So you actually don't know what the % of false positives is, you just popped a number. I assume you say it is "essentially zero" because nobody tells you of mail you missed.
I examine a sample of mail every so often. But 99% is deleted unchecked.
You don't know what you're talking about. If you knew anything about Bayesian filters, you'd know that all information in a message is/can be used: that includes headers, time stamps, etc. Even the spacing between words might be used depending on the filter.
The claim made by Graham was that personal filtering based on Bayesian learning was the silver bullet. It isn't.
The performance of filters of the type described by Graham is considerably worse, orders of magnitude in fact, than filters that do not rely on personalized learning.
In particular Bayesian strategies are less effective than other learning strategies.
The point about timing is that bulk spam tools have distinctive packet arrival time signatures.
Paul Graham is like the viliage idot who stops a car to tell the passengers about how he has just invented the wheel and the horse buggy will change everything. He was not the first to propose filtering, Bayesian filtering and other learning strategies have proved more effective.
We don't live in a Bayesian world. Spam in particular is aggressively non-Bayesian.
Silver bullet for what? Bayesian filtering simply works. The thing is, lots of people want a single filter to work for more than one person, and then of course you'll get issues: What's interesting/spam for one person is not the same as what's interesting/spam for another person, so why should a single filter know?
Bayesian filtering does not come close to the effectiveness of most of the commercial schemes I have used. Since I get over 3,500 spams a day (and 500 legitimate mails) I could not possibly tollerate even a 1% false positive rate. Currently I have less than 30 false negatives and essentially zero false positives. I do not check my junk mail folder, simply can't afford to.
Content analysis as pushed by Graham is much less effective than looking at other message features such as the headers, timing, etc. Bayesian learning is much less effective than other strategies.
Best paper at Graham's first spam conference was by an MIT undergrad from course 6 who completely debunked the whole notion with some rudimentary statistical analysis.
This is peanuts. If this is all the money you're going to get, it's probably a better use of your efforts to keep your day job and do your startup on your own spare time.
Hence the hard sell. This is not a particularly high powered bunch by Valley standards.
Graham probably hurt the spam world as much as he helped. He thought Bayesian filtering was a silver bullet, it isn't.
$20K for 6%? Thats idiotic. A VC looking at that type of deal is not going to be impressed. $20K should buy no more than a thenth that amount, and thats expensive.
The real reason they are claiming that not using their DRM is a circumvention mechanism is because their whole technology depends on their software being present in order for the content to remain protected. If the software is absent, the content can be accessed in the clear. Apparently it is some kind of watermarking system that would trigger the software to check your authorization to access the content.
Its either a publicity stunt or public stupidity.
Failure to deploy a mechanism is not circumvention by any stretch of the imagination. And the DCMA only makes it illegal to circumvent an effective DRM scheme. This scheme is not effective by any stretch of the imagination.
Furthermore there is a simple mechanism for them to prevent content being displayed on unauthorized machines - encrypt it and build the decryption key into the reader.
What the suit amounts to is a demand for Microsoft to do all the hard work required to develop a DRM scheme and allow this gang of twits to set up the toll booth.
... you see, this is impossible. Impossible, due to the separation of powers. It's obviously the executive branch of government that is requesting the data, and the legislative that would be able to grant immunity.
Quite, the story is incorrect. The Bush administration is making the proposal. Congress is not going to pass it. So the proposal means no more than a flame on Slashdot does, probably less.
Bush could use his pardon power but that would mean admitting the original illegality and the right of Congress to control the actions of the President. Under the 'unitary executive' theory the administration has been pushing the President has permanent dictatorial powers and can break any law he chooses.
Given that the Attorney General is facing impeachment for obstruction of justice, lying to Congress and facilitating the corruption of at least ten Republicans in Congress, it does not look very likely that Congress is going to give Bush additional powers at this time. More likely they add illegal wiretapping to the Gonzalez impeachment charges.
It is too soon to say whether this is going to be a sustained trend. If it is economics is certainly the reason.
I would state the reason somewhat differently though. A traditional extortion racket is called protection for a reason - to get paid the extortionist has to provide a guarantee of safety from attack against other gangs, not just his own.
The DDoS extortion rings can't stop any attacks other than their own. So they cannot provide a guarantee of service. Paying up does not guarantee service.
Another difference is that the attacker cannot make a credible threat that discourages going to the police.
Yet another difference is that there are services that do provide for adequate DDoS protection.
All things considered the logical response to targetting by a DDoS attack is to call the police first, then call a DDoS protection specialist. The only time it makes sense to pay up is if you can do a sting and get the perps arrested.
That said there is another aspect, the bots used for DDoS are the ones that can't be used for anything else. They are blacklisted by the spam filtering companies. DDoS might well resurge as other net crimes stop being economic and the perps look for new scams.
Wouldn't this basically be a version of SecurID? Why don't banks just roll out SecurID to everyone and get the same net effect?
Because SecureID is a closed, proprietary system.
The VeriSign/OATH scheme is patented but there is a royalty free license that allows anyone to make the cards/tokens/whatever.
Also the OATH scheme is a counter based token, not a clock. A clock would not work on the card form factor, the battery would not last long enough to be interesting. A counter based scheme is much more practical.
I think you overestimate the importance of opinion in favor of economic realities. I assume that South Africa, being a rich former colony, was relatively dependent on the West for certain items, and sanctions made it very difficult to remain self-sufficient for long.
On the contrary, they had gold and diamonds, no problem buying anything they wanted.
What brought apartheid down was the psychological rejection, in particular the sports boycott. Also the cumulative effect of Western TV drama being broadcast into the country. Combined they pretty much undercut the ideological basis of the regime. Its somewhat hard to maintain a lie when the rest of the world is visibly rejecting it.
Uh, what do you mean by backed? Here is a snippet from Wikipedia:
The bay of pigs was seen in Cuba as an attempt to put Batista's crew back in control. And that is the objective of many of the US anti-Cuban campaigners that are courted every US Presidential election.
The current approach is not working and never will. Sanctions are an ideological weapon, not an economic one. They only work if you start from the right position. Western sanctions are not going to change opinion in Sudan or Iran or Cuba or North Korea.
To see how it works take a look at Israel which has ridden out an Arab boycott for fifty years. It is not even a political concern. A boycott by the West on the other hand would be devastating psychologically.
Iran is the regional superpower. It is the center of the Shi'a world. It does not need validation from any other source. Sanctions would be ineffective for that reason alone. But more importantly Russia and China require access to Iranian oil and so must in the final analysis back Iran come what may. Nothing that is taking place in Iran is anywhere near as bad as what has been going on in North Korea where people die by the hundreds of thousand every few years in famines caused by the incompetence of the regime.
"Ahmendinejad's gangs of armed thugs" This phrase reveals your Zionist affiliation so much.
Your use of the term Zionist is as discreditable as the use made of 'anti-semite'.
Ahmendinejad is a thug who will get his deserts sooner or later. He is behind the murder of political opponents and backs a regime which uses judicial murder to silence critics.
Small wonder then that the regime cannot afford to hold a real election and is scared stiff of the reform movement. Eventually the tactic of silencing opposition with chants of death to America will stop working.
The reason for the Iranian concern here is that the revolution was originally spread through compact cassette tapes. This has nothing to do with morality, it is all about political control.
The regime is becoming very unstable, the only shill the mullahs could find to front for them was Ahmendinejad. And many of them have been visibly regretting it since. He is doing the crazy act a little bit too well.
The problem is similar to Cuba, it is pretty easy to keep a regime going for a very long time if there is a widespread perception of an iminent external threat. If a country is attacked the people are going to side with their government regardless of what it is like. The Russians sided with Stalin, the Cubans side with Castro, the Iranians will side with the mullahs.
Sanctions don't work unless the country targeted by the sanctions respects the party applying them. Sanctions worked in South Africa because the South African whites considered their country to be a part of the Western world. The rejection mattered to them. Cuba might respond to sanctions from Latin America, but sanctions from the country that backed the corrupt Batista despotism are not going to work.
Instant messaging is a way for opponents of the regime to organize. They can keep tabs on Ahmendinejad's gangs of armed thugs. They can arrange protests and demonstrations.
There is a blogosphere in Iran and it is spread by SMS messaging. That is cool.
I think I disagree with this. It may be that the DIYers are the most vocal, and the most likely for us to encounter online, but I do not think that they dominate.
Even the ready-made PCs have the DIY look about them.
Why can't I buy a PC that is as small and neat as a mac mini? The shuttle is huge in comparison.
Part of the reason is that we insist on 'expandability' but that is now a crock. Unless you are going to buy a machine and replace the graphics card within a year the bus is going to be obsolete by the time you get to do it.
The only time I upgraded a graphics card was when I upgraded a machine to XP and discovered that the 3DFX Voodoo card that was in the box was no longer supported. As it turned out the reliability problem that was the reason for moving from Windows 98 disappeared as soon as I replaced the video board.
Let's not forget the fact that while Dell laptops are oftentimes nice machines, their enclosures are hideous, clunky pieces of plastic that can't hold a candle to Thinkpads or Macbooks.
I have never seen a Dell machine that has made me think 'I have to have one of those'. I suspect that the laptops are designed to sell in bulk to corporate customers rather than stand on their own merits.
I certainly would not buy a laptop from a company with the customer service reputation Dell has acquired of late.
Laptops I have seen that I liked are the upmarket Apple models and the Thinkpad X60. For some reason nobody really seems to have gone after the PC market with design cues as strong as Apple's. Sony have come close at times but my experience is that their stuff is fragile.
In the desktop area everyone I know buys Dell because they are the cheapest brand offering an acceptable level of reliability. I bought my son a machine for $500 including the flat panel monitor. Thats much cheaper than the previous one I built for him myself.
Main problem with the Dell's is that they are horribly noisy. This is not something that reviewers think worth a mention for some reason. And when you do find comments they can be useless. If you look at any of the bulletin boards for reviews of high end machines there is always a post from some poor slob who claims to have invested his college fund in an Alienware or the like which came in the wrong shade of green and they took two years to fix it attached to the very latest model.
The PC market seems to be dominated by the DIY aesthetic. Real men don't buy ready made machines. They buy the parts and fit them together. Time is a much more scarce resource for me than money and I don't want a machine that looks like a kit. Thats probably why people by the Voodoo elemental, they just get fed up having to explain to people that they don't need to save $500 building the machine themselves from parts so they drop $3500 having a $7000 machine gold plated. I bought the baseline BAM model and told the wife how much I saved by not going for the 'gold plated' edition, she still thinks it was a figure of speech. Good thing she doesn't read either Slashdot or the Amex bill.
Due to the way IE handles root CAs (i.e. pay lots of money), it is not likely to get in there for a very long time.
Microsoft no longer charge for including a root. Instead they require a CA to have a WebTrust audit. That can run to a hundred thousand dollars.
The issue that keeps comming up here is that people want to do encryption without a CA. Thats fine, the CA infrastructure was designed to support authentication, not encryption. If you are not concerned about a man in the middle attack you do not need a CA.
What you do need a CA for is to cause the padlock icon to be shown to the user. And in todays browsers that happens with every SSL session. The solution that I proposed a couple of weeks ago is to support encryption-only SSL in the browser. You would still have issues with legacy browsers but that will solve itself in time.
The certificate arrived in unencrypted email! I kid you not.
And worse still it is sitting in an LDAP directory with world read access.
The certificate is a public document. The security of the system only depends on keeping the private key confidential. The certificate is transmitted in plaintext in pretty much every mainstream protocol.
That is what Public Key Cryptography is all about.
The point of the verification callback is to check that the person who applied for the certificate was authorized to do so. What you did not see there is the checking that went into finding the number to call you on.
Better yet, generate the keys on a smart card so that the private key can't be extracted or exported by code on your computer. Do you really trust your OS? With a smart card, the signing occurs on the card and not in your computer. This improves the system security at a much lower cost than doing the signing in a special crypto hardware module.
Exactly, and if you want to be a CA you should be looking at very high security hardware such as the Chysalis or n-Cipher products which are FIPS 140-4 certified.
I think that the premise of this whole article is wrong. What people need is an open source mechanism for communicating securely. The most practical model is almost certainly not going to be a CA. Unless you are going to be serious about the authentication criteria you might as well use self signed certs.
The whole point of the CA model is to concentrate trust in one link of the chain and to lock it down with really tight security. Thats not the sort of project that fits the open source model well. Anyone want to try open source heart surgey? How about open source tax accounting?
People might have fun setting up a CA but running one is about as interesting as watching paint dry. Particularly if nobody is going to be paying you to do it.
If you want to go this route get rid of the CA entirely, just make sure that you also get rid of any security indicators that might give the user a misleading indication of the level of security being achieved.
And don't just fixate on Phil Zimmermann, look at the ideas of people who made the web of trust model work, like Brian LaMachia. Look at ideas like SDSI/SPKI that Rivest and Lampson worked on. Take a look at XKMS and DNSSEC.
Above all start by deciding the use cases you are going to be serving. If you want to support online commerce the level of trust you have to achieve is going to be very high. if on the other hand you want to allow people to read their email or post to their blog over SSL encryption the barrier is much lower.
Credit cards simply should not work based on knowledge of a stupid number.
Few people would argue with that idea.
Change the system so that every transaction is authorized through a direct communication between the cardholder and credit card company, and you've eliminated the danger of not knowing which merchants to trust with a common number.
That is underway, in Europe they already use smartcards for credit card transactions. Getting that to happen in the US is a major problem because there are 10,000 issuing banks and the cost/benefits of smartcards do not fit into the existing model.
Even so it is going to take a very long time for the old card number system to disappear.
Actually, what the article is talking about is a 1.8 inch drive - the smaller form factor for laptop hard drives, just with no moving parts.
The form factor is not relevant here since the flash drive is merely an option on an existing chasis. We won't see any size reduction in the machine until there is a chasis purposed designed for a flash drive.
64Gb compact flash drives are already available - at a price! So there is no difficulty fitting the memory into the machine. And several makers already offer 8Gb SD format cards. It is something of a pity that the HSD format has been cocked up so that it won't stretch beyond 32Gb but there is no understanding idiocy.
Ideally a machine would have three flash slots capable of taking a drive with at least a 32Gb capacity. By the time it is affordable to fill them that is going to be SD/HCSD. That allows for one drive for the boot disk and installed software, a second for user data and a third to back up either of the first two or alternatively to take media from a camera or such.
While the keyboard and screen define two of the important size constraints on a laptop, thickness and weight are equally critical. If you look at the compact format laptops the hard drive is actually a fairly significant constraint on the design. They are certainly a major reliability issue. Moving parts are bad news.
For this all to work though someone has to tell Microsoft that they have to support NTFS on removable media. I am fed up being told that I can't encrypt data on my USB drive.
The cost is not very important. Whatever the drive costs today it will cost less in a years time.
What is rather more interesting is what eliminating the hard drive will allow in terms of laptop design. A compact flash card is much smaller than a hard drive, the volume saved will be significant on compact format laptops.
Another interesting difference is that it will be easier to make the drive easily removable on compact laptops. Today this tends to be a feature of the larger models which means that corporate IT depts are less willing to offer compact units.
OK so two hilarious anecdotes where CCW caused the bad guys to get caught.
Compared to 32 people murdered by a gun nut today alone.
Fifteen years ago I had a similar argument with a gun nut. They executed him a few years ago for the murder of 168 people in the Oaklahoma City Bombing, guy called Timothy McVeigh.
Sound mad? Well, you can buy a $1M Lombarghini (taxes) and get stuck in Istanbul traffic behind a bus, which one sounds logical?:)
I would be happy to sell you the brand new Lambo of your choice for $1 million but the list price on their most expensive model is only $380K. There might be a second hand model that fetches $1 million but I am not aware of one fetching anywhere near that price at auction.
Lambos do not appreciate the way Ferraris do. A second hand Countach can be bought for rather less than the price of this particular telly.
I think that the reason folk had to invent home theatre was to find a way to spend more money on HiFi after CD made the difference between a $100 player and a $5000 player irrelevant. There are plenty of folk who pay $250K for home theatre setups. Once you get into building work it is pretty easy to spend very large amounts of cash.
What is rather more interesting to me is the length of time before this size TV becomes available at a more reasonable price. It probably represents the limit on what will fit into the house that is not purpose built. The market for $90K TVs certainly exists but it is not huge.
Given the choice between that telly and a brand new Jaguar XK8 I would take the Jag. At $5K the cost of the telly would be rather less than the building work necessary to make the most of it.
What I find really interesting is the number of people who moderate what are clearly legitimate comments in this thread as Troll.
The slashdot moderation system has a tendency to collapse during political discussion, but this particular instance is more than a little ironic. The folk moderating down posts because they make good arguments against Imus probably consider themselves to be protecting the world from censorship.
Now if we can just get "outside forces" to get Jessie Jackson and Al Sharpton fired (oh, that's right, they don't actually "work", per se). The incredible double-standard in this country is just mind-boggling.
Its only mind boggling if you ignore the fact that not very long ago an apartheid system operated in the racist South.
The principle supporters of segregation were Democrats. When LBJ signed the civil rights act the segregationists quit the Democratic party and were welcomed with open arms by the Republican party. Except for Sen. Byrd who stopped being a racist.
And so as a result it is OK for the people who were oppressed under segregation to make comments that it is not OK for white people to say. Chris Rock can talk about 'Niggers' because nobody is going to make the mistake of thinking that he might be a closet sympathizer of the KKK.
When Trent Lott, George Allen and other white folk don't get the benefit of the doubt, precisely because there are still racists who think that its OK to treat black people as second class citizens. There are even still people who try to disenfranchise black people by making it harder for them to vote. Take a look at the elections in Florida where black people were systematically disenfranchised for having the same name as convicted felons. Take a look at Ohio where the corrupt Republican secretary of state deliberately distributed election equipment so that black people had to wait hours to vote while white people got to vote immediately.
It is pretty difficult to prove that the systematic measures used to disenfranchise blacks are deliberate. They are cloaked in the language of 'preventing voter fraud'. So society has to rely on proxy measures for likely racism. And that is why it is not acceptable for any white person who makes racist statements to have any role in the political process.
There is a double standard here, its called the race card and its the Republican party that has made a habit of playing it at every opportunity for the past forty years.
You're forgetting that he supported Kerry in 2004 and even supported him after Kerry's stupid "if you're dumb, you join the Army" (paraphrased) remark.
Backing Kerry makes perfect sense when the alternative is W. I would personally back Dan Quayle against Bush (barely). Bush combines the dishonesty of Nixon, the corruption of Grant and the incompetence of Warren Harding.
Kerry made one remark that was deliberately interpreted in a stupid way.
The Dufus in Chief on the other hand says something stupid every time he opens his mouth. On Wednesday he was saying that any delay in delivering the emergency spending bill for Iraq might cause tours of duty to have to be extended. Then on Thursday the Pentagon was forced to admit that tours of duty were going to be extended anyway because of a leaker. So in other words Bush said a deliberate and calculated lie on Wednesday, blaming Democrats for a policy he had already decided on.
More important is the intent behind the statement. Kerry's target was very clearly Bush and not the troops as the right wing echo chamber tried to claim. Imus deals in racist ad bitogtted trash talk continuously.
Oddly enough I blogged on gotcha journalism aimed at Giuliani a couple of days ago when he was caught with the old 'how much does a gallon of milk cost' quizzer. Its a stupid tactic. I don't think much of Giuliani, after hearing him speak in person I think he is an empty suit. But the gotcha journalism s just as stupid.
Slashdot Mirror
I examine a sample of mail every so often. But 99% is deleted unchecked.
The claim made by Graham was that personal filtering based on Bayesian learning was the silver bullet. It isn't.
The performance of filters of the type described by Graham is considerably worse, orders of magnitude in fact, than filters that do not rely on personalized learning. In particular Bayesian strategies are less effective than other learning strategies.
The point about timing is that bulk spam tools have distinctive packet arrival time signatures.
Paul Graham is like the viliage idot who stops a car to tell the passengers about how he has just invented the wheel and the horse buggy will change everything. He was not the first to propose filtering, Bayesian filtering and other learning strategies have proved more effective.
We don't live in a Bayesian world. Spam in particular is aggressively non-Bayesian.
Bayesian filtering does not come close to the effectiveness of most of the commercial schemes I have used. Since I get over 3,500 spams a day (and 500 legitimate mails) I could not possibly tollerate even a 1% false positive rate. Currently I have less than 30 false negatives and essentially zero false positives. I do not check my junk mail folder, simply can't afford to.
Content analysis as pushed by Graham is much less effective than looking at other message features such as the headers, timing, etc. Bayesian learning is much less effective than other strategies.
Best paper at Graham's first spam conference was by an MIT undergrad from course 6 who completely debunked the whole notion with some rudimentary statistical analysis.
Hence the hard sell. This is not a particularly high powered bunch by Valley standards.
Graham probably hurt the spam world as much as he helped. He thought Bayesian filtering was a silver bullet, it isn't.
$20K for 6%? Thats idiotic. A VC looking at that type of deal is not going to be impressed. $20K should buy no more than a thenth that amount, and thats expensive.
Its either a publicity stunt or public stupidity.
Failure to deploy a mechanism is not circumvention by any stretch of the imagination. And the DCMA only makes it illegal to circumvent an effective DRM scheme. This scheme is not effective by any stretch of the imagination.
Furthermore there is a simple mechanism for them to prevent content being displayed on unauthorized machines - encrypt it and build the decryption key into the reader.
What the suit amounts to is a demand for Microsoft to do all the hard work required to develop a DRM scheme and allow this gang of twits to set up the toll booth.
Quite, the story is incorrect. The Bush administration is making the proposal. Congress is not going to pass it. So the proposal means no more than a flame on Slashdot does, probably less.
Bush could use his pardon power but that would mean admitting the original illegality and the right of Congress to control the actions of the President. Under the 'unitary executive' theory the administration has been pushing the President has permanent dictatorial powers and can break any law he chooses.
Given that the Attorney General is facing impeachment for obstruction of justice, lying to Congress and facilitating the corruption of at least ten Republicans in Congress, it does not look very likely that Congress is going to give Bush additional powers at this time. More likely they add illegal wiretapping to the Gonzalez impeachment charges.
I would state the reason somewhat differently though. A traditional extortion racket is called protection for a reason - to get paid the extortionist has to provide a guarantee of safety from attack against other gangs, not just his own.
The DDoS extortion rings can't stop any attacks other than their own. So they cannot provide a guarantee of service. Paying up does not guarantee service.
Another difference is that the attacker cannot make a credible threat that discourages going to the police.
Yet another difference is that there are services that do provide for adequate DDoS protection.
All things considered the logical response to targetting by a DDoS attack is to call the police first, then call a DDoS protection specialist. The only time it makes sense to pay up is if you can do a sting and get the perps arrested.
That said there is another aspect, the bots used for DDoS are the ones that can't be used for anything else. They are blacklisted by the spam filtering companies. DDoS might well resurge as other net crimes stop being economic and the perps look for new scams.
Because SecureID is a closed, proprietary system.
The VeriSign/OATH scheme is patented but there is a royalty free license that allows anyone to make the cards/tokens/whatever.
Also the OATH scheme is a counter based token, not a clock. A clock would not work on the card form factor, the battery would not last long enough to be interesting. A counter based scheme is much more practical.
On the contrary, they had gold and diamonds, no problem buying anything they wanted.
What brought apartheid down was the psychological rejection, in particular the sports boycott. Also the cumulative effect of Western TV drama being broadcast into the country. Combined they pretty much undercut the ideological basis of the regime. Its somewhat hard to maintain a lie when the rest of the world is visibly rejecting it.
Uh, what do you mean by backed? Here is a snippet from Wikipedia:
The bay of pigs was seen in Cuba as an attempt to put Batista's crew back in control. And that is the objective of many of the US anti-Cuban campaigners that are courted every US Presidential election.
The current approach is not working and never will. Sanctions are an ideological weapon, not an economic one. They only work if you start from the right position. Western sanctions are not going to change opinion in Sudan or Iran or Cuba or North Korea.
To see how it works take a look at Israel which has ridden out an Arab boycott for fifty years. It is not even a political concern. A boycott by the West on the other hand would be devastating psychologically.
Iran is the regional superpower. It is the center of the Shi'a world. It does not need validation from any other source. Sanctions would be ineffective for that reason alone. But more importantly Russia and China require access to Iranian oil and so must in the final analysis back Iran come what may. Nothing that is taking place in Iran is anywhere near as bad as what has been going on in North Korea where people die by the hundreds of thousand every few years in famines caused by the incompetence of the regime.
Your use of the term Zionist is as discreditable as the use made of 'anti-semite'.
Ahmendinejad is a thug who will get his deserts sooner or later. He is behind the murder of political opponents and backs a regime which uses judicial murder to silence critics.
Small wonder then that the regime cannot afford to hold a real election and is scared stiff of the reform movement. Eventually the tactic of silencing opposition with chants of death to America will stop working.
The regime is becoming very unstable, the only shill the mullahs could find to front for them was Ahmendinejad. And many of them have been visibly regretting it since. He is doing the crazy act a little bit too well.
The problem is similar to Cuba, it is pretty easy to keep a regime going for a very long time if there is a widespread perception of an iminent external threat. If a country is attacked the people are going to side with their government regardless of what it is like. The Russians sided with Stalin, the Cubans side with Castro, the Iranians will side with the mullahs.
Sanctions don't work unless the country targeted by the sanctions respects the party applying them. Sanctions worked in South Africa because the South African whites considered their country to be a part of the Western world. The rejection mattered to them. Cuba might respond to sanctions from Latin America, but sanctions from the country that backed the corrupt Batista despotism are not going to work.
Instant messaging is a way for opponents of the regime to organize. They can keep tabs on Ahmendinejad's gangs of armed thugs. They can arrange protests and demonstrations.
There is a blogosphere in Iran and it is spread by SMS messaging. That is cool.
Even the ready-made PCs have the DIY look about them.
Why can't I buy a PC that is as small and neat as a mac mini? The shuttle is huge in comparison.
Part of the reason is that we insist on 'expandability' but that is now a crock. Unless you are going to buy a machine and replace the graphics card within a year the bus is going to be obsolete by the time you get to do it.
The only time I upgraded a graphics card was when I upgraded a machine to XP and discovered that the 3DFX Voodoo card that was in the box was no longer supported. As it turned out the reliability problem that was the reason for moving from Windows 98 disappeared as soon as I replaced the video board.
I have never seen a Dell machine that has made me think 'I have to have one of those'. I suspect that the laptops are designed to sell in bulk to corporate customers rather than stand on their own merits.
I certainly would not buy a laptop from a company with the customer service reputation Dell has acquired of late.
Laptops I have seen that I liked are the upmarket Apple models and the Thinkpad X60. For some reason nobody really seems to have gone after the PC market with design cues as strong as Apple's. Sony have come close at times but my experience is that their stuff is fragile.
In the desktop area everyone I know buys Dell because they are the cheapest brand offering an acceptable level of reliability. I bought my son a machine for $500 including the flat panel monitor. Thats much cheaper than the previous one I built for him myself.
Main problem with the Dell's is that they are horribly noisy. This is not something that reviewers think worth a mention for some reason. And when you do find comments they can be useless. If you look at any of the bulletin boards for reviews of high end machines there is always a post from some poor slob who claims to have invested his college fund in an Alienware or the like which came in the wrong shade of green and they took two years to fix it attached to the very latest model.
The PC market seems to be dominated by the DIY aesthetic. Real men don't buy ready made machines. They buy the parts and fit them together. Time is a much more scarce resource for me than money and I don't want a machine that looks like a kit. Thats probably why people by the Voodoo elemental, they just get fed up having to explain to people that they don't need to save $500 building the machine themselves from parts so they drop $3500 having a $7000 machine gold plated. I bought the baseline BAM model and told the wife how much I saved by not going for the 'gold plated' edition, she still thinks it was a figure of speech. Good thing she doesn't read either Slashdot or the Amex bill.
Microsoft no longer charge for including a root. Instead they require a CA to have a WebTrust audit. That can run to a hundred thousand dollars.
The issue that keeps comming up here is that people want to do encryption without a CA. Thats fine, the CA infrastructure was designed to support authentication, not encryption. If you are not concerned about a man in the middle attack you do not need a CA.
What you do need a CA for is to cause the padlock icon to be shown to the user. And in todays browsers that happens with every SSL session. The solution that I proposed a couple of weeks ago is to support encryption-only SSL in the browser. You would still have issues with legacy browsers but that will solve itself in time.
And worse still it is sitting in an LDAP directory with world read access.
The certificate is a public document. The security of the system only depends on keeping the private key confidential. The certificate is transmitted in plaintext in pretty much every mainstream protocol.
That is what Public Key Cryptography is all about.
The point of the verification callback is to check that the person who applied for the certificate was authorized to do so. What you did not see there is the checking that went into finding the number to call you on.
Exactly, and if you want to be a CA you should be looking at very high security hardware such as the Chysalis or n-Cipher products which are FIPS 140-4 certified.
I think that the premise of this whole article is wrong. What people need is an open source mechanism for communicating securely. The most practical model is almost certainly not going to be a CA. Unless you are going to be serious about the authentication criteria you might as well use self signed certs.
The whole point of the CA model is to concentrate trust in one link of the chain and to lock it down with really tight security. Thats not the sort of project that fits the open source model well. Anyone want to try open source heart surgey? How about open source tax accounting?
People might have fun setting up a CA but running one is about as interesting as watching paint dry. Particularly if nobody is going to be paying you to do it.
If you want to go this route get rid of the CA entirely, just make sure that you also get rid of any security indicators that might give the user a misleading indication of the level of security being achieved.
And don't just fixate on Phil Zimmermann, look at the ideas of people who made the web of trust model work, like Brian LaMachia. Look at ideas like SDSI/SPKI that Rivest and Lampson worked on. Take a look at XKMS and DNSSEC.
Above all start by deciding the use cases you are going to be serving. If you want to support online commerce the level of trust you have to achieve is going to be very high. if on the other hand you want to allow people to read their email or post to their blog over SSL encryption the barrier is much lower.
Few people would argue with that idea.
Change the system so that every transaction is authorized through a direct communication between the cardholder and credit card company, and you've eliminated the danger of not knowing which merchants to trust with a common number.
That is underway, in Europe they already use smartcards for credit card transactions. Getting that to happen in the US is a major problem because there are 10,000 issuing banks and the cost/benefits of smartcards do not fit into the existing model.
Even so it is going to take a very long time for the old card number system to disappear.
The form factor is not relevant here since the flash drive is merely an option on an existing chasis. We won't see any size reduction in the machine until there is a chasis purposed designed for a flash drive.
64Gb compact flash drives are already available - at a price! So there is no difficulty fitting the memory into the machine. And several makers already offer 8Gb SD format cards. It is something of a pity that the HSD format has been cocked up so that it won't stretch beyond 32Gb but there is no understanding idiocy.
Ideally a machine would have three flash slots capable of taking a drive with at least a 32Gb capacity. By the time it is affordable to fill them that is going to be SD/HCSD. That allows for one drive for the boot disk and installed software, a second for user data and a third to back up either of the first two or alternatively to take media from a camera or such.
While the keyboard and screen define two of the important size constraints on a laptop, thickness and weight are equally critical. If you look at the compact format laptops the hard drive is actually a fairly significant constraint on the design. They are certainly a major reliability issue. Moving parts are bad news.
For this all to work though someone has to tell Microsoft that they have to support NTFS on removable media. I am fed up being told that I can't encrypt data on my USB drive.
What is rather more interesting is what eliminating the hard drive will allow in terms of laptop design. A compact flash card is much smaller than a hard drive, the volume saved will be significant on compact format laptops.
Another interesting difference is that it will be easier to make the drive easily removable on compact laptops. Today this tends to be a feature of the larger models which means that corporate IT depts are less willing to offer compact units.
Thanks to Bush and the neo-cons the Iraqis see this level of murder every single day.
Compared to 32 people murdered by a gun nut today alone.
Fifteen years ago I had a similar argument with a gun nut. They executed him a few years ago for the murder of 168 people in the Oaklahoma City Bombing, guy called Timothy McVeigh.
I would be happy to sell you the brand new Lambo of your choice for $1 million but the list price on their most expensive model is only $380K. There might be a second hand model that fetches $1 million but I am not aware of one fetching anywhere near that price at auction.
Lambos do not appreciate the way Ferraris do. A second hand Countach can be bought for rather less than the price of this particular telly.
I think that the reason folk had to invent home theatre was to find a way to spend more money on HiFi after CD made the difference between a $100 player and a $5000 player irrelevant. There are plenty of folk who pay $250K for home theatre setups. Once you get into building work it is pretty easy to spend very large amounts of cash.
What is rather more interesting to me is the length of time before this size TV becomes available at a more reasonable price. It probably represents the limit on what will fit into the house that is not purpose built. The market for $90K TVs certainly exists but it is not huge.
Given the choice between that telly and a brand new Jaguar XK8 I would take the Jag. At $5K the cost of the telly would be rather less than the building work necessary to make the most of it.
The slashdot moderation system has a tendency to collapse during political discussion, but this particular instance is more than a little ironic. The folk moderating down posts because they make good arguments against Imus probably consider themselves to be protecting the world from censorship.
Its only mind boggling if you ignore the fact that not very long ago an apartheid system operated in the racist South.
The principle supporters of segregation were Democrats. When LBJ signed the civil rights act the segregationists quit the Democratic party and were welcomed with open arms by the Republican party. Except for Sen. Byrd who stopped being a racist.
And so as a result it is OK for the people who were oppressed under segregation to make comments that it is not OK for white people to say. Chris Rock can talk about 'Niggers' because nobody is going to make the mistake of thinking that he might be a closet sympathizer of the KKK.
When Trent Lott, George Allen and other white folk don't get the benefit of the doubt, precisely because there are still racists who think that its OK to treat black people as second class citizens. There are even still people who try to disenfranchise black people by making it harder for them to vote. Take a look at the elections in Florida where black people were systematically disenfranchised for having the same name as convicted felons. Take a look at Ohio where the corrupt Republican secretary of state deliberately distributed election equipment so that black people had to wait hours to vote while white people got to vote immediately.
It is pretty difficult to prove that the systematic measures used to disenfranchise blacks are deliberate. They are cloaked in the language of 'preventing voter fraud'. So society has to rely on proxy measures for likely racism. And that is why it is not acceptable for any white person who makes racist statements to have any role in the political process.
There is a double standard here, its called the race card and its the Republican party that has made a habit of playing it at every opportunity for the past forty years.
Backing Kerry makes perfect sense when the alternative is W. I would personally back Dan Quayle against Bush (barely). Bush combines the dishonesty of Nixon, the corruption of Grant and the incompetence of Warren Harding.
Kerry made one remark that was deliberately interpreted in a stupid way.
The Dufus in Chief on the other hand says something stupid every time he opens his mouth. On Wednesday he was saying that any delay in delivering the emergency spending bill for Iraq might cause tours of duty to have to be extended. Then on Thursday the Pentagon was forced to admit that tours of duty were going to be extended anyway because of a leaker. So in other words Bush said a deliberate and calculated lie on Wednesday, blaming Democrats for a policy he had already decided on.
More important is the intent behind the statement. Kerry's target was very clearly Bush and not the troops as the right wing echo chamber tried to claim. Imus deals in racist ad bitogtted trash talk continuously.
Oddly enough I blogged on gotcha journalism aimed at Giuliani a couple of days ago when he was caught with the old 'how much does a gallon of milk cost' quizzer. Its a stupid tactic. I don't think much of Giuliani, after hearing him speak in person I think he is an empty suit. But the gotcha journalism s just as stupid.