As I recall, none of the 10-year trends, even from 98-08, are actually negative. Connecting the endpoints is negative, sure, but that's meaningless. There's no point in entertaining the wild fantasies of people who can't do statistics when you're talking about climatology. It's bad enough to hear the words "10 year trend" mentioned.
Oh I know that one, cause the editors at that journals decided to push their political agenda with the journal rather than fairly reviewing and rejecting/publishing papers for their pure scientific value, and therefore the journal in question stopped being a scientific publication but rather a vector of propaganda?
And there are few things that piss off legitimate scientists more than this.
There's no need to qualify that with "geological". It's absurdly hard to get an experiment to give you "pure", accurate results. Real world data is an exercise in pain.
Quite a few scientists are dicks. They generally are made much more so by politicization of a field they're genuinely interested in. Skeptics work hard to make them look like crackpot conspiracy theorists, and proponents grossly misquote their findings for whatever pet purpose they have in mind.
Also, scientists tend to dislike bureaucracy and paperwork -- and FOIA, while a laudable goal, is a great way to make people you dislike deal with an absolute ton of paperwork.
I don't, because I have a solid grasp of statistics and the measurement of chaotic, complex systems. Ten years of data is not a climatic temperature trend.
Are you really telling us that you reject papers only because they contain data that does not fit the prevailing theory?
He's not, but this is a good example of how you can woefully misinterpret honestly-made statements.
What he's saying is that research that claims that well-tested, well-accepted principles are false is held up to a higher level of scrutiny than research that doesn't. This is only natural: if your research shows results that disagree with the results of multiple earlier studies, it is more likely that you have made a mistake than that the multiple studies have. If further scrutiny indicates that your research was rigorous, it will still be published.
It's called being a scientist -- giving funding agencies information they're interested in while not misrepresenting the facts (and hopefully not giving them the tools to easily misrepresent the facts) is challenging and a little ugly. It's fairly easy if you assume the agency doesn't desire a particular answer. Most scientists know better than that, though.
Only one of those requires that the user know the root password.
This is useful if you have two users that you want to have root privileges -- particularly considering that you can restrict what operations a sudo user can perform.
With sudo, they don't need to type the root password, they need to type their own password.
Of course, you're still able to make the system behave so that users can install software without typing in their password -- it's just not the default now.
It would be nice, though, for package managers to support user installation (to the user's home directory).
Easy: when someone else blames a company or the government for a problem, it's that person's fault. When the commenter is the one affected, the other party is at fault.
That's how "personal responsibility" and "accountability" work. With myopia.
There are plenty of guns outside of New York City -- the state has some of the least restrictive gun laws in the country.
They are surrounded by water, without enough exits for an emergency evacuation.
Only Manhattan, Long Island, and Staten Island. Part of NYC, along with all the rest of the state, is not an island. Compare with Hawaii, a state that is entirely island.
People in our area regularly get and make use of emergency weather warnings transmitted over EAS.
I assure you, had people called about a midday alert that indicated the state was being evacuated with no reason given and no apparent reason, people on Slashdot would deride them for it.
We're not really discussing ways of being theoretically secure -- there are perfectly good ways of doing that. Fortunately, most criminals aren't very smart. Unfortunately, they're often smart enough to use encryption products. Fortunately, they don't use them very well.
For completely-random yes. However, a disturbing number of passwords are combinations of dictionary words. They're also often written down or stored in unsafe places in memory. Of course, you wouldn't know *where* they're stored on disk, so you run "strings" against the entire disk and use that as an input list for your cracker (note that the output of strings on a full disk is small compared to the number of random 8-character passwords).
An encryption algorithm requires a key. It is necessary that the key be entirely random. People do not memorize 128 bits handed to them very well, so having them remember the key is out of the question.
Hands-down, the most popular way of providing authentication is a user-supplied password. There are two major schemes for having a password provide an encryption/decryption key. Both involve using a one-way function, preferably a time-consuming one, to turn the password into a high-entropy key. This key could be used to encrypt/decrypt the data directly. That doesn't give you a very usable system, though, since there is no way of knowing, when a password is provided, that you've supplied the right password. In general, users don't much appreciate when their file decrypts to garbage because they mistyped a password. Hence, one approach is to provide a block of data supplied by the encryption software that can be decrypted to check the key. Another popular approach is to have this password-based key encrypt the data encryption key, which is supplied in a header that also enables the software to check that the password-based key was correct.
In both cases, for well-designed systems, the time to crack the encryption as a whole is dominated by computing the password-based keys, not by performing the check (either variant). Certainly decrypting a substantial portion of the data and performing some sort of analysis on it is not required.
Oh, you care what method it uses to turn the password into a key (and in most cases, how that key is used to decrypt the encryption key). But that's generally not tunable -- the encryption scheme that's tunable (I called it "variable") is the data encryption scheme, which you don't bother with.
Slashdot Mirror
1998. 2008 is last year.
As I recall, none of the 10-year trends, even from 98-08, are actually negative. Connecting the endpoints is negative, sure, but that's meaningless. There's no point in entertaining the wild fantasies of people who can't do statistics when you're talking about climatology. It's bad enough to hear the words "10 year trend" mentioned.
Oh I know that one, cause the editors at that journals decided to push their political agenda with the journal rather than fairly reviewing and rejecting/publishing papers for their pure scientific value, and therefore the journal in question stopped being a scientific publication but rather a vector of propaganda?
And there are few things that piss off legitimate scientists more than this.
There's no need to qualify that with "geological". It's absurdly hard to get an experiment to give you "pure", accurate results. Real world data is an exercise in pain.
Did you write a book, or are otherwise meaningfully visible?
You're right, there's a lot more money in
An Inconvenient Truth
than in the hydrocarbon energy industry.
Quite a few scientists are dicks. They generally are made much more so by politicization of a field they're genuinely interested in. Skeptics work hard to make them look like crackpot conspiracy theorists, and proponents grossly misquote their findings for whatever pet purpose they have in mind.
Also, scientists tend to dislike bureaucracy and paperwork -- and FOIA, while a laudable goal, is a great way to make people you dislike deal with an absolute ton of paperwork.
A physicist can't point at a some squiggle in a particle accelerator and say "that's the gravity particle"
That's precisely what one of the experiments at the LHC is.
I don't, because I have a solid grasp of statistics and the measurement of chaotic, complex systems. Ten years of data is not a climatic temperature trend.
A lot of people commenting here clearly don't know many scientists, and thus don't appreciate how poor their word choice tends to be.
Are you really telling us that you reject papers only because they contain data that does not fit the prevailing theory?
He's not, but this is a good example of how you can woefully misinterpret honestly-made statements.
What he's saying is that research that claims that well-tested, well-accepted principles are false is held up to a higher level of scrutiny than research that doesn't. This is only natural: if your research shows results that disagree with the results of multiple earlier studies, it is more likely that you have made a mistake than that the multiple studies have. If further scrutiny indicates that your research was rigorous, it will still be published.
It's called being a scientist -- giving funding agencies information they're interested in while not misrepresenting the facts (and hopefully not giving them the tools to easily misrepresent the facts) is challenging and a little ugly. It's fairly easy if you assume the agency doesn't desire a particular answer. Most scientists know better than that, though.
Researchers were actually favoring "climate change" before 1998.
Only one of those requires that the user know the root password.
This is useful if you have two users that you want to have root privileges -- particularly considering that you can restrict what operations a sudo user can perform.
"For less money" is how "cheaper" usually works, yes.
With sudo, they don't need to type the root password, they need to type their own password.
Of course, you're still able to make the system behave so that users can install software without typing in their password -- it's just not the default now.
It would be nice, though, for package managers to support user installation (to the user's home directory).
Easy: when someone else blames a company or the government for a problem, it's that person's fault. When the commenter is the one affected, the other party is at fault.
That's how "personal responsibility" and "accountability" work. With myopia.
They got no guns (it's New York)?
There are plenty of guns outside of New York City -- the state has some of the least restrictive gun laws in the country.
They are surrounded by water, without enough exits for an emergency evacuation.
Only Manhattan, Long Island, and Staten Island. Part of NYC, along with all the rest of the state, is not an island. Compare with Hawaii, a state that is entirely island.
But Libertarians demand the right to play their video games uninterrupted by warnings of impending doom!
It's like the right to not wear your seatbelt. Very important.
People in our area regularly get and make use of emergency weather warnings transmitted over EAS.
I assure you, had people called about a midday alert that indicated the state was being evacuated with no reason given and no apparent reason, people on Slashdot would deride them for it.
Couldn't you make the same argument for the Emergency Broadcast System, which seems to work just fine?
We're not really discussing ways of being theoretically secure -- there are perfectly good ways of doing that. Fortunately, most criminals aren't very smart. Unfortunately, they're often smart enough to use encryption products. Fortunately, they don't use them very well.
For completely-random yes. However, a disturbing number of passwords are combinations of dictionary words. They're also often written down or stored in unsafe places in memory. Of course, you wouldn't know *where* they're stored on disk, so you run "strings" against the entire disk and use that as an input list for your cracker (note that the output of strings on a full disk is small compared to the number of random 8-character passwords).
An encryption algorithm requires a key. It is necessary that the key be entirely random. People do not memorize 128 bits handed to them very well, so having them remember the key is out of the question.
Hands-down, the most popular way of providing authentication is a user-supplied password. There are two major schemes for having a password provide an encryption/decryption key. Both involve using a one-way function, preferably a time-consuming one, to turn the password into a high-entropy key. This key could be used to encrypt/decrypt the data directly. That doesn't give you a very usable system, though, since there is no way of knowing, when a password is provided, that you've supplied the right password. In general, users don't much appreciate when their file decrypts to garbage because they mistyped a password. Hence, one approach is to provide a block of data supplied by the encryption software that can be decrypted to check the key. Another popular approach is to have this password-based key encrypt the data encryption key, which is supplied in a header that also enables the software to check that the password-based key was correct.
In both cases, for well-designed systems, the time to crack the encryption as a whole is dominated by computing the password-based keys, not by performing the check (either variant). Certainly decrypting a substantial portion of the data and performing some sort of analysis on it is not required.
Very few passwords are as strong as 20 random characters.
Oh, you care what method it uses to turn the password into a key (and in most cases, how that key is used to decrypt the encryption key). But that's generally not tunable -- the encryption scheme that's tunable (I called it "variable") is the data encryption scheme, which you don't bother with.