apple when I went back to HK via the same train station.
If China will give a receipt for an apple, why can't the USA give a receipt for something as valuable and traceable (serial numbers, etc) as a laptop computer?
GMail is popular because it automatically handles character set conversions properly. Nearly all of my Chinese friends have GMail accounts. I've tried writing to them in Chinese on their Yahoo accounts, but Yahoo mangles the character sets. I've had similar problems with Hotmail. 126.com and 163.com (who thinks up these names?) both often reject email from GMail and US-based university accounts, which are all I have.
I hope Google will stay in China at least to allow GMail to continue to work there so people in China can have contact with those of us who are not in China.
Slashdot Mirror
This seems like a good idea, except that it could still allow a "mob rule" effect. I would contend that having Facebook employees metamoderate, at least in disputed cases, would be a more effective approach overall. Your approach, however, could easily seed the system.
That is why the metamoderation is done by Facebook employees, who should be familiar with the TOS. It should work itself out eventually, with obvious abusers being given low reputations so that they are never asked to moderate again.
This is a much more difficult problem than it seems at first glance. Some other posters have already pointed out the problem of the "jury of your peers" concept with the example of the country Turkey. A similar problem arises if it is simply approached as "what is considered offensive in the host country" (in this case, the USA, since Facebook is based in the USA). Heck, there are pictures of my daughter in her soccer uniform that would be banned in Saudi Arabia because you can see her knees, never mind her ankles. Scandalous!
It is difficult to conform to all nations' "sensibilities" with regard to what is "inappropriate" without falling to the harshest restrictions, such as Sharia law or the Thai ban on any criticism of the Thai royal family.
Spotted Kangaroo (message 35830238 in this thread) has an interesting idea with using "trustworthy" members. I'm not sure how that "trustworthyness" would be calculated other than using a metamoderation system similar to Slashdot's. By using supposedly trustworthy members, and then allowing the Facebook staff to "metamoderate", especially in the instance of appeals against complaints, I think it could work reasonably well. It would take a while and considerable effort for shill accounts to build up enough "trustworthyness" to be able to have any impact since the shill accounts would have to show activity and not just longevity.
I like the "jury" system, though. It's better than letting people comment only on topics about which they have strong feelings. Given the large number of churches that use Facebook as the electronic bulletin board for their youth groups, I could see a disproportionate number of people moderating pro GLBT groups and pages down because it offends their beliefs. We need a random selection mechanism that still works fairly, such as trusting people to list languages understood honestly. I'd be useless in moderating a page in Turkish, for example.
Just a few thoughts. I hope that if someone notices a flaw in my reasoning that you could post a polite explaination of the flaw and propose a better solution. I'm not interested in the $100, so I thought I'd just toss a few ideas out for folks to use.
T-Mobile is the only provider that I've found in the USA that does not truncate the high bit on text messages. I can send text messages in Chinese and Japanese with my unlocked iPhone on T-Mobile. AT&T and Sprint clip the high bit. I hope AT&T won't screw up T-Mobile's network.
The real plan is more subtle and the real goal is more insidious. The ultimate goal is to make Islam the dominant religion in the world, and make sharia law the primary legal system. The plan is to destabilize economies or just let them fall apart on their own (such as in many African countries today) and then move in with massive quantities of money to build infrastructure, revitalize the economy, etc. all in the name of Islam. The Islamic benefactors will then be viewed as benefactors and will gain influential positions in government, eventually in positions where they can enact their legal "reforms" to bring the country's laws closer and closer to sharia law and bring society closer to their ideal as defined by Islam. It will be a slow process so as not to cause alarm, though in smaller and less influential countries the changes may be done more rapidly because, I hate to say, the majority of the world simply won't care what happens to some really, really poor African country that is not even a tiny blip on the economic or political radar. Read the quote that Schneier had about one Al Quaeda "dollar" spent "defeating" millions of US dollars. The point is to cause economic instability and then have Islamic "benefactors" come in and save the day, at the cost of altering our culture to meet their requirements. I'll leave it as an exercise for the reader to explore the potential implications that this could have on US, Mexican, and Canadian societies. (Canada and Mexico will eventually be targets, my friends - they're just going after us first because we have more economic and political power, but I doubt they'll be satisfied until they control everything, and Canada and Mexico both have so much to offer that they should be fairly high on the list of next targets.)
In China, they already have pre-nudie-scanner airport-like security at the train stations - at least for the longer distance trains like Hong Kong to Guangzhou or to Shenzhen. They don't have these in the Guangzhou Metro yet, though. I've seen these at long distance bus stations too (HK to GZ again, for example). They even have them at the entrances to certain museums, the Guangzhou Science Center (which is an amazing science museum), and other similar attractions. No taking off your shoes, though. You just pass your bags through the x-ray machine and walk through the metal detector just like at an airport, but no metal-detector wand and pat-down like at the airports.
http://xkcd.com/695/ But this time it will be people...
(posted again because it seems the first time didn't work.) I guess the reverse is true too given the number of slashdotters who claim no Facebook use.
I guess the reverse is true, too, given the number of slashdotters who make it clear that they never use Facebook.
But it wasn't that great, apparently. Eccentrica Gallumbits said that Zaphod Beeblebrox was "the best bang since the big one."
There is a difference between precognition and predestination. There is a difference between knowing what someone will do (precognition) and making it such that the individual has no choice in the matter and will do what you have predetermined that the individual will do (predestination). The Bible makes it clear that everything is predestined. That is one major problem that most people have with Christianity. If you take the Bible to its logical conclusion, God created a certain number of souls for the ultimate purpose of subjecting them to eternal torment. Is this a loving and kind god?
These words will always exist. People will just come up with new ones. It's been done on TV enough. (Someone should compile a list of TV swear-words.)
One part is old - imitating the web browser error page, specifically the IE error page. I've had many a chuckle when running Galleon or some other Linux browser and seeing it pop up a well-imitated IE error page. The new part on this one is that they're checking which browser it is and making sure the error page matches the browser.
Yes, these exist.
I'm sure they have been in the US for years, but as I live in a small town in the US the only place I've ever seen these is in China. They are 3D (usually "in your face" type of 3D) with additional effects such as air jets, water sprays, and one even had a little rubber hose activated by air to simulate a snake under your chair. The most creative one also had several devices in the seats themselves to simulate being hit or touched by various things. It was rather strange, and it really freaked out my colleagues. My kids (two of whom were with me in Guangzhou on the trip) really enjoyed it.
For those of you who are saying 3D is a gimmick, you should try these so-called 4D movies.
For those of you who contact your senators or representatives, please try to be civil. If you have appropriate qualifications in the field (advanced degrees, etc.), please politely offer your assistance to your senator's staff to help them understand the technical complexities of the proposal. That is exactly what I have done, and I have had significant success with this approach with Senator Jim DeMint. I am on his "call list" and I occasionally receive calls from his office when proposals like this come up and I am asked for my input on the matter. (I have not received a call on this one, so I will contact Senator DeMint's office once I've had a chance to read the bill. Often they do not recognize that there is a "computer security" component to a bill such as this - they just think "ID card" and do not think of the databases behind the cards.)
If you are polite and you have appropriate qualifications that your senator or representative will recognize, you may have an opportunity to have a positive influence in the process. Remember, though, that your senators and representatives are people who have fears, egos, and agendas just like everyone else. Show them that you want to work WITH them.
If you honestly cannot bring yourself to assist your senator or representative for whatever reason you have, then please at least be polite in your letters. An angry letter filled with vitriol and profanity will only alienate the recipient from your viewpoint.
This does NOT work on Sprint devices. I own one, and it came without any password by default, but with very clear instructions urging the user to set one and showing the user how to set one. (The MiFi device itself is great, by the way - please don't let Verizon's poor handling of the initial configuration turn you away from a wonderfully useful device.)
I agree with you, and with Nickodeemus and the other who all say that you should change the password ASAP, but the point I was trying to make (and apparently did not) was that to the average person, not the technically adept person, the long string of numbers appears to be a completely random string and seems perfectly strong. The only reason I cracked this thing several months ago was that I did some recon on "MiFi" online first and discovered the manufacturer and the range of ESNs assigned, then I noticed pictures that had the last part of the password blanked out and I saw that the first part matched the first part of the ESN range for the manufacturer. Numbers of that length would be decent passwords if they were not predictable. They never should have used the ESN. Even if they did something simple like HASHING the ESN it would have worked, because you normally can't see the ESN unless you've already attached to the device. That way, they still would have had a unique password for each device (the hash of the ESN instead of the ESN) but it would not be so easily predictable. Such is life, I guess.
This article is NOT pointless, especially when you consider that the password is the ESN. That greatly narrows down the possible values because the first part of the ESN is assigned by manufacturer. Also, it is NOT pointless because the average person will look at that long string of seemingly random numbers, and the strings are different for each unit because the string is the ESN of the chip, and will think that it is a secure, randomly generated number. The length of the password itself is good. It is the fact that several of the digits are predictable, thus significantly reducing the number of values you need to try, that makes this significant. The average person will not know this and will THINK that it is secure. My own testing: average time to break (on units that I had legal permission to scan, of course) was just over four minutes after forcing a reset. This article is a wake-up call to companies that are issuing these things that they need to fix those passwords.
The Password is the ESN of the CDMA chip.
Clinton's only going to bring BACK cigars. They can get Cuban cigars in China. I brought some American cigars for a friend one time and he asked me about Cuban cigars, and it took the next 20 minutes to explain the embargo and why you cannot buy Cuban cigars in the USA. (I do not smoke, but he does.) Marlboros are very popular over there, by the way, so if you have Chinese colleagues in China who smoke, bring a carton of Marlboros and you'll do well.
Pointing out that this bug dates back to 1993 is a very important part of the story, because it shows that even with their careful reviews of the code that things can still slip by.
Supposedly, Microsoft performed a review of all of the code used in Vista and Windows 7. This is not a slam against Microsoft, but an illustration that something as complex as Windows will always have security flaws no matter how hard you try to fix things after the fact. You cannot add security as a feature. It needs to be included from the initial design.
I was just surprised that they gave me a receipt. I still have the receipt just because I thought it was so funny. (I knew enough not to laugh at the customs officer, however.)
Other countries do this for far less important things. I was crossing the border between Hong Kong and the mainland (yes, they still have standard border crossings there even though they are the same country now) and I was stopped for an APPLE. Not a computer, a piece of fruit. My traveling companion took a few bites of an apple that she brought from the hotel and then wrapped it up and handed it to me to carry for her while we were juggling our luggage. I was stopped at the border and briefly questioned by the customs guy. He said I couldn't bring the apple into China and he gave me a receipt for one apple. I didn't bother trying to retrieve the apple when I went back to HK via the same train station. If China will give a receipt for an apple, why can't the USA give a receipt for something as valuable and traceable (serial numbers, etc) as a laptop computer?
To respond to your second point, and to agree with it...
SQUIRREL!
(If you don't get it, see the movie "Up!")
GMail is popular because it automatically handles character set conversions properly. Nearly all of my Chinese friends have GMail accounts. I've tried writing to them in Chinese on their Yahoo accounts, but Yahoo mangles the character sets. I've had similar problems with Hotmail. 126.com and 163.com (who thinks up these names?) both often reject email from GMail and US-based university accounts, which are all I have.
I hope Google will stay in China at least to allow GMail to continue to work there so people in China can have contact with those of us who are not in China.