Forgot your password?
typodupeerror

Comment: Re:When this happens... (Score 1) 497

by karlm (#41419335) Attached to: Hotmail No Longer Accepts Long Passwords, Shortens Them For You

Same thing with GMail, alphabetics and numbers only.

Your post is ambiguous, but it seems you're asserting that GMail does also not allow symbols in passwords. I'll bite. My GMail password contains one or more symbols. Have fun with your 1-bit head start on cracking my 80+ bit GMail login.

Comment: Saudi Arabia's terrorist rehabilitation plan (Score 1) 566

by karlm (#40806263) Attached to: Modest Proposal For Stopping Hackers: Get Them Girlfriends
Saudi Arabia has a program for paroling convicted terrorists. Young single men convicted of certain terrorism-related offenses who meet certain good behavior criteria in prison are given dowry money and assistance in finding brides. It turns out that the re-arrest rate for the guys who get married is significantly lower.

Comment: Re:It's always been obvious (Score 1) 622

by karlm (#40644427) Attached to: The PHP Singularity
You misunderstand the saying. It's a poor mechanic who blames his tools for his mistakes because (1) he screwed up and (2) he perhaps knew his tools were bad but didn't even have the good judgement to get better tools (3) by his blaming demonstrates a lack of his ability to see (2) as an error and thus move on and grow.

Comment: Re:What about Chernobyl plant? (Score 1) 134

by karlm (#40207831) Attached to: 'Legitimized' Cyberwar Opens Pandora's Box of Dirty Tricks

Even for a paranoid conspiracy theory, that's a terrible theory. You forgot to use the words "laser", "fluoride", "chemtrail", "thermite", and "Gay Mayan Leprechaun Ninjas from the year 2012." Also, of course, the Chernobyl explosion was caused by the CIA in order to cover up the fact that Obama was born in a Nicaraguan Satanic temple earlier that day... making him too young to be president.

Either the Soviets didn't realize that they had been the victims of a cyber attack because the Americans waited until the very moment that a Soviet reactor operator decided to wing it in an attempt to salvage an already highly dangerous nuclear experiment (interrupted by an unexpected request for more power output to the grid) with a reactor with a positive void coefficient... or the Soviets decided to make up such a story after the fact in order to make themselves look bad rather than take the opportunity to blame the Americans for the disaster... and that's even assuming that the RBMK reactors were controlled by programmable digital computers connected to satellite downlinks.

Satellites, nuclear reactions, computer viruses, and secretive government agencies... what a good mix for a conspiracy theory. Everyone wants to feel like they're in the top decile of intelligence. A good conspiracy theory gives people with a slight paranoid streak an opportunity to believe they're smarter than most people because they "get it". A good conspiracy theory also plays to the American folk hero of the misunderstood genius that's too smart for book learn'n and despite a complete lack of discipline out-smarts a legion of PhDs and comes up with an idea that revolutionizes modern science. It's the nerd version of the scrappy sports team that pulls it together to win it all against the bigger spoiled rich kids in the final game.

News flash: when most of the world's experts in the field "just don't get" a theory posed by a novice, chances are it really is gibberish proposed by someone without enough knowledge to comprehend the experts' rebuttals and too much pride to admit their own shortcomings.

Comment: Re:doesn't work like that (Score 1) 716

I'll grant you that here's probably a lot more necessary complexity in the tax code than most of us realize. However, there's also a lot of unnecessary complexity in the tax code. Some of the additional complexity comes from political favors for large donors or important political constituencies. Some of the complexity comes from attempts to use a power granted by the Constitution (taxation) as a way to exercise powers that are not allowed the federal government by the Constitution.

A complex tax code is sand in the gears of the system, and a handout to law firms. I'm not familiar with non-US tax systems (apart from the country where I currently live), but conventional wisdom is that many countries are existence proofs that the U.S. tax code is overly complex.

Comment: Re:Sour Grapes (Score 2) 716

I couldn't agree more. (1) He paid capital gains when he renounced his citizenship. (2) He paid what was deemed "his fair share" in taxes while living in the U.S.(3) He took startup risks, created tons of jobs (both at Facebook and the ecosystem that rose up around it) and paid a good chunk of taxes while he was here.

There are already several places around the world with both regulatory and tax systems more favorable to entrepreneurs. Let's not create laws that send the message that it's a better idea to create the startups elsewhere, and let's not encourage a culture that exposes entrepreneurs to significant risk of retroactive taxation.

We already spend untold billions attempting to enforce our unenforceable tax code, created a huge industry dedicated to finding loopholes in our complicated tax code, and lose untold bilions to fraud that's enabled by our complicated tax code. Let's not try and make the tax code more complicated because we feel he had some capital gains that couldn't be accounted for at the time capital gains were assessed.

Comment: Re:The nerve (Score 2) 716

And somehow the money he paid in taxes while residing here was deemed his fair share at the time, and he should be retroactively taxed more for those service if he later derives some huge benefit from those services? Should every person who gets an education in the U.S. have to pay some tax to the U.S. for the rest of their lives, no mater their citizenship and place of residence?

I'm not comfortable with the idea that he was somehow building up some secret debt while living here and working here, and "paying his fare share" in taxes and creating tons of jobs. If after he leaves and changes his citizenship, he later derives some benefit from what he did in the U.S., more power to him.

We already have a tax system that's so complicated as to be unenforceable. It costs us billions of dollars a year to try and audit the tax system, and further billions are lost to tax fraud. Let's not make these leaks in the system greater (and drive away entrepreneurs) by devising further complications in the tax code to try and account for these "almost realized, 99% certain" gains before people move change citizenship and move overseas.

Comment: Re:So like the Soviet Union? (Score 3, Insightful) 716

As long as welfare is a handout and not a loan, I think welfare recipients should be under no obligation to "pay back" what they "took", even if they later make a lot of money in some way that you seem to find unjust yet legal. Their benefits aren't tied to some formula of taxes paid before going on welfare, and their taxes afterward shouldn't be tied to some formula dependent on how much they were paid by welfare.

"Passive-agressive tax system" isn't really the phrase I'm looking for, but there seems to me something morally wrong about holding someone in debt to society for a handout (not a government loan).

Perhaps there should be, in addition to welfare, a system of zero-interest government loans for people in need. However, I think it's a step backwards to turn welfare into a loan system.

Comment: Re:No password? (Score 1) 153

by karlm (#39610535) Attached to: Here's What Facebook Sends the Cops In Response To a Subpoena

Following the large number of very public password disclosures in the past couple of years, failure to hash passwords (salted by username, user ID and/or random nonce) should be considered gross negligence.

Are there any proposals to standardize a password column type for SQL databases? If the column is write-only but comparable for equality against a varchar/string then the implementation details of hash algo and salting are hidden. The sad thing is that proper password storage could be made a lot more intuitive, even for the "just learned XYZ in 24 days/hourse" crowd.

Comment: Re:Darn that dirty hydrogen (Score 1) 406

by karlm (#39586723) Attached to: Self-Sustaining Solar Reactor Creates Clean Hydrogen
Methanol is used as a racing fuel. Its energy density, anti-knock, and storage characteristics are worse than ethanol, though. My understanding that the main reason that methanol is used as a racing fuel is that it's very easy to test for performance-enhancing illegal additives. If I had to take a guess, the low molar mass of methanol means that it's tough to find a compound that both enhances its performance as a fuel and won't be readily detected via centrifuge or perhaps a mass spectrometer.

Comment: Re:Uh, correct me if I understood the story wrong (Score 1) 102

by karlm (#32577718) Attached to: AT&T Breach May Be Worse Than Initially Thought
At some point, I wrote a small tool that used Ron Rivest's "Time Lock Puzzles" to provide lagged full disclosure... publish full disclosure that will take several months to decrypt, and privately give the vendor the decryption key to give them a head start. Getting a gag order from the courts won't help the vendor at that point, since you've already published the encrypted information and the puzzle, it's just a matter of grinding through the time lock puzzle. The time ticking on the time lock puzzle should hopefully light a fire under their rears to get a fix out. IMHO, time locked full disclosure gives you the best of both worlds... vendors have some reasonable time to implement a fix, but no amount of legal action can prevent the details from getting out several months later. The risk of "responsible disclosure" is that you can get slapped with a gag order, or at least legal threats, to prevent you from later putting pressure on the vendor for a faster fix.

Comment: Re:Uh, correct me if I understood the story wrong (Score 1) 102

by karlm (#32577232) Attached to: AT&T Breach May Be Worse Than Initially Thought
They didn't enter into AT&T's network uninvited, they used a public facing and unprotected URL to retrieve information that URL was intended to retrieve. This is no more intrusion than if AT&T had put that data in a public facing flat file on a server somewhere and hoped nobody discovered the URL.

"The geeks shall inherit the earth." -- Karl Lehenbauer

Working...