And he didn't just 'reinvent' the internet; he invented it.
Actually, he got us the money. The Internet was a government funded research project, Gore got us the money for it which is all he ever claimed.
Imagine what would have happened if MuCullagh had not placed his smear story? Rove's objective there was to Swiftboat Gore and turn his greatest strength into a weakness. Gore could not campaign on his very real contribution to the creation of the Internet.
So instead we have had eight years of corrupt, incompetent rule, New Orleans is submerged underwater, the economy has turned from the largest ever surplus to the largest ever deficit and 3000 Americans and at least half a million Iraqis are dead in Iraq.
Even if they high profile guy in question has specifically said that he doesn't think Obama is ready to be president? The inescapable implication is that he (Biden) thinks that only because of his presence can Obama handle the job. Or, that Obama still can't handle the job, but that's OK, because he'll do it for him, etc. This is all just a sign of Obama's awakening to the fact that he's way over his inexperienced head, here.
Bill Clinton pointed out the other day that there is absolutely nothing that can ever prepare someone for the Presidency.
I think he is right. Thirty years in the Senate is not going to prepare you to be the top decision maker on ever single aspect of policy in the worlds biggest economy and military power. It isn't what you know coming into the job that counts, it is what you can learn.
McCain's analysis of every single foreign policy crisis of the past twenty years has led him to the conclusion that what is needed is a new war or a bigger war. He was an advocate for invading Iraq before Bush. He wants to immediately allow Georgia to join NATO, thus requiring the US to declare war on Russia under the joint defense clause.
What is the value of 72 years experience if you have learned nothing from it? McCain is visibly uninterested in every aspect of policy other than warfare, and that seems to be more than a little related to his desire to redeem his own military career which he is in the habit of talking about even more often than Rudy Giuliani talks about 9/11.
David Brooks, a conservative was advocating Biden because he was going to be an independent voice, not someone who would hero-worship or tell Obama what he wanted to hear.
Not if the operating system allows allows end users (or at least sysadmins) to add their own CAs to the trusted list. With this in place, an OSS author can set up their own CA using OpenSSL, and ask the users of their software to install the root cert before running the SW (or can get the SW signed by some other OSS CA. IMHO, if Microsoft's driver signing requirements allowed me to add my own root certs, there would be no problems with the system.
Exactly, only that mechanism does not quite meet the need as I don't think that enough people would want to run the whole system themselves.
My other concern here is that I would not want to create a situation where open source groups become a target for attack by malware peddlers.
What I have been working on for the past few months is an idea where we combine the introduction of a very high grade credential with a scheme based on an idea Phil Z. proposed in the original PGP paper but never wrote code for: a voting quorum.
End users would choose the sources of trust they will accept and for what purposes. If I am running Windows it makes very little sense to load any driver code that does not come from either the device manufacturer or Microsoft. If I am running Linux it is a different story. If the program I am installing is a game there is no reason it should need to install code into the O/S and so on.
For driver code in Linux I would probably want the code to be verified and signed as malware free by multiple parties.
Al Gore was actually one of the most active Veeps of the 20th century. He was responsible for the whole 'reinventing government' project that changed the way a lot of the civil service worked to make it more responsive to the Clinton agenda.
Now Gore was nowhere as hands on as Cheney, but that is a unique situation, we are not going to see another President as weak as W. Bush for decades, if then. Cheney is the reason that Obama could not risk Hilary: her expectation for the veep role could have been a serious liability. Obama clearly does not intend to have a co-presidency.
Now the source of the article has to be considered here: Declan McCullagh, who admits having been the author of the 'Al Gore claims to invent Internet' smear. The way he created that story was that he first published an article in Wired news where he took the quote out of context, then shopped it to his Girlfriend at Cato and Newt Gingrich's office. Then replaced his original story with one that eliminated his fingerprints on the matter.
In this story, Declan claims that Obama surrogate Danny Weitzner was involved in a controversy, what he does not mention is that what he calls a controversy is that he was not allowed to attend a W3C workshop that was invitation only, off the record and no-press. I was an attendee at that workshop and certainly could not have given the presentation I gave if press was present and would not have attended if McCullagh was going to be present to twist the proceedings to his own personal agenda.
And we have yet another Declan twist here, the C-Net voter guide - I wonder who wrote the criteria? Oh, what a suprise! Declan - again.
So what this sorry story is presenting as comment from others on Biden is in fact two links to other articles written by Declan.
It's supposed to be creepy, because it may be the only warning you're the victim of a DNS poisoning and you're not at the site you think you are, or you're the victim of a man-in-the-middle attack and your "encrypted" communications are being intercepted and read.
This whole debate is rather off the point. Making changes to a security protocol in response to the last Slashdot thread is not exactly the best idea. There are more issues than just whether people can save a buck and get encryption. As you point out the point of the certificate is authentication, not encryption.
Back in 1995 the Netscape folk decided to write the protocol in such a way that you had to have authentication of the server public key to do encryption. As it happens I argued against that choice at the time, and again when the self-signed certs issue came up again a few years ago I have consistently argued that the browser should allow ANY connection to be encrypted with ANY key, just don't bother to worry the user about it unless the cert is trustworthy according to the user spec.
There are in fact changes in the works here. I am part of a W3C working group where we have discussed this exact issue. I have consistently argued for eliminating all security pop-up warnings of all types - they are designed to dump responsibility for security onto the user rather than be actually useful. I have also argued to make use of self-signed certificates easier as we should be moving to a position where security is the default on the Web.
Yes I do work for a CA, no I am not speaking for them on this particular occasion, but we have consistently argued to make use of unpaid cryptography as easy as possible because anything that expands the use of cryptography is going to eventually expand the demand for authenticated keys. I really don't think that we will have large numbers of people stop paying the price of a Thawte or GeoTrust cert and switch to a self-signed. More businesses will go the other way.
Its the same argument on code signing: all code should be signed, even development compiles. But only final production code should be signed with a trustworthy key - or the key is not going to be trustworthy very long. And only some final code will be signed by CA accredited keys. But that is fine if the O/S allows you to make statements of the sort 'drivers have to be signed by a trusted root, programs signed off a Web o' Trust key can run but only with restricted privs'.
Yep, the part about massive defense spending is part of my point. But that's actually a Democratic thing. Remember, LBJ (who kept us in Vietnam) was a Democrat. Republicans have been anti-defense spending until recent decades.
At the start of Vietnam both parties had hawk and dove factions. Nixon was originally elected on his claim to have a secret plan to end the war!
During the LBJ administration the Hawk faction in the Democrats lost influence and they were routed almost entirely during Nixon. But there is an additional layer of complexity there as Nixon's big idea was detente with Russia and re-opening relations with China.
The big change came during the Carter administration with the invasion of Afghanistan. Both parties turned considerably more hawkish. Carter began the weapons build-up but as a tactical reaction to the Soviets. For Reagan the increase in military spending was strategic and ideological.
During the Bush administration the foreign policy has been directed by the neo-imperialist wing of the Republican party. They like wars, the more the better. Their war in Iraq has been a fiasco, which is why they want a new one in Iran, or Georgia.
I'm being attacked by botnet zombies and sent spam constantly. Practically all of the zombies behind them are Win OS machines
Untrue as it happens. Used to be true some time back, these days any O/S is a target.
Linux and Mac machines used to rent for a bit more on the botnet markets, it was thought that they would be more likely to remain botted without a competitor butting in.
Vista is considerably more secure than previous versions of Windows and has all the security features of Linux and Mac/OS on by default these days.
They're presenting their findings at a black hat conference this week. What makes you think they have any motivation to help MS fix it beforehand? Did it ever occur to you, as people who break security systems they think impede their own and other peoples freedom, they might, just might, have a strong motive to punish anyone who installed it and drive them off Vista?
Then they can wait till then to publish the press release. As it is what they are doing is cowardly, they are attacking the security of Vista but without allowing any informed response. The correct response in such circumstances is 'prove it'.
And don't get on your high horse re vista security. Linux is not in any better shape - according to the article. The only way that the attack is not going to affect Linux is if it is against a protection mechanism that Linux lacks.
It isn't so long ago that UNIX security was considered an oxymoron. They did invent the buffer overrun bug.
Too bad it doesn't explain what they actually did and just says "ooo, this is really bad"
In the days of the Web there is a rule that if someone tells the press before they publish the paper, they are full of it.
They haven't told Microsoft, so they can't even claim that they are not releasing the details to allow for a fix.
CF all those 'studies' that 'prove' porn is bad or watching TV turns kids into Martians or whatever. Every time that stuff hits the press the paper is 'to be published' which is a good way to prevent opponents getting in a response.
Microsoft stuff isn't just a scare story. The Office Open XML debacle is only a few months ago, and as far as I can tell they committed an actionable fraud in connection with it. I have independent comfirmation for what is at that link.
It's sort of like a totalitarian scare right after Tianammen Square, where we had real reason to be scared. By the way, China's problem is totalitarianism, not communism. I've met a head of state who calls what Microsoft does "corporate totalitarianism", and I think he's on target there.
Am I supposed to take this drivel seriously?
I lost friends in Tienanmen. Comparing Microsoft to the leadership of a communist dictatorship is just ridiculous.
We did make a mistake in the libwww license. We should have retained an attribution clause. That cost us because the NCSA folk made no mention of CERN or the Web in their documentation. But apart from that there is nothing I would change. Putting the code into the public domain with absolutely no restrictions worked well.
Putting the obvious Microsoft fears aside, can we not give credit where credit is due?
No, next question.
Bruce is wrong on the Mosaic license which was never remotely close to open. It was a non-commercial use license and NCSA sold the commercial rights to Spyglass. IE is actually descended from the Spyglass rewrite of Mosaic and parts of the CERN libwww which was public domain.
These constant Microsoft-scare stories get to be as tiring as the communist-scare stories. Nothing is easier than warning people that some big powerful entity is a potential threat. And the timid then nod their heads and give thanks for those who so nobly look after their interests.
The comfort capsule is essentially a module that they can load into the plane the same way they would load a shipping container. So they can convert a military cargo plane into a private jet for the top brass.
I read the article yesterday and was disgusted. I suspect that we are going to see more than a few careers end over it. Every military promotion above a certain level has to be ratified by the Senate. Once the generals behind this boondoggle are identified they are going to find they don't see another promotion.
Fact: Independence for India was a manifesto commitment for Labour in the 1945 election. They won a landslide and they fulfilled their pledge. It had absolutely nothing to do with terrorism or inability to maintain control. The socialists would have given India independence regardless.
Now we can argue that had Labour not won and had the Tories refused to grant independence that the situation would have degenerated and the British forced out anyway as happened in Iraq, Palestine, Iran, etc. etc. But independence had been an objective for Labour for decades.
The key difference between the Diebold situation and the McCain attempt to sabotage Obama's trip to Afghanistan is that we have no direct evidence to link the Diebold situation to the party that benefited. But we do know that McCain did in fact reveal Obama's trip and the only room for speculation is whether it was reckless or intentional.
I don't see how either is a recommendation for McCain. Was he as cavalier with confidential information when he was in the military? Is that why his career ended at captain and he was never on track to become a flag officer?
Why is it ok for McCain to make this statement that could get Obama killed but not ok for people to point out the fact that McCain is too old for the job? Perhaps he let the information drop because he is already going senile. I think that is a fair debate to have. Why is it ok for McCain to joke about 'seizure club' but not ok for people to ask if he is too old?
Why is it ok for McCain to put US servicemens lives at risk in this way but not ok for people to ask about the nature of the military service that he bases his entire campaign on? A fighter pilot that graduates bottom of his class and looses three planes is not exactly the first choice for a President. Maybe if he had studied harder and not had such a party reputation he would not have been shot down in the first place.
ObDisclaimer: Not speaking for my employer here. Yes I work for a commercial CA.
Actually you are way off base here. Mozilla and VeriSign are both members of the W3C Web Security Context working group where one of the things that we have been working on is how to better make use of self signed certificates.
I always enjoy reading articles on Slashdot describing what they imagine the optimum strategy for a large public company is.
Making it easier to use encryption with self-signed certificates is a benefit to a large commercial CA. People who use self-signed certificates today are candidates for an upsell to a public accredited domain validate cert later.
The basic problem is that people think that a CA sells encryption, that is wrong, we sell authentication and in the case of Class 3 or EV, accountability. I cannot guarantee that the merchant you buy from is honest, or that they will deliver that plasma TV. But I can ensure that they are likely to face consequences if they do.
If people really want to set up an open CA then read my book, the dotCrime Manifesto, I describe what we were trying to do when we set up the idea of CA services in the first place. I think that setting up an open CA would be a bit like setting up an open source effort to do people's taxes for them. But someone might work out a way to make it interesting enough for the participants to have it done well.
What I don't get is why you can change the weighting for some types of mod and not others. In particular the over-rated mod is in my experience exclusively used for bashing so it is the one I would like to eliminate and you can't.
With respect to the original article, it is a piece of crap written by a journalist who has no political knowledge whatsoever.
The changes to the Obama Web site are hardly dramatic or noteworthy. The facts changed so they updated the Web site so that it was accurate. But the facts didn't change by much. The invasion of Iraq was a stupid idea and the continued occupation of Iraq was unsustainable. The situation this month is not quite as bad as it was some months ago but the continued occupation of Iraq is just as stupid as ever.
The reason that Iraq is quieter now has nothing to do with the surge: The insurgents are waiting for the US election. There is no point in the Sadrists or the Sunnis getting shot up trying to force the US out of Iraq if the US is willing to leave of its own accord. But if McCain is elected they know that his two policy objectives are to 'bomb bomb Iran' and stay in Iraq for 'a hundred years'.
As far as McCain is concerned the objective of the occupation is clearly to control Iraq's oil and establish a base for US control of the region. As far as the Iraqi government and the folks with the guns are concerned, that is unacceptable which is why they have refused to agree to any status of forces agreement that does not include a timetable for full withdrawal.
The McCain camp here is guilty of perpetrating the same type of idiotic journalism that Tim Russert used to engage in: accuse any politician who ever changes his mind of being a flip-flop.
The real problem with flip-floppers is not that they change their mind, its that they change their mind according to what is politically convenient. Like McCain, for example, who used to be a 'maverick' but decided to become a hard right wingnut to get the nomination and is now pretending to be a maverick again. McCain flip flopped so many times on immigration that he ended up voting against his own immigration bill. In other words it pandering and breaking campaign pledges that are the real problem, not updating a Web site to note that the facts changed slightly in the past month.
Bottom line: either things in Iraq are completely peachy in which case the US can withdraw or they are still foo-bar in which there is no point in staying any longer. There is no possible set of facts that lead to the conclusion that the US needs to establish permanent bases in Iraq at an ongoing cost of over a trillion dollars a year.
Not to start a holy war, but the Canon 5D made full frame mainstream three years ago. It's just Nikon that have finally caught up.
And in response Nikon's board decided that enough was enough. They had lost too much face to Canon. Which was somewhat ironic as Nikon had been leading the charge to bring out affordable DSLR models.
Since then the story has been rather different. Nikon has refreshed their entire exotic lineup (superteles, tilt-shift) and brought out 3 new Canon killer cameras in the past 8 months (D3, D300, D700) with a 4th expected very soon (D3X).
It is a rather interesting competition. Canon has vastly more resources, but they are spread out over many markets and pro-photography is not the absolute top priority for the company. Nikon has to make pro-photography their top priority because its the reason most of the consumers buy Nikon over other brands.
Canon really does not seem to have an answer so far. They have a bunch of f/1.2 lenses, but that is of questionable value in the digital age. If you want bokeh the Nikor line of Defocus Control lenses looks more interesting.
Full frame is not very interesting at the moment unless you really care about ultimate wide angle performance in the 14-18mm equivalent range and don't want to use a fisheye. Otherwise the 1.6 crop you get on the DX sensors is like a built in teleconverter. A 200mm lens becomes a 300mm exotic, sweet. I am not planning to buy a D700, it is not worth $3000 to have 12MP in the FX format. I would rather spend the additional $1,400 over the price of the D300 on a lens.
Full frame is going to be really interesting when the full frame sensors have the same pixel density of the crop sensors. A 22MP full frame camera is like having a full frame camera with a built in 11MP DX mode. They will definitely get there, but it could be another year before they are affordable.
All things being equal, its better to spend money on lenses than cameras at this point. A DSLR is obsolete in 24 months, I can still use my 25 year old Nikon lenses on my D300.
It's a medium format sensor; the silicon imaging area is twice as big as a single 35mm film slide. Currently there's only a handful of cameras that has a "full frame" sensor for 35mm.
The release of the D3 and the announced D700 have changed that. Full frame is now maintstream, albeit pricey ($3K). But this sensor is medium format. It is 4 inches by 5 inches, not an inch by an inch and a bit like 35mm.
So, no, it will NEVER be used in a consumer-level camera. This is for people who shoot billboard ads.
This sensor is destined for pro level studio cameras, but Sony have a 22MP sensor for Full Frame 35mm that should be in cameras announced at Photakina this year. Nikon are expected to release at 22MP D3 and Sony should have the A900 out. But they are certain to be very pricey at first. Expect the D3x to be $6500.
The 'blad will continue to be absurdly expensive but its that huge sensor size that demands the expensive lenses. The only improvement you get going to a larger sensor size on digital is that your low light performance improves. That is not an issue in the studio which is where 95% of 'blads live. Out in the field you might as well lug full frame format gear round with you. Most pros use 35mm outdoors.
Answering some other confusions in the thread: no diffraction is not an issue here. Diffraction softens focus at small apertures. It does that regardless of whether you use film or digital and regardless of your pixel resolution. The only point where pixel resolution becomes an issue is at smaller f-stops or at levels of MP we have not reached yet.
The hard limit for 35mm full frame format cameras is the wavelength of red light. If the pixels are sized 2 wavelengths of light on each side you can squeeze a maximum of 320MP on a full FX frame. That is lower than the limit set by diffraction which is 1050MP at f/1.4.
In practice current lenses are not good enough to go to 320MP. But the current pro-range Nikor lenses are good for at least 50MP and probably 100MP. My mid range ($670) 18-200 zoom delivers pixel sharp results on a 12MP DX body. So it would deliver pixel sharp results (in the center of the frame anyway) for FX format at 22MP.
The RIAA is pushing for dismissal without prejudice to avoid the precedent that it is forced to pay lawyers fees every time it loses a lawsuit. If that happens the game is going to become much more expensive for them. They would face real risks when they file speculatively.
At the moment the RIAA are probably spending as much in lawyers fees as they recover. If they were paying defendants costs in losing cases they would face huge loses. The lawyers for the RIAA know this and are desperate to keep their meal ticket.
Now, what is the situation when the RIAA wins a suit. Do they demand their legal fees in that case?
A stolen computer is way low on their priority list.
Police have two criteria in setting their priorities. The first and least important is the priority placed on the crime itself. Theft of goods worth $1000 or more ranks pretty highly, second only to violent crime.
The second criteria is the probability of an arrest. Here speeding and parking tickets rate at the top of the list.
Computer crime is only low on the list because the probability of an arrest is very low. But these circumstances make an arrest very likely and that changes the priority.
Why so many AC's wanting to diss this particular advice? They couldn't be like computer thieves upset about the risk to their careers?
You should certainly be investigating this as an employer. It is very likely the computers were stolen by employees you would like to stop employing before they steal more from you.
What you need to do here is to contact a specialist computer crimes department. This will not be a new situation to them and they will recognize the fact that there is a very high probability of an arrest and recovery of the stolen goods.
The first thing to do would be to find out if the computers were officially reported stolen. If so you need to report the development to the police force where the theft was reported. Otherwise make out a report.
Once a report is made it counts on their local statistics and the police have to take it seriously - we are talking about several thousand dollars here.
There may not be a computer crimes dept on your local force but they should certainly have access to those resources. Find out which force is responsible for investigating kiddie porn - those guys would usually pretty much prefer to be doing anything else for a change, after a short while its like shooting fish in a barrel.
You can certainly help by collecting as much information as possible. For example, log the IP addresses that the machines are using. Then use reverse DNS lookup to find the ISP.
If you still can't get anywhere, contact me at hallam@dotfuturemanifesto.com and I can pass the issue on to folk I know. They may not be able to help you direct but they will know someone who can.
The reason that so much time and effort is poured into investigating kiddie porn rather than bank fraud is not simply the nature of the crime. Its the fact that they have a defined process that delivers highly predictable results. If we could design a process for delivering collars in phishing fraud we would have no difficulty making it a higher police priority.
It seems to me that this is an area where we can easily set up a predictable recovery process that delivers collars.
Data pirates or ship-hijacking pirates? Oh data pirates. You'd think they'd deal with the other type first.
Given that the Russian government allowed the Russian Business Network to openly conduct bank fraud out of an office in St Petersburg for several years, I would not hold your breath waiting for mere copyright enforcement. The RBN was only shut down after we released comprehensive details of their activities and the refusal of named Russian authorities to prosecute. But Putin's mob only shut them down, they have not as yet actually prosecuted them. And don't forget that Putin had one of his critics murdered in London using plutonium in a teapot last year.
But what are the governments going to say? Once the issue is brought up they have to announce their intention to act regardless of whether they have the slightest interest in following through.
Now real piracy is a big problem and a crime that international cooperation is the only real means of addressing. But its hardly something that the G8 cooperation is going to provide much help on, the piracy isn't anywhere near the G8 countries shores.
The article suggests otherwise, and it makes sense to me. I can easily imagine how having Powell on Obama's team would reassure disappointed Republicans and make them more willing to vote against their traditional side.
The original article is written from a PR puff from company plugging its polling product. This is not 'MIT research' as purported and the people behind it don't seem to have any understanding of the politics behind veep selection.
In the first place, their study takes no account of the likely effect of the veep choice on the electoral college which is the only relevant criteria if the veep selection is based on electability as proposed.
But the much bigger problem is that what the veep brings to the ticket in terms of electability has almost nothing to do with whether voters like them. McCain would not choose Huckabee because he lacks support amongst evangelicals, it would be to mobilize the evangelical get out the vote operation that might otherwise sit the election out if they don't feel McCain is kissing their ring enough. Similarly Obama would choose Wes Clark because he needs an attack dog to go after McCain's military record, not because Clarke himself has a support base.
Beside's.. Last I checked, Powell was a republican with values he felt strong enough about that caused him to resign. I doubt he would be running as a democratic vice president.
Powell is rumored to be about to endorse Obama. But that is as far as his support is likely to go. Powell is still a Republican albeit a disappointed Republican. Powell is certainly not going to sling mud at the media darling McCain, point out that while the McCain camp is trying to make Obama's wife an issue, McCain's wife is a drug addict with a history of pilfering prescriptions from her charity, &ct. &ct. The McCain camp have been playing a dirty game for some time and Obama needs a veep who can return fire with like.
Powell makes no sense as a veep for either candidate. He is not likely to bring in any group of supporters. His term as Secretary of State damaged his reputation. He does not bring experience of working with Congress. He is certainly not a credible candidate for the party in 2016.
The last point is just about the only one that is relevant at this point. There is no LBJ out there who can deliver a major swing state. Obama might benefit from a veep who beings in a lot of experience of the executive branch, can make things happen, but there are plenty of slots available for that.
Clinton would be the best choice on offer if not for the 2016 issue. She is not going to be a credible contender then, even with 8 years as veep, too old. A deputy should be a credible successor.
The calculus is different for McCain, there is absolutely no value in having a second military man on the ticket. McCain needs a veep who has interest in domestic affairs, McCain has displayed none. Its pretty easy to rail against pork when you have nine houses, a private jet and you and don't care about any government issue other than starting more wars.
I sometimes question the veracity of all the Treo haters out there. I've never met a single one, in person, that ever had a problem with theirs. And I've met a heck of a lot. I've been writing code for mobile devices since the late 90's, for every mobile OS that's come along, and the device I use for my day to day work is always a PalmOS device.
Hmm that's odd because when I read your post I thought 'shill for Palm'. Seems rather odd that you would accuse others in this way. Looks like projection to me.
Now some of your earlier posts make it clear that you ado in fact have an interest in this area, "I'm someone whose spent his entire career in the mobile arena," and the topics you post on make it rather clear that you are working for one of the phone developers.
I am pretty well known in the Internet security field and you can find plenty of posts describing my issues with the palm on my blog. I am not involved in mobile phones except to the extent that they now have Web browsers and I was involved in the design of HTTP.
I hate my Treo. It is the fourth one I have had, they keep on breaking. It is company issued or I would not use it at all.
The browser is terrible and the O/S so unstable that Opera won't supply an alternative. The managers who accepted that code must have an IQ less than my shoe size.
I hate my Treo, sooner Palm goes out of business the better.
Slashdot Mirror
Actually, he got us the money. The Internet was a government funded research project, Gore got us the money for it which is all he ever claimed.
Imagine what would have happened if MuCullagh had not placed his smear story? Rove's objective there was to Swiftboat Gore and turn his greatest strength into a weakness. Gore could not campaign on his very real contribution to the creation of the Internet.
So instead we have had eight years of corrupt, incompetent rule, New Orleans is submerged underwater, the economy has turned from the largest ever surplus to the largest ever deficit and 3000 Americans and at least half a million Iraqis are dead in Iraq.
Bill Clinton pointed out the other day that there is absolutely nothing that can ever prepare someone for the Presidency.
I think he is right. Thirty years in the Senate is not going to prepare you to be the top decision maker on ever single aspect of policy in the worlds biggest economy and military power. It isn't what you know coming into the job that counts, it is what you can learn.
McCain's analysis of every single foreign policy crisis of the past twenty years has led him to the conclusion that what is needed is a new war or a bigger war. He was an advocate for invading Iraq before Bush. He wants to immediately allow Georgia to join NATO, thus requiring the US to declare war on Russia under the joint defense clause.
What is the value of 72 years experience if you have learned nothing from it? McCain is visibly uninterested in every aspect of policy other than warfare, and that seems to be more than a little related to his desire to redeem his own military career which he is in the habit of talking about even more often than Rudy Giuliani talks about 9/11.
David Brooks, a conservative was advocating Biden because he was going to be an independent voice, not someone who would hero-worship or tell Obama what he wanted to hear.
Exactly, only that mechanism does not quite meet the need as I don't think that enough people would want to run the whole system themselves.
My other concern here is that I would not want to create a situation where open source groups become a target for attack by malware peddlers.
What I have been working on for the past few months is an idea where we combine the introduction of a very high grade credential with a scheme based on an idea Phil Z. proposed in the original PGP paper but never wrote code for: a voting quorum.
End users would choose the sources of trust they will accept and for what purposes. If I am running Windows it makes very little sense to load any driver code that does not come from either the device manufacturer or Microsoft. If I am running Linux it is a different story. If the program I am installing is a game there is no reason it should need to install code into the O/S and so on.
For driver code in Linux I would probably want the code to be verified and signed as malware free by multiple parties.
Al Gore was actually one of the most active Veeps of the 20th century. He was responsible for the whole 'reinventing government' project that changed the way a lot of the civil service worked to make it more responsive to the Clinton agenda. Now Gore was nowhere as hands on as Cheney, but that is a unique situation, we are not going to see another President as weak as W. Bush for decades, if then. Cheney is the reason that Obama could not risk Hilary: her expectation for the veep role could have been a serious liability. Obama clearly does not intend to have a co-presidency. Now the source of the article has to be considered here: Declan McCullagh, who admits having been the author of the 'Al Gore claims to invent Internet' smear. The way he created that story was that he first published an article in Wired news where he took the quote out of context, then shopped it to his Girlfriend at Cato and Newt Gingrich's office. Then replaced his original story with one that eliminated his fingerprints on the matter. In this story, Declan claims that Obama surrogate Danny Weitzner was involved in a controversy, what he does not mention is that what he calls a controversy is that he was not allowed to attend a W3C workshop that was invitation only, off the record and no-press. I was an attendee at that workshop and certainly could not have given the presentation I gave if press was present and would not have attended if McCullagh was going to be present to twist the proceedings to his own personal agenda. And we have yet another Declan twist here, the C-Net voter guide - I wonder who wrote the criteria? Oh, what a suprise! Declan - again. So what this sorry story is presenting as comment from others on Biden is in fact two links to other articles written by Declan.
This whole debate is rather off the point. Making changes to a security protocol in response to the last Slashdot thread is not exactly the best idea. There are more issues than just whether people can save a buck and get encryption. As you point out the point of the certificate is authentication, not encryption.
Back in 1995 the Netscape folk decided to write the protocol in such a way that you had to have authentication of the server public key to do encryption. As it happens I argued against that choice at the time, and again when the self-signed certs issue came up again a few years ago I have consistently argued that the browser should allow ANY connection to be encrypted with ANY key, just don't bother to worry the user about it unless the cert is trustworthy according to the user spec.
There are in fact changes in the works here. I am part of a W3C working group where we have discussed this exact issue. I have consistently argued for eliminating all security pop-up warnings of all types - they are designed to dump responsibility for security onto the user rather than be actually useful. I have also argued to make use of self-signed certificates easier as we should be moving to a position where security is the default on the Web.
Yes I do work for a CA, no I am not speaking for them on this particular occasion, but we have consistently argued to make use of unpaid cryptography as easy as possible because anything that expands the use of cryptography is going to eventually expand the demand for authenticated keys. I really don't think that we will have large numbers of people stop paying the price of a Thawte or GeoTrust cert and switch to a self-signed. More businesses will go the other way.
Its the same argument on code signing: all code should be signed, even development compiles. But only final production code should be signed with a trustworthy key - or the key is not going to be trustworthy very long. And only some final code will be signed by CA accredited keys. But that is fine if the O/S allows you to make statements of the sort 'drivers have to be signed by a trusted root, programs signed off a Web o' Trust key can run but only with restricted privs'.
At the start of Vietnam both parties had hawk and dove factions. Nixon was originally elected on his claim to have a secret plan to end the war!
During the LBJ administration the Hawk faction in the Democrats lost influence and they were routed almost entirely during Nixon. But there is an additional layer of complexity there as Nixon's big idea was detente with Russia and re-opening relations with China.
The big change came during the Carter administration with the invasion of Afghanistan. Both parties turned considerably more hawkish. Carter began the weapons build-up but as a tactical reaction to the Soviets. For Reagan the increase in military spending was strategic and ideological.
During the Bush administration the foreign policy has been directed by the neo-imperialist wing of the Republican party. They like wars, the more the better. Their war in Iraq has been a fiasco, which is why they want a new one in Iran, or Georgia.
Untrue as it happens. Used to be true some time back, these days any O/S is a target.
Linux and Mac machines used to rent for a bit more on the botnet markets, it was thought that they would be more likely to remain botted without a competitor butting in.
Vista is considerably more secure than previous versions of Windows and has all the security features of Linux and Mac/OS on by default these days.
Then they can wait till then to publish the press release. As it is what they are doing is cowardly, they are attacking the security of Vista but without allowing any informed response. The correct response in such circumstances is 'prove it'.
And don't get on your high horse re vista security. Linux is not in any better shape - according to the article. The only way that the attack is not going to affect Linux is if it is against a protection mechanism that Linux lacks.
It isn't so long ago that UNIX security was considered an oxymoron. They did invent the buffer overrun bug.
In the days of the Web there is a rule that if someone tells the press before they publish the paper, they are full of it. They haven't told Microsoft, so they can't even claim that they are not releasing the details to allow for a fix.
CF all those 'studies' that 'prove' porn is bad or watching TV turns kids into Martians or whatever. Every time that stuff hits the press the paper is 'to be published' which is a good way to prevent opponents getting in a response.
Am I supposed to take this drivel seriously?
I lost friends in Tienanmen. Comparing Microsoft to the leadership of a communist dictatorship is just ridiculous.
We did make a mistake in the libwww license. We should have retained an attribution clause. That cost us because the NCSA folk made no mention of CERN or the Web in their documentation. But apart from that there is nothing I would change. Putting the code into the public domain with absolutely no restrictions worked well.
No, next question.
Bruce is wrong on the Mosaic license which was never remotely close to open. It was a non-commercial use license and NCSA sold the commercial rights to Spyglass. IE is actually descended from the Spyglass rewrite of Mosaic and parts of the CERN libwww which was public domain.
These constant Microsoft-scare stories get to be as tiring as the communist-scare stories. Nothing is easier than warning people that some big powerful entity is a potential threat. And the timid then nod their heads and give thanks for those who so nobly look after their interests.
I read the article yesterday and was disgusted. I suspect that we are going to see more than a few careers end over it. Every military promotion above a certain level has to be ratified by the Senate. Once the generals behind this boondoggle are identified they are going to find they don't see another promotion.
Now we can argue that had Labour not won and had the Tories refused to grant independence that the situation would have degenerated and the British forced out anyway as happened in Iraq, Palestine, Iran, etc. etc. But independence had been an objective for Labour for decades.
The key difference between the Diebold situation and the McCain attempt to sabotage Obama's trip to Afghanistan is that we have no direct evidence to link the Diebold situation to the party that benefited. But we do know that McCain did in fact reveal Obama's trip and the only room for speculation is whether it was reckless or intentional.
I don't see how either is a recommendation for McCain. Was he as cavalier with confidential information when he was in the military? Is that why his career ended at captain and he was never on track to become a flag officer?
Why is it ok for McCain to make this statement that could get Obama killed but not ok for people to point out the fact that McCain is too old for the job? Perhaps he let the information drop because he is already going senile. I think that is a fair debate to have. Why is it ok for McCain to joke about 'seizure club' but not ok for people to ask if he is too old?
Why is it ok for McCain to put US servicemens lives at risk in this way but not ok for people to ask about the nature of the military service that he bases his entire campaign on? A fighter pilot that graduates bottom of his class and looses three planes is not exactly the first choice for a President. Maybe if he had studied harder and not had such a party reputation he would not have been shot down in the first place.
Actually you are way off base here. Mozilla and VeriSign are both members of the W3C Web Security Context working group where one of the things that we have been working on is how to better make use of self signed certificates.
I always enjoy reading articles on Slashdot describing what they imagine the optimum strategy for a large public company is.
Making it easier to use encryption with self-signed certificates is a benefit to a large commercial CA. People who use self-signed certificates today are candidates for an upsell to a public accredited domain validate cert later.
The basic problem is that people think that a CA sells encryption, that is wrong, we sell authentication and in the case of Class 3 or EV, accountability. I cannot guarantee that the merchant you buy from is honest, or that they will deliver that plasma TV. But I can ensure that they are likely to face consequences if they do.
If people really want to set up an open CA then read my book, the dotCrime Manifesto, I describe what we were trying to do when we set up the idea of CA services in the first place. I think that setting up an open CA would be a bit like setting up an open source effort to do people's taxes for them. But someone might work out a way to make it interesting enough for the participants to have it done well.
With respect to the original article, it is a piece of crap written by a journalist who has no political knowledge whatsoever.
The changes to the Obama Web site are hardly dramatic or noteworthy. The facts changed so they updated the Web site so that it was accurate. But the facts didn't change by much. The invasion of Iraq was a stupid idea and the continued occupation of Iraq was unsustainable. The situation this month is not quite as bad as it was some months ago but the continued occupation of Iraq is just as stupid as ever.
The reason that Iraq is quieter now has nothing to do with the surge: The insurgents are waiting for the US election. There is no point in the Sadrists or the Sunnis getting shot up trying to force the US out of Iraq if the US is willing to leave of its own accord. But if McCain is elected they know that his two policy objectives are to 'bomb bomb Iran' and stay in Iraq for 'a hundred years'.
As far as McCain is concerned the objective of the occupation is clearly to control Iraq's oil and establish a base for US control of the region. As far as the Iraqi government and the folks with the guns are concerned, that is unacceptable which is why they have refused to agree to any status of forces agreement that does not include a timetable for full withdrawal.
The McCain camp here is guilty of perpetrating the same type of idiotic journalism that Tim Russert used to engage in: accuse any politician who ever changes his mind of being a flip-flop.
The real problem with flip-floppers is not that they change their mind, its that they change their mind according to what is politically convenient. Like McCain, for example, who used to be a 'maverick' but decided to become a hard right wingnut to get the nomination and is now pretending to be a maverick again. McCain flip flopped so many times on immigration that he ended up voting against his own immigration bill. In other words it pandering and breaking campaign pledges that are the real problem, not updating a Web site to note that the facts changed slightly in the past month.
Bottom line: either things in Iraq are completely peachy in which case the US can withdraw or they are still foo-bar in which there is no point in staying any longer. There is no possible set of facts that lead to the conclusion that the US needs to establish permanent bases in Iraq at an ongoing cost of over a trillion dollars a year.
And in response Nikon's board decided that enough was enough. They had lost too much face to Canon. Which was somewhat ironic as Nikon had been leading the charge to bring out affordable DSLR models.
Since then the story has been rather different. Nikon has refreshed their entire exotic lineup (superteles, tilt-shift) and brought out 3 new Canon killer cameras in the past 8 months (D3, D300, D700) with a 4th expected very soon (D3X).
It is a rather interesting competition. Canon has vastly more resources, but they are spread out over many markets and pro-photography is not the absolute top priority for the company. Nikon has to make pro-photography their top priority because its the reason most of the consumers buy Nikon over other brands.
Canon really does not seem to have an answer so far. They have a bunch of f/1.2 lenses, but that is of questionable value in the digital age. If you want bokeh the Nikor line of Defocus Control lenses looks more interesting.
Full frame is not very interesting at the moment unless you really care about ultimate wide angle performance in the 14-18mm equivalent range and don't want to use a fisheye. Otherwise the 1.6 crop you get on the DX sensors is like a built in teleconverter. A 200mm lens becomes a 300mm exotic, sweet. I am not planning to buy a D700, it is not worth $3000 to have 12MP in the FX format. I would rather spend the additional $1,400 over the price of the D300 on a lens.
Full frame is going to be really interesting when the full frame sensors have the same pixel density of the crop sensors. A 22MP full frame camera is like having a full frame camera with a built in 11MP DX mode. They will definitely get there, but it could be another year before they are affordable.
All things being equal, its better to spend money on lenses than cameras at this point. A DSLR is obsolete in 24 months, I can still use my 25 year old Nikon lenses on my D300.
The release of the D3 and the announced D700 have changed that. Full frame is now maintstream, albeit pricey ($3K). But this sensor is medium format. It is 4 inches by 5 inches, not an inch by an inch and a bit like 35mm.
So, no, it will NEVER be used in a consumer-level camera. This is for people who shoot billboard ads.
This sensor is destined for pro level studio cameras, but Sony have a 22MP sensor for Full Frame 35mm that should be in cameras announced at Photakina this year. Nikon are expected to release at 22MP D3 and Sony should have the A900 out. But they are certain to be very pricey at first. Expect the D3x to be $6500.
The 'blad will continue to be absurdly expensive but its that huge sensor size that demands the expensive lenses. The only improvement you get going to a larger sensor size on digital is that your low light performance improves. That is not an issue in the studio which is where 95% of 'blads live. Out in the field you might as well lug full frame format gear round with you. Most pros use 35mm outdoors.
Answering some other confusions in the thread: no diffraction is not an issue here. Diffraction softens focus at small apertures. It does that regardless of whether you use film or digital and regardless of your pixel resolution. The only point where pixel resolution becomes an issue is at smaller f-stops or at levels of MP we have not reached yet.
The hard limit for 35mm full frame format cameras is the wavelength of red light. If the pixels are sized 2 wavelengths of light on each side you can squeeze a maximum of 320MP on a full FX frame. That is lower than the limit set by diffraction which is 1050MP at f/1.4.
In practice current lenses are not good enough to go to 320MP. But the current pro-range Nikor lenses are good for at least 50MP and probably 100MP. My mid range ($670) 18-200 zoom delivers pixel sharp results on a 12MP DX body. So it would deliver pixel sharp results (in the center of the frame anyway) for FX format at 22MP.
At the moment the RIAA are probably spending as much in lawyers fees as they recover. If they were paying defendants costs in losing cases they would face huge loses. The lawyers for the RIAA know this and are desperate to keep their meal ticket.
Now, what is the situation when the RIAA wins a suit. Do they demand their legal fees in that case?
Police have two criteria in setting their priorities. The first and least important is the priority placed on the crime itself. Theft of goods worth $1000 or more ranks pretty highly, second only to violent crime.
The second criteria is the probability of an arrest. Here speeding and parking tickets rate at the top of the list.
Computer crime is only low on the list because the probability of an arrest is very low. But these circumstances make an arrest very likely and that changes the priority.
Why so many AC's wanting to diss this particular advice? They couldn't be like computer thieves upset about the risk to their careers?
What you need to do here is to contact a specialist computer crimes department. This will not be a new situation to them and they will recognize the fact that there is a very high probability of an arrest and recovery of the stolen goods.
The first thing to do would be to find out if the computers were officially reported stolen. If so you need to report the development to the police force where the theft was reported. Otherwise make out a report.
Once a report is made it counts on their local statistics and the police have to take it seriously - we are talking about several thousand dollars here.
There may not be a computer crimes dept on your local force but they should certainly have access to those resources. Find out which force is responsible for investigating kiddie porn - those guys would usually pretty much prefer to be doing anything else for a change, after a short while its like shooting fish in a barrel.
You can certainly help by collecting as much information as possible. For example, log the IP addresses that the machines are using. Then use reverse DNS lookup to find the ISP.
If you still can't get anywhere, contact me at hallam@dotfuturemanifesto.com and I can pass the issue on to folk I know. They may not be able to help you direct but they will know someone who can.
The reason that so much time and effort is poured into investigating kiddie porn rather than bank fraud is not simply the nature of the crime. Its the fact that they have a defined process that delivers highly predictable results. If we could design a process for delivering collars in phishing fraud we would have no difficulty making it a higher police priority.
It seems to me that this is an area where we can easily set up a predictable recovery process that delivers collars.
Given that the Russian government allowed the Russian Business Network to openly conduct bank fraud out of an office in St Petersburg for several years, I would not hold your breath waiting for mere copyright enforcement. The RBN was only shut down after we released comprehensive details of their activities and the refusal of named Russian authorities to prosecute. But Putin's mob only shut them down, they have not as yet actually prosecuted them. And don't forget that Putin had one of his critics murdered in London using plutonium in a teapot last year.
But what are the governments going to say? Once the issue is brought up they have to announce their intention to act regardless of whether they have the slightest interest in following through.
Now real piracy is a big problem and a crime that international cooperation is the only real means of addressing. But its hardly something that the G8 cooperation is going to provide much help on, the piracy isn't anywhere near the G8 countries shores.
The original article is written from a PR puff from company plugging its polling product. This is not 'MIT research' as purported and the people behind it don't seem to have any understanding of the politics behind veep selection.
In the first place, their study takes no account of the likely effect of the veep choice on the electoral college which is the only relevant criteria if the veep selection is based on electability as proposed.
But the much bigger problem is that what the veep brings to the ticket in terms of electability has almost nothing to do with whether voters like them. McCain would not choose Huckabee because he lacks support amongst evangelicals, it would be to mobilize the evangelical get out the vote operation that might otherwise sit the election out if they don't feel McCain is kissing their ring enough. Similarly Obama would choose Wes Clark because he needs an attack dog to go after McCain's military record, not because Clarke himself has a support base.
Powell is rumored to be about to endorse Obama. But that is as far as his support is likely to go. Powell is still a Republican albeit a disappointed Republican. Powell is certainly not going to sling mud at the media darling McCain, point out that while the McCain camp is trying to make Obama's wife an issue, McCain's wife is a drug addict with a history of pilfering prescriptions from her charity, &ct. &ct. The McCain camp have been playing a dirty game for some time and Obama needs a veep who can return fire with like.
Powell makes no sense as a veep for either candidate. He is not likely to bring in any group of supporters. His term as Secretary of State damaged his reputation. He does not bring experience of working with Congress. He is certainly not a credible candidate for the party in 2016.
The last point is just about the only one that is relevant at this point. There is no LBJ out there who can deliver a major swing state. Obama might benefit from a veep who beings in a lot of experience of the executive branch, can make things happen, but there are plenty of slots available for that.
Clinton would be the best choice on offer if not for the 2016 issue. She is not going to be a credible contender then, even with 8 years as veep, too old. A deputy should be a credible successor.
The calculus is different for McCain, there is absolutely no value in having a second military man on the ticket. McCain needs a veep who has interest in domestic affairs, McCain has displayed none. Its pretty easy to rail against pork when you have nine houses, a private jet and you and don't care about any government issue other than starting more wars.
Hmm that's odd because when I read your post I thought 'shill for Palm'. Seems rather odd that you would accuse others in this way. Looks like projection to me.
Now some of your earlier posts make it clear that you ado in fact have an interest in this area, "I'm someone whose spent his entire career in the mobile arena," and the topics you post on make it rather clear that you are working for one of the phone developers.
I am pretty well known in the Internet security field and you can find plenty of posts describing my issues with the palm on my blog. I am not involved in mobile phones except to the extent that they now have Web browsers and I was involved in the design of HTTP.
The browser is terrible and the O/S so unstable that Opera won't supply an alternative. The managers who accepted that code must have an IQ less than my shoe size.
I hate my Treo, sooner Palm goes out of business the better.