Something about a security vulnerability that didn't make a lot of sense.
The problem was that Windows 7 gadgets had no security whatsoever, the only security setting you could have for them was "everything all the time" (there were theoretical config.options you could use that tightened things up a bit, but they weren't actually used). So you had the situation of ActiveX circa 1995 in a current OS that was touted as very secure (or at least "we tried really hard to make it very secure"). The issue wasn't why they discontinued it, it was how it ever got out the door in that state in the first place.
Could you clarify? Who is Alyssa Rowan to TrueCrypt? Sorry for my ignorance, I tried Googling a bit and just got links to this article.
It's someone who has been active in the crypto/security community for awhile now. Personal details are pretty scarce (i.e. it could be a front for the NSA for all anyone knows), but the persona has been active in crypto. If you want something to Google on try "alyssa rowan cryptography".
An Argentinian chef is more likely to make great sushi than a Japanese automotive engineer.
There's an even closer-to-food analogy for this: If you want a good Italian pizza, get a Greek to make it. I have no idea why this works, but the best Italian pizzas always tend to be made by someone called Nikos or Costas.
Interesting to see that the supposed origin is northeastern China, which is where the Japanese special unit 731 carried out biological warfare experiments during WWII, polluting large areas with bioweapons products. Perhaps this is a case of the chickens coming home to roost?
... "Mozilla Winter of We're Too Busy Making our Browser Look Like Chrome and Adding DRM to Bother with Trivial Stuff like Security so we'll get Unpaid Students to Do It Instead" didn't fit into a short acronym.
I know several admins that mitigated the hole but couldn't replace their certificates either because the signer charges a ridiculous revocation fee (I'm looking at you, StartSSL),
Yup, twenty-five whole dollars. That's the price of several Big Macs, with fries!. Shameless what some CAs will charge.
(Not defending the CA racket here, but $25 isn't really that much when they give the certs out for free. In any case why revoke them, just replace them with a new, free cert. Yes, I know someone can spoof the server using the old cert, but if you want to save the $25...).
Is it because of her advanced medical degree? Her first hand knowledge of the pharmaceutical industry?
That was my immediate reaction as well. I saw some snippet of her on TV once and she seemed to be the canonical blond airhead. What next, people clustering to Professor Pamela Anderson to hear about global warming being a scam?
EPOC could do lots more than surf the web; it had apps for all the obvious personal-assistant functions (calendar, notes, to-do, contacts) and had a decent ecosystem of third-party apps.
There may have been a small number of third-party apps, but nothing like what made the iPad and later Android successful. What's worse, there never would be too many more either. I've programmed for EPOC, alongside a large number of other embedded OSes, and it is by far the most alien, difficult-to-work-with OS I've ever used. I've found it easier to move code to MVS (IBM 1960's mainframe OS) than EPOC. Unless they'd completely rewritten the OS in something useful (Linux was mentioned), the market would have been severely restricted no matter how cool the hardware was.
There was some way to have a remote... Say attached to the wall, which would allow you to 'touch' it to have the lights turn on and off, or even possibly dim. One can dream..
Exactly. The headline should have read "LG and Samsung follow Philips in adding pointless expensive gimmicks to lightbulbs in order to part consumers from their money".
Well, it's got some rat in it. And get rid of that damn dead bishop on the landing, I've got three of 'em down by the bin, and the dustmen won't touch 'em.
As the OP has pointed out, the argument is not against SSL, which isn't the problem, but the assumption that CAs provide some silver bullet against MITMs. This is what I meant with my post above.
I'm assuming from your comment that you've probably never dealt with any sociopaths/psychopaths (technically, people with ASPD, antisocial personality disorder) or similar disorders like NPD before, because if you had you'd realise that critical thinking isn't going to help you. Firstly, in order to apply critical thinking you need to know that you're being manipulated, which you'll generally only realise that once it's too late. Secondly, until you've actually experienced what an ASPD person is capable of, you'll have no idea of the near-superhuman capabilities of these people to deceive and manipulate. The literature is full of stories of trained psychologists interviewing psychopaths who they know have killed a dozen children and eaten their livers, and coming away thinking what a charming person they've just dealt with. One somewhat nasty (but highly educational) trick that gets played on psych students is sending them into prisons to assess psychopaths. They invariably report them to be charming, friendly, and the sort of person they'd want to have around for dinner. In some cases even after they've read the reports of them keeping the various body parts in bags in the basement.
If you're targeted by someone with NPD/ASPD, you won't realise it until it's too late.
The frequency of a true MITM - one defined above where someone has the ability to control an intermediate node at low level and take central position - is so low as to be difficult to measure.
This is about as dumb of an argument against SSL as I can imagine. True MITMs are reasonably rare in large part because of SSL.
[Citation needed].
(For those who can't see the problem with this claim, consider the following: I wear a unicorn-repellent shirt. I know it works because while wearing it I've never been attacked by a unicorn).
The GPS code I've seen was horrible and I worked for one of the major GPS players for several years. Originally written in FORTRAN and later automatically converted to C. Utter crap basically. The mathematics behind GPS is really interesting and quite involved. The implementations are crap.
Saved me from writing the same thing. The GPS code I've seen, written by engineers and not programmers, was an incredibly hacked-together, barely-functional set of kludges to implement a lot of very elegant mathematics.
For another example of a well written large project, try gcc.
Another example that's at least as elegant as gcc is OpenSSL.
Slashdot Mirror
Something about a security vulnerability that didn't make a lot of sense.
The problem was that Windows 7 gadgets had no security whatsoever, the only security setting you could have for them was "everything all the time" (there were theoretical config.options you could use that tightened things up a bit, but they weren't actually used). So you had the situation of ActiveX circa 1995 in a current OS that was touted as very secure (or at least "we tried really hard to make it very secure"). The issue wasn't why they discontinued it, it was how it ever got out the door in that state in the first place.
There was also AIX.
Of the three, HP-UX sucked less.
That's like saying that gonorrhea isn't as bad as syphilis.
Gosh, imagine if you were on a burning oil rig, at some point, the cold sea would start to look so inviting!
Wait that analogy makes zero sense.
The Chewbacca defence! Devilishly clever...
Could you clarify? Who is Alyssa Rowan to TrueCrypt? Sorry for my ignorance, I tried Googling a bit and just got links to this article.
It's someone who has been active in the crypto/security community for awhile now. Personal details are pretty scarce (i.e. it could be a front for the NSA for all anyone knows), but the persona has been active in crypto. If you want something to Google on try "alyssa rowan cryptography".
"Alyssa Rowan @AlyssaRowan @munin @0xabad1dea @puellavulnerata I can confirm presence of TrueCrypt duress canary as per 2004 conversation"
Sorry, who the fuck are you?
If it's the real Alyssa Rowan tweeting that then it's a pretty reliable source.
An Argentinian chef is more likely to make great sushi than a Japanese automotive engineer.
There's an even closer-to-food analogy for this: If you want a good Italian pizza, get a Greek to make it. I have no idea why this works, but the best Italian pizzas always tend to be made by someone called Nikos or Costas.
*Note: Worked in several restaurants during and after high school.
Saying "would you like fries with that" doesn't really count as working in a restaurant though...
The Indian truck manufactuer Tata has been using wood as a construction material for quite some time now.
Other materials used include chewing gum, rubber bands, old newspapers, and spit.
Beware of bugs in the above code; I have only proved it correct, not tried it -- Donald Knuth
meh and even it it really was from the crops:
Interesting to see that the supposed origin is northeastern China, which is where the Japanese special unit 731 carried out biological warfare experiments during WWII, polluting large areas with bioweapons products. Perhaps this is a case of the chickens coming home to roost?
... "Mozilla Winter of We're Too Busy Making our Browser Look Like Chrome and Adding DRM to Bother with Trivial Stuff like Security so we'll get Unpaid Students to Do It Instead" didn't fit into a short acronym.
I know several admins that mitigated the hole but couldn't replace their certificates either because the signer charges a ridiculous revocation fee (I'm looking at you, StartSSL),
Yup, twenty-five whole dollars. That's the price of several Big Macs, with fries!. Shameless what some CAs will charge.
(Not defending the CA racket here, but $25 isn't really that much when they give the certs out for free. In any case why revoke them, just replace them with a new, free cert. Yes, I know someone can spoof the server using the old cert, but if you want to save the $25...).
I've updated your password to the answer to a new riddle:
Why is a raven like a writing desk?
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
Good luck spelling it correctly!
My mother was eaten by Cthulhu you insensitive clod!
As someone with a phd who works around people with phd degrees, the phrase "just not half as smart as he thinks he is" has very wide applicability.
"OK, so you have a PhD. Just don't touch anything".
Is it because of her advanced medical degree? Her first hand knowledge of the pharmaceutical industry?
That was my immediate reaction as well. I saw some snippet of her on TV once and she seemed to be the canonical blond airhead. What next, people clustering to Professor Pamela Anderson to hear about global warming being a scam?
EPOC could do lots more than surf the web; it had apps for all the obvious personal-assistant functions (calendar, notes, to-do, contacts) and had a decent ecosystem of third-party apps.
There may have been a small number of third-party apps, but nothing like what made the iPad and later Android successful. What's worse, there never would be too many more either. I've programmed for EPOC, alongside a large number of other embedded OSes, and it is by far the most alien, difficult-to-work-with OS I've ever used. I've found it easier to move code to MVS (IBM 1960's mainframe OS) than EPOC. Unless they'd completely rewritten the OS in something useful (Linux was mentioned), the market would have been severely restricted no matter how cool the hardware was.
From that transcript it seems that, excluding Dr. Holdren, the smartest guy in the room was the room.
There was some way to have a remote... Say attached to the wall, which would allow you to 'touch' it to have the lights turn on and off, or even possibly dim. One can dream..
Exactly. The headline should have read "LG and Samsung follow Philips in adding pointless expensive gimmicks to lightbulbs in order to part consumers from their money".
Or maybe they were just eating rat?
Well, it's got some rat in it. And get rid of that damn dead bishop on the landing, I've got three of 'em down by the bin, and the dustmen won't touch 'em.
I looked at various peanut butters the other day when I bought some, and bought me some more Jif, instead of Adams.
You put Jif on your bread? While it's probably a less.. intrusive way of cleaning you out than a colonic irrigation, it still seems like a bit much.
What advancement? The typo keyboard is virtually a 1 for 1 copy of the Q10 keyboard. They didn't even bother changing the colour of the frets.
Just a illustrate how blatant a knock-off it is, here's the Typo keyboard from the linked news story, and here's what Typo copied to create it.
As the OP has pointed out, the argument is not against SSL, which isn't the problem, but the assumption that CAs provide some silver bullet against MITMs. This is what I meant with my post above.
Somebody needs to teach how to resist "charisma".
Otherwise known as "critical thinking".
I'm assuming from your comment that you've probably never dealt with any sociopaths/psychopaths (technically, people with ASPD, antisocial personality disorder) or similar disorders like NPD before, because if you had you'd realise that critical thinking isn't going to help you. Firstly, in order to apply critical thinking you need to know that you're being manipulated, which you'll generally only realise that once it's too late. Secondly, until you've actually experienced what an ASPD person is capable of, you'll have no idea of the near-superhuman capabilities of these people to deceive and manipulate. The literature is full of stories of trained psychologists interviewing psychopaths who they know have killed a dozen children and eaten their livers, and coming away thinking what a charming person they've just dealt with. One somewhat nasty (but highly educational) trick that gets played on psych students is sending them into prisons to assess psychopaths. They invariably report them to be charming, friendly, and the sort of person they'd want to have around for dinner. In some cases even after they've read the reports of them keeping the various body parts in bags in the basement.
If you're targeted by someone with NPD/ASPD, you won't realise it until it's too late.
The frequency of a true MITM - one defined above where someone has the ability to control an intermediate node at low level and take central position - is so low as to be difficult to measure.
This is about as dumb of an argument against SSL as I can imagine. True MITMs are reasonably rare in large part because of SSL.
[Citation needed].
(For those who can't see the problem with this claim, consider the following: I wear a unicorn-repellent shirt. I know it works because while wearing it I've never been attacked by a unicorn).
The GPS code I've seen was horrible and I worked for one of the major GPS players for several years. Originally written in FORTRAN and later automatically converted to C. Utter crap basically. The mathematics behind GPS is really interesting and quite involved. The implementations are crap.
Saved me from writing the same thing. The GPS code I've seen, written by engineers and not programmers, was an incredibly hacked-together, barely-functional set of kludges to implement a lot of very elegant mathematics.
For another example of a well written large project, try gcc.
Another example that's at least as elegant as gcc is OpenSSL.