No. Passwords need to be rotated for all kinds of reasons. It results in the account being effectively disabled when account policies fail (forgotten service accounts etc). It ensures that if the password store has leaked and its not discovered strong passwords remain safe (can't be cracked in the rotation time) and that access to accounts with weak passwords is at least detected at some point. Passwords should be used uniquely person/organization for the most part, finer grains in some cases; most people form relationships with organizations frequently. So password selection actually occurs very often and should.

Most "brute force" attacks are informed and statistical the offline ones anyway; you try to get the low hanging fruit first (birthdays, names, dictionary words and usual substitutions) before you do the exhaustive search of the key space. In online attacks where the attacker is throttled this has greater impact but a password that is strong against offline attack is also strong against online attack so I don't see any reason to place emphasis here, other than to simple say the best passwords have the most entropy.

Ok I can agree with this one, but really implementation is hard, beyond the usual is it in a dictionary of common passwords (good systems already implement this), you should not be able to know if lots of other people are using that password because you are only storing salted hashes right and everyone gets their own salt right?

No the most important thing we can do is try to move away from password only security and move toward two factor, which is more and feasible now that most people are carrying a cell phone that can at least get SMS messages.

There is a difference between blaming victims and admitting they did not take a reasonable person could have take to prevent themselves from becoming a victim. A little discussion of the choices a victim made leading up to the crime is not victim blaming. I am do tired of this PC BS. Do we want to be politically correct or do we want to actually empower people to protect themselves.

No matter how you slice it the people who obtained those photos without permission are the criminals. The probably by brute forcing weak passwords or using malware to log password fraudulently represented themselves to a service provider 'Apple' using stolen credentials, and they almost certainly violated the photographer's copyrights, and various other crimes. No matter what else we say that remains true, they not the victim did something wrong, but that does not mean victims could not have done more right. Yet as soon as you add that last clause 1000's of PC morons will pile one. I see the same mentality being applied to the 'campus sexual conduct' debate and it makes me sad because it means there will be more victims.

We live in a free society. We can't round up bad actors until they do something, criminal. How much effort put into finding them, and obtaining justice is another discussion, but they are out there and always will be so long as society is open. So if you want to actually protect people from being victims we really ought to look at J-Law and ask what else might she have done.

Now, there are limits obviously everyone has RIGHT and reasonable NEED to walk down the street in broad daylight and expect to do so and be reasonably assured they can without being harassed etc. There is no analogue there though to sending a private document over a network you know nothing about to a third party for storage and distribution who you know little about that will replicate it to a bunch of other devices some encrypted some likely not and just assuming everything will be all cool.

It would be better for people with a little knowledge to be able to use this as a teachable moment for others. The phyiscal world analog for what these nude-selfie takers are doing is essentially: Taking a nude Polaroid of yourself; and storing it the sheet metal desk draw at the office, with the cheapo four tumbler lock, high probability the maintenance guy has another key, and leaving it there why you go on month long holiday. -- Now if that seems reasonable to you than you are good to put your nudes on iCloud and similar services. If not well you should not do it.

No its not right for someone to break into your account and copy your stuff, but being aware will let others at the very least make a go / no go choice, maybe you can start to find better options or improve your situation like replacing the cheap lock in my analogy with good quality padlock via using a STRONG password. Advising prudence and offering education ISNT "victim blaming." Its how you avoid having a nation of victims.

Same thing with "campus sex crisis". Telling young people its not smart get near blackout drunk around lots people you don't know; especially in what may be a new and unfamiliar location to you; isn't victim blaming. Its COMMON FREAKING SENSE, for men and women alike. If I were a pick pocket you bet I'd go after the drunk stumbling down the street before the together looking other guy. Women might be more at risk for a certain class of crime than other groups. Recognizing that fact and communicating it isnt victim blaming. Its empowering members of the group to make choices, about the risks they take. That is better than ignoring reality because it violates or sense of fairness.

I am not blaming the victim when I say if you are target and you know you are a target well its dumb to put nudes of your self in the cloud! Dumb you hear the the rest of your celebs? Delete them now, no I won't blame you when yours leak but you should understand it was preventable. You could have stopped it; that does not make it right but remains true.

Expressing even the idea that alternatives are possible fundamentally spreads those ideas and may even legitimize them in the minds of some. This is my issue with most of our civil rights laws as well, they should be unconstitutional. In order for Freedom of Speech or Freedom of Association to have any real meaning you also need Freedom from Speech and Freedom from association.

Liberals agree with this principle when its something they support like anti-nationalism, lefties will be happy to show up and defend your right NOT to say the "Pledge of Allegiance", or to stand up for atheistic principles like your right not have to swear on the Bible lest you be associated with some faith. These same people will turn on folks in the blink of eye if they don't want to say be associated with a minority of some kind, and not hire them or whatever.

Same principle here, nobody anywhere for any reason ought to be forced by government to state an opinion they think is wrong. The right NOT to speak something should be taken every bit as seriously as the right to speak. The other thing about the fairness doctrine was there was always an underlying assumption that some options were so radical and out of norm they did not have to be given air time. Who got to decide that though? The news agencies firstly and second the FCC which thought not very transparent processes did or did not take action.

So the fairness doctrine was in fact only really fair to people who had views that represented at least a large minority. Fringe ideas could still easily be hidden away. Which is probably a good thing, otherwise anytime someone bring up WW2 we'd have to endure listing to "Of course Adolf may have been right about Semitic peoples, and the final solution may have substantively improved western society" You don't want to require news to report mindless disgusting ideas like that.

No I think in the end the only really workable plan is let people/institutions report what they thing, let individuals decide if they have been presented with facts that support those ideas or not.

Be reasonable. It may have been *sys.

Have you carefully accounted for the input carbon it takes to create that LED bulb vs, that old tungsten filament in glass?

Its still a win, over the life time of the bulb but not nearly the wind the 'green' marketing folks would have you believe.

As somebody who designs networks of sensors and controls for manufacturing processes, I want to know what the investment was, and what payback period they are using to calculate those savings. Depending on the size of the plant $9 million might not even come close to covering that kind of mass retrofit.

Backdoors are a threat to national security; because there is ALWAYS a risk they will be discovered by other parties or that the mechanism for their operation will prove to be exploitable.

That could leave us in a situation where an enemy, very likely even an enemy without state resources could find themselves in a position where they can disrupt/eavesdrop/other wise access just about all non-military equipment. Its terrible idea when we face threats like ISIS to deliberately weaken our information security posture. It could be economically crippling.

I am leaving out all arguments about civil liberties basic freedoms etc because the Intelligence committee types, and the FUCKING FREEDOM HATING ASSHOLES like Holder don't care about those arguments.

It comes down to this while backdoor the whole world might prevent a tiny number of crimes against children it puts the entire American way of life at risk. We had this conversation before in the 90's with Skipjack and our society made the right choice back then, for whatever reasons wrong or right. It was only 20 some years ago, the world has not changed that much; this is not the time to re-evaluate this.

Holder is bad rubbish and its good a thing he will soon be gone.

That was my initial reaction but then Tetris' total lack of plot and cannon also gives the writers near total freedom.

I mean hell you could make a movie about a struggling deliver service improving their efficiency through better packing efficiency and call it Tetris.

I think you are correct on this point, I was a little too quick. Still I suspect there would be issues; which people who make heavy use of the shell would 'feel'

Consider ssh->bash->screen->bash. The first bash will be a login shell that sources the profile, the second will be a subshell, and would no longer have the functions defined. Sure there are plenty of ways to 'solve' that problem but will certainly require some alterations to common work flows.

Whoa I did not advise anything other than caution.

There is plenty of evidence a transition of some kind will take place. Simple physics tells us its going to be most efficient to use energy as near to where its produces as possible. We know real soon now (because its already the case; electric/hybrid cars) we are going to have reasonable capacity storage devices all over the place.

So something is going to happen.

They spend lots on energy, certainly lots more than the poor do, as a percentage of their income no its not as much but its more in absolute terms. I have a relative who's house is approx 13,000sqft + a carriage house that is about another 2500sqft of finished space or so. I can tell this person spends more on A/C in the summer than I have paid for my last two NEW cars.

This is my point; that is the sort of individual who is going to look at the costs and go, oh if I put in a battery room and a large solar array I can save all kinds of money, but that is also the person who can invest 30K all at once in doing that. That isn't an option for the paycheck to paycheck masses.

They will get stuck being slowly squeezed for more each month because they won't be able to get the capital together to buy their way out; until one day they won't be able to afford gird prices anymore and it will bye bye to 24-7 electricity for them.

You mean like practically everyone's .profile

Passing functions on environment variables is a feature, executing code after the function definition is parsing error.

As the article states is was never documented, and after trying really hard can't think of legitimate reasons to do it when there is a defined documented method for executing statements in the subshell via arguments "-c"

Which is not say, it was never done via someone doing some "clever" programing but if it was it probably was not a "good idea"

So no I think its bug, and a bit dishonest to try an spin it otherwise.

Yes but the problem is and has always been Microsoft does not really use the NT security model but instead "re-implements" lots of controls in upper layers. Those layers in the past tended to be running with pretty high NT model privileges (that has gotten much better).

Not sure on the exact details of OSX DHCP handling (did not dig through it all) but no it was not vulnerable, based on a quick empirical test.

Well that is the trouble with the planned economy model, but the poster does have a point. One of the "nice" things we can say about life in the USA is that pretty much everyone has access to affordable electricity.

You have be truly dirt poor before you get the point where you can't keep the lights on.

The more folks decided they can live without the grid, which is a decision people would make, hmm $20 a month or possibly a day or so without electricity somtime in the future while the solar installation techs get out to replace my inverter...

Many people will chose to go off grid. People with the wherewithal to make the capital investment. That will start to make the cost of staying connect higher for those who remain because the total miles of cable the power company has to maintain won't be shrinking much. It will feedback, as costs go up more people will make the investment in disconnecting.

That means those who can't make that investment get left behind, if nothing else comes along to further disrupt things eventually their may be no electrical utility (it won't be profitable to run one, when the only customers you have left are those most likely to default on their bills).

So we do need think about how to manage this transition, and as much as it pains me to say it, that probably does require 'government action' because I don't think we as a society really want to move backward to where there are haves and have nots when it comes to affordable electricity.