And mostly of the "it doesn't crash" feature.
Seriously, I know I'm a dying breed, but I want a phone that can make a call, no matter what. Everything else is fluff. And if it crashes every couple hours or days, it does not fulfill that spec.
Security comes in three forms:
1. Something you know (passwords, access credentials)
2. Something you have (key, token, access cards)
3. Something you are (biometry, finger scans)
You can hardly improve on a single one of them. Requiring more or more elaborate forms of any does not really increase security sensibly. Brute forcing passwords or credentials is already pretty much a thing of the past. Requiring longer, more elaborate passwords do not necessarily lead to more security for more than one reason. The obvious one is, that you can NOT expect a human being to remember some bizarre character combination like d5Zn$2aUk%kR'snawP. What will people do? Note it down. Which turns security into a combination of 1 and 2, but an OR combination thereof. It's enough to EITHER know the password OR have the post-it that it was written on. The same applies to password vaults, where it becomes enough to have them, not know a password.
A good improvement of security means that you add another security group to the fold with an AND combination. Require a password AND a token. Like ATMs do, requiring your bank card AND a code. That it's not foolproof, well, ATMs are a good example why not. Coincidentally, a good reason just WHY they are not is actually lying in the fact that people, again, make the mistake of writing down their ATM code and storing it together with their card, reducing the security to a Model 2 only security. Which also illustrates why it is usually pretty pointless to create more of the same kind of security layer, because requiring two passwords only means I have to sniff two (being entered at the same time, meaning I get them at the same time), or requiring two tokens (because most humans store them at the same place, like the ATM card and the written down code).
So improving security can only mean requiring authentication from another group of the three. But ADDITIONALLY. Not instead of. Replacing passwords with fingerprint scanners (as seen quite often today, especially with laptops) does not really increase security by a lot. At least if we're talking about company laptops where the (currently) authorized user may well not be one anymore tomorrow. Though at least biometry ensures that the person entrusted with access cannot easily grant it to a third person, unless he is physically present.
Who in their sane mind (in ITSEC, that is) is still dabbling with brute force problems? Seriously, Deloitte, stick with economy audits, at least there you can't do much more harm than has already been done to this economy, but stay out of real work, will ya? At least we could do without your "recommendations" to your clients to require bizarre combinations of characters from their employees that only leads to them noting them down on a post-it and stick it underneath their keyboards (which, oddly, you do NOT have a recommendation against
Whether your password has 3 or 30 characters, and how many special characters in what odd combination and how many generations back you may not repeat even 2 of those characters again is moot. NOBODY on the "other side" bothers with brute forcing anymore. Passwords are being sniffed, hacked or simply lifted in other ways, from keyloggers to the good old "this is your IT-department on the phone, we need your password". And when I have your secretary TELL me her password, it's frickin' pointless to make it 100 chars long. Only means I have to talk to her longer. Which, I admit, may or may not be a nuisance to me when I get tasked with testing something you "secured". Depending on how nasty the voice of the person I audit is.
The security hole is NOT the length of your password. Get with the times, brute forcing just simply and plainly takes too long. Even if it's only a 3 char password, there are simply ways that get the attacker access far easier, more reliably and with a lot less effort.
How gravity works is simple. Take a hammer, put your toe under it and watch gravity in all its glory.
How it works is well established. The question (the only question actually, in most applications) is why.
Think. You could either go and spend your life in your attempt to invent something, break your financial security and health (think of Mr. Goodyear, sure everyone knows his name now but he was poor most of his life). And in this time and age, chances are good that as soon as you actually have something worthwhile, some shyster will come along with some hare brained patent and rob you.
Or you could hope onto the latest fad bandwagon and try to mooch yourself.
Look around you and tell me which is it if you just want money. Because, essentially, that's what drives invention today.
I dare to disagree. At least where I live, casinos are heavily regulated and if the house cheats you, they get shut down. In this casino, they get bailed out.
Now, now... I have actually met a few decent lawyers. Economists, on the other hand...
"In earlier days, the riffraff was sitting in the fairground booth in front of a crystal ball. Today they just changed their rags with suits and stand in front of flipcharts."
The recorders were actually stellar. Problem was just to get out again what you recorded unless you wanted to use the analogue hole. Which, coincidentally, was crappy enough that you could as well just record to a cassette tape.
So we should squeeze into bad fitting three piece suits and talk in inane buzzphrases, i.e. turn into a middle management idiot? Sorry, but then I couldn't take myself serious anymore.
Then you'll get what's left at the bottom of the barrel, the ones that no company actually paying interns money scoops up before. It may surprise you, but especially in IT a lot of what's coming as "interns" needs less training than some old farts who refuse to even consider learning any new tricks.
IT moves fast. And choosing between an intern that knows the latest tricks of the trade and some old, high priced programmer who considers anything but Cobol a fad that will fizzle is kinda easy for companies like Facebook.
I generally think that the whole "presentation" thing is big in most far east countries. Maybe someone with more experience with far east culture could fill in, but what I learned about gifts and presents in Japan, you should spend some time pondering the packaging, don't just wrap it up in some kind of paper for the sake of wrapping it up.
Odd. It's pretty much the same in my country, just settling where you wanna simply isn't (you pretty much need a building permit for
Trust me. It's pollution standards.
Not quite. They sell me the phone for 99 and a 2 year contract, WANTING me to use their service so I have to pay for the calls and text messages I send and receive. So this law essentially does not protect or enforce a contract, it protects what the company selling the phone WANTS its customers to do.
Here's what happens in my country, and I'd be very surprised if it was any different in the US: Carrier A sells a phone for $little_money with a 2 year contract. People go and get that phone, along with the contract with the least possible monthly fee. These contracts usually run in such a way that they come with a low (or even free) monthly fee and rather expensive call rates. Then they unlock it and go to Carrier B which offers a pretty favorable calling plan but no phone. Presto, new phone and cheap calls.
It's of course not what Carrier A wants. But since when has it been the government's job to protect a faulty business model?
It's not? Gee, the recent development in laws could easily have fooled me.
There are two ways to write error-free programs; only the third one works.
