The point of password complexity requirements has nothing to do with security. It's about the check box some auditor or lawyer needs to check. People assume it leads to security, but only because they see it in a vacuum.

Complexity introduces incremental passwords, common passwords, safes, post its, support costs, complacency, single point of failures, easier social engineering, and easy passwords. All of which work against security. They don't have check boxes for these because they are hard to understand and measure.

So is complexity checked? Yes, OK move along sir. I SAID MOVE ALONG. GOOD DAY!

Agreed, but what I am saying is that the word "gaming" has been so successfully hijacked not only at the financial level, but also the social/consumer level that we can't use the old definition anymore. Those of us who still define gaming the old way and basically puke at the current environment are so few and insignificant that we are the odd balls. We are that rambling random guy in the street that has "End of the World is Here" sign on our shoulders.

Gaming as currently defined is considered to be extremely successful. People paid $100 for Destiny and 2 DLCs 12-18 months before release! The game was a shell of what was advertised and there is no boycott or riot. There are few industries that can claim such success, let alone escape fraud investigations. I am surprised theaters haven't followed suit and don't sell no-refund tickets 6-12 months in advance at $12 (vs $15) for new movies.

I don't think its the dark ages. The gaming world has just been redefined and left us old timers out. From my view, the average game is now an interactive movie. The old school definition of "fun" has long ago died. Its all about graphics and "showing" a story or a cool suit or a cool weapon design. In some ways its just playing dress up with dolls, or action figures, but now they call them "video games" and the accessories are DLCs.

Gone are the complex paper,rock,scissor strategies or couch coops and personal connections. Now its very anonymous and the player is the key content in the game without which other players would stop playing. Its up to the player to create the micro stories like kids used to with dolls/action figures with their imagination. The game itself is just a catalyst to bring the faceless masses in for the movie watching and of each other.

As for us old school gamers, we are pretty much irrelevant. The current set of gamers are on mobile phones and only online. They need instant gratification and once the next one comes out or the trophies are achieved, they forget the last. No significant number of them care about replay or nostalgia. And they will pay up front and months in advance based on the cover or press release. Whether it meets their expectations or value is irrelevant, because that money is spent and the next press release just came out. Not much different than the IT stock buyers in the last 90s.

I miss the old days but .. damn-it those kids are on my lawn again!

Ok, I read all the other "This is stupid" comments and my jaw kept dropping. I actually felt this was an April fools thing or something similar and that we were all missing something somewhere (and please let me know if I am... I REALLY need to know). I HAD to read the article and underlying paper, cause I just couldn't believe the absolute asinine stupidity of the test, let alone that it was being presented as research, or that the test itself was so flawed! So after all that, had to post. Summary for others, adding my voice to the crowd.

----------------
Assumption: Software Developers avoid disk access cause they believe doing it in memory is faster. This is put in context of BI and bigdata.

Testing: Create a program representing a common task that can be tested where one uses memory and the other uses diskspace.
Memory Test:
1) Create a string in memory.
2) Add it multiple times into another string
3) Write second string onto Disk
4) Flush writes

Disk Test:
1) Create a string in memory
2) Write it multiple times to Disk
3) Flush writes

Create code in Python and Java.

Conclusion: Memory Test is so much slower than Disk Test! Additionally, the languages used have certain quirks to make it worse. Optimization helped a little but only on Linux. Therefore, programmers should reassess and understand their OS and programming languages before assuming this belief which is not true.
---------------

Assumption & Testing idea... very good. I would have loved to know the unknown scenarios where this assumption should be questioned. Especially in the world of click&drag programming for workflows, ETLs, and report writing.

But from there... its all BS and stupidity. Basically the test tests if replicating the hard drive driver in memory and then using the driver to write to disk is faster than just using the driver to write to disk. Are you bloody serious?!?! That's like testing if 2+2 is greater than 2+0. And that is before we start looking at using Java and Python which do a ton of work in terms of memory management and build all types of stuff around data types. Before the fact that they wrote the Python code WRONG (that's the slow way of doing string or listing concat). So they picked languages that write in memory O(n) extra times for the same data.

This test would have come to the same conclusions in C, C++, or Assembly! But the folks wouldn't have been able to write code to see the micro second time differences.

So lets set the record straight. NO developer out there goes out of their way to just write to a memory file if its simply going to flush to disk. Its not worth the extra lines of code, nor the lost CPU cycles in reading them. Especially since most operating systems do this already at multiple points along the data chain at the very low hardware & driver levels! If we have developers like this, we have a ton of bigger problems in software development than this little thing that will be solved by money.

To test this belief properly, give me a scenario where you reuse the written to disk/memory stuff, transform it, and then write to disk. See which one is slower. If its written properly, you will see that the underlying hardware systems will actually store stuff in cache or memory for you to help you speed it up! If you find proper scenarios where the memory part is slower, please let us know cause that is actually adding to the IT body of knowledge.

God, as this was BigData related, I was hoping at least something along the lines of "In DB data processing and extract vs extract and client side processing". Give me the points along a curve where one is better/worse than the other. THAT would have been interesting.

Excellent post. Posting to highlight a point.

"fail FAST, fail often"

Most businesses fail to do the first part and screw up the entire equation. Most bankruptcies, going out of business, bubbles, and mismanagement isn't because of failure. Its the lack of recognition of failure and continued operations that end up eating all the resources and erases the reward altogether.

If you don't fail fast, you will fail once, period.

You ever seen a nobody in a clown suit get booed off the stage? Ever seen a bad neighborhood clean up itself and teach their kids not to tag their properties? Both acts of anonymity fixed by a society that addressed the issue.

In your professor's case, he too can stand up and belittle the anonymous person in front of the class by reading the submission out loud. Address it as a community, not as individuals. And if the class agrees, you can bet that anonymous person feels like total crap for being the ass hole and will change his ways ... or leave cause he knows he is not welcome in the environment. This is far more constructive than directly belittling or giving bad grades to the one or two idiots who attach their identify to the opinion (actually this is far more dangerous). Cause the one guy who hides the opinion from fear of repercussions and lets it fester, will snap one day and really do take it out on the professor. At that point, grades left the thought process an eon ago.

Anonymity doesn't mean society just takes it and no one stands up against it. We shouldn't cower away from hurt feelings. We should face them head on. Sure, there are lots of cases where the issue isn't worth the time and best be forgotten, but we shouldn't scrap the platform just cause of that.

Anonymity is not the problem. And it doesn't empower assholes. For such people, it allows them to vent their issues and opinions. The alternative is to let them fester and feed on itself till either the usual destruction of the individual or the rare out lash against society through murder or bombing or joining slightly like minded individuals. Individuals who grow in strength with their numbers and common causes and lash out against [from their view point] an oppressive society.

Anonymity actually empowers society to see the underlying issues within when they are small and addressable (Slashdot Beta anyone). The alternative is to go about our lives as if everything is perfect cause everything has conformed to be just like everyone else. Eventually the hidden issues get too large to be ignored or addressed and we end up paying for it. At the same time we learn very little cause we erased all the signs and are unable to prevent them in the future.

We shouldn't throw away anonymity just cause the messages we see ruin our picture of a perfect society or hurt our feelings. We should address the problems rather than shoot the messenger.

You don't need to picture it, nor do you need an accident. Just go live near an active coal power plant.

Nice source, but believe it or not, it doesn't actually address anything that I asked. Everything on that site tells all the benefits that stores and banks obtain in terms of reduced fraud, but tell nothing to compare it against the losses faced by consumers or percent against total sales. Granted, stores & banks saving money would eventually end up saving consumers a portion of it, but without including additional burden on consumers and hit to sales its an invalid leap of logic.

Example, if fraud made up 3% of all transactions, I doubt going from 3% to 1% is worth it if total transactions drop by 10%. Or if consumers are left to foot the bill in even 0.1% more cases.

Citation (thou not as good as yours): http://en.wikipedia.org/wiki/C...
"...incidence of credit card fraud is limited to about 0.1% of all card transactions..."

To go further, credit cards themselves are a very big dead weight in terms of actual dollars. They add 3-4% in cost (fees, rewards, etc) to everything. Imagine the massive costs when multiplied across all transactions. BUT, businesses world over accept credit cards cause they make up for the 3-4% dead weight via an increase in volume that increases sales and profits. The current fraud in the US in comparison is basically a rounding error.

As the other poster said, I usually swipe well before the cashier finishes scanning or swipe at some point during a lull in my own scanning (ie: weighing of bananas). Usually don't even need to sign and in some locations, my receipt gets emailed to me. The only negative about credit cards is that I am tracked. The transparency afforded to me is also given to the store and card carrier. But I think the security and convenience is well worth it.

Yes, cash would be faster if I knew exactly how much it would be and had that out while waiting in line (which is rare with self-check outs). But that's wait time I can spend thinking about other things... like what am I having for dinner.

Citation needed. What's the fraud vs total sales? And what are the losses faced by the actual consumers in each situation.

If you think that's an issue this discussion is over and really no point in having it. Python defines a coding standard so that all read, write, and understand the same. If you think that is a weakness, well I hope I don't ever need to review your version of what ever language you choose.

In large dev teams, your actual coders and testers better be cogs in a machine. Coding is a commodity service. If they aren't, you are risking too much on too few people. The value is in design and execution. Purely writing out a solution is no longer a unique skill set.

The instances of "bad code" in Python is minuscule compared to other languages. With Perl and Javascript being on the other end of the spectrum. Saying "Python too has bad code so its the same" is misleading. Python programs not only learn a language, they also learn one standard of coding in becoming proficient in the language. With C/Java/C++/Perl/Pascal/COBOL/Ruby, folks learn & develop various standards of coding on their own and at different companies.

Each reviewer now has to learn that new standard to figure out what the coder is doing. I have said "it's a BS design restriction" for one project written in one language multiple times. Cause each developer due to their various backgrounds choose a different design for their coding.

Right... and I have seen this same code written in the following versions:

for (int y=0;yheight;++y) for(int x=0;xwidth;++x) code here

for (int y=0;yheight;++y) {
    for(int x=0;xwidth;++x) code here
}

for (int y=0;yheight;++y) {
    for(int x=0;xwidth;++x) {
        code here
    }
}

for (int y=0;yheight;++y)
{
    for(int x=0;ywidth;++x)
    {
        code here
    }
}

You ask C devs how they would write it, and you will see they spread out across the above. Of course this is an overly simple example.

Python folks will mostly gravitate to reactor451's version. Are there other versions? Yes, especially when you add in iterators and generators, but for even those, developers will gravitate to ONE version of it totally dependent on if they use that feature in their coding.

#Python 3.0+
for y in range(height):
    for x in range(width):
        code here.

And if this is too far in indentation, then the Pythonic way says that your code is already too complicated and this section of the code should really be delegated away in its own method.