Curbing the trend of increasingly longer movies?

First watch this video.

While it is a fascinating discussion of Betamax versus VHS, this is not the main reason I’m sharing this video. Specifically, did you notice that he mentions the two hour recording time on VHS? At that moment it suddenly hit me; Have movies been getting longer simply because directors no longer feel constrained by this two hour limitation for home-video release?

If so, would it be such a bad idea if DVDs and Blu-Rays were restricted to a recording length of two hours? It would certainly force directors to be more critical in the editing room. If a long movie is really amazing, people won’t mind so much changing discs halfway through. In fact, I think multi-disc releases would mostly hurt sales of mediocre movies. And this would then result in a steep decline in the population frequency of long, boring movies. It’s natural selection. It’s a good thing. It’s just a thought…

“Have I been pwned?”: a force for good or evil?

A new website called “Have I been pwned?” will tell you if your email address was involved in an account-data theft, or hacking, of a website.

While that may sound great, the problem is that _any_ email address can be entered in the search field; it doesn’t have to belong to you. And that makes this “feature” of the website very interesting for people who like sticking their noses in other people’s business.

For example, entering the email address of any person I know enables me to see whether their LinkedIn account was compromised. But the information that their LinkedIn account was compromised is not what interests me. It is the fact that I now know that they are on LinkedIn.

And that is a problem. Admittedly, being on LinkedIn is not something most people would want to keep a secret. But what about having your email address linked to an account on e.g. YouPorn, Naughty America, Fling or Ashley Madison?

Of course, if you really want to find this information, then it is possible to do so. But it would certainly be a lot harder without a search engine like “Have I been pwned?”. Additionally, compromised websites will nearly always email their users to inform them of the breach, urging them to change their passwords. Consequently, what would be the point of looking up your own address on “Have I been pwned?” if the compromised website has already informed you of the breach?

So is “Have I been pwned?” really a useful tool for security conscious internet users? Doubtful. Is it a time-saving search tool for amateur black hats and nosy people? Probably.

I don’t doubt that the website was created with the best intentions, but it still seems a bit… odd. And while there is an “opt-out” option, perhaps it would have been nicer to make it an “opt-in” version instead.

[UPDATE (d.d. 20170628)]

Today I noticed that the “Have I been pwned?” website now requires email verification before including sensitive websites in the search results. That’s much better. ;-)