Re: Long Con

1

Wait, first I find out that ______ is _______, and now I find out that Becks isn't really named Becks?

If I find out that Ogged isn't a real name in Parsi, I'm going to freak out.


Posted by: JRoth | Link to this comment | 06-12-09 7:10 AM
horizontal rule
2

Damn you!!


Posted by: jsmithson1985 | Link to this comment | 06-12-09 7:11 AM
horizontal rule
3

Hey, it isn't that ______ is _______, is it? I thought ________ was _____.


Posted by: Nakku | Link to this comment | 06-12-09 7:15 AM
horizontal rule
4

I can't quite believe that people born in 1985 are having lives and jobs and identity theft concerns and such.

I realize this simply means that I'm getting old, but damn.


Posted by: JRoth | Link to this comment | 06-12-09 7:16 AM
horizontal rule
5

You're thinking of __.


Posted by: JRoth | Link to this comment | 06-12-09 7:16 AM
horizontal rule
6

What do you all think of this new Facebook URL thing that's rolling out?

'Myspace has a feature we lack. Shit! Think like Disney! Think like Disney! No! Microsoft!'

I was going to use the real-name variation that I usually use online but then I realized that's an identity theft disaster.

Bexster? Bexstone? (No, it makes no sense. Point.)

then run through his likes and dislikes until you figure out his password is Redskins?

That's why the FBOHs like the passwords with !@%$^ and numbers and crap. Nonetheless, people will do it, and it won't be a big problem, because they'll have some odd number in there.

max
['And besides, they black hats will be too busy cleaning out accounts filched with phishing spam to waste much time on hard things, like thought.']


Posted by: max | Link to this comment | 06-12-09 7:34 AM
horizontal rule
7

Can I just use the number that already identifies my page?

Wait...maybe there isn't a consistent number that identifies my page. So far Facebook has been a space where URLs are totally irrelevant.


Posted by: Cryptic ned | Link to this comment | 06-12-09 7:34 AM
horizontal rule
8

It sort of reminds me of the initial gmail frenzy. I ended up squatting on my last name, and now I feel mildly bad about it as I don't really use it. Sorry, rest of my family!


Posted by: Stanley | Link to this comment | 06-12-09 7:42 AM
horizontal rule
9

Remember when URLs used to matter?


Posted by: JP Stormcrow | Link to this comment | 06-12-09 7:58 AM
horizontal rule
10

This is conceptually a bit of a step back for facebook, isn't it?

Certainly mucks up the UI models.


Posted by: Keir | Link to this comment | 06-12-09 8:01 AM
horizontal rule
11

St. Pauli

or perhaps George F. Will


Posted by: Mo MacArbie | Link to this comment | 06-12-09 8:14 AM
horizontal rule
12

Smithson always was a genocidal maniac.


Posted by: ari | Link to this comment | 06-12-09 8:15 AM
horizontal rule
13

My Sister recently tried to convert me to using Facebook by sending me her login info so I could poke around a bit before signing up. I found the UI and page design so horrifically bad that I just couldn't. I suppose that makes me an effete snob, but dammit, user good website design just isn't that hard. There's more than enough crap in the world, and tolerating it just leads to more crap.


Posted by: togolosh | Link to this comment | 06-12-09 8:43 AM
horizontal rule
14

My thoughts have been basically those expressed in 10. Doesn't giving people a URL to hand out sort of breach the walls they've clearly tried to put around the Facebook experience by, at first, limiting it to certain TLDs and requiring logins and turning it into a place people went to do Facebook-specific things using Facebook-specific apps? Or is it a way to draw people in? I honestly can't tell.

It does seem to me that it would at the very least make Google-stalking easier in terms of finding Facebook pages. The only answer here is education, though. There is a degree of responsibility on the part of Facebook to educate their users about the risks of putting up too much information or making information too available but there is also a responsibility on the part of the users to employ what someone tries to teach them.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 8:56 AM
horizontal rule
15

Oh, and yes, I would agree with the original post in that I expect lots of people will be handing out to the world their username for at least one other site. I don't think the average person is going to say, "Gosh, last time I did this was for my {online banking,yahoo,etc.} account and I had to go through an extremely annoying process that I am eager to repeat!" It would be nice if Facebook would at least prevent the username from being the same as whatever comes before the @ in the email address the person used to sign up in the first place.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 9:01 AM
horizontal rule
16

Don't mean to be a dick, but this problem has an easy solution: use a good, strong password, one that is not derived from English-language words representing your likes and dislikes. I've been using KeePass for the last year to generate (and store) completely random unique password strings for every site I log into.


Posted by: Yawnoc | Link to this comment | 06-12-09 9:07 AM
horizontal rule
17

16: If you say "And change it every three months", I'll have to smack you.


Posted by: Moby Hick | Link to this comment | 06-12-09 9:09 AM
horizontal rule
18

Remembering strong passwords is just brutal, though. My office requires strong passwords (that is, containing at least three of uppercase, lowercase, symbols, and numbers), that change every two months. If I were using really strong passwords, there's no way I could possibly manage without carrying them around with me on a piece of paper, which kind of kills the point, no? I cheat by doing leet-speak versions of fairly weak passwords.


Posted by: LizardBreath | Link to this comment | 06-12-09 9:10 AM
horizontal rule
19

I've been using KeePass for the last year to generate (and store)...

Remembering the passwords (and changing them) is pretty trivial if you use KeePass or Password Safe. You can even keep your KeePass database file on a USB thumb drive or on Dropbox so that you can access it anywhere.


Posted by: Yawnoc | Link to this comment | 06-12-09 9:17 AM
horizontal rule
20

18: I cheat by using three passwords in rotation as they only disallow the previous two. I'm not opposed to strong passwords, but I have to have so many of them, only two of which I use with any frequency.


Posted by: Moby Hick | Link to this comment | 06-12-09 9:18 AM
horizontal rule
21

I thought Facebook's UI and page design was amazingly intuitive. What's the problem, tokolosh?

I guess it's a little stupider now that each person's page is divided into "Info", "Wall", "Boxes", and whatever else, instead of being one big page.


Posted by: Cryptic ned | Link to this comment | 06-12-09 9:25 AM
horizontal rule
22

It's certainly better than LinkedIn's.


Posted by: JP Stormcrow | Link to this comment | 06-12-09 9:28 AM
horizontal rule
23

You can even keep your KeePass database file on a USB thumb drive or on Dropbox so that you can access it anywhere.

If your company's security policies allow you to use USB sticks you can.


Posted by: OFE | Link to this comment | 06-12-09 9:29 AM
horizontal rule
24

23: I thought that was just my employer.


Posted by: Moby Hick | Link to this comment | 06-12-09 9:30 AM
horizontal rule
25

A 1337-speak version isn't necessarily cheating or weak. Your goal should be to increase the types of characters they would need to include in any given set of possible passwords that could possibly include yours. It's not really meant to keep a human from guessing your password, it's meant to make the dictionary files they would need to try vastly larger.

My personal, professional opinion is that password strength is vastly more important than changing one's password on a given timetable. Sites are targeted more often than individual users of sites so IMO the first priority of any given user should be not being the easiest point of entry to the site and strong passwords help do that. In the rarer instance that one's own account, in specific, is the goal then the strong password is still the most important piece because if all goes well then it extends the time it could take to brute-force the password beyond the password expiration window. The simpler a password, the less likely to matter how often it gets changed.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 9:33 AM
horizontal rule
26

21: It's ugly. That's really the root of my objection. The basic Facebook page looks like it was made by someone just learning how to make a web page, but with no idea at all about simple aesthetic rules. Silly, I realize, but I'm apparently something of an effete snob when it comes to design of such things. I only recently came to terms with this, and I'm a bit embarrassed, but if I can't be an effete snob here, where the hell can I?


Posted by: togolosh | Link to this comment | 06-12-09 9:33 AM
horizontal rule
27

If your company's security policies allow you to use USB sticks you can.

Well, now you're in trouble.


Posted by: Chris Conway | Link to this comment | 06-12-09 9:35 AM
horizontal rule
28

24. My company (biggest outsourcing outfit in Europe) and the entire British civil service, just to my knowledge. There may be owner managers somewhere who still allow themselves to use them.


Posted by: OFE | Link to this comment | 06-12-09 9:35 AM
horizontal rule
29

I should note that I also believe things like KeePass are useful for storing passwords that have to be shared, for instance, but that I think it's dangerous to make one's password be something that isn't and likely can't be remembered by the user, is generated without any user cogitation at all and can only be accessed with a specific application. Don't put yourself in the position of having yet another single point of possible failure.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 9:36 AM
horizontal rule
30

"Don't put yourself in the position of having yet another single point of possible failure."

Were you my guidance counselor?


Posted by: Moby Hick | Link to this comment | 06-12-09 9:37 AM
horizontal rule
31

Answering a few questions upthread, if you click a direct link to someone's facebook page currently (the URL of which contains a string of random digits), you're going to see a very abbreviated profile, along with a note that you must be friends with the person to see a full profile. (This is just the default, I think--I'm pretty sure users can make their profiles "public", so anyone can see them in full, although I've never done though, nor seen anyone else do it.) I don't think anything is changing with the new system, other than the fact that the URL will now be a customizable username-oriented thing, rather than a string of random digits.


Posted by: Brock Landers | Link to this comment | 06-12-09 9:40 AM
horizontal rule
32

Here's a cyber-security question for you: how can I get Firefox to stop inserting my IRL name instead of my very, very strong, nigh-unbreakable handle in the post form?

I mean, short of blowing away every stored password, cookie, history, etc?


Posted by: Yawnoc | Link to this comment | 06-12-09 9:43 AM
horizontal rule
33

My plan is to follow the example of my students' email addresses and go with "creamythighs17".


Posted by: Gonerill | Link to this comment | 06-12-09 9:45 AM
horizontal rule
34

You mean here on this site? Put in your new info, and then click in the little "Remember my info" box, and it should remember the new info.


Posted by: LizardBreath | Link to this comment | 06-12-09 9:46 AM
horizontal rule
35

32. Switch off Autofill?


Posted by: OFE | Link to this comment | 06-12-09 9:46 AM
horizontal rule
36

31: You might be surprised at how much information is public on your FB profile. I believe they've loosened up the privacy restrictions without a lot of users realizing it.


Posted by: Yawnoc | Link to this comment | 06-12-09 9:47 AM
horizontal rule
37

34: Let's see about that.


Posted by: Yawnoc | Link to this comment | 06-12-09 9:47 AM
horizontal rule
38

Yeah, that worked. Stupid me, I thought it was Firefox's fault.

35: Never!


Posted by: Yawnoc | Link to this comment | 06-12-09 9:48 AM
horizontal rule
39

1Password is a really fantastic password manager/generator for the mac. Though I'm also pretty lucky in that I have enough job autonomy to manage my own computers, and thus be able to install the thing in the first place.


Posted by: Gonerill | Link to this comment | 06-12-09 9:48 AM
horizontal rule
40

I use two passwords: one easy one (a six-digit standard english word), for most website registrations and online accounts that I don't give a shit about--that create an online profile but aren't storing credit card info, etc.), and another slightly more complicated one (that I think is very strong, but password-strength-tester programs tell me is somewhere between medium and weak), for websites containing financial or other sensitive information. I've been using those same two passwords for about a decade now.

(I have a different password at work, which rotates, which I hate.)

(For the half-dozen or so websites that require something different--more digits, more numbers, etc.--I make something up and then email it to myself, and save the email. Otherwise I'd forget it. I've worried before that this might be insecure--I have emails to myself with subject headings like: "Chase Bank Account", the text of which is "Login: [xxxxxxxx]. Password: [12345678]". But I honestly don't know what else to do.)


Posted by: Brock Landers | Link to this comment | 06-12-09 9:48 AM
horizontal rule
41

I don't like this whole words-in-facebook thing. I like my random string of digits! I am not a free man, I am a number!


Posted by: inaccessible island rail | Link to this comment | 06-12-09 9:51 AM
horizontal rule
42

I find that a good source of random strings of numbers is obsolete phone numbers -- if you're like me, you remember a bunch of phone numbers that aren't operative any more, so the headspace devoted to them can be repurposed by making them passwords.


Posted by: LizardBreath | Link to this comment | 06-12-09 9:51 AM
horizontal rule
43

40: Do not email that shit to yourself. I love you, Brock, really, I do, and that's why I kind of want to beat you with a rolled up magazine right now. Do not do that. If you have trouble remembering very complex passwords, seriously, sit down and invent one that is going to meet all the requirements you can imagine and that you will remember and just use that. Do not email it to yourself. Start with an acronym for a phrase describing how much you fucking hate passwords or something and go from there.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 9:53 AM
horizontal rule
44

36: well, I suppose I might be surprised by that, yes, although I don't actually have much personal info on my FB page anyway, so I wouldn't care if all of it was pubilc. But I mean, when I'm viewing the profiles of persons I'm not friends with (friends of friends, wondering if I know them), the parts I can see are generally pretty abbreviated. A thumbnail pic and a line or two of primary bio info. That's the pubnlic part, right?


Posted by: Brock Landers | Link to this comment | 06-12-09 9:54 AM
horizontal rule
45

42: Wait. You still remember phone numbers?


Posted by: Eggplant | Link to this comment | 06-12-09 9:55 AM
horizontal rule
46

44: Usually, all of their friends are also public (just the name and thumbnail).


Posted by: Moby Hick | Link to this comment | 06-12-09 9:55 AM
horizontal rule
47

I was a very late cell phone adopter, and still don't use mine much. I've got some numbers in it, but mostly I remember the numbers I call a lot.


Posted by: LizardBreath | Link to this comment | 06-12-09 9:55 AM
horizontal rule
48

if you're like me, you remember a bunch of phone numbers that aren't operative any more

I'm not like you, I don't think. Two or three from childhood, maybe?

43: my thinking was that standard-password #2 (the slightly more complex one, which is used on almost all my sensitive accounts) is my gmail password anyway, and if someone malicious got that I'd be ungodly fucked anyway, to the extent that losing the half-dozen or so other random passwords that are stored in there wouldn't really be much worse of a result. So it didn't seem too problematic. Is that somehow wrong?


Posted by: Brock Landers | Link to this comment | 06-12-09 10:00 AM
horizontal rule
49

46: IIRC, by default your entire profile is viewable by anybody in "your network" (e.g., the city you live in).


Posted by: Yawnoc | Link to this comment | 06-12-09 10:00 AM
horizontal rule
50

49: Thanks for the warning. I'll check that.


Posted by: Moby Hick | Link to this comment | 06-12-09 10:02 AM
horizontal rule
51

48: This is actually a good response to the "single point of failure" critique of 29. Your email account is a de facto point of failure in any password regime—confirming that you have access to your primary email address is the mechanism by which most sites allow you (or a malefactor) to reset your password.


Posted by: Yawnoc | Link to this comment | 06-12-09 10:04 AM
horizontal rule
52

Unfortunately, my 'single point of failure' is usually motivation.


Posted by: Moby Hick | Link to this comment | 06-12-09 10:05 AM
horizontal rule
53

I do exactly what Brock describes in 40, and I do not want to be whacked with the newspaper of 43. How on earth am I supposed to cope with each business having slightly different specs on what they demand of your username and password?


Posted by: heebie-geebie | Link to this comment | 06-12-09 10:07 AM
horizontal rule
54

The basic Facebook page looks like it was made by someone just learning how to make a web page, but with no idea at all about simple aesthetic rules

Facebook is worse than it used to be, but I think it has been too long since you have seen the actual product of someone just learning how to make a web page OR someone with absolutely no idea about simple aesthetic rules, let alone both. The depths are very deep.


Posted by: redfoxtailshrub | Link to this comment | 06-12-09 10:11 AM
horizontal rule
55

My online bill-paying routine almost invariably includes clicking on "forgot username/password?" Do I know that there's software out there to help me manage this information? Yes, I do. Have I gotten around to using it? Bahaha. Please.


Posted by: Jesus McQueen | Link to this comment | 06-12-09 10:12 AM
horizontal rule
56

I do exactly what Brock describes in 40, and I do not want to be whacked with the newspaper of 43. How on earth am I supposed to cope with each business having slightly different specs on what they demand of your username and password?

Password Management software?


Posted by: Gonerill | Link to this comment | 06-12-09 10:12 AM
horizontal rule
57

54: Seriously, it's beyond me how anyone could complain about Facebook's aesthetics, when its two primary competitors are MySpace (!) and LinkIn (!!).


Posted by: Brock Landers | Link to this comment | 06-12-09 10:14 AM
horizontal rule
58

Password Management software seems like it's begging for someone to write a virus and hide it in there.


Posted by: heebie-geebie | Link to this comment | 06-12-09 10:14 AM
horizontal rule
59

LinkedIn.


Posted by: Brock Landers | Link to this comment | 06-12-09 10:14 AM
horizontal rule
60

I do exactly what Brock describes in 40, and I do not want to be whacked with the newspaper of 43. How on earth am I supposed to cope with each business having slightly different specs on what they demand of your username and password?

Get yourself a program that lets you make an encrypted password database and save them in there. (For Macs, I like Pastor. I don't know what's good for a PC.) Then have a nice long passphrase as your password for that, and remember to close the darn thing when you leave your computer. You can even email yourself the password file, then, because it's encrypted.


Posted by: redfoxtailshrub | Link to this comment | 06-12-09 10:14 AM
horizontal rule
61

I don't know if I've ever seen a less ugly webpage-building site than Facebook. Myspace? LinkedIn? Livejournal? Geocities? Tripod? The idea is laughable.

In fact, there's hardly any sites anywhere that are less ugly than Facebook. Blogger accomplishes a much simpler goal. What could be improved about it?

(admittedly, I think "ugly" = "busy", in general.)


Posted by: Cryptic ned | Link to this comment | 06-12-09 10:15 AM
horizontal rule
62

Keep an list of passwords encrypted with one master password that you remember, and store it in multiple places. And don't forget the master password.


Posted by: neil | Link to this comment | 06-12-09 10:16 AM
horizontal rule
63

It would help me feel like the hoops described in 60 were worth jumping through if someone could explain where the logic in 48.2 goes wrong.


Posted by: Brock Landers | Link to this comment | 06-12-09 10:16 AM
horizontal rule
64

The idea of "encrypting" something is likely to be the stumbling block for 99.9% of people, including me. I would have to find out what is involved in encrypting something.

I have a text file on my home computer that contains most of the passwords, written in a sort of run-together way. I guess if I had a laptop I would be in trouble if it, and that file, got stolen.

Also, 58.


Posted by: Cryptic ned | Link to this comment | 06-12-09 10:19 AM
horizontal rule
65

Hey, 60 really only involves one hoop.


Posted by: redfoxtailshrub | Link to this comment | 06-12-09 10:19 AM
horizontal rule
66

63: Because they probably wouldn't get that password from stealing your Gmail password -- they'd get it from stealing any of your myriad financial passwords, which are on the whole probably less secure anyway. The situation you want to avoid is that they steal one password and then have them all. It's mostly true, as per 51, that your email password is a kind of 'master key', so why are you handing the master key over to anyone else?


Posted by: neil | Link to this comment | 06-12-09 10:19 AM
horizontal rule
67

For Macs, I like Pastor. I don't know what's good for a PC.

One of the reasons I like my system is that I can get at my passwords from home (mac) or from school (pc). Also, I'm sure identity theft could never happen to me.


Posted by: heebie-geebie | Link to this comment | 06-12-09 10:19 AM
horizontal rule
68

Password Management software seems like it's begging for someone to write a virus and hide it in there.

I guess. But there are plenty of perfectly respectable applications. You choose a hard master passphrase and that's all you have to remember. All your logins are stored in an encrypted database. Then the software can autogenerate very complex passwords for you as needed, and remember them for you. 1Password is compatible with all the mac browsers, so when I go to my bank or FB or what not I just hit command-\ and the relevant login is filled in for me. Easy. One major benefit is that all your passwords for various websites are different. You don't even have to know what they are. You can store other encrypted stuff too (notes, SSNs, whatever). It's really pretty easy.


Posted by: Gonerill | Link to this comment | 06-12-09 10:22 AM
horizontal rule
69

One of the reasons I like my system is that I can get at my passwords from home (mac) or from school (pc).

KeePass works on Macs, Windows and Linux.


Posted by: Gonerill | Link to this comment | 06-12-09 10:24 AM
horizontal rule
70

Is that somehow wrong?

The first thing worth mentioning is that e-mail is sent in clear text. So every time you send a password to yourself there's a possibility that someone could be reading mail on one of the hops between your work mail server and gmail could read the message if they happened to be eavesdropping (if you're just sending it from gmail to gmail this might be less of an issue).

[someone else has probably said this already].


Posted by: NickS | Link to this comment | 06-12-09 10:25 AM
horizontal rule
71

A few websites out there are starting to make use of OpenID in ways that don't suck. As this becomes more common, y'all should take advantage of it. Basically, instead of logging in to each website, you just have to log in to Google or Yahoo or whatever your OpenID provider is, and then being logged in there will give you access to the other sites.


Posted by: Spike | Link to this comment | 06-12-09 10:25 AM
horizontal rule
72

It's hard not to like this guy.


Posted by: Gonerill | Link to this comment | 06-12-09 10:25 AM
horizontal rule
73

67: KeePass (Windows), KeePassX (Mac), store your passwords on Dropbox.


Posted by: Yawnoc | Link to this comment | 06-12-09 10:26 AM
horizontal rule
74

Facebook gets progressively uglier over time, as more ads and random "who ordered that?" stuff creeps in. It's still infinitely better than Myspace, though.


Posted by: essear | Link to this comment | 06-12-09 10:27 AM
horizontal rule
75

69: Like Heebie, I'd need both mac and PC compatibility. And at a quick glance, KeePass looks to be downloaded software. Are any of these hosted online? Because I can't download software to my work computer, and I would need to be able to access my passwords from here.


Posted by: Brock Landers | Link to this comment | 06-12-09 10:27 AM
horizontal rule
76

My passwords are composed of several mixed-and-matched parts that are permuted and rearranged for different purposes. So I remember the pieces and do my best to remember what to do with them in different circumstances. This is probably not the best strategy, but it works well enough for me. (And the one time I had all the money stolen from a bank account, it didn't seem to have anything to do with password security.)


Posted by: essear | Link to this comment | 06-12-09 10:28 AM
horizontal rule
77

75: Passpack?


Posted by: Yawnoc | Link to this comment | 06-12-09 10:29 AM
horizontal rule
78

77: that might work--I'll look into it. Thanks. I'd like to do something to make RMMP stop hitting me.


Posted by: Brock Landers | Link to this comment | 06-12-09 10:33 AM
horizontal rule
79

I should be clear that I think KeePass or something like it is much better than the email solution. My main problems are what NickS describes, that emails are sent clear text and, odds are, your Gmail session is also just plain HTTP instead of using HTTPS so every time you view a Gmail message that's also clear text. You've also noted that you use this system when you need to remember a more specific or stringent password than your normal strong password, which seems backwards to me: you're using a password that is weaker than the passwords you're using it to protect. (If I've misremembered, my bad.)

If you have to go the one-password-to-rule-them-all route, go with KeePass or Pastor or something like it. However, yes, you will have to install it on your work machine. If your only option is Gmail, make sure you go to https://mail.google.com after logging in so that your session is encrypted. Also, consider setting up a second Gmail account and use one for logins and another for passwords. Pain in the ass, yes, I know, but in general the goal should be to keep from having all of one's eggs in the same basket or, in the case of something like KeePass, putting a good lock on the basket and lining it with lead and praying you don't lose the key. Ultimately, it comes down to how much risk you're willing to tolerate. There is no such thing as security, there is only risk management.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 10:34 AM
horizontal rule
80

Also, I'm sure identity theft could never happen to me.

Hey, I never said that!


Posted by: heebie jeebie | Link to this comment | 06-12-09 10:39 AM
horizontal rule
81

72: Aw. Yeah, leaving policy problems to one side, he is awfully personally charming, isn't he.


Posted by: LizardBreath | Link to this comment | 06-12-09 10:39 AM
horizontal rule
82

you're using a password that is weaker than the passwords you're using it to protect. (If I've misremembered, my bad.)

No, that's exactly right, except I don't really think my email password is necessarily weaker than the others--just shorter*, or otherwise not conforming to some website's idiosyncratic requirements. Of course, it's used in a bazillion different places, so that makes it more prone to being stolen, I guess.

* I realize that in some crypographic sense shorter=weaker, but I'm not sure that's really relevant at this level of security.


Posted by: Brock Landers | Link to this comment | 06-12-09 10:40 AM
horizontal rule
83

+t


Posted by: Brock Landers | Link to this comment | 06-12-09 10:40 AM
horizontal rule
84

When is everything going to be biometric? I don't want to remember a dozen strong passwords, I just want to look into the damn retinal scanner.


Posted by: LizardBreath | Link to this comment | 06-12-09 10:41 AM
horizontal rule
85

85: That's all well and good until someone pries out your eyeball to fool a retina scanner.


Posted by: Spike | Link to this comment | 06-12-09 10:42 AM
horizontal rule
86

er, 85 should be 84


Posted by: Spike | Link to this comment | 06-12-09 10:43 AM
horizontal rule
87

84: It's all fun and games until somebody steals your eyeballs.

(Also, 72, 81.)


Posted by: Jesurgislac | Link to this comment | 06-12-09 10:43 AM
horizontal rule
88

When they don't completely suck at the retail level. My work machine has a fingerprint reader that doesn't work for shit.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 10:43 AM
horizontal rule
89

Pwned by recursive meta-commenting!


Posted by: Jesurgislac | Link to this comment | 06-12-09 10:44 AM
horizontal rule
90

85-87: I guess that one was too easy...


Posted by: Spike | Link to this comment | 06-12-09 10:44 AM
horizontal rule
91

91: GOTO 89


Posted by: Spike | Link to this comment | 06-12-09 10:45 AM
horizontal rule
92

Yes, yes, stop shitting on the fingerprint scanner, I know, it sounds so easy when you just say it like that but have you ever tried?


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 10:45 AM
horizontal rule
93
Posted by: | Link to this comment | 06-12-09 10:45 AM
horizontal rule
94

For a while I used 1337-ed obscenities and the like together to create easy to remember passwords. Then my laptop died and I had to take it in to get the data of the HD and there was a lovely moment when the guy asked me for the password and I had to spell out a pornographic (and frankly disgusting) phrase with leet-substitutions. He enjoyed it more than I did.

57, 61: I don't use any social networking sites, so my points of comparison are blogs and professionally done websites for the most part. The FB look just strikes me as clumsy and awkward. Perhaps it's elegant compared to similar sites, but it seems like that's damning with faint praise. As I said, effete snob here, so YMMV.


Posted by: togolosh | Link to this comment | 06-12-09 10:47 AM
horizontal rule
95

Get yourself a program that lets you make an encrypted password database and save them in there. (For Macs, I like Pastor.

FWIW, on Macs you don't even need to install third-party software; Keychain will get you most of what you need. (The DB itself isn't encrypted, but your passwords are, and you can set the Keychain password to something other than your login password.)


Posted by: Josh | Link to this comment | 06-12-09 10:49 AM
horizontal rule
96

I keep a list of clues to my passwords in a little book that sits on my desk at home.


Posted by: Jackmormon | Link to this comment | 06-12-09 10:52 AM
horizontal rule
97

23, 24: At my previous job, it was a firing offense to connect any non-company-owned removable storage to any work machine, although I suspect that was more for retroactive use than active monitoring. They also would not let any non-company-owned machines onto the networks or VPN, which meant that when I started I was issued a desktop for my office and a laptop to take home.


Posted by: Josh | Link to this comment | 06-12-09 10:53 AM
horizontal rule
98

97: Like I said in 39, I am so happy/lucky not to have to deal with this kind of BS. (I mean, I see the reasons for the policy, but what a PITA that must be).


Posted by: Gonerill | Link to this comment | 06-12-09 10:56 AM
horizontal rule
99

I'm pretty sure I infected my work computer with malware via a USB drive which I'd brought from the home computer. The work computer became unusable since obviously I didn't have the authority to go to an advice website and install all the software and take all the steps they recommended, which worked great with the home computer. The instructions from IT were "Let me wipe the hard drive".

AutoPlay is to blame. Why does it exist? What good does it do?


Posted by: Cryptic ned | Link to this comment | 06-12-09 10:57 AM
horizontal rule
100

I keep a little notebook on my desk at home that has a list of what look like passwords to my various e-mail accounts and forum boards, etc.

I scribble over them and pretend to invent new ones every so often.

My real password set is stored in my head: I'm safe until identity thieves kidnap me, shoot me up with truth drugs, and untangle the passwords from all the other random information that I spill.


Posted by: Jesurgislac | Link to this comment | 06-12-09 10:57 AM
horizontal rule
101

Does anyone know anything about the website linked in 77? I'm mostly just looking for some sort of assurance that it's not hosted by the Russian mob.


Posted by: Brock Landers | Link to this comment | 06-12-09 11:00 AM
horizontal rule
102

100: "I confess! I felt genuine empathy for the characters in Titanic and Ih8t3NN!5!"


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 11:01 AM
horizontal rule
103

98: The thing was, they actually (for the most part) did it right, so it wasn't a pain in the ass at all. All work machine (Windows) images came with PasswordSafe pre-installed, and employees were encouraged to use it, and since you were only allowed to login from work machines you didn't have to come up with some way to distribute your passwords everywhere. It would have been a pain in the ass if they hadn't issued us all laptops, though.

The only real problem was the brain-dead Windows password rules (required to change every few months, couldn't use the same password you'd used in the previous year, shit like that). Those used to drive me into a rage every time I had to come up with a new one.


Posted by: Josh | Link to this comment | 06-12-09 11:04 AM
horizontal rule
104

97, 98: Fortunately, the ubiquity of computing devices will in then end kill that approach for all but the most super-secure needs (air gap stuff). But it is a long, slow process heavily reliant on encryption and security protocols. And there will definitely be some big "oops" and other bumps along the way. But I suspect by mid-decade or so most organizations will not provide employees with company-procured physical devices (they might give a stipend). We'll see.


Posted by: JP Stormcrow | Link to this comment | 06-12-09 11:07 AM
horizontal rule
105

102: I confess that 2/3rds of 100 was a lie.


Posted by: Jesurgislac | Link to this comment | 06-12-09 11:12 AM
horizontal rule
106

when I started I was issued a desktop for my office and a laptop to take home.

A laptop and a docking station might have saved a few bucks, no?


Posted by: OFE | Link to this comment | 06-12-09 11:12 AM
horizontal rule
107

To be extra secure, I won't sign up for this URL Facebook feature. At least not using any of my passwords as my username.


Posted by: heebie-geebie | Link to this comment | 06-12-09 11:13 AM
horizontal rule
108

85 should be 84

Spikes most of human mathematics since we got advanced enough to figure out the answer to 5*17...


Posted by: Jesurgislac | Link to this comment | 06-12-09 11:15 AM
horizontal rule
109

f your only option is Gmail, make sure you go to https://mail.google.com after logging in so that your session is encrypted.

There's a setting in gmail to tell it to always use HTTPS which is very important if you're using it for anything secure.


Posted by: NickS | Link to this comment | 06-12-09 11:17 AM
horizontal rule
110

Further to 109:

Settings --> Browser connection: (main tab) --> Always use https


Posted by: NickS | Link to this comment | 06-12-09 11:18 AM
horizontal rule
111

103: Heh. I first encountered the rule that you had to change your password regularly, and couldn't repeat it, when I worked for IBM in 1990, and back then IBM were seriously kidding themselves that O/S2 would beat out Windows any day. ("Better DOS than DOS! Better Windows than Windows!" as their propaganda video that staff were required to watch put it.)

One of my colleagues used Anne McCaffrey dragon names for his password set. His computer was called Ramoth.


Posted by: Jesurgislac | Link to this comment | 06-12-09 11:19 AM
horizontal rule
112

105: I bet your real name isn't actually Jesurgislac, you lying sack of things which are bad.


Posted by: togolosh | Link to this comment | 06-12-09 11:20 AM
horizontal rule
113

O/S2

I have heard this pronounced "Half-oss".


Posted by: LizardBreath | Link to this comment | 06-12-09 11:23 AM
horizontal rule
114

Which makes more sense given that the name is OS/2, not O/S2.


Posted by: essear | Link to this comment | 06-12-09 11:23 AM
horizontal rule
115

From semi-back in the day:

Two versions of OS/2
so the small machines can fly.
Three versions of DOS
for the clueless in their homes.
Nine versions of UNIX
for the hackers late at night.
One version of Windows
for the Dark Lord on his throne.

In the land of Redmond, where the shadows lie.

One OS to rule them all, one OS to find them.
One OS to bring them all, and in the darkness bind them

In the land of Redmond, where the shadows lie.


Posted by: JP Stormcrow | Link to this comment | 06-12-09 11:33 AM
horizontal rule
116

My real name is

An Arm Clothed In White Samite, That Held A Fair Sword In That Hand.

(My parents, Thomas Hand and Malory That, couldn't resist a literary reference if it killed them.)

"Je Surgis Lac"


Posted by: | Link to this comment | 06-12-09 11:34 AM
horizontal rule
117

116 is in response to 112.


Posted by: Jesurgislac | Link to this comment | 06-12-09 11:35 AM
horizontal rule
118

104: Yeah, the amusing thing (to me, anyway) was thinking about how the "no removable storage" policy interacted with the "take this laptop and use it to WFH" policy. Does that mean that if I have a NAS at home, I'm violating the policy by getting on my home network with the work laptop?

106: Well, at the time I joined, the company was pretty flush, so cutting costs on that level wasn't much of a concern, but more importantly tying me to the laptop as my only machine would have meant that I had to carry it back and forth to work, and that would have raised the risk of theft or loss. (In fact, I did have a work laptop stolen out of the trunk of my car. I got a lecture from the company on how to keep it secure in the event I ever needed to take a company laptop anywhere ever again.)


Posted by: Josh | Link to this comment | 06-12-09 11:37 AM
horizontal rule
119

114: It's been almost 20 years, and I never cared about the stupid operating system anyway.


Posted by: Jesurgislac | Link to this comment | 06-12-09 11:38 AM
horizontal rule
120

118: The best laws are those that everyone has to break. The IT department has their ass covered.


Posted by: Hamilton-Lovecraft | Link to this comment | 06-12-09 11:56 AM
horizontal rule
121

I use one password for most everything, but a different login email. I own my personal url, so I use amazon@myurl.com/standard password.

This is so if someone does start sending me spam, I can just delete that email address rather than count on them to unsubscribe.

I have never had to do that. It is a silly system.

(I actually have a different 1337 pwd for paypal and ebay, after someone cracked my ebay account and bid on a whole bunch of stuff.)


Posted by: Wrongshore | Link to this comment | 06-12-09 12:06 PM
horizontal rule
122

I use 1Password and love it, but it's not helpful when I'm not on my own laptop. For passwords I want to be really secure (banks, paypal, etc) I use a randomly generated one from 1Password. For everything else, I use an easy to remember pattern: a common root with a prefix/suffix specific to each site.


Posted by: mrh | Link to this comment | 06-12-09 12:28 PM
horizontal rule
123

Eh. I use what I think is probably the most reliable system: something I'll never, ever be able to forget, that I never discuss with anyone anyway. It helps that I have an inconveniently good memory for useless numbers.


Posted by: Jesurgislac | Link to this comment | 06-12-09 1:13 PM
horizontal rule
124

123: Oh, what the hell, since we're all friends here: I use the Stargate code that landed me on this stupid planet, rendered into hex, usually with the year of my arrival. That works as the secret password for my bank account, the entrance to my secret basement, and the phone number General O'Neill uses to contact me. Dead easy, see?


Posted by: Jesurgislac | Link to this comment | 06-12-09 1:16 PM
horizontal rule
125

I use what I think is probably the most reliable system: something I'll never, ever be able to forget, that I never discuss with anyone anyway

You mean two dozen different unforgettable things? Because that's my whole problem--different institutions have different password requirements, not all of which are compatible with one another.


Posted by: Brock Landers | Link to this comment | 06-12-09 1:17 PM
horizontal rule
126

that's my whole problem--different institutions have different password requirements, not all of which are compatible with one another

Here's my system, which may seem a tad cumbersome while I explain it, but is in fact beautifully simple.

I keep a list* of sites and passwords. BUT -- before RMMP has a heart attack -- it's coded.

Imagine that my standard password is littlebitches.

Instead of putting "littlebitches" on my list, I put "security" and then adjust "security" as needed for different sites.

So, if on a particular site I use l1tt1leb1tches as my password, I put secur1ty on my list, reminding me to change the i's to 1's.

littlebitch3s = s3curity
littlebitche$ = $ecurity

Et cetera.

*Of course it's a spreadsheet, not a list, because I am a proud nerd.


Posted by: Sir Kraab | Link to this comment | 06-12-09 1:24 PM
horizontal rule
127

That is brilliant -- my biggest problem is remembering exactly what I've done in terms of 1337-speaking my standard passwords. I suppose it's vulnerable to anyone who both figures out your standard password and gets your list, but at some point we all have to concede that SPECTRE probably isn't after us each individually.


Posted by: LizardBreath | Link to this comment | 06-12-09 1:30 PM
horizontal rule
128

I am a proud nerd.

Yes, I know all of the rest of you are nerds, too, but in a much more nerdy way -- meaning you know stuff about nerdy topics -- which somehow makes me more of a nerd than everyone else. See?


Posted by: Sir Kraab | Link to this comment | 06-12-09 1:31 PM
horizontal rule
129

Or I could just send $10/mo to that LifeLock guy, and then I could freely post all my login info and passwords here in this thread, right?


Posted by: Brock Landers | Link to this comment | 06-12-09 1:32 PM
horizontal rule
130

127: Why, thank you! No one know my non-obvious standard password except M/tch, so if I turn up dead and my bank accounts have been cleaned out, sic the cops on him.


Posted by: Sir Kraab | Link to this comment | 06-12-09 1:35 PM
horizontal rule
131

Or I could just send $10/mo to that LifeLock guy, and then I could freely post all my login info and passwords here in this thread, right?

I'm sorry, Brock, I can't hear you from all the way under that bridge.


Posted by: Robust McManlyPants | Link to this comment | 06-12-09 1:41 PM
horizontal rule
132

125: No, actually, I really do mean one unforgettable thing. It's a flexible unforgettable thing, so I can usually backfigure "If the rules are thus, I would have done this to my Unforgettable Thing".


Posted by: Jesurgislac | Link to this comment | 06-12-09 1:42 PM
horizontal rule
133

I like the old phone number trick, too. If I used my childhood phone number as the password, I think I'd use something like the initials of the street I lived on as my reminder.

I realized as I wrote out 126 that I could just use "3" as my reminder for "littl3bitch3s," but I do try to remember my frequently used passwords without having to look them up and "security 3" sticks better in my brain than "3."


Posted by: Sir Kraab | Link to this comment | 06-12-09 1:45 PM
horizontal rule
134

127: I suppose it's vulnerable to anyone who both figures out your standard password and gets your list, but at some point we all have to concede that SPECTRE probably isn't after us each individually.

But it's less fun that way. I enjoy assuming everyone in the world could be a secret agent out to get my passwords, so that I have the motivation for a perpetual system of misdirection about my system of remembering yet concealing them so that I never have to write them down yet never forget them.

...because the number of times someone's told me "Hey, I have this brilliant system" and bragged about it to me at length and left me t hinking "Just a little bit of investigation and I could find out what your password is, if I wanted to, if I was that sort of person"... but I'm not and I don't.


Posted by: Jesurgislac | Link to this comment | 06-12-09 1:57 PM
horizontal rule
135

And of course, not everyone has a brilliant system.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:01 PM
horizontal rule
136

I use a safety pin to scratch my password on the underside of my balls. When the scar fades, I know its time to change passwords.


Posted by: Spike | Link to this comment | 06-12-09 2:12 PM
horizontal rule
137

I have not actually read this thread, but I am mildly amused to note that ALL of the cases* of password hacking/identity theft that I have firsthand knowledge of entailed:

1. Nearest and dearest, who had at some point in the past been entrusted with the password, and/or could easily figure it out

2. Corrupt employees of a trusted bank, agency, company, etc.

The first group is within your control; the second isn't. No amount of password caution is going to protect you from corruption, either. That said, I'm pretty insanely cautious with my own.

*No, wait, I'm just barely wrong. A pair of notorious identity thieves strolled through my office complex once, but our alert receptionist booted them out for general hinkiness and lack of good reason to walk through private offices when everyone was at lunch. This was a month or so before their pictures hit the front pages of local papers.


Posted by: Witt | Link to this comment | 06-12-09 2:12 PM
horizontal rule
138

134 makes me regret 122, a little.


Posted by: mrh | Link to this comment | 06-12-09 2:22 PM
horizontal rule
139

||

My little brother just found out he's accepted to Chicago law school. Previously he'd been accepted at Michigan and waitlisted at Columbia, which is not looking hopeful. He wants to be either a legal academic or do some kind of public-interest stuff (that's a new interest as he's started turning into a liberal). Is there an obvious choice here? He mentioned some kind of scholarship from Michigan -- does that change things?

|>


Posted by: Bave Dee | Link to this comment | 06-12-09 2:27 PM
horizontal rule
140

There's no obvious choice. I'd advice him to take the money.


Posted by: Brock Landers | Link to this comment | 06-12-09 2:29 PM
horizontal rule
141

advise, even.


Posted by: Brock Landers | Link to this comment | 06-12-09 2:29 PM
horizontal rule
142

139: If he really does want to go into public interest law or academia, take the scholarship unless there is some other over-riding concern with location or whatnot.


Posted by: Moby Hick | Link to this comment | 06-12-09 2:33 PM
horizontal rule
143

138: No worries, mrh. Tell me your password and I'll keep it safe from Secret Agent Jesurgislac.


Posted by: Sir Kraab | Link to this comment | 06-12-09 2:33 PM
horizontal rule
144

Depends on how much. If he wants to be a legal academic, I think University of Chicago gives him better odds. (Not on the basis of much knowledge, but I'd think.)


Posted by: LizardBreath | Link to this comment | 06-12-09 2:34 PM
horizontal rule
145

unless there is some other over-riding concern with locationng the best Unfogged meetups.


Posted by: Sir Kraab | Link to this comment | 06-12-09 2:35 PM
horizontal rule
146

143 But we must never admit that we know each other! If we meet in public, pretend not to recognise me.


Posted by: Jesurgislac | Link to this comment | 06-12-09 2:36 PM
horizontal rule
147

144: I should clarify that I don't know anything specific about either program. I was just thinking in terms of 'less debt' = 'more freedom after graduation'.


Posted by: Moby Hick | Link to this comment | 06-12-09 2:37 PM
horizontal rule
148

I would imagine that Chicago has more ideologically doctrinaire people.


Posted by: nosflow | Link to this comment | 06-12-09 2:41 PM
horizontal rule
149

I don't know anything ideological about Chicago, but law schools are (IMverylimitedE) fairly forgiving places to be out of step, so unless money's a major factor, I'd take the higher ranked school over the perceived leftier school. If money is a big factor, Michigan is certainly an excellent school in its own right.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:41 PM
horizontal rule
150

I think I'm going to pick "kristoncapps" for my url.


Posted by: nosflow | Link to this comment | 06-12-09 2:42 PM
horizontal rule
151

I know someone who just recent graduated from Chicago who felt the atmosphere to be a little all-libertarian-all-the-time.


Posted by: nosflow | Link to this comment | 06-12-09 2:42 PM
horizontal rule
152

And if he ends up in a public interest job, Chicago gives out $70K in loan forgiveness, which is something.

Of course, Chicago is where fun goes to die.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:44 PM
horizontal rule
153

Only for the undergrads. The professional students have a blast.


Posted by: nosflow | Link to this comment | 06-12-09 2:45 PM
horizontal rule
154

151: Seems likely -- I'm just thinking that won't have that much of a negative effect on his experience.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:46 PM
horizontal rule
155

151: Yikes. My brother has a worrisome young-white-guy libertarian streak that I wouldn't want to see encouraged.

On the other hand, isn't indoctrination in the ruling ideology pretty standard for top-tier law schools? A guy I dated who was at Harvard Law would spout the most ridiculous Law and Economics shit that he was being fed in his classes -- crude Coase stuff. His knee-jerk anti-labor reaction to the transit strike when he was visiting me was the beginning of the end.


Posted by: Bave Dee | Link to this comment | 06-12-09 2:47 PM
horizontal rule
156

You know, I'm a horrible snob. I just looked at a law school ranking site, and hadn't realized quite how excellent Michigan is. At that level, it's a wash -- I'd make the decision based on the money.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:48 PM
horizontal rule
157

155: Repeat to him as often as possible 152.last

The last thing the world needs is more glibertarians.


Posted by: togolosh | Link to this comment | 06-12-09 2:48 PM
horizontal rule
158

My point in mentioning the atmosphere was precisely that it did have a negative effect on her experience.


Posted by: nosflow | Link to this comment | 06-12-09 2:49 PM
horizontal rule
159

On the other hand, isn't indoctrination in the ruling ideology pretty standard for top-tier law schools?

Oh, you betcha. NYU is lefty as law schools go, and man oh man did we get the Law&Economics gavage. Annoyed me something fierce.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:49 PM
horizontal rule
160

The last thing the world needs is more glibertarians.

LET'S LET REVEALED PREFERENCE REVEAL THAT


Posted by: OPINIONATED GLIBERTARIAN | Link to this comment | 06-12-09 2:50 PM
horizontal rule
161

157: Isn't that for the Market to decide?


Posted by: Tiny Hermaphrodite | Link to this comment | 06-12-09 2:51 PM
horizontal rule
162

fairly forgiving places to be out of step

Maybe relatively, but I didn't think it was entirely forgiving. Of course, I can see a difference between 'out of step on an ideological scale' and 'out of step because I think the law is deeply weird and don't want to be a lawyer'.

I was reading a couple law students who said that class differences made law school baffling for them. I didn't notice that myself.


Posted by: Megan | Link to this comment | 06-12-09 2:51 PM
horizontal rule
163

Pwned.


Posted by: Tiny Hermaphrodite | Link to this comment | 06-12-09 2:51 PM
horizontal rule
164

143: I use the Kraab Password Manager! Whenever I need my bank password, I just call up Sir Kraab, and she tells me not to worry about it, she'll take care of making any withdrawals or whatever.


Posted by: mrh | Link to this comment | 06-12-09 2:52 PM
horizontal rule
165

The Uof C law school is built on the trampled skeleton of a once-vibrant black community. That community was pushed out and left to die by the intentional racial cleansing policies of the university, abetted by the city's equally racially oppressive urban renewal programs. Of course, whether this is a plu or a minus depends on your politics.


Posted by: Michael H Schneider | Link to this comment | 06-12-09 2:53 PM
horizontal rule
166

The class thing at Harvard was kinda strange from what I could see when I visited HLSBF. A lot of students from privileged backgrounds who knew the rules already, but it also seemed that the middle-class t had come to understand at least by the second year that they'd been bumped up a few rungs on the ladder just by virtue of being at Harvard Law. They borrowed, dined, and vacationed accordingly.


Posted by: Bave Dee | Link to this comment | 06-12-09 2:54 PM
horizontal rule
167

165: I think number of trampled skeltons in the foundation is one of the ranking criteria used for law schools.


Posted by: Moby Hick | Link to this comment | 06-12-09 2:55 PM
horizontal rule
168

167: Extra points if they're red.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:55 PM
horizontal rule
169

167: right. In most places, the dead hand of the past is revered, displayed in every classroom, and worshipped at the start of every class session.


Posted by: Michael H Schneider | Link to this comment | 06-12-09 2:56 PM
horizontal rule
170

168: Or clearly crushed under case notes.


Posted by: Moby Hick | Link to this comment | 06-12-09 2:57 PM
horizontal rule
171
Posted by: | Link to this comment | 06-12-09 2:57 PM
horizontal rule
172

middle-class students


Posted by: Bave Dee | Link to this comment | 06-12-09 2:57 PM
horizontal rule
173

And on the 'forgiving places to be out of step' -- eh, come to think of it, that might be just a feature of my experience. Which was that professors liked being argued with, so disagreeing with them wasn't a negative, and I wasn't all that engaged with my fellow students.


Posted by: LizardBreath | Link to this comment | 06-12-09 2:57 PM
horizontal rule
174

I was going to be a lawyer, but then I found out how much it cost to get your picture on the back cover of the phone book.


Posted by: Moby Hick | Link to this comment | 06-12-09 3:07 PM
horizontal rule
175

Milk cartons are much cheaper and easier.


Posted by: LizardBreath | Link to this comment | 06-12-09 3:08 PM
horizontal rule
176

There's a reason they're so cheap. Even the classiest picture of a milk carton on the back of a phone book is unlikely to drum up much business for your practice.


Posted by: nosflow | Link to this comment | 06-12-09 3:09 PM
horizontal rule
177

Chicago is where fun goes to die Di goes to fun.


Posted by: Sir Kraab | Link to this comment | 06-12-09 3:10 PM
horizontal rule
178

Now I've seen too many big firm lawyers looking for different work to think of doing it. Plus, I'm old.


Posted by: Moby Hick | Link to this comment | 06-12-09 3:15 PM
horizontal rule
179

My stepsister, not a liberal of much flaming, still found U of C law school too conservative and dreadfully unfun.


Posted by: Wrongshore | Link to this comment | 06-12-09 3:16 PM
horizontal rule
180

I wasn't all that engaged with my fellow students.

This is important, I think. If your brother isn't the kind of person who will find his own friends in other departments or outside the university, I'd worry more about the social & political aspects of where he goes.

I've known lots of very good lawyers with very good politics who came out of U Michigan -- at the labor law firm I used to work at, everyone seemed to have come out of Michigan or Yale. And the Michigan law school has a special place in my heart for pressing its affirmative action case up to the Supreme Court (and winning!)

All that said, keep him the hell away from U Chicago.


Posted by: Sir Kraab | Link to this comment | 06-12-09 3:18 PM
horizontal rule
181
Posted by: | Link to this comment | 06-12-09 3:18 PM
horizontal rule
182

And really, the ranking difference between Michigan and Chicago is basically imperceptible. When I was advocating Chicago above, I was misremembering Michigan's standing. (I feel incredibly shallow talking about rankings, but if you want to be an academic, it's a huge, huge deal.)


Posted by: LizardBreath | Link to this comment | 06-12-09 3:21 PM
horizontal rule
183

You know, I asked the question just wondering about things like prestige and benefits to his future career and didn't really think about the political stuff. I will push for Michigan, leveraging the money argument.


Posted by: Bave Dee | Link to this comment | 06-12-09 3:21 PM
horizontal rule
184

Did I just write "leveraging"? Jesus. I meant "using the money argument at leverage."

I must now go wash my fingers in holy water.


Posted by: Bave Dee | Link to this comment | 06-12-09 3:23 PM
horizontal rule
185

164: All for a low, low monthly fee! E-mail for details.


Posted by: Sir Kraab | Link to this comment | 06-12-09 3:26 PM
horizontal rule
186

184: Once I was getting an assignment from the professor I worked for to help some co-author of his at another university with a dataset. At one point he referred to me as 'a resource.' Which made me laugh right there.


Posted by: Moby Hick | Link to this comment | 06-12-09 3:27 PM
horizontal rule
187

as

I'm going for beer.


Posted by: Bave Dee | Link to this comment | 06-12-09 3:28 PM
horizontal rule
188

184: Yes! Leverage your core competencies going forward!

Also, I think you mean "as" not "at." Unless "leverage" is some new bar that's replaced the Mineshaft.


Posted by: togolosh | Link to this comment | 06-12-09 3:31 PM
horizontal rule
189

Damn. pwnd


Posted by: togolosh | Link to this comment | 06-12-09 3:32 PM
horizontal rule
190

If I ever open a gay bar, I'll call it "Leverage."


Posted by: Bave Dee | Link to this comment | 06-12-09 4:43 PM
horizontal rule
191

190: Your signature cocktail could be "The Leverage Beverage"!


Posted by: M/tch M/lls | Link to this comment | 06-12-09 4:45 PM
horizontal rule
192

Or maybe "The Fulcrum".


Posted by: M/tch M/lls | Link to this comment | 06-12-09 4:45 PM
horizontal rule
193

Decorated with a sleazy mural of Archimedes.


Posted by: nosflow | Link to this comment | 06-12-09 4:47 PM
horizontal rule
194

Plenty of bad pun opportunities in 'Archimedes screw'.


Posted by: Moby Hick | Link to this comment | 06-12-09 5:02 PM
horizontal rule
195

I was thinking about his known fondness for long levers.


Posted by: nosflow | Link to this comment | 06-12-09 5:04 PM
horizontal rule
196

Waaay upthread: thanks for 110, Nick.


Posted by: parsimon | Link to this comment | 06-12-09 6:43 PM
horizontal rule
197

LB, Chicago isn't really a more "prestigious" school, even based purely on the asinine rankings. They're really in the same tier, and both quite good schools.

As I said initially, absent other considerations, I'd take the money.


Posted by: Brock Landers | Link to this comment | 06-12-09 8:01 PM
horizontal rule
198

Yeah, my general sense is that U of C and UM are at about the same level -- if you're interested in firm jobs outside of the midwest (which is what I know, I have no idea what would be better if you wanted to work in Chicago or Minneapolis), some places will have stronger ties with UM and some with U of C, but it's basically a wash. I'd take the money, too. Plus, while I've met a few awesome liberals who went to U of C law school, I got the sense that they felt like an embittered minority.


Posted by: robert halford | Link to this comment | 06-12-09 8:09 PM
horizontal rule
199

Sounds like Michigan might be more to his taste. Certainly more to mine, but that doesn't matter. Chicago's a pretty ideological place across the board, and very concerned with its Chicagoness. My line on this is that a disproportionate number of faculty at Chicago will tell you they are central figures in their field (often, the leading exponent of the Chicago School of X). Some of them are central figures in their field. Some of them are cranks. And unfortunately many of them are cranks who are central figures in their field.


Posted by: Gonerill | Link to this comment | 06-12-09 8:27 PM
horizontal rule
200

200!


Posted by: teofilo | Link to this comment | 06-13-09 12:13 AM
horizontal rule
201

I mean, it was just sitting there. C'mon, people.


Posted by: teofilo | Link to this comment | 06-13-09 12:15 AM
horizontal rule
202

On the original subject of the post, Facebook has had several radical redesigns, few of which were improvements. For a long time they seemed to be desperately trying to emulate MySpace, and while there's still a bit of that (as this most recent change shows) they seem to have begun desperately trying to emulate Twitter as well. Have the courage of your convictions, Zuckerberg!


Posted by: teofilo | Link to this comment | 06-13-09 12:18 AM
horizontal rule
203

It's Saturday night again, isn't it?


Posted by: teofilo | Link to this comment | 06-13-09 12:24 AM
horizontal rule
204

In Sydney.


Posted by: JP Stormcrow | Link to this comment | 06-13-09 2:01 AM
horizontal rule
205

Count another vote for Michigan.

The what is more important than the where. He needs to edit the flagship journal, and he needs a good clerkship. Unfortunately, he also needs to care about the rules of civil procedure -- the difference between a rule 12 motion and a rule 56 motion for example -- and the medieval forms of land tenure from day one. IME, law school is very difficult for people who don't know that they want to be actual lawyers, because just enough of the material is only useful for that (if at all) and just enough of the classmates are going to be working to master this stuff that the top 10% of the class will be dominated by them.

Setting out to be a legal academic strikes me as akin to setting out, in junior high, to be in the NBA. It isn't going to happen if you don't work your ass off for it, but then it isn't going to happen for a lot of people who want it. Maybe I'm just jaded, though, by limited E. (My next door neighbor -- summa Princeton, magna HLS, Roberts at the DC Cir, Kennedy at the SC -- has recently embarked on that road after about 3 years of Biglaw. Good guy, tough time for it. I'm sure it'll work out for him, though. My next door neighbor from my last address is also an academic now: Dartmouth -> GW -> Scirica -> Rehnquist -> Hogan (protege of Roberts) -> SG's office -> Hogan -> SG's office -> SG (until 1/20/09). These guys are NBA.)


Posted by: CharleyCarp | Link to this comment | 06-13-09 5:14 AM
horizontal rule
206

Of course, our own Belle L is pursuing it a little differently.


Posted by: CharleyCarp | Link to this comment | 06-13-09 5:23 AM
horizontal rule
207

And I see that one of my favorite profs from law school went an easier way. Maybe 205 is a much too bleak.


Posted by: CharleyCarp | Link to this comment | 06-13-09 5:51 AM
horizontal rule
208

On the TNR front page: "Jelveh: Are Prostitutes Way Overpaid?"Resisiting the urge to click.


Posted by: David Weman | Link to this comment | 06-13-09 5:55 AM
horizontal rule
209

205 sounds about right to me.

Because I understood very little about the field, I was one of those people who went to law school hoping eventually to be a legal academic. It is tough and competitive. Both of my co-clerks now are academics, but they were very highly credentialed, and it was work for them to break in. One, who was Yale B.A., Yale Ph.D., Yale J.D., Yale Law Review and five years practice before she clerked with me, did several years of almost no pay fellowships afterwards before she got a tenure track position. My other co-clerk went on to clerk for Justice Stevens after we clerked together, and still had to do several years as a legal writing instructor before she got a tenure track position. One of the reasons I decided not to go on the teaching market was seeing how hard it was for people who were smarter and much better credentialed than I.

Of course, being a practicing lawyer is great in most respects, so it all turned out OK.


Posted by: Idealist | Link to this comment | 06-13-09 6:13 AM
horizontal rule
210

197: Yeah, I figured that out -- I'd mentally had Michigan listed a notch lower than it deserved (as "excellent, but not quite top tier" instead of "definitely top tier"). When I looked at some rankings, I realized I was wrong.

And Charley and Ideal are right about how hard it is to get into academia, although the difference from the NBA is that someone who just misses academia is going to have a resume that will serve them well for doing most other legal jobs.


Posted by: LizardBreath | Link to this comment | 06-13-09 6:30 AM
horizontal rule
211

209.3 is right on. I have very little regard for legal academics, and never cite or otherwise rely on an academic unless there is no other authority of any kind. I'd cite a case from Serbia before I'd cite a law professor. I've just about never read any academic written product that I thought useful or productive (except to the extent that the product is the author/professor's career) to justify my time. And I'm an Unfogged commenter, so you know how valuable I think my time is.

It's unfair, I'm sure, but I don't think my attitude about the legal academy is at all unusual among real lawyers in the bar.

So it's not really the NBA. It's more like Olympic level curling. You can dedicate yourself to it, and with luck and hard work you just might make it.


Posted by: CharleyCarp | Link to this comment | 06-13-09 6:46 AM
horizontal rule
212

No offense to curling, of course.


Posted by: CharleyCarp | Link to this comment | 06-13-09 6:47 AM
horizontal rule
213

That's pretty true -- academic work doesn't have much to do with practice. On the other hand, you do get to bully the next generation: it was academics who were shoving all that Law and Economics crap down my throat, and there's a generation of lawyers who doesn't question it much.


Posted by: LizardBreath | Link to this comment | 06-13-09 6:53 AM
horizontal rule
214

m. leblanc went to Chicago and managed to survive the experience with her liberalism intact. Still, money is good.

I have heard that conflict of laws is an area where judges do pay attention to academics, and I've seen cases where the decision cites a professor by name. But those people are actual scholars.


Posted by: Bostoniangirl | Link to this comment | 06-13-09 7:29 AM
horizontal rule
215

It's true that there are darn few academics I would cite in a legal brief. That does not mean that they are not smart and hardworking, they just inhabit a different world.


Posted by: idealist | Link to this comment | 06-13-09 7:43 AM
horizontal rule
216

I could see that -- IME, conflict of laws gets avoided more than really dealt with more than not. The most common thing I've seen happen in cases with a conflict of laws issue is "For X, Y and Z reasons, Ohio rather than NJ law applies. In an excess of caution, though, I will apply both the Ohio and the NJ test and rule that under these facts they come out the same way." For a real conflict with real consequences, I could imagine a judge panicking and turning to academia.


Posted by: LizardBreath | Link to this comment | 06-13-09 7:46 AM
horizontal rule
217

I know a whip-smart guy who did a combined Ph.D. in economics/law degree* at Michigan and is now teaching at a top 20 law school, so it's certainly possible to be an academic out of Michigan if that's the route you want to go.

* He's a lefty interested in intellectual property, and apparently found it horribly irritating whenever people nodded sagely and said, "Oh, law and economics, I see."


Posted by: snarkout | Link to this comment | 06-13-09 7:55 AM
horizontal rule
218

214 -- Oh, there are plenty of case cites to academic articles. I just regard that as make-weight. It seems to me that the only time you'd need a scholar to tell you something on a conflict question is where the other law is in another language. I might cite an academic describing Lebanese law, if I don't have a better English language authority for what I want. On the question of how a conflicts analysis ought to be done in a particular case, I think that since the 2d restatement, and the development of government interests analysis, the role for scholars is significantly diminished.

Second grade teachers are more important in terms of shaping the next generation.


Posted by: CharleyCarp | Link to this comment | 06-13-09 9:00 AM
horizontal rule
219

I agree with 215.1(b).


Posted by: CharleyCarp | Link to this comment | 06-13-09 9:02 AM
horizontal rule
220

(Jaded, I guess, by time in two different sausage factories: law review and watching a lobbying practice engage academics in their cause).


Posted by: CharleyCarp | Link to this comment | 06-13-09 9:04 AM
horizontal rule
221

218 is right about the 2nd restatement. I think it was more interesting theoretically before--even if less practically fair.

The guy I knew who was brilliant had a an L.L.M from Michigan or something, worked for one of the major international law firms, but was first trained in Germany. There's a whole bunch of stuff that the American-centric stuff emphasized by Brainard Currie and NYU was kind of parochial.


Posted by: Bostoniangirl | Link to this comment | 06-13-09 9:16 AM
horizontal rule
222

I don't know anything about law schools but I think of Michigan, Columbia and Chicago and horrible places to be a grad student, with Chicago the best of a bad lot. They aren't even the Harvard/Yale culture of "We're very important, so figure out how to be brilliant on your own time," they're the crazy making culture of "We're very important, so you must all fight one another to the death until one of you emerges as king of your floating hell to obtain our limited favor/funding.


Posted by: Jimmy Pongo | Link to this comment | 06-13-09 10:27 AM
horizontal rule
223

Now that the usernames exist, it seems that everyone I know has chosen...their name, or a shortened version.

But how does this affect the ladies who are expecting to add another surname when they get married?


Posted by: Cryptic ned | Link to this comment | 06-13-09 10:27 AM
horizontal rule
224

Jimmy Pongo, Grad Student or professional student? Because they're very different.

And I think that any law school is going to be a bit like that, since ranking is so important. I went to a law school that was known for not being terribly "competitive." The similarly ranked school in San Francisco had a reputation of people taking reserve materials and cutting them up so that other people couldn't use them. My school was known as a place where people were friendly and helpful about telling people where the materials were. And we had 24-hour access to the building, because we all got keys. Still, people were pretty competitive.

And plenty of professors weren't interested in people they didn't see as top-ranked--especially the younger ones.


Posted by: Bostoniangirl | Link to this comment | 06-13-09 10:49 AM
horizontal rule
225

There's so much Chicago-bashing happening here that I almost feel compelled to defend it. But I know nothing about the law school, and even in the most congenial departments it seemed like grad students tended to linger longer than is optimal. Still: best undergrad education I could have asked for.


Posted by: essear | Link to this comment | 06-13-09 10:55 AM
horizontal rule
226

essear--Both LB and neb went to Chicago for undergrad.


Posted by: Bostoniangirl | Link to this comment | 06-13-09 11:05 AM
horizontal rule
227

223: Way to bring back the topic. I got my full name.


Posted by: Moby Hick | Link to this comment | 06-13-09 11:19 AM
horizontal rule
228

226: Yes, I know. And I also know that some of the U of C's departments are centers of idiosyncratic ideologies, as Gonerill said. But some of the departments are objectively excellent. Just hate to see the whole place tarred with the same brush. The law school may well deserve it, though.


Posted by: essear | Link to this comment | 06-13-09 11:20 AM
horizontal rule
229

Bostoniangirl:
Grad student, and yeah, they're different, which is why I specified that I didn't know anything about law schools. I don't think that promoting competition among students ever does anyone any good , but I can see how it would be more par for the course at elite law or med programs scratching and clawing your way to the top is how you prove your egomaniacal derangement/worth.

I've heard versions of the hiding/destroying materials thing about MI many times, and also several stories of emotionally abusive relationships with advisors. But, I also know folks who loved it, so, hey, if you dig the agon...


Posted by: Jimmy Pongo | Link to this comment | 06-13-09 11:43 AM
horizontal rule
230

I am intrigued by how U of C really does occupy an interesting and unique place in American higher education. It seems to make choosing to attend the place a more fraught decision than it would otherwise be (of course there a number of folks here who could speak more directly to that) . In retrospect, I sometimes think that it would have been a good place for my eldest to have gone; my youngest did apply and was waitlisted (which he did not pursue), but I really was not in favor from the start (in part because it seemed one of the biggest attractions for him was that a girl he liked was a freshman there—always a terrible reason to choose a college, but seemingly even more ludicrous for a place like Chicago). But of course my assessments of the appropriateness of the place for either were based merely on reputation and second-hand impressions (and as others have said, grad vs. non-grad and law vs. other departments are probably quite different).

I also had a smart but complete asshole bully of a childhood friend/nemesis go there for undergrad, and a relative who popped in for a quick MA in anthro* on his way to a Law degree (not at Chicago).

*I knew Kurt Vonnegut had been a grad student in anthro at U of C, but only learned just now via Wikipedia that, the university rejected his first thesis on the necessity of accounting for the similarities between Cubist painters and the leaders of late 19th Century Native American uprisings, saying it was "unprofessional." and about the following bit of celebrity-whoring, The University of Chicago later accepted his novel Cat's Cradle as his thesis, citing its anthropological content and awarded him the M.A. degree in 1971. Oh, the academic standards!


Posted by: JP Stormcrow | Link to this comment | 06-13-09 12:55 PM
horizontal rule
231

I'm conflicted about Chicago. It was a fabulous, fabulous place for me in many ways, but I was very slow to realize how much political conservatism was tacked onto the academic conservatism of the Common Core. A decade on, I can't quite shake the feeling that I got snookered. On the other hand, Western Civ with the Weintraubs.


Posted by: Gabardine Bathyscaphe | Link to this comment | 06-13-09 1:46 PM
horizontal rule
232

The University of Chicago later accepted his novel Cat's Cradle as his thesis, citing its anthropological content and awarded him the M.A. degree in 1971.

Chekhov tried to get his book on Sakhalin accepted as a thesis. I think they turned him down.


Posted by: eb | Link to this comment | 06-13-09 1:50 PM
horizontal rule
233

232: Apparently so. It was for his degree of Doctor of Medical Sciences at Moscow University.

Luckily for world literature the thesis was rejected by Moscow University--perhaps they thought the writing was too poor. This failure led Chekhov to give up academic medicine. He never tried again to re-enter a medical faculty but privately had the thesis published.

Posted by: JP Stormcrow | Link to this comment | 06-13-09 2:01 PM
horizontal rule
234

The University of Chicago later accepted his novel Cat's Cradle as his thesis, citing its anthropological content and awarded him the M.A. degree in 1971.

The version of the story I heard differs from the one he tells in the Paris Review As I heard it, from someone who was present at the meeting of the Anthro department where the decision was made, it was upon a request by Vonnegut. The request was made because, I was told, Vonnegut was teaching somewhere with a rigid salary schedule which depended upon the cademic qualifications of the teacher. If Vonnegut were awarded the degree he could get the raise that the school wanted to give him. There was a promise never to teach anthropology. Of course, I heard the story in 1971, from someone now dead, so I could have misremembered.


Posted by: Dead President | Link to this comment | 06-13-09 3:00 PM
horizontal rule
235

He did teach creative writing at Harvard for a short time starting in 1970, so the timing would be consistent at least. I have no idea what Harvard's salary structure is or was at the time.


Posted by: JP Stormcrow | Link to this comment | 06-13-09 3:06 PM
horizontal rule
236

The promise never to teach anthropology rings a bell---I think that story was told in introducing Vonnegut at a reading he gave on campus. For Time's Arrow, maybe?


Posted by: Gabardine Bathyscaphe | Link to this comment | 06-13-09 3:11 PM
horizontal rule
237

Time's Arrow is Martin Amis, so probably not.


Posted by: Jimmy Pongo | Link to this comment | 06-13-09 7:50 PM
horizontal rule
238

237: And it inspired a Weakerthans song! (Um, sorry. Crappy-ish live version.)


Posted by: Stanley | Link to this comment | 06-13-09 7:54 PM
horizontal rule
239

237: Crap! You make an excellent point. I mean Timequake.

I'd been hoping to comment at least a few more times before making an egregious error. Oh well.


Posted by: Gabardine Bathyscaphe | Link to this comment | 06-13-09 9:24 PM
horizontal rule
240

mostly, i use the same english phrase password. When i needed a password at work that i had to change frequently, i used a sticky note. but most things i end up doing the 'reset password' email' song and dance if i'm not using my desktop, where firefox stores all the passwords.

since most every site requres you to get the password right in the first two tries anyway, it doesn't seem plausible to randombly guess even if you are limited to standard englihs


Posted by: yoyo | Link to this comment | 06-14-09 7:02 PM
horizontal rule
241

I did feel a certain amount of pressure in picking a name.

There were a lot of people who were pissed off at how Facebook rolled this out on a first come, first serve basis.


Posted by: Feminine Tattoos | Link to this comment | 06-20-09 4:43 PM
horizontal rule