You're misunderstanding what FIPS 140 covers. FIPS 140 says nothing about authentication systems, only cryptographic modules. I can write a module using a certified FIPS 140 cryptomodule and encrypt everything with the same key-- 0x0 -- and the system is still FIPS-compliant.
Most engineers are too narrowly educated. As a result, they're ill-equipped to construct counter-arguments when they encounter a line of non-engineering bullshit.
I recall a conversation I had with my department chair as an undergrad (I ran into him on the T). He was considering altering the curriculum and adding a slate of new technical requirements, but it would have to be at the expense of humanities requirements. I advocated instead expanding the program to a five-year degree instead, because I felt (and feel) that an education in humanities is vital for all science and engineering students--if only because they teach students how to *explain things to others*, something that's so incredibly important once you're out in the real world working as a science or engineering professional.
Failure of a current government to perform is not the same thing as government *as an institution* being incapable of performing.
Feel free to propose an alternative to a government that accomplishes this task and doesn't rely on proven-ineffective industry self-policing and yet *isn't* just government by another name.
You're right, they aren't. But under a truly 'free' market as defined by our libertarian friends, you have no recourse if any of them happen.
The issue isn't free markets it's, *fair* markets. Only the gov't keeps markets fair. Free markets are like anarchies; they immediately devolve into strong-man rule--in market terms, that's cartels and monopolies. The history of abuse by business in the absence of gov't enforced rules is long, and at this point should be obvious to anyone.
A free market does have a point: to set prices. That's it. The 'invisible hand' is a delusion, and the anyone who thinks such a system inevitably maximizes efficiency needs to (a) define his terms, and (b) google the phrase 'local maxima.'
Allegedly, Clippy annoyed people into looking in the help files to figure out how to turn him off. That led them to discover that the help file actually was helpful. This reduced the give-away service calls by some measured percent.
Probably not Clippy's intended purpose, but there you go.:)
Incorrect. While the precise sequence a chaotic system takes is sensitive to initial conditions, the bounds within which it varies is *not*, nor are the trends those bounds describe. That's what makes chaotic systems different from random systems, and what makes them predictable over large samples.
Although ultimately chaos will kill a weather forecast, this does not necessarily prevent long-term prediction of the climate. By climate, we mean the statistics of weather, averaged over suitable time and perhaps space scales (more on this below). We cannot hope to accurately predict the temperature in Swindon at 9am on the 23rd July 2050, but we can be highly confident that the average temperature in the UK in that year will be substantially higher in July than in January. Of course, we don't need a model to work that out - historical observations already give strong evidence for this prediction. But models based on physical principles also reproduce the response to seasonal and spatial changes in radiative forcing fairly well, which is one of the many lines of evidence that supports their use in their prediction of the response to anthropogenic forcing.
Fortunately, the calculation of climatic variables (i.e., long-term averages) is much easier than weather forecasting, since weather is ruled by the vagaries of stochastic fluctuations, while climate is not. Imagine a pot of boiling water. A weather forecast is like the attempt to predict where the next bubble is going to rise (physically this is an initial value problem). A climate statement would be that the average temperature of the boiling water is 100ÂC at normal pressure, while it is only 90ÂC at 2,500 meters altitude in the mountains, due to the lower pressure (that is a boundary value problem).
Now you either accept that a chaotic system can be characterized statistically, or you have to admit that you don't believe in computers--because this is the *same math* that described the quantum physics that makes most of the modern world work. If you're going to accept that it works in one realm you have to accept that it works in the other.
The way this works is by something called "key continuity management" (KCM). Users of SSH RSApubkey authentication will recognize how KCM works. Everyone else should read Simson Garfinkle's "Johnny 2" paper:
In short, KCM works by establishing trust with a specific key, ideally by an out-of-band channel. If you establish trust this way you don't need certificates or authorities. On he downside, when you get a new key you have to re-establish trust.
WinMobile stinks on ice (reboot my *phone*? WTF?) and the Symbian offers from T-Mobile (where I stay for the reasonable data plan and the fact that they don't get their knickers in a twist when I tether my laptop) are just... well... lacking. And RIM--well, unless I want to spend several hundred more, I'm back to WinMobile again--did I mention that that stinks on ice? Ah, yes, I did.
I've had it about a week and with Google Maps w/ My Location finally working I'm nearly as happy as I'd be with an iPhone (except that the iPhone doesn't (a) come on T-Mobile except by hack, and (b) doesn't support Bluetooth DUN--no tether via iPhone except by SOCKS5 hackaround, not ideal to say the least).
And it's rock-freaking-solid. Newer != better in all cases, after all. Yes, the browser could be better, yes, the screen could be larger--but you know what? It's good enough. And if I need more I've got a laptop. Or my N800, which also happily tethers to the Centro.
Add to that the fact that I can buy it unlocked and why would I want something different?
Certificate key signatures can prevent MITM attacks. Provided someone doesn't MITM the signature exchange...
Now it all hinges on what you mean by "signature exchange." If you mean intercept the exchange of certificates and substituting a different one, this is detected by the validation process through the issuance chain. Try it.
I studied CS at Boston University. I credit this as having a lot to do with my success over the last 15 years. The factor that clinches it for me most is simply learning how to *communicate*--particularly with non-technical people. This includes oral as well as written communication. These are skills you won't learn in a technical program.
All the technical education in the world won't help you when you're trying to make a proposal to a manager with a B.A. in English Lit. But being able to construct an argument, analyze counter-arguments, and present it cogently in written and spoken forms--these skills will serve you forever.
I wouldn't trade liberal arts for a more technical program for anything.
Slashdot Mirror
Try having text-to-speech read you a flash-based site some time. So much for ADA compliance on the web. HTML5 will encourage sites to fix this.
'Nuff said.
You're misunderstanding what FIPS 140 covers. FIPS 140 says nothing about authentication systems, only cryptographic modules. I can write a module using a certified FIPS 140 cryptomodule and encrypt everything with the same key-- 0x0 -- and the system is still FIPS-compliant.
FIPS 140 doesn't cover authentication systems, FIPS 140 only covers cryptography. They got the crypto right, but the authentication system was a sham.
Common Criteria certification would cover the authentication system. Note these drives carry no CC certification.
...and the light on top (vertical hang) or to the left (horizontal hang) is *red*. That's actually law too, IIRC.
What he said. :)
Most engineers are too narrowly educated. As a result, they're ill-equipped to construct counter-arguments when they encounter a line of non-engineering bullshit.
I recall a conversation I had with my department chair as an undergrad (I ran into him on the T). He was considering altering the curriculum and adding a slate of new technical requirements, but it would have to be at the expense of humanities requirements. I advocated instead expanding the program to a five-year degree instead, because I felt (and feel) that an education in humanities is vital for all science and engineering students--if only because they teach students how to *explain things to others*, something that's so incredibly important once you're out in the real world working as a science or engineering professional.
And since the null-termination cert *doesn't chain to an EV provider* it's not much of an exploit, really. No green bar, not safe.
It's actually called "base rate fallacy."
Get a clue.
http://www.realclimate.org/index.php/archives/2009/07/warminginterrupted-much-ado-about-natural-variability/
Or do you mean for a job?
The two are not necessarily the same.
I found languages like Lisp, Prolog, and Smalltalk to be of the most use for learning the science. These are not your sweatshop languages, though.
On the plus side, if you learn the science, learning a new language isn't tough.
Failure of a current government to perform is not the same thing as government *as an institution* being incapable of performing.
Feel free to propose an alternative to a government that accomplishes this task and doesn't rely on proven-ineffective industry self-policing and yet *isn't* just government by another name.
I hope you won't mind if I don't wait around.
You're right, they aren't. But under a truly 'free' market as defined by our libertarian friends, you have no recourse if any of them happen.
The issue isn't free markets it's, *fair* markets. Only the gov't keeps markets fair. Free markets are like anarchies; they immediately devolve into strong-man rule--in market terms, that's cartels and monopolies. The history of abuse by business in the absence of gov't enforced rules is long, and at this point should be obvious to anyone.
Spoken like a man who's never been seriously ill. Or poor. Or fired without cause. Or blackballed. Or discriminated against.
A free market does have a point: to set prices. That's it. The 'invisible hand' is a delusion, and the anyone who thinks such a system inevitably maximizes efficiency needs to (a) define his terms, and (b) google the phrase 'local maxima.'
Allegedly, Clippy annoyed people into looking in the help files to figure out how to turn him off. That led them to discover that the help file actually was helpful. This reduced the give-away service calls by some measured percent.
Probably not Clippy's intended purpose, but there you go. :)
Incorrect. While the precise sequence a chaotic system takes is sensitive to initial conditions, the bounds within which it varies is *not*, nor are the trends those bounds describe. That's what makes chaotic systems different from random systems, and what makes them predictable over large samples.
'Nuff said.
It's funny the weatherman can't predict whether it will rain in a week yet the GW movement knows the exact temperature 100 years from now.
I was going to expend a lot of space explaining the basics of chaos theory mathematics but then I decided to let someone else do it.
http://www.realclimate.org/index.php?p=204
Now you either accept that a chaotic system can be characterized statistically, or you have to admit that you don't believe in computers--because this is the *same math* that described the quantum physics that makes most of the modern world work. If you're going to accept that it works in one realm you have to accept that it works in the other.
E.g., Trustbearer is an OpenID provider that will leverage smartcard-based PKI keys for authentication. Best of both worlds.
https://openid.trustbearer.com/
The way this works is by something called "key continuity management" (KCM). Users of SSH RSApubkey authentication will recognize how KCM works. Everyone else should read Simson Garfinkle's "Johnny 2" paper:
http://www.truststc.org/pubs/5.html
In short, KCM works by establishing trust with a specific key, ideally by an out-of-band channel. If you establish trust this way you don't need certificates or authorities. On he downside, when you get a new key you have to re-establish trust.
Keep this in mind and all will become clear.
If all you want is a job, then CS isn't for you. If what you want is to study and understand *computation*, then CS is for you.
Unfortunately, a lot of schools muddy the waters by wrapping up a technical training program and call it CS. It isn't.
... but I actually like my Centro. A lot.
WinMobile stinks on ice (reboot my *phone*? WTF?) and the Symbian offers from T-Mobile (where I stay for the reasonable data plan and the fact that they don't get their knickers in a twist when I tether my laptop) are just ... well ... lacking. And RIM--well, unless I want to spend several hundred more, I'm back to WinMobile again--did I mention that that stinks on ice? Ah, yes, I did.
I've had it about a week and with Google Maps w/ My Location finally working I'm nearly as happy as I'd be with an iPhone (except that the iPhone doesn't (a) come on T-Mobile except by hack, and (b) doesn't support Bluetooth DUN--no tether via iPhone except by SOCKS5 hackaround, not ideal to say the least).
And it's rock-freaking-solid. Newer != better in all cases, after all. Yes, the browser could be better, yes, the screen could be larger--but you know what? It's good enough. And if I need more I've got a laptop. Or my N800, which also happily tethers to the Centro.
Add to that the fact that I can buy it unlocked and why would I want something different?
Certificate key signatures can prevent MITM attacks. Provided someone doesn't MITM the signature exchange...
Now it all hinges on what you mean by "signature exchange." If you mean intercept the exchange of certificates and substituting a different one, this is detected by the validation process through the issuance chain. Try it.You don't get that with self-signed certs.
For keys issued in software form; yes.
For keys generated on secure crypto processors, you're wrong.
Consider a mini notebook with only 3G or WiMax. Now you're tethered to the service.
I studied CS at Boston University. I credit this as having a lot to do with my success over the last 15 years. The factor that clinches it for me most is simply learning how to *communicate*--particularly with non-technical people. This includes oral as well as written communication. These are skills you won't learn in a technical program.
All the technical education in the world won't help you when you're trying to make a proposal to a manager with a B.A. in English Lit. But being able to construct an argument, analyze counter-arguments, and present it cogently in written and spoken forms--these skills will serve you forever.
I wouldn't trade liberal arts for a more technical program for anything.