How much of private gun ownership results in legal use?
Self-defense use: Between 100,000 and 2.5 million incidents per year, depending on who you ask and how they define their terms and gather their statistics. The low end of that range is from the anti-gun organizations, like the Brady Campaign. Most academic researchers get numbers towards the high end of that range.
Hunting use: Huge
Target shooting use: Seriously huge
I see what you were trying to get at, but you need a better example. Legal uses of firearms vastly outnumber illegal uses.
Ultimately, it comes down to the key scheduling. If Skype has a better key-scheduling algorithm, it may actually improve security over standard RC4.
I would hope they didn't create a custom key scheduling algorithm. Odds are good that what they created would be worse. It would be much better to use the standard key schedule and discard the first 2 KB of the keystream -- which is what cryptographers suggest when using RC4.
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known
ROT13 isn't secure when it's known.
ROT13 isn't encryption. It's a trivial unkeyed encoding.
Like ROT13, RC4 is an antiquated cipher with many known issues; and a modified version of RC4 could be even less secure than the vanilla implementation. No-one should be using it these days when there are much better alternatives available.
RC4 is also a widely-known and deeply-studied cipher. It has some known weaknesses, but workarounds for those weaknesses are also known. It's also very efficient and a stream cipher is the right kind of cipher for this application.
I agree that there are better alternatives, but unless they mucked up the implementation, there's every reason to believe that Skype's encryption is secure.
So who will be taking old battery packs out of circulation then? Who pays for replacing them, and how?
You could just be buying and selling battery packs every time you refill. Over time, as a pack degrades, it becomes less valuable until eventually it's not usable by anyone who drives farther than the grocery store, and then not even them. At that point, the pack is being bought and sold for little more than its scrap value, so either the filling station or the vehicle owner may choose to scrap it.
The value of a battery pack has four components:
The current capacity (higher-capacity batteries will get you further before you have to stop for another swap).
The net present value of the future capacities in each usage cycle (effectively, the longevity of the battery).
The scrap value of the battery components.
The value of the currently-stored energy.
Given reliable ways to measure 1, 2 and 4, I think it would be possible to create a robust and fair market for battery packs. The biggest challenge would be establishing a system for valuing capacity. The problem is that it wouldn't be a linear -- a 100-mile capacity is worth more than twice as much as a 50-mile capacity, even ignoring the issue of capacity in future cycles. But you can't just establish a curve by fiat; it needs to be market-driven. If the battery valuation were based on a national battery market, and stations were required by regulation to use current exchange prices for battery purchases/sales (perhaps plus a small service charge), then stations would still be free to compete on the price of the energy they add to the batteries.
Too complicated to work? Maybe. Making it work at all requires having very reliable and standardized ways to measure current capacity and estimate future capacity. It's a possibility, though.
he way you do proper poll manipulation is LOAD THE QUESTION. you poll people with a question with the proper turn of phrase to lead them towards the answer you want. then, when you present the answers to the poll, you also cage the results in such a way to lead the audience in the way you want them to interpret the results
Damn, that sounds like a lot of hard work. Much easier to just make up some numbers that sound good.
The biggest potential threat there is a resurgent Apple, especially on the consumer side, but increasingly on the business desktop for smaller organizations.
IBM is experimenting with a transition to Apple as the business desktop. Most of IBM Research switched a while ago, many of the executives have switched or are switching, IBM actively supports employees who choose to use their own Mac hardware and is running some test deployments of company-provided equipment in various parts of the company. Linux is also quite well-supported.
I won't go so far as to make any predictions, but I wouldn't be surprised if IBM moved to Apple as the primary desktop platform in the next 4-5 years.
They all want to argue the First Amendment, like it's some Holy Scripture and they get bonus karma for it in a future life.
Article I, Section 8, Clause 8 of the United States Constitution: "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
Taking things out of the public domain that were already there is the opposite of progressing Science and (the) useful Arts. That's the pertinent Constitutional issue, not some bullshit Amendment-of-last-resort argument.
Were they to make that argument, they would truly be idiot lawyers, because that argument has already been shot down.
So, they were being smart lawyers and trying to find some other basis for asserting Congress can't do that. They failed, but as far as I can tell it really was their best shot.
That, and considering how the vast majority of states are financially in the red these days
A small minority of states are in the red. Most states are fiscally responsible and live within their means. Some states even have constitutional requirements to maintain balanced budgets.
It is not an error to run a site with a self-signed certificate
A man in the middle could insert his own self-signed certificate, decrypting the traffic from your site and reencrypting it with his own key pair, and users would be none the wiser.
So that just means that the site isn't secure. Fine. FF shouldn't display the lock icon, or color the address bar. But that's no reason to treat the connection as an error. The appropriate thing to do is to present the site as insecure (which it is), but to go ahead and encrypt the link. Ideally, FF should go one step further and use SSH-style server key history. Silently (or with a small "new key, do you want to accept it?" dialog) accept and use the self-signed certificate, and then puke hard if the certificate ever changes without good reason (i.e. old cert expired or was replaced with a proper certificate).
By making these small changes, browser makers could significantly increase the average security of the web, so that sites that will otherwise have to go with unencrypted HTTP can use HTTPS -- even if MITM attacks are still possible, and if security shouldn't be relied upon, this sort of "opportunistic" encryption can make casual snooping significantly harder. That's a good thing.
And this is the stinker: It tells me that the cooker (hob and oven) and the TV use the most power in the house. duh.
Okay, so your largest draws are things you can't (or don't want to) reduce. Does that mean you should just give up? Why not spend some time looking at other areas to see if you can reduce your usage by a few percent?
Yes, instead of Barbie, make sure every girl gets a Princess Leia Doll!
He said science fiction, not space fantasies/westerns. Much of the fiction that gets labeled as "sci-fi" these days really isn't. True science fiction has an element of science in it, or at least technology. Something that plays a significant role in the story, rather than just being part of the setting.
The only technology development that plays a role in Star Wars is the creation of the Death Star, and that's just a bigger spaceship with a bigger gun, and none of the engineering issues involved in scaling up to that size are touched.
The idea here is that the market reacts to news in highly predictable ways, which it does. Any person of average intelligence can read a press release about, say, IBM being hit with a major lawsuit, and predict with near 100% accuracy that the stock price will decline a little in the short term. But humans react to the news relatively slowly. It takes a minute or so to read the press release and then decide to act on it, even if you happen to see it the instant it hits the wire.
What this system does is try to react to the new in almost real-time, because it can scan the news much faster than any human, and can scan a lot more of it. It is undoubtedly less accurate at determining which way given information is going to move the stock price, but as long as it is accurate enough, it can respond before even the fastest-acting segment of the market does. It waits a few minutes for the market to catch up, then cashes out. Meanwhile, it is continually scanning for other news that it can use to predict short-term market responses.
It doesn't have to be particularly smart... just fast.
Since at the moment our supplies of food are depleted and the women in the cave are complaining about the children crying all the time because they're hungry, it might not be a bad idea for the cavemen to invest their time hunting for food and postpone the building of the next raft till after the next migration season, when the cave is full of food again.
If you wait until you have no problems before you start investing in the future, you'll never invest, because there will always be problems.
Bruce Schneier has written a few times on that question. His conclusion is that the reason it hasn't happened is because overseas terror attacks are harder to carry out than we think, and there just isn't much homegrown terrorism. Because of the difficulty in carrying out any operation in the US, the terrorists focus on very high-profile stuff, trying to destroy symbols as well as kill a few people.
That's what he thinks, anyway. It's a good question.
How much of private gun ownership results in legal use?
Self-defense use: Between 100,000 and 2.5 million incidents per year, depending on who you ask and how they define their terms and gather their statistics. The low end of that range is from the anti-gun organizations, like the Brady Campaign. Most academic researchers get numbers towards the high end of that range.
Hunting use: Huge
Target shooting use: Seriously huge
I see what you were trying to get at, but you need a better example. Legal uses of firearms vastly outnumber illegal uses.
It even coined the "Bus factor" phrase:
http://en.wikipedia.org/wiki/Bus_factor
That article didn't coin the phrase. I don't know where it originated, but I remember hearing and using it in the mid-90s.
Yes, achieving end-to-end secrecy requires much more than just using a secure encryption algorithm correctly. I was only addressing the cipher.
Ultimately, it comes down to the key scheduling. If Skype has a better key-scheduling algorithm, it may actually improve security over standard RC4.
I would hope they didn't create a custom key scheduling algorithm. Odds are good that what they created would be worse. It would be much better to use the standard key schedule and discard the first 2 KB of the keystream -- which is what cryptographers suggest when using RC4.
None of this harms Skype's existing security in any way. Encryption, if properly implemented, is secure even when all of the mechanisms are known
ROT13 isn't secure when it's known.
ROT13 isn't encryption. It's a trivial unkeyed encoding.
Like ROT13, RC4 is an antiquated cipher with many known issues; and a modified version of RC4 could be even less secure than the vanilla implementation. No-one should be using it these days when there are much better alternatives available.
RC4 is also a widely-known and deeply-studied cipher. It has some known weaknesses, but workarounds for those weaknesses are also known. It's also very efficient and a stream cipher is the right kind of cipher for this application. I agree that there are better alternatives, but unless they mucked up the implementation, there's every reason to believe that Skype's encryption is secure.
So who will be taking old battery packs out of circulation then? Who pays for replacing them, and how?
You could just be buying and selling battery packs every time you refill. Over time, as a pack degrades, it becomes less valuable until eventually it's not usable by anyone who drives farther than the grocery store, and then not even them. At that point, the pack is being bought and sold for little more than its scrap value, so either the filling station or the vehicle owner may choose to scrap it.
The value of a battery pack has four components:
Given reliable ways to measure 1, 2 and 4, I think it would be possible to create a robust and fair market for battery packs. The biggest challenge would be establishing a system for valuing capacity. The problem is that it wouldn't be a linear -- a 100-mile capacity is worth more than twice as much as a 50-mile capacity, even ignoring the issue of capacity in future cycles. But you can't just establish a curve by fiat; it needs to be market-driven. If the battery valuation were based on a national battery market, and stations were required by regulation to use current exchange prices for battery purchases/sales (perhaps plus a small service charge), then stations would still be free to compete on the price of the energy they add to the batteries.
Too complicated to work? Maybe. Making it work at all requires having very reliable and standardized ways to measure current capacity and estimate future capacity. It's a possibility, though.
If you place a statistician's head in ice and his feet in boiling water, then on the average he is quite comfortable!
But his comfort has a large variance.
he way you do proper poll manipulation is LOAD THE QUESTION. you poll people with a question with the proper turn of phrase to lead them towards the answer you want. then, when you present the answers to the poll, you also cage the results in such a way to lead the audience in the way you want them to interpret the results
Damn, that sounds like a lot of hard work. Much easier to just make up some numbers that sound good.
The answer is Fred Johnny is 22 now, he's hardly a kid!
Most 22 year-olds are still kids.
I'm sure Google will still have Windows and a wide selection of Windows-based browsers in their QA department.
after any harvesting/mowing operation you end up with a lot of cut grain and a field full of legless cats.
That image makes me chuckle. I must be a bad person. I actually like cats, but it still makes me chuckle.
Cool. Sorry, when I replied I didn't notice your change in the subject line.
they've booted windows out of their office...
Well, not yet. Windows is still on the vast majority of IBM employee laptops and desktops. But they're moving that direction.
The biggest potential threat there is a resurgent Apple, especially on the consumer side, but increasingly on the business desktop for smaller organizations.
IBM is experimenting with a transition to Apple as the business desktop. Most of IBM Research switched a while ago, many of the executives have switched or are switching, IBM actively supports employees who choose to use their own Mac hardware and is running some test deployments of company-provided equipment in various parts of the company. Linux is also quite well-supported.
I won't go so far as to make any predictions, but I wouldn't be surprised if IBM moved to Apple as the primary desktop platform in the next 4-5 years.
So, not just "smaller organizations".
They all want to argue the First Amendment, like it's some Holy Scripture and they get bonus karma for it in a future life.
Taking things out of the public domain that were already there is the opposite of progressing Science and (the) useful Arts. That's the pertinent Constitutional issue, not some bullshit Amendment-of-last-resort argument.
Were they to make that argument, they would truly be idiot lawyers, because that argument has already been shot down.
So, they were being smart lawyers and trying to find some other basis for asserting Congress can't do that. They failed, but as far as I can tell it really was their best shot.
The errors generated by a browser would imply that the non-ssl connection is actually more secure.
Excellent, excellent point.
That is how I will start my argument the next time this comes up, because it makes abundantly clear just how stupid the current behavior is.
That, and considering how the vast majority of states are financially in the red these days
A small minority of states are in the red. Most states are fiscally responsible and live within their means. Some states even have constitutional requirements to maintain balanced budgets.
It is not an error to run a site with a self-signed certificate
A man in the middle could insert his own self-signed certificate, decrypting the traffic from your site and reencrypting it with his own key pair, and users would be none the wiser.
So that just means that the site isn't secure. Fine. FF shouldn't display the lock icon, or color the address bar. But that's no reason to treat the connection as an error. The appropriate thing to do is to present the site as insecure (which it is), but to go ahead and encrypt the link. Ideally, FF should go one step further and use SSH-style server key history. Silently (or with a small "new key, do you want to accept it?" dialog) accept and use the self-signed certificate, and then puke hard if the certificate ever changes without good reason (i.e. old cert expired or was replaced with a proper certificate).
By making these small changes, browser makers could significantly increase the average security of the web, so that sites that will otherwise have to go with unencrypted HTTP can use HTTPS -- even if MITM attacks are still possible, and if security shouldn't be relied upon, this sort of "opportunistic" encryption can make casual snooping significantly harder. That's a good thing.
That's covered in the report.
And this is the stinker: It tells me that the cooker (hob and oven) and the TV use the most power in the house. duh.
Okay, so your largest draws are things you can't (or don't want to) reduce. Does that mean you should just give up? Why not spend some time looking at other areas to see if you can reduce your usage by a few percent?
Yes, instead of Barbie, make sure every girl gets a Princess Leia Doll!
He said science fiction, not space fantasies/westerns. Much of the fiction that gets labeled as "sci-fi" these days really isn't. True science fiction has an element of science in it, or at least technology. Something that plays a significant role in the story, rather than just being part of the setting.
The only technology development that plays a role in Star Wars is the creation of the Death Star, and that's just a bigger spaceship with a bigger gun, and none of the engineering issues involved in scaling up to that size are touched.
The idea here is that the market reacts to news in highly predictable ways, which it does. Any person of average intelligence can read a press release about, say, IBM being hit with a major lawsuit, and predict with near 100% accuracy that the stock price will decline a little in the short term. But humans react to the news relatively slowly. It takes a minute or so to read the press release and then decide to act on it, even if you happen to see it the instant it hits the wire.
What this system does is try to react to the new in almost real-time, because it can scan the news much faster than any human, and can scan a lot more of it. It is undoubtedly less accurate at determining which way given information is going to move the stock price, but as long as it is accurate enough, it can respond before even the fastest-acting segment of the market does. It waits a few minutes for the market to catch up, then cashes out. Meanwhile, it is continually scanning for other news that it can use to predict short-term market responses.
It doesn't have to be particularly smart... just fast.
Since at the moment our supplies of food are depleted and the women in the cave are complaining about the children crying all the time because they're hungry, it might not be a bad idea for the cavemen to invest their time hunting for food and postpone the building of the next raft till after the next migration season, when the cave is full of food again.
If you wait until you have no problems before you start investing in the future, you'll never invest, because there will always be problems.
Bruce Schneier has written a few times on that question. His conclusion is that the reason it hasn't happened is because overseas terror attacks are harder to carry out than we think, and there just isn't much homegrown terrorism. Because of the difficulty in carrying out any operation in the US, the terrorists focus on very high-profile stuff, trying to destroy symbols as well as kill a few people.
That's what he thinks, anyway. It's a good question.
You could kill a lot more people by setting off a bomb in a crowded shopping mall, and there's no security whatsoever there.
You could kill a lot more people by setting off a bomb in the airport.
I can think of a lot of places where crowds are both larger and more tightly packed than an airport.