In my workplace, very strong passwords are strictly enforced and have to be changed frequently. Nobody writes them on sticky notes on their monitors. In practice, once you've typed a new password all day long, you have it memorized regardless of how complex it it.
Works if you only have one or two passwords - however most people these days have many services that require a password (often for no good reason). Often we use these services quite infrequently so "once you've typed a new password all daylong" doesn't apply.
My 4 important passwords are all different and all reasonably strong - but the 15 or so other ones are all the same. Making them different and changing them every few weeks would be just about impossible - I would be constantly using password reset.
just like his bank has every right to enforce strong passwords
Provided they really are strong. I object, however to a bank enforcing rules that seem like a good idea but actually do not improve the password strength at all.
Can't I be free not to change my password every month?
Actually he has a point. At least some of the policies imposed by sysadmins are not just pointless- they are actually counterproductive.
Changing your password every month is one of them. (This pretty much guarantees that most people wil react by using simpler - related passwords).
Never writing them down is another. Again encouraging weaker passwords - contrary to the advice it is quite safe to write down passwords in most circumstances.
Not using the same password for multiple sites is another. Most sites are fairly non-critical (hacking my techdirt account would not be the end of the world) using a common password for large groups of similar non-financial sites is fine.
Always including a number or non-alphanumeric character is another. The amount of extra entropy associated with expanding the character set is modest compared to the extra effort required to memorise it. In addition most people make obvious substitutions (A->4 s->$ etc) which don't trouble the average password cracking program even a little. Increasing password length is a much better solution.
All of these things are eminently practical in an environment where you have just one or two sites to find passwords for and use them frequently.
However in the modern world where you may have >>10 passwords it is simply impossible.
My advice is this - use the same short easy password for all non-critical sites. Ignore suggestions not to do this from the site. Most site owners believe their site is way more important to you than it actually is.
Use separate long (multi-word) passwords for the sites that matter. If you will only (or mostly) use them when at home then by all means write them down (at home only - if a burglar is rifling through your thingss then you have bigger problems than a cracked password and you will know to change it).
You are probably left with just one or two sites that demand you remember a secure password - hopefully that is not too hard.
If they don't have enough evidence to build a case with, dropping a bomb on the guy, potentially killing innocent people in the process shouldn't even remotely be considered. Even if the DO have enough evidence to build a case with, dropping a bomb on the guy, potentially killing innocent people in the process shouldn't even remotely be considered.
What is it with the US? Frankly targeted killing of any kind especially bombing someone other than as part of a proper declared war is itself terrorist behaviour and should not be considered by a nation that wants to think of itself as civilised.
I don't understand why university teachers bother to copy copyrighted stuff. I've taught in a university for over 20 years and the sum total of copied stuff I've used is three (separate) pages plus one copyright free package relating to some (copyright free) realtime s/w.
Everything else (many hundreds of pages) has been generated by me - and I could easily have done without the small amount of copying.
If I was typical then Access Copyright would never have had a business model in the first place.
Re: Re: This isn't the behavior of a dictatorship, how?
Uh...perhaps because it is a war theater and checking photo IDs before moving against hostiles is not an attractive or viable alternative.
When you consider that Leonard Chehire was prepared to risk his own life during a bombing raid in order to give civlians a chance to escape then it looks like your moral compass is a bit skewed in the direction of cowardice.
thinking it would be a nice experience to see a french canadian town, i drove up to saint-georges to look around. i had no idea the unpleasant experience i had ahead of me getting back into my homeland.
Just think - if you hadn't done that stupid "American Revolution" thing you could all be Canadians now - and you couold have done that trip without crossing the border.
Bad assumption - why would you use a live bullet in something like this?
Surely the use of a live bullet would bring the item under various firearms laws (you do have some firearms legislation in the US don't you?) which would place extra costs on the company making and selling them. It would also have product liability consequences that could be very samaging in the US which is even more lawsuit-happy than it is gun-happy.
Re: Re: Re: And lets have a list of how often the public borrows from Disney...
Uh, how do you think that the public gets artistic works if the artists can't eat and get health care? It's not a chicken or egg thing. Finding a way to feed and clothe artists will increase the amount of art in society.
This would do it - and would cost us less than copyright does. The public domain is a vast desert. Have you read the essay "Death of the Commons"? It's about the public domain.
I don't think it's what you were referring to (though you should read it). I think you were referring to the "tragedy of the commons" which is about common land not common culture.
There is an important difference between land and culture - land is a finite resource whereas culture is infinitely reproducible. If you understood that difference you would realise that your position is untenable.
To quote the relevant wikipedia article
"The tragedy of the commons is an economics theory by Garrett Hardin, according to which the depletion of a shared resource by individuals, acting independently and rationally according to each one's self-interest, act contrary to the group's long-term best interests by depleting the common resource. "
Basic point here - the public domain is not a finite resource that can be depleted. Total Analogy Failure.
That's a very dangerous idea, because that's what we have done every other election, and look what it's gotten us.
Unfortunately just about every system of government produces this slide effect.
The Roman system of the emperor choosing his successor sometimes worked (produced the five good emperors in the 2nd century) but earlier you had Julius Caesar - who chose someone a little bit worse than himself (Augustus) who chose someone a little bit worse (Tiberius) who chose someone a little bit worse (well quite a bit worse Caligula).
Any system will be as bad as the people who operate it.
The NSA itself is not the problem to be avoided for your hypothetical. It's safe to assume that the technical capabilities of the NSA are the same everywhere. It's also fairly safe to assume that the "limitations" imposed on the NSA with regards to US citizens are about as effective as a cheese grater at holding water.
and the constraints on the NSA within the US are actually slightly weaker than those outside it.
Outside the US if they don't get caught they can do what they like. Inside the US if they don't get caught they can do what they like.
Outside of the US if they get caught they are immediately exposed and forced to stop.
Inside the US if they get caught they can use their considerable influence on the judicial system and the political system to keep it covered up - until someone like Snowden blows the gaff.
On the post: You Want People To Have Strong Passwords? What Are You, Some Kind Of Communist?
Re: Re:
Works if you only have one or two passwords - however most people these days have many services that require a password (often for no good reason). Often we use these services quite infrequently so "once you've typed a new password all daylong" doesn't apply.
My 4 important passwords are all different and all reasonably strong - but the 15 or so other ones are all the same. Making them different and changing them every few weeks would be just about impossible - I would be constantly using password reset.
On the post: You Want People To Have Strong Passwords? What Are You, Some Kind Of Communist?
Re:
Provided they really are strong. I object, however to a bank enforcing rules that seem like a good idea but actually do not improve the password strength at all.
On the post: You Want People To Have Strong Passwords? What Are You, Some Kind Of Communist?
Re:
Actually he has a point.
At least some of the policies imposed by sysadmins are not just pointless- they are actually counterproductive.
Changing your password every month is one of them.
(This pretty much guarantees that most people wil react by using simpler - related passwords).
Never writing them down is another.
Again encouraging weaker passwords - contrary to the advice it is quite safe to write down passwords in most circumstances.
Not using the same password for multiple sites is another.
Most sites are fairly non-critical (hacking my techdirt account would not be the end of the world) using a common password for large groups of similar non-financial sites is fine.
Always including a number or non-alphanumeric character is another. The amount of extra entropy associated with expanding the character set is modest compared to the extra effort required to memorise it. In addition most people make obvious substitutions (A->4 s->$ etc) which don't trouble the average password cracking program even a little. Increasing password length is a much better solution.
All of these things are eminently practical in an environment where you have just one or two sites to find passwords for and use them frequently.
However in the modern world where you may have >>10 passwords it is simply impossible.
My advice is this - use the same short easy password for all non-critical sites. Ignore suggestions not to do this from the site. Most site owners believe their site is way more important to you than it actually is.
Use separate long (multi-word) passwords for the sites that matter. If you will only (or mostly) use them when at home then by all means write them down (at home only - if a burglar is rifling through your thingss then you have bigger problems than a cracked password and you will know to change it).
You are probably left with just one or two sites that demand you remember a secure password - hopefully that is not too hard.
On the post: Administration Officials Perform Some Very Public Handwringing Over Extrajudicial Drone Killing
Re: How is this difficult?
Even if the DO have enough evidence to build a case with, dropping a bomb on the guy, potentially killing innocent people in the process shouldn't even remotely be considered.
What is it with the US? Frankly targeted killing of any kind especially bombing someone other than as part of a proper declared war is itself terrorist behaviour and should not be considered by a nation that wants to think of itself as civilised.
On the post: US Copyright Lobbyists Equate Fair Dealing To Piracy And Copyright Infringement
I don't understand
Everything else (many hundreds of pages) has been generated by me - and I could easily have done without the small amount of copying.
If I was typical then Access Copyright would never have had a business model in the first place.
On the post: US Copyright Lobbyists Equate Fair Dealing To Piracy And Copyright Infringement
Re: Re: Can we just...
On the post: New Whistleblower Reveals NSA Picking Drone Targets Based On Bad Data: 'Death By Unreliable Metadata'
Re: Re: This isn't the behavior of a dictatorship, how?
When you consider that Leonard Chehire was prepared to risk his own life during a bombing raid in order to give civlians a chance to escape then it looks like your moral compass is a bit skewed in the direction of cowardice.
On the post: If Harry Potter Was An Academic Work
Re:
On the post: U2 Manager Paul McGuinness: Google Should 'Take Down' Sites And 'Keep Them Down'
Re: Re: Google is not the Internet?
Paul McGuiness is not much brighter than the "shareholders' meeting
On the post: How The Copyright Industry Made Your Computer Less Safe
It started with the boot sector
On the post: David Cameron Says Snooper's Charter Is Necessary Because Fictional Crime Dramas He Watches Prove It
Re:
On the post: Homeland Security Is An Embarassment With The Way It Treats US Citizens At The Border
Re:
Just think - if you hadn't done that stupid "American Revolution" thing you could all be Canadians now - and you couold have done that trip without crossing the border.
On the post: Crowdsourcing A List Of How Disney Uses The Public Domain
Re: Re: Re: Re: Re: And lets have a list of how often the public borrows from Disney...
OK maybe I should have said "the public domain is not a finite resource that can be depleted by use".
When it comes to being depleted by being fenced off by some wealthy/powerful land/copyright owner then that is a different matter.
In any case we are on the same side here - I totally agree with your other points.
On the post: TSA To Gun Show Attendees: Don't Think You're Getting On Board With Your Bullet-Encased-In-Acrylic Keychains
Re:
Bad assumption - why would you use a live bullet in something like this?
Surely the use of a live bullet would bring the item under various firearms laws (you do have some firearms legislation in the US don't you?) which would place extra costs on the company making and selling them. It would also have product liability consequences that could be very samaging in the US which is even more lawsuit-happy than it is gun-happy.
On the post: TSA To Gun Show Attendees: Don't Think You're Getting On Board With Your Bullet-Encased-In-Acrylic Keychains
Symptom of America
As a US policeman once said to Jeremy Clarkson (form Top Gear)
"We don't need common sense we have laws"
This is an endemic problem in the US - and apparently in Australia too.
http://runcharlierun.com/2009/09/07/clarkson-wisdom/
On the post: Crowdsourcing A List Of How Disney Uses The Public Domain
Re: Re: Re: And lets have a list of how often the public borrows from Disney...
This would do it - and would cost us less than copyright does.
The public domain is a vast desert. Have you read the essay "Death of the Commons"? It's about the public domain.
I googled - death of the commons - and I got this
http://onthecommons.org/magazine/tragic-death-commons-hero
I don't think it's what you were referring to (though you should read it). I think you were referring to the "tragedy of the commons" which is about common land not common culture.
There is an important difference between land and culture - land is a finite resource whereas culture is infinitely reproducible. If you understood that difference you would realise that your position is untenable.
To quote the relevant wikipedia article
"The tragedy of the commons is an economics theory by Garrett Hardin, according to which the depletion of a shared resource by individuals, acting independently and rationally according to each one's self-interest, act contrary to the group's long-term best interests by depleting the common resource. "
Basic point here - the public domain is not a finite resource that can be depleted. Total Analogy Failure.
On the post: Almost Everything About The Bulk Collection Of Phone Data Is Illegal
Re: Not that funny.
On the post: Almost Everything About The Bulk Collection Of Phone Data Is Illegal
Cold dark matter.
Same is true of Cold dark matter.
On the post: Peter King Hates Your Civil Liberties; Flips Out About His Own Party Rejecting Unconstitutional Spying On Americans
Re: Re: Re: Man...
Unfortunately just about every system of government produces this slide effect.
The Roman system of the emperor choosing his successor sometimes worked (produced the five good emperors in the 2nd century) but earlier you had Julius Caesar - who chose someone a little bit worse than himself (Augustus) who chose someone a little bit worse (Tiberius) who chose someone a little bit worse (well quite a bit worse Caligula).
Any system will be as bad as the people who operate it.
On the post: NSA Helped Destroy Trust In US Internet Firms, But Would Going Overseas Be Any Better?
Re: It's the courts, not the tech.
and the constraints on the NSA within the US are actually slightly weaker than those outside it.
Outside the US if they don't get caught they can do what they like. Inside the US if they don't get caught they can do what they like.
Outside of the US if they get caught they are immediately exposed and forced to stop.
Inside the US if they get caught they can use their considerable influence on the judicial system and the political system to keep it covered up - until someone like Snowden blows the gaff.
Next >>