I'm rendered speechless on a daily basis by the national media's use of the DJIA as a proxy for economic confidence. It's thirty companies (which thirty varies), several of which deserve to take a hit.
Bank of America: following its acquisition of Countrywide and later Merrill Lynch, after months of forensic accounting work involving thousands of accountants, it became clear to shareholders that fraud was widespread in all three parties involved, their assets largely fictional. Criminal investigations are ongoing.
American Express: Converted to a bank holding company to qualify for TARP help. Did not have enough money in subsidiary bank deposits to cover card purchases, as it had long relied on selling bonds (asset backed securities). The Fed had to buy these bonds to keep American Express afloat.
Citigroup: Needs no introduction, has paid at least tens of millions in fines and settlements, for everything from ratings fraud to outright theft from account holders. Putting my feeling that their very existence is evidence of government corruption aside, it is on the hook for untold billions that it doesn't have (and never really did, imho), and its assets are currently worth about a fifth of their peak in the bubble.
JPMorgan Chase: Another "bad actor", with a laundry list of scandal too long to post here. Now owns Bear Stearns and Washington Mutual. Again, investors believe its assets are fiction.
AIG: Though not currently part of the index, it was a major mover from 2004-4-8 to 2008-9-22 when it was delisted. It recently posted the largest quarterly loss in history, $61.7 billion. There is evidence of massive fraud, and even rabid left-winger Ben Bernanke said this month, "AIG exploited a huge gap in the regulatory system" and "to nobody's surprise, made irresponsible bets and took huge losses." Additionally, due to the tangled mess of insurance and obligations, its performance affects the stock prices of nearly every other company traded.
Personally, I think that the energy, chemical, and pharma companies should take a hit as well. We need to use less oil, chemical companies' margins are high because they don't pay to pollute, and affordable health care means less profit for Pfizer. As for GM, they have lied to customers and shareholders alike about safety and efficiency, and pursued an adversarial relationship with government. The idea that ever-increasing revenue for these companies (Disney and Microsoft too!) is in our interest is insanity.
I wish fewer people got their news from neo-nazis like Glenn Beck. I know my chances of getting those on the right to listen to NPR is slim, but I have to mention This American Life, by far the best reporting on the financial crisis that I have found.
AC is right. Beat maps are great and used everywhere. Beat detection algorithms in modern software work great; most of the time, detection is perfect and you don't even have to tweak it.
Then you have the best of both worlds: Editing and syncing sequences is easy, and you have a human feel.
C'mon... You can't be serious. My argument was finished way up the thread.
Besides, anyone can make their own.Net clone, it's an ECMA standard, and it doesn't require any permission from Microsoft to implement.
Nevertheless, permission from Microsoft isn't required and Mono isn't the only project that has implemented.Net.
You wouldn't know if I'm mistaken or not since I didn't express an opinion on what an ECMA standard means.
Maybe I wasn't clear. "You're a lost cause" because it's absurd that I'm trying to convince ClosedSource to stop being a Microsoft apologist. It's your username, and maybe the very core of your being.
In other words, nothing I say will make a difference in your mind. Happy trails.
You're being completely disingenuous, ClosedSource. You and I both know that this is not limited to actual lawsuits against manufacturers.
In case you're being genuine: This is about instilling fear in linux customers, forcing linux vendors to agree to Novell-style pacts (only they won't get paid for it this time, they'll be charged), and choking off the supply of development money to linux projects.
The first "over 200" threat, the Novell deal, Mono, and this lawsuit all show clearly what Microsoft is up to.
I think his point was that Microsoft approaches open source in bad faith. And it's true. Mono exists because of the Novell/Microsoft pact, which was an early step in a long-term strategy to use patents to destroy the GPL ecosystem.
Microsoft paid Novell to add legitimacy to its patent threats. Novell funds mono development. It's perfectly reasonable for GP to conclude that Mono is poisonous.
As much as I would love for that to be true, I think the odds are against it. I remember the flame wars on the ubuntu-devel list a few years ago, over Tomboy of all things.
Logic didn't prevail then. But maybe the combination of this and Miguel calling someone who points out that Microsoft is unfriendly to open source a "freetard" for the millionth time will do the trick. Here's hoping.
It's been stuck in the "positive" phase for 3 seasons, which is unprecedented in recent history (past ~100y). The positive phase seems to correspond with warmer western Indian Ocean water. Effects of this phase are stronger monsoons on the Indian subcontinent and deeper droughts in the east.
Here is the site maintained by the team who first described the phenomenon in 1999. It has since been evidenced by historical observations this century and examination of fossil coral. BBC article seems to suggest that there are skeptics in climatology, but I think it's misleading; its existence is non-controversial, only its influence when compared to the ENSO is questioned.
Here is news from UNSW, and here is the abstract of the paper that the popular press is referring to.
I hope I won't get whooshed for this, but the !etacarinae tag is because the popular science articles said it was in the direction of the constellation Carina. There is a famous hypergiant in that direction, about 7.5Kly away from us called Eta Carinae, which is expected to supernova in the near future (astronomically near, anyway) and produce a GRB.
GP's post is fine and all, but the determination of the distance of this is just as interesting as its extreme intensity. The host galaxy was too faint to be detectable. That they can determine the distance is due to the predictive power of the current models for GRBs and the network of instruments on earth and in space that can quickly focus on an event.
The host or counterpart galaxy was too faint (the GRB was 12.8Gly away, and models predict that the host galaxy wouldn't be detectable). But apparently, there is now enough confidence in the models for GRBs to get a good fix on the distance anyway. It's awesome that they can do this without observing a host galaxy now.
The same team that measured this also confirmed the most distant GRB to date last September, and this is within the most distant 5% of observed GRBs.
So you're requiring users to remember which sites they access are secure or not? Users will just use a different browser if they have to click an extra button every blasted time they want to go to Gmail or whatever (but not 95% of the other sites they use!). That much annoyance to users is probably just not worth the slight gain in security, in the same way that a highway speed limit of 30 MPH is not worth the lives it would save. Any good solution needs to add no noticeable burden to users' normal web browsing.
Funny... Even accepting the analogy I still disagree (ie, 0 crash deaths, less pollution, and trains would be pretty great actually). YMMV.
One thing this presentation showed is that security can not be incremental in this arena. There is no "slight gain in security"; there is secure and there is totally exploitable.
Yes, I think it should be very very obvious to the browser user when they are using tls. The drive to "add no noticeable burden to users' normal web browsing" is part of the problem, imho. And yes, the idea is for user to think, "Hey, this is my bank account login, it should be secured." Of course, as I mentioned previously, this requires site owners not to be stupid, which may be a tall order.
Wrong. User types "paypal.com" into their URL bar. Browser sends a request for http://paypal.com/. PayPal might automatically redirect to HTTPS (in fact it does, when I try it), but by then it's too late. A MITM can have already served up the fake page as HTTP, and few users will notice the difference.
Replying with a 302 to an http request or responding to an "https link click" is not encrypting everything.
But paypal.com does not have to reply with a 302 to the http request. Or better yet, we could all just strongly discourage using a redirect from http to https under any circumstances, and utterly ban https clickys in http (like the wachovia site). The latter concern is totally unforgivable. The user has to take it on faith that the POST is secure.
The.secure TLD doesn't sound like a terrible idea, but wouldn't it be easier to approach this from the browser? We could accommodate the the keyboard-averse by having some gui element for "secure" urls, that would behave differently than the normal url bar, i.e. prepend "https://" instead of "http://". On the server side, no more responding to http. Instead show a static page telling the user how to access the site properly.
Apologies if you've already read this, but here is the pdf from the conference.
It's not a conspiracy theory. It appears that a lot of businesses have concluded that occasionally eating the loss on a fraudulent transaction is cheaper than fixing problems.
Maybe it should be "...isn't as secure as online businesses would like it to be."
If they "would like it to be" secure all they would have to do is spend more money on their infrastructure to encrypt everything. So, while it's not a "conspiracy", users who trust sites like paypal or their bank should be upset that these businesses have decided that security is too expensive. Users should be upset that big sites that handle money have decided that it is cheaper to wait for you to notice that money is missing, contact them, and then credit your account (maybe). And if you don't notice, well... it's not their responsibility.
I think that it is in the interests of businesses as well as their customers for SSL transactions to remain secure.
I would think so, too. However, people who run these companies' IT appear to have come to a different conclusion: Spend a certain amount of money on a somewhat secure system, and then put the responsibility on the customer to notice fraud. If noticed, credit the customer's account. Since the problems with mixing secure and non-secure elements have been known and exploited for years, we can conclude that these companies have done their cost-benefit analysis on the current way of doing things and found it to be acceptable.
This is a kind of "negative proof" that's very difficult to disprove. How can one prove that a secret document does not exist somewhere? But there is a logical reason why it isn't in anyone's interest to keep some orbital debris secret.
No, you're totally wrong. This is nothing like "negative proof". There is a thriving community of people who visually track satellites whose elsets do not appear in spacetrack's database. Spacetrack's data is not public, you have to register and be approved to redistribute it, and even so, it is the "civilian" database and only contains unclassified data.
I agree, it would be very logical for DoD's data to be public. But it isn't and they aren't.
Digressing a bit: I came around to thinking this way about math education by experimentation made possible with the web. If the subject is something we wish to truly understand, we can now pursue lots of different paths and find out which one "clicks" with how we learn. Things started making a lot more sense after number theory and sets.
I bet a study watching what paths subjects take would be valuable for educational psychology.
I work for a company that operates satellites, so this is a subject which I can discuss at length.
Dig it. I love this stuff, and wouldn't mind if you discussed it at even greater length.
I really like your comment, but I don't think it addresses the specific problem I had with the ambiguity of your earlier comment, which I read as, "NORAD data is public because it's pointless to hide it, and here's where you can access it." That isn't accurate. Classified elements are excluded (even though they are well-known to astronomers), and even unclassified elements require registration for "national security reasons".
Slashdot Mirror
Parent is right on.
I'm rendered speechless on a daily basis by the national media's use of the DJIA as a proxy for economic confidence. It's thirty companies (which thirty varies), several of which deserve to take a hit.
Bank of America: following its acquisition of Countrywide and later Merrill Lynch, after months of forensic accounting work involving thousands of accountants, it became clear to shareholders that fraud was widespread in all three parties involved, their assets largely fictional. Criminal investigations are ongoing.
American Express: Converted to a bank holding company to qualify for TARP help. Did not have enough money in subsidiary bank deposits to cover card purchases, as it had long relied on selling bonds (asset backed securities). The Fed had to buy these bonds to keep American Express afloat.
Citigroup: Needs no introduction, has paid at least tens of millions in fines and settlements, for everything from ratings fraud to outright theft from account holders. Putting my feeling that their very existence is evidence of government corruption aside, it is on the hook for untold billions that it doesn't have (and never really did, imho), and its assets are currently worth about a fifth of their peak in the bubble.
JPMorgan Chase: Another "bad actor", with a laundry list of scandal too long to post here. Now owns Bear Stearns and Washington Mutual. Again, investors believe its assets are fiction.
AIG: Though not currently part of the index, it was a major mover from 2004-4-8 to 2008-9-22 when it was delisted. It recently posted the largest quarterly loss in history, $61.7 billion. There is evidence of massive fraud, and even rabid left-winger Ben Bernanke said this month, "AIG exploited a huge gap in the regulatory system" and "to nobody's surprise, made irresponsible bets and took huge losses." Additionally, due to the tangled mess of insurance and obligations, its performance affects the stock prices of nearly every other company traded.
Personally, I think that the energy, chemical, and pharma companies should take a hit as well. We need to use less oil, chemical companies' margins are high because they don't pay to pollute, and affordable health care means less profit for Pfizer. As for GM, they have lied to customers and shareholders alike about safety and efficiency, and pursued an adversarial relationship with government. The idea that ever-increasing revenue for these companies (Disney and Microsoft too!) is in our interest is insanity.
I wish fewer people got their news from neo-nazis like Glenn Beck. I know my chances of getting those on the right to listen to NPR is slim, but I have to mention This American Life, by far the best reporting on the financial crisis that I have found.
AC is right. Beat maps are great and used everywhere. Beat detection algorithms in modern software work great; most of the time, detection is perfect and you don't even have to tweak it.
Then you have the best of both worlds: Editing and syncing sequences is easy, and you have a human feel.
C'mon... You can't be serious. My argument was finished way up the thread.
Besides, anyone can make their own .Net clone, it's an ECMA standard, and it doesn't require any permission from Microsoft to implement.
Nevertheless, permission from Microsoft isn't required and Mono isn't the only project that has implemented .Net.
You wouldn't know if I'm mistaken or not since I didn't express an opinion on what an ECMA standard means.
Maybe I wasn't clear. "You're a lost cause" because it's absurd that I'm trying to convince ClosedSource to stop being a Microsoft apologist. It's your username, and maybe the very core of your being.
In other words, nothing I say will make a difference in your mind. Happy trails.
I'm beginning to think you're a lost cause, ClosedSource. ;)
You're mistaken about what being an ECMA standard means.
Funny you should mention that.
http://tirania.org/blog/archive/2006/Nov-04.html/
http://www.infoworld.com/article/04/09/16/HNopenoffice_1.html/
Witness Miguel gush about how Microsoft allowed Sun to ship Mono with Solaris... (yuck)
Microsoft is, in fact, out to get Linux. Miguel is either credulous or corrupted, and Mono is poison.
This TFA? I'm pretty sure Bruce is a party member.
You're being completely disingenuous, ClosedSource. You and I both know that this is not limited to actual lawsuits against manufacturers.
In case you're being genuine: This is about instilling fear in linux customers, forcing linux vendors to agree to Novell-style pacts (only they won't get paid for it this time, they'll be charged), and choking off the supply of development money to linux projects.
The first "over 200" threat, the Novell deal, Mono, and this lawsuit all show clearly what Microsoft is up to.
This is all about linux.
I think his point was that Microsoft approaches open source in bad faith. And it's true. Mono exists because of the Novell/Microsoft pact, which was an early step in a long-term strategy to use patents to destroy the GPL ecosystem.
Microsoft paid Novell to add legitimacy to its patent threats. Novell funds mono development. It's perfectly reasonable for GP to conclude that Mono is poisonous.
Awesome. You're accidentally on-topic... Tom Coburn is a perfect example of a doctor who hates science.
As much as I would love for that to be true, I think the odds are against it. I remember the flame wars on the ubuntu-devel list a few years ago, over Tomboy of all things.
Logic didn't prevail then. But maybe the combination of this and Miguel calling someone who points out that Microsoft is unfriendly to open source a "freetard" for the millionth time will do the trick. Here's hoping.
See also: Indian Ocean Dipole.
It's been stuck in the "positive" phase for 3 seasons, which is unprecedented in recent history (past ~100y). The positive phase seems to correspond with warmer western Indian Ocean water. Effects of this phase are stronger monsoons on the Indian subcontinent and deeper droughts in the east.
Here is the site maintained by the team who first described the phenomenon in 1999. It has since been evidenced by historical observations this century and examination of fossil coral. BBC article seems to suggest that there are skeptics in climatology, but I think it's misleading; its existence is non-controversial, only its influence when compared to the ENSO is questioned.
Here is news from UNSW, and here is the abstract of the paper that the popular press is referring to.
n/t
I hope I won't get whooshed for this, but the !etacarinae tag is because the popular science articles said it was in the direction of the constellation Carina. There is a famous hypergiant in that direction, about 7.5Kly away from us called Eta Carinae, which is expected to supernova in the near future (astronomically near, anyway) and produce a GRB.
GP's post is fine and all, but the determination of the distance of this is just as interesting as its extreme intensity. The host galaxy was too faint to be detectable. That they can determine the distance is due to the predictive power of the current models for GRBs and the network of instruments on earth and in space that can quickly focus on an event.
The determination of the distance and intensity is the actual accomplishment here. http://arxiv.org/abs/0902.0761
The host or counterpart galaxy was too faint (the GRB was 12.8Gly away, and models predict that the host galaxy wouldn't be detectable). But apparently, there is now enough confidence in the models for GRBs to get a good fix on the distance anyway. It's awesome that they can do this without observing a host galaxy now.
The same team that measured this also confirmed the most distant GRB to date last September, and this is within the most distant 5% of observed GRBs.
Arxiv paper
The spectrum shape and afterglow over time are predicted by models. Here's one cited by the J. Grenier et al. paper on arxiv: http://www.journals.uchicago.edu/doi/abs/10.1086/518996.
Here's the J. Grenier (the GROND leader) paper on arxiv: http://arxiv.org/abs/0902.0761
http://arxiv.org/abs/0902.0761
Submitted by the leader of the team working with GROND.
In this particular case, it was this.
Method is explained a little in the eso.org link, but here's a wikipedia article, too: http://en.wikipedia.org/wiki/Photometric_redshift.
Also, awesome Tolkien reference apparently acknowledged by Jochen Greiner.
So you're requiring users to remember which sites they access are secure or not? Users will just use a different browser if they have to click an extra button every blasted time they want to go to Gmail or whatever (but not 95% of the other sites they use!). That much annoyance to users is probably just not worth the slight gain in security, in the same way that a highway speed limit of 30 MPH is not worth the lives it would save. Any good solution needs to add no noticeable burden to users' normal web browsing.
Funny... Even accepting the analogy I still disagree (ie, 0 crash deaths, less pollution, and trains would be pretty great actually). YMMV.
One thing this presentation showed is that security can not be incremental in this arena. There is no "slight gain in security"; there is secure and there is totally exploitable.
Yes, I think it should be very very obvious to the browser user when they are using tls. The drive to "add no noticeable burden to users' normal web browsing" is part of the problem, imho. And yes, the idea is for user to think, "Hey, this is my bank account login, it should be secured." Of course, as I mentioned previously, this requires site owners not to be stupid, which may be a tall order.
Wrong. User types "paypal.com" into their URL bar. Browser sends a request for http://paypal.com/. PayPal might automatically redirect to HTTPS (in fact it does, when I try it), but by then it's too late. A MITM can have already served up the fake page as HTTP, and few users will notice the difference.
Replying with a 302 to an http request or responding to an "https link click" is not encrypting everything.
But paypal.com does not have to reply with a 302 to the http request. Or better yet, we could all just strongly discourage using a redirect from http to https under any circumstances, and utterly ban https clickys in http (like the wachovia site). The latter concern is totally unforgivable. The user has to take it on faith that the POST is secure.
The .secure TLD doesn't sound like a terrible idea, but wouldn't it be easier to approach this from the browser? We could accommodate the the keyboard-averse by having some gui element for "secure" urls, that would behave differently than the normal url bar, i.e. prepend "https://" instead of "http://". On the server side, no more responding to http. Instead show a static page telling the user how to access the site properly.
Apologies if you've already read this, but here is the pdf from the conference.
It's not a conspiracy theory. It appears that a lot of businesses have concluded that occasionally eating the loss on a fraudulent transaction is cheaper than fixing problems.
Maybe it should be "...isn't as secure as online businesses would like it to be."
If they "would like it to be" secure all they would have to do is spend more money on their infrastructure to encrypt everything. So, while it's not a "conspiracy", users who trust sites like paypal or their bank should be upset that these businesses have decided that security is too expensive. Users should be upset that big sites that handle money have decided that it is cheaper to wait for you to notice that money is missing, contact them, and then credit your account (maybe). And if you don't notice, well... it's not their responsibility.
I think that it is in the interests of businesses as well as their customers for SSL transactions to remain secure.
I would think so, too. However, people who run these companies' IT appear to have come to a different conclusion: Spend a certain amount of money on a somewhat secure system, and then put the responsibility on the customer to notice fraud. If noticed, credit the customer's account. Since the problems with mixing secure and non-secure elements have been known and exploited for years, we can conclude that these companies have done their cost-benefit analysis on the current way of doing things and found it to be acceptable.
As sibling comment says, it was 789km.
A 950kg object struck a 560kg object at 11.7km/s (see hypervelocity). All the pieces have new orbits.
Here's some pretty pretty animation.
This is a kind of "negative proof" that's very difficult to disprove. How can one prove that a secret document does not exist somewhere? But there is a logical reason why it isn't in anyone's interest to keep some orbital debris secret.
No, you're totally wrong. This is nothing like "negative proof". There is a thriving community of people who visually track satellites whose elsets do not appear in spacetrack's database. Spacetrack's data is not public, you have to register and be approved to redistribute it, and even so, it is the "civilian" database and only contains unclassified data.
I agree, it would be very logical for DoD's data to be public. But it isn't and they aren't.
Same here.
Digressing a bit: I came around to thinking this way about math education by experimentation made possible with the web. If the subject is something we wish to truly understand, we can now pursue lots of different paths and find out which one "clicks" with how we learn. Things started making a lot more sense after number theory and sets.
I bet a study watching what paths subjects take would be valuable for educational psychology.
Yes, mods, totally offtopic.
I work for a company that operates satellites, so this is a subject which I can discuss at length.
Dig it. I love this stuff, and wouldn't mind if you discussed it at even greater length.
I really like your comment, but I don't think it addresses the specific problem I had with the ambiguity of your earlier comment, which I read as, "NORAD data is public because it's pointless to hide it, and here's where you can access it." That isn't accurate. Classified elements are excluded (even though they are well-known to astronomers), and even unclassified elements require registration for "national security reasons".