There was a time when >90% of all people had to be in agriculture, just to keep everyone fed. Now fewer than 1% are involved in agriculture, we grow way more food than anyone can eat, and somehow we still have jobs for most people.
Think of it from the POV of a business owner. Even if you can fire 80% of your workforce, you cannot simply rest on your laurels and pocket the savings: other businesses are out there finding new ways to outcompete you or make your industry obsolete, and you end up hiring people that can help you maintain your edge.
It turns out that human time is always valuable, and we find new things for people to do. Its a kind of stasis really: people have to learn new skills and do more creative thinking to remain employable. Brute force and repetitive thinking jobs are always at risk.
Those who are willing to learn and adapt have remained employed.
So giving a negative review of a piece of content is theft ?
it reduces the value of the original, doesnt it ?
>then it doesn't really matter how strong your password is
Well, thats not quite true. A password with 128 bits of entropy is still going to be strong even when hashed unsalted.
Leaked hash material is really only helpful for finding poor passwords via one of the brute force methods. Lack of salts, or poor salting, is only helpful for rainbow table or rainbow dictionary type attacks.
Choosing a good password will still help you. The only problem is websites that do one of the various bad behaviors:
* forcing an capital or digit reduces entropy
* limititng the max length reduces entropy.
I'm also a fan of unicode and i18n, however it doesnt add quite as much to security as it may seem.
the whole unicode codespace is only 22.1 bits, meaning that a unicode character is only adding about ~3 ascii characters
worth of entropy to the passphrase. It might be easier to memorize a larger number of bits. But if you know the native
language of the person who owns the password, you can eliminate the vast majority of the unicode code space from the
search space, most likely resulting in only 1 or 2 bytes of entropy per character. (more for languages with a larger
number of characters) However, a dictionary search will bring the entropy back down to the same or less than ascii,
unless the user uses random non-dictionary, or complex phrases.
There are additionally difficulties:
Some languages are not very easy to input without being able to see what you are typing.
A strong security system will prevent shoulder-surfing by showing circles, or even better nothing at all, as you type
Trying to HenKan Japanese or Chinese without being able see what is being written can be challenging.
In addition, using a device or computer without a given input method would make it virtually impossible to login. Not
every machine is setup with your idealized input method, or trained to your writing style.
In short: the downsides seems to dominate, and there is no significant security advantage. I use unicode passwords myself where
they work, just because I like them. (especially for throw-away accounts) I do think that software should accept passphrases in
utf-8, just for completeness sake. But I don't really think that they improve anything...
>The Japanese writing system is one of those monolithic, looming monstrosities
>of inefficiency and folly that make you question how it could ever have evolved,
You are espousing a very common opinion, typically held by those who dont know how to read
chinese or japanese.
>No linguistic theory can explain why they don't use an existing,
>nearly perfect syllabary they already have, and everyone already knows
You try reading an all kana document and you'll find out why, once your eyes stop bleeding.
It'll become real obvious to you if you bother to learn the language.
But you won't.
Yay for ignorance?
They are paying the "going rate" for "Intellectual property": zero. The concept of "intellectual property" is somewhat self delusional. "Information Services" would be a more accurate description.
We cannot blame China for not paying for work that has already been performed.
In a service model, you should collect money, or at least sign a contract to get paid, before you do the work, not after.
The problem with the "Intellectual Property Industry" is that their business model is the same as those aggressive window washers who try to force people waiting at red lights to pay for their dubious "service". at some point, people get fed up and tell you to buzz off.
>The solution is simple. Binaries are an accidental byproduct of the
>current technology so don't build the law around them. Solve the real problem.
Source vs Binary is neither temporary nor accidental: it is increasingly becoming a reality for all forms of copyrightable data. This is hardly limited to software.
Music exits in a polished final form. For proper re-use, the original source midi's, separated, tracks, sheet music, and other creation artifacts are much more valuable that the final
For books, the original TeX or Word Processor files are much more valuable that a finalized, obfuscated, and DRM'd PDF file.
For movies, the original takes would allow you to make your own "director's cut".
If copyright law required all forms of copyrightable content to be released in the "preferred form of the work for making modifications to it" in order to gain protection, then society would benefit. Because when things revert to the public domain under the current law, they may still be effectively lost, or of diminished value.
OK, you missed the entire point of the maxim "Security != Obscurity".
It is a truism. The point is this: any secrets will eventually be leaked, whether you know it or not. Things that are easy to change, such as keys and passwords, are relatively low risk. Things that are very difficult to change, such as algorithms, are very high risk.
If you count on the fact that your crypto algorithm or operating system is secure because its obscure, then when its leaked you will be facing a catastrophic disaster. Instead of losing the data on one communication or one server, you face a organization wide vulerability, and compromise of past communications.
The extra security gained from keeping the algorithms secret pales in comparison to the disaster of having them be weak.
Getting as many eyes on this type of code as possible is the best way to mitigate risk.
After that, you still keep as much secret as possible.
If you need the helpdesk that often, then yes, you should never customize your machine.
I use dvorak for the same reason you dont: it keeps other people off my terminals.
If its better, which seems likely, thats a fringe benefit.