On Mon, Feb 2, 2015 at 5:45 PM, Valeri Galtsev <galtsev at kicp.uchicago.edu> wrote:> > On Mon, February 2, 2015 5:26 pm, Les Mikesell wrote: >> On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote: >>>> >>> Let???s flip it around: what???s your justification *for* weak >>> passwords? >>> >> You don't need to write them down. Or trust some 3rd party password >> keeper to keep them. Whereas when 'not weak' is determined by >> someone else in the middle of trying to complete something, you are >> very likely to have to write it down. >> > > Whereas I agree with you...Or, you might similarly ask what is your justification for not getting up at 5 AM, going to the gym and swimming 20 or 30 laps every morning. The answer might just be that you are lazy, but should a software vendor make their code stop working for you because they think you aren't working hard enough? -- Les Mikesell lesmikesell at gmail.com
> On Feb 2, 2015, at 5:10 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > > should a software > vendor make their code stop working for you because they think you > aren't working hard enough?When the consequence of widespread bad security is botnets and all the ills that derive therefrom ? DDoS armies, spam, etc. ? then yes, I think we do need to raise the industry?s overall level of security. At risk of bringing out some *actual* Internet nutters, the question of minimum password security levels is directly analogous to that of vaccination. When a large population stops vaccinating, we start seeing previously-defeated diseases coming back, like the measles outbreaks in California and rural Australia: http://goo.gl/7caiui http://goo.gl/8lT8Pd Polio was almost completely eradicated, but it?s starting to come back in the middle east after the CIA used a fake vaccination campaign as a pretext to try to get into bin Laden?s Pakistan compound: http://goo.gl/KbbMUC http://goo.gl/C2B5EE I believe personal freedom should count quite highly in policy discussions. But, when your failure to protect yourself endangers me, it stops being a question of personal freedom. Practice safe hex!
On Mon, 2015-02-02 at 17:49 -0700, Warren Young wrote:> Polio was almost completely eradicated, but it?s starting to come back in the middle east after the CIA used a fake vaccination campaign as a pretext to try to get into bin Laden?s Pakistan compound:The Taliban were created and funded by the USA, using the Pakistani intelligence service, to give the Russian invaders of Afghanistan a bad time. Bin Laden was a frequent guest of honour at USA military bases in the US of A. Inoculation against illnesses is important. As for security, the cess pit is weak security not on Linux, BSDs and others etc. but on M$. It seems to be incredibly easy for one malicious person to launch attacks from machines they control all over the world - and those machines just happen to be running M$. Breaking into M$ machines seems to be t-o-o easy so I suspect it is not password weaknesses that are being exploited ! Encourage good security but don't force it down our throats ! -- Regards, Paul. England, EU. Je suis Charlie.