The sites that are calling for better password choice need to step back a bit and consider whether their design concept of storing user passwords centrally is a good one. It's not, so they should get rid of it instead of applying band aids to a bad scheme.

It doesn't matter what encryption scheme is used, if authentication secrets are stored centrally on a website then they are at risk. Good sites make it hard to crack, and poor sites make it easy, but they are all at risk, from internal employee corruption if nothing else. Those secrets will leak because when stored at a single point then they are all accessible to the attacker at a single point. Leakage is just a matter of time.

A vastly more secure approach that's been well known for decades is for the user to store their secret locally as a private key, one half of a {private,public} key pair. The server only gets to know the public key (PK), and it's pointless for an attacker to crack that because the PK is public information that can be distributed freely through keyservers. (The PGP/GnuPG keyserver network has been doing this for decades.)

When a user creates an account on some website, she provides the identifier of her chosen PK (she may have lots of them). When logging in to the account subsequently, the server looks up her PK identifier in the info for this account, fetches her PK from the keyservers, then it sends her a random string encrypted with her PK. She decrypts it with her private key (which is only held locally by the user, nowhere else) and sends the decrypted string back. The server accepts the login if the returned string matches the random string that it picked, which is not stored and varies on every login, and rejects the fraudulent login attempt if the match failed.

That's strong distributed security, and it's resistant to MITM attacks and does not store any authentication secrets on the central service so those secrets cannot leak when the service is compromised.

It's not rocket science. Why this old but secure scheme isn't used by websites is quite a mystery.

Our solar system resides in an area of our galaxy called the "Local Bubble", roughly a few hundred lightyears across. This region is very empty compared to the average interstellar medium in the galaxy, as a result of a large number of supernovae that blew out a sort of cavity in our interstellar neck of the woods long ago. In actual structure it's more of an irregular "Local Chimney" going right through the galactic disc rather than a spherical bubble.

As a result, pinning the cause of TFA's observations to a single supernova is not all that simple, as supernovae were very common in the Sun's general neighborhood in our galactic past..

Here's a nice graphic of the larger features in and around our local bubble. It's a fascinating subject if you enjoy understanding our location in a galactic context.

It's clear what lightweight means just from examining its two parts: "light" and "weight" both allude to there not being much there, little mass or volume. The words are of course a physical metaphor when applied to software.

When something has little physical mass and volume then it tends to move fast for any given force, and so as a consequence we tend to associate "lightweight" also with higher speed, but it's only a consequence, not the primary meaning.

In software, being lightweight and being fast are properties that do not always track each other. As a first rule of thumb, smaller code tends to have more locality simply through being smaller, and hence it can run faster through producing fewer cache misses. However, small code is often somewhat dumb code, and a large and complex beast of a program can be designed to have greater locality in its innermost loops and hence to be more cache friendly and run faster. As a result it is hard to generalize whether lightweight also means fast. You have to examine each case separately.

As a counter-example to "lightweight == fast", the browser Midori is extremely lightweight (very small), consisting of little more than a simple graphic Gtk+ wrapper around webkit. Firefox in contrast is a huge monster of a program and could never ever be called lightweight. However, Firefox runs much faster than Midori, because its designers have used its complexity very productively to make its performance top notch.

So, you really can't generalize beyond observing that smaller programs load faster from disk and, everything else being equal, tend to have better cache locality and hence higher speed. However. heavier programs can buck this general rule by using more complex designs and algorithms to boost their runspeed.

[No axe to grind since I use neither MS nor FB ...]

Stories like this one remind me of politicians playing party politics and slagging off everything the opposition does and says instead of focusing on whether it's a good idea or not.

It seems that long gone are the days when the top companies competed on product and politics was (ostensibly) about doing the best for the nation. Doing good work has become quite secondary to politicking (in the worst sense of the word) in both areas.

I suspect that as more malware and backdoors are discovered in systems used by government, the penny will begin to drop more frequently. Closed source is incompatible with security, by definition, since you cannot validly trust what you cannot see.

Companies have the luxury to risk their security by placing their trust in a corporation and in closed source brands, and to pay the price of failure. But governments do not have this luxury, because failure compromises the security and sovereignty of a nation.

The push for open source in government will be gaining impetus in the years ahead as more national infrastructure becomes networked and the security risk becomes evident. Each report of espionage malware found is just another data point highlighting the insecurity of closed source systems.

It's a reasonable guess I think that government perceptions are changing because of this, and open source is slowly becoming non-optional.

To clear up any possible confusion, Voyager 1 doesn't need to enter the "sphere of influence" of another body to avoid falling back to the Sun. It has already escaped the Sun's gravitational field, long ago and by a large factor.

On September 9, 2012, Voyager 1 was measured to be 121.798 AU from the Sun and traveling at 17.043 km/s. At that distance, the escape velocity from the Sun is only 3.817 km/s, which Voyager 1's speed exceeds handsomely.

The dear thing isn't coming back, at least not without help. :-)

This sort of behavior from elected officials should be considered treason.

Treason may be the wrong word if one wants to be precise, but there is certainly something like treason going on. The creationists are willfully trying to undermine the country's scientific future and to infect school children's receptive minds with pure nonsense. As an analogy it's very true.

There's also some very severe professional misconduct occurring there, because non-scientists are pretending to be scientifically competent and dictating school science curricula.

Are carpenters allowed to establish guidelines for how surgeons will do heart surgery? No, they lack the professional competence so they are not accepted as having standing in the matter. What's happening in science education in a few US states is directly analogous. The creationists have no standing in science and so should have the door shut firmly in their faces.

Pretending to have scientific competency when you don't even know how science works is pretty clear fraud. Aren't there controls in education to keep charlatans from taking jobs for which they have no professional competence? Apparently not.

In many consumer electronics industries, it's normal for the lead manufacturers to be continually leap frogging each other. At any given point in time one is ahead, and on the next product cycle their main rival is ahead.

Examples of this are common. For example in cameras Nikon and Canon are changing lead position pretty much every year, and in home theater systems the same has been occurring between Yamaha and Denon for well over a decade. In smartphones and tablets it's currently a two-horse race between Apple and Samsung, and which company has its nose slightly in front should be expected to change often. And of course other companies regularly join in the fun too.

Any "lead" that a particular company might have is actually very minor, because all high tech companies chase each other closely so it's always only by a nose.

Not much of a story really. Continual leap frogging is entirely normal in the industry.

Linux has huge diversity among its many distributions, and yet it doesn't suffer from the security problems described in the article. So-called "fragmentation" isn't really a valid technical reason for lack of security at all. If a system is designed for security then it will be secure, regardless of the number of its variations.

The real reason why Android is lacking in security is because Google hasn't focused on security. They decided not to include iptables/netfilter (the Linux firewall) as a standard facility in Android, which would have been very easy to do. And they haven't allowed users to block privileges demanded by apps after install. Instead you're offered only a package deal, either let the app do whatever it wants or don't install it, period. Android users are hence pressured into a corner, and the end result is often worse security than they would wish.

Don't blame fragmentation. Instead point a finger at Google designers who seem remarkably disinterested in supporting the Android user's security and privacy requirements.

Of course it's more akin to stealing something rather than just trespass,

It's nothing like stealing something. It's like walking into an art gallery which is open to the public and making a perfect replica of an exhibit for yourself. (If there were DRM, it would be a locked gallery instead of an open one.)

Before there was one piece, and now there are two. The gallery is still in possession of its exhibit, so this is nothing like stealing an exhibit from them. It's more akin to creating new exhibits.

Terminator was far too optimistic in portraying our future as the War Against the Machines, a nice and clean them-versus-us scenario in which the machines would be non-human. The enemy would be easy to identify.

The reality is likely to be rather more ugly and messy. It'll be a War Against the Corporations, and unfortunately they are us. It will be man against man, those who care about their fellow humans versus those who perceive their only duty is to be a cog in their corporate machine, and society be damned.

It's all a bit bleak, and every day seems to carry us closer to that nightmare instead of towards a post-scarcity civilized future.

Thank you Amazon. Not.

It's a nonsensical argument to suggest that a company that introduces a service requiring heavy bandwidth is making all Internet users subsidize it by pushing their ISPs into upgrading their pipes. Pressure on bandwidth is not a negative thing.

The need for more bandwidth is one of the primary reasons why ISPs improve their offering over time. If it weren't for pressure on bandwidth they would mostly just sit back and let the money roll in without ever upgrading. Performing poorly on popular Internet services makes customers switch providers, and ISPs want to avoid that so they upgrade their links to provide a better service. That's how it works.

Netflix is merely pushing the bandwidth envelope, and that's good for all of us.

PS. I am not a Netflix subscriber, so no conflict of interest here.

Sounds more like an acknowledgment that, 'Yes, we KNEW we were hosting pirated binaries before, but now we're much more clever at it".

They know full well that this is just a fight between vested interests, with no a priori right or wrong (if you see an inherent right or wrong it's because you've already picked a side).

What we're witnessing here is the next skirmish in the copyright wars: "You play the piracy card, we play the common carrier card".

Converting to free and open source everything, whatever you opinion of it, does have casualties.

That's dangerously close to being a "Think of the publishers!" argument. It's not convincing.

If you want to keep people employed then give them something of positive value to do, not the negative value of restricting access to academic research.

That's a very good point made by the parent, and it has plenty of precedent outside of the Valve/Steam games space. I appear in the statistics as a "Windows User" for Guild Wars 2 (and for many years previously for Guild Wars 1), yet there hasn't been a Windows box at home for years and years. This is sure to be happening for Steam "Windows" games as well.

Wine works perfectly for gaming these days. Beware the "Windows User" statistics!