Domain: blogspot.dk
Stories and comments across the archive that link to blogspot.dk.
Comments · 9
-
Re:Better summary
Anything that connects to the display (and keyboard and mouse or other SHARED input/output device by implication) needs to be trusted.
That's true in Windows and Linux and Unix and IBM mainframes and on and on.
Oh, and it'll be JUST AS FUCKING TRUE ON WAYLAND - THAT BENIGHTED SOLUTION IN SEARCH OF A PROBLEM.
Guess they'll have to reinvent User Interface Privilege Isolation. Don't hold your breath, though.
-
Re:Relevance?
We didn't replace long established iconography for things like shuffle and repeat settings with textual representations. Why? Because text takes longer for the brain to process!
Presumably, this is only true if the icons are instantly recognizable and/or easily interpretable. If your users have to spend time thinking about what the icon actually means, you're probably better off using a word instead. Unless, of course, you're trying to train them so you can lock them into your particular UI dialect, as mentioned in earlier posts.
Another reason UI designers like to use icons is that icons are generally spoken language-agnostic. You don't have to translate your UI for different locales if you use icons rather than text. Of course, if your icons have tooltips you'll be translating them anyway, but it's always nice to minimize your translation work.
Also, let's not pretend that every interactive UI element can or should be iconified. Take a paint application; you can easily iconify common tools like the Pen or Paint Brush, but the properties of those tools (i.e. threshold, pressure, opacity, etc.) are too far from tangible real-world objects to iconify easily. Attempts to do so will probably end with frustrated users who now have to learn your special icon dialect.
Finally, the oft-quoted statistic that the brain processes images 60,000 times faster than text seems to be somewhat suspect when you start digging into it.
-
Re: Be fair
Why is there a stigma about being cautious about introducing GMOs the the ecosystem if we don't have an untouched backup of the ecosystem that sustains us. It's not as if we can un-introduce GMOs to the ecosystem once they are there so what is the problem with having strict controls over their deployment?
Because, if it was reasonable, the same caution would be applied to all new cultivars. Because we have tested quite a lot of them for quite a long time, and they don't seem to yield catastrophic results, yet it doesn't seem to change anybodies minds. Because people oppose golden rice, where most of the concerns people claim are their reason to oppose GMO does not apply. Because many of the groups opposing GMO are misrepresenting reasearch in order to make GMO seem more dangerous.
In short, because people opposing GMO does not act as they would if they had reasonable cautions about the ecosystem. In stead, they act as if they are dogmatically opposing a new technology for no other reason then it being new. That tends to draw a stigma. -
Re:What did you expect?
> And the RSA did go on record. They said it wasn't true.
What RSA Security has specifically said is that they knew about the backdoor when they made the $10,000,000 deal. RSA Security has not denied that it turned out there was a backdoor, or that there was a $10,000,000 deal to make Dual_EC_DRBG the default in the BSAFE library.
If you read the keynote from the current RSA Conference, RSA's defense is that they stopped independently creating and verifying the cryptographical algorithms, instead just getting them straight from NIST and ANSI. And they knew or should have known that Dual_EC_DRBG was written by NSA.
> "Recognizing that [after year 2000, open source, non-patented encryption was widely available], and encryption's inevitable shrinking contribution to out business, we worked to establish an approch to standards setting that was based on the input of the larger community rather than the intellectual property of any one vendor. We put our weight and trust behind a number of standards bodies - ANSI X9 and yes, the National Institute of Standards and technology (NIST). We saw our new role, not as the driver, but as a contributor to and beneficiary of open standards that would be stronger due to the input of the larger community."
Meanwhile RSA Security ignored all the independent research showing that Dual_EC_DRBG was radioactive. So RSA Security's defense is that they stopped doing any due diligence, and instead just copied everything straight from NSA. And because they stopped even trying to do independent cryptography, they were not aware of the possible backdoor. And you think RSA Security's statements in their defense are not laughable, and that people protesting this is just "a$$holes"?
-
RSA considered Dual_EC research without merit?
Jeffrey Carr has a good point from the RSA Conference keynote:
> "When, last September, it became possible that concerns raised in 2007 might have merit as part of a strategy of exploitation, NIST as the relevant standards body issued new guidance to stop the use of this algorithm. We immediately acted upon that guidance, notified our customers, and took steps to remove the algorithm from use." - Art Coviello RSAC 2014 Keynote speech
So up until then, they apparently considered all the criticism of RSA security without merit? On what basis? The research was obviously right.
http://jeffreycarr.blogspot.dk...
If you read a bit more in the actual keynote, there is actually an unexpectedly frank explanation:
> "Recognizing that [after year 2000, open source, non-patented encryption was widely available], and encryption's inevitable shrinking contribution to out business, we worked to establish an approch to standards setting that was based on the input of the larger community rather than the intellectual property of any one vendor. We put our weight and trust behind a number of standards bodies - ANSI X9 and yes, the National Institute of Standards and technology (NIST). We saw our new role, not as the driver, but as a contributor to and beneficiary of open standards that would be stronger due to the input of the larger community."
But they ignore most of the input of the larger community, in favor of taking $10,000,000 from NSA to use their backdoored algorithm.
What we have seems to be standard exploitation of a valuable acquired brand which is no longer profitable. Take a high-quality brand with an outstanding reputation for independent quality checking. Fire everybody skilled (and expensive), and sell as many cheap commodity products under that brand as you can get away with, with as little expensive quality control as possible. Their claim is that they expected to get the quality control for free from NIST, which they knew was dominated by the NSA. Meanwhile, RSA Security choose to totally ignore any contradicting independent research.
Personally I believe the amount of incompetence and cluelessness claimed by RSA Security as defense strains credulity beyond breaking point.
-
Solid correlation. Skeptics here has stuff to expl
I blogged about their first paper back when it was news. Might be interesting to review at least because I blatantly copied two of their graphs. Graphs that seem to document solid correlation. I think the causality is quit obvious too. The "we're always just three meals from anarchy" rule of thumb. The societal mechanics are obvious. Can any of you skeptic commenters actually refute the correlation and the causality?
-
Re:Your Bullshit is Bullshit
Later source (from here).
Norway, Sweden (both very close), Denmark, Luxembourg, Switzerland and Netherlands come out on top.
-
Re:I always thought leap seconds were stupid
My view is that NTP is at fault, because the 61th second is a brittle way to handle it. NTP should use the same method as google for smearing the leap second out over fx an hour: http://googleblog.blogspot.dk/2011/09/time-technology-and-leaping-seconds.html
That would break the main goal of NTP, which is to provide high accuracy time to computers. Many systems, such as telescope control systems, financial trading software etc, depend on NTP to regulate the computer clock at the millisecond or microsecond level, and this accuracy would be lost during a google-style smearing operation.
-
Re:I always thought leap seconds were stupid
> Why not bundle them and apply them every 10 or 20 years?
The problem we have here is that leap seconds are rare. Things that are common are tested for, and quickly found if broken. Having something which only happens every 20 years is a recipee for disaster every 20 years.
My view is that NTP is at fault, because the 61th second is a brittle way to handle it. NTP should use the same method as google for smearing the leap second out over fx an hour: http://googleblog.blogspot.dk/2011/09/time-technology-and-leaping-seconds.html