This is one of the most disturbing trends in the U.S. This move toward over-education of the somewhat privileged is exacerbating the problem of social immobility. If you cannot go to college, you are relegated to low wage jobs. As you grow older and have children, your children also cannot go to college. Yes, there are sensational stories like that of Liz Murray. However, they are sensational because they are so rare.
In the long run, it will be a very bad thing for our country if this trend toward SES lock-in continues.
Apples and oranges, because the business of Catholic hospitals is not about health insurance.
Catholic hospitals are primarily secular in nature. If I go to St. Mary of the Holy Land of Virgin Blessed Heart hospital for an X-ray of a broken arm, I don't care if the technician is Catholic, Hindu, Zoroastrian, or Pastafarian. I just want the dang X-ray done. Furthermore, the contraception decision is simply that these primarily secular institutions cannot interfere with the individual health care decisions of their employees, who are (statistically speaking) most likely not Catholic (Catholics are only 23% of the US population). The contraception coverage issue is a business decision that mostly impacts the employee, and one's employer should have no say in it since it has no direct impact on one's ability to do one's job. That should be true even if the employer is religiously affiliated, provided that the main societal function of the employer is not religious. Note that I'm not suggesting employers can't make aggregate budget decisions regarding their benefits' packages. Catholic hospitals should (and can) work out those numbers as they see fit. (Curiously enough, covering contraception actually reduces costs for the employer, as that employee wouldn't have to take time off for, you know...having a baby.) Simply put, my employer should not be interfere with my private health care solely on the basis of a moral objection.
And the whole objection of the Catholic hospital paying money for contraception is a red herring. They're paying for it anyways. The only difference is whether they hand the money to their employees (who then forward it to the insurer) or do they pay it directly to the insurer. The end result is simply that the employee has to pay more without direct coverage. So, in essence, the Catholic hospital wants to fiscally shame their non-Catholic employees into following Catholic morality.
A more appropriate comparison would be whether or not a Catholic hospital would have to keep an employee who was handing out Christopher Hitchens books to co-workers.
See my comment above. Shor's paper talks about the discrete log problem for a cyclic group in which the group operation is multiplication over integers. That is, modular exponentiation. There are other forms of ECC that do not use modular exponentiation. It is not entirely clear (to me, at least) whether or not Shor's algorithm would apply to the discrete log problem in other settings.
Yes, but Shor's paper is talking about computing the discrete log within a cyclic group for which the operation is multiplication over integers. ECC (there are actually multiple types of ECC...but that's a different discussion) is built on a different operation. For instance, you can do ECC using bilinear mappings such as the Weil pairing. It is not clear, based on what I've read, whether or not Shor's algorithm would apply to these other operations.
RSA can also be broken by factorization. e and d are selected because of Fermat's little theorem, built on the totient function. That is, ed = 1 mod Phi(n), where Phi(n) = pq. If you know p, q, and e, you can compute d very efficiently regardless of the message encrypted.
Posting as AC, huh? Are you an NTRU Cryptosystems employee?
Here's a paper that surveys a number of quantum resistant cryptosystems. "NTRUEncrypt has also been found to be vulnerable to chosen ciphertext attacks based on decryption failuress [18, 21, 31, 38], but a padding scheme [30], which has provable security against these attacks, has been developed." "A comparatively greater number of problems have been found in NTRU-based signature schemes." "In 2006, it was shown by Nguyen that the unperturbed NTRUSign could be broken given only 400 signed messages [42]."
For clarification, you are talking about two separate problems. One problem is integer factorization. In the case of RSA, encryption and decryption are done modulo some n = pq, where p and q are large prime integers. While n is public, p and q are private. If you know p, q, and a public key, you can compute the corresponding private key efficiently.
The other problem is computing discrete logarithms (sometimes over a finite field, as in ECC). RSA encrypts message m with a key e by computing c = m^e mod n. The discrete logarithm problem has to do with the hardness of discovering e given knowledge of m, n, and c. Many other cryptosystems (like ECC) do the same thing, but the multiplication operation underlying the exponentiation is different, and those systems do not require that n be the product of two primes. As such, determining the prime factors of n does not undermine the security.
Hence, the security of something like ECC cannot be broken by integer factorization, but can be broken if there is an efficient way to compute the discrete log. As of right now, I am not aware of any quantum algorithm for computing discrete logs.
More than supply and demand? Here's some data from the Department of Education on enrollment statistics (http://nces.ed.gov/programs/digest/2010menu_tables.asp), specifically looking at http://nces.ed.gov/programs/digest/d10/tables/dt10_275.asp:
In 1976-77, there were 1536 private (not-for-profit) and 1455 public colleges and universities, for a total of 2991. In 2009-10, there were 1624 and 1672, yielding 3296. This produces a total increase of 10.2%.
In the same years, student enrollment at private (not-for-profit) and public institutions went from 10,967,775 (2,314,298 + 8,653,477) to 18,575,725 (3,765,083 + 14,810,642). That is a total increase in student population of 69.4%.
In other words, the growth in demand (students enrolled) has significantly outpaced the growth in supply (institutions). That's going to have a far greater impact on the cost of going to college than subsidies (which are arguably small as a percentage of the total cost of education).
(To be fair and thorough, I really should also look up the change in the number of faculty, but I just don't have the time or motivation to do so.)
Speed limits are set by the states because there is nothing in the Constitution that gives the federal government the power to regulate traffic laws. According to the 10th Amendment, any power not given to the federal government by the Constitution, and that is not prohibited by the Constitution, are reserved for the states, or people. Health care is like speed limits. Since there is no Constitutionally granted power for the feds to regulate it, the power falls to the states. This is why the Massachusetts health care law is Constitutional, but "Obamacare" is not.
On the contrary, until 1995, speed limits were regulated by the federal government. Specifically, the National Maximum Speed Law, passed in 1974, prohibited states from setting any speed limit above 55 mph. These regulations stayed in place until Congress repealed them with the National Highway System Designation Act. There was never any argument regarding the Constitutionality of the NMSL.
That's quite a reading of the 10th Amendment you've got there. Too bad it is wholly inaccurate and completely ignores the 200+ years of case law that has been decided ever since...
Agreed. Somehow, two data points (seizure from a guitar manufacturer, and prosecution for improper documentation of a large collection of imported antique pianos) translate into evidence that we live under totalitarianism (Play guitar? Well, you better have documentation about every piece of its manufacturing origins or else!!!).
Sometimes it seems that/., with its sensationalism and knee-jerk anti-government hysteria, is aspiring to be Fox News.
My point is that, as long as the government does the investing - in the form of picking their cronies as the winners, we WON'T get private investment.
You're under the mistaken assumption that all of government funding and investment works like defense contracting. Believe it or not, there are some segments of the federal government that are very good at funding research based on its merits, rather than political connections. Groups like DoE and NSF have excellent procedures, where proposals are peer-reviewed by experts in academia, industry, and government. And, contrary to your assertion that government involvement interferes with private research, many funding proposals for government research investment comes from private industry. Want some evidence of how government investment can lead to private investment? You can read about the origins of the research that created the foundation for this little company.
You are a living, breathing example of sqrt(2)'s point that, "The people saying we should do nothing are doing so mostly out of an ideological mistrust of government doing anything[emph. added]." You simply make blanket statements about how government programs like this ALWAYS fail and we WON'T have private investment, despite the fact that you have no idea how scientific research funding actually works.
Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.
Crypto is great and wonderful and all that, but it never exists in isolation. Access control policies, auditing, etc., are also required to have a secure, usable system that is flexible enough to provide the type of mobile access that Dropbox does. I see nothing contradictory about Dropbox's claims that employees cannot access user files directly. It seems to me that the author just never took the time to think about the implications of Dropbox's flexibility.
1) ID is not Young Earth Creationism (YEC), though it is primarily used as a smokescreen by YECs.
2) ID is the belief that evolution is mostly true, but that something "interfered" with evolution, allowing it to overcome the statistical challenges to evolving more complicated life.
No. While not specific to Young Earth Creationism, ID is creationism. Go read the Kitzmiller v. Dover Area School District decision. ID is not an attempt to augment scientific knowledge with a more holistic worldview. It is traditional Christian creationism, pure and simple. If you look at the history of the ID movement, there is very clear evidence that it they just substituted "intelligent designer" where they would traditionally say "God." To suggest otherwise is revisionist history.
3) To put it in probabilistic terms, consider the world as being a giant casino filled with slot machines, and every time a jackpot is hit in a slot machine, a new species evolves. ID is the claim that someone is interfering with the odds on the machines, evolution is the stance that enough jackpots will be hit without interference.
Those aren't probabilistic terms. Those are analogies. If you want to use probabilistic terms, then you'll talk about things like distributions, random variables, and events.
4) Put in those terms, it becomes statistically falsifiable (to arbitrary levels of confidence). One simply needs to determine numbers for hitting jackpots [emph. added] / speciation and compare them against the record of events. Or even better, going forward, keep track of the genomes of all species on earth, and see if mutation and speciation rates match theory.
5) It is possible to develop a statistical method that determines to an arbitrary level of confidence, if species A could have evolved from species B given time duration T.
One very important point that got lost in all the noise is this: we will need a statistical method to determine intelligent design no matter what. Ignore the whole evolution thing - as our skills with genetic engineering move forward, it will be critical to be able to tell if West Nile 2012 is an intelligently designed species or not.
No, no, no, no, no. You're seriously attempting to conflate ID with genetic engineering? As I said before, ID has a very specific meaning. It is the belief that life is too complex to have emerged naturally, and that a supernatural entity must have interfered or guided the process. It is inherently unmeasurable. How can you possibly build a model, based on the historical record, to determine if a species evolved as the result of a being operating outside of the laws of nature? In the case of genetic engineering, yes, it is possible to build limited models based on our understanding of current environmental conditions. You can look at genetic sequences and identify patterns, etc. But that is not intelligent design.
Look. I'll give you the benefit of the doubt and assume that you're being sincere in your argument for statistical models of evolution as it is happening today. But you need to use a new term. Intelligent design has a very specific meaning based on its history. It is inherently not falsifiable, because it specifically involves the presence of a being (i.e., NOT measurable or provable) acting outside of the laws of nature. Humans are natural beings, so when we perform genetic engineering, that's still a natural event.
Articles like this annoy me, because it assumes that security is binary. Either your system is secure or it is not. That's crap. Security goals are defined relative to the sensitivity of the resources being protected, and to the aims of the organization.
The real problem is not how you are storing your passwords. The real problem, if your organization is trying to protecting something of value, is that you are relying solely on passwords to begin with. Multifactor authentication, intrusion detection/prevention systems, and auditing are minimums for real security. And, hey, if you're protecting something really sensitive, say the control system for a nuclear reactor, then toss on RBAC with separation of duty.
So I really don't care that Gawker got hacked and their passwords leaked, because those credentials should not be sufficient to access any resource of significant value.
Really, the main point of PBKDF2 is to slow down the verification process artificially and raise the computational requirements of the adversary. If an attacker can check 10,000 passwords in a second, then requiring 10,000 iterations of the hash means he can only check one password a second. Add a unique 4096-bit salt, and the average time to crack a single password (assuming no pre-computation) becomes 2^2048 seconds. And you can't really do pre-computation, because you can't store (and efficiently search) rainbow tables for passwords with all possible salts for all possible hash iterations between 1 and 10,000.
I think your concern is that the hashes somehow converge after repeated iterations. No, that doesn't happen with cryptographic hashes.
There is something about the pro-vaccine lobby that bothers me. There's a trust fund setup to pay compensation to people who are injured by vaccines, that was some sort of compromise because big pharma wouldn't produce vaccines unless they got some sort of liability waiver[emph. added].
I would like some citation for this claim, please, because I think it's a load of crap. Without VICP, pharmaceutical companies would still produce the vaccine. They would just charge more per dose to offset the costs of compensation. Furthermore, the costs of compensation without VICP would be significantly higher for two reasons. First, you have to tack on lawyer fees. Second, sympathetic juries would give disproportionate awards that are based on emotion, rather than a rational evaluation of actual damage. They would see the companies and government as bullies that need punished. The government acknowledged this probability, and put VICP in place as a way to mitigate the financial risks for all.
Well, if vaccines don't cause any harm, why is there a fund? I think they should be honest with people, vaccines can cause some problems, but you'll be worse off if you get Polio.
They are. Have you (or one of your children) received a vaccine in the past 20 years? Every time I or my son have received one, we're given a piece of paper documenting all of the risks and side effects that are associated with that particular immunization. You are simply spreading anti-corporate, anti-government FUD. Why? There is only one side in this debate that has been dishonest, and it hasn't been the pro-vaccine groups.
(Side note: I'm only talking about the controversy regarding long-approved vaccines, such as MMR and DTaP. The process to get new vaccines approved and/or mandated is a different issue. For instance, the makers of Gardasil pulled some pretty shady backdoor lobbying. And there are plenty of other reasons to dislike the pharmaceutical companies, such as how they disproportionately fund high-profit, low-urgency treatments (e.g., erectile dysfunction). But those are tangential to the current debate.)
No, I do not work for a pharmaceutical company, and I have no financial stake in the matter. What really turned me against the anti-vaccine movement was attending a child birth class where the teacher gave this helpful advice: "If you just don't like vaccines, then tell them it's against your religion. You don't have to say anything else or name what your religion is, but they won't give your child a shot." The arrogance, ignorance and irrationality of the anti-vaccine movement is just astounding.
Do you really believe this? Do you not understand the influence that Fox News has with regard to elections in the U.S.? And you do understand that things like net neutrality, FCC decency standards enforcement, regulation and oversight of broadband providers, etc., are affected by the outcomes of those elections, right? You can ignore politics at your own peril, but to suggest that it doesn't matter is a bit naive.
All of the news outlets except Fox News Special Report received a score to the left of the average member of Congress.
The interesting thing about bias discussions is that you have to consider the baseline of comparison. That is, how do you determine what counts as "bias?" Are you (or the paper, rather...but you seem to be endorsing the study by proxy) really suggesting that the average member of Congress somehow represents "true" America? Should the average member of Congress really be considered the "unbiased" starting point?
Instead, I would posit that the average member of Congress represents the voting populace, not all Americans. For instance, this paper (PDF) finds that older voters routinely favor the older candidate. If we look at U.S. census data (PDF) of voters, we see that the voting populace tends to be older (58% are 45 or older). Demographically, this population tends to be conservative, both socially and fiscally. Consequently, it is plausible that the average member of Congress is more conservative than the average American of legal voting age.
Thus, if we accept the premise that the liberal/conservative make-up of members of Congress is more representative of the voting populace than the U.S. as a whole, we can conclude that the media organizations may have more of a liberal bias than the average voter, but not necessarily the average American. Personally, I believe that this premise is still too generous. Given the necessity of Congress critters having close ties to business (CEOs write bigger donation checks than grocery store cashiers), I would suggest that members of Congress are more conservative than the voting populace. If this is true, it exacerbates the flaws of the original study even more so, as it shows that their baseline is significantly more conservative than the average American.
Here is an interesting critique of some other problems with the paper.
If you look at the very end of the article, the author does mention that he will return to the topic in a couple of weeks where he'll "take a look at McAvoy," which I'll presume is referring to Atonement. But still... The Dunkirk scene is one of the most amazing pieces of cinematography in recent history and should be at the top of any list of long takes. The complexity and the sheer scale is phenomenal.
I'd suggest "nothing," since pirates don't actually take anything, but I know how unrealistic expecting that would be.
The claim that pirates take nothing is disingenuous. For every MP3 that exists, someone spent time and creativity to produce the song that is encoded. Thus, the pirate is actually taking the product of someone else's work. Of course, given the crap that's on the radio today, it doesn't seem like a whole lot of time and creativity. But there's no accounting for taste...
What you are really trying to get to is the fact that there is an artificial scarcity of digital media. That is, if I make a copy for you, I can still use my original copy. I completely agree, which is why I think the appropriate fine would be a fairly trivial cost for minor offenders. Something on the order of $5-20 per track.
The real problem with all of these prosecutions (persecutions?) is that there is a semantic gap regarding the actions that are occurring. P2P users think what they are doing is theft, if they think about it at all. They think that by using these systems, they are getting things for free. However, they are not being prosecuted for theft, but for copyright infringement, which is carries significantly larger fines. The average P2P user does not log onto the system thinking that they are distributing illegal copies. They may think that they are "giving back," since they got something for free, but they do not realize the legal implications of their actions.
What makes these prosecutions so heinous is that the MPAA and RIAA are perpetuating this misunderstanding. Every "P2P is bad" public service announcement that I have ever seen on TV or before a movie says that "file sharing is theft." This campaign of disinformation actually lures users (primarily those who are young and naive) into thinking that their crime is less severe than the charges they will actually face.
Courts and the legislature must work together to address this semantic gap, which includes new legislation that addresses the nature of sharing in the digital age and sets appropriate fines. That should also include sanctions against the trade organizations for irresponsible campaigns.
Slashdot Mirror
The only hardware support issues have been video and wifi.
Oh, that's it? I'm glad that there are no issues with anything important...
This is one of the most disturbing trends in the U.S. This move toward over-education of the somewhat privileged is exacerbating the problem of social immobility. If you cannot go to college, you are relegated to low wage jobs. As you grow older and have children, your children also cannot go to college. Yes, there are sensational stories like that of Liz Murray. However, they are sensational because they are so rare.
In the long run, it will be a very bad thing for our country if this trend toward SES lock-in continues.
Apples and oranges, because the business of Catholic hospitals is not about health insurance.
Catholic hospitals are primarily secular in nature. If I go to St. Mary of the Holy Land of Virgin Blessed Heart hospital for an X-ray of a broken arm, I don't care if the technician is Catholic, Hindu, Zoroastrian, or Pastafarian. I just want the dang X-ray done. Furthermore, the contraception decision is simply that these primarily secular institutions cannot interfere with the individual health care decisions of their employees, who are (statistically speaking) most likely not Catholic (Catholics are only 23% of the US population). The contraception coverage issue is a business decision that mostly impacts the employee, and one's employer should have no say in it since it has no direct impact on one's ability to do one's job. That should be true even if the employer is religiously affiliated, provided that the main societal function of the employer is not religious. Note that I'm not suggesting employers can't make aggregate budget decisions regarding their benefits' packages. Catholic hospitals should (and can) work out those numbers as they see fit. (Curiously enough, covering contraception actually reduces costs for the employer, as that employee wouldn't have to take time off for, you know...having a baby.) Simply put, my employer should not be interfere with my private health care solely on the basis of a moral objection.
And the whole objection of the Catholic hospital paying money for contraception is a red herring. They're paying for it anyways. The only difference is whether they hand the money to their employees (who then forward it to the insurer) or do they pay it directly to the insurer. The end result is simply that the employee has to pay more without direct coverage. So, in essence, the Catholic hospital wants to fiscally shame their non-Catholic employees into following Catholic morality.
A more appropriate comparison would be whether or not a Catholic hospital would have to keep an employee who was handing out Christopher Hitchens books to co-workers.
See my comment above. Shor's paper talks about the discrete log problem for a cyclic group in which the group operation is multiplication over integers. That is, modular exponentiation. There are other forms of ECC that do not use modular exponentiation. It is not entirely clear (to me, at least) whether or not Shor's algorithm would apply to the discrete log problem in other settings.
Yes, but Shor's paper is talking about computing the discrete log within a cyclic group for which the operation is multiplication over integers. ECC (there are actually multiple types of ECC...but that's a different discussion) is built on a different operation. For instance, you can do ECC using bilinear mappings such as the Weil pairing. It is not clear, based on what I've read, whether or not Shor's algorithm would apply to these other operations.
RSA can also be broken by factorization. e and d are selected because of Fermat's little theorem, built on the totient function. That is, ed = 1 mod Phi(n), where Phi(n) = pq. If you know p, q, and e, you can compute d very efficiently regardless of the message encrypted.
Posting as AC, huh? Are you an NTRU Cryptosystems employee?
Here's a paper that surveys a number of quantum resistant cryptosystems. "NTRUEncrypt has also been found to be vulnerable to chosen ciphertext attacks based on decryption failuress [18, 21, 31, 38], but a padding scheme [30], which has provable security against these attacks, has been developed." "A comparatively greater number of problems have been found in NTRU-based signature schemes." "In 2006, it was shown by Nguyen that the unperturbed NTRUSign could be broken given only 400 signed messages [42]."
I'd say that the jury is still out...
Mod parent up. Just because an attack exists in theory does not mean that a potential attacker has the incentives or resources to do it.
hardness of factoring discrete logarithms.
For clarification, you are talking about two separate problems. One problem is integer factorization. In the case of RSA, encryption and decryption are done modulo some n = pq, where p and q are large prime integers. While n is public, p and q are private. If you know p, q, and a public key, you can compute the corresponding private key efficiently.
The other problem is computing discrete logarithms (sometimes over a finite field, as in ECC). RSA encrypts message m with a key e by computing c = m^e mod n. The discrete logarithm problem has to do with the hardness of discovering e given knowledge of m, n, and c. Many other cryptosystems (like ECC) do the same thing, but the multiplication operation underlying the exponentiation is different, and those systems do not require that n be the product of two primes. As such, determining the prime factors of n does not undermine the security.
Hence, the security of something like ECC cannot be broken by integer factorization, but can be broken if there is an efficient way to compute the discrete log. As of right now, I am not aware of any quantum algorithm for computing discrete logs.
More than supply and demand? Here's some data from the Department of Education on enrollment statistics (http://nces.ed.gov/programs/digest/2010menu_tables.asp), specifically looking at http://nces.ed.gov/programs/digest/d10/tables/dt10_275.asp:
In 1976-77, there were 1536 private (not-for-profit) and 1455 public colleges and universities, for a total of 2991. In 2009-10, there were 1624 and 1672, yielding 3296. This produces a total increase of 10.2%.
In the same years, student enrollment at private (not-for-profit) and public institutions went from 10,967,775 (2,314,298 + 8,653,477) to 18,575,725 (3,765,083 + 14,810,642). That is a total increase in student population of 69.4%.
In other words, the growth in demand (students enrolled) has significantly outpaced the growth in supply (institutions). That's going to have a far greater impact on the cost of going to college than subsidies (which are arguably small as a percentage of the total cost of education).
(To be fair and thorough, I really should also look up the change in the number of faculty, but I just don't have the time or motivation to do so.)
Speed limits are set by the states because there is nothing in the Constitution that gives the federal government the power to regulate traffic laws. According to the 10th Amendment, any power not given to the federal government by the Constitution, and that is not prohibited by the Constitution, are reserved for the states, or people. Health care is like speed limits. Since there is no Constitutionally granted power for the feds to regulate it, the power falls to the states. This is why the Massachusetts health care law is Constitutional, but "Obamacare" is not.
On the contrary, until 1995, speed limits were regulated by the federal government. Specifically, the National Maximum Speed Law, passed in 1974, prohibited states from setting any speed limit above 55 mph. These regulations stayed in place until Congress repealed them with the National Highway System Designation Act. There was never any argument regarding the Constitutionality of the NMSL.
That's quite a reading of the 10th Amendment you've got there. Too bad it is wholly inaccurate and completely ignores the 200+ years of case law that has been decided ever since...
Agreed. Somehow, two data points (seizure from a guitar manufacturer, and prosecution for improper documentation of a large collection of imported antique pianos) translate into evidence that we live under totalitarianism (Play guitar? Well, you better have documentation about every piece of its manufacturing origins or else!!!).
Sometimes it seems that /., with its sensationalism and knee-jerk anti-government hysteria, is aspiring to be Fox News.
This will clearly work, because we know that no one would ever make accusations in bad faith.
My point is that, as long as the government does the investing - in the form of picking their cronies as the winners, we WON'T get private investment.
You're under the mistaken assumption that all of government funding and investment works like defense contracting. Believe it or not, there are some segments of the federal government that are very good at funding research based on its merits, rather than political connections. Groups like DoE and NSF have excellent procedures, where proposals are peer-reviewed by experts in academia, industry, and government. And, contrary to your assertion that government involvement interferes with private research, many funding proposals for government research investment comes from private industry. Want some evidence of how government investment can lead to private investment? You can read about the origins of the research that created the foundation for this little company.
You are a living, breathing example of sqrt(2)'s point that, "The people saying we should do nothing are doing so mostly out of an ideological mistrust of government doing anything [emph. added]." You simply make blanket statements about how government programs like this ALWAYS fail and we WON'T have private investment, despite the fact that you have no idea how scientific research funding actually works.
Exactly! When I read the blog post, my first thought was, "Just another troll blogwhoring for attention on Slashdot." So I was a little surprised when I saw the author's name at the bottom. I use Dropbox for presentations that I give, so I don't have to mess with hooking up my laptop. I just use the public terminal, log in to Dropbox and download the file. I've never had to transfer a key or anything. Thus, it's pretty obvious that anybody with access to my account can access my files in plaintext.
Crypto is great and wonderful and all that, but it never exists in isolation. Access control policies, auditing, etc., are also required to have a secure, usable system that is flexible enough to provide the type of mobile access that Dropbox does. I see nothing contradictory about Dropbox's claims that employees cannot access user files directly. It seems to me that the author just never took the time to think about the implications of Dropbox's flexibility.
Much ado about nothing...
I call bullshit.
1) ID is not Young Earth Creationism (YEC), though it is primarily used as a smokescreen by YECs.
2) ID is the belief that evolution is mostly true, but that something "interfered" with evolution, allowing it to overcome the statistical challenges to evolving more complicated life.
No. While not specific to Young Earth Creationism, ID is creationism. Go read the Kitzmiller v. Dover Area School District decision. ID is not an attempt to augment scientific knowledge with a more holistic worldview. It is traditional Christian creationism, pure and simple. If you look at the history of the ID movement, there is very clear evidence that it they just substituted "intelligent designer" where they would traditionally say "God." To suggest otherwise is revisionist history.
3) To put it in probabilistic terms, consider the world as being a giant casino filled with slot machines, and every time a jackpot is hit in a slot machine, a new species evolves. ID is the claim that someone is interfering with the odds on the machines, evolution is the stance that enough jackpots will be hit without interference.
Those aren't probabilistic terms. Those are analogies. If you want to use probabilistic terms, then you'll talk about things like distributions, random variables, and events.
4) Put in those terms, it becomes statistically falsifiable (to arbitrary levels of confidence). One simply needs to determine numbers for hitting jackpots [emph. added] / speciation and compare them against the record of events. Or even better, going forward, keep track of the genomes of all species on earth, and see if mutation and speciation rates match theory.
5) It is possible to develop a statistical method that determines to an arbitrary level of confidence, if species A could have evolved from species B given time duration T.
One very important point that got lost in all the noise is this: we will need a statistical method to determine intelligent design no matter what. Ignore the whole evolution thing - as our skills with genetic engineering move forward, it will be critical to be able to tell if West Nile 2012 is an intelligently designed species or not.
No, no, no, no, no. You're seriously attempting to conflate ID with genetic engineering? As I said before, ID has a very specific meaning. It is the belief that life is too complex to have emerged naturally, and that a supernatural entity must have interfered or guided the process. It is inherently unmeasurable. How can you possibly build a model, based on the historical record, to determine if a species evolved as the result of a being operating outside of the laws of nature? In the case of genetic engineering, yes, it is possible to build limited models based on our understanding of current environmental conditions. You can look at genetic sequences and identify patterns, etc. But that is not intelligent design.
Look. I'll give you the benefit of the doubt and assume that you're being sincere in your argument for statistical models of evolution as it is happening today. But you need to use a new term. Intelligent design has a very specific meaning based on its history. It is inherently not falsifiable, because it specifically involves the presence of a being (i.e., NOT measurable or provable) acting outside of the laws of nature. Humans are natural beings, so when we perform genetic engineering, that's still a natural event.
Articles like this annoy me, because it assumes that security is binary. Either your system is secure or it is not. That's crap. Security goals are defined relative to the sensitivity of the resources being protected, and to the aims of the organization.
The real problem is not how you are storing your passwords. The real problem, if your organization is trying to protecting something of value, is that you are relying solely on passwords to begin with. Multifactor authentication, intrusion detection/prevention systems, and auditing are minimums for real security. And, hey, if you're protecting something really sensitive, say the control system for a nuclear reactor, then toss on RBAC with separation of duty.
So I really don't care that Gawker got hacked and their passwords leaked, because those credentials should not be sufficient to access any resource of significant value.
Really, the main point of PBKDF2 is to slow down the verification process artificially and raise the computational requirements of the adversary. If an attacker can check 10,000 passwords in a second, then requiring 10,000 iterations of the hash means he can only check one password a second. Add a unique 4096-bit salt, and the average time to crack a single password (assuming no pre-computation) becomes 2^2048 seconds. And you can't really do pre-computation, because you can't store (and efficiently search) rainbow tables for passwords with all possible salts for all possible hash iterations between 1 and 10,000.
I think your concern is that the hashes somehow converge after repeated iterations. No, that doesn't happen with cryptographic hashes.
There is something about the pro-vaccine lobby that bothers me. There's a trust fund setup to pay compensation to people who are injured by vaccines, that was some sort of compromise because big pharma wouldn't produce vaccines unless they got some sort of liability waiver [emph. added].
I would like some citation for this claim, please, because I think it's a load of crap. Without VICP, pharmaceutical companies would still produce the vaccine. They would just charge more per dose to offset the costs of compensation. Furthermore, the costs of compensation without VICP would be significantly higher for two reasons. First, you have to tack on lawyer fees. Second, sympathetic juries would give disproportionate awards that are based on emotion, rather than a rational evaluation of actual damage. They would see the companies and government as bullies that need punished. The government acknowledged this probability, and put VICP in place as a way to mitigate the financial risks for all.
Well, if vaccines don't cause any harm, why is there a fund? I think they should be honest with people, vaccines can cause some problems, but you'll be worse off if you get Polio.
They are. Have you (or one of your children) received a vaccine in the past 20 years? Every time I or my son have received one, we're given a piece of paper documenting all of the risks and side effects that are associated with that particular immunization. You are simply spreading anti-corporate, anti-government FUD. Why? There is only one side in this debate that has been dishonest, and it hasn't been the pro-vaccine groups.
(Side note: I'm only talking about the controversy regarding long-approved vaccines, such as MMR and DTaP. The process to get new vaccines approved and/or mandated is a different issue. For instance, the makers of Gardasil pulled some pretty shady backdoor lobbying. And there are plenty of other reasons to dislike the pharmaceutical companies, such as how they disproportionately fund high-profit, low-urgency treatments (e.g., erectile dysfunction). But those are tangential to the current debate.)
No, I do not work for a pharmaceutical company, and I have no financial stake in the matter. What really turned me against the anti-vaccine movement was attending a child birth class where the teacher gave this helpful advice: "If you just don't like vaccines, then tell them it's against your religion. You don't have to say anything else or name what your religion is, but they won't give your child a shot." The arrogance, ignorance and irrationality of the anti-vaccine movement is just astounding.
Do you really believe this? Do you not understand the influence that Fox News has with regard to elections in the U.S.? And you do understand that things like net neutrality, FCC decency standards enforcement, regulation and oversight of broadband providers, etc., are affected by the outcomes of those elections, right? You can ignore politics at your own peril, but to suggest that it doesn't matter is a bit naive.
People have to separate the channel as a whole from the actual news shows. Their actual news is fairly decent and objective.
Do you mean "decent and objective" like the Fox & Friends legal analyst who criticized the Senate for failing to pass a bill providing health care for 9/11 first responders, yet never once mentioned that every single one of the votes against bringing it to cloture were from Republicans?
All of the news outlets except Fox News Special Report received a score to the left of the average member of Congress.
The interesting thing about bias discussions is that you have to consider the baseline of comparison. That is, how do you determine what counts as "bias?" Are you (or the paper, rather...but you seem to be endorsing the study by proxy) really suggesting that the average member of Congress somehow represents "true" America? Should the average member of Congress really be considered the "unbiased" starting point?
Instead, I would posit that the average member of Congress represents the voting populace, not all Americans. For instance, this paper (PDF) finds that older voters routinely favor the older candidate. If we look at U.S. census data (PDF) of voters, we see that the voting populace tends to be older (58% are 45 or older). Demographically, this population tends to be conservative, both socially and fiscally. Consequently, it is plausible that the average member of Congress is more conservative than the average American of legal voting age.
Thus, if we accept the premise that the liberal/conservative make-up of members of Congress is more representative of the voting populace than the U.S. as a whole, we can conclude that the media organizations may have more of a liberal bias than the average voter, but not necessarily the average American. Personally, I believe that this premise is still too generous. Given the necessity of Congress critters having close ties to business (CEOs write bigger donation checks than grocery store cashiers), I would suggest that members of Congress are more conservative than the voting populace. If this is true, it exacerbates the flaws of the original study even more so, as it shows that their baseline is significantly more conservative than the average American.
Here is an interesting critique of some other problems with the paper.
If you look at the very end of the article, the author does mention that he will return to the topic in a couple of weeks where he'll "take a look at McAvoy," which I'll presume is referring to Atonement. But still... The Dunkirk scene is one of the most amazing pieces of cinematography in recent history and should be at the top of any list of long takes. The complexity and the sheer scale is phenomenal.
I'd suggest "nothing," since pirates don't actually take anything, but I know how unrealistic expecting that would be.
The claim that pirates take nothing is disingenuous. For every MP3 that exists, someone spent time and creativity to produce the song that is encoded. Thus, the pirate is actually taking the product of someone else's work. Of course, given the crap that's on the radio today, it doesn't seem like a whole lot of time and creativity. But there's no accounting for taste...
What you are really trying to get to is the fact that there is an artificial scarcity of digital media. That is, if I make a copy for you, I can still use my original copy. I completely agree, which is why I think the appropriate fine would be a fairly trivial cost for minor offenders. Something on the order of $5-20 per track.
The real problem with all of these prosecutions (persecutions?) is that there is a semantic gap regarding the actions that are occurring. P2P users think what they are doing is theft, if they think about it at all. They think that by using these systems, they are getting things for free. However, they are not being prosecuted for theft, but for copyright infringement, which is carries significantly larger fines. The average P2P user does not log onto the system thinking that they are distributing illegal copies. They may think that they are "giving back," since they got something for free, but they do not realize the legal implications of their actions.
What makes these prosecutions so heinous is that the MPAA and RIAA are perpetuating this misunderstanding. Every "P2P is bad" public service announcement that I have ever seen on TV or before a movie says that "file sharing is theft." This campaign of disinformation actually lures users (primarily those who are young and naive) into thinking that their crime is less severe than the charges they will actually face.
Courts and the legislature must work together to address this semantic gap, which includes new legislation that addresses the nature of sharing in the digital age and sets appropriate fines. That should also include sanctions against the trade organizations for irresponsible campaigns.