A business can simply choose not to do business with you at any time for any reason, even a secret one.
Conversely, a potential customer can choose not to do business with Paypal at any time for any reason, or even for no reason whatsoever. The fact that Paypal terminates accounts arbitrarily and confiscates balances arbitrarily with no right of appeal is a damn good reason not to do business with them, regardless of whether or not they are acting legally. So I see nothing wrong with avoiding Paypal, or recommending that others avoid Paypal, or explaining why doing business with Paypal is a bad idea -- which is exactly what the GP did.
Saying that UAC/DEP does solve all these problems does make you seem like a Microsoft shill - by suggesting their new feature is the be-all and end-all of all vulnerabilities. That can never be the case and is why I took offence to this thread.
In turn, I never said that mitigation solves all these problems, or that one should not fix the exploit. Of course mitigation is not the total solution, and of course one should fix the exploit. But mitigation IS a valuable defense. If an attacker manages to delete My Documents, as bad as that is, it IS still a superior outcome compared to total system compromise, doubly so because deletion is a very rare threat in the wild. That's all.
In either case, this exploit isn't safe just because of UAC or DEP.
You're making it out as if exploit mitigation is worthless. I completely disagree. Even if this particular exploit is not restricted by UAC or DEP, in general it is a good and worthwhile thing if the impact of an exploit is limited to user files as opposed to system files. This is especially undeniably true on multiuser systems (which are very rare in the Windows world, but extremely common in Unix/Linux).
Also, reading is rarely devastating in the same way as data loss.
Wow. You're quite behind. Make your mind up, I said about data loss, someone said that data loss isn't bad and that reading data is just as bad, and you're telling me that someone reading my documents/credit card numbers/porn isn't devastating. You can't have it both ways.
If someone else said something opposite, it doesn't mean that I agree with what they say. I'm not trying to have it both ways. Of course read exploits can have terrible consequences, but you must admit that data loss is devastating as well. In comparing two extremely bad outcomes, I rank data loss worse.
I will acknowledge that read attacks are far more common on the modern internet.
All I'm saying is DEP nor UAC is a suitable 'solution' or panacea. Are you sure you're not a Microsoft shill?
Given my extremelylongpostinghistory of pro-linux anti-microsoft comments, I am indeed sure that I am not a Microsoft shill. As a matter of fact, Linux/Unix benefits from exploit mitigation via user permissions far more than Windows, because limited privilege user accounts are the norm in Linux rather than the exception.
It doesn't matter practically if a piece of software has a vulnerability which no is able to exploit because no one knows about it.
This view of computer security is overly simplistic and naive. There are certain important categories of vulnerabilities (such as intentionally placed backdoors) which, since they are deliberately hidden, can easily be exploited even if the public does not know about it, and yet which are trivial to defeat with open source.
A program's past record of events is a good indication of the developer's competence in producing quality software.
I include community acceptance and review of source code as one of the criteria that are factored into a program's past record. It's surprising that you don't.
The only thing I'm arguing is that the lack of available source code does not automatically make a program insecure. That is the beginning and end of my argument.
It certainly wasn't the end of your argument as originally stated. You went on to encourage people to look at Opera and Internet Explorer from the point of view of security. This is basically impossible without source code. One cannot usefully evaluate the security of a program without source code. (It's difficult to do even with the source code, but without the source code, it's impossible.)
To put it another way, even if some closed source programs are secure, it doesn't matter, since you have no way to tell which ones are secure and which ones are not. Relying on the so-called "previous security record" is a joke -- it's absurd to argue that a record of security (which is derived from third party security breaches) is any more reliable than third parties reviewing the code directly. If you don't trust third parties to review the code, then why do you trust them to establish its security record?
How exactly am I supposed to look at Opera's code to determine its security status?
I didn't say you look at Opera's code to determine its security status. You could start by looking at their security record.
I don't see how relying on a security record alone is superior to relying on both security record and the code. It's not the case that the two are mutually exclusive.
How exactly am I supposed to make myself familiar with security features for which I can't read the source code?
These are documented features. Why do I have to explain that?
Are you saying that documented features are always right? That documentation is always right? That's an incredible, almost ludicrous, claim.
If you want to evaluate the security of something, say Firefox, do you download the entire source code and audit it personally?
If your argument is that evaluating security using the source code is already too hard, then again I can't possibly fathom how lacking access to the source code would make the job any easier.
Just an obvious thought, if a script in Internet Explorer can delete a file, I suspect it could read it too. In any case, DEP isn't a great solution to this as it simply does not fix the problems this exploit *could* be used for.
Sure, but the GP was talking about UAC, not DEP. In any case, reading a file is an entirely different topic. In most cases, you need to write something somewhere on the disk (be it an executable file, or a script) in order to repeatedly and persistently read data from the machine, so any protections against unauthorized writing will also help defend against reading. Also, reading is rarely devastating in the same way as data loss.
So if it broke out of the secure mode sandbox, it would still be limited to user data, no system access.
By default, IE8 on 7 is pretty secure.
So it's ok if a buggy webpage can wipe out My Documents, so long as it doesn't break my system?
I'm not sure many users would agree with you there.
Modern malware does not usually delete data outright. Indeed, avoiding detection is one of the primary goals of modern malware. Deleting large amounts of data violates this goal in a big way. For this reason, your concern about wiping out My Documents is largely invalid in the context of the security threats that most users today actually face.
The biggest threats facing average users today are password-stealing trojans and zombie spambots. These programs are persistent in nature, and (unlike data deletion) can usually be recovered from. In this setting, user account permissions provide a substantial benefit, because in the absence of permanent data loss, it is far easier to recover from a user account compromise than a system compromise.
Maybe you could start by changing your worldview that all open source software is secure by virtue of being open source, and all proprietary software is crap. Maybe a look at Opera would prove otherwise.
How exactly am I supposed to look at Opera's code to determine its security status? With a disassembler?
If you're not aware of the several security features which Microsoft has added to Windows 7 and IE8 (not to mention much-needed support for several missing standards), then maybe you can make yourself familiar with those before claiming that everything which you can't read the code for is insecure.
How exactly am I supposed to make myself familiar with security features for which I can't read the source code?
Even with source code, evaluating security is a very difficult undertaking. I can't imagine how this task is any easier without source code.
That's comparable to the US minimum wage, but in a country you can have lunch for 1-2$ US.
Here in the States, a fairly nutritious frozen dinner costs 1 to 2 USD at Walmart*.
Aside from the fact that "nutritious frozen dinner" is an oxymoron, I can assure you (having been there myself) that the quality and quantity of food you can get for $2 in Taiwan is far greater than that provided by a frozen dinner. $2 in Taiwan gets you a hot prepared (not frozen) meal with rice, dumplings, spinach, carrots, meat, eggs, and soup. Think "Japanese bento box for $2" and you'll have the right idea.
Individual people still use email? In this era of social networking, etc, I no longer use email for "personal" activities.
I avoid social networking out of principle. Practically every week you see a new story about how Facebook sells your personal data. Just today their CEO proclaimed that users don't want privacy. This is an astoundingly disturbing statement, one that can only be explained by either incompetence or malice, and given their success so far, I'm not inclined to bet that they are incompetent. Such a company is pure evil; it's very easy to understand why someone would boycott it.
Gmail is almost as bad, but at least their CEO pays lip service to users' privacy instead of outright announcing that they have none, and at least Gmail exports standard SMTP/IMAP. For what it's worth, I don't use Gmail or any third-party webmail either.
For the record, I am not a Luddite or resistant to new ideas. I embrace good ideas. I reject bad ideas. So-called social networking is uniformly bad. Twitter in particular is moronic beyond belief. A blog with a 140-character post limit is not in any way better than a normal blog.
The only compelling use case for third-party messaging services is special-purpose media such as SMS where email is unavailable. "Social networking" does not qualify.
MSNBC and Fox News are equally biased for instance, but it seems Fox News gets called out for it considerably more.
Fox News gets called out for it, and deservedly, so, because their slogan is "Fair and Balanced", when they are not even close to it. I mean, go to their home page and what's the first thing you see next to their logo?
Bias in a news organization is normal. But no other news organization fraudulently claims to be fair and balanced. Fox News is vile because they are deceitful liars, not because they are biased.
Just to be accurate, I do not believe that in RSA you pick two primes but instead pick two values that are at least psuedoprime. Testing large numbers for primality is time consuming, but quick tests can eliminate nearly all composite numbers. The set of numbers that pass these quick tests but are not prime are called psuedoprimes, and are still usually pretty hard to factor.
In 1977, when RSA was first published, testing large numbers for primality was time consuming. But in the past 30 years, primality proving algorithms have improved by more than factoring algorithms have improved. Today it is very easy to test large primes for primality and prove (with a computer) that they are prime.
Many actual implementations use pseudoprimes for historical reasons, but there is no reason today to prefer pseudoprimes over primes.
I should also remark that, according to the original text of the RSA Challenge, all of the RSA Challenge Numbers, including the number being factored in the article, were generated using provable primes, and not pseudoprimes. The challenge organizers expended extra effort to use provable primes for the purposes of the challenge.
Disclaimer, I'm not a cryptographer and if somebody has more to add I'm all ears.
I am a cryptographer, and your last paragraph has a few details wrong, although the general idea is correct.
I believe all the key-exchange techniques are vulnerable to factoring (or P=NP issues in general), although their details vary.
In fact, even symmetric key crypto is vulnerable to P=NP issues. A nondeterministic Turing machine can break symmetric key crypto just by guessing the (shared symmetric) key.
If factoring becomes easy we'll never be able to encrypt communications between parties unless they have a secure channel to exchange keys (typically involving plane tickets).
There are many public key cryptosystems known, based upon a variety of hard problems. Some of these problems are identical to factoring, some of them (such as discrete logarithms over finite fields) are closely related (but not identical) to factoring, and some of them (like lattice rounding) have, as far as we know, no relationship to factoring.
If factoring becomes easy, we'll just switch to another public key cryptosystem based on a different hard problem. In particular, lattice-based cryptosystems are believed to be secure even against quantum computers.
Best Buy's purpose, as with every business, is to make money.
There's a big difference between making money and stealing money.
people aren't understanding the point of what the Geek Squad does, and what the Optimization service is.
Believe me, we understand exactly what the Optimization service is. The problem is, you don't understand what our complaint is.
I have no objection whatsoever to Best Buy providing the option of Optimization service. The problem is that, as described several times in the article, the service is not optional.
Bundling the optimization service together with the laptop, so that customers who buy the laptop must also buy the optimization service, and then advertising the laptop at the lower non-optimized price, is illegal. It's a classic bait-and-switch. By adopting this reprehensible and illegal practice, Best Buy is not making money. They're stealing money.
In my case, the Optimization service is doubly useless, since I run Linux. My first act with a new computer is to format the hard drive and install linux, which I might mention is a far better optimization than anything in your list. Of course, this act also wipes out all the "optimizations" added by the service. So, for me, the idea of paying for a mandatory useless optimization service, on top of the already onerous Windows tax, is doubly objectionable.
I present here a way of computing the nth decimal digit of pi (or any other base) by using more time than the [BBP] algorithm but still with very little memory.
The algorithm you linked to requires cubic time in n. It hardly qualifies as "calculating the n-th decimal digit directly" given that the naive approach (calculating every single digit between 1 and n, and throwing away all but the last digit) is faster than cubic time.
The only advantage of the algorithm you linked to is that it requires constant space.
I didn't read the article, only the summery but it made me wonder.
Do they verify these numbers somehow?
Anyone can write down a series of a numbers and claim it's a specific sequence.
Not saying these numbers aren't correct, just a thought.
Perhaps this is why you should read the article. The press release answers this question directly.
The binary result was verified with a formula found by the author with the Bailey-Borwein-Plouffe algorithm which directly gives the n'th hexadecimal digits of Pi. With this algorithm, the last 50 hexadecimal digits of the binary result were checked. A checksum modulo a 64 bit prime number done in the last multiplication of the Chudnovsky formula evaluation ensured a negligible probability of error.
The conversion from binary to base 10 was verified with a checksum modulo a 64 bit prime number.
There is an algorithm now for calculating the nth digit of Pi at a whim.
The algorithm only works for hexadecimal digits. There is no known formula or algorithm for calculating the n-th decimal digit directly.
Having said that, the existence or non-existence of an n-th digit algorithm does not have any relevance on the silliness or non-silliness of computing trillions of digits of pi, unless the algorithm is extremely trivial (i.e. computing the digit takes less CPU time than a byte of I/O), which is not the case here.
To have some better idea of who might be (re-)entering the country in the future. Clearly if JoeBlow644 left for vacation in Egypt and comes back two weeks later, he cannot return yet again the week after.
Please give a single actual, concrete response based on exit information that could not be accomplished using only entry information. Actual concrete response means: We took this concrete action in response to the exit data, that we would not have otherwise taken based only on entry data. Anything else is just mindless rationalization.
Bonus points if your scenario takes into account the fact that we have a three thousand mile long undefended land border with Canada, which is in fact not only economically, but physically impossible to defend.
You're missing the point. You log when they enter and log when they leave. Anyone who isn't logged leaving is counted as still being in the country. This lets you know how many people are still there and how many have overstayed. You can circulate the details of people who have overstayed to law enforcement and pick them up when they use a credit card or similar.
As you point out in your subsequent anecdote, we already log I-94 forms when visitors leave. We have been doing this for many years. The additional ID checks do nothing to help log when people leave.
Also, perhaps you haven't noticed, but as of January 18, 2009, even permanent residents, who by definition are not capable of overstaying their visa, are also fingerprinted at the border.
Now, granted, it doesn't say that people will be prevented from leaving, but I suggest you think about it for a moment. What is the purpose of identifying people who leave, other than to control who leaves?
Checking up on visitors who overstay their visas, as the article says? Just the sort of thing the UK Home Office got into trouble a few years ago for not knowing.
That's nice. What do you do when you catch such a person in the act of leaving? Deport them? Oh wait, they're already leaving.
Or maybe you mean, cross-check the visa database to find people who overstayed their visa, and aren't leaving. But obviously, if they aren't leaving, then this new policy does not affect them.
Now, granted, it doesn't say that people will be prevented from leaving, but I suggest you think about it for a moment. What is the purpose of identifying people who leave, other than to control who leaves?
The predicted convergence is very unlikely for two reasons: keyboard and display.
In North America, there's a third reason why convergence is unlikely: phones are very rarely sold unlocked, and manufacturers use every means at their disposal to tie smartphones to expensive long-term contracts.
There is no way a phone with a long term contract can compete on price with a netbook or even a laptop. Consumers these days are very price-sensitive and no longer fooled by contracts that back-load the true costs.
The EeePC was originally announced as a $199 laptop.... EeePC units now start at $249. The cheapest new newbook on Google Shopping (which seems to be mostly a rehash of Amazon) is $229. The cheapest netbook at WalMart is $278.
In fairness, the actual price of the EeePC at launch was $399. So netbook prices have gone down toward $199, not up from $199. This is, of course, despite the efforts of Intel and Microsoft to fight netbooks.
Make every passenger from Nigeria go out through security in Amsterdam, then back in.
Amsterdam already does this, not just for Nigeria, but for every passenger arriving from every country.
You have clearly never been to the Amsterdam airport. The security checkpoints in Amsterdam are at the departure gates, not at the terminal entrance. Every single departure gate has an individual security checkpoint, with metal detector and x-ray machine. Every passenger boarding the flight is screened, regardless of their point of origin.
My first reaction upon seeing this setup was that it was a waste of resources for every gate to have a separate checkpoint. But it makes sense in a lot of ways. It prevents long lines from building up in any single checkpoint (important if you're concerned about terrorists setting off bombs while waiting in a densely packed line). Also, unlike US airports, if a passenger escapes through the checkpoint, it's very easy to find him afterward, since there's nowhere to go beyond the checkpoint except onto the plane. Hence you never see the entire airport closing down because one passenger ran through the checkpoint the wrong way. My guess is that the cost saved by avoiding 2-3 security related airport closures in this way makes up for the cost of the extra hardware.
Slashdot Mirror
A business can simply choose not to do business with you at any time for any reason, even a secret one.
Conversely, a potential customer can choose not to do business with Paypal at any time for any reason, or even for no reason whatsoever. The fact that Paypal terminates accounts arbitrarily and confiscates balances arbitrarily with no right of appeal is a damn good reason not to do business with them, regardless of whether or not they are acting legally. So I see nothing wrong with avoiding Paypal, or recommending that others avoid Paypal, or explaining why doing business with Paypal is a bad idea -- which is exactly what the GP did.
Saying that UAC/DEP does solve all these problems does make you seem like a Microsoft shill - by suggesting their new feature is the be-all and end-all of all vulnerabilities. That can never be the case and is why I took offence to this thread.
In turn, I never said that mitigation solves all these problems, or that one should not fix the exploit. Of course mitigation is not the total solution, and of course one should fix the exploit. But mitigation IS a valuable defense. If an attacker manages to delete My Documents, as bad as that is, it IS still a superior outcome compared to total system compromise, doubly so because deletion is a very rare threat in the wild. That's all.
In either case, this exploit isn't safe just because of UAC or DEP.
You're making it out as if exploit mitigation is worthless. I completely disagree. Even if this particular exploit is not restricted by UAC or DEP, in general it is a good and worthwhile thing if the impact of an exploit is limited to user files as opposed to system files. This is especially undeniably true on multiuser systems (which are very rare in the Windows world, but extremely common in Unix/Linux).
Also, reading is rarely devastating in the same way as data loss.
Wow. You're quite behind. Make your mind up, I said about data loss, someone said that data loss isn't bad and that reading data is just as bad, and you're telling me that someone reading my documents/credit card numbers/porn isn't devastating. You can't have it both ways.
If someone else said something opposite, it doesn't mean that I agree with what they say. I'm not trying to have it both ways. Of course read exploits can have terrible consequences, but you must admit that data loss is devastating as well. In comparing two extremely bad outcomes, I rank data loss worse.
I will acknowledge that read attacks are far more common on the modern internet.
All I'm saying is DEP nor UAC is a suitable 'solution' or panacea. Are you sure you're not a Microsoft shill?
Given my extremely long posting history of pro-linux anti-microsoft comments, I am indeed sure that I am not a Microsoft shill. As a matter of fact, Linux/Unix benefits from exploit mitigation via user permissions far more than Windows, because limited privilege user accounts are the norm in Linux rather than the exception.
It doesn't matter practically if a piece of software has a vulnerability which no is able to exploit because no one knows about it.
This view of computer security is overly simplistic and naive. There are certain important categories of vulnerabilities (such as intentionally placed backdoors) which, since they are deliberately hidden, can easily be exploited even if the public does not know about it, and yet which are trivial to defeat with open source.
A program's past record of events is a good indication of the developer's competence in producing quality software.
I include community acceptance and review of source code as one of the criteria that are factored into a program's past record. It's surprising that you don't.
The only thing I'm arguing is that the lack of available source code does not automatically make a program insecure. That is the beginning and end of my argument.
It certainly wasn't the end of your argument as originally stated. You went on to encourage people to look at Opera and Internet Explorer from the point of view of security. This is basically impossible without source code. One cannot usefully evaluate the security of a program without source code. (It's difficult to do even with the source code, but without the source code, it's impossible.)
To put it another way, even if some closed source programs are secure, it doesn't matter, since you have no way to tell which ones are secure and which ones are not. Relying on the so-called "previous security record" is a joke -- it's absurd to argue that a record of security (which is derived from third party security breaches) is any more reliable than third parties reviewing the code directly. If you don't trust third parties to review the code, then why do you trust them to establish its security record?
How exactly am I supposed to look at Opera's code to determine its security status?
I didn't say you look at Opera's code to determine its security status. You could start by looking at their security record.
I don't see how relying on a security record alone is superior to relying on both security record and the code. It's not the case that the two are mutually exclusive.
How exactly am I supposed to make myself familiar with security features for which I can't read the source code?
These are documented features. Why do I have to explain that?
Are you saying that documented features are always right? That documentation is always right? That's an incredible, almost ludicrous, claim.
If you want to evaluate the security of something, say Firefox, do you download the entire source code and audit it personally?
If your argument is that evaluating security using the source code is already too hard, then again I can't possibly fathom how lacking access to the source code would make the job any easier.
Just an obvious thought, if a script in Internet Explorer can delete a file, I suspect it could read it too. In any case, DEP isn't a great solution to this as it simply does not fix the problems this exploit *could* be used for.
Sure, but the GP was talking about UAC, not DEP. In any case, reading a file is an entirely different topic. In most cases, you need to write something somewhere on the disk (be it an executable file, or a script) in order to repeatedly and persistently read data from the machine, so any protections against unauthorized writing will also help defend against reading. Also, reading is rarely devastating in the same way as data loss.
So if it broke out of the secure mode sandbox, it would still be limited to user data, no system access.
By default, IE8 on 7 is pretty secure.
So it's ok if a buggy webpage can wipe out My Documents, so long as it doesn't break my system? I'm not sure many users would agree with you there.
Modern malware does not usually delete data outright. Indeed, avoiding detection is one of the primary goals of modern malware. Deleting large amounts of data violates this goal in a big way. For this reason, your concern about wiping out My Documents is largely invalid in the context of the security threats that most users today actually face.
The biggest threats facing average users today are password-stealing trojans and zombie spambots. These programs are persistent in nature, and (unlike data deletion) can usually be recovered from. In this setting, user account permissions provide a substantial benefit, because in the absence of permanent data loss, it is far easier to recover from a user account compromise than a system compromise.
Maybe you could start by changing your worldview that all open source software is secure by virtue of being open source, and all proprietary software is crap. Maybe a look at Opera would prove otherwise.
How exactly am I supposed to look at Opera's code to determine its security status? With a disassembler?
If you're not aware of the several security features which Microsoft has added to Windows 7 and IE8 (not to mention much-needed support for several missing standards), then maybe you can make yourself familiar with those before claiming that everything which you can't read the code for is insecure.
How exactly am I supposed to make myself familiar with security features for which I can't read the source code?
Even with source code, evaluating security is a very difficult undertaking. I can't imagine how this task is any easier without source code.
That's comparable to the US minimum wage, but in a country you can have lunch for 1-2$ US.
Here in the States, a fairly nutritious frozen dinner costs 1 to 2 USD at Walmart*.
Aside from the fact that "nutritious frozen dinner" is an oxymoron, I can assure you (having been there myself) that the quality and quantity of food you can get for $2 in Taiwan is far greater than that provided by a frozen dinner. $2 in Taiwan gets you a hot prepared (not frozen) meal with rice, dumplings, spinach, carrots, meat, eggs, and soup. Think "Japanese bento box for $2" and you'll have the right idea.
Individual people still use email? In this era of social networking, etc, I no longer use email for "personal" activities.
I avoid social networking out of principle. Practically every week you see a new story about how Facebook sells your personal data. Just today their CEO proclaimed that users don't want privacy. This is an astoundingly disturbing statement, one that can only be explained by either incompetence or malice, and given their success so far, I'm not inclined to bet that they are incompetent. Such a company is pure evil; it's very easy to understand why someone would boycott it.
Gmail is almost as bad, but at least their CEO pays lip service to users' privacy instead of outright announcing that they have none, and at least Gmail exports standard SMTP/IMAP. For what it's worth, I don't use Gmail or any third-party webmail either.
For the record, I am not a Luddite or resistant to new ideas. I embrace good ideas. I reject bad ideas. So-called social networking is uniformly bad. Twitter in particular is moronic beyond belief. A blog with a 140-character post limit is not in any way better than a normal blog.
The only compelling use case for third-party messaging services is special-purpose media such as SMS where email is unavailable. "Social networking" does not qualify.
MSNBC and Fox News are equally biased for instance, but it seems Fox News gets called out for it considerably more.
Fox News gets called out for it, and deservedly, so, because their slogan is "Fair and Balanced", when they are not even close to it. I mean, go to their home page and what's the first thing you see next to their logo?
Bias in a news organization is normal. But no other news organization fraudulently claims to be fair and balanced. Fox News is vile because they are deceitful liars, not because they are biased.
Just to be accurate, I do not believe that in RSA you pick two primes but instead pick two values that are at least psuedoprime. Testing large numbers for primality is time consuming, but quick tests can eliminate nearly all composite numbers. The set of numbers that pass these quick tests but are not prime are called psuedoprimes, and are still usually pretty hard to factor.
In 1977, when RSA was first published, testing large numbers for primality was time consuming. But in the past 30 years, primality proving algorithms have improved by more than factoring algorithms have improved. Today it is very easy to test large primes for primality and prove (with a computer) that they are prime.
Many actual implementations use pseudoprimes for historical reasons, but there is no reason today to prefer pseudoprimes over primes.
I should also remark that, according to the original text of the RSA Challenge, all of the RSA Challenge Numbers, including the number being factored in the article, were generated using provable primes, and not pseudoprimes. The challenge organizers expended extra effort to use provable primes for the purposes of the challenge.
Disclaimer, I'm not a cryptographer and if somebody has more to add I'm all ears.
I am a cryptographer, and your last paragraph has a few details wrong, although the general idea is correct.
I believe all the key-exchange techniques are vulnerable to factoring (or P=NP issues in general), although their details vary.
In fact, even symmetric key crypto is vulnerable to P=NP issues. A nondeterministic Turing machine can break symmetric key crypto just by guessing the (shared symmetric) key.
If factoring becomes easy we'll never be able to encrypt communications between parties unless they have a secure channel to exchange keys (typically involving plane tickets).
There are many public key cryptosystems known, based upon a variety of hard problems. Some of these problems are identical to factoring, some of them (such as discrete logarithms over finite fields) are closely related (but not identical) to factoring, and some of them (like lattice rounding) have, as far as we know, no relationship to factoring.
If factoring becomes easy, we'll just switch to another public key cryptosystem based on a different hard problem. In particular, lattice-based cryptosystems are believed to be secure even against quantum computers.
Best Buy's purpose, as with every business, is to make money.
There's a big difference between making money and stealing money.
people aren't understanding the point of what the Geek Squad does, and what the Optimization service is.
Believe me, we understand exactly what the Optimization service is. The problem is, you don't understand what our complaint is.
I have no objection whatsoever to Best Buy providing the option of Optimization service. The problem is that, as described several times in the article, the service is not optional.
Bundling the optimization service together with the laptop, so that customers who buy the laptop must also buy the optimization service, and then advertising the laptop at the lower non-optimized price, is illegal. It's a classic bait-and-switch. By adopting this reprehensible and illegal practice, Best Buy is not making money. They're stealing money.
In my case, the Optimization service is doubly useless, since I run Linux. My first act with a new computer is to format the hard drive and install linux, which I might mention is a far better optimization than anything in your list. Of course, this act also wipes out all the "optimizations" added by the service. So, for me, the idea of paying for a mandatory useless optimization service, on top of the already onerous Windows tax, is doubly objectionable.
What about this?
The algorithm you linked to requires cubic time in n. It hardly qualifies as "calculating the n-th decimal digit directly" given that the naive approach (calculating every single digit between 1 and n, and throwing away all but the last digit) is faster than cubic time.
The only advantage of the algorithm you linked to is that it requires constant space.
I didn't read the article, only the summery but it made me wonder.
Do they verify these numbers somehow? Anyone can write down a series of a numbers and claim it's a specific sequence.
Not saying these numbers aren't correct, just a thought.
Perhaps this is why you should read the article. The press release answers this question directly.
There is an algorithm now for calculating the nth digit of Pi at a whim.
The algorithm only works for hexadecimal digits. There is no known formula or algorithm for calculating the n-th decimal digit directly.
Having said that, the existence or non-existence of an n-th digit algorithm does not have any relevance on the silliness or non-silliness of computing trillions of digits of pi, unless the algorithm is extremely trivial (i.e. computing the digit takes less CPU time than a byte of I/O), which is not the case here.
To have some better idea of who might be (re-)entering the country in the future. Clearly if JoeBlow644 left for vacation in Egypt and comes back two weeks later, he cannot return yet again the week after.
Please give a single actual, concrete response based on exit information that could not be accomplished using only entry information. Actual concrete response means: We took this concrete action in response to the exit data, that we would not have otherwise taken based only on entry data. Anything else is just mindless rationalization.
Bonus points if your scenario takes into account the fact that we have a three thousand mile long undefended land border with Canada, which is in fact not only economically, but physically impossible to defend.
You're missing the point. You log when they enter and log when they leave. Anyone who isn't logged leaving is counted as still being in the country. This lets you know how many people are still there and how many have overstayed. You can circulate the details of people who have overstayed to law enforcement and pick them up when they use a credit card or similar.
As you point out in your subsequent anecdote, we already log I-94 forms when visitors leave. We have been doing this for many years. The additional ID checks do nothing to help log when people leave.
Also, perhaps you haven't noticed, but as of January 18, 2009, even permanent residents, who by definition are not capable of overstaying their visa, are also fingerprinted at the border.
Now, granted, it doesn't say that people will be prevented from leaving, but I suggest you think about it for a moment. What is the purpose of identifying people who leave, other than to control who leaves?
Checking up on visitors who overstay their visas, as the article says? Just the sort of thing the UK Home Office got into trouble a few years ago for not knowing.
That's nice. What do you do when you catch such a person in the act of leaving? Deport them? Oh wait, they're already leaving.
Or maybe you mean, cross-check the visa database to find people who overstayed their visa, and aren't leaving. But obviously, if they aren't leaving, then this new policy does not affect them.
It makes no sense either way.
We used to criticize the Soviets for everything, be it rational or not. :)
BTW we criticized them for not letting people LEAVE their borders, not for controlling their own airspace and controlling border ingress.
Interestingly, we're already at that point: U.S. readies plan to ID departing visitors, Nov. 8. 2009.
Now, granted, it doesn't say that people will be prevented from leaving, but I suggest you think about it for a moment. What is the purpose of identifying people who leave, other than to control who leaves?
The predicted convergence is very unlikely for two reasons: keyboard and display.
In North America, there's a third reason why convergence is unlikely: phones are very rarely sold unlocked, and manufacturers use every means at their disposal to tie smartphones to expensive long-term contracts.
There is no way a phone with a long term contract can compete on price with a netbook or even a laptop. Consumers these days are very price-sensitive and no longer fooled by contracts that back-load the true costs.
The EeePC was originally announced as a $199 laptop.... EeePC units now start at $249. The cheapest new newbook on Google Shopping (which seems to be mostly a rehash of Amazon) is $229. The cheapest netbook at WalMart is $278.
In fairness, the actual price of the EeePC at launch was $399. So netbook prices have gone down toward $199, not up from $199. This is, of course, despite the efforts of Intel and Microsoft to fight netbooks.
Make every passenger from Nigeria go out through security in Amsterdam, then back in.
Amsterdam already does this, not just for Nigeria, but for every passenger arriving from every country.
You have clearly never been to the Amsterdam airport. The security checkpoints in Amsterdam are at the departure gates, not at the terminal entrance. Every single departure gate has an individual security checkpoint, with metal detector and x-ray machine. Every passenger boarding the flight is screened, regardless of their point of origin.
My first reaction upon seeing this setup was that it was a waste of resources for every gate to have a separate checkpoint. But it makes sense in a lot of ways. It prevents long lines from building up in any single checkpoint (important if you're concerned about terrorists setting off bombs while waiting in a densely packed line). Also, unlike US airports, if a passenger escapes through the checkpoint, it's very easy to find him afterward, since there's nowhere to go beyond the checkpoint except onto the plane. Hence you never see the entire airport closing down because one passenger ran through the checkpoint the wrong way. My guess is that the cost saved by avoiding 2-3 security related airport closures in this way makes up for the cost of the extra hardware.