Forgot your password?

Comment: Re:could be used therapeutically (Score 4, Insightful) 57

by TaoPhoenix (#47472415) Attached to: Biofeedback Games and The Placebo Effect

The Placebo Effect is just our poor bodies reaching some limits vs more and more clever scientific studies.

As I understood it, it was self healing abilities only triggered by "someone gives a damn about me" that we don't easily access every day to fix other problems.

So having computer programs just goes more towards the whole "look, it's now on a computer" we've seen in darker scenarios. I'll stay positive on this note.

If you just stick 300 fortune cookies into a computer program, a few of them will strike home and then you get "therapeutic benefit". (I know, because I have a file of over a hundred of them, from asking my Chinese restaurant to give me a bunch each time. A few of them are really pretty good.)

Studies keep trying to go super narrow to carefully limit "complexity" but I am beginning to think the "Scientific Method" is on the verge of missing "Emergent Results" when they risk small details but leave behind controlling micro-scenarios.

Sideways from the Slashdot tradition, I didn't read the article because one look at the summary says it's too narrow, and it's become the Press's job to "expand them". Some journalists try hard, a few are hacks.

Much more broadly, I have smashed together a few projects I know have helped me.

Comment: Re:8 character min (Score 1) 278

by TaoPhoenix (#47472297) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Again a guess, but I bet this is about "how much it costs us to upgrade our system".

Underscore I can see, but Space used to be a character that messed up a lot of systems. And I frankly don't have any 20 character passwords, so maybe people lowered it so that users would have any hope of ever remembering their password, however bad it may be.

Comment: Re: 11 characters (Score 1) 278

by TaoPhoenix (#47472279) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Quick uninformed guess, sounds like someone's sloppy programming problem.

I'll defer to my betters here but it sounds like when someone slammed out the system they just picked some number like 11 for the password length and then someone else did the best they could by making it require lots of stuff.

Comment: Re:Losing an email account (Score 1) 278

by TaoPhoenix (#47472257) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Years ago in a weak variant of this whole thread, I designed a system of using some nine passwords for the entire net, and for whatever reasons I am to senile to recall, one email account got a weird password that changed a couple of times until I couldn't get in. (Including one suspicious moment but that's another post.)

But fortunately I made my "security questions" sufficiently strange yet unforgettable that after two hours on hold, I got into Yahoo Customer service and fixed it. (For now.)

But you have a point that, that was a "backup account". If the primary ones ever got hacked, people would have access to tons of stuff.

I'm def of the school of "use your passwords every time so you know them" and haven't looked into password managers that sorta bother me. It's one reason why last quarter's Heartbleed story made me grumpy - is every site in existence gonna make me flip my password system now? I don't have a new one yet.

Comment: Re:Govt vs Corporate (Score 1) 278

by TaoPhoenix (#47472177) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

"True. I should have said major corporate standards when I said government. But because of the way the payment card industry works, if FEELS like government. Complete with not following its own rules and having rules for the sake of rules."

Sorry, but I find this a bit of a big error to make.

I'm really torn on who I dislike more, but to *confuse* corporate policies and govt policies feels like a big step backwards!

(Your choice of which) one punches me in the gut and one holds me by the throat, but to *confuse* them doesn't feel right!

Comment: Re:Banking (Score 1) 278

by TaoPhoenix (#47472145) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

I'm old school here.

What is all this "banking info"!? I only do about five things with my bank, and 3.8 of them I can do on my phone just *dialing the automated number*.

Check my balance, pay something to my credit card, look to see if a check has been cashed that shouldn't have been (I've hired a bit of house help), and a couple other things.

When it gets a little weird I hit 0 or say "Representative" to do a couple of fancy things.

What I spend is in my head, I don't need a huge online report to tell me. My five bills are on my desk (including last month's late one!)

I have resisted BOA's attempt to get me to go all online-automated. I theoretically set up a couple of accounts to be online to save money, but not because I need a fancy account. When you wanna know what you can spend, you make a 1.7 min phone call - what else do you need to do?

Comment: Re: Offtopic - sig url for Bill Stewart (Score 1) 509

by TaoPhoenix (#47472043) Attached to: Ask Slashdot: Future-Proof Jobs?

Okay, off-topic but I can hack a 1 point karma drop.

Bill, what even is that url?

What is even the point of ""?
It goes to an Evening Sun article by Craig Paskoski here:

And it's filled with some of the loudest javascript I've seen. What do you gain by hiding it in a tinyurl?

Comment: Re:They aren't stupid (Score 1) 62

by TaoPhoenix (#47471965) Attached to: Google's Project Zero Aims To Find Exploits Before Attackers Do

I'll reply to you, as you're the closest to the angle I was going for.

Cross-posted from another site, with two more sentences here.

Okay, picking my words a little and hoping I get my tone right...

I get that Google (and Facebook and all kinds of other gangs) are *selling info*. It's sleazy, but to me that's "grey hat". It's "we're psychologically manipulating you to make money, but you knew that but we made the services nice and fun/useful so you don't care". I've been reading a huge Star Trek DS9 Re-Watch overview, and that feels so like a Quark move - he's devious but eventually even he draws his lines.

Secret silent software bugs that only X number of governments even know exist is a whole other level of Black Hat. (Really, somewhere in the combo of Heartbleed and the True-Crypt mess I got grumpier than I have been in a while.)

So Google isn't some poor 12 man op with a lonely tech who was beaten by big guys - behind the sales guys there's a *lot* of tech crunching firepower there. So *maybe* the Agencies have a bit of a lead on them, but I'd bet not as big as those Agencies thought.

It's a fascinating twist - Govt can beat up "little guys" a few at a time in a Divide and Conquer strategy, but what if this story catches on, and then Microsoft and Facebook and Apple and Samsung and your choice of others jump in?

(I put Samsung in there because software bugs know no boundaries, so it's specifically a test of geographic negotiations beyond the US level.)

Short Selling jokes aside, can the US even manage to indict the CEO's of all of US tech? Their dealmaking might just be on the verge of coming to bite them. (There was a TV series about all that, corps, totally owning govt openly and outright.)

When we're not busy snarking in the Basement or the Living Room, having a gaping security flaw in software isn't good for any of these companies. So maybe (making up a name) Gennady Li Chandarovskiyij-Maharujshi is the greatest programmer alive at one of the Agencies, but can he really stand up to a world wide team that's now pissed off??

Going all story fiction for a moment, imagine it:
All these companies, led by the big dogs with little guys lending a spare hour;
CEO's around the world getting royally pissed and saying "our products are dominant enough and we have time to put away our micro-jockeying. Let's spend an entire year and 700 billion dollars/whatever to clean this mess up. Grab anyone who has any legit idea whatsoever about software security and let them do whatever they want (jokes aside), no questions asked including extra perks like the 90's like croissant sandwiches in the break room."

US Govt is slowly winning the PR war against "Anonymous", but what if the Big Tech companies with tips from millions of freelancers all unite and say "Thanks for all the fish, yummy, now watch what you made! We have a worldwide "team" of over a *thousand* software people (and four space aliens, only three of which you know about.) Do you *really* wanna keep doing this? Or can we just get back to selling people's info for money?"

At least in my imagination I wanna believe we're on the verge of Tech calling Govt's bluff that they've been going "Divide and Subdue" too long, and the beautiful part is all the bribery is (mostly) illegal - how can they even pretend to shout about 770 companies and 12,345,845 freelancers all spending an entire year on software security?

So that's my message of daydream hope!

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (4) How many times do we have to tell you, "No prior art!"