What they can do, if they choose, is to impeach him. Article II section 4 says impeachment is available for "all civil Officers of the United States". It does, however, take a 2/3 majority. And then he would be replaced.
Advertising in general pays its own way. Advertising in general doesn't conceal its origin. Advertising in general doesn't manipulate penny stocks. Advertising in general doesn't direct people to enter valuable passwords into crooked web sites.
The other argument is that spam can be handled adequately by manual deletion after it reaches the end user. Most of us found that to be inadequate many years ago, so we're suppressing display of our email addresses in our Slashdot preferences or obfuscating it. It's interesting that the parent chose not to display an email address.
If taxes are stealing, what would you call using government services without paying for them?
Granted, though, if you've never received or delivered products shipped by road, have never attended a publicly funded school, have never benefited from police protection, have never hired anyone from a publicly funded school, have never used the fruits of government-funded research, run your own defense against foreign invaders and never breathe any air covered by the Clean Air Act, then you have a case that you're a self-made man who doesn't owe the government any money.
A sounder point would be to argue that this particular forced transaction (and forced transactions are almost by definition inefficient) is unjustified. If solar systems were toys, yes. But he's in California and his solar system is displacing coal. The Office of Technology Assessment calculated around 1980 that coal burning was causing 40,000 premature deaths per year. Plants are cleaner now but there are more of them. A transaction that chips away at one 9/11 equivalent every single month is a justified transaction according to most people's values.
One of the landmarks in the history of the net's legal status was when Stratton Oakmost sued Prodigy for defamation when a message board poster called them crooks. Search for "stratton Oakmont" on Forbes's web site for some coverage with no punches pulled. There were accused of selling at outrageous markups, selling their cold-call victims stock they held themselves, and so on.
The world of thinly traded stocks is easy to manipulate and there have been crooked brokers working there. If a penny stock changes hands several times in a day, a crooked broker could make more on the bid-ask spreads than a pump-and-dump stockholder could by selling it at the peak.
A work factor reduction to on the order to 2^63 operations puts SHA-1 collision generation into the realm of possibility. 2^80, which people used to believe was the number of trials needed to generate an SHA-1 collision, would have been out of reach for decades.
Those are attacks which a collision-resistant hash function is supposed to prevent.
A collision-resistant hash function which has been shown not to be collision-resistant is broken. As of today, there's no published way for someone to start with a file you created and match its MD5 with a document they created. But in the case where an attacker can generate both files (say, the new $MUSTHAVE binary that gets signed by the repository and the separate binary with the same MD5 that contains a Trojan) MD5 has lost its usefulness.
Remember that Einstein was offended by quantum mechanics.
If this is working like the two-slit experiment, then each photon carries more information than you can read out from it. In the two-slit experiment, a photon or an electron makes only one spot on the detector screen but even if you feed them through one at a time the pattern that builds up at the detector is what you'd see if it went through both slits at once.
Each photon that goes by the Death Star carries a complete picture of it but can only gasp out a small fraction as it collapses dying at rebel headquarters.
The article isn't a good match with any project listed there.
The idea of storage by slowing something down goes back to a comically ancient technology, which was converting bits to sound waves and sending them through tubes of mercury to be detected electrically milliseconds later.
Dino Rossi asked a judge to review the election. The (Republican) judge in (conservative) Chelan County heard the evidence and ruled that the (Republican) Secretary of State had followed the law. Rossi did not appeal, accusing the (fractured) state Supreme Court of bias.
The biggest problem with that election was outrageous sloppiness in (Democratic) King County. It looks more like sloppiness than fraud, given that the problem is that they misplaced and didn't count thousands of ballots that were likely to have favored Gregoire. The Secretary of State excoriated them for that and other screwups. (They also tried to cover up a spectacular failure to keep a record of how many absentee ballots came in).
For more about King County, see blackboxvoting.com.
We'll never get decent security as long as we set traps for users and call them idiots when they fall in.
The email containing the Trojan came from the bank's domain, apparently. Is it the fault of the users that email isn't authenticated? Are they idiots for not knowing how SMTP sessions can be spoofed?
How many places require software downloads to work? Include Flash and PDF readers in that list. Are people idiots for installing something that any non-expert would think came from their bank?
Do we even know that they weren't running antivirus? Would there have been signatures for a Trojan that was only distributed to a few hundred or a few thousand people? Would behavior-based antivirus have caught it, given that the crooks had the chance to test it against every common antivirus program?
Are the users idiots because the bank used a security protocol so unutterably lame that it was subject to undetectable replay attacks?
Calling the users idiots is just an excuse for not fixing the real problems.
If you're lucky, a magazine will have a comparative review and will have taken roughly equal amounts of ad revenue from each of the competing vendors. Useful search terms include "shootout" and "versus".
Anecdotal evidence from the tech community can be a heuristic if you're wondering about general bugginess and hassle factor. If you need real benchmarks, the only ones that mean a thing are those you run yourself.
Are you running a mixed shop or a single-vendor one? Don't underestimate the pain of interoperability and equipment management hassles if you've never experienced them.
Work as hard as you can to pin down what you need: good scaling on SMP machines? Easy management? Particular features? Good local talent pool for running/fixing it? Low purchase price? Support contracts? The more questions like that you answer, the clearer the choice will be and the easier the web searching will be. "Apache scale SMP OR cluster" is likely to get more informative results than "Apache IIS comparison".
If you are worried about security, then abandon all hope of useful information from the press, concentrate more on lockdown and scheduling updates then on the choice of product (but never install IIS 5), and keep an eye on the news.
Cultivate sysadmins in other places who have environments about your size and with similar needs.
OK, law school teaches that there are two sides to everything and that you should be able to switch to arguing the other side before the professor calls on the next student. There wouldn't be trials if the facts were obvious, you have to hear both sides in detail, etc.
That said, there is a difference between vigorous advocacy and pig-headed dishonesty.
The question for professionals out there is, what does an attorney or a firm need to do in order to get sanctioned?
A followup question would be, if any of us ever winds up in court, can the attorney(s) on the other side get away with acting like the ones for SCO have?
Of course I realize that the answer is "it depends". What does it depend on, and where do typical judges draw the line?
Flash has had so many serious security vulnerabilities that I uninstalled it (which was way too hard, but that's another story) and don't want to reinstall it.
>taking no countermeasures against some people who want to kill us?
Straw man.
>some kind of reasoned resistance to this tendency must be offered.
So why isn't the government suggesting something reasoned, like hiring Arabic speakers to do intelligence work, instead of spending titanic amounts of money on barely-real threats?
If one of my clients wanted to spend that kind of money on that screwed-up a threat assessment I would urge them to redirect the expenditure.
>most of the security efforts I've seen in place do comparatively little to make anyone safer
If the government had public safety as a goal, then it wouldn't have dropped security standards for chemical plants. If there's a manmade Bhopal in New Jersey, it's because the government chose not to prevent it.
If the government had public safety as a goal, there would have been screening for port personnel sometime in the five years after 9/11, and ABC news wouldn't have been able to put a steel cylinder with a uranium slug in it into a cargo container shipped from an area of al-Qaeda activity. Twice.
If the government had public safety as a goal, the intolerably dangerous liquids confiscated from passengers wouldn't have been poured into barrels in the middle of crowds.
Remember, the next time another chunk of Constitution is violated and the government says it's to protect public safety, that public safety is not the government's goal.
>Foreign relations has really taken a turn or the worse in the last 6 years or so.
What had bin Laden's gang cheesed off was the US troops stationed in Saudi Arabia, something which went back to 1990. And which might not even have been arrogant, except for the complete failure to realize how humiliating it was to the Saudi people to be reminded that they were incapable of defending themselves.
Since there are people in the Middle East who are still stoked on outrage over the outcome of World War I, it would take a very long stint of being less arrogant before the violence slowed down.
Wish I could remember the name to give the guy credit, but someone's pointed out that even booting from a CD doesn't necessarily give you a trustworthy system if there's malware flashed onto a graphics card that the BIOS detects and configures before the CD takes over.
Slashdot Mirror
What they can do, if they choose, is to impeach him. Article II section 4 says impeachment is available for "all civil Officers of the United States". It does, however, take a 2/3 majority. And then he would be replaced.
Ultracapacitors are good for hundreds of thousands of cycles. It's one of their advantages over a rechargeable battery.
>advertising generally is free speech.
What's that got to do with spam?
Advertising in general pays its own way. Advertising in general doesn't conceal its origin. Advertising in general doesn't manipulate penny stocks. Advertising in general doesn't direct people to enter valuable passwords into crooked web sites.
The other argument is that spam can be handled adequately by manual deletion after it reaches the end user. Most of us found that to be inadequate many years ago, so we're suppressing display of our email addresses in our Slashdot preferences or obfuscating it. It's interesting that the parent chose not to display an email address.
>Government has no right to steal
If taxes are stealing, what would you call using government services without paying for them?
Granted, though, if you've never received or delivered products shipped by road, have never attended a publicly funded school, have never benefited from police protection, have never hired anyone from a publicly funded school, have never used the fruits of government-funded research, run your own defense against foreign invaders and never breathe any air covered by the Clean Air Act, then you have a case that you're a self-made man who doesn't owe the government any money.
A sounder point would be to argue that this particular forced transaction (and forced transactions are almost by definition inefficient) is unjustified. If solar systems were toys, yes. But he's in California and his solar system is displacing coal. The Office of Technology Assessment calculated around 1980 that coal burning was causing 40,000 premature deaths per year. Plants are cleaner now but there are more of them. A transaction that chips away at one 9/11 equivalent every single month is a justified transaction according to most people's values.
>An experts only publication would not be a bad idea. Why don't you start one up
There is one, it launched within the last year or two, and it may or may not mean something that I can't even remember their name.
Cox has already tried to ban VPN traffic in their AUP according to several reports.
It's not impossible.
One of the landmarks in the history of the net's legal status was when Stratton Oakmost sued Prodigy for defamation when a message board poster called them crooks. Search for "stratton Oakmont" on Forbes's web site for some coverage with no punches pulled. There were accused of selling at outrageous markups, selling their cold-call victims stock they held themselves, and so on.
The world of thinly traded stocks is easy to manipulate and there have been crooked brokers working there. If a penny stock changes hands several times in a day, a crooked broker could make more on the bid-ask spreads than a pump-and-dump stockholder could by selling it at the peak.
>Bullshit propaganda
>This is total crap.
>Chinese propaganda.
Published research, reviewed and confirmed by other cryptographers. Check the archives of any crypto mailing list.
The NIST has started a hash function working group to replace SHA-1.
"it is clear that it will be necessary to [move away from SHA-1] in the not-too-distant future", according to the Bellovin-Rescorla paper about the impact of cracks of hash functions.
A work factor reduction to on the order to 2^63 operations puts SHA-1 collision generation into the realm of possibility. 2^80, which people used to believe was the number of trials needed to generate an SHA-1 collision, would have been out of reach for decades.
>I think it's actually very hard, in practice, to determine whether or not losing that property renders a particular system more vulnerable to attack.
It is computationally feasible, now, to build collding X.509 certificates.
It is possible, in some common environments and with a little cleverness, to Create two documents which are both human-readable and meaningful and which have the same MD5 hash.
Those are attacks which a collision-resistant hash function is supposed to prevent.
A collision-resistant hash function which has been shown not to be collision-resistant is broken. As of today, there's no published way for someone to start with a file you created and match its MD5 with a document they created. But in the case where an attacker can generate both files (say, the new $MUSTHAVE binary that gets signed by the repository and the separate binary with the same MD5 that contains a Trojan) MD5 has lost its usefulness.
Remember that Einstein was offended by quantum mechanics.
If this is working like the two-slit experiment, then each photon carries more information than you can read out from it. In the two-slit experiment, a photon or an electron makes only one spot on the detector screen but even if you feed them through one at a time the pattern that builds up at the detector is what you'd see if it went through both slits at once.
Each photon that goes by the Death Star carries a complete picture of it but can only gasp out a small fraction as it collapses dying at rebel headquarters.
Howell's home page
Boyd's home page
The article isn't a good match with any project listed there.
The idea of storage by slowing something down goes back to a comically ancient technology, which was converting bits to sound waves and sending them through tubes of mercury to be detected electrically milliseconds later.
>don't recall what property fails to commute with spin, maybe time?
Spin in the non-measured axes.
Time pairs up with energy: if you look at a really fine time scale, energy is so uncertain that there's a sea of particles (m == E / c**2).
As does the almost forgotten M2 email client in Opera, the first place I know of that scrapped the idea of folders in favor of labels.
Dino Rossi asked a judge to review the election. The (Republican) judge in (conservative) Chelan County heard the evidence and ruled that the (Republican) Secretary of State had followed the law. Rossi did not appeal, accusing the (fractured) state Supreme Court of bias.
The biggest problem with that election was outrageous sloppiness in (Democratic) King County. It looks more like sloppiness than fraud, given that the problem is that they misplaced and didn't count thousands of ballots that were likely to have favored Gregoire. The Secretary of State excoriated them for that and other screwups. (They also tried to cover up a spectacular failure to keep a record of how many absentee ballots came in).
For more about King County, see blackboxvoting.com.
If they were *really* smart then nobody would know that a crime had been committed.
>idiots
We'll never get decent security as long as we set traps for users and call them idiots when they fall in.
The email containing the Trojan came from the bank's domain, apparently. Is it the fault of the users that email isn't authenticated? Are they idiots for not knowing how SMTP sessions can be spoofed?
How many places require software downloads to work? Include Flash and PDF readers in that list. Are people idiots for installing something that any non-expert would think came from their bank?
Do we even know that they weren't running antivirus? Would there have been signatures for a Trojan that was only distributed to a few hundred or a few thousand people? Would behavior-based antivirus have caught it, given that the crooks had the chance to test it against every common antivirus program?
Are the users idiots because the bank used a security protocol so unutterably lame that it was subject to undetectable replay attacks?
Calling the users idiots is just an excuse for not fixing the real problems.
Citibank, 1994, US$10 million.
Security Pacific, 1974, about the same amount from someone who eavesdropped and social engineered his way past te security measures on the wire room.
I've given up searching "$PRODUCT review".
If you're lucky, a magazine will have a comparative review and will have taken roughly equal amounts of ad revenue from each of the competing vendors. Useful search terms include "shootout" and "versus".
Anecdotal evidence from the tech community can be a heuristic if you're wondering about general bugginess and hassle factor. If you need real benchmarks, the only ones that mean a thing are those you run yourself.
Are you running a mixed shop or a single-vendor one? Don't underestimate the pain of interoperability and equipment management hassles if you've never experienced them.
Work as hard as you can to pin down what you need: good scaling on SMP machines? Easy management? Particular features? Good local talent pool for running/fixing it? Low purchase price? Support contracts? The more questions like that you answer, the clearer the choice will be and the easier the web searching will be. "Apache scale SMP OR cluster" is likely to get more informative results than "Apache IIS comparison".
If you are worried about security, then abandon all hope of useful information from the press, concentrate more on lockdown and scheduling updates then on the choice of product (but never install IIS 5), and keep an eye on the news.
Cultivate sysadmins in other places who have environments about your size and with similar needs.
OK, law school teaches that there are two sides to everything and that you should be able to switch to arguing the other side before the professor calls on the next student. There wouldn't be trials if the facts were obvious, you have to hear both sides in detail, etc.
That said, there is a difference between vigorous advocacy and pig-headed dishonesty.
The question for professionals out there is, what does an attorney or a firm need to do in order to get sanctioned?
A followup question would be, if any of us ever winds up in court, can the attorney(s) on the other side get away with acting like the ones for SCO have?
Of course I realize that the answer is "it depends". What does it depend on, and where do typical judges draw the line?
>The idea itself isn't bad,
Yes it is.
Flash has had so many serious security vulnerabilities that I uninstalled it (which was way too hard, but that's another story) and don't want to reinstall it.
>taking no countermeasures against some people who want to kill us?
Straw man.
>some kind of reasoned resistance to this tendency must be offered.
So why isn't the government suggesting something reasoned, like hiring Arabic speakers to do intelligence work, instead of spending titanic amounts of money on barely-real threats?
If one of my clients wanted to spend that kind of money on that screwed-up a threat assessment I would urge them to redirect the expenditure.
>most of the security efforts I've seen in place do comparatively little to make anyone safer
If the government had public safety as a goal, then it wouldn't have dropped security standards for chemical plants. If there's a manmade Bhopal in New Jersey, it's because the government chose not to prevent it.
If the government had public safety as a goal, there would have been screening for port personnel sometime in the five years after 9/11, and ABC news wouldn't have been able to put a steel cylinder with a uranium slug in it into a cargo container shipped from an area of al-Qaeda activity. Twice.
If the government had public safety as a goal, the intolerably dangerous liquids confiscated from passengers wouldn't have been poured into barrels in the middle of crowds.
Remember, the next time another chunk of Constitution is violated and the government says it's to protect public safety, that public safety is not the government's goal.
>Foreign relations has really taken a turn or the worse in the last 6 years or so.
What had bin Laden's gang cheesed off was the US troops stationed in Saudi Arabia, something which went back to 1990. And which might not even have been arrogant, except for the complete failure to realize how humiliating it was to the Saudi people to be reminded that they were incapable of defending themselves.
Since there are people in the Middle East who are still stoked on outrage over the outcome of World War I, it would take a very long stint of being less arrogant before the violence slowed down.
The F-Secure product is Blacklight.
Wish I could remember the name to give the guy credit, but someone's pointed out that even booting from a CD doesn't necessarily give you a trustworthy system if there's malware flashed onto a graphics card that the BIOS detects and configures before the CD takes over.