There has been some research which arrive at the conclusion that yes, indeed, password rules are actually bullshit for security.
There's research out there that the world is flat as well.
h arrive at the conclusion that yes, indeed, password rules are actually bullshit for security. As mentioned in the summary, enforcing password rules will actually block provably safe passwords : - a base32 encoded 128bit pure random number. It's mathematically provable to be secure (if done by a cryptography-grade true random number generated, it's a 2^128 security, which is pretty good enough). But it's a 25 character long string of alaphanumeric. So it's not mixed case, and doesn't contain punctuation so it will be rejected by most stupid rules (also some rules have size specified as a range [9 to 16 characters], not a minimum [more than 8]. This will also reject a 25-long password).
No argument. However, there is research back to the 1970 (can't remember the article) of unix where X% were just one character in length. (no joke). So while the rules 'block' randomly generated passwords that are effective because they don't have a 1 or a ! or whatever, they also block the idiots who don't use a password generator. And how hard is it to just add a '!' to a randomly generated password to make it pass their stupid tests? What Atwood wants is a better verification that a password is randomized rather than just blind rules. (Possible but not an easy task)
your skills have a 2 year half-life...from a MARKETING perspective.
Let's take it in that order.
I've been reinventing myself every 5 years (roughly). I'll ignore my first 5 year gig (Fortran..sigh), and jump to C. I stopped doing C code (mostly) around 2002. Jump forward 2 years and my C skills are about half as marketable as before. Jump another 2 years and they're 1/4.
Doesn't mean I won't get paid what I'm worth or that jobs aren't out there. Rather, it's harder to find the next gig.
Would you hire someone who hasn't done C for 4 years? That answer should be "maybe".
I think he's a little aggressive. That half-life might be 3-4 years....but other than that, it's fairly accurate.
But they WILL be subject to that countries laws.
Such is the life of a Merc. Want the glorious pay?
Ever used JSP before? You know that JSP pages are compiled (either on the fly or precompiled) and (if you're smart) you stored off the compiled
(You have to store the pages, because the line numbers match the
Now, we're removing the compiling mess, moving it to
Twice a week. Every week.
Did I mention I refuse to go through the full-body scanners? I do NOT agree that they are safe. I always chose to opt-out.
None of my pat-downs have been that bad. But, prior to October 2010, there was a STRONG push by TSA for pat-downs - they hoped it would get people to accept the Full-Body Scanners their bosses got kickerbacks er... bought with tax payer dollars.
For the record - most TSA agents hate this as much as you do.....but they don't set policy. Most of them recognize that when I choose to opt-out of full body scan, I'm helping to keep more of them employed.
But does it solve the problem?
--But I can TALK to the car
That's nice. But the problem was getting the car to talk to you. A light that says ENGINE or CAR isn't informing the driver of anything. A light that say ENGINE or CAR with a button that then says "3rd cylinder O2 sensor is outside of boundaries. This is not a critical problem but get this looked at the next time you service your car." DOES provide information.
--But I wanted to talk to the car!!
Then get OnStar.
During my time as secretary of homeland security, the Transportation Security Administration began working to replace the 1970s-era metal detectors used at airports across America with modern technology able to detect non-metal weapons concealed by terrorists on their bodies -- even in their underwear, where Abdulmutallab allegedly hid his bomb. The latest versions of these machines -- sometimes called whole-body imagers -- are deployed at 19 airports, and the TSA is attempting to place them throughout the nation.
What's curious about this: at the time - there was only one company that made full body scanners - Rapiscan.
Well, I don't know about YOUR definition of "representing", but when someone hires my company (me), I am most certainly "representing" them.
LOL, as for his "lobbying", go do some research - Chertoff advocated heavily and repeated for the full body scanners (such as those made by Rapidscan) after the underwear bombing claiming they would have detected the explosives.
He made no mention that this was an international flight and that the explosive would NOT have been detected - the full body scanners are deployed to the US, not internationally.
To draw an analogy, this would be as if Microsoft hired me to do penetration testing for them, I lobbied a local politician to buy more computers for the local school, and then you came along and started whining that the reason the school board didn't buy Macs is because I was shilling for Microsoft. It's retarded.
If you were a penetration testing expert and you claimed schools should buy them because they can't be hacked into...then yes I could claim you were shilling.
In fact, I have claimed that multiple testing organizations have shilled for Microsoft both now and in the past because they received cash and then "claimed" that Microsoft systems provided a clear advantage over their competitors. Where do you think FUD comes from? (Or do you think FUD is purely fiction?)
Moreover, even if what's claimed in that article were 100% true, it wouldn't support the original statement, which was:
"the purpose of these body scanners was NEVER to increase security, it was a gigantic kickback to former homeland security chief Michael Chertoff who received very well documented "consulting" positions with the company that makes those scanners"
You'd have to show that their purpose wasn't to increase security, AND that Chertoff got kickbacks based on actual sales, AND you'd have to justify the quotation marks around the word "consulting". Failing that, the statement remains an idiotic conspiracy theory, based on the delusional interpretations of a paranoid mind.
If you don't want to connect the dots - that's your business, but Chertoff was hired by Rapidscan and Rapidscan is doing business with the Government.
with Michael Chertoff scanners.
A few days later the Washington Post revealed that Chertoff represents Rapiscan - a maker of full body scanners drawing criticism of groups who oppose full body scanners "Mr. Chertoff should not be allowed to abuse the trust the public has placed in him as a former public servant to privately gain from the sale of full-body scanners under the pretense that the scanners would have detected this particular type of explosive," said Kate Hanni, founder of FlyersRights.org, which opposes the use of the scanners.
Continue reading at NowPublic.com: Full Body Scanner Lobby: Michael Chertoff & Rapiscan | NowPublic News Coverage http://www.nowpublic.com/world/full-body-scanner-lobby-michael-chertoff-rapiscan-2552674.html#ixzz1SkZjxX2P
Frankly, it's common knowledge.
the worse problem. It's hard to hire a 60k a year programmer when you can hire 10 6K a year programmers.
But H1B's don't help either. Ideally they should be paid market rates, but employers bring them in as junior programmer (lower cost) and once here, the H1B acts like a straight-jacket, making more difficult for the employee to quit/change jobs.
I'm better than an H1B - by a long shot - but financially it's hard to argue with an H1B and offshoring.
The solution for me is to open my own business. Provide the contracting/consulting/marketing that H1Bs and offshoring don't provide. Then when I get a contract, I can hire those guys cheap, verify the work, and rake in the difference as profit.
The long term solution is for this recession/depression to continue...as the dollar keeps falling against the rupie - those 6K programmer are suddenly 30k...and offshore...and everything else that makes offshoring and H1B difficult.
No wonder Indian officials are screaming to exempt their workers from Social Security.
Mathematicians practice absolute freedom. -- Henry Adams