Okay, the Seychelles are a bit out of the way. However, the Maldives are just the other side of the tip of India and not that far from Sri Lanka. Hell, if Somalia was getting trashed...
http://www.lib.utexas.edu/maps/islands_oceans_po le s/indianoceanarea.jpg
But that is OK because that is where the repbulicans live. Right?
Wrong, actually. All of the North East (New York, Boston, etc.) ended up voting for Kerry. Washington D.C. has the highest density of Democratic voters of any region in the country.
You do realise that you're talking about an event that would hurt the US but totally annihilate those island nations in the Atlantic, right?
This may or may not be true. The waves that washed over the Maldives were about 1 meter high. The ones that hit the Seychelles weren't much higher. Very few deaths in both places.
With no continental shelf to cause the water to rise to great heights, the mass of water was slammed into buildings.
Those small islands would probably be a lot safer than the populations centers of the Eastern U.S.
There are in excess of 50 million people on the immediate East Coast. http://www.demographia.com/db-usmet2000.htm
If it would wrap around Florida, you could include the populations of Tampa, New Orleans and Houston (among others) for probably another 10 million.
Add in the populations of most, if not all, of the Carribean and the Canadian seaboard and you're probably now talking in excess of 75 million potential victims.
Keep in mind, in the U.S. about 2/3 of the population lives east of the Mississippi.
The Series 34 CATs engines can be equipped with and run on dual energies - fossil fuels and compressed air - and incorporate a reheating mechanism (a continuous combustion system, easily controlled to minimize pollution) between the storage tank and the engine.
This mechanism allows the engine to run exclusively on fossil fuel which permits compatible autonomy on the road.
While the car is running on fossil fuel, the compressor refills the compressed air tanks. The control system maintains a zero-pollution emission in the city at speeds up to 60 km/h.
It isn't that difficult...
on
Ho, Ho, Ho
·
· Score: 5, Funny
Santa only delivers presents to kids who have been GOOD ALL YEAR.
That brings it down to like 4 or 5, so he really isn't all that rushed.
Santa really needs to consider selling that authoritative list of "naughty" girls. He could make a killing with that thing.
Except that debt and tax burdens (another form of debt) don't get passed on unless they are joint. Debt usually gets claimed against assets during probate and the beneficiary gets what is left. Inhereting debt went out almost 2 centuries ago in the civilized world.
Yahoo has an explicit policy about what happens to accounts of the deceased -- they're destroyed after 90 days. More like assets in trust.
Yahoo *is* doing the right thing. His parents have no rights to, nor legitimate claim on the e-mail and should *not* be given access. If his mom doesn't have enough to remember him by already, that's her fault.
http://news.com.com/2100-1001-254586.html?legacy =c net
That's a link to the story when someone convinced Verisign to issue them a couple of code signing certificates in Microsoft's name.
Both hashes and certificates are vulnerable depending on what level of access the hacker has. Both require the ability to be revoked. With certificates, it can be automated.
But...what if someone used the bogus certificate to issue an update to your copy of Windows/IE that pointed it to a compromised revocation server?
You are screwed.
The author makes a point. There needs to be some way to verify the code: signing, hashes, etc. He is, however, too enamored of code signing. It is nice for end users in that it is mostly automated, but he is forgetting that people are downloading FireFox because many DON'T TRUST IE -- the very thing he touts as checking the certificate! A separate process (MD5/SHA1 hashes) would be preferable.
So you're right. Paranoia is the only real answer.:-)
I have Linspire on two machines at home, including a laptop. It does a great job for family computing.
However, I can say with certainty that 128 Mb of RAM will make it run like a 3-legged arthritic dog. Been there, done that. My laptop is a Panasonic Toughbook w/a 933 MHz P3 that started with 128 Mb of RAM. That lasted 2 boots and I upgraded to 384 Mb and that was acceptable.
WalMart better stock some SO-DIMMs or people are going to be seriously dissapointed when they open Mozilla, OpenOffice Writer, Mozilla Mail and PhoneGAIM all at once.
I see it in the protocol.txt file. It looks like they change session keys pretty often. It is near the bottom of the file, in the "When you receive an OTR Data message:" section.
* * *
If the MAC verifies, decrypt the message using the "receiving AES key".
Finally, check if keys need rotation:
- If the "recipient keyid" in the Data message equals our_keyid, then
he's seen the public part of our most recent DH key pair, so we
securely forget our_dh[our_keyid-1], increment our_keyid, and set
our_dh[our_keyid] to a new DH key pair which we generate.
- If the "sender keyid" in the Data message equals their_keyid,
increment their_keyid, and set their_y[their_keyid] to the new DH
pubkey specified in the Data message.
* * *
Nice. Now to see if there is a way to hook it into the Via AES crypto engine (Padlock)...
The idea is the keys are disposed of when the tunnel is torn down.
If big brother gets your MAIN key, he has no way of recreating the SESSION keys. Those are created using key info from the person you are chatting with as well. Without those, the messages are now subject to brute-force.
NOTHING is perfect. If your machine is compromised BEFORE you start the conversation, it would be possible to get everything and crack it nicely.
Hmmm...I do wonder about how hard it is comparitively to cryptanalyze ultra-short messages like chats.
"LOL" and "whats up" is only going to encrypt so many ways. I did't see a provision for refreshing session keys, but I only glanced thru the code and docs and didn't read it in depth.
If it only uses ONE session key per session... that could be a major weakness. [Could be. I'm not a professional cryptographer, but it looks like a potential hole.]
It authenticates and creates a "conversation". This allows you to be certain the person on the other end is who you think it is. DH key exchange is performed.
Then, messages sent during that conversation are encrypted using disposable session keys. (128-bit AES w/SHA-1 HMAC).
Think of it as an authentication tunnel down which you send encrypted messages. The message encryption is in no way related to the authentication, and the disposable session keys mean they have no re-use value.
Once, long ago, Peter Norton made some damn good tools for DOS. Then came their antivirus product, and it was pretty good, too.
Then came Symantec, and so far I'm not impressed with anything they've done. Have they done anything? Other than buy other companys' products and rebrand them?
All the cool stuff, like Ghost, Tools and AV, came from Norton. The Raptor/Velociraptor firewalls were purchased.
Veritas makes some good stuff. Unfortunately, I believe Symantec will fix that over time.
Virginia Tech used G5 Tower units. I wonder how much difference there would be in power, heat and space had they used Xserve 1Us? Like what Apple is installing for the Army. (http://www.apple.com/science/profiles/colsa/)
Really? I wonder. How are you going to get accepted for publication in a peer-reviewed journal if they all are saying the same thing? (I.E. -- all your "peers" have different opinions on the subject than you.)
Not one dissention among them doesn't necessarily mean they are all right. It can easily mean they refused publication of anything not in line with the mainstream.
You don't lose experience when you die. There's no debt, there's no recriminations, nothing. You reappear as a ghost in the nearest graveyard to the point where you died, with the world outlined in white and a spooky soundscape playing around you. You just jog back to your body and click the button that says "Resurrect". You reappear with about 75% of your health and mana intact, and go on from there.
WTF is the point in that? If there is no penalty for death, you can play pretty damn recklessly knowing you can just hack your way thru, eventually.
I would much prefer not having that ghost-jog-resurrect bit. If you can't make friends (or financial arrangements) with a decent level priest, dead you stay and over you start.
I've played too many MMRPGs where you can wipe our monsters 10x your level just by getting in a whack or two each time; getting raised; coming back; repeat until monster is dead, since (other than Trolls) they never heal.
The LEAST they could do is limit that. Like having 9 lives, or something. Auto resurrect/respawn is for pussies.
Well, here is an interesting issue. Using Firefox 1.0 on Win2K, I had mistakenly left the system set to claim to be IE 6 on XP.
Following the link to the blog gets me a Java NullPointerError, basically hosing all of Firefox. After ending it, I can't restart it without the system complaining "Java Plug-In for Netscape Navigator should not be used in Microsoft Internet Explorer. Please use Java Plug-in for Microsoft Internet Explorer instead."
I can't fix it. Firefox is gone. I uninstalled, rebooted, reinstalled and same error. If started, it consumes 99% CPU and never comes on screen and has to be killed.
I'm posting there HERE because here was the link to the website that triggered the error. Anyone else brave enough to try and reproduce it?
Okay, the Seychelles are a bit out of the way. However, the Maldives are just the other side of the tip of India and not that far from Sri Lanka. Hell, if Somalia was getting trashed...
o le s/indianoceanarea.jpg
http://www.lib.utexas.edu/maps/islands_oceans_p
But that is OK because that is where the repbulicans live. Right?
:-)
Wrong, actually. All of the North East (New York, Boston, etc.) ended up voting for Kerry. Washington D.C. has the highest density of Democratic voters of any region in the country.
So, yes, it is okay.
-Charles
You do realise that you're talking about an event that would hurt the US but totally annihilate those island nations in the Atlantic, right?
This may or may not be true. The waves that washed over the Maldives were about 1 meter high. The ones that hit the Seychelles weren't much higher. Very few deaths in both places.
With no continental shelf to cause the water to rise to great heights, the mass of water was slammed into buildings.
Those small islands would probably be a lot safer than the populations centers of the Eastern U.S.
-Charles
There are in excess of 50 million people on the immediate East Coast. http://www.demographia.com/db-usmet2000.htm
If it would wrap around Florida, you could include the populations of Tampa, New Orleans and Houston (among others) for probably another 10 million.
Add in the populations of most, if not all, of the Carribean and the Canadian seaboard and you're probably now talking in excess of 75 million potential victims.
Keep in mind, in the U.S. about 2/3 of the population lives east of the Mississippi.
-Charles
When I was a kid we played Zork. And we liked it.
Like it, hell. We loved it! The Infocom games were some of the absolute best videogames ever made.
It is dark. You are likely to be eaten by a grue.
The Series 34 CATs engines can be equipped with and run on dual energies - fossil fuels and compressed air - and incorporate a reheating mechanism (a continuous combustion system, easily controlled to minimize pollution) between the storage tank and the engine.
This mechanism allows the engine to run exclusively on fossil fuel which permits compatible autonomy on the road.
While the car is running on fossil fuel, the compressor refills the compressed air tanks. The control system maintains a zero-pollution emission in the city at speeds up to 60 km/h.
Santa only delivers presents to kids who have been GOOD ALL YEAR.
That brings it down to like 4 or 5, so he really isn't all that rushed.
Santa really needs to consider selling that authoritative list of "naughty" girls. He could make a killing with that thing.
This makes a good anecdote on how security is really built on trust, and not technology. (Or code signing, for that matter. :-)
Except that debt and tax burdens (another form of debt) don't get passed on unless they are joint. Debt usually gets claimed against assets during probate and the beneficiary gets what is left. Inhereting debt went out almost 2 centuries ago in the civilized world.
Yahoo has an explicit policy about what happens to accounts of the deceased -- they're destroyed after 90 days. More like assets in trust.
Yahoo *is* doing the right thing. His parents have no rights to, nor legitimate claim on the e-mail and should *not* be given access. If his mom doesn't have enough to remember him by already, that's her fault.
-Charles
Social engineering is more fun.
y =c net
:-)
http://news.com.com/2100-1001-254586.html?legac
That's a link to the story when someone convinced Verisign to issue them a couple of code signing certificates in Microsoft's name.
Both hashes and certificates are vulnerable depending on what level of access the hacker has. Both require the ability to be revoked. With certificates, it can be automated.
But...what if someone used the bogus certificate to issue an update to your copy of Windows/IE that pointed it to a compromised revocation server?
You are screwed.
The author makes a point. There needs to be some way to verify the code: signing, hashes, etc. He is, however, too enamored of code signing. It is nice for end users in that it is mostly automated, but he is forgetting that people are downloading FireFox because many DON'T TRUST IE -- the very thing he touts as checking the certificate! A separate process (MD5/SHA1 hashes) would be preferable.
So you're right. Paranoia is the only real answer.
-Charles
I have Linspire on two machines at home, including a laptop. It does a great job for family computing.
However, I can say with certainty that 128 Mb of RAM will make it run like a 3-legged arthritic dog. Been there, done that. My laptop is a Panasonic Toughbook w/a 933 MHz P3 that started with 128 Mb of RAM. That lasted 2 boots and I upgraded to 384 Mb and that was acceptable.
WalMart better stock some SO-DIMMs or people are going to be seriously dissapointed when they open Mozilla, OpenOffice Writer, Mozilla Mail and PhoneGAIM all at once.
Mac and Windows versions?
Try Dreamweaver or, if you are REALLY in a bind, FrontPage. Just make sure to use something like VIM for Windows to fix the HTML when you are done.
While I'm unsure about video, Linspire has Phone Gaim that integrates SIP calling.
It even has an option ($) for chatting from Gaim to regular telephones.
It REALLY helps if you spell his name right: Alec Guinnes. He is an actor, not a beer.
...belong to ICANN, and they're going to charge you for the privilege.
Bitch.
I see it in the protocol.txt file. It looks like they change session keys pretty often. It is near the bottom of the file, in the "When you receive an OTR Data message:" section.
* * *
If the MAC verifies, decrypt the message using the "receiving AES key".
Finally, check if keys need rotation:
- If the "recipient keyid" in the Data message equals our_keyid, then
he's seen the public part of our most recent DH key pair, so we
securely forget our_dh[our_keyid-1], increment our_keyid, and set
our_dh[our_keyid] to a new DH key pair which we generate.
- If the "sender keyid" in the Data message equals their_keyid,
increment their_keyid, and set their_y[their_keyid] to the new DH
pubkey specified in the Data message.
* * *
Nice. Now to see if there is a way to hook it into the Via AES crypto engine (Padlock)...
-Charles
The idea is the keys are disposed of when the tunnel is torn down.
If big brother gets your MAIN key, he has no way of recreating the SESSION keys. Those are created using key info from the person you are chatting with as well. Without those, the messages are now subject to brute-force.
NOTHING is perfect. If your machine is compromised BEFORE you start the conversation, it would be possible to get everything and crack it nicely.
Hmmm...I do wonder about how hard it is comparitively to cryptanalyze ultra-short messages like chats.
"LOL" and "whats up" is only going to encrypt so many ways. I did't see a provision for refreshing session keys, but I only glanced thru the code and docs and didn't read it in depth.
If it only uses ONE session key per session... that could be a major weakness. [Could be. I'm not a professional cryptographer, but it looks like a potential hole.]
-Charles
It authenticates and creates a "conversation". This allows you to be certain the person on the other end is who you think it is. DH key exchange is performed.
Then, messages sent during that conversation are encrypted using disposable session keys. (128-bit AES w/SHA-1 HMAC).
Think of it as an authentication tunnel down which you send encrypted messages. The message encryption is in no way related to the authentication, and the disposable session keys mean they have no re-use value.
-Charles
...Master of None.
Once, long ago, Peter Norton made some damn good tools for DOS. Then came their antivirus product, and it was pretty good, too.
Then came Symantec, and so far I'm not impressed with anything they've done. Have they done anything? Other than buy other companys' products and rebrand them?
All the cool stuff, like Ghost, Tools and AV, came from Norton. The Raptor/Velociraptor firewalls were purchased.
Veritas makes some good stuff. Unfortunately, I believe Symantec will fix that over time.
Mediocre seems to be their watchword.
-Charles
Virginia Tech used G5 Tower units. I wonder how much difference there would be in power, heat and space had they used Xserve 1Us? Like what Apple is installing for the Army. (http://www.apple.com/science/profiles/colsa/)
Really? I wonder. How are you going to get accepted for publication in a peer-reviewed journal if they all are saying the same thing? (I.E. -- all your "peers" have different opinions on the subject than you.)
Not one dissention among them doesn't necessarily mean they are all right. It can easily mean they refused publication of anything not in line with the mainstream.
Thanks, that might just do the trick.
You don't lose experience when you die. There's no debt, there's no recriminations, nothing. You reappear as a ghost in the nearest graveyard to the point where you died, with the world outlined in white and a spooky soundscape playing around you. You just jog back to your body and click the button that says "Resurrect". You reappear with about 75% of your health and mana intact, and go on from there.
WTF is the point in that? If there is no penalty for death, you can play pretty damn recklessly knowing you can just hack your way thru, eventually.
I would much prefer not having that ghost-jog-resurrect bit. If you can't make friends (or financial arrangements) with a decent level priest, dead you stay and over you start.
I've played too many MMRPGs where you can wipe our monsters 10x your level just by getting in a whack or two each time; getting raised; coming back; repeat until monster is dead, since (other than Trolls) they never heal.
The LEAST they could do is limit that. Like having 9 lives, or something. Auto resurrect/respawn is for pussies.
-Charles
Thanks, I figured that out about 2 minutes before your post. DAMN this was annoying!
Hell, even IE bitches about that blog page, complaining of errors galore. It is the "measure.class" Java bit that screws me over.
That is one screwed up website!
Well, here is an interesting issue. Using Firefox 1.0 on Win2K, I had mistakenly left the system set to claim to be IE 6 on XP.
Following the link to the blog gets me a Java NullPointerError, basically hosing all of Firefox. After ending it, I can't restart it without the system complaining "Java Plug-In for Netscape Navigator should not be used in Microsoft Internet Explorer. Please use Java Plug-in for Microsoft Internet Explorer instead."
I can't fix it. Firefox is gone. I uninstalled, rebooted, reinstalled and same error. If started, it consumes 99% CPU and never comes on screen and has to be killed.
I'm posting there HERE because here was the link to the website that triggered the error. Anyone else brave enough to try and reproduce it?