No. You can get most of the way there with a model like that of PGP: if multiple entities that you trust have vouched for the this one, then you have some confidence. This is what the "web of trust" is all about. The CAs fail both counts -- multiple trust paths are not required and why should I trust any particular CA? The article is just pointing out another reason to not trust the CAs.
With real PKI management I could choose for any particular communication whether I trusted the CAs under the jurisdiction of a particular government. But the truth is that such a level of security is rarely necessary in an absolute sense that can't be "repaired" later by, for example, legal remedies.
Do you realize that line means the numbers quoted are not comparable. If more than one "exemption" can be cited per request, then the number of exemptions, which they are quoting, does not actually tell you how many FOIA requests were withheld. It could easily be that the Obama administration is being more clear about what is being withheld and why for any given request, and that leads to a larger "exemptions" count. The problem is, without more info the numbers obviously do not mean what they are being represented to mean.
I'm not saying that postponing a manned return to the Moon is catastrophic by itself
If you're interested in NASA doing R&D (which you seem to be) you're on the wrong side of this argument. The whole point is to get NASA out of the mud and back to actually doing R&D on things that haven't already been done over and over.
To me this comes down to the fact that there are three ways to "get stuff into space":
spend gobs of money reinventing the wheel to do it in-house at NASA, in some way that inherently doesn't compete with the private aerospace companies
contract it out to US aerospace, which is already done for all the unmanned missions that are actually accomplishing things
contract it out to the russians, who honestly are doing a pretty good job
Seems like the first (which is what the constellation program does) is just stupid. Obama's plan is basically to choose the second. Then let NASA get back to doing science and R&D for genuine manned solar system exploration. The vision for space exploration's "return to the moon" was pointless from day 1 and everyone knew it, including Bush (that's why he pretended it was a mission to mars, which it simply was not). Obama's plan is much more likely to actually accomplish the real goals of furthering both manned and unmanned space exploration on the limited budget that congress is willing to allocate to it.
The linked articles only discuss authentication via client certificates, which seems pretty rare currently. How does this vulnerability actually impact the "usual" web commerce usages of SSL, which involves a server certificate? Also it does not appear that there is any way to force a re-negotiation from outside. And while re-negotiation appears common for client certs, I would expect it to be somewhat uncommon for server certs except for the initial up-negotiation to a secure connection for TLS.
How important is this for the common-use cases of e-commerce and banking?
Just add a no-additional-cost ipv6 option to carrier-level NAT and this seems to me like a good description of how to kick-start a transition to ipv6. I think this is the intent: that we will go dual-stack for a while, but the NAT'ed masses will eventually start demanding services via ipv6 simply because it will be less flaky. This whole process will take years, but will probably be marked by only sporadic and minor headaches. I think that is the whole idea.
If General Motors (GM) were allowed to enter bankruptcy without a government bailout, then GM would likely have been purchased in whole, or in parts, by a European or Japanese auto company. The purchaser would have assumed all of GM's liabilities. Of course, the sale price would have been set to reflect the costs of these liabilities.
While it is fine to complain, this is living in a dream world. The whole point of bankruptcy is to shed liabilities because they CANNOT all be actually met. GM's parts would have been bought for less than pennies on the dollar (because everyone else is broke too) and that tiny amount would have been split up among its creditors -- effectively leaving them with nothing. This is the whole point of bankruptcy. This is to teach the creditors a lesson that they should pay more attention to what the company is doing before it goes down the toilet.
Instead of that certain disaster, we have what is a sort of experiment in government-assisted Union ownership. At worst it is a total flop and GM dies when the economy is not quite as bad as it was earlier this year and the blow is a little softer to the american domestic workforce.
I don't know if you are trolling, but this is/was one of the most important science modules.
The point was to be able to generate, centrifugally, anything between 0 and 1 earth gravity. While it is nice to make the assumption that the solution to long-term space occupancy is centrifugally-generated artificial gravity, it would be nice (i.e. essential for engineering purposes) to know (a) just how much is necessary for various purposes, and (b) are there any adverse effects of the coriolis forces. I agree with the grandparent that this was one of the few really remarkable science programs on the station that logistically can't be done well elsewhere. Long-term microgravity is only available in orbit, and you need to be able to change the content of the experiments with enough flexibility that an unmanned mission (or missions) is not a good fit logistically.
Given the poor quality of the questions in that poll, almost any results are possible.
Electrons are smaller than atoms. (True/False)
46% of the general public said true.
Actually I would say this question is completely useless. The size of an atom is defined by the size of the electron field, which in a certain sense is the "size" of the electron, i.e. the space that it occupies. You know, that whole uncertainty principle thing. So the right answer is more like False.
Maybe they had their reasons for not simply asking whether an electron was more massive than an atom - or maybe whoever put the survey together some gaps in their own science education.
When I read this question I decided that the people doing this survey obviously have some major gaps in their science knowledge and probably also don't know how to do surveys and so it should be ignored.
but Mozilla really needs to support this de-facto standard for video (it's not just Apple using this in hardware).
The broader entity of "mozilla", as an open source entity, cannot do this due to the patent restrictions. On the other hand Apple is refusing support for ogg.
I this this is why Apple's position on this feels "wrong." While Apple is refusing to support an additional codec, Mozilla is simply stating a fact that they are forbidden, as a foundation with a commitment to open source, from "supporting" mp4.
- Freedom from advertising -- I would pay $10/mo to NYTime Company today if they would stop putting animated ads and buttons on their pages.
- Convenient access -- this is the Kindle approach, where your subscription grants you access to well-formatted content from mobile or dedicated devices. This only works if the content is truly well-formatted, which it is often not on the Kindle. This is more or less the iTunes model, too, because you pay a small premium for the tight integration of content and device.
I have never really considered paying for online access to news until this was mentioned. I might not pay $10/month, but I think I would be willing to pay something a bit lower than that to, say NY times and the washington post to read their articles in a well-formatted form without the ads. (these two oddly go hand-in-hand). Also freedom from being tracked and targeted by their advertising overlords would be a natural feature to add.
And imagine if it becomes "cool" to have clean non-ad-cluttered web pages. Or combined with micropayments, a button that says "view well-formatted, without annoying ads for 10 cents". Information wants to be free, but service can cost money.
first $6000 for an operation? hah! not in the usa. I had a friend pay $2500 for a 10-minute cat scan that just happened to not be covered by his insurance. Operations are *always* in the tens of thousands of dollars, even the simple ones.
second, you are talking about two different segments of american society. People who buy $30,000 suvs tend to also have health insurance. We're talking about the lower middle class who buy reasonable mid-size cars and for whom paying $10,000+ per year in just insurance is tough. (that's the norm, including employer contribution) And as the other poster mentions, this is really bankruptcy protection in case that operation is a little more complicated than expected.
I think this is point is not being emphasized enough. What digital you can get OTA even today is not representative of what you will get after Feb 17. Many stations are not running their digital at full power and others have translators that are not switching until the transition. In my area, geography (i.e. foothills) makes translators essential even for analog, so stations who haven't switched their translators are really hard to get.
You have drawn the wrong conclusion. This is incompetence at the justice department, nothing wrong with the law. The 72-hour grace period that the GP refers to exists for precisely this situation. The justice department lawyers were simply too incompetent to have their act together ahead of time for such a crisis situation.
There is a fair case to be made that 9/11 could have been prevented if the justice department had just been doing its job getting warrants for the FBI rather than playing games with the FISA court at the time. The bar is low, but the procedure exists for a reason and should be respected.
Or make the leap second insertion an algorithmic event, and not some random decision negotiated among a committee of astronomers.
You realize this is impossible because we CANNOT predict the spin-down of the earth to the necessary accuracy. i.e. there is no known algorithm. The best thing to do is to think of the sum of leap seconds as an observation of the slowing of the earth's rotation, the astronomers are simply providing this information.
Right - going to meetings, writing grants and papers... i.e. commenting on the work. That's what the reporter wants. PIs generally are quick to answer questions of what's going on in their lab and why it's interesting.
Seems to me that Intel is the bad guy in this case not USPTO... Intel swiped some tech from Intergraph and didn't pony up for it. Now we all suffer because we all "use" intel chips (and their cache) we don't just "have" them. If intel had just treated Intergraph fairly none of this would have happened!
The "use" thing is also why this feels so much like a software patent. Doesn't it seem stupid that I have basically no idea how the Pentium cache works, yet I'm infringing a patent on how it works. Patents were created to protect rights to manufacture inventions, not use of inventions.
I think the reason people always get in deep water with Tolkien is that it is most broadly about Good vs. Evil. This means that the reader can take it and apply it to essentially any situation in which he sees this conflict and show parellels. Even when the reader's definition of Good and evil are slightly different from the Tolkien's.
Him saying that they were not allegorical means exactly that. There may be common themes, but it was not intended as a direct allegory, and therefore the reader shouldn't try to draw too many parallels.
A work which is highly insightful in the specific is often the best demonstration of generalities. When put in another context, this often leads to an apparent misinterpretation of the author's intent, when in reality it's just that the reader percieves the genarality differently.
I think he worded this poorly. The point is that taking the waste and immediately putting it in a high density facility is bad because it is releasing heat so fast -- apparently many problems with Yucca engineering are due to this high heat release. By having a lower density staging area you both solve this problem and allow time for the development of better long-term solutions.
This sounds like talking about solutions to me. One of his main points is that the Department of Energy is ignoring alternatives at all costs, that's why it seems like there are no other solutions.
His main point is that Yucca is taking so long that by default such a low density staging area is coming soon to a big field near you! Wouldn't it be better to do that all in one place far away from population centers?
Storing nuclear waste in the middle of a major city would be a terrible idea
The main point of the article is that this is what is going on RIGHT NOW! Yucca is so bad a site that making it safe is taking so long that the stuff is still sitting around in really stupid places waiting.
Your second point is hyperbole on your part. Also one of the nice things about "the ore it was mined from" is that it is by definition geologically stable (e.g. won't poison groundwater) - metal casks in a wet Yucca mountain are NOT.
No, read that article again. SSH2 provides an additional protection to MITM attacks for users of public key user authentication. In ssh1 only the client having the server host key prevented MITM, the opportunity to make a second check was missed. dnsiff simply provided a new implementation of an known attack, if you use password authentication it will work just as well on ssh2.
If your servers share user directories and allow public key user authentication, you should probably disable ssh1 to force your users' clients to make this second check.
I would only add this: my impression from some of the posts on the lists is that the firmware issue (which is the much more difficult one since it affects the installer) has also been a big deal on linux-kernel in the past, i.e. people didn't like it then either. Unfortunately I don't have the references for this. I think the linux-kernel people have been lax on binary firmwares and therefore introduced a legal minefield that everyone has been ignoring. Debian is just being realistic from a legal standpoint. Someone has to tell it like it is.
So once again we encounter the problem of common good versus the I-want-my-MTV mentality.
When I first read this I took it opposite of the way I think you intended it.
i.e. Actually the common good is served by NOT making it illegal to decrypt this stuff because such a law is overly restrictive of personal freedom. So the 'pirates' are actually acting rationally and the broadcasters are the actual "I-want-my-MTV" party in this transaction.
Like you say, just because we can (have satellite TV by selling decryption keys and creating draconian laws to limit their usage) doesn't mean we should.
This is right on -- Sedna really does represent a new class of object. This is much more exciting than whether or not we should call it a planet. It's a real shame that the headlines are "is Sedna a planet?" rather than "new class of solar system body body discovered!".
There was a good presentation at today's
blackboard lunch at the Institute for Theoretical Physics in Santa Barbara today. The first 15 minutes or so are a great summary of why Sedna is important for our understanding of the solar system.
just as federal grand juries have long been able to obtain the same records...
Even that power, which has much stronger constraints due to the presence of the grand jury, has been abused by the infamous special prosecutor. And the issue is that the criteria for allowing these searches are too low. According the article, law enforcement need not even identify whose records they are searching for.
The second point is also a circumstance where the patriot act has made the judicial checks very weak, encouraging overapplication. (or misapplication by corrupt law enforcement.)
Simply put in order to "steal" a copyrighted work I would have to 1) take a copy in order to make more copies, and 2) disable the original owner's ability to make copies (for example by destroying his copies.)
Just distributing unauthorized copies usurps the rightful owners copyright, but does not prevent him from making and selling legal copies.
In the interview, I believe the DoJ lawyers are trying to make the argument that pervasive (digital) availability is equivalent to disabling the original owner's ability to copy because no one would buy his copies. But it is simply not the same as it does not include the vandalism that the word "theft" really implies.
Slashdot Mirror
... you have to manually exchange keys.
No. You can get most of the way there with a model like that of PGP: if multiple entities that you trust have vouched for the this one, then you have some confidence. This is what the "web of trust" is all about. The CAs fail both counts -- multiple trust paths are not required and why should I trust any particular CA? The article is just pointing out another reason to not trust the CAs.
With real PKI management I could choose for any particular communication whether I trusted the CAs under the jurisdiction of a particular government. But the truth is that such a level of security is rarely necessary in an absolute sense that can't be "repaired" later by, for example, legal remedies.
Do you realize that line means the numbers quoted are not comparable. If more than one "exemption" can be cited per request, then the number of exemptions, which they are quoting, does not actually tell you how many FOIA requests were withheld. It could easily be that the Obama administration is being more clear about what is being withheld and why for any given request, and that leads to a larger "exemptions" count. The problem is, without more info the numbers obviously do not mean what they are being represented to mean.
I'm not saying that postponing a manned return to the Moon is catastrophic by itself
If you're interested in NASA doing R&D (which you seem to be) you're on the wrong side of this argument. The whole point is to get NASA out of the mud and back to actually doing R&D on things that haven't already been done over and over.
To me this comes down to the fact that there are three ways to "get stuff into space":
Seems like the first (which is what the constellation program does) is just stupid. Obama's plan is basically to choose the second. Then let NASA get back to doing science and R&D for genuine manned solar system exploration. The vision for space exploration's "return to the moon" was pointless from day 1 and everyone knew it, including Bush (that's why he pretended it was a mission to mars, which it simply was not). Obama's plan is much more likely to actually accomplish the real goals of furthering both manned and unmanned space exploration on the limited budget that congress is willing to allocate to it.
The linked articles only discuss authentication via client certificates, which seems pretty rare currently. How does this vulnerability actually impact the "usual" web commerce usages of SSL, which involves a server certificate? Also it does not appear that there is any way to force a re-negotiation from outside. And while re-negotiation appears common for client certs, I would expect it to be somewhat uncommon for server certs except for the initial up-negotiation to a secure connection for TLS. How important is this for the common-use cases of e-commerce and banking?
Just add a no-additional-cost ipv6 option to carrier-level NAT and this seems to me like a good description of how to kick-start a transition to ipv6. I think this is the intent: that we will go dual-stack for a while, but the NAT'ed masses will eventually start demanding services via ipv6 simply because it will be less flaky. This whole process will take years, but will probably be marked by only sporadic and minor headaches. I think that is the whole idea.
If General Motors (GM) were allowed to enter bankruptcy without a government bailout, then GM would likely have been purchased in whole, or in parts, by a European or Japanese auto company. The purchaser would have assumed all of GM's liabilities. Of course, the sale price would have been set to reflect the costs of these liabilities.
While it is fine to complain, this is living in a dream world. The whole point of bankruptcy is to shed liabilities because they CANNOT all be actually met. GM's parts would have been bought for less than pennies on the dollar (because everyone else is broke too) and that tiny amount would have been split up among its creditors -- effectively leaving them with nothing. This is the whole point of bankruptcy. This is to teach the creditors a lesson that they should pay more attention to what the company is doing before it goes down the toilet.
Instead of that certain disaster, we have what is a sort of experiment in government-assisted Union ownership. At worst it is a total flop and GM dies when the economy is not quite as bad as it was earlier this year and the blow is a little softer to the american domestic workforce.
I don't know if you are trolling, but this is/was one of the most important science modules.
The point was to be able to generate, centrifugally, anything between 0 and 1 earth gravity. While it is nice to make the assumption that the solution to long-term space occupancy is centrifugally-generated artificial gravity, it would be nice (i.e. essential for engineering purposes) to know (a) just how much is necessary for various purposes, and (b) are there any adverse effects of the coriolis forces. I agree with the grandparent that this was one of the few really remarkable science programs on the station that logistically can't be done well elsewhere. Long-term microgravity is only available in orbit, and you need to be able to change the content of the experiments with enough flexibility that an unmanned mission (or missions) is not a good fit logistically.
Given the poor quality of the questions in that poll, almost any results are possible.
Electrons are smaller than atoms. (True/False)
46% of the general public said true.
Actually I would say this question is completely useless. The size of an atom is defined by the size of the electron field, which in a certain sense is the "size" of the electron, i.e. the space that it occupies. You know, that whole uncertainty principle thing. So the right answer is more like False.
Maybe they had their reasons for not simply asking whether an electron was more massive than an atom - or maybe whoever put the survey together some gaps in their own science education.
When I read this question I decided that the people doing this survey obviously have some major gaps in their science knowledge and probably also don't know how to do surveys and so it should be ignored.
but Mozilla really needs to support this de-facto standard for video (it's not just Apple using this in hardware).
The broader entity of "mozilla", as an open source entity, cannot do this due to the patent restrictions. On the other hand Apple is refusing support for ogg.
I this this is why Apple's position on this feels "wrong." While Apple is refusing to support an additional codec, Mozilla is simply stating a fact that they are forbidden, as a foundation with a commitment to open source, from "supporting" mp4.
- Freedom from advertising -- I would pay $10/mo to NYTime Company today if they would stop putting animated ads and buttons on their pages.
- Convenient access -- this is the Kindle approach, where your subscription grants you access to well-formatted content from mobile or dedicated devices. This only works if the content is truly well-formatted, which it is often not on the Kindle. This is more or less the iTunes model, too, because you pay a small premium for the tight integration of content and device.
I have never really considered paying for online access to news until this was mentioned. I might not pay $10/month, but I think I would be willing to pay something a bit lower than that to, say NY times and the washington post to read their articles in a well-formatted form without the ads. (these two oddly go hand-in-hand). Also freedom from being tracked and targeted by their advertising overlords would be a natural feature to add.
And imagine if it becomes "cool" to have clean non-ad-cluttered web pages. Or combined with micropayments, a button that says "view well-formatted, without annoying ads for 10 cents". Information wants to be free, but service can cost money.
2 things
first $6000 for an operation? hah! not in the usa. I had a friend pay $2500 for a 10-minute cat scan that just happened to not be covered by his insurance. Operations are *always* in the tens of thousands of dollars, even the simple ones.
second, you are talking about two different segments of american society. People who buy $30,000 suvs tend to also have health insurance. We're talking about the lower middle class who buy reasonable mid-size cars and for whom paying $10,000+ per year in just insurance is tough. (that's the norm, including employer contribution) And as the other poster mentions, this is really bankruptcy protection in case that operation is a little more complicated than expected.
I think this is point is not being emphasized enough. What digital you can get OTA even today is not representative of what you will get after Feb 17. Many stations are not running their digital at full power and others have translators that are not switching until the transition. In my area, geography (i.e. foothills) makes translators essential even for analog, so stations who haven't switched their translators are really hard to get.
You have drawn the wrong conclusion. This is incompetence at the justice department, nothing wrong with the law. The 72-hour grace period that the GP refers to exists for precisely this situation. The justice department lawyers were simply too incompetent to have their act together ahead of time for such a crisis situation.
There is a fair case to be made that 9/11 could have been prevented if the justice department had just been doing its job getting warrants for the FBI rather than playing games with the FISA court at the time. The bar is low, but the procedure exists for a reason and should be respected.
Right - going to meetings, writing grants and papers... i.e. commenting on the work. That's what the reporter wants. PIs generally are quick to answer questions of what's going on in their lab and why it's interesting.
Seems to me that Intel is the bad guy in this case not USPTO... Intel swiped some tech from Intergraph and didn't pony up for it. Now we all suffer because we all "use" intel chips (and their cache) we don't just "have" them. If intel had just treated Intergraph fairly none of this would have happened!
The "use" thing is also why this feels so much like a software patent. Doesn't it seem stupid that I have basically no idea how the Pentium cache works, yet I'm infringing a patent on how it works. Patents were created to protect rights to manufacture inventions, not use of inventions.
Him saying that they were not allegorical means exactly that. There may be common themes, but it was not intended as a direct allegory, and therefore the reader shouldn't try to draw too many parallels.
A work which is highly insightful in the specific is often the best demonstration of generalities. When put in another context, this often leads to an apparent misinterpretation of the author's intent, when in reality it's just that the reader percieves the genarality differently.
This sounds like talking about solutions to me. One of his main points is that the Department of Energy is ignoring alternatives at all costs, that's why it seems like there are no other solutions.
His main point is that Yucca is taking so long that by default such a low density staging area is coming soon to a big field near you! Wouldn't it be better to do that all in one place far away from population centers?
The main point of the article is that this is what is going on RIGHT NOW! Yucca is so bad a site that making it safe is taking so long that the stuff is still sitting around in really stupid places waiting.
Your second point is hyperbole on your part. Also one of the nice things about "the ore it was mined from" is that it is by definition geologically stable (e.g. won't poison groundwater) - metal casks in a wet Yucca mountain are NOT.
No, read that article again. SSH2 provides an additional protection to MITM attacks for users of public key user authentication. In ssh1 only the client having the server host key prevented MITM, the opportunity to make a second check was missed. dnsiff simply provided a new implementation of an known attack, if you use password authentication it will work just as well on ssh2.
If your servers share user directories and allow public key user authentication, you should probably disable ssh1 to force your users' clients to make this second check.
I would only add this: my impression from some of the posts on the lists is that the firmware issue (which is the much more difficult one since it affects the installer) has also been a big deal on linux-kernel in the past, i.e. people didn't like it then either. Unfortunately I don't have the references for this. I think the linux-kernel people have been lax on binary firmwares and therefore introduced a legal minefield that everyone has been ignoring. Debian is just being realistic from a legal standpoint. Someone has to tell it like it is.
When I first read this I took it opposite of the way I think you intended it.
i.e. Actually the common good is served by NOT making it illegal to decrypt this stuff because such a law is overly restrictive of personal freedom. So the 'pirates' are actually acting rationally and the broadcasters are the actual "I-want-my-MTV" party in this transaction.
Like you say, just because we can (have satellite TV by selling decryption keys and creating draconian laws to limit their usage) doesn't mean we should.
There was a good presentation at today's blackboard lunch at the Institute for Theoretical Physics in Santa Barbara today. The first 15 minutes or so are a great summary of why Sedna is important for our understanding of the solar system.
Even that power, which has much stronger constraints due to the presence of the grand jury, has been abused by the infamous special prosecutor. And the issue is that the criteria for allowing these searches are too low. According the article, law enforcement need not even identify whose records they are searching for.
The second point is also a circumstance where the patriot act has made the judicial checks very weak, encouraging overapplication. (or misapplication by corrupt law enforcement.)
Simply put in order to "steal" a copyrighted work I would have to 1) take a copy in order to make more copies, and 2) disable the original owner's ability to make copies (for example by destroying his copies.)
Just distributing unauthorized copies usurps the rightful owners copyright, but does not prevent him from making and selling legal copies.
In the interview, I believe the DoJ lawyers are trying to make the argument that pervasive (digital) availability is equivalent to disabling the original owner's ability to copy because no one would buy his copies. But it is simply not the same as it does not include the vandalism that the word "theft" really implies.