[Most Recent Entries] [Calendar View] [Friends View]
Below are the most recent 40 friends' journal entries.
| Saturday, July 4th, 2009 | ||
| de_heise_news | Sat 4 Jul 09:31 |
|
| wunderground_hh | Sat 4 Jul 09:20 |
Temperature: 70°F / 21°C | Humidity: 78% | Pressure: 29.86in / 1011hPa | Conditions: Mostly Cloudy | Wind Direction: West | Wind Speed: 10mph / 17km/h | Updated: 11:20 AM CEST
|
| awkwardphotos | Sat 4 Jul 08:09 |
A day to celebrate the good ol’ magenta, gray, and blue. (submitted by Susanne) |
| de_heise_news | Sat 4 Jul 09:01 |
|
| wwwords_updates | Sat 4 Jul 09:00 |
Collop is an old name for a familiar meal.
|
| wwwords_updates | Sat 4 Jul 09:00 |
Review of In the Land of Invented Languages, by Arika Okrent.
|
| wwwords_updates | Sat 4 Jul 09:00 |
A British government guide to schools suggests that a traditional spelling rule isn’t worth learning.
|
| wunderground_hh | Sat 4 Jul 08:50 |
Temperature: 70°F / 21°C | Humidity: 78% | Pressure: 29.86in / 1011hPa | Conditions: Mostly Cloudy | Wind Direction: West | Wind Speed: 9mph / 15km/h | Updated: 10:50 AM CEST
|
|
torgo_x |
Sat 4 Jul 00:51 |
Dear Log,
Whelps. I guess I'm governor of Alaska now. |
| Friday, July 3rd, 2009 | ||
| bruce_schneier | Fri 3 Jul 16:31 |
|
| bruce_schneier | Fri 3 Jul 13:42 |
Usability guru Jakob Nielsen opened up a can of worms when he made the case for unmasking passwords in his blog. I chimed in that I agreed. Almost 165 comments on my blog (and several articles, essays, and many other blog posts) later, the consensus is that we were wrong. I was certainly too glib. Like any security countermeasure, password masking has value. But like any countermeasure, password masking is not a panacea. And the costs of password masking need to be balanced with the benefits. The cost is accuracy. When users don't get visual feedback from what they're typing, they're more prone to make mistakes. This is especially true with character strings that have non-standard characters and capitalization. This has several ancillary costs:
The benefits of password masking are more obvious:
I believe that shoulder surfing isn't nearly the problem it's made out to be. One, lots of people use their computers in private, with no one looking over their shoulders. Two, personal handheld devices are used very close to the body, making shoulder surfing all that much harder. Three, it's hard to quickly and accurately memorize a random non-alphanumeric string that flashes on the screen for a second or so. This is not to say that shoulder surfing isn't a threat. It is. And, as many readers pointed out, password masking is one of the reasons it isn't more of a threat. And the threat is greater for those who are not fluent computer users: slow typists and people who are likely to choose bad passwords. But I believe that the risks are overstated. Password masking is definitely important on public terminals with short PINs. (I'm thinking of ATMs.) The value of the PIN is large, shoulder surfing is more common, and a four-digit PIN is easy to remember in any case. And lastly, this problem largely disappears on the Internet on your personal computer. Most browsers include the ability to save and then automatically populate password fields, making the usability problem go away at the expense of another security problem (the security of the password becomes the security of the computer). There's a Firefox plugin that gets rid of password masking. And programs like my own Password Safe allow passwords to be cut and pasted into applications, also eliminating the usability problem. One approach is to make it a configurable option. High-risk banking applications could turn password masking on by default; other applications could turn it off by default. Browsers in public locations could turn it on by default. I like this, but it complicates the user interface. A reader mentioned BlackBerry's solution, which is to display each character briefly before masking it; that seems like an excellent compromise. I, for one, would like the option. I cannot type complicated WEP keys into Windows -- twice! what's the deal with that? -- without making mistakes. I cannot type my rarely used and very complicated PGP keys without making a mistake unless I turn off password masking. That's what I was reacting to when I said "I agree." So was I wrong? Maybe. Okay, probably. Password masking definitely improves security; many readers pointed out that they regularly use their computer in crowded environments, and rely on password masking to protect their passwords. On the other hand, password masking reduces accuracy and makes it less likely that users will choose secure and hard-to-remember passwords, I will concede that the password masking trade-off is more beneficial than I thought in my snap reaction, but also that the answer is not nearly as obvious as we have historically assumed. |
| bruce_schneier | Fri 3 Jul 07:18 |
Good essay -- "The Staggering Cost of Playing it 'Safe'" -- about the political motivations for terrorist security policy. Senator Barbara Boxer has led an effort to at least put together a public database of ash storage sites so that people can judge the risk to the areas where they live. However, even this effort has been blocked not by coal companies or utilities, but by the DHS. How could it possibly be a national security interest to cover up the location of material that's "not toxic or anything?" It's not. In fact, even if the ash turns out to be as bad as its worst critics fear, blocking the database is far more dangerous than revealing the location of these sites. Not only has there not been any threat against these sites by terrorists, and no workable scenario by which they might cause a problem, coal slurry impoundments are already failing with regularity, dousing parts of America with millions of gallons of this material. It doesn't take terrorists to make this happen. |
| Thursday, July 2nd, 2009 | ||
| bruce_schneier | Thu 2 Jul 12:09 |
Can anyone guess the entry codes for these door locks?
There are 10,000 possible four-digit codes, but you only have to try 24 on these keypads. The first is most likely 1986 or 1968. The second is almost certainly 1234. |
| bruce_schneier | Thu 2 Jul 06:11 |
The plant caladium steudneriifolium pretends to be ill so mining moths won't eat it. She believes that the plant essentially fakes being ill, producing variegated leaves that mimic those that have already been damaged by mining moth larvae. That deters the moths from laying any further larvae on the leaves, as the insects assume the previous caterpillars have already eaten most of the leaves' nutrients. Cabbage aphids arm themselves with chemical bombs: Its body carries two reactive chemicals that only mix when a predator attacks it. The injured aphid dies. But in the process, the chemicals in its body react and trigger an explosion that delivers lethal amounts of poison to the predator, saving the rest of the colony. The dark-footed ant spider mimics an ant so that it's not eaten by other spiders, and so it can eat spiders itself: M.melanotarsa is a jumping spider that protects itself from predators (like other jumping spiders) by resembling an ant. Earlier this month, Ximena Nelson and Robert Jackson showed that they bolster this illusion by living in silken apartment complexes and travelling in groups, mimicking not just the bodies of ants but their social lives too. My previous post about security stories from the insect world. |
| Saturday, July 4th, 2009 | ||
| dw_changelog | Sat 4 Jul 08:35 |
[commit: http://hg.dwscoalition.org/dw-free/rev/4
http://bugs.dwscoalition.org/show_bug.cg Update referer-checking to accept requests from both /update and /update.bml Patch by ![[info - personal]](http://s.dreamwidth.org/img/silk/identity/user.png){kind=small} sophie.Files modified:
|
|
learn_persian [ tisoi ] |
Sat 4 Jul 01:14 |
I've become interested (again) in Persian, but am a bit more serious about it now.
Anyway, I was curious to see how object pronouns were formed so I looked up various simple phrases illustrating this. One of which was "I love you," دوست دارم (duset daaram) I know so far that subject pronouns are frequently dropped, but is this case with object pronouns? Why is it not تو را دوست دارم (toraa duset daaram)? Thanks! :-D |
| de_heise_news | Sat 4 Jul 08:31 |
|
| wunderground_hh | Sat 4 Jul 08:20 |
Temperature: 70°F / 21°C | Humidity: 78% | Pressure: 29.86in / 1011hPa | Conditions: Mostly Cloudy | Wind Direction: WNW | Wind Speed: 10mph / 17km/h | Updated: 10:20 AM CEST
|
| Friday, July 3rd, 2009 | ||
| bruce_schneier | Fri 3 Jul 16:31 |
|
| bruce_schneier | Fri 3 Jul 13:42 |
Usability guru Jakob Nielsen opened up a can of worms when he made the case for unmasking passwords in his blog. I chimed in that I agreed. Almost 165 comments on my blog (and several articles, essays, and many other blog posts) later, the consensus is that we were wrong. I was certainly too glib. Like any security countermeasure, password masking has value. But like any countermeasure, password masking is not a panacea. And the costs of password masking need to be balanced with the benefits. The cost is accuracy. When users don't get visual feedback from what they're typing, they're more prone to make mistakes. This is especially true with character strings that have non-standard characters and capitalization. This has several ancillary costs:
The benefits of password masking are more obvious:
I believe that shoulder surfing isn't nearly the problem it's made out to be. One, lots of people use their computers in private, with no one looking over their shoulders. Two, personal handheld devices are used very close to the body, making shoulder surfing all that much harder. Three, it's hard to quickly and accurately memorize a random non-alphanumeric string that flashes on the screen for a second or so. This is not to say that shoulder surfing isn't a threat. It is. And, as many readers pointed out, password masking is one of the reasons it isn't more of a threat. And the threat is greater for those who are not fluent computer users: slow typists and people who are likely to choose bad passwords. But I believe that the risks are overstated. Password masking is definitely important on public terminals with short PINs. (I'm thinking of ATMs.) The value of the PIN is large, shoulder surfing is more common, and a four-digit PIN is easy to remember in any case. And lastly, this problem largely disappears on the Internet on your personal computer. Most browsers include the ability to save and then automatically populate password fields, making the usability problem go away at the expense of another security problem (the security of the password becomes the security of the computer). There's a Firefox plugin that gets rid of password masking. And programs like my own Password Safe allow passwords to be cut and pasted into applications, also eliminating the usability problem. One approach is to make it a configurable option. High-risk banking applications could turn password masking on by default; other applications could turn it off by default. Browsers in public locations could turn it on by default. I like this, but it complicates the user interface. A reader mentioned BlackBerry's solution, which is to display each character briefly before masking it; that seems like an excellent compromise. I, for one, would like the option. I cannot type complicated WEP keys into Windows -- twice! what's the deal with that? -- without making mistakes. I cannot type my rarely used and very complicated PGP keys without making a mistake unless I turn off password masking. That's what I was reacting to when I said "I agree." So was I wrong? Maybe. Okay, probably. Password masking definitely improves security; many readers pointed out that they regularly use their computer in crowded environments, and rely on password masking to protect their passwords. On the other hand, password masking reduces accuracy and makes it less likely that users will choose secure and hard-to-remember passwords, I will concede that the password masking trade-off is more beneficial than I thought in my snap reaction, but also that the answer is not nearly as obvious as we have historically assumed. |
| bruce_schneier | Fri 3 Jul 07:18 |
Good essay -- "The Staggering Cost of Playing it 'Safe'" -- about the political motivations for terrorist security policy. Senator Barbara Boxer has led an effort to at least put together a public database of ash storage sites so that people can judge the risk to the areas where they live. However, even this effort has been blocked not by coal companies or utilities, but by the DHS. How could it possibly be a national security interest to cover up the location of material that's "not toxic or anything?" It's not. In fact, even if the ash turns out to be as bad as its worst critics fear, blocking the database is far more dangerous than revealing the location of these sites. Not only has there not been any threat against these sites by terrorists, and no workable scenario by which they might cause a problem, coal slurry impoundments are already failing with regularity, dousing parts of America with millions of gallons of this material. It doesn't take terrorists to make this happen. |
| Thursday, July 2nd, 2009 | ||
| bruce_schneier | Thu 2 Jul 12:09 |
Can anyone guess the entry codes for these door locks?
There are 10,000 possible four-digit codes, but you only have to try 24 on these keypads. The first is most likely 1986 or 1968. The second is almost certainly 1234. |
| bruce_schneier | Thu 2 Jul 06:11 |
The plant caladium steudneriifolium pretends to be ill so mining moths won't eat it. She believes that the plant essentially fakes being ill, producing variegated leaves that mimic those that have already been damaged by mining moth larvae. That deters the moths from laying any further larvae on the leaves, as the insects assume the previous caterpillars have already eaten most of the leaves' nutrients. Cabbage aphids arm themselves with chemical bombs: Its body carries two reactive chemicals that only mix when a predator attacks it. The injured aphid dies. But in the process, the chemicals in its body react and trigger an explosion that delivers lethal amounts of poison to the predator, saving the rest of the colony. The dark-footed ant spider mimics an ant so that it's not eaten by other spiders, and so it can eat spiders itself: M.melanotarsa is a jumping spider that protects itself from predators (like other jumping spiders) by resembling an ant. Earlier this month, Ximena Nelson and Robert Jackson showed that they bolster this illusion by living in silken apartment complexes and travelling in groups, mimicking not just the bodies of ants but their social lives too. My previous post about security stories from the insect world. |
| Saturday, July 4th, 2009 | ||
| worldwidewords | Sat 4 Jul 08:00 |
I before E Following my piece about this last time, many readers reported having learned different versions of this rule. It was noticeable that nearly all were Americans — British readers were presumably in my situation of only having learned the “I before E except after C” basic rule. Many versions were no more than slight variations on the ones that I quoted, but others introduced new ideas. Sister Mary Elizabeth Mason was taught “I before E except after C when the diphthong rhymes with KEY.” A F Dias learned an addition: “When I and E in separate syllables go, you only need listen to know.” Several learned a rider listing common exceptions. Larry Sewell’s version was “Neither leisured foreigner seized the weird heights”, while Jane Steinberg had learned the longer form “Neither leisurely foreigner could be inveigled into seizing the weird heights.” (As I pointed out in the piece, neither and either are exceptions to the rule in the US because of the way they’re pronounced.) Esperanto I didn’t realise until messages began to come in after my book review last week that Esperanto had dialects. I wrote that I had learned the Esperanto words for “Do you speak Esperanto?” as “Ĉu vi parolas Esperanton?” Several readers wrote to say that they had learned it as “Ĉu vi parolas Esperante?”. Kim Braithwaite told me it was the version he learned many years ago: “The -e is an adverbial ending and seems originally to have been motivated by the counterpart adverbial structure of the inventor’s Polish or Russian, something like ‘Do you speak in the Russian or Polish manner?’” Both forms appear online, though mine is about ten times as common. A third form is also common, which leaves out the -n ending on Esperanto that indicates a direct object. Arika Okrent noted this in her book; there is a strong tendency, perhaps under the influence of English, to lose the case marker. While searching, I also turned up Esperanglish, the term for a hybrid Esperanto-English argot. Why is Q Always Followed by U? Several clever readers pointed out, having read the title of my new book, that it isn’t always, for example in words imported from Arabic, such as qat, the narcotic drug obtained by chewing the leaves of a shrub. That, of course, is part of the point and is thoroughly explained in my answer in the book. Penguin has no intention of renaming it Why is Q (Nearly) Always Followed by U? |
| worldwidewords | Sat 4 Jul 08:00 |
When the word first appeared, it was always paired with another to make what looked like a personal name. Dominus Factotum</i> was a ruler with absolute powers, Magister Factotum</i> was a master of all, while a Johannes Factotum</i> was a would-be universal genius who could turn his hand to anything. His modern equivalent is Jack-of-all-trades</i>, which probably derives from it. * For there is an upstart crow, beautified with our feathers, that with his tiger’s heart wrapped in a player’s hide, supposes he is as well able to bombast out a blank verse as the best of you; and being an absolute Johannes fac totum, is in his own conceit the only Shake-scene in a country. [Robert Greene, A Groatsworth of Wit Bought with a Million of Repentance, 1592. Spelling modernised. The object of his ire was William Shakespeare.] Greene wrote factotum</i> as two words, as was common at the time, since he would have known very well that it derives from two Latin words, fac!</i>, the imperative of facere</i>, to do, plus totum</i>, the whole thing. The experts aren’t sure where it was coined, since similar expressions turn up in French and German in the middle to late sixteenth century at about the same time as they appear in English. Since then, factotum</i> has gone down in status. It now refers to a servant or employee of lowly status who is expected to turn his hand to any job that comes up. * Uncle Fred continued his job as roundsman and general factotum when Mr Wigley replaced the horse-drawn vans with new electric delivery vehicles around 1952. [Derby Evening Telegraph, 25 May 2009.] |
| worldwidewords | Sat 4 Jul 08:00 |
Not only a new book, but the first to be published by Particular Books, a new imprint of Penguin Books. It came out officially on Thursday and should soon be available worldwide. The question of the title is just one of 200 that I answer. Though all have been taken from this e-magazine and its associated Web site, every one has been freshly researched with new information not available at the time the answer was originally written. Indeed, such is the pace of etymological discovery at the moment, several had to be rewritten a second time to accommodate new facts that came to light during the writing of the book. Almost every one is illustrated by annotated quotations that help readers to understand how words and phrases evolved and place them in their cultural context. A review by Erin McKean, formerly editor in chief of the second edition of the New Oxford American Dictionary and editor of Verbatim, will appear here shortly. [Michael Quinion, Why is Q Always Followed by U? Word-perfect Answers to the Most-asked Questions about Language, published by Particular Books, an imprint of Penguin Books, on 2 July 2009; hardback, 352pp; publisher’s UK list price £12.99. ISBN-13: 978-1-846-14184-3; ISBN-10: 1-846-14184-2.] |
| worldwidewords | Sat 4 Jul 08:00 |
[Q] From Peter Evans, Australia: “I wonder if you could tell me the origin of I couldn’t give two hoots meaning “I couldn’t care less”. It is an expression that was used widely when I was a boy (a long while ago) in Australia though I don’t hear it used much these days. I was told that it was an old expression based on the old British word for the hoot of an owl. If so, why two hoots? Is it English or is it a more recent Australian and New Zealand idiom? A theory I’ve heard is that the word came from Maori utu meaning a small amount of money.” [A] I like the theory about the Maori origin, even though it’s quite wrong. There’s nothing Australasian about it at all but the phrase isn’t British either. The evidence shows it’s from the US. A hoot in this slangy sense is the tiniest little bit of something, a whit or jot. To care not even that much shows just how little you really do care about some matter. The original form — which started to appear in the 1870s — had just the one hoot, but it got doubled up later for dramatic effect, around the time that it started to be elaborated into phrases like I don’t care a hoot in hell! My first example of the dual hoot is this: * New Russian doesn’t give two hoots for a warm water port or for the state of the southern Slavs; he considers himself a citizen of nothing less than the world [The headline (no need to read the story) over an article by Charles Edward Russell in the Sheboygan Journal of Wisconsin, 24 Aug 1917.] It might refer specifically to the hoot of an owl but some examples suggest it’s more general than that, most likely harking back to two senses known in the seventeenth century: either a loud cry or a shout of disapproval (as in hoots of derision). The owl hoot was taken from the human cry and doesn’t appear until near the end of the eighteenth century; the slang sense of an amusing situation or person (“your mother’s a real hoot!”) is of the early 1920s. |
| worldwidewords | Sat 4 Jul 08:00 |
[Q] From Leo Campbell: “What is the origin of the phrase, getting your ducks in a row? It seems to be common in the English-speaking world, and I know that the meaning conveys the idea of getting one’s affairs sorted, but how and why did the phrase come out this way? Why ducks? When you get them in a row, do you shoot them all with just one bullet?” [A] It does indeed refer to having matters neatly and efficiently organised and all your duties taken care of. It became known in the 1980s as a management exhortation to staff but is now a cliché. This is an early example: * “Be there eleven earliest,” Toby had said; “Eleven is already too early, George, they won’t arrive till twelve.” It was only ten-thirty but he wanted the time, he wanted to circle before he settled; time, as Enderby would say, to get his ducks in a row. [Smiley’s People, by John le Carré, 1980.] Until recently, it was thought that the first written example was only a year earlier, in Stephen King’s novel The Stand with the variation to line up one’s ducks, from 1978 (though I’ve since found it in a report of a Congressional hearing from 1956). Then Barry Popik of the American Dialect Society found it in an issue of the Washington Post dated 13 June 1932 (“We have a world filled today with problems and we are trying to get our economic ducks in a row”), suggesting that it had been around much longer. I’ve now found this: * “Didn’t we have a grand meeting?” she said, nodding lightly to first one and then the other. “I believe it’s going to be all right, and you can tell your wives their children will go to a high-school yet. I’m so glad all you men came. Thank you very much —” “You didn’t need us.” The man standing next to the steps laughed. “The work was done before to-night. You had your ducks in a row all right.” [Miss Gibbie Gault, by Kate Langely Bosher, 1911.] The first image that comes to mind when I hear the expression is of a lower middle class living room in Britain in the 1950s or 1960s, which might well have a set of three painted plaster ducks marching in a neat diagonal line up the wall. They are not now often found, the fashion for them having been mocked out of existence by middle-class commentators. Writers have suggested that the idiom comes from the game of pool, in which a ball in front of a pocket, an easy shot, is sometimes called a duck. To have a row of balls ready to be potted was to have all one’s ducks in a row. The term is known (it derives from sitting duck) but there’s no evidence it has anything to do with the idiom. More plausibly, it’s been suggested that it derives from the fairground amusement of shooting at a row of mechanical ducks. But in view of the known age of the expression, it is most likely that it comes from real ducks. Think of a mother duck taking her brood from nest to water with her ducklings waddling in a line behind her. That’s an image that could have led to the idiom being created at almost any time. |
| worldwidewords | Sat 4 Jul 08:00 |
• Bernard Madoff’s financial crime has been described as “violent” in its effects, noted Martin Turner, but one investor appears to have suffered exceptionally. The BBC News site reported on 29 June: “‘I think it was certainly a justified sentence,’ said Judith Welling, who lost $2.5m along with her husband.” • Still on the BBC News site, Susie Elins says she’s worrying about Michael Jackson’s posthumous drug habit after reading this on 26 June: “Celebrities and fans pay tribute to Michael Jackson amid concerns over the singer’s use of pain medication following his sudden death.” Worry not, Ms Elins, the BBC has since changed it. • In a story in the New Zealand Herald on 22 June about José Manuel Barroso, Iain MacLean found this sentence: “The President of the European Commission is dismissed by some as a bland pragmatist and by others as an invertebrate opportunist.” Lacking backbone, eh? • What are we to make of the comment in the New Zealand Sunday Star Times on 28 June, noted by Cliff Walker, that obesity was “a growing problem”? • Mike Troy asks what turns out to be a pertinent question, “Are pigs hogging the show in your halls of education?” They’re not in New York State, since a headline in the Putnam County Times on 24 June announced, “Health Department Confirms Brewster Schools Clear of Swine.” |
| worldwidewords | Sat 4 Jul 08:00 |
World Wide Words is copyright © Michael Quinion 2009. All rights reserved. You may reproduce this e-magazine in whole or part in free online newsletters, newsgroups or mailing lists provided that you include the copyright notice above. Reproduction in printed publications or on Web sites or blogs requires prior permission, for which you should contact the editor. Comments on anything in this newsletter are more than welcome. To send them in, please visit the feedback page on our Web site. If you have enjoyed this e-magazine and would like to contribute to its costs and those of the linked Web site, please visit our support page. |
| perlmods | Sat 4 Jul 08:04 |
|
| perlmods | Sat 4 Jul 08:04 |
|
| perlmods | Sat 4 Jul 08:04 |
|
| dilbertdaily | Sat 4 Jul 00:00 |
|
| wunderground_hh | Sat 4 Jul 07:50 |
Temperature: 70°F / 21°C | Humidity: 78% | Pressure: 29.86in / 1011hPa | Conditions: Mostly Cloudy | Wind Direction: West | Wind Speed: 10mph / 17km/h | Updated: 9:50 AM CEST
|
| urbanwordofday | Sat 4 Jul 00:00 |
4OJ is a slang abbreviation for the "4th of July". We went to the lake to watch fireworks for the 4OJ.
|
| userfriendlyrss | Sat 4 Jul 01:15 |
Cartoon for Today, Jul 04, 2009
|
| userfriendlyrss | Sat 4 Jul 05:00 |
Infinitely better than a meeting room: All they need is some cupholders, and they're on to a good thing here. Conference Bike. Thanks to Gene R. for the link!
|
| wunderground_hh | Sat 4 Jul 07:20 |
Temperature: 68°F / 20°C | Humidity: 83% | Pressure: 29.86in / 1011hPa | Conditions: Mostly Cloudy | Wind Direction: West | Wind Speed: 10mph / 17km/h | Updated: 9:20 AM CEST
|
| wunderground_hh | Sat 4 Jul 00:00 |
Chance of Rain. High:78 ° F.
|
