It depends on the availability of a third party. SSL works fine with just the server you connect to, but for this you need to talk to the same set of servers for any certificate check. That makes it easy to block. Somebody doing MITM will just block you off Convergence, then you won't know if the self-signed cert is any good.
It doesn't do many of the duties of a CA. It will happily mark as valid a certificate for gma1l.com, with the metadata copied from the gmail certificate.
It's still a CA, except one that follows a different policy. It's just as breakable. What guarantee do you have that their servers return accurate information?
There's this and Perspectives, so we're back to the CA system again. There are multiple providers of this service, and they're going to the CA system of having a list of trusted providers. Except at least the browser vendors require things of a CA. How do you know what's more secure, Convergence or Perspectives? What about when there are 50 of those?
`Evolution is simply a well evidenced scientific theory': and how is this `well evidenced', did you witness the process?
Why yes, for instance we can see how we keep getting colds year after year. There's plenty left over evidence in the form of fossils too.
In any case, Lamarckism is much more natural than Darwinism:
The superficial naturalness of things has no bearing on what actually happens. Not so long ago the most logical explanation was that flies spontaneously appeared out of rotting meat, and disease was inflicted by the devil, yet go figure, reality turned out to be more complicated.
are not mutations miracles?
No, why would they be? They've been studied in detail, we know how and why DNA replicates imperfectly. There's nothing magic about it.
As for Augustine, it is better to believe those that are recorded as having spoken to and heard Jesus in person, as e.g, John, and unlike Augustine (their writings are meaningful: these are not for us mere material heaps, as are fossils).
Mere material heaps are much better. People make mistakes and lie or omit crucial information. Somehow for instance there's nothing written about Jesus during the time of his supposed life, and all the writings were made considerably later, and don't agree with each other. John also can't be trusted much on this matter, a third party account would be much more valuable.
First, evolution is already proven, so nothing to prove there.
Second, it's perfectly possible to produce a system that will then evolve. There's no requirement that stuff just spontaneously assemble. We can for instance artificially create a new species, which will then go on to evolve if it sticks around.
Atheist already ignore all the tech in organic cells so it's seems like this event will be more probable.
Nobody is ignoring it, but it's not all that important. Darwin didn't know why things worked that way. He didn't know of Mendel's research in genetics for instance, as well as how cells work. But the pattern was there anyway, whatever the reason for it was.
Easy. As a CEO of Walmart you need assurances that products will sell. You sell your shelf space illegally at a premium where every producer pays you whether the product sells or not and they take the loss if it doesn't. That way you make money either way.
All that is entirely independent of what product ends up on the shelf, so I don't see what that has to do with anything.
A cool new product is here. One guy owns it and the other guy has marketing power to threaten you and he can produce it cheaper and buy all that shelf space. Who are you going to listen too? The guy with the money wins and yes you will kick the other guy out as Megacorp is such a big customer.
None of that has anything to do with either copyright, trademarks or patents. Having copyright or patents on something in no way requires anybody to sell your product. If Walmart is willing to accept money not to sell your product, then your product being patented doesn't make any difference.
Also, in a situation with patents this is trivially easy: MegaCorp first gets Walmart to stop selling your stuff, maybe buys that shelf space and puts any random junk on it, waits until you go out of business, buys your patents for cheap when you go bankrupt, and then puts your product on the shelf.
Ask any of the 25 other cola brands CEOs that failed? Pepsi or Coke is there because of these practices.
So how exactly did patents or whatever help those 25? They failed anyway.
I see your product and immediately imitate it. I have factories in China that can produce it cheaper than what you can do here in a local wharehouse with only a few workers on an assembly line.
Even with patents, you already won.
A small business owner has very few patents. Maybe one. Maybe 3 or 4. You on the other hand have an army of lawyers on hand. You can pay them to find a loophole in those patents you have and exploit them. Or you can check which of your 500 patents is broad enough to apply to anything the small business is doing and sue them for infringement. Patent lawsuits are expensive. You can simply drown them in litigation, and if you manage to convince the judge to get an injunction, they're toast.
I then call all the retailers to ban your product so you can't sell it and then tell Amazon.com to raise the prices sky high on your products so you lose money and my imitation will always be cheaper.... now explain what short term gains you will get?
I don't get it, what does this have to do with the lack of patents, trademarks or copyright? Why would a retailer listen to your opinion of what should be sold, or Amazon raise prices on something just because you tell them? Without those things they can set up their own production.
It baffles me how in this day and age people still cling to the idea of getting rich as a lone inventor. If those still exist they're very, very few. Most of this stuff is owned by corporations, and you can see right in this article what it takes to survive: a lone patent isn't worth anything, you need to be a multinational with thousands of patents to have any chance.
Let's say Microsoft runs some retail stores. I can now stand in them and talk to all their customers about anything I want, including criticising Microsoft.
You already can do that.
Sure, they can ask you to leave, but AFAIK they can't do much if you decide to hang out around the door and hand out flyers so long you don't do something too disruptive like actually blocking the entrance.
Since they're now blocked by First Amendment issues they also cannot refuse to sell my piece of software in my store if I want them to (exactly like this app in Apple's app store that you are claiming Apple should not be able to remove due to First Amendment issues).
Ah, here is gets more complicated.
I think it should scale depending on the amount of control you execise, and the market share you have. If you're a private club you get to decide exactly who enters, if you own a park with free entrance or a token fee then you need an excellent reason to forbid entry, and if you somehow own the entire city you lose any ability of control at all.
The same way, if you have a shop that exclusively sells toy cars that you hand picked yourself, you get to keep doing that. If on the other hand you offer shelf space then you get very little control over what gets placed on it. If you somehow are the only shop in the country, IMO you should get forced into providing shelf space on a non-discriminatory basis. If there's available space and you pay for it, you get to use it for whatever you want. Not a nice position for a business to be in, but such things shouldn't happen in the first place.
I could also get a job in Microsoft's stores, and then spend all day telling the customers how terrible MS is, and they cannot stop me because the First Amendment protects me in this situation. If they fire me for this I can sue them for their unconstitutional sacking.
Coming back to the previous idea. Since the management decides exactly who works for them they get to impose restrictions while you're on the job. Outside of the job I think you should be able to say whatever you want.
What happens if their marketshare drops? Are they suddenly free of the first amendment and then become free to decide what to carry in their store?
Freer. It's like with monopolies, it's not illegal to be one, but being one imposes restrictions.
The overall idea is that I think the government's job is maintaining balance. Ideally a healthy market would have hundreds of options for a given service. If it doesn't, regulation should work in such a way that the end result is as if it was.
So if there's a hundred different coffee shops there's no problem with a shop deciding to require formal attire. If you're into punk fashion you can still find a shop that will serve you. If Starbucks somehow managed to take over everything though, it should get forced into serving you even if you show up in a fursuit.
Slippery how? What problems do you see arising from it?
In my view, in regards to freedom of speech, it's the effective freedom of speech available to an individual that matters. Who restricts them isn't particularly important. Imagine that 99% of the software market is owned by Microsoft, who sets the condition that their software may not be used for disparaging them.
So what does it matter to you if the government doesn't prevent you from writing an article criticizing MS? Even if you are one of the 1% who uses software that doesn't fall under the limitation, good luck having it published somewhere, because the magazine or news program will inevitably require at least one piece of MS software and refuse to publish it for that reason.
In such a situation, Microsoft is effectively the censor, and your freedom is extremely theoretical.
IMO, once you reach such a market share that you can control what a large part of the population can see or do, you should start being restricted by the first amendment as well.
I don't think it matters much who does the censoring. Whether it's the government or a corporation doesn't matter, the effect on the population does. It's just that back when the first amendment was written such control by a corporation wasn't on anybody's mind.
I've had times when I'd have found it useful to have something like base64 or md5 in shell script form to require less dependencies on ancient installations, assuming it could be made work with anything approaching acceptable performance.
Unfortunately this isn't it. A 194 bytes file took 3 seconds. The skein script (10K) takes 2 minutes and half, and it's ridiculously memory intensive too. The process grew to 150 MB in size.
Re:Without remorse there is no rehabilitation.
on
Kevin Mitnick Answers
·
· Score: 1
That's a fair cop. I am absolutely biased about this, and I'm not going to try to pretend otherwise. And my quote about 'some of the most amoral acts' is outrageous hyperbole, I admit it.
Then you should have kept silent. Also, admission of guilt doesn't grant absolution in my eyes, so you admitting it doesn't do much for me.
What I'm talking about is empathy. He's saying that he broke into computer systems, stole some information and terrorized them, but he didn't make a profit on it so it's ethically okay. That's bullshit. It's amoral. It's a complete lack of empathy, and a telling sign of a sociopath.
You're making a mountain out of a molehill, IMO.
IMO you're not much better yourself. He served his time, and is now working on the opposite side. I find that to be enough.
You on the other hand seem to believe that a simple statement of having been wrong has more value than those deeds for some reason, and I don't really have a lot of respect for that kind of thing. Actions speak louder than words for me.
Except this one member gets a free Q&A session on Slashdot to promote his new book, and is lauded as a paid speaker at hacker conventions. That's a much shorter list. A good segment of the computer geek community sees this sociopath as a hero, and that is a bad reflection on us.
IMO you're much closer to a sociopath yourself, given how you think complying with a trivial ritual of "admitting guilt" somehow excuses what you said in this thread and gives you license to keep doing it.
Re:Without remorse there is no rehabilitation.
on
Kevin Mitnick Answers
·
· Score: 2
I agree with what he says.
While what he did wasn't the most ethical thing to do, I don't think it in any way qualifies as having done "some of the most amoral and harmful acts in modern computing history" by any measure. You've just got an axe to grind because you were personally affected. If you weren't, you'd probably care much less.
In any event, Kevin shows no remorse for being a criminal, which means he essentially still is one. Time served and a stamp of approval by the white hats doesn't matter; what matters is that a person grows from their experiences and becomes better. I see no evidence that Kevin is a better man than he was.
No. Legally he served his time, and that's it. What you're talking about is morality which has absolutely nothing to do with the law.
The people defending him should take note that their hero is a crook. And he always will be in my eyes, until I see some contrition and some remorse for what he's done.
I don't think he's a hero, nor a much of a villain. He's just some guy that messed with a few things he shouldn't have and paid rather too much for it. He's just one member of a very large list of people.
Ooh, a disciple of Machiavelli! Well, don't forget about the part that follows:
Nevertheless a prince ought to inspire fear in such a way that, if he does not win love, he avoids hatred; because he can endure very well being feared whilst he is not hated, which will always be as long as he abstains from the property of his citizens and subjects and from their women. But when it is necessary for him to proceed against the life of someone, he must do it on proper justification and for manifest cause, but above all things he must keep his hands off the property of others, because men more quickly forget the death of their father than the loss of their patrimony.
Let's see, avoiding hatred? Nope, complete failure there in many countries. Abstaining from the property of the citizens? The US wrecked plenty of it in Iraq. Proper justification and manifest cause for killing people? Sure, for some, but there was plenty "collateral damage" as well.
Sorry, if you think Machiavelli figured out the proper way to rule, the US isn't really following it well at all.
IMO the biggest failure on the US part is the demonstration of that they do whatever they please, and that if you don't want them in your country, better get nuclear weapons fast. Yes, that was a great lesson to learn.
Most are in deserts, I don't think it makes for very good real estate for much else.
The Blythe plant output sounds impressive, until you realize it can't take sunlight 24x7. So divide its 960 MW by four or more.
I don't know about Blythe, and from googling it seems it'll use PVs.
Again, I was talking about solar thermal, and since it's going to store energy it would make sense that the turbines would run at full power 24/7, by storing the extra power during the day.
Then realize its $6 billion price tag. Compared to nuclear power, it's a farce.
Still, it seems a bit much to have solar cost that much. It'll probably come down in price when the tech is properly worked out, there's not a lot of those around yet.
Yes, modern nuclear plant is better. Base load, security, etc.
A molten salt solar powerplant is perfectly capable of providing base load, that's what the molten salt is for. Seems better security-wise too.
Yes, it is expensive for older plants. However modern design don't have those long term problems previous generation plants have.
There are reactor design that run off old waste, and the end product has return to background radiation level in 200-500 years. You could, quite literally, build the storage facility for it's wast as part of the plant.
Which design is that and where is it being used? Also, I meant disassembling the plant itself, the waste is another issue entirely. It seems to me that a nuclear powerplant is necessarily complex and difficult to safely dismantle, but I could be mistaken.
You really think that re-polishing mirrors once in a while is such a horrible disadvantage that a nuclear powerplant is a better solution?
Sure, the dirt and scratches are a problem, but polishing stuff is not a new problem by any means. I'm sure that if we start building solar powerplants en masse, it won't take long for somebody to come up with a maintenance robot for those.
Thousands of identical mirrors, arranged in a predictable pattern can't be that difficult to clean and polish automatically. There have been advances in scratch resistant and self-cleaning hydrophobic glasses as well, which may find an use there.
And since we're talking maintenance, don't forget the need to demolish that powerplant eventually. No matter how well it works eventually it'll get old, or just plain obsolete compared to modern tech. And I hear that for nuclear powerplants, it gets quite expensive.
And whose pocket do those salaries and lawyer fees come from? The company has to be funded somehow. Their client now thinks it was a bad idea.
As a business it doesn't seem to be working. The only way I see this continue is if somebody really thinks this is worth losing money on, out of some sense of retribution or something like that.
AFAIK, bankruptcy doesn't let you get away from paying for stuff. It means that a court will determine who has priority and who will get screwed out of the money they're owed.
I don't think Righthaven is going to be recreated. They've proved to be a miserable failure, doing what they did no doubt cost quite a bit of money for the lawsuits they lost. The only point in reforming it would be if the people involved really thought that losing money in this manner was worth it, because it sure doesn't look like they're going to earn any.
Though I am still interested in how you think a compromised CA issuing a dodgy certificate to a third party breaks the security process. The issuing of a dodgy certificate is still only part of the challenge. You still need to convince people to connect to your site, and as such when you have compromised a CA and issued yourself a dodgy certificate for google.com you need to somehow insert yourself into path between your victim and their request to go to a google server. As it would be near impossible pull off this globally the notaries will show up with different results and expose the MITM attack.
The current system is "if the cert is signed by any of the 150 CAs listed in the browser", it's good. Thus it's enough to compromise one of those and start issuing certs.
Perspectives does help a bit there, but it can be compromised too. From looking at the source ideally the attacker would compromise the notary list. If they can provide their own, they can run their own notaries that say everything is valid.
MITM isn't that hard to set up, btw. A trivial way of doing it is running an open wifi AP in a well populated place and just waiting until somebody falls for it.
Your last example is also not likely. Perspectives doesn't take the place of a CA but only verifies already issued certificates against notaries. You'd still need a CA to issue a valid certificate to Google.ws, and perspectives neither makes this process more or less secure as this is still the job of the CA
Done that way, yes, it's helpful, but I see people clamouring for replacing the CA system with something like Perspectives. They say that a self-signed cert shouldn't be seen as a bad sign if validated in a Perspectives-like manner.
In fact after debating with people here and reading the source I'd say that I might have an use for it myself. But I just don't buy into the hype.
First of all, again, it's not a replacement for the CA system as being claimed by some people here. It's very much a CA, except one that runs a different verification policy. It keeps the weaknesses of a CA system, like a single CA being compromised being enough to break security.
Second, it's not very user friendly. Current CAs are near transparent, and still are hard enough to explain to normal people. Explaining why Perspectives is unhappy with gmail renewing their cert will be very difficult and spell doom for security. All most people will get from the explanation is "the smart computer guy says it's safe", and click "Ignore". And do the same thing when the warning comes up due to actual MITM.
Third, it doesn't perform all the duties of a CA. It'll happily declare as valid a cert for gmail.ws that says that it's been issued to Google. Sure, normal CAs are ocassionally tricked into doing that, but with Perspectives it's guaranteed.
The idea is that the client doesn't rely on just one notary, the client checks several of them, chosen at random from a large list. So the attacker has to compromise all of the notaries the client chooses to use, simultaneously, and without knowing which notaries the client might use. The attacker could block access to all of the notaries but the one he's compromised, but that's trivially defeated by configuring the client to require multiple successful validations, and to refuse to validate at all if many notaries appear to be offline.
There's a single point of failure: the notary list. If you can manage to provide your own, you're set, no matter how many notaries there are.
Fortunately, the list is signed. Less fortunately, it's vulnerable to replay attacks. One could make the job easier by saving an old list with few servers. Also all of the notaries are on the same domain which probably is not a good thing.
Further, keep in mind that Marlinspike's system doesn't have to be a replacement for the existing PKI. It can stand beside it, and clients can be configured to require both systems validate a server's certificate before considering it valid. This would make the attacker's job nearly impossible.
Now that's more along the lines of what I was saying.
However, what about false positives?
Realistically most of the time you'll be seeing false positives from Perspectives. Lots of certs only last a year, there's only 365 days in one. If you browse around enough you will see a validation errors pretty often, for every time a cert is renewed. The current gmail cert expires on 19/12/2011, will you stay away from gmail until Perspectives is happy with the new cert?
Slashdot Mirror
There are lots of problems with that.
Let's see:
It depends on the availability of a third party. SSL works fine with just the server you connect to, but for this you need to talk to the same set of servers for any certificate check. That makes it easy to block. Somebody doing MITM will just block you off Convergence, then you won't know if the self-signed cert is any good.
It doesn't do many of the duties of a CA. It will happily mark as valid a certificate for gma1l.com, with the metadata copied from the gmail certificate.
It's still a CA, except one that follows a different policy. It's just as breakable. What guarantee do you have that their servers return accurate information?
There's this and Perspectives, so we're back to the CA system again. There are multiple providers of this service, and they're going to the CA system of having a list of trusted providers. Except at least the browser vendors require things of a CA. How do you know what's more secure, Convergence or Perspectives? What about when there are 50 of those?
So what would you replace it with?
Hopefully this will get the others CAs worried and motivate them to get better security.
Why yes, for instance we can see how we keep getting colds year after year. There's plenty left over evidence in the form of fossils too.
The superficial naturalness of things has no bearing on what actually happens. Not so long ago the most logical explanation was that flies spontaneously appeared out of rotting meat, and disease was inflicted by the devil, yet go figure, reality turned out to be more complicated.
No, why would they be? They've been studied in detail, we know how and why DNA replicates imperfectly. There's nothing magic about it.
Mere material heaps are much better. People make mistakes and lie or omit crucial information. Somehow for instance there's nothing written about Jesus during the time of his supposed life, and all the writings were made considerably later, and don't agree with each other. John also can't be trusted much on this matter, a third party account would be much more valuable.
First, evolution is already proven, so nothing to prove there.
Second, it's perfectly possible to produce a system that will then evolve. There's no requirement that stuff just spontaneously assemble. We can for instance artificially create a new species, which will then go on to evolve if it sticks around.
Nobody is ignoring it, but it's not all that important. Darwin didn't know why things worked that way. He didn't know of Mendel's research in genetics for instance, as well as how cells work. But the pattern was there anyway, whatever the reason for it was.
All that is entirely independent of what product ends up on the shelf, so I don't see what that has to do with anything.
None of that has anything to do with either copyright, trademarks or patents. Having copyright or patents on something in no way requires anybody to sell your product. If Walmart is willing to accept money not to sell your product, then your product being patented doesn't make any difference.
Also, in a situation with patents this is trivially easy: MegaCorp first gets Walmart to stop selling your stuff, maybe buys that shelf space and puts any random junk on it, waits until you go out of business, buys your patents for cheap when you go bankrupt, and then puts your product on the shelf.
So how exactly did patents or whatever help those 25? They failed anyway.
Even with patents, you already won.
A small business owner has very few patents. Maybe one. Maybe 3 or 4. You on the other hand have an army of lawyers on hand. You can pay them to find a loophole in those patents you have and exploit them. Or you can check which of your 500 patents is broad enough to apply to anything the small business is doing and sue them for infringement. Patent lawsuits are expensive. You can simply drown them in litigation, and if you manage to convince the judge to get an injunction, they're toast.
I don't get it, what does this have to do with the lack of patents, trademarks or copyright? Why would a retailer listen to your opinion of what should be sold, or Amazon raise prices on something just because you tell them? Without those things they can set up their own production.
It baffles me how in this day and age people still cling to the idea of getting rich as a lone inventor. If those still exist they're very, very few. Most of this stuff is owned by corporations, and you can see right in this article what it takes to survive: a lone patent isn't worth anything, you need to be a multinational with thousands of patents to have any chance.
You already can do that.
Sure, they can ask you to leave, but AFAIK they can't do much if you decide to hang out around the door and hand out flyers so long you don't do something too disruptive like actually blocking the entrance.
Ah, here is gets more complicated.
I think it should scale depending on the amount of control you execise, and the market share you have. If you're a private club you get to decide exactly who enters, if you own a park with free entrance or a token fee then you need an excellent reason to forbid entry, and if you somehow own the entire city you lose any ability of control at all.
The same way, if you have a shop that exclusively sells toy cars that you hand picked yourself, you get to keep doing that. If on the other hand you offer shelf space then you get very little control over what gets placed on it. If you somehow are the only shop in the country, IMO you should get forced into providing shelf space on a non-discriminatory basis. If there's available space and you pay for it, you get to use it for whatever you want. Not a nice position for a business to be in, but such things shouldn't happen in the first place.
Coming back to the previous idea. Since the management decides exactly who works for them they get to impose restrictions while you're on the job. Outside of the job I think you should be able to say whatever you want.
Freer. It's like with monopolies, it's not illegal to be one, but being one imposes restrictions.
The overall idea is that I think the government's job is maintaining balance. Ideally a healthy market would have hundreds of options for a given service. If it doesn't, regulation should work in such a way that the end result is as if it was.
So if there's a hundred different coffee shops there's no problem with a shop deciding to require formal attire. If you're into punk fashion you can still find a shop that will serve you. If Starbucks somehow managed to take over everything though, it should get forced into serving you even if you show up in a fursuit.
Slippery how? What problems do you see arising from it?
In my view, in regards to freedom of speech, it's the effective freedom of speech available to an individual that matters. Who restricts them isn't particularly important. Imagine that 99% of the software market is owned by Microsoft, who sets the condition that their software may not be used for disparaging them.
So what does it matter to you if the government doesn't prevent you from writing an article criticizing MS? Even if you are one of the 1% who uses software that doesn't fall under the limitation, good luck having it published somewhere, because the magazine or news program will inevitably require at least one piece of MS software and refuse to publish it for that reason.
In such a situation, Microsoft is effectively the censor, and your freedom is extremely theoretical.
IMO, once you reach such a market share that you can control what a large part of the population can see or do, you should start being restricted by the first amendment as well.
I don't think it matters much who does the censoring. Whether it's the government or a corporation doesn't matter, the effect on the population does. It's just that back when the first amendment was written such control by a corporation wasn't on anybody's mind.
I've had times when I'd have found it useful to have something like base64 or md5 in shell script form to require less dependencies on ancient installations, assuming it could be made work with anything approaching acceptable performance.
Unfortunately this isn't it. A 194 bytes file took 3 seconds. The skein script (10K) takes 2 minutes and half, and it's ridiculously memory intensive too. The process grew to 150 MB in size.
Then you should have kept silent. Also, admission of guilt doesn't grant absolution in my eyes, so you admitting it doesn't do much for me.
You're making a mountain out of a molehill, IMO.
IMO you're not much better yourself. He served his time, and is now working on the opposite side. I find that to be enough.
You on the other hand seem to believe that a simple statement of having been wrong has more value than those deeds for some reason, and I don't really have a lot of respect for that kind of thing. Actions speak louder than words for me.
IMO you're much closer to a sociopath yourself, given how you think complying with a trivial ritual of "admitting guilt" somehow excuses what you said in this thread and gives you license to keep doing it.
I agree with what he says.
While what he did wasn't the most ethical thing to do, I don't think it in any way qualifies as having done "some of the most amoral and harmful acts in modern computing history" by any measure. You've just got an axe to grind because you were personally affected. If you weren't, you'd probably care much less.
No. Legally he served his time, and that's it. What you're talking about is morality which has absolutely nothing to do with the law.
I don't think he's a hero, nor a much of a villain. He's just some guy that messed with a few things he shouldn't have and paid rather too much for it. He's just one member of a very large list of people.
Ooh, a disciple of Machiavelli! Well, don't forget about the part that follows:
Let's see, avoiding hatred? Nope, complete failure there in many countries.
Abstaining from the property of the citizens? The US wrecked plenty of it in Iraq.
Proper justification and manifest cause for killing people? Sure, for some, but there was plenty "collateral damage" as well.
Sorry, if you think Machiavelli figured out the proper way to rule, the US isn't really following it well at all.
IMO the biggest failure on the US part is the demonstration of that they do whatever they please, and that if you don't want them in your country, better get nuclear weapons fast. Yes, that was a great lesson to learn.
Er, he's dead.
Also no, the rest of the world doesn't interpret the US actions as strength, but as war mongering.
Yes it does, as do you and everybody else who lives in a society. Go move to a cabin in the woods if you don't like it.
Regarding taxes, I recall them trying to figure a way to pay less. Which is unsurprising, it's the same thing all corporations do.
Most are in deserts, I don't think it makes for very good real estate for much else.
I don't know about Blythe, and from googling it seems it'll use PVs.
Again, I was talking about solar thermal, and since it's going to store energy it would make sense that the turbines would run at full power 24/7, by storing the extra power during the day.
Some googling suggests nuclear costs about 14 billion for about 2000MW, so the price seems to be about the same really.
Still, it seems a bit much to have solar cost that much. It'll probably come down in price when the tech is properly worked out, there's not a lot of those around yet.
A molten salt solar powerplant is perfectly capable of providing base load, that's what the molten salt is for. Seems better security-wise too.
Which design is that and where is it being used? Also, I meant disassembling the plant itself, the waste is another issue entirely. It seems to me that a nuclear powerplant is necessarily complex and difficult to safely dismantle, but I could be mistaken.
I hope you're not serious.
You really think that re-polishing mirrors once in a while is such a horrible disadvantage that a nuclear powerplant is a better solution?
Sure, the dirt and scratches are a problem, but polishing stuff is not a new problem by any means. I'm sure that if we start building solar powerplants en masse, it won't take long for somebody to come up with a maintenance robot for those.
Thousands of identical mirrors, arranged in a predictable pattern can't be that difficult to clean and polish automatically. There have been advances in scratch resistant and self-cleaning hydrophobic glasses as well, which may find an use there.
And since we're talking maintenance, don't forget the need to demolish that powerplant eventually. No matter how well it works eventually it'll get old, or just plain obsolete compared to modern tech. And I hear that for nuclear powerplants, it gets quite expensive.
And whose pocket do those salaries and lawyer fees come from? The company has to be funded somehow. Their client now thinks it was a bad idea.
As a business it doesn't seem to be working. The only way I see this continue is if somebody really thinks this is worth losing money on, out of some sense of retribution or something like that.
Not really profit, no.
AFAIK, bankruptcy doesn't let you get away from paying for stuff. It means that a court will determine who has priority and who will get screwed out of the money they're owed.
I don't think Righthaven is going to be recreated. They've proved to be a miserable failure, doing what they did no doubt cost quite a bit of money for the lawsuits they lost. The only point in reforming it would be if the people involved really thought that losing money in this manner was worth it, because it sure doesn't look like they're going to earn any.
The current system is "if the cert is signed by any of the 150 CAs listed in the browser", it's good. Thus it's enough to compromise one of those and start issuing certs.
Perspectives does help a bit there, but it can be compromised too. From looking at the source ideally the attacker would compromise the notary list. If they can provide their own, they can run their own notaries that say everything is valid.
MITM isn't that hard to set up, btw. A trivial way of doing it is running an open wifi AP in a well populated place and just waiting until somebody falls for it.
Done that way, yes, it's helpful, but I see people clamouring for replacing the CA system with something like Perspectives. They say that a self-signed cert shouldn't be seen as a bad sign if validated in a Perspectives-like manner.
No, I understand it perfectly fine.
In fact after debating with people here and reading the source I'd say that I might have an use for it myself. But I just don't buy into the hype.
First of all, again, it's not a replacement for the CA system as being claimed by some people here. It's very much a CA, except one that runs a different verification policy. It keeps the weaknesses of a CA system, like a single CA being compromised being enough to break security.
Second, it's not very user friendly. Current CAs are near transparent, and still are hard enough to explain to normal people. Explaining why Perspectives is unhappy with gmail renewing their cert will be very difficult and spell doom for security. All most people will get from the explanation is "the smart computer guy says it's safe", and click "Ignore". And do the same thing when the warning comes up due to actual MITM.
Third, it doesn't perform all the duties of a CA. It'll happily declare as valid a cert for gmail.ws that says that it's been issued to Google. Sure, normal CAs are ocassionally tricked into doing that, but with Perspectives it's guaranteed.
That is a good idea.
However, by looking at the code I can see a few weaknesses:
There's a single point of failure: the notary list. If you can manage to provide your own, you're set, no matter how many notaries there are.
Fortunately, the list is signed. Less fortunately, it's vulnerable to replay attacks. One could make the job easier by saving an old list with few servers. Also all of the notaries are on the same domain which probably is not a good thing.
Now that's more along the lines of what I was saying.
However, what about false positives?
Realistically most of the time you'll be seeing false positives from Perspectives. Lots of certs only last a year, there's only 365 days in one. If you browse around enough you will see a validation errors pretty often, for every time a cert is renewed. The current gmail cert expires on 19/12/2011, will you stay away from gmail until Perspectives is happy with the new cert?
Ahh, makes sense now. Got to pay more attention, heh.
Yes, that's quite a bit easier, I would expect more people to get that right.