When do all the apps save their state to disk so they can be recovered like that?

In theory, it was originally designed to encourage invention, and ensure that inventions got publicized. Protection for inventors is the means, not the end. I'm not even sure there was such a thing as big companies when US patent law was created.

I saw some of those bikes last weekend. Guess what? They were RED!!

Nominally, meaning in name only.

No, not all possible algorithms, but specifically the Dvorak one would surely be near the top of the list. I'm not saying it won't help, I'm just saying if it's something important you should make sure it's a strong password regardless. That way you don't have to worry about whether the obscurity is working.

Fair enough. My point is that plenty of security systems rely on secrets, but not on security through obscurity.

I was thinking of office computers rather than servers. If you have someone covertly surveilling a computer, then either your security is inadequate, or whatever they might take/disrupt is not worth the security measures it would require to defeat that. But basically yes, if your physical security is compromised, which could easily be the case in an insider attack, you're probably in trouble. As for keylogging, that would only be a vulnerability because the password is next to the machine, right? I don't know a whole lot about keyloggers other than I don't want one. :-)

I would say not by any useful definition. The real principle is that if a system depends on its design not being known, it's secure only through obscurity. The Dvorak system is like that, because if anybody knows you're using a substitution cypher, especially which one, it loses its security.

A good encryption system doesn't rely on security through obscurity just because the keys need to be kept secret. After all, any security system involves secrets, so such a broad definition of security through obscurity would render the term effectively meaningless.

Unless there's salt, which I hope there would be. That would not make the attack impossible, just much, much, slower.

That's security through obscurity. It's basically a substitution cypher that relies on the attacker not knowing it's being used. It's maybe fine for something like your slashdot account, but should not be relied on for real security.

In a corporate context, insider attacks are the most common. So having passwords laying around the office could really be a security concern.

That's a BETTER analogy?? You're going for the funny mod, right?

Most assuredly, interesting. How do you know this?

In some ways this technique is actually superior to normal surgery, because the device can remove the natural slight shaking that anyone's hand, even a skilled surgeon, will exhibit. It can also scale the movements way down so that for example 1 centimeter of movement of the hand translates to one millimeter of movement of the instrument, allowing much greater precision. I'm not saying there aren't potential problems, but I think it's silly to think that /. commenters have thought of them and the people working on this technology have not.

You knew that would happen, right? :-)