On /. the favorite clickbait hook seems to be "Reply to This."

It all depends on you definition of clickbait. The most strict definition is bait that makes you click somthing. It could be a link in an email, or a link on a web page. Since some people, not just advertisers, keep score by the number of clicks they receive, and clickbait is something that gets people to click.

A more broad definition would include clicking on a remote control of a TV. News programs are famous for clickbait lines designed to keep you from clicking the remote to a different channel. "When we come back...." It is all designed to keep you watching their advertisements, or watching their news. (Sometimes there is no difference between news and advertisements.)

To me it is all the same. Once in a while it is worth it to click/watch, but most of the time I remember that they don't really care if I learn something or am entertained. To them I am one more set of eyeballs or one more mouse click. Anything as long as they can get me to "click," and I increase their score by one.

ummm.... perhaps I should clarify. While charging "shipping and handling" implies that something will be shipped, I did not actually say that the bridge would be shipped. Only that you would be charged shipping and handling fees at FedEx rates.

We can discuss where it is later. The bridge is only $1,000 US dollars, but I do require shipping and handling in advance. (FedEx Rates, of course.)

I have to agree. I think I understand why they want to do this: Only one code base, less overhead and more profit.

But it is a stupid idea. The different devices provide different functions and shouldn't look the same or be the same. Servers are different from desktops which are different from tablets which are different from phones.

For those who need a bad car analogy, it is like trying to put the same user interface on bicycles, motorcycles, cars, trucks and trains. No one complains that their car doesn't have handlebars. Or that there is no steering wheel on a their bicycle or motorcycle.

True. I should have said major corporate standards when I said government. But because of the way the payment card industry works, if FEELS like government. Complete with not following its own rules and having rules for the sake of rules.

The 90 day password change is a fixture of compliance regulations. If you deal with PCI, SOX or HIPA, you probably have to force password changes every 90 days. With PCI, you can lose your ability to take credit cards if you can't show that you force password changes at least every 90 days. (There are ways around it, the most common is lying to the auditor, but that is a different story.)

I have my own theory as to why the 90 days became standard, but was told that my theory was all wrong without any explanation as to why it was wrong. Suffice it to say that 90 days is a standard and if anyone really knows why it became a standard, they aren't talking.

If you ask an auditor, they will tell you that if someone does find your password, either through a key logger, finding your post-it or cracking your password database, they will only have a limited time before that password is changed. You don't even have to know that someone got your password if you change your password on a schedule. Of course, it might not take long before they learn the new password, but that concern is usually dismissed.

So in other words, nothing has your max security. if you left your screen open and unattended for a moment, a person wouldn't even need your password to crack your BSD box. I hope your BSD box doesn't have anything important on it. The nopw option of sudo should NEVER be used. It is like putting a huge un-pickable lock on your door and then never locking it because it is too inconvenient to pull your keys out. If you use sudo (which I do use often and I believe it is useful, convenient and CAN be secure), you should make sure your password is complex and you need to type it in when you use sudo. Otherwise, you are reducing your security. Yes, sudo can be restricted by host, but most people do not do that, and what happens when that host dies?

I understand that good passwords can be difficult, but they don't have to be. Once I learned how to create good passwords, it became very easy. Even my low security passwords are fairly complex and will pass most complexity requirements. My work password, which has to be changed every 90 days, is usually between 14-20 characters long, has multiple complex characters, and is easy to remember. Although work allows rotation after 6 passwords, I have not re-used a password in six years. My biggest issue is not remembering the password, it is fat-fingering such a long password. The longer it is, the more likely there will be a fat-finger at some point.

I see that someone has had problems with a sysadmin.

Try to remember that not all sysadmins are BOFH. Some actually agree with you on the need for complex passwords and how often they should be changed. Many of them, however, have to follow outdated and impractical guides forced upon them by government standards in order to comply with HIPA, SOX, or PCI.

There are a couple of things that bother me, though. The first is pattern re-use. P@$$word521 does meet the complexity requirements of many systems. But when you use P@$$word125, P@$$word251, P@$$word215 and then tell everyone that you use P@$$word with the same three numbers and just rotate the numbers, it is not much better than a post-it under the keyboard. Complex passwords do not have to be difficult to remember. Just because someone has difficulty coming up with good passwords does not mean that a hard-to-remember password is actually complex.

The second thing that bothers me is when a sysadmin will force a password policy on you, but won't use it himself. I know one admin that forced a password change every 90 days for all accounts except his. When he left the company, his password history was completely blank. He had used the same password for years. While I think passwords could live longer than 90 days and twice a year would be sufficient for many passwords, if a change is required, it should be required for all users including the sysadmin.

Just my little rant.

I wonder how many people tried to point out how completely stupid this directive was. Can you imagine what would happen if the auto industry tried to make their user interface common across all types of vehicles? They could have tried building cars with handlebars that have the brakes and acceleration controlled by hands, or motorcycles with steering wheels and a brake pedal.

It amazes me that the "unified UI" concept got as far as it did. I suppose those that did point out how stupid it was were let go for "creative differences."

Although I do not have proof of this, I believe that the the password change policy came from the way early UNIX systems handled the password files.

Early UNIX systems did not separate the username file from the password file. Both were kept in /etc/password. This file had to be world readable in order for anyone to log in. So if you had any access at all, including guest access, it was easy to copy the password file. Although the passwords in the the file were hashed, it they could be cracked or a rainbow table created if you had access to a powerful enough computer. At the time, only mainframes or mini computers had the power needed, and cracking a password took between three to five months.

The thought process was that if someone did steal the password file, and you changed your password every three months, It was very likely that the password was changed by the time the passwords were cracked. These days, more powerful computers can crack the passwords much, much faster, and the UNIX/Linux systems have broken out the passwords from the password file and placed them in a shadow file that is not world readable.

The danger of the password file being stolen is no longer the same issue as it once was, but the "standard" password policy has never changed. Today, the reason most often given for a change policy is: "This is best practices, so we are going to do it." Few security consultants can give you the real reason for the policy, although many will refer to recent examples of passwords being stolen and tell you that you need to change a password often just in case someone does steal the password. The danger today is not that the person stealing your password will use it, but that they will sell it to someone else. On the one hand, that does give you a little time to change your password, but on the other hand, some people may feel that since their account was not cracked right away that their accounts are still safe.

Yes, it really can be a way to buy politicians, and stop calling me Shirley.

OpenSecrets.org defines a PAC like this:

Political Action Committee (PAC) — A popular term for a political committee organized for the purpose of raising and spending money to elect and defeat candidates. Most PACs represent business, labor or ideological interests.

The goal in AZ is to match your speed with the number of the freeway. On the I-10 and the I-17 it slows things down to a crawl. The 51 and the 60 are a bit more challenging, especially in rush-hour. But with the 101, the 202 and the 303, you better have those "honoring fallen officers" plates attached.

There is a reason for all the different colors of license plates. You used to be able to say that you could tell the changing seasons by the changing colors ... of the license plates. There are so many out-of-state visitors during the winter that it used to be easy to tell the snowbirds from the residents.
Probably someone decided that the snowbirds were either getting picked on or getting preferential treatment, so lots of colors of AZ plates were made. As a bonus, more money comes in!!

Did you know that AZ has very short winters? Last year it was on a Tuesday.