In order to deal with the very real threat of vandalism (let's not pretend it wasn't vandalism that sparked the changes in how wikipedia runs) No, the "no original research" rule was instituted to deal with physics crackpots. This is documented on wikipedia itself if you actually delve into the pages about the rule. The "changes" I meant to refer to were not specifically the "no original research" rule, but rather the increasing content policing with ever increasing adherence to more and more rigid rulesets. But it's kind of a bogus argument for me to make, anyway, since I suspect the vandalism and responses to it have been present since the start, and I'm just giving my own impression without researching anything. I've been dealing with aoe driver issues all week, my brain is mushy.
There is no good way for wikipedia to differentiate between the personal experiences or knowledge of a 73-year-old rocket scientist wunderkind, a crackpot writing stuff in his garage, or a published scientist dabbling poorly outside his actual area of expertise. I disagree. I think the wiki way is to allow editing, not to set up barriers to editing. People fight incessantly on the Israel page, why not let them duke it out over their zero point energy fantasies too? Probably bad examples, but I hope you get my point.
So wikipedia just disallows that sort of thing entirely, and draws instead on the difficulty in those people publishing their work in peer-reviewed journals or mainstream publications by setting threshholds in that direction. And thus, to get back to my original comment, wikipedia jumps the shark. Granted, I'm more interested in information like this than stuff like this so I'm obviously out of the cultural mainstream.
And I'm not suggesting that wikipedia needs to be slashdot (heaven forfend!). I'm just sayin', I used to be able to plant a seed over at wikipedia and watch it grow. If I went there to get a concisely worded definition of specific impulse, and there wasn't a page for it, I could add one, with whatever poor wording I might devise. I wouldn't use any cites or references, I'd use my personal knowledge. That page would gradually grow into a beautiful article, and that process was a key benefit that wiki- brought to -pedia.
And it's not wikipedia's fault if the knowledge of a 73-year-old-Jim-Yardley knower isn't preserved. Anecodes and anything else from him can be written down on any web page and preserved for posterity that way. (And if they get media attention because they're not crackpottery, they may make it into wikipedia someday.) Which makes wikipedia just a slower, more painstakingly formatted Google or Dmoz. Which is my original point: that a unique value I found in wikipedia isn't there any more, and I wonder if other people don't feel that way too... apparently a few do, or my post wouldn't have received so much moderation. But wikipedia will be what Jimbo and the crew want it to be, and if the only differentiation between paper encyclopedias and wikipedia is going to be the paper, that's their choice. I can't really change it, the best I can do is try to get my opinions out in the open.
[snip]Somehow people care more about following the rules when it comes to rocket science than when it comes to character summaries of last year's big TV show. And isn't that awesome? Nah, it's sad. Rules-lawyering is always sad, regardless of context, even when it's necessary. OK, especially if it's necessary.
First, an unattributed quote... and then, no egregiously bad analogy?
You're letting me down, man. A BadAnalogyGuy post without a bad analogy is like.. a car without one of those little hooky things for attaching car seats! Think of the children!!!!
How about a fork that doesn't try to be a compiler for every frickin' language under the sun, under a BSD license - wouldn't that be spiffy? I don't know about spiffy, but it would be a license violation. Yeah, sadly so. At least until Congress finally gets around to outlawing the GPL (just kidding, the US Congress almost certainly isn't capable of anything that decisive).
OK, how about a GCC fork that only compiles C, and has a GPLv2 license?
It would be even better if it printed out abuse whenever somebody tried to compile C++. You know, like sudo's insult mode.
If you want a BSD licensed compiler, you'll have to write one yourself. Yeah, that's the whole damn problem. Those GNU guys are making it nearly impossible for me to get rich freeloading off the work of others (that's why I said BSD license, after all).
Bah, humbug. Why, I'd have to do something nearly as hard as... making a functional clone of unix from scratch. Those bastards! Somebody call Theo.
Hmmm. That all sounds great as theory. Let's apply it to real life....
A 73 year old man of my acquaintance was a rocket scientist for at least 40 years. He worked on Dyna-Soar, Mercury, Apollo, Skylab, K.E.W, the Navy Standard Missile, Peacekeeper, Trident, and many more. He knew Jim Yardley, and he worked with him around when the value of a Yardley was defined. He knows why it was defined. That information is not in Wikipedia. And it won't be, because it's "personal knowledge" and because this man is suffering from declining health. He will never publish a book and his growing inability to retain new information means anything more difficult to use or harder to find than wikipedia will be beyond his capacities. His children and grandchildren know these stories too - but it's "personal knowledge" and also "hearsay" and they have jobs and school to attend to, so don't count on them publishing books either.
Here's another.
There's no entry in Wikipedia for Vic Singer. This is a man who likes to brag that he has sent his DNA to Mars (it's true, too). He's got to be at least 70 if not 80, and he is actively involved with local politics in his home town (where you are welcome to come see him flaming any know-nothings who show up for city council meetings). I've tried to put Vic in Wikipedia, but unfortunately my knowledge is personal - I knew him back when I was a rocket scientist myself, when he was designing the air-bag system used by the Mars Pathfinder and subsequent successful Mars vehicles. If my article on Victor Singer had been accepted (despite poor formatting and a lack of cites) it would quickly get polished up just like every other article I ever put in Wikipedia. But I don't know the man's damn birthday, or how much he weighs, or how many books in my library reference him, and I already have enough to do that I can't spend a day on this. That would be time taken directly from the few hours I have to spend with my children, and my spouse isn't going to let that happen.
So; in short - in order to deal with the very real threat of vandalism (let's not pretend it wasn't vandalism that sparked the changes in how wikipedia runs) wikipedia has institutionalized the rejection of unverified personal knowledge. Formal "cites" and "article quality" have been elevated into barriers to easy entry of valuable knowledge. Which in turn means that everything in Wikipedia is available elsewhere, and is no doubt also collected and summarized elsewhere, too. There are lots of encyclopedias, and the Great Experiment of the wiki encyclopedia is turning into something that's not much different from the old Britannica, which also used a very formal system of submitted, peer-reviewed articles.
Although I've used personal examples here, I hope you won't make the mistake of thinking that I'm panning Wikipedia because I feel somehow disrespected, or that I think my articles are better than other people's. I haven't any use for sour grapes at the moment, and to be honest I'd rather NOT build wikipedia (I'm building other stuff) although I'm willing to add my personal knowledge to wikipedia if it's not made too difficult.
In fact, BSD will be using GPLv3-licensed software, unless they intend on taking over their own fork of GCC (a monumental task which would substantially harm their ability to support BSD itself). Although I disagree with you about the "substantial harm" bit, I certainly would love to see GCC fork, and fork cleanly into (at least) two well supported versions. How about a fork that doesn't try to be a compiler for every frickin' language under the sun, under a BSD license - wouldn't that be spiffy?
The computing industries are too dependent on a single compiler code base at this point. The sooner we get some significant divergence the better.
...Wikipedia is supposed to be an encyclopedia, not an original publication. Huh? The other encyclopedias are original publications. The articles I wrote in the distant past for Wikipedia were all original text from my brain... mostly from personal knowledge, with no cites at all. Some of those articles are huge now, and certainly most are far better than they were when I originally wrote them, but I think none would be unchallenged today.
Thank you for the wikibooks reference and wikia link, incidentally. Wasn't aware of those.
I understand that wikipedia is an inappropriate place for publishing research. I never mentioned research. Knowledge is not research.
By collating and linking vast amounts of information, Wikipedia does something google can't. It creates the presentation of the information manually. So... like dmoz. A manual presentation layer. I'm content-driven, personally, a slick presentation does not increase my perception of the value of information.
Google can only index content that is already there through an algorithm. Right, so it's an automatic (and thus more up-to-date) presentation layer, which carries quantifiable and repeatable bias by virtue of being algorithmic.
And for a long time if not forever, there will be information that is not online. And increasingly, if your information source is not on-line, you have little chance of your sources being unchallenged on wikipedia.
Further, Wikipedia summarizes information like Google will likely never be able to. Even if a Wikipedia article is not all right, it can give you an idea of where to go look and what to look for, The content I find most useful on Wikipedia tends to be articles that were originally "drive by shootings" by experts, who put in their personal knowledge from memory; these articles subsequently being polished up by successive editing. I wouldn't count too heavily on Google (or somebody else) never being unable to create a better summarization technique than human squabbling, either.
...which is perhaps it's only truly valuable contribution until there is a way to formally peer review and freeze content so that the reader can see a version that is stabilized. I already have a Britannica. Why should a wiki be "stabilized"? Why is "formality" a virtue when wikipedia was created and gained value from non-conformance to traditional models?
From the linked blog: "How fast? It can crack the password "Fgpyyih804423" in 160 seconds. Most people would consider that password fairly secure." Sorry Jeff, but thats a shit password. If I remember correctly NT drop anything after the first 8 characters so the password is actually "Fgpyyih8" You have one uppercase letter in there and one number. That's terrible. Where are your characters like !@#$%^&*()-_+ or extended ascii stuff? Why are you starting with a capitalized letter? Leaving aside your incorrect remembrance of the NT LM hash algorithm, what makes you think that having funny characters, more than one uppercase, and more than one number increases your security?
Is 53cr3TPa55W@rD a better password than Fgpyyih804423? Why?
It's not a trick question. Can you demonstrate that real security is improved by having a secret string conform to a non-secret policy? Are you sure you haven't got any unexamined assumptions in your reasoning?
You also should think twice about allowing commonly used metacharacters in passwords - dollar signs and asterisks carry some risks, for example, that should be probably be quantified within your computing environment.
If wikipedia is only going to allowed references to things already published elsewhere, and all written culture is inevitably moving online, how will wikipedia differentiate from Google? I mean, if there's no unique information in wikipedia, there's very little unique value in it. It's just a really labor-intensive presentation layer at that point, isn't it?
The original awk cannot parse fixed-field data, which makes it nearly useless outside of academia (where inputs can be controlled, and profits are not an issue).
GNU awk, as maintained and extended by Arnold Robbins (author of Unix in a Nutshell, etc.) not only handles fixed fields reasonably elegantly, it also has socket I/O and numeric base manipulation functions. It's like a smaller, faster perl with a cleaner syntax - so clean almost anybody can learn it in two weeks or less (2 days for an expert programmer).
The fact that software development is often outsourced, off-shored, and then off-shored again should make it quite clear that the work quality of the average developer is about the same as cheap commodity coffee beans. I guess you've noticed that the expensive fair-trade, organic, shade-grown coffee tastes incredibly good. Sometimes you DO get what you pay for.
By the California standard, PZEVs are mostly SULEVs with a sealed fuel supply system, so they don't breathe fumes when they are sitting still. In the current economy, SULEVs have to burn efficiently in order to get their emissions down to the requirement while remaining cost-competitive. So while you are probably right that it is possible to build an inefficient PZEV - if you really wanted to - in practice PZEVs do indeed get better gas mileage than similar high-emission cars.
You can look it up on the California clean air site. The hard part is finding a "comparable" high-emission car, you pretty much have to go drive them at the dealers to know if they are really "comparable". I actually did that when I bought my 2002 prius, but it was a tedious pain in the butt.
I don't think I missed the point. The article said PZEVs don't get better gas mileage. But in fact they do - look it up on the California clean air web site, or on the manufacturers' web sites. I suppose in theory one could build a PZEV that got crappy mileage. You could grease the tires and fill the trunk with cement, or put some propellors on the front. But in the Real World [TM] all PZEVs get excellent mileage, compared to high-emission vehicles with the same weight, capabilities and options.
The article is garbage and not worth the time we've already spent on it.
I've been driving my 2002 Prius for the last 5 years, and I drove a 2002 Echo (rental) for a couple of days once. They were essentially identical from the outside, but the cockpit was quite different, and the Echo felt kind of weak by comparison (presumably because it has less horsepower, and also because the Prius's electric motor develops 100% torque from a dead stop which a small gas engine can't do).
I think Toyota was hedging their bets originally, so they could use Prius parts elsewhere if it went Edsel on them. With the success of the Prius, the models have significantly diverged - the Echo grew into the Yaris, I guess, and the Prius went its own way (the biggest improvement being the introduction of the electric AC compressor, IMHO).
Sorry, but your UID has to be below 850,000 before you can create a new meme. Sorry. I think you meant under 20,000. George Bush and Fred Thompson are both really animatronic robots tele-operated by Walt Disney's pickled brain.
The newer Prius gets better mileage. You are doing quite well getting 42 mpg from a 2007 Corolla - those usually get about 35. You must be a careful driver, you might get better mileage than I do from a Prius.
I mostly drive to work and back. Mixed city/highway. My wife gets 57 mpg occasionally in the same car, which is better than the EPA rating, but I consider this a freakish anomaly.
PZEV models are already available from Toyota, Ford, Honda, GM, Subaru, Volvo and VW. They're scrubbed-up versions of familiar models, from the VW Jetta to the Subaru Outback. But chances are, you've never heard of them. Oh, right, because we've never heard of Toyota's PZEV - which is called the "Prius". There's no way you ever heard of THAT car, huh?
The crazy quilt of environmental regulations is forcing carmakers to design and build two versions of the same cars. Look, there are federal laws (which are quite lax since the disembowling of CAFE long ago) and state laws. The state laws that are more strict than federal are generally based on California's laws; California has terrible air quality problems due to geography and population, and therefore has the toughest emissions laws. Car companies have been building "California models" for decades and the difference is typically a bolt-on component or two such as the typical "smog pump" system. There's no crazy quilt, and there's no more difficulty in design than for providing any other option, such as alloy wheels or a tonneau cover.
The PZEV cars don't get any better mileage than conventional versions. Total bull. My 2002 Prius gets around 47 mpg real-world. The same year non-hybrid car (the Toyota Echo - same chassis, conventional motor) gets significantly less mileage.
That last quote's the big bell-ringer. OK, a car that puts out less emissions by turning off the engine part of the time. And you expect me to believe that it gets the same gas mileage? How, by dribbling fuel out on the road through a hose?
I mean, isn't every existing quantum computing process a simulation of what might happen if we could actually build something?
Or, to put it another way, isn't quantum computing a mix of wild theories, vaporware, simulation, and experiments that are years away from any marketable product?
It's an honest question, I've never seen any real physical quantum computers and nobody I know has ever seen one either. I am skeptical, but ready to be enlightened if anybody's got some real-world quantum computers out there that can (for example) run a simple 12-million item sort routine.
There are good reasons to have timestamps for actual votes cast made public.
But I'm not aware of any reason that the list of people who voted has to be delivered to the public in voting order.
So, sort the damn list alphabetically before handing it out. There are already going to be security measures around pulling the data, just add a simple sort to those procedures. In fact, I bet the staff who do this just "click on a button" so you can script it in without even changing any existing procedure or depending on humans to care about their jobs. Done, next problem please.
I hereby transfer all my rights to this business process to the public domain!
Also, logging in via SSL doesn't always work either - if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in. SSL uses Diffie-Hellman key exchange [wikipedia.org] so no unencrypted key is ever sent that depends on what SSL ciphersuite your browser negotiated. Some SSL ciphersuite support DHE keying. For others, the client generates a random key, encrypts it with the server's public key, and sends it to the server. Huh? I know TLS theoretically supports other key transfer mechanisms than diffie-hellman, but the last time I checked there wasn't anything else actually implemented, it's just a future compatibility mechanism. I haven't studied SSL since TLS came out, but I don't remember there being any way to avoid diffie-hellman in SSL at all. I'll bite -- RSA key exchange is pretty common isn't it? M. Cajal has pointed out that you are correct; the RSA key exchange is still valid in many servers and browsers, and it does not implement Diffie-Hellman. As penance I have read the Diffie-Hellman spec and portions of the TLS spec.
But it's still not sniffable. You'd have to know the server private key to derive the session key.
Thank you for the excellent linkage - you're absolutely right (I did the unthinkable and actually checked). The client doesn't necessarily generate a key pair in IE or firefox, which is no doubt a blessing for slow machines. My apologies for spreading misinformation!
But the original poster claimed "if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in". Since none of the TLS encryptions send any "raw" private keys (the RSA example encrypts with the server public key) that statement is nonsensical. Even if you manually enable the NULL encryptions (which are not enabled by default, you have to point that gun at your head on purpose) the comment still doesn't make sense.
I understand there's no perfect forward secrecy without DHE (because the TSA can still steal your backup tapes and extract your private keys), and mitm may be feasible (if you control DNS or the target doesn't use a CA), but I still believe you are sniffer-proof with normal TLS/SSL.
You might enjoy this link which gives an idea of how firefox's default TLS implementation is evolving. Um, maybe "enjoy" is not the right word. I thought it was interesting.
You'll note that Dug Song's mitm depends on a human lack of security consciousness - the user has to specifically misconfigure or (at least) click through a warning in order to get past the lack of key validation (from a known CA in HTTPS, from the hostkeys file in SSH). Humans being the way they are, your point is still valid! My nets are nailed down pretty tight, but even here it's possible to mitm users if they've created a private SSH configuration file (using -F) and they are willing to blow off a big scary warning message.
As to the other issues you raised, I don't think a competently administered network permits DNS poisoning, ICMP/GRE middlemanning, or IP spoofing... but unfortunately, that does not protect the huge number of people on horribly incompetently administered networks (like comcast, cox, roadrunner, etc.).
Another poster has clarified the RSA key exchange mechanism and corrected my (partial) misstatement, but it's still not possible to sniff into TLS without knowing a private key that never gets transfered on the wire; given the current state of the art SSL/TLS is not breakable by sniffers, and only breakable by mitm due to human intellectual laziness.
that depends on what SSL ciphersuite your browser negotiated. Some SSL ciphersuite support DHE keying. For others, the client generates a random key, encrypts it with the server's public key, and sends it to the server. Huh? I know TLS theoretically supports other key transfer mechanisms than diffie-hellman, but the last time I checked there wasn't anything else actually implemented, it's just a future compatibility mechanism. I haven't studied SSL since TLS came out, but I don't remember there being any way to avoid diffie-hellman in SSL at all.
I think you'll need to provide some corroborating evidence, my friend. Care to point to a section in the spec where it says you can skip secure key exchange, or post some code, or a trace of a real live browser doing this? Otherwise I think you're blowing smoke. You can't do simple replay attacks on properly configured HTTPS sites, you'd have to have one of the private keys (which are not ever transmitted) in order to get the session key. Even though the client typically generates its' key pair, only the "public" half gets sent, so capturing it boots naught.
The team was led by the University of Delaware's Alan Barnett, who has had many similar achievements.
His company AstroPower was founded on his new method for production of thin-film cells; the company was quite successful until the dot-bomb (when the supply of high grade post-commercial silicon for recycling dried up). It was eventually bought out by GE and Barnett went back to the life of a DARPA-funded university researcher.
I've tried to put stub articles up for Alan Barnett and for Vic Singer (the rocket scientist and community activist) on wikipedia; but if I conform to their new requirements for references my articles are rejected as "This reads too much like idol worship than a quality article" and if I don't they say "not sufficiently notable". Incidentally, both men are admirable and notable, but also quite irascible, so I certainly wouldn't want either one as a "idol".
In the old days, before the wiki police, I'd add both articles now, and regardless of how poorly I wrote them they'd be first rate within a week or so as the rest of the community added their contributions and polished up the work as a whole. I miss the old Wikipedia...
Slashdot Mirror
And I'm not suggesting that wikipedia needs to be slashdot (heaven forfend!). I'm just sayin', I used to be able to plant a seed over at wikipedia and watch it grow. If I went there to get a concisely worded definition of specific impulse, and there wasn't a page for it, I could add one, with whatever poor wording I might devise. I wouldn't use any cites or references, I'd use my personal knowledge. That page would gradually grow into a beautiful article, and that process was a key benefit that wiki- brought to -pedia. And it's not wikipedia's fault if the knowledge of a 73-year-old-Jim-Yardley knower isn't preserved. Anecodes and anything else from him can be written down on any web page and preserved for posterity that way. (And if they get media attention because they're not crackpottery, they may make it into wikipedia someday.) Which makes wikipedia just a slower, more painstakingly formatted Google or Dmoz. Which is my original point: that a unique value I found in wikipedia isn't there any more, and I wonder if other people don't feel that way too... apparently a few do, or my post wouldn't have received so much moderation. But wikipedia will be what Jimbo and the crew want it to be, and if the only differentiation between paper encyclopedias and wikipedia is going to be the paper, that's their choice. I can't really change it, the best I can do is try to get my opinions out in the open. [snip]Somehow people care more about following the rules when it comes to rocket science than when it comes to character summaries of last year's big TV show. And isn't that awesome? Nah, it's sad. Rules-lawyering is always sad, regardless of context, even when it's necessary. OK, especially if it's necessary.
First, an unattributed quote... and then, no egregiously bad analogy?
You're letting me down, man. A BadAnalogyGuy post without a bad analogy is like.. a car without one of those little hooky things for attaching car seats! Think of the children!!!!
OK, how about a GCC fork that only compiles C, and has a GPLv2 license?
It would be even better if it printed out abuse whenever somebody tried to compile C++. You know, like sudo's insult mode.
Bah, humbug. Why, I'd have to do something nearly as hard as... making a functional clone of unix from scratch. Those bastards! Somebody call Theo.
Hmmm. That all sounds great as theory. Let's apply it to real life....
A 73 year old man of my acquaintance was a rocket scientist for at least 40 years. He worked on Dyna-Soar, Mercury, Apollo, Skylab, K.E.W, the Navy Standard Missile, Peacekeeper, Trident, and many more. He knew Jim Yardley, and he worked with him around when the value of a Yardley was defined. He knows why it was defined. That information is not in Wikipedia. And it won't be, because it's "personal knowledge" and because this man is suffering from declining health. He will never publish a book and his growing inability to retain new information means anything more difficult to use or harder to find than wikipedia will be beyond his capacities. His children and grandchildren know these stories too - but it's "personal knowledge" and also "hearsay" and they have jobs and school to attend to, so don't count on them publishing books either.
Here's another.
There's no entry in Wikipedia for Vic Singer. This is a man who likes to brag that he has sent his DNA to Mars (it's true, too). He's got to be at least 70 if not 80, and he is actively involved with local politics in his home town (where you are welcome to come see him flaming any know-nothings who show up for city council meetings). I've tried to put Vic in Wikipedia, but unfortunately my knowledge is personal - I knew him back when I was a rocket scientist myself, when he was designing the air-bag system used by the Mars Pathfinder and subsequent successful Mars vehicles. If my article on Victor Singer had been accepted (despite poor formatting and a lack of cites) it would quickly get polished up just like every other article I ever put in Wikipedia. But I don't know the man's damn birthday, or how much he weighs, or how many books in my library reference him, and I already have enough to do that I can't spend a day on this. That would be time taken directly from the few hours I have to spend with my children, and my spouse isn't going to let that happen.
So; in short - in order to deal with the very real threat of vandalism (let's not pretend it wasn't vandalism that sparked the changes in how wikipedia runs) wikipedia has institutionalized the rejection of unverified personal knowledge. Formal "cites" and "article quality" have been elevated into barriers to easy entry of valuable knowledge. Which in turn means that everything in Wikipedia is available elsewhere, and is no doubt also collected and summarized elsewhere, too. There are lots of encyclopedias, and the Great Experiment of the wiki encyclopedia is turning into something that's not much different from the old Britannica, which also used a very formal system of submitted, peer-reviewed articles.
Although I've used personal examples here, I hope you won't make the mistake of thinking that I'm panning Wikipedia because I feel somehow disrespected, or that I think my articles are better than other people's. I haven't any use for sour grapes at the moment, and to be honest I'd rather NOT build wikipedia (I'm building other stuff) although I'm willing to add my personal knowledge to wikipedia if it's not made too difficult.
The computing industries are too dependent on a single compiler code base at this point. The sooner we get some significant divergence the better.
...Wikipedia is supposed to be an encyclopedia, not an original publication. Huh? The other encyclopedias are original publications. The articles I wrote in the distant past for Wikipedia were all original text from my brain... mostly from personal knowledge, with no cites at all. Some of those articles are huge now, and certainly most are far better than they were when I originally wrote them, but I think none would be unchallenged today.Thank you for the wikibooks reference and wikia link, incidentally. Wasn't aware of those.
...which is perhaps it's only truly valuable contribution until there is a way to formally peer review and freeze content so that the reader can see a version that is stabilized. I already have a Britannica. Why should a wiki be "stabilized"? Why is "formality" a virtue when wikipedia was created and gained value from non-conformance to traditional models?Is 53cr3TPa55W@rD a better password than Fgpyyih804423? Why?
It's not a trick question. Can you demonstrate that real security is improved by having a secret string conform to a non-secret policy? Are you sure you haven't got any unexamined assumptions in your reasoning?
You also should think twice about allowing commonly used metacharacters in passwords - dollar signs and asterisks carry some risks, for example, that should be probably be quantified within your computing environment.
I know a few retired rocket scientists. I'd love it if their unique knowledge didn't go to the grave with them. I'd rather be able to look up the definition of a "yardley" as a unit of pressure than a list of characters from Harry Potter. Unfortunately, wikipedia doesn't seem to be interested in anything that's "from personal knowledge or experience" these days.
If wikipedia is only going to allowed references to things already published elsewhere, and all written culture is inevitably moving online, how will wikipedia differentiate from Google? I mean, if there's no unique information in wikipedia, there's very little unique value in it. It's just a really labor-intensive presentation layer at that point, isn't it?
The original awk cannot parse fixed-field data, which makes it nearly useless outside of academia (where inputs can be controlled, and profits are not an issue).
GNU awk, as maintained and extended by Arnold Robbins (author of Unix in a Nutshell, etc.) not only handles fixed fields reasonably elegantly, it also has socket I/O and numeric base manipulation functions. It's like a smaller, faster perl with a cleaner syntax - so clean almost anybody can learn it in two weeks or less (2 days for an expert programmer).
The only major thing wrong with it is the same thing that's wrong with all awks - it uses the space character as the string concatenation operator, which is a really stupid idea.
By the California standard, PZEVs are mostly SULEVs with a sealed fuel supply system, so they don't breathe fumes when they are sitting still. In the current economy, SULEVs have to burn efficiently in order to get their emissions down to the requirement while remaining cost-competitive. So while you are probably right that it is possible to build an inefficient PZEV - if you really wanted to - in practice PZEVs do indeed get better gas mileage than similar high-emission cars.
You can look it up on the California clean air site. The hard part is finding a "comparable" high-emission car, you pretty much have to go drive them at the dealers to know if they are really "comparable". I actually did that when I bought my 2002 prius, but it was a tedious pain in the butt.
I don't think I missed the point. The article said PZEVs don't get better gas mileage. But in fact they do - look it up on the California clean air web site, or on the manufacturers' web sites. I suppose in theory one could build a PZEV that got crappy mileage. You could grease the tires and fill the trunk with cement, or put some propellors on the front. But in the Real World [TM] all PZEVs get excellent mileage, compared to high-emission vehicles with the same weight, capabilities and options.
The article is garbage and not worth the time we've already spent on it.
I've been driving my 2002 Prius for the last 5 years, and I drove a 2002 Echo (rental) for a couple of days once. They were essentially identical from the outside, but the cockpit was quite different, and the Echo felt kind of weak by comparison (presumably because it has less horsepower, and also because the Prius's electric motor develops 100% torque from a dead stop which a small gas engine can't do).
I think Toyota was hedging their bets originally, so they could use Prius parts elsewhere if it went Edsel on them. With the success of the Prius, the models have significantly diverged - the Echo grew into the Yaris, I guess, and the Prius went its own way (the biggest improvement being the introduction of the electric AC compressor, IMHO).
The newer Prius gets better mileage. You are doing quite well getting 42 mpg from a 2007 Corolla - those usually get about 35. You must be a careful driver, you might get better mileage than I do from a Prius.
I mostly drive to work and back. Mixed city/highway. My wife gets 57 mpg occasionally in the same car, which is better than the EPA rating, but I consider this a freakish anomaly.
That last quote's the big bell-ringer. OK, a car that puts out less emissions by turning off the engine part of the time. And you expect me to believe that it gets the same gas mileage? How, by dribbling fuel out on the road through a hose?
I mean, isn't every existing quantum computing process a simulation of what might happen if we could actually build something?
Or, to put it another way, isn't quantum computing a mix of wild theories, vaporware, simulation, and experiments that are years away from any marketable product?
It's an honest question, I've never seen any real physical quantum computers and nobody I know has ever seen one either. I am skeptical, but ready to be enlightened if anybody's got some real-world quantum computers out there that can (for example) run a simple 12-million item sort routine.
There are good reasons to have timestamps for actual votes cast made public.
But I'm not aware of any reason that the list of people who voted has to be delivered to the public in voting order.
So, sort the damn list alphabetically before handing it out. There are already going to be security measures around pulling the data, just add a simple sort to those procedures. In fact, I bet the staff who do this just "click on a button" so you can script it in without even changing any existing procedure or depending on humans to care about their jobs. Done, next problem please.
I hereby transfer all my rights to this business process to the public domain!
But it's still not sniffable. You'd have to know the server private key to derive the session key.
Thank you for the excellent linkage - you're absolutely right (I did the unthinkable and actually checked). The client doesn't necessarily generate a key pair in IE or firefox, which is no doubt a blessing for slow machines. My apologies for spreading misinformation!
But the original poster claimed "if the traffic is sniffed as the browser is sending the SSL requests, one could sniff the SSL key and just use that to get in". Since none of the TLS encryptions send any "raw" private keys (the RSA example encrypts with the server public key) that statement is nonsensical. Even if you manually enable the NULL encryptions (which are not enabled by default, you have to point that gun at your head on purpose) the comment still doesn't make sense.
I understand there's no perfect forward secrecy without DHE (because the TSA can still steal your backup tapes and extract your private keys), and mitm may be feasible (if you control DNS or the target doesn't use a CA), but I still believe you are sniffer-proof with normal TLS/SSL.
You might enjoy this link which gives an idea of how firefox's default TLS implementation is evolving. Um, maybe "enjoy" is not the right word. I thought it was interesting.
You'll note that Dug Song's mitm depends on a human lack of security consciousness - the user has to specifically misconfigure or (at least) click through a warning in order to get past the lack of key validation (from a known CA in HTTPS, from the hostkeys file in SSH). Humans being the way they are, your point is still valid! My nets are nailed down pretty tight, but even here it's possible to mitm users if they've created a private SSH configuration file (using -F) and they are willing to blow off a big scary warning message.
As to the other issues you raised, I don't think a competently administered network permits DNS poisoning, ICMP/GRE middlemanning, or IP spoofing... but unfortunately, that does not protect the huge number of people on horribly incompetently administered networks (like comcast, cox, roadrunner, etc.).
Another poster has clarified the RSA key exchange mechanism and corrected my (partial) misstatement, but it's still not possible to sniff into TLS without knowing a private key that never gets transfered on the wire; given the current state of the art SSL/TLS is not breakable by sniffers, and only breakable by mitm due to human intellectual laziness.
I think you'll need to provide some corroborating evidence, my friend. Care to point to a section in the spec where it says you can skip secure key exchange, or post some code, or a trace of a real live browser doing this? Otherwise I think you're blowing smoke. You can't do simple replay attacks on properly configured HTTPS sites, you'd have to have one of the private keys (which are not ever transmitted) in order to get the session key. Even though the client typically generates its' key pair, only the "public" half gets sent, so capturing it boots naught.
That's what SSL/TLS is about. Defeating sniffers.
The team was led by the University of Delaware's Alan Barnett, who has had many similar achievements.
His company AstroPower was founded on his new method for production of thin-film cells; the company was quite successful until the dot-bomb (when the supply of high grade post-commercial silicon for recycling dried up). It was eventually bought out by GE and Barnett went back to the life of a DARPA-funded university researcher.
I've tried to put stub articles up for Alan Barnett and for Vic Singer (the rocket scientist and community activist) on wikipedia; but if I conform to their new requirements for references my articles are rejected as "This reads too much like idol worship than a quality article" and if I don't they say "not sufficiently notable". Incidentally, both men are admirable and notable, but also quite irascible, so I certainly wouldn't want either one as a "idol".
In the old days, before the wiki police, I'd add both articles now, and regardless of how poorly I wrote them they'd be first rate within a week or so as the rest of the community added their contributions and polished up the work as a whole. I miss the old Wikipedia...