"IP Reputation" systems are basically a step beyond DNSBLs (which only consider things as white vs black). There is a decent explanation in Wikipedia's Sender's IP verification section of their E-mail authentication article.
How much spam actually is originating through gmail?
Sorry, I can't give you data. Suffice it to say it's a problem.
How does one prevent a spammer from spoofing these headers?
The headers aren't spoofed. When you use Hotmail or Yahoo, your IP is added to a tracking header by the webmail server so that IP reputation systems can pass along the blame as if it were a Received: header (there's more to it than that, but this should give you the principle). Since GMail doesn't do that, there's nothing to be done; the tracking can't go beyond Google's servers.
If a spammer spoofs headers so as to pretend to pass blame on, the trust doesn't extend far enough; the relay used by the spammer to add those fake headers isn't trusted and so the buck stops there. When dealing with real webmail providers, the trust can be extended to the established webmail relays and then followed into the IP tracking header.
We have meandered a bit off topic here... my point is that this is possible for the nearly identical problem of webmail, so somebody merely needs to figure out how to do it for the IPv6->IPv4 routing process. The simplest solution is the one I outlined above; require a mail relay that speaks both protocols so it can properly record the conversion with a Received header. Modern IP reputation systems (and the clients that poll them) are fully IPv6-ready and will process this perfectly.
Don't forget their plethora of B-class horror films. The Sci-Fi Channel wasn't well managed even before it changed its name to look more like an STD. Talk about a network that doesn't "get it."
They need help. Revolutionary vision -grade help. If Comedy Central and Food Network could do it, there's no reason SyFy can't... but that's not to say it's easy. With this genre, it's damn near impossible. Especially if you have to fight execs that cite profit margins on things like WWE (this is the short term versus long term issue, specifically with respect to brand-delusion).
Miro, previously called Democracy Player (as previouslynotedon slashdot), is an aggregation of independent TV programs. I believe it is exactly what you are looking for.
See also the Wikipedia articles on Web series and the (now defunct) Open Media Network... and YouTube.
Seriously, IPv6 is there to replace IPv4. Tell everyone who whines 'tough shit' switch over already.
Are you trying to create the massive failures we were supposed to have for Y2K? IPv6 compliance is a rather low priorities for most companies and is not being taken seriously to the level that Y2K was. You're asking for a lot of "tough shit" to come your way even if you and your immediate provider are fully IPv6-compliant.
If I have to pay an extra 5 dollars a month for a year to my ISP for that to happen then I would. Just stop trying to extend the life of IPv4 when there is a suitable replacement already available.
You want to pay $5/mo in order to stick it to those who don't think like you? This is a capitalist system -- use it: discount customers five dollars a month to be stuck without IPv4 (or to spin the same concept differently, charge an extra $5/mo for a public IPv4 address). Heck, this doesn't even require IPv6 since it can be done with a NAT, but if it's aspiring to promote IPv6, the service would merely issue public IPv6 addresses and NAT anything using IPv4 as a temporary measure.
I work for an IP reputation company (and am not representing it in this post).
This is not a complicated issue. The LSN portals will merely have to add a tracking header to all mail they process (and block anonymous direct mail if they want to escape DNSBLs' wrath). This is already an issue with webmail (e.g. Google doesn't add the tracking header, so it's MUCH harder to trap spam originating through GMail than it is through providers like Hotmail who do provide this extra tracker).
I know a few research scientists who use the Turk for some awesome ideas (it's a LOT cheaper than in-person human subjects and the people you get aren't homeless, drunks, or freshman psych students fulfilling requirements). However, there is little money in (non-military) basic research at the moment, and only a fraction of that even requires human subjects.
The rest is merely a new breed of on-demand advertising and promotion. Amazon is still getting paid, so they likely don't care. I'd argue that if they don't want to squash the problem altogether that they should at least isolate it to grant people an easier time in going wherever they were heading, e.g. "help me solve vision" versus "help me get popular"
Can someone explain (for real) the point of the 'anti-Debian' key blacklist?
Is it because of the Debian-specific vulnerability in OpenSSH? I thought that was a couple years ago.
Yes. There are still lots of keys out there that were generated with this bug, so it is still worthwhile to test for that. When it comes to uber-secure projects like OWL and OpenBSD, this will likely never change; it's a trivial check for a nontrivial gain.
I'm not sure I believe that. The only way I can think of permitting things like su and passwd (among many others) is by running some sort of permissions escalation daemon ("owl-control" perhaps?) as root that essentially does the same thing. This moves the vulnerability from the binary to the permissions daemon.
There is almost no documentation on owl-control; the best I could find was a FreeBSD port and the (encoded) man page as plucked from CVS HEAD.
If this has been independently audited and continues to appear to be a Good Idea then perhaps it would be of interest to one of the larger distributions?
Total dollars spent versus the cost of the port. All the average says is how much a few people are willing to pay, but if that comes from a hundred Linux customers versus a thousand Windows customers, that's only $136.20 from Linux compared to $628.00 from Windows. And that ignores the cost of the port.
Looking at the pie chart on the Humble Indie Bundle site, Linux accounted for just under a quarter of sales while Windows was more than half of sales. Total sales was $879k, so Windows was roughly $450k to Linux's $200k. Dividing by the averages, that's 71656 Windows customers and 14684 Linux customers, indicating that there were almost five times the number of Windows customers as there were Linux customers.
More importantly, the real numbers to compare are that $200k estimate versus the cost of porting the code to Linux in the first place (I'll discuss support later). Considering that proper planning should make any software already ported to MacOS easier to port to Linux, the cost justification should be there, but that really depends on the developers' proficiency in preparing the code for abstraction (most software will still release Windows first just to get it out the door and to get the money rolling in before working on ports, implying that MacOS could see its port before Linux).
Support: The easy solution is to provide minimal support to Linux users so as to minimize cost. Obviously, this isn't the best model for customer retention, but I'm not sure there would be complaints if such a policy were properly disclosed and the price were discounted.
The Reading Level for site:simple.wikipedia.org is currently ranked 29% Basic, 52% Intermediate, 17% Advanced, implying that Slashdot is easier to read than the version of Wikipedia specifically tasked with being approachable to those with only basic English language comprehension. Google's filter fails here, though I suspect Wikipedia is failing to a small degree too.
Microsoft has always pushed h.264? Ever heard of WMV?
It is my recollection that MS has "always" pushed H.264 over WebM since such a stance can only have existed after WebM's introduction, which is pretty recent. WMV uses VC-1 (a MS proprietary codec written into the BluRay standard) and so is somewhat of a contender, but it's a bit behind VP8 (used by WebM, patents released into public domain), H.264 (preferred by YouTube in FLV containers, patent-encumbered), and Dirac (a candidate for VC-2, preferred by BBC, patent-free). See also Wikipedia's Comparison of H.264 and VC-1.
This is probably "good enough" since it will apply enough pressure to get the rest of the userbase covered quickly enough. Competitive forces should drive similar efforts for GStreamer (and perhaps Phonon) and QuickTime (is that the right MacOS framework?) soon enough. The problem comes with the fact that it's almost guaranteed to be a closed application, so there's nothing to build atop except the interface and feature set.
The real question is what Google thinks of this; despite YouTube's H.264 ties, they've been pushing WebM (a simplified Matroska container holding VP8 video and Vorbis audio) in place of FLV (or...?) containing H.264 and MP3 (or AAC?). Google will have to react FAST if they want to push WebM. For the sake of free/open standards in HTML5 video, specifically to prevent license/royalty issues with proprietary codecs to let the little guys compete, I'm rooting for Google.
So when I say "good enough," I'm referring to what it might kick-start rather than the more immediate effects. Things should start to get interesting.
I'm not an emacs user, but I figure it included both a web browser and the 'highlight all' feature well before 1999. This prior art should at least make the feature patent-free if you were to implement it as a checkbox instead of a button, which is (imho) the better way to do it anyway. I'm sure there's other prior art out there as well.
I would hope so, but it's pretty irrelevant since the attacker can derive the salt using a known user/pass pair (...unless the salt were a function, but I don't know if that's done).
The article's correlations are wholly speculative and ill-informed; I highly doubt there was any notable difference between hotmail v google v yahoo users with respect to statistical significance. The video at the bottom was almost completely unrelated, including a few minutes of banter that could have been constructed from the slashdot article summary. The video's target audience was the general public while the article's audience appears to be the IT-savvy. They also fail to mention whether the password "f---you" was censored by WSJ or by the users (take a wild guess), which seems unacceptable if they're supposedly showing real data.
Remember when the Wall Street Journal had integrity?
Ah, but they'll actually nail you on junk faxes (it's trivially traced and more easily linked to a direct tangible cost, unlike spam). The only way to do this would be to go to a copy shop and pay in cash, though your face would be on their security cameras (so you're traceable, but it's hard enough that you can probably get away with it). This could also be done with an email-to-fax gateway, of which a few exist, but it would result in shutting down a service that might have more useful applications...
A number of sources have begun describing DDOS attacks not as cyber-attacks but rather as digital sit-ins that are completely legal. A DDOS (Note the Distributed) is basically a ton of people visiting the site at once so that others can't. In essence, the unknowing visitor to mastercard.com is also contributing to the DDOS by merely visiting the already flooded site (albiet in a small way) just as an unknowing visitor to a bank is contributing to a sit-in by disrupting the flow of work.
A DDoS is more akin to a mall's overstuffed parking lot filled with protesters intent on preventing customers from accessing the mall. Same as a sit-in, right? Not once you note that the cars are all stolen and parked in a manner suited to consume spaces rather than maximize capacity. Many of the spaces are filled by large trucks. The trucks can be turned away at the gate and the egregiously parked can be towed/fined, but otherwise, the plates have to be run to determine which cars are stolen. Moving to the digital analogy, each of these is extremely hard, with the last of them being (currently) impossible.
Another analogy: this is a ticketed line at the deli (the red "take a ticket" device). A few people come by every few seconds and grab tickets until shooed away by the butcher. "Now serving" number 005. Your ticket is number 712. Are you going to wait? The analogy falls apart because the butcher is a human and smart enough to skip ahead rapidly as well as call the police to arrest the miscreants for trespassing. There is no digital equivalent, which is in fact the problem. The online version would be based on statistical analysis and wouldn't work very well, most akin to... discrimination (racial profiling, "those damn kids," etc).
Ultimately, the question isn't "has progess been made" to stop DDOS attacks, but SHOULD there be progress to stop them? Sounds like an easy question to answer but in the case of freedom of expression, it makes the waters a bit more muddied.
This is a freedom of expression issue in the opposite manner; the attackers are suppressing the ability of everybody else to express themselves. That's more akin to "the squeaky wheel gets the grease" and ballot-stuffing. Nobody says the attackers can't say something and be heard. Like terrorists and children throwing temper tantrums, they are forbidden from amplifying their impact with attacks and other disruptive behavior.
We've been lucky so far that Anonymous has been sensible about their choice of targets, but even if that specific group can continue to show such admirable restraint, other groups might notice the impact it can have and any tolerance granted to it. Escalation is bound to happen. It is time to take action.
Genes aren't smartphone apps; you can't just say "there's a gene for that."
Genes are more akin to code than to building blocks. A gene is more like a function than it is like a brick or mortar, and we have very little understanding of how genes interact with each other.
I'd like to give a "bravo!" to the authors for making the paper an open-access journal article. I know that's a hard sell to publishers. The full paper is available to all without registration.
The paper itself explains the high chance that this is overblown:
It is also important to sound several notes of caution. First, a consistent challenge in genetic association studies are that of third variable confounds, or unmeasured variables that are causally responsible for the observed finding but are associated with the measured variables thus generating a spurious association....
Wait... explain to me again how it is possible to get a patent on a chemical compound (as opposed to the method and process for producing that compound), especially a naturally occurring substance?
I doubt it. It isn't and won't be a fully featured plugin. Chrome's PDF viewer was sandboxed in the dev builds even, so there isn't much risk there. If Adobe fixes the Flash sandbox issues (for one, Mic does not work) then maybe we'd see SWF-in-PDF support.
Honestly, I hope we don't. PDF shouldn't have flash support. That 'feature' was merely added by Acrobat because it was trivial for them to do. Anybody seeking that kind of thing should use HTML, Flash itself (which is fully capable of this sort of thing!), or perhaps PPT.
What are you talking about? There is plenty to hide... it's a collection of classified documents after all, documenting things like secret back-door negotiations. This sort of thing is just a part of political maneuverings, e.g. making a secret deal with one nation that might upset another, or giving a concession in a trade agreement that might harm reelectability, or turning a blind eye to a minor violation of international law. Plenty to hide.
The issue of transparency is not an easy one. Wikileaks argues that there's too much happening behind closed doors and that much of it is unacceptable. The US Government obviously argues that it's merely the way things work, a means by which to save face and get real work done. The best solution is somewhere in the middle.
One of the biggest problems with Adobe Acrobat Reader is that attackers can run exploits via embedded flash... since Chrome supports flash, does that mean it will support flash in the PDFs it converts to HTML? I hope not, or at least not by default.
I'd like to see Chrome come with a dummy app that pretends to be a PDF reader which merely runs a specialized window holding the document content in a manner akin to your typical PDF viewer. This would help people stop wean themselves off of Acrobat Reader. Maybe it will be better than FoxIt and Evince et al. (though I suspect not; the whole point of PDF is in a perfectly consistent rendering so as to always print the same, while HTML is almost impossible to do that. Google likely has no interest in molding Chrome into something that ideal for paged media, but I can hope...)
(Disclaimer: I word processes in HTML using vim; I know a good amount of page-media CSS, including all those CSS1 and CSS2 bits that still lack implementation in FF and Chrome...)
What would be more politically acceptable about replacing a relatively stable material like depleted uranium by a highly radioactive material like Rt ? Island of stability or not, we are talking about an element that would have a shorter half-life than uranium, especially depleted, and that would emit mainly alpha-ray (the less penetrating but the most deadly).
The claim that it would be cheaper is a bit surprising too : there are mines of uranium...
Depleting the radioactivity of uranium is quite expensive. The resulting product also isn't fully safe, which is why most nations classify DU as poisonous and therefore illicit in combat.
Slashdot Mirror
"IP Reputation" systems are basically a step beyond DNSBLs (which only consider things as white vs black). There is a decent explanation in Wikipedia's Sender's IP verification section of their E-mail authentication article.
How much spam actually is originating through gmail?
Sorry, I can't give you data. Suffice it to say it's a problem.
How does one prevent a spammer from spoofing these headers?
The headers aren't spoofed. When you use Hotmail or Yahoo, your IP is added to a tracking header by the webmail server so that IP reputation systems can pass along the blame as if it were a Received: header (there's more to it than that, but this should give you the principle). Since GMail doesn't do that, there's nothing to be done; the tracking can't go beyond Google's servers.
If a spammer spoofs headers so as to pretend to pass blame on, the trust doesn't extend far enough; the relay used by the spammer to add those fake headers isn't trusted and so the buck stops there. When dealing with real webmail providers, the trust can be extended to the established webmail relays and then followed into the IP tracking header.
We have meandered a bit off topic here ... my point is that this is possible for the nearly identical problem of webmail, so somebody merely needs to figure out how to do it for the IPv6->IPv4 routing process. The simplest solution is the one I outlined above; require a mail relay that speaks both protocols so it can properly record the conversion with a Received header. Modern IP reputation systems (and the clients that poll them) are fully IPv6-ready and will process this perfectly.
brand-delusion
Before somebody "corrects" me, that's an intentional wordplay.
Don't forget their plethora of B-class horror films. The Sci-Fi Channel wasn't well managed even before it changed its name to look more like an STD. Talk about a network that doesn't "get it."
They need help. Revolutionary vision -grade help. If Comedy Central and Food Network could do it, there's no reason SyFy can't ... but that's not to say it's easy. With this genre, it's damn near impossible. Especially if you have to fight execs that cite profit margins on things like WWE (this is the short term versus long term issue, specifically with respect to brand-delusion).
Miro, previously called Democracy Player (as previously noted on slashdot), is an aggregation of independent TV programs. I believe it is exactly what you are looking for.
See also the Wikipedia articles on Web series and the (now defunct) Open Media Network ... and YouTube.
Other recommendations would include Dr. Horrible's Sing-Along Blog and The Guild as well as others listed on Wikipedia's Internet television series.
Seriously, IPv6 is there to replace IPv4. Tell everyone who whines 'tough shit' switch over already.
Are you trying to create the massive failures we were supposed to have for Y2K? IPv6 compliance is a rather low priorities for most companies and is not being taken seriously to the level that Y2K was. You're asking for a lot of "tough shit" to come your way even if you and your immediate provider are fully IPv6-compliant.
If I have to pay an extra 5 dollars a month for a year to my ISP for that to happen then I would. Just stop trying to extend the life of IPv4 when there is a suitable replacement already available.
You want to pay $5/mo in order to stick it to those who don't think like you? This is a capitalist system -- use it: discount customers five dollars a month to be stuck without IPv4 (or to spin the same concept differently, charge an extra $5/mo for a public IPv4 address). Heck, this doesn't even require IPv6 since it can be done with a NAT, but if it's aspiring to promote IPv6, the service would merely issue public IPv6 addresses and NAT anything using IPv4 as a temporary measure.
I work for an IP reputation company (and am not representing it in this post).
This is not a complicated issue. The LSN portals will merely have to add a tracking header to all mail they process (and block anonymous direct mail if they want to escape DNSBLs' wrath). This is already an issue with webmail (e.g. Google doesn't add the tracking header, so it's MUCH harder to trap spam originating through GMail than it is through providers like Hotmail who do provide this extra tracker).
I know a few research scientists who use the Turk for some awesome ideas (it's a LOT cheaper than in-person human subjects and the people you get aren't homeless, drunks, or freshman psych students fulfilling requirements). However, there is little money in (non-military) basic research at the moment, and only a fraction of that even requires human subjects.
The rest is merely a new breed of on-demand advertising and promotion. Amazon is still getting paid, so they likely don't care. I'd argue that if they don't want to squash the problem altogether that they should at least isolate it to grant people an easier time in going wherever they were heading, e.g. "help me solve vision" versus "help me get popular"
At least theoretically some type of access list "Program X is authorized to do Y" is more secure than "Program X needs root access".
I chose /bin/su because the "Y" that it needs to do is root access.
Can someone explain (for real) the point of the 'anti-Debian' key blacklist?
Is it because of the Debian-specific vulnerability in OpenSSH? I thought that was a couple years ago.
Yes. There are still lots of keys out there that were generated with this bug, so it is still worthwhile to test for that. When it comes to uber-secure projects like OWL and OpenBSD, this will likely never change; it's a trivial check for a nontrivial gain.
I'm not sure I believe that. The only way I can think of permitting things like su and passwd (among many others) is by running some sort of permissions escalation daemon ("owl-control" perhaps?) as root that essentially does the same thing. This moves the vulnerability from the binary to the permissions daemon.
There is almost no documentation on owl-control; the best I could find was a FreeBSD port and the (encoded) man page as plucked from CVS HEAD.
If this has been independently audited and continues to appear to be a Good Idea then perhaps it would be of interest to one of the larger distributions?
Total dollars spent versus the cost of the port. All the average says is how much a few people are willing to pay, but if that comes from a hundred Linux customers versus a thousand Windows customers, that's only $136.20 from Linux compared to $628.00 from Windows. And that ignores the cost of the port.
Looking at the pie chart on the Humble Indie Bundle site, Linux accounted for just under a quarter of sales while Windows was more than half of sales. Total sales was $879k, so Windows was roughly $450k to Linux's $200k. Dividing by the averages, that's 71656 Windows customers and 14684 Linux customers, indicating that there were almost five times the number of Windows customers as there were Linux customers.
More importantly, the real numbers to compare are that $200k estimate versus the cost of porting the code to Linux in the first place (I'll discuss support later). Considering that proper planning should make any software already ported to MacOS easier to port to Linux, the cost justification should be there, but that really depends on the developers' proficiency in preparing the code for abstraction (most software will still release Windows first just to get it out the door and to get the money rolling in before working on ports, implying that MacOS could see its port before Linux).
Support: The easy solution is to provide minimal support to Linux users so as to minimize cost. Obviously, this isn't the best model for customer retention, but I'm not sure there would be complaints if such a policy were properly disclosed and the price were discounted.
The Reading Level for site:simple.wikipedia.org is currently ranked 29% Basic, 52% Intermediate, 17% Advanced, implying that Slashdot is easier to read than the version of Wikipedia specifically tasked with being approachable to those with only basic English language comprehension. Google's filter fails here, though I suspect Wikipedia is failing to a small degree too.
Microsoft has always pushed h.264? Ever heard of WMV?
It is my recollection that MS has "always" pushed H.264 over WebM since such a stance can only have existed after WebM's introduction, which is pretty recent. WMV uses VC-1 (a MS proprietary codec written into the BluRay standard) and so is somewhat of a contender, but it's a bit behind VP8 (used by WebM, patents released into public domain), H.264 (preferred by YouTube in FLV containers, patent-encumbered), and Dirac (a candidate for VC-2, preferred by BBC, patent-free). See also Wikipedia's Comparison of H.264 and VC-1.
(Speaking as a Linux user here)
This is probably "good enough" since it will apply enough pressure to get the rest of the userbase covered quickly enough. Competitive forces should drive similar efforts for GStreamer (and perhaps Phonon) and QuickTime (is that the right MacOS framework?) soon enough. The problem comes with the fact that it's almost guaranteed to be a closed application, so there's nothing to build atop except the interface and feature set.
The real question is what Google thinks of this; despite YouTube's H.264 ties, they've been pushing WebM (a simplified Matroska container holding VP8 video and Vorbis audio) in place of FLV (or...?) containing H.264 and MP3 (or AAC?). Google will have to react FAST if they want to push WebM. For the sake of free/open standards in HTML5 video, specifically to prevent license/royalty issues with proprietary codecs to let the little guys compete, I'm rooting for Google.
So when I say "good enough," I'm referring to what it might kick-start rather than the more immediate effects. Things should start to get interesting.
I'm not an emacs user, but I figure it included both a web browser and the 'highlight all' feature well before 1999. This prior art should at least make the feature patent-free if you were to implement it as a checkbox instead of a button, which is (imho) the better way to do it anyway. I'm sure there's other prior art out there as well.
was Gawker using salt?
I would hope so, but it's pretty irrelevant since the attacker can derive the salt using a known user/pass pair (...unless the salt were a function, but I don't know if that's done).
The article's correlations are wholly speculative and ill-informed; I highly doubt there was any notable difference between hotmail v google v yahoo users with respect to statistical significance. The video at the bottom was almost completely unrelated, including a few minutes of banter that could have been constructed from the slashdot article summary. The video's target audience was the general public while the article's audience appears to be the IT-savvy. They also fail to mention whether the password "f---you" was censored by WSJ or by the users (take a wild guess), which seems unacceptable if they're supposedly showing real data.
Remember when the Wall Street Journal had integrity?
Ah, but they'll actually nail you on junk faxes (it's trivially traced and more easily linked to a direct tangible cost, unlike spam). The only way to do this would be to go to a copy shop and pay in cash, though your face would be on their security cameras (so you're traceable, but it's hard enough that you can probably get away with it). This could also be done with an email-to-fax gateway, of which a few exist, but it would result in shutting down a service that might have more useful applications...
A number of sources have begun describing DDOS attacks not as cyber-attacks but rather as digital sit-ins that are completely legal. A DDOS (Note the Distributed) is basically a ton of people visiting the site at once so that others can't. In essence, the unknowing visitor to mastercard.com is also contributing to the DDOS by merely visiting the already flooded site (albiet in a small way) just as an unknowing visitor to a bank is contributing to a sit-in by disrupting the flow of work.
A DDoS is more akin to a mall's overstuffed parking lot filled with protesters intent on preventing customers from accessing the mall. Same as a sit-in, right? Not once you note that the cars are all stolen and parked in a manner suited to consume spaces rather than maximize capacity. Many of the spaces are filled by large trucks. The trucks can be turned away at the gate and the egregiously parked can be towed/fined, but otherwise, the plates have to be run to determine which cars are stolen. Moving to the digital analogy, each of these is extremely hard, with the last of them being (currently) impossible.
Another analogy: this is a ticketed line at the deli (the red "take a ticket" device). A few people come by every few seconds and grab tickets until shooed away by the butcher. "Now serving" number 005. Your ticket is number 712. Are you going to wait? The analogy falls apart because the butcher is a human and smart enough to skip ahead rapidly as well as call the police to arrest the miscreants for trespassing. There is no digital equivalent, which is in fact the problem. The online version would be based on statistical analysis and wouldn't work very well, most akin to ... discrimination (racial profiling, "those damn kids," etc).
Ultimately, the question isn't "has progess been made" to stop DDOS attacks, but SHOULD there be progress to stop them? Sounds like an easy question to answer but in the case of freedom of expression, it makes the waters a bit more muddied.
This is a freedom of expression issue in the opposite manner; the attackers are suppressing the ability of everybody else to express themselves. That's more akin to "the squeaky wheel gets the grease" and ballot-stuffing. Nobody says the attackers can't say something and be heard. Like terrorists and children throwing temper tantrums, they are forbidden from amplifying their impact with attacks and other disruptive behavior.
We've been lucky so far that Anonymous has been sensible about their choice of targets, but even if that specific group can continue to show such admirable restraint, other groups might notice the impact it can have and any tolerance granted to it. Escalation is bound to happen. It is time to take action.
The media does not understand basic research. In this case, we see its obsession of finding genes for behaviors; it almost never works that way.
Genes aren't smartphone apps; you can't just say "there's a gene for that."
Genes are more akin to code than to building blocks. A gene is more like a function than it is like a brick or mortar, and we have very little understanding of how genes interact with each other.
I'd like to give a "bravo!" to the authors for making the paper an open-access journal article. I know that's a hard sell to publishers. The full paper is available to all without registration.
The paper itself explains the high chance that this is overblown:
It is also important to sound several notes of caution. First, a consistent challenge in genetic association studies are that of third variable confounds, or unmeasured variables that are causally responsible for the observed finding but are associated with the measured variables thus generating a spurious association. ...
Wait... explain to me again how it is possible to get a patent on a chemical compound (as opposed to the method and process for producing that compound), especially a naturally occurring substance?
Genes are currently patentable. Look up Monsanto (especially Monsanto Canada v Schmeiser) or the fact that there are PEOPLE whose genes are patented by corporations.
Even ignoring the ethics of either gene patents or file sharing, I'm pretty annoyed by their lumping patent violations with copyright infringement...
I doubt it. It isn't and won't be a fully featured plugin. Chrome's PDF viewer was sandboxed in the dev builds even, so there isn't much risk there. If Adobe fixes the Flash sandbox issues (for one, Mic does not work) then maybe we'd see SWF-in-PDF support.
Honestly, I hope we don't. PDF shouldn't have flash support. That 'feature' was merely added by Acrobat because it was trivial for them to do. Anybody seeking that kind of thing should use HTML, Flash itself (which is fully capable of this sort of thing!), or perhaps PPT.
What are you talking about? There is plenty to hide ... it's a collection of classified documents after all, documenting things like secret back-door negotiations. This sort of thing is just a part of political maneuverings, e.g. making a secret deal with one nation that might upset another, or giving a concession in a trade agreement that might harm reelectability, or turning a blind eye to a minor violation of international law. Plenty to hide.
The issue of transparency is not an easy one. Wikileaks argues that there's too much happening behind closed doors and that much of it is unacceptable. The US Government obviously argues that it's merely the way things work, a means by which to save face and get real work done. The best solution is somewhere in the middle.
One of the biggest problems with Adobe Acrobat Reader is that attackers can run exploits via embedded flash ... since Chrome supports flash, does that mean it will support flash in the PDFs it converts to HTML? I hope not, or at least not by default.
I'd like to see Chrome come with a dummy app that pretends to be a PDF reader which merely runs a specialized window holding the document content in a manner akin to your typical PDF viewer. This would help people stop wean themselves off of Acrobat Reader. Maybe it will be better than FoxIt and Evince et al. (though I suspect not; the whole point of PDF is in a perfectly consistent rendering so as to always print the same, while HTML is almost impossible to do that. Google likely has no interest in molding Chrome into something that ideal for paged media, but I can hope...)
(Disclaimer: I word processes in HTML using vim; I know a good amount of page-media CSS, including all those CSS1 and CSS2 bits that still lack implementation in FF and Chrome...)
What would be more politically acceptable about replacing a relatively stable material like depleted uranium by a highly radioactive material like Rt ? Island of stability or not, we are talking about an element that would have a shorter half-life than uranium, especially depleted, and that would emit mainly alpha-ray (the less penetrating but the most deadly).
The claim that it would be cheaper is a bit surprising too : there are mines of uranium...
The definition of a stable isotope is that of not being detectably radioactive.
Depleting the radioactivity of uranium is quite expensive. The resulting product also isn't fully safe, which is why most nations classify DU as poisonous and therefore illicit in combat.