It is about time security is done from the attacker perspective. Yes, it is a good idea to think that "if an attacker can do it, we can do it too and disable accounts we can compromize". Running widespread password lists against your own password database is a good security practice and you are indeed helping your users much more than trying to enforce a stupid password policy.
The way it is written also looks like a press release written for the average non-nerd. "Number crunching" ? No, climate simulation. "Years on a desktop-PC" ? yeah, we can do the math. And desktop PC doesn't really make any sense (I can fit a number of GPUs on my desktop PC)
For human-vs-human, I agree you can look at others but others can look at you too. You can find the name of a pretty girl and try to harass her, but then she can also report your name to the police.
Things change however when it is human-vs-non human, like companies, state or police. Except for the police, they could already do it for years.
I never used it in France because I had unlimited texting/messaging with my 2EUR/month plan. Moved to the US, got the cheapest-yet-horribly-expensive plan and didn't have unlimited texting, so I started using whatsapp, and... it works.
I guess whatsapp is just popular in countries where data is cheaper than texting/messaging, but that's just because the carrier have stupid pricing. The day they stop this nonsense, maybe whatsapp will no longer be needed.
So true. A couple of years ago, I bought a wattmeter and measured pretty much everything. The result was incredible : while my LCD screen would switch from ~30 to 0.05 watts when in standby (with the LED yellow), my USB external drive would only go from 14 to 9 Watts... when the power button was on "0".
Yes, a physical switch that makes you believe that the power is completely off (no noise no light) was actually only controlling the standby state of the drive, leaking 9 watts when powered off ! That should be illegal.
I don't really care about systemd as long as it works and is fast, but Unity is definitely a failure. It's been 5 years now and I'm still not used to it, and find it a terrible UI compared to Gnome 2.
Not better for Tablets, not better for TVs, and for sure not better for desktop.
The only good thing I like is the windows shortcut to launch an application with the keyboard, but that would be easy to do on Gnome 2 also.
Unfortunately, Gnome 3 was not better, and the Gnome project abandoned Gnome 2, so the remaining support on Gnome2 is too small now to make it work with latest software.
I'm still using my old Core2Duo laptop on 10.04 because it is way faster than any recent laptop on 14.04 or 16.04. Just added an SSD, it boots in 14 seconds and launches any application instantly. I installed 12.04 on it because I wanted to get updates, but it was clearly slower, so I sticked to 10.04.
Not quite true. ARM is by far the biggest threat for Intel, which is why they want to go slower and be more energy efficient.
I think their message is bad, they should advertise their improvement in energy efficiency over ARM, but at least pretend they're as fast as before (or even faster in some areas).
The opposite is true also. Some arrive at 9am and ask those who leave at 5pm "did you take your PM off ?". Depends on the company, depends on the country, depends on the persons.
H1-B here. And I agree so much with you. It's a shame that legitimate foreign qualified workers now have to play the lottery to get to the US because some companies are abusing the system. An H1-B reform is needed for the US, but also for foreign workers who would like to come to the US and cannot get an H1-B because of the flooding companies.
Extending the H1-B quota is just a temporary workaround that won't help. The government should look for abusing companies and sue them. That's not so hard : look at the salaries, look at the number of applications (per-company), and it's pretty clear who is abusing the system. Prioritizing high salaries would certainly be unfair since the silicon valley would get all H1-Bs, but there is something to do about that.
Agreed. I've been typing french with a qwerty keyboard for 15 years and it is actually better to type french than an azerty keyboard when you use the Compose key.
It's actually way more regular : on an azerty keyboard, typing an é is one stroke, but typing an ê is 3 (and a completely different logic).
Compose, on the other hand, is like magic, and getting an € is as simple as merging an E with a = (completely logical !). Plus you can write german ß, or other european characters such as ø, ñ,... with a simple and intuitive method.
Too bad not many people know about this, and that windows "international qwerty" mode is not using a Compose key either.
The article completely fails to list France and UK as growing countries... it is really a lame article.
But your comment is just... completely stupid. You cannot separate muslims from frenchs, germans, as two distinct categories. Most french-born muslim only speak french, have a french culture, potentially mixed with north-african culture (or not). EU is not the US. Even if integration is not perfect, it is still very different from the US where people never mix. Global culture has always evolved depending on the migration flows, but the idea that the french culture could be completely replaced by a "muslim" culture is just extreme-right bullshit to feed the "fear of the fanatic bearded muslim terrorist".
Agreed. A long time ago (15 years ?), encryption in France was limited to a certain number of bits. This was a real annoyance for any government / educational / company because they had to use specially-weak software (remember ssj instead of ssh ?) while everyone else did not care.
Same in France. Stupidly restrictive taxi regulation lead to a nonsense : taxi drivers are so powerful that they don't care about customers, there's not enough taxis (you can wait for an hour to get one), and the service is just poor and expensive. As a side effect, taxi license reselling has become an investment for newcomers and a life insurance for old drivers, which makes it impossible to get out of the system without getting all drivers mad (and in a bad situation).
But the fault is on the taxi lobby for pushed their monopoly too far. Some would say it is understandable, because it means better situation for them, so why not do it ?
My answer : because some day, it may backfire at you, and you'll deserve it.
If people are upset and someone tries to change the balance, you'll get no support from the population. I don't know how people feel in Germany, but in France, most people who use taxis frequently are quite happy with Uber trying to shake the coconut tree (as we say).
Indeed. The conclusion is particularly true : we should neither accept not dismiss the results (unless we prove them wrong). And that's the hardest thing : saying "I don't know" is just so hard. In all fields people ask others to make their choice. Saying "I don't know" is seen as a weak response although it should be the only sane thing to say about science, except for a few specialist in the domain who studied the matter in depth (hence not immediately after).
No. Headline should be 650 TB. Counting data size in bits makes no sense. Bits are no longer used except to obfuscate figures, or in some very special cases like network speeds, and even there it's mostly used just to brag about high speeds (100 Gb/s !!! Wow !!!).
Yeah. Big news : mushrooms are 0 calories, so they're emitting *infinite* greenhouse gas per calorie. I'm surprised there is not an infinite quantity of greenhouse gas on earth.
Oh, wait, because we're not trying to get even 1 calorie from eating mushrooms !
Yeah, because you always know the right solution to any problem you encounter, right ?
Being wrong is absolutely ok if you are able to listen to what others say and change your opinion (that's called learning and this is good !). This is the only sane way to go. But politicians can hardly do this because the press (and the whole society) would only talk about how wrong their previous declaration was.
Inefficient for a computer, but very efficient for a person, who has significant dedicated hardware for language processing.
True.
That's why using combinations of words makes a good password for a human to remember, but hard for a computer program to crack. https://xkcd.com/936/
True and wrong. In this 3word case, those 3 words are completely unrelated (random). Which makes them not so easy to remember, especially because you need a relatively vast dictionary to map the entire earth. For passwords, people will always keep a password where words kind of work together (if you enforce 4 words, then "this is my password" will definitely be the #1). It's hard for computers to know which combinations make more sense than others, but recent advances in machine learning could change that (and also show that stupid password policies currently in use are completely missing the point : length or special characters don't help, the only thing that makes a good password is randomness/unicity to the human mind).
Back to the map, maybe it would be good to improve the word distribution so that combinations making more sense are located in dense areas (and not in the middle of the sea). Or just create a colored map where you can see combinations which make more sense so that you can easily pick one if your place has more than one.
French provider Free has been blocking ads for years. First as an ISP, then also for mobile customers.
This started during the Free-Google war which settled in the meantime, but the ad blocking is still in effect. But that won't make all companies do the same.
In fact, only Free can do that since they do not rely on any collaboration or contracts with ad providers. All the others are stuck because they are either part of a big advertisement group or have heavy bilateral contracts with ad agencies.
It is actually also a good source for language-related issues, good practices, often with links to relevant documentation. It is always good to discuss and share about programming and spread the knowledge. Whether readers will really try to understand or not is a different story and should really not be SO's fault. Whatever the way you spread programming-related information, there will always be some who just want to copy-paste it (and sometimes for good because their usage is not critical at all).
That could actually turn into a very sane situation. If you add a constraint to sell the vulnerability to the responsible company if that company is willing to match the highest bidder, then it could be really helpful :
- Security researchers get paid for their work
- Companies get an incentive to improve security before releasing products
That's what happen when you fight against human beings : they work around you. We're constantly told that adding a special character makes your password so much stronger... those people must be morons to think that because they enforce a special character, people will start using randomly generated password. We're human beings, not machines, so we'll choose myusualpassword1! and not 4@dE^5%3SfdSF because the first is so much easier to remember.
And that's actually fine : we're now all using web interfaces to login which are able to slow down the try rate so that a 10000-ish complexity is enough for most cases.
Slashdot Mirror
It is about time security is done from the attacker perspective. Yes, it is a good idea to think that "if an attacker can do it, we can do it too and disable accounts we can compromize". Running widespread password lists against your own password database is a good security practice and you are indeed helping your users much more than trying to enforce a stupid password policy.
The way it is written also looks like a press release written for the average non-nerd. "Number crunching" ? No, climate simulation. "Years on a desktop-PC" ? yeah, we can do the math. And desktop PC doesn't really make any sense (I can fit a number of GPUs on my desktop PC)
Mod parent up.
For human-vs-human, I agree you can look at others but others can look at you too. You can find the name of a pretty girl and try to harass her, but then she can also report your name to the police.
Things change however when it is human-vs-non human, like companies, state or police. Except for the police, they could already do it for years.
Yes, it is simply a replacement for SMS/MMS.
I never used it in France because I had unlimited texting/messaging with my 2EUR/month plan. Moved to the US, got the cheapest-yet-horribly-expensive plan and didn't have unlimited texting, so I started using whatsapp, and ... it works.
I guess whatsapp is just popular in countries where data is cheaper than texting/messaging, but that's just because the carrier have stupid pricing. The day they stop this nonsense, maybe whatsapp will no longer be needed.
So true. A couple of years ago, I bought a wattmeter and measured pretty much everything. The result was incredible : while my LCD screen would switch from ~30 to 0.05 watts when in standby (with the LED yellow), my USB external drive would only go from 14 to 9 Watts ... when the power button was on "0".
Yes, a physical switch that makes you believe that the power is completely off (no noise no light) was actually only controlling the standby state of the drive, leaking 9 watts when powered off ! That should be illegal.
I don't really care about systemd as long as it works and is fast, but Unity is definitely a failure. It's been 5 years now and I'm still not used to it, and find it a terrible UI compared to Gnome 2.
Not better for Tablets, not better for TVs, and for sure not better for desktop.
The only good thing I like is the windows shortcut to launch an application with the keyboard, but that would be easy to do on Gnome 2 also.
Unfortunately, Gnome 3 was not better, and the Gnome project abandoned Gnome 2, so the remaining support on Gnome2 is too small now to make it work with latest software.
That really sucks.
I'm still using my old Core2Duo laptop on 10.04 because it is way faster than any recent laptop on 14.04 or 16.04. Just added an SSD, it boots in 14 seconds and launches any application instantly. I installed 12.04 on it because I wanted to get updates, but it was clearly slower, so I sticked to 10.04.
Not quite true. ARM is by far the biggest threat for Intel, which is why they want to go slower and be more energy efficient.
I think their message is bad, they should advertise their improvement in energy efficiency over ARM, but at least pretend they're as fast as before (or even faster in some areas).
The opposite is true also. Some arrive at 9am and ask those who leave at 5pm "did you take your PM off ?". Depends on the company, depends on the country, depends on the persons.
They may add an ad-blocker to Chrome ... to block and ad that is not coming from Google.
H1-B here. And I agree so much with you. It's a shame that legitimate foreign qualified workers now have to play the lottery to get to the US because some companies are abusing the system. An H1-B reform is needed for the US, but also for foreign workers who would like to come to the US and cannot get an H1-B because of the flooding companies.
Extending the H1-B quota is just a temporary workaround that won't help. The government should look for abusing companies and sue them. That's not so hard : look at the salaries, look at the number of applications (per-company), and it's pretty clear who is abusing the system. Prioritizing high salaries would certainly be unfair since the silicon valley would get all H1-Bs, but there is something to do about that.
Agreed. I've been typing french with a qwerty keyboard for 15 years and it is actually better to type french than an azerty keyboard when you use the Compose key.
It's actually way more regular : on an azerty keyboard, typing an é is one stroke, but typing an ê is 3 (and a completely different logic).
Compose, on the other hand, is like magic, and getting an € is as simple as merging an E with a = (completely logical !). Plus you can write german ß, or other european characters such as ø, ñ, ... with a simple and intuitive method.
Too bad not many people know about this, and that windows "international qwerty" mode is not using a Compose key either.
The article completely fails to list France and UK as growing countries ... it is really a lame article.
But your comment is just ... completely stupid. You cannot separate muslims from frenchs, germans, as two distinct categories. Most french-born muslim only speak french, have a french culture, potentially mixed with north-african culture (or not). EU is not the US. Even if integration is not perfect, it is still very different from the US where people never mix. Global culture has always evolved depending on the migration flows, but the idea that the french culture could be completely replaced by a "muslim" culture is just extreme-right bullshit to feed the "fear of the fanatic bearded muslim terrorist".
Agreed. A long time ago (15 years ?), encryption in France was limited to a certain number of bits. This was a real annoyance for any government / educational / company because they had to use specially-weak software (remember ssj instead of ssh ?) while everyone else did not care.
That was the stupidest thing to do.
Same in France. Stupidly restrictive taxi regulation lead to a nonsense : taxi drivers are so powerful that they don't care about customers, there's not enough taxis (you can wait for an hour to get one), and the service is just poor and expensive. As a side effect, taxi license reselling has become an investment for newcomers and a life insurance for old drivers, which makes it impossible to get out of the system without getting all drivers mad (and in a bad situation).
But the fault is on the taxi lobby for pushed their monopoly too far. Some would say it is understandable, because it means better situation for them, so why not do it ?
My answer : because some day, it may backfire at you, and you'll deserve it.
If people are upset and someone tries to change the balance, you'll get no support from the population. I don't know how people feel in Germany, but in France, most people who use taxis frequently are quite happy with Uber trying to shake the coconut tree (as we say).
Indeed. The conclusion is particularly true : we should neither accept not dismiss the results (unless we prove them wrong). And that's the hardest thing : saying "I don't know" is just so hard. In all fields people ask others to make their choice. Saying "I don't know" is seen as a weak response although it should be the only sane thing to say about science, except for a few specialist in the domain who studied the matter in depth (hence not immediately after).
No. Headline should be 650 TB. Counting data size in bits makes no sense. Bits are no longer used except to obfuscate figures, or in some very special cases like network speeds, and even there it's mostly used just to brag about high speeds (100 Gb/s !!! Wow !!!).
Yeah. Big news : mushrooms are 0 calories, so they're emitting *infinite* greenhouse gas per calorie. I'm surprised there is not an infinite quantity of greenhouse gas on earth.
Oh, wait, because we're not trying to get even 1 calorie from eating mushrooms !
Yeah, because you always know the right solution to any problem you encounter, right ?
Being wrong is absolutely ok if you are able to listen to what others say and change your opinion (that's called learning and this is good !). This is the only sane way to go. But politicians can hardly do this because the press (and the whole society) would only talk about how wrong their previous declaration was.
Inefficient for a computer, but very efficient for a person, who has significant dedicated hardware for language processing.
True.
That's why using combinations of words makes a good password for a human to remember, but hard for a computer program to crack. https://xkcd.com/936/
True and wrong. In this 3word case, those 3 words are completely unrelated (random). Which makes them not so easy to remember, especially because you need a relatively vast dictionary to map the entire earth. For passwords, people will always keep a password where words kind of work together (if you enforce 4 words, then "this is my password" will definitely be the #1). It's hard for computers to know which combinations make more sense than others, but recent advances in machine learning could change that (and also show that stupid password policies currently in use are completely missing the point : length or special characters don't help, the only thing that makes a good password is randomness/unicity to the human mind).
Back to the map, maybe it would be good to improve the word distribution so that combinations making more sense are located in dense areas (and not in the middle of the sea). Or just create a colored map where you can see combinations which make more sense so that you can easily pick one if your place has more than one.
French provider Free has been blocking ads for years. First as an ISP, then also for mobile customers.
This started during the Free-Google war which settled in the meantime, but the ad blocking is still in effect. But that won't make all companies do the same.
In fact, only Free can do that since they do not rely on any collaboration or contracts with ad providers. All the others are stuck because they are either part of a big advertisement group or have heavy bilateral contracts with ad agencies.
It is actually also a good source for language-related issues, good practices, often with links to relevant documentation. It is always good to discuss and share about programming and spread the knowledge. Whether readers will really try to understand or not is a different story and should really not be SO's fault. Whatever the way you spread programming-related information, there will always be some who just want to copy-paste it (and sometimes for good because their usage is not critical at all).
That could actually turn into a very sane situation. If you add a constraint to sell the vulnerability to the responsible company if that company is willing to match the highest bidder, then it could be really helpful :
- Security researchers get paid for their work
- Companies get an incentive to improve security before releasing products
Sooooo True.
That's what happen when you fight against human beings : they work around you. We're constantly told that adding a special character makes your password so much stronger ... those people must be morons to think that because they enforce a special character, people will start using randomly generated password. We're human beings, not machines, so we'll choose myusualpassword1! and not 4@dE^5%3SfdSF because the first is so much easier to remember.
And that's actually fine : we're now all using web interfaces to login which are able to slow down the try rate so that a 10000-ish complexity is enough for most cases.
Well, depends where you live. In the US, no doubt you'll get that for an indecent price.
In France, french ISP "Free" is proposing this kind of service for free for a long time (ad-filtering) both for fixed and mobile internet.