While the actual drop time of a particular domain name is not known, the general drop time is known. Are [you] suggesting that the exact drop time of a particular name should be published?
Yes.
This is rather difficult because the deletion of a name from the registry is dependant on each registrar. Thus the registrar would have to delete a name and then the registry would have to hold that name while they determine an exact drop time, publish that drop time and then finally drop the name.
Currently Verisign GRS holds on to the name for about two months, then deletes the entry from the root servers, then anywhere from 1 to 9 weeks after that (usually), the name becomes available for registration again.
Only two changes are needed. First, they change the information in the database they already maintain to list the exact time of "expiration" when the name will be available again, and they reject the any attempts to register it before then.
Difficult? Maybe, but ultimately it would save them more in bandwidth charges than the cost of implementing it. There are dozens of companies that would be happy to take over for Network Solutions, implement this change, and still charge less than $6.00 per entry in the database.
I believe that there are others who have suggested this as well to Verisign GRS but I don't think it would alleviate the problem - registrars would still whack the registry in that second because the even milliseconds make a difference between getting a dropped name and failing.
Currently, the various registrars whack the registry thousands of times for each name. Publishing the exact time of expiration would reduce this to about 20 times, since there's no point in whacking it early, and once you've lost it, you stop (or rather, go on to the next name.) Even if all 161 currently accredited registrars attempted to get the domain, that would still be less than 3000 attempts in that second. So, no it doesn't solve the problem, it just reduces it by one or two orders of magnitude.
The second suggestion I made, that they accept registration for a week then randomly award it to one of the attempting registrars, would eliminate even the one second whack, and also give registrars with low quality pipes an equal chance to register contended domains.
It's all moot though. The technical difficulties aren't what's preventing them from doing this (or any of the other technical solutions that have been suggested.) Network solutions stands to make more money by letting this be broken then they do by fixing it. Until there's some competition for the job, or penalties for none performance, they will continue to do as little as possible.
Monopolies don't care, because they don't have to.
Verisign the Registry has tried to cope with this situation. They have been working for the past 6 months to try to find a reasonable solution which provides equal access to all registrars. Unfortunately they have not been able to do that using purely technical means.
If so, then they are bloody idiots.
One very simple thing they can do to reduce the problem is publish the dates at which expired domains will become available. There would still be a rush, but registrars wouldn't need to attempt 10,000 domains every second, just 1.
Still not good enough? Then accept registration from all accredited registrars for a period of 1 week, and assign it to a randomly chosen one at the end of the week. One could even use cryptographic protocols to insure that the random selection was actually random.
But Verisign doesn't want to solve the problem. Verisign wants to make more money. If ICANN decided that the WLS was a good idea, but that Network Solutions wasn't allowed to run it,
then you can bet they would be as opposed to the idea as all the other registrars are now.
Lack of preparation on your part, does not constitute an emergency on my part.
Yeah, I know what you mean. I used to help with the administration of the pianos in my college, and it was much worse. Seems like the music majors consumed way over 90% of the time available, even though the other students barely touched them. More than once I was on the receiving end of complaints that there weren't enough pianos. And I heard that the swimming pool was in a worse situation, with the swim team hogging nearly 95% of that valuable resource.
The worst part was the huge number of administrators who seemed to think that the situation was completely acceptable. I would constantly hear phrases like "The equable distribution of resources does not mean everyone must use exactly equal portions.".
Each of us is an individual. And the name of that individual is Clancy Jones. - Clancy Jones #148.
Funny, I thought that too, but the lesson I had in mind was the one they claimed to have learned when they did the Orlando trial of settop boxes back in '95.
Those settop boxes used SGI computers, and had the settop killer app of video on demand. No one was surprised that the system wasn't cost effective, but Time Warner management was surprised that the average consumer wasn't willing to spend more than $50 on cable services. Since they spent several millions of dollars on the trial, I would have thought that the lesson would be remembered, but I guess not.
Those who can not remember history are condemned to repeat it.
Actually, the degree of harm is VERY significant if you intend to go about carelessly supressing the liberties of others. Otherwise you make it far to easy for states and governments everywhere to suppress civil liberties at will and effectively NULLIFY them.
I assume you're talking about the harm of supressing speach when you say the harm is very significant.
Free speach doesn't mean the right to scream the constitution into someones ear.
Suppessing that aspect of speach and only that aspect would be of far greater benfit than harm. But laws requiring that all people speak in a soft voice do a lot more, they would stop people from yelling when there's a real need, such as a fire in a crowded theater. Likewise laws which prevented spam and only prevented spam would be good. The fact that every law to date would do almost nothing to stop spam, but would do far too much supression of other speach, doesn't change the goodness of the concept.
I think the appropriate sound byte is, "your right to swing your fist stops where my nose begins." Spam causes harm to the person who receives it. Granted, it's a tiny amount of harm for a particular individual, but the total harm is actually significant. Absent some redeeming social importance, spam is time wasting garbage.
Although I believe you can't defend spam as free speach, that doesn't mean laws against spam are OK. Any law must cause less damage to free speach than the harm caused by the spam it's stopping for me to support it. Every law I've seen so far fails in both categories: they prevent a lot of free speach, and don't stop a lot of spam. The RBL, ORBS, and SPEWS though better, are still questionable IMO. They are more effective at stopping spam, but cause considerably more damage than they stop.
... I want to charge people who send me email. I would obviously pay back all those people who send stuff I wanted to see, and not pay back those who pissed me off. What's the chance of this happening? It would be good.
Well, it's possible to refuse email that doesn't have a special (usable only once) password, and charge for the passwords. This is something you could (theoretically) set up right now using paypal, procmail, and a custom web site. Since it's possible, and it's been posted to slashdot, I'd guess the odds at about even money.
(Is is just be, or does it seem silly to give any time to a "virus" that requires you to run a binary while rooted?)
It's not just you, but it's also sadly not silly.
There are far too many programs that need to be installed as root for my tastes, and it's not hard to image some users accidentally runing something as root that they shouldn't.
The vast majority of install scripts should at least have an option to install in a users home directory, (grep doesn't need to be in/usr/bin to work) or better than an option, most could recogonize that they aren't being run as root, and just do the right thing.
If a program absolutly positively must have root privilages to install, then it should have an install script that is seperate from the make script so it's as easy as possible to look over what it wants to do as root. Generally, it wouldn't be anything more than short list of cp commands. This would also make it much easier to unistall the software, which is something that far too many authors forget is desirable.
The "technical solution" here might involve replacing SMTP-based email distribution. Do you really want a standards fight with a rejuvenated Microsoft in the picture? I don't. I'm pretty sure that if "MSMTP" got codified, we would all have to pay big money to run a "server" entity for that protocol.
I'm much more troubled by people being unwilling to fix a broken standard just because someone might fight dirty. I'm certainly not worried that Microsoft will enter a standards fight. And historically, SPEWS and their ilk haven't exactly been the knights in shining armor when it comes to standards advocacy (or are you suggesting that changing the way mail-relaying works isn't a change in a standard?)
Far better than the delivery side, is to work on the client software - for example, how about making it trivial to install filtering rules you download from a third party?
The "bad laws" in question must exist because market forces have an extremely weak effect on spam, unlike on regular advertising. Read the rest of my post, without the selective editing.
Market forces aren't the only forces.
Just because market force has worked well in the past, doesn't mean we need to resort to legal force when it doesn't.
I'm advocating techno-force, but there are many others.
Bad laws usually exist because politicians are pressured to fix a problem they don't understand. More pressure isn't going to bring them more understanding.
And lying about the nature of spam is worse than doing nothing because its setting up a strawman that a competent opponent can demolish. The DMA may be evil, but they aren't stupid, I'd rather not give them the opportunity to score a even a hollow victory.
Email spammers are thieves, email advertising is theft. We, as a society need to penalize spammers and spam appropriately.
Spam robs us of time, but so does reading slashdot. The difference is we choose to read slashdot. A law which makes it easier to identify spam means that we lose less time reading it, but it also makes it a little less likely that people will address the real issues.
I don't want people to get the idea that it's ok to send me this crap, as long as they have a return address. If I didn't ask for it, then the sender shouldn't send it. If it's so important that I need to see it without asking, then the sender should bare a high cost for sending it,
ask for reimbersment, and risk not getting it.
Spammers would have you believe that other than your time for "just clicking delete", there's no cost to spam.
...
With respect to spam, victims have already paid more than their share of the ad costs before making a decision whether or not to buy the spamvertised product.
I too will make the claim that the real cost of spam is the time it takes to delete it, not the cost of delivery.
Consider - In the US, most people pay a flat rate for internet connectivity. For them, the cost of delivery is 0. Now consider their ISP (who will after all, ultimately pass any costs of delivery on to the custom one way or another). ISPs typically get good rates on bandwidth, $1.00 per gigabyte is a good rule of thumb, but let's be generous and assume they are paying $10.00 per gig. The typical spam is under 10K, which works out to $0.0001 per spam. I receive around 30 spams a day, which is high, but still works out to less than a dime a month. I lose more money dropping coins under the soda machine.
Since someone will no doubt feel compelled to point out that not everyone gets bandwidth as cheap as they do in the US, but stop there and not actually do the math of the higher priced service, I'll point out that even if you pay 100 times as much for bandwidth, spam/still/ costs you less than a dollar a month.
Now consider what your time is worth. It takes about 5 seconds to identify and delete a piece of spam. If your time is worth $3.60 an hour, that's $0.001 per piece of spam, or over $4.00 a month. That's a lot more than the bandwidth cost, and most people with internet service consider their time a lot more valuable.
If the above math is too hard for you, just think of this: Which takes longer; your computer downloading spam, or you deleting it? And who gets paid more, you or your computer?
You might be able to convince me that you pay more for the delivery of spam than the spammer pays to deliver it to you, but I'd still delete unread any spam sent me, even if the advertiser paid me a dime to read it. I am not alone in that position, so complaining about the ratio of payment made to have spam delivered seems moot to me.
Spammers may thieves, but it isn't sending spam that made them so.
What we need is better technical solutions to spam, not more bad laws.
It's sounds better than a polygraph.
on
The Eyes Have It
·
· Score: 5, Informative
Polygraphs are considered about 75% accurate, which sounds good until you consider that flipping a coin is 50% accurate.
If they can really catch 3 out of 4 liars, and "avoid" 9 out of 10 innocents,
(which is what the article claims inventors claim) then it's much better than 75%.
If 1 in 100 people are "liars" then this would be nearly 90% effective.
Which again sounds good until consider that identifying everybody as innocent would be 99% accurate.
On the plus side, this might make wearing eye shadow a crime under the DMCA.
Polygraphs can be beat simply by putting a thumb tack in your shoe,
and stepping on it during the "little bad" questions and not during the "big bad" question.
(saying that probably makes this post a violation of the DMCA...)
I'd bet that this device can be beat by a similar method.
Some online materials, such as downloads of complete episodes, clearly cross the line. But disputes are often over gray areas - snippets or summaries - that courts rarely get to resolve because fans back down first.
I think a class action suit against copyright holders is in order. Threatening fan sites that have fair use material because it might be a breach of their copyright deprives everyone who might otherwise have enjoyed the material. Even if the damages are only a dime, that would still be a sizable sum considering the number of potential claimants. A single example of threatening a fan site resulting in a multi-million dollar lawsuit being slapped on the party making the threat would at least make the corporate interests think a little before they open fire.
But if they ban spam, then how would I learn how to MAKE MONEY FAST, or WIPE OUT CREDIT CARD DEBT, or BUY VIAGRA NOW, or even find out that SUZY IS HOT for me???
Ok, I know you were just kidding, but seriously, this is a problem. Push media (spam) does something that pull media (the web) does not - it informs people of things they don't know about but conceivable might want. I certainly wouldn't go looking for a desktop fusion generator, but I do want to know about one if it exists.
Yes, spam sucks, but all the legislative proposals I've seen so far are worse. Anything which makes sending email to someone you don't know a crime is unacceptable. The technical solutions for spam look much more promising to me, but if anyone thinks they can make a set of rules that would stop spam, and not be unduly usurious then I'd support it with a lot more than just dollars.
Hey great idea! Instead of punishing the people who are responisible, lets punish the people who know them. But why stop there - lets also punish people who receive spam. That way people will have a strong incentive to track down spam when it arrives instead of just deleting it and going on about their life. And if that doesn't work, why not take reprisals against everybody any time spam is sent - that way we'd be certain to punish those nasty spammers.
The problem is that most of the canonical methods of generating One Time Pads are based on discrete log (in the form of the Diffie-Helman (sp?) key exchange), which can be solved by factoring.
Are you on drugs? Most canonical methods of generating One Time Pads are based on physical processes, like throwing dice, sampling a radioactive source or digitizing lava lamps Using a pseudo-random generator to generate one time pads offers pseudo security.
If you're a company that has 7 different login and authentication systems for their wide array of services, and you could centralize that for cost savings, wouldn't you do it?
If I was a business and I had seven working systems in place, I wouldn't switch to a known to be broken system.
Well - maybe if I got paid a whole lot of money, but certainly I wouldn't do it for free.
And what exactly would the "cost savings" be. I've already paid for the systems I have.
The article assures us that even though DES can now be (relatively easily) broken, AES would take umpteen quadrillion years to break (plus or minus).
I can't help thinking that back when DES was new, they probably told us the same thing.
Not even close.
When DES was new, there was a lot of speculation that the 56bit key length was choosen because it would be possible to crack it via a device like the EFF DES cracker. To further fuel the fire, the reason they didn't choose 64 bits was classified. I'm still skeptical of the "reason", even after learning about differential cryptography.
There are some points that will doubtless be raised in this (and other) threads. Here are my answers:
128 bits is not immune to brute force attacks in theory for more than 100-200 years.
In practice, there may be a fundamental limit to Moore's law that will prevent it, but we don't know what that limit is (yet.)
256 bits is dubious for brute force attacks, but it is certain that other methods of cracking a 256 bit key will always be easier. I.e. looking everywhere the secret might be hidden (including inside the minds of your enemies) will be easier.
Encryption, like a chain, is only as strong as it's weakest link. Key size is just one link in that chain, and only protects against brute force attacks. It doesn't protect against bad passwords, TEMPEST, black bag jobs, rubber hoses, or as yet unknown advances in mathematics,
or computing.
The article mentions that fuel cells are twice as efficient as heat engines. I thought the efficiency gap was larger.
The article says they "can generate more than twice as much electricity with the same amount of fuel", however that's a bit misleading.
Internal combustion engines produce mechanical energy. Fuel cells produce electrical energy.
If the goal is to spin a propeller, then internal combustion engines have an advantage because they don't need a converter (the electric engine). If the goal is to produce electricy, then fuels cells have that advantage (no generator required.)
Fuel cells also produce heat, which can sometimes be used, which is where those 80% effeciency claims come from. For example, if you're powering a home, then the heat from the fuel cell could be used to power the hot water heater (if it's a hydrogen fuel cell, you could vent the exhast directly into the hot water).
If you don't use that waste heat, fuel cell effeciences are in the 40-60% range.
Cars that run on ethanol fuel cells claim about 1.7 times the volume to power effecieny. Weight
to power ratios are slightly higher. I'd expect a similar savings in aircraft, which means that a fuel cell airplane could travel a little under twice the distance with a full tank. Also, the fuel is cheaper, but as far as I know, the savings still are insufficient to overcome the enourmous costs of the fuel cells. This has improved a lot in the past ten years, but there still needs to be about another factor of 2 reduction in cost before they can compete.
mp3.com reviews a large selection of mp3 players, many of which are not SDMI.
Any combo hard-drive/mp3 player like the neo jukebox, the archos or the nomad jukebox can't be SDMI compliant.
TTL = Time To Live = the amount of time before the DNS server decides to throw out the current value and go get a fresh one.
A-record = address record = the thing that says slashdot.org has IP 64.28.67.150
Low values for TTL mean that you hit the root server more often. That means more hits on the root, but the data is more likely to be correct if
there's a change.
The paper claims (and I agree) that low values actually don't increase the hits on the root server much, so everyone should use low values.
Note that the difference between a TTL of 1 hour and a TTL of 1 day is at most 24 to 1, but if the site is hit less than once a week, there is no difference at all.
That should be 80 Gigabytes. At 320Kilobits per second, it's 2 million seconds, 33K minutes, or over 500 hours.
At 3.5 minutes per song, it would be about 9500 songs.
Slashdot Mirror
Yes.
Currently Verisign GRS holds on to the name for about two months, then deletes the entry from the root servers, then anywhere from 1 to 9 weeks after that (usually), the name becomes available for registration again.
Only two changes are needed. First, they change the information in the database they already maintain to list the exact time of "expiration" when the name will be available again, and they reject the any attempts to register it before then.
Difficult? Maybe, but ultimately it would save them more in bandwidth charges than the cost of implementing it. There are dozens of companies that would be happy to take over for Network Solutions, implement this change, and still charge less than $6.00 per entry in the database.
Currently, the various registrars whack the registry thousands of times for each name. Publishing the exact time of expiration would reduce this to about 20 times, since there's no point in whacking it early, and once you've lost it, you stop (or rather, go on to the next name.) Even if all 161 currently accredited registrars attempted to get the domain, that would still be less than 3000 attempts in that second. So, no it doesn't solve the problem, it just reduces it by one or two orders of magnitude.
The second suggestion I made, that they accept registration for a week then randomly award it to one of the attempting registrars, would eliminate even the one second whack, and also give registrars with low quality pipes an equal chance to register contended domains.
It's all moot though. The technical difficulties aren't what's preventing them from doing this (or any of the other technical solutions that have been suggested.) Network solutions stands to make more money by letting this be broken then they do by fixing it. Until there's some competition for the job, or penalties for none performance, they will continue to do as little as possible.
Monopolies don't care, because they don't have to.
If so, then they are bloody idiots.
One very simple thing they can do to reduce the problem is publish the dates at which expired domains will become available. There would still be a rush, but registrars wouldn't need to attempt 10,000 domains every second, just 1.
Still not good enough? Then accept registration from all accredited registrars for a period of 1 week, and assign it to a randomly chosen one at the end of the week. One could even use cryptographic protocols to insure that the random selection was actually random.
But Verisign doesn't want to solve the problem. Verisign wants to make more money. If ICANN decided that the WLS was a good idea, but that Network Solutions wasn't allowed to run it,
then you can bet they would be as opposed to the idea as all the other registrars are now.
Lack of preparation on your part, does not constitute an emergency on my part.
Yeah, I know what you mean. I used to help with the administration of the pianos in my college, and it was much worse. Seems like the music majors consumed way over 90% of the time available, even though the other students barely touched them. More than once I was on the receiving end of complaints that there weren't enough pianos. And I heard that the swimming pool was in a worse situation, with the swim team hogging nearly 95% of that valuable resource.
The worst part was the huge number of administrators who seemed to think that the situation was completely acceptable. I would constantly hear phrases like "The equable distribution of resources does not mean everyone must use exactly equal portions.".
Each of us is an individual. And the name of that individual is Clancy Jones. - Clancy Jones #148.
Funny, I thought that too, but the lesson I had in mind was the one they claimed to have learned when they did the Orlando trial of settop boxes back in '95.
Those settop boxes used SGI computers, and had the settop killer app of video on demand. No one was surprised that the system wasn't cost effective, but Time Warner management was surprised that the average consumer wasn't willing to spend more than $50 on cable services. Since they spent several millions of dollars on the trial, I would have thought that the lesson would be remembered, but I guess not.
Those who can not remember history are condemned to repeat it.
I assume you're talking about the harm of supressing speach when you say the harm is very significant.
Free speach doesn't mean the right to scream the constitution into someones ear.
Suppessing that aspect of speach and only that aspect would be of far greater benfit than harm. But laws requiring that all people speak in a soft voice do a lot more, they would stop people from yelling when there's a real need, such as a fire in a crowded theater. Likewise laws which prevented spam and only prevented spam would be good. The fact that every law to date would do almost nothing to stop spam, but would do far too much supression of other speach, doesn't change the goodness of the concept.
Reasearchers found that people are willing to punish other people for bad behaviour.
No variation, no comparison.
The best strategy is the one that causes the other player to cooperate.
Good headlines are sensational, not true.
I guess it's feeding time.
I think the appropriate sound byte is, "your right to swing your fist stops where my nose begins." Spam causes harm to the person who receives it. Granted, it's a tiny amount of harm for a particular individual, but the total harm is actually significant. Absent some redeeming social importance, spam is time wasting garbage.
Although I believe you can't defend spam as free speach, that doesn't mean laws against spam are OK. Any law must cause less damage to free speach than the harm caused by the spam it's stopping for me to support it. Every law I've seen so far fails in both categories: they prevent a lot of free speach, and don't stop a lot of spam. The RBL, ORBS, and SPEWS though better, are still questionable IMO. They are more effective at stopping spam, but cause considerably more damage than they stop.
Well, it's possible to refuse email that doesn't have a special (usable only once) password, and charge for the passwords. This is something you could (theoretically) set up right now using paypal, procmail, and a custom web site. Since it's possible, and it's been posted to slashdot, I'd guess the odds at about even money.
It's not just you, but it's also sadly not silly.
There are far too many programs that need to be installed as root for my tastes, and it's not hard to image some users accidentally runing something as root that they shouldn't.
The vast majority of install scripts should at least have an option to install in a users home directory, (grep doesn't need to be in
If a program absolutly positively must have root privilages to install, then it should have an install script that is seperate from the make script so it's as easy as possible to look over what it wants to do as root. Generally, it wouldn't be anything more than short list of cp commands. This would also make it much easier to unistall the software, which is something that far too many authors forget is desirable.
I'm much more troubled by people being unwilling to fix a broken standard just because someone might fight dirty. I'm certainly not worried that Microsoft will enter a standards fight. And historically, SPEWS and their ilk haven't exactly been the knights in shining armor when it comes to standards advocacy (or are you suggesting that changing the way mail-relaying works isn't a change in a standard?)
Far better than the delivery side, is to work on the client software - for example, how about making it trivial to install filtering rules you download from a third party?
Market forces aren't the only forces.
Just because market force has worked well in the past, doesn't mean we need to resort to legal force when it doesn't.
I'm advocating techno-force, but there are many others.
Bad laws usually exist because politicians are pressured to fix a problem they don't understand. More pressure isn't going to bring them more understanding.
And lying about the nature of spam is worse than doing nothing because its setting up a strawman that a competent opponent can demolish. The DMA may be evil, but they aren't stupid, I'd rather not give them the opportunity to score a even a hollow victory.
Spam robs us of time, but so does reading slashdot. The difference is we choose to read slashdot. A law which makes it easier to identify spam means that we lose less time reading it, but it also makes it a little less likely that people will address the real issues.
I don't want people to get the idea that it's ok to send me this crap, as long as they have a return address. If I didn't ask for it, then the sender shouldn't send it. If it's so important that I need to see it without asking, then the sender should bare a high cost for sending it,
ask for reimbersment, and risk not getting it.
...
I too will make the claim that the real cost of spam is the time it takes to delete it, not the cost of delivery.
Consider - In the US, most people pay a flat rate for internet connectivity. For them, the cost of delivery is 0. Now consider their ISP (who will after all, ultimately pass any costs of delivery on to the custom one way or another). ISPs typically get good rates on bandwidth, $1.00 per gigabyte is a good rule of thumb, but let's be generous and assume they are paying $10.00 per gig. The typical spam is under 10K, which works out to $0.0001 per spam. I receive around 30 spams a day, which is high, but still works out to less than a dime a month. I lose more money dropping coins under the soda machine.
Since someone will no doubt feel compelled to point out that not everyone gets bandwidth as cheap as they do in the US, but stop there and not actually do the math of the higher priced service, I'll point out that even if you pay 100 times as much for bandwidth, spam
Now consider what your time is worth. It takes about 5 seconds to identify and delete a piece of spam. If your time is worth $3.60 an hour, that's $0.001 per piece of spam, or over $4.00 a month. That's a lot more than the bandwidth cost, and most people with internet service consider their time a lot more valuable.
If the above math is too hard for you, just think of this: Which takes longer; your computer downloading spam, or you deleting it? And who gets paid more, you or your computer?
You might be able to convince me that you pay more for the delivery of spam than the spammer pays to deliver it to you, but I'd still delete unread any spam sent me, even if the advertiser paid me a dime to read it. I am not alone in that position, so complaining about the ratio of payment made to have spam delivered seems moot to me.
Spammers may thieves, but it isn't sending spam that made them so.
What we need is better technical solutions to spam, not more bad laws.
Polygraphs are considered about 75% accurate, which sounds good until you consider that flipping a coin is 50% accurate.
...)
If they can really catch 3 out of 4 liars, and "avoid" 9 out of 10 innocents,
(which is what the article claims inventors claim) then it's much better than 75%.
If 1 in 100 people are "liars" then this would be nearly 90% effective.
Which again sounds good until consider that identifying everybody as innocent would be 99% accurate.
On the plus side, this might make wearing eye shadow a crime under the DMCA.
Polygraphs can be beat simply by putting a thumb tack in your shoe,
and stepping on it during the "little bad" questions and not during the "big bad" question.
(saying that probably makes this post a violation of the DMCA
I'd bet that this device can be beat by a similar method.
I don't know about you, but I've never considered it much of a struggle to discredit Microsoft.
I think a class action suit against copyright holders is in order. Threatening fan sites that have fair use material because it might be a breach of their copyright deprives everyone who might otherwise have enjoyed the material. Even if the damages are only a dime, that would still be a sizable sum considering the number of potential claimants. A single example of threatening a fan site resulting in a multi-million dollar lawsuit being slapped on the party making the threat would at least make the corporate interests think a little before they open fire.
Ok, I know you were just kidding, but seriously, this is a problem. Push media (spam) does something that pull media (the web) does not - it informs people of things they don't know about but conceivable might want. I certainly wouldn't go looking for a desktop fusion generator, but I do want to know about one if it exists.
Yes, spam sucks, but all the legislative proposals I've seen so far are worse. Anything which makes sending email to someone you don't know a crime is unacceptable. The technical solutions for spam look much more promising to me, but if anyone thinks they can make a set of rules that would stop spam, and not be unduly usurious then I'd support it with a lot more than just dollars.
Hey great idea! Instead of punishing the people who are responisible, lets punish the people who know them. But why stop there - lets also punish people who receive spam. That way people will have a strong incentive to track down spam when it arrives instead of just deleting it and going on about their life. And if that doesn't work, why not take reprisals against everybody any time spam is sent - that way we'd be certain to punish those nasty spammers.
Are you on drugs? Most canonical methods of generating One Time Pads are based on physical processes, like throwing dice, sampling a radioactive source or digitizing lava lamps
Using a pseudo-random generator to generate one time pads offers pseudo security.
If you're a company that has 7 different login and authentication systems for their wide array of services, and you could centralize that for cost savings, wouldn't you do it?
If I was a business and I had seven working systems in place, I wouldn't switch to a known to be broken system.
Well - maybe if I got paid a whole lot of money, but certainly I wouldn't do it for free.
And what exactly would the "cost savings" be. I've already paid for the systems I have.
Not even close.
When DES was new, there was a lot of speculation that the 56bit key length was choosen because it would be possible to crack it via a device like the EFF DES cracker. To further fuel the fire, the reason they didn't choose 64 bits was classified. I'm still skeptical of the "reason", even after learning about differential cryptography.
There are some points that will doubtless be raised in this (and other) threads. Here are my answers:
128 bits is not immune to brute force attacks in theory for more than 100-200 years.
In practice, there may be a fundamental limit to Moore's law that will prevent it, but we don't know what that limit is (yet.)
256 bits is dubious for brute force attacks, but it is certain that other methods of cracking a 256 bit key will always be easier. I.e. looking everywhere the secret might be hidden (including inside the minds of your enemies) will be easier.
Encryption, like a chain, is only as strong as it's weakest link. Key size is just one link in that chain, and only protects against brute force attacks. It doesn't protect against bad passwords, TEMPEST, black bag jobs, rubber hoses, or as yet unknown advances in mathematics,
or computing.
The article mentions that fuel cells are twice as efficient as heat engines. I thought the efficiency gap was larger.
The article says they "can generate more than twice as much electricity with the same amount of fuel", however that's a bit misleading.
Internal combustion engines produce mechanical energy. Fuel cells produce electrical energy.
If the goal is to spin a propeller, then internal combustion engines have an advantage because they don't need a converter (the electric engine). If the goal is to produce electricy, then fuels cells have that advantage (no generator required.)
Fuel cells also produce heat, which can sometimes be used, which is where those 80% effeciency claims come from. For example, if you're powering a home, then the heat from the fuel cell could be used to power the hot water heater (if it's a hydrogen fuel cell, you could vent the exhast directly into the hot water).
If you don't use that waste heat, fuel cell effeciences are in the 40-60% range.
Cars that run on ethanol fuel cells claim about 1.7 times the volume to power effecieny. Weight
to power ratios are slightly higher. I'd expect a similar savings in aircraft, which means that a fuel cell airplane could travel a little under twice the distance with a full tank. Also, the fuel is cheaper, but as far as I know, the savings still are insufficient to overcome the enourmous costs of the fuel cells. This has improved a lot in the past ten years, but there still needs to be about another factor of 2 reduction in cost before they can compete.
mp3.com reviews a large selection of mp3 players, many of which are not SDMI.
Any combo hard-drive/mp3 player like the neo jukebox, the archos or the nomad jukebox can't be SDMI compliant.
You seem to be missing the fundamental point.
C isn't the choice C is the reality.
C is what people already program in.
Yes, it's old news.
You aren't required to follow any licence at all,
but there's nothing besides the GPL which gives you the right to distribute copies
IOW, if you don't agree to the licence, then you can't (legally) make copies.
TTL = Time To Live = the amount of time before the DNS server decides to throw out the current value and go get a fresh one.
A-record = address record = the thing that says slashdot.org has IP 64.28.67.150
Low values for TTL mean that you hit the root server more often. That means more hits on the root, but the data is more likely to be correct if
there's a change.
The paper claims (and I agree) that low values actually don't increase the hits on the root server much, so everyone should use low values.
Note that the difference between a TTL of 1 hour and a TTL of 1 day is at most 24 to 1, but if the site is hit less than once a week, there is no difference at all.
Several math errors here
That should be 80 Gigabytes. At 320Kilobits per second, it's 2 million seconds, 33K minutes, or over 500 hours.
At 3.5 minutes per song, it would be about 9500 songs.