The default login for Windows 8.1 is your Microsoft email / cloud account and password. So anyone watching you type in your password has access to your cloud account.
I don't understand why Microsoft is not given more flack for this decision.
Your alternatives is to not use their cloud, or use 4 digit PIN or a series of screen swipes, but they don't support a local password. If you understand how to set it up, you can supplement the PIN/swipe with a USB key, but it is not a visable user option and you have to understand what your doing.
The Bible is our only significant source of information we have of Jesus, and so if you are saying the Bible is not true, that is a reasonable viewpoint, but if you are saying that you have some other source that says Jesus was trying to say something different or that the Bible was significantly distorted; what is that source?
That the details differ on different accounts of what happened after the resurection, I don't see as a test of anything. I can see the differences explained many different ways, and even the oppositie of what you are trying to imply, you could say they appear more authentic since they are not exact copies, or you could say they took different accounts, or they were trying to emphasize different themes, or a bunch of myths assembled seperately.
If you are trying to argue that Jesus was doing what many of the other Jews at the time were doing, it sounds like that is just a guess, and you have no evidence for what you are asserting. Or if you are not just guessing, what is the evidence?
The Bible itself says that Jesus was referring to his body when he said he would raid the temple in three days.
19Jesus answered them, “Destroy this temple, and I will raise it again in three days.”
20They replied, “It has taken forty-six years to build this temple, and you are going to raise it in three days?” 21But the temple he had spoken of was his body. 22After he was raised from the dead, his disciples recalled what he had said. Then they believed the scripture and the words that Jesus had spoken.
What inside information does Reza Asian have that the Bible is wrong?
There was a total of only $50,000 in transactions that were in violation, and from the article it appears that Paypal failure was that their screening system did not work very well, but they eventually fixed it. Should that warrant $7,000,000 fine? It seems excessive to me.
If the self signed idea is combined with trust authorities (not signers), that verifiy this certificate is actually a valid one, and is say verified to be valid by several trust authorities (e.g. Google, Microsoft, Ubuntu, US.gov, etc) who you do have certificates for then I think it is a good alternative or supplemental approach to what we currently have.
I think the idea is on the right track, and that properly implemented could simplify life for everyone, including your Grandma. A good authentication standard, akin to SSL, so that we all only had to carry and manage one key manager, for all of the the items we secure: house, car, hotel room, bank account, web site, safe. No more remembering or coming up with passwords. One method to interface and manage authentication.
I second this, and add that we should start using trusted authorities to get, verify, and monitor all of the self signed public certificates, similar to how PGP works. We generally trust a few reputable companies and organizations and so these entities could setup the registries for the self signed certificates, and could monitor and establish mechanisms for generating creditibilty ratings for certificates. They can monitor for complaints, fraud, abuse, impersonations, etc. Your browser and operating system (which you already trust) would have a base line list of entities to establish the reliability of a given certificate, and you could modify that list if it suited you.
Along with your 2 way authentication proposal, establish an authentication protocol with acceptance level similar to SSL that allows the authentication to be done securely between key manager on the client side (away from any trojans or keyloggers) and a user/key database on the server side (away from any hackers). This way way we can keep the most sensitive information (the keys), in a simple isolated device or server, that does one thing, manage keys, thus drastically reducing risk of being compromised. Also, a well established authentication protocol standard, is needed if we want to rid ourselves of using passwords (not just for browsers, but also applications).
The Islamic state is the antithesis of libertarianism. The Islamic state wants extreme control over an indivduals behavior, which directly conflicts with the libertarian philosophy of maximizing individual freedom.
I think what you are trying to say is that a society without laws and strong government (a perfect libertarian society?) allows for extreme groups to rise and take over. So maybe you should have said "What happens in a perfect libertarian society. Rand Paul eat your heart out!". However that would be very misleading, because Rand Paul is a strong believer in the constitution and does not beleive in a lawless society.
Or make the bios completely independant of the operating system, where it runs in its own flash and memory so that it can update itself, but can not be updated by an external component.
Do the same for the kernel, security key and password manager, and virus protection. Trully isolate the sensitive components in the system.
It was not comic book reading politicians that participated in the decision to test near civilians, but the actual scientists who understood nuclear physics better than anyone else int the world: http://en.wikipedia.org/wiki/T...
The idea of testing the implosion device was brought up in discussions at Los Alamos in January 1944, and attracted enough support for Oppenheimer to approach Groves.
Application level security would be an improvement. An application should be restricted to its own files and directories unless user gives explicit permission.
A secure device solution is what I want too, but before it can be effective, an open standard for authentication needs to be established. An open authentication standard that allows authentication to be securily proxied to the dedicated security device (or whatever security manager you want to use). Without a secure authentication protocol, the authentication material will still be vulnerable to a corrupt application getting at the authentication material.
You could go as far as proxying the entire secure connection through the security device, but I would still securily tunnel the authentication protocol inside the encrypted TLS/SSL connection rather than combine them in a pure TLS/SSL solution for various reasons.
Data security is important to Google's business. Internal employees are more likely to be loyal and trusted. Trusted employees provide better security for Google and their customer data.
A bigger problem is securing our username and password that we use to login over the SSL connection.
The username and password are vulnerable because:
1) They are typically exposed on the same system that handles the connection, which makes them vulernalble to trojans, key loggers, hackers, etc.
2) They must be managed by humans or vulnerable password managers.
3) They don't authenticate the server, making the user completely reliable on SSL certificate mechanism for authenticating the server, which as we are aware has a number of weaknesses including most browsers allow a user to ignore a bad certificate and bad certifcates can be trusted through accident or malicious intent.
Having a well designed protocol underneath SSL to authenticate between the client and the server that:
1) is key based
2) has bidirectional authentciation
3) allows authentication to be done on an isolated computer or dedicated security device
Would go a long ways towards improving security.
Maybe there is an existing protocol that provides some of this, but I don't believe OAuth on its own does.
Don't forget Bill Clinton and the Democratic controlled congress killed funding for the successful IFR nuclear reactor 3 years before it would have been completed. The IFR uses most of the energy content of Uranium and is orders of magnitude more efficient.
From http://www.sustainablenuclear....
The one-sided fight was on. The President's budget, submitted to Congress, contained no funding for the IFR. There is no funding source to tide over a National Laboratory when funding is cut offthe program is dead and that is that. Democrat majorities in the House of Representatives were nothing new, and in themselves they were not especially alarming to the IFR people. During the previous ten years the votes on IFR funding in the House had always been close, and although a majority of the Democrats always opposed, enough of them were in support that IFR development squeaked through each year. The Senate votes on the IFR, sometimes with Republican majorities, sometimes without, as a rule went easier. But this was a very different year: the Administration had gone from weak support of the IFR program to active opposition.
Please explain how social security is not a Ponzi scheme?
The first generation that received social security was paid by the working generation (2nd generation). The 2nd generation is paid for by the 3rd generation and so on. It only works as long as the next generation (new investors) grows fast enough to pay for the current generation. This is classic Ponzi scheme, the first investers get paid off right away (and well), and the second investers pay for them and they get paid less well, and then the 3rd generation get paid even less, and so on, and you can only sustain it if you get more investors or you actually generate income. Unless I am mistaken, the only income social security gets is from the current investors.
in spite of the fact that the right wing party promotes ideas that are often in direct conflict with the religious- ideas and attitudes about caring about the poor, sick, etc.
And Democrats are quick to paint distorted pictures of Republicans, because it serves their political gain.
I doubt there is a big difference between the compassion of Republicans versus Democrats. The evidence that Republicans have compassion is easy to find, look at their donations to charity. Painting a picture that Republicans promote ideas that are in direct conflict with religious ideas of caring is a misunderstanding on your part. On a whole Republicans believe government should be limited, and should not promote social causes good or bad as a matter or principle, and this has little to do with their level of compassion. I submit that you fall in the same bit of crowd driven thinking we all do, you listen to those who align with the views you want to believe (a little like those religious people you call nutty) ignoring the actual evidence to the contrary because it does not fit with your belief.
Elaine Huguenin did not want to take pictures at a same sex marriage because she did not believe in it. Vanessa Wilcock found another photographer, but decided to file a lawsuit, and won her case, and Elane Photography was ordered to pay $6637. Who is acting like the $%##? What about respect for others beliefs? Does that only apply to non-Christians now?
Stupid cases like this is why Arizona feels the need to make bills like this.
My understanding is that the attacker can't alter the secret, but they control the URL of the request, and try to alter so that as the URL more closely matches the secret, the overall request and response compresses to a smaller size. So there is nothing really of value until the attacker gets the secret, since the attacker is the one creating the request (i.e. the URL).
Slashdot Mirror
There is a big difference between trying to murder innocent people and accidently killing innocent people.
Ask yourself, does it make it better to let ISIS kill even more innocent people by doing nothing?
It stings worse having to test code that you did not write that nobody uses.
The default login for Windows 8.1 is your Microsoft email / cloud account and password. So anyone watching you type in your password has access to your cloud account.
I don't understand why Microsoft is not given more flack for this decision.
Your alternatives is to not use their cloud, or use 4 digit PIN or a series of screen swipes, but they don't support a local password. If you understand how to set it up, you can supplement the PIN/swipe with a USB key, but it is not a visable user option and you have to understand what your doing.
The Bible is our only significant source of information we have of Jesus, and so if you are saying the Bible is not true, that is a reasonable viewpoint, but if you are saying that you have some other source that says Jesus was trying to say something different or that the Bible was significantly distorted; what is that source?
That the details differ on different accounts of what happened after the resurection, I don't see as a test of anything. I can see the differences explained many different ways, and even the oppositie of what you are trying to imply, you could say they appear more authentic since they are not exact copies, or you could say they took different accounts, or they were trying to emphasize different themes, or a bunch of myths assembled seperately.
If you are trying to argue that Jesus was doing what many of the other Jews at the time were doing, it sounds like that is just a guess, and you have no evidence for what you are asserting. Or if you are not just guessing, what is the evidence?
The Bible itself says that Jesus was referring to his body when he said he would raid the temple in three days.
19Jesus answered them, “Destroy this temple, and I will raise it again in three days.”
20They replied, “It has taken forty-six years to build this temple, and you are going to raise it in three days?” 21But the temple he had spoken of was his body.
22After he was raised from the dead, his disciples recalled what he had said. Then they believed the scripture and the words that Jesus had spoken.
What inside information does Reza Asian have that the Bible is wrong?
There was a total of only $50,000 in transactions that were in violation, and from the article it appears that Paypal failure was that their screening system did not work very well, but they eventually fixed it. Should that warrant $7,000,000 fine? It seems excessive to me.
If the self signed idea is combined with trust authorities (not signers), that verifiy this certificate is actually a valid one, and is say verified to be valid by several trust authorities (e.g. Google, Microsoft, Ubuntu, US.gov, etc) who you do have certificates for then I think it is a good alternative or supplemental approach to what we currently have.
I think the idea is on the right track, and that properly implemented could simplify life for everyone, including your Grandma. A good authentication standard, akin to SSL, so that we all only had to carry and manage one key manager, for all of the the items we secure: house, car, hotel room, bank account, web site, safe. No more remembering or coming up with passwords. One method to interface and manage authentication.
I second this, and add that we should start using trusted authorities to get, verify, and monitor all of the self signed public certificates, similar to how PGP works. We generally trust a few reputable companies and organizations and so these entities could setup the registries for the self signed certificates, and could monitor and establish mechanisms for generating creditibilty ratings for certificates. They can monitor for complaints, fraud, abuse, impersonations, etc. Your browser and operating system (which you already trust) would have a base line list of entities to establish the reliability of a given certificate, and you could modify that list if it suited you.
Along with your 2 way authentication proposal, establish an authentication protocol with acceptance level similar to SSL that allows the authentication to be done securely between key manager on the client side (away from any trojans or keyloggers) and a user/key database on the server side (away from any hackers). This way way we can keep the most sensitive information (the keys), in a simple isolated device or server, that does one thing, manage keys, thus drastically reducing risk of being compromised. Also, a well established authentication protocol standard, is needed if we want to rid ourselves of using passwords (not just for browsers, but also applications).
The Islamic state is the antithesis of libertarianism. The Islamic state wants extreme control over an indivduals behavior, which directly conflicts with the libertarian philosophy of maximizing individual freedom.
I think what you are trying to say is that a society without laws and strong government (a perfect libertarian society?) allows for extreme groups to rise and take over. So maybe you should have said "What happens in a perfect libertarian society. Rand Paul eat your heart out!". However that would be very misleading, because Rand Paul is a strong believer in the constitution and does not beleive in a lawless society.
Or make the bios completely independant of the operating system, where it runs in its own flash and memory so that it can update itself, but can not be updated by an external component. Do the same for the kernel, security key and password manager, and virus protection. Trully isolate the sensitive components in the system.
It was not comic book reading politicians that participated in the decision to test near civilians, but the actual scientists who understood nuclear physics better than anyone else int the world:
http://en.wikipedia.org/wiki/T...
The idea of testing the implosion device was brought up in discussions at Los Alamos in January 1944, and attracted enough support for Oppenheimer to approach Groves.
Application level security would be an improvement. An application should be restricted to its own files and directories unless user gives explicit permission.
A secure device solution is what I want too, but before it can be effective, an open standard for authentication needs to be established. An open authentication standard that allows authentication to be securily proxied to the dedicated security device (or whatever security manager you want to use). Without a secure authentication protocol, the authentication material will still be vulnerable to a corrupt application getting at the authentication material.
You could go as far as proxying the entire secure connection through the security device, but I would still securily tunnel the authentication protocol inside the encrypted TLS/SSL connection rather than combine them in a pure TLS/SSL solution for various reasons.
Data security is important to Google's business. Internal employees are more likely to be loyal and trusted. Trusted employees provide better security for Google and their customer data.
A bigger problem is securing our username and password that we use to login over the SSL connection.
The username and password are vulnerable because:
1) They are typically exposed on the same system that handles the connection, which makes them vulernalble to trojans, key loggers, hackers, etc.
2) They must be managed by humans or vulnerable password managers.
3) They don't authenticate the server, making the user completely reliable on SSL certificate mechanism for authenticating the server, which as we are aware has a number of weaknesses including most browsers allow a user to ignore a bad certificate and bad certifcates can be trusted through accident or malicious intent.
Having a well designed protocol underneath SSL to authenticate between the client and the server that:
1) is key based
2) has bidirectional authentciation
3) allows authentication to be done on an isolated computer or dedicated security device
Would go a long ways towards improving security.
Maybe there is an existing protocol that provides some of this, but I don't believe OAuth on its own does.
Don't forget Bill Clinton and the Democratic controlled congress killed funding for the successful IFR nuclear reactor 3 years before it would have been completed. The IFR uses most of the energy content of Uranium and is orders of magnitude more efficient.
http://en.wikipedia.org/wiki/I...
From http://www.sustainablenuclear....
The one-sided fight was on. The President's budget, submitted to Congress, contained no funding for the IFR. There is no funding source to tide over a National Laboratory when funding is cut offthe program is dead and that is that. Democrat majorities in the House of Representatives were nothing new, and in themselves they were not especially alarming to the IFR people. During the previous ten years the votes on IFR funding in the House had always been close, and although a majority of the Democrats always opposed, enough of them were in support that IFR development squeaked through each year. The Senate votes on the IFR, sometimes with Republican majorities, sometimes without, as a rule went easier. But this was a very different year: the Administration had gone from weak support of the IFR program to active opposition.
Please explain how social security is not a Ponzi scheme?
The first generation that received social security was paid by the working generation (2nd generation). The 2nd generation is paid for by the 3rd generation and so on. It only works as long as the next generation (new investors) grows fast enough to pay for the current generation. This is classic Ponzi scheme, the first investers get paid off right away (and well), and the second investers pay for them and they get paid less well, and then the 3rd generation get paid even less, and so on, and you can only sustain it if you get more investors or you actually generate income. Unless I am mistaken, the only income social security gets is from the current investors.
Social security now takes more than it gives: http://business.time.com/2012/...
Bill Clinton announces cancelation of nuclear power:
http://www.youtube.com/watch?v...
Bill Clinton says wind solar are already cheaper than nuclear:
http://www.politifact.com/trut...
in spite of the fact that the right wing party promotes ideas that are often in direct conflict with the religious- ideas and attitudes about caring about the poor, sick, etc.
And Democrats are quick to paint distorted pictures of Republicans, because it serves their political gain.
I doubt there is a big difference between the compassion of Republicans versus Democrats. The evidence that Republicans have compassion is easy to find, look at their donations to charity. Painting a picture that Republicans promote ideas that are in direct conflict with religious ideas of caring is a misunderstanding on your part. On a whole Republicans believe government should be limited, and should not promote social causes good or bad as a matter or principle, and this has little to do with their level of compassion. I submit that you fall in the same bit of crowd driven thinking we all do, you listen to those who align with the views you want to believe (a little like those religious people you call nutty) ignoring the actual evidence to the contrary because it does not fit with your belief.
"If God created the universe, then who created God?" Her answer, "God always was", did not sound at all convincing to me.
The alternative explanation that the universe always was or just formed from nothing is not much better than your mother's answer.
I mistakenly modded you down. Not sure how to undo it without replying.
Elaine Huguenin did not want to take pictures at a same sex marriage because she did not believe in it. Vanessa Wilcock found another photographer, but decided to file a lawsuit, and won her case, and Elane Photography was ordered to pay $6637. Who is acting like the $%##? What about respect for others beliefs? Does that only apply to non-Christians now? Stupid cases like this is why Arizona feels the need to make bills like this.
http://winteryknight.wordpress...
Hide the encryption algorithm used in the inner encrypted data and it will be even more difficult to find a correlation.
My understanding is that the attacker can't alter the secret, but they control the URL of the request, and try to alter so that as the URL more closely matches the secret, the overall request and response compresses to a smaller size. So there is nothing really of value until the attacker gets the secret, since the attacker is the one creating the request (i.e. the URL).