For a given https connection, each side can prove to the other that they have knowledge of the authentication cookie, without sending their part of that knowledge. There are probably many ways this could be done, and I am not going to pretend I know the best way, but here is one way. Each side sends random challenges as part of the connection establishment. Each side receives the challenge and encrypts it using the public key generated at the time of the authentication cookie establishment. The challenge response is embedded in the first http request and response. There is some overhead and latency, but next to the TLS/SSL, this is minor, and also reusing connection becomes more important, or other ideas like Google's Quic protocol make even more sense.
Often a company is looking for some specific skills or experience and this is often described in the job listing or can be inferred from the product or services the company provides.
If the job listing mentions Linux, you better have lots of stuff on your resume about Linux. If the company makes network products you better have lots of stuff indicating networking knowledge.
When you come into the interview you should review these topics, if you need to learn a new programming language or subject matter, do it, and even it was obvious you just learned it for the job it would reflect very well that you have the aptitude to learn the skills you need to contribute.
Assuming you actually have an interest in what the company does, demonstrate that, learn about their products before you come into the interview. Demonstrate your curiosity by asking questions about things you don't understand about the products.
In 1993 President Bill Clinton made changes to the Community Reinvestment Act to make mortgages more obtainable for lower and lower-middle class families. In 1998 the Federal Bank of Boston issued a report entitled “Closing the Gap: A Guide to Equal Opportunity Lending." The 30 page document was intended to serve as a guide to loan officers to help curb discriminatory lending [10] "Closing the Gap," instructs banks to hire based upon diversity needs, sweeten the compensation structure for working with lower income applicants, encourages shifting high risk, low income applications to the sub prime market, by saying "the secondary market [Subprime Market] is willing to consider ratios above the standard 28/36," and "Lack of credit history should not be seen as a negative factor."
The taxes on gas and diesel fuel seems to dwarf any subsidies that the oil companies receive. According to wikipedia it is on average almost 50 cents per gallon . Not that I agree with subsidies, I think we should get rid of them, but I think the oil industry subsidies is a small thing trumped up by both sides for for political purposes. I don't think the oil companies would notice if we got rid of them, other than raise fuel prices a couple cents.
The low-interest loans are not related to the "bailout" funds that GM and Chrysler have received, nor are they related to the 2009 economic stimulus package. The Department of Energy loan program was created in 2007 during the George Bush administration in order to get more fuel-efficient vehicle options to U.S. consumers and to decrease the country's dependence on foreign oil.
Or a subscription to the site or group of sites might work. However for any of this to take off, I think it has to be more convenient and secure to do transactions. This includes the security and anonymity of the transactions and ease of transaction including login/password/key management. PayPal like solutions help some with this, but transactions are still risky, inconvenient, and login/password management is still another account that you must create and remember.
I look forward to the day where we have a comprehensive and convenient security solution that involves a secure device and secure network infrastructure , that manages your IDs/keys, transaction verification, secure connections, heavily audited, open solution, can be lost or stolen with out worry, and even if someone had a gun to your head asking you to transfer money, you could limit the ability to do the transaction with a number of security safe guards. I should be able to visit the most malicious site, get my computer compromised, and still not be at risk of losing my money or password. Until then, I am going to be very selective of who I give money to.
Yes, actually I do think people give money to conservative think tanks because they believe in conservative principles and right wing issues; including denying climate change, but not exclusive to this issue. The article is akin to the conservative media that exaggerates and generalizes to make a point. Sometimes there is truth behind it, but often it is inaccurate or conjecture, and makes for bad journalism. You or I or the article can't say whether rich billionaires give to these conservative think tanks to support climate change denial, because it is not easily measurable (they apparently gave anonymously).
Your comment is not much better when you say "Rich billionaires fund them, because they help to get sheeple to the polls in order to pressure congress critters into protecting them from economic disappointment. This is crony capitalism in action". Your statement sounds a lot like propaganda to blame crony capitalism on rich conservatives (maybe your the sheep?). When we start attacking motives, versus the problem, we seem to lose sight of the problem itself.
The article is misleading. Donations were giving anonymously to conservative think tanks. Many conservative think tanks are skeptical of human impact on climate change. These donations were not given directly the cause of deny climate change. This article seems to exist for the purpose to incite controversy where there is very little. Based on the comments on this site, I think it has been successful.
Your point maybe correct on the wealthy getting a greater share of the wealth , I don't know, but please cite some statistics. I think your blame is somewhat misguided. I put more blame on bad policies and unrealistic expectations for our recent economic troubles.
A video game company using a bootable solution would likely keep the OS distribution up to date, so it is always using the latest stable video / sound / network drivers.
That may work to some extent, and that is what is often done in Windows, but there is still the matter of the libraries being compatible with the hardware architecture, frameworks, and drivers. If the later is not compatible, and the user has to figure out how to get the right components or even update their distribution, that is a problem.
As far as a game company rolling their own distribution to play the game, I am not sure that is something a game company would want to do, unless it is for dedicated hardware (i.e. like what Valve is planning), but it is an interesting idea. Its akin to treating your computer as a traditional gaming console where each game contains the entire OS it needs to run the game. I could see that working. It may even have advantages of greater stability for users who use Windows or Mac, and has the advantage of working on any hardware platform.
Windows software is generally written with backward compatibility in mind. Microsoft and software companies have a strong economic incentive to keep backwards compatibility. Good or bad, with free software, Linux does not have that incentive (at least in many cases) and so they are ok with breaking things and telling the users to update. If Linux wants to become a popular consumer platform, for games or business software, something needs to change.
Submit a problem report or get the latest updated driver from the vendor. I like Linux, but when I want to upgrade some buggy software, it is unclear what I need to do to fix the situation. You can try getting the latest software, but will it be compatible with the distribution you are using? Will updating the software break the distribution update strategy? Will it work with the windows manager and libraries that you are using? With Windows I can update each component until the problem is fixed. While far from ideal, Windows is still much easier to support for the vendor, giving better results and ease of use for the consumer.
What do you do if your video card does not work well with the game you are trying to play for the distribution you are using? If your distribution does not have the time to back port the driver or the framework it uses, you are forced to upgrade your entire distribution if you want to play a game. This is a major inconvenience.
Either dedicated supported hardware like what Valve is doing or some stable rolling update distribution is needed. Is there a good stable rolling distribution?
Parent is right in that we are ultimately at the mercy of our browser, operating system, and the individuals and tools that built this software. On the other hand I think grandparent is correct as much as it would be a good idea to spread the trust and also a good idea to have an audit of the certificate authority and its certificates. Just like when you purchase a product, you see what other individuals and organizations say about that product before buying it. The same should be of certificates and the organizations they are issued to. Also, I would prefer certificates that are signed by multiple CAs (with good reputation) over just a single CA.
That seems like a good idea to me. And when view the certificate in your browser, the browser should be able to connect to the certificate authority, and you should be able to get a bio of the certificate, check if is revoked, and write and view complaints on certificate.
Verification of SSL server certificate is not enough to protect your account. There needs to be additional 2 way authentication, so both sides can prove they know the username password/key to the account. So if the certificate does get compromised, you will still be protected from man in the middle.
Here is one such protocol:
http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
A good, audible electronic voting system, would not rely on a specific voting machine. After you vote, you should be able go home, get online and validate that your vote record is correct. Your vote record would be stored and replicated in a number of independent databases. If fraud is detected in your record, you could bring your voting receipt and dispute your vote. If someone voted with an ID/SSN of someone not allowed to vote, that voting record could be rejected after the fact.
While in such as system there is risk that someone could crack the database that ties your ID to your voting record, I would rather take that risk, than risk having my vote be diluted by fraud.
I very much wish Microsoft or Linux would take on this challenge. I very much dislike having to fully trust every application I install to be fully vetted.
I would prefer by default that applications are restricted from accessing any directory but their own and that the user can add or remove permissions to directories as needed. So if you want your editor to access only your Documents directory, you can restrict it to that directory tree. Applications you trust like file explorer or backup you allow unrestricted access. Other applications like games probably don't need access outside themselves. Most applications don't need to modify exe files. While not perfect it would give me much more peace of mind than what the current situation is.
Are you exaggerating when you say "massive handouts"? My understanding is that the oil industry is allowed tax breaks that are equivalent to what other industries get, and they do not get the direct subsidies that say wind and solar get. Depending on what tax break that is being considered this is 2-4 billion a year, maybe 2% of their profit.
Slashdot Mirror
No it does not, because you can't use it again. At best you call it a one time secret.
For a given https connection, each side can prove to the other that they have knowledge of the authentication cookie, without sending their part of that knowledge. There are probably many ways this could be done, and I am not going to pretend I know the best way, but here is one way. Each side sends random challenges as part of the connection establishment. Each side receives the challenge and encrypts it using the public key generated at the time of the authentication cookie establishment. The challenge response is embedded in the first http request and response. There is some overhead and latency, but next to the TLS/SSL, this is minor, and also reusing connection becomes more important, or other ideas like Google's Quic protocol make even more sense.
It should be security 101 that you never send your secrets, just send proof that you know the secret.
Often a company is looking for some specific skills or experience and this is often described in the job listing or can be inferred from the product or services the company provides.
If the job listing mentions Linux, you better have lots of stuff on your resume about Linux. If the company makes network products you better have lots of stuff indicating networking knowledge.
When you come into the interview you should review these topics, if you need to learn a new programming language or subject matter, do it, and even it was obvious you just learned it for the job it would reflect very well that you have the aptitude to learn the skills you need to contribute.
Assuming you actually have an interest in what the company does, demonstrate that, learn about their products before you come into the interview. Demonstrate your curiosity by asking questions about things you don't understand about the products.
Should we start with Bill Clinton?
In 1993 President Bill Clinton made changes to the Community Reinvestment Act to make mortgages more obtainable for lower and lower-middle class families. In 1998 the Federal Bank of Boston issued a report entitled “Closing the Gap: A Guide to Equal Opportunity Lending." The 30 page document was intended to serve as a guide to loan officers to help curb discriminatory lending [10] "Closing the Gap," instructs banks to hire based upon diversity needs, sweeten the compensation structure for working with lower income applicants, encourages shifting high risk, low income applications to the sub prime market, by saying "the secondary market [Subprime Market] is willing to consider ratios above the standard 28/36," and "Lack of credit history should not be seen as a negative factor."
http://en.wikipedia.org/wiki/Mortgage_discrimination
The taxes on gas and diesel fuel seems to dwarf any subsidies that the oil companies receive. According to wikipedia it is on average almost 50 cents per gallon . Not that I agree with subsidies, I think we should get rid of them, but I think the oil industry subsidies is a small thing trumped up by both sides for for political purposes. I don't think the oil companies would notice if we got rid of them, other than raise fuel prices a couple cents.
http://en.wikipedia.org/wiki/Fuel_taxes_in_the_United_States
http://www.marketplace.org/topics/sustainability/if-oil-subsidies-went-away
Oddly enough the loan program was established under the Bush administration.
From wikipedia article: http://en.wikipedia.org/wiki/Tesla_Motors http://www.drivingtoday.com/news_this_week/2009-07-17-4337-driving/index.html#axzz2U4akRe2c
The low-interest loans are not related to the "bailout" funds that GM and Chrysler have received, nor are they related to the 2009 economic stimulus package. The Department of Energy loan program was created in 2007 during the George Bush administration in order to get more fuel-efficient vehicle options to U.S. consumers and to decrease the country's dependence on foreign oil.
Or a subscription to the site or group of sites might work. However for any of this to take off, I think it has to be more convenient and secure to do transactions. This includes the security and anonymity of the transactions and ease of transaction including login/password/key management. PayPal like solutions help some with this, but transactions are still risky, inconvenient, and login/password management is still another account that you must create and remember. I look forward to the day where we have a comprehensive and convenient security solution that involves a secure device and secure network infrastructure , that manages your IDs/keys, transaction verification, secure connections, heavily audited, open solution, can be lost or stolen with out worry, and even if someone had a gun to your head asking you to transfer money, you could limit the ability to do the transaction with a number of security safe guards. I should be able to visit the most malicious site, get my computer compromised, and still not be at risk of losing my money or password. Until then, I am going to be very selective of who I give money to.
Yes, actually I do think people give money to conservative think tanks because they believe in conservative principles and right wing issues; including denying climate change, but not exclusive to this issue. The article is akin to the conservative media that exaggerates and generalizes to make a point. Sometimes there is truth behind it, but often it is inaccurate or conjecture, and makes for bad journalism. You or I or the article can't say whether rich billionaires give to these conservative think tanks to support climate change denial, because it is not easily measurable (they apparently gave anonymously).
Your comment is not much better when you say "Rich billionaires fund them, because they help to get sheeple to the polls in order to pressure congress critters into protecting them from economic disappointment. This is crony capitalism in action". Your statement sounds a lot like propaganda to blame crony capitalism on rich conservatives (maybe your the sheep?). When we start attacking motives, versus the problem, we seem to lose sight of the problem itself.
The article is misleading. Donations were giving anonymously to conservative think tanks. Many conservative think tanks are skeptical of human impact on climate change. These donations were not given directly the cause of deny climate change. This article seems to exist for the purpose to incite controversy where there is very little. Based on the comments on this site, I think it has been successful.
In 2009, the top 1% earned 14% of all income, but paid 36% of all income taxes. This is more than what you claim they *need* to pay. Please check my math, maybe I made a mistake. It is based on AGI, so maybe there is some big deduction I am missing. http://taxfoundation.org/article/summary-latest-federal-individual-income-tax-data-0
Your point maybe correct on the wealthy getting a greater share of the wealth , I don't know, but please cite some statistics. I think your blame is somewhat misguided. I put more blame on bad policies and unrealistic expectations for our recent economic troubles.
A video game company using a bootable solution would likely keep the OS distribution up to date, so it is always using the latest stable video / sound / network drivers.
That may work to some extent, and that is what is often done in Windows, but there is still the matter of the libraries being compatible with the hardware architecture, frameworks, and drivers. If the later is not compatible, and the user has to figure out how to get the right components or even update their distribution, that is a problem.
As far as a game company rolling their own distribution to play the game, I am not sure that is something a game company would want to do, unless it is for dedicated hardware (i.e. like what Valve is planning), but it is an interesting idea. Its akin to treating your computer as a traditional gaming console where each game contains the entire OS it needs to run the game. I could see that working. It may even have advantages of greater stability for users who use Windows or Mac, and has the advantage of working on any hardware platform.
Windows software is generally written with backward compatibility in mind. Microsoft and software companies have a strong economic incentive to keep backwards compatibility. Good or bad, with free software, Linux does not have that incentive (at least in many cases) and so they are ok with breaking things and telling the users to update. If Linux wants to become a popular consumer platform, for games or business software, something needs to change.
Submit a problem report or get the latest updated driver from the vendor. I like Linux, but when I want to upgrade some buggy software, it is unclear what I need to do to fix the situation. You can try getting the latest software, but will it be compatible with the distribution you are using? Will updating the software break the distribution update strategy? Will it work with the windows manager and libraries that you are using? With Windows I can update each component until the problem is fixed. While far from ideal, Windows is still much easier to support for the vendor, giving better results and ease of use for the consumer.
What do you do if your video card does not work well with the game you are trying to play for the distribution you are using? If your distribution does not have the time to back port the driver or the framework it uses, you are forced to upgrade your entire distribution if you want to play a game. This is a major inconvenience. Either dedicated supported hardware like what Valve is doing or some stable rolling update distribution is needed. Is there a good stable rolling distribution?
Why can't mod points be undone? I accidentally hit the down key and now I have to reply to undo.
A stylus is great for taking notes. Try writing an equation with keyboard, mouse, or finger. It is not fun.
Parent is right in that we are ultimately at the mercy of our browser, operating system, and the individuals and tools that built this software. On the other hand I think grandparent is correct as much as it would be a good idea to spread the trust and also a good idea to have an audit of the certificate authority and its certificates. Just like when you purchase a product, you see what other individuals and organizations say about that product before buying it. The same should be of certificates and the organizations they are issued to. Also, I would prefer certificates that are signed by multiple CAs (with good reputation) over just a single CA.
That seems like a good idea to me. And when view the certificate in your browser, the browser should be able to connect to the certificate authority, and you should be able to get a bio of the certificate, check if is revoked, and write and view complaints on certificate.
Verification of SSL server certificate is not enough to protect your account. There needs to be additional 2 way authentication, so both sides can prove they know the username password/key to the account. So if the certificate does get compromised, you will still be protected from man in the middle. Here is one such protocol: http://en.wikipedia.org/wiki/Secure_Remote_Password_protocol
A good, audible electronic voting system, would not rely on a specific voting machine. After you vote, you should be able go home, get online and validate that your vote record is correct. Your vote record would be stored and replicated in a number of independent databases. If fraud is detected in your record, you could bring your voting receipt and dispute your vote. If someone voted with an ID/SSN of someone not allowed to vote, that voting record could be rejected after the fact. While in such as system there is risk that someone could crack the database that ties your ID to your voting record, I would rather take that risk, than risk having my vote be diluted by fraud.
I very much wish Microsoft or Linux would take on this challenge. I very much dislike having to fully trust every application I install to be fully vetted.
I would prefer by default that applications are restricted from accessing any directory but their own and that the user can add or remove permissions to directories as needed. So if you want your editor to access only your Documents directory, you can restrict it to that directory tree. Applications you trust like file explorer or backup you allow unrestricted access. Other applications like games probably don't need access outside themselves. Most applications don't need to modify exe files. While not perfect it would give me much more peace of mind than what the current situation is.
Are you exaggerating when you say "massive handouts"? My understanding is that the oil industry is allowed tax breaks that are equivalent to what other industries get, and they do not get the direct subsidies that say wind and solar get. Depending on what tax break that is being considered this is 2-4 billion a year, maybe 2% of their profit.
http://www.usnews.com/news/blogs/rick-newman/2012/03/29/why-big-oil-should-give-up-its-tax-breaks
http://www.reuters.com/article/2012/03/29/us-obama-energy-idUSBRE82S11P20120329
http://www.nypost.com/p/news/opinion/opedcolumnists/the_prez_oil_tax_break_lies_Y2Yj6KCU9QIO0BKHs1Be7M
http://www.pbs.org/newshour/bb/politics/jan-june11/oiltax_05-12.html
Accidentally modded you down, replying to undo this.