Forgot your password?
typodupeerror

Comment: Re:could be used therapeutically (Score 4, Insightful) 57

by TaoPhoenix (#47472415) Attached to: Biofeedback Games and The Placebo Effect

The Placebo Effect is just our poor bodies reaching some limits vs more and more clever scientific studies.

As I understood it, it was self healing abilities only triggered by "someone gives a damn about me" that we don't easily access every day to fix other problems.

So having computer programs just goes more towards the whole "look, it's now on a computer" we've seen in darker scenarios. I'll stay positive on this note.

If you just stick 300 fortune cookies into a computer program, a few of them will strike home and then you get "therapeutic benefit". (I know, because I have a file of over a hundred of them, from asking my Chinese restaurant to give me a bunch each time. A few of them are really pretty good.)

Studies keep trying to go super narrow to carefully limit "complexity" but I am beginning to think the "Scientific Method" is on the verge of missing "Emergent Results" when they risk small details but leave behind controlling micro-scenarios.

Sideways from the Slashdot tradition, I didn't read the article because one look at the summary says it's too narrow, and it's become the Press's job to "expand them". Some journalists try hard, a few are hacks.

Much more broadly, I have smashed together a few projects I know have helped me.

Comment: Re:8 character min (Score 1) 280

by TaoPhoenix (#47472297) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Again a guess, but I bet this is about "how much it costs us to upgrade our system".

Underscore I can see, but Space used to be a character that messed up a lot of systems. And I frankly don't have any 20 character passwords, so maybe people lowered it so that users would have any hope of ever remembering their password, however bad it may be.

Comment: Re: 11 characters (Score 1) 280

by TaoPhoenix (#47472279) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Quick uninformed guess, sounds like someone's sloppy programming problem.

I'll defer to my betters here but it sounds like when someone slammed out the system they just picked some number like 11 for the password length and then someone else did the best they could by making it require lots of stuff.

Comment: Re:Losing an email account (Score 1) 280

by TaoPhoenix (#47472257) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

Years ago in a weak variant of this whole thread, I designed a system of using some nine passwords for the entire net, and for whatever reasons I am to senile to recall, one email account got a weird password that changed a couple of times until I couldn't get in. (Including one suspicious moment but that's another post.)

But fortunately I made my "security questions" sufficiently strange yet unforgettable that after two hours on hold, I got into Yahoo Customer service and fixed it. (For now.)

But you have a point that, that was a "backup account". If the primary ones ever got hacked, people would have access to tons of stuff.

I'm def of the school of "use your passwords every time so you know them" and haven't looked into password managers that sorta bother me. It's one reason why last quarter's Heartbleed story made me grumpy - is every site in existence gonna make me flip my password system now? I don't have a new one yet.

Comment: Re:Govt vs Corporate (Score 1) 280

by TaoPhoenix (#47472177) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

"True. I should have said major corporate standards when I said government. But because of the way the payment card industry works, if FEELS like government. Complete with not following its own rules and having rules for the sake of rules."

Sorry, but I find this a bit of a big error to make.

I'm really torn on who I dislike more, but to *confuse* corporate policies and govt policies feels like a big step backwards!

(Your choice of which) one punches me in the gut and one holds me by the throat, but to *confuse* them doesn't feel right!

Comment: Re:Banking (Score 1) 280

by TaoPhoenix (#47472145) Attached to: Selectively Reusing Bad Passwords Is Not a Bad Idea, Researchers Say

I'm old school here.

What is all this "banking info"!? I only do about five things with my bank, and 3.8 of them I can do on my phone just *dialing the automated number*.

Check my balance, pay something to my credit card, look to see if a check has been cashed that shouldn't have been (I've hired a bit of house help), and a couple other things.

When it gets a little weird I hit 0 or say "Representative" to do a couple of fancy things.

What I spend is in my head, I don't need a huge online report to tell me. My five bills are on my desk (including last month's late one!)

I have resisted BOA's attempt to get me to go all online-automated. I theoretically set up a couple of accounts to be online to save money, but not because I need a fancy account. When you wanna know what you can spend, you make a 1.7 min phone call - what else do you need to do?

Comment: Re: Offtopic - sig url for Bill Stewart (Score 1) 509

by TaoPhoenix (#47472043) Attached to: Ask Slashdot: Future-Proof Jobs?

Okay, off-topic but I can hack a 1 point karma drop.

Bill, what even is that url?
http://preview.tinyurl.com/dy5...

What is even the point of "preview.tinyurl.com"?
It goes to an Evening Sun article by Craig Paskoski here:
http://www.eveningsun.com/news...

And it's filled with some of the loudest javascript I've seen. What do you gain by hiding it in a tinyurl?

Comment: Re:They aren't stupid (Score 1) 62

by TaoPhoenix (#47471965) Attached to: Google's Project Zero Aims To Find Exploits Before Attackers Do

I'll reply to you, as you're the closest to the angle I was going for.

Cross-posted from another site, with two more sentences here.

Okay, picking my words a little and hoping I get my tone right...

I get that Google (and Facebook and all kinds of other gangs) are *selling info*. It's sleazy, but to me that's "grey hat". It's "we're psychologically manipulating you to make money, but you knew that but we made the services nice and fun/useful so you don't care". I've been reading a huge Star Trek DS9 Re-Watch overview, and that feels so like a Quark move - he's devious but eventually even he draws his lines.

Secret silent software bugs that only X number of governments even know exist is a whole other level of Black Hat. (Really, somewhere in the combo of Heartbleed and the True-Crypt mess I got grumpier than I have been in a while.)

So Google isn't some poor 12 man op with a lonely tech who was beaten by big guys - behind the sales guys there's a *lot* of tech crunching firepower there. So *maybe* the Agencies have a bit of a lead on them, but I'd bet not as big as those Agencies thought.

It's a fascinating twist - Govt can beat up "little guys" a few at a time in a Divide and Conquer strategy, but what if this story catches on, and then Microsoft and Facebook and Apple and Samsung and your choice of others jump in?

(I put Samsung in there because software bugs know no boundaries, so it's specifically a test of geographic negotiations beyond the US level.)

Short Selling jokes aside, can the US even manage to indict the CEO's of all of US tech? Their dealmaking might just be on the verge of coming to bite them. (There was a TV series about all that, corps, totally owning govt openly and outright.)

When we're not busy snarking in the Basement or the Living Room, having a gaping security flaw in software isn't good for any of these companies. So maybe (making up a name) Gennady Li Chandarovskiyij-Maharujshi is the greatest programmer alive at one of the Agencies, but can he really stand up to a world wide team that's now pissed off??

Going all story fiction for a moment, imagine it:
All these companies, led by the big dogs with little guys lending a spare hour;
CEO's around the world getting royally pissed and saying "our products are dominant enough and we have time to put away our micro-jockeying. Let's spend an entire year and 700 billion dollars/whatever to clean this mess up. Grab anyone who has any legit idea whatsoever about software security and let them do whatever they want (jokes aside), no questions asked including extra perks like the 90's like croissant sandwiches in the break room."

US Govt is slowly winning the PR war against "Anonymous", but what if the Big Tech companies with tips from millions of freelancers all unite and say "Thanks for all the fish, yummy, now watch what you made! We have a worldwide "team" of over a *thousand* software people (and four space aliens, only three of which you know about.) Do you *really* wanna keep doing this? Or can we just get back to selling people's info for money?"

At least in my imagination I wanna believe we're on the verge of Tech calling Govt's bluff that they've been going "Divide and Subdue" too long, and the beautiful part is all the bribery is (mostly) illegal - how can they even pretend to shout about 770 companies and 12,345,845 freelancers all spending an entire year on software security?

So that's my message of daydream hope!

Comment: Re:precedent in many future law cases. (Score 1) 346

by TaoPhoenix (#47377657) Attached to: Goldman Sachs Demands Google Unsend One of Its E-mails

You're almost the only one addressing the legal-theory side.

Stepping aside from the technics, what becomes the theory for this?

"Material that is believed to be owned by the recipient but is in fact leased or rented may be removed by the lessor/provider if it causes reputational damage from the sender (and maybe to other parties?)"

Lawyers have a fun job. (Things to do with a 170 IQ). Take can take one word and use it to create billions of client dollars. There was that one other article in Rolling Stone about how Goldman Sachs borrowed one paragraph from their federal government bailout, jammed it into a 15 year old finance bill, and now they get to run oil pipelines while bidding on oil futures and stuff.

Or the one from earlier today where that review board authorized the NSA to keep spying by abusing the words "adequate" and "reasonable".

Comment: Re: 191 page report (Score 1) 170

by TaoPhoenix (#47374843) Attached to: Privacy Oversight Board Gives NSA Surveillance a Pass

The report is a bit more clever than that, and *parts* of it are actually good. It's certainly more info than I ever knew before, and than they would have ever released before.

The way these "Devils in Details" landmined reports work is that 95% of it is legit, and builds a legit case towards ... what you think it should. Then at the very capstone when it comes time to produce the conclusion, they flip a key paragraph as the landmine. In a perfect world, let's say we ever magically elect a both incredibly powerful party majority and an incredibly honest one, they can take this report, reverse the landmine paragraphs, and end up with the correct result.

Try looking near pages 98-99.

This is the paragraph that echoes this entire thread:
"On the other side of the coin, the acquisition of private communications intrudes on Fourth Amendment interests. Even though U.S. persons and persons located in the United States are subject to having their telephone conversations collected only when they communicate with a targeted foreigner located abroad, the program nevertheless gains access to numerous personal conversations of U.S. persons that were carried on under an expectation of privacy. Email communications to and from U.S. persons, which the FISA court has said are akin to âoepapersâ protected under the Fourth Amendment,426 are also subject to collection in a variety of circumstances."

At this point everyone is clamoring for the followup to be "Unconstitutional so get rid of it." As they say, "always put one concession to your opponent's position in an argument", so here I say, "it is not possible under any form of intelligence work to have *zero* US-US information showing up, such as because any email to that sketchy girlfriend with a CC to your US buddy on it, drags him along along for the ride." Of course that's a minimal data point, but this thread has been about the issue of Non-Zero data collection.

*However*, then they threw their landmine in.

Over on page 99:

"The government has acknowledged that the Fourth Amendment rights of U.S. persons are affected when their communications are acquired under Section 702 incidentally or otherwise, and it has echoed the FISA courtâ(TM)s observation that the implementation of adequate minimization procedures is part of what makes the collection reasonable. (See footnote 433)"

So before everyone jumps on the word "reasonable", *that's* their landmine. You get Schrodinger's Cat scenarios with that email because as soon as they even see whose names are on it, one to Osama Bin Laden's hot neice's Iranian cousin staying in the Netherlands, and one to your radical US buddy, they *already have* metadata! So they decide to open it, whereupon it contains some nice NSFW Rule34/Rule35 pictures, and a PS memo on the bottom of it with a piece of info that actually qualifies as intelligence. Great. Now you have an email that pisses off at least four countries. What do you do with that?! (After you finish grinning lewdly and more to the pictures!)

So the *actual* word to mess with is "Adequate". After you finish laughing at my scenario, is that an *adequate* acquisition of US citizen data? I don't know. So saying "Aha! A right was violated, abolish the entire agency!!" is not the answer. The only one I can think of is a percentage one of some kind, such as "less than X% of US communications were collected, as verified by an auditor that you actually believe." Then we can all start over deciding what that percentage is.

Comment: Re: Not Voluntarily (Score 4, Interesting) 239

by TaoPhoenix (#47371277) Attached to: Following EU Ruling, BBC Article Excluded From Google Searches

In general I applaud the EU ruling *if* it really gets implemented fairly. But there's all sorts of wiggles to mess around with.

We've been focusing on "that one guy" but look at this note way at the bottom of the article:

"It is only a few days since the ruling has been implemented - and Google tells me that since then it has received a staggering 50,000 requests for articles to be removed from European searches."

And that's 50K requests in a few days.

Google can afford to hire "the army of paralegals", but does the ruling extend to smaller services? You can delist-bomb a small site out of existence when someone manages a "DDOS Distributed De-List of Service" attack on every article in their entire catalog. Then you get games where people try to de-list each other's materials.

Not that I am a fan of Google, but I can bet a senior lawyer at Google is saying "well hell, besides the cost, if we have taken down seventeen million articles on all kinds of topics, there goes our ten year competitive advantage of useful searches."

Comment: Re: known data isn't there (Score 4, Interesting) 560

All this is making me start to think of some kind of more clever "panic mode" encryption.

You'd have to make it really fast, such that it's reg proto-encrypted two ways, one normal, and the panic mode. So say something really fast like shift-control-alt-F11 instantly flips the "panic bit".

We as geeks could put all kinds of awesome stuff into it, smashed into a kind of digital Klein Bottle with milk for Schrodinger's cat.

"Do you know how to decrypt it?"
"No"
"Why not?"
"Because it's time-locked with a code that cannot be found until next September."
"Do you know what documents are on there?"
"The ones you are looking for are not there because they were broken into component parts that only the computer knows, tied to a code that September code. Meanwhile other documents you did not know were there, are there, because they were created by algorithms the moment I hit the Panic Button and not a moment before. And the base of the September key is an English phrase which may or may not admit a crime. You don't know."
"So what if the case is dismissed?"
"I can do other work until September. What's important is that it cannot be broken right now."

Comment: Re: far from first (Score 1) 66

by TaoPhoenix (#47271569) Attached to: HUGO Winning Author Daniel Keyes Has Died

"Hey may have hit it best, but he was far from first. Poul Anderson's Brain Wave [wikipedia.org], for example, came out in 1953-54. I think there were a lot of even earlier examples, but I don't have them at my fingertips."

Okay, fair. I might have slipped up on my wording.

It's been decades since my old days as a young'un reading all the old Pre/Gold/Silver age stuff. I certainly know who Poul Anderson is, but that exact story is the kind of thing that used to be really tough to find. It's still a little tricky, maybe six web links in Amazon can do it, but back even in the 80's trying to find a then-thirty-year-old story was really tough and I wouldn't have known it even existed to hunt it down.

D. K. and Flowers showed up because it was aggressively highlighted in some school class's curriculum. To be sure, it was worth the exposure, but that's different from trying to make a quick post and hold it to "researcher standards". At 1958 it is reasonably close to the top of the chain and I bet the writers of my examples had at least a phone call advising them "You know you're re-making Flowers for Algernon, right?"

But then there's your note, and if you moved the theme just a little, you might even get some slightly different earlier but not unrelated takes on the theme.

An Ada exception is when a routine gets in trouble and says 'Beam me up, Scotty'.

Working...