Explaining the trends in temperature change and sea level over time is non-political.
Predicting future changes in temperature change and sea level, and predicting the impact on the environment, human settlement and human civilisation is non-political.
Saying "so we must do X to stop this" is political. It presumes that a response is required, it presumes the nature of the response, and it presumes that the response is appropriate in all contexts.
Scientists need to stop making such statements if they expect to be treated as politically neutral seekers of facts. Leave the "we should do X" to the economists and the politicians, then bring science in against to predict the likely effects of the proposals without interpreting the predicted effects ("sea level rise will displace 100,000 people" is science, "which is bad" is philosophy or politics).
I would support a "for the lifetime of the author/performer" approach, with the proviso "or 50 years where the copyright holder is not a natural person". But this is a stupid musician probably getting a kick-back on a misguided campaign to put more money in the hands of non-creative companies that are killing the production of art in an attempt to prop up their understanding of an industry.
There is an existing key schedule attack against AES-256 (attack complexity 2^119) and AES-192 (complexity 2^176). The existing attack is a related-key attack, and some modes of operation (e.g. XTS as used by TrueCrypt) are not vulnerable to it.
The big deal about this paper is that it (a) operates in a single-key model, rather than requiring a related-key; and (b) is the first attack against full round AES-128.
The reason that AES remains a better choice than serpent or twofish is precisely because this sort of cryptanalysis is going on - we gain more knowledge about the weak points of AES and higher confidence in exactly what security strength it offers. Ciphers with less rigorous study may just be offering the appearance of security because we know less about their weaknesses.
The problem is not document compatibility. The problem is operator compatibility. Users are most likely to have had prior contact with Word; if training is required then it is easiest to get training in Word; and Word has a lower learning curve than OO/LO for basic tasks.
In many parts of Africa you will meet with resistance from both the authorities and local population unless you are introduced by and working in conjunction with an NGO. African governments and NGOs have a variety of plans to address local issues, and many African communities maintain social structures that can complicate offers of aid/assistance unless approached in the appropriate manner. Wandering in naively can be seen as meddlesome rather than helpful.
NGOs tend to be short on all resources, so most have no skills or money for infrastructure support. As the parent says, old virus-ridden PCs are common. Windows & Word are used because the staff know them, they know people who can support MS products in a pinch (Linux skills are substantially less common), and because the norm in business and government is to send and expect Word documents (this may be changing slowly).
If you're going to contribute your time & effort, try to contribute in a way that plays to your most valuable skills - that maximises your contribution. Building a house may make you feel good, but it's just depriving some unfortunate member of the local community of a job.
For a start, since the password is not necessarily 128/192/256 bits, you need KEY = SHA256(Password), T[1] = AESENC(Salt with KEY).
Second, this raises the complexity of a brute-force attack by a factor of 3. That's all. Given a guess at the password, you are computing SHA256 + AES + SHA256, and an AES encryption is similar in speed to a SHA256 hash. The fact that the salt is encrypted is completely irrelevant.
If, instead, you keep the salt in the clear and iterate the hash 1000 times, the complexity of a brute-force attack is raised by a factor of 1000.
And you're willing to replace each password you have with one such device, and then carry said devices around with you? I would have to significantly up my time at the gym to manage that.
Having one device that authenticates you to multiple sites is cryptographically difficult to set up and to secure, is still subject to phishing and man-in-the-middle attacks, and is pointless because two-factor authentication is already broken (e.g. by man-in-the-browser).
"It is apparent from the design of the Pro Arctic Laser that it was intended to resemble the hilts of our lightsaber swords, which are protected by copyright..."
17 USC.101: “Pictorial, graphic, and sculptural works” include two-dimensional and three-dimensional works of fine, graphic, and applied art, photographs, prints and art reproductions, maps, globes, charts, diagrams, models, and technical drawings, including architectural plans. Such works shall include works of artistic craftsmanship insofar as their form but not their mechanical or utilitarian aspects are concerned; the design of a useful article, as defined in this section, shall be considered a pictorial, graphic, or sculptural work only if, and only to the extent that, such design incorporates pictorial, graphic, or sculptural features that can be identified separately from, and are capable of existing independently of, the utilitarian aspects of the article."
I'm guessing they are making a tenuous assertion of sculptural copyright (probably a model), on the basis that the laser could be seen to include design elements reminiscent of a lightsaber that may not be strictly dictated by the functional requirements or utility of the laser.
Sounds like a return to the days when "invest" and "charity" meant the same thing. At least commissioned art gives you something of value, i.e. an actual investment.
For your "investment" you will get limited non-commercial rights to a single frame of the movie. One "investor" will get a 1% share of the "profit". "Profit" is defined as income less all expenses including the $135k charity (whoops, I mean "investment") they received in the first place. Needless to say, "income" is undefined.
So their business model is "give us money and we will create a free movie, and then make some money for ourselves off everything other than the distribution of the movie." This is precisely the wrong model for sustainable business.
In other news, consumption of sugar and/or protein has been conclusively shown to increase the likelihood of hyperactive and/or aggressive behaviour. Researchers are also concerned about the effects of Dihydrogen Monoxide, claiming that 100% of death-row inmates have confessed to using this substances in the 24 hours prior to committing their crimes. Worldwide use of dihydrogen monoxide has increased steadily throughout the 1900's.
Security is not the only concern in a payment system, nor is it the most important. Reliability and availability are usually more important. Cost (including logistics) is weighed against risk (which may be reduced through enhanced security) to determine an appropriate equilibrium for all these requirements.
The Weighted average estimate is (T1+(4*T2) + T3)/6
This is the PERT expected time applied to the project as a whole. PERT is a great idea especially if you provide your optimistic (T1), pessimistic (T3) and most likely (T2) estimates along with the result T. In that case you can cite the use of an established estimation technique and CYA as you have provided a clear indication (T3) that the project can miss the target.
Some things we find very useful:
Break the project into chunks that look like something we've done before, and use PERT to estimate each chunk with respect to the developer mostly likely to do the work. Ensure that your chunks cover requirements, development, testing, documentation, packaging, configuration/SCM, integration & testing on site and user acceptance testing.
Construct a scheduling network from the chunks and determine the critical path. That gives an overall estimate on project effort and linear time.
Revise the effort and linear time up by 14% to 33% reflecting only 6-7 productive hours per 8-hour work day due to non-project overheads (company meetings, general admin, those "quick answers" on maintenance questions or opportunities or complexity estimates).
Add a further 8% to 12% to the revised estimate for quality assurance. This is over and above the time in each chunk for testing and review. Even experienced estimators underestimate the time required for their code to be reviewed by other developers.
Add a further 10% for risk. Risk from poor understanding or estimation of the extend of the task is built into each chunk using PERT; this represents risk of an external interruption to the process or to management processes that may impact on the schedule.
Revise the linear time up by 2-3 days per month, reflecting expected sick leave, annual leave and public holidays of critical path developers. We have 12 public holidays a year here; your figure may differ.
The result is the expected linear time to complete the project, assuming no interruptions and the availability of the identified development staff.
Inflate by 0% to 30% when promising a delivery date to customers, depending on the risk associated with late delivery.
Not possible since MSVC6. Newer compilers link against newer version of MSVCRT that do not ship with the OS. So you must either link statically or distribute the MSVCR80/MSVCR90 runtime DLLs.
WTF? Why do you think that you should be able to allocate resources in one subsystem and free them using another? Every dynamic library on any platform can have its own heap management routines. Your stupidity is laughable -- try placing the blame where the incompetence lies.
No, the real problem is that A and B have been developed and released with workarounds for an undocumented behaviour in C, which is later decided to be a bug and corrected. C version Y is obviously not backward bug compatible to C version X, causing the upgrade to break A and B.
I really hate this/lib stuff. I remember the first time I make a C binary executable with GCC. It worked find on my Linux box, so it must work fine on any other Linux box I thought. Wrong! Turned out I needed to apt-get a whole bunch of libraries...
Seriously, all you are saying is that you didn't understand that your compiler was linking to a bunch of libraries, some of which were distributed with the OS and others were your responsibility to distribute when you created the application's setup/install package.
A fair point, although I thought it was clear that my "mutant commie traitor" comment was tongue-in-cheek. But even SMMEs are not necessarily sole proprietorships or partnerships -- a lot take advantage of incorporating to protect themselves from various threats, especially the hostile legal environment (read: frivolous lawsuits from dissatisfied customers).
The real problem here is not the concept of corporate/legal personhood; it is that the enabling legislation for the FCC is weak (or inappropriate). The FCC is given the legal authority to investigate various complaints, to subpoena information relevant to its investigations, to make findings based on the investigations, and to recommend (in some cases enforce) a resolution or sanction. Unlike court records, the factual records created by the FCC are not necessarily public documents (that is, the law does not require them to be public). And that's where the problem lies -- the FCC does not operate under the same rules as the court system, but in some spheres it performs a role more typically associated with the courts.
In society we need certain entities that are able to exist independently of their creators & stakeholders, to continue their existence beyond the lifetimes of the original creators/stakeholders, and to limit the liability of the creators/stakeholders to the investment made. Without such entities no private endeavour could manage more wealth than could be accumulated by a relatively small number of trusting partners. This would make just about any capital intensive activity impossible (including pharmaceutical development, heavy manufacturing, mining, etc) without the intervention of government or nobility (depending on your political system).
In case you're a mutant commie traitor and don't think people should be able to invest in someone else's operations without the possibility of getting sued into oblivion, remember that the same legal concepts enable non-government organisations, clubs and societies to exist (and in some countries trusts as well). Without the concepts of a "legal person" all members would be liable for the debts of a club/society, and the club/society would have to be reformed every time a member joined or left (like a partnership).
So we need a legal framework to facilitate the existence of such entities, hence the concept of corporate personhood. This doesn't mean that a corporation is a person, only that they are in some legal respects treated in the same way as people. There are numerous laws that distinguish between the rights of "natural persons" and "legal persons". The fact that both contain the word "person" is largely irrelevant.
As for the application is privacy laws to companys, it is Blindingly Fucking Obvious that companies have a right to privacy. Trade secrets and business plans are two examples that come to mind. Courts have in the past upheld the rights of companies to keep this information secret (e.g. punishing employees who share this information outside the company), and there are other laws that provide this right to companies (industrial espionage, anyone?). A free and competitive market - the foundation of Western economies - cannot exist without companies having the right to keep this information private.
Contract law is not uniformly enforceable on a global scale, and the costs of determining compliance and obtaining relief for non-compliance are borne by the seller. This makes contracts as you suggest them unworkable for small-scale producers, like individual authors and musicians. It also makes compliance very difficult for individual consumers, who must be aware of different contractual terms for different information. Moreover contracts exist outside the testamentary framework - the digital resources you acquire under contract cannot be transferred to your heirs.
The distance from New York to San Francisco is 3,000 miles (Google Maps says 2,905).
The truck can only manage an average of 18 mph.
The truck driver is unionized and will only drive for 8 hours a day (he'll drive weekends for overtime pay though).
Loading takes a day (8 hours) and the truck leaves the following morning; unloading takes a day. If the truck is over half-full we will add an additional day each for loading and unloading, just to be sure.
Each hard drive is 40 GiB and individually packaged in protective foam, totalling 30cm x 20cm x 6cm in size.
All rounding and all interpretation of SI prefixes favours the T1.
After unloading the HDDs must be manually plugged in (1 hour overhead per drive) and transferred at 10MB/sec.
Time on the road is 166.667 hours or 20.833 days at 8 hours per day, which we'll round up to 21. Add a day each for loading and unloading and we're at 23 days.
In the same 23 days the T1 is busy for 3600 seconds an hour, 24 hours a day. That's a total of 1987200 seconds at 1.544 Mbps (202375 B/s), or 402159.6 million bytes, or just under 403 Gigabytes.
To beat the T1, the truck needs to carry 11 hard drives. They will fit comfortably on the passanger seat.
Each HDD will take 1.2 hours to download, plus 1 hour overhead for connecting and disconnecting. That's 24.2 hours total but the IT monkey only works 8 hours a day so it's going to take 4 days to transfer onto the servers (damn that 0.2...).
During those 4 extra days the T1 is still busy and gets another 69.94 Gigabytes. Looks like we'll actually have to pack _12_ drives into the truck for a total of 480 Gb, beating the T1's 473 Gb over the same period (27 days).
Less conservative assumption: using a 320Gb external USB drive and a motor cycle at 50mph (8 hours per day) you'll make the trip in 8 days, more than doubling the T1's bandwidth.
"Net Neutrality" = "treat all packets equally, regardless of source, destination or protocol. Your packets do not get higher or lower priority than mine, nor do any of my packets get higher priority than my other packets".
This is the only definition that makes long-term sense. You may think that your VoIP requires higher QoS than my IRC, but that doesn't make you right. Prioritising certain types of packet or service explicitly creates the conditions to suppress innovation and allow network providers to abuse their relationship with content providers to their advantage.
If "Net Neutrality" = "unlimited traffic" then BAD. Bandwidth and maximum possible transfer are limited resources, based in physical (real-world) costs like installing and maintaining cables, switches, microwave towers, etc. Charging based on how much data you want (maximum possible transfer AKA cap) and the speed at which you want it (bandwidth) is the only neutral approach that does not prejudice me based on the manner in which I want to use that bandwidth and the type of data I want to deal in.
Consider the situation if telecoms companies had decided 15 years ago that FTP must have the highest priority so that people can get their downloads faster, and that gopher is also quite high priority, but this silly "HTTP" thing is wasting bandwidth and gets deprioritised. We can't foresee what protocols are going to drive the next evolution or revolution on the Internet, which is why protocol prioritisation is a bad thing.
The CA secret key is usually backed up under symmetric encryption (e.g. AES-256). It would be normal for the symmetric key to be split into three 256-bit components that are XORed together to reconstruct the key; each component is entrusted to a different, trusted individual. For really high value secrets (like a CA secret key) it would also be normal to create multiple component sets to protect against the loss of any single component (e.g. the CEO's office burns down but takes more than 40 minutes to do so, and the contents of the fire-proof safe are destroyed).
Slashdot Mirror
Search in the page you linked to for "must", "should" and "recommend", and see just how many scientists are trying to tell people what to do.
Explaining the trends in temperature change and sea level over time is non-political.
Predicting future changes in temperature change and sea level, and predicting the impact on the environment, human settlement and human civilisation is non-political.
Saying "so we must do X to stop this" is political. It presumes that a response is required, it presumes the nature of the response, and it presumes that the response is appropriate in all contexts.
Scientists need to stop making such statements if they expect to be treated as politically neutral seekers of facts. Leave the "we should do X" to the economists and the politicians, then bring science in against to predict the likely effects of the proposals without interpreting the predicted effects ("sea level rise will displace 100,000 people" is science, "which is bad" is philosophy or politics).
Actually it's:
I would support a "for the lifetime of the author/performer" approach, with the proviso "or 50 years where the copyright holder is not a natural person". But this is a stupid musician probably getting a kick-back on a misguided campaign to put more money in the hands of non-creative companies that are killing the production of art in an attempt to prop up their understanding of an industry.
There is an existing key schedule attack against AES-256 (attack complexity 2^119) and AES-192 (complexity 2^176). The existing attack is a related-key attack, and some modes of operation (e.g. XTS as used by TrueCrypt) are not vulnerable to it.
The big deal about this paper is that it (a) operates in a single-key model, rather than requiring a related-key; and (b) is the first attack against full round AES-128.
The reason that AES remains a better choice than serpent or twofish is precisely because this sort of cryptanalysis is going on - we gain more knowledge about the weak points of AES and higher confidence in exactly what security strength it offers. Ciphers with less rigorous study may just be offering the appearance of security because we know less about their weaknesses.
The problem is not document compatibility. The problem is operator compatibility. Users are most likely to have had prior contact with Word; if training is required then it is easiest to get training in Word; and Word has a lower learning curve than OO/LO for basic tasks.
This is excellent advice.
In many parts of Africa you will meet with resistance from both the authorities and local population unless you are introduced by and working in conjunction with an NGO. African governments and NGOs have a variety of plans to address local issues, and many African communities maintain social structures that can complicate offers of aid/assistance unless approached in the appropriate manner. Wandering in naively can be seen as meddlesome rather than helpful.
NGOs tend to be short on all resources, so most have no skills or money for infrastructure support. As the parent says, old virus-ridden PCs are common. Windows & Word are used because the staff know them, they know people who can support MS products in a pinch (Linux skills are substantially less common), and because the norm in business and government is to send and expect Word documents (this may be changing slowly).
For such NGOs, it's worth noting that Microsoft has a program for supporting certain non-profit organisations (including free software, hardware donations, and training) - see http://www.microsoft.com/about/corporatecitizenship/en-us/community-tools/non-profits/ .
If you're going to contribute your time & effort, try to contribute in a way that plays to your most valuable skills - that maximises your contribution. Building a house may make you feel good, but it's just depriving some unfortunate member of the local community of a job.
For a start, since the password is not necessarily 128/192/256 bits, you need KEY = SHA256(Password), T[1] = AESENC(Salt with KEY). Second, this raises the complexity of a brute-force attack by a factor of 3. That's all. Given a guess at the password, you are computing SHA256 + AES + SHA256, and an AES encryption is similar in speed to a SHA256 hash. The fact that the salt is encrypted is completely irrelevant. If, instead, you keep the salt in the clear and iterate the hash 1000 times, the complexity of a brute-force attack is raised by a factor of 1000.
Yes, and it causes your users to write their passwords on Post-It notes that they stick to their screens.
And you're willing to replace each password you have with one such device, and then carry said devices around with you? I would have to significantly up my time at the gym to manage that. Having one device that authenticates you to multiple sites is cryptographically difficult to set up and to secure, is still subject to phishing and man-in-the-middle attacks, and is pointless because two-factor authentication is already broken (e.g. by man-in-the-browser).
Ah yes, cryptographic hand waving - what those damned cryptographers just insist on doing do when they're right.
I'm guessing they are making a tenuous assertion of sculptural copyright (probably a model), on the basis that the laser could be seen to include design elements reminiscent of a lightsaber that may not be strictly dictated by the functional requirements or utility of the laser.
Sounds like a return to the days when "invest" and "charity" meant the same thing. At least commissioned art gives you something of value, i.e. an actual investment.
For your "investment" you will get limited non-commercial rights to a single frame of the movie. One "investor" will get a 1% share of the "profit". "Profit" is defined as income less all expenses including the $135k charity (whoops, I mean "investment") they received in the first place. Needless to say, "income" is undefined.
So their business model is "give us money and we will create a free movie, and then make some money for ourselves off everything other than the distribution of the movie." This is precisely the wrong model for sustainable business.
In other news, consumption of sugar and/or protein has been conclusively shown to increase the likelihood of hyperactive and/or aggressive behaviour. Researchers are also concerned about the effects of Dihydrogen Monoxide, claiming that 100% of death-row inmates have confessed to using this substances in the 24 hours prior to committing their crimes. Worldwide use of dihydrogen monoxide has increased steadily throughout the 1900's.
Security is not the only concern in a payment system, nor is it the most important. Reliability and availability are usually more important. Cost (including logistics) is weighed against risk (which may be reduced through enhanced security) to determine an appropriate equilibrium for all these requirements.
The Weighted average estimate is (T1+(4*T2) + T3)/6
This is the PERT expected time applied to the project as a whole. PERT is a great idea especially if you provide your optimistic (T1), pessimistic (T3) and most likely (T2) estimates along with the result T. In that case you can cite the use of an established estimation technique and CYA as you have provided a clear indication (T3) that the project can miss the target.
Some things we find very useful:
Not possible since MSVC6. Newer compilers link against newer version of MSVCRT that do not ship with the OS. So you must either link statically or distribute the MSVCR80/MSVCR90 runtime DLLs.
WTF? Why do you think that you should be able to allocate resources in one subsystem and free them using another? Every dynamic library on any platform can have its own heap management routines. Your stupidity is laughable -- try placing the blame where the incompetence lies.
No, the real problem is that A and B have been developed and released with workarounds for an undocumented behaviour in C, which is later decided to be a bug and corrected. C version Y is obviously not backward bug compatible to C version X, causing the upgrade to break A and B.
I really hate this /lib stuff. I remember the first time I make a C binary executable with GCC. It worked find on my Linux box, so it must work fine on any other Linux box I thought. Wrong! Turned out I needed to apt-get a whole bunch of libraries...
Seriously, all you are saying is that you didn't understand that your compiler was linking to a bunch of libraries, some of which were distributed with the OS and others were your responsibility to distribute when you created the application's setup/install package.
A fair point, although I thought it was clear that my "mutant commie traitor" comment was tongue-in-cheek. But even SMMEs are not necessarily sole proprietorships or partnerships -- a lot take advantage of incorporating to protect themselves from various threats, especially the hostile legal environment (read: frivolous lawsuits from dissatisfied customers).
The real problem here is not the concept of corporate/legal personhood; it is that the enabling legislation for the FCC is weak (or inappropriate). The FCC is given the legal authority to investigate various complaints, to subpoena information relevant to its investigations, to make findings based on the investigations, and to recommend (in some cases enforce) a resolution or sanction. Unlike court records, the factual records created by the FCC are not necessarily public documents (that is, the law does not require them to be public). And that's where the problem lies -- the FCC does not operate under the same rules as the court system, but in some spheres it performs a role more typically associated with the courts.
They're not equivalent to natural people.
In society we need certain entities that are able to exist independently of their creators & stakeholders, to continue their existence beyond the lifetimes of the original creators/stakeholders, and to limit the liability of the creators/stakeholders to the investment made. Without such entities no private endeavour could manage more wealth than could be accumulated by a relatively small number of trusting partners. This would make just about any capital intensive activity impossible (including pharmaceutical development, heavy manufacturing, mining, etc) without the intervention of government or nobility (depending on your political system).
In case you're a mutant commie traitor and don't think people should be able to invest in someone else's operations without the possibility of getting sued into oblivion, remember that the same legal concepts enable non-government organisations, clubs and societies to exist (and in some countries trusts as well). Without the concepts of a "legal person" all members would be liable for the debts of a club/society, and the club/society would have to be reformed every time a member joined or left (like a partnership).
So we need a legal framework to facilitate the existence of such entities, hence the concept of corporate personhood. This doesn't mean that a corporation is a person, only that they are in some legal respects treated in the same way as people. There are numerous laws that distinguish between the rights of "natural persons" and "legal persons". The fact that both contain the word "person" is largely irrelevant.
As for the application is privacy laws to companys, it is Blindingly Fucking Obvious that companies have a right to privacy. Trade secrets and business plans are two examples that come to mind. Courts have in the past upheld the rights of companies to keep this information secret (e.g. punishing employees who share this information outside the company), and there are other laws that provide this right to companies (industrial espionage, anyone?). A free and competitive market - the foundation of Western economies - cannot exist without companies having the right to keep this information private.
Contract law is not uniformly enforceable on a global scale, and the costs of determining compliance and obtaining relief for non-compliance are borne by the seller. This makes contracts as you suggest them unworkable for small-scale producers, like individual authors and musicians. It also makes compliance very difficult for individual consumers, who must be aware of different contractual terms for different information. Moreover contracts exist outside the testamentary framework - the digital resources you acquire under contract cannot be transferred to your heirs.
Not relevant. The truck wins.
Let's make some conservative assumptions:
Time on the road is 166.667 hours or 20.833 days at 8 hours per day, which we'll round up to 21. Add a day each for loading and unloading and we're at 23 days.
In the same 23 days the T1 is busy for 3600 seconds an hour, 24 hours a day. That's a total of 1987200 seconds at 1.544 Mbps (202375 B/s), or 402159.6 million bytes, or just under 403 Gigabytes.
To beat the T1, the truck needs to carry 11 hard drives. They will fit comfortably on the passanger seat.
Each HDD will take 1.2 hours to download, plus 1 hour overhead for connecting and disconnecting. That's 24.2 hours total but the IT monkey only works 8 hours a day so it's going to take 4 days to transfer onto the servers (damn that 0.2 ...).
During those 4 extra days the T1 is still busy and gets another 69.94 Gigabytes. Looks like we'll actually have to pack _12_ drives into the truck for a total of 480 Gb, beating the T1's 473 Gb over the same period (27 days).
Less conservative assumption: using a 320Gb external USB drive and a motor cycle at 50mph (8 hours per day) you'll make the trip in 8 days, more than doubling the T1's bandwidth.
No.
"Net Neutrality" = "treat all packets equally, regardless of source, destination or protocol. Your packets do not get higher or lower priority than mine, nor do any of my packets get higher priority than my other packets".
This is the only definition that makes long-term sense. You may think that your VoIP requires higher QoS than my IRC, but that doesn't make you right. Prioritising certain types of packet or service explicitly creates the conditions to suppress innovation and allow network providers to abuse their relationship with content providers to their advantage.
If "Net Neutrality" = "unlimited traffic" then BAD. Bandwidth and maximum possible transfer are limited resources, based in physical (real-world) costs like installing and maintaining cables, switches, microwave towers, etc. Charging based on how much data you want (maximum possible transfer AKA cap) and the speed at which you want it (bandwidth) is the only neutral approach that does not prejudice me based on the manner in which I want to use that bandwidth and the type of data I want to deal in.
Consider the situation if telecoms companies had decided 15 years ago that FTP must have the highest priority so that people can get their downloads faster, and that gopher is also quite high priority, but this silly "HTTP" thing is wasting bandwidth and gets deprioritised. We can't foresee what protocols are going to drive the next evolution or revolution on the Internet, which is why protocol prioritisation is a bad thing.
The CA secret key is usually backed up under symmetric encryption (e.g. AES-256). It would be normal for the symmetric key to be split into three 256-bit components that are XORed together to reconstruct the key; each component is entrusted to a different, trusted individual. For really high value secrets (like a CA secret key) it would also be normal to create multiple component sets to protect against the loss of any single component (e.g. the CEO's office burns down but takes more than 40 minutes to do so, and the contents of the fire-proof safe are destroyed).