It used to be that the #1 source of Safari crashes auto-reported to Apple was Flash. I wouldn't be surprised if that's still the case.

That's what any web browser does. Flash does not run native code directly from untrusted sources, just as web browsers don't. Usually, the content exploits the bugs that let you run some binary code directly, but it's not because shipping native code around is how it was supposed to work. Both web browsers and flash players get executable content they have to compile to native code and run, or at least run on a bytecode machine.

In a word, run nightly ninite :)

People use Word documents to send freaking pictures around, because they don't know they can paste into Paint. They don't know how to send weblinks either, so they paste it into Word and send it on.

TFA is spreading FUD. I've had self-updating flash on OS X for at least a year now, IIRC. Yes, it has been self-updating for safari and other browsers, all automagically. Yes, you can manually disable autoupdates, but then it's your own damn fault.

For ATMs, you don't really need much besides a 4 or 5 digit PIN. It's not usable in any other context, and the devices that are authorized to submit PINs are somewhat regulated. Historical data shows that 4 digit PINs are sufficient at keeping bank losses at manageable levels, and that's that.

I think that all too often the technical solutions to people problems such as you propose don't really work, because at the source it's not really about any sort of an absolute impossibility, but about willingness of people to actually expend some effort on keeping them safe. We're talking about stuff that's fairly easy, but people will come up with all sorts of reasons why it's a hassle for them. No matter how simple and easy you make it, people will still claim it's a hassle. For an eye opener, read some technology and other stories from notalwaysright.com.

There's no need for biometrics, everyone has got their brain already. Use it or lose it.

He didn't claim anything that was theoretically impossible at the time, even if it was an impractical device, and still is. I'll take hand-crank mechanical calculators and a bunch of ladies over a purely mechanical general-purpose computing machine, anytime. It's just not practical. For an idea as to how to properly use low tech computing devices and people, look no further than Feynman's involvement in the Manhattan Project.

Babbage didn't go through much hype or secrecy, nor did he bilk any investors out of their money for something impossible on its face... He was comparatively low key, non aggrandazing guy. This is in sharp conrast to all those "genius" zero-point-energy, antigravity, momentum-nonpreservation scammers.

This only works if one is not self aware and is likely to follow what other would guess is a likely thing for him/her to do. Once you're sufficiently self conscious, it doesn't take much at all to make things impossible to guess for the outsiders.

Combinatorial explosion takes care of it. Yes, it's not hard to imagine such an attack utility, but only because once you actually try it, you'll see it doesnt work. You quickly approach a point where just bookkeeping where you are in your generation tree starts taking as much CPU time as trying out multiple passwords. Those "targeted" attack utilities are generally relegated to fantasy. In real life, it's very, very unlikely that anyone who is attacking you knows anything much about you. You're most likely to fall prey to simple dictionary attacks. If you're being subject to a personalized attack and they are determined enough, a crowbar password extractor is usually sufficient.

It's not racist. It's a somewhat accurate observation of a cultural phenomenon. The same people, when brought overseas and immersed in a different culture, can do some amazing science, though. Nothing to do with race, everything to do with how people around them behave. It takes someone stupid to turn it into a race issue. It's a coincidence that the chinese happen to be of a different race. It doesn't mean anything. It's like with americans complaining, for example, about "lazy" mexicans and then there being shouts that it's racist too. Well, Mexico has a different kind of a culture, where people like to take it easier. I think they may be a bit happier not being in a rat race all the time. If one can't acknowledge life's simple pleasures and is an asocial fuck, one doesn't get it :( Sometimes when it's warm but not too hot outside I go to a park for a siesta around lunch time and I'm fine people calling me lazy for that. Yeah, I'm lazy around lunchtime in spring, so fucking what :)

I do know that it's tricky to do this stuff correctly, that why you should doubt yourself more when faced with supposedly extraordinary results. Doubt more, not less. All I remember from numerous labs that extraordinary results meant you'd have to keep redoing it until it got ordinary again. I'd have really thought that people who did any sort of engineering or physics undergrad labs should have had such basics explained to them. I'm playing with getting the 4th digit to agree well with theory in a simple mechanical pendulum, and the dreaded thing highlights that everything you thought could be ignored, can't. You have to engineer it to work -- look at all the numbers, for all effects you can think of, estimate their magnitudes, verify that you do in fact see the effects, and then mitigate. Good old experimental engineering. You get small but cumulative payoffs for diligence and a certain sense of accomplishment -- I do at least. Simple life's pleasures :)

This non-drive, given the power pumped into it, simply magnifies all the effects people can ordinarily ignore. It's a nice educational tool. I think good schools should add such a thing to their lab curriculum, so that the students will get some experience in how easy it is to fool oneself. There are probably other similarly spectacular experiments that would serve the same purpose, of course -- even a basic large mechanical pendulum.

I can't get over the fact that people with money who fund that sort of thing are so gullible, though. I mean, give me a fucking break, they seem to be just as gullible as the investors were 100+ years ago when faced with all sorts bullshit when the telegraph, telephone and electricity were getting into high gear. Hans Camenzind's little jewel of a book "Much ado about almost nothing. Man's encounter with the electron" is a sad testament to how little things change in that respect. The dumb will be parted with their money, all the time, all the same.

And for everyone still reading: that's where it all ends. Nothing more to be said. Anyone who's not deluded understands that seeing any measurable thrust in such experiments is a prima facie evidence that your experimental method is broken. The better your experiment, the less thrust you should measure. That's all there's to it. Undergrad physics lab, it sounds like -- to me at least.

There's also some indirect evidence of fraud, even if non willful. How the heck is it that all such "genius", "unappreciated" world-altering inventions go through hype, secrecy, bilked investors, and nothing ever comes out of them. Nothing. Na da. Whatever grants this guy got pretty much amount to defrauding the taxpayer. You can't do this kind of shit in good faith. Pretense of being on a verge of something big is just that. It's not about any conspiracy to maintain any sort of a status quo by the "big guys/industry/villain-du-jour", or about suppressing anything. It's just that we've got basic physics figured out quite well already, and it doesn't seem like simple experiments that don't involve billion-scale investment are really going to be redefining our basic understanding of things. There are quite few engineering accomplishments to be had with small monetary involvements, but not basic law-of-nature type experimental results in physics -- not anymore, I don't think. I'd love to be proven wrong on that, of course.

Background checks using databases are an instant thing. Whatever you do past that is IMHO a waste of time.

But you see, that string is just as random as any other. If you don't know what kind of a password someone uses, any guesses you make are not helping at all. They are all equally likely to improve your chances, thus they do nothing. Never mind that when doing exhaustive searches, keeping track of all those special cases you might have tried, at some point will slow you down a lot. There's a point where the memory bandwidth demands for keeping track start exceeding any gains from limiting your search space. Trees quickly start suffering from cache locality issues :)

Of course I use various languages, but I have no problem sprinkling symbols in. A while ago it was all random without words, these days I'm a better typist. The problem is with stupid webpages that don't dig 30 character passwords, though. Something tells me they may just store the actual password and not merely a hash. Otherwise they'd have no need for a limit, save for the html request size limit enforced by their servers.

I think it goes like this. The world moves ahead. We're arriving at a society where people who don't dig technology at the basic level become third class citizens. Demonstrably, some logical thinking and memorization skills that go beyond the rudimentary are becoming a thrive-or-perish kind of a thing. Technology has started applying selection pressure, and I'm only happy that it's becoming so. There is a point at which you just can't help people who don't grok some things. They have to die out, and only hope that the next generation of their kin is any better. People with silly passwords and risky online behaviors will negatively affect their workplaces, so they'll have problems with their jobs, they'll be fighting stolen identities, they'll be really in for a world of hurt. Again, I'm OK with that.

Carl Sagan, The Demon-Haunted World: Science as a Candle in the Dark

We're at a stage where it blows up in our individual faces. Eventually it'll affect the larger human collective as well.